Malware Analysis Report

2024-10-16 07:52

Sample ID 240531-bgy3naac59
Target 709f39a0a7c99988fb0a9ba92034f780_NeikiAnalytics.exe
SHA256 154def298802f080755af677a9e6e1871db727e782d1e47dac434c5eb85bec0b
Tags
miner upx kpot xmrig stealer trojan
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

154def298802f080755af677a9e6e1871db727e782d1e47dac434c5eb85bec0b

Threat Level: Known bad

The file 709f39a0a7c99988fb0a9ba92034f780_NeikiAnalytics.exe was found to be: Known bad.

Malicious Activity Summary

miner upx kpot xmrig stealer trojan

xmrig

XMRig Miner payload

Xmrig family

KPOT

Kpot family

KPOT Core Executable

XMRig Miner payload

Executes dropped EXE

Loads dropped DLL

UPX packed file

Drops file in Windows directory

Unsigned PE

Suspicious use of AdjustPrivilegeToken

Suspicious use of WriteProcessMemory

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-05-31 01:07

Signatures

KPOT Core Executable

Description Indicator Process Target
N/A N/A N/A N/A

Kpot family

kpot

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A

Xmrig family

xmrig

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-05-31 01:07

Reported

2024-05-31 01:10

Platform

win7-20231129-en

Max time kernel

138s

Max time network

148s

Command Line

"C:\Users\Admin\AppData\Local\Temp\709f39a0a7c99988fb0a9ba92034f780_NeikiAnalytics.exe"

Signatures

KPOT

trojan stealer kpot

KPOT Core Executable

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

xmrig

miner xmrig

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Windows\System\cYfMdWs.exe N/A
N/A N/A C:\Windows\System\wuxBtCc.exe N/A
N/A N/A C:\Windows\System\knKSeMf.exe N/A
N/A N/A C:\Windows\System\njDTINc.exe N/A
N/A N/A C:\Windows\System\rHRHDho.exe N/A
N/A N/A C:\Windows\System\JcGqtth.exe N/A
N/A N/A C:\Windows\System\AknYNRU.exe N/A
N/A N/A C:\Windows\System\xOrQcag.exe N/A
N/A N/A C:\Windows\System\ploIkUB.exe N/A
N/A N/A C:\Windows\System\vlDHoOz.exe N/A
N/A N/A C:\Windows\System\fBERhKv.exe N/A
N/A N/A C:\Windows\System\cPFzhOV.exe N/A
N/A N/A C:\Windows\System\UUiaxXh.exe N/A
N/A N/A C:\Windows\System\caYRDXa.exe N/A
N/A N/A C:\Windows\System\PjwJdhl.exe N/A
N/A N/A C:\Windows\System\ZbcazIu.exe N/A
N/A N/A C:\Windows\System\mueSlGD.exe N/A
N/A N/A C:\Windows\System\FqcmIZU.exe N/A
N/A N/A C:\Windows\System\kpOUTdv.exe N/A
N/A N/A C:\Windows\System\QWViZPo.exe N/A
N/A N/A C:\Windows\System\ddqQUcX.exe N/A
N/A N/A C:\Windows\System\eKcvMiY.exe N/A
N/A N/A C:\Windows\System\RfbenzZ.exe N/A
N/A N/A C:\Windows\System\MVCzSnQ.exe N/A
N/A N/A C:\Windows\System\diAxTyU.exe N/A
N/A N/A C:\Windows\System\yQNdpgN.exe N/A
N/A N/A C:\Windows\System\zFWIFgh.exe N/A
N/A N/A C:\Windows\System\BDYQKye.exe N/A
N/A N/A C:\Windows\System\ndnZULx.exe N/A
N/A N/A C:\Windows\System\OLyqCai.exe N/A
N/A N/A C:\Windows\System\HQRiUcx.exe N/A
N/A N/A C:\Windows\System\IZIrpeQ.exe N/A
N/A N/A C:\Windows\System\aHDXcak.exe N/A
N/A N/A C:\Windows\System\ANvXhKM.exe N/A
N/A N/A C:\Windows\System\KRrpEXH.exe N/A
N/A N/A C:\Windows\System\SPGvksA.exe N/A
N/A N/A C:\Windows\System\vtIqsdr.exe N/A
N/A N/A C:\Windows\System\TKgvtyz.exe N/A
N/A N/A C:\Windows\System\IesneCW.exe N/A
N/A N/A C:\Windows\System\KSFFdAg.exe N/A
N/A N/A C:\Windows\System\psoAHGw.exe N/A
N/A N/A C:\Windows\System\jLxaeud.exe N/A
N/A N/A C:\Windows\System\kNBCbcM.exe N/A
N/A N/A C:\Windows\System\POOpXJE.exe N/A
N/A N/A C:\Windows\System\LmJpWLT.exe N/A
N/A N/A C:\Windows\System\AwfKZyk.exe N/A
N/A N/A C:\Windows\System\iHLXoqE.exe N/A
N/A N/A C:\Windows\System\JFziQON.exe N/A
N/A N/A C:\Windows\System\HoisnFz.exe N/A
N/A N/A C:\Windows\System\ttrWmet.exe N/A
N/A N/A C:\Windows\System\fbRidfR.exe N/A
N/A N/A C:\Windows\System\yJtCauu.exe N/A
N/A N/A C:\Windows\System\bzPhZMJ.exe N/A
N/A N/A C:\Windows\System\inuDErT.exe N/A
N/A N/A C:\Windows\System\pkXIzPq.exe N/A
N/A N/A C:\Windows\System\NdlStet.exe N/A
N/A N/A C:\Windows\System\jblODTY.exe N/A
N/A N/A C:\Windows\System\gElIlDE.exe N/A
N/A N/A C:\Windows\System\MnjGahQ.exe N/A
N/A N/A C:\Windows\System\qHWzYQC.exe N/A
N/A N/A C:\Windows\System\GzvGvQL.exe N/A
N/A N/A C:\Windows\System\DUbfytI.exe N/A
N/A N/A C:\Windows\System\zTBLMtF.exe N/A
N/A N/A C:\Windows\System\ZztkyUl.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\709f39a0a7c99988fb0a9ba92034f780_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\709f39a0a7c99988fb0a9ba92034f780_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\709f39a0a7c99988fb0a9ba92034f780_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\709f39a0a7c99988fb0a9ba92034f780_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\709f39a0a7c99988fb0a9ba92034f780_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\709f39a0a7c99988fb0a9ba92034f780_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\709f39a0a7c99988fb0a9ba92034f780_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\709f39a0a7c99988fb0a9ba92034f780_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\709f39a0a7c99988fb0a9ba92034f780_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\709f39a0a7c99988fb0a9ba92034f780_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\709f39a0a7c99988fb0a9ba92034f780_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\709f39a0a7c99988fb0a9ba92034f780_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\709f39a0a7c99988fb0a9ba92034f780_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\709f39a0a7c99988fb0a9ba92034f780_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\709f39a0a7c99988fb0a9ba92034f780_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\709f39a0a7c99988fb0a9ba92034f780_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\709f39a0a7c99988fb0a9ba92034f780_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\709f39a0a7c99988fb0a9ba92034f780_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\709f39a0a7c99988fb0a9ba92034f780_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\709f39a0a7c99988fb0a9ba92034f780_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\709f39a0a7c99988fb0a9ba92034f780_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\709f39a0a7c99988fb0a9ba92034f780_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\709f39a0a7c99988fb0a9ba92034f780_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\709f39a0a7c99988fb0a9ba92034f780_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\709f39a0a7c99988fb0a9ba92034f780_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\709f39a0a7c99988fb0a9ba92034f780_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\709f39a0a7c99988fb0a9ba92034f780_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\709f39a0a7c99988fb0a9ba92034f780_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\709f39a0a7c99988fb0a9ba92034f780_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\709f39a0a7c99988fb0a9ba92034f780_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\709f39a0a7c99988fb0a9ba92034f780_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\709f39a0a7c99988fb0a9ba92034f780_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\709f39a0a7c99988fb0a9ba92034f780_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\709f39a0a7c99988fb0a9ba92034f780_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\709f39a0a7c99988fb0a9ba92034f780_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\709f39a0a7c99988fb0a9ba92034f780_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\709f39a0a7c99988fb0a9ba92034f780_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\709f39a0a7c99988fb0a9ba92034f780_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\709f39a0a7c99988fb0a9ba92034f780_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\709f39a0a7c99988fb0a9ba92034f780_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\709f39a0a7c99988fb0a9ba92034f780_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\709f39a0a7c99988fb0a9ba92034f780_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\709f39a0a7c99988fb0a9ba92034f780_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\709f39a0a7c99988fb0a9ba92034f780_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\709f39a0a7c99988fb0a9ba92034f780_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\709f39a0a7c99988fb0a9ba92034f780_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\709f39a0a7c99988fb0a9ba92034f780_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\709f39a0a7c99988fb0a9ba92034f780_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\709f39a0a7c99988fb0a9ba92034f780_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\709f39a0a7c99988fb0a9ba92034f780_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\709f39a0a7c99988fb0a9ba92034f780_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\709f39a0a7c99988fb0a9ba92034f780_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\709f39a0a7c99988fb0a9ba92034f780_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\709f39a0a7c99988fb0a9ba92034f780_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\709f39a0a7c99988fb0a9ba92034f780_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\709f39a0a7c99988fb0a9ba92034f780_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\709f39a0a7c99988fb0a9ba92034f780_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\709f39a0a7c99988fb0a9ba92034f780_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\709f39a0a7c99988fb0a9ba92034f780_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\709f39a0a7c99988fb0a9ba92034f780_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\709f39a0a7c99988fb0a9ba92034f780_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\709f39a0a7c99988fb0a9ba92034f780_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\709f39a0a7c99988fb0a9ba92034f780_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\709f39a0a7c99988fb0a9ba92034f780_NeikiAnalytics.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\System\aEydNCS.exe C:\Users\Admin\AppData\Local\Temp\709f39a0a7c99988fb0a9ba92034f780_NeikiAnalytics.exe N/A
File created C:\Windows\System\dNjyxjK.exe C:\Users\Admin\AppData\Local\Temp\709f39a0a7c99988fb0a9ba92034f780_NeikiAnalytics.exe N/A
File created C:\Windows\System\IvhMsSe.exe C:\Users\Admin\AppData\Local\Temp\709f39a0a7c99988fb0a9ba92034f780_NeikiAnalytics.exe N/A
File created C:\Windows\System\QJkejaY.exe C:\Users\Admin\AppData\Local\Temp\709f39a0a7c99988fb0a9ba92034f780_NeikiAnalytics.exe N/A
File created C:\Windows\System\SPnObAB.exe C:\Users\Admin\AppData\Local\Temp\709f39a0a7c99988fb0a9ba92034f780_NeikiAnalytics.exe N/A
File created C:\Windows\System\pkXIzPq.exe C:\Users\Admin\AppData\Local\Temp\709f39a0a7c99988fb0a9ba92034f780_NeikiAnalytics.exe N/A
File created C:\Windows\System\NoSATyZ.exe C:\Users\Admin\AppData\Local\Temp\709f39a0a7c99988fb0a9ba92034f780_NeikiAnalytics.exe N/A
File created C:\Windows\System\PYuZzqA.exe C:\Users\Admin\AppData\Local\Temp\709f39a0a7c99988fb0a9ba92034f780_NeikiAnalytics.exe N/A
File created C:\Windows\System\MKYYqoE.exe C:\Users\Admin\AppData\Local\Temp\709f39a0a7c99988fb0a9ba92034f780_NeikiAnalytics.exe N/A
File created C:\Windows\System\ClwIdot.exe C:\Users\Admin\AppData\Local\Temp\709f39a0a7c99988fb0a9ba92034f780_NeikiAnalytics.exe N/A
File created C:\Windows\System\eFwOgbY.exe C:\Users\Admin\AppData\Local\Temp\709f39a0a7c99988fb0a9ba92034f780_NeikiAnalytics.exe N/A
File created C:\Windows\System\RMRhWUT.exe C:\Users\Admin\AppData\Local\Temp\709f39a0a7c99988fb0a9ba92034f780_NeikiAnalytics.exe N/A
File created C:\Windows\System\psoAHGw.exe C:\Users\Admin\AppData\Local\Temp\709f39a0a7c99988fb0a9ba92034f780_NeikiAnalytics.exe N/A
File created C:\Windows\System\ezrXShz.exe C:\Users\Admin\AppData\Local\Temp\709f39a0a7c99988fb0a9ba92034f780_NeikiAnalytics.exe N/A
File created C:\Windows\System\vcbDRCi.exe C:\Users\Admin\AppData\Local\Temp\709f39a0a7c99988fb0a9ba92034f780_NeikiAnalytics.exe N/A
File created C:\Windows\System\EQCTYat.exe C:\Users\Admin\AppData\Local\Temp\709f39a0a7c99988fb0a9ba92034f780_NeikiAnalytics.exe N/A
File created C:\Windows\System\LmJpWLT.exe C:\Users\Admin\AppData\Local\Temp\709f39a0a7c99988fb0a9ba92034f780_NeikiAnalytics.exe N/A
File created C:\Windows\System\QvxqPZX.exe C:\Users\Admin\AppData\Local\Temp\709f39a0a7c99988fb0a9ba92034f780_NeikiAnalytics.exe N/A
File created C:\Windows\System\txWIBKw.exe C:\Users\Admin\AppData\Local\Temp\709f39a0a7c99988fb0a9ba92034f780_NeikiAnalytics.exe N/A
File created C:\Windows\System\tmTRGUr.exe C:\Users\Admin\AppData\Local\Temp\709f39a0a7c99988fb0a9ba92034f780_NeikiAnalytics.exe N/A
File created C:\Windows\System\VThVOzQ.exe C:\Users\Admin\AppData\Local\Temp\709f39a0a7c99988fb0a9ba92034f780_NeikiAnalytics.exe N/A
File created C:\Windows\System\YRwJGRz.exe C:\Users\Admin\AppData\Local\Temp\709f39a0a7c99988fb0a9ba92034f780_NeikiAnalytics.exe N/A
File created C:\Windows\System\oGTsqvE.exe C:\Users\Admin\AppData\Local\Temp\709f39a0a7c99988fb0a9ba92034f780_NeikiAnalytics.exe N/A
File created C:\Windows\System\oEdYxZe.exe C:\Users\Admin\AppData\Local\Temp\709f39a0a7c99988fb0a9ba92034f780_NeikiAnalytics.exe N/A
File created C:\Windows\System\RZxTcxc.exe C:\Users\Admin\AppData\Local\Temp\709f39a0a7c99988fb0a9ba92034f780_NeikiAnalytics.exe N/A
File created C:\Windows\System\xbmhDzO.exe C:\Users\Admin\AppData\Local\Temp\709f39a0a7c99988fb0a9ba92034f780_NeikiAnalytics.exe N/A
File created C:\Windows\System\fbRidfR.exe C:\Users\Admin\AppData\Local\Temp\709f39a0a7c99988fb0a9ba92034f780_NeikiAnalytics.exe N/A
File created C:\Windows\System\yJtCauu.exe C:\Users\Admin\AppData\Local\Temp\709f39a0a7c99988fb0a9ba92034f780_NeikiAnalytics.exe N/A
File created C:\Windows\System\qRWCHIp.exe C:\Users\Admin\AppData\Local\Temp\709f39a0a7c99988fb0a9ba92034f780_NeikiAnalytics.exe N/A
File created C:\Windows\System\WYzDDxd.exe C:\Users\Admin\AppData\Local\Temp\709f39a0a7c99988fb0a9ba92034f780_NeikiAnalytics.exe N/A
File created C:\Windows\System\QWViZPo.exe C:\Users\Admin\AppData\Local\Temp\709f39a0a7c99988fb0a9ba92034f780_NeikiAnalytics.exe N/A
File created C:\Windows\System\PJNnuuY.exe C:\Users\Admin\AppData\Local\Temp\709f39a0a7c99988fb0a9ba92034f780_NeikiAnalytics.exe N/A
File created C:\Windows\System\OJIdqkq.exe C:\Users\Admin\AppData\Local\Temp\709f39a0a7c99988fb0a9ba92034f780_NeikiAnalytics.exe N/A
