Malware Analysis Report

2024-10-10 09:22

Sample ID 240625-kw74jszeqc
Target 4ab71583de0ec8633dff7224bcd36535be1e1400ab5a2208efea8756edaeb140_NeikiAnalytics.exe
SHA256 4ab71583de0ec8633dff7224bcd36535be1e1400ab5a2208efea8756edaeb140
Tags
kpot xmrig miner stealer trojan
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

4ab71583de0ec8633dff7224bcd36535be1e1400ab5a2208efea8756edaeb140

Threat Level: Known bad

The file 4ab71583de0ec8633dff7224bcd36535be1e1400ab5a2208efea8756edaeb140_NeikiAnalytics.exe was found to be: Known bad.

Malicious Activity Summary

kpot xmrig miner stealer trojan

KPOT Core Executable

KPOT

Kpot family

xmrig

XMRig Miner payload

Xmrig family

XMRig Miner payload

Executes dropped EXE

Loads dropped DLL

Drops file in Windows directory

Unsigned PE

Suspicious use of WriteProcessMemory

Suspicious use of AdjustPrivilegeToken

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-25 08:58

Signatures

KPOT Core Executable

Description Indicator Process Target
N/A N/A N/A N/A

Kpot family

kpot

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A

Xmrig family

xmrig

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-25 08:58

Reported

2024-06-25 09:00

Platform

win10v2004-20240226-en

Max time kernel

142s

Max time network

155s

Command Line

"C:\Users\Admin\AppData\Local\Temp\4ab71583de0ec8633dff7224bcd36535be1e1400ab5a2208efea8756edaeb140_NeikiAnalytics.exe"

Signatures

KPOT

trojan stealer kpot

KPOT Core Executable

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

xmrig

miner xmrig

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Windows\System\cZZGNit.exe N/A
N/A N/A C:\Windows\System\jHSFyES.exe N/A
N/A N/A C:\Windows\System\xRWCIRH.exe N/A
N/A N/A C:\Windows\System\oprEJKX.exe N/A
N/A N/A C:\Windows\System\cGFLLIJ.exe N/A
N/A N/A C:\Windows\System\nYIUAoq.exe N/A
N/A N/A C:\Windows\System\UBzsmXZ.exe N/A
N/A N/A C:\Windows\System\obDOpGt.exe N/A
N/A N/A C:\Windows\System\QakMBeA.exe N/A
N/A N/A C:\Windows\System\VbMIiSs.exe N/A
N/A N/A C:\Windows\System\QcLnJSU.exe N/A
N/A N/A C:\Windows\System\tONtGzt.exe N/A
N/A N/A C:\Windows\System\yhBoden.exe N/A
N/A N/A C:\Windows\System\CajkSTd.exe N/A
N/A N/A C:\Windows\System\FXVTOHL.exe N/A
N/A N/A C:\Windows\System\LdMYmkK.exe N/A
N/A N/A C:\Windows\System\WiCsvXb.exe N/A
N/A N/A C:\Windows\System\KCFLoun.exe N/A
N/A N/A C:\Windows\System\BPJITcz.exe N/A
N/A N/A C:\Windows\System\DnyOuKP.exe N/A
N/A N/A C:\Windows\System\IZZMxfi.exe N/A
N/A N/A C:\Windows\System\oAFbgyJ.exe N/A
N/A N/A C:\Windows\System\ytxmGJR.exe N/A
N/A N/A C:\Windows\System\ChCqKBP.exe N/A
N/A N/A C:\Windows\System\MTyFeth.exe N/A
N/A N/A C:\Windows\System\rtXGlXO.exe N/A
N/A N/A C:\Windows\System\PVCfvQn.exe N/A
N/A N/A C:\Windows\System\owGLKGS.exe N/A
N/A N/A C:\Windows\System\uyCtuuN.exe N/A
N/A N/A C:\Windows\System\ocGugGZ.exe N/A
N/A N/A C:\Windows\System\oBspfko.exe N/A
N/A N/A C:\Windows\System\Fbvxqtr.exe N/A
N/A N/A C:\Windows\System\IRlMRnT.exe N/A
N/A N/A C:\Windows\System\csLzFew.exe N/A
N/A N/A C:\Windows\System\xWPaYtc.exe N/A
N/A N/A C:\Windows\System\hjxzycB.exe N/A
N/A N/A C:\Windows\System\HvZwdEr.exe N/A
N/A N/A C:\Windows\System\YVAwneq.exe N/A
N/A N/A C:\Windows\System\KQdwwJx.exe N/A
N/A N/A C:\Windows\System\PVWqAeJ.exe N/A
N/A N/A C:\Windows\System\NQVqNIW.exe N/A
N/A N/A C:\Windows\System\SCgTVQz.exe N/A
N/A N/A C:\Windows\System\qmDmgSb.exe N/A
N/A N/A C:\Windows\System\WJDWdag.exe N/A
N/A N/A C:\Windows\System\GfTVgzy.exe N/A
N/A N/A C:\Windows\System\EOaVoEk.exe N/A
N/A N/A C:\Windows\System\KZpoZdI.exe N/A
N/A N/A C:\Windows\System\mVAoZQF.exe N/A
N/A N/A C:\Windows\System\WineVco.exe N/A
N/A N/A C:\Windows\System\UstayJA.exe N/A
N/A N/A C:\Windows\System\fNKHOGv.exe N/A
N/A N/A C:\Windows\System\mJVGQFN.exe N/A
N/A N/A C:\Windows\System\ojrhFlr.exe N/A
N/A N/A C:\Windows\System\mZZrVkk.exe N/A
N/A N/A C:\Windows\System\Kyswiyx.exe N/A
N/A N/A C:\Windows\System\iLJbsll.exe N/A
N/A N/A C:\Windows\System\UspfJgd.exe N/A
N/A N/A C:\Windows\System\vxcDCHX.exe N/A
N/A N/A C:\Windows\System\cMxQvdv.exe N/A
N/A N/A C:\Windows\System\MMjwoKu.exe N/A
N/A N/A C:\Windows\System\zJHkQXW.exe N/A
N/A N/A C:\Windows\System\LOOmBmk.exe N/A
N/A N/A C:\Windows\System\KbYDQWl.exe N/A
N/A N/A C:\Windows\System\AIPUgIE.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\System\VbMIiSs.exe C:\Users\Admin\AppData\Local\Temp\4ab71583de0ec8633dff7224bcd36535be1e1400ab5a2208efea8756edaeb140_NeikiAnalytics.exe N/A
File created C:\Windows\System\RHjwoTT.exe C:\Users\Admin\AppData\Local\Temp\4ab71583de0ec8633dff7224bcd36535be1e1400ab5a2208efea8756edaeb140_NeikiAnalytics.exe N/A
File created C:\Windows\System\YuNUcfZ.exe C:\Users\Admin\AppData\Local\Temp\4ab71583de0ec8633dff7224bcd36535be1e1400ab5a2208efea8756edaeb140_NeikiAnalytics.exe N/A
File created C:\Windows\System\VqsZqpo.exe C:\Users\Admin\AppData\Local\Temp\4ab71583de0ec8633dff7224bcd36535be1e1400ab5a2208efea8756edaeb140_NeikiAnalytics.exe N/A
File created C:\Windows\System\KGbfdvG.exe C:\Users\Admin\AppData\Local\Temp\4ab71583de0ec8633dff7224bcd36535be1e1400ab5a2208efea8756edaeb140_NeikiAnalytics.exe N/A
File created C:\Windows\System\AifvDZU.exe C:\Users\Admin\AppData\Local\Temp\4ab71583de0ec8633dff7224bcd36535be1e1400ab5a2208efea8756edaeb140_NeikiAnalytics.exe N/A
File created C:\Windows\System\IGKrERQ.exe C:\Users\Admin\AppData\Local\Temp\4ab71583de0ec8633dff7224bcd36535be1e1400ab5a2208efea8756edaeb140_NeikiAnalytics.exe N/A
File created C:\Windows\System\RNWHRgg.exe C:\Users\Admin\AppData\Local\Temp\4ab71583de0ec8633dff7224bcd36535be1e1400ab5a2208efea8756edaeb140_NeikiAnalytics.exe N/A
File created C:\Windows\System\HZKFzfl.exe C:\Users\Admin\AppData\Local\Temp\4ab71583de0ec8633dff7224bcd36535be1e1400ab5a2208efea8756edaeb140_NeikiAnalytics.exe N/A
File created C:\Windows\System\JOMvGqj.exe C:\Users\Admin\AppData\Local\Temp\4ab71583de0ec8633dff7224bcd36535be1e1400ab5a2208efea8756edaeb140_NeikiAnalytics.exe N/A
File created C:\Windows\System\yhBoden.exe C:\Users\Admin\AppData\Local\Temp\4ab71583de0ec8633dff7224bcd36535be1e1400ab5a2208efea8756edaeb140_NeikiAnalytics.exe N/A
File created C:\Windows\System\KbYDQWl.exe C:\Users\Admin\AppData\Local\Temp\4ab71583de0ec8633dff7224bcd36535be1e1400ab5a2208efea8756edaeb140_NeikiAnalytics.exe N/A
File created C:\Windows\System\AhtxGlQ.exe C:\Users\Admin\AppData\Local\Temp\4ab71583de0ec8633dff7224bcd36535be1e1400ab5a2208efea8756edaeb140_NeikiAnalytics.exe N/A
File created C:\Windows\System\PvcSUGh.exe C:\Users\Admin\AppData\Local\Temp\4ab71583de0ec8633dff7224bcd36535be1e1400ab5a2208efea8756edaeb140_NeikiAnalytics.exe N/A
File created C:\Windows\System\EPtIIwp.exe C:\Users\Admin\AppData\Local\Temp\4ab71583de0ec8633dff7224bcd36535be1e1400ab5a2208efea8756edaeb140_NeikiAnalytics.exe N/A
File created C:\Windows\System\owGLKGS.exe C:\Users\Admin\AppData\Local\Temp\4ab71583de0ec8633dff7224bcd36535be1e1400ab5a2208efea8756edaeb140_NeikiAnalytics.exe N/A
File created C:\Windows\System\LOOmBmk.exe C:\Users\Admin\AppData\Local\Temp\4ab71583de0ec8633dff7224bcd36535be1e1400ab5a2208efea8756edaeb140_NeikiAnalytics.exe N/A
File created C:\Windows\System\umAzSPL.exe C:\Users\Admin\AppData\Local\Temp\4ab71583de0ec8633dff7224bcd36535be1e1400ab5a2208efea8756edaeb140_NeikiAnalytics.exe N/A
File created C:\Windows\System\dTfcrVl.exe C:\Users\Admin\AppData\Local\Temp\4ab71583de0ec8633dff7224bcd36535be1e1400ab5a2208efea8756edaeb140_NeikiAnalytics.exe N/A
File created C:\Windows\System\UmPgwJN.exe C:\Users\Admin\AppData\Local\Temp\4ab71583de0ec8633dff7224bcd36535be1e1400ab5a2208efea8756edaeb140_NeikiAnalytics.exe N/A
File created C:\Windows\System\ocGugGZ.exe C:\Users\Admin\AppData\Local\Temp\4ab71583de0ec8633dff7224bcd36535be1e1400ab5a2208efea8756edaeb140_NeikiAnalytics.exe N/A
File created C:\Windows\System\RVtSSBi.exe C:\Users\Admin\AppData\Local\Temp\4ab71583de0ec8633dff7224bcd36535be1e1400ab5a2208efea8756edaeb140_NeikiAnalytics.exe N/A
File created C:\Windows\System\rTxkksH.exe C:\Users\Admin\AppData\Local\Temp\4ab71583de0ec8633dff7224bcd36535be1e1400ab5a2208efea8756edaeb140_NeikiAnalytics.exe N/A
File created C:\Windows\System\fNKHOGv.exe C:\Users\Admin\AppData\Local\Temp\4ab71583de0ec8633dff7224bcd36535be1e1400ab5a2208efea8756edaeb140_NeikiAnalytics.exe N/A
File created C:\Windows\System\mJVGQFN.exe C:\Users\Admin\AppData\Local\Temp\4ab71583de0ec8633dff7224bcd36535be1e1400ab5a2208efea8756edaeb140_NeikiAnalytics.exe N/A
File created C:\Windows\System\RnruATz.exe C:\Users\Admin\AppData\Local\Temp\4ab71583de0ec8633dff7224bcd36535be1e1400ab5a2208efea8756edaeb140_NeikiAnalytics.exe N/A
File created C:\Windows\System\SknxDrL.exe C:\Users\Admin\AppData\Local\Temp\4ab71583de0ec8633dff7224bcd36535be1e1400ab5a2208efea8756edaeb140_NeikiAnalytics.exe N/A
File created C:\Windows\System\YyUSOsz.exe C:\Users\Admin\AppData\Local\Temp\4ab71583de0ec8633dff7224bcd36535be1e1400ab5a2208efea8756edaeb140_NeikiAnalytics.exe N/A
File created C:\Windows\System\tciyzPf.exe C:\Users\Admin\AppData\Local\Temp\4ab71583de0ec8633dff7224bcd36535be1e1400ab5a2208efea8756edaeb140_NeikiAnalytics.exe N/A
File created C:\Windows\System\QcLnJSU.exe C:\Users\Admin\AppData\Local\Temp\4ab71583de0ec8633dff7224bcd36535be1e1400ab5a2208efea8756edaeb140_NeikiAnalytics.exe N/A
File created C:\Windows\System\XvzYqBZ.exe C:\Users\Admin\AppData\Local\Temp\4ab71583de0ec8633dff7224bcd36535be1e1400ab5a2208efea8756edaeb140_NeikiAnalytics.exe N/A
File created C:\Windows\System\XKUIFzJ.exe C:\Users\Admin\AppData\Local\Temp\4ab71583de0ec8633dff7224bcd36535be1e1400ab5a2208efea8756edaeb140_NeikiAnalytics.exe N/A
File created C:\Windows\System\cFnJHkW.exe C:\Users\Admin\AppData\Local\Temp\4ab71583de0ec8633dff7224bcd36535be1e1400ab5a2208efea8756edaeb140_NeikiAnalytics.exe N/A
File created C:\Windows\System\upZSRVn.exe C:\Users\Admin\AppData\Local\Temp\4ab71583de0ec8633dff7224bcd36535be1e1400ab5a2208efea8756edaeb140_NeikiAnalytics.exe N/A
File created C:\Windows\System\krRcexQ.exe C:\Users\Admin\AppData\Local\Temp\4ab71583de0ec8633dff7224bcd36535be1e1400ab5a2208efea8756edaeb140_NeikiAnalytics.exe N/A
File created C:\Windows\System\WineVco.exe C:\Users\Admin\AppData\Local\Temp\4ab71583de0ec8633dff7224bcd36535be1e1400ab5a2208efea8756edaeb140_NeikiAnalytics.exe N/A
File created C:\Windows\System\FwKGItk.exe C:\Users\Admin\AppData\Local\Temp\4ab71583de0ec8633dff7224bcd36535be1e1400ab5a2208efea8756edaeb140_NeikiAnalytics.exe N/A
File created C:\Windows\System\nSifZzH.exe C:\Users\Admin\AppData\Local\Temp\4ab71583de0ec8633dff7224bcd36535be1e1400ab5a2208efea8756edaeb140_NeikiAnalytics.exe N/A
File created C:\Windows\System\EwvXjny.exe C:\Users\Admin\AppData\Local\Temp\4ab71583de0ec8633dff7224bcd36535be1e1400ab5a2208efea8756edaeb140_NeikiAnalytics.exe N/A
File created C:\Windows\System\esTEqyG.exe C:\Users\Admin\AppData\Local\Temp\4ab71583de0ec8633dff7224bcd36535be1e1400ab5a2208efea8756edaeb140_NeikiAnalytics.exe N/A
File created C:\Windows\System\jqgICmb.exe C:\Users\Admin\AppData\Local\Temp\4ab71583de0ec8633dff7224bcd36535be1e1400ab5a2208efea8756edaeb140_NeikiAnalytics.exe N/A
File created C:\Windows\System\XLoJUvz.exe C:\Users\Admin\AppData\Local\Temp\4ab71583de0ec8633dff7224bcd36535be1e1400ab5a2208efea8756edaeb140_NeikiAnalytics.exe N/A
File created C:\Windows\System\EpeAIvO.exe C:\Users\Admin\AppData\Local\Temp\4ab71583de0ec8633dff7224bcd36535be1e1400ab5a2208efea8756edaeb140_NeikiAnalytics.exe N/A
File created C:\Windows\System\IauaWPv.exe C:\Users\Admin\AppData\Local\Temp\4ab71583de0ec8633dff7224bcd36535be1e1400ab5a2208efea8756edaeb140_NeikiAnalytics.exe N/A
File created C:\Windows\System\HuBCplk.exe C:\Users\Admin\AppData\Local\Temp\4ab71583de0ec8633dff7224bcd36535be1e1400ab5a2208efea8756edaeb140_NeikiAnalytics.exe N/A
File created C:\Windows\System\rZpDMxb.exe C:\Users\Admin\AppData\Local\Temp\4ab71583de0ec8633dff7224bcd36535be1e1400ab5a2208efea8756edaeb140_NeikiAnalytics.exe N/A
File created C:\Windows\System\LZzjmnL.exe C:\Users\Admin\AppData\Local\Temp\4ab71583de0ec8633dff7224bcd36535be1e1400ab5a2208efea8756edaeb140_NeikiAnalytics.exe N/A
File created C:\Windows\System\TOjberX.exe C:\Users\Admin\AppData\Local\Temp\4ab71583de0ec8633dff7224bcd36535be1e1400ab5a2208efea8756edaeb140_NeikiAnalytics.exe N/A
File created C:\Windows\System\nHOBuBb.exe C:\Users\Admin\AppData\Local\Temp\4ab71583de0ec8633dff7224bcd36535be1e1400ab5a2208efea8756edaeb140_NeikiAnalytics.exe N/A
File created C:\Windows\System\KQdwwJx.exe C:\Users\Admin\AppData\Local\Temp\4ab71583de0ec8633dff7224bcd36535be1e1400ab5a2208efea8756edaeb140_NeikiAnalytics.exe N/A
File created C:\Windows\System\OiQIloc.exe C:\Users\Admin\AppData\Local\Temp\4ab71583de0ec8633dff7224bcd36535be1e1400ab5a2208efea8756edaeb140_NeikiAnalytics.exe N/A
File created C:\Windows\System\TypCdUJ.exe C:\Users\Admin\AppData\Local\Temp\4ab71583de0ec8633dff7224bcd36535be1e1400ab5a2208efea8756edaeb140_NeikiAnalytics.exe N/A
File created C:\Windows\System\wdxMHfB.exe C:\Users\Admin\AppData\Local\Temp\4ab71583de0ec8633dff7224bcd36535be1e1400ab5a2208efea8756edaeb140_NeikiAnalytics.exe N/A
File created C:\Windows\System\jadOeBV.exe C:\Users\Admin\AppData\Local\Temp\4ab71583de0ec8633dff7224bcd36535be1e1400ab5a2208efea8756edaeb140_NeikiAnalytics.exe N/A
File created C:\Windows\System\EOaVoEk.exe C:\Users\Admin\AppData\Local\Temp\4ab71583de0ec8633dff7224bcd36535be1e1400ab5a2208efea8756edaeb140_NeikiAnalytics.exe N/A
