Malware Analysis Report

2024-10-10 09:30

Sample ID 240627-bsztbsxhjr
Target 354158aab5576f0bc8f972e79d33bbdc01548022dd9cf4a4b2c5c76d7e53b5e4_NeikiAnalytics.exe
SHA256 354158aab5576f0bc8f972e79d33bbdc01548022dd9cf4a4b2c5c76d7e53b5e4
Tags
kpot xmrig miner stealer trojan
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

354158aab5576f0bc8f972e79d33bbdc01548022dd9cf4a4b2c5c76d7e53b5e4

Threat Level: Known bad

The file 354158aab5576f0bc8f972e79d33bbdc01548022dd9cf4a4b2c5c76d7e53b5e4_NeikiAnalytics.exe was found to be: Known bad.

Malicious Activity Summary

kpot xmrig miner stealer trojan

Kpot family

XMRig Miner payload

Xmrig family

KPOT

KPOT Core Executable

xmrig

XMRig Miner payload

Loads dropped DLL

Executes dropped EXE

Drops file in Windows directory

Unsigned PE

Suspicious use of AdjustPrivilegeToken

Suspicious use of WriteProcessMemory

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-27 01:25

Signatures

KPOT Core Executable

Description Indicator Process Target
N/A N/A N/A N/A

Kpot family

kpot

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A

Xmrig family

xmrig

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-27 01:25

Reported

2024-06-27 01:27

Platform

win10v2004-20240508-en

Max time kernel

149s

Max time network

151s

Command Line

"C:\Users\Admin\AppData\Local\Temp\354158aab5576f0bc8f972e79d33bbdc01548022dd9cf4a4b2c5c76d7e53b5e4_NeikiAnalytics.exe"

Signatures

KPOT

trojan stealer kpot

KPOT Core Executable

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

xmrig

miner xmrig

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Windows\System\iQkZmcx.exe N/A
N/A N/A C:\Windows\System\ZzjmqrU.exe N/A
N/A N/A C:\Windows\System\MWLYsgT.exe N/A
N/A N/A C:\Windows\System\BYJjTuD.exe N/A
N/A N/A C:\Windows\System\rraWYIe.exe N/A
N/A N/A C:\Windows\System\JNoFOKZ.exe N/A
N/A N/A C:\Windows\System\ZbDcybD.exe N/A
N/A N/A C:\Windows\System\pNiNYpE.exe N/A
N/A N/A C:\Windows\System\TtdUrqW.exe N/A
N/A N/A C:\Windows\System\cILwHju.exe N/A
N/A N/A C:\Windows\System\ZQPXaIf.exe N/A
N/A N/A C:\Windows\System\GbvVHBg.exe N/A
N/A N/A C:\Windows\System\HYUYZUa.exe N/A
N/A N/A C:\Windows\System\SoxEhks.exe N/A
N/A N/A C:\Windows\System\FHfCSiu.exe N/A
N/A N/A C:\Windows\System\swRvBrV.exe N/A
N/A N/A C:\Windows\System\HLebWIz.exe N/A
N/A N/A C:\Windows\System\uUFJoDi.exe N/A
N/A N/A C:\Windows\System\tLpiVqn.exe N/A
N/A N/A C:\Windows\System\wsOfJCs.exe N/A
N/A N/A C:\Windows\System\xRKYjGX.exe N/A
N/A N/A C:\Windows\System\QqbUizo.exe N/A
N/A N/A C:\Windows\System\pUEVsbu.exe N/A
N/A N/A C:\Windows\System\tEzPFdA.exe N/A
N/A N/A C:\Windows\System\JBnuKax.exe N/A
N/A N/A C:\Windows\System\nRhsRyb.exe N/A
N/A N/A C:\Windows\System\XNqxQgm.exe N/A
N/A N/A C:\Windows\System\DUtTSzi.exe N/A
N/A N/A C:\Windows\System\NBvivNu.exe N/A
N/A N/A C:\Windows\System\AmGpbQq.exe N/A
N/A N/A C:\Windows\System\iBUTAxS.exe N/A
N/A N/A C:\Windows\System\ZpGYnaO.exe N/A
N/A N/A C:\Windows\System\gDuQGhu.exe N/A
N/A N/A C:\Windows\System\PtzMHvH.exe N/A
N/A N/A C:\Windows\System\SyMfXnZ.exe N/A
N/A N/A C:\Windows\System\TQkDGxS.exe N/A
N/A N/A C:\Windows\System\xzHnZen.exe N/A
N/A N/A C:\Windows\System\zXvqgPw.exe N/A
N/A N/A C:\Windows\System\HtZZKEK.exe N/A
N/A N/A C:\Windows\System\ZoyZkrg.exe N/A
N/A N/A C:\Windows\System\OHHSTIJ.exe N/A
N/A N/A C:\Windows\System\yehPHvA.exe N/A
N/A N/A C:\Windows\System\AymRCZv.exe N/A
N/A N/A C:\Windows\System\oudnQkR.exe N/A
N/A N/A C:\Windows\System\jKYBUbC.exe N/A
N/A N/A C:\Windows\System\EqNVEST.exe N/A
N/A N/A C:\Windows\System\sfDkIei.exe N/A
N/A N/A C:\Windows\System\mUrqiQw.exe N/A
N/A N/A C:\Windows\System\AoyJxVK.exe N/A
N/A N/A C:\Windows\System\PpSbioP.exe N/A
N/A N/A C:\Windows\System\rrISurI.exe N/A
N/A N/A C:\Windows\System\EbnZMPW.exe N/A
N/A N/A C:\Windows\System\AgSIftL.exe N/A
N/A N/A C:\Windows\System\HjDKvkB.exe N/A
N/A N/A C:\Windows\System\iNqOhkG.exe N/A
N/A N/A C:\Windows\System\kTRiqIX.exe N/A
N/A N/A C:\Windows\System\iQfrVSq.exe N/A
N/A N/A C:\Windows\System\RFRejJL.exe N/A
N/A N/A C:\Windows\System\aGXtJVR.exe N/A
N/A N/A C:\Windows\System\vwlDGEh.exe N/A
N/A N/A C:\Windows\System\saUfDtr.exe N/A
N/A N/A C:\Windows\System\VimXMOC.exe N/A
N/A N/A C:\Windows\System\xLpeoYL.exe N/A
N/A N/A C:\Windows\System\bUYPbjM.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\System\RFRejJL.exe C:\Users\Admin\AppData\Local\Temp\354158aab5576f0bc8f972e79d33bbdc01548022dd9cf4a4b2c5c76d7e53b5e4_NeikiAnalytics.exe N/A
File created C:\Windows\System\AHMfqrE.exe C:\Users\Admin\AppData\Local\Temp\354158aab5576f0bc8f972e79d33bbdc01548022dd9cf4a4b2c5c76d7e53b5e4_NeikiAnalytics.exe N/A
File created C:\Windows\System\FugweLN.exe C:\Users\Admin\AppData\Local\Temp\354158aab5576f0bc8f972e79d33bbdc01548022dd9cf4a4b2c5c76d7e53b5e4_NeikiAnalytics.exe N/A
File created C:\Windows\System\jPzWsHW.exe C:\Users\Admin\AppData\Local\Temp\354158aab5576f0bc8f972e79d33bbdc01548022dd9cf4a4b2c5c76d7e53b5e4_NeikiAnalytics.exe N/A
File created C:\Windows\System\PifxdQT.exe C:\Users\Admin\AppData\Local\Temp\354158aab5576f0bc8f972e79d33bbdc01548022dd9cf4a4b2c5c76d7e53b5e4_NeikiAnalytics.exe N/A
File created C:\Windows\System\VimXMOC.exe C:\Users\Admin\AppData\Local\Temp\354158aab5576f0bc8f972e79d33bbdc01548022dd9cf4a4b2c5c76d7e53b5e4_NeikiAnalytics.exe N/A
File created C:\Windows\System\peTLdrs.exe C:\Users\Admin\AppData\Local\Temp\354158aab5576f0bc8f972e79d33bbdc01548022dd9cf4a4b2c5c76d7e53b5e4_NeikiAnalytics.exe N/A
File created C:\Windows\System\dckuFtF.exe C:\Users\Admin\AppData\Local\Temp\354158aab5576f0bc8f972e79d33bbdc01548022dd9cf4a4b2c5c76d7e53b5e4_NeikiAnalytics.exe N/A
File created C:\Windows\System\hlwoGnH.exe C:\Users\Admin\AppData\Local\Temp\354158aab5576f0bc8f972e79d33bbdc01548022dd9cf4a4b2c5c76d7e53b5e4_NeikiAnalytics.exe N/A
File created C:\Windows\System\QZRtNif.exe C:\Users\Admin\AppData\Local\Temp\354158aab5576f0bc8f972e79d33bbdc01548022dd9cf4a4b2c5c76d7e53b5e4_NeikiAnalytics.exe N/A
File created C:\Windows\System\xRKYjGX.exe C:\Users\Admin\AppData\Local\Temp\354158aab5576f0bc8f972e79d33bbdc01548022dd9cf4a4b2c5c76d7e53b5e4_NeikiAnalytics.exe N/A
File created C:\Windows\System\uUNWhPR.exe C:\Users\Admin\AppData\Local\Temp\354158aab5576f0bc8f972e79d33bbdc01548022dd9cf4a4b2c5c76d7e53b5e4_NeikiAnalytics.exe N/A
File created C:\Windows\System\QSbptqU.exe C:\Users\Admin\AppData\Local\Temp\354158aab5576f0bc8f972e79d33bbdc01548022dd9cf4a4b2c5c76d7e53b5e4_NeikiAnalytics.exe N/A
File created C:\Windows\System\clyRkOS.exe C:\Users\Admin\AppData\Local\Temp\354158aab5576f0bc8f972e79d33bbdc01548022dd9cf4a4b2c5c76d7e53b5e4_NeikiAnalytics.exe N/A
File created C:\Windows\System\kSfpsfZ.exe C:\Users\Admin\AppData\Local\Temp\354158aab5576f0bc8f972e79d33bbdc01548022dd9cf4a4b2c5c76d7e53b5e4_NeikiAnalytics.exe N/A
File created C:\Windows\System\cPLIkev.exe C:\Users\Admin\AppData\Local\Temp\354158aab5576f0bc8f972e79d33bbdc01548022dd9cf4a4b2c5c76d7e53b5e4_NeikiAnalytics.exe N/A
File created C:\Windows\System\supMAAa.exe C:\Users\Admin\AppData\Local\Temp\354158aab5576f0bc8f972e79d33bbdc01548022dd9cf4a4b2c5c76d7e53b5e4_NeikiAnalytics.exe N/A
File created C:\Windows\System\QqbUizo.exe C:\Users\Admin\AppData\Local\Temp\354158aab5576f0bc8f972e79d33bbdc01548022dd9cf4a4b2c5c76d7e53b5e4_NeikiAnalytics.exe N/A
File created C:\Windows\System\jXzIZyM.exe C:\Users\Admin\AppData\Local\Temp\354158aab5576f0bc8f972e79d33bbdc01548022dd9cf4a4b2c5c76d7e53b5e4_NeikiAnalytics.exe N/A
File created C:\Windows\System\XbqnUlp.exe C:\Users\Admin\AppData\Local\Temp\354158aab5576f0bc8f972e79d33bbdc01548022dd9cf4a4b2c5c76d7e53b5e4_NeikiAnalytics.exe N/A
File created C:\Windows\System\vMvTOdh.exe C:\Users\Admin\AppData\Local\Temp\354158aab5576f0bc8f972e79d33bbdc01548022dd9cf4a4b2c5c76d7e53b5e4_NeikiAnalytics.exe N/A
File created C:\Windows\System\MVqCFMn.exe C:\Users\Admin\AppData\Local\Temp\354158aab5576f0bc8f972e79d33bbdc01548022dd9cf4a4b2c5c76d7e53b5e4_NeikiAnalytics.exe N/A
File created C:\Windows\System\RxvKvRP.exe C:\Users\Admin\AppData\Local\Temp\354158aab5576f0bc8f972e79d33bbdc01548022dd9cf4a4b2c5c76d7e53b5e4_NeikiAnalytics.exe N/A
File created C:\Windows\System\jZpTnDJ.exe C:\Users\Admin\AppData\Local\Temp\354158aab5576f0bc8f972e79d33bbdc01548022dd9cf4a4b2c5c76d7e53b5e4_NeikiAnalytics.exe N/A
File created C:\Windows\System\rTcfNgf.exe C:\Users\Admin\AppData\Local\Temp\354158aab5576f0bc8f972e79d33bbdc01548022dd9cf4a4b2c5c76d7e53b5e4_NeikiAnalytics.exe N/A
File created C:\Windows\System\WpgXBFM.exe C:\Users\Admin\AppData\Local\Temp\354158aab5576f0bc8f972e79d33bbdc01548022dd9cf4a4b2c5c76d7e53b5e4_NeikiAnalytics.exe N/A
File created C:\Windows\System\pKskcAM.exe C:\Users\Admin\AppData\Local\Temp\354158aab5576f0bc8f972e79d33bbdc01548022dd9cf4a4b2c5c76d7e53b5e4_NeikiAnalytics.exe N/A
File created C:\Windows\System\wZKSmXN.exe C:\Users\Admin\AppData\Local\Temp\354158aab5576f0bc8f972e79d33bbdc01548022dd9cf4a4b2c5c76d7e53b5e4_NeikiAnalytics.exe N/A
File created C:\Windows\System\RxCXrQM.exe C:\Users\Admin\AppData\Local\Temp\354158aab5576f0bc8f972e79d33bbdc01548022dd9cf4a4b2c5c76d7e53b5e4_NeikiAnalytics.exe N/A
File created C:\Windows\System\nhDXxKV.exe C:\Users\Admin\AppData\Local\Temp\354158aab5576f0bc8f972e79d33bbdc01548022dd9cf4a4b2c5c76d7e53b5e4_NeikiAnalytics.exe N/A
File created C:\Windows\System\Fqktxag.exe C:\Users\Admin\AppData\Local\Temp\354158aab5576f0bc8f972e79d33bbdc01548022dd9cf4a4b2c5c76d7e53b5e4_NeikiAnalytics.exe N/A
File created C:\Windows\System\oCzHhZQ.exe C:\Users\Admin\AppData\Local\Temp\354158aab5576f0bc8f972e79d33bbdc01548022dd9cf4a4b2c5c76d7e53b5e4_NeikiAnalytics.exe N/A
File created C:\Windows\System\OCQpkda.exe C:\Users\Admin\AppData\Local\Temp\354158aab5576f0bc8f972e79d33bbdc01548022dd9cf4a4b2c5c76d7e53b5e4_NeikiAnalytics.exe N/A
File created C:\Windows\System\EmhOZja.exe C:\Users\Admin\AppData\Local\Temp\354158aab5576f0bc8f972e79d33bbdc01548022dd9cf4a4b2c5c76d7e53b5e4_NeikiAnalytics.exe N/A
File created C:\Windows\System\BNjYvNZ.exe C:\Users\Admin\AppData\Local\Temp\354158aab5576f0bc8f972e79d33bbdc01548022dd9cf4a4b2c5c76d7e53b5e4_NeikiAnalytics.exe N/A
File created C:\Windows\System\ZKBSuWR.exe C:\Users\Admin\AppData\Local\Temp\354158aab5576f0bc8f972e79d33bbdc01548022dd9cf4a4b2c5c76d7e53b5e4_NeikiAnalytics.exe N/A
File created C:\Windows\System\zzhwCpE.exe C:\Users\Admin\AppData\Local\Temp\354158aab5576f0bc8f972e79d33bbdc01548022dd9cf4a4b2c5c76d7e53b5e4_NeikiAnalytics.exe N/A
File created C:\Windows\System\nhZOKRO.exe C:\Users\Admin\AppData\Local\Temp\354158aab5576f0bc8f972e79d33bbdc01548022dd9cf4a4b2c5c76d7e53b5e4_NeikiAnalytics.exe N/A
File created C:\Windows\System\IgWNYdZ.exe C:\Users\Admin\AppData\Local\Temp\354158aab5576f0bc8f972e79d33bbdc01548022dd9cf4a4b2c5c76d7e53b5e4_NeikiAnalytics.exe N/A
File created C:\Windows\System\uUFJoDi.exe C:\Users\Admin\AppData\Local\Temp\354158aab5576f0bc8f972e79d33bbdc01548022dd9cf4a4b2c5c76d7e53b5e4_NeikiAnalytics.exe N/A
File created C:\Windows\System\DrxOtxI.exe C:\Users\Admin\AppData\Local\Temp\354158aab5576f0bc8f972e79d33bbdc01548022dd9cf4a4b2c5c76d7e53b5e4_NeikiAnalytics.exe N/A
File created C:\Windows\System\HiFHSgD.exe C:\Users\Admin\AppData\Local\Temp\354158aab5576f0bc8f972e79d33bbdc01548022dd9cf4a4b2c5c76d7e53b5e4_NeikiAnalytics.exe N/A
File created C:\Windows\System\iIOwNsj.exe C:\Users\Admin\AppData\Local\Temp\354158aab5576f0bc8f972e79d33bbdc01548022dd9cf4a4b2c5c76d7e53b5e4_NeikiAnalytics.exe N/A
File created C:\Windows\System\eVntksj.exe C:\Users\Admin\AppData\Local\Temp\354158aab5576f0bc8f972e79d33bbdc01548022dd9cf4a4b2c5c76d7e53b5e4_NeikiAnalytics.exe N/A
File created C:\Windows\System\BeHLZEc.exe C:\Users\Admin\AppData\Local\Temp\354158aab5576f0bc8f972e79d33bbdc01548022dd9cf4a4b2c5c76d7e53b5e4_NeikiAnalytics.exe N/A
File created C:\Windows\System\HtnLxIg.exe C:\Users\Admin\AppData\Local\Temp\354158aab5576f0bc8f972e79d33bbdc01548022dd9cf4a4b2c5c76d7e53b5e4_NeikiAnalytics.exe N/A
File created C:\Windows\System\huTsufO.exe C:\Users\Admin\AppData\Local\Temp\354158aab5576f0bc8f972e79d33bbdc01548022dd9cf4a4b2c5c76d7e53b5e4_NeikiAnalytics.exe N/A
File created C:\Windows\System\HKqNqtn.exe C:\Users\Admin\AppData\Local\Temp\354158aab5576f0bc8f972e79d33bbdc01548022dd9cf4a4b2c5c76d7e53b5e4_NeikiAnalytics.exe N/A
File created C:\Windows\System\tLpiVqn.exe C:\Users\Admin\AppData\Local\Temp\354158aab5576f0bc8f972e79d33bbdc01548022dd9cf4a4b2c5c76d7e53b5e4_NeikiAnalytics.exe N/A
File created C:\Windows\System\HtZZKEK.exe C:\Users\Admin\AppData\Local\Temp\354158aab5576f0bc8f972e79d33bbdc01548022dd9cf4a4b2c5c76d7e53b5e4_NeikiAnalytics.exe N/A
File created C:\Windows\System\EaEaHJf.exe C:\Users\Admin\AppData\Local\Temp\354158aab5576f0bc8f972e79d33bbdc01548022dd9cf4a4b2c5c76d7e53b5e4_NeikiAnalytics.exe N/A
File created C:\Windows\System\EngZNqh.exe C:\Users\Admin\AppData\Local\Temp\354158aab5576f0bc8f972e79d33bbdc01548022dd9cf4a4b2c5c76d7e53b5e4_NeikiAnalytics.exe N/A
File created C:\Windows\System\TMeVnag.exe C:\Users\Admin\AppData\Local\Temp\354158aab5576f0bc8f972e79d33bbdc01548022dd9cf4a4b2c5c76d7e53b5e4_NeikiAnalytics.exe N/A
File created C:\Windows\System\VLUpDRi.exe C:\Users\Admin\AppData\Local\Temp\354158aab5576f0bc8f972e79d33bbdc01548022dd9cf4a4b2c5c76d7e53b5e4_NeikiAnalytics.exe N/A
File created C:\Windows\System\TvEUpAX.exe C:\Users\Admin\AppData\Local\Temp\354158aab5576f0bc8f972e79d33bbdc01548022dd9cf4a4b2c5c76d7e53b5e4_NeikiAnalytics.exe N/A