File created C:\Windows\System\IZIrpeQ.exe C:\Users\Admin\AppData\Local\Temp\709f39a0a7c99988fb0a9ba92034f780_NeikiAnalytics.exe N/A
File created C:\Windows\System\LkoYKAF.exe C:\Users\Admin\AppData\Local\Temp\709f39a0a7c99988fb0a9ba92034f780_NeikiAnalytics.exe N/A
File created C:\Windows\System\zAexeZR.exe C:\Users\Admin\AppData\Local\Temp\709f39a0a7c99988fb0a9ba92034f780_NeikiAnalytics.exe N/A
File created C:\Windows\System\ZDBtcgP.exe C:\Users\Admin\AppData\Local\Temp\709f39a0a7c99988fb0a9ba92034f780_NeikiAnalytics.exe N/A
File created C:\Windows\System\ecQmWkC.exe C:\Users\Admin\AppData\Local\Temp\709f39a0a7c99988fb0a9ba92034f780_NeikiAnalytics.exe N/A
File created C:\Windows\System\jwzLNwp.exe C:\Users\Admin\AppData\Local\Temp\709f39a0a7c99988fb0a9ba92034f780_NeikiAnalytics.exe N/A
File created C:\Windows\System\ttrWmet.exe C:\Users\Admin\AppData\Local\Temp\709f39a0a7c99988fb0a9ba92034f780_NeikiAnalytics.exe N/A
File created C:\Windows\System\MMUumvR.exe C:\Users\Admin\AppData\Local\Temp\709f39a0a7c99988fb0a9ba92034f780_NeikiAnalytics.exe N/A
File created C:\Windows\System\HQRiUcx.exe C:\Users\Admin\AppData\Local\Temp\709f39a0a7c99988fb0a9ba92034f780_NeikiAnalytics.exe N/A
File created C:\Windows\System\rZgLwpq.exe C:\Users\Admin\AppData\Local\Temp\709f39a0a7c99988fb0a9ba92034f780_NeikiAnalytics.exe N/A
File created C:\Windows\System\gqMXNuR.exe C:\Users\Admin\AppData\Local\Temp\709f39a0a7c99988fb0a9ba92034f780_NeikiAnalytics.exe N/A
File created C:\Windows\System\xNyWvcm.exe C:\Users\Admin\AppData\Local\Temp\709f39a0a7c99988fb0a9ba92034f780_NeikiAnalytics.exe N/A
File created C:\Windows\System\ihlREER.exe C:\Users\Admin\AppData\Local\Temp\709f39a0a7c99988fb0a9ba92034f780_NeikiAnalytics.exe N/A
File created C:\Windows\System\ftcjQMW.exe C:\Users\Admin\AppData\Local\Temp\709f39a0a7c99988fb0a9ba92034f780_NeikiAnalytics.exe N/A
File created C:\Windows\System\SUrBoAp.exe C:\Users\Admin\AppData\Local\Temp\709f39a0a7c99988fb0a9ba92034f780_NeikiAnalytics.exe N/A
File created C:\Windows\System\WRBLCQr.exe C:\Users\Admin\AppData\Local\Temp\709f39a0a7c99988fb0a9ba92034f780_NeikiAnalytics.exe N/A
File created C:\Windows\System\XzfmduY.exe C:\Users\Admin\AppData\Local\Temp\709f39a0a7c99988fb0a9ba92034f780_NeikiAnalytics.exe N/A
File created C:\Windows\System\hWHxkfw.exe C:\Users\Admin\AppData\Local\Temp\709f39a0a7c99988fb0a9ba92034f780_NeikiAnalytics.exe N/A
File created C:\Windows\System\qFQsUcx.exe C:\Users\Admin\AppData\Local\Temp\709f39a0a7c99988fb0a9ba92034f780_NeikiAnalytics.exe N/A
File created C:\Windows\System\vOMLWOa.exe C:\Users\Admin\AppData\Local\Temp\709f39a0a7c99988fb0a9ba92034f780_NeikiAnalytics.exe N/A
File created C:\Windows\System\OPZVQvM.exe C:\Users\Admin\AppData\Local\Temp\709f39a0a7c99988fb0a9ba92034f780_NeikiAnalytics.exe N/A
File created C:\Windows\System\kIpiUIJ.exe C:\Users\Admin\AppData\Local\Temp\709f39a0a7c99988fb0a9ba92034f780_NeikiAnalytics.exe N/A
File created C:\Windows\System\ilgrXoB.exe C:\Users\Admin\AppData\Local\Temp\709f39a0a7c99988fb0a9ba92034f780_NeikiAnalytics.exe N/A
File created C:\Windows\System\ddqQUcX.exe C:\Users\Admin\AppData\Local\Temp\709f39a0a7c99988fb0a9ba92034f780_NeikiAnalytics.exe N/A
File created C:\Windows\System\vtIqsdr.exe C:\Users\Admin\AppData\Local\Temp\709f39a0a7c99988fb0a9ba92034f780_NeikiAnalytics.exe N/A
File created C:\Windows\System\mVqmduy.exe C:\Users\Admin\AppData\Local\Temp\709f39a0a7c99988fb0a9ba92034f780_NeikiAnalytics.exe N/A
File created C:\Windows\System\kurLpux.exe C:\Users\Admin\AppData\Local\Temp\709f39a0a7c99988fb0a9ba92034f780_NeikiAnalytics.exe N/A
File created C:\Windows\System\WIsqTyi.exe C:\Users\Admin\AppData\Local\Temp\709f39a0a7c99988fb0a9ba92034f780_NeikiAnalytics.exe N/A
File created C:\Windows\System\JFziQON.exe C:\Users\Admin\AppData\Local\Temp\709f39a0a7c99988fb0a9ba92034f780_NeikiAnalytics.exe N/A
File created C:\Windows\System\BSJBitB.exe C:\Users\Admin\AppData\Local\Temp\709f39a0a7c99988fb0a9ba92034f780_NeikiAnalytics.exe N/A
File created C:\Windows\System\XzOzJcF.exe C:\Users\Admin\AppData\Local\Temp\709f39a0a7c99988fb0a9ba92034f780_NeikiAnalytics.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\709f39a0a7c99988fb0a9ba92034f780_NeikiAnalytics.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\709f39a0a7c99988fb0a9ba92034f780_NeikiAnalytics.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1752 wrote to memory of 3016 N/A C:\Users\Admin\AppData\Local\Temp\709f39a0a7c99988fb0a9ba92034f780_NeikiAnalytics.exe C:\Windows\System\cYfMdWs.exe
PID 1752 wrote to memory of 3016 N/A C:\Users\Admin\AppData\Local\Temp\709f39a0a7c99988fb0a9ba92034f780_NeikiAnalytics.exe C:\Windows\System\cYfMdWs.exe
PID 1752 wrote to memory of 3016 N/A C:\Users\Admin\AppData\Local\Temp\709f39a0a7c99988fb0a9ba92034f780_NeikiAnalytics.exe C:\Windows\System\cYfMdWs.exe
PID 1752 wrote to memory of 3044 N/A C:\Users\Admin\AppData\Local\Temp\709f39a0a7c99988fb0a9ba92034f780_NeikiAnalytics.exe C:\Windows\System\wuxBtCc.exe
PID 1752 wrote to memory of 3044 N/A C:\Users\Admin\AppData\Local\Temp\709f39a0a7c99988fb0a9ba92034f780_NeikiAnalytics.exe C:\Windows\System\wuxBtCc.exe
PID 1752 wrote to memory of 3044 N/A C:\Users\Admin\AppData\Local\Temp\709f39a0a7c99988fb0a9ba92034f780_NeikiAnalytics.exe C:\Windows\System\wuxBtCc.exe
PID 1752 wrote to memory of 2132 N/A C:\Users\Admin\AppData\Local\Temp\709f39a0a7c99988fb0a9ba92034f780_NeikiAnalytics.exe C:\Windows\System\knKSeMf.exe
PID 1752 wrote to memory of 2132 N/A C:\Users\Admin\AppData\Local\Temp\709f39a0a7c99988fb0a9ba92034f780_NeikiAnalytics.exe C:\Windows\System\knKSeMf.exe
PID 1752 wrote to memory of 2132 N/A C:\Users\Admin\AppData\Local\Temp\709f39a0a7c99988fb0a9ba92034f780_NeikiAnalytics.exe C:\Windows\System\knKSeMf.exe
PID 1752 wrote to memory of 1944 N/A C:\Users\Admin\AppData\Local\Temp\709f39a0a7c99988fb0a9ba92034f780_NeikiAnalytics.exe C:\Windows\System\njDTINc.exe
PID 1752 wrote to memory of 1944 N/A C:\Users\Admin\AppData\Local\Temp\709f39a0a7c99988fb0a9ba92034f780_NeikiAnalytics.exe C:\Windows\System\njDTINc.exe
PID 1752 wrote to memory of 1944 N/A C:\Users\Admin\AppData\Local\Temp\709f39a0a7c99988fb0a9ba92034f780_NeikiAnalytics.exe C:\Windows\System\njDTINc.exe
PID 1752 wrote to memory of 2576 N/A C:\Users\Admin\AppData\Local\Temp\709f39a0a7c99988fb0a9ba92034f780_NeikiAnalytics.exe C:\Windows\System\rHRHDho.exe
PID 1752 wrote to memory of 2576 N/A C:\Users\Admin\AppData\Local\Temp\709f39a0a7c99988fb0a9ba92034f780_NeikiAnalytics.exe C:\Windows\System\rHRHDho.exe
PID 1752 wrote to memory of 2576 N/A C:\Users\Admin\AppData\Local\Temp\709f39a0a7c99988fb0a9ba92034f780_NeikiAnalytics.exe C:\Windows\System\rHRHDho.exe
PID 1752 wrote to memory of 2668 N/A C:\Users\Admin\AppData\Local\Temp\709f39a0a7c99988fb0a9ba92034f780_NeikiAnalytics.exe C:\Windows\System\JcGqtth.exe
PID 1752 wrote to memory of 2668 N/A C:\Users\Admin\AppData\Local\Temp\709f39a0a7c99988fb0a9ba92034f780_NeikiAnalytics.exe C:\Windows\System\JcGqtth.exe
PID 1752 wrote to memory of 2668 N/A C:\Users\Admin\AppData\Local\Temp\709f39a0a7c99988fb0a9ba92034f780_NeikiAnalytics.exe C:\Windows\System\JcGqtth.exe
PID 1752 wrote to memory of 2552 N/A C:\Users\Admin\AppData\Local\Temp\709f39a0a7c99988fb0a9ba92034f780_NeikiAnalytics.exe C:\Windows\System\AknYNRU.exe
PID 1752 wrote to memory of 2552 N/A C:\Users\Admin\AppData\Local\Temp\709f39a0a7c99988fb0a9ba92034f780_NeikiAnalytics.exe C:\Windows\System\AknYNRU.exe
PID 1752 wrote to memory of 2552 N/A C:\Users\Admin\AppData\Local\Temp\709f39a0a7c99988fb0a9ba92034f780_NeikiAnalytics.exe C:\Windows\System\AknYNRU.exe
PID 1752 wrote to memory of 2580 N/A C:\Users\Admin\AppData\Local\Temp\709f39a0a7c99988fb0a9ba92034f780_NeikiAnalytics.exe C:\Windows\System\xOrQcag.exe
PID 1752 wrote to memory of 2580 N/A C:\Users\Admin\AppData\Local\Temp\709f39a0a7c99988fb0a9ba92034f780_NeikiAnalytics.exe C:\Windows\System\xOrQcag.exe
PID 1752 wrote to memory of 2580 N/A C:\Users\Admin\AppData\Local\Temp\709f39a0a7c99988fb0a9ba92034f780_NeikiAnalytics.exe C:\Windows\System\xOrQcag.exe
PID 1752 wrote to memory of 2724 N/A C:\Users\Admin\AppData\Local\Temp\709f39a0a7c99988fb0a9ba92034f780_NeikiAnalytics.exe C:\Windows\System\ploIkUB.exe
PID 1752 wrote to memory of 2724 N/A C:\Users\Admin\AppData\Local\Temp\709f39a0a7c99988fb0a9ba92034f780_NeikiAnalytics.exe C:\Windows\System\ploIkUB.exe
PID 1752 wrote to memory of 2724 N/A C:\Users\Admin\AppData\Local\Temp\709f39a0a7c99988fb0a9ba92034f780_NeikiAnalytics.exe C:\Windows\System\ploIkUB.exe
PID 1752 wrote to memory of 2820 N/A C:\Users\Admin\AppData\Local\Temp\709f39a0a7c99988fb0a9ba92034f780_NeikiAnalytics.exe C:\Windows\System\vlDHoOz.exe
PID 1752 wrote to memory of 2820 N/A C:\Users\Admin\AppData\Local\Temp\709f39a0a7c99988fb0a9ba92034f780_NeikiAnalytics.exe C:\Windows\System\vlDHoOz.exe
PID 1752 wrote to memory of 2820 N/A C:\Users\Admin\AppData\Local\Temp\709f39a0a7c99988fb0a9ba92034f780_NeikiAnalytics.exe C:\Windows\System\vlDHoOz.exe
PID 1752 wrote to memory of 2620 N/A C:\Users\Admin\AppData\Local\Temp\709f39a0a7c99988fb0a9ba92034f780_NeikiAnalytics.exe C:\Windows\System\fBERhKv.exe
PID 1752 wrote to memory of 2620 N/A C:\Users\Admin\AppData\Local\Temp\709f39a0a7c99988fb0a9ba92034f780_NeikiAnalytics.exe C:\Windows\System\fBERhKv.exe
PID 1752 wrote to memory of 2620 N/A C:\Users\Admin\AppData\Local\Temp\709f39a0a7c99988fb0a9ba92034f780_NeikiAnalytics.exe C:\Windows\System\fBERhKv.exe
PID 1752 wrote to memory of 2676 N/A C:\Users\Admin\AppData\Local\Temp\709f39a0a7c99988fb0a9ba92034f780_NeikiAnalytics.exe C:\Windows\System\cPFzhOV.exe
PID 1752 wrote to memory of 2676 N/A C:\Users\Admin\AppData\Local\Temp\709f39a0a7c99988fb0a9ba92034f780_NeikiAnalytics.exe C:\Windows\System\cPFzhOV.exe
PID 1752 wrote to memory of 2676 N/A C:\Users\Admin\AppData\Local\Temp\709f39a0a7c99988fb0a9ba92034f780_NeikiAnalytics.exe C:\Windows\System\cPFzhOV.exe
PID 1752 wrote to memory of 2476 N/A C:\Users\Admin\AppData\Local\Temp\709f39a0a7c99988fb0a9ba92034f780_NeikiAnalytics.exe C:\Windows\System\UUiaxXh.exe
PID 1752 wrote to memory of 2476 N/A C:\Users\Admin\AppData\Local\Temp\709f39a0a7c99988fb0a9ba92034f780_NeikiAnalytics.exe C:\Windows\System\UUiaxXh.exe
PID 1752 wrote to memory of 2476 N/A C:\Users\Admin\AppData\Local\Temp\709f39a0a7c99988fb0a9ba92034f780_NeikiAnalytics.exe C:\Windows\System\UUiaxXh.exe
PID 1752 wrote to memory of 1524 N/A C:\Users\Admin\AppData\Local\Temp\709f39a0a7c99988fb0a9ba92034f780_NeikiAnalytics.exe C:\Windows\System\caYRDXa.exe
PID 1752 wrote to memory of 1524 N/A C:\Users\Admin\AppData\Local\Temp\709f39a0a7c99988fb0a9ba92034f780_NeikiAnalytics.exe C:\Windows\System\caYRDXa.exe
PID 1752 wrote to memory of 1524 N/A C:\Users\Admin\AppData\Local\Temp\709f39a0a7c99988fb0a9ba92034f780_NeikiAnalytics.exe C:\Windows\System\caYRDXa.exe
PID 1752 wrote to memory of 3028 N/A C:\Users\Admin\AppData\Local\Temp\709f39a0a7c99988fb0a9ba92034f780_NeikiAnalytics.exe C:\Windows\System\PjwJdhl.exe
PID 1752 wrote to memory of 3028 N/A C:\Users\Admin\AppData\Local\Temp\709f39a0a7c99988fb0a9ba92034f780_NeikiAnalytics.exe C:\Windows\System\PjwJdhl.exe
PID 1752 wrote to memory of 3028 N/A C:\Users\Admin\AppData\Local\Temp\709f39a0a7c99988fb0a9ba92034f780_NeikiAnalytics.exe C:\Windows\System\PjwJdhl.exe
PID 1752 wrote to memory of 2280 N/A C:\Users\Admin\AppData\Local\Temp\709f39a0a7c99988fb0a9ba92034f780_NeikiAnalytics.exe C:\Windows\System\ZbcazIu.exe
PID 1752 wrote to memory of 2280 N/A C:\Users\Admin\AppData\Local\Temp\709f39a0a7c99988fb0a9ba92034f780_NeikiAnalytics.exe C:\Windows\System\ZbcazIu.exe
PID 1752 wrote to memory of 2280 N/A C:\Users\Admin\AppData\Local\Temp\709f39a0a7c99988fb0a9ba92034f780_NeikiAnalytics.exe C:\Windows\System\ZbcazIu.exe
PID 1752 wrote to memory of 1508 N/A C:\Users\Admin\AppData\Local\Temp\709f39a0a7c99988fb0a9ba92034f780_NeikiAnalytics.exe C:\Windows\System\mueSlGD.exe
PID 1752 wrote to memory of 1508 N/A C:\Users\Admin\AppData\Local\Temp\709f39a0a7c99988fb0a9ba92034f780_NeikiAnalytics.exe C:\Windows\System\mueSlGD.exe
PID 1752 wrote to memory of 1508 N/A C:\Users\Admin\AppData\Local\Temp\709f39a0a7c99988fb0a9ba92034f780_NeikiAnalytics.exe C:\Windows\System\mueSlGD.exe
PID 1752 wrote to memory of 944 N/A C:\Users\Admin\AppData\Local\Temp\709f39a0a7c99988fb0a9ba92034f780_NeikiAnalytics.exe C:\Windows\System\FqcmIZU.exe
PID 1752 wrote to memory of 944 N/A C:\Users\Admin\AppData\Local\Temp\709f39a0a7c99988fb0a9ba92034f780_NeikiAnalytics.exe C:\Windows\System\FqcmIZU.exe
PID 1752 wrote to memory of 944 N/A C:\Users\Admin\AppData\Local\Temp\709f39a0a7c99988fb0a9ba92034f780_NeikiAnalytics.exe C:\Windows\System\FqcmIZU.exe
PID 1752 wrote to memory of 1620 N/A C:\Users\Admin\AppData\Local\Temp\709f39a0a7c99988fb0a9ba92034f780_NeikiAnalytics.exe C:\Windows\System\kpOUTdv.exe
PID 1752 wrote to memory of 1620 N/A C:\Users\Admin\AppData\Local\Temp\709f39a0a7c99988fb0a9ba92034f780_NeikiAnalytics.exe C:\Windows\System\kpOUTdv.exe
PID 1752 wrote to memory of 1620 N/A C:\Users\Admin\AppData\Local\Temp\709f39a0a7c99988fb0a9ba92034f780_NeikiAnalytics.exe C:\Windows\System\kpOUTdv.exe
PID 1752 wrote to memory of 1468 N/A C:\Users\Admin\AppData\Local\Temp\709f39a0a7c99988fb0a9ba92034f780_NeikiAnalytics.exe C:\Windows\System\QWViZPo.exe
PID 1752 wrote to memory of 1468 N/A C:\Users\Admin\AppData\Local\Temp\709f39a0a7c99988fb0a9ba92034f780_NeikiAnalytics.exe C:\Windows\System\QWViZPo.exe
PID 1752 wrote to memory of 1468 N/A C:\Users\Admin\AppData\Local\Temp\709f39a0a7c99988fb0a9ba92034f780_NeikiAnalytics.exe C:\Windows\System\QWViZPo.exe
PID 1752 wrote to memory of 2732 N/A C:\Users\Admin\AppData\Local\Temp\709f39a0a7c99988fb0a9ba92034f780_NeikiAnalytics.exe C:\Windows\System\ddqQUcX.exe
PID 1752 wrote to memory of 2732 N/A C:\Users\Admin\AppData\Local\Temp\709f39a0a7c99988fb0a9ba92034f780_NeikiAnalytics.exe C:\Windows\System\ddqQUcX.exe
PID 1752 wrote to memory of 2732 N/A C:\Users\Admin\AppData\Local\Temp\709f39a0a7c99988fb0a9ba92034f780_NeikiAnalytics.exe C:\Windows\System\ddqQUcX.exe
PID 1752 wrote to memory of 1812 N/A C:\Users\Admin\AppData\Local\Temp\709f39a0a7c99988fb0a9ba92034f780_NeikiAnalytics.exe C:\Windows\System\eKcvMiY.exe

