Malware Analysis Report

2024-10-16 07:40

Sample ID 240601-gnvlpsca9x
Target 8ffa93f8c6d393aeb7c2b799e1a87b30_NeikiAnalytics.exe
SHA256 a6423056c6641fbc7297f390ed5e4da3020a4b0cc369534a97cdd189d685b990
Tags
miner upx kpot xmrig stealer trojan
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

a6423056c6641fbc7297f390ed5e4da3020a4b0cc369534a97cdd189d685b990

Threat Level: Known bad

The file 8ffa93f8c6d393aeb7c2b799e1a87b30_NeikiAnalytics.exe was found to be: Known bad.

Malicious Activity Summary

miner upx kpot xmrig stealer trojan

Xmrig family

KPOT

KPOT Core Executable

xmrig

Kpot family

XMRig Miner payload

XMRig Miner payload

Loads dropped DLL

UPX packed file

Executes dropped EXE

Drops file in Windows directory

Unsigned PE

Suspicious use of WriteProcessMemory

Suspicious use of AdjustPrivilegeToken

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-01 05:57

Signatures

KPOT Core Executable

Description Indicator Process Target
N/A N/A N/A N/A

Kpot family

kpot

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A

Xmrig family

xmrig

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-01 05:57

Reported

2024-06-01 06:00

Platform

win7-20240508-en

Max time kernel

143s

Max time network

147s

Command Line

"C:\Users\Admin\AppData\Local\Temp\8ffa93f8c6d393aeb7c2b799e1a87b30_NeikiAnalytics.exe"