File created C:\Windows\System\mVAoZQF.exe C:\Users\Admin\AppData\Local\Temp\4ab71583de0ec8633dff7224bcd36535be1e1400ab5a2208efea8756edaeb140_NeikiAnalytics.exe N/A
File created C:\Windows\System\RExLDwd.exe C:\Users\Admin\AppData\Local\Temp\4ab71583de0ec8633dff7224bcd36535be1e1400ab5a2208efea8756edaeb140_NeikiAnalytics.exe N/A
File created C:\Windows\System\OnDrrwJ.exe C:\Users\Admin\AppData\Local\Temp\4ab71583de0ec8633dff7224bcd36535be1e1400ab5a2208efea8756edaeb140_NeikiAnalytics.exe N/A
File created C:\Windows\System\TXJAJZs.exe C:\Users\Admin\AppData\Local\Temp\4ab71583de0ec8633dff7224bcd36535be1e1400ab5a2208efea8756edaeb140_NeikiAnalytics.exe N/A
File created C:\Windows\System\YmAqxKG.exe C:\Users\Admin\AppData\Local\Temp\4ab71583de0ec8633dff7224bcd36535be1e1400ab5a2208efea8756edaeb140_NeikiAnalytics.exe N/A
File created C:\Windows\System\zRLYOXs.exe C:\Users\Admin\AppData\Local\Temp\4ab71583de0ec8633dff7224bcd36535be1e1400ab5a2208efea8756edaeb140_NeikiAnalytics.exe N/A
File created C:\Windows\System\DnyOuKP.exe C:\Users\Admin\AppData\Local\Temp\4ab71583de0ec8633dff7224bcd36535be1e1400ab5a2208efea8756edaeb140_NeikiAnalytics.exe N/A
File created C:\Windows\System\qmDmgSb.exe C:\Users\Admin\AppData\Local\Temp\4ab71583de0ec8633dff7224bcd36535be1e1400ab5a2208efea8756edaeb140_NeikiAnalytics.exe N/A
File created C:\Windows\System\iRPktCR.exe C:\Users\Admin\AppData\Local\Temp\4ab71583de0ec8633dff7224bcd36535be1e1400ab5a2208efea8756edaeb140_NeikiAnalytics.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4416 wrote to memory of 2244 N/A C:\Users\Admin\AppData\Local\Temp\4ab71583de0ec8633dff7224bcd36535be1e1400ab5a2208efea8756edaeb140_NeikiAnalytics.exe C:\Windows\System\cZZGNit.exe
PID 4416 wrote to memory of 2244 N/A C:\Users\Admin\AppData\Local\Temp\4ab71583de0ec8633dff7224bcd36535be1e1400ab5a2208efea8756edaeb140_NeikiAnalytics.exe C:\Windows\System\cZZGNit.exe
PID 4416 wrote to memory of 2600 N/A C:\Users\Admin\AppData\Local\Temp\4ab71583de0ec8633dff7224bcd36535be1e1400ab5a2208efea8756edaeb140_NeikiAnalytics.exe C:\Windows\System\jHSFyES.exe
PID 4416 wrote to memory of 2600 N/A C:\Users\Admin\AppData\Local\Temp\4ab71583de0ec8633dff7224bcd36535be1e1400ab5a2208efea8756edaeb140_NeikiAnalytics.exe C:\Windows\System\jHSFyES.exe
PID 4416 wrote to memory of 1432 N/A C:\Users\Admin\AppData\Local\Temp\4ab71583de0ec8633dff7224bcd36535be1e1400ab5a2208efea8756edaeb140_NeikiAnalytics.exe C:\Windows\System\xRWCIRH.exe
PID 4416 wrote to memory of 1432 N/A C:\Users\Admin\AppData\Local\Temp\4ab71583de0ec8633dff7224bcd36535be1e1400ab5a2208efea8756edaeb140_NeikiAnalytics.exe C:\Windows\System\xRWCIRH.exe
PID 4416 wrote to memory of 1396 N/A C:\Users\Admin\AppData\Local\Temp\4ab71583de0ec8633dff7224bcd36535be1e1400ab5a2208efea8756edaeb140_NeikiAnalytics.exe C:\Windows\System\oprEJKX.exe
PID 4416 wrote to memory of 1396 N/A C:\Users\Admin\AppData\Local\Temp\4ab71583de0ec8633dff7224bcd36535be1e1400ab5a2208efea8756edaeb140_NeikiAnalytics.exe C:\Windows\System\oprEJKX.exe
PID 4416 wrote to memory of 3280 N/A C:\Users\Admin\AppData\Local\Temp\4ab71583de0ec8633dff7224bcd36535be1e1400ab5a2208efea8756edaeb140_NeikiAnalytics.exe C:\Windows\System\cGFLLIJ.exe
PID 4416 wrote to memory of 3280 N/A C:\Users\Admin\AppData\Local\Temp\4ab71583de0ec8633dff7224bcd36535be1e1400ab5a2208efea8756edaeb140_NeikiAnalytics.exe C:\Windows\System\cGFLLIJ.exe
PID 4416 wrote to memory of 572 N/A C:\Users\Admin\AppData\Local\Temp\4ab71583de0ec8633dff7224bcd36535be1e1400ab5a2208efea8756edaeb140_NeikiAnalytics.exe C:\Windows\System\nYIUAoq.exe
PID 4416 wrote to memory of 572 N/A C:\Users\Admin\AppData\Local\Temp\4ab71583de0ec8633dff7224bcd36535be1e1400ab5a2208efea8756edaeb140_NeikiAnalytics.exe C:\Windows\System\nYIUAoq.exe
PID 4416 wrote to memory of 4848 N/A C:\Users\Admin\AppData\Local\Temp\4ab71583de0ec8633dff7224bcd36535be1e1400ab5a2208efea8756edaeb140_NeikiAnalytics.exe C:\Windows\System\UBzsmXZ.exe
PID 4416 wrote to memory of 4848 N/A C:\Users\Admin\AppData\Local\Temp\4ab71583de0ec8633dff7224bcd36535be1e1400ab5a2208efea8756edaeb140_NeikiAnalytics.exe C:\Windows\System\UBzsmXZ.exe
PID 4416 wrote to memory of 3692 N/A C:\Users\Admin\AppData\Local\Temp\4ab71583de0ec8633dff7224bcd36535be1e1400ab5a2208efea8756edaeb140_NeikiAnalytics.exe C:\Windows\System\obDOpGt.exe
PID 4416 wrote to memory of 3692 N/A C:\Users\Admin\AppData\Local\Temp\4ab71583de0ec8633dff7224bcd36535be1e1400ab5a2208efea8756edaeb140_NeikiAnalytics.exe C:\Windows\System\obDOpGt.exe
PID 4416 wrote to memory of 5028 N/A C:\Users\Admin\AppData\Local\Temp\4ab71583de0ec8633dff7224bcd36535be1e1400ab5a2208efea8756edaeb140_NeikiAnalytics.exe C:\Windows\System\QakMBeA.exe
PID 4416 wrote to memory of 5028 N/A C:\Users\Admin\AppData\Local\Temp\4ab71583de0ec8633dff7224bcd36535be1e1400ab5a2208efea8756edaeb140_NeikiAnalytics.exe C:\Windows\System\QakMBeA.exe
PID 4416 wrote to memory of 4276 N/A C:\Users\Admin\AppData\Local\Temp\4ab71583de0ec8633dff7224bcd36535be1e1400ab5a2208efea8756edaeb140_NeikiAnalytics.exe C:\Windows\System\VbMIiSs.exe
PID 4416 wrote to memory of 4276 N/A C:\Users\Admin\AppData\Local\Temp\4ab71583de0ec8633dff7224bcd36535be1e1400ab5a2208efea8756edaeb140_NeikiAnalytics.exe C:\Windows\System\VbMIiSs.exe
PID 4416 wrote to memory of 3216 N/A C:\Users\Admin\AppData\Local\Temp\4ab71583de0ec8633dff7224bcd36535be1e1400ab5a2208efea8756edaeb140_NeikiAnalytics.exe C:\Windows\System\QcLnJSU.exe
PID 4416 wrote to memory of 3216 N/A C:\Users\Admin\AppData\Local\Temp\4ab71583de0ec8633dff7224bcd36535be1e1400ab5a2208efea8756edaeb140_NeikiAnalytics.exe C:\Windows\System\QcLnJSU.exe
PID 4416 wrote to memory of 1040 N/A C:\Users\Admin\AppData\Local\Temp\4ab71583de0ec8633dff7224bcd36535be1e1400ab5a2208efea8756edaeb140_NeikiAnalytics.exe C:\Windows\System\tONtGzt.exe
PID 4416 wrote to memory of 1040 N/A C:\Users\Admin\AppData\Local\Temp\4ab71583de0ec8633dff7224bcd36535be1e1400ab5a2208efea8756edaeb140_NeikiAnalytics.exe C:\Windows\System\tONtGzt.exe
PID 4416 wrote to memory of 4492 N/A C:\Users\Admin\AppData\Local\Temp\4ab71583de0ec8633dff7224bcd36535be1e1400ab5a2208efea8756edaeb140_NeikiAnalytics.exe C:\Windows\System\yhBoden.exe
PID 4416 wrote to memory of 4492 N/A C:\Users\Admin\AppData\Local\Temp\4ab71583de0ec8633dff7224bcd36535be1e1400ab5a2208efea8756edaeb140_NeikiAnalytics.exe C:\Windows\System\yhBoden.exe
PID 4416 wrote to memory of 4652 N/A C:\Users\Admin\AppData\Local\Temp\4ab71583de0ec8633dff7224bcd36535be1e1400ab5a2208efea8756edaeb140_NeikiAnalytics.exe C:\Windows\System\CajkSTd.exe
PID 4416 wrote to memory of 4652 N/A C:\Users\Admin\AppData\Local\Temp\4ab71583de0ec8633dff7224bcd36535be1e1400ab5a2208efea8756edaeb140_NeikiAnalytics.exe C:\Windows\System\CajkSTd.exe
PID 4416 wrote to memory of 1804 N/A C:\Users\Admin\AppData\Local\Temp\4ab71583de0ec8633dff7224bcd36535be1e1400ab5a2208efea8756edaeb140_NeikiAnalytics.exe C:\Windows\System\FXVTOHL.exe
PID 4416 wrote to memory of 1804 N/A C:\Users\Admin\AppData\Local\Temp\4ab71583de0ec8633dff7224bcd36535be1e1400ab5a2208efea8756edaeb140_NeikiAnalytics.exe C:\Windows\System\FXVTOHL.exe
PID 4416 wrote to memory of 4304 N/A C:\Users\Admin\AppData\Local\Temp\4ab71583de0ec8633dff7224bcd36535be1e1400ab5a2208efea8756edaeb140_NeikiAnalytics.exe C:\Windows\System\LdMYmkK.exe
PID 4416 wrote to memory of 4304 N/A C:\Users\Admin\AppData\Local\Temp\4ab71583de0ec8633dff7224bcd36535be1e1400ab5a2208efea8756edaeb140_NeikiAnalytics.exe C:\Windows\System\LdMYmkK.exe
PID 4416 wrote to memory of 4604 N/A C:\Users\Admin\AppData\Local\Temp\4ab71583de0ec8633dff7224bcd36535be1e1400ab5a2208efea8756edaeb140_NeikiAnalytics.exe C:\Windows\System\WiCsvXb.exe
PID 4416 wrote to memory of 4604 N/A C:\Users\Admin\AppData\Local\Temp\4ab71583de0ec8633dff7224bcd36535be1e1400ab5a2208efea8756edaeb140_NeikiAnalytics.exe C:\Windows\System\WiCsvXb.exe
PID 4416 wrote to memory of 2816 N/A C:\Users\Admin\AppData\Local\Temp\4ab71583de0ec8633dff7224bcd36535be1e1400ab5a2208efea8756edaeb140_NeikiAnalytics.exe C:\Windows\System\KCFLoun.exe
PID 4416 wrote to memory of 2816 N/A C:\Users\Admin\AppData\Local\Temp\4ab71583de0ec8633dff7224bcd36535be1e1400ab5a2208efea8756edaeb140_NeikiAnalytics.exe C:\Windows\System\KCFLoun.exe
PID 4416 wrote to memory of 2496 N/A C:\Users\Admin\AppData\Local\Temp\4ab71583de0ec8633dff7224bcd36535be1e1400ab5a2208efea8756edaeb140_NeikiAnalytics.exe C:\Windows\System\BPJITcz.exe
PID 4416 wrote to memory of 2496 N/A C:\Users\Admin\AppData\Local\Temp\4ab71583de0ec8633dff7224bcd36535be1e1400ab5a2208efea8756edaeb140_NeikiAnalytics.exe C:\Windows\System\BPJITcz.exe
PID 4416 wrote to memory of 404 N/A C:\Users\Admin\AppData\Local\Temp\4ab71583de0ec8633dff7224bcd36535be1e1400ab5a2208efea8756edaeb140_NeikiAnalytics.exe C:\Windows\System\DnyOuKP.exe
PID 4416 wrote to memory of 404 N/A C:\Users\Admin\AppData\Local\Temp\4ab71583de0ec8633dff7224bcd36535be1e1400ab5a2208efea8756edaeb140_NeikiAnalytics.exe C:\Windows\System\DnyOuKP.exe
PID 4416 wrote to memory of 4904 N/A C:\Users\Admin\AppData\Local\Temp\4ab71583de0ec8633dff7224bcd36535be1e1400ab5a2208efea8756edaeb140_NeikiAnalytics.exe C:\Windows\System\IZZMxfi.exe
PID 4416 wrote to memory of 4904 N/A C:\Users\Admin\AppData\Local\Temp\4ab71583de0ec8633dff7224bcd36535be1e1400ab5a2208efea8756edaeb140_NeikiAnalytics.exe C:\Windows\System\IZZMxfi.exe
PID 4416 wrote to memory of 1104 N/A C:\Users\Admin\AppData\Local\Temp\4ab71583de0ec8633dff7224bcd36535be1e1400ab5a2208efea8756edaeb140_NeikiAnalytics.exe C:\Windows\System\oAFbgyJ.exe
PID 4416 wrote to memory of 1104 N/A C:\Users\Admin\AppData\Local\Temp\4ab71583de0ec8633dff7224bcd36535be1e1400ab5a2208efea8756edaeb140_NeikiAnalytics.exe C:\Windows\System\oAFbgyJ.exe
PID 4416 wrote to memory of 1696 N/A C:\Users\Admin\AppData\Local\Temp\4ab71583de0ec8633dff7224bcd36535be1e1400ab5a2208efea8756edaeb140_NeikiAnalytics.exe C:\Windows\System\ytxmGJR.exe
PID 4416 wrote to memory of 1696 N/A C:\Users\Admin\AppData\Local\Temp\4ab71583de0ec8633dff7224bcd36535be1e1400ab5a2208efea8756edaeb140_NeikiAnalytics.exe C:\Windows\System\ytxmGJR.exe
PID 4416 wrote to memory of 2408 N/A C:\Users\Admin\AppData\Local\Temp\4ab71583de0ec8633dff7224bcd36535be1e1400ab5a2208efea8756edaeb140_NeikiAnalytics.exe C:\Windows\System\ChCqKBP.exe
PID 4416 wrote to memory of 2408 N/A C:\Users\Admin\AppData\Local\Temp\4ab71583de0ec8633dff7224bcd36535be1e1400ab5a2208efea8756edaeb140_NeikiAnalytics.exe C:\Windows\System\ChCqKBP.exe
PID 4416 wrote to memory of 1064 N/A C:\Users\Admin\AppData\Local\Temp\4ab71583de0ec8633dff7224bcd36535be1e1400ab5a2208efea8756edaeb140_NeikiAnalytics.exe C:\Windows\System\MTyFeth.exe
PID 4416 wrote to memory of 1064 N/A C:\Users\Admin\AppData\Local\Temp\4ab71583de0ec8633dff7224bcd36535be1e1400ab5a2208efea8756edaeb140_NeikiAnalytics.exe C:\Windows\System\MTyFeth.exe
PID 4416 wrote to memory of 3244 N/A C:\Users\Admin\AppData\Local\Temp\4ab71583de0ec8633dff7224bcd36535be1e1400ab5a2208efea8756edaeb140_NeikiAnalytics.exe C:\Windows\System\rtXGlXO.exe
PID 4416 wrote to memory of 3244 N/A C:\Users\Admin\AppData\Local\Temp\4ab71583de0ec8633dff7224bcd36535be1e1400ab5a2208efea8756edaeb140_NeikiAnalytics.exe C:\Windows\System\rtXGlXO.exe
PID 4416 wrote to memory of 3628 N/A C:\Users\Admin\AppData\Local\Temp\4ab71583de0ec8633dff7224bcd36535be1e1400ab5a2208efea8756edaeb140_NeikiAnalytics.exe C:\Windows\System\PVCfvQn.exe
PID 4416 wrote to memory of 3628 N/A C:\Users\Admin\AppData\Local\Temp\4ab71583de0ec8633dff7224bcd36535be1e1400ab5a2208efea8756edaeb140_NeikiAnalytics.exe C:\Windows\System\PVCfvQn.exe
PID 4416 wrote to memory of 4588 N/A C:\Users\Admin\AppData\Local\Temp\4ab71583de0ec8633dff7224bcd36535be1e1400ab5a2208efea8756edaeb140_NeikiAnalytics.exe C:\Windows\System\owGLKGS.exe
PID 4416 wrote to memory of 4588 N/A C:\Users\Admin\AppData\Local\Temp\4ab71583de0ec8633dff7224bcd36535be1e1400ab5a2208efea8756edaeb140_NeikiAnalytics.exe C:\Windows\System\owGLKGS.exe
PID 4416 wrote to memory of 2460 N/A C:\Users\Admin\AppData\Local\Temp\4ab71583de0ec8633dff7224bcd36535be1e1400ab5a2208efea8756edaeb140_NeikiAnalytics.exe C:\Windows\System\uyCtuuN.exe
PID 4416 wrote to memory of 2460 N/A C:\Users\Admin\AppData\Local\Temp\4ab71583de0ec8633dff7224bcd36535be1e1400ab5a2208efea8756edaeb140_NeikiAnalytics.exe C:\Windows\System\uyCtuuN.exe
PID 4416 wrote to memory of 552 N/A C:\Users\Admin\AppData\Local\Temp\4ab71583de0ec8633dff7224bcd36535be1e1400ab5a2208efea8756edaeb140_NeikiAnalytics.exe C:\Windows\System\ocGugGZ.exe
PID 4416 wrote to memory of 552 N/A C:\Users\Admin\AppData\Local\Temp\4ab71583de0ec8633dff7224bcd36535be1e1400ab5a2208efea8756edaeb140_NeikiAnalytics.exe C:\Windows\System\ocGugGZ.exe
PID 4416 wrote to memory of 2236 N/A C:\Users\Admin\AppData\Local\Temp\4ab71583de0ec8633dff7224bcd36535be1e1400ab5a2208efea8756edaeb140_NeikiAnalytics.exe C:\Windows\System\oBspfko.exe
PID 4416 wrote to memory of 2236 N/A C:\Users\Admin\AppData\Local\Temp\4ab71583de0ec8633dff7224bcd36535be1e1400ab5a2208efea8756edaeb140_NeikiAnalytics.exe C:\Windows\System\oBspfko.exe
PID 4416 wrote to memory of 4448 N/A C:\Users\Admin\AppData\Local\Temp\4ab71583de0ec8633dff7224bcd36535be1e1400ab5a2208efea8756edaeb140_NeikiAnalytics.exe C:\Windows\System\Fbvxqtr.exe
PID 4416 wrote to memory of 4448 N/A C:\Users\Admin\AppData\Local\Temp\4ab71583de0ec8633dff7224bcd36535be1e1400ab5a2208efea8756edaeb140_NeikiAnalytics.exe C:\Windows\System\Fbvxqtr.exe