Processes

C:\Users\Admin\AppData\Local\Temp\709f39a0a7c99988fb0a9ba92034f780_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\709f39a0a7c99988fb0a9ba92034f780_NeikiAnalytics.exe"

C:\Windows\System\cYfMdWs.exe

C:\Windows\System\cYfMdWs.exe

C:\Windows\System\wuxBtCc.exe

C:\Windows\System\wuxBtCc.exe

C:\Windows\System\knKSeMf.exe

C:\Windows\System\knKSeMf.exe

C:\Windows\System\njDTINc.exe

C:\Windows\System\njDTINc.exe

C:\Windows\System\rHRHDho.exe

C:\Windows\System\rHRHDho.exe

C:\Windows\System\JcGqtth.exe

C:\Windows\System\JcGqtth.exe

C:\Windows\System\AknYNRU.exe

C:\Windows\System\AknYNRU.exe

C:\Windows\System\xOrQcag.exe

C:\Windows\System\xOrQcag.exe

C:\Windows\System\ploIkUB.exe

C:\Windows\System\ploIkUB.exe

C:\Windows\System\vlDHoOz.exe

C:\Windows\System\vlDHoOz.exe

C:\Windows\System\fBERhKv.exe

C:\Windows\System\fBERhKv.exe

C:\Windows\System\cPFzhOV.exe

C:\Windows\System\cPFzhOV.exe

C:\Windows\System\UUiaxXh.exe

C:\Windows\System\UUiaxXh.exe

C:\Windows\System\caYRDXa.exe

C:\Windows\System\caYRDXa.exe

C:\Windows\System\PjwJdhl.exe

C:\Windows\System\PjwJdhl.exe

C:\Windows\System\ZbcazIu.exe

C:\Windows\System\ZbcazIu.exe

C:\Windows\System\mueSlGD.exe

C:\Windows\System\mueSlGD.exe

C:\Windows\System\FqcmIZU.exe

C:\Windows\System\FqcmIZU.exe

C:\Windows\System\kpOUTdv.exe

C:\Windows\System\kpOUTdv.exe

C:\Windows\System\QWViZPo.exe

C:\Windows\System\QWViZPo.exe

C:\Windows\System\ddqQUcX.exe

C:\Windows\System\ddqQUcX.exe

C:\Windows\System\eKcvMiY.exe

C:\Windows\System\eKcvMiY.exe

C:\Windows\System\RfbenzZ.exe

C:\Windows\System\RfbenzZ.exe

C:\Windows\System\MVCzSnQ.exe

C:\Windows\System\MVCzSnQ.exe

C:\Windows\System\diAxTyU.exe

C:\Windows\System\diAxTyU.exe

C:\Windows\System\yQNdpgN.exe

C:\Windows\System\yQNdpgN.exe

C:\Windows\System\zFWIFgh.exe

C:\Windows\System\zFWIFgh.exe

C:\Windows\System\BDYQKye.exe

C:\Windows\System\BDYQKye.exe

C:\Windows\System\ndnZULx.exe

C:\Windows\System\ndnZULx.exe

C:\Windows\System\OLyqCai.exe

C:\Windows\System\OLyqCai.exe

C:\Windows\System\HQRiUcx.exe

C:\Windows\System\HQRiUcx.exe

C:\Windows\System\IZIrpeQ.exe

C:\Windows\System\IZIrpeQ.exe

C:\Windows\System\aHDXcak.exe

C:\Windows\System\aHDXcak.exe

C:\Windows\System\ANvXhKM.exe

C:\Windows\System\ANvXhKM.exe

C:\Windows\System\KRrpEXH.exe

C:\Windows\System\KRrpEXH.exe

C:\Windows\System\SPGvksA.exe

C:\Windows\System\SPGvksA.exe

C:\Windows\System\vtIqsdr.exe

C:\Windows\System\vtIqsdr.exe

C:\Windows\System\TKgvtyz.exe

C:\Windows\System\TKgvtyz.exe

C:\Windows\System\IesneCW.exe

C:\Windows\System\IesneCW.exe

C:\Windows\System\KSFFdAg.exe

C:\Windows\System\KSFFdAg.exe

C:\Windows\System\psoAHGw.exe

C:\Windows\System\psoAHGw.exe

C:\Windows\System\jLxaeud.exe

C:\Windows\System\jLxaeud.exe

C:\Windows\System\kNBCbcM.exe

C:\Windows\System\kNBCbcM.exe

C:\Windows\System\POOpXJE.exe

C:\Windows\System\POOpXJE.exe

C:\Windows\System\LmJpWLT.exe

C:\Windows\System\LmJpWLT.exe

C:\Windows\System\AwfKZyk.exe

C:\Windows\System\AwfKZyk.exe

C:\Windows\System\iHLXoqE.exe

C:\Windows\System\iHLXoqE.exe

C:\Windows\System\JFziQON.exe

C:\Windows\System\JFziQON.exe

C:\Windows\System\HoisnFz.exe

C:\Windows\System\HoisnFz.exe

C:\Windows\System\ttrWmet.exe

C:\Windows\System\ttrWmet.exe

C:\Windows\System\fbRidfR.exe

C:\Windows\System\fbRidfR.exe

C:\Windows\System\yJtCauu.exe

C:\Windows\System\yJtCauu.exe

C:\Windows\System\bzPhZMJ.exe

C:\Windows\System\bzPhZMJ.exe

C:\Windows\System\inuDErT.exe

C:\Windows\System\inuDErT.exe

C:\Windows\System\pkXIzPq.exe

C:\Windows\System\pkXIzPq.exe

C:\Windows\System\NdlStet.exe

C:\Windows\System\NdlStet.exe

C:\Windows\System\jblODTY.exe

C:\Windows\System\jblODTY.exe

C:\Windows\System\gElIlDE.exe

C:\Windows\System\gElIlDE.exe

C:\Windows\System\MnjGahQ.exe

C:\Windows\System\MnjGahQ.exe

C:\Windows\System\qHWzYQC.exe

C:\Windows\System\qHWzYQC.exe

C:\Windows\System\GzvGvQL.exe

C:\Windows\System\GzvGvQL.exe

C:\Windows\System\DUbfytI.exe

C:\Windows\System\DUbfytI.exe

C:\Windows\System\zTBLMtF.exe

C:\Windows\System\zTBLMtF.exe

C:\Windows\System\ZztkyUl.exe

C:\Windows\System\ZztkyUl.exe

C:\Windows\System\NoSATyZ.exe

C:\Windows\System\NoSATyZ.exe

C:\Windows\System\hVYqaNX.exe

C:\Windows\System\hVYqaNX.exe

C:\Windows\System\lomeZCC.exe

C:\Windows\System\lomeZCC.exe

C:\Windows\System\mVqmduy.exe

C:\Windows\System\mVqmduy.exe

C:\Windows\System\AvoOuOc.exe

C:\Windows\System\AvoOuOc.exe

C:\Windows\System\iLLidoP.exe

C:\Windows\System\iLLidoP.exe

C:\Windows\System\vxCnzSN.exe

C:\Windows\System\vxCnzSN.exe

C:\Windows\System\VVgxOva.exe

C:\Windows\System\VVgxOva.exe

C:\Windows\System\nuzjwVS.exe

C:\Windows\System\nuzjwVS.exe

C:\Windows\System\ezrXShz.exe

C:\Windows\System\ezrXShz.exe

C:\Windows\System\cUbbxMY.exe

C:\Windows\System\cUbbxMY.exe

C:\Windows\System\BSJBitB.exe

C:\Windows\System\BSJBitB.exe

C:\Windows\System\KtvOQCn.exe

C:\Windows\System\KtvOQCn.exe

C:\Windows\System\auczsfz.exe

C:\Windows\System\auczsfz.exe

C:\Windows\System\PYuZzqA.exe

C:\Windows\System\PYuZzqA.exe

C:\Windows\System\jaZHVTY.exe

C:\Windows\System\jaZHVTY.exe

C:\Windows\System\dVPGFHU.exe

C:\Windows\System\dVPGFHU.exe

C:\Windows\System\gTSdsEP.exe

C:\Windows\System\gTSdsEP.exe

C:\Windows\System\xpkDvuE.exe

C:\Windows\System\xpkDvuE.exe

C:\Windows\System\rJhqSYI.exe

C:\Windows\System\rJhqSYI.exe

C:\Windows\System\ftcjQMW.exe

C:\Windows\System\ftcjQMW.exe

C:\Windows\System\wIgHSLV.exe

C:\Windows\System\wIgHSLV.exe

C:\Windows\System\aEydNCS.exe

C:\Windows\System\aEydNCS.exe

C:\Windows\System\uSiqiwJ.exe

C:\Windows\System\uSiqiwJ.exe

C:\Windows\System\dgHFuHC.exe

C:\Windows\System\dgHFuHC.exe

C:\Windows\System\JUlfWku.exe

C:\Windows\System\JUlfWku.exe

C:\Windows\System\HfQdyXi.exe

C:\Windows\System\HfQdyXi.exe

C:\Windows\System\sWkaVrn.exe

C:\Windows\System\sWkaVrn.exe

C:\Windows\System\snXKuye.exe

C:\Windows\System\snXKuye.exe

C:\Windows\System\fOeBeIk.exe

C:\Windows\System\fOeBeIk.exe

C:\Windows\System\NjOaNKo.exe

C:\Windows\System\NjOaNKo.exe

C:\Windows\System\SUrBoAp.exe

C:\Windows\System\SUrBoAp.exe

C:\Windows\System\NvWgUON.exe

C:\Windows\System\NvWgUON.exe

C:\Windows\System\giUaFcx.exe

C:\Windows\System\giUaFcx.exe

C:\Windows\System\tzEbLgM.exe

C:\Windows\System\tzEbLgM.exe

C:\Windows\System\vNAPPGv.exe

C:\Windows\System\vNAPPGv.exe

C:\Windows\System\EcaVghX.exe

C:\Windows\System\EcaVghX.exe

C:\Windows\System\ddxorae.exe

C:\Windows\System\ddxorae.exe

C:\Windows\System\yBZkxZR.exe

C:\Windows\System\yBZkxZR.exe

C:\Windows\System\oGTsqvE.exe

C:\Windows\System\oGTsqvE.exe

C:\Windows\System\mnceXXs.exe

C:\Windows\System\mnceXXs.exe

C:\Windows\System\jEAuFxk.exe

C:\Windows\System\jEAuFxk.exe

C:\Windows\System\NfKgFWh.exe

C:\Windows\System\NfKgFWh.exe

C:\Windows\System\OPZVQvM.exe

C:\Windows\System\OPZVQvM.exe

C:\Windows\System\coifkEK.exe

C:\Windows\System\coifkEK.exe

C:\Windows\System\qKFcGJh.exe

C:\Windows\System\qKFcGJh.exe

C:\Windows\System\bEAzZos.exe

C:\Windows\System\bEAzZos.exe

C:\Windows\System\fLyeXMn.exe

C:\Windows\System\fLyeXMn.exe

C:\Windows\System\XvQgGHU.exe

C:\Windows\System\XvQgGHU.exe

C:\Windows\System\XzOzJcF.exe

C:\Windows\System\XzOzJcF.exe

C:\Windows\System\vhvvghD.exe

C:\Windows\System\vhvvghD.exe

C:\Windows\System\WRBLCQr.exe

C:\Windows\System\WRBLCQr.exe

C:\Windows\System\MKYYqoE.exe

C:\Windows\System\MKYYqoE.exe

C:\Windows\System\ppSvsYJ.exe

C:\Windows\System\ppSvsYJ.exe

C:\Windows\System\lfcyVOO.exe

C:\Windows\System\lfcyVOO.exe

C:\Windows\System\lPavtdJ.exe

C:\Windows\System\lPavtdJ.exe

C:\Windows\System\OCyAyms.exe

C:\Windows\System\OCyAyms.exe

C:\Windows\System\WgUSYIp.exe

C:\Windows\System\WgUSYIp.exe

C:\Windows\System\kIpiUIJ.exe

C:\Windows\System\kIpiUIJ.exe

C:\Windows\System\wgVvAEO.exe

C:\Windows\System\wgVvAEO.exe

C:\Windows\System\NKHdYRG.exe

C:\Windows\System\NKHdYRG.exe

C:\Windows\System\cOxNGrh.exe

C:\Windows\System\cOxNGrh.exe

C:\Windows\System\GKtrnNF.exe

C:\Windows\System\GKtrnNF.exe

C:\Windows\System\wNTOPie.exe

C:\Windows\System\wNTOPie.exe

C:\Windows\System\CccOBDQ.exe

C:\Windows\System\CccOBDQ.exe

C:\Windows\System\DfNjGRq.exe

C:\Windows\System\DfNjGRq.exe

C:\Windows\System\jGURzdg.exe

C:\Windows\System\jGURzdg.exe

C:\Windows\System\QvxqPZX.exe

C:\Windows\System\QvxqPZX.exe

C:\Windows\System\JtNDrjc.exe

C:\Windows\System\JtNDrjc.exe

C:\Windows\System\FSUAyVH.exe

C:\Windows\System\FSUAyVH.exe

C:\Windows\System\QudDqQb.exe

C:\Windows\System\QudDqQb.exe

C:\Windows\System\yeexnAT.exe

C:\Windows\System\yeexnAT.exe

C:\Windows\System\OEdAUhF.exe

C:\Windows\System\OEdAUhF.exe

C:\Windows\System\uPUWCZq.exe

C:\Windows\System\uPUWCZq.exe

C:\Windows\System\txWIBKw.exe

C:\Windows\System\txWIBKw.exe

C:\Windows\System\PJNnuuY.exe

C:\Windows\System\PJNnuuY.exe

C:\Windows\System\GYRFuto.exe

C:\Windows\System\GYRFuto.exe

C:\Windows\System\cJsfqFu.exe

C:\Windows\System\cJsfqFu.exe

C:\Windows\System\iIPeKhZ.exe

C:\Windows\System\iIPeKhZ.exe

C:\Windows\System\VzPcFuF.exe

C:\Windows\System\VzPcFuF.exe

C:\Windows\System\HMIiGWB.exe

C:\Windows\System\HMIiGWB.exe

C:\Windows\System\kGfLeAp.exe

C:\Windows\System\kGfLeAp.exe

C:\Windows\System\XzfmduY.exe

C:\Windows\System\XzfmduY.exe

C:\Windows\System\wEtYUKW.exe

C:\Windows\System\wEtYUKW.exe

C:\Windows\System\hMHSbsN.exe

C:\Windows\System\hMHSbsN.exe

C:\Windows\System\kqgcuxg.exe

C:\Windows\System\kqgcuxg.exe

C:\Windows\System\SVtJoXF.exe

C:\Windows\System\SVtJoXF.exe

C:\Windows\System\JgYEGRL.exe

C:\Windows\System\JgYEGRL.exe

C:\Windows\System\MJhahtN.exe

C:\Windows\System\MJhahtN.exe

C:\Windows\System\ITrRKJa.exe

C:\Windows\System\ITrRKJa.exe

C:\Windows\System\niJpBGY.exe

C:\Windows\System\niJpBGY.exe

C:\Windows\System\KVktpLG.exe

C:\Windows\System\KVktpLG.exe

C:\Windows\System\hMMfadU.exe

C:\Windows\System\hMMfadU.exe

C:\Windows\System\fGGGLtX.exe

C:\Windows\System\fGGGLtX.exe

C:\Windows\System\tvKKyXE.exe

C:\Windows\System\tvKKyXE.exe

C:\Windows\System\SesiWBZ.exe

C:\Windows\System\SesiWBZ.exe

C:\Windows\System\HDkWsdA.exe

C:\Windows\System\HDkWsdA.exe

C:\Windows\System\oEdYxZe.exe

C:\Windows\System\oEdYxZe.exe

C:\Windows\System\ZLfLwdI.exe

C:\Windows\System\ZLfLwdI.exe

C:\Windows\System\mADDvmJ.exe

C:\Windows\System\mADDvmJ.exe

C:\Windows\System\hhWqmmj.exe

C:\Windows\System\hhWqmmj.exe

C:\Windows\System\lQFurQW.exe

C:\Windows\System\lQFurQW.exe

C:\Windows\System\GMSmsDa.exe

C:\Windows\System\GMSmsDa.exe

C:\Windows\System\XUeKCOf.exe

C:\Windows\System\XUeKCOf.exe

C:\Windows\System\lTllgKC.exe

C:\Windows\System\lTllgKC.exe

C:\Windows\System\PEYcOBj.exe

C:\Windows\System\PEYcOBj.exe

C:\Windows\System\mfxIGwF.exe

C:\Windows\System\mfxIGwF.exe

C:\Windows\System\cwXvhrx.exe

C:\Windows\System\cwXvhrx.exe

C:\Windows\System\RAJjWdl.exe

C:\Windows\System\RAJjWdl.exe

C:\Windows\System\bLKCAuy.exe

C:\Windows\System\bLKCAuy.exe

C:\Windows\System\bUFlfYi.exe

C:\Windows\System\bUFlfYi.exe

C:\Windows\System\RQcOJHE.exe

C:\Windows\System\RQcOJHE.exe

C:\Windows\System\yKxJZLT.exe

C:\Windows\System\yKxJZLT.exe

C:\Windows\System\VLoDzZu.exe

C:\Windows\System\VLoDzZu.exe

C:\Windows\System\LkoYKAF.exe

C:\Windows\System\LkoYKAF.exe

C:\Windows\System\hwkFuLV.exe

C:\Windows\System\hwkFuLV.exe

C:\Windows\System\zDSaWgb.exe

C:\Windows\System\zDSaWgb.exe

C:\Windows\System\DPhMiwU.exe

C:\Windows\System\DPhMiwU.exe

C:\Windows\System\salogSL.exe

C:\Windows\System\salogSL.exe

C:\Windows\System\XywzIBU.exe

C:\Windows\System\XywzIBU.exe

C:\Windows\System\oViMRDf.exe

C:\Windows\System\oViMRDf.exe

C:\Windows\System\ClwIdot.exe

C:\Windows\System\ClwIdot.exe

C:\Windows\System\gCMhcbm.exe

C:\Windows\System\gCMhcbm.exe

C:\Windows\System\hWHxkfw.exe

C:\Windows\System\hWHxkfw.exe

C:\Windows\System\pwZEASp.exe

C:\Windows\System\pwZEASp.exe

C:\Windows\System\nrzYbDD.exe

C:\Windows\System\nrzYbDD.exe

C:\Windows\System\MSBEDqS.exe

C:\Windows\System\MSBEDqS.exe

C:\Windows\System\zSCiKPe.exe

C:\Windows\System\zSCiKPe.exe

C:\Windows\System\AkWMITA.exe

C:\Windows\System\AkWMITA.exe

C:\Windows\System\qOsOxNk.exe

C:\Windows\System\qOsOxNk.exe

C:\Windows\System\hDMDbcS.exe

C:\Windows\System\hDMDbcS.exe

C:\Windows\System\kurLpux.exe

C:\Windows\System\kurLpux.exe

C:\Windows\System\aRYUPsU.exe

C:\Windows\System\aRYUPsU.exe

C:\Windows\System\eFwOgbY.exe

C:\Windows\System\eFwOgbY.exe

C:\Windows\System\IMwAyZX.exe

C:\Windows\System\IMwAyZX.exe

C:\Windows\System\PhuFqCU.exe

C:\Windows\System\PhuFqCU.exe

C:\Windows\System\dNjyxjK.exe

C:\Windows\System\dNjyxjK.exe

C:\Windows\System\KxbQJMd.exe

C:\Windows\System\KxbQJMd.exe

C:\Windows\System\HcYsLYQ.exe

C:\Windows\System\HcYsLYQ.exe

C:\Windows\System\RZxTcxc.exe

C:\Windows\System\RZxTcxc.exe

C:\Windows\System\ilgrXoB.exe

C:\Windows\System\ilgrXoB.exe

C:\Windows\System\kkkYxtG.exe

C:\Windows\System\kkkYxtG.exe

C:\Windows\System\DFkUGCL.exe

C:\Windows\System\DFkUGCL.exe

C:\Windows\System\kqXnUkX.exe

C:\Windows\System\kqXnUkX.exe

C:\Windows\System\sDVkbDF.exe

C:\Windows\System\sDVkbDF.exe

C:\Windows\System\ZDBtcgP.exe

C:\Windows\System\ZDBtcgP.exe

C:\Windows\System\eEUEqTg.exe

C:\Windows\System\eEUEqTg.exe

C:\Windows\System\MMUumvR.exe

C:\Windows\System\MMUumvR.exe

C:\Windows\System\XgcEIYo.exe

C:\Windows\System\XgcEIYo.exe

C:\Windows\System\QETWlJp.exe

C:\Windows\System\QETWlJp.exe

C:\Windows\System\gyzuTKJ.exe

C:\Windows\System\gyzuTKJ.exe

C:\Windows\System\FBTKsjI.exe

C:\Windows\System\FBTKsjI.exe

C:\Windows\System\BbgspCm.exe

C:\Windows\System\BbgspCm.exe

C:\Windows\System\zcLWEJe.exe

C:\Windows\System\zcLWEJe.exe

C:\Windows\System\UIGMTdx.exe

C:\Windows\System\UIGMTdx.exe

C:\Windows\System\OJIdqkq.exe

C:\Windows\System\OJIdqkq.exe

C:\Windows\System\jenflYU.exe

C:\Windows\System\jenflYU.exe

C:\Windows\System\aldDEYU.exe

C:\Windows\System\aldDEYU.exe

C:\Windows\System\IvhMsSe.exe

C:\Windows\System\IvhMsSe.exe

C:\Windows\System\JVuCLXp.exe

C:\Windows\System\JVuCLXp.exe

C:\Windows\System\zAexeZR.exe

C:\Windows\System\zAexeZR.exe

C:\Windows\System\pBVlOXS.exe

C:\Windows\System\pBVlOXS.exe

C:\Windows\System\OxzDgOT.exe

C:\Windows\System\OxzDgOT.exe

C:\Windows\System\zqptYMY.exe

C:\Windows\System\zqptYMY.exe

C:\Windows\System\TIvqYXr.exe

C:\Windows\System\TIvqYXr.exe

C:\Windows\System\cDVtKUw.exe

C:\Windows\System\cDVtKUw.exe

C:\Windows\System\FQzWtPl.exe

C:\Windows\System\FQzWtPl.exe

C:\Windows\System\vcbDRCi.exe

C:\Windows\System\vcbDRCi.exe

C:\Windows\System\uKVStHl.exe

C:\Windows\System\uKVStHl.exe

C:\Windows\System\sBuCmkG.exe

C:\Windows\System\sBuCmkG.exe

C:\Windows\System\QRJMNel.exe

C:\Windows\System\QRJMNel.exe

C:\Windows\System\lmYFHSE.exe

C:\Windows\System\lmYFHSE.exe

C:\Windows\System\buhTxaM.exe

C:\Windows\System\buhTxaM.exe

C:\Windows\System\WIsqTyi.exe

C:\Windows\System\WIsqTyi.exe

C:\Windows\System\ytCsdbZ.exe

C:\Windows\System\ytCsdbZ.exe

C:\Windows\System\QKGqBuN.exe

C:\Windows\System\QKGqBuN.exe

C:\Windows\System\IhOnEhT.exe

C:\Windows\System\IhOnEhT.exe

C:\Windows\System\EVPKUTa.exe

C:\Windows\System\EVPKUTa.exe

C:\Windows\System\wWpHybf.exe

C:\Windows\System\wWpHybf.exe

C:\Windows\System\WIbcKxO.exe

C:\Windows\System\WIbcKxO.exe

C:\Windows\System\ezaDtQV.exe

C:\Windows\System\ezaDtQV.exe

C:\Windows\System\rZgLwpq.exe

C:\Windows\System\rZgLwpq.exe

C:\Windows\System\aaZQHQe.exe

C:\Windows\System\aaZQHQe.exe

C:\Windows\System\NYRNJgn.exe

C:\Windows\System\NYRNJgn.exe

C:\Windows\System\xJulera.exe

C:\Windows\System\xJulera.exe

C:\Windows\System\tVHhkFB.exe

C:\Windows\System\tVHhkFB.exe

C:\Windows\System\azgEwrn.exe

C:\Windows\System\azgEwrn.exe

C:\Windows\System\IvIYFgL.exe

C:\Windows\System\IvIYFgL.exe

C:\Windows\System\VThVOzQ.exe

C:\Windows\System\VThVOzQ.exe

C:\Windows\System\ZwkXZRv.exe

C:\Windows\System\ZwkXZRv.exe

C:\Windows\System\QJkejaY.exe

C:\Windows\System\QJkejaY.exe

C:\Windows\System\MpnesBS.exe

C:\Windows\System\MpnesBS.exe

C:\Windows\System\qFQsUcx.exe

C:\Windows\System\qFQsUcx.exe

C:\Windows\System\JMUlCNi.exe

C:\Windows\System\JMUlCNi.exe

C:\Windows\System\UrVwXLj.exe

C:\Windows\System\UrVwXLj.exe

C:\Windows\System\jgEFIuh.exe

C:\Windows\System\jgEFIuh.exe

C:\Windows\System\MPEUtJP.exe

C:\Windows\System\MPEUtJP.exe

C:\Windows\System\ecQmWkC.exe

C:\Windows\System\ecQmWkC.exe

C:\Windows\System\qRWCHIp.exe

C:\Windows\System\qRWCHIp.exe

C:\Windows\System\GmUfYLZ.exe

C:\Windows\System\GmUfYLZ.exe

C:\Windows\System\mTldvvQ.exe

C:\Windows\System\mTldvvQ.exe

C:\Windows\System\fWEeScv.exe

C:\Windows\System\fWEeScv.exe

C:\Windows\System\mJrvMmE.exe

C:\Windows\System\mJrvMmE.exe

C:\Windows\System\tsFhSue.exe

C:\Windows\System\tsFhSue.exe

C:\Windows\System\mAJwyXW.exe

C:\Windows\System\mAJwyXW.exe

C:\Windows\System\zovWYUo.exe

C:\Windows\System\zovWYUo.exe

C:\Windows\System\XZoYeaH.exe

C:\Windows\System\XZoYeaH.exe

C:\Windows\System\DrVGRTM.exe

C:\Windows\System\DrVGRTM.exe

C:\Windows\System\bjunsmC.exe

C:\Windows\System\bjunsmC.exe

C:\Windows\System\qCJlkoV.exe

C:\Windows\System\qCJlkoV.exe

C:\Windows\System\tmTRGUr.exe

C:\Windows\System\tmTRGUr.exe

C:\Windows\System\XEOaJeu.exe

C:\Windows\System\XEOaJeu.exe

C:\Windows\System\DPPUBcG.exe

C:\Windows\System\DPPUBcG.exe

C:\Windows\System\dymluUf.exe

C:\Windows\System\dymluUf.exe

C:\Windows\System\RMRhWUT.exe

C:\Windows\System\RMRhWUT.exe

C:\Windows\System\RYgycQc.exe

C:\Windows\System\RYgycQc.exe

C:\Windows\System\sspXiAw.exe

C:\Windows\System\sspXiAw.exe

C:\Windows\System\gqMXNuR.exe

C:\Windows\System\gqMXNuR.exe

C:\Windows\System\xTGynYx.exe

C:\Windows\System\xTGynYx.exe

C:\Windows\System\gYfSbkU.exe

C:\Windows\System\gYfSbkU.exe

C:\Windows\System\SPnObAB.exe

C:\Windows\System\SPnObAB.exe

C:\Windows\System\YRwJGRz.exe

C:\Windows\System\YRwJGRz.exe

C:\Windows\System\NGVqHrN.exe

C:\Windows\System\NGVqHrN.exe

C:\Windows\System\mzOeGtl.exe

C:\Windows\System\mzOeGtl.exe

C:\Windows\System\RAzNYII.exe

C:\Windows\System\RAzNYII.exe

C:\Windows\System\XEWuHlN.exe

C:\Windows\System\XEWuHlN.exe

C:\Windows\System\ktxdjvH.exe

C:\Windows\System\ktxdjvH.exe

C:\Windows\System\AhmkBoQ.exe

C:\Windows\System\AhmkBoQ.exe

C:\Windows\System\xNyWvcm.exe

C:\Windows\System\xNyWvcm.exe

C:\Windows\System\pbJVHOX.exe

C:\Windows\System\pbJVHOX.exe

C:\Windows\System\rffeFFu.exe

C:\Windows\System\rffeFFu.exe

C:\Windows\System\vTtfqWR.exe

C:\Windows\System\vTtfqWR.exe

C:\Windows\System\vOMLWOa.exe

C:\Windows\System\vOMLWOa.exe

C:\Windows\System\BoVnwEV.exe

C:\Windows\System\BoVnwEV.exe

C:\Windows\System\fZnvfch.exe

C:\Windows\System\fZnvfch.exe

C:\Windows\System\YbGNZOZ.exe

C:\Windows\System\YbGNZOZ.exe

C:\Windows\System\CmreEnq.exe

C:\Windows\System\CmreEnq.exe

C:\Windows\System\wuFSefn.exe

C:\Windows\System\wuFSefn.exe

C:\Windows\System\DiSonDu.exe

C:\Windows\System\DiSonDu.exe

C:\Windows\System\cebcMNG.exe

C:\Windows\System\cebcMNG.exe

C:\Windows\System\EQCTYat.exe

C:\Windows\System\EQCTYat.exe

C:\Windows\System\QCvgPFd.exe

C:\Windows\System\QCvgPFd.exe

C:\Windows\System\NyldBiI.exe

C:\Windows\System\NyldBiI.exe

C:\Windows\System\WHhEDJM.exe

C:\Windows\System\WHhEDJM.exe

C:\Windows\System\hhHwDkP.exe

C:\Windows\System\hhHwDkP.exe

C:\Windows\System\WYzDDxd.exe

C:\Windows\System\WYzDDxd.exe

C:\Windows\System\CtxdrtT.exe

C:\Windows\System\CtxdrtT.exe

C:\Windows\System\jwzLNwp.exe

C:\Windows\System\jwzLNwp.exe

C:\Windows\System\jMxTvlQ.exe

C:\Windows\System\jMxTvlQ.exe

C:\Windows\System\qTPgnNs.exe

C:\Windows\System\qTPgnNs.exe

C:\Windows\System\IBbyNuP.exe

C:\Windows\System\IBbyNuP.exe

C:\Windows\System\ikNkbOI.exe

C:\Windows\System\ikNkbOI.exe

C:\Windows\System\CxelMFK.exe

C:\Windows\System\CxelMFK.exe

C:\Windows\System\eatgUJQ.exe

C:\Windows\System\eatgUJQ.exe

C:\Windows\System\fxblMwV.exe

C:\Windows\System\fxblMwV.exe

C:\Windows\System\dpGFgLW.exe

C:\Windows\System\dpGFgLW.exe

C:\Windows\System\ihlREER.exe

C:\Windows\System\ihlREER.exe

C:\Windows\System\pUOzaFI.exe

C:\Windows\System\pUOzaFI.exe

C:\Windows\System\sErIAGR.exe

C:\Windows\System\sErIAGR.exe

C:\Windows\System\xbmhDzO.exe

C:\Windows\System\xbmhDzO.exe

C:\Windows\System\zfOfCSi.exe

C:\Windows\System\zfOfCSi.exe

Network

Country Destination Domain Proto
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp

Files

memory/1752-0-0x000000013FDF0000-0x0000000140144000-memory.dmp

memory/1752-1-0x00000000000F0000-0x0000000000100000-memory.dmp

\Windows\system\cYfMdWs.exe

MD5 1ee4c38ec62beffbb510f1a1ae779ba2
SHA1 92100ccf85f20a34c5aa0e13a10a6561328c927b
SHA256 f74d1228a8e7237bef01c003da8089dbc106ca744cadef5b101810e685effe1c
SHA512 b5e5185fa11b9404bca900f87ad18fafdc59cad7ec15be8a0f5eef106399ecd55899dce76296a58f76ec493e2e2235341b6ac6cccf2c0d289a5bf460fc6336ff

memory/3016-9-0x000000013F820000-0x000000013FB74000-memory.dmp

memory/1752-8-0x000000013F820000-0x000000013FB74000-memory.dmp

\Windows\system\wuxBtCc.exe

MD5 ed717d46b3bc23a81976e83f1dedc103
SHA1 230d9cb3d23c73e17159872d7e2172ff1d8387fe
SHA256 636906e5784d903809698e31361e69fd2c5d4d857d9215e8c9c82e5ac4d90b9e
SHA512 779fb2980f0e75deab829f4117386f9950eb6e2b69524839635ac94c5fdf99ec816c97c3269166141d10b1871a3c97bcb0d509beb96f49173d749fb7fec85c5f

C:\Windows\system\knKSeMf.exe

MD5 ab9cf7dec114b626c1272be3aad1cacd
SHA1 30a6122eda045cb19623fe8dca647d17664d9508
SHA256 cbd11d125c995fde67dc75e10c77a6db731be0236ef20de47578b660ffee49f0
SHA512 81915d7da5d294ecef6226e31edd07aceb84d58458c2e969f86b0844de9ea348003af2c775fd1351b3887885e5cc6cc07e95c3f7237d947c3c4f726e39a09629

C:\Windows\system\rHRHDho.exe

MD5 387a49d1501d93d23a82c7e03c5c6d9e
SHA1 0a4962ff1d887f6f0ca2dc27c614984fedaac8c1
SHA256 248ee43ae71139a9761da3a6d87fe28aa18f39ba09003dbdc7ecb5ca5b6afe2b
SHA512 7c4b552de6289ce3c48feeea5dff621a9e7e06051bd6a69216a53aaecb35365a80f1a1d590a1be5473b22f9ba567047818b1151570e07556466e2637469c5499

\Windows\system\JcGqtth.exe

MD5 d5f38c24998cba5254e5d82a40713015
SHA1 d922ff64c5b1a47f177a66e0889541405f3a9750
SHA256 551714e0f0192dc4ede54fde1825889423e7af80b01e96032fc8b00ba9519b2d
SHA512 382bfef248630402c120c401db6d463b181754d159036a63aae37983df094d841d122db0db5c6985ed4e600be0828e210f549694f177ca9aa969907b3d2ece2a

C:\Windows\system\ploIkUB.exe

MD5 52cd7ee149e9a2a538034059e50bba16
SHA1 4bfe6e2dd0481dc0f572e554aa019d17f37cfe63
SHA256 b33abd2ad71ddf0ff10a35b92d258edaab7a14d31cdab94980d83557ba68d235
SHA512 ca07d881b6882a51a3886f692cc78835165f777334dcc14aa4cce5c6c605ef20fc6c014c7b3cbb02d32d80968c62126c40e79fb01df60e0b4fd7e853f4afd0bd

C:\Windows\system\ZbcazIu.exe

MD5 05602caad03d2381b1ceaf1207cd6d59
SHA1 17bd7f01b87da58ec466748cbcea7894cef4a159
SHA256 f9739d9fdc2c36969eb6b6611d98ab7a41bf16999aa7b971a76e913f21ccf54c
SHA512 510264ec2ddaafa26a4499209818b24569f422f60e5dcc73d260d0d81c532d49ddbea757537c5695b07c5874cdc3be7a324c3b84fe7f006ce6aa90ab97749bc4

C:\Windows\system\QWViZPo.exe

MD5 2f6358e2d0034102210ef85ea69b2251
SHA1 c03116db1281c6f8bca1ebc75f544cd00a5c2880
SHA256 193aab009c213d15f4db9a89661b918007131b5ead252ddad9661a1db533599b
SHA512 a079e8c2875087aecd5d7f2ca6de7c2a39dcf2aaa9e2289659b7ea7018c86504a33957fa6d8a8fb6ed671a0ee191d6108e36eb43b15a0dd5864400fa5966ba38

C:\Windows\system\MVCzSnQ.exe

MD5 1998628b09a2d51307ca58ff29980947
SHA1 cecd1686d87d2717915cf47dd7f1bdf0fb494488
SHA256 1a998e29ebd8cb0b078c310555edf95678dbc0d3cf98f072e3a493dd3faa66a1
SHA512 d4bb98e2c35d2dbdbd9b696fb67302d3bbbec8fdf4a334632989f331f00c05acc48c7c0e1778bcbae3739f641a749641d0ad9fdf3d96f508bada11be5113afd7

C:\Windows\system\diAxTyU.exe

MD5 bff1bdb7510731c85197f61f2d6a0563
SHA1 c55407856bec04be6b98e95e3c85d051783a90aa
SHA256 170a4d77f7a07fb7996c50967e528a4a0696a6290fab297b4639b2cb143c695a
SHA512 d19695e669488f8e9ba8a82180c863be956167b272943443b52f0b8392c516c536c0f89ebe205016bb83382c124cd2b7232daeea6dec40d0d1c6a0f8b7e01751

C:\Windows\system\IZIrpeQ.exe

MD5 34a2a76e256f30de8a2d10b39756b436
SHA1 5c7d9716a12b58aaa292dd93495448a8ceef2c3b
SHA256 97fad8536266d975e6b24c13ff57f2be8527d3545f6d88ec3a8999535d333944
SHA512 b67e699bea28c9e68b7aa54e076efc0c51cb4bcb469eaa166fdbca378d333c228567310e7c28bb0acb91f3f4496e73365b64d70f71990d66ad3db7aa03f13a00

memory/1752-311-0x0000000002070000-0x00000000023C4000-memory.dmp

memory/1944-325-0x000000013FE00000-0x0000000140154000-memory.dmp

memory/1752-326-0x0000000002070000-0x00000000023C4000-memory.dmp

memory/2668-331-0x000000013F5E0000-0x000000013F934000-memory.dmp

memory/1752-381-0x000000013F130000-0x000000013F484000-memory.dmp

memory/1752-425-0x000000013F660000-0x000000013F9B4000-memory.dmp

memory/1524-419-0x000000013F0E0000-0x000000013F434000-memory.dmp

memory/1752-409-0x000000013F0E0000-0x000000013F434000-memory.dmp

memory/2620-382-0x000000013F130000-0x000000013F484000-memory.dmp

memory/2820-375-0x000000013FA90000-0x000000013FDE4000-memory.dmp

memory/1752-426-0x000000013F8D0000-0x000000013FC24000-memory.dmp

memory/2476-408-0x000000013FEA0000-0x00000001401F4000-memory.dmp

memory/1752-396-0x0000000002070000-0x00000000023C4000-memory.dmp

memory/2676-393-0x000000013F1F0000-0x000000013F544000-memory.dmp

memory/1752-350-0x0000000002070000-0x00000000023C4000-memory.dmp

memory/2552-345-0x000000013F180000-0x000000013F4D4000-memory.dmp

memory/1752-372-0x000000013FA90000-0x000000013FDE4000-memory.dmp

memory/2724-367-0x000000013F880000-0x000000013FBD4000-memory.dmp

memory/1752-364-0x000000013F880000-0x000000013FBD4000-memory.dmp

memory/2580-352-0x000000013FD50000-0x00000001400A4000-memory.dmp

memory/1752-330-0x000000013F5E0000-0x000000013F934000-memory.dmp

memory/2576-328-0x000000013FB70000-0x000000013FEC4000-memory.dmp

memory/1752-324-0x0000000002070000-0x00000000023C4000-memory.dmp

memory/3044-317-0x000000013FEA0000-0x00000001401F4000-memory.dmp

memory/2132-323-0x000000013F8D0000-0x000000013FC24000-memory.dmp

C:\Windows\system\HQRiUcx.exe

MD5 58e28ca66a8a710936d7819094648e76
SHA1 75033a3b5b0d7daa6daf57b37c7d921c8dfc75ee
SHA256 8a6aa49956984da1e584a0a9a7f9a83fa6da1f11060f77e526bac28139f57e07
SHA512 15d4e8cc37ceba1e3e303d6b2b81a9244a117d26772c5a4002a4be659ad93006ef9dea15c0ceeb63321c6a63afa12f42c44521d07384e4115c5ab1a97bd4240a

C:\Windows\system\ndnZULx.exe

MD5 8bea1318e0f5bf8e876e0483db08154e
SHA1 6bfbc4148e6ba43c2165d7be9a40912d0d98a3ca
SHA256 67fd59eecd6dbc9cc4249bc4f8f5911eb4c2f93f53c223d1d29dfadfb177adc3
SHA512 5bb7d99d1eb24cb3b7d633b6c8eaa5ce27335df0fb71bc4fc6005bd386403336afac8b550590b76c87ff3ad26842767b7ef34d9ffa6a3c829eb258dcab07a50c

C:\Windows\system\OLyqCai.exe

MD5 c6b9ff0dd4c15a790ddf7f69883c4eb8
SHA1 3201d2ce93f4e7dca247313ae987f1e02161ba93
SHA256 a746e909b6614e191bfdad46f1036004912cdf14efeffb5228cda34a35182d15
SHA512 ef61783a10b816e95656ffc4e4439e282e15ec22f20168a6f3ffdc80b708041807f6fa9b62e388c4e9cea7026b89f40220db0687582a7ea7b2787b52b16d9693

C:\Windows\system\zFWIFgh.exe

MD5 8c6cc7c73bb7d9ea871164f2fbff0af1
SHA1 64d857b0a79b9e782741c64fb02de7cad2fdf9f2
SHA256 16845ae8565b620b184c44165f7682923b34019b0ae41d7ba49c0a1ddf061627
SHA512 8361a81b00c731d2b412e48cbbe51053129bd1119ec7ca921b8561efdd1c0a025c555b5737f0d0cec7cbb2321358e6a4624e115543734893406c74180aa35360

C:\Windows\system\BDYQKye.exe

MD5 caae9fefd4572d330160a3a450d5ee08
SHA1 03f7a86ef6cd6c1d120d9f79826c2909e1cb3f63
SHA256 95cdfd4277bb94bb9b1962a4e6bd192ac13d0c27e48ff5f3457a2b9e8da14211
SHA512 4aee59125d0edcf8b14ec1c65f93fad5ac2ae2f7a867eef7b9ecefb0ed5c5bee484b3239391541b9a55503d121ce711811348f242e255c5592d52ab63a4be7c9

C:\Windows\system\yQNdpgN.exe

MD5 157b2a1df7619c360339a5a3542b7cc5
SHA1 d449dc6dffb9e089f7d6173fb3903fb1a263a117
SHA256 68b9625ec1033a9f2ac339133d486844badb6292d12b003c529255eca7a68bb9
SHA512 6670f909dcdc04a446681015861eb01a8ced4325b0b692840bbb962c4d6b73cba02aa47b373f52961396471153c166b112611f65954b9cb0d783ea429b90271b

C:\Windows\system\RfbenzZ.exe

MD5 4f911456ab377524ff36d0b4ee72335e
SHA1 49b41887cef6e17b7bbc358ffc6678730e8faf10
SHA256 e44f6d607bdcc7fb446e80c966841ab467817f3fdc8d9f9586e09946659d52d1
SHA512 1093cf71aeea59544cf93e60f1fd47326f70c6a98cdec91ac767eaebdb05135a686bd19746bad5e2e75c67d1bd9b2af972149cb09d5e4ef5ec4771dd04f934b3

C:\Windows\system\eKcvMiY.exe

MD5 2e7a9c910935af6516f6cd6e54e22788
SHA1 63b078c6d0623efc63743b4ad306261db1a73786
SHA256 6d887292d46aea1b2afa46f4a824033835378aa6dd96763e7dfa1766a693b10a
SHA512 8e24b32d9c4c98ac6af08c9df0de3468f5c7d275050f356bf14a37b1e028b5701ba755dc4ef8f6b02d0bc852b3b825c3146045c1c3ae5f277e14c12d1ef1fae1

C:\Windows\system\ddqQUcX.exe

MD5 55b4324e081f59b5617e7bb585f8b804
SHA1 9a8302b01daf7ce428596f211b02b19ffa6e9897
SHA256 5f041a0496b9862d278104a345ffe8aa30e4dbd506df9943983ee9e85061ce2a
SHA512 84af5de009eec594425a4b7f596ecaa1d267af113799f148a8cf55212f11e6f82a4ed3b2caf7d927b9f580e25e219d26451794cac72eac6400a3be4c7e6232e2

C:\Windows\system\kpOUTdv.exe

MD5 ba41db8067b7ce19c8919dea98e63841
SHA1 4099165baaa411648ecd8ab97ff630ec2199ad1e
SHA256 daf3b1f629276566e6d833a85597b7e4329effe106ffce4a2e004a383b3bb011
SHA512 7d35df6e2b358ed5ddd779cc94f7c2f801e9e667a5927b863a772a7624bc34e481246fd1c0751ccc47522d54a703cd469a44ff55d3e392cc667143d27e473447

C:\Windows\system\FqcmIZU.exe

MD5 73644f7c3f2841de19d8700fb2ff35fb
SHA1 24e5d30cc722cc830d80a5df5a5b5c492fe514ef
SHA256 035e465d004bdeae2fd3a74bb2ce85f9bc52f714c8910d64dd494aaad439965a
SHA512 1de8a203387dfc6f766c6346543455720f02747960aba2b109f2d67c699b5493e1633af2068a194d5e9c8cab5a5ba13408756bf8ffb36d839f95f31ed55af0e5

C:\Windows\system\mueSlGD.exe

MD5 b495270399cda32f4aa4d1909b4aa63e
SHA1 08147028bd963c22c8f34cef35d681c9f84f49b7
SHA256 07ec22b08ac9f076d7bddca8e61f796b3187a8913602c1baa8ecd607b3d9cbfc
SHA512 7f6dd42d5e9148afe7f53e998c0c7ed68dee0f0e2289afef372b593174f86206d87c6a49a4d007acf1c708b1452def987c80158a4838204f8c033d0fc63fc21a

C:\Windows\system\PjwJdhl.exe

MD5 580b9892bcee6946f10302afa745543c
SHA1 06de54bfbc141848cc9e996e4d51c9806e918157
SHA256 4c856593724df4ff30effcbff503e10874256e98d37db5f17f520f9308477439
SHA512 e4c6ba70ffafd0112dd2b0c53fb8c6a3fb43629f28a8ca402069efa16c67a42f127a4408b6b15de68264fdb3ea4bb77f25c077ff1900018ad61575cd83651722

C:\Windows\system\caYRDXa.exe

MD5 016a31ec6158c8bb1e3c80644f941a6d
SHA1 bf303e1c74e5f8d798420adfc766fda67298a5dc
SHA256 96a6cc8f6c40ed8d5b776cc8173a7ab75b96df1af9987d9d0c753183722940e4
SHA512 f1fe365f0c95cde56c1eb912ae219c758ee3c07ea96d899eef2086b0bd1ba1202b379b390a409372c8ba22f1bf52b453fe4c2968def5d9723b85005b2e70e67a

C:\Windows\system\UUiaxXh.exe

MD5 e96a4081159179b59333d35accc6b5a2
SHA1 d232e4f0aaf0ecc25005e4c73e5fcb2e36a25336
SHA256 746be0ba3fdcd218078377862923d27957eda93b230bf3f232a7fa7568954296
SHA512 32da8b8994767a745424b77c5107a9e59a1849368040e7148900bd30989d4fd85f864a9a5a36d62f90b5d8e1e17706fdf0ba4cbec0571a34e3ae00a27ec964aa

C:\Windows\system\cPFzhOV.exe

MD5 83f1ab8ca54f4ad09f423787bb86d81d
SHA1 5cf9f1c107105628ad29b3b835560e4f0883b93a
SHA256 a59eb753645036760ac59ce301ae179e70d009598a4bee4cc9e23f963f8e0546
SHA512 1af51afd7dce7f68ce413806cf91ff9a902805d1c1042110cd324c975c9dfcb40cdce6a35faeb0f5664162dec718aa39e1fea76820a098b33509884e0edd097e

C:\Windows\system\fBERhKv.exe

MD5 e5b89d30d9546b63b1ceae8e9cb76db9
SHA1 7194b48bea5299fe60ca3bdd06297d1dc4fb73f1
SHA256 7f6711a5c43986c8ad65275287f1970e507c8752cd471ad7115977bbc09922f5
SHA512 a12d2026fb2ef69ca95f0c6d01ce73cc231b4f8f3b2656efca9547592d94b5982c562995e52f94c08bef036f50a6181d0fdf19b9e0e5c7ca05358b1f22303568

C:\Windows\system\vlDHoOz.exe

MD5 6ceae45964b2139ba509ee014537e754
SHA1 9c2b69e41ed291788df63b5163ed0d70449b3081
SHA256 68e09550796aabeb744ed1f561241d9eac0676b9d37e82b8db07b0a8454ef092
SHA512 0c5272575e5096d10d4d984fb4dbfe0eb3e93494bf59e28c9250963fdbed26a6e2516e1be11706190cfc92c460b16afc50bebd26caa51285013dd5a2a8c70659

C:\Windows\system\xOrQcag.exe

MD5 0d4048cd54c3ac44223d01895611cc5c
SHA1 c2f7fe46a956e619b2c1a8034a2ce21fc68f5328
SHA256 6065b3e33a8ebd7dd33c357ec673e06e5e6c7bfae1f1af96ee011cabac89fa0f
SHA512 93a63e88c4cc568a7dd96a2d620d59efaf9d97685196f7f6b5e8cd8578550015ebc4611a036dd308092e0c7093dfa7faa840a1e70484edcf5a733c449afefed0

C:\Windows\system\AknYNRU.exe

MD5 8e5ee9c5664330a8b2e39fad146c4ad1
SHA1 959f4c4d4fa5b2c94d7081ccc9dd5f2b9509e4a9
SHA256 93ff8995d44f82b86d9ff626e430a839a6998ce887329542246533bb1ab0a030
SHA512 0f13236dd87f8825d9f9889f67f0f54cfae34c40c5591b26204699ba3355e43a022f9bdbc1ce86fd595607ceedecebf67904729a457746f46cbba103384d591e

C:\Windows\system\njDTINc.exe

MD5 ff29761659fb7083517999dc359e2950
SHA1 f11fbd9bad6bf815e840dc082aff3f25b400452f
SHA256 e7a76d71b1d37f5524505ba8803b6df81daf531fe57c438de48b089cc0c55cbd
SHA512 be7e219d3428c9e1dc4944ce4d892d3b33e248bf3b7bdee1b97d36cb40599ab2497819a82dd9011791dab696f635b96cb153df7f4211932f21ca2483292966ad

memory/1752-1068-0x000000013FDF0000-0x0000000140144000-memory.dmp

memory/1752-1069-0x0000000002070000-0x00000000023C4000-memory.dmp

memory/1752-1070-0x0000000002070000-0x00000000023C4000-memory.dmp

memory/1752-1071-0x000000013F5E0000-0x000000013F934000-memory.dmp

memory/1752-1072-0x000000013F130000-0x000000013F484000-memory.dmp

memory/1752-1073-0x000000013F0E0000-0x000000013F434000-memory.dmp

memory/1752-1074-0x000000013F660000-0x000000013F9B4000-memory.dmp

memory/1752-1075-0x000000013F8D0000-0x000000013FC24000-memory.dmp

memory/3016-1076-0x000000013F820000-0x000000013FB74000-memory.dmp

memory/3044-1077-0x000000013FEA0000-0x00000001401F4000-memory.dmp

memory/2132-1078-0x000000013F8D0000-0x000000013FC24000-memory.dmp

memory/1944-1079-0x000000013FE00000-0x0000000140154000-memory.dmp

memory/2668-1081-0x000000013F5E0000-0x000000013F934000-memory.dmp

memory/2576-1080-0x000000013FB70000-0x000000013FEC4000-memory.dmp

memory/2580-1082-0x000000013FD50000-0x00000001400A4000-memory.dmp

memory/2724-1083-0x000000013F880000-0x000000013FBD4000-memory.dmp

memory/2676-1087-0x000000013F1F0000-0x000000013F544000-memory.dmp

memory/1524-1089-0x000000013F0E0000-0x000000013F434000-memory.dmp

memory/2476-1088-0x000000013FEA0000-0x00000001401F4000-memory.dmp

memory/2620-1086-0x000000013F130000-0x000000013F484000-memory.dmp

memory/2820-1085-0x000000013FA90000-0x000000013FDE4000-memory.dmp

memory/2552-1084-0x000000013F180000-0x000000013F4D4000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-05-31 01:07

Reported

2024-05-31 01:10

Platform

win10v2004-20240508-en

Max time kernel

124s

Max time network

140s

Command Line

"C:\Users\Admin\AppData\Local\Temp\709f39a0a7c99988fb0a9ba92034f780_NeikiAnalytics.exe"