Signatures

KPOT

trojan stealer kpot

KPOT Core Executable

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

xmrig

miner xmrig

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Windows\System\YNDxNif.exe N/A
N/A N/A C:\Windows\System\KWYtwol.exe N/A
N/A N/A C:\Windows\System\DhsefgI.exe N/A
N/A N/A C:\Windows\System\jrJleEf.exe N/A
N/A N/A C:\Windows\System\PcSXjxl.exe N/A
N/A N/A C:\Windows\System\PNUhlEi.exe N/A
N/A N/A C:\Windows\System\JZobBMe.exe N/A
N/A N/A C:\Windows\System\TZvNBoz.exe N/A
N/A N/A C:\Windows\System\RgwfkdI.exe N/A
N/A N/A C:\Windows\System\MbdsgPA.exe N/A
N/A N/A C:\Windows\System\naDusLk.exe N/A
N/A N/A C:\Windows\System\DCJoMSC.exe N/A
N/A N/A C:\Windows\System\VXyyVWv.exe N/A
N/A N/A C:\Windows\System\nwbTQiJ.exe N/A
N/A N/A C:\Windows\System\UQbLPlo.exe N/A
N/A N/A C:\Windows\System\GHkIOXT.exe N/A
N/A N/A C:\Windows\System\vttOqaG.exe N/A
N/A N/A C:\Windows\System\vYUcoSM.exe N/A
N/A N/A C:\Windows\System\eNsHbaa.exe N/A
N/A N/A C:\Windows\System\cTtkmpf.exe N/A
N/A N/A C:\Windows\System\jPNLRVJ.exe N/A
N/A N/A C:\Windows\System\dSLAFog.exe N/A
N/A N/A C:\Windows\System\kGHghDL.exe N/A
N/A N/A C:\Windows\System\IZynpIn.exe N/A
N/A N/A C:\Windows\System\GbaaOiZ.exe N/A
N/A N/A C:\Windows\System\WNfUBdy.exe N/A
N/A N/A C:\Windows\System\HoVLGqm.exe N/A
N/A N/A C:\Windows\System\lGvWEYB.exe N/A
N/A N/A C:\Windows\System\NAXCUMv.exe N/A
N/A N/A C:\Windows\System\xglNLMp.exe N/A
N/A N/A C:\Windows\System\NsHLszx.exe N/A
N/A N/A C:\Windows\System\EBdtBNE.exe N/A
N/A N/A C:\Windows\System\RqlbRzb.exe N/A
N/A N/A C:\Windows\System\CmNxJrv.exe N/A
N/A N/A C:\Windows\System\vQiqDdQ.exe N/A
N/A N/A C:\Windows\System\aAQpcJV.exe N/A
N/A N/A C:\Windows\System\OdEKOiv.exe N/A
N/A N/A C:\Windows\System\WcYEcCg.exe N/A
N/A N/A C:\Windows\System\JGpjSdr.exe N/A
N/A N/A C:\Windows\System\cnHJOTH.exe N/A
N/A N/A C:\Windows\System\KxfXJhq.exe N/A
N/A N/A C:\Windows\System\mFfpmpJ.exe N/A
N/A N/A C:\Windows\System\NaEMMqX.exe N/A
N/A N/A C:\Windows\System\avhcvzn.exe N/A
N/A N/A C:\Windows\System\CWAtVkZ.exe N/A
N/A N/A C:\Windows\System\GTftgVZ.exe N/A
N/A N/A C:\Windows\System\UEjcedT.exe N/A
N/A N/A C:\Windows\System\eOUypiI.exe N/A
N/A N/A C:\Windows\System\zVqmCxh.exe N/A
N/A N/A C:\Windows\System\AybJwGa.exe N/A
N/A N/A C:\Windows\System\hSsuoPA.exe N/A
N/A N/A C:\Windows\System\gZijiVe.exe N/A
N/A N/A C:\Windows\System\GoCiCwK.exe N/A
N/A N/A C:\Windows\System\csQJzrD.exe N/A
N/A N/A C:\Windows\System\qTrjvBY.exe N/A
N/A N/A C:\Windows\System\PMLsLOY.exe N/A
N/A N/A C:\Windows\System\kGeHNeZ.exe N/A
N/A N/A C:\Windows\System\fXCIFjI.exe N/A
N/A N/A C:\Windows\System\fPYAPjw.exe N/A
N/A N/A C:\Windows\System\EtttlCc.exe N/A
N/A N/A C:\Windows\System\NVuRRZK.exe N/A
N/A N/A C:\Windows\System\frkRURU.exe N/A
N/A N/A C:\Windows\System\VbkNlUF.exe N/A
N/A N/A C:\Windows\System\DJsslJE.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\8ffa93f8c6d393aeb7c2b799e1a87b30_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8ffa93f8c6d393aeb7c2b799e1a87b30_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8ffa93f8c6d393aeb7c2b799e1a87b30_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8ffa93f8c6d393aeb7c2b799e1a87b30_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8ffa93f8c6d393aeb7c2b799e1a87b30_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8ffa93f8c6d393aeb7c2b799e1a87b30_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8ffa93f8c6d393aeb7c2b799e1a87b30_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8ffa93f8c6d393aeb7c2b799e1a87b30_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8ffa93f8c6d393aeb7c2b799e1a87b30_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8ffa93f8c6d393aeb7c2b799e1a87b30_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8ffa93f8c6d393aeb7c2b799e1a87b30_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8ffa93f8c6d393aeb7c2b799e1a87b30_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8ffa93f8c6d393aeb7c2b799e1a87b30_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8ffa93f8c6d393aeb7c2b799e1a87b30_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8ffa93f8c6d393aeb7c2b799e1a87b30_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8ffa93f8c6d393aeb7c2b799e1a87b30_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8ffa93f8c6d393aeb7c2b799e1a87b30_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8ffa93f8c6d393aeb7c2b799e1a87b30_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8ffa93f8c6d393aeb7c2b799e1a87b30_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8ffa93f8c6d393aeb7c2b799e1a87b30_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8ffa93f8c6d393aeb7c2b799e1a87b30_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8ffa93f8c6d393aeb7c2b799e1a87b30_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8ffa93f8c6d393aeb7c2b799e1a87b30_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8ffa93f8c6d393aeb7c2b799e1a87b30_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8ffa93f8c6d393aeb7c2b799e1a87b30_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8ffa93f8c6d393aeb7c2b799e1a87b30_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8ffa93f8c6d393aeb7c2b799e1a87b30_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8ffa93f8c6d393aeb7c2b799e1a87b30_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8ffa93f8c6d393aeb7c2b799e1a87b30_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8ffa93f8c6d393aeb7c2b799e1a87b30_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8ffa93f8c6d393aeb7c2b799e1a87b30_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8ffa93f8c6d393aeb7c2b799e1a87b30_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8ffa93f8c6d393aeb7c2b799e1a87b30_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8ffa93f8c6d393aeb7c2b799e1a87b30_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8ffa93f8c6d393aeb7c2b799e1a87b30_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8ffa93f8c6d393aeb7c2b799e1a87b30_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8ffa93f8c6d393aeb7c2b799e1a87b30_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8ffa93f8c6d393aeb7c2b799e1a87b30_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8ffa93f8c6d393aeb7c2b799e1a87b30_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8ffa93f8c6d393aeb7c2b799e1a87b30_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8ffa93f8c6d393aeb7c2b799e1a87b30_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8ffa93f8c6d393aeb7c2b799e1a87b30_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8ffa93f8c6d393aeb7c2b799e1a87b30_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8ffa93f8c6d393aeb7c2b799e1a87b30_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8ffa93f8c6d393aeb7c2b799e1a87b30_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8ffa93f8c6d393aeb7c2b799e1a87b30_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8ffa93f8c6d393aeb7c2b799e1a87b30_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8ffa93f8c6d393aeb7c2b799e1a87b30_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8ffa93f8c6d393aeb7c2b799e1a87b30_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8ffa93f8c6d393aeb7c2b799e1a87b30_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8ffa93f8c6d393aeb7c2b799e1a87b30_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8ffa93f8c6d393aeb7c2b799e1a87b30_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8ffa93f8c6d393aeb7c2b799e1a87b30_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8ffa93f8c6d393aeb7c2b799e1a87b30_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8ffa93f8c6d393aeb7c2b799e1a87b30_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8ffa93f8c6d393aeb7c2b799e1a87b30_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8ffa93f8c6d393aeb7c2b799e1a87b30_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8ffa93f8c6d393aeb7c2b799e1a87b30_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8ffa93f8c6d393aeb7c2b799e1a87b30_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8ffa93f8c6d393aeb7c2b799e1a87b30_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8ffa93f8c6d393aeb7c2b799e1a87b30_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8ffa93f8c6d393aeb7c2b799e1a87b30_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8ffa93f8c6d393aeb7c2b799e1a87b30_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8ffa93f8c6d393aeb7c2b799e1a87b30_NeikiAnalytics.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\System\sQhKtns.exe C:\Users\Admin\AppData\Local\Temp\8ffa93f8c6d393aeb7c2b799e1a87b30_NeikiAnalytics.exe N/A
File created C:\Windows\System\nwbTQiJ.exe C:\Users\Admin\AppData\Local\Temp\8ffa93f8c6d393aeb7c2b799e1a87b30_NeikiAnalytics.exe N/A
File created C:\Windows\System\muLuTOJ.exe C:\Users\Admin\AppData\Local\Temp\8ffa93f8c6d393aeb7c2b799e1a87b30_NeikiAnalytics.exe N/A
File created C:\Windows\System\walqyHe.exe C:\Users\Admin\AppData\Local\Temp\8ffa93f8c6d393aeb7c2b799e1a87b30_NeikiAnalytics.exe N/A
File created C:\Windows\System\gnCLzaI.exe C:\Users\Admin\AppData\Local\Temp\8ffa93f8c6d393aeb7c2b799e1a87b30_NeikiAnalytics.exe N/A
File created C:\Windows\System\FbhGNYG.exe C:\Users\Admin\AppData\Local\Temp\8ffa93f8c6d393aeb7c2b799e1a87b30_NeikiAnalytics.exe N/A
File created C:\Windows\System\BTTdnlC.exe C:\Users\Admin\AppData\Local\Temp\8ffa93f8c6d393aeb7c2b799e1a87b30_NeikiAnalytics.exe N/A
File created C:\Windows\System\xKDziFj.exe C:\Users\Admin\AppData\Local\Temp\8ffa93f8c6d393aeb7c2b799e1a87b30_NeikiAnalytics.exe N/A
File created C:\Windows\System\pDOZGJo.exe C:\Users\Admin\AppData\Local\Temp\8ffa93f8c6d393aeb7c2b799e1a87b30_NeikiAnalytics.exe N/A
File created C:\Windows\System\PcSXjxl.exe C:\Users\Admin\AppData\Local\Temp\8ffa93f8c6d393aeb7c2b799e1a87b30_NeikiAnalytics.exe N/A
File created C:\Windows\System\RgwfkdI.exe C:\Users\Admin\AppData\Local\Temp\8ffa93f8c6d393aeb7c2b799e1a87b30_NeikiAnalytics.exe N/A
File created C:\Windows\System\RSLmNkz.exe C:\Users\Admin\AppData\Local\Temp\8ffa93f8c6d393aeb7c2b799e1a87b30_NeikiAnalytics.exe N/A
File created C:\Windows\System\ZXsZBFJ.exe C:\Users\Admin\AppData\Local\Temp\8ffa93f8c6d393aeb7c2b799e1a87b30_NeikiAnalytics.exe N/A
File created C:\Windows\System\KXuMYZN.exe C:\Users\Admin\AppData\Local\Temp\8ffa93f8c6d393aeb7c2b799e1a87b30_NeikiAnalytics.exe N/A
File created C:\Windows\System\URSoHdO.exe C:\Users\Admin\AppData\Local\Temp\8ffa93f8c6d393aeb7c2b799e1a87b30_NeikiAnalytics.exe N/A
File created C:\Windows\System\LJsAJuK.exe C:\Users\Admin\AppData\Local\Temp\8ffa93f8c6d393aeb7c2b799e1a87b30_NeikiAnalytics.exe N/A
File created C:\Windows\System\GHkIOXT.exe C:\Users\Admin\AppData\Local\Temp\8ffa93f8c6d393aeb7c2b799e1a87b30_NeikiAnalytics.exe N/A
File created C:\Windows\System\LoILzKh.exe C:\Users\Admin\AppData\Local\Temp\8ffa93f8c6d393aeb7c2b799e1a87b30_NeikiAnalytics.exe N/A
File created C:\Windows\System\NdtcDQA.exe C:\Users\Admin\AppData\Local\Temp\8ffa93f8c6d393aeb7c2b799e1a87b30_NeikiAnalytics.exe N/A
File created C:\Windows\System\ccyEHUI.exe C:\Users\Admin\AppData\Local\Temp\8ffa93f8c6d393aeb7c2b799e1a87b30_NeikiAnalytics.exe N/A
File created C:\Windows\System\vJzeyGM.exe C:\Users\Admin\AppData\Local\Temp\8ffa93f8c6d393aeb7c2b799e1a87b30_NeikiAnalytics.exe N/A
File created C:\Windows\System\iDDSQer.exe C:\Users\Admin\AppData\Local\Temp\8ffa93f8c6d393aeb7c2b799e1a87b30_NeikiAnalytics.exe N/A
File created C:\Windows\System\ZFPAsjV.exe C:\Users\Admin\AppData\Local\Temp\8ffa93f8c6d393aeb7c2b799e1a87b30_NeikiAnalytics.exe N/A
File created C:\Windows\System\DCJoMSC.exe C:\Users\Admin\AppData\Local\Temp\8ffa93f8c6d393aeb7c2b799e1a87b30_NeikiAnalytics.exe N/A
File created C:\Windows\System\UQbLPlo.exe C:\Users\Admin\AppData\Local\Temp\8ffa93f8c6d393aeb7c2b799e1a87b30_NeikiAnalytics.exe N/A
File created C:\Windows\System\vQiqDdQ.exe C:\Users\Admin\AppData\Local\Temp\8ffa93f8c6d393aeb7c2b799e1a87b30_NeikiAnalytics.exe N/A
File created C:\Windows\System\OdEKOiv.exe C:\Users\Admin\AppData\Local\Temp\8ffa93f8c6d393aeb7c2b799e1a87b30_NeikiAnalytics.exe N/A
File created C:\Windows\System\HOwgZuf.exe C:\Users\Admin\AppData\Local\Temp\8ffa93f8c6d393aeb7c2b799e1a87b30_NeikiAnalytics.exe N/A
File created C:\Windows\System\WVUDlGp.exe C:\Users\Admin\AppData\Local\Temp\8ffa93f8c6d393aeb7c2b799e1a87b30_NeikiAnalytics.exe N/A
File created C:\Windows\System\kTCAfDp.exe C:\Users\Admin\AppData\Local\Temp\8ffa93f8c6d393aeb7c2b799e1a87b30_NeikiAnalytics.exe N/A
File created C:\Windows\System\tnYOpNg.exe C:\Users\Admin\AppData\Local\Temp\8ffa93f8c6d393aeb7c2b799e1a87b30_NeikiAnalytics.exe N/A
File created C:\Windows\System\frkRURU.exe C:\Users\Admin\AppData\Local\Temp\8ffa93f8c6d393aeb7c2b799e1a87b30_NeikiAnalytics.exe N/A
File created C:\Windows\System\RTVdLSR.exe C:\Users\Admin\AppData\Local\Temp\8ffa93f8c6d393aeb7c2b799e1a87b30_NeikiAnalytics.exe N/A
File created C:\Windows\System\YaSCciW.exe C:\Users\Admin\AppData\Local\Temp\8ffa93f8c6d393aeb7c2b799e1a87b30_NeikiAnalytics.exe N/A
File created C:\Windows\System\vffBOqj.exe C:\Users\Admin\AppData\Local\Temp\8ffa93f8c6d393aeb7c2b799e1a87b30_NeikiAnalytics.exe N/A
File created C:\Windows\System\CsrZSkW.exe C:\Users\Admin\AppData\Local\Temp\8ffa93f8c6d393aeb7c2b799e1a87b30_NeikiAnalytics.exe N/A
File created C:\Windows\System\CWAtVkZ.exe C:\Users\Admin\AppData\Local\Temp\8ffa93f8c6d393aeb7c2b799e1a87b30_NeikiAnalytics.exe N/A
File created C:\Windows\System\ypBlXQf.exe C:\Users\Admin\AppData\Local\Temp\8ffa93f8c6d393aeb7c2b799e1a87b30_NeikiAnalytics.exe N/A