File created C:\Windows\System\iQfrVSq.exe C:\Users\Admin\AppData\Local\Temp\354158aab5576f0bc8f972e79d33bbdc01548022dd9cf4a4b2c5c76d7e53b5e4_NeikiAnalytics.exe N/A
File created C:\Windows\System\bEPankZ.exe C:\Users\Admin\AppData\Local\Temp\354158aab5576f0bc8f972e79d33bbdc01548022dd9cf4a4b2c5c76d7e53b5e4_NeikiAnalytics.exe N/A
File created C:\Windows\System\UmzwjTh.exe C:\Users\Admin\AppData\Local\Temp\354158aab5576f0bc8f972e79d33bbdc01548022dd9cf4a4b2c5c76d7e53b5e4_NeikiAnalytics.exe N/A
File created C:\Windows\System\ifPOSgI.exe C:\Users\Admin\AppData\Local\Temp\354158aab5576f0bc8f972e79d33bbdc01548022dd9cf4a4b2c5c76d7e53b5e4_NeikiAnalytics.exe N/A
File created C:\Windows\System\zDAfCIt.exe C:\Users\Admin\AppData\Local\Temp\354158aab5576f0bc8f972e79d33bbdc01548022dd9cf4a4b2c5c76d7e53b5e4_NeikiAnalytics.exe N/A
File created C:\Windows\System\AymRCZv.exe C:\Users\Admin\AppData\Local\Temp\354158aab5576f0bc8f972e79d33bbdc01548022dd9cf4a4b2c5c76d7e53b5e4_NeikiAnalytics.exe N/A
File created C:\Windows\System\kTRiqIX.exe C:\Users\Admin\AppData\Local\Temp\354158aab5576f0bc8f972e79d33bbdc01548022dd9cf4a4b2c5c76d7e53b5e4_NeikiAnalytics.exe N/A
File created C:\Windows\System\aRTljnl.exe C:\Users\Admin\AppData\Local\Temp\354158aab5576f0bc8f972e79d33bbdc01548022dd9cf4a4b2c5c76d7e53b5e4_NeikiAnalytics.exe N/A
File created C:\Windows\System\ZcccoJg.exe C:\Users\Admin\AppData\Local\Temp\354158aab5576f0bc8f972e79d33bbdc01548022dd9cf4a4b2c5c76d7e53b5e4_NeikiAnalytics.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3900 wrote to memory of 1668 N/A C:\Users\Admin\AppData\Local\Temp\354158aab5576f0bc8f972e79d33bbdc01548022dd9cf4a4b2c5c76d7e53b5e4_NeikiAnalytics.exe C:\Windows\System\iQkZmcx.exe
PID 3900 wrote to memory of 1668 N/A C:\Users\Admin\AppData\Local\Temp\354158aab5576f0bc8f972e79d33bbdc01548022dd9cf4a4b2c5c76d7e53b5e4_NeikiAnalytics.exe C:\Windows\System\iQkZmcx.exe
PID 3900 wrote to memory of 2956 N/A C:\Users\Admin\AppData\Local\Temp\354158aab5576f0bc8f972e79d33bbdc01548022dd9cf4a4b2c5c76d7e53b5e4_NeikiAnalytics.exe C:\Windows\System\ZzjmqrU.exe
PID 3900 wrote to memory of 2956 N/A C:\Users\Admin\AppData\Local\Temp\354158aab5576f0bc8f972e79d33bbdc01548022dd9cf4a4b2c5c76d7e53b5e4_NeikiAnalytics.exe C:\Windows\System\ZzjmqrU.exe
PID 3900 wrote to memory of 1500 N/A C:\Users\Admin\AppData\Local\Temp\354158aab5576f0bc8f972e79d33bbdc01548022dd9cf4a4b2c5c76d7e53b5e4_NeikiAnalytics.exe C:\Windows\System\MWLYsgT.exe
PID 3900 wrote to memory of 1500 N/A C:\Users\Admin\AppData\Local\Temp\354158aab5576f0bc8f972e79d33bbdc01548022dd9cf4a4b2c5c76d7e53b5e4_NeikiAnalytics.exe C:\Windows\System\MWLYsgT.exe
PID 3900 wrote to memory of 4864 N/A C:\Users\Admin\AppData\Local\Temp\354158aab5576f0bc8f972e79d33bbdc01548022dd9cf4a4b2c5c76d7e53b5e4_NeikiAnalytics.exe C:\Windows\System\BYJjTuD.exe
PID 3900 wrote to memory of 4864 N/A C:\Users\Admin\AppData\Local\Temp\354158aab5576f0bc8f972e79d33bbdc01548022dd9cf4a4b2c5c76d7e53b5e4_NeikiAnalytics.exe C:\Windows\System\BYJjTuD.exe
PID 3900 wrote to memory of 3560 N/A C:\Users\Admin\AppData\Local\Temp\354158aab5576f0bc8f972e79d33bbdc01548022dd9cf4a4b2c5c76d7e53b5e4_NeikiAnalytics.exe C:\Windows\System\rraWYIe.exe
PID 3900 wrote to memory of 3560 N/A C:\Users\Admin\AppData\Local\Temp\354158aab5576f0bc8f972e79d33bbdc01548022dd9cf4a4b2c5c76d7e53b5e4_NeikiAnalytics.exe C:\Windows\System\rraWYIe.exe
PID 3900 wrote to memory of 2000 N/A C:\Users\Admin\AppData\Local\Temp\354158aab5576f0bc8f972e79d33bbdc01548022dd9cf4a4b2c5c76d7e53b5e4_NeikiAnalytics.exe C:\Windows\System\JNoFOKZ.exe
PID 3900 wrote to memory of 2000 N/A C:\Users\Admin\AppData\Local\Temp\354158aab5576f0bc8f972e79d33bbdc01548022dd9cf4a4b2c5c76d7e53b5e4_NeikiAnalytics.exe C:\Windows\System\JNoFOKZ.exe
PID 3900 wrote to memory of 3312 N/A C:\Users\Admin\AppData\Local\Temp\354158aab5576f0bc8f972e79d33bbdc01548022dd9cf4a4b2c5c76d7e53b5e4_NeikiAnalytics.exe C:\Windows\System\ZbDcybD.exe
PID 3900 wrote to memory of 3312 N/A C:\Users\Admin\AppData\Local\Temp\354158aab5576f0bc8f972e79d33bbdc01548022dd9cf4a4b2c5c76d7e53b5e4_NeikiAnalytics.exe C:\Windows\System\ZbDcybD.exe
PID 3900 wrote to memory of 4620 N/A C:\Users\Admin\AppData\Local\Temp\354158aab5576f0bc8f972e79d33bbdc01548022dd9cf4a4b2c5c76d7e53b5e4_NeikiAnalytics.exe C:\Windows\System\pNiNYpE.exe
PID 3900 wrote to memory of 4620 N/A C:\Users\Admin\AppData\Local\Temp\354158aab5576f0bc8f972e79d33bbdc01548022dd9cf4a4b2c5c76d7e53b5e4_NeikiAnalytics.exe C:\Windows\System\pNiNYpE.exe
PID 3900 wrote to memory of 3780 N/A C:\Users\Admin\AppData\Local\Temp\354158aab5576f0bc8f972e79d33bbdc01548022dd9cf4a4b2c5c76d7e53b5e4_NeikiAnalytics.exe C:\Windows\System\TtdUrqW.exe
PID 3900 wrote to memory of 3780 N/A C:\Users\Admin\AppData\Local\Temp\354158aab5576f0bc8f972e79d33bbdc01548022dd9cf4a4b2c5c76d7e53b5e4_NeikiAnalytics.exe C:\Windows\System\TtdUrqW.exe
PID 3900 wrote to memory of 452 N/A C:\Users\Admin\AppData\Local\Temp\354158aab5576f0bc8f972e79d33bbdc01548022dd9cf4a4b2c5c76d7e53b5e4_NeikiAnalytics.exe C:\Windows\System\cILwHju.exe
PID 3900 wrote to memory of 452 N/A C:\Users\Admin\AppData\Local\Temp\354158aab5576f0bc8f972e79d33bbdc01548022dd9cf4a4b2c5c76d7e53b5e4_NeikiAnalytics.exe C:\Windows\System\cILwHju.exe
PID 3900 wrote to memory of 4024 N/A C:\Users\Admin\AppData\Local\Temp\354158aab5576f0bc8f972e79d33bbdc01548022dd9cf4a4b2c5c76d7e53b5e4_NeikiAnalytics.exe C:\Windows\System\ZQPXaIf.exe
PID 3900 wrote to memory of 4024 N/A C:\Users\Admin\AppData\Local\Temp\354158aab5576f0bc8f972e79d33bbdc01548022dd9cf4a4b2c5c76d7e53b5e4_NeikiAnalytics.exe C:\Windows\System\ZQPXaIf.exe
PID 3900 wrote to memory of 1888 N/A C:\Users\Admin\AppData\Local\Temp\354158aab5576f0bc8f972e79d33bbdc01548022dd9cf4a4b2c5c76d7e53b5e4_NeikiAnalytics.exe C:\Windows\System\GbvVHBg.exe
PID 3900 wrote to memory of 1888 N/A C:\Users\Admin\AppData\Local\Temp\354158aab5576f0bc8f972e79d33bbdc01548022dd9cf4a4b2c5c76d7e53b5e4_NeikiAnalytics.exe C:\Windows\System\GbvVHBg.exe
PID 3900 wrote to memory of 4928 N/A C:\Users\Admin\AppData\Local\Temp\354158aab5576f0bc8f972e79d33bbdc01548022dd9cf4a4b2c5c76d7e53b5e4_NeikiAnalytics.exe C:\Windows\System\HYUYZUa.exe
PID 3900 wrote to memory of 4928 N/A C:\Users\Admin\AppData\Local\Temp\354158aab5576f0bc8f972e79d33bbdc01548022dd9cf4a4b2c5c76d7e53b5e4_NeikiAnalytics.exe C:\Windows\System\HYUYZUa.exe
PID 3900 wrote to memory of 3452 N/A C:\Users\Admin\AppData\Local\Temp\354158aab5576f0bc8f972e79d33bbdc01548022dd9cf4a4b2c5c76d7e53b5e4_NeikiAnalytics.exe C:\Windows\System\SoxEhks.exe
PID 3900 wrote to memory of 3452 N/A C:\Users\Admin\AppData\Local\Temp\354158aab5576f0bc8f972e79d33bbdc01548022dd9cf4a4b2c5c76d7e53b5e4_NeikiAnalytics.exe C:\Windows\System\SoxEhks.exe
PID 3900 wrote to memory of 3488 N/A C:\Users\Admin\AppData\Local\Temp\354158aab5576f0bc8f972e79d33bbdc01548022dd9cf4a4b2c5c76d7e53b5e4_NeikiAnalytics.exe C:\Windows\System\FHfCSiu.exe
PID 3900 wrote to memory of 3488 N/A C:\Users\Admin\AppData\Local\Temp\354158aab5576f0bc8f972e79d33bbdc01548022dd9cf4a4b2c5c76d7e53b5e4_NeikiAnalytics.exe C:\Windows\System\FHfCSiu.exe
PID 3900 wrote to memory of 2908 N/A C:\Users\Admin\AppData\Local\Temp\354158aab5576f0bc8f972e79d33bbdc01548022dd9cf4a4b2c5c76d7e53b5e4_NeikiAnalytics.exe C:\Windows\System\swRvBrV.exe
PID 3900 wrote to memory of 2908 N/A C:\Users\Admin\AppData\Local\Temp\354158aab5576f0bc8f972e79d33bbdc01548022dd9cf4a4b2c5c76d7e53b5e4_NeikiAnalytics.exe C:\Windows\System\swRvBrV.exe
PID 3900 wrote to memory of 2632 N/A C:\Users\Admin\AppData\Local\Temp\354158aab5576f0bc8f972e79d33bbdc01548022dd9cf4a4b2c5c76d7e53b5e4_NeikiAnalytics.exe C:\Windows\System\HLebWIz.exe
PID 3900 wrote to memory of 2632 N/A C:\Users\Admin\AppData\Local\Temp\354158aab5576f0bc8f972e79d33bbdc01548022dd9cf4a4b2c5c76d7e53b5e4_NeikiAnalytics.exe C:\Windows\System\HLebWIz.exe
PID 3900 wrote to memory of 3184 N/A C:\Users\Admin\AppData\Local\Temp\354158aab5576f0bc8f972e79d33bbdc01548022dd9cf4a4b2c5c76d7e53b5e4_NeikiAnalytics.exe C:\Windows\System\uUFJoDi.exe
PID 3900 wrote to memory of 3184 N/A C:\Users\Admin\AppData\Local\Temp\354158aab5576f0bc8f972e79d33bbdc01548022dd9cf4a4b2c5c76d7e53b5e4_NeikiAnalytics.exe C:\Windows\System\uUFJoDi.exe
PID 3900 wrote to memory of 404 N/A C:\Users\Admin\AppData\Local\Temp\354158aab5576f0bc8f972e79d33bbdc01548022dd9cf4a4b2c5c76d7e53b5e4_NeikiAnalytics.exe C:\Windows\System\tLpiVqn.exe
PID 3900 wrote to memory of 404 N/A C:\Users\Admin\AppData\Local\Temp\354158aab5576f0bc8f972e79d33bbdc01548022dd9cf4a4b2c5c76d7e53b5e4_NeikiAnalytics.exe C:\Windows\System\tLpiVqn.exe
PID 3900 wrote to memory of 4840 N/A C:\Users\Admin\AppData\Local\Temp\354158aab5576f0bc8f972e79d33bbdc01548022dd9cf4a4b2c5c76d7e53b5e4_NeikiAnalytics.exe C:\Windows\System\wsOfJCs.exe
PID 3900 wrote to memory of 4840 N/A C:\Users\Admin\AppData\Local\Temp\354158aab5576f0bc8f972e79d33bbdc01548022dd9cf4a4b2c5c76d7e53b5e4_NeikiAnalytics.exe C:\Windows\System\wsOfJCs.exe
PID 3900 wrote to memory of 2572 N/A C:\Users\Admin\AppData\Local\Temp\354158aab5576f0bc8f972e79d33bbdc01548022dd9cf4a4b2c5c76d7e53b5e4_NeikiAnalytics.exe C:\Windows\System\xRKYjGX.exe
PID 3900 wrote to memory of 2572 N/A C:\Users\Admin\AppData\Local\Temp\354158aab5576f0bc8f972e79d33bbdc01548022dd9cf4a4b2c5c76d7e53b5e4_NeikiAnalytics.exe C:\Windows\System\xRKYjGX.exe
PID 3900 wrote to memory of 3084 N/A C:\Users\Admin\AppData\Local\Temp\354158aab5576f0bc8f972e79d33bbdc01548022dd9cf4a4b2c5c76d7e53b5e4_NeikiAnalytics.exe C:\Windows\System\QqbUizo.exe
PID 3900 wrote to memory of 3084 N/A C:\Users\Admin\AppData\Local\Temp\354158aab5576f0bc8f972e79d33bbdc01548022dd9cf4a4b2c5c76d7e53b5e4_NeikiAnalytics.exe C:\Windows\System\QqbUizo.exe
PID 3900 wrote to memory of 4792 N/A C:\Users\Admin\AppData\Local\Temp\354158aab5576f0bc8f972e79d33bbdc01548022dd9cf4a4b2c5c76d7e53b5e4_NeikiAnalytics.exe C:\Windows\System\pUEVsbu.exe
PID 3900 wrote to memory of 4792 N/A C:\Users\Admin\AppData\Local\Temp\354158aab5576f0bc8f972e79d33bbdc01548022dd9cf4a4b2c5c76d7e53b5e4_NeikiAnalytics.exe C:\Windows\System\pUEVsbu.exe
PID 3900 wrote to memory of 2256 N/A C:\Users\Admin\AppData\Local\Temp\354158aab5576f0bc8f972e79d33bbdc01548022dd9cf4a4b2c5c76d7e53b5e4_NeikiAnalytics.exe C:\Windows\System\tEzPFdA.exe
PID 3900 wrote to memory of 2256 N/A C:\Users\Admin\AppData\Local\Temp\354158aab5576f0bc8f972e79d33bbdc01548022dd9cf4a4b2c5c76d7e53b5e4_NeikiAnalytics.exe C:\Windows\System\tEzPFdA.exe
PID 3900 wrote to memory of 2252 N/A C:\Users\Admin\AppData\Local\Temp\354158aab5576f0bc8f972e79d33bbdc01548022dd9cf4a4b2c5c76d7e53b5e4_NeikiAnalytics.exe C:\Windows\System\JBnuKax.exe
PID 3900 wrote to memory of 2252 N/A C:\Users\Admin\AppData\Local\Temp\354158aab5576f0bc8f972e79d33bbdc01548022dd9cf4a4b2c5c76d7e53b5e4_NeikiAnalytics.exe C:\Windows\System\JBnuKax.exe
PID 3900 wrote to memory of 1240 N/A C:\Users\Admin\AppData\Local\Temp\354158aab5576f0bc8f972e79d33bbdc01548022dd9cf4a4b2c5c76d7e53b5e4_NeikiAnalytics.exe C:\Windows\System\nRhsRyb.exe
PID 3900 wrote to memory of 1240 N/A C:\Users\Admin\AppData\Local\Temp\354158aab5576f0bc8f972e79d33bbdc01548022dd9cf4a4b2c5c76d7e53b5e4_NeikiAnalytics.exe C:\Windows\System\nRhsRyb.exe
PID 3900 wrote to memory of 2796 N/A C:\Users\Admin\AppData\Local\Temp\354158aab5576f0bc8f972e79d33bbdc01548022dd9cf4a4b2c5c76d7e53b5e4_NeikiAnalytics.exe C:\Windows\System\XNqxQgm.exe
PID 3900 wrote to memory of 2796 N/A C:\Users\Admin\AppData\Local\Temp\354158aab5576f0bc8f972e79d33bbdc01548022dd9cf4a4b2c5c76d7e53b5e4_NeikiAnalytics.exe C:\Windows\System\XNqxQgm.exe
PID 3900 wrote to memory of 940 N/A C:\Users\Admin\AppData\Local\Temp\354158aab5576f0bc8f972e79d33bbdc01548022dd9cf4a4b2c5c76d7e53b5e4_NeikiAnalytics.exe C:\Windows\System\DUtTSzi.exe
PID 3900 wrote to memory of 940 N/A C:\Users\Admin\AppData\Local\Temp\354158aab5576f0bc8f972e79d33bbdc01548022dd9cf4a4b2c5c76d7e53b5e4_NeikiAnalytics.exe C:\Windows\System\DUtTSzi.exe
PID 3900 wrote to memory of 2932 N/A C:\Users\Admin\AppData\Local\Temp\354158aab5576f0bc8f972e79d33bbdc01548022dd9cf4a4b2c5c76d7e53b5e4_NeikiAnalytics.exe C:\Windows\System\NBvivNu.exe
PID 3900 wrote to memory of 2932 N/A C:\Users\Admin\AppData\Local\Temp\354158aab5576f0bc8f972e79d33bbdc01548022dd9cf4a4b2c5c76d7e53b5e4_NeikiAnalytics.exe C:\Windows\System\NBvivNu.exe
PID 3900 wrote to memory of 2804 N/A C:\Users\Admin\AppData\Local\Temp\354158aab5576f0bc8f972e79d33bbdc01548022dd9cf4a4b2c5c76d7e53b5e4_NeikiAnalytics.exe C:\Windows\System\AmGpbQq.exe
PID 3900 wrote to memory of 2804 N/A C:\Users\Admin\AppData\Local\Temp\354158aab5576f0bc8f972e79d33bbdc01548022dd9cf4a4b2c5c76d7e53b5e4_NeikiAnalytics.exe C:\Windows\System\AmGpbQq.exe
PID 3900 wrote to memory of 3252 N/A C:\Users\Admin\AppData\Local\Temp\354158aab5576f0bc8f972e79d33bbdc01548022dd9cf4a4b2c5c76d7e53b5e4_NeikiAnalytics.exe C:\Windows\System\iBUTAxS.exe
PID 3900 wrote to memory of 3252 N/A C:\Users\Admin\AppData\Local\Temp\354158aab5576f0bc8f972e79d33bbdc01548022dd9cf4a4b2c5c76d7e53b5e4_NeikiAnalytics.exe C:\Windows\System\iBUTAxS.exe
PID 3900 wrote to memory of 1960 N/A C:\Users\Admin\AppData\Local\Temp\354158aab5576f0bc8f972e79d33bbdc01548022dd9cf4a4b2c5c76d7e53b5e4_NeikiAnalytics.exe C:\Windows\System\ZpGYnaO.exe
PID 3900 wrote to memory of 1960 N/A C:\Users\Admin\AppData\Local\Temp\354158aab5576f0bc8f972e79d33bbdc01548022dd9cf4a4b2c5c76d7e53b5e4_NeikiAnalytics.exe C:\Windows\System\ZpGYnaO.exe