Signatures

KPOT

trojan stealer kpot

KPOT Core Executable

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

xmrig

miner xmrig

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Windows\System\cYfMdWs.exe N/A
N/A N/A C:\Windows\System\wuxBtCc.exe N/A
N/A N/A C:\Windows\System\knKSeMf.exe N/A
N/A N/A C:\Windows\System\njDTINc.exe N/A
N/A N/A C:\Windows\System\rHRHDho.exe N/A
N/A N/A C:\Windows\System\JcGqtth.exe N/A
N/A N/A C:\Windows\System\AknYNRU.exe N/A
N/A N/A C:\Windows\System\xOrQcag.exe N/A
N/A N/A C:\Windows\System\ploIkUB.exe N/A
N/A N/A C:\Windows\System\vlDHoOz.exe N/A
N/A N/A C:\Windows\System\fBERhKv.exe N/A
N/A N/A C:\Windows\System\cPFzhOV.exe N/A
N/A N/A C:\Windows\System\UUiaxXh.exe N/A
N/A N/A C:\Windows\System\caYRDXa.exe N/A
N/A N/A C:\Windows\System\PjwJdhl.exe N/A
N/A N/A C:\Windows\System\ZbcazIu.exe N/A
N/A N/A C:\Windows\System\FqcmIZU.exe N/A
N/A N/A C:\Windows\System\kpOUTdv.exe N/A
N/A N/A C:\Windows\System\QWViZPo.exe N/A
N/A N/A C:\Windows\System\ddqQUcX.exe N/A
N/A N/A C:\Windows\System\eKcvMiY.exe N/A
N/A N/A C:\Windows\System\RfbenzZ.exe N/A
N/A N/A C:\Windows\System\mueSlGD.exe N/A
N/A N/A C:\Windows\System\MVCzSnQ.exe N/A
N/A N/A C:\Windows\System\diAxTyU.exe N/A
N/A N/A C:\Windows\System\yQNdpgN.exe N/A
N/A N/A C:\Windows\System\BDYQKye.exe N/A
N/A N/A C:\Windows\System\ndnZULx.exe N/A
N/A N/A C:\Windows\System\OLyqCai.exe N/A
N/A N/A C:\Windows\System\HQRiUcx.exe N/A
N/A N/A C:\Windows\System\zFWIFgh.exe N/A
N/A N/A C:\Windows\System\IZIrpeQ.exe N/A
N/A N/A C:\Windows\System\aHDXcak.exe N/A
N/A N/A C:\Windows\System\ANvXhKM.exe N/A
N/A N/A C:\Windows\System\KRrpEXH.exe N/A
N/A N/A C:\Windows\System\SPGvksA.exe N/A
N/A N/A C:\Windows\System\vtIqsdr.exe N/A
N/A N/A C:\Windows\System\TKgvtyz.exe N/A
N/A N/A C:\Windows\System\IesneCW.exe N/A
N/A N/A C:\Windows\System\KSFFdAg.exe N/A
N/A N/A C:\Windows\System\psoAHGw.exe N/A
N/A N/A C:\Windows\System\jLxaeud.exe N/A
N/A N/A C:\Windows\System\kNBCbcM.exe N/A
N/A N/A C:\Windows\System\POOpXJE.exe N/A
N/A N/A C:\Windows\System\LmJpWLT.exe N/A
N/A N/A C:\Windows\System\AwfKZyk.exe N/A
N/A N/A C:\Windows\System\iHLXoqE.exe N/A
N/A N/A C:\Windows\System\JFziQON.exe N/A
N/A N/A C:\Windows\System\HoisnFz.exe N/A
N/A N/A C:\Windows\System\ttrWmet.exe N/A
N/A N/A C:\Windows\System\fbRidfR.exe N/A
N/A N/A C:\Windows\System\yJtCauu.exe N/A
N/A N/A C:\Windows\System\bzPhZMJ.exe N/A
N/A N/A C:\Windows\System\inuDErT.exe N/A
N/A N/A C:\Windows\System\pkXIzPq.exe N/A
N/A N/A C:\Windows\System\NdlStet.exe N/A
N/A N/A C:\Windows\System\jblODTY.exe N/A
N/A N/A C:\Windows\System\gElIlDE.exe N/A
N/A N/A C:\Windows\System\MnjGahQ.exe N/A
N/A N/A C:\Windows\System\qHWzYQC.exe N/A
N/A N/A C:\Windows\System\GzvGvQL.exe N/A
N/A N/A C:\Windows\System\DUbfytI.exe N/A
N/A N/A C:\Windows\System\zTBLMtF.exe N/A
N/A N/A C:\Windows\System\ZztkyUl.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\System\pUOzaFI.exe C:\Users\Admin\AppData\Local\Temp\709f39a0a7c99988fb0a9ba92034f780_NeikiAnalytics.exe N/A
File created C:\Windows\System\yQNdpgN.exe C:\Users\Admin\AppData\Local\Temp\709f39a0a7c99988fb0a9ba92034f780_NeikiAnalytics.exe N/A
File created C:\Windows\System\hDMDbcS.exe C:\Users\Admin\AppData\Local\Temp\709f39a0a7c99988fb0a9ba92034f780_NeikiAnalytics.exe N/A
File created C:\Windows\System\KxbQJMd.exe C:\Users\Admin\AppData\Local\Temp\709f39a0a7c99988fb0a9ba92034f780_NeikiAnalytics.exe N/A
File created C:\Windows\System\UrVwXLj.exe C:\Users\Admin\AppData\Local\Temp\709f39a0a7c99988fb0a9ba92034f780_NeikiAnalytics.exe N/A
File created C:\Windows\System\sspXiAw.exe C:\Users\Admin\AppData\Local\Temp\709f39a0a7c99988fb0a9ba92034f780_NeikiAnalytics.exe N/A
File created C:\Windows\System\JVuCLXp.exe C:\Users\Admin\AppData\Local\Temp\709f39a0a7c99988fb0a9ba92034f780_NeikiAnalytics.exe N/A
File created C:\Windows\System\vTtfqWR.exe C:\Users\Admin\AppData\Local\Temp\709f39a0a7c99988fb0a9ba92034f780_NeikiAnalytics.exe N/A
File created C:\Windows\System\EQCTYat.exe C:\Users\Admin\AppData\Local\Temp\709f39a0a7c99988fb0a9ba92034f780_NeikiAnalytics.exe N/A
File created C:\Windows\System\MVCzSnQ.exe C:\Users\Admin\AppData\Local\Temp\709f39a0a7c99988fb0a9ba92034f780_NeikiAnalytics.exe N/A
File created C:\Windows\System\psoAHGw.exe C:\Users\Admin\AppData\Local\Temp\709f39a0a7c99988fb0a9ba92034f780_NeikiAnalytics.exe N/A
File created C:\Windows\System\NoSATyZ.exe C:\Users\Admin\AppData\Local\Temp\709f39a0a7c99988fb0a9ba92034f780_NeikiAnalytics.exe N/A
File created C:\Windows\System\nrzYbDD.exe C:\Users\Admin\AppData\Local\Temp\709f39a0a7c99988fb0a9ba92034f780_NeikiAnalytics.exe N/A
File created C:\Windows\System\zcLWEJe.exe C:\Users\Admin\AppData\Local\Temp\709f39a0a7c99988fb0a9ba92034f780_NeikiAnalytics.exe N/A
File created C:\Windows\System\FBTKsjI.exe C:\Users\Admin\AppData\Local\Temp\709f39a0a7c99988fb0a9ba92034f780_NeikiAnalytics.exe N/A
File created C:\Windows\System\wuxBtCc.exe C:\Users\Admin\AppData\Local\Temp\709f39a0a7c99988fb0a9ba92034f780_NeikiAnalytics.exe N/A
File created C:\Windows\System\jLxaeud.exe C:\Users\Admin\AppData\Local\Temp\709f39a0a7c99988fb0a9ba92034f780_NeikiAnalytics.exe N/A
File created C:\Windows\System\hMHSbsN.exe C:\Users\Admin\AppData\Local\Temp\709f39a0a7c99988fb0a9ba92034f780_NeikiAnalytics.exe N/A
File created C:\Windows\System\yKxJZLT.exe C:\Users\Admin\AppData\Local\Temp\709f39a0a7c99988fb0a9ba92034f780_NeikiAnalytics.exe N/A
File created C:\Windows\System\DPhMiwU.exe C:\Users\Admin\AppData\Local\Temp\709f39a0a7c99988fb0a9ba92034f780_NeikiAnalytics.exe N/A
File created C:\Windows\System\vNAPPGv.exe C:\Users\Admin\AppData\Local\Temp\709f39a0a7c99988fb0a9ba92034f780_NeikiAnalytics.exe N/A
File created C:\Windows\System\IvhMsSe.exe C:\Users\Admin\AppData\Local\Temp\709f39a0a7c99988fb0a9ba92034f780_NeikiAnalytics.exe N/A
File created C:\Windows\System\fZnvfch.exe C:\Users\Admin\AppData\Local\Temp\709f39a0a7c99988fb0a9ba92034f780_NeikiAnalytics.exe N/A
File created C:\Windows\System\CtxdrtT.exe C:\Users\Admin\AppData\Local\Temp\709f39a0a7c99988fb0a9ba92034f780_NeikiAnalytics.exe N/A
File created C:\Windows\System\BDYQKye.exe C:\Users\Admin\AppData\Local\Temp\709f39a0a7c99988fb0a9ba92034f780_NeikiAnalytics.exe N/A
File created C:\Windows\System\qHWzYQC.exe C:\Users\Admin\AppData\Local\Temp\709f39a0a7c99988fb0a9ba92034f780_NeikiAnalytics.exe N/A
File created C:\Windows\System\sDVkbDF.exe C:\Users\Admin\AppData\Local\Temp\709f39a0a7c99988fb0a9ba92034f780_NeikiAnalytics.exe N/A
File created C:\Windows\System\gyzuTKJ.exe C:\Users\Admin\AppData\Local\Temp\709f39a0a7c99988fb0a9ba92034f780_NeikiAnalytics.exe N/A
File created C:\Windows\System\RMRhWUT.exe C:\Users\Admin\AppData\Local\Temp\709f39a0a7c99988fb0a9ba92034f780_NeikiAnalytics.exe N/A
File created C:\Windows\System\DFkUGCL.exe C:\Users\Admin\AppData\Local\Temp\709f39a0a7c99988fb0a9ba92034f780_NeikiAnalytics.exe N/A
File created C:\Windows\System\zAexeZR.exe C:\Users\Admin\AppData\Local\Temp\709f39a0a7c99988fb0a9ba92034f780_NeikiAnalytics.exe N/A
File created C:\Windows\System\qCJlkoV.exe C:\Users\Admin\AppData\Local\Temp\709f39a0a7c99988fb0a9ba92034f780_NeikiAnalytics.exe N/A
File created C:\Windows\System\jaZHVTY.exe C:\Users\Admin\AppData\Local\Temp\709f39a0a7c99988fb0a9ba92034f780_NeikiAnalytics.exe N/A
File created C:\Windows\System\ftcjQMW.exe C:\Users\Admin\AppData\Local\Temp\709f39a0a7c99988fb0a9ba92034f780_NeikiAnalytics.exe N/A
File created C:\Windows\System\txWIBKw.exe C:\Users\Admin\AppData\Local\Temp\709f39a0a7c99988fb0a9ba92034f780_NeikiAnalytics.exe N/A
File created C:\Windows\System\mADDvmJ.exe C:\Users\Admin\AppData\Local\Temp\709f39a0a7c99988fb0a9ba92034f780_NeikiAnalytics.exe N/A
File created C:\Windows\System\ilgrXoB.exe C:\Users\Admin\AppData\Local\Temp\709f39a0a7c99988fb0a9ba92034f780_NeikiAnalytics.exe N/A
File created C:\Windows\System\cebcMNG.exe C:\Users\Admin\AppData\Local\Temp\709f39a0a7c99988fb0a9ba92034f780_NeikiAnalytics.exe N/A
File created C:\Windows\System\giUaFcx.exe C:\Users\Admin\AppData\Local\Temp\709f39a0a7c99988fb0a9ba92034f780_NeikiAnalytics.exe N/A
File created C:\Windows\System\KVktpLG.exe C:\Users\Admin\AppData\Local\Temp\709f39a0a7c99988fb0a9ba92034f780_NeikiAnalytics.exe N/A
File created C:\Windows\System\dNjyxjK.exe C:\Users\Admin\AppData\Local\Temp\709f39a0a7c99988fb0a9ba92034f780_NeikiAnalytics.exe N/A
File created C:\Windows\System\ANvXhKM.exe C:\Users\Admin\AppData\Local\Temp\709f39a0a7c99988fb0a9ba92034f780_NeikiAnalytics.exe N/A
File created C:\Windows\System\vhvvghD.exe C:\Users\Admin\AppData\Local\Temp\709f39a0a7c99988fb0a9ba92034f780_NeikiAnalytics.exe N/A
File created C:\Windows\System\CxelMFK.exe C:\Users\Admin\AppData\Local\Temp\709f39a0a7c99988fb0a9ba92034f780_NeikiAnalytics.exe N/A
File created C:\Windows\System\DrVGRTM.exe C:\Users\Admin\AppData\Local\Temp\709f39a0a7c99988fb0a9ba92034f780_NeikiAnalytics.exe N/A
File created C:\Windows\System\ktxdjvH.exe C:\Users\Admin\AppData\Local\Temp\709f39a0a7c99988fb0a9ba92034f780_NeikiAnalytics.exe N/A
File created C:\Windows\System\JcGqtth.exe C:\Users\Admin\AppData\Local\Temp\709f39a0a7c99988fb0a9ba92034f780_NeikiAnalytics.exe N/A
File created C:\Windows\System\kGfLeAp.exe C:\Users\Admin\AppData\Local\Temp\709f39a0a7c99988fb0a9ba92034f780_NeikiAnalytics.exe N/A
File created C:\Windows\System\fGGGLtX.exe C:\Users\Admin\AppData\Local\Temp\709f39a0a7c99988fb0a9ba92034f780_NeikiAnalytics.exe N/A
File created C:\Windows\System\aldDEYU.exe C:\Users\Admin\AppData\Local\Temp\709f39a0a7c99988fb0a9ba92034f780_NeikiAnalytics.exe N/A
File created C:\Windows\System\ecQmWkC.exe C:\Users\Admin\AppData\Local\Temp\709f39a0a7c99988fb0a9ba92034f780_NeikiAnalytics.exe N/A
File created C:\Windows\System\KRrpEXH.exe C:\Users\Admin\AppData\Local\Temp\709f39a0a7c99988fb0a9ba92034f780_NeikiAnalytics.exe N/A
File created C:\Windows\System\LmJpWLT.exe C:\Users\Admin\AppData\Local\Temp\709f39a0a7c99988fb0a9ba92034f780_NeikiAnalytics.exe N/A
File created C:\Windows\System\bUFlfYi.exe C:\Users\Admin\AppData\Local\Temp\709f39a0a7c99988fb0a9ba92034f780_NeikiAnalytics.exe N/A
File created C:\Windows\System\AkWMITA.exe C:\Users\Admin\AppData\Local\Temp\709f39a0a7c99988fb0a9ba92034f780_NeikiAnalytics.exe N/A
File created C:\Windows\System\zqptYMY.exe C:\Users\Admin\AppData\Local\Temp\709f39a0a7c99988fb0a9ba92034f780_NeikiAnalytics.exe N/A
File created C:\Windows\System\FQzWtPl.exe C:\Users\Admin\AppData\Local\Temp\709f39a0a7c99988fb0a9ba92034f780_NeikiAnalytics.exe N/A
File created C:\Windows\System\sErIAGR.exe C:\Users\Admin\AppData\Local\Temp\709f39a0a7c99988fb0a9ba92034f780_NeikiAnalytics.exe N/A
File created C:\Windows\System\fBERhKv.exe C:\Users\Admin\AppData\Local\Temp\709f39a0a7c99988fb0a9ba92034f780_NeikiAnalytics.exe N/A
File created C:\Windows\System\diAxTyU.exe C:\Users\Admin\AppData\Local\Temp\709f39a0a7c99988fb0a9ba92034f780_NeikiAnalytics.exe N/A
File created C:\Windows\System\cJsfqFu.exe C:\Users\Admin\AppData\Local\Temp\709f39a0a7c99988fb0a9ba92034f780_NeikiAnalytics.exe N/A
File created C:\Windows\System\VLoDzZu.exe C:\Users\Admin\AppData\Local\Temp\709f39a0a7c99988fb0a9ba92034f780_NeikiAnalytics.exe N/A
File created C:\Windows\System\HcYsLYQ.exe C:\Users\Admin\AppData\Local\Temp\709f39a0a7c99988fb0a9ba92034f780_NeikiAnalytics.exe N/A
File created C:\Windows\System\SUrBoAp.exe C:\Users\Admin\AppData\Local\Temp\709f39a0a7c99988fb0a9ba92034f780_NeikiAnalytics.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\709f39a0a7c99988fb0a9ba92034f780_NeikiAnalytics.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\709f39a0a7c99988fb0a9ba92034f780_NeikiAnalytics.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4600 wrote to memory of 2696 N/A C:\Users\Admin\AppData\Local\Temp\709f39a0a7c99988fb0a9ba92034f780_NeikiAnalytics.exe C:\Windows\System\cYfMdWs.exe
PID 4600 wrote to memory of 2696 N/A C:\Users\Admin\AppData\Local\Temp\709f39a0a7c99988fb0a9ba92034f780_NeikiAnalytics.exe C:\Windows\System\cYfMdWs.exe
PID 4600 wrote to memory of 4524 N/A C:\Users\Admin\AppData\Local\Temp\709f39a0a7c99988fb0a9ba92034f780_NeikiAnalytics.exe C:\Windows\System\wuxBtCc.exe
PID 4600 wrote to memory of 4524 N/A C:\Users\Admin\AppData\Local\Temp\709f39a0a7c99988fb0a9ba92034f780_NeikiAnalytics.exe C:\Windows\System\wuxBtCc.exe
PID 4600 wrote to memory of 4624 N/A C:\Users\Admin\AppData\Local\Temp\709f39a0a7c99988fb0a9ba92034f780_NeikiAnalytics.exe C:\Windows\System\knKSeMf.exe
PID 4600 wrote to memory of 4624 N/A C:\Users\Admin\AppData\Local\Temp\709f39a0a7c99988fb0a9ba92034f780_NeikiAnalytics.exe C:\Windows\System\knKSeMf.exe
PID 4600 wrote to memory of 1356 N/A C:\Users\Admin\AppData\Local\Temp\709f39a0a7c99988fb0a9ba92034f780_NeikiAnalytics.exe C:\Windows\System\njDTINc.exe
PID 4600 wrote to memory of 1356 N/A C:\Users\Admin\AppData\Local\Temp\709f39a0a7c99988fb0a9ba92034f780_NeikiAnalytics.exe C:\Windows\System\njDTINc.exe
PID 4600 wrote to memory of 4888 N/A C:\Users\Admin\AppData\Local\Temp\709f39a0a7c99988fb0a9ba92034f780_NeikiAnalytics.exe C:\Windows\System\rHRHDho.exe
PID 4600 wrote to memory of 4888 N/A C:\Users\Admin\AppData\Local\Temp\709f39a0a7c99988fb0a9ba92034f780_NeikiAnalytics.exe C:\Windows\System\rHRHDho.exe
PID 4600 wrote to memory of 4688 N/A C:\Users\Admin\AppData\Local\Temp\709f39a0a7c99988fb0a9ba92034f780_NeikiAnalytics.exe C:\Windows\System\JcGqtth.exe
PID 4600 wrote to memory of 4688 N/A C:\Users\Admin\AppData\Local\Temp\709f39a0a7c99988fb0a9ba92034f780_NeikiAnalytics.exe C:\Windows\System\JcGqtth.exe
PID 4600 wrote to memory of 2744 N/A C:\Users\Admin\AppData\Local\Temp\709f39a0a7c99988fb0a9ba92034f780_NeikiAnalytics.exe C:\Windows\System\AknYNRU.exe
PID 4600 wrote to memory of 2744 N/A C:\Users\Admin\AppData\Local\Temp\709f39a0a7c99988fb0a9ba92034f780_NeikiAnalytics.exe C:\Windows\System\AknYNRU.exe
PID 4600 wrote to memory of 1224 N/A C:\Users\Admin\AppData\Local\Temp\709f39a0a7c99988fb0a9ba92034f780_NeikiAnalytics.exe C:\Windows\System\xOrQcag.exe
PID 4600 wrote to memory of 1224 N/A C:\Users\Admin\AppData\Local\Temp\709f39a0a7c99988fb0a9ba92034f780_NeikiAnalytics.exe C:\Windows\System\xOrQcag.exe
PID 4600 wrote to memory of 4756 N/A C:\Users\Admin\AppData\Local\Temp\709f39a0a7c99988fb0a9ba92034f780_NeikiAnalytics.exe C:\Windows\System\ploIkUB.exe
PID 4600 wrote to memory of 4756 N/A C:\Users\Admin\AppData\Local\Temp\709f39a0a7c99988fb0a9ba92034f780_NeikiAnalytics.exe C:\Windows\System\ploIkUB.exe
PID 4600 wrote to memory of 2192 N/A C:\Users\Admin\AppData\Local\Temp\709f39a0a7c99988fb0a9ba92034f780_NeikiAnalytics.exe C:\Windows\System\vlDHoOz.exe
PID 4600 wrote to memory of 2192 N/A C:\Users\Admin\AppData\Local\Temp\709f39a0a7c99988fb0a9ba92034f780_NeikiAnalytics.exe C:\Windows\System\vlDHoOz.exe
PID 4600 wrote to memory of 3104 N/A C:\Users\Admin\AppData\Local\Temp\709f39a0a7c99988fb0a9ba92034f780_NeikiAnalytics.exe C:\Windows\System\fBERhKv.exe
PID 4600 wrote to memory of 3104 N/A C:\Users\Admin\AppData\Local\Temp\709f39a0a7c99988fb0a9ba92034f780_NeikiAnalytics.exe C:\Windows\System\fBERhKv.exe
PID 4600 wrote to memory of 4540 N/A C:\Users\Admin\AppData\Local\Temp\709f39a0a7c99988fb0a9ba92034f780_NeikiAnalytics.exe C:\Windows\System\cPFzhOV.exe
PID 4600 wrote to memory of 4540 N/A C:\Users\Admin\AppData\Local\Temp\709f39a0a7c99988fb0a9ba92034f780_NeikiAnalytics.exe C:\Windows\System\cPFzhOV.exe
PID 4600 wrote to memory of 4964 N/A C:\Users\Admin\AppData\Local\Temp\709f39a0a7c99988fb0a9ba92034f780_NeikiAnalytics.exe C:\Windows\System\UUiaxXh.exe
PID 4600 wrote to memory of 4964 N/A C:\Users\Admin\AppData\Local\Temp\709f39a0a7c99988fb0a9ba92034f780_NeikiAnalytics.exe C:\Windows\System\UUiaxXh.exe
PID 4600 wrote to memory of 4528 N/A C:\Users\Admin\AppData\Local\Temp\709f39a0a7c99988fb0a9ba92034f780_NeikiAnalytics.exe C:\Windows\System\caYRDXa.exe
PID 4600 wrote to memory of 4528 N/A C:\Users\Admin\AppData\Local\Temp\709f39a0a7c99988fb0a9ba92034f780_NeikiAnalytics.exe C:\Windows\System\caYRDXa.exe
PID 4600 wrote to memory of 4984 N/A C:\Users\Admin\AppData\Local\Temp\709f39a0a7c99988fb0a9ba92034f780_NeikiAnalytics.exe C:\Windows\System\PjwJdhl.exe
PID 4600 wrote to memory of 4984 N/A C:\Users\Admin\AppData\Local\Temp\709f39a0a7c99988fb0a9ba92034f780_NeikiAnalytics.exe C:\Windows\System\PjwJdhl.exe
PID 4600 wrote to memory of 1984 N/A C:\Users\Admin\AppData\Local\Temp\709f39a0a7c99988fb0a9ba92034f780_NeikiAnalytics.exe C:\Windows\System\ZbcazIu.exe
PID 4600 wrote to memory of 1984 N/A C:\Users\Admin\AppData\Local\Temp\709f39a0a7c99988fb0a9ba92034f780_NeikiAnalytics.exe C:\Windows\System\ZbcazIu.exe
PID 4600 wrote to memory of 1036 N/A C:\Users\Admin\AppData\Local\Temp\709f39a0a7c99988fb0a9ba92034f780_NeikiAnalytics.exe C:\Windows\System\mueSlGD.exe
PID 4600 wrote to memory of 1036 N/A C:\Users\Admin\AppData\Local\Temp\709f39a0a7c99988fb0a9ba92034f780_NeikiAnalytics.exe C:\Windows\System\mueSlGD.exe
PID 4600 wrote to memory of 2316 N/A C:\Users\Admin\AppData\Local\Temp\709f39a0a7c99988fb0a9ba92034f780_NeikiAnalytics.exe C:\Windows\System\FqcmIZU.exe
PID 4600 wrote to memory of 2316 N/A C:\Users\Admin\AppData\Local\Temp\709f39a0a7c99988fb0a9ba92034f780_NeikiAnalytics.exe C:\Windows\System\FqcmIZU.exe
PID 4600 wrote to memory of 2904 N/A C:\Users\Admin\AppData\Local\Temp\709f39a0a7c99988fb0a9ba92034f780_NeikiAnalytics.exe C:\Windows\System\kpOUTdv.exe
PID 4600 wrote to memory of 2904 N/A C:\Users\Admin\AppData\Local\Temp\709f39a0a7c99988fb0a9ba92034f780_NeikiAnalytics.exe C:\Windows\System\kpOUTdv.exe
PID 4600 wrote to memory of 4408 N/A C:\Users\Admin\AppData\Local\Temp\709f39a0a7c99988fb0a9ba92034f780_NeikiAnalytics.exe C:\Windows\System\QWViZPo.exe
PID 4600 wrote to memory of 4408 N/A C:\Users\Admin\AppData\Local\Temp\709f39a0a7c99988fb0a9ba92034f780_NeikiAnalytics.exe C:\Windows\System\QWViZPo.exe
PID 4600 wrote to memory of 948 N/A C:\Users\Admin\AppData\Local\Temp\709f39a0a7c99988fb0a9ba92034f780_NeikiAnalytics.exe C:\Windows\System\ddqQUcX.exe
PID 4600 wrote to memory of 948 N/A C:\Users\Admin\AppData\Local\Temp\709f39a0a7c99988fb0a9ba92034f780_NeikiAnalytics.exe C:\Windows\System\ddqQUcX.exe
PID 4600 wrote to memory of 2988 N/A C:\Users\Admin\AppData\Local\Temp\709f39a0a7c99988fb0a9ba92034f780_NeikiAnalytics.exe C:\Windows\System\eKcvMiY.exe
PID 4600 wrote to memory of 2988 N/A C:\Users\Admin\AppData\Local\Temp\709f39a0a7c99988fb0a9ba92034f780_NeikiAnalytics.exe C:\Windows\System\eKcvMiY.exe
PID 4600 wrote to memory of 544 N/A C:\Users\Admin\AppData\Local\Temp\709f39a0a7c99988fb0a9ba92034f780_NeikiAnalytics.exe C:\Windows\System\RfbenzZ.exe
PID 4600 wrote to memory of 544 N/A C:\Users\Admin\AppData\Local\Temp\709f39a0a7c99988fb0a9ba92034f780_NeikiAnalytics.exe C:\Windows\System\RfbenzZ.exe
PID 4600 wrote to memory of 3928 N/A C:\Users\Admin\AppData\Local\Temp\709f39a0a7c99988fb0a9ba92034f780_NeikiAnalytics.exe C:\Windows\System\MVCzSnQ.exe
PID 4600 wrote to memory of 3928 N/A C:\Users\Admin\AppData\Local\Temp\709f39a0a7c99988fb0a9ba92034f780_NeikiAnalytics.exe C:\Windows\System\MVCzSnQ.exe
PID 4600 wrote to memory of 2140 N/A C:\Users\Admin\AppData\Local\Temp\709f39a0a7c99988fb0a9ba92034f780_NeikiAnalytics.exe C:\Windows\System\diAxTyU.exe
PID 4600 wrote to memory of 2140 N/A C:\Users\Admin\AppData\Local\Temp\709f39a0a7c99988fb0a9ba92034f780_NeikiAnalytics.exe C:\Windows\System\diAxTyU.exe
PID 4600 wrote to memory of 3008 N/A C:\Users\Admin\AppData\Local\Temp\709f39a0a7c99988fb0a9ba92034f780_NeikiAnalytics.exe C:\Windows\System\yQNdpgN.exe
PID 4600 wrote to memory of 3008 N/A C:\Users\Admin\AppData\Local\Temp\709f39a0a7c99988fb0a9ba92034f780_NeikiAnalytics.exe C:\Windows\System\yQNdpgN.exe
PID 4600 wrote to memory of 1016 N/A C:\Users\Admin\AppData\Local\Temp\709f39a0a7c99988fb0a9ba92034f780_NeikiAnalytics.exe C:\Windows\System\zFWIFgh.exe
PID 4600 wrote to memory of 1016 N/A C:\Users\Admin\AppData\Local\Temp\709f39a0a7c99988fb0a9ba92034f780_NeikiAnalytics.exe C:\Windows\System\zFWIFgh.exe
PID 4600 wrote to memory of 2736 N/A C:\Users\Admin\AppData\Local\Temp\709f39a0a7c99988fb0a9ba92034f780_NeikiAnalytics.exe C:\Windows\System\BDYQKye.exe
PID 4600 wrote to memory of 2736 N/A C:\Users\Admin\AppData\Local\Temp\709f39a0a7c99988fb0a9ba92034f780_NeikiAnalytics.exe C:\Windows\System\BDYQKye.exe
PID 4600 wrote to memory of 3840 N/A C:\Users\Admin\AppData\Local\Temp\709f39a0a7c99988fb0a9ba92034f780_NeikiAnalytics.exe C:\Windows\System\ndnZULx.exe
PID 4600 wrote to memory of 3840 N/A C:\Users\Admin\AppData\Local\Temp\709f39a0a7c99988fb0a9ba92034f780_NeikiAnalytics.exe C:\Windows\System\ndnZULx.exe
PID 4600 wrote to memory of 4784 N/A C:\Users\Admin\AppData\Local\Temp\709f39a0a7c99988fb0a9ba92034f780_NeikiAnalytics.exe C:\Windows\System\OLyqCai.exe
PID 4600 wrote to memory of 4784 N/A C:\Users\Admin\AppData\Local\Temp\709f39a0a7c99988fb0a9ba92034f780_NeikiAnalytics.exe C:\Windows\System\OLyqCai.exe
PID 4600 wrote to memory of 3616 N/A C:\Users\Admin\AppData\Local\Temp\709f39a0a7c99988fb0a9ba92034f780_NeikiAnalytics.exe C:\Windows\System\HQRiUcx.exe
PID 4600 wrote to memory of 3616 N/A C:\Users\Admin\AppData\Local\Temp\709f39a0a7c99988fb0a9ba92034f780_NeikiAnalytics.exe C:\Windows\System\HQRiUcx.exe
PID 4600 wrote to memory of 2636 N/A C:\Users\Admin\AppData\Local\Temp\709f39a0a7c99988fb0a9ba92034f780_NeikiAnalytics.exe C:\Windows\System\IZIrpeQ.exe
PID 4600 wrote to memory of 2636 N/A C:\Users\Admin\AppData\Local\Temp\709f39a0a7c99988fb0a9ba92034f780_NeikiAnalytics.exe C:\Windows\System\IZIrpeQ.exe