File created C:\Windows\System\UnxuxQT.exe C:\Users\Admin\AppData\Local\Temp\8ffa93f8c6d393aeb7c2b799e1a87b30_NeikiAnalytics.exe N/A
File created C:\Windows\System\avhcvzn.exe C:\Users\Admin\AppData\Local\Temp\8ffa93f8c6d393aeb7c2b799e1a87b30_NeikiAnalytics.exe N/A
File created C:\Windows\System\JHPxBMC.exe C:\Users\Admin\AppData\Local\Temp\8ffa93f8c6d393aeb7c2b799e1a87b30_NeikiAnalytics.exe N/A
File created C:\Windows\System\GjVxAPC.exe C:\Users\Admin\AppData\Local\Temp\8ffa93f8c6d393aeb7c2b799e1a87b30_NeikiAnalytics.exe N/A
File created C:\Windows\System\QzpJapm.exe C:\Users\Admin\AppData\Local\Temp\8ffa93f8c6d393aeb7c2b799e1a87b30_NeikiAnalytics.exe N/A
File created C:\Windows\System\wPYArRI.exe C:\Users\Admin\AppData\Local\Temp\8ffa93f8c6d393aeb7c2b799e1a87b30_NeikiAnalytics.exe N/A
File created C:\Windows\System\cTtkmpf.exe C:\Users\Admin\AppData\Local\Temp\8ffa93f8c6d393aeb7c2b799e1a87b30_NeikiAnalytics.exe N/A
File created C:\Windows\System\nYJBnoe.exe C:\Users\Admin\AppData\Local\Temp\8ffa93f8c6d393aeb7c2b799e1a87b30_NeikiAnalytics.exe N/A
File created C:\Windows\System\etZLZaF.exe C:\Users\Admin\AppData\Local\Temp\8ffa93f8c6d393aeb7c2b799e1a87b30_NeikiAnalytics.exe N/A
File created C:\Windows\System\iVeqmFY.exe C:\Users\Admin\AppData\Local\Temp\8ffa93f8c6d393aeb7c2b799e1a87b30_NeikiAnalytics.exe N/A
File created C:\Windows\System\myzZFHF.exe C:\Users\Admin\AppData\Local\Temp\8ffa93f8c6d393aeb7c2b799e1a87b30_NeikiAnalytics.exe N/A
File created C:\Windows\System\cHBhlyR.exe C:\Users\Admin\AppData\Local\Temp\8ffa93f8c6d393aeb7c2b799e1a87b30_NeikiAnalytics.exe N/A
File created C:\Windows\System\hSsuoPA.exe C:\Users\Admin\AppData\Local\Temp\8ffa93f8c6d393aeb7c2b799e1a87b30_NeikiAnalytics.exe N/A
File created C:\Windows\System\PPWFnPJ.exe C:\Users\Admin\AppData\Local\Temp\8ffa93f8c6d393aeb7c2b799e1a87b30_NeikiAnalytics.exe N/A
File created C:\Windows\System\scyCKSE.exe C:\Users\Admin\AppData\Local\Temp\8ffa93f8c6d393aeb7c2b799e1a87b30_NeikiAnalytics.exe N/A
File created C:\Windows\System\IdAcvcE.exe C:\Users\Admin\AppData\Local\Temp\8ffa93f8c6d393aeb7c2b799e1a87b30_NeikiAnalytics.exe N/A
File created C:\Windows\System\kbKmDvz.exe C:\Users\Admin\AppData\Local\Temp\8ffa93f8c6d393aeb7c2b799e1a87b30_NeikiAnalytics.exe N/A
File created C:\Windows\System\jrJleEf.exe C:\Users\Admin\AppData\Local\Temp\8ffa93f8c6d393aeb7c2b799e1a87b30_NeikiAnalytics.exe N/A
File created C:\Windows\System\eNsHbaa.exe C:\Users\Admin\AppData\Local\Temp\8ffa93f8c6d393aeb7c2b799e1a87b30_NeikiAnalytics.exe N/A
File created C:\Windows\System\DUzxuFZ.exe C:\Users\Admin\AppData\Local\Temp\8ffa93f8c6d393aeb7c2b799e1a87b30_NeikiAnalytics.exe N/A
File created C:\Windows\System\DVSSfwv.exe C:\Users\Admin\AppData\Local\Temp\8ffa93f8c6d393aeb7c2b799e1a87b30_NeikiAnalytics.exe N/A
File created C:\Windows\System\ewtSNsC.exe C:\Users\Admin\AppData\Local\Temp\8ffa93f8c6d393aeb7c2b799e1a87b30_NeikiAnalytics.exe N/A
File created C:\Windows\System\jcQjmyp.exe C:\Users\Admin\AppData\Local\Temp\8ffa93f8c6d393aeb7c2b799e1a87b30_NeikiAnalytics.exe N/A
File created C:\Windows\System\ZUsopSU.exe C:\Users\Admin\AppData\Local\Temp\8ffa93f8c6d393aeb7c2b799e1a87b30_NeikiAnalytics.exe N/A
File created C:\Windows\System\wRLgBjb.exe C:\Users\Admin\AppData\Local\Temp\8ffa93f8c6d393aeb7c2b799e1a87b30_NeikiAnalytics.exe N/A
File created C:\Windows\System\NqliqIV.exe C:\Users\Admin\AppData\Local\Temp\8ffa93f8c6d393aeb7c2b799e1a87b30_NeikiAnalytics.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\8ffa93f8c6d393aeb7c2b799e1a87b30_NeikiAnalytics.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\8ffa93f8c6d393aeb7c2b799e1a87b30_NeikiAnalytics.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1704 wrote to memory of 2892 N/A C:\Users\Admin\AppData\Local\Temp\8ffa93f8c6d393aeb7c2b799e1a87b30_NeikiAnalytics.exe C:\Windows\System\KWYtwol.exe
PID 1704 wrote to memory of 2892 N/A C:\Users\Admin\AppData\Local\Temp\8ffa93f8c6d393aeb7c2b799e1a87b30_NeikiAnalytics.exe C:\Windows\System\KWYtwol.exe
PID 1704 wrote to memory of 2892 N/A C:\Users\Admin\AppData\Local\Temp\8ffa93f8c6d393aeb7c2b799e1a87b30_NeikiAnalytics.exe C:\Windows\System\KWYtwol.exe
PID 1704 wrote to memory of 2440 N/A C:\Users\Admin\AppData\Local\Temp\8ffa93f8c6d393aeb7c2b799e1a87b30_NeikiAnalytics.exe C:\Windows\System\YNDxNif.exe
PID 1704 wrote to memory of 2440 N/A C:\Users\Admin\AppData\Local\Temp\8ffa93f8c6d393aeb7c2b799e1a87b30_NeikiAnalytics.exe C:\Windows\System\YNDxNif.exe
PID 1704 wrote to memory of 2440 N/A C:\Users\Admin\AppData\Local\Temp\8ffa93f8c6d393aeb7c2b799e1a87b30_NeikiAnalytics.exe C:\Windows\System\YNDxNif.exe
PID 1704 wrote to memory of 1256 N/A C:\Users\Admin\AppData\Local\Temp\8ffa93f8c6d393aeb7c2b799e1a87b30_NeikiAnalytics.exe C:\Windows\System\DhsefgI.exe
PID 1704 wrote to memory of 1256 N/A C:\Users\Admin\AppData\Local\Temp\8ffa93f8c6d393aeb7c2b799e1a87b30_NeikiAnalytics.exe C:\Windows\System\DhsefgI.exe
PID 1704 wrote to memory of 1256 N/A C:\Users\Admin\AppData\Local\Temp\8ffa93f8c6d393aeb7c2b799e1a87b30_NeikiAnalytics.exe C:\Windows\System\DhsefgI.exe
PID 1704 wrote to memory of 2744 N/A C:\Users\Admin\AppData\Local\Temp\8ffa93f8c6d393aeb7c2b799e1a87b30_NeikiAnalytics.exe C:\Windows\System\jrJleEf.exe
PID 1704 wrote to memory of 2744 N/A C:\Users\Admin\AppData\Local\Temp\8ffa93f8c6d393aeb7c2b799e1a87b30_NeikiAnalytics.exe C:\Windows\System\jrJleEf.exe
PID 1704 wrote to memory of 2744 N/A C:\Users\Admin\AppData\Local\Temp\8ffa93f8c6d393aeb7c2b799e1a87b30_NeikiAnalytics.exe C:\Windows\System\jrJleEf.exe
PID 1704 wrote to memory of 2736 N/A C:\Users\Admin\AppData\Local\Temp\8ffa93f8c6d393aeb7c2b799e1a87b30_NeikiAnalytics.exe C:\Windows\System\PcSXjxl.exe
PID 1704 wrote to memory of 2736 N/A C:\Users\Admin\AppData\Local\Temp\8ffa93f8c6d393aeb7c2b799e1a87b30_NeikiAnalytics.exe C:\Windows\System\PcSXjxl.exe
PID 1704 wrote to memory of 2736 N/A C:\Users\Admin\AppData\Local\Temp\8ffa93f8c6d393aeb7c2b799e1a87b30_NeikiAnalytics.exe C:\Windows\System\PcSXjxl.exe
PID 1704 wrote to memory of 2904 N/A C:\Users\Admin\AppData\Local\Temp\8ffa93f8c6d393aeb7c2b799e1a87b30_NeikiAnalytics.exe C:\Windows\System\PNUhlEi.exe
PID 1704 wrote to memory of 2904 N/A C:\Users\Admin\AppData\Local\Temp\8ffa93f8c6d393aeb7c2b799e1a87b30_NeikiAnalytics.exe C:\Windows\System\PNUhlEi.exe
PID 1704 wrote to memory of 2904 N/A C:\Users\Admin\AppData\Local\Temp\8ffa93f8c6d393aeb7c2b799e1a87b30_NeikiAnalytics.exe C:\Windows\System\PNUhlEi.exe
PID 1704 wrote to memory of 2816 N/A C:\Users\Admin\AppData\Local\Temp\8ffa93f8c6d393aeb7c2b799e1a87b30_NeikiAnalytics.exe C:\Windows\System\JZobBMe.exe
PID 1704 wrote to memory of 2816 N/A C:\Users\Admin\AppData\Local\Temp\8ffa93f8c6d393aeb7c2b799e1a87b30_NeikiAnalytics.exe C:\Windows\System\JZobBMe.exe
PID 1704 wrote to memory of 2816 N/A C:\Users\Admin\AppData\Local\Temp\8ffa93f8c6d393aeb7c2b799e1a87b30_NeikiAnalytics.exe C:\Windows\System\JZobBMe.exe
PID 1704 wrote to memory of 2676 N/A C:\Users\Admin\AppData\Local\Temp\8ffa93f8c6d393aeb7c2b799e1a87b30_NeikiAnalytics.exe C:\Windows\System\TZvNBoz.exe
PID 1704 wrote to memory of 2676 N/A C:\Users\Admin\AppData\Local\Temp\8ffa93f8c6d393aeb7c2b799e1a87b30_NeikiAnalytics.exe C:\Windows\System\TZvNBoz.exe
PID 1704 wrote to memory of 2676 N/A C:\Users\Admin\AppData\Local\Temp\8ffa93f8c6d393aeb7c2b799e1a87b30_NeikiAnalytics.exe C:\Windows\System\TZvNBoz.exe
PID 1704 wrote to memory of 2580 N/A C:\Users\Admin\AppData\Local\Temp\8ffa93f8c6d393aeb7c2b799e1a87b30_NeikiAnalytics.exe C:\Windows\System\RgwfkdI.exe
PID 1704 wrote to memory of 2580 N/A C:\Users\Admin\AppData\Local\Temp\8ffa93f8c6d393aeb7c2b799e1a87b30_NeikiAnalytics.exe C:\Windows\System\RgwfkdI.exe
PID 1704 wrote to memory of 2580 N/A C:\Users\Admin\AppData\Local\Temp\8ffa93f8c6d393aeb7c2b799e1a87b30_NeikiAnalytics.exe C:\Windows\System\RgwfkdI.exe
PID 1704 wrote to memory of 2584 N/A C:\Users\Admin\AppData\Local\Temp\8ffa93f8c6d393aeb7c2b799e1a87b30_NeikiAnalytics.exe C:\Windows\System\MbdsgPA.exe
PID 1704 wrote to memory of 2584 N/A C:\Users\Admin\AppData\Local\Temp\8ffa93f8c6d393aeb7c2b799e1a87b30_NeikiAnalytics.exe C:\Windows\System\MbdsgPA.exe
PID 1704 wrote to memory of 2584 N/A C:\Users\Admin\AppData\Local\Temp\8ffa93f8c6d393aeb7c2b799e1a87b30_NeikiAnalytics.exe C:\Windows\System\MbdsgPA.exe
PID 1704 wrote to memory of 2980 N/A C:\Users\Admin\AppData\Local\Temp\8ffa93f8c6d393aeb7c2b799e1a87b30_NeikiAnalytics.exe C:\Windows\System\naDusLk.exe
PID 1704 wrote to memory of 2980 N/A C:\Users\Admin\AppData\Local\Temp\8ffa93f8c6d393aeb7c2b799e1a87b30_NeikiAnalytics.exe C:\Windows\System\naDusLk.exe
PID 1704 wrote to memory of 2980 N/A C:\Users\Admin\AppData\Local\Temp\8ffa93f8c6d393aeb7c2b799e1a87b30_NeikiAnalytics.exe C:\Windows\System\naDusLk.exe
PID 1704 wrote to memory of 2024 N/A C:\Users\Admin\AppData\Local\Temp\8ffa93f8c6d393aeb7c2b799e1a87b30_NeikiAnalytics.exe C:\Windows\System\DCJoMSC.exe
PID 1704 wrote to memory of 2024 N/A C:\Users\Admin\AppData\Local\Temp\8ffa93f8c6d393aeb7c2b799e1a87b30_NeikiAnalytics.exe C:\Windows\System\DCJoMSC.exe
PID 1704 wrote to memory of 2024 N/A C:\Users\Admin\AppData\Local\Temp\8ffa93f8c6d393aeb7c2b799e1a87b30_NeikiAnalytics.exe C:\Windows\System\DCJoMSC.exe
PID 1704 wrote to memory of 2760 N/A C:\Users\Admin\AppData\Local\Temp\8ffa93f8c6d393aeb7c2b799e1a87b30_NeikiAnalytics.exe C:\Windows\System\VXyyVWv.exe
PID 1704 wrote to memory of 2760 N/A C:\Users\Admin\AppData\Local\Temp\8ffa93f8c6d393aeb7c2b799e1a87b30_NeikiAnalytics.exe C:\Windows\System\VXyyVWv.exe
PID 1704 wrote to memory of 2760 N/A C:\Users\Admin\AppData\Local\Temp\8ffa93f8c6d393aeb7c2b799e1a87b30_NeikiAnalytics.exe C:\Windows\System\VXyyVWv.exe
PID 1704 wrote to memory of 2848 N/A C:\Users\Admin\AppData\Local\Temp\8ffa93f8c6d393aeb7c2b799e1a87b30_NeikiAnalytics.exe C:\Windows\System\nwbTQiJ.exe
PID 1704 wrote to memory of 2848 N/A C:\Users\Admin\AppData\Local\Temp\8ffa93f8c6d393aeb7c2b799e1a87b30_NeikiAnalytics.exe C:\Windows\System\nwbTQiJ.exe
PID 1704 wrote to memory of 2848 N/A C:\Users\Admin\AppData\Local\Temp\8ffa93f8c6d393aeb7c2b799e1a87b30_NeikiAnalytics.exe C:\Windows\System\nwbTQiJ.exe
PID 1704 wrote to memory of 824 N/A C:\Users\Admin\AppData\Local\Temp\8ffa93f8c6d393aeb7c2b799e1a87b30_NeikiAnalytics.exe C:\Windows\System\UQbLPlo.exe
PID 1704 wrote to memory of 824 N/A C:\Users\Admin\AppData\Local\Temp\8ffa93f8c6d393aeb7c2b799e1a87b30_NeikiAnalytics.exe C:\Windows\System\UQbLPlo.exe
PID 1704 wrote to memory of 824 N/A C:\Users\Admin\AppData\Local\Temp\8ffa93f8c6d393aeb7c2b799e1a87b30_NeikiAnalytics.exe C:\Windows\System\UQbLPlo.exe
PID 1704 wrote to memory of 2356 N/A C:\Users\Admin\AppData\Local\Temp\8ffa93f8c6d393aeb7c2b799e1a87b30_NeikiAnalytics.exe C:\Windows\System\GHkIOXT.exe
PID 1704 wrote to memory of 2356 N/A C:\Users\Admin\AppData\Local\Temp\8ffa93f8c6d393aeb7c2b799e1a87b30_NeikiAnalytics.exe C:\Windows\System\GHkIOXT.exe
PID 1704 wrote to memory of 2356 N/A C:\Users\Admin\AppData\Local\Temp\8ffa93f8c6d393aeb7c2b799e1a87b30_NeikiAnalytics.exe C:\Windows\System\GHkIOXT.exe
PID 1704 wrote to memory of 1940 N/A C:\Users\Admin\AppData\Local\Temp\8ffa93f8c6d393aeb7c2b799e1a87b30_NeikiAnalytics.exe C:\Windows\System\vttOqaG.exe
PID 1704 wrote to memory of 1940 N/A C:\Users\Admin\AppData\Local\Temp\8ffa93f8c6d393aeb7c2b799e1a87b30_NeikiAnalytics.exe C:\Windows\System\vttOqaG.exe
PID 1704 wrote to memory of 1940 N/A C:\Users\Admin\AppData\Local\Temp\8ffa93f8c6d393aeb7c2b799e1a87b30_NeikiAnalytics.exe C:\Windows\System\vttOqaG.exe
PID 1704 wrote to memory of 1836 N/A C:\Users\Admin\AppData\Local\Temp\8ffa93f8c6d393aeb7c2b799e1a87b30_NeikiAnalytics.exe C:\Windows\System\vYUcoSM.exe
PID 1704 wrote to memory of 1836 N/A C:\Users\Admin\AppData\Local\Temp\8ffa93f8c6d393aeb7c2b799e1a87b30_NeikiAnalytics.exe C:\Windows\System\vYUcoSM.exe
PID 1704 wrote to memory of 1836 N/A C:\Users\Admin\AppData\Local\Temp\8ffa93f8c6d393aeb7c2b799e1a87b30_NeikiAnalytics.exe C:\Windows\System\vYUcoSM.exe
PID 1704 wrote to memory of 1968 N/A C:\Users\Admin\AppData\Local\Temp\8ffa93f8c6d393aeb7c2b799e1a87b30_NeikiAnalytics.exe C:\Windows\System\eNsHbaa.exe
PID 1704 wrote to memory of 1968 N/A C:\Users\Admin\AppData\Local\Temp\8ffa93f8c6d393aeb7c2b799e1a87b30_NeikiAnalytics.exe C:\Windows\System\eNsHbaa.exe
PID 1704 wrote to memory of 1968 N/A C:\Users\Admin\AppData\Local\Temp\8ffa93f8c6d393aeb7c2b799e1a87b30_NeikiAnalytics.exe C:\Windows\System\eNsHbaa.exe
PID 1704 wrote to memory of 1796 N/A C:\Users\Admin\AppData\Local\Temp\8ffa93f8c6d393aeb7c2b799e1a87b30_NeikiAnalytics.exe C:\Windows\System\cTtkmpf.exe
PID 1704 wrote to memory of 1796 N/A C:\Users\Admin\AppData\Local\Temp\8ffa93f8c6d393aeb7c2b799e1a87b30_NeikiAnalytics.exe C:\Windows\System\cTtkmpf.exe
PID 1704 wrote to memory of 1796 N/A C:\Users\Admin\AppData\Local\Temp\8ffa93f8c6d393aeb7c2b799e1a87b30_NeikiAnalytics.exe C:\Windows\System\cTtkmpf.exe
PID 1704 wrote to memory of 2384 N/A C:\Users\Admin\AppData\Local\Temp\8ffa93f8c6d393aeb7c2b799e1a87b30_NeikiAnalytics.exe C:\Windows\System\jPNLRVJ.exe
PID 1704 wrote to memory of 2384 N/A C:\Users\Admin\AppData\Local\Temp\8ffa93f8c6d393aeb7c2b799e1a87b30_NeikiAnalytics.exe C:\Windows\System\jPNLRVJ.exe
PID 1704 wrote to memory of 2384 N/A C:\Users\Admin\AppData\Local\Temp\8ffa93f8c6d393aeb7c2b799e1a87b30_NeikiAnalytics.exe C:\Windows\System\jPNLRVJ.exe
PID 1704 wrote to memory of 2460 N/A C:\Users\Admin\AppData\Local\Temp\8ffa93f8c6d393aeb7c2b799e1a87b30_NeikiAnalytics.exe C:\Windows\System\dSLAFog.exe