Processes

C:\Users\Admin\AppData\Local\Temp\354158aab5576f0bc8f972e79d33bbdc01548022dd9cf4a4b2c5c76d7e53b5e4_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\354158aab5576f0bc8f972e79d33bbdc01548022dd9cf4a4b2c5c76d7e53b5e4_NeikiAnalytics.exe"

C:\Windows\System\iQkZmcx.exe

C:\Windows\System\iQkZmcx.exe

C:\Windows\System\ZzjmqrU.exe

C:\Windows\System\ZzjmqrU.exe

C:\Windows\System\MWLYsgT.exe

C:\Windows\System\MWLYsgT.exe

C:\Windows\System\BYJjTuD.exe

C:\Windows\System\BYJjTuD.exe

C:\Windows\System\rraWYIe.exe

C:\Windows\System\rraWYIe.exe

C:\Windows\System\JNoFOKZ.exe

C:\Windows\System\JNoFOKZ.exe

C:\Windows\System\ZbDcybD.exe

C:\Windows\System\ZbDcybD.exe

C:\Windows\System\pNiNYpE.exe

C:\Windows\System\pNiNYpE.exe

C:\Windows\System\TtdUrqW.exe

C:\Windows\System\TtdUrqW.exe

C:\Windows\System\cILwHju.exe

C:\Windows\System\cILwHju.exe

C:\Windows\System\ZQPXaIf.exe

C:\Windows\System\ZQPXaIf.exe

C:\Windows\System\GbvVHBg.exe

C:\Windows\System\GbvVHBg.exe

C:\Windows\System\HYUYZUa.exe

C:\Windows\System\HYUYZUa.exe

C:\Windows\System\SoxEhks.exe

C:\Windows\System\SoxEhks.exe

C:\Windows\System\FHfCSiu.exe

C:\Windows\System\FHfCSiu.exe

C:\Windows\System\swRvBrV.exe

C:\Windows\System\swRvBrV.exe

C:\Windows\System\HLebWIz.exe

C:\Windows\System\HLebWIz.exe

C:\Windows\System\uUFJoDi.exe

C:\Windows\System\uUFJoDi.exe

C:\Windows\System\tLpiVqn.exe

C:\Windows\System\tLpiVqn.exe

C:\Windows\System\wsOfJCs.exe

C:\Windows\System\wsOfJCs.exe

C:\Windows\System\xRKYjGX.exe

C:\Windows\System\xRKYjGX.exe

C:\Windows\System\QqbUizo.exe

C:\Windows\System\QqbUizo.exe

C:\Windows\System\pUEVsbu.exe

C:\Windows\System\pUEVsbu.exe

C:\Windows\System\tEzPFdA.exe

C:\Windows\System\tEzPFdA.exe

C:\Windows\System\JBnuKax.exe

C:\Windows\System\JBnuKax.exe

C:\Windows\System\nRhsRyb.exe

C:\Windows\System\nRhsRyb.exe

C:\Windows\System\XNqxQgm.exe

C:\Windows\System\XNqxQgm.exe

C:\Windows\System\DUtTSzi.exe

C:\Windows\System\DUtTSzi.exe

C:\Windows\System\NBvivNu.exe

C:\Windows\System\NBvivNu.exe

C:\Windows\System\AmGpbQq.exe

C:\Windows\System\AmGpbQq.exe

C:\Windows\System\iBUTAxS.exe

C:\Windows\System\iBUTAxS.exe

C:\Windows\System\ZpGYnaO.exe

C:\Windows\System\ZpGYnaO.exe

C:\Windows\System\gDuQGhu.exe

C:\Windows\System\gDuQGhu.exe

C:\Windows\System\PtzMHvH.exe

C:\Windows\System\PtzMHvH.exe

C:\Windows\System\SyMfXnZ.exe

C:\Windows\System\SyMfXnZ.exe

C:\Windows\System\TQkDGxS.exe

C:\Windows\System\TQkDGxS.exe

C:\Windows\System\xzHnZen.exe

C:\Windows\System\xzHnZen.exe

C:\Windows\System\zXvqgPw.exe

C:\Windows\System\zXvqgPw.exe

C:\Windows\System\HtZZKEK.exe

C:\Windows\System\HtZZKEK.exe

C:\Windows\System\ZoyZkrg.exe

C:\Windows\System\ZoyZkrg.exe

C:\Windows\System\OHHSTIJ.exe

C:\Windows\System\OHHSTIJ.exe

C:\Windows\System\yehPHvA.exe

C:\Windows\System\yehPHvA.exe

C:\Windows\System\AymRCZv.exe

C:\Windows\System\AymRCZv.exe

C:\Windows\System\oudnQkR.exe

C:\Windows\System\oudnQkR.exe

C:\Windows\System\jKYBUbC.exe

C:\Windows\System\jKYBUbC.exe

C:\Windows\System\EqNVEST.exe

C:\Windows\System\EqNVEST.exe

C:\Windows\System\sfDkIei.exe

C:\Windows\System\sfDkIei.exe

C:\Windows\System\mUrqiQw.exe

C:\Windows\System\mUrqiQw.exe

C:\Windows\System\AoyJxVK.exe

C:\Windows\System\AoyJxVK.exe

C:\Windows\System\PpSbioP.exe

C:\Windows\System\PpSbioP.exe

C:\Windows\System\rrISurI.exe

C:\Windows\System\rrISurI.exe

C:\Windows\System\EbnZMPW.exe

C:\Windows\System\EbnZMPW.exe

C:\Windows\System\AgSIftL.exe

C:\Windows\System\AgSIftL.exe

C:\Windows\System\HjDKvkB.exe

C:\Windows\System\HjDKvkB.exe

C:\Windows\System\iNqOhkG.exe

C:\Windows\System\iNqOhkG.exe

C:\Windows\System\kTRiqIX.exe

C:\Windows\System\kTRiqIX.exe

C:\Windows\System\iQfrVSq.exe

C:\Windows\System\iQfrVSq.exe

C:\Windows\System\RFRejJL.exe

C:\Windows\System\RFRejJL.exe

C:\Windows\System\aGXtJVR.exe

C:\Windows\System\aGXtJVR.exe

C:\Windows\System\vwlDGEh.exe

C:\Windows\System\vwlDGEh.exe

C:\Windows\System\saUfDtr.exe

C:\Windows\System\saUfDtr.exe

C:\Windows\System\VimXMOC.exe

C:\Windows\System\VimXMOC.exe

C:\Windows\System\xLpeoYL.exe

C:\Windows\System\xLpeoYL.exe

C:\Windows\System\bUYPbjM.exe

C:\Windows\System\bUYPbjM.exe

C:\Windows\System\jXzIZyM.exe

C:\Windows\System\jXzIZyM.exe

C:\Windows\System\MrbCPir.exe

C:\Windows\System\MrbCPir.exe

C:\Windows\System\WpgXBFM.exe

C:\Windows\System\WpgXBFM.exe

C:\Windows\System\XOZhkti.exe

C:\Windows\System\XOZhkti.exe

C:\Windows\System\peTLdrs.exe

C:\Windows\System\peTLdrs.exe

C:\Windows\System\DrxOtxI.exe

C:\Windows\System\DrxOtxI.exe

C:\Windows\System\aXRWLsZ.exe

C:\Windows\System\aXRWLsZ.exe

C:\Windows\System\laAspSD.exe

C:\Windows\System\laAspSD.exe

C:\Windows\System\WIpjPLy.exe

C:\Windows\System\WIpjPLy.exe

C:\Windows\System\XZMYjiz.exe

C:\Windows\System\XZMYjiz.exe

C:\Windows\System\NsMOgbe.exe

C:\Windows\System\NsMOgbe.exe

C:\Windows\System\MpWJOKy.exe

C:\Windows\System\MpWJOKy.exe

C:\Windows\System\GEDjxdO.exe

C:\Windows\System\GEDjxdO.exe

C:\Windows\System\qeGpfML.exe

C:\Windows\System\qeGpfML.exe

C:\Windows\System\HiFHSgD.exe

C:\Windows\System\HiFHSgD.exe

C:\Windows\System\zVjTcNh.exe

C:\Windows\System\zVjTcNh.exe

C:\Windows\System\iIOwNsj.exe

C:\Windows\System\iIOwNsj.exe

C:\Windows\System\gtFrROG.exe

C:\Windows\System\gtFrROG.exe

C:\Windows\System\xBStBEf.exe

C:\Windows\System\xBStBEf.exe

C:\Windows\System\jCdbUVe.exe

C:\Windows\System\jCdbUVe.exe

C:\Windows\System\aRTljnl.exe

C:\Windows\System\aRTljnl.exe

C:\Windows\System\pKskcAM.exe

C:\Windows\System\pKskcAM.exe

C:\Windows\System\bUkqtKm.exe

C:\Windows\System\bUkqtKm.exe

C:\Windows\System\AaWTeGh.exe

C:\Windows\System\AaWTeGh.exe

C:\Windows\System\IsVhSRO.exe

C:\Windows\System\IsVhSRO.exe

C:\Windows\System\zsYHWCu.exe

C:\Windows\System\zsYHWCu.exe

C:\Windows\System\scsLzIY.exe

C:\Windows\System\scsLzIY.exe

C:\Windows\System\ZKBSuWR.exe

C:\Windows\System\ZKBSuWR.exe

C:\Windows\System\XGXrPVr.exe

C:\Windows\System\XGXrPVr.exe

C:\Windows\System\fTcOibc.exe

C:\Windows\System\fTcOibc.exe

C:\Windows\System\uzlLnAM.exe

C:\Windows\System\uzlLnAM.exe

C:\Windows\System\LacZlqS.exe

C:\Windows\System\LacZlqS.exe

C:\Windows\System\BsoqzzR.exe

C:\Windows\System\BsoqzzR.exe

C:\Windows\System\jUzZOQb.exe

C:\Windows\System\jUzZOQb.exe

C:\Windows\System\RVBbzNX.exe

C:\Windows\System\RVBbzNX.exe

C:\Windows\System\hxTpcVB.exe

C:\Windows\System\hxTpcVB.exe

C:\Windows\System\jweyCoI.exe

C:\Windows\System\jweyCoI.exe

C:\Windows\System\OAuncvP.exe

C:\Windows\System\OAuncvP.exe

C:\Windows\System\LWgUiTG.exe

C:\Windows\System\LWgUiTG.exe

C:\Windows\System\eGvhnlA.exe

C:\Windows\System\eGvhnlA.exe

C:\Windows\System\wAEvCzf.exe

C:\Windows\System\wAEvCzf.exe

C:\Windows\System\EaEaHJf.exe

C:\Windows\System\EaEaHJf.exe

C:\Windows\System\AxBuILN.exe

C:\Windows\System\AxBuILN.exe

C:\Windows\System\sNVUfbt.exe

C:\Windows\System\sNVUfbt.exe

C:\Windows\System\AyPBKNz.exe

C:\Windows\System\AyPBKNz.exe

C:\Windows\System\SIzYJAM.exe

C:\Windows\System\SIzYJAM.exe

C:\Windows\System\eVntksj.exe

C:\Windows\System\eVntksj.exe

C:\Windows\System\ZXgiGZH.exe

C:\Windows\System\ZXgiGZH.exe

C:\Windows\System\dckuFtF.exe

C:\Windows\System\dckuFtF.exe

C:\Windows\System\KaCJWwg.exe

C:\Windows\System\KaCJWwg.exe

C:\Windows\System\DdZBkyZ.exe

C:\Windows\System\DdZBkyZ.exe

C:\Windows\System\jlIIMdY.exe

C:\Windows\System\jlIIMdY.exe

C:\Windows\System\QCFHLlQ.exe

C:\Windows\System\QCFHLlQ.exe

C:\Windows\System\AGzNipJ.exe

C:\Windows\System\AGzNipJ.exe

C:\Windows\System\imaNONA.exe

C:\Windows\System\imaNONA.exe

C:\Windows\System\IGjPiVg.exe

C:\Windows\System\IGjPiVg.exe

C:\Windows\System\bQVYlzS.exe

C:\Windows\System\bQVYlzS.exe

C:\Windows\System\oeObcQF.exe

C:\Windows\System\oeObcQF.exe

C:\Windows\System\ObrlUIp.exe

C:\Windows\System\ObrlUIp.exe

C:\Windows\System\zTSYVpK.exe

C:\Windows\System\zTSYVpK.exe

C:\Windows\System\EngZNqh.exe

C:\Windows\System\EngZNqh.exe

C:\Windows\System\DohFqrV.exe

C:\Windows\System\DohFqrV.exe

C:\Windows\System\uUNWhPR.exe

C:\Windows\System\uUNWhPR.exe

C:\Windows\System\AHMfqrE.exe

C:\Windows\System\AHMfqrE.exe

C:\Windows\System\RvIxftS.exe

C:\Windows\System\RvIxftS.exe

C:\Windows\System\BeHLZEc.exe

C:\Windows\System\BeHLZEc.exe

C:\Windows\System\CUKXfca.exe

C:\Windows\System\CUKXfca.exe

C:\Windows\System\ehvPcBQ.exe

C:\Windows\System\ehvPcBQ.exe

C:\Windows\System\KhYUmgr.exe

C:\Windows\System\KhYUmgr.exe

C:\Windows\System\OOrqeVb.exe

C:\Windows\System\OOrqeVb.exe

C:\Windows\System\oNlrbOm.exe

C:\Windows\System\oNlrbOm.exe

C:\Windows\System\zzhwCpE.exe

C:\Windows\System\zzhwCpE.exe

C:\Windows\System\VaLaBEF.exe

C:\Windows\System\VaLaBEF.exe

C:\Windows\System\xLoiQrh.exe

C:\Windows\System\xLoiQrh.exe

C:\Windows\System\sBsmGpr.exe

C:\Windows\System\sBsmGpr.exe

C:\Windows\System\iWqHEAb.exe

C:\Windows\System\iWqHEAb.exe

C:\Windows\System\kwakOMf.exe

C:\Windows\System\kwakOMf.exe

C:\Windows\System\OCQpkda.exe

C:\Windows\System\OCQpkda.exe

C:\Windows\System\KMDvcuU.exe

C:\Windows\System\KMDvcuU.exe

C:\Windows\System\JydpUNb.exe

C:\Windows\System\JydpUNb.exe

C:\Windows\System\bLYYKoi.exe

C:\Windows\System\bLYYKoi.exe

C:\Windows\System\RZyhLbQ.exe

C:\Windows\System\RZyhLbQ.exe

C:\Windows\System\DbaUFxo.exe

C:\Windows\System\DbaUFxo.exe

C:\Windows\System\fXRdNYg.exe

C:\Windows\System\fXRdNYg.exe

C:\Windows\System\loEPTfF.exe

C:\Windows\System\loEPTfF.exe

C:\Windows\System\HtnLxIg.exe

C:\Windows\System\HtnLxIg.exe

C:\Windows\System\ByRHWSS.exe

C:\Windows\System\ByRHWSS.exe

C:\Windows\System\OxUkocv.exe

C:\Windows\System\OxUkocv.exe

C:\Windows\System\wNMzesQ.exe

C:\Windows\System\wNMzesQ.exe

C:\Windows\System\yUWHwcj.exe

C:\Windows\System\yUWHwcj.exe

C:\Windows\System\vDKVubA.exe

C:\Windows\System\vDKVubA.exe

C:\Windows\System\QSbptqU.exe

C:\Windows\System\QSbptqU.exe

C:\Windows\System\xjOFcYe.exe

C:\Windows\System\xjOFcYe.exe

C:\Windows\System\TWMKAix.exe

C:\Windows\System\TWMKAix.exe

C:\Windows\System\EmhOZja.exe

C:\Windows\System\EmhOZja.exe

C:\Windows\System\XbqnUlp.exe

C:\Windows\System\XbqnUlp.exe

C:\Windows\System\SIsPyOH.exe

C:\Windows\System\SIsPyOH.exe

C:\Windows\System\qQyGPWZ.exe

C:\Windows\System\qQyGPWZ.exe

C:\Windows\System\rUiMXlO.exe

C:\Windows\System\rUiMXlO.exe

C:\Windows\System\kkDraZP.exe

C:\Windows\System\kkDraZP.exe

C:\Windows\System\GRdeIZm.exe

C:\Windows\System\GRdeIZm.exe

C:\Windows\System\QzMjjWm.exe

C:\Windows\System\QzMjjWm.exe

C:\Windows\System\jZVzJvy.exe

C:\Windows\System\jZVzJvy.exe

C:\Windows\System\VLUpDRi.exe

C:\Windows\System\VLUpDRi.exe

C:\Windows\System\ayLscuo.exe

C:\Windows\System\ayLscuo.exe

C:\Windows\System\dleDEJo.exe

C:\Windows\System\dleDEJo.exe

C:\Windows\System\RInFWEZ.exe

C:\Windows\System\RInFWEZ.exe

C:\Windows\System\tLucszI.exe

C:\Windows\System\tLucszI.exe

C:\Windows\System\DKpbsdZ.exe

C:\Windows\System\DKpbsdZ.exe

C:\Windows\System\wZKSmXN.exe

C:\Windows\System\wZKSmXN.exe

C:\Windows\System\VadFMar.exe

C:\Windows\System\VadFMar.exe

C:\Windows\System\yejKiII.exe

C:\Windows\System\yejKiII.exe

C:\Windows\System\tismIBJ.exe

C:\Windows\System\tismIBJ.exe

C:\Windows\System\FmHQuWL.exe

C:\Windows\System\FmHQuWL.exe

C:\Windows\System\TTRhjoz.exe

C:\Windows\System\TTRhjoz.exe

C:\Windows\System\bEPankZ.exe

C:\Windows\System\bEPankZ.exe

C:\Windows\System\efDIIwL.exe

C:\Windows\System\efDIIwL.exe

C:\Windows\System\mPtopSt.exe

C:\Windows\System\mPtopSt.exe

C:\Windows\System\XckIJXN.exe

C:\Windows\System\XckIJXN.exe

C:\Windows\System\zURtSZf.exe

C:\Windows\System\zURtSZf.exe

C:\Windows\System\RylQQkJ.exe

C:\Windows\System\RylQQkJ.exe

C:\Windows\System\aIyCDxE.exe

C:\Windows\System\aIyCDxE.exe

C:\Windows\System\AoDqkho.exe

C:\Windows\System\AoDqkho.exe

C:\Windows\System\wUkUPvz.exe

C:\Windows\System\wUkUPvz.exe

C:\Windows\System\WAvXAqJ.exe

C:\Windows\System\WAvXAqJ.exe

C:\Windows\System\RxCXrQM.exe

C:\Windows\System\RxCXrQM.exe

C:\Windows\System\cPLIkev.exe

C:\Windows\System\cPLIkev.exe

C:\Windows\System\AerXVwh.exe

C:\Windows\System\AerXVwh.exe

C:\Windows\System\KmfGQkM.exe

C:\Windows\System\KmfGQkM.exe

C:\Windows\System\ZtCiwfK.exe

C:\Windows\System\ZtCiwfK.exe

C:\Windows\System\ZTrpmYe.exe

C:\Windows\System\ZTrpmYe.exe

C:\Windows\System\dTTwmZW.exe

C:\Windows\System\dTTwmZW.exe

C:\Windows\System\hgIfQPQ.exe

C:\Windows\System\hgIfQPQ.exe

C:\Windows\System\dIbRyAF.exe

C:\Windows\System\dIbRyAF.exe

C:\Windows\System\jJTPpDA.exe

C:\Windows\System\jJTPpDA.exe

C:\Windows\System\clyRkOS.exe

C:\Windows\System\clyRkOS.exe

C:\Windows\System\BNjYvNZ.exe

C:\Windows\System\BNjYvNZ.exe

C:\Windows\System\eZppVrV.exe

C:\Windows\System\eZppVrV.exe

C:\Windows\System\xOYrlJm.exe

C:\Windows\System\xOYrlJm.exe

C:\Windows\System\NQQhRFA.exe

C:\Windows\System\NQQhRFA.exe

C:\Windows\System\UYAWDpS.exe

C:\Windows\System\UYAWDpS.exe

C:\Windows\System\azYJbOt.exe

C:\Windows\System\azYJbOt.exe

C:\Windows\System\JPwChcB.exe

C:\Windows\System\JPwChcB.exe

C:\Windows\System\msKEUfG.exe

C:\Windows\System\msKEUfG.exe

C:\Windows\System\cwjnfYt.exe

C:\Windows\System\cwjnfYt.exe

C:\Windows\System\RZmxKuA.exe

C:\Windows\System\RZmxKuA.exe

C:\Windows\System\cFOldTc.exe

C:\Windows\System\cFOldTc.exe

C:\Windows\System\nhDXxKV.exe

C:\Windows\System\nhDXxKV.exe

C:\Windows\System\HnUiAMm.exe

C:\Windows\System\HnUiAMm.exe

C:\Windows\System\OdYBVRY.exe

C:\Windows\System\OdYBVRY.exe

C:\Windows\System\gawTlJJ.exe

C:\Windows\System\gawTlJJ.exe

C:\Windows\System\aHyKewH.exe

C:\Windows\System\aHyKewH.exe

C:\Windows\System\UcVlXbR.exe

C:\Windows\System\UcVlXbR.exe

C:\Windows\System\jAFMfDN.exe

C:\Windows\System\jAFMfDN.exe

C:\Windows\System\FugweLN.exe

C:\Windows\System\FugweLN.exe

C:\Windows\System\HcOWihD.exe

C:\Windows\System\HcOWihD.exe

C:\Windows\System\cseolsm.exe

C:\Windows\System\cseolsm.exe

C:\Windows\System\IgWNYdZ.exe

C:\Windows\System\IgWNYdZ.exe

C:\Windows\System\moaoOGs.exe

C:\Windows\System\moaoOGs.exe

C:\Windows\System\fUkDUpQ.exe

C:\Windows\System\fUkDUpQ.exe

C:\Windows\System\VZKTcdd.exe

C:\Windows\System\VZKTcdd.exe

C:\Windows\System\DfhRkHw.exe

C:\Windows\System\DfhRkHw.exe

C:\Windows\System\jPzWsHW.exe

C:\Windows\System\jPzWsHW.exe

C:\Windows\System\IVOvSpJ.exe

C:\Windows\System\IVOvSpJ.exe

C:\Windows\System\huTsufO.exe

C:\Windows\System\huTsufO.exe

C:\Windows\System\oXLdQGo.exe

C:\Windows\System\oXLdQGo.exe

C:\Windows\System\UmzwjTh.exe

C:\Windows\System\UmzwjTh.exe

C:\Windows\System\jZpTnDJ.exe

C:\Windows\System\jZpTnDJ.exe

C:\Windows\System\onjntdq.exe

C:\Windows\System\onjntdq.exe

C:\Windows\System\hlwoGnH.exe

C:\Windows\System\hlwoGnH.exe

C:\Windows\System\WTEpBre.exe

C:\Windows\System\WTEpBre.exe

C:\Windows\System\mGJTIGW.exe

C:\Windows\System\mGJTIGW.exe

C:\Windows\System\kSfpsfZ.exe

C:\Windows\System\kSfpsfZ.exe

C:\Windows\System\DEjWtiq.exe

C:\Windows\System\DEjWtiq.exe

C:\Windows\System\wYgPmMg.exe

C:\Windows\System\wYgPmMg.exe

C:\Windows\System\CGLAfNu.exe

C:\Windows\System\CGLAfNu.exe

C:\Windows\System\HKqNqtn.exe

C:\Windows\System\HKqNqtn.exe

C:\Windows\System\CbyQrjD.exe

C:\Windows\System\CbyQrjD.exe

C:\Windows\System\ptBPGTX.exe

C:\Windows\System\ptBPGTX.exe

C:\Windows\System\siAgAjG.exe

C:\Windows\System\siAgAjG.exe

C:\Windows\System\LYuixYL.exe

C:\Windows\System\LYuixYL.exe

C:\Windows\System\Fqktxag.exe

C:\Windows\System\Fqktxag.exe

C:\Windows\System\oBANQJy.exe

C:\Windows\System\oBANQJy.exe

C:\Windows\System\YHCcKbU.exe

C:\Windows\System\YHCcKbU.exe

C:\Windows\System\oCzHhZQ.exe

C:\Windows\System\oCzHhZQ.exe

C:\Windows\System\KmuZJDJ.exe

C:\Windows\System\KmuZJDJ.exe

C:\Windows\System\lpWMspE.exe

C:\Windows\System\lpWMspE.exe

C:\Windows\System\dzRXQZY.exe

C:\Windows\System\dzRXQZY.exe