Processes

C:\Users\Admin\AppData\Local\Temp\709f39a0a7c99988fb0a9ba92034f780_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\709f39a0a7c99988fb0a9ba92034f780_NeikiAnalytics.exe"

C:\Windows\System\cYfMdWs.exe

C:\Windows\System\cYfMdWs.exe

C:\Windows\System\wuxBtCc.exe

C:\Windows\System\wuxBtCc.exe

C:\Windows\System\knKSeMf.exe

C:\Windows\System\knKSeMf.exe

C:\Windows\System\njDTINc.exe

C:\Windows\System\njDTINc.exe

C:\Windows\System\rHRHDho.exe

C:\Windows\System\rHRHDho.exe

C:\Windows\System\JcGqtth.exe

C:\Windows\System\JcGqtth.exe

C:\Windows\System\AknYNRU.exe

C:\Windows\System\AknYNRU.exe

C:\Windows\System\xOrQcag.exe

C:\Windows\System\xOrQcag.exe

C:\Windows\System\ploIkUB.exe

C:\Windows\System\ploIkUB.exe

C:\Windows\System\vlDHoOz.exe

C:\Windows\System\vlDHoOz.exe

C:\Windows\System\fBERhKv.exe

C:\Windows\System\fBERhKv.exe

C:\Windows\System\cPFzhOV.exe

C:\Windows\System\cPFzhOV.exe

C:\Windows\System\UUiaxXh.exe

C:\Windows\System\UUiaxXh.exe

C:\Windows\System\caYRDXa.exe

C:\Windows\System\caYRDXa.exe

C:\Windows\System\PjwJdhl.exe

C:\Windows\System\PjwJdhl.exe

C:\Windows\System\ZbcazIu.exe

C:\Windows\System\ZbcazIu.exe

C:\Windows\System\mueSlGD.exe

C:\Windows\System\mueSlGD.exe

C:\Windows\System\FqcmIZU.exe

C:\Windows\System\FqcmIZU.exe

C:\Windows\System\kpOUTdv.exe

C:\Windows\System\kpOUTdv.exe

C:\Windows\System\QWViZPo.exe

C:\Windows\System\QWViZPo.exe

C:\Windows\System\ddqQUcX.exe

C:\Windows\System\ddqQUcX.exe

C:\Windows\System\eKcvMiY.exe

C:\Windows\System\eKcvMiY.exe

C:\Windows\System\RfbenzZ.exe

C:\Windows\System\RfbenzZ.exe

C:\Windows\System\MVCzSnQ.exe

C:\Windows\System\MVCzSnQ.exe

C:\Windows\System\diAxTyU.exe

C:\Windows\System\diAxTyU.exe

C:\Windows\System\yQNdpgN.exe

C:\Windows\System\yQNdpgN.exe

C:\Windows\System\zFWIFgh.exe

C:\Windows\System\zFWIFgh.exe

C:\Windows\System\BDYQKye.exe

C:\Windows\System\BDYQKye.exe

C:\Windows\System\ndnZULx.exe

C:\Windows\System\ndnZULx.exe

C:\Windows\System\OLyqCai.exe

C:\Windows\System\OLyqCai.exe

C:\Windows\System\HQRiUcx.exe

C:\Windows\System\HQRiUcx.exe

C:\Windows\System\IZIrpeQ.exe

C:\Windows\System\IZIrpeQ.exe

C:\Windows\System\aHDXcak.exe

C:\Windows\System\aHDXcak.exe

C:\Windows\System\ANvXhKM.exe

C:\Windows\System\ANvXhKM.exe

C:\Windows\System\KRrpEXH.exe

C:\Windows\System\KRrpEXH.exe

C:\Windows\System\SPGvksA.exe

C:\Windows\System\SPGvksA.exe

C:\Windows\System\vtIqsdr.exe

C:\Windows\System\vtIqsdr.exe

C:\Windows\System\TKgvtyz.exe

C:\Windows\System\TKgvtyz.exe

C:\Windows\System\IesneCW.exe

C:\Windows\System\IesneCW.exe

C:\Windows\System\KSFFdAg.exe

C:\Windows\System\KSFFdAg.exe

C:\Windows\System\psoAHGw.exe

C:\Windows\System\psoAHGw.exe

C:\Windows\System\jLxaeud.exe

C:\Windows\System\jLxaeud.exe

C:\Windows\System\kNBCbcM.exe

C:\Windows\System\kNBCbcM.exe

C:\Windows\System\POOpXJE.exe

C:\Windows\System\POOpXJE.exe

C:\Windows\System\LmJpWLT.exe

C:\Windows\System\LmJpWLT.exe

C:\Windows\System\AwfKZyk.exe

C:\Windows\System\AwfKZyk.exe

C:\Windows\System\iHLXoqE.exe

C:\Windows\System\iHLXoqE.exe

C:\Windows\System\JFziQON.exe

C:\Windows\System\JFziQON.exe

C:\Windows\System\HoisnFz.exe

C:\Windows\System\HoisnFz.exe

C:\Windows\System\ttrWmet.exe

C:\Windows\System\ttrWmet.exe

C:\Windows\System\fbRidfR.exe

C:\Windows\System\fbRidfR.exe

C:\Windows\System\yJtCauu.exe

C:\Windows\System\yJtCauu.exe

C:\Windows\System\bzPhZMJ.exe

C:\Windows\System\bzPhZMJ.exe

C:\Windows\System\inuDErT.exe

C:\Windows\System\inuDErT.exe

C:\Windows\System\pkXIzPq.exe

C:\Windows\System\pkXIzPq.exe

C:\Windows\System\NdlStet.exe

C:\Windows\System\NdlStet.exe

C:\Windows\System\jblODTY.exe

C:\Windows\System\jblODTY.exe

C:\Windows\System\gElIlDE.exe

C:\Windows\System\gElIlDE.exe

C:\Windows\System\MnjGahQ.exe

C:\Windows\System\MnjGahQ.exe

C:\Windows\System\qHWzYQC.exe

C:\Windows\System\qHWzYQC.exe

C:\Windows\System\GzvGvQL.exe

C:\Windows\System\GzvGvQL.exe

C:\Windows\System\DUbfytI.exe

C:\Windows\System\DUbfytI.exe

C:\Windows\System\zTBLMtF.exe

C:\Windows\System\zTBLMtF.exe

C:\Windows\System\ZztkyUl.exe

C:\Windows\System\ZztkyUl.exe

C:\Windows\System\NoSATyZ.exe

C:\Windows\System\NoSATyZ.exe

C:\Windows\System\hVYqaNX.exe

C:\Windows\System\hVYqaNX.exe

C:\Windows\System\lomeZCC.exe

C:\Windows\System\lomeZCC.exe

C:\Windows\System\mVqmduy.exe

C:\Windows\System\mVqmduy.exe

C:\Windows\System\AvoOuOc.exe

C:\Windows\System\AvoOuOc.exe

C:\Windows\System\iLLidoP.exe

C:\Windows\System\iLLidoP.exe

C:\Windows\System\vxCnzSN.exe

C:\Windows\System\vxCnzSN.exe

C:\Windows\System\VVgxOva.exe

C:\Windows\System\VVgxOva.exe

C:\Windows\System\nuzjwVS.exe

C:\Windows\System\nuzjwVS.exe

C:\Windows\System\ezrXShz.exe

C:\Windows\System\ezrXShz.exe

C:\Windows\System\cUbbxMY.exe

C:\Windows\System\cUbbxMY.exe

C:\Windows\System\BSJBitB.exe

C:\Windows\System\BSJBitB.exe

C:\Windows\System\KtvOQCn.exe

C:\Windows\System\KtvOQCn.exe

C:\Windows\System\auczsfz.exe

C:\Windows\System\auczsfz.exe

C:\Windows\System\PYuZzqA.exe

C:\Windows\System\PYuZzqA.exe

C:\Windows\System\jaZHVTY.exe

C:\Windows\System\jaZHVTY.exe

C:\Windows\System\dVPGFHU.exe

C:\Windows\System\dVPGFHU.exe

C:\Windows\System\gTSdsEP.exe

C:\Windows\System\gTSdsEP.exe

C:\Windows\System\xpkDvuE.exe

C:\Windows\System\xpkDvuE.exe

C:\Windows\System\rJhqSYI.exe

C:\Windows\System\rJhqSYI.exe

C:\Windows\System\ftcjQMW.exe

C:\Windows\System\ftcjQMW.exe

C:\Windows\System\wIgHSLV.exe

C:\Windows\System\wIgHSLV.exe

C:\Windows\System\aEydNCS.exe

C:\Windows\System\aEydNCS.exe

C:\Windows\System\uSiqiwJ.exe

C:\Windows\System\uSiqiwJ.exe

C:\Windows\System\dgHFuHC.exe

C:\Windows\System\dgHFuHC.exe

C:\Windows\System\JUlfWku.exe

C:\Windows\System\JUlfWku.exe

C:\Windows\System\HfQdyXi.exe

C:\Windows\System\HfQdyXi.exe

C:\Windows\System\sWkaVrn.exe

C:\Windows\System\sWkaVrn.exe

C:\Windows\System\snXKuye.exe

C:\Windows\System\snXKuye.exe

C:\Windows\System\fOeBeIk.exe

C:\Windows\System\fOeBeIk.exe

C:\Windows\System\NjOaNKo.exe

C:\Windows\System\NjOaNKo.exe

C:\Windows\System\SUrBoAp.exe

C:\Windows\System\SUrBoAp.exe

C:\Windows\System\NvWgUON.exe

C:\Windows\System\NvWgUON.exe

C:\Windows\System\giUaFcx.exe

C:\Windows\System\giUaFcx.exe

C:\Windows\System\tzEbLgM.exe

C:\Windows\System\tzEbLgM.exe

C:\Windows\System\vNAPPGv.exe

C:\Windows\System\vNAPPGv.exe

C:\Windows\System\EcaVghX.exe

C:\Windows\System\EcaVghX.exe

C:\Windows\System\ddxorae.exe

C:\Windows\System\ddxorae.exe

C:\Windows\System\yBZkxZR.exe

C:\Windows\System\yBZkxZR.exe

C:\Windows\System\oGTsqvE.exe

C:\Windows\System\oGTsqvE.exe

C:\Windows\System\mnceXXs.exe

C:\Windows\System\mnceXXs.exe

C:\Windows\System\jEAuFxk.exe

C:\Windows\System\jEAuFxk.exe

C:\Windows\System\NfKgFWh.exe

C:\Windows\System\NfKgFWh.exe

C:\Windows\System\OPZVQvM.exe

C:\Windows\System\OPZVQvM.exe

C:\Windows\System\coifkEK.exe

C:\Windows\System\coifkEK.exe

C:\Windows\System\qKFcGJh.exe

C:\Windows\System\qKFcGJh.exe

C:\Windows\System\bEAzZos.exe

C:\Windows\System\bEAzZos.exe

C:\Windows\System\fLyeXMn.exe

C:\Windows\System\fLyeXMn.exe

C:\Windows\System\XvQgGHU.exe

C:\Windows\System\XvQgGHU.exe

C:\Windows\System\XzOzJcF.exe

C:\Windows\System\XzOzJcF.exe

C:\Windows\System\vhvvghD.exe

C:\Windows\System\vhvvghD.exe

C:\Windows\System\WRBLCQr.exe

C:\Windows\System\WRBLCQr.exe

C:\Windows\System\MKYYqoE.exe

C:\Windows\System\MKYYqoE.exe

C:\Windows\System\ppSvsYJ.exe

C:\Windows\System\ppSvsYJ.exe

C:\Windows\System\lfcyVOO.exe

C:\Windows\System\lfcyVOO.exe

C:\Windows\System\lPavtdJ.exe

C:\Windows\System\lPavtdJ.exe

C:\Windows\System\OCyAyms.exe

C:\Windows\System\OCyAyms.exe

C:\Windows\System\WgUSYIp.exe

C:\Windows\System\WgUSYIp.exe

C:\Windows\System\kIpiUIJ.exe

C:\Windows\System\kIpiUIJ.exe

C:\Windows\System\wgVvAEO.exe

C:\Windows\System\wgVvAEO.exe

C:\Windows\System\NKHdYRG.exe

C:\Windows\System\NKHdYRG.exe

C:\Windows\System\cOxNGrh.exe

C:\Windows\System\cOxNGrh.exe

C:\Windows\System\GKtrnNF.exe

C:\Windows\System\GKtrnNF.exe

C:\Windows\System\wNTOPie.exe

C:\Windows\System\wNTOPie.exe

C:\Windows\System\CccOBDQ.exe

C:\Windows\System\CccOBDQ.exe

C:\Windows\System\DfNjGRq.exe

C:\Windows\System\DfNjGRq.exe

C:\Windows\System\jGURzdg.exe

C:\Windows\System\jGURzdg.exe

C:\Windows\System\QvxqPZX.exe

C:\Windows\System\QvxqPZX.exe

C:\Windows\System\JtNDrjc.exe

C:\Windows\System\JtNDrjc.exe

C:\Windows\System\FSUAyVH.exe

C:\Windows\System\FSUAyVH.exe

C:\Windows\System\QudDqQb.exe

C:\Windows\System\QudDqQb.exe

C:\Windows\System\yeexnAT.exe

C:\Windows\System\yeexnAT.exe

C:\Windows\System\OEdAUhF.exe

C:\Windows\System\OEdAUhF.exe

C:\Windows\System\uPUWCZq.exe

C:\Windows\System\uPUWCZq.exe

C:\Windows\System\txWIBKw.exe

C:\Windows\System\txWIBKw.exe

C:\Windows\System\PJNnuuY.exe

C:\Windows\System\PJNnuuY.exe

C:\Windows\System\GYRFuto.exe

C:\Windows\System\GYRFuto.exe

C:\Windows\System\cJsfqFu.exe

C:\Windows\System\cJsfqFu.exe

C:\Windows\System\iIPeKhZ.exe

C:\Windows\System\iIPeKhZ.exe

C:\Windows\System\VzPcFuF.exe

C:\Windows\System\VzPcFuF.exe

C:\Windows\System\HMIiGWB.exe

C:\Windows\System\HMIiGWB.exe

C:\Windows\System\kGfLeAp.exe

C:\Windows\System\kGfLeAp.exe

C:\Windows\System\XzfmduY.exe

C:\Windows\System\XzfmduY.exe

C:\Windows\System\wEtYUKW.exe

C:\Windows\System\wEtYUKW.exe

C:\Windows\System\hMHSbsN.exe

C:\Windows\System\hMHSbsN.exe

C:\Windows\System\kqgcuxg.exe

C:\Windows\System\kqgcuxg.exe

C:\Windows\System\SVtJoXF.exe

C:\Windows\System\SVtJoXF.exe

C:\Windows\System\JgYEGRL.exe

C:\Windows\System\JgYEGRL.exe

C:\Windows\System\MJhahtN.exe

C:\Windows\System\MJhahtN.exe

C:\Windows\System\ITrRKJa.exe

C:\Windows\System\ITrRKJa.exe

C:\Windows\System\niJpBGY.exe

C:\Windows\System\niJpBGY.exe

C:\Windows\System\KVktpLG.exe

C:\Windows\System\KVktpLG.exe

C:\Windows\System\hMMfadU.exe

C:\Windows\System\hMMfadU.exe

C:\Windows\System\fGGGLtX.exe

C:\Windows\System\fGGGLtX.exe

C:\Windows\System\tvKKyXE.exe

C:\Windows\System\tvKKyXE.exe

C:\Windows\System\SesiWBZ.exe

C:\Windows\System\SesiWBZ.exe

C:\Windows\System\HDkWsdA.exe

C:\Windows\System\HDkWsdA.exe

C:\Windows\System\oEdYxZe.exe

C:\Windows\System\oEdYxZe.exe

C:\Windows\System\ZLfLwdI.exe

C:\Windows\System\ZLfLwdI.exe

C:\Windows\System\mADDvmJ.exe

C:\Windows\System\mADDvmJ.exe

C:\Windows\System\hhWqmmj.exe

C:\Windows\System\hhWqmmj.exe

C:\Windows\System\lQFurQW.exe

C:\Windows\System\lQFurQW.exe

C:\Windows\System\GMSmsDa.exe

C:\Windows\System\GMSmsDa.exe

C:\Windows\System\XUeKCOf.exe

C:\Windows\System\XUeKCOf.exe

C:\Windows\System\lTllgKC.exe

C:\Windows\System\lTllgKC.exe

C:\Windows\System\PEYcOBj.exe

C:\Windows\System\PEYcOBj.exe

C:\Windows\System\mfxIGwF.exe

C:\Windows\System\mfxIGwF.exe

C:\Windows\System\cwXvhrx.exe

C:\Windows\System\cwXvhrx.exe

C:\Windows\System\RAJjWdl.exe

C:\Windows\System\RAJjWdl.exe

C:\Windows\System\bLKCAuy.exe

C:\Windows\System\bLKCAuy.exe

C:\Windows\System\bUFlfYi.exe

C:\Windows\System\bUFlfYi.exe

C:\Windows\System\RQcOJHE.exe

C:\Windows\System\RQcOJHE.exe

C:\Windows\System\yKxJZLT.exe

C:\Windows\System\yKxJZLT.exe

C:\Windows\System\VLoDzZu.exe

C:\Windows\System\VLoDzZu.exe

C:\Windows\System\LkoYKAF.exe

C:\Windows\System\LkoYKAF.exe

C:\Windows\System\hwkFuLV.exe

C:\Windows\System\hwkFuLV.exe

C:\Windows\System\zDSaWgb.exe

C:\Windows\System\zDSaWgb.exe

C:\Windows\System\DPhMiwU.exe

C:\Windows\System\DPhMiwU.exe

C:\Windows\System\salogSL.exe

C:\Windows\System\salogSL.exe

C:\Windows\System\XywzIBU.exe

C:\Windows\System\XywzIBU.exe

C:\Windows\System\oViMRDf.exe

C:\Windows\System\oViMRDf.exe

C:\Windows\System\ClwIdot.exe

C:\Windows\System\ClwIdot.exe