Processes

C:\Users\Admin\AppData\Local\Temp\8ffa93f8c6d393aeb7c2b799e1a87b30_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\8ffa93f8c6d393aeb7c2b799e1a87b30_NeikiAnalytics.exe"

C:\Windows\System\KWYtwol.exe

C:\Windows\System\KWYtwol.exe

C:\Windows\System\YNDxNif.exe

C:\Windows\System\YNDxNif.exe

C:\Windows\System\DhsefgI.exe

C:\Windows\System\DhsefgI.exe

C:\Windows\System\jrJleEf.exe

C:\Windows\System\jrJleEf.exe

C:\Windows\System\PcSXjxl.exe

C:\Windows\System\PcSXjxl.exe

C:\Windows\System\PNUhlEi.exe

C:\Windows\System\PNUhlEi.exe

C:\Windows\System\JZobBMe.exe

C:\Windows\System\JZobBMe.exe

C:\Windows\System\TZvNBoz.exe

C:\Windows\System\TZvNBoz.exe

C:\Windows\System\RgwfkdI.exe

C:\Windows\System\RgwfkdI.exe

C:\Windows\System\MbdsgPA.exe

C:\Windows\System\MbdsgPA.exe

C:\Windows\System\naDusLk.exe

C:\Windows\System\naDusLk.exe

C:\Windows\System\DCJoMSC.exe

C:\Windows\System\DCJoMSC.exe

C:\Windows\System\VXyyVWv.exe

C:\Windows\System\VXyyVWv.exe

C:\Windows\System\nwbTQiJ.exe

C:\Windows\System\nwbTQiJ.exe

C:\Windows\System\UQbLPlo.exe

C:\Windows\System\UQbLPlo.exe

C:\Windows\System\GHkIOXT.exe

C:\Windows\System\GHkIOXT.exe

C:\Windows\System\vttOqaG.exe

C:\Windows\System\vttOqaG.exe

C:\Windows\System\vYUcoSM.exe

C:\Windows\System\vYUcoSM.exe

C:\Windows\System\eNsHbaa.exe

C:\Windows\System\eNsHbaa.exe

C:\Windows\System\cTtkmpf.exe

C:\Windows\System\cTtkmpf.exe

C:\Windows\System\jPNLRVJ.exe

C:\Windows\System\jPNLRVJ.exe

C:\Windows\System\dSLAFog.exe

C:\Windows\System\dSLAFog.exe

C:\Windows\System\kGHghDL.exe

C:\Windows\System\kGHghDL.exe

C:\Windows\System\IZynpIn.exe

C:\Windows\System\IZynpIn.exe

C:\Windows\System\GbaaOiZ.exe

C:\Windows\System\GbaaOiZ.exe

C:\Windows\System\WNfUBdy.exe

C:\Windows\System\WNfUBdy.exe

C:\Windows\System\HoVLGqm.exe

C:\Windows\System\HoVLGqm.exe

C:\Windows\System\lGvWEYB.exe

C:\Windows\System\lGvWEYB.exe

C:\Windows\System\NAXCUMv.exe

C:\Windows\System\NAXCUMv.exe

C:\Windows\System\xglNLMp.exe

C:\Windows\System\xglNLMp.exe

C:\Windows\System\NsHLszx.exe

C:\Windows\System\NsHLszx.exe

C:\Windows\System\EBdtBNE.exe

C:\Windows\System\EBdtBNE.exe

C:\Windows\System\RqlbRzb.exe

C:\Windows\System\RqlbRzb.exe

C:\Windows\System\CmNxJrv.exe

C:\Windows\System\CmNxJrv.exe

C:\Windows\System\vQiqDdQ.exe

C:\Windows\System\vQiqDdQ.exe

C:\Windows\System\aAQpcJV.exe

C:\Windows\System\aAQpcJV.exe

C:\Windows\System\OdEKOiv.exe

C:\Windows\System\OdEKOiv.exe

C:\Windows\System\WcYEcCg.exe

C:\Windows\System\WcYEcCg.exe

C:\Windows\System\JGpjSdr.exe

C:\Windows\System\JGpjSdr.exe

C:\Windows\System\cnHJOTH.exe

C:\Windows\System\cnHJOTH.exe

C:\Windows\System\KxfXJhq.exe

C:\Windows\System\KxfXJhq.exe

C:\Windows\System\mFfpmpJ.exe

C:\Windows\System\mFfpmpJ.exe

C:\Windows\System\NaEMMqX.exe

C:\Windows\System\NaEMMqX.exe

C:\Windows\System\avhcvzn.exe

C:\Windows\System\avhcvzn.exe

C:\Windows\System\CWAtVkZ.exe

C:\Windows\System\CWAtVkZ.exe

C:\Windows\System\GTftgVZ.exe

C:\Windows\System\GTftgVZ.exe

C:\Windows\System\UEjcedT.exe

C:\Windows\System\UEjcedT.exe

C:\Windows\System\eOUypiI.exe

C:\Windows\System\eOUypiI.exe

C:\Windows\System\zVqmCxh.exe

C:\Windows\System\zVqmCxh.exe

C:\Windows\System\AybJwGa.exe

C:\Windows\System\AybJwGa.exe

C:\Windows\System\hSsuoPA.exe

C:\Windows\System\hSsuoPA.exe

C:\Windows\System\gZijiVe.exe

C:\Windows\System\gZijiVe.exe

C:\Windows\System\GoCiCwK.exe

C:\Windows\System\GoCiCwK.exe

C:\Windows\System\csQJzrD.exe

C:\Windows\System\csQJzrD.exe

C:\Windows\System\qTrjvBY.exe

C:\Windows\System\qTrjvBY.exe

C:\Windows\System\PMLsLOY.exe

C:\Windows\System\PMLsLOY.exe

C:\Windows\System\kGeHNeZ.exe

C:\Windows\System\kGeHNeZ.exe

C:\Windows\System\fXCIFjI.exe

C:\Windows\System\fXCIFjI.exe

C:\Windows\System\fPYAPjw.exe

C:\Windows\System\fPYAPjw.exe

C:\Windows\System\EtttlCc.exe

C:\Windows\System\EtttlCc.exe

C:\Windows\System\NVuRRZK.exe

C:\Windows\System\NVuRRZK.exe

C:\Windows\System\frkRURU.exe

C:\Windows\System\frkRURU.exe

C:\Windows\System\VbkNlUF.exe

C:\Windows\System\VbkNlUF.exe

C:\Windows\System\DJsslJE.exe

C:\Windows\System\DJsslJE.exe

C:\Windows\System\ieQNsUc.exe

C:\Windows\System\ieQNsUc.exe

C:\Windows\System\WmOwmeX.exe

C:\Windows\System\WmOwmeX.exe

C:\Windows\System\RSLmNkz.exe

C:\Windows\System\RSLmNkz.exe

C:\Windows\System\GKlNXSF.exe

C:\Windows\System\GKlNXSF.exe

C:\Windows\System\ZkXjaPD.exe

C:\Windows\System\ZkXjaPD.exe

C:\Windows\System\KPEhBfO.exe

C:\Windows\System\KPEhBfO.exe

C:\Windows\System\ZDbrkXC.exe

C:\Windows\System\ZDbrkXC.exe

C:\Windows\System\NmYOnWV.exe

C:\Windows\System\NmYOnWV.exe

C:\Windows\System\GEhWtFs.exe

C:\Windows\System\GEhWtFs.exe

C:\Windows\System\nYJBnoe.exe

C:\Windows\System\nYJBnoe.exe

C:\Windows\System\zHDkVjB.exe

C:\Windows\System\zHDkVjB.exe

C:\Windows\System\RvvfKfz.exe

C:\Windows\System\RvvfKfz.exe

C:\Windows\System\pVpqzkP.exe

C:\Windows\System\pVpqzkP.exe

C:\Windows\System\PPWFnPJ.exe

C:\Windows\System\PPWFnPJ.exe

C:\Windows\System\HOwgZuf.exe

C:\Windows\System\HOwgZuf.exe

C:\Windows\System\QmEhWIa.exe

C:\Windows\System\QmEhWIa.exe

C:\Windows\System\ZXsZBFJ.exe

C:\Windows\System\ZXsZBFJ.exe

C:\Windows\System\wJTfplh.exe

C:\Windows\System\wJTfplh.exe

C:\Windows\System\hkpiKrz.exe

C:\Windows\System\hkpiKrz.exe

C:\Windows\System\XKjoLpL.exe

C:\Windows\System\XKjoLpL.exe

C:\Windows\System\smOmiWD.exe

C:\Windows\System\smOmiWD.exe

C:\Windows\System\mJuGMTA.exe

C:\Windows\System\mJuGMTA.exe

C:\Windows\System\PCzDEYh.exe

C:\Windows\System\PCzDEYh.exe

C:\Windows\System\lTrcqhy.exe

C:\Windows\System\lTrcqhy.exe

C:\Windows\System\zRjIizi.exe

C:\Windows\System\zRjIizi.exe

C:\Windows\System\kvPexCx.exe

C:\Windows\System\kvPexCx.exe

C:\Windows\System\muLuTOJ.exe

C:\Windows\System\muLuTOJ.exe

C:\Windows\System\KpFPuzO.exe

C:\Windows\System\KpFPuzO.exe

C:\Windows\System\zimiiZj.exe

C:\Windows\System\zimiiZj.exe

C:\Windows\System\walqyHe.exe

C:\Windows\System\walqyHe.exe

C:\Windows\System\eDnxgwc.exe

C:\Windows\System\eDnxgwc.exe

C:\Windows\System\PrVVfHm.exe

C:\Windows\System\PrVVfHm.exe

C:\Windows\System\vMxtQZw.exe

C:\Windows\System\vMxtQZw.exe

C:\Windows\System\QRieKyG.exe

C:\Windows\System\QRieKyG.exe

C:\Windows\System\JHPxBMC.exe

C:\Windows\System\JHPxBMC.exe

C:\Windows\System\LoILzKh.exe

C:\Windows\System\LoILzKh.exe

C:\Windows\System\aJFCIaB.exe

C:\Windows\System\aJFCIaB.exe

C:\Windows\System\zjNuoPW.exe

C:\Windows\System\zjNuoPW.exe

C:\Windows\System\dHuvKIH.exe

C:\Windows\System\dHuvKIH.exe

C:\Windows\System\KXuMYZN.exe

C:\Windows\System\KXuMYZN.exe

C:\Windows\System\csaCHNV.exe

C:\Windows\System\csaCHNV.exe

C:\Windows\System\ueXywfH.exe

C:\Windows\System\ueXywfH.exe

C:\Windows\System\mmJqXIK.exe

C:\Windows\System\mmJqXIK.exe

C:\Windows\System\QnWmCdk.exe

C:\Windows\System\QnWmCdk.exe

C:\Windows\System\hzlTwmw.exe

C:\Windows\System\hzlTwmw.exe

C:\Windows\System\etZLZaF.exe

C:\Windows\System\etZLZaF.exe

C:\Windows\System\iLxCPEU.exe

C:\Windows\System\iLxCPEU.exe

C:\Windows\System\NdtcDQA.exe

C:\Windows\System\NdtcDQA.exe

C:\Windows\System\zAOasPC.exe

C:\Windows\System\zAOasPC.exe

C:\Windows\System\kZoWJwW.exe

C:\Windows\System\kZoWJwW.exe

C:\Windows\System\gnCLzaI.exe

C:\Windows\System\gnCLzaI.exe

C:\Windows\System\GBkcXvV.exe

C:\Windows\System\GBkcXvV.exe

C:\Windows\System\scyCKSE.exe

C:\Windows\System\scyCKSE.exe

C:\Windows\System\zVgZFUG.exe

C:\Windows\System\zVgZFUG.exe

C:\Windows\System\JuFBrGR.exe

C:\Windows\System\JuFBrGR.exe

C:\Windows\System\XsxQYGy.exe

C:\Windows\System\XsxQYGy.exe

C:\Windows\System\RTVdLSR.exe

C:\Windows\System\RTVdLSR.exe

C:\Windows\System\iVeqmFY.exe

C:\Windows\System\iVeqmFY.exe

C:\Windows\System\ccyEHUI.exe

C:\Windows\System\ccyEHUI.exe

C:\Windows\System\iEBSMcF.exe

C:\Windows\System\iEBSMcF.exe

C:\Windows\System\GZmIuFB.exe

C:\Windows\System\GZmIuFB.exe

C:\Windows\System\SEryQQh.exe

C:\Windows\System\SEryQQh.exe

C:\Windows\System\lLNdMLe.exe

C:\Windows\System\lLNdMLe.exe

C:\Windows\System\IXotNNn.exe

C:\Windows\System\IXotNNn.exe

C:\Windows\System\ypBlXQf.exe

C:\Windows\System\ypBlXQf.exe

C:\Windows\System\HLggkIR.exe

C:\Windows\System\HLggkIR.exe

C:\Windows\System\uAJgTmM.exe

C:\Windows\System\uAJgTmM.exe

C:\Windows\System\RDutmVQ.exe

C:\Windows\System\RDutmVQ.exe

C:\Windows\System\DgVsqEW.exe

C:\Windows\System\DgVsqEW.exe

C:\Windows\System\GjVxAPC.exe

C:\Windows\System\GjVxAPC.exe

C:\Windows\System\ZKnepHm.exe

C:\Windows\System\ZKnepHm.exe

C:\Windows\System\KYBgJPe.exe

C:\Windows\System\KYBgJPe.exe

C:\Windows\System\lVrFccH.exe

C:\Windows\System\lVrFccH.exe

C:\Windows\System\kwwPfIh.exe

C:\Windows\System\kwwPfIh.exe

C:\Windows\System\KcoLXtp.exe

C:\Windows\System\KcoLXtp.exe

C:\Windows\System\QLqUzNz.exe

C:\Windows\System\QLqUzNz.exe

C:\Windows\System\PIvYOtI.exe

C:\Windows\System\PIvYOtI.exe

C:\Windows\System\oNDqFRk.exe

C:\Windows\System\oNDqFRk.exe

C:\Windows\System\wirDgfu.exe

C:\Windows\System\wirDgfu.exe

C:\Windows\System\whlDabv.exe

C:\Windows\System\whlDabv.exe

C:\Windows\System\IYdWPJg.exe

C:\Windows\System\IYdWPJg.exe

C:\Windows\System\ceuDNCo.exe

C:\Windows\System\ceuDNCo.exe

C:\Windows\System\ecdyVZr.exe

C:\Windows\System\ecdyVZr.exe

C:\Windows\System\TLFnOyT.exe

C:\Windows\System\TLFnOyT.exe

C:\Windows\System\XBGeQId.exe

C:\Windows\System\XBGeQId.exe

C:\Windows\System\EHjnluE.exe

C:\Windows\System\EHjnluE.exe

C:\Windows\System\WoPNJgu.exe

C:\Windows\System\WoPNJgu.exe

C:\Windows\System\gMbnwwe.exe

C:\Windows\System\gMbnwwe.exe

C:\Windows\System\gdFdQkm.exe

C:\Windows\System\gdFdQkm.exe

C:\Windows\System\NpjllRB.exe

C:\Windows\System\NpjllRB.exe

C:\Windows\System\FbhGNYG.exe

C:\Windows\System\FbhGNYG.exe

C:\Windows\System\YzhzWuY.exe

C:\Windows\System\YzhzWuY.exe

C:\Windows\System\IdAcvcE.exe

C:\Windows\System\IdAcvcE.exe

C:\Windows\System\YaSCciW.exe

C:\Windows\System\YaSCciW.exe

C:\Windows\System\tciKeRX.exe

C:\Windows\System\tciKeRX.exe

C:\Windows\System\tRUSBbe.exe

C:\Windows\System\tRUSBbe.exe

C:\Windows\System\akoOrno.exe

C:\Windows\System\akoOrno.exe

C:\Windows\System\MQClIoL.exe

C:\Windows\System\MQClIoL.exe

C:\Windows\System\BTTdnlC.exe

C:\Windows\System\BTTdnlC.exe

C:\Windows\System\BPPESKR.exe

C:\Windows\System\BPPESKR.exe

C:\Windows\System\ESOIekO.exe

C:\Windows\System\ESOIekO.exe

C:\Windows\System\yETUyFQ.exe

C:\Windows\System\yETUyFQ.exe

C:\Windows\System\RdWJlPv.exe

C:\Windows\System\RdWJlPv.exe

C:\Windows\System\pSURvcM.exe

C:\Windows\System\pSURvcM.exe

C:\Windows\System\zYPcfoN.exe

C:\Windows\System\zYPcfoN.exe

C:\Windows\System\kvegukj.exe

C:\Windows\System\kvegukj.exe

C:\Windows\System\abNNofe.exe

C:\Windows\System\abNNofe.exe

C:\Windows\System\bKIbEjY.exe

C:\Windows\System\bKIbEjY.exe

C:\Windows\System\KUNfftX.exe

C:\Windows\System\KUNfftX.exe

C:\Windows\System\HGAHQQU.exe

C:\Windows\System\HGAHQQU.exe

C:\Windows\System\osZfmXI.exe

C:\Windows\System\osZfmXI.exe

C:\Windows\System\ewtSNsC.exe

C:\Windows\System\ewtSNsC.exe

C:\Windows\System\QWURlJz.exe

C:\Windows\System\QWURlJz.exe

C:\Windows\System\zYgdusP.exe

C:\Windows\System\zYgdusP.exe

C:\Windows\System\JVYGTAq.exe

C:\Windows\System\JVYGTAq.exe

C:\Windows\System\vffBOqj.exe

C:\Windows\System\vffBOqj.exe

C:\Windows\System\gDCfCBU.exe

C:\Windows\System\gDCfCBU.exe

C:\Windows\System\IsGoxZf.exe

C:\Windows\System\IsGoxZf.exe

C:\Windows\System\xPJKeqW.exe

C:\Windows\System\xPJKeqW.exe

C:\Windows\System\CsrZSkW.exe

C:\Windows\System\CsrZSkW.exe

C:\Windows\System\bTGCvfR.exe

C:\Windows\System\bTGCvfR.exe

C:\Windows\System\wLmWRlp.exe

C:\Windows\System\wLmWRlp.exe

C:\Windows\System\YWPpTvN.exe

C:\Windows\System\YWPpTvN.exe

C:\Windows\System\QNMSmTy.exe

C:\Windows\System\QNMSmTy.exe

C:\Windows\System\myzZFHF.exe

C:\Windows\System\myzZFHF.exe

C:\Windows\System\ObfBLjW.exe

C:\Windows\System\ObfBLjW.exe

C:\Windows\System\iGxQqDS.exe

C:\Windows\System\iGxQqDS.exe

C:\Windows\System\vJzeyGM.exe

C:\Windows\System\vJzeyGM.exe

C:\Windows\System\jjBUcgV.exe

C:\Windows\System\jjBUcgV.exe

C:\Windows\System\DUzxuFZ.exe

C:\Windows\System\DUzxuFZ.exe

C:\Windows\System\ixDOmWe.exe

C:\Windows\System\ixDOmWe.exe

C:\Windows\System\lLhvHHp.exe

C:\Windows\System\lLhvHHp.exe

C:\Windows\System\DVSSfwv.exe

C:\Windows\System\DVSSfwv.exe

C:\Windows\System\WVUDlGp.exe

C:\Windows\System\WVUDlGp.exe

C:\Windows\System\mPBASCy.exe

C:\Windows\System\mPBASCy.exe

C:\Windows\System\pKpkIdQ.exe