C:\Windows\System\TFyDEEm.exe

C:\Windows\System\TFyDEEm.exe

C:\Windows\System\ofIgONC.exe

C:\Windows\System\ofIgONC.exe

C:\Windows\System\rfHmSNE.exe

C:\Windows\System\rfHmSNE.exe

C:\Windows\System\PifxdQT.exe

C:\Windows\System\PifxdQT.exe

C:\Windows\System\VyLSPbK.exe

C:\Windows\System\VyLSPbK.exe

C:\Windows\System\wFcNzVi.exe

C:\Windows\System\wFcNzVi.exe

C:\Windows\System\rTcfNgf.exe

C:\Windows\System\rTcfNgf.exe

C:\Windows\System\ZcccoJg.exe

C:\Windows\System\ZcccoJg.exe

C:\Windows\System\iYlLyoj.exe

C:\Windows\System\iYlLyoj.exe

C:\Windows\System\xkxLpEv.exe

C:\Windows\System\xkxLpEv.exe

C:\Windows\System\qsOiiJl.exe

C:\Windows\System\qsOiiJl.exe

C:\Windows\System\jvirnxn.exe

C:\Windows\System\jvirnxn.exe

C:\Windows\System\yfUJaWb.exe

C:\Windows\System\yfUJaWb.exe

C:\Windows\System\FnlMfsS.exe

C:\Windows\System\FnlMfsS.exe

C:\Windows\System\NbvWoru.exe

C:\Windows\System\NbvWoru.exe

C:\Windows\System\BJUGUrY.exe

C:\Windows\System\BJUGUrY.exe

C:\Windows\System\TIKtwoT.exe

C:\Windows\System\TIKtwoT.exe

C:\Windows\System\LTSXRLn.exe

C:\Windows\System\LTSXRLn.exe

C:\Windows\System\EQCMwSF.exe

C:\Windows\System\EQCMwSF.exe

C:\Windows\System\BtkEaTc.exe

C:\Windows\System\BtkEaTc.exe

C:\Windows\System\ifPOSgI.exe

C:\Windows\System\ifPOSgI.exe

C:\Windows\System\vGlVBwd.exe

C:\Windows\System\vGlVBwd.exe

C:\Windows\System\TXVjnIZ.exe

C:\Windows\System\TXVjnIZ.exe

C:\Windows\System\kCjIodR.exe

C:\Windows\System\kCjIodR.exe

C:\Windows\System\zDAfCIt.exe

C:\Windows\System\zDAfCIt.exe

C:\Windows\System\JfeKLOb.exe

C:\Windows\System\JfeKLOb.exe

C:\Windows\System\LQgGSJM.exe

C:\Windows\System\LQgGSJM.exe

C:\Windows\System\hKjmRbF.exe

C:\Windows\System\hKjmRbF.exe

C:\Windows\System\RpcSgve.exe

C:\Windows\System\RpcSgve.exe

C:\Windows\System\bnmqiBF.exe

C:\Windows\System\bnmqiBF.exe

C:\Windows\System\NdxlXOc.exe

C:\Windows\System\NdxlXOc.exe

C:\Windows\System\vMvTOdh.exe

C:\Windows\System\vMvTOdh.exe

C:\Windows\System\jRYMXDs.exe

C:\Windows\System\jRYMXDs.exe

C:\Windows\System\xjZfPgK.exe

C:\Windows\System\xjZfPgK.exe

C:\Windows\System\tgstltx.exe

C:\Windows\System\tgstltx.exe

C:\Windows\System\VqtvkUW.exe

C:\Windows\System\VqtvkUW.exe

C:\Windows\System\URdSYUb.exe

C:\Windows\System\URdSYUb.exe

C:\Windows\System\TvvhBec.exe

C:\Windows\System\TvvhBec.exe

C:\Windows\System\SyQlJbo.exe

C:\Windows\System\SyQlJbo.exe

C:\Windows\System\EsqzYtD.exe

C:\Windows\System\EsqzYtD.exe

C:\Windows\System\OYpedvX.exe

C:\Windows\System\OYpedvX.exe

C:\Windows\System\USjfUmO.exe

C:\Windows\System\USjfUmO.exe

C:\Windows\System\embdzjU.exe

C:\Windows\System\embdzjU.exe

C:\Windows\System\zXNakbq.exe

C:\Windows\System\zXNakbq.exe

C:\Windows\System\kGZNYwK.exe

C:\Windows\System\kGZNYwK.exe

C:\Windows\System\MVqCFMn.exe

C:\Windows\System\MVqCFMn.exe

C:\Windows\System\NipaNUK.exe

C:\Windows\System\NipaNUK.exe

C:\Windows\System\kQRJCSR.exe

C:\Windows\System\kQRJCSR.exe

C:\Windows\System\supMAAa.exe

C:\Windows\System\supMAAa.exe

C:\Windows\System\nhZOKRO.exe

C:\Windows\System\nhZOKRO.exe

C:\Windows\System\MIdVHWA.exe

C:\Windows\System\MIdVHWA.exe

C:\Windows\System\xZFCgce.exe

C:\Windows\System\xZFCgce.exe

C:\Windows\System\VsSzuVS.exe

C:\Windows\System\VsSzuVS.exe

C:\Windows\System\NXSRBhG.exe

C:\Windows\System\NXSRBhG.exe

C:\Windows\System\WrgdRll.exe

C:\Windows\System\WrgdRll.exe

C:\Windows\System\JRKMVCi.exe

C:\Windows\System\JRKMVCi.exe

C:\Windows\System\zCIRzzl.exe

C:\Windows\System\zCIRzzl.exe

C:\Windows\System\AsJmFzL.exe

C:\Windows\System\AsJmFzL.exe

C:\Windows\System\CwdSYvv.exe

C:\Windows\System\CwdSYvv.exe

C:\Windows\System\hykkTKq.exe

C:\Windows\System\hykkTKq.exe

C:\Windows\System\IhnREXz.exe

C:\Windows\System\IhnREXz.exe

C:\Windows\System\OsKahAA.exe

C:\Windows\System\OsKahAA.exe

C:\Windows\System\teBftiR.exe

C:\Windows\System\teBftiR.exe

C:\Windows\System\TMeVnag.exe

C:\Windows\System\TMeVnag.exe

C:\Windows\System\LDVEorZ.exe

C:\Windows\System\LDVEorZ.exe

C:\Windows\System\YAMfEmE.exe

C:\Windows\System\YAMfEmE.exe

C:\Windows\System\OnQSSYF.exe

C:\Windows\System\OnQSSYF.exe

C:\Windows\System\gZVgCec.exe

C:\Windows\System\gZVgCec.exe

C:\Windows\System\QZRtNif.exe

C:\Windows\System\QZRtNif.exe

C:\Windows\System\RxvKvRP.exe

C:\Windows\System\RxvKvRP.exe

C:\Windows\System\seUXJli.exe

C:\Windows\System\seUXJli.exe

C:\Windows\System\dWPbLVB.exe

C:\Windows\System\dWPbLVB.exe

C:\Windows\System\TvEUpAX.exe

C:\Windows\System\TvEUpAX.exe

Network

Country Destination Domain Proto
US 8.8.8.8:53 58.55.71.13.in-addr.arpa udp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp
US 8.8.8.8:53 133.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 13.86.106.20.in-addr.arpa udp
DE 3.120.209.58:8080 tcp
US 8.8.8.8:53 183.142.211.20.in-addr.arpa udp
US 8.8.8.8:53 18.31.95.13.in-addr.arpa udp
US 8.8.8.8:53 103.169.127.40.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp
US 52.111.229.48:443 tcp
DE 3.120.209.58:8080 tcp
US 8.8.8.8:53 30.243.111.52.in-addr.arpa udp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp
US 8.8.8.8:53 214.80.50.20.in-addr.arpa udp

Files

memory/3900-0-0x00000000001F0000-0x0000000000200000-memory.dmp

C:\Windows\System\iQkZmcx.exe

MD5 1d42b33d6ddcb8e87cfe6f5878f6a15b
SHA1 dd122abdc320153707ce4ed40351a7d45f8083fc
SHA256 92efb46fadca923fda05ce147b73cb31a7bbfc1b6432030f52e727cb7a8ca665
SHA512 db18d6151e9b8c9717d5e6632d22b0fcd5892d74f35b826f8c7c83bc2056ffe8a5f81dcba93d88545410dfe2d9c678c4930926dd23c238097ee2eaa8dcc7d537

C:\Windows\System\MWLYsgT.exe

MD5 cc3d76a2363e3f67041e2193294b498f
SHA1 75d25675ec9791d315c0083013e8a74b4eaa53cd
SHA256 40ffd8048be7aab05cf0d50d0797f4552df6d9acbe723cc4c143eab7e5b7bca2
SHA512 d4051f1cf683bf09d18b2f3eccd0666101c642091e371fd3d36f4bde138877436aadaeb886e6541b9032579e14f81fde0881b49165090698dfde0bbcce3a3165

C:\Windows\System\ZzjmqrU.exe

MD5 c840d2d17dffee9ba416c3cc11455aa7
SHA1 4ab979c4a88c9bda15557aad645f89d62a999fea
SHA256 e949b9c952f857e1337e0104ee91a88fcc5f101ca7ca49cb5d4a4b0bcbc87375
SHA512 92c1a68455c713bac0dcb4450a9ed9a1bf3fdf4e529234743d28957b07e40a76660d91b28118304934c480610efc12df5e3acae674c0acd9a086a1d2c435bb00

C:\Windows\System\BYJjTuD.exe

MD5 5093921da83c5d09da26e2460a8868ac
SHA1 9213f77696c47b0741b388553f6a8a503a93c6fb
SHA256 5c506efce6f1d8355c321036d576284cbc9e8d993e47ab0e3dbe194088352cec
SHA512 5ffbf4403ff575ffc9d37d33e4afedfa9b9ffbd2b748ed8abbf1185ad41d841cb6bbae7370c16e19017d596b7770c8aaaf37dc9f277d20fe46d3b80c49693e18

C:\Windows\System\rraWYIe.exe

MD5 0a411b6f241ea13f06af05b1b52e5e37
SHA1 24942fc1d4beb8707d5d760f82b7d175a756c25c
SHA256 9327e9b04250c3d2e1bf176c053b906784dff1fe3b0b3f6ea722fc8de6cebee8
SHA512 8393b76a82b411ccfca990c2ccae32f5e7689ac3b3c201846bca1cbe3c86231af8ddd0c0b0df1b10a03bf3008f8a461d9bab19176a39bc3fa5c338c0994742fe

C:\Windows\System\JNoFOKZ.exe

MD5 45fa31f7d78ebc68f2b373dfb0d7c672
SHA1 8c3642a61c0dfea182449d576235794ec5d0ab5e
SHA256 8e214d397e90a44e94d9bc196cff4686dec7c78f3944ff993dabcf7d2bd71058
SHA512 6fefed1d7574185a0628008a917a3873acf2feda74abcc383436025ee252237adca6aa1f0d860030cc32309d84c82db5025784ff7cb785650e2ce961084cee21

C:\Windows\System\ZbDcybD.exe

MD5 ecdb96bc88b42634d87bae2a26d7185e
SHA1 a9f0bf5e52756be6cd3b477338b26d8ead0e022a
SHA256 bbeef3adb5b9adaded5cfb4d156c877cec568094ef63606e3501067e9f4922c0
SHA512 a35c466cd5a0d093f43d2d0aa3549805065e09cca77e790ab0cc24ad651ea3b2d06b59262bd064567267e06ff696478b676717aff16a44360438951673f697f3

C:\Windows\System\cILwHju.exe

MD5 075398242520b4d501647eaed8e22449
SHA1 5214c3ea28711bf4859357853f358c3a52ba6430
SHA256 7614bee71590d6c96b33268fb2a06c937793ea3515d87e7bcc95b302cc8342e5
SHA512 7678489ccd6fe2fdb4a90d3bc26115a6d71485492498bc203c64e36f9d32f6c77cc9b7f9f95fab3d05eee31500e3591cab9714646c46ab32ba2362fd53b69f8b

C:\Windows\System\ZQPXaIf.exe

MD5 fdee2f9dea95bd0b42f4db9019fa8389
SHA1 ec3bde1cb5dabd3bbc8f66a5c2f9ac9921564a47
SHA256 5f1ac6ac0da4813d6ecb5843bc455f074557a330b17fdab787dc83ab8d97c28b
SHA512 d34fd87b8808461d77105c5444d01e35a2c6d4b9cb4e769abfaca2f121f136554c1099fb607918d81c2a556556ee7acb0280b95a911052f0c949bab5155856d3

C:\Windows\System\GbvVHBg.exe

MD5 8a33297c0cabc98fa0c8b3eac9cd255c
SHA1 8e349a4ec25315e11699c0ea565260d774968793
SHA256 36862f2fbfeace4863426273508676092b308e60dcd3baae046d083bed466bbe
SHA512 a7cd9e6492367cbc4a9b2fb22e2485997fc5e9f58c0b15e419d6dd44ea1b9940e15ad0747927748c8cc89dee186d51267dc73efb43faacfe8292c94ff5f61fce

C:\Windows\System\FHfCSiu.exe

MD5 a29d96fb5c31ad7531d0cba2c6ae1b74
SHA1 b5053a452e9df4b39072748592cabcff3d333456
SHA256 6a6981c41217913dd7999d81b6ae8d21433774da541f7f047d063f8e31bf427e
SHA512 9a849b384026c302463096d0ee6891122f974e968a03b0c01ad37794ed09ae3640bbee7f2c5a94962bac004a9a4cf3adec6ed90d34c1ade407ed6dd1773fb124

C:\Windows\System\uUFJoDi.exe

MD5 7f1efe9aa7d04679463e33878a47afb9
SHA1 b940ebb28464f980fb2ce4c3d0a424a72911414d
SHA256 7c411d7d5d5aa211bc095772359656225496e7da451d2344e16d94a7d9fd9da9
SHA512 8150fa99366d20b5ab3c15d5c8f4ff9071209a8737aafdc8f0f5e82dbc7c5597e8eee3c33b5207bb31033f7d607b9d30a1d0a97078ecc7870f762b8d72b01d52

C:\Windows\System\tLpiVqn.exe

MD5 cc0f576d1a923049bbbfcacccdad3d34
SHA1 78ae219a31b30e8995e041bc6a67ccb9c7a30bd8
SHA256 52cedf0e7e6b8f0f7dbd72212997f4cf5510403df4ddb94af77b228078f1dbd7
SHA512 a84959b3263c7eada7b66bd5e29ed94caa3e8f9caa65bb34d1b0981af87c0afc96f219bfb85444f0e66206c4c052e5f5cdcd3a1b1cea3b9de55a1008b804f0a6

C:\Windows\System\tEzPFdA.exe

MD5 8168135dd0c0b4666e9424c36af03d7a
SHA1 16576eba0f12db90b46ffb44f21d611f0a0de451
SHA256 4b312e85d0c6b00c3ea6c1be46a0efcdc8687ec7a3a1f7ba5a5f5d48348d97a8
SHA512 7f8c5517b8b29387e2c1f8999b08cfce4a9bb0cf3f0a70f25b34ec14c88146d4eeee4a55b980d3c1f4d25293db4b937a5fd0e63f995844ad1b5f1c5ac0a63eee

C:\Windows\System\nRhsRyb.exe

MD5 22e237ebf22d33b2a27a726e0948adc1
SHA1 34d3a6370cf1757d7fd44920853f7c8c2615b74e
SHA256 0cc3ea1dfa39f56839e5dae1276ffffb365f9305d5eb7c5180a43f92cb8cf1c3
SHA512 099e5f887013a6401ff32b4e549e13c7017e27ac759760463b79895c3a12dfd89a847075d88b81e43e324eeeb205707d743a1f5a7155673783e22a044b5d1fbe

C:\Windows\System\NBvivNu.exe

MD5 98505a02be9120e7d1fe6d4849d4bffb
SHA1 8cbc4598854674ecb72c5d363832cff1bb80e6d6
SHA256 6b4ef9d9ab4ac30cf5aeec5afaf20f594989bf855a66c317139c612d460e0986
SHA512 9a297ff08b4c9d4eb250f6408399d04e95a35a6303ade86023dcbd8ca6c8eeb47602f220a574ff33808b13da1ab70dabeb49b9df7ddcb1c9ee307b97e4948497

C:\Windows\System\ZpGYnaO.exe

MD5 ef0a904593f8f6959f3e6bf0b6cbd631
SHA1 584e90820c41e0340bf471ae190d158d93d2d706
SHA256 bda99558d645ad427c5b698bd2146698d6fd22917dc3e08f8821a189f16ec9c5
SHA512 f47ce48a9160bf8b1a91c50cc29d786b5a9ffc61f82540cac0aadf5409633fdfa1aa6846de71bdc0082d47d4986107a0a5c9e35464ca3f2bf6a6926346931068

C:\Windows\System\iBUTAxS.exe

MD5 d140d4a7a379ab68b4febf0c8b5f976b
SHA1 ead72f345109e7b0ac877eafd9e22c175b9b4182
SHA256 814bb92fe81d76211c12e11c3e3494bb03b373b8ca70b45408d085cca4e93e9e
SHA512 21ae5c09621afac46f4c8e55e850989d8ded2ff313729110d3ad5f72d07fbb673ca40caa34fd2b64e3176177d62dd06744a5c36e47d3d74023c84bfca822fdde

C:\Windows\System\AmGpbQq.exe

MD5 7fdfde19455bd134ba7051e9ac95e3a7
SHA1 10dfb48e30afb44da3037287d41c6594b8518e56
SHA256 2129b73eeaf223dc4521e020f84cd9a2e58531cb563f50a3c3b72ac4c00360b4
SHA512 f00e868446e6a540aecdb71663125874cba9fdd0803768717956dac308cbe87d83072101748e332be00b5c19c29dd2be50a264747e4ee54cc034424244c74570

C:\Windows\System\DUtTSzi.exe

MD5 a60522f5e024359d000b9f6f41c527b4
SHA1 29031961bcba3eba7c6ee6aa7c7508674ba127d9
SHA256 eb1be9d27499f4e3cb95aec31242a6b50659c2f2c3fa0c59fa4e9b523ec3ff06
SHA512 766a835f95d3a40489487c9f60545635585b45c668618bd931c733c683bbaee69ea0d63496260be958a62af808b2c23f410cd67a0cd43298ced82497fd6549f1

C:\Windows\System\XNqxQgm.exe

MD5 843567ba54b6ace1456251799677dda0
SHA1 b90c4b380ea7e6924ce963204d3d1280863e500d
SHA256 a47faa618abd14c832db346e1d89eff5b979f28ddac345b5a419287567116974
SHA512 4655db55bf921052d2fc9e5efcbda07c834b9a6e1cf2188aed5edb86e5a05caa128ddb9fbdf324e52ec4db8a29a66436ca939442e1a6431e593b3a5b0d12658a

C:\Windows\System\JBnuKax.exe

MD5 84d4c787025402b8d250706cb2a67e41
SHA1 9f0d9e3787cd9faf6b0b21d7cfa4f00255e9bf4e
SHA256 200821828d7ef581dafe5551964124ad88a5288aeb81ee47dbbd1ed0ebae61f8
SHA512 569606b2d74a4364f91a899cd9b820701a70e380e61a4d0f1485554554602ecf8c96a062d9262d0a4530fd081d073a0d671681dffc91fa4f08c4370c2bdab9e2

C:\Windows\System\pUEVsbu.exe

MD5 a39206fe08d3560a0e41705d3f162dfc
SHA1 625fbb7efb8955f89c7526cb72cd26605ec6a916
SHA256 997d62c13a9e82178054e573e8b8ae0e6d1ba83d8c121b09cf1ff3118abf8dc6
SHA512 a0e15ea5baa3a02443737cdb3072f22796c9bfed7b165cb87c44195c3ed120919cd1c79e0974b0da521ab6283f04267e0013d0d3173e3d18b6eb48c2d41f00e1

C:\Windows\System\QqbUizo.exe

MD5 40d6dbfec62531d92a0b99e80340a29b
SHA1 65b315647c524713a6440c23baa8a0804f62ebc2
SHA256 1496db50beecc86797e38cb716c32fb031cab1ec5aee4337e5c937c794a893d2
SHA512 88fd26bdc4256b16fa89de027eeb7cad9152a9429d0147cb3f4f8803180eecf752e5d8d93db56dc184043e7dd24c75690e69366f0764d607f7f71cb8a3fd3e99

C:\Windows\System\xRKYjGX.exe

MD5 90b325d675a0fcebbd499893d8205fd9
SHA1 2d38a556586425dbf6f50939dd30194e475be906
SHA256 ef858835253b984b782fb4a5830a4d21830ff45d52d13115fcdcb9c1430829c2
SHA512 1bc5cdccf3f36580c6fb2ac8375b87e0c6dd6ee8b4ef33a676072d3e720163511879e46b38d5a2567c126a7e945a0e1bd27a31a74d3ea320ada59eab2442d65c

C:\Windows\System\wsOfJCs.exe

MD5 ce82a7f1ed866d097e49966f2eb6e57b
SHA1 c98208fd2782eea62606aa5ed6ac142a023bbdbb
SHA256 edfb26b0589a589ec27e9a71b46a9d8efcdb4128eb03dd6417f85476b9abc673
SHA512 d48f7c5b7178d3731947fee7c9e4062010e24ecd9dee43425cf613c9fc565b297071eca1887219fdd1dea569e410185838d313bda277386e97788e239bd6d9ec

C:\Windows\System\HLebWIz.exe

MD5 41335c39e3ebd07c801d47c2855b48c3
SHA1 a24925863723c4d77278576a7eccde1b41c23f85
SHA256 1b53b1a0f92231b235be12c09a30d9a0601172d46394b0ef7517c092afaada9c
SHA512 42618691f56f1ebad7cb2759afdc829e0934965fd354a002f0158d3a040894788a9e472720447c6fef3d9e3a03e0e0ebf47729d1978e16c2e45d36374938fc7f

C:\Windows\System\swRvBrV.exe

MD5 3c5f921d6f6c469515b3719248a57a94
SHA1 74c16645f54c51d7faa6eaaaab2d6bb963a3b423
SHA256 4519c24e19f761466468e45a05274ab7443236bae903473d5f78ab6a8263efe6
SHA512 d41b5119e4b90fab30eb22e2c05fe1ed50e912f8fbad2cc187a8181453e6fef62f1d49168edea9c2bedd0dbb5b40bda17bc4a4ca4e8030700c94c2e1ace94b95

C:\Windows\System\SoxEhks.exe

MD5 3f306ccb30af803eed910d8360deaa24
SHA1 c69e73838c35d46d8d018ff2db392dbcc1966c0d
SHA256 59382a94ea630c1d241b8ce95a92ed380ca71b9383af1d32ec977fb210c9f544
SHA512 2efa0a4799749dc80cdd90df9d54a5dbf68f1f1b1c1195628e8dc47e75f56dcc14f4273057ad61cc40e990e89af354657f0cb9dad37ad4694246a12b5f64a04b

C:\Windows\System\HYUYZUa.exe

MD5 741099f4767ff8bc33d6d6bbce042ebd
SHA1 bbd892760c309a15247326fe3c215b177e77d743
SHA256 12746c0648254d7d174a7430b434414bbdf25cf2c4d00d7c0cfad93cd2b6a14b
SHA512 6f4e1d603b666554ae1ecd70cf6a4fe439b21e2f45b5f513dda83723f33365191c2235be0a255845e7c626f58eaf970a50c66a2cb66fb6f605e7fe95fc272dcd

C:\Windows\System\TtdUrqW.exe

MD5 24391f673947cf1dcad12cd93ff8a827
SHA1 49d153a4090957a8ada0b6e0c16f7ce2c8552037
SHA256 714fb897931430edf646079f2cf1c26befa7dd9928eb5279685b15a02f46c6be
SHA512 9d4f2b7e27cff961bfa8e7f3531f3b0a60c0e81366a16f5c031cfd351c3d825b87af561fd9c9cc2a4ef3043d787e1bd762e354a29216810450261e3d1672fd5c

C:\Windows\System\pNiNYpE.exe

MD5 5acc87a5bc31f6abb2a9822f4a20153e
SHA1 c97b33a293cb8eda1c39f10ef8a1f57e56e56356
SHA256 571359dd3f2f25c4aa747050a611bfb643ad2089219f744777cc3498b6ff1189
SHA512 3452d873c8dc44b34804e05d65abb920d3d82afee5905460b456775d6719091445443bc17ffaf9275bfdcef507b82029c3e9a6745e2a92af0502aaab9b8272cf

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-27 01:25

Reported

2024-06-27 01:27

Platform

win7-20240611-en

Max time kernel

136s

Max time network

157s

Command Line

"C:\Users\Admin\AppData\Local\Temp\354158aab5576f0bc8f972e79d33bbdc01548022dd9cf4a4b2c5c76d7e53b5e4_NeikiAnalytics.exe"