Processes

C:\Users\Admin\AppData\Local\Temp\4ab71583de0ec8633dff7224bcd36535be1e1400ab5a2208efea8756edaeb140_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\4ab71583de0ec8633dff7224bcd36535be1e1400ab5a2208efea8756edaeb140_NeikiAnalytics.exe"

C:\Windows\System\cZZGNit.exe

C:\Windows\System\cZZGNit.exe

C:\Windows\System\jHSFyES.exe

C:\Windows\System\jHSFyES.exe

C:\Windows\System\xRWCIRH.exe

C:\Windows\System\xRWCIRH.exe

C:\Windows\System\oprEJKX.exe

C:\Windows\System\oprEJKX.exe

C:\Windows\System\cGFLLIJ.exe

C:\Windows\System\cGFLLIJ.exe

C:\Windows\System\nYIUAoq.exe

C:\Windows\System\nYIUAoq.exe

C:\Windows\System\UBzsmXZ.exe

C:\Windows\System\UBzsmXZ.exe

C:\Windows\System\obDOpGt.exe

C:\Windows\System\obDOpGt.exe

C:\Windows\System\QakMBeA.exe

C:\Windows\System\QakMBeA.exe

C:\Windows\System\VbMIiSs.exe

C:\Windows\System\VbMIiSs.exe

C:\Windows\System\QcLnJSU.exe

C:\Windows\System\QcLnJSU.exe

C:\Windows\System\tONtGzt.exe

C:\Windows\System\tONtGzt.exe

C:\Windows\System\yhBoden.exe

C:\Windows\System\yhBoden.exe

C:\Windows\System\CajkSTd.exe

C:\Windows\System\CajkSTd.exe

C:\Windows\System\FXVTOHL.exe

C:\Windows\System\FXVTOHL.exe

C:\Windows\System\LdMYmkK.exe

C:\Windows\System\LdMYmkK.exe

C:\Windows\System\WiCsvXb.exe

C:\Windows\System\WiCsvXb.exe

C:\Windows\System\KCFLoun.exe

C:\Windows\System\KCFLoun.exe

C:\Windows\System\BPJITcz.exe

C:\Windows\System\BPJITcz.exe

C:\Windows\System\DnyOuKP.exe

C:\Windows\System\DnyOuKP.exe

C:\Windows\System\IZZMxfi.exe

C:\Windows\System\IZZMxfi.exe

C:\Windows\System\oAFbgyJ.exe

C:\Windows\System\oAFbgyJ.exe

C:\Windows\System\ytxmGJR.exe

C:\Windows\System\ytxmGJR.exe

C:\Windows\System\ChCqKBP.exe

C:\Windows\System\ChCqKBP.exe

C:\Windows\System\MTyFeth.exe

C:\Windows\System\MTyFeth.exe

C:\Windows\System\rtXGlXO.exe

C:\Windows\System\rtXGlXO.exe

C:\Windows\System\PVCfvQn.exe

C:\Windows\System\PVCfvQn.exe

C:\Windows\System\owGLKGS.exe

C:\Windows\System\owGLKGS.exe

C:\Windows\System\uyCtuuN.exe

C:\Windows\System\uyCtuuN.exe

C:\Windows\System\ocGugGZ.exe

C:\Windows\System\ocGugGZ.exe

C:\Windows\System\oBspfko.exe

C:\Windows\System\oBspfko.exe

C:\Windows\System\Fbvxqtr.exe

C:\Windows\System\Fbvxqtr.exe

C:\Windows\System\IRlMRnT.exe

C:\Windows\System\IRlMRnT.exe

C:\Windows\System\csLzFew.exe

C:\Windows\System\csLzFew.exe

C:\Windows\System\xWPaYtc.exe

C:\Windows\System\xWPaYtc.exe

C:\Windows\System\hjxzycB.exe

C:\Windows\System\hjxzycB.exe

C:\Windows\System\HvZwdEr.exe

C:\Windows\System\HvZwdEr.exe

C:\Windows\System\YVAwneq.exe

C:\Windows\System\YVAwneq.exe

C:\Windows\System\KQdwwJx.exe

C:\Windows\System\KQdwwJx.exe

C:\Windows\System\PVWqAeJ.exe

C:\Windows\System\PVWqAeJ.exe

C:\Windows\System\NQVqNIW.exe

C:\Windows\System\NQVqNIW.exe

C:\Windows\System\SCgTVQz.exe

C:\Windows\System\SCgTVQz.exe

C:\Windows\System\qmDmgSb.exe

C:\Windows\System\qmDmgSb.exe

C:\Windows\System\WJDWdag.exe

C:\Windows\System\WJDWdag.exe

C:\Windows\System\GfTVgzy.exe

C:\Windows\System\GfTVgzy.exe

C:\Windows\System\EOaVoEk.exe

C:\Windows\System\EOaVoEk.exe

C:\Windows\System\KZpoZdI.exe

C:\Windows\System\KZpoZdI.exe

C:\Windows\System\mVAoZQF.exe

C:\Windows\System\mVAoZQF.exe

C:\Windows\System\WineVco.exe

C:\Windows\System\WineVco.exe

C:\Windows\System\UstayJA.exe

C:\Windows\System\UstayJA.exe

C:\Windows\System\fNKHOGv.exe

C:\Windows\System\fNKHOGv.exe

C:\Windows\System\mJVGQFN.exe

C:\Windows\System\mJVGQFN.exe

C:\Windows\System\ojrhFlr.exe

C:\Windows\System\ojrhFlr.exe

C:\Windows\System\mZZrVkk.exe

C:\Windows\System\mZZrVkk.exe

C:\Windows\System\Kyswiyx.exe

C:\Windows\System\Kyswiyx.exe

C:\Windows\System\iLJbsll.exe

C:\Windows\System\iLJbsll.exe

C:\Windows\System\UspfJgd.exe

C:\Windows\System\UspfJgd.exe

C:\Windows\System\vxcDCHX.exe

C:\Windows\System\vxcDCHX.exe

C:\Windows\System\cMxQvdv.exe

C:\Windows\System\cMxQvdv.exe

C:\Windows\System\MMjwoKu.exe

C:\Windows\System\MMjwoKu.exe

C:\Windows\System\zJHkQXW.exe

C:\Windows\System\zJHkQXW.exe

C:\Windows\System\LOOmBmk.exe

C:\Windows\System\LOOmBmk.exe

C:\Windows\System\KbYDQWl.exe

C:\Windows\System\KbYDQWl.exe

C:\Windows\System\AIPUgIE.exe

C:\Windows\System\AIPUgIE.exe

C:\Windows\System\COPTxRy.exe

C:\Windows\System\COPTxRy.exe

C:\Windows\System\tkDtbPV.exe

C:\Windows\System\tkDtbPV.exe

C:\Windows\System\IgbTqQT.exe

C:\Windows\System\IgbTqQT.exe

C:\Windows\System\AWkmGbr.exe

C:\Windows\System\AWkmGbr.exe

C:\Windows\System\AfbCzaT.exe

C:\Windows\System\AfbCzaT.exe

C:\Windows\System\bOZseZR.exe

C:\Windows\System\bOZseZR.exe

C:\Windows\System\RnruATz.exe

C:\Windows\System\RnruATz.exe

C:\Windows\System\vmvoYmx.exe

C:\Windows\System\vmvoYmx.exe

C:\Windows\System\wPHSlUl.exe

C:\Windows\System\wPHSlUl.exe

C:\Windows\System\Prpnopq.exe

C:\Windows\System\Prpnopq.exe

C:\Windows\System\SknxDrL.exe

C:\Windows\System\SknxDrL.exe

C:\Windows\System\IweWeZB.exe

C:\Windows\System\IweWeZB.exe

C:\Windows\System\VfJXZhD.exe

C:\Windows\System\VfJXZhD.exe

C:\Windows\System\jPnsETb.exe

C:\Windows\System\jPnsETb.exe

C:\Windows\System\jqgICmb.exe

C:\Windows\System\jqgICmb.exe

C:\Windows\System\pTlJMDX.exe

C:\Windows\System\pTlJMDX.exe

C:\Windows\System\aZTVAIw.exe

C:\Windows\System\aZTVAIw.exe

C:\Windows\System\EpeAIvO.exe

C:\Windows\System\EpeAIvO.exe

C:\Windows\System\OiQIloc.exe

C:\Windows\System\OiQIloc.exe

C:\Windows\System\DfbIFzS.exe

C:\Windows\System\DfbIFzS.exe

C:\Windows\System\wMOnLbX.exe

C:\Windows\System\wMOnLbX.exe

C:\Windows\System\mlUwXFl.exe

C:\Windows\System\mlUwXFl.exe

C:\Windows\System\Pddjuta.exe

C:\Windows\System\Pddjuta.exe

C:\Windows\System\OSHNYQC.exe

C:\Windows\System\OSHNYQC.exe

C:\Windows\System\vaAArDs.exe

C:\Windows\System\vaAArDs.exe

C:\Windows\System\OVpYYKF.exe

C:\Windows\System\OVpYYKF.exe

C:\Windows\System\TNgTxZS.exe

C:\Windows\System\TNgTxZS.exe

C:\Windows\System\JpPuTcs.exe

C:\Windows\System\JpPuTcs.exe

C:\Windows\System\pCfWhQw.exe

C:\Windows\System\pCfWhQw.exe

C:\Windows\System\xkGBEGV.exe

C:\Windows\System\xkGBEGV.exe

C:\Windows\System\AuFogNd.exe

C:\Windows\System\AuFogNd.exe

C:\Windows\System\lCxyKnf.exe

C:\Windows\System\lCxyKnf.exe

C:\Windows\System\EPutdcA.exe

C:\Windows\System\EPutdcA.exe

C:\Windows\System\RIHIKJU.exe

C:\Windows\System\RIHIKJU.exe

C:\Windows\System\mrDQVYV.exe

C:\Windows\System\mrDQVYV.exe

C:\Windows\System\TypCdUJ.exe

C:\Windows\System\TypCdUJ.exe

C:\Windows\System\hVjKDoI.exe

C:\Windows\System\hVjKDoI.exe

C:\Windows\System\iRPktCR.exe

C:\Windows\System\iRPktCR.exe

C:\Windows\System\gxmQTex.exe

C:\Windows\System\gxmQTex.exe

C:\Windows\System\VayJfqW.exe

C:\Windows\System\VayJfqW.exe

C:\Windows\System\aEoeqjs.exe

C:\Windows\System\aEoeqjs.exe

C:\Windows\System\kcGOZpY.exe

C:\Windows\System\kcGOZpY.exe

C:\Windows\System\FbNIspw.exe

C:\Windows\System\FbNIspw.exe

C:\Windows\System\dqtOCZJ.exe

C:\Windows\System\dqtOCZJ.exe

C:\Windows\System\QEXtEFH.exe

C:\Windows\System\QEXtEFH.exe

C:\Windows\System\trfAjlg.exe

C:\Windows\System\trfAjlg.exe

C:\Windows\System\jieuAes.exe

C:\Windows\System\jieuAes.exe

C:\Windows\System\gsPPJJw.exe

C:\Windows\System\gsPPJJw.exe

C:\Windows\System\kHSzMYt.exe

C:\Windows\System\kHSzMYt.exe

C:\Windows\System\tOGJGGr.exe

C:\Windows\System\tOGJGGr.exe

C:\Windows\System\XWpFRZt.exe

C:\Windows\System\XWpFRZt.exe

C:\Windows\System\EMRgyJw.exe

C:\Windows\System\EMRgyJw.exe

C:\Windows\System\dzGbpvm.exe

C:\Windows\System\dzGbpvm.exe

C:\Windows\System\OLGoPOf.exe

C:\Windows\System\OLGoPOf.exe

C:\Windows\System\umAzSPL.exe

C:\Windows\System\umAzSPL.exe

C:\Windows\System\eGxzrgl.exe

C:\Windows\System\eGxzrgl.exe

C:\Windows\System\nokBUTG.exe

C:\Windows\System\nokBUTG.exe

C:\Windows\System\DexgSzU.exe

C:\Windows\System\DexgSzU.exe

C:\Windows\System\RckMDnR.exe

C:\Windows\System\RckMDnR.exe

C:\Windows\System\RVtSSBi.exe

C:\Windows\System\RVtSSBi.exe

C:\Windows\System\ZMAeDNi.exe

C:\Windows\System\ZMAeDNi.exe

C:\Windows\System\jyCrhSZ.exe

C:\Windows\System\jyCrhSZ.exe

C:\Windows\System\geAOjdN.exe

C:\Windows\System\geAOjdN.exe

C:\Windows\System\GIWYSTq.exe

C:\Windows\System\GIWYSTq.exe

C:\Windows\System\oqazzlG.exe

C:\Windows\System\oqazzlG.exe

C:\Windows\System\suDTkBR.exe

C:\Windows\System\suDTkBR.exe

C:\Windows\System\woSbPuN.exe

C:\Windows\System\woSbPuN.exe

C:\Windows\System\cHKVkiD.exe

C:\Windows\System\cHKVkiD.exe

C:\Windows\System\XuXLwbn.exe

C:\Windows\System\XuXLwbn.exe

C:\Windows\System\LIqVrwk.exe

C:\Windows\System\LIqVrwk.exe

C:\Windows\System\nwMJQyB.exe

C:\Windows\System\nwMJQyB.exe

C:\Windows\System\luqUXpi.exe

C:\Windows\System\luqUXpi.exe

C:\Windows\System\dTfcrVl.exe

C:\Windows\System\dTfcrVl.exe

C:\Windows\System\zCVFOge.exe

C:\Windows\System\zCVFOge.exe

C:\Windows\System\eaiqiTj.exe

C:\Windows\System\eaiqiTj.exe

C:\Windows\System\illsMpE.exe

C:\Windows\System\illsMpE.exe

C:\Windows\System\jqsUhnt.exe

C:\Windows\System\jqsUhnt.exe

C:\Windows\System\lYdCDBV.exe

C:\Windows\System\lYdCDBV.exe

C:\Windows\System\iFAucuf.exe

C:\Windows\System\iFAucuf.exe

C:\Windows\System\wXKIejR.exe

C:\Windows\System\wXKIejR.exe

C:\Windows\System\OvMnOvd.exe

C:\Windows\System\OvMnOvd.exe

C:\Windows\System\UmPgwJN.exe

C:\Windows\System\UmPgwJN.exe

C:\Windows\System\RHjwoTT.exe

C:\Windows\System\RHjwoTT.exe

C:\Windows\System\UIBeNWA.exe

C:\Windows\System\UIBeNWA.exe

C:\Windows\System\moyZaet.exe

C:\Windows\System\moyZaet.exe

C:\Windows\System\sdMfkrQ.exe

C:\Windows\System\sdMfkrQ.exe

C:\Windows\System\wdxMHfB.exe

C:\Windows\System\wdxMHfB.exe

C:\Windows\System\xsLSvGH.exe

C:\Windows\System\xsLSvGH.exe

C:\Windows\System\TtsFPrW.exe

C:\Windows\System\TtsFPrW.exe

C:\Windows\System\XvzYqBZ.exe

C:\Windows\System\XvzYqBZ.exe

C:\Windows\System\UmRHvpr.exe

C:\Windows\System\UmRHvpr.exe

C:\Windows\System\PqlLmEN.exe

C:\Windows\System\PqlLmEN.exe

C:\Windows\System\bwuxUtF.exe

C:\Windows\System\bwuxUtF.exe

C:\Windows\System\lvmUJHJ.exe

C:\Windows\System\lvmUJHJ.exe

C:\Windows\System\BmMDyTu.exe

C:\Windows\System\BmMDyTu.exe

C:\Windows\System\oPJuaor.exe

C:\Windows\System\oPJuaor.exe

C:\Windows\System\YyUSOsz.exe

C:\Windows\System\YyUSOsz.exe

C:\Windows\System\gWijfDY.exe

C:\Windows\System\gWijfDY.exe

C:\Windows\System\OLSpfOv.exe

C:\Windows\System\OLSpfOv.exe

C:\Windows\System\CMNBSZA.exe

C:\Windows\System\CMNBSZA.exe

C:\Windows\System\sIJXxTb.exe

C:\Windows\System\sIJXxTb.exe

C:\Windows\System\ApLSxEj.exe

C:\Windows\System\ApLSxEj.exe

C:\Windows\System\SSfNAts.exe

C:\Windows\System\SSfNAts.exe

C:\Windows\System\OJtCPFn.exe

C:\Windows\System\OJtCPFn.exe

C:\Windows\System\zgxSRQC.exe

C:\Windows\System\zgxSRQC.exe

C:\Windows\System\dDQDWZO.exe

C:\Windows\System\dDQDWZO.exe

C:\Windows\System\OZmsEGT.exe

C:\Windows\System\OZmsEGT.exe

C:\Windows\System\vQQKlKO.exe

C:\Windows\System\vQQKlKO.exe

C:\Windows\System\YuNUcfZ.exe

C:\Windows\System\YuNUcfZ.exe

C:\Windows\System\rTxkksH.exe

C:\Windows\System\rTxkksH.exe

C:\Windows\System\oOZghFL.exe

C:\Windows\System\oOZghFL.exe

C:\Windows\System\MsiWlCd.exe

C:\Windows\System\MsiWlCd.exe

C:\Windows\System\PjeeOJm.exe

C:\Windows\System\PjeeOJm.exe

C:\Windows\System\IauaWPv.exe

C:\Windows\System\IauaWPv.exe

C:\Windows\System\NCXRfVE.exe

C:\Windows\System\NCXRfVE.exe

C:\Windows\System\OelTifa.exe

C:\Windows\System\OelTifa.exe

C:\Windows\System\kfXZBwX.exe

C:\Windows\System\kfXZBwX.exe

C:\Windows\System\pZxTvrW.exe

C:\Windows\System\pZxTvrW.exe

C:\Windows\System\HuBCplk.exe

C:\Windows\System\HuBCplk.exe

C:\Windows\System\vMhWxyu.exe

C:\Windows\System\vMhWxyu.exe

C:\Windows\System\XKUIFzJ.exe

C:\Windows\System\XKUIFzJ.exe

C:\Windows\System\lwYsbQr.exe

C:\Windows\System\lwYsbQr.exe

C:\Windows\System\AifvDZU.exe

C:\Windows\System\AifvDZU.exe

C:\Windows\System\zxLUDFY.exe

C:\Windows\System\zxLUDFY.exe

C:\Windows\System\WoPyyqQ.exe

C:\Windows\System\WoPyyqQ.exe

C:\Windows\System\cFnJHkW.exe

C:\Windows\System\cFnJHkW.exe

C:\Windows\System\TgZpNXp.exe

C:\Windows\System\TgZpNXp.exe

C:\Windows\System\qacjYOp.exe

C:\Windows\System\qacjYOp.exe

C:\Windows\System\iurpUPh.exe

C:\Windows\System\iurpUPh.exe

C:\Windows\System\uuWENDy.exe

C:\Windows\System\uuWENDy.exe

C:\Windows\System\XOddEEf.exe

C:\Windows\System\XOddEEf.exe

C:\Windows\System\FXKNsGZ.exe

C:\Windows\System\FXKNsGZ.exe

C:\Windows\System\IGKrERQ.exe

C:\Windows\System\IGKrERQ.exe

C:\Windows\System\jadOeBV.exe

C:\Windows\System\jadOeBV.exe

C:\Windows\System\xVLlPeW.exe

C:\Windows\System\xVLlPeW.exe

C:\Windows\System\RExLDwd.exe

C:\Windows\System\RExLDwd.exe

C:\Windows\System\inRubWA.exe

C:\Windows\System\inRubWA.exe

C:\Windows\System\YmAqxKG.exe

C:\Windows\System\YmAqxKG.exe

C:\Windows\System\NxoyoXM.exe

C:\Windows\System\NxoyoXM.exe

C:\Windows\System\BnEnUrz.exe

C:\Windows\System\BnEnUrz.exe

C:\Windows\System\KDGdltE.exe

C:\Windows\System\KDGdltE.exe

C:\Windows\System\jsfjFte.exe

C:\Windows\System\jsfjFte.exe

C:\Windows\System\EHhtMYm.exe

C:\Windows\System\EHhtMYm.exe

C:\Windows\System\FwKGItk.exe

C:\Windows\System\FwKGItk.exe

C:\Windows\System\aZnCbno.exe

C:\Windows\System\aZnCbno.exe

C:\Windows\System\yJbTcqh.exe

C:\Windows\System\yJbTcqh.exe

C:\Windows\System\XVYOSGy.exe

C:\Windows\System\XVYOSGy.exe

C:\Windows\System\QwpRQfZ.exe

C:\Windows\System\QwpRQfZ.exe

C:\Windows\System\SCluclg.exe

C:\Windows\System\SCluclg.exe

C:\Windows\System\GkxJIKO.exe

C:\Windows\System\GkxJIKO.exe

C:\Windows\System\BpvJniv.exe

C:\Windows\System\BpvJniv.exe

C:\Windows\System\RNWHRgg.exe

C:\Windows\System\RNWHRgg.exe

C:\Windows\System\XooSdIz.exe

C:\Windows\System\XooSdIz.exe

C:\Windows\System\WOEnYPq.exe

C:\Windows\System\WOEnYPq.exe

C:\Windows\System\AhtxGlQ.exe

C:\Windows\System\AhtxGlQ.exe

C:\Windows\System\ZaozURx.exe

C:\Windows\System\ZaozURx.exe

C:\Windows\System\jTtzTCT.exe

C:\Windows\System\jTtzTCT.exe

C:\Windows\System\yqIUkan.exe

C:\Windows\System\yqIUkan.exe

C:\Windows\System\OnDrrwJ.exe

C:\Windows\System\OnDrrwJ.exe

C:\Windows\System\ZCZYPRE.exe

C:\Windows\System\ZCZYPRE.exe

C:\Windows\System\AUnYdwm.exe

C:\Windows\System\AUnYdwm.exe

C:\Windows\System\YRVFlRq.exe

C:\Windows\System\YRVFlRq.exe

C:\Windows\System\UbExAYS.exe

C:\Windows\System\UbExAYS.exe

C:\Windows\System\givtioG.exe

C:\Windows\System\givtioG.exe

C:\Windows\System\yxqOMnC.exe

C:\Windows\System\yxqOMnC.exe

C:\Windows\System\OYYnrDo.exe

C:\Windows\System\OYYnrDo.exe

C:\Windows\System\EXeLoWK.exe

C:\Windows\System\EXeLoWK.exe

C:\Windows\System\NCKOKsO.exe

C:\Windows\System\NCKOKsO.exe

C:\Windows\System\jwDkGbX.exe

C:\Windows\System\jwDkGbX.exe

C:\Windows\System\AMIKGSF.exe

C:\Windows\System\AMIKGSF.exe

C:\Windows\System\GyifYcj.exe

C:\Windows\System\GyifYcj.exe

C:\Windows\System\KNpnSJS.exe

C:\Windows\System\KNpnSJS.exe

C:\Windows\System\jRbKslY.exe

C:\Windows\System\jRbKslY.exe

C:\Windows\System\JjkMLAh.exe

C:\Windows\System\JjkMLAh.exe

C:\Windows\System\IvBskei.exe

C:\Windows\System\IvBskei.exe

C:\Windows\System\TOjberX.exe

C:\Windows\System\TOjberX.exe

C:\Windows\System\lfbwGAR.exe

C:\Windows\System\lfbwGAR.exe

C:\Windows\System\OrZuugw.exe

C:\Windows\System\OrZuugw.exe

C:\Windows\System\ePwFCvJ.exe

C:\Windows\System\ePwFCvJ.exe

C:\Windows\System\pwEesjf.exe

C:\Windows\System\pwEesjf.exe

C:\Windows\System\VqsZqpo.exe

C:\Windows\System\VqsZqpo.exe

C:\Windows\System\qWUyKsE.exe

C:\Windows\System\qWUyKsE.exe

C:\Windows\System\oeLCuVk.exe

C:\Windows\System\oeLCuVk.exe

C:\Windows\System\frjgwcU.exe

C:\Windows\System\frjgwcU.exe

C:\Windows\System\rZpDMxb.exe

C:\Windows\System\rZpDMxb.exe

C:\Windows\System\CVyKLIa.exe

C:\Windows\System\CVyKLIa.exe

C:\Windows\System\VyNMrnY.exe

C:\Windows\System\VyNMrnY.exe

C:\Windows\System\xFLHVze.exe

C:\Windows\System\xFLHVze.exe

C:\Windows\System\BqVCFCK.exe

C:\Windows\System\BqVCFCK.exe

C:\Windows\System\Bcpfogy.exe

C:\Windows\System\Bcpfogy.exe

C:\Windows\System\yiXFlqt.exe

C:\Windows\System\yiXFlqt.exe

C:\Windows\System\IWdhWQl.exe

C:\Windows\System\IWdhWQl.exe

C:\Windows\System\kiErmDj.exe

C:\Windows\System\kiErmDj.exe

C:\Windows\System\awoXipA.exe

C:\Windows\System\awoXipA.exe

C:\Windows\System\kCveOyz.exe

C:\Windows\System\kCveOyz.exe

C:\Windows\System\piSZXkb.exe

C:\Windows\System\piSZXkb.exe

C:\Windows\System\fcBSNpR.exe

C:\Windows\System\fcBSNpR.exe

C:\Windows\System\fjcpvDG.exe

C:\Windows\System\fjcpvDG.exe

C:\Windows\System\HZKFzfl.exe

C:\Windows\System\HZKFzfl.exe

C:\Windows\System\vHaAmjc.exe

C:\Windows\System\vHaAmjc.exe

C:\Windows\System\nGLCmCC.exe

C:\Windows\System\nGLCmCC.exe

C:\Windows\System\EkKtPss.exe

C:\Windows\System\EkKtPss.exe

C:\Windows\System\JGSseWf.exe

C:\Windows\System\JGSseWf.exe

C:\Windows\System\IftKGSI.exe

C:\Windows\System\IftKGSI.exe

C:\Windows\System\HBjnVLz.exe

C:\Windows\System\HBjnVLz.exe

C:\Windows\System\RsHuhOl.exe

C:\Windows\System\RsHuhOl.exe

C:\Windows\System\zRLYOXs.exe

C:\Windows\System\zRLYOXs.exe

C:\Windows\System\pXBiacB.exe

C:\Windows\System\pXBiacB.exe

C:\Windows\System\nHOBuBb.exe

C:\Windows\System\nHOBuBb.exe

C:\Windows\System\ypVkNKv.exe

C:\Windows\System\ypVkNKv.exe

C:\Windows\System\upZSRVn.exe

C:\Windows\System\upZSRVn.exe

C:\Windows\System\pDGpNZK.exe

C:\Windows\System\pDGpNZK.exe

C:\Windows\System\tlMhPIk.exe

C:\Windows\System\tlMhPIk.exe

C:\Windows\System\ojrRdjg.exe

C:\Windows\System\ojrRdjg.exe

C:\Windows\System\OIODVfZ.exe

C:\Windows\System\OIODVfZ.exe

C:\Windows\System\QaUygeD.exe

C:\Windows\System\QaUygeD.exe

C:\Windows\System\nSifZzH.exe

C:\Windows\System\nSifZzH.exe

C:\Windows\System\YMUFHpk.exe

C:\Windows\System\YMUFHpk.exe

C:\Windows\System\iZBKQEL.exe

C:\Windows\System\iZBKQEL.exe

C:\Windows\System\DaAMPwI.exe

C:\Windows\System\DaAMPwI.exe

C:\Windows\System\EwvXjny.exe

C:\Windows\System\EwvXjny.exe

C:\Windows\System\DtzBavZ.exe

C:\Windows\System\DtzBavZ.exe

C:\Windows\System\vfoEeeU.exe

C:\Windows\System\vfoEeeU.exe

C:\Windows\System\oKglDdj.exe

C:\Windows\System\oKglDdj.exe

C:\Windows\System\BZreuaP.exe

C:\Windows\System\BZreuaP.exe

C:\Windows\System\DRiSirt.exe

C:\Windows\System\DRiSirt.exe

C:\Windows\System\keFfidC.exe

C:\Windows\System\keFfidC.exe

C:\Windows\System\DoeSjtj.exe

C:\Windows\System\DoeSjtj.exe

C:\Windows\System\WIKsuRi.exe

C:\Windows\System\WIKsuRi.exe

C:\Windows\System\wfKaHkQ.exe

C:\Windows\System\wfKaHkQ.exe

C:\Windows\System\ezCVZhI.exe

C:\Windows\System\ezCVZhI.exe

C:\Windows\System\esTEqyG.exe

C:\Windows\System\esTEqyG.exe

C:\Windows\System\lbGtmHu.exe

C:\Windows\System\lbGtmHu.exe

C:\Windows\System\dmwBHtC.exe

C:\Windows\System\dmwBHtC.exe

C:\Windows\System\TXJAJZs.exe

C:\Windows\System\TXJAJZs.exe

C:\Windows\System\BOiEZpB.exe

C:\Windows\System\BOiEZpB.exe

C:\Windows\System\PvcSUGh.exe

C:\Windows\System\PvcSUGh.exe

C:\Windows\System\bDoZQWH.exe

C:\Windows\System\bDoZQWH.exe

C:\Windows\System\hfuXCEP.exe

C:\Windows\System\hfuXCEP.exe

C:\Windows\System\HScvCHS.exe

C:\Windows\System\HScvCHS.exe

C:\Windows\System\zuVIANj.exe

C:\Windows\System\zuVIANj.exe

C:\Windows\System\hCHsjZy.exe

C:\Windows\System\hCHsjZy.exe

C:\Windows\System\kucPAKy.exe

C:\Windows\System\kucPAKy.exe

C:\Windows\System\YpbGEUD.exe

C:\Windows\System\YpbGEUD.exe

C:\Windows\System\JOMvGqj.exe

C:\Windows\System\JOMvGqj.exe

C:\Windows\System\mnpFOwV.exe

C:\Windows\System\mnpFOwV.exe

C:\Windows\System\RZKyZDr.exe

C:\Windows\System\RZKyZDr.exe

C:\Windows\System\krRcexQ.exe

C:\Windows\System\krRcexQ.exe

C:\Windows\System\fzrzMFx.exe

C:\Windows\System\fzrzMFx.exe

C:\Windows\System\gPUXYTv.exe

C:\Windows\System\gPUXYTv.exe

C:\Windows\System\EPtIIwp.exe

C:\Windows\System\EPtIIwp.exe

C:\Windows\System\LZzjmnL.exe

C:\Windows\System\LZzjmnL.exe

C:\Windows\System\KGbfdvG.exe

C:\Windows\System\KGbfdvG.exe

C:\Windows\System\CjJOXGO.exe

C:\Windows\System\CjJOXGO.exe

C:\Windows\System\tciyzPf.exe

C:\Windows\System\tciyzPf.exe

C:\Windows\System\oHqZtmK.exe

C:\Windows\System\oHqZtmK.exe

C:\Windows\System\iZjZWUM.exe

C:\Windows\System\iZjZWUM.exe

C:\Windows\System\kAFxYiE.exe

C:\Windows\System\kAFxYiE.exe

C:\Windows\System\XLoJUvz.exe

C:\Windows\System\XLoJUvz.exe

C:\Windows\System\KWLunjM.exe

C:\Windows\System\KWLunjM.exe

C:\Windows\System\wUDHZaU.exe

C:\Windows\System\wUDHZaU.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4020 --field-trial-handle=2248,i,10247514684337323751,15511974759131734137,262144 --variations-seed-version /prefetch:8