C:\Windows\System\gCMhcbm.exe

C:\Windows\System\gCMhcbm.exe

C:\Windows\System\hWHxkfw.exe

C:\Windows\System\hWHxkfw.exe

C:\Windows\System\pwZEASp.exe

C:\Windows\System\pwZEASp.exe

C:\Windows\System\nrzYbDD.exe

C:\Windows\System\nrzYbDD.exe

C:\Windows\System\MSBEDqS.exe

C:\Windows\System\MSBEDqS.exe

C:\Windows\System\zSCiKPe.exe

C:\Windows\System\zSCiKPe.exe

C:\Windows\System\AkWMITA.exe

C:\Windows\System\AkWMITA.exe

C:\Windows\System\qOsOxNk.exe

C:\Windows\System\qOsOxNk.exe

C:\Windows\System\hDMDbcS.exe

C:\Windows\System\hDMDbcS.exe

C:\Windows\System\kurLpux.exe

C:\Windows\System\kurLpux.exe

C:\Windows\System\aRYUPsU.exe

C:\Windows\System\aRYUPsU.exe

C:\Windows\System\eFwOgbY.exe

C:\Windows\System\eFwOgbY.exe

C:\Windows\System\IMwAyZX.exe

C:\Windows\System\IMwAyZX.exe

C:\Windows\System\PhuFqCU.exe

C:\Windows\System\PhuFqCU.exe

C:\Windows\System\dNjyxjK.exe

C:\Windows\System\dNjyxjK.exe

C:\Windows\System\KxbQJMd.exe

C:\Windows\System\KxbQJMd.exe

C:\Windows\System\HcYsLYQ.exe

C:\Windows\System\HcYsLYQ.exe

C:\Windows\System\RZxTcxc.exe

C:\Windows\System\RZxTcxc.exe

C:\Windows\System\ilgrXoB.exe

C:\Windows\System\ilgrXoB.exe

C:\Windows\System\kkkYxtG.exe

C:\Windows\System\kkkYxtG.exe

C:\Windows\System\DFkUGCL.exe

C:\Windows\System\DFkUGCL.exe

C:\Windows\System\kqXnUkX.exe

C:\Windows\System\kqXnUkX.exe

C:\Windows\System\sDVkbDF.exe

C:\Windows\System\sDVkbDF.exe

C:\Windows\System\ZDBtcgP.exe

C:\Windows\System\ZDBtcgP.exe

C:\Windows\System\eEUEqTg.exe

C:\Windows\System\eEUEqTg.exe

C:\Windows\System\MMUumvR.exe

C:\Windows\System\MMUumvR.exe

C:\Windows\System\XgcEIYo.exe

C:\Windows\System\XgcEIYo.exe

C:\Windows\System\QETWlJp.exe

C:\Windows\System\QETWlJp.exe

C:\Windows\System\gyzuTKJ.exe

C:\Windows\System\gyzuTKJ.exe

C:\Windows\System\FBTKsjI.exe

C:\Windows\System\FBTKsjI.exe

C:\Windows\System\BbgspCm.exe

C:\Windows\System\BbgspCm.exe

C:\Windows\System\zcLWEJe.exe

C:\Windows\System\zcLWEJe.exe

C:\Windows\System\UIGMTdx.exe

C:\Windows\System\UIGMTdx.exe

C:\Windows\System\OJIdqkq.exe

C:\Windows\System\OJIdqkq.exe

C:\Windows\System\jenflYU.exe

C:\Windows\System\jenflYU.exe

C:\Windows\System\aldDEYU.exe

C:\Windows\System\aldDEYU.exe

C:\Windows\System\IvhMsSe.exe

C:\Windows\System\IvhMsSe.exe

C:\Windows\System\JVuCLXp.exe

C:\Windows\System\JVuCLXp.exe

C:\Windows\System\zAexeZR.exe

C:\Windows\System\zAexeZR.exe

C:\Windows\System\pBVlOXS.exe

C:\Windows\System\pBVlOXS.exe

C:\Windows\System\OxzDgOT.exe

C:\Windows\System\OxzDgOT.exe

C:\Windows\System\zqptYMY.exe

C:\Windows\System\zqptYMY.exe

C:\Windows\System\TIvqYXr.exe

C:\Windows\System\TIvqYXr.exe

C:\Windows\System\cDVtKUw.exe

C:\Windows\System\cDVtKUw.exe

C:\Windows\System\FQzWtPl.exe

C:\Windows\System\FQzWtPl.exe

C:\Windows\System\vcbDRCi.exe

C:\Windows\System\vcbDRCi.exe

C:\Windows\System\uKVStHl.exe

C:\Windows\System\uKVStHl.exe

C:\Windows\System\sBuCmkG.exe

C:\Windows\System\sBuCmkG.exe

C:\Windows\System\QRJMNel.exe

C:\Windows\System\QRJMNel.exe

C:\Windows\System\lmYFHSE.exe

C:\Windows\System\lmYFHSE.exe

C:\Windows\System\buhTxaM.exe

C:\Windows\System\buhTxaM.exe

C:\Windows\System\WIsqTyi.exe

C:\Windows\System\WIsqTyi.exe

C:\Windows\System\ytCsdbZ.exe

C:\Windows\System\ytCsdbZ.exe

C:\Windows\System\QKGqBuN.exe

C:\Windows\System\QKGqBuN.exe

C:\Windows\System\IhOnEhT.exe

C:\Windows\System\IhOnEhT.exe

C:\Windows\System\EVPKUTa.exe

C:\Windows\System\EVPKUTa.exe

C:\Windows\System\wWpHybf.exe

C:\Windows\System\wWpHybf.exe

C:\Windows\System\WIbcKxO.exe

C:\Windows\System\WIbcKxO.exe

C:\Windows\System\ezaDtQV.exe

C:\Windows\System\ezaDtQV.exe

C:\Windows\System\rZgLwpq.exe

C:\Windows\System\rZgLwpq.exe

C:\Windows\System\aaZQHQe.exe

C:\Windows\System\aaZQHQe.exe

C:\Windows\System\NYRNJgn.exe

C:\Windows\System\NYRNJgn.exe

C:\Windows\System\xJulera.exe

C:\Windows\System\xJulera.exe

C:\Windows\System\tVHhkFB.exe

C:\Windows\System\tVHhkFB.exe

C:\Windows\System\azgEwrn.exe

C:\Windows\System\azgEwrn.exe

C:\Windows\System\IvIYFgL.exe

C:\Windows\System\IvIYFgL.exe

C:\Windows\System\VThVOzQ.exe

C:\Windows\System\VThVOzQ.exe

C:\Windows\System\ZwkXZRv.exe

C:\Windows\System\ZwkXZRv.exe

C:\Windows\System\QJkejaY.exe

C:\Windows\System\QJkejaY.exe

C:\Windows\System\MpnesBS.exe

C:\Windows\System\MpnesBS.exe

C:\Windows\System\qFQsUcx.exe

C:\Windows\System\qFQsUcx.exe

C:\Windows\System\JMUlCNi.exe

C:\Windows\System\JMUlCNi.exe

C:\Windows\System\UrVwXLj.exe

C:\Windows\System\UrVwXLj.exe

C:\Windows\System\jgEFIuh.exe

C:\Windows\System\jgEFIuh.exe

C:\Windows\System\MPEUtJP.exe

C:\Windows\System\MPEUtJP.exe

C:\Windows\System\ecQmWkC.exe

C:\Windows\System\ecQmWkC.exe

C:\Windows\System\qRWCHIp.exe

C:\Windows\System\qRWCHIp.exe

C:\Windows\System\GmUfYLZ.exe

C:\Windows\System\GmUfYLZ.exe

C:\Windows\System\mTldvvQ.exe

C:\Windows\System\mTldvvQ.exe

C:\Windows\System\fWEeScv.exe

C:\Windows\System\fWEeScv.exe

C:\Windows\System\mJrvMmE.exe

C:\Windows\System\mJrvMmE.exe

C:\Windows\System\tsFhSue.exe

C:\Windows\System\tsFhSue.exe

C:\Windows\System\mAJwyXW.exe

C:\Windows\System\mAJwyXW.exe

C:\Windows\System\zovWYUo.exe

C:\Windows\System\zovWYUo.exe

C:\Windows\System\XZoYeaH.exe

C:\Windows\System\XZoYeaH.exe

C:\Windows\System\DrVGRTM.exe

C:\Windows\System\DrVGRTM.exe

C:\Windows\System\bjunsmC.exe

C:\Windows\System\bjunsmC.exe

C:\Windows\System\qCJlkoV.exe

C:\Windows\System\qCJlkoV.exe

C:\Windows\System\tmTRGUr.exe

C:\Windows\System\tmTRGUr.exe

C:\Windows\System\XEOaJeu.exe

C:\Windows\System\XEOaJeu.exe

C:\Windows\System\DPPUBcG.exe

C:\Windows\System\DPPUBcG.exe

C:\Windows\System\dymluUf.exe

C:\Windows\System\dymluUf.exe

C:\Windows\System\RMRhWUT.exe

C:\Windows\System\RMRhWUT.exe

C:\Windows\System\RYgycQc.exe

C:\Windows\System\RYgycQc.exe

C:\Windows\System\sspXiAw.exe

C:\Windows\System\sspXiAw.exe

C:\Windows\System\gqMXNuR.exe

C:\Windows\System\gqMXNuR.exe

C:\Windows\System\xTGynYx.exe

C:\Windows\System\xTGynYx.exe

C:\Windows\System\gYfSbkU.exe

C:\Windows\System\gYfSbkU.exe

C:\Windows\System\SPnObAB.exe

C:\Windows\System\SPnObAB.exe

C:\Windows\System\YRwJGRz.exe

C:\Windows\System\YRwJGRz.exe

C:\Windows\System\NGVqHrN.exe

C:\Windows\System\NGVqHrN.exe

C:\Windows\System\mzOeGtl.exe

C:\Windows\System\mzOeGtl.exe

C:\Windows\System\RAzNYII.exe

C:\Windows\System\RAzNYII.exe

C:\Windows\System\XEWuHlN.exe

C:\Windows\System\XEWuHlN.exe

C:\Windows\System\ktxdjvH.exe

C:\Windows\System\ktxdjvH.exe

C:\Windows\System\AhmkBoQ.exe

C:\Windows\System\AhmkBoQ.exe

C:\Windows\System\xNyWvcm.exe

C:\Windows\System\xNyWvcm.exe

C:\Windows\System\pbJVHOX.exe

C:\Windows\System\pbJVHOX.exe

C:\Windows\System\rffeFFu.exe

C:\Windows\System\rffeFFu.exe

C:\Windows\System\vTtfqWR.exe

C:\Windows\System\vTtfqWR.exe

C:\Windows\System\vOMLWOa.exe

C:\Windows\System\vOMLWOa.exe

C:\Windows\System\BoVnwEV.exe

C:\Windows\System\BoVnwEV.exe

C:\Windows\System\fZnvfch.exe

C:\Windows\System\fZnvfch.exe

C:\Windows\System\YbGNZOZ.exe

C:\Windows\System\YbGNZOZ.exe

C:\Windows\System\CmreEnq.exe

C:\Windows\System\CmreEnq.exe

C:\Windows\System\wuFSefn.exe

C:\Windows\System\wuFSefn.exe

C:\Windows\System\DiSonDu.exe

C:\Windows\System\DiSonDu.exe

C:\Windows\System\cebcMNG.exe

C:\Windows\System\cebcMNG.exe

C:\Windows\System\EQCTYat.exe

C:\Windows\System\EQCTYat.exe

C:\Windows\System\QCvgPFd.exe

C:\Windows\System\QCvgPFd.exe

C:\Windows\System\NyldBiI.exe

C:\Windows\System\NyldBiI.exe

C:\Windows\System\WHhEDJM.exe

C:\Windows\System\WHhEDJM.exe

C:\Windows\System\hhHwDkP.exe

C:\Windows\System\hhHwDkP.exe

C:\Windows\System\WYzDDxd.exe

C:\Windows\System\WYzDDxd.exe

C:\Windows\System\CtxdrtT.exe

C:\Windows\System\CtxdrtT.exe

C:\Windows\System\jwzLNwp.exe

C:\Windows\System\jwzLNwp.exe

C:\Windows\System\jMxTvlQ.exe

C:\Windows\System\jMxTvlQ.exe

C:\Windows\System\qTPgnNs.exe

C:\Windows\System\qTPgnNs.exe

C:\Windows\System\IBbyNuP.exe

C:\Windows\System\IBbyNuP.exe

C:\Windows\System\ikNkbOI.exe

C:\Windows\System\ikNkbOI.exe

C:\Windows\System\CxelMFK.exe

C:\Windows\System\CxelMFK.exe

C:\Windows\System\eatgUJQ.exe

C:\Windows\System\eatgUJQ.exe

C:\Windows\System\fxblMwV.exe

C:\Windows\System\fxblMwV.exe

C:\Windows\System\dpGFgLW.exe

C:\Windows\System\dpGFgLW.exe

C:\Windows\System\ihlREER.exe

C:\Windows\System\ihlREER.exe

C:\Windows\System\pUOzaFI.exe

C:\Windows\System\pUOzaFI.exe

C:\Windows\System\sErIAGR.exe

C:\Windows\System\sErIAGR.exe

C:\Windows\System\xbmhDzO.exe

C:\Windows\System\xbmhDzO.exe

C:\Windows\System\zfOfCSi.exe

C:\Windows\System\zfOfCSi.exe

Network

Country Destination Domain Proto
US 8.8.8.8:53 104.219.191.52.in-addr.arpa udp
US 8.8.8.8:53 0.204.248.87.in-addr.arpa udp
US 8.8.8.8:53 69.31.126.40.in-addr.arpa udp
US 8.8.8.8:53 28.118.140.52.in-addr.arpa udp
DE 3.120.209.58:8080 tcp
BE 88.221.83.187:443 www.bing.com tcp
US 8.8.8.8:53 187.83.221.88.in-addr.arpa udp
US 8.8.8.8:53 157.123.68.40.in-addr.arpa udp
US 8.8.8.8:53 56.126.166.20.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
DE 3.120.209.58:8080 tcp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
DE 3.120.209.58:8080 tcp
US 8.8.8.8:53 13.227.111.52.in-addr.arpa udp
DE 3.120.209.58:8080 tcp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
DE 3.120.209.58:8080 tcp

Files

memory/4600-0-0x00007FF7788C0000-0x00007FF778C14000-memory.dmp

memory/4600-1-0x0000026EFBED0000-0x0000026EFBEE0000-memory.dmp

C:\Windows\System\cYfMdWs.exe

MD5 1ee4c38ec62beffbb510f1a1ae779ba2
SHA1 92100ccf85f20a34c5aa0e13a10a6561328c927b
SHA256 f74d1228a8e7237bef01c003da8089dbc106ca744cadef5b101810e685effe1c
SHA512 b5e5185fa11b9404bca900f87ad18fafdc59cad7ec15be8a0f5eef106399ecd55899dce76296a58f76ec493e2e2235341b6ac6cccf2c0d289a5bf460fc6336ff

C:\Windows\System\wuxBtCc.exe

MD5 ed717d46b3bc23a81976e83f1dedc103
SHA1 230d9cb3d23c73e17159872d7e2172ff1d8387fe
SHA256 636906e5784d903809698e31361e69fd2c5d4d857d9215e8c9c82e5ac4d90b9e
SHA512 779fb2980f0e75deab829f4117386f9950eb6e2b69524839635ac94c5fdf99ec816c97c3269166141d10b1871a3c97bcb0d509beb96f49173d749fb7fec85c5f

C:\Windows\System\knKSeMf.exe

MD5 ab9cf7dec114b626c1272be3aad1cacd
SHA1 30a6122eda045cb19623fe8dca647d17664d9508
SHA256 cbd11d125c995fde67dc75e10c77a6db731be0236ef20de47578b660ffee49f0
SHA512 81915d7da5d294ecef6226e31edd07aceb84d58458c2e969f86b0844de9ea348003af2c775fd1351b3887885e5cc6cc07e95c3f7237d947c3c4f726e39a09629

C:\Windows\System\ploIkUB.exe

MD5 52cd7ee149e9a2a538034059e50bba16
SHA1 4bfe6e2dd0481dc0f572e554aa019d17f37cfe63
SHA256 b33abd2ad71ddf0ff10a35b92d258edaab7a14d31cdab94980d83557ba68d235
SHA512 ca07d881b6882a51a3886f692cc78835165f777334dcc14aa4cce5c6c605ef20fc6c014c7b3cbb02d32d80968c62126c40e79fb01df60e0b4fd7e853f4afd0bd

C:\Windows\System\fBERhKv.exe

MD5 e5b89d30d9546b63b1ceae8e9cb76db9
SHA1 7194b48bea5299fe60ca3bdd06297d1dc4fb73f1
SHA256 7f6711a5c43986c8ad65275287f1970e507c8752cd471ad7115977bbc09922f5
SHA512 a12d2026fb2ef69ca95f0c6d01ce73cc231b4f8f3b2656efca9547592d94b5982c562995e52f94c08bef036f50a6181d0fdf19b9e0e5c7ca05358b1f22303568

C:\Windows\System\ZbcazIu.exe

MD5 05602caad03d2381b1ceaf1207cd6d59
SHA1 17bd7f01b87da58ec466748cbcea7894cef4a159
SHA256 f9739d9fdc2c36969eb6b6611d98ab7a41bf16999aa7b971a76e913f21ccf54c
SHA512 510264ec2ddaafa26a4499209818b24569f422f60e5dcc73d260d0d81c532d49ddbea757537c5695b07c5874cdc3be7a324c3b84fe7f006ce6aa90ab97749bc4

C:\Windows\System\eKcvMiY.exe

MD5 2e7a9c910935af6516f6cd6e54e22788
SHA1 63b078c6d0623efc63743b4ad306261db1a73786
SHA256 6d887292d46aea1b2afa46f4a824033835378aa6dd96763e7dfa1766a693b10a
SHA512 8e24b32d9c4c98ac6af08c9df0de3468f5c7d275050f356bf14a37b1e028b5701ba755dc4ef8f6b02d0bc852b3b825c3146045c1c3ae5f277e14c12d1ef1fae1