Signatures

KPOT

trojan stealer kpot

KPOT Core Executable

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

xmrig

miner xmrig

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Windows\System\SVmeCuK.exe N/A
N/A N/A C:\Windows\System\LkQKOqL.exe N/A
N/A N/A C:\Windows\System\ATmJAIS.exe N/A
N/A N/A C:\Windows\System\ICoahug.exe N/A
N/A N/A C:\Windows\System\dQdSrZD.exe N/A
N/A N/A C:\Windows\System\HJMjkHD.exe N/A
N/A N/A C:\Windows\System\WdQnHdc.exe N/A
N/A N/A C:\Windows\System\CUssHJM.exe N/A
N/A N/A C:\Windows\System\ZENDyMb.exe N/A
N/A N/A C:\Windows\System\qNdCnds.exe N/A
N/A N/A C:\Windows\System\aWEELRb.exe N/A
N/A N/A C:\Windows\System\pfAobqU.exe N/A
N/A N/A C:\Windows\System\SEOFSlH.exe N/A
N/A N/A C:\Windows\System\JbVeEyi.exe N/A
N/A N/A C:\Windows\System\VBEDNPk.exe N/A
N/A N/A C:\Windows\System\DdOEQsb.exe N/A
N/A N/A C:\Windows\System\arWkbzv.exe N/A
N/A N/A C:\Windows\System\fxHfhsQ.exe N/A
N/A N/A C:\Windows\System\KkbSBEs.exe N/A
N/A N/A C:\Windows\System\qAWvyXe.exe N/A
N/A N/A C:\Windows\System\LHklsGY.exe N/A
N/A N/A C:\Windows\System\LNCKdLc.exe N/A
N/A N/A C:\Windows\System\LcZtyni.exe N/A
N/A N/A C:\Windows\System\KWIQnEE.exe N/A
N/A N/A C:\Windows\System\QPOtJED.exe N/A
N/A N/A C:\Windows\System\eJCzSlT.exe N/A
N/A N/A C:\Windows\System\LXQCtWZ.exe N/A
N/A N/A C:\Windows\System\doCunGG.exe N/A
N/A N/A C:\Windows\System\zGtPxqV.exe N/A
N/A N/A C:\Windows\System\UHZljbI.exe N/A
N/A N/A C:\Windows\System\VhvgyrD.exe N/A
N/A N/A C:\Windows\System\aXupaUJ.exe N/A
N/A N/A C:\Windows\System\diBIPnl.exe N/A
N/A N/A C:\Windows\System\QBrlXOO.exe N/A
N/A N/A C:\Windows\System\GEbycqZ.exe N/A
N/A N/A C:\Windows\System\zafdHKh.exe N/A
N/A N/A C:\Windows\System\kdFSzoe.exe N/A
N/A N/A C:\Windows\System\VmiBpuO.exe N/A
N/A N/A C:\Windows\System\KLROize.exe N/A
N/A N/A C:\Windows\System\swyPCjA.exe N/A
N/A N/A C:\Windows\System\npnvyzl.exe N/A
N/A N/A C:\Windows\System\HYHrsmE.exe N/A
N/A N/A C:\Windows\System\nchSxpr.exe N/A
N/A N/A C:\Windows\System\nUVHbnP.exe N/A
N/A N/A C:\Windows\System\agnbjUt.exe N/A
N/A N/A C:\Windows\System\AQcUjYO.exe N/A
N/A N/A C:\Windows\System\QbpLqAV.exe N/A
N/A N/A C:\Windows\System\XwgaRiM.exe N/A
N/A N/A C:\Windows\System\AyRnRGB.exe N/A
N/A N/A C:\Windows\System\WvcQIFJ.exe N/A
N/A N/A C:\Windows\System\hHwCZNu.exe N/A
N/A N/A C:\Windows\System\pZdwqZP.exe N/A
N/A N/A C:\Windows\System\XHOVxZJ.exe N/A
N/A N/A C:\Windows\System\ZADlzbS.exe N/A
N/A N/A C:\Windows\System\UCiESFP.exe N/A
N/A N/A C:\Windows\System\EEmSSnv.exe N/A
N/A N/A C:\Windows\System\pZVghSx.exe N/A
N/A N/A C:\Windows\System\CecKgrO.exe N/A
N/A N/A C:\Windows\System\yEdsdbQ.exe N/A
N/A N/A C:\Windows\System\xLoazOe.exe N/A
N/A N/A C:\Windows\System\NjpgbUt.exe N/A
N/A N/A C:\Windows\System\HAsUrGz.exe N/A
N/A N/A C:\Windows\System\QAvdXHW.exe N/A
N/A N/A C:\Windows\System\qiyXbGP.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\354158aab5576f0bc8f972e79d33bbdc01548022dd9cf4a4b2c5c76d7e53b5e4_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\354158aab5576f0bc8f972e79d33bbdc01548022dd9cf4a4b2c5c76d7e53b5e4_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\354158aab5576f0bc8f972e79d33bbdc01548022dd9cf4a4b2c5c76d7e53b5e4_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\354158aab5576f0bc8f972e79d33bbdc01548022dd9cf4a4b2c5c76d7e53b5e4_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\354158aab5576f0bc8f972e79d33bbdc01548022dd9cf4a4b2c5c76d7e53b5e4_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\354158aab5576f0bc8f972e79d33bbdc01548022dd9cf4a4b2c5c76d7e53b5e4_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\354158aab5576f0bc8f972e79d33bbdc01548022dd9cf4a4b2c5c76d7e53b5e4_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\354158aab5576f0bc8f972e79d33bbdc01548022dd9cf4a4b2c5c76d7e53b5e4_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\354158aab5576f0bc8f972e79d33bbdc01548022dd9cf4a4b2c5c76d7e53b5e4_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\354158aab5576f0bc8f972e79d33bbdc01548022dd9cf4a4b2c5c76d7e53b5e4_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\354158aab5576f0bc8f972e79d33bbdc01548022dd9cf4a4b2c5c76d7e53b5e4_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\354158aab5576f0bc8f972e79d33bbdc01548022dd9cf4a4b2c5c76d7e53b5e4_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\354158aab5576f0bc8f972e79d33bbdc01548022dd9cf4a4b2c5c76d7e53b5e4_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\354158aab5576f0bc8f972e79d33bbdc01548022dd9cf4a4b2c5c76d7e53b5e4_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\354158aab5576f0bc8f972e79d33bbdc01548022dd9cf4a4b2c5c76d7e53b5e4_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\354158aab5576f0bc8f972e79d33bbdc01548022dd9cf4a4b2c5c76d7e53b5e4_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\354158aab5576f0bc8f972e79d33bbdc01548022dd9cf4a4b2c5c76d7e53b5e4_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\354158aab5576f0bc8f972e79d33bbdc01548022dd9cf4a4b2c5c76d7e53b5e4_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\354158aab5576f0bc8f972e79d33bbdc01548022dd9cf4a4b2c5c76d7e53b5e4_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\354158aab5576f0bc8f972e79d33bbdc01548022dd9cf4a4b2c5c76d7e53b5e4_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\354158aab5576f0bc8f972e79d33bbdc01548022dd9cf4a4b2c5c76d7e53b5e4_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\354158aab5576f0bc8f972e79d33bbdc01548022dd9cf4a4b2c5c76d7e53b5e4_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\354158aab5576f0bc8f972e79d33bbdc01548022dd9cf4a4b2c5c76d7e53b5e4_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\354158aab5576f0bc8f972e79d33bbdc01548022dd9cf4a4b2c5c76d7e53b5e4_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\354158aab5576f0bc8f972e79d33bbdc01548022dd9cf4a4b2c5c76d7e53b5e4_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\354158aab5576f0bc8f972e79d33bbdc01548022dd9cf4a4b2c5c76d7e53b5e4_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\354158aab5576f0bc8f972e79d33bbdc01548022dd9cf4a4b2c5c76d7e53b5e4_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\354158aab5576f0bc8f972e79d33bbdc01548022dd9cf4a4b2c5c76d7e53b5e4_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\354158aab5576f0bc8f972e79d33bbdc01548022dd9cf4a4b2c5c76d7e53b5e4_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\354158aab5576f0bc8f972e79d33bbdc01548022dd9cf4a4b2c5c76d7e53b5e4_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\354158aab5576f0bc8f972e79d33bbdc01548022dd9cf4a4b2c5c76d7e53b5e4_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\354158aab5576f0bc8f972e79d33bbdc01548022dd9cf4a4b2c5c76d7e53b5e4_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\354158aab5576f0bc8f972e79d33bbdc01548022dd9cf4a4b2c5c76d7e53b5e4_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\354158aab5576f0bc8f972e79d33bbdc01548022dd9cf4a4b2c5c76d7e53b5e4_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\354158aab5576f0bc8f972e79d33bbdc01548022dd9cf4a4b2c5c76d7e53b5e4_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\354158aab5576f0bc8f972e79d33bbdc01548022dd9cf4a4b2c5c76d7e53b5e4_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\354158aab5576f0bc8f972e79d33bbdc01548022dd9cf4a4b2c5c76d7e53b5e4_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\354158aab5576f0bc8f972e79d33bbdc01548022dd9cf4a4b2c5c76d7e53b5e4_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\354158aab5576f0bc8f972e79d33bbdc01548022dd9cf4a4b2c5c76d7e53b5e4_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\354158aab5576f0bc8f972e79d33bbdc01548022dd9cf4a4b2c5c76d7e53b5e4_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\354158aab5576f0bc8f972e79d33bbdc01548022dd9cf4a4b2c5c76d7e53b5e4_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\354158aab5576f0bc8f972e79d33bbdc01548022dd9cf4a4b2c5c76d7e53b5e4_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\354158aab5576f0bc8f972e79d33bbdc01548022dd9cf4a4b2c5c76d7e53b5e4_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\354158aab5576f0bc8f972e79d33bbdc01548022dd9cf4a4b2c5c76d7e53b5e4_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\354158aab5576f0bc8f972e79d33bbdc01548022dd9cf4a4b2c5c76d7e53b5e4_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\354158aab5576f0bc8f972e79d33bbdc01548022dd9cf4a4b2c5c76d7e53b5e4_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\354158aab5576f0bc8f972e79d33bbdc01548022dd9cf4a4b2c5c76d7e53b5e4_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\354158aab5576f0bc8f972e79d33bbdc01548022dd9cf4a4b2c5c76d7e53b5e4_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\354158aab5576f0bc8f972e79d33bbdc01548022dd9cf4a4b2c5c76d7e53b5e4_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\354158aab5576f0bc8f972e79d33bbdc01548022dd9cf4a4b2c5c76d7e53b5e4_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\354158aab5576f0bc8f972e79d33bbdc01548022dd9cf4a4b2c5c76d7e53b5e4_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\354158aab5576f0bc8f972e79d33bbdc01548022dd9cf4a4b2c5c76d7e53b5e4_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\354158aab5576f0bc8f972e79d33bbdc01548022dd9cf4a4b2c5c76d7e53b5e4_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\354158aab5576f0bc8f972e79d33bbdc01548022dd9cf4a4b2c5c76d7e53b5e4_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\354158aab5576f0bc8f972e79d33bbdc01548022dd9cf4a4b2c5c76d7e53b5e4_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\354158aab5576f0bc8f972e79d33bbdc01548022dd9cf4a4b2c5c76d7e53b5e4_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\354158aab5576f0bc8f972e79d33bbdc01548022dd9cf4a4b2c5c76d7e53b5e4_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\354158aab5576f0bc8f972e79d33bbdc01548022dd9cf4a4b2c5c76d7e53b5e4_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\354158aab5576f0bc8f972e79d33bbdc01548022dd9cf4a4b2c5c76d7e53b5e4_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\354158aab5576f0bc8f972e79d33bbdc01548022dd9cf4a4b2c5c76d7e53b5e4_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\354158aab5576f0bc8f972e79d33bbdc01548022dd9cf4a4b2c5c76d7e53b5e4_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\354158aab5576f0bc8f972e79d33bbdc01548022dd9cf4a4b2c5c76d7e53b5e4_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\354158aab5576f0bc8f972e79d33bbdc01548022dd9cf4a4b2c5c76d7e53b5e4_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\354158aab5576f0bc8f972e79d33bbdc01548022dd9cf4a4b2c5c76d7e53b5e4_NeikiAnalytics.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\System\aXupaUJ.exe C:\Users\Admin\AppData\Local\Temp\354158aab5576f0bc8f972e79d33bbdc01548022dd9cf4a4b2c5c76d7e53b5e4_NeikiAnalytics.exe N/A
File created C:\Windows\System\sJyyPoW.exe C:\Users\Admin\AppData\Local\Temp\354158aab5576f0bc8f972e79d33bbdc01548022dd9cf4a4b2c5c76d7e53b5e4_NeikiAnalytics.exe N/A
File created C:\Windows\System\gTzhyXd.exe C:\Users\Admin\AppData\Local\Temp\354158aab5576f0bc8f972e79d33bbdc01548022dd9cf4a4b2c5c76d7e53b5e4_NeikiAnalytics.exe N/A
File created C:\Windows\System\AvQwGJc.exe C:\Users\Admin\AppData\Local\Temp\354158aab5576f0bc8f972e79d33bbdc01548022dd9cf4a4b2c5c76d7e53b5e4_NeikiAnalytics.exe N/A
File created C:\Windows\System\vFHOtMt.exe C:\Users\Admin\AppData\Local\Temp\354158aab5576f0bc8f972e79d33bbdc01548022dd9cf4a4b2c5c76d7e53b5e4_NeikiAnalytics.exe N/A
File created C:\Windows\System\fEmdqNU.exe C:\Users\Admin\AppData\Local\Temp\354158aab5576f0bc8f972e79d33bbdc01548022dd9cf4a4b2c5c76d7e53b5e4_NeikiAnalytics.exe N/A
File created C:\Windows\System\SSvflYL.exe C:\Users\Admin\AppData\Local\Temp\354158aab5576f0bc8f972e79d33bbdc01548022dd9cf4a4b2c5c76d7e53b5e4_NeikiAnalytics.exe N/A
File created C:\Windows\System\fxHfhsQ.exe C:\Users\Admin\AppData\Local\Temp\354158aab5576f0bc8f972e79d33bbdc01548022dd9cf4a4b2c5c76d7e53b5e4_NeikiAnalytics.exe N/A
File created C:\Windows\System\TdwGzSD.exe C:\Users\Admin\AppData\Local\Temp\354158aab5576f0bc8f972e79d33bbdc01548022dd9cf4a4b2c5c76d7e53b5e4_NeikiAnalytics.exe N/A
File created C:\Windows\System\AMeOIfr.exe C:\Users\Admin\AppData\Local\Temp\354158aab5576f0bc8f972e79d33bbdc01548022dd9cf4a4b2c5c76d7e53b5e4_NeikiAnalytics.exe N/A
File created C:\Windows\System\izsnBXK.exe C:\Users\Admin\AppData\Local\Temp\354158aab5576f0bc8f972e79d33bbdc01548022dd9cf4a4b2c5c76d7e53b5e4_NeikiAnalytics.exe N/A
File created C:\Windows\System\DdOEQsb.exe C:\Users\Admin\AppData\Local\Temp\354158aab5576f0bc8f972e79d33bbdc01548022dd9cf4a4b2c5c76d7e53b5e4_NeikiAnalytics.exe N/A
File created C:\Windows\System\qZQYNIo.exe C:\Users\Admin\AppData\Local\Temp\354158aab5576f0bc8f972e79d33bbdc01548022dd9cf4a4b2c5c76d7e53b5e4_NeikiAnalytics.exe N/A
File created C:\Windows\System\AUweFgi.exe C:\Users\Admin\AppData\Local\Temp\354158aab5576f0bc8f972e79d33bbdc01548022dd9cf4a4b2c5c76d7e53b5e4_NeikiAnalytics.exe N/A
File created C:\Windows\System\makMXBM.exe C:\Users\Admin\AppData\Local\Temp\354158aab5576f0bc8f972e79d33bbdc01548022dd9cf4a4b2c5c76d7e53b5e4_NeikiAnalytics.exe N/A
File created C:\Windows\System\XwtGZOF.exe C:\Users\Admin\AppData\Local\Temp\354158aab5576f0bc8f972e79d33bbdc01548022dd9cf4a4b2c5c76d7e53b5e4_NeikiAnalytics.exe N/A
File created C:\Windows\System\xoUTXob.exe C:\Users\Admin\AppData\Local\Temp\354158aab5576f0bc8f972e79d33bbdc01548022dd9cf4a4b2c5c76d7e53b5e4_NeikiAnalytics.exe N/A
File created C:\Windows\System\LDzMCPJ.exe C:\Users\Admin\AppData\Local\Temp\354158aab5576f0bc8f972e79d33bbdc01548022dd9cf4a4b2c5c76d7e53b5e4_NeikiAnalytics.exe N/A
File created C:\Windows\System\uXTMlcl.exe C:\Users\Admin\AppData\Local\Temp\354158aab5576f0bc8f972e79d33bbdc01548022dd9cf4a4b2c5c76d7e53b5e4_NeikiAnalytics.exe N/A
File created C:\Windows\System\VOQjGMm.exe C:\Users\Admin\AppData\Local\Temp\354158aab5576f0bc8f972e79d33bbdc01548022dd9cf4a4b2c5c76d7e53b5e4_NeikiAnalytics.exe N/A
File created C:\Windows\System\suRrNpY.exe C:\Users\Admin\AppData\Local\Temp\354158aab5576f0bc8f972e79d33bbdc01548022dd9cf4a4b2c5c76d7e53b5e4_NeikiAnalytics.exe N/A
File created C:\Windows\System\jCxcvxF.exe C:\Users\Admin\AppData\Local\Temp\354158aab5576f0bc8f972e79d33bbdc01548022dd9cf4a4b2c5c76d7e53b5e4_NeikiAnalytics.exe N/A
File created C:\Windows\System\EzYvnLC.exe C:\Users\Admin\AppData\Local\Temp\354158aab5576f0bc8f972e79d33bbdc01548022dd9cf4a4b2c5c76d7e53b5e4_NeikiAnalytics.exe N/A
File created C:\Windows\System\AyRnRGB.exe C:\Users\Admin\AppData\Local\Temp\354158aab5576f0bc8f972e79d33bbdc01548022dd9cf4a4b2c5c76d7e53b5e4_NeikiAnalytics.exe N/A
File created C:\Windows\System\GgovurZ.exe C:\Users\Admin\AppData\Local\Temp\354158aab5576f0bc8f972e79d33bbdc01548022dd9cf4a4b2c5c76d7e53b5e4_NeikiAnalytics.exe N/A
File created C:\Windows\System\zkGCwcc.exe C:\Users\Admin\AppData\Local\Temp\354158aab5576f0bc8f972e79d33bbdc01548022dd9cf4a4b2c5c76d7e53b5e4_NeikiAnalytics.exe N/A
File created C:\Windows\System\wUbHwRF.exe C:\Users\Admin\AppData\Local\Temp\354158aab5576f0bc8f972e79d33bbdc01548022dd9cf4a4b2c5c76d7e53b5e4_NeikiAnalytics.exe N/A
File created C:\Windows\System\AubJntX.exe C:\Users\Admin\AppData\Local\Temp\354158aab5576f0bc8f972e79d33bbdc01548022dd9cf4a4b2c5c76d7e53b5e4_NeikiAnalytics.exe N/A
File created C:\Windows\System\KkbSBEs.exe C:\Users\Admin\AppData\Local\Temp\354158aab5576f0bc8f972e79d33bbdc01548022dd9cf4a4b2c5c76d7e53b5e4_NeikiAnalytics.exe N/A
File created C:\Windows\System\pTAzmIC.exe C:\Users\Admin\AppData\Local\Temp\354158aab5576f0bc8f972e79d33bbdc01548022dd9cf4a4b2c5c76d7e53b5e4_NeikiAnalytics.exe N/A
File created C:\Windows\System\YpkgElD.exe C:\Users\Admin\AppData\Local\Temp\354158aab5576f0bc8f972e79d33bbdc01548022dd9cf4a4b2c5c76d7e53b5e4_NeikiAnalytics.exe N/A
File created C:\Windows\System\FSCYMam.exe C:\Users\Admin\AppData\Local\Temp\354158aab5576f0bc8f972e79d33bbdc01548022dd9cf4a4b2c5c76d7e53b5e4_NeikiAnalytics.exe N/A
File created C:\Windows\System\NFIUTnn.exe C:\Users\Admin\AppData\Local\Temp\354158aab5576f0bc8f972e79d33bbdc01548022dd9cf4a4b2c5c76d7e53b5e4_NeikiAnalytics.exe N/A
File created C:\Windows\System\ICoahug.exe C:\Users\Admin\AppData\Local\Temp\354158aab5576f0bc8f972e79d33bbdc01548022dd9cf4a4b2c5c76d7e53b5e4_NeikiAnalytics.exe N/A
File created C:\Windows\System\XwgaRiM.exe C:\Users\Admin\AppData\Local\Temp\354158aab5576f0bc8f972e79d33bbdc01548022dd9cf4a4b2c5c76d7e53b5e4_NeikiAnalytics.exe N/A
File created C:\Windows\System\DktsNHH.exe C:\Users\Admin\AppData\Local\Temp\354158aab5576f0bc8f972e79d33bbdc01548022dd9cf4a4b2c5c76d7e53b5e4_NeikiAnalytics.exe N/A