C:\Windows\System\pKpkIdQ.exe

C:\Windows\System\QpiWtwS.exe

C:\Windows\System\QpiWtwS.exe

C:\Windows\System\nxfGEiZ.exe

C:\Windows\System\nxfGEiZ.exe

C:\Windows\System\jcQjmyp.exe

C:\Windows\System\jcQjmyp.exe

C:\Windows\System\vgfZibX.exe

C:\Windows\System\vgfZibX.exe

C:\Windows\System\vvhSZra.exe

C:\Windows\System\vvhSZra.exe

C:\Windows\System\tFJyOEk.exe

C:\Windows\System\tFJyOEk.exe

C:\Windows\System\wkgGjoI.exe

C:\Windows\System\wkgGjoI.exe

C:\Windows\System\XQpZvQN.exe

C:\Windows\System\XQpZvQN.exe

C:\Windows\System\bawPzFC.exe

C:\Windows\System\bawPzFC.exe

C:\Windows\System\WnQBPJA.exe

C:\Windows\System\WnQBPJA.exe

C:\Windows\System\bPBnRWv.exe

C:\Windows\System\bPBnRWv.exe

C:\Windows\System\DyeOlGb.exe

C:\Windows\System\DyeOlGb.exe

C:\Windows\System\URSoHdO.exe

C:\Windows\System\URSoHdO.exe

C:\Windows\System\KrFcVBP.exe

C:\Windows\System\KrFcVBP.exe

C:\Windows\System\LoSFRFS.exe

C:\Windows\System\LoSFRFS.exe

C:\Windows\System\aGnDutR.exe

C:\Windows\System\aGnDutR.exe

C:\Windows\System\ODBGWsu.exe

C:\Windows\System\ODBGWsu.exe

C:\Windows\System\oHHVKuz.exe

C:\Windows\System\oHHVKuz.exe

C:\Windows\System\epungIQ.exe

C:\Windows\System\epungIQ.exe

C:\Windows\System\mfGDZtF.exe

C:\Windows\System\mfGDZtF.exe

C:\Windows\System\fkCPSRv.exe

C:\Windows\System\fkCPSRv.exe

C:\Windows\System\xIZxgNT.exe

C:\Windows\System\xIZxgNT.exe

C:\Windows\System\UAGnPrB.exe

C:\Windows\System\UAGnPrB.exe

C:\Windows\System\unUlUiM.exe

C:\Windows\System\unUlUiM.exe

C:\Windows\System\OuMjPhM.exe

C:\Windows\System\OuMjPhM.exe

C:\Windows\System\jDCIjoq.exe

C:\Windows\System\jDCIjoq.exe

C:\Windows\System\IGraCkb.exe

C:\Windows\System\IGraCkb.exe

C:\Windows\System\HDqsTvV.exe

C:\Windows\System\HDqsTvV.exe

C:\Windows\System\qSzuAMk.exe

C:\Windows\System\qSzuAMk.exe

C:\Windows\System\wfvYyCG.exe

C:\Windows\System\wfvYyCG.exe

C:\Windows\System\TlmvXfz.exe

C:\Windows\System\TlmvXfz.exe

C:\Windows\System\QCOjqCt.exe

C:\Windows\System\QCOjqCt.exe

C:\Windows\System\yXliawQ.exe

C:\Windows\System\yXliawQ.exe

C:\Windows\System\ZUsopSU.exe

C:\Windows\System\ZUsopSU.exe

C:\Windows\System\NItStFM.exe

C:\Windows\System\NItStFM.exe

C:\Windows\System\HSILwhA.exe

C:\Windows\System\HSILwhA.exe

C:\Windows\System\iJpMaPh.exe

C:\Windows\System\iJpMaPh.exe

C:\Windows\System\NBiXObT.exe

C:\Windows\System\NBiXObT.exe

C:\Windows\System\kTCAfDp.exe

C:\Windows\System\kTCAfDp.exe

C:\Windows\System\CDdFEKF.exe

C:\Windows\System\CDdFEKF.exe

C:\Windows\System\maoQMHj.exe

C:\Windows\System\maoQMHj.exe

C:\Windows\System\YvoFIiu.exe

C:\Windows\System\YvoFIiu.exe

C:\Windows\System\IuWBLzq.exe

C:\Windows\System\IuWBLzq.exe

C:\Windows\System\qPZZXkg.exe

C:\Windows\System\qPZZXkg.exe

C:\Windows\System\TXtpvfp.exe

C:\Windows\System\TXtpvfp.exe

C:\Windows\System\sQhKtns.exe

C:\Windows\System\sQhKtns.exe

C:\Windows\System\yiizTbb.exe

C:\Windows\System\yiizTbb.exe

C:\Windows\System\PUVnIsv.exe

C:\Windows\System\PUVnIsv.exe

C:\Windows\System\CMFixEh.exe

C:\Windows\System\CMFixEh.exe

C:\Windows\System\pNmHwLU.exe

C:\Windows\System\pNmHwLU.exe

C:\Windows\System\mQUKYUY.exe

C:\Windows\System\mQUKYUY.exe

C:\Windows\System\LgstGCb.exe

C:\Windows\System\LgstGCb.exe

C:\Windows\System\kbKmDvz.exe

C:\Windows\System\kbKmDvz.exe

C:\Windows\System\LJsAJuK.exe

C:\Windows\System\LJsAJuK.exe

C:\Windows\System\bmxSOmj.exe

C:\Windows\System\bmxSOmj.exe

C:\Windows\System\hrmRjeP.exe

C:\Windows\System\hrmRjeP.exe

C:\Windows\System\dOteAwL.exe

C:\Windows\System\dOteAwL.exe

C:\Windows\System\xmkTFcu.exe

C:\Windows\System\xmkTFcu.exe

C:\Windows\System\UnxuxQT.exe

C:\Windows\System\UnxuxQT.exe

C:\Windows\System\qcyhUmX.exe

C:\Windows\System\qcyhUmX.exe

C:\Windows\System\pOCRMhu.exe

C:\Windows\System\pOCRMhu.exe

C:\Windows\System\PlABZZN.exe

C:\Windows\System\PlABZZN.exe

C:\Windows\System\cHBhlyR.exe

C:\Windows\System\cHBhlyR.exe

C:\Windows\System\TYcwQiX.exe

C:\Windows\System\TYcwQiX.exe

C:\Windows\System\nrcPNAt.exe

C:\Windows\System\nrcPNAt.exe

C:\Windows\System\NqWCxxE.exe

C:\Windows\System\NqWCxxE.exe

C:\Windows\System\HhwMtEQ.exe

C:\Windows\System\HhwMtEQ.exe

C:\Windows\System\TQiJgFH.exe

C:\Windows\System\TQiJgFH.exe

C:\Windows\System\SCrehsH.exe

C:\Windows\System\SCrehsH.exe

C:\Windows\System\byFaRCn.exe

C:\Windows\System\byFaRCn.exe

C:\Windows\System\qYiwgeS.exe

C:\Windows\System\qYiwgeS.exe

C:\Windows\System\AndhwHt.exe

C:\Windows\System\AndhwHt.exe

C:\Windows\System\bjonOeQ.exe

C:\Windows\System\bjonOeQ.exe

C:\Windows\System\qERfxCR.exe

C:\Windows\System\qERfxCR.exe

C:\Windows\System\ubwlOAa.exe

C:\Windows\System\ubwlOAa.exe

C:\Windows\System\YvcfmLC.exe

C:\Windows\System\YvcfmLC.exe

C:\Windows\System\hpRKCcA.exe

C:\Windows\System\hpRKCcA.exe

C:\Windows\System\aphjEJi.exe

C:\Windows\System\aphjEJi.exe

C:\Windows\System\fuutshn.exe

C:\Windows\System\fuutshn.exe

C:\Windows\System\KICEBMp.exe

C:\Windows\System\KICEBMp.exe

C:\Windows\System\FQftlhW.exe

C:\Windows\System\FQftlhW.exe

C:\Windows\System\apeyDZr.exe

C:\Windows\System\apeyDZr.exe

C:\Windows\System\tjWOAug.exe

C:\Windows\System\tjWOAug.exe

C:\Windows\System\NqliqIV.exe

C:\Windows\System\NqliqIV.exe

C:\Windows\System\tnYOpNg.exe

C:\Windows\System\tnYOpNg.exe

C:\Windows\System\yxxzGNK.exe

C:\Windows\System\yxxzGNK.exe

C:\Windows\System\HpXajsH.exe

C:\Windows\System\HpXajsH.exe

C:\Windows\System\hRGgAXI.exe

C:\Windows\System\hRGgAXI.exe

C:\Windows\System\yWhPrvA.exe

C:\Windows\System\yWhPrvA.exe

C:\Windows\System\szStSVG.exe

C:\Windows\System\szStSVG.exe

C:\Windows\System\WiSlitK.exe

C:\Windows\System\WiSlitK.exe

C:\Windows\System\WuErOog.exe

C:\Windows\System\WuErOog.exe

C:\Windows\System\iDDSQer.exe

C:\Windows\System\iDDSQer.exe

C:\Windows\System\oQwDeYT.exe

C:\Windows\System\oQwDeYT.exe

C:\Windows\System\dIVwzLe.exe

C:\Windows\System\dIVwzLe.exe

C:\Windows\System\xKDziFj.exe

C:\Windows\System\xKDziFj.exe

C:\Windows\System\esxuEcq.exe

C:\Windows\System\esxuEcq.exe

C:\Windows\System\wRLgBjb.exe

C:\Windows\System\wRLgBjb.exe

C:\Windows\System\GxhMOJr.exe

C:\Windows\System\GxhMOJr.exe

C:\Windows\System\Xddzfzv.exe

C:\Windows\System\Xddzfzv.exe

C:\Windows\System\JOguLzQ.exe

C:\Windows\System\JOguLzQ.exe

C:\Windows\System\zScSyxm.exe

C:\Windows\System\zScSyxm.exe

C:\Windows\System\DEiXEGZ.exe

C:\Windows\System\DEiXEGZ.exe

C:\Windows\System\Jndiwqi.exe

C:\Windows\System\Jndiwqi.exe

C:\Windows\System\QzpJapm.exe

C:\Windows\System\QzpJapm.exe

C:\Windows\System\gmMyKyC.exe

C:\Windows\System\gmMyKyC.exe

C:\Windows\System\XAHFUBb.exe

C:\Windows\System\XAHFUBb.exe

C:\Windows\System\ZFPAsjV.exe

C:\Windows\System\ZFPAsjV.exe

C:\Windows\System\NnVIZzQ.exe

C:\Windows\System\NnVIZzQ.exe

C:\Windows\System\CLSnLIl.exe

C:\Windows\System\CLSnLIl.exe

C:\Windows\System\TPhuncn.exe

C:\Windows\System\TPhuncn.exe

C:\Windows\System\zgrHLCO.exe

C:\Windows\System\zgrHLCO.exe

C:\Windows\System\pDOZGJo.exe

C:\Windows\System\pDOZGJo.exe

C:\Windows\System\YjVpAYM.exe

C:\Windows\System\YjVpAYM.exe

C:\Windows\System\viFhKfx.exe

C:\Windows\System\viFhKfx.exe

C:\Windows\System\ypiYhJT.exe

C:\Windows\System\ypiYhJT.exe

C:\Windows\System\JcaUvVi.exe

C:\Windows\System\JcaUvVi.exe

C:\Windows\System\MMHaJpJ.exe

C:\Windows\System\MMHaJpJ.exe

C:\Windows\System\VBsPtmK.exe

C:\Windows\System\VBsPtmK.exe

C:\Windows\System\RNklRkr.exe

C:\Windows\System\RNklRkr.exe

C:\Windows\System\wPYArRI.exe

C:\Windows\System\wPYArRI.exe

C:\Windows\System\Nrymhhh.exe

C:\Windows\System\Nrymhhh.exe

C:\Windows\System\tVqXpso.exe

C:\Windows\System\tVqXpso.exe

C:\Windows\System\XcceDxY.exe

C:\Windows\System\XcceDxY.exe

C:\Windows\System\rOOJRkv.exe

C:\Windows\System\rOOJRkv.exe

Network

Country Destination Domain Proto
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp

Files

memory/1704-0-0x00000000001F0000-0x0000000000200000-memory.dmp

memory/1704-2-0x000000013FA50000-0x000000013FDA4000-memory.dmp

\Windows\system\KWYtwol.exe

MD5 5d7455b12bac5481f029e5db1bdc699f
SHA1 f79ba744c630120cd66b05764f458114979c79a2
SHA256 bd2442143fddf4cd1e8ba6ff8aae7bcff32b5a66d286b6944a112f8b5820e8b9
SHA512 88bacd779150058d7e1ca71c650131e6f1136d22f9c653b6155ce4062e00bf0e08caf895f14c82ad1bdbf160b6ca0cca790fce84bb0fc2fb88aa07fbf875cb67

memory/1704-9-0x000000013F5A0000-0x000000013F8F4000-memory.dmp

\Windows\system\YNDxNif.exe

MD5 1b723e920b4b646b79c265b526656688
SHA1 0917e8cc3386b8efae59ec5c066b87a5c165f747
SHA256 49f45d4942df7c9538c01027f1f1ac44ce6d54ac4deaf010fa29cd8fa66348ba
SHA512 46f84754cf976a10df334f94ddd845b9211cc44d0a1b57b1fc3c2c38ce7ac912690152dd5a6518755a00950ce109c5172bce86d736b3443f80e1a4aaae9d9b1f

memory/2440-15-0x000000013FC30000-0x000000013FF84000-memory.dmp

memory/2892-13-0x000000013F5A0000-0x000000013F8F4000-memory.dmp

C:\Windows\system\DhsefgI.exe

MD5 307222a0c0e13710d119f4710451385b
SHA1 4890d270d11d19d1904410ad8556494857cbacfb
SHA256 b4a07da57290c39cbd0269155d31fd8aeedbc380b08b55df19aefc821278e2e1
SHA512 1f9356604146aab50480f9cdc813a08a9a62f111dd67aa15b640baaf674a5cca2546a0983909e72d81eb2d9138fa6c04a9bfe6f9568075a29a1c3e6b2efc598b

memory/1256-22-0x000000013F570000-0x000000013F8C4000-memory.dmp

memory/1704-20-0x000000013F570000-0x000000013F8C4000-memory.dmp

C:\Windows\system\PcSXjxl.exe

MD5 67cb83f3713d08e9b1a8468ce2c60ffe
SHA1 b9a762b076e5e28242fd07b7b261f14098017e17
SHA256 33adb3c51a65cf09dd0d86ebbcddc0f92a86864603078e384ac5ccf4cf445cf8
SHA512 adb55ba8dd26ec8cdcd608a46878f696589adf23b9f3263439cb362147cacb1b8b103a640465b7e298dd3ee9917e7d57c205c6c42b053b25328ceb16076c84bd

memory/2736-35-0x000000013F6D0000-0x000000013FA24000-memory.dmp

memory/2904-48-0x000000013F8A0000-0x000000013FBF4000-memory.dmp

memory/2676-57-0x000000013FED0000-0x0000000140224000-memory.dmp

C:\Windows\system\TZvNBoz.exe

MD5 f4cc0b1071197c812be114367720ba2c
SHA1 baf082d9fadc1f444a47e71d653526805cd5a494
SHA256 501198a4a413d214ae7014e2cabb9c7f78980c4fe1fbd3f473881d05c4af16b1
SHA512 9af1f115c194f12c779f275b3ce2e933d2d86655d5aa2c796a7922defa671f2cd732df192c1176667e78f0647b855f3ea99662bf26f787d6bd22d3ad28acb1bf

\Windows\system\MbdsgPA.exe

MD5 b21b426ff07285b338f66d8921a34739
SHA1 28894237e6f3252840fc8a6fa6357d05c3bc4d83
SHA256 aa0b316c5b9df057e108060377abd21a0f6ca149801ba83f140305877a6aaad8
SHA512 20d4fcbb151256652b5a33130851c17c3e7f0e6ac9562b391b9a6afbfbc4e4d0f3aeeaaa02903a64b1949e7369821e55712ff6f70a2cf9fe1bacc08c8ac72e8c

memory/2584-72-0x000000013FF10000-0x0000000140264000-memory.dmp

C:\Windows\system\DCJoMSC.exe

MD5 b5c7adeed893608bf0f2b84376b10c20
SHA1 5d93f7a7dd481bb695c7398a668882aeb5304c58
SHA256 4aa601f49952fbf8683ce546be448077cfcc6f6bf723bdc9916273452029491b
SHA512 90e9aa4a07932e521a51aebc5e1219b82913a7b02c99b61e2a7aaceaadeb1caa26f3b4e37b7b12d28d64d294ee8652ee6055cd35f26b1c33fedb5f6b21bda583

C:\Windows\system\dSLAFog.exe

MD5 1100270903c80c43f7622e6fcb382aa9
SHA1 f4b73673c812e032a7ba9be6be3dd36afdcbd5b2
SHA256 cacf3c8831342f6c1dea5974de3cba9fc80e45a16322bb43b969ba70be264a26
SHA512 2ad097d46cbd0a4a083104d168432e38f7475aa029c5ae8628744e9972d2ab78f1a47b96ce237ad9633cb48cfd806d50dab8233c237eaf87a2109da1e269c51b

C:\Windows\system\xglNLMp.exe

MD5 d63d5df7903dbca8cd4308614bf2ff25
SHA1 d22c7157aed0aea684bfb5a0d24e8c18ab2d694f
SHA256 8158338d946079c861b24769d5566a97211e25df0328255a58fddd43bbe90196
SHA512 8f991a736d5b01256acdcf27401e08cda1fcc5b4be416a2a416c61d66adcda4de0a9b60660a8f814c9d5a69a9eddd4f4af5cebc02a6a2398b2e3887392d10011

memory/2676-430-0x000000013FED0000-0x0000000140224000-memory.dmp

C:\Windows\system\EBdtBNE.exe

MD5 53b8ec42fde83535aba387c264577240
SHA1 5b9b570154d86bcb8a7410a62213bf2e32961436
SHA256 271985ded31dbcf062876cf24b91b57c84ca92ca0251db460432b93d18a526d6
SHA512 a19ac1dde953c071b2e9e9a61006f0a6c9aba981109bd8c4c23cac5e79b7559c24fced81793590e76c2f3ae7d7cba83085f66d6f37e8f06d0897ef3ae8100bd7

C:\Windows\system\NsHLszx.exe

MD5 62f169eb329a3d67eea2e345ab3ed28e
SHA1 15aa421154412f8b6e9389a1b482dc35cad64cbc
SHA256 e82bdfbf6dae4361595767d063fbb17c910485db8199a8ea702027840e96c7e8
SHA512 057914359a9f767b8edaf298238ba53dce2fb742aaf409d36b5b42d1fd2172b4444a437ab475acc2adfba12346bd6e9c11244f54b997b56f15c12d8e978f620a

C:\Windows\system\NAXCUMv.exe

MD5 c3198b7b88a66f1408c7a9972a9723a7
SHA1 c0ee5cd29ce297499a95770514e763142806adab
SHA256 e9c7398b444d0d4ee1df80a935e77355bb2e8359a29be9e95a4dffb710f5c649
SHA512 d396c68d21aac81da87d81157ba93ce7e0dc00f71e64b8975bc2a20d9b6cbb9ddd69c5003ca441487f47d3ea8fad4415dea86932a2e8737af67afb76cf861072