Network

Country Destination Domain Proto
US 8.8.8.8:53 228.249.119.40.in-addr.arpa udp
US 8.8.8.8:53 249.197.17.2.in-addr.arpa udp
US 20.231.121.79:80 tcp
DE 3.120.209.58:8080 tcp
US 8.8.8.8:53 76.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 157.123.68.40.in-addr.arpa udp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
US 13.107.246.64:443 tcp
US 8.8.8.8:53 92.12.20.2.in-addr.arpa udp
US 8.8.8.8:53 232.168.11.51.in-addr.arpa udp
US 8.8.8.8:53 149.220.183.52.in-addr.arpa udp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp
US 8.8.8.8:53 22.236.111.52.in-addr.arpa udp
US 8.8.8.8:53 240.197.17.2.in-addr.arpa udp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp
US 8.8.8.8:53 210.143.182.52.in-addr.arpa udp

Files

memory/4416-0-0x00000000001F0000-0x0000000000200000-memory.dmp

C:\Windows\System\cZZGNit.exe

MD5 8be89beae82cb449b75ea95c22a2567a
SHA1 faacbeeafaa3b8afd363c172c3350d56b0c0d5d8
SHA256 3b922af32f687adc0e1ca1ccb90e14319bba4960c7217c148af539a759780f37
SHA512 4932aac013a416c2053e0c0fd65a98ddc5d4d458a8a6acf23f091cc3a3b65dbf7066e269254bb409058a7ed7a75b9053326c442bd93d7bc15c50b2a19878a836

C:\Windows\System\jHSFyES.exe

MD5 e7b0ba97cbbb62aa495f5f67e592dd41
SHA1 1d1dcf28f3514cf839d7a8b4b2e830c0abcb2291
SHA256 287e3567327f6f419f54392c018c158450d7cbb466d3c4ddecfd4aa2e85f0588
SHA512 76b8b31a596e4136d24c0939f676dc3dd9595dd72ab9dff8e3a77e50d773258a175b87e3d6a42c7f00396ad51791c330968f576df405bc3dcbb98e1f9eecc0cb

C:\Windows\System\xRWCIRH.exe

MD5 7686230c638e7cef5ce92895be4339fb
SHA1 b48c6ecfdc20e9682a5d38dafc1c073efd5f6560
SHA256 cf074c9ff13cc54f2c6edbd9534db3ed39120287d76fcd167b212b5477e64c16
SHA512 362c33191c16e7801474fc8bd4c5a86c37eb88444889aecb3d0d583ca0cb048fe3e36448977a4d962985a130d6025412f68fe5388f6a9c59cd3039a87edf4d4d

C:\Windows\System\oprEJKX.exe

MD5 0d5f8f2c569f2ded8b1e415de29deb6d
SHA1 5a7cdec0242337e70bbcf74e2e866da45f46eb4c
SHA256 b88010ab091c886ba9978151fa01e1d9ed5bbae7bfe7d39cd96318097028a52f
SHA512 ab0d3d6fb246750c69e8c3d3483eb99be2d43aa253116ce82af02d11cfd7ae5f436dc0a0cf7b4562c1d1e9e2afc5c8644eee3467aa93b378a9e75850a3bdf27c

C:\Windows\System\cGFLLIJ.exe

MD5 0d0f8167f31109e3f6231ca0f536d5f5
SHA1 6458348d96e62d78ec77a807aa7418c543e6c5bb
SHA256 bbfa3d79f0c282fb14451920b12e0c9e3765b1efde9fa4ec9658716cdeeefd2d
SHA512 de039658221c0c7052c1b12773cb82a9edb70565425d74b385f73456c1510c2060b1dd66623afb2faa0d7f04f7f9077b9e2198a1b75e251c07a239657bf80fa3

C:\Windows\System\nYIUAoq.exe

MD5 ade61fca7328f3d0a1be050c2f6bb84b
SHA1 1657308c49be5102b1f22ec4a02c5406c3f320da
SHA256 d0888693b29a5b0515ae2d5ce2bf1e2806c876b590102d8e8d85eda4dcd4ac57
SHA512 4d81010c65513679b465fe268fd4ebb0df17ee3d009b6b12cf9662336f5912e7b182e34bf015d4a70b76eaefc3753dbd7d8e56fc7ae34e866ac10c6b02ec3623

C:\Windows\System\UBzsmXZ.exe

MD5 d2e4cb05d52d4b1b95e18a280b233d09
SHA1 e1111081a24017d489a88f96e20e8f90765a5de9
SHA256 d95d18947c8bd1dca98f1e468d60a2f376a0e2aba8ab33ff46ee20532eba6d33
SHA512 d57e5a2880431f69289bc8e4f43420ce08f4c2fd6afdcfac0af3a73bef84dbd2774c00f047edbd9d185a69b5c377d05bd4ea661a9e98983dcebe0b500db9b5db

C:\Windows\System\obDOpGt.exe

MD5 9f2558f7e1543fdaf4e04d47b3608a5e
SHA1 12cb45bbca266085f26b689b08d409f58c783ce9
SHA256 20aa42836f47ba20661145486b4025c36d2ec7befcf52fb4c47d46f02fb9a9c1
SHA512 b3e765f6bce7309756843bafef64924a9151fc3f012a2f9f0e7c3434bf3dfdb3abea2d5eeef32e1cf8d697a28e6c82bfe02aa01e156590033ed3d5599c250be9

C:\Windows\System\QakMBeA.exe

MD5 2d192087ee132f3d83f9b9d90ad0e59e
SHA1 1d28da4d1b1994174ad82b5e17582f81bafdd9d6
SHA256 f0614f935b1e43e27d19559efcd1d2d84a43fd03d76344eb4b5239473238e3eb
SHA512 e663d23cc44c03dbcf43b43d31b31630480456b9a56890f4024e9a7376ba221f8a1d31bcd219197d3a4c56324eb36a12f7a205fac877789c523bb6e7fc5bbe2c

C:\Windows\System\VbMIiSs.exe

MD5 589238ea6b4cd5fa798c1c8a86d4a9b1
SHA1 e3cc2efbfd0ac6dc073c9ad747d552d096773ca7
SHA256 3b8ee5e3345d3014fa476ee898cd1039407cdf5ba86afdf093a7966233fcc276
SHA512 f888e9d9a6ef8ed9b477bd5fdadf9266d5414e5dcae18cf476d99928a7d2ab968188e96be916ab1cd9c6031157ce41b85464f40b0b485ee9e31170d06fd83a42

C:\Windows\System\QcLnJSU.exe

MD5 a8dcc6d10c3776040cdad1f908c4573a
SHA1 9e476f9a323542fd8e384cf22d92860afa17b018
SHA256 11d93527c508396c1fbf2b8424970c37841e3737ecbb5acc76dae62e7a83dcfe
SHA512 67d1e76d478c0ee230ecdd6a858b46f147d878c48cc4230aef5f177a50551cf2de3564f907cd54a30a09183609d7803e78f9bddf76c1c59155c5e7bea46fe58b

C:\Windows\System\tONtGzt.exe

MD5 f0875c781efab2f7bad9bd02d3d9bfdf
SHA1 5df44466d696770c21ce987eebbeb8bc780b319d
SHA256 89bd1cb4fb4457f6f422b5e992397f3230b64e31bb283b3645a51167c87756e7
SHA512 c38aeda789595193d175d78db5371caa8d6fda8e455cc1353e1d18024cfeaf4d597ee137ab69611be85e7026a2deb18627fb8cc94467982bd0c5cc872ba909ca

C:\Windows\System\yhBoden.exe

MD5 8c6d33e68335e9913e7393af45bd97a1
SHA1 c98bd313a57427e7c7d9993765bb32ae8a74392d
SHA256 526d7b4b70f74fea401a2c84d44e59751d5b75690a8e4fc58c82bb371c69e0de
SHA512 9344ca5135b35f7d35987b13e8bed0f69458fee3a830c4554cf35f0b3fd103e4e2c3ef6ff25d68582b4d5218168d7be5fc32d224c089997370f43d5ccb4ae56a

C:\Windows\System\CajkSTd.exe

MD5 f38fb0d15453effb2562bef9fec6f6a4
SHA1 bbba1c67c596761916e1bc864300a5ac54f925ec
SHA256 99538538958ea2f40cde866d51edd986ecf5ad7baa8a59537ee59e63ab11fb9a
SHA512 3d00a5e8fd233d603e9f07b9d21aeefed9d85f5c9ba16a404d80981bcb05d359ed7e291697cecffdd88e8b0ebaf9631a06455c191abb45196e4e0987f8944268

C:\Windows\System\FXVTOHL.exe

MD5 2fff6cf6802b802b093addffe4ceb9bf
SHA1 47e1243926fe4a10707b5524d182ba75bf27656b
SHA256 e7df8942724a5a94677a62cc1f3545588181426675b367f02354396332d080d1
SHA512 85a4789fed8f4da85bb9dab9693b41eb0c37411939ba1c0b49e562e6c9917f5ad373362048bdf3a67c269ec4f5616fdafa558b130ae24fe6799fd09f3b410fb3

C:\Windows\System\LdMYmkK.exe

MD5 21c4898277e2642b89a3e4cd15301693
SHA1 7ba9514f6308a70a8f4bf965c5a40e4622feee50
SHA256 fefca73ff898d4baa19dfe53bc4fd49cd9b3abed43b12ab7ed508ac6e2280fc4
SHA512 8add65b63618cb2c50d62f24828ecc940df5af7e018708c533d1f09585fb021b68b8009624ae1f20df4653dbd9243ba1a1fa913f9dbbd4286b18bf5bb9bc4baa

C:\Windows\System\WiCsvXb.exe

MD5 a12ac59e393fd5aa9f7a4acde79f38f9
SHA1 700616bbfca25d581c161be49765f6a779890e10
SHA256 da31d78b5cdf17486e8aecba78f14cc9f991d999929771ed3b27feb5bea1b253
SHA512 2f90f7d92da89e6ad73b9733fd48ac02348a3eaa1cdfebb12224dafab35241817d8cccd73ba6b856838084fc33a3e37432b13b98f5cf15c090780247cb8b8440

C:\Windows\System\KCFLoun.exe

MD5 2490979a3ee57eebbd29d070f9bb394f
SHA1 1f43d69ee789fc3b30169f68e49a03dc50e99189
SHA256 4c2a750750f4e22a2f4016f0daceccbc93f064dbeca16a21d63a6f020764ca81
SHA512 07f81059522fcef132edbf54507e70398901bd392caaacceb290bce0aa8994b1ca5e7ddeff5e3f4f3ddabac08656f89159746c72471019ce48fdf6b920d0f965

C:\Windows\System\BPJITcz.exe

MD5 52083f0afec3f58916b5a9cd3edd9267
SHA1 cfa84bb2fb8e6571b7fe07f0145049dd7285370c
SHA256 a2f929481c4a3a1b0fd25cb8b22ad5204b31779726c07a3b08f60c969b065b01
SHA512 15f45464a5abf7660e4ed9d8eb821c63fa76785b57f43e57b3b36e76307b21bf251aaf1e0c4e1095d73374aee2f467292c43728a9af3f452573ce1b668b97fcd

C:\Windows\System\DnyOuKP.exe

MD5 78e99350df4e775d84ddb206171ce81c
SHA1 cb4d8862c0c571b7d845a27e516b579b463fd54a
SHA256 d0a4622040a10ad6d59d8517db00163b94c3860968fc094657a95cc55ebdc603
SHA512 d1edc4cbd587213007d180a260a8e7d81970afee99fc7e0159fa20b30532be94daa34e92041290c1ddc26d9bad9cef412ddf4a58be9a5eec29d808f5c4fb7ad8

C:\Windows\System\IZZMxfi.exe

MD5 fac9bd72507040cb2d934af7222d1a33
SHA1 a28c24842a601cf58ef1218e463fd6b317a9421e
SHA256 5ab6ec19b2c13e378bb60fae795dcc384988287f18bfb8c51290e9fb0a12b40c
SHA512 f5b066e84472a9be4a2ae74f27783f93f7f13939b8c78c0030fd240f5e8539e07664776bd9c4efeaf5b50daa0719f644244e4c222373d04ca4a16ba8e660fd5f

C:\Windows\System\oAFbgyJ.exe

MD5 8800c772dfad55b9987f1fd092e13664
SHA1 5bbb8da7c9494d5d9e82b7536bff877d27de3bc2
SHA256 e7e967c3c202eefecfc44f991fd43cdf22a642ce98d3a9feacb1b7230e06dfe7
SHA512 c5bb873e919d771debc660e05d2bc96f61124cb40c1295ed4e1865a3ff363a6a6317759390b834e90f5c65d8c8e02a46dd0df0afdef7587103cb73d9c1afaa14

C:\Windows\System\ytxmGJR.exe

MD5 7729bbbde696edbf1a39ba04784591d9
SHA1 4d3f94710043964321b2ebdfcded7f95ef2ae853
SHA256 890e467d490ac0a598f57c67e5d6e142c813fe004eb7b4429d76731ca84c190f
SHA512 1268aea13fd3d4ca23dc466248c83273fcb2fe09ca9cdbe1a76788869f9fc093f28e38875eb3de3730276ae128487b5d844a8cb971bcd824d773f7d3307768f1

C:\Windows\System\ChCqKBP.exe

MD5 e605c29359c77017fad798336e6ad428
SHA1 a4055b68bf64f708744ef9e935fcd0b6d46c39db
SHA256 5e28615917996e8dc08ccae8b510e1b1c019bea8a4c98fd81f7b446fcb12f25b
SHA512 b5ae952ac5e90b862eb972794f5ff7f7d2b9597633b701c13e0aae09800ee4abf934552212c159582cd4aa07f274dbb9633cbb6822f3c603ee824c8586277a74

C:\Windows\System\MTyFeth.exe

MD5 5f12b5277ed737912b03b32cf023b807
SHA1 859e8f94d741c9205d438a1f08033e34c8927a8d
SHA256 ccbda952030b5a3b457ab65f105741713c78ca8dc096ccaec23c22a63aa98cf3
SHA512 2a838ce323d5dbeec8d64ba2d93e17140cd6cc764586d402e72db41801cd97507419bd8fdd47099c6a3154f6c87b8d62c1b89f4b0372c778354001428341033a

C:\Windows\System\rtXGlXO.exe

MD5 8fb4b45e0fd95df7a26ef60d26111a71
SHA1 3412e2d74c7b75ff0e7ce21393e02eefb1fd7b79
SHA256 b27b6a7b26ea7b2589bc10b7fb75b44e1b21707680870019c4473c8d84b8c530
SHA512 78a52745a8ca31ef2f524c0ffac2b3d1dd1a65fff700db4bbd81f4662214d082a0a6d6042f1cb26ecc8b9e9d6ef106605d67fd8663add4bba18e678b110d7911

C:\Windows\System\PVCfvQn.exe

MD5 e0baf75e894f92e4e51e0c955afaef9f
SHA1 d32f9910798b90db944a0afdf5d1f34c7d37fa66
SHA256 359d9576df925cc72d5776d4dcc2321b06489e31b5a13cbcf7c9228181a4c40d
SHA512 daa5f857f529e98ea1dc2f3d1e5dc12121765987025a946baf77c6fa6c2549e7db2990691d2765b3981f9e99951a2f697488f3af70e1f6c1a809afbf40cc7f8f

C:\Windows\System\owGLKGS.exe

MD5 82b631900720873dae2de4dbc968062b
SHA1 791857e18f7b7b4b5a7aab9eff657ee4d0ce382a
SHA256 770b9ad5f148e761fda83058827964583244f0443ce004cc810316d020819b89
SHA512 5ee59040fca5054cae994a3799cef893319f4ac880bb853156bac31a60f23f6244b705927a8d18e20d32112a5ac47b5f145a5705b7dc1e1df54762cfe8c9ed37

C:\Windows\System\uyCtuuN.exe

MD5 cbd89f6018d627cb1e3b95d2e93011d8
SHA1 4eed7397f8284be4906fa7595d4a8f4b68826ad8
SHA256 2e63074893cad82e8edabadc9b0b21a1b8b40df235c06aac53a949ff7395e885
SHA512 cb6ef9e19338af8f46eb79fe07fbc7078a41430da4346ca06f92156d2c09297810561b74ebb92ec220f66fd383703f2e0a288f238481c5596054c7e5d61fed84

C:\Windows\System\ocGugGZ.exe

MD5 f930ebc5c453323947e2f30646ba7f73
SHA1 2f92cd1f0e7854b88f34eeb4e72e58feccd167d5
SHA256 60c426a5436e61b6983657f5bf1289cbef26a0583282595187978177fa872f31
SHA512 de0281910f119290b7b08b74607ec021e5670a59be1614596a8b8d5e8988f107ec7dfb8c5a63ead1170f82d4a23d47cc51830b17cedec5f2b7430df609519842

C:\Windows\System\oBspfko.exe

MD5 d9580eb02631428089c02c97874872ef
SHA1 56751c9893efdea3d18dd8d3f6e130fdb9ff0160
SHA256 c6ef6ce963880ff5ff12b38608ce6c24dbf9225285a2e630b945938f3ebe8ae1
SHA512 2dc24c1fe7c5a323179d5c3ccd67219b96f920fcc5c23375ea35e93fb4c666a3f7f37b9c77563083ae10c6f7b03289d58ef93d712b727c64137e8257b7f95ed8

C:\Windows\System\Fbvxqtr.exe

MD5 87ca60a70741932e1221570d2c0f7670
SHA1 f9b4ede1b1ef7110f46da12a2abc21ee33b84fb4
SHA256 f5191bf5ab0507c040dc5f826868ec8619128258e8575d033ce0b2cdadff7d58
SHA512 2d30f6883e8ec73e49a51ae378059893a97a36ccd2aa2b29fdd77e04ca04d0215d8af536e799aea90aba6820cd9f262e60ef06b828dc695dec80cc210ed8d7e0

C:\Windows\System\IRlMRnT.exe

MD5 bb39647dc1dda5aa866ec6273deadf39
SHA1 0b10afc629df7402d3f39435ed29718a496861d9
SHA256 faac2ab204703a19492e8fce056567d7bee604d26117a7f0fc44b3118c8b1cda
SHA512 3706d42b387cd383f2fd92fbd3b766491ee804952b59dc062200bccbd4b38dbf2b9cee099fe085e8302a67a3d454b593d82c9f74b6c5ee25dae4557969afb917

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-25 08:58

Reported

2024-06-25 09:00

Platform

win7-20231129-en

Max time kernel

137s

Max time network

147s

Command Line

"C:\Users\Admin\AppData\Local\Temp\4ab71583de0ec8633dff7224bcd36535be1e1400ab5a2208efea8756edaeb140_NeikiAnalytics.exe"