C:\Windows\System\ndnZULx.exe

MD5 8bea1318e0f5bf8e876e0483db08154e
SHA1 6bfbc4148e6ba43c2165d7be9a40912d0d98a3ca
SHA256 67fd59eecd6dbc9cc4249bc4f8f5911eb4c2f93f53c223d1d29dfadfb177adc3
SHA512 5bb7d99d1eb24cb3b7d633b6c8eaa5ce27335df0fb71bc4fc6005bd386403336afac8b550590b76c87ff3ad26842767b7ef34d9ffa6a3c829eb258dcab07a50c

C:\Windows\System\aHDXcak.exe

MD5 5af29ecc26632e1392a700d5f9f3ddc6
SHA1 181055e23af41f6c194929092172a3f7212d48f8
SHA256 c954ea2efdf4adad832d60a1cdd678fcb04727fbd6163955e24b774520f16c3f
SHA512 31ce4b58576e9e3f0504e4638c66904dabc52a71ba0d0d4b85df22e46db2ce8fd3f6963608142c626c907f9925ac50589a6a6236e678cf82d8451ccc4a873870

memory/4964-191-0x00007FF797AE0000-0x00007FF797E34000-memory.dmp

memory/1984-203-0x00007FF6CDFF0000-0x00007FF6CE344000-memory.dmp

memory/4408-219-0x00007FF6EE820000-0x00007FF6EEB74000-memory.dmp

memory/3840-226-0x00007FF7851E0000-0x00007FF785534000-memory.dmp

memory/2736-233-0x00007FF65C030000-0x00007FF65C384000-memory.dmp

memory/948-232-0x00007FF60BF50000-0x00007FF60C2A4000-memory.dmp

memory/4528-231-0x00007FF607C30000-0x00007FF607F84000-memory.dmp

memory/2192-230-0x00007FF613190000-0x00007FF6134E4000-memory.dmp

memory/4688-229-0x00007FF7AB2A0000-0x00007FF7AB5F4000-memory.dmp

memory/4624-228-0x00007FF787920000-0x00007FF787C74000-memory.dmp

memory/4784-227-0x00007FF688640000-0x00007FF688994000-memory.dmp

memory/3008-225-0x00007FF709330000-0x00007FF709684000-memory.dmp

memory/2140-224-0x00007FF7DAD70000-0x00007FF7DB0C4000-memory.dmp

memory/3928-223-0x00007FF766760000-0x00007FF766AB4000-memory.dmp

memory/1036-222-0x00007FF608BA0000-0x00007FF608EF4000-memory.dmp

memory/544-221-0x00007FF71DE00000-0x00007FF71E154000-memory.dmp

memory/2988-220-0x00007FF6B22A0000-0x00007FF6B25F4000-memory.dmp

memory/2904-218-0x00007FF73FED0000-0x00007FF740224000-memory.dmp

memory/2316-209-0x00007FF725D80000-0x00007FF7260D4000-memory.dmp

memory/4984-202-0x00007FF725CF0000-0x00007FF726044000-memory.dmp

C:\Windows\System\yQNdpgN.exe

MD5 157b2a1df7619c360339a5a3542b7cc5
SHA1 d449dc6dffb9e089f7d6173fb3903fb1a263a117
SHA256 68b9625ec1033a9f2ac339133d486844badb6292d12b003c529255eca7a68bb9
SHA512 6670f909dcdc04a446681015861eb01a8ced4325b0b692840bbb962c4d6b73cba02aa47b373f52961396471153c166b112611f65954b9cb0d783ea429b90271b

C:\Windows\System\TKgvtyz.exe

MD5 45ebcbd2234a79bb27182327fbb4b59c
SHA1 c5a2c7f26c071e640f498d0ca469f18d870c44c1
SHA256 fd394a1478dc4fa2b44de32be77372c75986b8bf635b8a101ab424643d325596
SHA512 b9cf4f77959594ba9abbb8571da5eae87e7638c812b0d9fa2627060e534db0acf6a5069430a6e16a3924a5aa37cc009d3c7e0dab730ab116264d4c50c2299572

C:\Windows\System\mueSlGD.exe

MD5 b495270399cda32f4aa4d1909b4aa63e
SHA1 08147028bd963c22c8f34cef35d681c9f84f49b7
SHA256 07ec22b08ac9f076d7bddca8e61f796b3187a8913602c1baa8ecd607b3d9cbfc
SHA512 7f6dd42d5e9148afe7f53e998c0c7ed68dee0f0e2289afef372b593174f86206d87c6a49a4d007acf1c708b1452def987c80158a4838204f8c033d0fc63fc21a

C:\Windows\System\vtIqsdr.exe

MD5 dd5b8a21a337324492e78cea206e8694
SHA1 7a2a27552190d41ab85c80723013e244db3c0190
SHA256 e3fec55637371e0ded7dca42b9622465a185429b5f456907e64d1df93d27eb65
SHA512 93f889e2edf8f00bb1b4ce0e9c384d4601189cca475900bcd0c22af5bf6e11d88f3f0b6c17d1ceb06cd0fd67b96f8254563b964a127b5aab6b65d62543ca8a16

C:\Windows\System\SPGvksA.exe

MD5 3b5ffc26fa2abd06fa5b404993574c9d
SHA1 760a29a1905853ace931ee23360128440888aeed
SHA256 fd09d64d59aa9fb3408ad1bc609789d0fee11889d92ab0619f178e763f25285d
SHA512 4a91175928e9dd97ebb5995da7b3bffe02ce0a8bf60b12a412bb9c1f4eb1c95ef59b911bf08906d1dcb44853700487790437f3a87db1f1b20dc1cdcc90fc7e51

C:\Windows\System\KRrpEXH.exe

MD5 620ced60dbbf32586550e7bc9e24b611
SHA1 66ef5e7dc03078253a49db0cb0d266f1d5b144cf
SHA256 a44cafffeb025d1baa3cef5fd0c33484ef24ae9231a09a7f73bf62d75f0bc4aa
SHA512 15c6058a556c97f5f5bac393a31de64101a9d5e5e6b22d77de3f3ac9ffe6f2d8a08012c999c383e87f483704f761ab2c24a2c956560399f1daa069d1417665a9

C:\Windows\System\ANvXhKM.exe

MD5 2edd38619618167d480926bf3494c7db
SHA1 ac82e44ca438800e0d47ae7f17c89037425c7438
SHA256 1a3d7b4618859d8dd69f7fb69f9afeb13e6efb0a23e90c18d599726ad256d925
SHA512 a986777611c905c05e169952ed31b4fd3c00bab696f567a12d423b26ba9f7704fcd012b34e39791ef89b9c1b3d78e1aab1ec01c5dda021f2e6e33780432f20a3

C:\Windows\System\ddqQUcX.exe

MD5 55b4324e081f59b5617e7bb585f8b804
SHA1 9a8302b01daf7ce428596f211b02b19ffa6e9897
SHA256 5f041a0496b9862d278104a345ffe8aa30e4dbd506df9943983ee9e85061ce2a
SHA512 84af5de009eec594425a4b7f596ecaa1d267af113799f148a8cf55212f11e6f82a4ed3b2caf7d927b9f580e25e219d26451794cac72eac6400a3be4c7e6232e2

memory/4540-160-0x00007FF71C7A0000-0x00007FF71CAF4000-memory.dmp

memory/3104-159-0x00007FF7944B0000-0x00007FF794804000-memory.dmp

C:\Windows\System\IZIrpeQ.exe

MD5 34a2a76e256f30de8a2d10b39756b436
SHA1 5c7d9716a12b58aaa292dd93495448a8ceef2c3b
SHA256 97fad8536266d975e6b24c13ff57f2be8527d3545f6d88ec3a8999535d333944
SHA512 b67e699bea28c9e68b7aa54e076efc0c51cb4bcb469eaa166fdbca378d333c228567310e7c28bb0acb91f3f4496e73365b64d70f71990d66ad3db7aa03f13a00

C:\Windows\System\zFWIFgh.exe

MD5 8c6cc7c73bb7d9ea871164f2fbff0af1
SHA1 64d857b0a79b9e782741c64fb02de7cad2fdf9f2
SHA256 16845ae8565b620b184c44165f7682923b34019b0ae41d7ba49c0a1ddf061627
SHA512 8361a81b00c731d2b412e48cbbe51053129bd1119ec7ca921b8561efdd1c0a025c555b5737f0d0cec7cbb2321358e6a4624e115543734893406c74180aa35360

C:\Windows\System\QWViZPo.exe

MD5 2f6358e2d0034102210ef85ea69b2251
SHA1 c03116db1281c6f8bca1ebc75f544cd00a5c2880
SHA256 193aab009c213d15f4db9a89661b918007131b5ead252ddad9661a1db533599b
SHA512 a079e8c2875087aecd5d7f2ca6de7c2a39dcf2aaa9e2289659b7ea7018c86504a33957fa6d8a8fb6ed671a0ee191d6108e36eb43b15a0dd5864400fa5966ba38

C:\Windows\System\HQRiUcx.exe

MD5 58e28ca66a8a710936d7819094648e76
SHA1 75033a3b5b0d7daa6daf57b37c7d921c8dfc75ee
SHA256 8a6aa49956984da1e584a0a9a7f9a83fa6da1f11060f77e526bac28139f57e07
SHA512 15d4e8cc37ceba1e3e303d6b2b81a9244a117d26772c5a4002a4be659ad93006ef9dea15c0ceeb63321c6a63afa12f42c44521d07384e4115c5ab1a97bd4240a

C:\Windows\System\FqcmIZU.exe

MD5 73644f7c3f2841de19d8700fb2ff35fb
SHA1 24e5d30cc722cc830d80a5df5a5b5c492fe514ef
SHA256 035e465d004bdeae2fd3a74bb2ce85f9bc52f714c8910d64dd494aaad439965a
SHA512 1de8a203387dfc6f766c6346543455720f02747960aba2b109f2d67c699b5493e1633af2068a194d5e9c8cab5a5ba13408756bf8ffb36d839f95f31ed55af0e5

C:\Windows\System\RfbenzZ.exe

MD5 4f911456ab377524ff36d0b4ee72335e
SHA1 49b41887cef6e17b7bbc358ffc6678730e8faf10
SHA256 e44f6d607bdcc7fb446e80c966841ab467817f3fdc8d9f9586e09946659d52d1
SHA512 1093cf71aeea59544cf93e60f1fd47326f70c6a98cdec91ac767eaebdb05135a686bd19746bad5e2e75c67d1bd9b2af972149cb09d5e4ef5ec4771dd04f934b3

C:\Windows\System\OLyqCai.exe

MD5 c6b9ff0dd4c15a790ddf7f69883c4eb8
SHA1 3201d2ce93f4e7dca247313ae987f1e02161ba93
SHA256 a746e909b6614e191bfdad46f1036004912cdf14efeffb5228cda34a35182d15
SHA512 ef61783a10b816e95656ffc4e4439e282e15ec22f20168a6f3ffdc80b708041807f6fa9b62e388c4e9cea7026b89f40220db0687582a7ea7b2787b52b16d9693

C:\Windows\System\BDYQKye.exe

MD5 caae9fefd4572d330160a3a450d5ee08
SHA1 03f7a86ef6cd6c1d120d9f79826c2909e1cb3f63
SHA256 95cdfd4277bb94bb9b1962a4e6bd192ac13d0c27e48ff5f3457a2b9e8da14211
SHA512 4aee59125d0edcf8b14ec1c65f93fad5ac2ae2f7a867eef7b9ecefb0ed5c5bee484b3239391541b9a55503d121ce711811348f242e255c5592d52ab63a4be7c9

C:\Windows\System\caYRDXa.exe

MD5 016a31ec6158c8bb1e3c80644f941a6d
SHA1 bf303e1c74e5f8d798420adfc766fda67298a5dc
SHA256 96a6cc8f6c40ed8d5b776cc8173a7ab75b96df1af9987d9d0c753183722940e4
SHA512 f1fe365f0c95cde56c1eb912ae219c758ee3c07ea96d899eef2086b0bd1ba1202b379b390a409372c8ba22f1bf52b453fe4c2968def5d9723b85005b2e70e67a

memory/4756-130-0x00007FF79BE30000-0x00007FF79C184000-memory.dmp

C:\Windows\System\MVCzSnQ.exe

MD5 1998628b09a2d51307ca58ff29980947
SHA1 cecd1686d87d2717915cf47dd7f1bdf0fb494488
SHA256 1a998e29ebd8cb0b078c310555edf95678dbc0d3cf98f072e3a493dd3faa66a1
SHA512 d4bb98e2c35d2dbdbd9b696fb67302d3bbbec8fdf4a334632989f331f00c05acc48c7c0e1778bcbae3739f641a749641d0ad9fdf3d96f508bada11be5113afd7

C:\Windows\System\diAxTyU.exe

MD5 bff1bdb7510731c85197f61f2d6a0563
SHA1 c55407856bec04be6b98e95e3c85d051783a90aa
SHA256 170a4d77f7a07fb7996c50967e528a4a0696a6290fab297b4639b2cb143c695a
SHA512 d19695e669488f8e9ba8a82180c863be956167b272943443b52f0b8392c516c536c0f89ebe205016bb83382c124cd2b7232daeea6dec40d0d1c6a0f8b7e01751

C:\Windows\System\kpOUTdv.exe

MD5 ba41db8067b7ce19c8919dea98e63841
SHA1 4099165baaa411648ecd8ab97ff630ec2199ad1e
SHA256 daf3b1f629276566e6d833a85597b7e4329effe106ffce4a2e004a383b3bb011
SHA512 7d35df6e2b358ed5ddd779cc94f7c2f801e9e667a5927b863a772a7624bc34e481246fd1c0751ccc47522d54a703cd469a44ff55d3e392cc667143d27e473447

C:\Windows\System\UUiaxXh.exe

MD5 e96a4081159179b59333d35accc6b5a2
SHA1 d232e4f0aaf0ecc25005e4c73e5fcb2e36a25336
SHA256 746be0ba3fdcd218078377862923d27957eda93b230bf3f232a7fa7568954296
SHA512 32da8b8994767a745424b77c5107a9e59a1849368040e7148900bd30989d4fd85f864a9a5a36d62f90b5d8e1e17706fdf0ba4cbec0571a34e3ae00a27ec964aa

C:\Windows\System\cPFzhOV.exe

MD5 83f1ab8ca54f4ad09f423787bb86d81d
SHA1 5cf9f1c107105628ad29b3b835560e4f0883b93a
SHA256 a59eb753645036760ac59ce301ae179e70d009598a4bee4cc9e23f963f8e0546
SHA512 1af51afd7dce7f68ce413806cf91ff9a902805d1c1042110cd324c975c9dfcb40cdce6a35faeb0f5664162dec718aa39e1fea76820a098b33509884e0edd097e

memory/1224-97-0x00007FF6F3110000-0x00007FF6F3464000-memory.dmp

C:\Windows\System\xOrQcag.exe

MD5 0d4048cd54c3ac44223d01895611cc5c
SHA1 c2f7fe46a956e619b2c1a8034a2ce21fc68f5328
SHA256 6065b3e33a8ebd7dd33c357ec673e06e5e6c7bfae1f1af96ee011cabac89fa0f
SHA512 93a63e88c4cc568a7dd96a2d620d59efaf9d97685196f7f6b5e8cd8578550015ebc4611a036dd308092e0c7093dfa7faa840a1e70484edcf5a733c449afefed0

C:\Windows\System\JcGqtth.exe

MD5 d5f38c24998cba5254e5d82a40713015
SHA1 d922ff64c5b1a47f177a66e0889541405f3a9750
SHA256 551714e0f0192dc4ede54fde1825889423e7af80b01e96032fc8b00ba9519b2d
SHA512 382bfef248630402c120c401db6d463b181754d159036a63aae37983df094d841d122db0db5c6985ed4e600be0828e210f549694f177ca9aa969907b3d2ece2a

C:\Windows\System\PjwJdhl.exe

MD5 580b9892bcee6946f10302afa745543c
SHA1 06de54bfbc141848cc9e996e4d51c9806e918157
SHA256 4c856593724df4ff30effcbff503e10874256e98d37db5f17f520f9308477439
SHA512 e4c6ba70ffafd0112dd2b0c53fb8c6a3fb43629f28a8ca402069efa16c67a42f127a4408b6b15de68264fdb3ea4bb77f25c077ff1900018ad61575cd83651722

C:\Windows\System\vlDHoOz.exe

MD5 6ceae45964b2139ba509ee014537e754
SHA1 9c2b69e41ed291788df63b5163ed0d70449b3081
SHA256 68e09550796aabeb744ed1f561241d9eac0676b9d37e82b8db07b0a8454ef092
SHA512 0c5272575e5096d10d4d984fb4dbfe0eb3e93494bf59e28c9250963fdbed26a6e2516e1be11706190cfc92c460b16afc50bebd26caa51285013dd5a2a8c70659

C:\Windows\System\AknYNRU.exe

MD5 8e5ee9c5664330a8b2e39fad146c4ad1
SHA1 959f4c4d4fa5b2c94d7081ccc9dd5f2b9509e4a9
SHA256 93ff8995d44f82b86d9ff626e430a839a6998ce887329542246533bb1ab0a030
SHA512 0f13236dd87f8825d9f9889f67f0f54cfae34c40c5591b26204699ba3355e43a022f9bdbc1ce86fd595607ceedecebf67904729a457746f46cbba103384d591e

memory/2744-65-0x00007FF7E99C0000-0x00007FF7E9D14000-memory.dmp

C:\Windows\System\rHRHDho.exe

MD5 387a49d1501d93d23a82c7e03c5c6d9e
SHA1 0a4962ff1d887f6f0ca2dc27c614984fedaac8c1
SHA256 248ee43ae71139a9761da3a6d87fe28aa18f39ba09003dbdc7ecb5ca5b6afe2b
SHA512 7c4b552de6289ce3c48feeea5dff621a9e7e06051bd6a69216a53aaecb35365a80f1a1d590a1be5473b22f9ba567047818b1151570e07556466e2637469c5499

memory/4888-44-0x00007FF6B1960000-0x00007FF6B1CB4000-memory.dmp

C:\Windows\System\njDTINc.exe

MD5 ff29761659fb7083517999dc359e2950
SHA1 f11fbd9bad6bf815e840dc082aff3f25b400452f
SHA256 e7a76d71b1d37f5524505ba8803b6df81daf531fe57c438de48b089cc0c55cbd
SHA512 be7e219d3428c9e1dc4944ce4d892d3b33e248bf3b7bdee1b97d36cb40599ab2497819a82dd9011791dab696f635b96cb153df7f4211932f21ca2483292966ad

memory/1356-31-0x00007FF7B4D50000-0x00007FF7B50A4000-memory.dmp

memory/4524-26-0x00007FF6D8610000-0x00007FF6D8964000-memory.dmp

memory/2696-14-0x00007FF7D56E0000-0x00007FF7D5A34000-memory.dmp

memory/4600-1070-0x00007FF7788C0000-0x00007FF778C14000-memory.dmp

memory/2696-1071-0x00007FF7D56E0000-0x00007FF7D5A34000-memory.dmp

memory/4524-1072-0x00007FF6D8610000-0x00007FF6D8964000-memory.dmp

memory/4888-1073-0x00007FF6B1960000-0x00007FF6B1CB4000-memory.dmp

memory/2744-1074-0x00007FF7E99C0000-0x00007FF7E9D14000-memory.dmp

memory/1224-1075-0x00007FF6F3110000-0x00007FF6F3464000-memory.dmp

memory/4756-1076-0x00007FF79BE30000-0x00007FF79C184000-memory.dmp

memory/1356-1077-0x00007FF7B4D50000-0x00007FF7B50A4000-memory.dmp

memory/2696-1078-0x00007FF7D56E0000-0x00007FF7D5A34000-memory.dmp

memory/4524-1079-0x00007FF6D8610000-0x00007FF6D8964000-memory.dmp

memory/4624-1080-0x00007FF787920000-0x00007FF787C74000-memory.dmp

memory/1356-1081-0x00007FF7B4D50000-0x00007FF7B50A4000-memory.dmp

memory/4888-1082-0x00007FF6B1960000-0x00007FF6B1CB4000-memory.dmp

memory/2744-1083-0x00007FF7E99C0000-0x00007FF7E9D14000-memory.dmp

memory/4688-1084-0x00007FF7AB2A0000-0x00007FF7AB5F4000-memory.dmp

memory/1984-1086-0x00007FF6CDFF0000-0x00007FF6CE344000-memory.dmp

memory/4984-1085-0x00007FF725CF0000-0x00007FF726044000-memory.dmp

memory/2192-1087-0x00007FF613190000-0x00007FF6134E4000-memory.dmp

memory/3104-1088-0x00007FF7944B0000-0x00007FF794804000-memory.dmp

memory/3928-1093-0x00007FF766760000-0x00007FF766AB4000-memory.dmp

memory/4408-1096-0x00007FF6EE820000-0x00007FF6EEB74000-memory.dmp

memory/2904-1095-0x00007FF73FED0000-0x00007FF740224000-memory.dmp

memory/4540-1094-0x00007FF71C7A0000-0x00007FF71CAF4000-memory.dmp

memory/2140-1092-0x00007FF7DAD70000-0x00007FF7DB0C4000-memory.dmp

memory/1224-1091-0x00007FF6F3110000-0x00007FF6F3464000-memory.dmp

memory/4964-1090-0x00007FF797AE0000-0x00007FF797E34000-memory.dmp

memory/4756-1089-0x00007FF79BE30000-0x00007FF79C184000-memory.dmp

memory/4784-1098-0x00007FF688640000-0x00007FF688994000-memory.dmp

memory/2316-1097-0x00007FF725D80000-0x00007FF7260D4000-memory.dmp

memory/544-1103-0x00007FF71DE00000-0x00007FF71E154000-memory.dmp

memory/1036-1106-0x00007FF608BA0000-0x00007FF608EF4000-memory.dmp

memory/2736-1105-0x00007FF65C030000-0x00007FF65C384000-memory.dmp

memory/3008-1104-0x00007FF709330000-0x00007FF709684000-memory.dmp

memory/4528-1101-0x00007FF607C30000-0x00007FF607F84000-memory.dmp

memory/3840-1100-0x00007FF7851E0000-0x00007FF785534000-memory.dmp

memory/948-1099-0x00007FF60BF50000-0x00007FF60C2A4000-memory.dmp

memory/2988-1102-0x00007FF6B22A0000-0x00007FF6B25F4000-memory.dmp