File created C:\Windows\System\CzaDtHm.exe C:\Users\Admin\AppData\Local\Temp\354158aab5576f0bc8f972e79d33bbdc01548022dd9cf4a4b2c5c76d7e53b5e4_NeikiAnalytics.exe N/A
File created C:\Windows\System\eFHErwQ.exe C:\Users\Admin\AppData\Local\Temp\354158aab5576f0bc8f972e79d33bbdc01548022dd9cf4a4b2c5c76d7e53b5e4_NeikiAnalytics.exe N/A
File created C:\Windows\System\gSObmFr.exe C:\Users\Admin\AppData\Local\Temp\354158aab5576f0bc8f972e79d33bbdc01548022dd9cf4a4b2c5c76d7e53b5e4_NeikiAnalytics.exe N/A
File created C:\Windows\System\SEOFSlH.exe C:\Users\Admin\AppData\Local\Temp\354158aab5576f0bc8f972e79d33bbdc01548022dd9cf4a4b2c5c76d7e53b5e4_NeikiAnalytics.exe N/A
File created C:\Windows\System\AQcUjYO.exe C:\Users\Admin\AppData\Local\Temp\354158aab5576f0bc8f972e79d33bbdc01548022dd9cf4a4b2c5c76d7e53b5e4_NeikiAnalytics.exe N/A
File created C:\Windows\System\DOoruwd.exe C:\Users\Admin\AppData\Local\Temp\354158aab5576f0bc8f972e79d33bbdc01548022dd9cf4a4b2c5c76d7e53b5e4_NeikiAnalytics.exe N/A
File created C:\Windows\System\twMEjhS.exe C:\Users\Admin\AppData\Local\Temp\354158aab5576f0bc8f972e79d33bbdc01548022dd9cf4a4b2c5c76d7e53b5e4_NeikiAnalytics.exe N/A
File created C:\Windows\System\lJrwzif.exe C:\Users\Admin\AppData\Local\Temp\354158aab5576f0bc8f972e79d33bbdc01548022dd9cf4a4b2c5c76d7e53b5e4_NeikiAnalytics.exe N/A
File created C:\Windows\System\pZdwqZP.exe C:\Users\Admin\AppData\Local\Temp\354158aab5576f0bc8f972e79d33bbdc01548022dd9cf4a4b2c5c76d7e53b5e4_NeikiAnalytics.exe N/A
File created C:\Windows\System\vtfeScX.exe C:\Users\Admin\AppData\Local\Temp\354158aab5576f0bc8f972e79d33bbdc01548022dd9cf4a4b2c5c76d7e53b5e4_NeikiAnalytics.exe N/A
File created C:\Windows\System\dObzAol.exe C:\Users\Admin\AppData\Local\Temp\354158aab5576f0bc8f972e79d33bbdc01548022dd9cf4a4b2c5c76d7e53b5e4_NeikiAnalytics.exe N/A
File created C:\Windows\System\jjqmqfx.exe C:\Users\Admin\AppData\Local\Temp\354158aab5576f0bc8f972e79d33bbdc01548022dd9cf4a4b2c5c76d7e53b5e4_NeikiAnalytics.exe N/A
File created C:\Windows\System\SEWJZeM.exe C:\Users\Admin\AppData\Local\Temp\354158aab5576f0bc8f972e79d33bbdc01548022dd9cf4a4b2c5c76d7e53b5e4_NeikiAnalytics.exe N/A
File created C:\Windows\System\uuIfokF.exe C:\Users\Admin\AppData\Local\Temp\354158aab5576f0bc8f972e79d33bbdc01548022dd9cf4a4b2c5c76d7e53b5e4_NeikiAnalytics.exe N/A
File created C:\Windows\System\vUJQbdv.exe C:\Users\Admin\AppData\Local\Temp\354158aab5576f0bc8f972e79d33bbdc01548022dd9cf4a4b2c5c76d7e53b5e4_NeikiAnalytics.exe N/A
File created C:\Windows\System\cVsqZAk.exe C:\Users\Admin\AppData\Local\Temp\354158aab5576f0bc8f972e79d33bbdc01548022dd9cf4a4b2c5c76d7e53b5e4_NeikiAnalytics.exe N/A
File created C:\Windows\System\zXsSPhJ.exe C:\Users\Admin\AppData\Local\Temp\354158aab5576f0bc8f972e79d33bbdc01548022dd9cf4a4b2c5c76d7e53b5e4_NeikiAnalytics.exe N/A
File created C:\Windows\System\lAmAfpA.exe C:\Users\Admin\AppData\Local\Temp\354158aab5576f0bc8f972e79d33bbdc01548022dd9cf4a4b2c5c76d7e53b5e4_NeikiAnalytics.exe N/A
File created C:\Windows\System\XHXMKpC.exe C:\Users\Admin\AppData\Local\Temp\354158aab5576f0bc8f972e79d33bbdc01548022dd9cf4a4b2c5c76d7e53b5e4_NeikiAnalytics.exe N/A
File created C:\Windows\System\DEzOSxu.exe C:\Users\Admin\AppData\Local\Temp\354158aab5576f0bc8f972e79d33bbdc01548022dd9cf4a4b2c5c76d7e53b5e4_NeikiAnalytics.exe N/A
File created C:\Windows\System\OruBawV.exe C:\Users\Admin\AppData\Local\Temp\354158aab5576f0bc8f972e79d33bbdc01548022dd9cf4a4b2c5c76d7e53b5e4_NeikiAnalytics.exe N/A
File created C:\Windows\System\AUVQGrc.exe C:\Users\Admin\AppData\Local\Temp\354158aab5576f0bc8f972e79d33bbdc01548022dd9cf4a4b2c5c76d7e53b5e4_NeikiAnalytics.exe N/A
File created C:\Windows\System\oaajCUd.exe C:\Users\Admin\AppData\Local\Temp\354158aab5576f0bc8f972e79d33bbdc01548022dd9cf4a4b2c5c76d7e53b5e4_NeikiAnalytics.exe N/A
File created C:\Windows\System\yIYcwBK.exe C:\Users\Admin\AppData\Local\Temp\354158aab5576f0bc8f972e79d33bbdc01548022dd9cf4a4b2c5c76d7e53b5e4_NeikiAnalytics.exe N/A
File created C:\Windows\System\yuhoYJf.exe C:\Users\Admin\AppData\Local\Temp\354158aab5576f0bc8f972e79d33bbdc01548022dd9cf4a4b2c5c76d7e53b5e4_NeikiAnalytics.exe N/A
File created C:\Windows\System\LXQCtWZ.exe C:\Users\Admin\AppData\Local\Temp\354158aab5576f0bc8f972e79d33bbdc01548022dd9cf4a4b2c5c76d7e53b5e4_NeikiAnalytics.exe N/A
File created C:\Windows\System\pZVghSx.exe C:\Users\Admin\AppData\Local\Temp\354158aab5576f0bc8f972e79d33bbdc01548022dd9cf4a4b2c5c76d7e53b5e4_NeikiAnalytics.exe N/A
File created C:\Windows\System\xGThtIV.exe C:\Users\Admin\AppData\Local\Temp\354158aab5576f0bc8f972e79d33bbdc01548022dd9cf4a4b2c5c76d7e53b5e4_NeikiAnalytics.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2096 wrote to memory of 2948 N/A C:\Users\Admin\AppData\Local\Temp\354158aab5576f0bc8f972e79d33bbdc01548022dd9cf4a4b2c5c76d7e53b5e4_NeikiAnalytics.exe C:\Windows\System\SVmeCuK.exe
PID 2096 wrote to memory of 2948 N/A C:\Users\Admin\AppData\Local\Temp\354158aab5576f0bc8f972e79d33bbdc01548022dd9cf4a4b2c5c76d7e53b5e4_NeikiAnalytics.exe C:\Windows\System\SVmeCuK.exe
PID 2096 wrote to memory of 2948 N/A C:\Users\Admin\AppData\Local\Temp\354158aab5576f0bc8f972e79d33bbdc01548022dd9cf4a4b2c5c76d7e53b5e4_NeikiAnalytics.exe C:\Windows\System\SVmeCuK.exe
PID 2096 wrote to memory of 2512 N/A C:\Users\Admin\AppData\Local\Temp\354158aab5576f0bc8f972e79d33bbdc01548022dd9cf4a4b2c5c76d7e53b5e4_NeikiAnalytics.exe C:\Windows\System\LkQKOqL.exe
PID 2096 wrote to memory of 2512 N/A C:\Users\Admin\AppData\Local\Temp\354158aab5576f0bc8f972e79d33bbdc01548022dd9cf4a4b2c5c76d7e53b5e4_NeikiAnalytics.exe C:\Windows\System\LkQKOqL.exe
PID 2096 wrote to memory of 2512 N/A C:\Users\Admin\AppData\Local\Temp\354158aab5576f0bc8f972e79d33bbdc01548022dd9cf4a4b2c5c76d7e53b5e4_NeikiAnalytics.exe C:\Windows\System\LkQKOqL.exe
PID 2096 wrote to memory of 3016 N/A C:\Users\Admin\AppData\Local\Temp\354158aab5576f0bc8f972e79d33bbdc01548022dd9cf4a4b2c5c76d7e53b5e4_NeikiAnalytics.exe C:\Windows\System\ATmJAIS.exe
PID 2096 wrote to memory of 3016 N/A C:\Users\Admin\AppData\Local\Temp\354158aab5576f0bc8f972e79d33bbdc01548022dd9cf4a4b2c5c76d7e53b5e4_NeikiAnalytics.exe C:\Windows\System\ATmJAIS.exe
PID 2096 wrote to memory of 3016 N/A C:\Users\Admin\AppData\Local\Temp\354158aab5576f0bc8f972e79d33bbdc01548022dd9cf4a4b2c5c76d7e53b5e4_NeikiAnalytics.exe C:\Windows\System\ATmJAIS.exe
PID 2096 wrote to memory of 2568 N/A C:\Users\Admin\AppData\Local\Temp\354158aab5576f0bc8f972e79d33bbdc01548022dd9cf4a4b2c5c76d7e53b5e4_NeikiAnalytics.exe C:\Windows\System\ICoahug.exe
PID 2096 wrote to memory of 2568 N/A C:\Users\Admin\AppData\Local\Temp\354158aab5576f0bc8f972e79d33bbdc01548022dd9cf4a4b2c5c76d7e53b5e4_NeikiAnalytics.exe C:\Windows\System\ICoahug.exe
PID 2096 wrote to memory of 2568 N/A C:\Users\Admin\AppData\Local\Temp\354158aab5576f0bc8f972e79d33bbdc01548022dd9cf4a4b2c5c76d7e53b5e4_NeikiAnalytics.exe C:\Windows\System\ICoahug.exe
PID 2096 wrote to memory of 2696 N/A C:\Users\Admin\AppData\Local\Temp\354158aab5576f0bc8f972e79d33bbdc01548022dd9cf4a4b2c5c76d7e53b5e4_NeikiAnalytics.exe C:\Windows\System\dQdSrZD.exe
PID 2096 wrote to memory of 2696 N/A C:\Users\Admin\AppData\Local\Temp\354158aab5576f0bc8f972e79d33bbdc01548022dd9cf4a4b2c5c76d7e53b5e4_NeikiAnalytics.exe C:\Windows\System\dQdSrZD.exe
PID 2096 wrote to memory of 2696 N/A C:\Users\Admin\AppData\Local\Temp\354158aab5576f0bc8f972e79d33bbdc01548022dd9cf4a4b2c5c76d7e53b5e4_NeikiAnalytics.exe C:\Windows\System\dQdSrZD.exe
PID 2096 wrote to memory of 2544 N/A C:\Users\Admin\AppData\Local\Temp\354158aab5576f0bc8f972e79d33bbdc01548022dd9cf4a4b2c5c76d7e53b5e4_NeikiAnalytics.exe C:\Windows\System\HJMjkHD.exe
PID 2096 wrote to memory of 2544 N/A C:\Users\Admin\AppData\Local\Temp\354158aab5576f0bc8f972e79d33bbdc01548022dd9cf4a4b2c5c76d7e53b5e4_NeikiAnalytics.exe C:\Windows\System\HJMjkHD.exe
PID 2096 wrote to memory of 2544 N/A C:\Users\Admin\AppData\Local\Temp\354158aab5576f0bc8f972e79d33bbdc01548022dd9cf4a4b2c5c76d7e53b5e4_NeikiAnalytics.exe C:\Windows\System\HJMjkHD.exe
PID 2096 wrote to memory of 3044 N/A C:\Users\Admin\AppData\Local\Temp\354158aab5576f0bc8f972e79d33bbdc01548022dd9cf4a4b2c5c76d7e53b5e4_NeikiAnalytics.exe C:\Windows\System\WdQnHdc.exe
PID 2096 wrote to memory of 3044 N/A C:\Users\Admin\AppData\Local\Temp\354158aab5576f0bc8f972e79d33bbdc01548022dd9cf4a4b2c5c76d7e53b5e4_NeikiAnalytics.exe C:\Windows\System\WdQnHdc.exe
PID 2096 wrote to memory of 3044 N/A C:\Users\Admin\AppData\Local\Temp\354158aab5576f0bc8f972e79d33bbdc01548022dd9cf4a4b2c5c76d7e53b5e4_NeikiAnalytics.exe C:\Windows\System\WdQnHdc.exe
PID 2096 wrote to memory of 2260 N/A C:\Users\Admin\AppData\Local\Temp\354158aab5576f0bc8f972e79d33bbdc01548022dd9cf4a4b2c5c76d7e53b5e4_NeikiAnalytics.exe C:\Windows\System\CUssHJM.exe
PID 2096 wrote to memory of 2260 N/A C:\Users\Admin\AppData\Local\Temp\354158aab5576f0bc8f972e79d33bbdc01548022dd9cf4a4b2c5c76d7e53b5e4_NeikiAnalytics.exe C:\Windows\System\CUssHJM.exe
PID 2096 wrote to memory of 2260 N/A C:\Users\Admin\AppData\Local\Temp\354158aab5576f0bc8f972e79d33bbdc01548022dd9cf4a4b2c5c76d7e53b5e4_NeikiAnalytics.exe C:\Windows\System\CUssHJM.exe
PID 2096 wrote to memory of 2676 N/A C:\Users\Admin\AppData\Local\Temp\354158aab5576f0bc8f972e79d33bbdc01548022dd9cf4a4b2c5c76d7e53b5e4_NeikiAnalytics.exe C:\Windows\System\ZENDyMb.exe
PID 2096 wrote to memory of 2676 N/A C:\Users\Admin\AppData\Local\Temp\354158aab5576f0bc8f972e79d33bbdc01548022dd9cf4a4b2c5c76d7e53b5e4_NeikiAnalytics.exe C:\Windows\System\ZENDyMb.exe
PID 2096 wrote to memory of 2676 N/A C:\Users\Admin\AppData\Local\Temp\354158aab5576f0bc8f972e79d33bbdc01548022dd9cf4a4b2c5c76d7e53b5e4_NeikiAnalytics.exe C:\Windows\System\ZENDyMb.exe
PID 2096 wrote to memory of 2556 N/A C:\Users\Admin\AppData\Local\Temp\354158aab5576f0bc8f972e79d33bbdc01548022dd9cf4a4b2c5c76d7e53b5e4_NeikiAnalytics.exe C:\Windows\System\qNdCnds.exe
PID 2096 wrote to memory of 2556 N/A C:\Users\Admin\AppData\Local\Temp\354158aab5576f0bc8f972e79d33bbdc01548022dd9cf4a4b2c5c76d7e53b5e4_NeikiAnalytics.exe C:\Windows\System\qNdCnds.exe
PID 2096 wrote to memory of 2556 N/A C:\Users\Admin\AppData\Local\Temp\354158aab5576f0bc8f972e79d33bbdc01548022dd9cf4a4b2c5c76d7e53b5e4_NeikiAnalytics.exe C:\Windows\System\qNdCnds.exe
PID 2096 wrote to memory of 2420 N/A C:\Users\Admin\AppData\Local\Temp\354158aab5576f0bc8f972e79d33bbdc01548022dd9cf4a4b2c5c76d7e53b5e4_NeikiAnalytics.exe C:\Windows\System\aWEELRb.exe
PID 2096 wrote to memory of 2420 N/A C:\Users\Admin\AppData\Local\Temp\354158aab5576f0bc8f972e79d33bbdc01548022dd9cf4a4b2c5c76d7e53b5e4_NeikiAnalytics.exe C:\Windows\System\aWEELRb.exe
PID 2096 wrote to memory of 2420 N/A C:\Users\Admin\AppData\Local\Temp\354158aab5576f0bc8f972e79d33bbdc01548022dd9cf4a4b2c5c76d7e53b5e4_NeikiAnalytics.exe C:\Windows\System\aWEELRb.exe
PID 2096 wrote to memory of 2452 N/A C:\Users\Admin\AppData\Local\Temp\354158aab5576f0bc8f972e79d33bbdc01548022dd9cf4a4b2c5c76d7e53b5e4_NeikiAnalytics.exe C:\Windows\System\pfAobqU.exe
PID 2096 wrote to memory of 2452 N/A C:\Users\Admin\AppData\Local\Temp\354158aab5576f0bc8f972e79d33bbdc01548022dd9cf4a4b2c5c76d7e53b5e4_NeikiAnalytics.exe C:\Windows\System\pfAobqU.exe
PID 2096 wrote to memory of 2452 N/A C:\Users\Admin\AppData\Local\Temp\354158aab5576f0bc8f972e79d33bbdc01548022dd9cf4a4b2c5c76d7e53b5e4_NeikiAnalytics.exe C:\Windows\System\pfAobqU.exe
PID 2096 wrote to memory of 2396 N/A C:\Users\Admin\AppData\Local\Temp\354158aab5576f0bc8f972e79d33bbdc01548022dd9cf4a4b2c5c76d7e53b5e4_NeikiAnalytics.exe C:\Windows\System\SEOFSlH.exe
PID 2096 wrote to memory of 2396 N/A C:\Users\Admin\AppData\Local\Temp\354158aab5576f0bc8f972e79d33bbdc01548022dd9cf4a4b2c5c76d7e53b5e4_NeikiAnalytics.exe C:\Windows\System\SEOFSlH.exe
PID 2096 wrote to memory of 2396 N/A C:\Users\Admin\AppData\Local\Temp\354158aab5576f0bc8f972e79d33bbdc01548022dd9cf4a4b2c5c76d7e53b5e4_NeikiAnalytics.exe C:\Windows\System\SEOFSlH.exe
PID 2096 wrote to memory of 3028 N/A C:\Users\Admin\AppData\Local\Temp\354158aab5576f0bc8f972e79d33bbdc01548022dd9cf4a4b2c5c76d7e53b5e4_NeikiAnalytics.exe C:\Windows\System\JbVeEyi.exe
PID 2096 wrote to memory of 3028 N/A C:\Users\Admin\AppData\Local\Temp\354158aab5576f0bc8f972e79d33bbdc01548022dd9cf4a4b2c5c76d7e53b5e4_NeikiAnalytics.exe C:\Windows\System\JbVeEyi.exe
PID 2096 wrote to memory of 3028 N/A C:\Users\Admin\AppData\Local\Temp\354158aab5576f0bc8f972e79d33bbdc01548022dd9cf4a4b2c5c76d7e53b5e4_NeikiAnalytics.exe C:\Windows\System\JbVeEyi.exe
PID 2096 wrote to memory of 648 N/A C:\Users\Admin\AppData\Local\Temp\354158aab5576f0bc8f972e79d33bbdc01548022dd9cf4a4b2c5c76d7e53b5e4_NeikiAnalytics.exe C:\Windows\System\VBEDNPk.exe
PID 2096 wrote to memory of 648 N/A C:\Users\Admin\AppData\Local\Temp\354158aab5576f0bc8f972e79d33bbdc01548022dd9cf4a4b2c5c76d7e53b5e4_NeikiAnalytics.exe C:\Windows\System\VBEDNPk.exe
PID 2096 wrote to memory of 648 N/A C:\Users\Admin\AppData\Local\Temp\354158aab5576f0bc8f972e79d33bbdc01548022dd9cf4a4b2c5c76d7e53b5e4_NeikiAnalytics.exe C:\Windows\System\VBEDNPk.exe
PID 2096 wrote to memory of 2008 N/A C:\Users\Admin\AppData\Local\Temp\354158aab5576f0bc8f972e79d33bbdc01548022dd9cf4a4b2c5c76d7e53b5e4_NeikiAnalytics.exe C:\Windows\System\DdOEQsb.exe
PID 2096 wrote to memory of 2008 N/A C:\Users\Admin\AppData\Local\Temp\354158aab5576f0bc8f972e79d33bbdc01548022dd9cf4a4b2c5c76d7e53b5e4_NeikiAnalytics.exe C:\Windows\System\DdOEQsb.exe
PID 2096 wrote to memory of 2008 N/A C:\Users\Admin\AppData\Local\Temp\354158aab5576f0bc8f972e79d33bbdc01548022dd9cf4a4b2c5c76d7e53b5e4_NeikiAnalytics.exe C:\Windows\System\DdOEQsb.exe
PID 2096 wrote to memory of 848 N/A C:\Users\Admin\AppData\Local\Temp\354158aab5576f0bc8f972e79d33bbdc01548022dd9cf4a4b2c5c76d7e53b5e4_NeikiAnalytics.exe C:\Windows\System\arWkbzv.exe
PID 2096 wrote to memory of 848 N/A C:\Users\Admin\AppData\Local\Temp\354158aab5576f0bc8f972e79d33bbdc01548022dd9cf4a4b2c5c76d7e53b5e4_NeikiAnalytics.exe C:\Windows\System\arWkbzv.exe
PID 2096 wrote to memory of 848 N/A C:\Users\Admin\AppData\Local\Temp\354158aab5576f0bc8f972e79d33bbdc01548022dd9cf4a4b2c5c76d7e53b5e4_NeikiAnalytics.exe C:\Windows\System\arWkbzv.exe
PID 2096 wrote to memory of 1636 N/A C:\Users\Admin\AppData\Local\Temp\354158aab5576f0bc8f972e79d33bbdc01548022dd9cf4a4b2c5c76d7e53b5e4_NeikiAnalytics.exe C:\Windows\System\fxHfhsQ.exe
PID 2096 wrote to memory of 1636 N/A C:\Users\Admin\AppData\Local\Temp\354158aab5576f0bc8f972e79d33bbdc01548022dd9cf4a4b2c5c76d7e53b5e4_NeikiAnalytics.exe C:\Windows\System\fxHfhsQ.exe
PID 2096 wrote to memory of 1636 N/A C:\Users\Admin\AppData\Local\Temp\354158aab5576f0bc8f972e79d33bbdc01548022dd9cf4a4b2c5c76d7e53b5e4_NeikiAnalytics.exe C:\Windows\System\fxHfhsQ.exe
PID 2096 wrote to memory of 2776 N/A C:\Users\Admin\AppData\Local\Temp\354158aab5576f0bc8f972e79d33bbdc01548022dd9cf4a4b2c5c76d7e53b5e4_NeikiAnalytics.exe C:\Windows\System\KkbSBEs.exe
PID 2096 wrote to memory of 2776 N/A C:\Users\Admin\AppData\Local\Temp\354158aab5576f0bc8f972e79d33bbdc01548022dd9cf4a4b2c5c76d7e53b5e4_NeikiAnalytics.exe C:\Windows\System\KkbSBEs.exe
PID 2096 wrote to memory of 2776 N/A C:\Users\Admin\AppData\Local\Temp\354158aab5576f0bc8f972e79d33bbdc01548022dd9cf4a4b2c5c76d7e53b5e4_NeikiAnalytics.exe C:\Windows\System\KkbSBEs.exe
PID 2096 wrote to memory of 2808 N/A C:\Users\Admin\AppData\Local\Temp\354158aab5576f0bc8f972e79d33bbdc01548022dd9cf4a4b2c5c76d7e53b5e4_NeikiAnalytics.exe C:\Windows\System\qAWvyXe.exe
PID 2096 wrote to memory of 2808 N/A C:\Users\Admin\AppData\Local\Temp\354158aab5576f0bc8f972e79d33bbdc01548022dd9cf4a4b2c5c76d7e53b5e4_NeikiAnalytics.exe C:\Windows\System\qAWvyXe.exe
PID 2096 wrote to memory of 2808 N/A C:\Users\Admin\AppData\Local\Temp\354158aab5576f0bc8f972e79d33bbdc01548022dd9cf4a4b2c5c76d7e53b5e4_NeikiAnalytics.exe C:\Windows\System\qAWvyXe.exe
PID 2096 wrote to memory of 2848 N/A C:\Users\Admin\AppData\Local\Temp\354158aab5576f0bc8f972e79d33bbdc01548022dd9cf4a4b2c5c76d7e53b5e4_NeikiAnalytics.exe C:\Windows\System\LHklsGY.exe
PID 2096 wrote to memory of 2848 N/A C:\Users\Admin\AppData\Local\Temp\354158aab5576f0bc8f972e79d33bbdc01548022dd9cf4a4b2c5c76d7e53b5e4_NeikiAnalytics.exe C:\Windows\System\LHklsGY.exe
PID 2096 wrote to memory of 2848 N/A C:\Users\Admin\AppData\Local\Temp\354158aab5576f0bc8f972e79d33bbdc01548022dd9cf4a4b2c5c76d7e53b5e4_NeikiAnalytics.exe C:\Windows\System\LHklsGY.exe
PID 2096 wrote to memory of 2736 N/A C:\Users\Admin\AppData\Local\Temp\354158aab5576f0bc8f972e79d33bbdc01548022dd9cf4a4b2c5c76d7e53b5e4_NeikiAnalytics.exe C:\Windows\System\LNCKdLc.exe