Signatures

KPOT

trojan stealer kpot

KPOT Core Executable

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

xmrig

miner xmrig

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Windows\System\LPMyoNn.exe N/A
N/A N/A C:\Windows\System\BozxnAN.exe N/A
N/A N/A C:\Windows\System\uHSDrIr.exe N/A
N/A N/A C:\Windows\System\xaqvJTj.exe N/A
N/A N/A C:\Windows\System\rLckIMT.exe N/A
N/A N/A C:\Windows\System\TFLdajZ.exe N/A
N/A N/A C:\Windows\System\epVbamv.exe N/A
N/A N/A C:\Windows\System\qbRbvXa.exe N/A
N/A N/A C:\Windows\System\NRKgocy.exe N/A
N/A N/A C:\Windows\System\yhmBwxD.exe N/A
N/A N/A C:\Windows\System\BNyjOHt.exe N/A
N/A N/A C:\Windows\System\BviFnzU.exe N/A
N/A N/A C:\Windows\System\asQZYvp.exe N/A
N/A N/A C:\Windows\System\Rkzmnbt.exe N/A
N/A N/A C:\Windows\System\SqBnWuL.exe N/A
N/A N/A C:\Windows\System\KzZwlXM.exe N/A
N/A N/A C:\Windows\System\zXJJiNS.exe N/A
N/A N/A C:\Windows\System\QUXErqv.exe N/A
N/A N/A C:\Windows\System\PTQwzfB.exe N/A
N/A N/A C:\Windows\System\nxkVTcq.exe N/A
N/A N/A C:\Windows\System\DFmRTku.exe N/A
N/A N/A C:\Windows\System\mMaTJSL.exe N/A
N/A N/A C:\Windows\System\oQsfkdt.exe N/A
N/A N/A C:\Windows\System\kzkYLZL.exe N/A
N/A N/A C:\Windows\System\JRUyRAu.exe N/A
N/A N/A C:\Windows\System\pdDByzk.exe N/A
N/A N/A C:\Windows\System\XVAHqdh.exe N/A
N/A N/A C:\Windows\System\DQdSuUz.exe N/A
N/A N/A C:\Windows\System\eKbRNWJ.exe N/A
N/A N/A C:\Windows\System\SATKZjw.exe N/A
N/A N/A C:\Windows\System\gmucjmk.exe N/A
N/A N/A C:\Windows\System\BOAfykM.exe N/A
N/A N/A C:\Windows\System\CcsblTG.exe N/A
N/A N/A C:\Windows\System\ojwZmdT.exe N/A
N/A N/A C:\Windows\System\loeHDab.exe N/A
N/A N/A C:\Windows\System\IbbGHOR.exe N/A
N/A N/A C:\Windows\System\YTamqeE.exe N/A
N/A N/A C:\Windows\System\XiFgdmI.exe N/A
N/A N/A C:\Windows\System\VnawNOE.exe N/A
N/A N/A C:\Windows\System\vKYEVmx.exe N/A
N/A N/A C:\Windows\System\khpklNq.exe N/A
N/A N/A C:\Windows\System\qTjIxPN.exe N/A
N/A N/A C:\Windows\System\oWRxxeO.exe N/A
N/A N/A C:\Windows\System\FIYFZJE.exe N/A
N/A N/A C:\Windows\System\rJYwRww.exe N/A
N/A N/A C:\Windows\System\PUWXpAW.exe N/A
N/A N/A C:\Windows\System\LuPQHri.exe N/A
N/A N/A C:\Windows\System\MJDsqsJ.exe N/A
N/A N/A C:\Windows\System\vefewNW.exe N/A
N/A N/A C:\Windows\System\lFsENUn.exe N/A
N/A N/A C:\Windows\System\FjhVuWY.exe N/A
N/A N/A C:\Windows\System\yRYIkMF.exe N/A
N/A N/A C:\Windows\System\TWgPRCG.exe N/A
N/A N/A C:\Windows\System\YINhbmW.exe N/A
N/A N/A C:\Windows\System\jxWwgPU.exe N/A
N/A N/A C:\Windows\System\XqnafFE.exe N/A
N/A N/A C:\Windows\System\aJBgFdD.exe N/A
N/A N/A C:\Windows\System\snxLqQU.exe N/A
N/A N/A C:\Windows\System\NGWksHp.exe N/A
N/A N/A C:\Windows\System\tuZYTNT.exe N/A
N/A N/A C:\Windows\System\RJLwhci.exe N/A
N/A N/A C:\Windows\System\kmhXYxU.exe N/A
N/A N/A C:\Windows\System\LjuJnce.exe N/A
N/A N/A C:\Windows\System\XqvUaRh.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\4ab71583de0ec8633dff7224bcd36535be1e1400ab5a2208efea8756edaeb140_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4ab71583de0ec8633dff7224bcd36535be1e1400ab5a2208efea8756edaeb140_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4ab71583de0ec8633dff7224bcd36535be1e1400ab5a2208efea8756edaeb140_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4ab71583de0ec8633dff7224bcd36535be1e1400ab5a2208efea8756edaeb140_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4ab71583de0ec8633dff7224bcd36535be1e1400ab5a2208efea8756edaeb140_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4ab71583de0ec8633dff7224bcd36535be1e1400ab5a2208efea8756edaeb140_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4ab71583de0ec8633dff7224bcd36535be1e1400ab5a2208efea8756edaeb140_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4ab71583de0ec8633dff7224bcd36535be1e1400ab5a2208efea8756edaeb140_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4ab71583de0ec8633dff7224bcd36535be1e1400ab5a2208efea8756edaeb140_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4ab71583de0ec8633dff7224bcd36535be1e1400ab5a2208efea8756edaeb140_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4ab71583de0ec8633dff7224bcd36535be1e1400ab5a2208efea8756edaeb140_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4ab71583de0ec8633dff7224bcd36535be1e1400ab5a2208efea8756edaeb140_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4ab71583de0ec8633dff7224bcd36535be1e1400ab5a2208efea8756edaeb140_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4ab71583de0ec8633dff7224bcd36535be1e1400ab5a2208efea8756edaeb140_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4ab71583de0ec8633dff7224bcd36535be1e1400ab5a2208efea8756edaeb140_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4ab71583de0ec8633dff7224bcd36535be1e1400ab5a2208efea8756edaeb140_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4ab71583de0ec8633dff7224bcd36535be1e1400ab5a2208efea8756edaeb140_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4ab71583de0ec8633dff7224bcd36535be1e1400ab5a2208efea8756edaeb140_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4ab71583de0ec8633dff7224bcd36535be1e1400ab5a2208efea8756edaeb140_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4ab71583de0ec8633dff7224bcd36535be1e1400ab5a2208efea8756edaeb140_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4ab71583de0ec8633dff7224bcd36535be1e1400ab5a2208efea8756edaeb140_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4ab71583de0ec8633dff7224bcd36535be1e1400ab5a2208efea8756edaeb140_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4ab71583de0ec8633dff7224bcd36535be1e1400ab5a2208efea8756edaeb140_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4ab71583de0ec8633dff7224bcd36535be1e1400ab5a2208efea8756edaeb140_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4ab71583de0ec8633dff7224bcd36535be1e1400ab5a2208efea8756edaeb140_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4ab71583de0ec8633dff7224bcd36535be1e1400ab5a2208efea8756edaeb140_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4ab71583de0ec8633dff7224bcd36535be1e1400ab5a2208efea8756edaeb140_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4ab71583de0ec8633dff7224bcd36535be1e1400ab5a2208efea8756edaeb140_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4ab71583de0ec8633dff7224bcd36535be1e1400ab5a2208efea8756edaeb140_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4ab71583de0ec8633dff7224bcd36535be1e1400ab5a2208efea8756edaeb140_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4ab71583de0ec8633dff7224bcd36535be1e1400ab5a2208efea8756edaeb140_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4ab71583de0ec8633dff7224bcd36535be1e1400ab5a2208efea8756edaeb140_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4ab71583de0ec8633dff7224bcd36535be1e1400ab5a2208efea8756edaeb140_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4ab71583de0ec8633dff7224bcd36535be1e1400ab5a2208efea8756edaeb140_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4ab71583de0ec8633dff7224bcd36535be1e1400ab5a2208efea8756edaeb140_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4ab71583de0ec8633dff7224bcd36535be1e1400ab5a2208efea8756edaeb140_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4ab71583de0ec8633dff7224bcd36535be1e1400ab5a2208efea8756edaeb140_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4ab71583de0ec8633dff7224bcd36535be1e1400ab5a2208efea8756edaeb140_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4ab71583de0ec8633dff7224bcd36535be1e1400ab5a2208efea8756edaeb140_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4ab71583de0ec8633dff7224bcd36535be1e1400ab5a2208efea8756edaeb140_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4ab71583de0ec8633dff7224bcd36535be1e1400ab5a2208efea8756edaeb140_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4ab71583de0ec8633dff7224bcd36535be1e1400ab5a2208efea8756edaeb140_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4ab71583de0ec8633dff7224bcd36535be1e1400ab5a2208efea8756edaeb140_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4ab71583de0ec8633dff7224bcd36535be1e1400ab5a2208efea8756edaeb140_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4ab71583de0ec8633dff7224bcd36535be1e1400ab5a2208efea8756edaeb140_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4ab71583de0ec8633dff7224bcd36535be1e1400ab5a2208efea8756edaeb140_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4ab71583de0ec8633dff7224bcd36535be1e1400ab5a2208efea8756edaeb140_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4ab71583de0ec8633dff7224bcd36535be1e1400ab5a2208efea8756edaeb140_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4ab71583de0ec8633dff7224bcd36535be1e1400ab5a2208efea8756edaeb140_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4ab71583de0ec8633dff7224bcd36535be1e1400ab5a2208efea8756edaeb140_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4ab71583de0ec8633dff7224bcd36535be1e1400ab5a2208efea8756edaeb140_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4ab71583de0ec8633dff7224bcd36535be1e1400ab5a2208efea8756edaeb140_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4ab71583de0ec8633dff7224bcd36535be1e1400ab5a2208efea8756edaeb140_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4ab71583de0ec8633dff7224bcd36535be1e1400ab5a2208efea8756edaeb140_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4ab71583de0ec8633dff7224bcd36535be1e1400ab5a2208efea8756edaeb140_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4ab71583de0ec8633dff7224bcd36535be1e1400ab5a2208efea8756edaeb140_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4ab71583de0ec8633dff7224bcd36535be1e1400ab5a2208efea8756edaeb140_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4ab71583de0ec8633dff7224bcd36535be1e1400ab5a2208efea8756edaeb140_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4ab71583de0ec8633dff7224bcd36535be1e1400ab5a2208efea8756edaeb140_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4ab71583de0ec8633dff7224bcd36535be1e1400ab5a2208efea8756edaeb140_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4ab71583de0ec8633dff7224bcd36535be1e1400ab5a2208efea8756edaeb140_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4ab71583de0ec8633dff7224bcd36535be1e1400ab5a2208efea8756edaeb140_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4ab71583de0ec8633dff7224bcd36535be1e1400ab5a2208efea8756edaeb140_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4ab71583de0ec8633dff7224bcd36535be1e1400ab5a2208efea8756edaeb140_NeikiAnalytics.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\System\ujYQaPe.exe C:\Users\Admin\AppData\Local\Temp\4ab71583de0ec8633dff7224bcd36535be1e1400ab5a2208efea8756edaeb140_NeikiAnalytics.exe N/A
File created C:\Windows\System\RhIYdqU.exe C:\Users\Admin\AppData\Local\Temp\4ab71583de0ec8633dff7224bcd36535be1e1400ab5a2208efea8756edaeb140_NeikiAnalytics.exe N/A
File created C:\Windows\System\tJZaTms.exe C:\Users\Admin\AppData\Local\Temp\4ab71583de0ec8633dff7224bcd36535be1e1400ab5a2208efea8756edaeb140_NeikiAnalytics.exe N/A
File created C:\Windows\System\aoobGzk.exe C:\Users\Admin\AppData\Local\Temp\4ab71583de0ec8633dff7224bcd36535be1e1400ab5a2208efea8756edaeb140_NeikiAnalytics.exe N/A
File created C:\Windows\System\myVhgQX.exe C:\Users\Admin\AppData\Local\Temp\4ab71583de0ec8633dff7224bcd36535be1e1400ab5a2208efea8756edaeb140_NeikiAnalytics.exe N/A
File created C:\Windows\System\DRfoGhz.exe C:\Users\Admin\AppData\Local\Temp\4ab71583de0ec8633dff7224bcd36535be1e1400ab5a2208efea8756edaeb140_NeikiAnalytics.exe N/A
File created C:\Windows\System\MbmhDqa.exe C:\Users\Admin\AppData\Local\Temp\4ab71583de0ec8633dff7224bcd36535be1e1400ab5a2208efea8756edaeb140_NeikiAnalytics.exe N/A
File created C:\Windows\System\GXqUUGs.exe C:\Users\Admin\AppData\Local\Temp\4ab71583de0ec8633dff7224bcd36535be1e1400ab5a2208efea8756edaeb140_NeikiAnalytics.exe N/A
File created C:\Windows\System\MmNxyIG.exe C:\Users\Admin\AppData\Local\Temp\4ab71583de0ec8633dff7224bcd36535be1e1400ab5a2208efea8756edaeb140_NeikiAnalytics.exe N/A
File created C:\Windows\System\UEJKbjw.exe C:\Users\Admin\AppData\Local\Temp\4ab71583de0ec8633dff7224bcd36535be1e1400ab5a2208efea8756edaeb140_NeikiAnalytics.exe N/A
File created C:\Windows\System\GfdkZLa.exe C:\Users\Admin\AppData\Local\Temp\4ab71583de0ec8633dff7224bcd36535be1e1400ab5a2208efea8756edaeb140_NeikiAnalytics.exe N/A
File created C:\Windows\System\fifYsKv.exe C:\Users\Admin\AppData\Local\Temp\4ab71583de0ec8633dff7224bcd36535be1e1400ab5a2208efea8756edaeb140_NeikiAnalytics.exe N/A
File created C:\Windows\System\XPgKqKW.exe C:\Users\Admin\AppData\Local\Temp\4ab71583de0ec8633dff7224bcd36535be1e1400ab5a2208efea8756edaeb140_NeikiAnalytics.exe N/A
File created C:\Windows\System\UFOZYhW.exe C:\Users\Admin\AppData\Local\Temp\4ab71583de0ec8633dff7224bcd36535be1e1400ab5a2208efea8756edaeb140_NeikiAnalytics.exe N/A
File created C:\Windows\System\bcqIlAn.exe C:\Users\Admin\AppData\Local\Temp\4ab71583de0ec8633dff7224bcd36535be1e1400ab5a2208efea8756edaeb140_NeikiAnalytics.exe N/A
File created C:\Windows\System\VOYoTxb.exe C:\Users\Admin\AppData\Local\Temp\4ab71583de0ec8633dff7224bcd36535be1e1400ab5a2208efea8756edaeb140_NeikiAnalytics.exe N/A
File created C:\Windows\System\wQNGBZJ.exe C:\Users\Admin\AppData\Local\Temp\4ab71583de0ec8633dff7224bcd36535be1e1400ab5a2208efea8756edaeb140_NeikiAnalytics.exe N/A
File created C:\Windows\System\uCmvYUf.exe C:\Users\Admin\AppData\Local\Temp\4ab71583de0ec8633dff7224bcd36535be1e1400ab5a2208efea8756edaeb140_NeikiAnalytics.exe N/A
File created C:\Windows\System\WhmToVf.exe C:\Users\Admin\AppData\Local\Temp\4ab71583de0ec8633dff7224bcd36535be1e1400ab5a2208efea8756edaeb140_NeikiAnalytics.exe N/A
File created C:\Windows\System\yhmBwxD.exe C:\Users\Admin\AppData\Local\Temp\4ab71583de0ec8633dff7224bcd36535be1e1400ab5a2208efea8756edaeb140_NeikiAnalytics.exe N/A
File created C:\Windows\System\cpEWGKE.exe C:\Users\Admin\AppData\Local\Temp\4ab71583de0ec8633dff7224bcd36535be1e1400ab5a2208efea8756edaeb140_NeikiAnalytics.exe N/A
File created C:\Windows\System\XPbttYo.exe C:\Users\Admin\AppData\Local\Temp\4ab71583de0ec8633dff7224bcd36535be1e1400ab5a2208efea8756edaeb140_NeikiAnalytics.exe N/A
File created C:\Windows\System\WITzAbX.exe C:\Users\Admin\AppData\Local\Temp\4ab71583de0ec8633dff7224bcd36535be1e1400ab5a2208efea8756edaeb140_NeikiAnalytics.exe N/A
File created C:\Windows\System\FcTknfq.exe C:\Users\Admin\AppData\Local\Temp\4ab71583de0ec8633dff7224bcd36535be1e1400ab5a2208efea8756edaeb140_NeikiAnalytics.exe N/A
File created C:\Windows\System\DHYMwNI.exe C:\Users\Admin\AppData\Local\Temp\4ab71583de0ec8633dff7224bcd36535be1e1400ab5a2208efea8756edaeb140_NeikiAnalytics.exe N/A
File created C:\Windows\System\ODSQUyy.exe C:\Users\Admin\AppData\Local\Temp\4ab71583de0ec8633dff7224bcd36535be1e1400ab5a2208efea8756edaeb140_NeikiAnalytics.exe N/A
File created C:\Windows\System\nxkVTcq.exe C:\Users\Admin\AppData\Local\Temp\4ab71583de0ec8633dff7224bcd36535be1e1400ab5a2208efea8756edaeb140_NeikiAnalytics.exe N/A
File created C:\Windows\System\SATKZjw.exe C:\Users\Admin\AppData\Local\Temp\4ab71583de0ec8633dff7224bcd36535be1e1400ab5a2208efea8756edaeb140_NeikiAnalytics.exe N/A
File created C:\Windows\System\nXqurLW.exe C:\Users\Admin\AppData\Local\Temp\4ab71583de0ec8633dff7224bcd36535be1e1400ab5a2208efea8756edaeb140_NeikiAnalytics.exe N/A
File created C:\Windows\System\xNTBtsv.exe C:\Users\Admin\AppData\Local\Temp\4ab71583de0ec8633dff7224bcd36535be1e1400ab5a2208efea8756edaeb140_NeikiAnalytics.exe N/A
File created C:\Windows\System\XiFgdmI.exe C:\Users\Admin\AppData\Local\Temp\4ab71583de0ec8633dff7224bcd36535be1e1400ab5a2208efea8756edaeb140_NeikiAnalytics.exe N/A
File created C:\Windows\System\vrVEItX.exe C:\Users\Admin\AppData\Local\Temp\4ab71583de0ec8633dff7224bcd36535be1e1400ab5a2208efea8756edaeb140_NeikiAnalytics.exe N/A
File created C:\Windows\System\mftIRkk.exe C:\Users\Admin\AppData\Local\Temp\4ab71583de0ec8633dff7224bcd36535be1e1400ab5a2208efea8756edaeb140_NeikiAnalytics.exe N/A
File created C:\Windows\System\fDdwiIg.exe C:\Users\Admin\AppData\Local\Temp\4ab71583de0ec8633dff7224bcd36535be1e1400ab5a2208efea8756edaeb140_NeikiAnalytics.exe N/A
File created C:\Windows\System\KzZwlXM.exe C:\Users\Admin\AppData\Local\Temp\4ab71583de0ec8633dff7224bcd36535be1e1400ab5a2208efea8756edaeb140_NeikiAnalytics.exe N/A
File created C:\Windows\System\GlBewzh.exe C:\Users\Admin\AppData\Local\Temp\4ab71583de0ec8633dff7224bcd36535be1e1400ab5a2208efea8756edaeb140_NeikiAnalytics.exe N/A