C:\Windows\system\lGvWEYB.exe

MD5 7f42224b97e62b823588e48dbe9b7db0
SHA1 2cf5650862f5e42bb6bc7b4ceb10d3f1f3751a35
SHA256 acbd77cc1e579643d6c5b8d584edfde9f0a7752e6c0666e29e26b5a8481027fd
SHA512 625bd08ca1149d5dc5889c1fc5962fae57ef9b87831666d0850b7a7b09c6c3222c1c876ef6fcd10cb3f8a4a54b654e1ae96c38df4e15a0cf07ec427f54793ef6

C:\Windows\system\HoVLGqm.exe

MD5 170e3d4728d0f49b2f98dfc72fc91ae8
SHA1 224c35c34c0f4ade243b3c58615042ed56feb9ce
SHA256 cffb17f873284d2d16a0977c993df6fc85186949da02f2e3d1ac05d0f2bcf3e5
SHA512 4302345601f0a22b0e4923b03ad86fb8f9bd3591a16627d37899f2587eff826a4ac0c35b51f7de5ddd0c854557aa150a8af99576378eb3411331998454072e27

C:\Windows\system\WNfUBdy.exe

MD5 fde5740beb937784243d6813f33e8041
SHA1 b345c692775d55096caf0f67dc54b8aa99d7b718
SHA256 a230a76b63aa8d0fce38e56734e97adece070c717a661519da1ffde3a570251c
SHA512 f7a21d856e698d86612f485545640e381665a9e9e0d9cb05118217f51f5294087f666a60a070062bbe97f4acb0b21f9a32fa8ed1bd95918de4f89eab208368e9

C:\Windows\system\GbaaOiZ.exe

MD5 ddbd67115058a76421a7c1aa3fcfb83a
SHA1 7198c7dfa9f4c84dd5fe0ebdd680f95760ca03e8
SHA256 d8565d5c6a0963ee97fa456db8fc4a60715f2451db0918869778c40b308f9328
SHA512 af097cc61f8c2423ab83d48148e7968e6e417fe03f4dc7cabf390dad411c721dac08c8614d692e8d2546d4f6a22c98c7cae0e89d0963d9769d6e2458b052e7a3

C:\Windows\system\IZynpIn.exe

MD5 007389488c951638ee87fe05a23f7a27
SHA1 bbb74aee4850f27bb125f98847013b2c1eef73b4
SHA256 40ca22d111c5af5b84eef93593dfc8f61ea4a4e038696bcefbd8e88921cf843c
SHA512 c5ed7978213c268fe2d02682a094c05d5465d3ab66cbaf26f4c7e7b239138e23f8758e191dd38710a8f2b85ad271affa74533c84fc741c13c9cbe4dbc9c648b9

C:\Windows\system\kGHghDL.exe

MD5 2007404c4e1e1978e7b1ffe28570a179
SHA1 8e6933c64082b71b725bccf7d97b35fdc54cce8c
SHA256 d5e238149dc7c8f91b0447859a518cd34071921988e6dba26b7b130aa329768b
SHA512 63a3a2fec213808725203d983bb0e04e185943467105b3ad35212a68a918b5ecf09114aded1db0a8d1bc0a8557a3c9ee9fe81bd89d019c5e8d89e33870c153fd

C:\Windows\system\jPNLRVJ.exe

MD5 d55633fce53cfeef8d2994389c881bc1
SHA1 8172df567c9fd1457a57455efb2769a5890d7200
SHA256 3dd9625a904fc351c808b0f2f4321737815343021624c78f6e46fc07552c5704
SHA512 9e49b58c8396dad64f850f5e0695e8eafcd4f8c848779e9aa8784d831906fdae4f5002310fbbea0b0a2a503a6b86a78f0d28b292f038aad43daad55d0de4c46e

C:\Windows\system\cTtkmpf.exe

MD5 d716bd5613aaa290d50e67766e13011a
SHA1 0367f4dcb819788d38d8edc8ce8f2e35cce43b76
SHA256 f2336e51bd48457976e68efd9329c56604d93ce1b616b28bdb20d1a0342504c6
SHA512 dab51e7c6346f6ba5015c50f5ceba815b86c3a8fc2d2b6b8a6605f3a8529a4116e3ca209ae26fa563f15b5da2c37966937adec13a01015859e4ac675b8bc18b5

C:\Windows\system\eNsHbaa.exe

MD5 e2660383cf1b2730fdcfafa8faf60efa
SHA1 126d0e88c5e04aa985e33212a93ce08bac95c24e
SHA256 37e54538ed01ffc6dd14be3a5ac24be14adb0c291fd1ea0463fe8692fab28768
SHA512 276bd86d0b43c580a29cca54657be953ccee00d5e8976141ef9e870371d522e58ecc81c5b56bfd6a70a84fd0a55268398ced8b9a0e1d515af42c2420066cd334

C:\Windows\system\vYUcoSM.exe

MD5 3a935fd06b0c756a328411bd599b77fe
SHA1 e38bbac567b764888a48f8fb549cbc84924cc84e
SHA256 280a1f19fdbc752a1d885e3c8d560525813d4bd3ee8dd53607771bf6a2fe42be
SHA512 8ae87524e7e7b6ee470e7834bbeec99bc4110d0efc471ff9fe5ec457bb6fd8e072519c11dea21f869e13b0094740f3ed846cc71c0c70c02a99e10e9d3091eb94

C:\Windows\system\vttOqaG.exe

MD5 bb4fd37c3d2a7d931c091c05bf82e959
SHA1 8f13936ce80cb5a86f9fcd34c3228858f5050ff9
SHA256 ee6bcc948ed383c471767a2121e69afcc08046dd9b673a516376afb830bde124
SHA512 4afb0ad47c1c1635e09e6b6dc6070fef19f900f58ffc64c5ded0a6435339228a79caad24575d733c115320c45f4ade2b91e53f4025722078d5c2177437bf140f

C:\Windows\system\GHkIOXT.exe

MD5 2991082e9838f88128846aa6094047c0
SHA1 933d99b1a904c4d16f7039d475c3d1677393f979
SHA256 2dfbef98ced25cd1b8eb0187b1f4e41f2293da798e32464b38e6c09f75707f2e
SHA512 315b7fc2202ad630dd755465ef9d33bda987d7d93e1b5d6c45b351be9099f36b781d55f6fd2dd09eeea6fe20a470d45c97c009b84a0d2884e57df543e246bbf3

memory/1704-111-0x0000000001F60000-0x00000000022B4000-memory.dmp

memory/2848-104-0x000000013F060000-0x000000013F3B4000-memory.dmp

memory/1704-103-0x000000013F060000-0x000000013F3B4000-memory.dmp

memory/2736-102-0x000000013F6D0000-0x000000013FA24000-memory.dmp

C:\Windows\system\nwbTQiJ.exe

MD5 eb38e28cb19e8d13a6bfe63a87a5413a
SHA1 ef09b49d02593f57bc7265e2b2080ce4e4a874b0
SHA256 bd09f4c0c186a7aa5b437bc1523c01a2e455f6494f5084eb9e5fd1bdf951562b
SHA512 abc0fc919348a855a13d58c4b33fd2666933b6dda2e2f9527e457a5b8b132f9ce2abe4f02fcb087e2c32feb49e01df241aee1dac65f3a93e944e5340b388b90e

C:\Windows\system\UQbLPlo.exe

MD5 539b2b11284a74c3ee153e555034462b
SHA1 656b45914d17e5597628941ba5fbd7bcffbaf4a5
SHA256 9d2698e3b6ae313f8f3f8ba95d948339cc5cb5f3a533958c9df2681c3b38dc21
SHA512 0066962f504e76cbf76a4563e173cad26f37bc5be122c98831ca0e567f34f59767e236205154fda9ae274efed9d60aac76f3dd0e3e4a501dc07b14ae8641a1cf

memory/2760-96-0x000000013F6C0000-0x000000013FA14000-memory.dmp

memory/1704-95-0x000000013F6C0000-0x000000013FA14000-memory.dmp

memory/2744-94-0x000000013F750000-0x000000013FAA4000-memory.dmp

memory/2024-88-0x000000013F650000-0x000000013F9A4000-memory.dmp

memory/1704-87-0x000000013F650000-0x000000013F9A4000-memory.dmp

C:\Windows\system\VXyyVWv.exe

MD5 ae72972154e37c4fc0f9d829ae723d8b
SHA1 f179a0ae9473eb1fe5fdf5fe6b6a79026052ec72
SHA256 99b2974b8572755b87fe5030f1086d53b7de75d735a50073786bf698812891fb
SHA512 1a1c1763cc778232c71aa3a4df4b20e5ce92555de214bd81124e448a0cd46cf43d92b0b4a3f60a2dbb6ed43272a638486171f7122ef8694db65d87ce6af8b548

memory/2980-81-0x000000013F120000-0x000000013F474000-memory.dmp

memory/1704-80-0x000000013F120000-0x000000013F474000-memory.dmp

memory/1256-79-0x000000013F570000-0x000000013F8C4000-memory.dmp

memory/2440-78-0x000000013FC30000-0x000000013FF84000-memory.dmp

C:\Windows\system\naDusLk.exe

MD5 0c981ada86e7f780e1cc0216a01a03bb
SHA1 87a837c2a5487586df57a54178cba9d3f0807f3b
SHA256 9e389964073758e9541654de972748dffc08d52408bd4e92aa0f9bebb4f9d20e
SHA512 67fa8839993b613b3a28dd65d979d84060ddead9d6fcea2d16551f1c51f566b8365653ee6c9aa3d286e22949a6f6b2e56a2ce5444601849de8a01808e165a705

memory/2892-71-0x000000013F5A0000-0x000000013F8F4000-memory.dmp

memory/2580-66-0x000000013F300000-0x000000013F654000-memory.dmp

memory/1704-64-0x000000013FA50000-0x000000013FDA4000-memory.dmp

C:\Windows\system\RgwfkdI.exe

MD5 6f3673f6ed2861552caa654d9a55b856
SHA1 a22f82e42db3e38100b1926e3a84247c0435296e
SHA256 f7022ee3e10d90fdc1799e327f62c7533d291ff44454d1e9fc1ce341df00f052
SHA512 76207c659c3201f18a7e5f7a9bc374bd3515b0112d99c7f11e558f423cb0072f85d590acbc96bb53db8e1d44c3d40859c2ee76cb39e1edc9fbeb33fb7c919660

memory/1704-58-0x000000013F300000-0x000000013F654000-memory.dmp

memory/1704-56-0x000000013FED0000-0x0000000140224000-memory.dmp

memory/2816-50-0x000000013F2C0000-0x000000013F614000-memory.dmp

memory/1704-49-0x000000013F2C0000-0x000000013F614000-memory.dmp

C:\Windows\system\PNUhlEi.exe

MD5 ba95dc69ea0551b249a2184f32cb073c
SHA1 8bbfa30b8ddcf1117ce204e95deca5dcb1ce3242
SHA256 50d69bcee543138ea4e8ccb0a73ac76589886f6c81743a970de38c73a3af1bf9
SHA512 bfbd9711ca23b767175ba35b123b98692c7d90526c0ea2ff282c1a1c31dd16d91bbf38746eed2a336ab8591218c1a3b4bc57bd18571f60c4110b70c2ebd725ee

memory/1704-47-0x0000000001F60000-0x00000000022B4000-memory.dmp

C:\Windows\system\JZobBMe.exe

MD5 816326c717a0f80260d528d7bc02b702
SHA1 6db921ea3df5676b6d48197293cae6afbbfa1aea
SHA256 1d3ef26eff8fbec8eb8bb8ed7f4e02b59afb2168cccfd8db511d02a37b1f5b2e
SHA512 3533e22bc2931a1d52519cde0e4a097d069a734eabc5be7d4e233eba5d08774b24cf13852a26419493256fdc8226f1036f1a4056e6c9f857c0b4a2ef4c38773a

memory/1704-34-0x000000013F6D0000-0x000000013FA24000-memory.dmp

memory/2744-28-0x000000013F750000-0x000000013FAA4000-memory.dmp

memory/1704-27-0x0000000001F60000-0x00000000022B4000-memory.dmp

C:\Windows\system\jrJleEf.exe

MD5 5f87cf47f7768ef8255eb675a7695169
SHA1 e04ef0a2b5880c2d4a8b53a8307f5a5a3750e638
SHA256 a99b6a58e8fd3aaf30e96759c129c6a951923c59cf8284970ff151e0b392f7c6
SHA512 b2656c763a891e1278a8d9e45b65fbbf1c7d6d4c8d62abb20f4f99791ca7c56a17706576c28ceb8964f95961d72a0524a92ac651e98cc70f8496cff16f9d3961

memory/1704-1075-0x000000013F120000-0x000000013F474000-memory.dmp

memory/1704-1076-0x000000013F650000-0x000000013F9A4000-memory.dmp

memory/1704-1077-0x000000013F6C0000-0x000000013FA14000-memory.dmp

memory/1704-1078-0x000000013F060000-0x000000013F3B4000-memory.dmp

memory/1704-1079-0x0000000001F60000-0x00000000022B4000-memory.dmp

memory/2892-1080-0x000000013F5A0000-0x000000013F8F4000-memory.dmp

memory/2440-1081-0x000000013FC30000-0x000000013FF84000-memory.dmp

memory/1256-1082-0x000000013F570000-0x000000013F8C4000-memory.dmp

memory/2744-1083-0x000000013F750000-0x000000013FAA4000-memory.dmp

memory/2904-1084-0x000000013F8A0000-0x000000013FBF4000-memory.dmp

memory/2736-1086-0x000000013F6D0000-0x000000013FA24000-memory.dmp

memory/2816-1085-0x000000013F2C0000-0x000000013F614000-memory.dmp

memory/2676-1087-0x000000013FED0000-0x0000000140224000-memory.dmp

memory/2580-1088-0x000000013F300000-0x000000013F654000-memory.dmp

memory/2584-1089-0x000000013FF10000-0x0000000140264000-memory.dmp

memory/2980-1090-0x000000013F120000-0x000000013F474000-memory.dmp

memory/2024-1091-0x000000013F650000-0x000000013F9A4000-memory.dmp

memory/2760-1092-0x000000013F6C0000-0x000000013FA14000-memory.dmp

memory/2848-1093-0x000000013F060000-0x000000013F3B4000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-01 05:57

Reported

2024-06-01 06:00

Platform

win10v2004-20240508-en

Max time kernel

141s

Max time network

143s

Command Line

"C:\Users\Admin\AppData\Local\Temp\8ffa93f8c6d393aeb7c2b799e1a87b30_NeikiAnalytics.exe"