Processes

C:\Users\Admin\AppData\Local\Temp\354158aab5576f0bc8f972e79d33bbdc01548022dd9cf4a4b2c5c76d7e53b5e4_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\354158aab5576f0bc8f972e79d33bbdc01548022dd9cf4a4b2c5c76d7e53b5e4_NeikiAnalytics.exe"

C:\Windows\System\SVmeCuK.exe

C:\Windows\System\SVmeCuK.exe

C:\Windows\System\LkQKOqL.exe

C:\Windows\System\LkQKOqL.exe

C:\Windows\System\ATmJAIS.exe

C:\Windows\System\ATmJAIS.exe

C:\Windows\System\ICoahug.exe

C:\Windows\System\ICoahug.exe

C:\Windows\System\dQdSrZD.exe

C:\Windows\System\dQdSrZD.exe

C:\Windows\System\HJMjkHD.exe

C:\Windows\System\HJMjkHD.exe

C:\Windows\System\WdQnHdc.exe

C:\Windows\System\WdQnHdc.exe

C:\Windows\System\CUssHJM.exe

C:\Windows\System\CUssHJM.exe

C:\Windows\System\ZENDyMb.exe

C:\Windows\System\ZENDyMb.exe

C:\Windows\System\qNdCnds.exe

C:\Windows\System\qNdCnds.exe

C:\Windows\System\aWEELRb.exe

C:\Windows\System\aWEELRb.exe

C:\Windows\System\pfAobqU.exe

C:\Windows\System\pfAobqU.exe

C:\Windows\System\SEOFSlH.exe

C:\Windows\System\SEOFSlH.exe

C:\Windows\System\JbVeEyi.exe

C:\Windows\System\JbVeEyi.exe

C:\Windows\System\VBEDNPk.exe

C:\Windows\System\VBEDNPk.exe

C:\Windows\System\DdOEQsb.exe

C:\Windows\System\DdOEQsb.exe

C:\Windows\System\arWkbzv.exe

C:\Windows\System\arWkbzv.exe

C:\Windows\System\fxHfhsQ.exe

C:\Windows\System\fxHfhsQ.exe

C:\Windows\System\KkbSBEs.exe

C:\Windows\System\KkbSBEs.exe

C:\Windows\System\qAWvyXe.exe

C:\Windows\System\qAWvyXe.exe

C:\Windows\System\LHklsGY.exe

C:\Windows\System\LHklsGY.exe

C:\Windows\System\LNCKdLc.exe

C:\Windows\System\LNCKdLc.exe

C:\Windows\System\LcZtyni.exe

C:\Windows\System\LcZtyni.exe

C:\Windows\System\KWIQnEE.exe

C:\Windows\System\KWIQnEE.exe

C:\Windows\System\QPOtJED.exe

C:\Windows\System\QPOtJED.exe

C:\Windows\System\eJCzSlT.exe

C:\Windows\System\eJCzSlT.exe

C:\Windows\System\LXQCtWZ.exe

C:\Windows\System\LXQCtWZ.exe

C:\Windows\System\doCunGG.exe

C:\Windows\System\doCunGG.exe

C:\Windows\System\zGtPxqV.exe

C:\Windows\System\zGtPxqV.exe

C:\Windows\System\UHZljbI.exe

C:\Windows\System\UHZljbI.exe

C:\Windows\System\VhvgyrD.exe

C:\Windows\System\VhvgyrD.exe

C:\Windows\System\aXupaUJ.exe

C:\Windows\System\aXupaUJ.exe

C:\Windows\System\diBIPnl.exe

C:\Windows\System\diBIPnl.exe

C:\Windows\System\QBrlXOO.exe

C:\Windows\System\QBrlXOO.exe

C:\Windows\System\GEbycqZ.exe

C:\Windows\System\GEbycqZ.exe

C:\Windows\System\zafdHKh.exe

C:\Windows\System\zafdHKh.exe

C:\Windows\System\kdFSzoe.exe

C:\Windows\System\kdFSzoe.exe

C:\Windows\System\VmiBpuO.exe

C:\Windows\System\VmiBpuO.exe

C:\Windows\System\KLROize.exe

C:\Windows\System\KLROize.exe

C:\Windows\System\HYHrsmE.exe

C:\Windows\System\HYHrsmE.exe

C:\Windows\System\swyPCjA.exe

C:\Windows\System\swyPCjA.exe

C:\Windows\System\nchSxpr.exe

C:\Windows\System\nchSxpr.exe

C:\Windows\System\npnvyzl.exe

C:\Windows\System\npnvyzl.exe

C:\Windows\System\nUVHbnP.exe

C:\Windows\System\nUVHbnP.exe

C:\Windows\System\agnbjUt.exe

C:\Windows\System\agnbjUt.exe

C:\Windows\System\AQcUjYO.exe

C:\Windows\System\AQcUjYO.exe

C:\Windows\System\QbpLqAV.exe

C:\Windows\System\QbpLqAV.exe

C:\Windows\System\XwgaRiM.exe

C:\Windows\System\XwgaRiM.exe

C:\Windows\System\AyRnRGB.exe

C:\Windows\System\AyRnRGB.exe

C:\Windows\System\hHwCZNu.exe

C:\Windows\System\hHwCZNu.exe

C:\Windows\System\WvcQIFJ.exe

C:\Windows\System\WvcQIFJ.exe

C:\Windows\System\pZdwqZP.exe

C:\Windows\System\pZdwqZP.exe

C:\Windows\System\XHOVxZJ.exe

C:\Windows\System\XHOVxZJ.exe

C:\Windows\System\ZADlzbS.exe

C:\Windows\System\ZADlzbS.exe

C:\Windows\System\UCiESFP.exe

C:\Windows\System\UCiESFP.exe

C:\Windows\System\EEmSSnv.exe

C:\Windows\System\EEmSSnv.exe

C:\Windows\System\pZVghSx.exe

C:\Windows\System\pZVghSx.exe

C:\Windows\System\CecKgrO.exe

C:\Windows\System\CecKgrO.exe

C:\Windows\System\yEdsdbQ.exe

C:\Windows\System\yEdsdbQ.exe

C:\Windows\System\xLoazOe.exe

C:\Windows\System\xLoazOe.exe

C:\Windows\System\NjpgbUt.exe

C:\Windows\System\NjpgbUt.exe

C:\Windows\System\HAsUrGz.exe

C:\Windows\System\HAsUrGz.exe

C:\Windows\System\QAvdXHW.exe

C:\Windows\System\QAvdXHW.exe

C:\Windows\System\qiyXbGP.exe

C:\Windows\System\qiyXbGP.exe

C:\Windows\System\vUJQbdv.exe

C:\Windows\System\vUJQbdv.exe

C:\Windows\System\USIQWOn.exe

C:\Windows\System\USIQWOn.exe

C:\Windows\System\LEjbByB.exe

C:\Windows\System\LEjbByB.exe

C:\Windows\System\KZhKsaU.exe

C:\Windows\System\KZhKsaU.exe

C:\Windows\System\CuGkqzi.exe

C:\Windows\System\CuGkqzi.exe

C:\Windows\System\UsTTdEj.exe

C:\Windows\System\UsTTdEj.exe

C:\Windows\System\mUVDXkF.exe

C:\Windows\System\mUVDXkF.exe

C:\Windows\System\ByzszHT.exe

C:\Windows\System\ByzszHT.exe

C:\Windows\System\YZgQSxg.exe

C:\Windows\System\YZgQSxg.exe

C:\Windows\System\rdomwzn.exe

C:\Windows\System\rdomwzn.exe

C:\Windows\System\lGwkRGk.exe

C:\Windows\System\lGwkRGk.exe

C:\Windows\System\IEklhRM.exe

C:\Windows\System\IEklhRM.exe

C:\Windows\System\tQqUkpv.exe

C:\Windows\System\tQqUkpv.exe

C:\Windows\System\DOoruwd.exe

C:\Windows\System\DOoruwd.exe

C:\Windows\System\qXTsnRz.exe

C:\Windows\System\qXTsnRz.exe

C:\Windows\System\PgKgLub.exe

C:\Windows\System\PgKgLub.exe

C:\Windows\System\wDmjnoc.exe

C:\Windows\System\wDmjnoc.exe

C:\Windows\System\ElHCwin.exe

C:\Windows\System\ElHCwin.exe

C:\Windows\System\KNunTBX.exe

C:\Windows\System\KNunTBX.exe

C:\Windows\System\vBuaDCM.exe

C:\Windows\System\vBuaDCM.exe

C:\Windows\System\LZQywRE.exe

C:\Windows\System\LZQywRE.exe

C:\Windows\System\BxeSZCx.exe

C:\Windows\System\BxeSZCx.exe

C:\Windows\System\hpACeQQ.exe

C:\Windows\System\hpACeQQ.exe

C:\Windows\System\UyjoRra.exe

C:\Windows\System\UyjoRra.exe

C:\Windows\System\SaDsKrV.exe

C:\Windows\System\SaDsKrV.exe

C:\Windows\System\XHXMKpC.exe

C:\Windows\System\XHXMKpC.exe

C:\Windows\System\JCxoGKV.exe

C:\Windows\System\JCxoGKV.exe

C:\Windows\System\pTAzmIC.exe

C:\Windows\System\pTAzmIC.exe

C:\Windows\System\yAZrBUT.exe

C:\Windows\System\yAZrBUT.exe

C:\Windows\System\wUiUKbT.exe

C:\Windows\System\wUiUKbT.exe

C:\Windows\System\rrbVTyp.exe

C:\Windows\System\rrbVTyp.exe

C:\Windows\System\DrZdFsO.exe

C:\Windows\System\DrZdFsO.exe

C:\Windows\System\qZQYNIo.exe

C:\Windows\System\qZQYNIo.exe

C:\Windows\System\GgovurZ.exe

C:\Windows\System\GgovurZ.exe

C:\Windows\System\zeegkuW.exe

C:\Windows\System\zeegkuW.exe

C:\Windows\System\oEwTLDi.exe

C:\Windows\System\oEwTLDi.exe

C:\Windows\System\BCiVFZh.exe

C:\Windows\System\BCiVFZh.exe

C:\Windows\System\CFlreUw.exe

C:\Windows\System\CFlreUw.exe

C:\Windows\System\AUweFgi.exe

C:\Windows\System\AUweFgi.exe

C:\Windows\System\LfMrSuS.exe

C:\Windows\System\LfMrSuS.exe

C:\Windows\System\pyPhWks.exe

C:\Windows\System\pyPhWks.exe

C:\Windows\System\CnYWaCy.exe

C:\Windows\System\CnYWaCy.exe

C:\Windows\System\MDrdoQD.exe

C:\Windows\System\MDrdoQD.exe

C:\Windows\System\MjzgMBC.exe

C:\Windows\System\MjzgMBC.exe

C:\Windows\System\TdwGzSD.exe

C:\Windows\System\TdwGzSD.exe

C:\Windows\System\sJJyxJE.exe

C:\Windows\System\sJJyxJE.exe

C:\Windows\System\NVszsPF.exe

C:\Windows\System\NVszsPF.exe

C:\Windows\System\makMXBM.exe

C:\Windows\System\makMXBM.exe

C:\Windows\System\miBYGsH.exe

C:\Windows\System\miBYGsH.exe

C:\Windows\System\DoNQGNr.exe

C:\Windows\System\DoNQGNr.exe

C:\Windows\System\YpkgElD.exe

C:\Windows\System\YpkgElD.exe

C:\Windows\System\iDJFMlq.exe

C:\Windows\System\iDJFMlq.exe

C:\Windows\System\OtGwZgp.exe

C:\Windows\System\OtGwZgp.exe

C:\Windows\System\XIsPYXw.exe

C:\Windows\System\XIsPYXw.exe

C:\Windows\System\MUnZaIB.exe

C:\Windows\System\MUnZaIB.exe

C:\Windows\System\vtfeScX.exe

C:\Windows\System\vtfeScX.exe

C:\Windows\System\FRdelEq.exe

C:\Windows\System\FRdelEq.exe

C:\Windows\System\uXTMlcl.exe

C:\Windows\System\uXTMlcl.exe

C:\Windows\System\QhGYyHF.exe

C:\Windows\System\QhGYyHF.exe

C:\Windows\System\zYxIICu.exe

C:\Windows\System\zYxIICu.exe

C:\Windows\System\pmGQhUd.exe

C:\Windows\System\pmGQhUd.exe

C:\Windows\System\VOQjGMm.exe

C:\Windows\System\VOQjGMm.exe

C:\Windows\System\tHQgtfe.exe

C:\Windows\System\tHQgtfe.exe

C:\Windows\System\jdVxzBR.exe

C:\Windows\System\jdVxzBR.exe

C:\Windows\System\JjUUavP.exe

C:\Windows\System\JjUUavP.exe

C:\Windows\System\HHvdbJJ.exe

C:\Windows\System\HHvdbJJ.exe

C:\Windows\System\VDMoTvl.exe

C:\Windows\System\VDMoTvl.exe

C:\Windows\System\XPvbJoP.exe

C:\Windows\System\XPvbJoP.exe

C:\Windows\System\xGThtIV.exe

C:\Windows\System\xGThtIV.exe

C:\Windows\System\ZWkfPDr.exe

C:\Windows\System\ZWkfPDr.exe

C:\Windows\System\qmrwtoF.exe

C:\Windows\System\qmrwtoF.exe

C:\Windows\System\ljNLnMU.exe

C:\Windows\System\ljNLnMU.exe

C:\Windows\System\cVsqZAk.exe

C:\Windows\System\cVsqZAk.exe

C:\Windows\System\lvTQiAE.exe

C:\Windows\System\lvTQiAE.exe

C:\Windows\System\xskYnaD.exe

C:\Windows\System\xskYnaD.exe

C:\Windows\System\jYuiZFS.exe

C:\Windows\System\jYuiZFS.exe

C:\Windows\System\HmNbzVQ.exe

C:\Windows\System\HmNbzVQ.exe

C:\Windows\System\qtcSPjb.exe

C:\Windows\System\qtcSPjb.exe

C:\Windows\System\GkUCGcJ.exe

C:\Windows\System\GkUCGcJ.exe

C:\Windows\System\suRrNpY.exe

C:\Windows\System\suRrNpY.exe

C:\Windows\System\afbOSLs.exe

C:\Windows\System\afbOSLs.exe

C:\Windows\System\GelwPzC.exe

C:\Windows\System\GelwPzC.exe

C:\Windows\System\VHwmkbr.exe

C:\Windows\System\VHwmkbr.exe

C:\Windows\System\bOzNWPp.exe

C:\Windows\System\bOzNWPp.exe

C:\Windows\System\dObzAol.exe

C:\Windows\System\dObzAol.exe

C:\Windows\System\jQEOvek.exe

C:\Windows\System\jQEOvek.exe

C:\Windows\System\TNAMVuh.exe

C:\Windows\System\TNAMVuh.exe

C:\Windows\System\ostfset.exe

C:\Windows\System\ostfset.exe

C:\Windows\System\TAOzJll.exe

C:\Windows\System\TAOzJll.exe

C:\Windows\System\yLWnrth.exe

C:\Windows\System\yLWnrth.exe

C:\Windows\System\uaOxTVn.exe

C:\Windows\System\uaOxTVn.exe

C:\Windows\System\iiohnyx.exe

C:\Windows\System\iiohnyx.exe

C:\Windows\System\fzDmhWj.exe

C:\Windows\System\fzDmhWj.exe

C:\Windows\System\twMEjhS.exe

C:\Windows\System\twMEjhS.exe

C:\Windows\System\EmNLCvS.exe

C:\Windows\System\EmNLCvS.exe

C:\Windows\System\fdXnYfM.exe

C:\Windows\System\fdXnYfM.exe

C:\Windows\System\XwtGZOF.exe

C:\Windows\System\XwtGZOF.exe

C:\Windows\System\Cllvxst.exe

C:\Windows\System\Cllvxst.exe

C:\Windows\System\BdQsXFx.exe

C:\Windows\System\BdQsXFx.exe

C:\Windows\System\RaSyOFf.exe

C:\Windows\System\RaSyOFf.exe

C:\Windows\System\UdaTALS.exe

C:\Windows\System\UdaTALS.exe

C:\Windows\System\jjqmqfx.exe

C:\Windows\System\jjqmqfx.exe

C:\Windows\System\SwdTeju.exe

C:\Windows\System\SwdTeju.exe

C:\Windows\System\gZYsIAl.exe

C:\Windows\System\gZYsIAl.exe

C:\Windows\System\zEyvrBH.exe

C:\Windows\System\zEyvrBH.exe

C:\Windows\System\AMeOIfr.exe

C:\Windows\System\AMeOIfr.exe

C:\Windows\System\DEzOSxu.exe

C:\Windows\System\DEzOSxu.exe

C:\Windows\System\xRfZYYo.exe

C:\Windows\System\xRfZYYo.exe

C:\Windows\System\xoUTXob.exe

C:\Windows\System\xoUTXob.exe

C:\Windows\System\QRoFNre.exe

C:\Windows\System\QRoFNre.exe

C:\Windows\System\FaJmRoh.exe

C:\Windows\System\FaJmRoh.exe

C:\Windows\System\KSfgqfO.exe

C:\Windows\System\KSfgqfO.exe

C:\Windows\System\QVPpiYx.exe

C:\Windows\System\QVPpiYx.exe

C:\Windows\System\OruBawV.exe

C:\Windows\System\OruBawV.exe

C:\Windows\System\bDkbwIC.exe

C:\Windows\System\bDkbwIC.exe

C:\Windows\System\qXHyMbl.exe

C:\Windows\System\qXHyMbl.exe

C:\Windows\System\vghSRSb.exe

C:\Windows\System\vghSRSb.exe

C:\Windows\System\hjeumnV.exe

C:\Windows\System\hjeumnV.exe

C:\Windows\System\wKWEnuh.exe

C:\Windows\System\wKWEnuh.exe

C:\Windows\System\fEmdqNU.exe

C:\Windows\System\fEmdqNU.exe

C:\Windows\System\sJyyPoW.exe

C:\Windows\System\sJyyPoW.exe

C:\Windows\System\kKmdhDy.exe

C:\Windows\System\kKmdhDy.exe

C:\Windows\System\UQannmH.exe

C:\Windows\System\UQannmH.exe

C:\Windows\System\SIQHUUB.exe

C:\Windows\System\SIQHUUB.exe

C:\Windows\System\nuCekbf.exe

C:\Windows\System\nuCekbf.exe

C:\Windows\System\HtEaKxF.exe

C:\Windows\System\HtEaKxF.exe

C:\Windows\System\LViUdth.exe

C:\Windows\System\LViUdth.exe

C:\Windows\System\qFbVScU.exe

C:\Windows\System\qFbVScU.exe

C:\Windows\System\eJNjzum.exe

C:\Windows\System\eJNjzum.exe

C:\Windows\System\IdlEUsX.exe

C:\Windows\System\IdlEUsX.exe

C:\Windows\System\ETcoVAu.exe

C:\Windows\System\ETcoVAu.exe

C:\Windows\System\MIdRNPi.exe

C:\Windows\System\MIdRNPi.exe

C:\Windows\System\DvTsoZS.exe

C:\Windows\System\DvTsoZS.exe

C:\Windows\System\KoxUHvq.exe

C:\Windows\System\KoxUHvq.exe

C:\Windows\System\SEWJZeM.exe

C:\Windows\System\SEWJZeM.exe

C:\Windows\System\AtrkcQF.exe

C:\Windows\System\AtrkcQF.exe

C:\Windows\System\PFJNNEH.exe

C:\Windows\System\PFJNNEH.exe

C:\Windows\System\OygMMgx.exe

C:\Windows\System\OygMMgx.exe

C:\Windows\System\vPvCdfa.exe

C:\Windows\System\vPvCdfa.exe

C:\Windows\System\uZYLcPL.exe

C:\Windows\System\uZYLcPL.exe

C:\Windows\System\SSvflYL.exe

C:\Windows\System\SSvflYL.exe

C:\Windows\System\snBoaQl.exe

C:\Windows\System\snBoaQl.exe

C:\Windows\System\mNJUcqR.exe

C:\Windows\System\mNJUcqR.exe

C:\Windows\System\jNMVMma.exe

C:\Windows\System\jNMVMma.exe

C:\Windows\System\ZCFaeTL.exe

C:\Windows\System\ZCFaeTL.exe

C:\Windows\System\rKDYZMn.exe

C:\Windows\System\rKDYZMn.exe

C:\Windows\System\qCBtWEw.exe

C:\Windows\System\qCBtWEw.exe

C:\Windows\System\jCxcvxF.exe

C:\Windows\System\jCxcvxF.exe

C:\Windows\System\Vwytgib.exe

C:\Windows\System\Vwytgib.exe

C:\Windows\System\BDbsLDm.exe

C:\Windows\System\BDbsLDm.exe

C:\Windows\System\ioJrWzB.exe

C:\Windows\System\ioJrWzB.exe

C:\Windows\System\OTadOxZ.exe

C:\Windows\System\OTadOxZ.exe

C:\Windows\System\JxVrWjp.exe

C:\Windows\System\JxVrWjp.exe

C:\Windows\System\DVUWbJq.exe

C:\Windows\System\DVUWbJq.exe

C:\Windows\System\lblhwNC.exe

C:\Windows\System\lblhwNC.exe

C:\Windows\System\AUVQGrc.exe

C:\Windows\System\AUVQGrc.exe

C:\Windows\System\DktsNHH.exe

C:\Windows\System\DktsNHH.exe

C:\Windows\System\BEHQbwp.exe

C:\Windows\System\BEHQbwp.exe

C:\Windows\System\SAktHGT.exe

C:\Windows\System\SAktHGT.exe

C:\Windows\System\lMMNQxX.exe

C:\Windows\System\lMMNQxX.exe

C:\Windows\System\FSCYMam.exe

C:\Windows\System\FSCYMam.exe

C:\Windows\System\YEQyMVK.exe

C:\Windows\System\YEQyMVK.exe

C:\Windows\System\FiuzXgo.exe

C:\Windows\System\FiuzXgo.exe

C:\Windows\System\PvliOZP.exe

C:\Windows\System\PvliOZP.exe

C:\Windows\System\MJlnMYr.exe

C:\Windows\System\MJlnMYr.exe

C:\Windows\System\lRkdjQd.exe

C:\Windows\System\lRkdjQd.exe

C:\Windows\System\NDqZqwM.exe

C:\Windows\System\NDqZqwM.exe

C:\Windows\System\gTzhyXd.exe

C:\Windows\System\gTzhyXd.exe

C:\Windows\System\puGujJu.exe

C:\Windows\System\puGujJu.exe

C:\Windows\System\YOTHpsF.exe

C:\Windows\System\YOTHpsF.exe

C:\Windows\System\JyJVoBi.exe

C:\Windows\System\JyJVoBi.exe

C:\Windows\System\aflnFZx.exe

C:\Windows\System\aflnFZx.exe

C:\Windows\System\eQULodQ.exe

C:\Windows\System\eQULodQ.exe

C:\Windows\System\lJrwzif.exe

C:\Windows\System\lJrwzif.exe

C:\Windows\System\mrzTESP.exe

C:\Windows\System\mrzTESP.exe

C:\Windows\System\pUxDMcN.exe

C:\Windows\System\pUxDMcN.exe

C:\Windows\System\rZOonVO.exe

C:\Windows\System\rZOonVO.exe

C:\Windows\System\IXpAjHp.exe

C:\Windows\System\IXpAjHp.exe

C:\Windows\System\FUnYQPq.exe

C:\Windows\System\FUnYQPq.exe

C:\Windows\System\mQpMmSG.exe

C:\Windows\System\mQpMmSG.exe

C:\Windows\System\rRjSNsN.exe

C:\Windows\System\rRjSNsN.exe