File created C:\Windows\System\FjhzSmd.exe C:\Users\Admin\AppData\Local\Temp\4ab71583de0ec8633dff7224bcd36535be1e1400ab5a2208efea8756edaeb140_NeikiAnalytics.exe N/A
File created C:\Windows\System\JRUyRAu.exe C:\Users\Admin\AppData\Local\Temp\4ab71583de0ec8633dff7224bcd36535be1e1400ab5a2208efea8756edaeb140_NeikiAnalytics.exe N/A
File created C:\Windows\System\hiurxvw.exe C:\Users\Admin\AppData\Local\Temp\4ab71583de0ec8633dff7224bcd36535be1e1400ab5a2208efea8756edaeb140_NeikiAnalytics.exe N/A
File created C:\Windows\System\YXltWoA.exe C:\Users\Admin\AppData\Local\Temp\4ab71583de0ec8633dff7224bcd36535be1e1400ab5a2208efea8756edaeb140_NeikiAnalytics.exe N/A
File created C:\Windows\System\umecNew.exe C:\Users\Admin\AppData\Local\Temp\4ab71583de0ec8633dff7224bcd36535be1e1400ab5a2208efea8756edaeb140_NeikiAnalytics.exe N/A
File created C:\Windows\System\JXnuRMP.exe C:\Users\Admin\AppData\Local\Temp\4ab71583de0ec8633dff7224bcd36535be1e1400ab5a2208efea8756edaeb140_NeikiAnalytics.exe N/A
File created C:\Windows\System\bYfVQyb.exe C:\Users\Admin\AppData\Local\Temp\4ab71583de0ec8633dff7224bcd36535be1e1400ab5a2208efea8756edaeb140_NeikiAnalytics.exe N/A
File created C:\Windows\System\kHuUWyR.exe C:\Users\Admin\AppData\Local\Temp\4ab71583de0ec8633dff7224bcd36535be1e1400ab5a2208efea8756edaeb140_NeikiAnalytics.exe N/A
File created C:\Windows\System\CdjkqPk.exe C:\Users\Admin\AppData\Local\Temp\4ab71583de0ec8633dff7224bcd36535be1e1400ab5a2208efea8756edaeb140_NeikiAnalytics.exe N/A
File created C:\Windows\System\XVAHqdh.exe C:\Users\Admin\AppData\Local\Temp\4ab71583de0ec8633dff7224bcd36535be1e1400ab5a2208efea8756edaeb140_NeikiAnalytics.exe N/A
File created C:\Windows\System\BahVWsr.exe C:\Users\Admin\AppData\Local\Temp\4ab71583de0ec8633dff7224bcd36535be1e1400ab5a2208efea8756edaeb140_NeikiAnalytics.exe N/A
File created C:\Windows\System\EMlyVDX.exe C:\Users\Admin\AppData\Local\Temp\4ab71583de0ec8633dff7224bcd36535be1e1400ab5a2208efea8756edaeb140_NeikiAnalytics.exe N/A
File created C:\Windows\System\SbiVrKB.exe C:\Users\Admin\AppData\Local\Temp\4ab71583de0ec8633dff7224bcd36535be1e1400ab5a2208efea8756edaeb140_NeikiAnalytics.exe N/A
File created C:\Windows\System\iUlxuNF.exe C:\Users\Admin\AppData\Local\Temp\4ab71583de0ec8633dff7224bcd36535be1e1400ab5a2208efea8756edaeb140_NeikiAnalytics.exe N/A
File created C:\Windows\System\MZbPiPw.exe C:\Users\Admin\AppData\Local\Temp\4ab71583de0ec8633dff7224bcd36535be1e1400ab5a2208efea8756edaeb140_NeikiAnalytics.exe N/A
File created C:\Windows\System\tlWEyVT.exe C:\Users\Admin\AppData\Local\Temp\4ab71583de0ec8633dff7224bcd36535be1e1400ab5a2208efea8756edaeb140_NeikiAnalytics.exe N/A
File created C:\Windows\System\dfSdYrg.exe C:\Users\Admin\AppData\Local\Temp\4ab71583de0ec8633dff7224bcd36535be1e1400ab5a2208efea8756edaeb140_NeikiAnalytics.exe N/A
File created C:\Windows\System\zeMyHov.exe C:\Users\Admin\AppData\Local\Temp\4ab71583de0ec8633dff7224bcd36535be1e1400ab5a2208efea8756edaeb140_NeikiAnalytics.exe N/A
File created C:\Windows\System\FNuhotD.exe C:\Users\Admin\AppData\Local\Temp\4ab71583de0ec8633dff7224bcd36535be1e1400ab5a2208efea8756edaeb140_NeikiAnalytics.exe N/A
File created C:\Windows\System\bPlAiGA.exe C:\Users\Admin\AppData\Local\Temp\4ab71583de0ec8633dff7224bcd36535be1e1400ab5a2208efea8756edaeb140_NeikiAnalytics.exe N/A
File created C:\Windows\System\JrRhBoo.exe C:\Users\Admin\AppData\Local\Temp\4ab71583de0ec8633dff7224bcd36535be1e1400ab5a2208efea8756edaeb140_NeikiAnalytics.exe N/A
File created C:\Windows\System\iWkjsYG.exe C:\Users\Admin\AppData\Local\Temp\4ab71583de0ec8633dff7224bcd36535be1e1400ab5a2208efea8756edaeb140_NeikiAnalytics.exe N/A
File created C:\Windows\System\wAPulJr.exe C:\Users\Admin\AppData\Local\Temp\4ab71583de0ec8633dff7224bcd36535be1e1400ab5a2208efea8756edaeb140_NeikiAnalytics.exe N/A
File created C:\Windows\System\TFLdajZ.exe C:\Users\Admin\AppData\Local\Temp\4ab71583de0ec8633dff7224bcd36535be1e1400ab5a2208efea8756edaeb140_NeikiAnalytics.exe N/A
File created C:\Windows\System\IpwgGAR.exe C:\Users\Admin\AppData\Local\Temp\4ab71583de0ec8633dff7224bcd36535be1e1400ab5a2208efea8756edaeb140_NeikiAnalytics.exe N/A
File created C:\Windows\System\PZKHscf.exe C:\Users\Admin\AppData\Local\Temp\4ab71583de0ec8633dff7224bcd36535be1e1400ab5a2208efea8756edaeb140_NeikiAnalytics.exe N/A
File created C:\Windows\System\qgexhdt.exe C:\Users\Admin\AppData\Local\Temp\4ab71583de0ec8633dff7224bcd36535be1e1400ab5a2208efea8756edaeb140_NeikiAnalytics.exe N/A
File created C:\Windows\System\bDIxqLG.exe C:\Users\Admin\AppData\Local\Temp\4ab71583de0ec8633dff7224bcd36535be1e1400ab5a2208efea8756edaeb140_NeikiAnalytics.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2888 wrote to memory of 1704 N/A C:\Users\Admin\AppData\Local\Temp\4ab71583de0ec8633dff7224bcd36535be1e1400ab5a2208efea8756edaeb140_NeikiAnalytics.exe C:\Windows\System\LPMyoNn.exe
PID 2888 wrote to memory of 1704 N/A C:\Users\Admin\AppData\Local\Temp\4ab71583de0ec8633dff7224bcd36535be1e1400ab5a2208efea8756edaeb140_NeikiAnalytics.exe C:\Windows\System\LPMyoNn.exe
PID 2888 wrote to memory of 1704 N/A C:\Users\Admin\AppData\Local\Temp\4ab71583de0ec8633dff7224bcd36535be1e1400ab5a2208efea8756edaeb140_NeikiAnalytics.exe C:\Windows\System\LPMyoNn.exe
PID 2888 wrote to memory of 2964 N/A C:\Users\Admin\AppData\Local\Temp\4ab71583de0ec8633dff7224bcd36535be1e1400ab5a2208efea8756edaeb140_NeikiAnalytics.exe C:\Windows\System\BozxnAN.exe
PID 2888 wrote to memory of 2964 N/A C:\Users\Admin\AppData\Local\Temp\4ab71583de0ec8633dff7224bcd36535be1e1400ab5a2208efea8756edaeb140_NeikiAnalytics.exe C:\Windows\System\BozxnAN.exe
PID 2888 wrote to memory of 2964 N/A C:\Users\Admin\AppData\Local\Temp\4ab71583de0ec8633dff7224bcd36535be1e1400ab5a2208efea8756edaeb140_NeikiAnalytics.exe C:\Windows\System\BozxnAN.exe
PID 2888 wrote to memory of 3032 N/A C:\Users\Admin\AppData\Local\Temp\4ab71583de0ec8633dff7224bcd36535be1e1400ab5a2208efea8756edaeb140_NeikiAnalytics.exe C:\Windows\System\uHSDrIr.exe
PID 2888 wrote to memory of 3032 N/A C:\Users\Admin\AppData\Local\Temp\4ab71583de0ec8633dff7224bcd36535be1e1400ab5a2208efea8756edaeb140_NeikiAnalytics.exe C:\Windows\System\uHSDrIr.exe
PID 2888 wrote to memory of 3032 N/A C:\Users\Admin\AppData\Local\Temp\4ab71583de0ec8633dff7224bcd36535be1e1400ab5a2208efea8756edaeb140_NeikiAnalytics.exe C:\Windows\System\uHSDrIr.exe
PID 2888 wrote to memory of 2156 N/A C:\Users\Admin\AppData\Local\Temp\4ab71583de0ec8633dff7224bcd36535be1e1400ab5a2208efea8756edaeb140_NeikiAnalytics.exe C:\Windows\System\xaqvJTj.exe
PID 2888 wrote to memory of 2156 N/A C:\Users\Admin\AppData\Local\Temp\4ab71583de0ec8633dff7224bcd36535be1e1400ab5a2208efea8756edaeb140_NeikiAnalytics.exe C:\Windows\System\xaqvJTj.exe
PID 2888 wrote to memory of 2156 N/A C:\Users\Admin\AppData\Local\Temp\4ab71583de0ec8633dff7224bcd36535be1e1400ab5a2208efea8756edaeb140_NeikiAnalytics.exe C:\Windows\System\xaqvJTj.exe
PID 2888 wrote to memory of 2616 N/A C:\Users\Admin\AppData\Local\Temp\4ab71583de0ec8633dff7224bcd36535be1e1400ab5a2208efea8756edaeb140_NeikiAnalytics.exe C:\Windows\System\rLckIMT.exe
PID 2888 wrote to memory of 2616 N/A C:\Users\Admin\AppData\Local\Temp\4ab71583de0ec8633dff7224bcd36535be1e1400ab5a2208efea8756edaeb140_NeikiAnalytics.exe C:\Windows\System\rLckIMT.exe
PID 2888 wrote to memory of 2616 N/A C:\Users\Admin\AppData\Local\Temp\4ab71583de0ec8633dff7224bcd36535be1e1400ab5a2208efea8756edaeb140_NeikiAnalytics.exe C:\Windows\System\rLckIMT.exe
PID 2888 wrote to memory of 2704 N/A C:\Users\Admin\AppData\Local\Temp\4ab71583de0ec8633dff7224bcd36535be1e1400ab5a2208efea8756edaeb140_NeikiAnalytics.exe C:\Windows\System\TFLdajZ.exe
PID 2888 wrote to memory of 2704 N/A C:\Users\Admin\AppData\Local\Temp\4ab71583de0ec8633dff7224bcd36535be1e1400ab5a2208efea8756edaeb140_NeikiAnalytics.exe C:\Windows\System\TFLdajZ.exe
PID 2888 wrote to memory of 2704 N/A C:\Users\Admin\AppData\Local\Temp\4ab71583de0ec8633dff7224bcd36535be1e1400ab5a2208efea8756edaeb140_NeikiAnalytics.exe C:\Windows\System\TFLdajZ.exe
PID 2888 wrote to memory of 2720 N/A C:\Users\Admin\AppData\Local\Temp\4ab71583de0ec8633dff7224bcd36535be1e1400ab5a2208efea8756edaeb140_NeikiAnalytics.exe C:\Windows\System\epVbamv.exe
PID 2888 wrote to memory of 2720 N/A C:\Users\Admin\AppData\Local\Temp\4ab71583de0ec8633dff7224bcd36535be1e1400ab5a2208efea8756edaeb140_NeikiAnalytics.exe C:\Windows\System\epVbamv.exe
PID 2888 wrote to memory of 2720 N/A C:\Users\Admin\AppData\Local\Temp\4ab71583de0ec8633dff7224bcd36535be1e1400ab5a2208efea8756edaeb140_NeikiAnalytics.exe C:\Windows\System\epVbamv.exe
PID 2888 wrote to memory of 2600 N/A C:\Users\Admin\AppData\Local\Temp\4ab71583de0ec8633dff7224bcd36535be1e1400ab5a2208efea8756edaeb140_NeikiAnalytics.exe C:\Windows\System\qbRbvXa.exe
PID 2888 wrote to memory of 2600 N/A C:\Users\Admin\AppData\Local\Temp\4ab71583de0ec8633dff7224bcd36535be1e1400ab5a2208efea8756edaeb140_NeikiAnalytics.exe C:\Windows\System\qbRbvXa.exe
PID 2888 wrote to memory of 2600 N/A C:\Users\Admin\AppData\Local\Temp\4ab71583de0ec8633dff7224bcd36535be1e1400ab5a2208efea8756edaeb140_NeikiAnalytics.exe C:\Windows\System\qbRbvXa.exe
PID 2888 wrote to memory of 2756 N/A C:\Users\Admin\AppData\Local\Temp\4ab71583de0ec8633dff7224bcd36535be1e1400ab5a2208efea8756edaeb140_NeikiAnalytics.exe C:\Windows\System\NRKgocy.exe
PID 2888 wrote to memory of 2756 N/A C:\Users\Admin\AppData\Local\Temp\4ab71583de0ec8633dff7224bcd36535be1e1400ab5a2208efea8756edaeb140_NeikiAnalytics.exe C:\Windows\System\NRKgocy.exe
PID 2888 wrote to memory of 2756 N/A C:\Users\Admin\AppData\Local\Temp\4ab71583de0ec8633dff7224bcd36535be1e1400ab5a2208efea8756edaeb140_NeikiAnalytics.exe C:\Windows\System\NRKgocy.exe
PID 2888 wrote to memory of 2764 N/A C:\Users\Admin\AppData\Local\Temp\4ab71583de0ec8633dff7224bcd36535be1e1400ab5a2208efea8756edaeb140_NeikiAnalytics.exe C:\Windows\System\yhmBwxD.exe
PID 2888 wrote to memory of 2764 N/A C:\Users\Admin\AppData\Local\Temp\4ab71583de0ec8633dff7224bcd36535be1e1400ab5a2208efea8756edaeb140_NeikiAnalytics.exe C:\Windows\System\yhmBwxD.exe
PID 2888 wrote to memory of 2764 N/A C:\Users\Admin\AppData\Local\Temp\4ab71583de0ec8633dff7224bcd36535be1e1400ab5a2208efea8756edaeb140_NeikiAnalytics.exe C:\Windows\System\yhmBwxD.exe
PID 2888 wrote to memory of 2788 N/A C:\Users\Admin\AppData\Local\Temp\4ab71583de0ec8633dff7224bcd36535be1e1400ab5a2208efea8756edaeb140_NeikiAnalytics.exe C:\Windows\System\BNyjOHt.exe
PID 2888 wrote to memory of 2788 N/A C:\Users\Admin\AppData\Local\Temp\4ab71583de0ec8633dff7224bcd36535be1e1400ab5a2208efea8756edaeb140_NeikiAnalytics.exe C:\Windows\System\BNyjOHt.exe
PID 2888 wrote to memory of 2788 N/A C:\Users\Admin\AppData\Local\Temp\4ab71583de0ec8633dff7224bcd36535be1e1400ab5a2208efea8756edaeb140_NeikiAnalytics.exe C:\Windows\System\BNyjOHt.exe
PID 2888 wrote to memory of 2540 N/A C:\Users\Admin\AppData\Local\Temp\4ab71583de0ec8633dff7224bcd36535be1e1400ab5a2208efea8756edaeb140_NeikiAnalytics.exe C:\Windows\System\BviFnzU.exe
PID 2888 wrote to memory of 2540 N/A C:\Users\Admin\AppData\Local\Temp\4ab71583de0ec8633dff7224bcd36535be1e1400ab5a2208efea8756edaeb140_NeikiAnalytics.exe C:\Windows\System\BviFnzU.exe
PID 2888 wrote to memory of 2540 N/A C:\Users\Admin\AppData\Local\Temp\4ab71583de0ec8633dff7224bcd36535be1e1400ab5a2208efea8756edaeb140_NeikiAnalytics.exe C:\Windows\System\BviFnzU.exe
PID 2888 wrote to memory of 2920 N/A C:\Users\Admin\AppData\Local\Temp\4ab71583de0ec8633dff7224bcd36535be1e1400ab5a2208efea8756edaeb140_NeikiAnalytics.exe C:\Windows\System\asQZYvp.exe
PID 2888 wrote to memory of 2920 N/A C:\Users\Admin\AppData\Local\Temp\4ab71583de0ec8633dff7224bcd36535be1e1400ab5a2208efea8756edaeb140_NeikiAnalytics.exe C:\Windows\System\asQZYvp.exe
PID 2888 wrote to memory of 2920 N/A C:\Users\Admin\AppData\Local\Temp\4ab71583de0ec8633dff7224bcd36535be1e1400ab5a2208efea8756edaeb140_NeikiAnalytics.exe C:\Windows\System\asQZYvp.exe
PID 2888 wrote to memory of 1992 N/A C:\Users\Admin\AppData\Local\Temp\4ab71583de0ec8633dff7224bcd36535be1e1400ab5a2208efea8756edaeb140_NeikiAnalytics.exe C:\Windows\System\Rkzmnbt.exe
PID 2888 wrote to memory of 1992 N/A C:\Users\Admin\AppData\Local\Temp\4ab71583de0ec8633dff7224bcd36535be1e1400ab5a2208efea8756edaeb140_NeikiAnalytics.exe C:\Windows\System\Rkzmnbt.exe
PID 2888 wrote to memory of 1992 N/A C:\Users\Admin\AppData\Local\Temp\4ab71583de0ec8633dff7224bcd36535be1e1400ab5a2208efea8756edaeb140_NeikiAnalytics.exe C:\Windows\System\Rkzmnbt.exe
PID 2888 wrote to memory of 2044 N/A C:\Users\Admin\AppData\Local\Temp\4ab71583de0ec8633dff7224bcd36535be1e1400ab5a2208efea8756edaeb140_NeikiAnalytics.exe C:\Windows\System\SqBnWuL.exe
PID 2888 wrote to memory of 2044 N/A C:\Users\Admin\AppData\Local\Temp\4ab71583de0ec8633dff7224bcd36535be1e1400ab5a2208efea8756edaeb140_NeikiAnalytics.exe C:\Windows\System\SqBnWuL.exe
PID 2888 wrote to memory of 2044 N/A C:\Users\Admin\AppData\Local\Temp\4ab71583de0ec8633dff7224bcd36535be1e1400ab5a2208efea8756edaeb140_NeikiAnalytics.exe C:\Windows\System\SqBnWuL.exe
PID 2888 wrote to memory of 1928 N/A C:\Users\Admin\AppData\Local\Temp\4ab71583de0ec8633dff7224bcd36535be1e1400ab5a2208efea8756edaeb140_NeikiAnalytics.exe C:\Windows\System\KzZwlXM.exe
PID 2888 wrote to memory of 1928 N/A C:\Users\Admin\AppData\Local\Temp\4ab71583de0ec8633dff7224bcd36535be1e1400ab5a2208efea8756edaeb140_NeikiAnalytics.exe C:\Windows\System\KzZwlXM.exe
PID 2888 wrote to memory of 1928 N/A C:\Users\Admin\AppData\Local\Temp\4ab71583de0ec8633dff7224bcd36535be1e1400ab5a2208efea8756edaeb140_NeikiAnalytics.exe C:\Windows\System\KzZwlXM.exe
PID 2888 wrote to memory of 1832 N/A C:\Users\Admin\AppData\Local\Temp\4ab71583de0ec8633dff7224bcd36535be1e1400ab5a2208efea8756edaeb140_NeikiAnalytics.exe C:\Windows\System\zXJJiNS.exe
PID 2888 wrote to memory of 1832 N/A C:\Users\Admin\AppData\Local\Temp\4ab71583de0ec8633dff7224bcd36535be1e1400ab5a2208efea8756edaeb140_NeikiAnalytics.exe C:\Windows\System\zXJJiNS.exe
PID 2888 wrote to memory of 1832 N/A C:\Users\Admin\AppData\Local\Temp\4ab71583de0ec8633dff7224bcd36535be1e1400ab5a2208efea8756edaeb140_NeikiAnalytics.exe C:\Windows\System\zXJJiNS.exe
PID 2888 wrote to memory of 1068 N/A C:\Users\Admin\AppData\Local\Temp\4ab71583de0ec8633dff7224bcd36535be1e1400ab5a2208efea8756edaeb140_NeikiAnalytics.exe C:\Windows\System\QUXErqv.exe
PID 2888 wrote to memory of 1068 N/A C:\Users\Admin\AppData\Local\Temp\4ab71583de0ec8633dff7224bcd36535be1e1400ab5a2208efea8756edaeb140_NeikiAnalytics.exe C:\Windows\System\QUXErqv.exe
PID 2888 wrote to memory of 1068 N/A C:\Users\Admin\AppData\Local\Temp\4ab71583de0ec8633dff7224bcd36535be1e1400ab5a2208efea8756edaeb140_NeikiAnalytics.exe C:\Windows\System\QUXErqv.exe
PID 2888 wrote to memory of 2420 N/A C:\Users\Admin\AppData\Local\Temp\4ab71583de0ec8633dff7224bcd36535be1e1400ab5a2208efea8756edaeb140_NeikiAnalytics.exe C:\Windows\System\PTQwzfB.exe
PID 2888 wrote to memory of 2420 N/A C:\Users\Admin\AppData\Local\Temp\4ab71583de0ec8633dff7224bcd36535be1e1400ab5a2208efea8756edaeb140_NeikiAnalytics.exe C:\Windows\System\PTQwzfB.exe
PID 2888 wrote to memory of 2420 N/A C:\Users\Admin\AppData\Local\Temp\4ab71583de0ec8633dff7224bcd36535be1e1400ab5a2208efea8756edaeb140_NeikiAnalytics.exe C:\Windows\System\PTQwzfB.exe
PID 2888 wrote to memory of 1796 N/A C:\Users\Admin\AppData\Local\Temp\4ab71583de0ec8633dff7224bcd36535be1e1400ab5a2208efea8756edaeb140_NeikiAnalytics.exe C:\Windows\System\nxkVTcq.exe
PID 2888 wrote to memory of 1796 N/A C:\Users\Admin\AppData\Local\Temp\4ab71583de0ec8633dff7224bcd36535be1e1400ab5a2208efea8756edaeb140_NeikiAnalytics.exe C:\Windows\System\nxkVTcq.exe
PID 2888 wrote to memory of 1796 N/A C:\Users\Admin\AppData\Local\Temp\4ab71583de0ec8633dff7224bcd36535be1e1400ab5a2208efea8756edaeb140_NeikiAnalytics.exe C:\Windows\System\nxkVTcq.exe
PID 2888 wrote to memory of 1112 N/A C:\Users\Admin\AppData\Local\Temp\4ab71583de0ec8633dff7224bcd36535be1e1400ab5a2208efea8756edaeb140_NeikiAnalytics.exe C:\Windows\System\DFmRTku.exe
PID 2888 wrote to memory of 1112 N/A C:\Users\Admin\AppData\Local\Temp\4ab71583de0ec8633dff7224bcd36535be1e1400ab5a2208efea8756edaeb140_NeikiAnalytics.exe C:\Windows\System\DFmRTku.exe
PID 2888 wrote to memory of 1112 N/A C:\Users\Admin\AppData\Local\Temp\4ab71583de0ec8633dff7224bcd36535be1e1400ab5a2208efea8756edaeb140_NeikiAnalytics.exe C:\Windows\System\DFmRTku.exe
PID 2888 wrote to memory of 1780 N/A C:\Users\Admin\AppData\Local\Temp\4ab71583de0ec8633dff7224bcd36535be1e1400ab5a2208efea8756edaeb140_NeikiAnalytics.exe C:\Windows\System\mMaTJSL.exe