Signatures

KPOT

trojan stealer kpot

KPOT Core Executable

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

xmrig

miner xmrig

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Windows\System\KWYtwol.exe N/A
N/A N/A C:\Windows\System\YNDxNif.exe N/A
N/A N/A C:\Windows\System\DhsefgI.exe N/A
N/A N/A C:\Windows\System\jrJleEf.exe N/A
N/A N/A C:\Windows\System\PcSXjxl.exe N/A
N/A N/A C:\Windows\System\PNUhlEi.exe N/A
N/A N/A C:\Windows\System\JZobBMe.exe N/A
N/A N/A C:\Windows\System\TZvNBoz.exe N/A
N/A N/A C:\Windows\System\RgwfkdI.exe N/A
N/A N/A C:\Windows\System\MbdsgPA.exe N/A
N/A N/A C:\Windows\System\naDusLk.exe N/A
N/A N/A C:\Windows\System\DCJoMSC.exe N/A
N/A N/A C:\Windows\System\VXyyVWv.exe N/A
N/A N/A C:\Windows\System\nwbTQiJ.exe N/A
N/A N/A C:\Windows\System\UQbLPlo.exe N/A
N/A N/A C:\Windows\System\GHkIOXT.exe N/A
N/A N/A C:\Windows\System\vttOqaG.exe N/A
N/A N/A C:\Windows\System\eNsHbaa.exe N/A
N/A N/A C:\Windows\System\vYUcoSM.exe N/A
N/A N/A C:\Windows\System\cTtkmpf.exe N/A
N/A N/A C:\Windows\System\jPNLRVJ.exe N/A
N/A N/A C:\Windows\System\dSLAFog.exe N/A
N/A N/A C:\Windows\System\kGHghDL.exe N/A
N/A N/A C:\Windows\System\IZynpIn.exe N/A
N/A N/A C:\Windows\System\GbaaOiZ.exe N/A
N/A N/A C:\Windows\System\WNfUBdy.exe N/A
N/A N/A C:\Windows\System\HoVLGqm.exe N/A
N/A N/A C:\Windows\System\lGvWEYB.exe N/A
N/A N/A C:\Windows\System\NAXCUMv.exe N/A
N/A N/A C:\Windows\System\xglNLMp.exe N/A
N/A N/A C:\Windows\System\NsHLszx.exe N/A
N/A N/A C:\Windows\System\EBdtBNE.exe N/A
N/A N/A C:\Windows\System\RqlbRzb.exe N/A
N/A N/A C:\Windows\System\CmNxJrv.exe N/A
N/A N/A C:\Windows\System\vQiqDdQ.exe N/A
N/A N/A C:\Windows\System\aAQpcJV.exe N/A
N/A N/A C:\Windows\System\OdEKOiv.exe N/A
N/A N/A C:\Windows\System\WcYEcCg.exe N/A
N/A N/A C:\Windows\System\JGpjSdr.exe N/A
N/A N/A C:\Windows\System\cnHJOTH.exe N/A
N/A N/A C:\Windows\System\KxfXJhq.exe N/A
N/A N/A C:\Windows\System\mFfpmpJ.exe N/A
N/A N/A C:\Windows\System\NaEMMqX.exe N/A
N/A N/A C:\Windows\System\avhcvzn.exe N/A
N/A N/A C:\Windows\System\CWAtVkZ.exe N/A
N/A N/A C:\Windows\System\GTftgVZ.exe N/A
N/A N/A C:\Windows\System\UEjcedT.exe N/A
N/A N/A C:\Windows\System\eOUypiI.exe N/A
N/A N/A C:\Windows\System\zVqmCxh.exe N/A
N/A N/A C:\Windows\System\AybJwGa.exe N/A
N/A N/A C:\Windows\System\hSsuoPA.exe N/A
N/A N/A C:\Windows\System\gZijiVe.exe N/A
N/A N/A C:\Windows\System\GoCiCwK.exe N/A
N/A N/A C:\Windows\System\csQJzrD.exe N/A
N/A N/A C:\Windows\System\qTrjvBY.exe N/A
N/A N/A C:\Windows\System\PMLsLOY.exe N/A
N/A N/A C:\Windows\System\kGeHNeZ.exe N/A
N/A N/A C:\Windows\System\fXCIFjI.exe N/A
N/A N/A C:\Windows\System\fPYAPjw.exe N/A
N/A N/A C:\Windows\System\EtttlCc.exe N/A
N/A N/A C:\Windows\System\NVuRRZK.exe N/A
N/A N/A C:\Windows\System\frkRURU.exe N/A
N/A N/A C:\Windows\System\VbkNlUF.exe N/A
N/A N/A C:\Windows\System\DJsslJE.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\System\kbKmDvz.exe C:\Users\Admin\AppData\Local\Temp\8ffa93f8c6d393aeb7c2b799e1a87b30_NeikiAnalytics.exe N/A
File created C:\Windows\System\CmNxJrv.exe C:\Users\Admin\AppData\Local\Temp\8ffa93f8c6d393aeb7c2b799e1a87b30_NeikiAnalytics.exe N/A
File created C:\Windows\System\DgVsqEW.exe C:\Users\Admin\AppData\Local\Temp\8ffa93f8c6d393aeb7c2b799e1a87b30_NeikiAnalytics.exe N/A
File created C:\Windows\System\IdAcvcE.exe C:\Users\Admin\AppData\Local\Temp\8ffa93f8c6d393aeb7c2b799e1a87b30_NeikiAnalytics.exe N/A
File created C:\Windows\System\RqlbRzb.exe C:\Users\Admin\AppData\Local\Temp\8ffa93f8c6d393aeb7c2b799e1a87b30_NeikiAnalytics.exe N/A
File created C:\Windows\System\LJsAJuK.exe C:\Users\Admin\AppData\Local\Temp\8ffa93f8c6d393aeb7c2b799e1a87b30_NeikiAnalytics.exe N/A
File created C:\Windows\System\DEiXEGZ.exe C:\Users\Admin\AppData\Local\Temp\8ffa93f8c6d393aeb7c2b799e1a87b30_NeikiAnalytics.exe N/A
File created C:\Windows\System\TLFnOyT.exe C:\Users\Admin\AppData\Local\Temp\8ffa93f8c6d393aeb7c2b799e1a87b30_NeikiAnalytics.exe N/A
File created C:\Windows\System\tnYOpNg.exe C:\Users\Admin\AppData\Local\Temp\8ffa93f8c6d393aeb7c2b799e1a87b30_NeikiAnalytics.exe N/A
File created C:\Windows\System\MbdsgPA.exe C:\Users\Admin\AppData\Local\Temp\8ffa93f8c6d393aeb7c2b799e1a87b30_NeikiAnalytics.exe N/A
File created C:\Windows\System\cnHJOTH.exe C:\Users\Admin\AppData\Local\Temp\8ffa93f8c6d393aeb7c2b799e1a87b30_NeikiAnalytics.exe N/A
File created C:\Windows\System\EtttlCc.exe C:\Users\Admin\AppData\Local\Temp\8ffa93f8c6d393aeb7c2b799e1a87b30_NeikiAnalytics.exe N/A
File created C:\Windows\System\iEBSMcF.exe C:\Users\Admin\AppData\Local\Temp\8ffa93f8c6d393aeb7c2b799e1a87b30_NeikiAnalytics.exe N/A
File created C:\Windows\System\NBiXObT.exe C:\Users\Admin\AppData\Local\Temp\8ffa93f8c6d393aeb7c2b799e1a87b30_NeikiAnalytics.exe N/A
File created C:\Windows\System\fkCPSRv.exe C:\Users\Admin\AppData\Local\Temp\8ffa93f8c6d393aeb7c2b799e1a87b30_NeikiAnalytics.exe N/A
File created C:\Windows\System\nrcPNAt.exe C:\Users\Admin\AppData\Local\Temp\8ffa93f8c6d393aeb7c2b799e1a87b30_NeikiAnalytics.exe N/A
File created C:\Windows\System\KYBgJPe.exe C:\Users\Admin\AppData\Local\Temp\8ffa93f8c6d393aeb7c2b799e1a87b30_NeikiAnalytics.exe N/A
File created C:\Windows\System\wLmWRlp.exe C:\Users\Admin\AppData\Local\Temp\8ffa93f8c6d393aeb7c2b799e1a87b30_NeikiAnalytics.exe N/A
File created C:\Windows\System\mPBASCy.exe C:\Users\Admin\AppData\Local\Temp\8ffa93f8c6d393aeb7c2b799e1a87b30_NeikiAnalytics.exe N/A
File created C:\Windows\System\zjNuoPW.exe C:\Users\Admin\AppData\Local\Temp\8ffa93f8c6d393aeb7c2b799e1a87b30_NeikiAnalytics.exe N/A
File created C:\Windows\System\QnWmCdk.exe C:\Users\Admin\AppData\Local\Temp\8ffa93f8c6d393aeb7c2b799e1a87b30_NeikiAnalytics.exe N/A
File created C:\Windows\System\NpjllRB.exe C:\Users\Admin\AppData\Local\Temp\8ffa93f8c6d393aeb7c2b799e1a87b30_NeikiAnalytics.exe N/A
File created C:\Windows\System\IZynpIn.exe C:\Users\Admin\AppData\Local\Temp\8ffa93f8c6d393aeb7c2b799e1a87b30_NeikiAnalytics.exe N/A
File created C:\Windows\System\mFfpmpJ.exe C:\Users\Admin\AppData\Local\Temp\8ffa93f8c6d393aeb7c2b799e1a87b30_NeikiAnalytics.exe N/A
File created C:\Windows\System\UEjcedT.exe C:\Users\Admin\AppData\Local\Temp\8ffa93f8c6d393aeb7c2b799e1a87b30_NeikiAnalytics.exe N/A
File created C:\Windows\System\RvvfKfz.exe C:\Users\Admin\AppData\Local\Temp\8ffa93f8c6d393aeb7c2b799e1a87b30_NeikiAnalytics.exe N/A
File created C:\Windows\System\JuFBrGR.exe C:\Users\Admin\AppData\Local\Temp\8ffa93f8c6d393aeb7c2b799e1a87b30_NeikiAnalytics.exe N/A
File created C:\Windows\System\RdWJlPv.exe C:\Users\Admin\AppData\Local\Temp\8ffa93f8c6d393aeb7c2b799e1a87b30_NeikiAnalytics.exe N/A
File created C:\Windows\System\qYiwgeS.exe C:\Users\Admin\AppData\Local\Temp\8ffa93f8c6d393aeb7c2b799e1a87b30_NeikiAnalytics.exe N/A
File created C:\Windows\System\KICEBMp.exe C:\Users\Admin\AppData\Local\Temp\8ffa93f8c6d393aeb7c2b799e1a87b30_NeikiAnalytics.exe N/A
File created C:\Windows\System\aAQpcJV.exe C:\Users\Admin\AppData\Local\Temp\8ffa93f8c6d393aeb7c2b799e1a87b30_NeikiAnalytics.exe N/A
File created C:\Windows\System\GTftgVZ.exe C:\Users\Admin\AppData\Local\Temp\8ffa93f8c6d393aeb7c2b799e1a87b30_NeikiAnalytics.exe N/A
File created C:\Windows\System\qTrjvBY.exe C:\Users\Admin\AppData\Local\Temp\8ffa93f8c6d393aeb7c2b799e1a87b30_NeikiAnalytics.exe N/A
File created C:\Windows\System\whlDabv.exe C:\Users\Admin\AppData\Local\Temp\8ffa93f8c6d393aeb7c2b799e1a87b30_NeikiAnalytics.exe N/A
File created C:\Windows\System\CDdFEKF.exe C:\Users\Admin\AppData\Local\Temp\8ffa93f8c6d393aeb7c2b799e1a87b30_NeikiAnalytics.exe N/A
File created C:\Windows\System\TYcwQiX.exe C:\Users\Admin\AppData\Local\Temp\8ffa93f8c6d393aeb7c2b799e1a87b30_NeikiAnalytics.exe N/A
File created C:\Windows\System\tjWOAug.exe C:\Users\Admin\AppData\Local\Temp\8ffa93f8c6d393aeb7c2b799e1a87b30_NeikiAnalytics.exe N/A
File created C:\Windows\System\vYUcoSM.exe C:\Users\Admin\AppData\Local\Temp\8ffa93f8c6d393aeb7c2b799e1a87b30_NeikiAnalytics.exe N/A
File created C:\Windows\System\xglNLMp.exe C:\Users\Admin\AppData\Local\Temp\8ffa93f8c6d393aeb7c2b799e1a87b30_NeikiAnalytics.exe N/A
File created C:\Windows\System\WmOwmeX.exe C:\Users\Admin\AppData\Local\Temp\8ffa93f8c6d393aeb7c2b799e1a87b30_NeikiAnalytics.exe N/A
File created C:\Windows\System\csaCHNV.exe C:\Users\Admin\AppData\Local\Temp\8ffa93f8c6d393aeb7c2b799e1a87b30_NeikiAnalytics.exe N/A
File created C:\Windows\System\ecdyVZr.exe C:\Users\Admin\AppData\Local\Temp\8ffa93f8c6d393aeb7c2b799e1a87b30_NeikiAnalytics.exe N/A
File created C:\Windows\System\WoPNJgu.exe C:\Users\Admin\AppData\Local\Temp\8ffa93f8c6d393aeb7c2b799e1a87b30_NeikiAnalytics.exe N/A
File created C:\Windows\System\tciKeRX.exe C:\Users\Admin\AppData\Local\Temp\8ffa93f8c6d393aeb7c2b799e1a87b30_NeikiAnalytics.exe N/A
File created C:\Windows\System\KWYtwol.exe C:\Users\Admin\AppData\Local\Temp\8ffa93f8c6d393aeb7c2b799e1a87b30_NeikiAnalytics.exe N/A
File created C:\Windows\System\NsHLszx.exe C:\Users\Admin\AppData\Local\Temp\8ffa93f8c6d393aeb7c2b799e1a87b30_NeikiAnalytics.exe N/A
File created C:\Windows\System\kGeHNeZ.exe C:\Users\Admin\AppData\Local\Temp\8ffa93f8c6d393aeb7c2b799e1a87b30_NeikiAnalytics.exe N/A
File created C:\Windows\System\wRLgBjb.exe C:\Users\Admin\AppData\Local\Temp\8ffa93f8c6d393aeb7c2b799e1a87b30_NeikiAnalytics.exe N/A
File created C:\Windows\System\pDOZGJo.exe C:\Users\Admin\AppData\Local\Temp\8ffa93f8c6d393aeb7c2b799e1a87b30_NeikiAnalytics.exe N/A
File created C:\Windows\System\QpiWtwS.exe C:\Users\Admin\AppData\Local\Temp\8ffa93f8c6d393aeb7c2b799e1a87b30_NeikiAnalytics.exe N/A
File created C:\Windows\System\hrmRjeP.exe C:\Users\Admin\AppData\Local\Temp\8ffa93f8c6d393aeb7c2b799e1a87b30_NeikiAnalytics.exe N/A
File created C:\Windows\System\FQftlhW.exe C:\Users\Admin\AppData\Local\Temp\8ffa93f8c6d393aeb7c2b799e1a87b30_NeikiAnalytics.exe N/A
File created C:\Windows\System\PMLsLOY.exe C:\Users\Admin\AppData\Local\Temp\8ffa93f8c6d393aeb7c2b799e1a87b30_NeikiAnalytics.exe N/A
File created C:\Windows\System\bTGCvfR.exe C:\Users\Admin\AppData\Local\Temp\8ffa93f8c6d393aeb7c2b799e1a87b30_NeikiAnalytics.exe N/A
File created C:\Windows\System\qERfxCR.exe C:\Users\Admin\AppData\Local\Temp\8ffa93f8c6d393aeb7c2b799e1a87b30_NeikiAnalytics.exe N/A
File created C:\Windows\System\mmJqXIK.exe C:\Users\Admin\AppData\Local\Temp\8ffa93f8c6d393aeb7c2b799e1a87b30_NeikiAnalytics.exe N/A
File created C:\Windows\System\scyCKSE.exe C:\Users\Admin\AppData\Local\Temp\8ffa93f8c6d393aeb7c2b799e1a87b30_NeikiAnalytics.exe N/A
File created C:\Windows\System\WVUDlGp.exe C:\Users\Admin\AppData\Local\Temp\8ffa93f8c6d393aeb7c2b799e1a87b30_NeikiAnalytics.exe N/A
File created C:\Windows\System\nxfGEiZ.exe C:\Users\Admin\AppData\Local\Temp\8ffa93f8c6d393aeb7c2b799e1a87b30_NeikiAnalytics.exe N/A
File created C:\Windows\System\WuErOog.exe C:\Users\Admin\AppData\Local\Temp\8ffa93f8c6d393aeb7c2b799e1a87b30_NeikiAnalytics.exe N/A
File created C:\Windows\System\WNfUBdy.exe C:\Users\Admin\AppData\Local\Temp\8ffa93f8c6d393aeb7c2b799e1a87b30_NeikiAnalytics.exe N/A
File created C:\Windows\System\hkpiKrz.exe C:\Users\Admin\AppData\Local\Temp\8ffa93f8c6d393aeb7c2b799e1a87b30_NeikiAnalytics.exe N/A
File created C:\Windows\System\KXuMYZN.exe C:\Users\Admin\AppData\Local\Temp\8ffa93f8c6d393aeb7c2b799e1a87b30_NeikiAnalytics.exe N/A
File created C:\Windows\System\zgrHLCO.exe C:\Users\Admin\AppData\Local\Temp\8ffa93f8c6d393aeb7c2b799e1a87b30_NeikiAnalytics.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\8ffa93f8c6d393aeb7c2b799e1a87b30_NeikiAnalytics.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\8ffa93f8c6d393aeb7c2b799e1a87b30_NeikiAnalytics.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2000 wrote to memory of 376 N/A C:\Users\Admin\AppData\Local\Temp\8ffa93f8c6d393aeb7c2b799e1a87b30_NeikiAnalytics.exe C:\Windows\System\KWYtwol.exe
PID 2000 wrote to memory of 376 N/A C:\Users\Admin\AppData\Local\Temp\8ffa93f8c6d393aeb7c2b799e1a87b30_NeikiAnalytics.exe C:\Windows\System\KWYtwol.exe
PID 2000 wrote to memory of 2920 N/A C:\Users\Admin\AppData\Local\Temp\8ffa93f8c6d393aeb7c2b799e1a87b30_NeikiAnalytics.exe C:\Windows\System\YNDxNif.exe
PID 2000 wrote to memory of 2920 N/A C:\Users\Admin\AppData\Local\Temp\8ffa93f8c6d393aeb7c2b799e1a87b30_NeikiAnalytics.exe C:\Windows\System\YNDxNif.exe
PID 2000 wrote to memory of 2672 N/A C:\Users\Admin\AppData\Local\Temp\8ffa93f8c6d393aeb7c2b799e1a87b30_NeikiAnalytics.exe C:\Windows\System\DhsefgI.exe
PID 2000 wrote to memory of 2672 N/A C:\Users\Admin\AppData\Local\Temp\8ffa93f8c6d393aeb7c2b799e1a87b30_NeikiAnalytics.exe C:\Windows\System\DhsefgI.exe
PID 2000 wrote to memory of 4624 N/A C:\Users\Admin\AppData\Local\Temp\8ffa93f8c6d393aeb7c2b799e1a87b30_NeikiAnalytics.exe C:\Windows\System\jrJleEf.exe
PID 2000 wrote to memory of 4624 N/A C:\Users\Admin\AppData\Local\Temp\8ffa93f8c6d393aeb7c2b799e1a87b30_NeikiAnalytics.exe C:\Windows\System\jrJleEf.exe
PID 2000 wrote to memory of 2404 N/A C:\Users\Admin\AppData\Local\Temp\8ffa93f8c6d393aeb7c2b799e1a87b30_NeikiAnalytics.exe C:\Windows\System\PcSXjxl.exe
PID 2000 wrote to memory of 2404 N/A C:\Users\Admin\AppData\Local\Temp\8ffa93f8c6d393aeb7c2b799e1a87b30_NeikiAnalytics.exe C:\Windows\System\PcSXjxl.exe
PID 2000 wrote to memory of 4960 N/A C:\Users\Admin\AppData\Local\Temp\8ffa93f8c6d393aeb7c2b799e1a87b30_NeikiAnalytics.exe C:\Windows\System\PNUhlEi.exe
PID 2000 wrote to memory of 4960 N/A C:\Users\Admin\AppData\Local\Temp\8ffa93f8c6d393aeb7c2b799e1a87b30_NeikiAnalytics.exe C:\Windows\System\PNUhlEi.exe
PID 2000 wrote to memory of 4588 N/A C:\Users\Admin\AppData\Local\Temp\8ffa93f8c6d393aeb7c2b799e1a87b30_NeikiAnalytics.exe C:\Windows\System\JZobBMe.exe
PID 2000 wrote to memory of 4588 N/A C:\Users\Admin\AppData\Local\Temp\8ffa93f8c6d393aeb7c2b799e1a87b30_NeikiAnalytics.exe C:\Windows\System\JZobBMe.exe
PID 2000 wrote to memory of 2816 N/A C:\Users\Admin\AppData\Local\Temp\8ffa93f8c6d393aeb7c2b799e1a87b30_NeikiAnalytics.exe C:\Windows\System\TZvNBoz.exe
PID 2000 wrote to memory of 2816 N/A C:\Users\Admin\AppData\Local\Temp\8ffa93f8c6d393aeb7c2b799e1a87b30_NeikiAnalytics.exe C:\Windows\System\TZvNBoz.exe
PID 2000 wrote to memory of 552 N/A C:\Users\Admin\AppData\Local\Temp\8ffa93f8c6d393aeb7c2b799e1a87b30_NeikiAnalytics.exe C:\Windows\System\RgwfkdI.exe
PID 2000 wrote to memory of 552 N/A C:\Users\Admin\AppData\Local\Temp\8ffa93f8c6d393aeb7c2b799e1a87b30_NeikiAnalytics.exe C:\Windows\System\RgwfkdI.exe
PID 2000 wrote to memory of 4824 N/A C:\Users\Admin\AppData\Local\Temp\8ffa93f8c6d393aeb7c2b799e1a87b30_NeikiAnalytics.exe C:\Windows\System\MbdsgPA.exe
PID 2000 wrote to memory of 4824 N/A C:\Users\Admin\AppData\Local\Temp\8ffa93f8c6d393aeb7c2b799e1a87b30_NeikiAnalytics.exe C:\Windows\System\MbdsgPA.exe
PID 2000 wrote to memory of 3808 N/A C:\Users\Admin\AppData\Local\Temp\8ffa93f8c6d393aeb7c2b799e1a87b30_NeikiAnalytics.exe C:\Windows\System\naDusLk.exe
PID 2000 wrote to memory of 3808 N/A C:\Users\Admin\AppData\Local\Temp\8ffa93f8c6d393aeb7c2b799e1a87b30_NeikiAnalytics.exe C:\Windows\System\naDusLk.exe
PID 2000 wrote to memory of 4024 N/A C:\Users\Admin\AppData\Local\Temp\8ffa93f8c6d393aeb7c2b799e1a87b30_NeikiAnalytics.exe C:\Windows\System\DCJoMSC.exe
PID 2000 wrote to memory of 4024 N/A C:\Users\Admin\AppData\Local\Temp\8ffa93f8c6d393aeb7c2b799e1a87b30_NeikiAnalytics.exe C:\Windows\System\DCJoMSC.exe
PID 2000 wrote to memory of 1308 N/A C:\Users\Admin\AppData\Local\Temp\8ffa93f8c6d393aeb7c2b799e1a87b30_NeikiAnalytics.exe C:\Windows\System\VXyyVWv.exe
PID 2000 wrote to memory of 1308 N/A C:\Users\Admin\AppData\Local\Temp\8ffa93f8c6d393aeb7c2b799e1a87b30_NeikiAnalytics.exe C:\Windows\System\VXyyVWv.exe
PID 2000 wrote to memory of 4224 N/A C:\Users\Admin\AppData\Local\Temp\8ffa93f8c6d393aeb7c2b799e1a87b30_NeikiAnalytics.exe C:\Windows\System\nwbTQiJ.exe
PID 2000 wrote to memory of 4224 N/A C:\Users\Admin\AppData\Local\Temp\8ffa93f8c6d393aeb7c2b799e1a87b30_NeikiAnalytics.exe C:\Windows\System\nwbTQiJ.exe
PID 2000 wrote to memory of 1888 N/A C:\Users\Admin\AppData\Local\Temp\8ffa93f8c6d393aeb7c2b799e1a87b30_NeikiAnalytics.exe C:\Windows\System\UQbLPlo.exe
PID 2000 wrote to memory of 1888 N/A C:\Users\Admin\AppData\Local\Temp\8ffa93f8c6d393aeb7c2b799e1a87b30_NeikiAnalytics.exe C:\Windows\System\UQbLPlo.exe
PID 2000 wrote to memory of 1400 N/A C:\Users\Admin\AppData\Local\Temp\8ffa93f8c6d393aeb7c2b799e1a87b30_NeikiAnalytics.exe C:\Windows\System\GHkIOXT.exe
PID 2000 wrote to memory of 1400 N/A C:\Users\Admin\AppData\Local\Temp\8ffa93f8c6d393aeb7c2b799e1a87b30_NeikiAnalytics.exe C:\Windows\System\GHkIOXT.exe
PID 2000 wrote to memory of 4596 N/A C:\Users\Admin\AppData\Local\Temp\8ffa93f8c6d393aeb7c2b799e1a87b30_NeikiAnalytics.exe C:\Windows\System\vttOqaG.exe
PID 2000 wrote to memory of 4596 N/A C:\Users\Admin\AppData\Local\Temp\8ffa93f8c6d393aeb7c2b799e1a87b30_NeikiAnalytics.exe C:\Windows\System\vttOqaG.exe
PID 2000 wrote to memory of 404 N/A C:\Users\Admin\AppData\Local\Temp\8ffa93f8c6d393aeb7c2b799e1a87b30_NeikiAnalytics.exe C:\Windows\System\vYUcoSM.exe
PID 2000 wrote to memory of 404 N/A C:\Users\Admin\AppData\Local\Temp\8ffa93f8c6d393aeb7c2b799e1a87b30_NeikiAnalytics.exe C:\Windows\System\vYUcoSM.exe
PID 2000 wrote to memory of 3128 N/A C:\Users\Admin\AppData\Local\Temp\8ffa93f8c6d393aeb7c2b799e1a87b30_NeikiAnalytics.exe C:\Windows\System\eNsHbaa.exe
PID 2000 wrote to memory of 3128 N/A C:\Users\Admin\AppData\Local\Temp\8ffa93f8c6d393aeb7c2b799e1a87b30_NeikiAnalytics.exe C:\Windows\System\eNsHbaa.exe
PID 2000 wrote to memory of 1900 N/A C:\Users\Admin\AppData\Local\Temp\8ffa93f8c6d393aeb7c2b799e1a87b30_NeikiAnalytics.exe C:\Windows\System\cTtkmpf.exe
PID 2000 wrote to memory of 1900 N/A C:\Users\Admin\AppData\Local\Temp\8ffa93f8c6d393aeb7c2b799e1a87b30_NeikiAnalytics.exe C:\Windows\System\cTtkmpf.exe
PID 2000 wrote to memory of 3628 N/A C:\Users\Admin\AppData\Local\Temp\8ffa93f8c6d393aeb7c2b799e1a87b30_NeikiAnalytics.exe C:\Windows\System\jPNLRVJ.exe
PID 2000 wrote to memory of 3628 N/A C:\Users\Admin\AppData\Local\Temp\8ffa93f8c6d393aeb7c2b799e1a87b30_NeikiAnalytics.exe C:\Windows\System\jPNLRVJ.exe
PID 2000 wrote to memory of 2168 N/A C:\Users\Admin\AppData\Local\Temp\8ffa93f8c6d393aeb7c2b799e1a87b30_NeikiAnalytics.exe C:\Windows\System\dSLAFog.exe
PID 2000 wrote to memory of 2168 N/A C:\Users\Admin\AppData\Local\Temp\8ffa93f8c6d393aeb7c2b799e1a87b30_NeikiAnalytics.exe C:\Windows\System\dSLAFog.exe
PID 2000 wrote to memory of 4100 N/A C:\Users\Admin\AppData\Local\Temp\8ffa93f8c6d393aeb7c2b799e1a87b30_NeikiAnalytics.exe C:\Windows\System\kGHghDL.exe
PID 2000 wrote to memory of 4100 N/A C:\Users\Admin\AppData\Local\Temp\8ffa93f8c6d393aeb7c2b799e1a87b30_NeikiAnalytics.exe C:\Windows\System\kGHghDL.exe
PID 2000 wrote to memory of 4780 N/A C:\Users\Admin\AppData\Local\Temp\8ffa93f8c6d393aeb7c2b799e1a87b30_NeikiAnalytics.exe C:\Windows\System\IZynpIn.exe
PID 2000 wrote to memory of 4780 N/A C:\Users\Admin\AppData\Local\Temp\8ffa93f8c6d393aeb7c2b799e1a87b30_NeikiAnalytics.exe C:\Windows\System\IZynpIn.exe
PID 2000 wrote to memory of 984 N/A C:\Users\Admin\AppData\Local\Temp\8ffa93f8c6d393aeb7c2b799e1a87b30_NeikiAnalytics.exe C:\Windows\System\GbaaOiZ.exe
PID 2000 wrote to memory of 984 N/A C:\Users\Admin\AppData\Local\Temp\8ffa93f8c6d393aeb7c2b799e1a87b30_NeikiAnalytics.exe C:\Windows\System\GbaaOiZ.exe
PID 2000 wrote to memory of 3488 N/A C:\Users\Admin\AppData\Local\Temp\8ffa93f8c6d393aeb7c2b799e1a87b30_NeikiAnalytics.exe C:\Windows\System\WNfUBdy.exe
PID 2000 wrote to memory of 3488 N/A C:\Users\Admin\AppData\Local\Temp\8ffa93f8c6d393aeb7c2b799e1a87b30_NeikiAnalytics.exe C:\Windows\System\WNfUBdy.exe
PID 2000 wrote to memory of 4372 N/A C:\Users\Admin\AppData\Local\Temp\8ffa93f8c6d393aeb7c2b799e1a87b30_NeikiAnalytics.exe C:\Windows\System\HoVLGqm.exe
PID 2000 wrote to memory of 4372 N/A C:\Users\Admin\AppData\Local\Temp\8ffa93f8c6d393aeb7c2b799e1a87b30_NeikiAnalytics.exe C:\Windows\System\HoVLGqm.exe
PID 2000 wrote to memory of 3356 N/A C:\Users\Admin\AppData\Local\Temp\8ffa93f8c6d393aeb7c2b799e1a87b30_NeikiAnalytics.exe C:\Windows\System\lGvWEYB.exe
PID 2000 wrote to memory of 3356 N/A C:\Users\Admin\AppData\Local\Temp\8ffa93f8c6d393aeb7c2b799e1a87b30_NeikiAnalytics.exe C:\Windows\System\lGvWEYB.exe
PID 2000 wrote to memory of 1764 N/A C:\Users\Admin\AppData\Local\Temp\8ffa93f8c6d393aeb7c2b799e1a87b30_NeikiAnalytics.exe C:\Windows\System\NAXCUMv.exe
PID 2000 wrote to memory of 1764 N/A C:\Users\Admin\AppData\Local\Temp\8ffa93f8c6d393aeb7c2b799e1a87b30_NeikiAnalytics.exe C:\Windows\System\NAXCUMv.exe
PID 2000 wrote to memory of 4180 N/A C:\Users\Admin\AppData\Local\Temp\8ffa93f8c6d393aeb7c2b799e1a87b30_NeikiAnalytics.exe C:\Windows\System\xglNLMp.exe
PID 2000 wrote to memory of 4180 N/A C:\Users\Admin\AppData\Local\Temp\8ffa93f8c6d393aeb7c2b799e1a87b30_NeikiAnalytics.exe C:\Windows\System\xglNLMp.exe
PID 2000 wrote to memory of 2388 N/A C:\Users\Admin\AppData\Local\Temp\8ffa93f8c6d393aeb7c2b799e1a87b30_NeikiAnalytics.exe C:\Windows\System\NsHLszx.exe
PID 2000 wrote to memory of 2388 N/A C:\Users\Admin\AppData\Local\Temp\8ffa93f8c6d393aeb7c2b799e1a87b30_NeikiAnalytics.exe C:\Windows\System\NsHLszx.exe
PID 2000 wrote to memory of 1272 N/A C:\Users\Admin\AppData\Local\Temp\8ffa93f8c6d393aeb7c2b799e1a87b30_NeikiAnalytics.exe C:\Windows\System\EBdtBNE.exe
PID 2000 wrote to memory of 1272 N/A C:\Users\Admin\AppData\Local\Temp\8ffa93f8c6d393aeb7c2b799e1a87b30_NeikiAnalytics.exe C:\Windows\System\EBdtBNE.exe