C:\Windows\System\DxdOLiN.exe

C:\Windows\System\DxdOLiN.exe

C:\Windows\System\wUWindc.exe

C:\Windows\System\wUWindc.exe

C:\Windows\System\TsFSXJv.exe

C:\Windows\System\TsFSXJv.exe

C:\Windows\System\MtMSXSC.exe

C:\Windows\System\MtMSXSC.exe

C:\Windows\System\IzotCvP.exe

C:\Windows\System\IzotCvP.exe

C:\Windows\System\iohQIBb.exe

C:\Windows\System\iohQIBb.exe

C:\Windows\System\OYreOnq.exe

C:\Windows\System\OYreOnq.exe

C:\Windows\System\jQNLqCS.exe

C:\Windows\System\jQNLqCS.exe

C:\Windows\System\CzaDtHm.exe

C:\Windows\System\CzaDtHm.exe

C:\Windows\System\EalpAYz.exe

C:\Windows\System\EalpAYz.exe

C:\Windows\System\jvgbWDH.exe

C:\Windows\System\jvgbWDH.exe

C:\Windows\System\LDzMCPJ.exe

C:\Windows\System\LDzMCPJ.exe

C:\Windows\System\PYifBHr.exe

C:\Windows\System\PYifBHr.exe

C:\Windows\System\NZGerJw.exe

C:\Windows\System\NZGerJw.exe

C:\Windows\System\hWpeODD.exe

C:\Windows\System\hWpeODD.exe

C:\Windows\System\XbmWzOw.exe

C:\Windows\System\XbmWzOw.exe

C:\Windows\System\TWwyuZf.exe

C:\Windows\System\TWwyuZf.exe

C:\Windows\System\uxmPoBq.exe

C:\Windows\System\uxmPoBq.exe

C:\Windows\System\AcrfkAw.exe

C:\Windows\System\AcrfkAw.exe

C:\Windows\System\jMIwcqZ.exe

C:\Windows\System\jMIwcqZ.exe

C:\Windows\System\tbdjJhM.exe

C:\Windows\System\tbdjJhM.exe

C:\Windows\System\QwRzrDz.exe

C:\Windows\System\QwRzrDz.exe

C:\Windows\System\FBkSQLA.exe

C:\Windows\System\FBkSQLA.exe

C:\Windows\System\EzYvnLC.exe

C:\Windows\System\EzYvnLC.exe

C:\Windows\System\DNfwbSF.exe

C:\Windows\System\DNfwbSF.exe

C:\Windows\System\zOIfMYR.exe

C:\Windows\System\zOIfMYR.exe

C:\Windows\System\lxSVvQZ.exe

C:\Windows\System\lxSVvQZ.exe

C:\Windows\System\jdIbldV.exe

C:\Windows\System\jdIbldV.exe

C:\Windows\System\uuIfokF.exe

C:\Windows\System\uuIfokF.exe

C:\Windows\System\JQGacRT.exe

C:\Windows\System\JQGacRT.exe

C:\Windows\System\AvQwGJc.exe

C:\Windows\System\AvQwGJc.exe

C:\Windows\System\UbILIUK.exe

C:\Windows\System\UbILIUK.exe

C:\Windows\System\ryaJZHg.exe

C:\Windows\System\ryaJZHg.exe

C:\Windows\System\UkUOBcQ.exe

C:\Windows\System\UkUOBcQ.exe

C:\Windows\System\yZbqIjO.exe

C:\Windows\System\yZbqIjO.exe

C:\Windows\System\GDWzigA.exe

C:\Windows\System\GDWzigA.exe

C:\Windows\System\zkGCwcc.exe

C:\Windows\System\zkGCwcc.exe

C:\Windows\System\izsnBXK.exe

C:\Windows\System\izsnBXK.exe

C:\Windows\System\dKzEnZp.exe

C:\Windows\System\dKzEnZp.exe

C:\Windows\System\oaajCUd.exe

C:\Windows\System\oaajCUd.exe

C:\Windows\System\yIYcwBK.exe

C:\Windows\System\yIYcwBK.exe

C:\Windows\System\HZDsyKW.exe

C:\Windows\System\HZDsyKW.exe

C:\Windows\System\lhdVgcM.exe

C:\Windows\System\lhdVgcM.exe

C:\Windows\System\ekdbMYK.exe

C:\Windows\System\ekdbMYK.exe

C:\Windows\System\dUbrfqJ.exe

C:\Windows\System\dUbrfqJ.exe

C:\Windows\System\UlChXrV.exe

C:\Windows\System\UlChXrV.exe

C:\Windows\System\QkBeJey.exe

C:\Windows\System\QkBeJey.exe

C:\Windows\System\zXsSPhJ.exe

C:\Windows\System\zXsSPhJ.exe

C:\Windows\System\umQZTfB.exe

C:\Windows\System\umQZTfB.exe

C:\Windows\System\XfZzziS.exe

C:\Windows\System\XfZzziS.exe

C:\Windows\System\xctElhS.exe

C:\Windows\System\xctElhS.exe

C:\Windows\System\GLTyNSH.exe

C:\Windows\System\GLTyNSH.exe

C:\Windows\System\eFHErwQ.exe

C:\Windows\System\eFHErwQ.exe

C:\Windows\System\gSObmFr.exe

C:\Windows\System\gSObmFr.exe

C:\Windows\System\vFHOtMt.exe

C:\Windows\System\vFHOtMt.exe

C:\Windows\System\VWmiYOW.exe

C:\Windows\System\VWmiYOW.exe

C:\Windows\System\NFIUTnn.exe

C:\Windows\System\NFIUTnn.exe

C:\Windows\System\ajGMRKs.exe

C:\Windows\System\ajGMRKs.exe

C:\Windows\System\lAmAfpA.exe

C:\Windows\System\lAmAfpA.exe

C:\Windows\System\JYhrnAx.exe

C:\Windows\System\JYhrnAx.exe

C:\Windows\System\wUbHwRF.exe

C:\Windows\System\wUbHwRF.exe

C:\Windows\System\yuhoYJf.exe

C:\Windows\System\yuhoYJf.exe

C:\Windows\System\jDVemDb.exe

C:\Windows\System\jDVemDb.exe

C:\Windows\System\gnYRVCd.exe

C:\Windows\System\gnYRVCd.exe

C:\Windows\System\eEeGTyw.exe

C:\Windows\System\eEeGTyw.exe

C:\Windows\System\tBjCRBv.exe

C:\Windows\System\tBjCRBv.exe

C:\Windows\System\AubJntX.exe

C:\Windows\System\AubJntX.exe

C:\Windows\System\IoLXCFc.exe

C:\Windows\System\IoLXCFc.exe

C:\Windows\System\DdtzbWN.exe

C:\Windows\System\DdtzbWN.exe

C:\Windows\System\iircxYP.exe

C:\Windows\System\iircxYP.exe

C:\Windows\System\VsUabEH.exe

C:\Windows\System\VsUabEH.exe

C:\Windows\System\ZPbutFH.exe

C:\Windows\System\ZPbutFH.exe

C:\Windows\System\lstwZWT.exe

C:\Windows\System\lstwZWT.exe

C:\Windows\System\asuGcpg.exe

C:\Windows\System\asuGcpg.exe

C:\Windows\System\eDYNydN.exe

C:\Windows\System\eDYNydN.exe

C:\Windows\System\VtHBcdC.exe

C:\Windows\System\VtHBcdC.exe

C:\Windows\System\tNaLCZE.exe

C:\Windows\System\tNaLCZE.exe

C:\Windows\System\VRwnhpo.exe

C:\Windows\System\VRwnhpo.exe

C:\Windows\System\bKWNeCA.exe

C:\Windows\System\bKWNeCA.exe

C:\Windows\System\lfcyrPj.exe

C:\Windows\System\lfcyrPj.exe

Network

Country Destination Domain Proto
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp

Files

memory/2096-0-0x00000000001F0000-0x0000000000200000-memory.dmp

\Windows\system\SVmeCuK.exe

MD5 03d4ed31af3ea8c392ab8a9b790d252c
SHA1 0be54e5c42a3cd255944654d96a6e2e8a976eab0
SHA256 953fa452e48eac2667a09e7993f8303839d9050b6d23aacc7a4c63c4aee8581c
SHA512 a07e53691a664e3390f78f1907fa7d319c1b73e32507fbc5afb9d8c9aa19aaa31540f61f6ce7672370a24b7de5ffae95f53c4b07f1e056a09bb0f340416ad369

C:\Windows\system\LkQKOqL.exe

MD5 0731ba3e56c0295f604e3e96340752fd
SHA1 d0493b9ca8fef6a5e08f0739217d2deb5617718d
SHA256 6f694c49536d237af7cbd87a0fd139195021434c3ed880d24ef9c77ace819525
SHA512 ecf6015bb3268d89c8bb81465a1fa10b50dd52a21babef3f05339a02a790cea12d4f8c6e70e8b9cb23cbabe31c7f795f368172102b2eb1db2a357a08f689e454

C:\Windows\system\ATmJAIS.exe

MD5 a31bced9681cf182581ece2dfaf51a4a
SHA1 64204c9142e6e1e95144fb89f84818d00eafc66e
SHA256 7397f41acfaa2804f1903f8d2d2946b2fbe9fc3babc77c6b6f81bd697cf8eca4
SHA512 fe282ef49b174dd63e31b1421812be90e5ea6e3e81af0391de37cd1671434dbd10275f48f797008e4f6126970535aad924b1e3873bb99fd6b87122599f774ee1

C:\Windows\system\ICoahug.exe

MD5 9904e27e3b95ee5a4ccef71f7180c37c
SHA1 d766711a4e2608fc9c0e108b817f984b48b9340a
SHA256 f862f31b78c9fac34bdcd479a542dcc3ef266a0b902176d2de79849c982ec35e
SHA512 1c8b535bd798e7caf4b93acc1cb196d1090c658d9e0cab1e1cd342b6c811c73b0b73e0ecba73b815e9327b4f44cbd1eb3926b2d687219d13c904bf8b840c1ef7

C:\Windows\system\dQdSrZD.exe

MD5 cae84ab42493c9587801e556d4126612
SHA1 3bd934a012775029384bb5f6316d3d735be08d9b
SHA256 ef006542f2f25e0ff700bf616fc28fd80fb748be469baabedd3dd9fa645ebf37
SHA512 adb906af23b082641998836ec675c625b9d40f2a2905e3e2a2cc428d148a877822da8e3f9f266e4a2b13769ee107cdf279a7b1a369e37aab07be27187551a6df

C:\Windows\system\HJMjkHD.exe

MD5 b201de088edec9be26420863dca3ba0b
SHA1 258ed98ffd271b3ac5c860094d20b4ec299f1b89
SHA256 767317b2f2dc734c1fe6fd20cec334bc131566609da171d188348af28e382105
SHA512 ba56d96f9b16da16e3f07eaef959df12d1eea99ca7aedf38517173cb8a5cf3c9c51df113b56535ba1876d6181fd643ed5cd176d3fb795ab8fc510bfb02b0e5ce

C:\Windows\system\WdQnHdc.exe

MD5 fdb37c801c2b5d53fd8b47191e8b1c72
SHA1 838a671788be0b9d8f22cedce4a0c55ab480e6e4
SHA256 dfb2483889299d04903bbf92179aba1f6cd7d24b3ebfbb0104498b7c11dcc575
SHA512 bf9b1be89c40a3322975b474669f93792072e784fee64c505564c561b2d9e585b6c0d3c38248d72b494fbf8b5bd7b30213035601ddaa8b59a500801ce8e4d8b1

C:\Windows\system\CUssHJM.exe

MD5 e4931cd810897b2110614f18be9ea79c
SHA1 e15f184237b12cdfe31bd85a522f119dcb4b5265
SHA256 bfa2a80f971038bdfc537ca560e3a6b779843c95f61d438dadf84db1ef322fcb
SHA512 94ebafcf7f90381ba1c77131ba687d30c96bc7c625553d6e94fb776251fa90cfd9162ea45e24aa9a2c0bbd72c596120122d52819f77bd006b5e8de5912eef4ce

C:\Windows\system\qNdCnds.exe

MD5 a681d6762d9b34643d6fadb7cc17e128
SHA1 4af5d1f37bd27ee2fa23a71f0c00e3dc4dd92149
SHA256 bc5172ad8fe4b963dece8897fe205adcdf4c842c761565888fcbd00645499b95
SHA512 b6afb8f640d64847a4ac6c792945455731b6b2c859a3d2dbefb280f0db0f496fad8755a86b93f2c4a2891b7b648c2beb1c9f79fb9979c10e57a2f39fbf8fe829

C:\Windows\system\pfAobqU.exe

MD5 34ab0a0c0a40d7b1db130a26dcecf0f0
SHA1 ba8e67b74c8d041946d4fb082997b6306c53aaa6
SHA256 a1c209bbea500333f4b9074715bc4fab821abc5883b0bb1d749d51e0726f5127
SHA512 439516da6e03ccd5422592f7b2fae05ed82918a79d30bf1e165f80c33b6cbdeacaf6a9426ed0933f7eb25d0132c1fa95902ec6810fb45b3cc653d6f6acc015b0

C:\Windows\system\JbVeEyi.exe

MD5 c94b13d16a3da3344d4fdb804d51045c
SHA1 76f349541ffa0b07d93296fc2645ecd4d3a25de6
SHA256 5c6cb99bd661017e320ff444f98d0fcf5b72155742d5b8771208c5da27f1cb47
SHA512 9a8a9be0f8f55fe027928eae8c29c62600bc9c5bd8176752b6cd8c06cf30c0fe15ff190e6772cf081dd03401dd05c1139cb517c2f7b8f67c369d3c8e909bd081

C:\Windows\system\DdOEQsb.exe

MD5 23a93331bfd3271b4906f39f247b6d9f
SHA1 e59e2a4542c0ec652d322a2cd56f969d57bbc1f5
SHA256 47f261785c95b5005987a1e54cd4dac12f1a284712b18b2c43e28cff1c66b770
SHA512 b374d419424e9c23c5b0a8d0121986eea2228db45482b6867e19482f596d7a4c75fe8ed2b889c86cd5be95e8ee0139d51d3f6eeb2903353dced07da7bfc3a4d2

C:\Windows\system\qAWvyXe.exe

MD5 149684e7e917b9c650cb7e05b12ce57c
SHA1 010cb447b0140d2bbfd8573124c0539c58f7afec
SHA256 15f21a88c938a0771cef6bf6e3e9924a047288c3ff472c8a5e2955a24ce679ad
SHA512 f976665d57c1dcd01fa1e4fca968679d3affbfaa27b4359e05fcf5448e183f43b77050ebb30ed01cf0ca1d08e97c8e7b0048746e3268b3ea17748ffb0239af53

C:\Windows\system\KWIQnEE.exe

MD5 8fbb3ffa4d2749e638c35d43d6134a7e
SHA1 2d555123096768d60e39a0c13f4884ee18984823
SHA256 a0701d09c3521e26ab2314c7320dda9cb1cf943bf214e66336c4351a90f1a74e
SHA512 f94457d86c20596f6fe611ad91bc01068440569311d0816cbe5adf3e329208a6318d79d7d75aa344a9b42e3bf3e31f1adf718bca286061befeed6a0607bd0736

C:\Windows\system\LXQCtWZ.exe

MD5 cf3c1c7485f4730f4a6098c041f8a1e5
SHA1 f860c1749986fef30e9f33edefee8b0cfad7a077
SHA256 83ebf856624d12f5f3cd983d98b7ce6238f14ba06f49969aef033eba0704e3ee
SHA512 f5dd43496f1323d74557825d30533f1b3b1128e5f3bdf7a851327e748e28801504b5b779505ad669927ed0215c3be8d6988d6f351a4e03d9a7ff7392f867c984

C:\Windows\system\eJCzSlT.exe

MD5 14978510bcfbb5810410db0aa7890ad1
SHA1 61b66455af46431a708b95c226c463b6b236a05d
SHA256 7849819ae475340249e7f427d74373781d7ac155f8715d9cbc86fce3ff883b74
SHA512 e9821f26ceaf5a7fe86f3fcc6d1e51232c401ac7fa0e0a460cacaa35ba6d6ac4b1948c5227d9ccc3ce4b8e069ac319373aea0ba04bf4e2608e2955d174c75a50

C:\Windows\system\QPOtJED.exe

MD5 8b400c950dd07aee0e94193176a42ddd
SHA1 a62bb3937b36942641ba372a3105a92a97493bea
SHA256 b45000a41731599c47ab75f590f935d667925d26879a791038108f84077fcc79
SHA512 0dc5f9b23e5d479ba4c91fd58d43e5b539d5ee77db5542deae433289f62ba2da1829a32dadfbab588d79af660c301dc3d65d9720f2fb66805c47f8e34a583539

C:\Windows\system\doCunGG.exe

MD5 40a020a5229a65a7f355b0fad62f91f6
SHA1 a8317e30a194a8ad9f6a0ed7d8816ac672aed12e
SHA256 f5ea77393cce6a3be67d43981e820caf5b1e6561852776abbb0d6d03885fa3b8
SHA512 d25248466f80e02dccef7979a6ea49161ef665e3147319b89d675d95675c49d1ff60c1ea6fa4692b6fccfcd2613047f763e17ccb5e6f08fc5eca722bd9b4e49a

C:\Windows\system\UHZljbI.exe

MD5 3358f6b5a906d5887a6ccf6ac00e60d5
SHA1 61ce783f06b49ceb9fd1c23f044ad23ba403e449
SHA256 1db136859fda415e3377a898cf98efc672cf7c997fd257d0277e1e9a2ba1cb37
SHA512 7d85f75090647c1c3c4449c5af77bbc3659645adaa18637c4528a11422f6b4a10abdb2ba20439acc0793b6232fcc33879082e1c9e3597afd6a593a7a8bef38b5

C:\Windows\system\aXupaUJ.exe

MD5 1c554b4bb3bb64896d7a9a4fbdaf1ad5
SHA1 a856d71971e24f6945fbcd5f5890d672e5ced084
SHA256 25372c00005672e0c7537349b2251bb06f35e82d22de76bd7bac2adb737643ba
SHA512 fa7b9830d13c86aa2b3b5d35e2bbb42be43f71ee27bfeffaad667d9751e709f45bce3f5c67d3e7fd90ab224ee579d2040ea09d68c167ed70446862de345f964c

C:\Windows\system\VhvgyrD.exe

MD5 35b94f74c14afa2730f79ff57fd29a06
SHA1 405060d1666e325c2259f94ee5370541d29db910
SHA256 29c6bb02d61ccf704b534f1d5f99551fb8a51ab8273a85002b0285f0cc7db862
SHA512 496c3159186affa19b6bc7b2098a24d56868102348117e099089014e7c2a50baca9e6be1f0813ec03b4ec7fe009f6c812fb45354c5187e95bef7503ebe216473

C:\Windows\system\zGtPxqV.exe

MD5 aeced3a070c11d2ccde5feaa4e1e0e51
SHA1 19a6ed20699cb0b29e53d33aac2a153999f5544b
SHA256 e6157e0c9e16c89c38c6d6a8715a7086e909fb9bf3d0a35e39f23505ff6075d4
SHA512 e800a5262cea9b9bd1374c5c9cf00a92942bb9598fec48793c2383942ff915796e640ae2a35d26bb62acfd8c3088c466cbb3a344317c10700738f9d6ed7d92cc

C:\Windows\system\LcZtyni.exe

MD5 4429281380ca26ddac89d6bba5be4890
SHA1 0ffacd1c3c1ddb46d5e554b7378cd578340705fb
SHA256 478708647b6eee719dd0d3879aace55bebeddcd8b422d1d4c40f341275012478
SHA512 fec761cd9de3427e2de036c7016186f87af7fc31469a723ecb9a1778328268684f0b8f1ebf64cfe8742e4a03291ec83dd239ddda75c2fcd549211cf8c51e3af7

C:\Windows\system\LNCKdLc.exe

MD5 8468b961bf264bf0ed53136293896a4c
SHA1 e18e8cdf7190833d06eb77008b92cfc3af15ad7b
SHA256 e44f9d9b14cc64db567ffe4a39f33f951f6fbf88953b2d43c06e5d2e3f36d059
SHA512 ac1c57f7c21453901ec9c03ffeef048420cf05cda74d2580391550995757103b63b7dca9737012dd7c30dd416c759f152f8412124b4afbbfb95cc602f99d2673

C:\Windows\system\LHklsGY.exe

MD5 390bf21d25cb5f305c3c366f3c9d95f3
SHA1 289b457a8df09414c07e901f29506a668e116524
SHA256 c005ae52373512bae4ef5cf899b242f1b6f8c4b3b346894d76c85fba8875c8fb
SHA512 4cdcc075d2d37821316595d9471341b2a07ccd8bc67c6bd0afadb84d1f8a5d09617ce21ee1c99955c9c3240b20e815e80a0d720ba1e93aa5ceb1f918288d3afd

C:\Windows\system\KkbSBEs.exe

MD5 97e0a254c69d6336e461d5418eba65ab
SHA1 74c72250d7c222d6372134bfad519576502dd564
SHA256 b43cdf679a03aa65a1d2ddabb595d5410ff71b50abd02b4f3717c3992ec9ee57
SHA512 f89a4a1c39b506ec1d37aef299955592e92784c3f535ab13486b64ca0b68a1d6df2426a2eccdcec57c560f9c76e30bb8842c5363cf66af504e7e4d93dff34d5e

C:\Windows\system\fxHfhsQ.exe

MD5 cf33a7db15733051495ada98aa686305
SHA1 9cd4dfe8f4f61edc546132fe91c92120935132ac
SHA256 3b904d87d30778a5c483534a327de82606cde8e1dd7e77a3496b6faa5575d092
SHA512 9148a693ab7c31f07543a7f42be8381c60580a30dce40482bf83fb45b2092c586612ef3a6a5af843b80c00cbb970c8a1bffee87a7cb35a1e2aee2d9d9a84c84b

C:\Windows\system\arWkbzv.exe

MD5 6ead59165d0f64b25ce408219cd531fd
SHA1 3be37d927b8338564834b31e270a382f68a70872
SHA256 f1b1a76aac2b2fdd72360582db31a8e3a9b92cbeb3774f7db1a0f923804921cc
SHA512 964b9df966da21ce8ceb79763516918e5caa84bc40b83184b55c58c5183ddbe254a325bddac0a08e70016d5961a229b2f6ff59f4952fbf3d2f5d40327edc3a8c

C:\Windows\system\VBEDNPk.exe

MD5 b56b08b29a888dd54f1c8a8311b67065
SHA1 cba5f81b2d9450e19642ca5df73dd945ad3d09a7
SHA256 5d05b4ecf3f1a4ffc3a061f9ae7895345d637f447b0565527ec20806b1b895f9
SHA512 e337743e507c913c74c1f25f2cde5a4701e074a5fa0f39f694cecd9a653ebc26534e7d8912bd71847cf22969a485822b26fd5413d143b69db963514f05004687

C:\Windows\system\SEOFSlH.exe

MD5 997dc9a89a95ade2e0e8877315939c06
SHA1 39abe0b4368be266936f43537771beadc5eacbbc
SHA256 3dfbba9dc18a9d1a7563a1ecb848da1796d0422ff4c8e520cf439712ad6a5464
SHA512 f9f0eaa97c9bc2b896ed47cecb64fe53cdb2d1a55a576459f6501e380e2180085000be2c73025d90d3343f09d2e293cdd4f8134bfc5e73af2803b003829cb35b

C:\Windows\system\aWEELRb.exe

MD5 fa70b1852504ed5a4fd6724051252923
SHA1 6177baa5d7d25e44ee9adb793c9211b90d4a0ab3
SHA256 abc43464d8933d2abcb51c37ad45a6e5f1b75ea8d9391c8d37c79bf94254a4d8
SHA512 09431bc4df871b4fe4ed8f7f7571a939d2387c9f8259a55f6cd532c868100a752c123b137ad616b7740b9396ad2f57195a29ffead51c4ac56f9c4c6538248fae

C:\Windows\system\ZENDyMb.exe

MD5 25ae87406ba79bbd3a7aef2938525b9e
SHA1 a75dddd346a96b8c5dc119d2c5706c6a17e0ac5a
SHA256 14e508be749602188a4a9a11f2479a572a3064b763e57549929166179e84982b
SHA512 5e0239ca81606b17f2e0a9540c8aa0cb90aa8878d2c81f82283afee7d1372edef47c8b60cdcf010a3d8fb3d2d654daa467efcf62c6876982296c939629aff585