Processes

C:\Users\Admin\AppData\Local\Temp\4ab71583de0ec8633dff7224bcd36535be1e1400ab5a2208efea8756edaeb140_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\4ab71583de0ec8633dff7224bcd36535be1e1400ab5a2208efea8756edaeb140_NeikiAnalytics.exe"

C:\Windows\System\LPMyoNn.exe

C:\Windows\System\LPMyoNn.exe

C:\Windows\System\BozxnAN.exe

C:\Windows\System\BozxnAN.exe

C:\Windows\System\uHSDrIr.exe

C:\Windows\System\uHSDrIr.exe

C:\Windows\System\xaqvJTj.exe

C:\Windows\System\xaqvJTj.exe

C:\Windows\System\rLckIMT.exe

C:\Windows\System\rLckIMT.exe

C:\Windows\System\TFLdajZ.exe

C:\Windows\System\TFLdajZ.exe

C:\Windows\System\epVbamv.exe

C:\Windows\System\epVbamv.exe

C:\Windows\System\qbRbvXa.exe

C:\Windows\System\qbRbvXa.exe

C:\Windows\System\NRKgocy.exe

C:\Windows\System\NRKgocy.exe

C:\Windows\System\yhmBwxD.exe

C:\Windows\System\yhmBwxD.exe

C:\Windows\System\BNyjOHt.exe

C:\Windows\System\BNyjOHt.exe

C:\Windows\System\BviFnzU.exe

C:\Windows\System\BviFnzU.exe

C:\Windows\System\asQZYvp.exe

C:\Windows\System\asQZYvp.exe

C:\Windows\System\Rkzmnbt.exe

C:\Windows\System\Rkzmnbt.exe

C:\Windows\System\SqBnWuL.exe

C:\Windows\System\SqBnWuL.exe

C:\Windows\System\KzZwlXM.exe

C:\Windows\System\KzZwlXM.exe

C:\Windows\System\zXJJiNS.exe

C:\Windows\System\zXJJiNS.exe

C:\Windows\System\QUXErqv.exe

C:\Windows\System\QUXErqv.exe

C:\Windows\System\PTQwzfB.exe

C:\Windows\System\PTQwzfB.exe

C:\Windows\System\nxkVTcq.exe

C:\Windows\System\nxkVTcq.exe

C:\Windows\System\DFmRTku.exe

C:\Windows\System\DFmRTku.exe

C:\Windows\System\mMaTJSL.exe

C:\Windows\System\mMaTJSL.exe

C:\Windows\System\oQsfkdt.exe

C:\Windows\System\oQsfkdt.exe

C:\Windows\System\kzkYLZL.exe

C:\Windows\System\kzkYLZL.exe

C:\Windows\System\JRUyRAu.exe

C:\Windows\System\JRUyRAu.exe

C:\Windows\System\pdDByzk.exe

C:\Windows\System\pdDByzk.exe

C:\Windows\System\XVAHqdh.exe

C:\Windows\System\XVAHqdh.exe

C:\Windows\System\DQdSuUz.exe

C:\Windows\System\DQdSuUz.exe

C:\Windows\System\eKbRNWJ.exe

C:\Windows\System\eKbRNWJ.exe

C:\Windows\System\SATKZjw.exe

C:\Windows\System\SATKZjw.exe

C:\Windows\System\gmucjmk.exe

C:\Windows\System\gmucjmk.exe

C:\Windows\System\BOAfykM.exe

C:\Windows\System\BOAfykM.exe

C:\Windows\System\CcsblTG.exe

C:\Windows\System\CcsblTG.exe

C:\Windows\System\ojwZmdT.exe

C:\Windows\System\ojwZmdT.exe

C:\Windows\System\loeHDab.exe

C:\Windows\System\loeHDab.exe

C:\Windows\System\IbbGHOR.exe

C:\Windows\System\IbbGHOR.exe

C:\Windows\System\YTamqeE.exe

C:\Windows\System\YTamqeE.exe

C:\Windows\System\XiFgdmI.exe

C:\Windows\System\XiFgdmI.exe

C:\Windows\System\VnawNOE.exe

C:\Windows\System\VnawNOE.exe

C:\Windows\System\vKYEVmx.exe

C:\Windows\System\vKYEVmx.exe

C:\Windows\System\khpklNq.exe

C:\Windows\System\khpklNq.exe

C:\Windows\System\qTjIxPN.exe

C:\Windows\System\qTjIxPN.exe

C:\Windows\System\oWRxxeO.exe

C:\Windows\System\oWRxxeO.exe

C:\Windows\System\FIYFZJE.exe

C:\Windows\System\FIYFZJE.exe

C:\Windows\System\rJYwRww.exe

C:\Windows\System\rJYwRww.exe

C:\Windows\System\PUWXpAW.exe

C:\Windows\System\PUWXpAW.exe

C:\Windows\System\LuPQHri.exe

C:\Windows\System\LuPQHri.exe

C:\Windows\System\MJDsqsJ.exe

C:\Windows\System\MJDsqsJ.exe

C:\Windows\System\vefewNW.exe

C:\Windows\System\vefewNW.exe

C:\Windows\System\lFsENUn.exe

C:\Windows\System\lFsENUn.exe

C:\Windows\System\FjhVuWY.exe

C:\Windows\System\FjhVuWY.exe

C:\Windows\System\yRYIkMF.exe

C:\Windows\System\yRYIkMF.exe

C:\Windows\System\TWgPRCG.exe

C:\Windows\System\TWgPRCG.exe

C:\Windows\System\YINhbmW.exe

C:\Windows\System\YINhbmW.exe

C:\Windows\System\jxWwgPU.exe

C:\Windows\System\jxWwgPU.exe

C:\Windows\System\XqnafFE.exe

C:\Windows\System\XqnafFE.exe

C:\Windows\System\aJBgFdD.exe

C:\Windows\System\aJBgFdD.exe

C:\Windows\System\snxLqQU.exe

C:\Windows\System\snxLqQU.exe

C:\Windows\System\NGWksHp.exe

C:\Windows\System\NGWksHp.exe

C:\Windows\System\tuZYTNT.exe

C:\Windows\System\tuZYTNT.exe

C:\Windows\System\RJLwhci.exe

C:\Windows\System\RJLwhci.exe

C:\Windows\System\kmhXYxU.exe

C:\Windows\System\kmhXYxU.exe

C:\Windows\System\LjuJnce.exe

C:\Windows\System\LjuJnce.exe

C:\Windows\System\XqvUaRh.exe

C:\Windows\System\XqvUaRh.exe

C:\Windows\System\lmJgzCi.exe

C:\Windows\System\lmJgzCi.exe

C:\Windows\System\JuaKSVO.exe

C:\Windows\System\JuaKSVO.exe

C:\Windows\System\pCHEhGw.exe

C:\Windows\System\pCHEhGw.exe

C:\Windows\System\tyAwigE.exe

C:\Windows\System\tyAwigE.exe

C:\Windows\System\ghqaBqp.exe

C:\Windows\System\ghqaBqp.exe

C:\Windows\System\oOLWmsI.exe

C:\Windows\System\oOLWmsI.exe

C:\Windows\System\raaUxtE.exe

C:\Windows\System\raaUxtE.exe

C:\Windows\System\TxleWin.exe

C:\Windows\System\TxleWin.exe

C:\Windows\System\JfWxgvX.exe

C:\Windows\System\JfWxgvX.exe

C:\Windows\System\shXZuwd.exe

C:\Windows\System\shXZuwd.exe

C:\Windows\System\DBOLciT.exe

C:\Windows\System\DBOLciT.exe

C:\Windows\System\IFRArVE.exe

C:\Windows\System\IFRArVE.exe

C:\Windows\System\myVhgQX.exe

C:\Windows\System\myVhgQX.exe

C:\Windows\System\uuddZNB.exe

C:\Windows\System\uuddZNB.exe

C:\Windows\System\PNTABtU.exe

C:\Windows\System\PNTABtU.exe

C:\Windows\System\gNuYqBl.exe

C:\Windows\System\gNuYqBl.exe

C:\Windows\System\OUXArLg.exe

C:\Windows\System\OUXArLg.exe

C:\Windows\System\qnIIqKv.exe

C:\Windows\System\qnIIqKv.exe

C:\Windows\System\fNpPuya.exe

C:\Windows\System\fNpPuya.exe

C:\Windows\System\nNexJbz.exe

C:\Windows\System\nNexJbz.exe

C:\Windows\System\JrRhBoo.exe

C:\Windows\System\JrRhBoo.exe

C:\Windows\System\dfSdYrg.exe

C:\Windows\System\dfSdYrg.exe

C:\Windows\System\cpEWGKE.exe

C:\Windows\System\cpEWGKE.exe

C:\Windows\System\DBGuxbK.exe

C:\Windows\System\DBGuxbK.exe

C:\Windows\System\beKAhxu.exe

C:\Windows\System\beKAhxu.exe

C:\Windows\System\jDTtrWx.exe

C:\Windows\System\jDTtrWx.exe

C:\Windows\System\xcjTsEP.exe

C:\Windows\System\xcjTsEP.exe

C:\Windows\System\paqCKgp.exe

C:\Windows\System\paqCKgp.exe

C:\Windows\System\PBhogjR.exe

C:\Windows\System\PBhogjR.exe

C:\Windows\System\iGqOPeH.exe

C:\Windows\System\iGqOPeH.exe

C:\Windows\System\aOemMiC.exe

C:\Windows\System\aOemMiC.exe

C:\Windows\System\IceysId.exe

C:\Windows\System\IceysId.exe

C:\Windows\System\BahVWsr.exe

C:\Windows\System\BahVWsr.exe

C:\Windows\System\EMlyVDX.exe

C:\Windows\System\EMlyVDX.exe

C:\Windows\System\bftUFYG.exe

C:\Windows\System\bftUFYG.exe

C:\Windows\System\aaiabBr.exe

C:\Windows\System\aaiabBr.exe

C:\Windows\System\aCXCdOW.exe

C:\Windows\System\aCXCdOW.exe

C:\Windows\System\imoIlCJ.exe

C:\Windows\System\imoIlCJ.exe

C:\Windows\System\hiurxvw.exe

C:\Windows\System\hiurxvw.exe

C:\Windows\System\CjdIEyc.exe

C:\Windows\System\CjdIEyc.exe

C:\Windows\System\XPgKqKW.exe

C:\Windows\System\XPgKqKW.exe

C:\Windows\System\pdsmpIf.exe

C:\Windows\System\pdsmpIf.exe

C:\Windows\System\XMovNTB.exe

C:\Windows\System\XMovNTB.exe

C:\Windows\System\YXltWoA.exe

C:\Windows\System\YXltWoA.exe

C:\Windows\System\umecNew.exe

C:\Windows\System\umecNew.exe

C:\Windows\System\EbiTQPJ.exe

C:\Windows\System\EbiTQPJ.exe

C:\Windows\System\xbeRFKc.exe

C:\Windows\System\xbeRFKc.exe

C:\Windows\System\zMnbVJm.exe

C:\Windows\System\zMnbVJm.exe

C:\Windows\System\RuJQguc.exe

C:\Windows\System\RuJQguc.exe

C:\Windows\System\nzDMDxt.exe

C:\Windows\System\nzDMDxt.exe

C:\Windows\System\ocLkVqH.exe

C:\Windows\System\ocLkVqH.exe

C:\Windows\System\PAVwpXb.exe

C:\Windows\System\PAVwpXb.exe

C:\Windows\System\qgexhdt.exe

C:\Windows\System\qgexhdt.exe

C:\Windows\System\VpqmVvp.exe

C:\Windows\System\VpqmVvp.exe

C:\Windows\System\fvvYfKr.exe

C:\Windows\System\fvvYfKr.exe

C:\Windows\System\xwKNNoe.exe

C:\Windows\System\xwKNNoe.exe

C:\Windows\System\APqbaTe.exe

C:\Windows\System\APqbaTe.exe

C:\Windows\System\qmsFByp.exe

C:\Windows\System\qmsFByp.exe

C:\Windows\System\zeMyHov.exe

C:\Windows\System\zeMyHov.exe

C:\Windows\System\XYohIbV.exe

C:\Windows\System\XYohIbV.exe

C:\Windows\System\pzWnHaE.exe

C:\Windows\System\pzWnHaE.exe

C:\Windows\System\cpLkKui.exe

C:\Windows\System\cpLkKui.exe

C:\Windows\System\nXqurLW.exe

C:\Windows\System\nXqurLW.exe

C:\Windows\System\DYMsDYq.exe

C:\Windows\System\DYMsDYq.exe

C:\Windows\System\SbiVrKB.exe

C:\Windows\System\SbiVrKB.exe

C:\Windows\System\fHovqrF.exe

C:\Windows\System\fHovqrF.exe

C:\Windows\System\WgzCnNe.exe

C:\Windows\System\WgzCnNe.exe

C:\Windows\System\YTnwVbP.exe

C:\Windows\System\YTnwVbP.exe

C:\Windows\System\DRfoGhz.exe

C:\Windows\System\DRfoGhz.exe

C:\Windows\System\JXnuRMP.exe

C:\Windows\System\JXnuRMP.exe

C:\Windows\System\XxIAmwA.exe

C:\Windows\System\XxIAmwA.exe

C:\Windows\System\Rqbypex.exe

C:\Windows\System\Rqbypex.exe

C:\Windows\System\oSXQKdH.exe

C:\Windows\System\oSXQKdH.exe

C:\Windows\System\MpHePAz.exe

C:\Windows\System\MpHePAz.exe

C:\Windows\System\vVNEOmS.exe

C:\Windows\System\vVNEOmS.exe

C:\Windows\System\PQUtxuv.exe

C:\Windows\System\PQUtxuv.exe

C:\Windows\System\bfUFzbe.exe

C:\Windows\System\bfUFzbe.exe

C:\Windows\System\oWDVpiI.exe

C:\Windows\System\oWDVpiI.exe

C:\Windows\System\rAWHZwf.exe

C:\Windows\System\rAWHZwf.exe

C:\Windows\System\EVuAuUW.exe

C:\Windows\System\EVuAuUW.exe

C:\Windows\System\GvSRdzY.exe

C:\Windows\System\GvSRdzY.exe

C:\Windows\System\XRgwson.exe

C:\Windows\System\XRgwson.exe

C:\Windows\System\QSwdMyc.exe

C:\Windows\System\QSwdMyc.exe

C:\Windows\System\viXjUVW.exe

C:\Windows\System\viXjUVW.exe

C:\Windows\System\pjmZAFA.exe

C:\Windows\System\pjmZAFA.exe

C:\Windows\System\XPbttYo.exe

C:\Windows\System\XPbttYo.exe

C:\Windows\System\DPgvayT.exe

C:\Windows\System\DPgvayT.exe

C:\Windows\System\MbmhDqa.exe

C:\Windows\System\MbmhDqa.exe

C:\Windows\System\RFRAHJh.exe

C:\Windows\System\RFRAHJh.exe

C:\Windows\System\KcxNkei.exe

C:\Windows\System\KcxNkei.exe

C:\Windows\System\IpwgGAR.exe

C:\Windows\System\IpwgGAR.exe

C:\Windows\System\bYfVQyb.exe

C:\Windows\System\bYfVQyb.exe

C:\Windows\System\HryraJW.exe

C:\Windows\System\HryraJW.exe

C:\Windows\System\GdTJVFo.exe

C:\Windows\System\GdTJVFo.exe

C:\Windows\System\FNuhotD.exe

C:\Windows\System\FNuhotD.exe

C:\Windows\System\pQuQCVs.exe

C:\Windows\System\pQuQCVs.exe

C:\Windows\System\xNTBtsv.exe

C:\Windows\System\xNTBtsv.exe

C:\Windows\System\oZpukCk.exe

C:\Windows\System\oZpukCk.exe

C:\Windows\System\PpqKnwe.exe

C:\Windows\System\PpqKnwe.exe

C:\Windows\System\ntQhIgA.exe

C:\Windows\System\ntQhIgA.exe

C:\Windows\System\VwDeMEw.exe

C:\Windows\System\VwDeMEw.exe

C:\Windows\System\FmhjalF.exe

C:\Windows\System\FmhjalF.exe

C:\Windows\System\mZaXrHX.exe

C:\Windows\System\mZaXrHX.exe

C:\Windows\System\bPlAiGA.exe

C:\Windows\System\bPlAiGA.exe

C:\Windows\System\mzrqhqK.exe

C:\Windows\System\mzrqhqK.exe

C:\Windows\System\adHEsWR.exe

C:\Windows\System\adHEsWR.exe

C:\Windows\System\ESixoKA.exe

C:\Windows\System\ESixoKA.exe

C:\Windows\System\WzPnxHu.exe

C:\Windows\System\WzPnxHu.exe

C:\Windows\System\GXqUUGs.exe

C:\Windows\System\GXqUUGs.exe

C:\Windows\System\ZnSJomk.exe

C:\Windows\System\ZnSJomk.exe

C:\Windows\System\LNtbFcx.exe

C:\Windows\System\LNtbFcx.exe

C:\Windows\System\HzypfGP.exe

C:\Windows\System\HzypfGP.exe

C:\Windows\System\ujYQaPe.exe

C:\Windows\System\ujYQaPe.exe

C:\Windows\System\ywEwFHc.exe

C:\Windows\System\ywEwFHc.exe

C:\Windows\System\QZUzcPP.exe

C:\Windows\System\QZUzcPP.exe

C:\Windows\System\FoAZjZb.exe

C:\Windows\System\FoAZjZb.exe

C:\Windows\System\vefvdYN.exe

C:\Windows\System\vefvdYN.exe

C:\Windows\System\dUnqFLW.exe

C:\Windows\System\dUnqFLW.exe

C:\Windows\System\GlBewzh.exe

C:\Windows\System\GlBewzh.exe

C:\Windows\System\MZbPiPw.exe

C:\Windows\System\MZbPiPw.exe

C:\Windows\System\iOfMYlA.exe

C:\Windows\System\iOfMYlA.exe

C:\Windows\System\PZKHscf.exe

C:\Windows\System\PZKHscf.exe

C:\Windows\System\UlFoPjp.exe

C:\Windows\System\UlFoPjp.exe

C:\Windows\System\QzglyPi.exe

C:\Windows\System\QzglyPi.exe

C:\Windows\System\ElQKhkj.exe

C:\Windows\System\ElQKhkj.exe

C:\Windows\System\wdaQSji.exe

C:\Windows\System\wdaQSji.exe

C:\Windows\System\bMGhNSV.exe

C:\Windows\System\bMGhNSV.exe

C:\Windows\System\ROIdjsh.exe

C:\Windows\System\ROIdjsh.exe

C:\Windows\System\LsgMFNS.exe

C:\Windows\System\LsgMFNS.exe

C:\Windows\System\XrNYIjU.exe

C:\Windows\System\XrNYIjU.exe

C:\Windows\System\ptpPIhg.exe

C:\Windows\System\ptpPIhg.exe

C:\Windows\System\QZKWhFB.exe

C:\Windows\System\QZKWhFB.exe

C:\Windows\System\rNLKWkW.exe

C:\Windows\System\rNLKWkW.exe

C:\Windows\System\JSfoNjb.exe

C:\Windows\System\JSfoNjb.exe

C:\Windows\System\UFOZYhW.exe

C:\Windows\System\UFOZYhW.exe

C:\Windows\System\dOhiTnn.exe

C:\Windows\System\dOhiTnn.exe

C:\Windows\System\bDIxqLG.exe

C:\Windows\System\bDIxqLG.exe

C:\Windows\System\mbdWcMi.exe

C:\Windows\System\mbdWcMi.exe

C:\Windows\System\FcTknfq.exe

C:\Windows\System\FcTknfq.exe

C:\Windows\System\RhIYdqU.exe

C:\Windows\System\RhIYdqU.exe

C:\Windows\System\uzVceLB.exe

C:\Windows\System\uzVceLB.exe

C:\Windows\System\kHuUWyR.exe

C:\Windows\System\kHuUWyR.exe

C:\Windows\System\XlWgYBN.exe

C:\Windows\System\XlWgYBN.exe

C:\Windows\System\RloZWoD.exe

C:\Windows\System\RloZWoD.exe

C:\Windows\System\RvppxDi.exe

C:\Windows\System\RvppxDi.exe

C:\Windows\System\pyPUVbs.exe

C:\Windows\System\pyPUVbs.exe

C:\Windows\System\zauUbDO.exe

C:\Windows\System\zauUbDO.exe

C:\Windows\System\yMygpak.exe

C:\Windows\System\yMygpak.exe

C:\Windows\System\TeaxObo.exe

C:\Windows\System\TeaxObo.exe

C:\Windows\System\RoFcUUK.exe

C:\Windows\System\RoFcUUK.exe

C:\Windows\System\SGkmglA.exe

C:\Windows\System\SGkmglA.exe

C:\Windows\System\aIRkgPG.exe

C:\Windows\System\aIRkgPG.exe

C:\Windows\System\jMorGsW.exe

C:\Windows\System\jMorGsW.exe

C:\Windows\System\PIuhVEQ.exe

C:\Windows\System\PIuhVEQ.exe

C:\Windows\System\OqkELhD.exe

C:\Windows\System\OqkELhD.exe

C:\Windows\System\QMaFzYH.exe

C:\Windows\System\QMaFzYH.exe

C:\Windows\System\kkVtokf.exe

C:\Windows\System\kkVtokf.exe

C:\Windows\System\mxIxGDU.exe

C:\Windows\System\mxIxGDU.exe

C:\Windows\System\WITzAbX.exe

C:\Windows\System\WITzAbX.exe

C:\Windows\System\gYZvkji.exe

C:\Windows\System\gYZvkji.exe

C:\Windows\System\XBFzSiV.exe

C:\Windows\System\XBFzSiV.exe

C:\Windows\System\vljDyap.exe

C:\Windows\System\vljDyap.exe

C:\Windows\System\UmNPIVn.exe

C:\Windows\System\UmNPIVn.exe

C:\Windows\System\YGAmHWw.exe

C:\Windows\System\YGAmHWw.exe

C:\Windows\System\aRSTuOr.exe

C:\Windows\System\aRSTuOr.exe

C:\Windows\System\bcqIlAn.exe

C:\Windows\System\bcqIlAn.exe

C:\Windows\System\iCmVKih.exe

C:\Windows\System\iCmVKih.exe

C:\Windows\System\uLrgsQd.exe

C:\Windows\System\uLrgsQd.exe

C:\Windows\System\lEeMFgn.exe

C:\Windows\System\lEeMFgn.exe

C:\Windows\System\tJZaTms.exe

C:\Windows\System\tJZaTms.exe

C:\Windows\System\rOXkDVI.exe

C:\Windows\System\rOXkDVI.exe

C:\Windows\System\ZElQegO.exe

C:\Windows\System\ZElQegO.exe

C:\Windows\System\LzNPCOO.exe

C:\Windows\System\LzNPCOO.exe

C:\Windows\System\CdjkqPk.exe

C:\Windows\System\CdjkqPk.exe

C:\Windows\System\BJpDSFI.exe

C:\Windows\System\BJpDSFI.exe

C:\Windows\System\hIUAYlR.exe

C:\Windows\System\hIUAYlR.exe

C:\Windows\System\KeDXZqB.exe

C:\Windows\System\KeDXZqB.exe

C:\Windows\System\ThYwWeI.exe

C:\Windows\System\ThYwWeI.exe

C:\Windows\System\RZnhKFU.exe

C:\Windows\System\RZnhKFU.exe

C:\Windows\System\tlWEyVT.exe

C:\Windows\System\tlWEyVT.exe

C:\Windows\System\VfDaJFF.exe

C:\Windows\System\VfDaJFF.exe

C:\Windows\System\tcVnamR.exe

C:\Windows\System\tcVnamR.exe

C:\Windows\System\lVECDAp.exe

C:\Windows\System\lVECDAp.exe

C:\Windows\System\NSHSTky.exe

C:\Windows\System\NSHSTky.exe

C:\Windows\System\DHYMwNI.exe

C:\Windows\System\DHYMwNI.exe

C:\Windows\System\xDmVbcZ.exe

C:\Windows\System\xDmVbcZ.exe

C:\Windows\System\aoobGzk.exe

C:\Windows\System\aoobGzk.exe

C:\Windows\System\FjhzSmd.exe

C:\Windows\System\FjhzSmd.exe

C:\Windows\System\MmNxyIG.exe

C:\Windows\System\MmNxyIG.exe

C:\Windows\System\QBFhHuq.exe

C:\Windows\System\QBFhHuq.exe

C:\Windows\System\PtwGtYC.exe

C:\Windows\System\PtwGtYC.exe

C:\Windows\System\MzCpuRQ.exe

C:\Windows\System\MzCpuRQ.exe

C:\Windows\System\YbWVEfp.exe

C:\Windows\System\YbWVEfp.exe

C:\Windows\System\MqlRqUz.exe

C:\Windows\System\MqlRqUz.exe

C:\Windows\System\FuKVSGf.exe

C:\Windows\System\FuKVSGf.exe

C:\Windows\System\ioymrbG.exe

C:\Windows\System\ioymrbG.exe

C:\Windows\System\NgRkOqZ.exe

C:\Windows\System\NgRkOqZ.exe

C:\Windows\System\VOYoTxb.exe

C:\Windows\System\VOYoTxb.exe

C:\Windows\System\vrVEItX.exe

C:\Windows\System\vrVEItX.exe

C:\Windows\System\iOdiBJG.exe

C:\Windows\System\iOdiBJG.exe

C:\Windows\System\VsysrTT.exe

C:\Windows\System\VsysrTT.exe

C:\Windows\System\mlKqUXB.exe

C:\Windows\System\mlKqUXB.exe

C:\Windows\System\dfDJwtm.exe

C:\Windows\System\dfDJwtm.exe

C:\Windows\System\nGNyGVU.exe

C:\Windows\System\nGNyGVU.exe

C:\Windows\System\mftIRkk.exe

C:\Windows\System\mftIRkk.exe

C:\Windows\System\hlixtRJ.exe

C:\Windows\System\hlixtRJ.exe

C:\Windows\System\ODSQUyy.exe

C:\Windows\System\ODSQUyy.exe

C:\Windows\System\wQNGBZJ.exe

C:\Windows\System\wQNGBZJ.exe

C:\Windows\System\HckGvnP.exe

C:\Windows\System\HckGvnP.exe

C:\Windows\System\tewcCGW.exe

C:\Windows\System\tewcCGW.exe

C:\Windows\System\fVLbNGt.exe

C:\Windows\System\fVLbNGt.exe

C:\Windows\System\UEJKbjw.exe

C:\Windows\System\UEJKbjw.exe

C:\Windows\System\iFdNgSM.exe

C:\Windows\System\iFdNgSM.exe

C:\Windows\System\fifYsKv.exe

C:\Windows\System\fifYsKv.exe

C:\Windows\System\pzxzngk.exe

C:\Windows\System\pzxzngk.exe

C:\Windows\System\CkKPAQf.exe

C:\Windows\System\CkKPAQf.exe

C:\Windows\System\kFAjiiG.exe

C:\Windows\System\kFAjiiG.exe

C:\Windows\System\WgOGmeT.exe

C:\Windows\System\WgOGmeT.exe

C:\Windows\System\EOvRbIT.exe

C:\Windows\System\EOvRbIT.exe

C:\Windows\System\FxJoMxN.exe

C:\Windows\System\FxJoMxN.exe

C:\Windows\System\PRPQdod.exe

C:\Windows\System\PRPQdod.exe

C:\Windows\System\uCmvYUf.exe

C:\Windows\System\uCmvYUf.exe

C:\Windows\System\AsAzHUR.exe

C:\Windows\System\AsAzHUR.exe

C:\Windows\System\QyehlzK.exe

C:\Windows\System\QyehlzK.exe

C:\Windows\System\iWkjsYG.exe

C:\Windows\System\iWkjsYG.exe

C:\Windows\System\TQDtcrf.exe

C:\Windows\System\TQDtcrf.exe

C:\Windows\System\fCDpdaI.exe

C:\Windows\System\fCDpdaI.exe

C:\Windows\System\BsQhwLS.exe

C:\Windows\System\BsQhwLS.exe

C:\Windows\System\pBbjLWH.exe

C:\Windows\System\pBbjLWH.exe

C:\Windows\System\cWLTOVD.exe

C:\Windows\System\cWLTOVD.exe

C:\Windows\System\xsgevsN.exe

C:\Windows\System\xsgevsN.exe

C:\Windows\System\aqwIxLO.exe

C:\Windows\System\aqwIxLO.exe

C:\Windows\System\DaaoMKk.exe

C:\Windows\System\DaaoMKk.exe

C:\Windows\System\tQBpBaU.exe

C:\Windows\System\tQBpBaU.exe

C:\Windows\System\DaOTuCU.exe

C:\Windows\System\DaOTuCU.exe

C:\Windows\System\mWcGEhJ.exe

C:\Windows\System\mWcGEhJ.exe

C:\Windows\System\mGeIBww.exe

C:\Windows\System\mGeIBww.exe

C:\Windows\System\eHdCKko.exe

C:\Windows\System\eHdCKko.exe

C:\Windows\System\ixualVG.exe

C:\Windows\System\ixualVG.exe

C:\Windows\System\RQUOCkk.exe

C:\Windows\System\RQUOCkk.exe

C:\Windows\System\PlLPttM.exe

C:\Windows\System\PlLPttM.exe

C:\Windows\System\Sdmgnno.exe

C:\Windows\System\Sdmgnno.exe

C:\Windows\System\dgFIEAN.exe

C:\Windows\System\dgFIEAN.exe

C:\Windows\System\mnqtDBo.exe

C:\Windows\System\mnqtDBo.exe

C:\Windows\System\GfdkZLa.exe

C:\Windows\System\GfdkZLa.exe

C:\Windows\System\cJAudQA.exe

C:\Windows\System\cJAudQA.exe

C:\Windows\System\HWcknMc.exe

C:\Windows\System\HWcknMc.exe

C:\Windows\System\sdGhvKq.exe

C:\Windows\System\sdGhvKq.exe

C:\Windows\System\wAPulJr.exe

C:\Windows\System\wAPulJr.exe

C:\Windows\System\UvlsBRc.exe

C:\Windows\System\UvlsBRc.exe

C:\Windows\System\JBKKEUM.exe

C:\Windows\System\JBKKEUM.exe

C:\Windows\System\WhmToVf.exe

C:\Windows\System\WhmToVf.exe

C:\Windows\System\VZQwgxq.exe

C:\Windows\System\VZQwgxq.exe

C:\Windows\System\fDdwiIg.exe

C:\Windows\System\fDdwiIg.exe

C:\Windows\System\iUlxuNF.exe

C:\Windows\System\iUlxuNF.exe

C:\Windows\System\ZYbmdCo.exe

C:\Windows\System\ZYbmdCo.exe

C:\Windows\System\wHpMJRc.exe

C:\Windows\System\wHpMJRc.exe

C:\Windows\System\PBficVf.exe

C:\Windows\System\PBficVf.exe

C:\Windows\System\CyyriVC.exe

C:\Windows\System\CyyriVC.exe

C:\Windows\System\NkrcPgm.exe

C:\Windows\System\NkrcPgm.exe

C:\Windows\System\xuebVgN.exe

C:\Windows\System\xuebVgN.exe

Network

Country Destination Domain Proto
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp

Files

memory/2888-0-0x00000000002F0000-0x0000000000300000-memory.dmp

\Windows\system\LPMyoNn.exe

MD5 7d34fbea5d0ad273dfc48cda335cd70d
SHA1 0a0447e78f15d949df9d59090143ef4ed140b719
SHA256 c3d99080beb7cecd0650bf7f399327b1faa69e88b896b9026e339d6949074f4b
SHA512 c6e392ae09b2c232bf5e0f83c3369407625c2b6a82ab595a842adf3eb855d95caa9c85f73d37b2604f0ff37d5053f8048be546951af1457ee482d7270eb7f2da

\Windows\system\BozxnAN.exe

MD5 f7968a511757e920753052758f68f826
SHA1 facf650fadc973c7c967f85f771309e099f833d1
SHA256 7e8feab3c64ea2540575c242c0cd206a1bdd1a4e433ec874fbc20065b2507bb7
SHA512 db5c922eda5649e586bfcc828b5d73b57df8873a6202c696af394c0c99116931b7c51b438ec7047b758c10f581448c1503f2fbd4a93e5f89d551e431e45bf155

C:\Windows\system\uHSDrIr.exe

MD5 d3bef3246ef0835e5a50b03e9262c462
SHA1 c12825e84f1e167abe6a8e03ad5ebb9f6c4298b9
SHA256 d4c8d8b8e9b89d488765480634b3b8c315baa3cd1daff2887ea74499ea0c9af5
SHA512 25a3977af8f48a29a5a9c7934008ec6882452aeaa1399c6ec70d5c69e56b7b99f57d2f27e43e60fa8b1e5ea7ff681eb739e4df2ef1e821733ca9beb5ac697d49

C:\Windows\system\xaqvJTj.exe

MD5 e23c9c2d912a702fe743df706754ece2
SHA1 40f34b1d36fc78cf000ec542f117d6b828556dd9
SHA256 a0219b70852a58f304c379dcb7182822a3f151a95a62b5da20f3efde250e60c3
SHA512 9c4fc155afa6fb50a4cc8aaa2007d4824298aa27eb728f208277acb2f67325423b9b6684cb904c34fe448e7050964fdc8dac632dbbd648690bc557a81b681c90

\Windows\system\rLckIMT.exe

MD5 187a6953e71c916260b791d59d5ad37a
SHA1 b148b06133e89c8a54bfb1f372b7951e6c22b2aa
SHA256 e1f98d38e3458b77993134741c931f3c4197376a8f314590cec0a49999fae9b1
SHA512 ccf5c6490ec9d6214456098ac2bf97d533ae30cbe3a618f87348a4e92c29596672f8993d6d8eabf8bda299aa03fa0b27a2d326eabb969f8ae8f9f2d23c7d1584

C:\Windows\system\TFLdajZ.exe

MD5 f21b3e3a5179994693573b64645d9258
SHA1 bc6e02a78e3d1ce651b42ff0c6ad06081e4e17e7
SHA256 30d9ae90dfff813f5cc805c30afa8acc5abeea1b0d49be5e4bdb1bd3c7d365c8
SHA512 4d530b705091dde17fd88e3ec1cecab95e3c13bb05702f09da4d2d7467a33d94d0834564a64b236abb3fde13f45eda0af349d37548b353d6633ce5545fb24fd0

\Windows\system\epVbamv.exe

MD5 69cfbdeb958ff199ddb7ee6eb66bf03a
SHA1 f9cd2fe6a05dcb9f606d5ac225b338b04450f794
SHA256 1dad946b054e032afbc6711df15b116a9a978c5496a0ea110d4745a1f950b4ba
SHA512 db9b7e501a9c4fbcea522d2bf5a23c95d75c344f885d7df64115f617cbbeb2a7a2009f4d6d23486374a7a666bdf020fb2d8d354a66b6dae1a3e029e25484e4af

\Windows\system\qbRbvXa.exe

MD5 444b752465540cdf938a8c40653141b5
SHA1 2367e4d64417bf085d8fe58d0f00b8e6e53b9ff9
SHA256 8e6e99dd267d84d5325ce7900db94313f1a3061c547085659ccaf309627cec01
SHA512 a1614ea8a77c2bbf315e9dc5db40312ea9e47aa8edb6ff2a84a2574fe2c57b369d8422e513eb4a2bd9aacda0f583c35c8ddcf2c034c1a2d36b2c03b4f85ceae8

C:\Windows\system\yhmBwxD.exe

MD5 c173f9300f815eb362c35247110a9d67
SHA1 546cdc6bfa883c71af05c0481fd693cb997c877a
SHA256 2ff486550a43e93ceda7e7d07bac7088c0c7cd7fc5dd5bf59b390e0bc7333854
SHA512 d2a03553bc2b545fb51ef2df963eafc679118c1cd7b3228e6d6b7e42dc5712e61cf06300bb998a70661654fa32d93b7c10c7af1b997757ad913454c62df44a04

C:\Windows\system\BNyjOHt.exe

MD5 054d1d2a247e71a248c778c6ae522ad5
SHA1 e3104027b8e45973bbcac297f1b68705d1378cb8
SHA256 925d659121b59b1a8a023c1f4eb665a0168a720fa38ba0001179d19e69e55db9
SHA512 cdad197c0e5ff9ae60342edb9545e3a5c640a8c8672ef6fd3b0c18df3b2a9ecf9c6f50becef613a3c83cbbc703383ab7abb3e28bc02fe5cec4d4d4f393b857cd

C:\Windows\system\BviFnzU.exe

MD5 5657adf0c859e16ef358c426cc96806a
SHA1 5646cc48418de852c9ef1b1d947ed70ef60ce311
SHA256 9281c0f8deb1153b2f451c0d9c19d4411613c976039389ee86a843d5a322b7f5
SHA512 de274f3d8e37943acd5c4ad156d9eef205e621c98fe5d544b2bf0b6d2d684ae2ba64a960f93cfd6f77962b1a3953a09556006377b46481db65e2263304134a0a

C:\Windows\system\zXJJiNS.exe

MD5 d6c23f97d8d65c1d7c600bae70a8efc7
SHA1 979cd3c2e3680b68bd78cf710e622b4b372273c7
SHA256 395cfc948dc762ad3f183658f215917dade01137d882200b8c309c9e4a9dd94c
SHA512 fbad90a0ddefc8a2b39b8c3c1ff21352727bbdcc959127f438867aa421e0994c599c624488670a951eff4d9d96ee288477375b353470fc261c06b1112f5532e6

C:\Windows\system\PTQwzfB.exe

MD5 4dc27170049bdc992c1dba494b9801b1
SHA1 889343101545712248105bc9df851e44cdfd03ba
SHA256 9140b8a61b09cc65226cdc674b1ca35e7298d99ce96028fff813412ef4509cd1
SHA512 542f792e876ad5e08d6f331941380944c01928fb3b5bf08f3f24bb2cc1b66f9c450565bb95068cb89246c5ff8617311dd6f337988418f08592a461d3a4c56cc5

C:\Windows\system\kzkYLZL.exe

MD5 1b13bd1409730a7054add6d6946c9618
SHA1 d4467f543ce5d1e70cf607b49cf78ea5bf9991b6
SHA256 6aa7b5f1e145cdeba6892071618bb74323c4deb2e966c655f25f9348997f6411
SHA512 dd22d89cf9dee7729e1caab3aba0d3632bcda7090a8dfe8845a5e574f519a912320c95932d16dea4a1ba0ee27c80550b55e8171cbf3c0fb9d8af3b0240059a00

C:\Windows\system\SATKZjw.exe

MD5 9bcf53f5e9ab01a383832ba09c2830df
SHA1 77f2b6d5dcca5207dbf359c6c5f952814dff59f8
SHA256 693a0831a0d1a0a0ed4e831980b08e08ee730735fa2d6ef071e60ddd765584ab
SHA512 2f0017920a82653a35e075ff85a433e2521270a237f5fb6a15a904fb1de018ff537ecd074c61255110dda2c9c50f5fe50c4656cf2a4995ae36bebbfaa8902cb5

C:\Windows\system\BOAfykM.exe

MD5 5a771ca15992c2e156b1fbfb66d90783
SHA1 6a903f67073d515f74d460e7ec5a1a223c81dc0a
SHA256 01f9d72d6d1e504e26eecfbd784a1bb52d98223dd34e6df9b5604b209b6bf61f
SHA512 7e3d40b638fa8490c1e69b22b2c5180417868f2f15f52acd2ac80f2f811a24325783ba4652c522c767e7a9724ca0c4d0c8c7b81ea5a44939cffbc670e6841192

C:\Windows\system\gmucjmk.exe

MD5 e9cf01cffbe8c17a97e94d4e627fe9b7
SHA1 8b5cab6502825b7b5e9fcbe0c510cc4161185836
SHA256 6210aea7af023557c515d39a6783262b8376b2b32a97be246053eb9eeecd68f2
SHA512 12d6ac85ecbfed9352e0b14296b5dc094e59858d149db359c1ca5132bc3759aef143803d6538c7572eac6f3a49b9ba96434fd7ea84b7f53f3e954b63883388b4

C:\Windows\system\eKbRNWJ.exe

MD5 d82ff68fb3f3c7e03dd2e242ff96560c
SHA1 23e6040b93d838f888406dd2bd7a22ff329d36f2
SHA256 f269ad18c3af65b6cdc175ec152f0f8d3b08d0e92b1ecbfa35aedb435a9915b1
SHA512 e5857bc26b1cf192e402c9e5ae9f8c8951a482695a7b6bee176d783c12b785255232b3586563e6d756438fe6713bc19fb3f1d40a1c7a18eac0436693035535f8

C:\Windows\system\DQdSuUz.exe

MD5 85103e0b5f8137a5ecd2748baa6c87c0
SHA1 f2a309538807d43dda02a32ebb20297b366181a7
SHA256 43fe4f5c6c87b20ee6de271e446c923e753402f4c9826aec940acf2bdb1af3e5
SHA512 c5555130611cd99b8bb7507c531f59a270ada6fecb384ccb9cb6f3063f47b85378b13694dd770d6ce6f8a561a29feb3cbb42ee39826102021614929670dee003

C:\Windows\system\XVAHqdh.exe

MD5 b0c2c6abc9b3f3825976fac3358096f2
SHA1 890d21cdfb6723b83f1df3b1c4d167c5c47ec7e8
SHA256 c5cf0b6b37087bee1ee6bd2c431a7e64a7a174b56bc9f1a2277f8438e9132aee
SHA512 eb0d37eb13760018420f4ea14b08ea42858028259d37b69870f3ab1f43d553f121da40be87170d9245e6584dfdd0c0687057a84d28e467440df9b8cd00b4949f

C:\Windows\system\JRUyRAu.exe

MD5 381dbf8954df37ece5126f3695285f86
SHA1 e053dafefa534e9b48740db06b709fcf89150c5b
SHA256 f17ba6f4095df408c9aca021b2b53ae984cc508c7119d4503e12b9880a84aff0
SHA512 19cee317a5a5a1fa2562b7d9cc668f0373593650db1db46547c2b0d3d1e9b351a819e47ba5b82d7f20b29a86726848ca8d6e31b6a7838c0a7bed20eb9501dc29

C:\Windows\system\pdDByzk.exe

MD5 d0480fe05302ad91997b050492c57598
SHA1 6dc99a8ec0c6fbbb38b3950c72ef54e65c0a2328
SHA256 df0fb20dc2234c348fd7f04aeccc1452bbfea0339ad2f48b1acea1abb915e424
SHA512 43d360d78ea3b6a14abacdaa653c9317a5693c01cadfbfbb353bcf0c0a361f974c335e6aaaf3e3a813d3f6be579d54e452fa543762f765352bbdafe936f4edcc

C:\Windows\system\oQsfkdt.exe

MD5 b7785112ca21e9476835538603b7fa06
SHA1 265b99f6244d1b7ebca405d4162f33854d50b733
SHA256 2ed0fff4c3694673398c1c9287abd70f2dc17a67e68a4a0b9017424d09e12279
SHA512 de0e8e8129f2e3b5d07eff36813353a968934a54b3b5f0872b529d742e0fad7e7d872189fed7401734cd3af9d8d4bfe6cfc6e79e350cf1b4f767612f5b8eb252

C:\Windows\system\mMaTJSL.exe

MD5 134100d616af1bfbe03df021a72bfbff
SHA1 b773abfee2cf2ff5a70387a9c723e7e97bafd6c0
SHA256 b83e12e1c8cb8620c157ceb4955ea824a1225e7aa097bb3cb63a5d912fde39f5
SHA512 122ba87d7b91259745bbbacc8f705793dd368b9cddae0e8162e9ff41765ce54e27d8f2fdd14800b2bbc1e01bc2112195e6ba655a54f9e48572b75d55f49e0b03

C:\Windows\system\DFmRTku.exe

MD5 d053b9c5ce3f2277375c1b606b8392ac
SHA1 9650a1d3b2330cb302fd8ea01e38b5be59bd5db7
SHA256 3c053b7f76d3bf4e277794011d1902be8180307bc0480685d5c321f17916b34b
SHA512 d19081ed6f19b967e75ebad4cbdff34b98be0afb98c33127caba16948e0c4b4b2a7623d4b192ba9c17a7b4ebe3cda37548c14a658c8e89830b130cf8166c048c

C:\Windows\system\nxkVTcq.exe

MD5 b97d4724f87ccb93c1d3b2a70e436349
SHA1 90be1062008fc843cac46773abeed14c845aacc5
SHA256 fcc0b526c13555c88bfb07bf79f83bc7a87fe025a4808202e2949dc383b36c34
SHA512 d507704e6cb653cf480f190e424dda0cad80e18deaf477dec0105ed2dbca5992f6fc2b1463f6723d1d4b672e4b533cba651c2dbe40c9288918e31f786aaaa1f2

C:\Windows\system\QUXErqv.exe

MD5 9b4d47c0d7d29b8198615ecc1bd137e4
SHA1 8c2c0bc508a3c3ea5ba3a342f843a0e2f3d93e75
SHA256 b60c61afe2a39759fed654c6d44c166554073eb3e5da3d302c79e67de1d58c4e
SHA512 c0dda574ff823cd5091e797215afe7273473f1b7eee863d20f29180da10629060de63057f2e7dc16567dd229a16dd6b1de8928cdad14c13f1dc69883a87d97f6

C:\Windows\system\SqBnWuL.exe

MD5 5fb23c1784aa98b40e28ab02d5e54b2a
SHA1 a4c8a4ca339bf9bbf66ba0b598efcdcfab7a6314
SHA256 025db53ab696e69ecf945741b4204222cbdc773ed2b29337592b0e14f82c038d
SHA512 353a4d2be16e0a24decff995b10ac3caf02c0829b450aa52c2440ac42aac37eb64a7abbe59fc0a39127483cdd2412754f0648942db8c211758d7db05c16f72ee

C:\Windows\system\KzZwlXM.exe

MD5 4a8238c60b3c2c1e8e6dd91f1425bd69
SHA1 f9e9ae412ed5f52b501a682563cb365208b2abdb
SHA256 3545a95d68952d9634fb8cf77e23f03dd85c056be22b5b5fdafcae45eb66a820
SHA512 ddfe24e07141840a3ec3e8ae6b0f07e2892a9cbffc561078cc90040612c7f3120b88490a251e68a1f94394b5eb68de3002af36063998688ed060f0844c9e169a

C:\Windows\system\Rkzmnbt.exe

MD5 6f16e1f085da5617187f95f494c14342
SHA1 cce34ab3807ba63a3fa7b44149afa1e1ff414d85
SHA256 a3761c5760a4d862349fcd458fc1b974fbc550ae4488176a1b9f2908bde4ba9e
SHA512 3c6b2342e57786957160f95abaa8335e515ec72d96fca42ccb54619118a5d066f43b7ba361eb8245292244cb94e8ddb8c486b8aafd2ccc4ca9eb1d5c0e8a038f

C:\Windows\system\asQZYvp.exe

MD5 8261c37e0070c66206274254c618039c
SHA1 cc349b600961e56b8cde8498ad3865037427afc1
SHA256 5f5e8275c05d8040b6d47da7b7ab0ef381fb46554c85bd3df9ac4db3d596cbfb
SHA512 8316a4e05ab40d280fba582780e2361747c34fbb1ca71cf84fef5e54096caa8c17d932672ceb1b846a62a7746c24da9e4e1ac95fcb47432f08864530d22455fd

C:\Windows\system\NRKgocy.exe

MD5 3740a50105a497df1dfe4b401340088a
SHA1 3e9a08afa09b90cf2a66fbc8f5f92ea4b6c7da10
SHA256 6ef2299919c7b8a349b0a594315585c7c85b17da3584fa657e6170255ae07854
SHA512 35dc8dceb3b131ce774702b4a47df72f421baa0ff14525ded6cb7dacedac273dc35790f99fcc61e3c050b6d3450424cbbf04ea31ea4ad28867467d1e185844a9