Processes

C:\Users\Admin\AppData\Local\Temp\8ffa93f8c6d393aeb7c2b799e1a87b30_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\8ffa93f8c6d393aeb7c2b799e1a87b30_NeikiAnalytics.exe"

C:\Windows\System\KWYtwol.exe

C:\Windows\System\KWYtwol.exe

C:\Windows\System\YNDxNif.exe

C:\Windows\System\YNDxNif.exe

C:\Windows\System\DhsefgI.exe

C:\Windows\System\DhsefgI.exe

C:\Windows\System\jrJleEf.exe

C:\Windows\System\jrJleEf.exe

C:\Windows\System\PcSXjxl.exe

C:\Windows\System\PcSXjxl.exe

C:\Windows\System\PNUhlEi.exe

C:\Windows\System\PNUhlEi.exe

C:\Windows\System\JZobBMe.exe

C:\Windows\System\JZobBMe.exe

C:\Windows\System\TZvNBoz.exe

C:\Windows\System\TZvNBoz.exe

C:\Windows\System\RgwfkdI.exe

C:\Windows\System\RgwfkdI.exe

C:\Windows\System\MbdsgPA.exe

C:\Windows\System\MbdsgPA.exe

C:\Windows\System\naDusLk.exe

C:\Windows\System\naDusLk.exe

C:\Windows\System\DCJoMSC.exe

C:\Windows\System\DCJoMSC.exe

C:\Windows\System\VXyyVWv.exe

C:\Windows\System\VXyyVWv.exe

C:\Windows\System\nwbTQiJ.exe

C:\Windows\System\nwbTQiJ.exe

C:\Windows\System\UQbLPlo.exe

C:\Windows\System\UQbLPlo.exe

C:\Windows\System\GHkIOXT.exe

C:\Windows\System\GHkIOXT.exe

C:\Windows\System\vttOqaG.exe

C:\Windows\System\vttOqaG.exe

C:\Windows\System\vYUcoSM.exe

C:\Windows\System\vYUcoSM.exe

C:\Windows\System\eNsHbaa.exe

C:\Windows\System\eNsHbaa.exe

C:\Windows\System\cTtkmpf.exe

C:\Windows\System\cTtkmpf.exe

C:\Windows\System\jPNLRVJ.exe

C:\Windows\System\jPNLRVJ.exe

C:\Windows\System\dSLAFog.exe

C:\Windows\System\dSLAFog.exe

C:\Windows\System\kGHghDL.exe

C:\Windows\System\kGHghDL.exe

C:\Windows\System\IZynpIn.exe

C:\Windows\System\IZynpIn.exe

C:\Windows\System\GbaaOiZ.exe

C:\Windows\System\GbaaOiZ.exe

C:\Windows\System\WNfUBdy.exe

C:\Windows\System\WNfUBdy.exe

C:\Windows\System\HoVLGqm.exe

C:\Windows\System\HoVLGqm.exe

C:\Windows\System\lGvWEYB.exe

C:\Windows\System\lGvWEYB.exe

C:\Windows\System\NAXCUMv.exe

C:\Windows\System\NAXCUMv.exe

C:\Windows\System\xglNLMp.exe

C:\Windows\System\xglNLMp.exe

C:\Windows\System\NsHLszx.exe

C:\Windows\System\NsHLszx.exe

C:\Windows\System\EBdtBNE.exe

C:\Windows\System\EBdtBNE.exe

C:\Windows\System\RqlbRzb.exe

C:\Windows\System\RqlbRzb.exe

C:\Windows\System\CmNxJrv.exe

C:\Windows\System\CmNxJrv.exe

C:\Windows\System\vQiqDdQ.exe

C:\Windows\System\vQiqDdQ.exe

C:\Windows\System\aAQpcJV.exe

C:\Windows\System\aAQpcJV.exe

C:\Windows\System\OdEKOiv.exe

C:\Windows\System\OdEKOiv.exe

C:\Windows\System\WcYEcCg.exe

C:\Windows\System\WcYEcCg.exe

C:\Windows\System\JGpjSdr.exe

C:\Windows\System\JGpjSdr.exe

C:\Windows\System\cnHJOTH.exe

C:\Windows\System\cnHJOTH.exe

C:\Windows\System\KxfXJhq.exe

C:\Windows\System\KxfXJhq.exe

C:\Windows\System\mFfpmpJ.exe

C:\Windows\System\mFfpmpJ.exe

C:\Windows\System\NaEMMqX.exe

C:\Windows\System\NaEMMqX.exe

C:\Windows\System\avhcvzn.exe

C:\Windows\System\avhcvzn.exe

C:\Windows\System\CWAtVkZ.exe

C:\Windows\System\CWAtVkZ.exe

C:\Windows\System\GTftgVZ.exe

C:\Windows\System\GTftgVZ.exe

C:\Windows\System\UEjcedT.exe

C:\Windows\System\UEjcedT.exe

C:\Windows\System\eOUypiI.exe

C:\Windows\System\eOUypiI.exe

C:\Windows\System\zVqmCxh.exe

C:\Windows\System\zVqmCxh.exe

C:\Windows\System\AybJwGa.exe

C:\Windows\System\AybJwGa.exe

C:\Windows\System\hSsuoPA.exe

C:\Windows\System\hSsuoPA.exe

C:\Windows\System\gZijiVe.exe

C:\Windows\System\gZijiVe.exe

C:\Windows\System\GoCiCwK.exe

C:\Windows\System\GoCiCwK.exe

C:\Windows\System\csQJzrD.exe

C:\Windows\System\csQJzrD.exe

C:\Windows\System\qTrjvBY.exe

C:\Windows\System\qTrjvBY.exe

C:\Windows\System\PMLsLOY.exe

C:\Windows\System\PMLsLOY.exe

C:\Windows\System\kGeHNeZ.exe

C:\Windows\System\kGeHNeZ.exe

C:\Windows\System\fXCIFjI.exe

C:\Windows\System\fXCIFjI.exe

C:\Windows\System\fPYAPjw.exe

C:\Windows\System\fPYAPjw.exe

C:\Windows\System\EtttlCc.exe

C:\Windows\System\EtttlCc.exe

C:\Windows\System\NVuRRZK.exe

C:\Windows\System\NVuRRZK.exe

C:\Windows\System\frkRURU.exe

C:\Windows\System\frkRURU.exe

C:\Windows\System\VbkNlUF.exe

C:\Windows\System\VbkNlUF.exe

C:\Windows\System\DJsslJE.exe

C:\Windows\System\DJsslJE.exe

C:\Windows\System\ieQNsUc.exe

C:\Windows\System\ieQNsUc.exe

C:\Windows\System\WmOwmeX.exe

C:\Windows\System\WmOwmeX.exe

C:\Windows\System\RSLmNkz.exe

C:\Windows\System\RSLmNkz.exe

C:\Windows\System\GKlNXSF.exe

C:\Windows\System\GKlNXSF.exe

C:\Windows\System\ZkXjaPD.exe

C:\Windows\System\ZkXjaPD.exe

C:\Windows\System\KPEhBfO.exe

C:\Windows\System\KPEhBfO.exe

C:\Windows\System\ZDbrkXC.exe

C:\Windows\System\ZDbrkXC.exe

C:\Windows\System\NmYOnWV.exe

C:\Windows\System\NmYOnWV.exe

C:\Windows\System\GEhWtFs.exe

C:\Windows\System\GEhWtFs.exe

C:\Windows\System\nYJBnoe.exe

C:\Windows\System\nYJBnoe.exe

C:\Windows\System\zHDkVjB.exe

C:\Windows\System\zHDkVjB.exe

C:\Windows\System\RvvfKfz.exe

C:\Windows\System\RvvfKfz.exe

C:\Windows\System\pVpqzkP.exe

C:\Windows\System\pVpqzkP.exe

C:\Windows\System\PPWFnPJ.exe

C:\Windows\System\PPWFnPJ.exe

C:\Windows\System\HOwgZuf.exe

C:\Windows\System\HOwgZuf.exe

C:\Windows\System\QmEhWIa.exe

C:\Windows\System\QmEhWIa.exe

C:\Windows\System\ZXsZBFJ.exe

C:\Windows\System\ZXsZBFJ.exe

C:\Windows\System\wJTfplh.exe

C:\Windows\System\wJTfplh.exe

C:\Windows\System\hkpiKrz.exe

C:\Windows\System\hkpiKrz.exe

C:\Windows\System\XKjoLpL.exe

C:\Windows\System\XKjoLpL.exe

C:\Windows\System\smOmiWD.exe

C:\Windows\System\smOmiWD.exe

C:\Windows\System\mJuGMTA.exe

C:\Windows\System\mJuGMTA.exe

C:\Windows\System\PCzDEYh.exe

C:\Windows\System\PCzDEYh.exe

C:\Windows\System\lTrcqhy.exe

C:\Windows\System\lTrcqhy.exe

C:\Windows\System\zRjIizi.exe

C:\Windows\System\zRjIizi.exe

C:\Windows\System\kvPexCx.exe

C:\Windows\System\kvPexCx.exe

C:\Windows\System\muLuTOJ.exe

C:\Windows\System\muLuTOJ.exe

C:\Windows\System\KpFPuzO.exe

C:\Windows\System\KpFPuzO.exe

C:\Windows\System\zimiiZj.exe

C:\Windows\System\zimiiZj.exe

C:\Windows\System\walqyHe.exe

C:\Windows\System\walqyHe.exe

C:\Windows\System\eDnxgwc.exe

C:\Windows\System\eDnxgwc.exe

C:\Windows\System\PrVVfHm.exe

C:\Windows\System\PrVVfHm.exe

C:\Windows\System\vMxtQZw.exe

C:\Windows\System\vMxtQZw.exe

C:\Windows\System\QRieKyG.exe

C:\Windows\System\QRieKyG.exe

C:\Windows\System\JHPxBMC.exe

C:\Windows\System\JHPxBMC.exe

C:\Windows\System\LoILzKh.exe

C:\Windows\System\LoILzKh.exe

C:\Windows\System\aJFCIaB.exe

C:\Windows\System\aJFCIaB.exe

C:\Windows\System\zjNuoPW.exe

C:\Windows\System\zjNuoPW.exe

C:\Windows\System\dHuvKIH.exe

C:\Windows\System\dHuvKIH.exe

C:\Windows\System\KXuMYZN.exe

C:\Windows\System\KXuMYZN.exe

C:\Windows\System\csaCHNV.exe

C:\Windows\System\csaCHNV.exe

C:\Windows\System\ueXywfH.exe

C:\Windows\System\ueXywfH.exe

C:\Windows\System\mmJqXIK.exe

C:\Windows\System\mmJqXIK.exe

C:\Windows\System\QnWmCdk.exe

C:\Windows\System\QnWmCdk.exe

C:\Windows\System\hzlTwmw.exe

C:\Windows\System\hzlTwmw.exe

C:\Windows\System\etZLZaF.exe

C:\Windows\System\etZLZaF.exe

C:\Windows\System\iLxCPEU.exe

C:\Windows\System\iLxCPEU.exe

C:\Windows\System\NdtcDQA.exe

C:\Windows\System\NdtcDQA.exe

C:\Windows\System\zAOasPC.exe

C:\Windows\System\zAOasPC.exe

C:\Windows\System\kZoWJwW.exe

C:\Windows\System\kZoWJwW.exe

C:\Windows\System\gnCLzaI.exe

C:\Windows\System\gnCLzaI.exe

C:\Windows\System\GBkcXvV.exe

C:\Windows\System\GBkcXvV.exe

C:\Windows\System\scyCKSE.exe

C:\Windows\System\scyCKSE.exe

C:\Windows\System\zVgZFUG.exe

C:\Windows\System\zVgZFUG.exe

C:\Windows\System\JuFBrGR.exe

C:\Windows\System\JuFBrGR.exe

C:\Windows\System\XsxQYGy.exe

C:\Windows\System\XsxQYGy.exe

C:\Windows\System\RTVdLSR.exe

C:\Windows\System\RTVdLSR.exe

C:\Windows\System\iVeqmFY.exe

C:\Windows\System\iVeqmFY.exe

C:\Windows\System\ccyEHUI.exe

C:\Windows\System\ccyEHUI.exe

C:\Windows\System\iEBSMcF.exe

C:\Windows\System\iEBSMcF.exe

C:\Windows\System\GZmIuFB.exe

C:\Windows\System\GZmIuFB.exe

C:\Windows\System\SEryQQh.exe

C:\Windows\System\SEryQQh.exe

C:\Windows\System\lLNdMLe.exe

C:\Windows\System\lLNdMLe.exe

C:\Windows\System\IXotNNn.exe

C:\Windows\System\IXotNNn.exe

C:\Windows\System\ypBlXQf.exe

C:\Windows\System\ypBlXQf.exe

C:\Windows\System\HLggkIR.exe

C:\Windows\System\HLggkIR.exe

C:\Windows\System\uAJgTmM.exe

C:\Windows\System\uAJgTmM.exe

C:\Windows\System\RDutmVQ.exe

C:\Windows\System\RDutmVQ.exe

C:\Windows\System\DgVsqEW.exe

C:\Windows\System\DgVsqEW.exe

C:\Windows\System\GjVxAPC.exe

C:\Windows\System\GjVxAPC.exe

C:\Windows\System\ZKnepHm.exe

C:\Windows\System\ZKnepHm.exe

C:\Windows\System\KYBgJPe.exe

C:\Windows\System\KYBgJPe.exe

C:\Windows\System\lVrFccH.exe

C:\Windows\System\lVrFccH.exe

C:\Windows\System\kwwPfIh.exe

C:\Windows\System\kwwPfIh.exe

C:\Windows\System\KcoLXtp.exe

C:\Windows\System\KcoLXtp.exe

C:\Windows\System\QLqUzNz.exe

C:\Windows\System\QLqUzNz.exe

C:\Windows\System\PIvYOtI.exe

C:\Windows\System\PIvYOtI.exe

C:\Windows\System\oNDqFRk.exe

C:\Windows\System\oNDqFRk.exe

C:\Windows\System\wirDgfu.exe

C:\Windows\System\wirDgfu.exe

C:\Windows\System\whlDabv.exe

C:\Windows\System\whlDabv.exe

C:\Windows\System\IYdWPJg.exe

C:\Windows\System\IYdWPJg.exe

C:\Windows\System\ceuDNCo.exe

C:\Windows\System\ceuDNCo.exe

C:\Windows\System\ecdyVZr.exe

C:\Windows\System\ecdyVZr.exe

C:\Windows\System\TLFnOyT.exe

C:\Windows\System\TLFnOyT.exe

C:\Windows\System\XBGeQId.exe

C:\Windows\System\XBGeQId.exe

C:\Windows\System\EHjnluE.exe

C:\Windows\System\EHjnluE.exe

C:\Windows\System\WoPNJgu.exe

C:\Windows\System\WoPNJgu.exe

C:\Windows\System\gMbnwwe.exe

C:\Windows\System\gMbnwwe.exe

C:\Windows\System\gdFdQkm.exe

C:\Windows\System\gdFdQkm.exe

C:\Windows\System\NpjllRB.exe

C:\Windows\System\NpjllRB.exe

C:\Windows\System\FbhGNYG.exe

C:\Windows\System\FbhGNYG.exe

C:\Windows\System\YzhzWuY.exe

C:\Windows\System\YzhzWuY.exe

C:\Windows\System\IdAcvcE.exe

C:\Windows\System\IdAcvcE.exe

C:\Windows\System\YaSCciW.exe

C:\Windows\System\YaSCciW.exe

C:\Windows\System\tciKeRX.exe

C:\Windows\System\tciKeRX.exe

C:\Windows\System\tRUSBbe.exe

C:\Windows\System\tRUSBbe.exe

C:\Windows\System\akoOrno.exe

C:\Windows\System\akoOrno.exe

C:\Windows\System\MQClIoL.exe

C:\Windows\System\MQClIoL.exe

C:\Windows\System\BTTdnlC.exe

C:\Windows\System\BTTdnlC.exe

C:\Windows\System\BPPESKR.exe

C:\Windows\System\BPPESKR.exe

C:\Windows\System\ESOIekO.exe

C:\Windows\System\ESOIekO.exe

C:\Windows\System\yETUyFQ.exe

C:\Windows\System\yETUyFQ.exe

C:\Windows\System\RdWJlPv.exe

C:\Windows\System\RdWJlPv.exe

C:\Windows\System\pSURvcM.exe

C:\Windows\System\pSURvcM.exe

C:\Windows\System\zYPcfoN.exe

C:\Windows\System\zYPcfoN.exe

C:\Windows\System\kvegukj.exe

C:\Windows\System\kvegukj.exe

C:\Windows\System\abNNofe.exe

C:\Windows\System\abNNofe.exe

C:\Windows\System\bKIbEjY.exe

C:\Windows\System\bKIbEjY.exe

C:\Windows\System\KUNfftX.exe

C:\Windows\System\KUNfftX.exe

C:\Windows\System\HGAHQQU.exe

C:\Windows\System\HGAHQQU.exe

C:\Windows\System\osZfmXI.exe

C:\Windows\System\osZfmXI.exe

C:\Windows\System\ewtSNsC.exe

C:\Windows\System\ewtSNsC.exe

C:\Windows\System\QWURlJz.exe

C:\Windows\System\QWURlJz.exe

C:\Windows\System\zYgdusP.exe

C:\Windows\System\zYgdusP.exe

C:\Windows\System\JVYGTAq.exe

C:\Windows\System\JVYGTAq.exe

C:\Windows\System\vffBOqj.exe

C:\Windows\System\vffBOqj.exe

C:\Windows\System\gDCfCBU.exe

C:\Windows\System\gDCfCBU.exe

C:\Windows\System\IsGoxZf.exe

C:\Windows\System\IsGoxZf.exe

C:\Windows\System\xPJKeqW.exe

C:\Windows\System\xPJKeqW.exe

C:\Windows\System\CsrZSkW.exe

C:\Windows\System\CsrZSkW.exe

C:\Windows\System\bTGCvfR.exe

C:\Windows\System\bTGCvfR.exe

C:\Windows\System\wLmWRlp.exe

C:\Windows\System\wLmWRlp.exe

C:\Windows\System\YWPpTvN.exe

C:\Windows\System\YWPpTvN.exe

C:\Windows\System\QNMSmTy.exe

C:\Windows\System\QNMSmTy.exe

C:\Windows\System\myzZFHF.exe

C:\Windows\System\myzZFHF.exe

C:\Windows\System\ObfBLjW.exe

C:\Windows\System\ObfBLjW.exe

C:\Windows\System\iGxQqDS.exe

C:\Windows\System\iGxQqDS.exe

C:\Windows\System\vJzeyGM.exe

C:\Windows\System\vJzeyGM.exe

C:\Windows\System\jjBUcgV.exe

C:\Windows\System\jjBUcgV.exe

C:\Windows\System\DUzxuFZ.exe

C:\Windows\System\DUzxuFZ.exe

C:\Windows\System\ixDOmWe.exe

C:\Windows\System\ixDOmWe.exe

C:\Windows\System\lLhvHHp.exe

C:\Windows\System\lLhvHHp.exe

C:\Windows\System\DVSSfwv.exe

C:\Windows\System\DVSSfwv.exe

C:\Windows\System\WVUDlGp.exe

C:\Windows\System\WVUDlGp.exe

C:\Windows\System\mPBASCy.exe

C:\Windows\System\mPBASCy.exe

C:\Windows\System\pKpkIdQ.exe

C:\Windows\System\pKpkIdQ.exe

C:\Windows\System\QpiWtwS.exe

C:\Windows\System\QpiWtwS.exe

C:\Windows\System\nxfGEiZ.exe

C:\Windows\System\nxfGEiZ.exe

C:\Windows\System\jcQjmyp.exe

C:\Windows\System\jcQjmyp.exe

C:\Windows\System\vgfZibX.exe

C:\Windows\System\vgfZibX.exe

C:\Windows\System\vvhSZra.exe

C:\Windows\System\vvhSZra.exe

C:\Windows\System\tFJyOEk.exe

C:\Windows\System\tFJyOEk.exe

C:\Windows\System\wkgGjoI.exe

C:\Windows\System\wkgGjoI.exe

C:\Windows\System\XQpZvQN.exe

C:\Windows\System\XQpZvQN.exe

C:\Windows\System\bawPzFC.exe

C:\Windows\System\bawPzFC.exe

C:\Windows\System\WnQBPJA.exe

C:\Windows\System\WnQBPJA.exe

C:\Windows\System\bPBnRWv.exe

C:\Windows\System\bPBnRWv.exe

C:\Windows\System\DyeOlGb.exe

C:\Windows\System\DyeOlGb.exe

C:\Windows\System\URSoHdO.exe

C:\Windows\System\URSoHdO.exe

C:\Windows\System\KrFcVBP.exe

C:\Windows\System\KrFcVBP.exe

C:\Windows\System\LoSFRFS.exe

C:\Windows\System\LoSFRFS.exe

C:\Windows\System\aGnDutR.exe

C:\Windows\System\aGnDutR.exe

C:\Windows\System\ODBGWsu.exe

C:\Windows\System\ODBGWsu.exe

C:\Windows\System\oHHVKuz.exe

C:\Windows\System\oHHVKuz.exe

C:\Windows\System\epungIQ.exe

C:\Windows\System\epungIQ.exe

C:\Windows\System\mfGDZtF.exe

C:\Windows\System\mfGDZtF.exe

C:\Windows\System\fkCPSRv.exe

C:\Windows\System\fkCPSRv.exe

C:\Windows\System\xIZxgNT.exe

C:\Windows\System\xIZxgNT.exe

C:\Windows\System\UAGnPrB.exe

C:\Windows\System\UAGnPrB.exe

C:\Windows\System\unUlUiM.exe

C:\Windows\System\unUlUiM.exe

C:\Windows\System\OuMjPhM.exe

C:\Windows\System\OuMjPhM.exe

C:\Windows\System\jDCIjoq.exe

C:\Windows\System\jDCIjoq.exe

C:\Windows\System\IGraCkb.exe

C:\Windows\System\IGraCkb.exe

C:\Windows\System\HDqsTvV.exe

C:\Windows\System\HDqsTvV.exe

C:\Windows\System\qSzuAMk.exe

C:\Windows\System\qSzuAMk.exe

C:\Windows\System\wfvYyCG.exe

C:\Windows\System\wfvYyCG.exe

C:\Windows\System\TlmvXfz.exe

C:\Windows\System\TlmvXfz.exe

C:\Windows\System\QCOjqCt.exe

C:\Windows\System\QCOjqCt.exe

C:\Windows\System\yXliawQ.exe

C:\Windows\System\yXliawQ.exe

C:\Windows\System\ZUsopSU.exe

C:\Windows\System\ZUsopSU.exe

C:\Windows\System\NItStFM.exe

C:\Windows\System\NItStFM.exe

C:\Windows\System\HSILwhA.exe

C:\Windows\System\HSILwhA.exe

C:\Windows\System\iJpMaPh.exe

C:\Windows\System\iJpMaPh.exe

C:\Windows\System\NBiXObT.exe

C:\Windows\System\NBiXObT.exe

C:\Windows\System\kTCAfDp.exe

C:\Windows\System\kTCAfDp.exe

C:\Windows\System\CDdFEKF.exe

C:\Windows\System\CDdFEKF.exe

C:\Windows\System\maoQMHj.exe

C:\Windows\System\maoQMHj.exe

C:\Windows\System\YvoFIiu.exe

C:\Windows\System\YvoFIiu.exe

C:\Windows\System\IuWBLzq.exe

C:\Windows\System\IuWBLzq.exe

C:\Windows\System\qPZZXkg.exe

C:\Windows\System\qPZZXkg.exe

C:\Windows\System\TXtpvfp.exe

C:\Windows\System\TXtpvfp.exe

C:\Windows\System\sQhKtns.exe

C:\Windows\System\sQhKtns.exe

C:\Windows\System\yiizTbb.exe

C:\Windows\System\yiizTbb.exe

C:\Windows\System\PUVnIsv.exe

C:\Windows\System\PUVnIsv.exe

C:\Windows\System\CMFixEh.exe

C:\Windows\System\CMFixEh.exe

C:\Windows\System\pNmHwLU.exe

C:\Windows\System\pNmHwLU.exe

C:\Windows\System\mQUKYUY.exe

C:\Windows\System\mQUKYUY.exe

C:\Windows\System\LgstGCb.exe

C:\Windows\System\LgstGCb.exe

C:\Windows\System\kbKmDvz.exe

C:\Windows\System\kbKmDvz.exe

C:\Windows\System\LJsAJuK.exe

C:\Windows\System\LJsAJuK.exe

C:\Windows\System\bmxSOmj.exe

C:\Windows\System\bmxSOmj.exe

C:\Windows\System\hrmRjeP.exe

C:\Windows\System\hrmRjeP.exe

C:\Windows\System\dOteAwL.exe

C:\Windows\System\dOteAwL.exe

C:\Windows\System\xmkTFcu.exe

C:\Windows\System\xmkTFcu.exe

C:\Windows\System\UnxuxQT.exe

C:\Windows\System\UnxuxQT.exe

C:\Windows\System\qcyhUmX.exe

C:\Windows\System\qcyhUmX.exe

C:\Windows\System\pOCRMhu.exe

C:\Windows\System\pOCRMhu.exe

C:\Windows\System\PlABZZN.exe

C:\Windows\System\PlABZZN.exe

C:\Windows\System\cHBhlyR.exe

C:\Windows\System\cHBhlyR.exe

C:\Windows\System\TYcwQiX.exe

C:\Windows\System\TYcwQiX.exe

C:\Windows\System\nrcPNAt.exe

C:\Windows\System\nrcPNAt.exe

C:\Windows\System\NqWCxxE.exe

C:\Windows\System\NqWCxxE.exe

C:\Windows\System\HhwMtEQ.exe

C:\Windows\System\HhwMtEQ.exe

C:\Windows\System\TQiJgFH.exe

C:\Windows\System\TQiJgFH.exe

C:\Windows\System\SCrehsH.exe

C:\Windows\System\SCrehsH.exe

C:\Windows\System\byFaRCn.exe

C:\Windows\System\byFaRCn.exe

C:\Windows\System\qYiwgeS.exe

C:\Windows\System\qYiwgeS.exe

C:\Windows\System\AndhwHt.exe

C:\Windows\System\AndhwHt.exe

C:\Windows\System\bjonOeQ.exe

C:\Windows\System\bjonOeQ.exe

C:\Windows\System\qERfxCR.exe

C:\Windows\System\qERfxCR.exe

C:\Windows\System\ubwlOAa.exe

C:\Windows\System\ubwlOAa.exe

C:\Windows\System\YvcfmLC.exe

C:\Windows\System\YvcfmLC.exe

C:\Windows\System\hpRKCcA.exe

C:\Windows\System\hpRKCcA.exe

C:\Windows\System\aphjEJi.exe

C:\Windows\System\aphjEJi.exe

C:\Windows\System\fuutshn.exe

C:\Windows\System\fuutshn.exe

C:\Windows\System\KICEBMp.exe

C:\Windows\System\KICEBMp.exe

C:\Windows\System\FQftlhW.exe

C:\Windows\System\FQftlhW.exe

C:\Windows\System\apeyDZr.exe

C:\Windows\System\apeyDZr.exe

C:\Windows\System\tjWOAug.exe

C:\Windows\System\tjWOAug.exe

C:\Windows\System\NqliqIV.exe

C:\Windows\System\NqliqIV.exe

C:\Windows\System\tnYOpNg.exe

C:\Windows\System\tnYOpNg.exe

C:\Windows\System\yxxzGNK.exe

C:\Windows\System\yxxzGNK.exe

C:\Windows\System\HpXajsH.exe

C:\Windows\System\HpXajsH.exe

C:\Windows\System\hRGgAXI.exe

C:\Windows\System\hRGgAXI.exe

C:\Windows\System\yWhPrvA.exe

C:\Windows\System\yWhPrvA.exe

C:\Windows\System\szStSVG.exe

C:\Windows\System\szStSVG.exe

C:\Windows\System\WiSlitK.exe

C:\Windows\System\WiSlitK.exe

C:\Windows\System\WuErOog.exe

C:\Windows\System\WuErOog.exe

C:\Windows\System\iDDSQer.exe

C:\Windows\System\iDDSQer.exe

C:\Windows\System\oQwDeYT.exe

C:\Windows\System\oQwDeYT.exe

C:\Windows\System\dIVwzLe.exe

C:\Windows\System\dIVwzLe.exe

C:\Windows\System\xKDziFj.exe

C:\Windows\System\xKDziFj.exe

C:\Windows\System\esxuEcq.exe

C:\Windows\System\esxuEcq.exe

C:\Windows\System\wRLgBjb.exe

C:\Windows\System\wRLgBjb.exe

C:\Windows\System\GxhMOJr.exe

C:\Windows\System\GxhMOJr.exe

C:\Windows\System\Xddzfzv.exe

C:\Windows\System\Xddzfzv.exe

C:\Windows\System\JOguLzQ.exe

C:\Windows\System\JOguLzQ.exe

C:\Windows\System\zScSyxm.exe

C:\Windows\System\zScSyxm.exe

C:\Windows\System\DEiXEGZ.exe

C:\Windows\System\DEiXEGZ.exe

C:\Windows\System\Jndiwqi.exe

C:\Windows\System\Jndiwqi.exe

C:\Windows\System\QzpJapm.exe

C:\Windows\System\QzpJapm.exe

C:\Windows\System\gmMyKyC.exe

C:\Windows\System\gmMyKyC.exe

C:\Windows\System\XAHFUBb.exe

C:\Windows\System\XAHFUBb.exe

C:\Windows\System\ZFPAsjV.exe

C:\Windows\System\ZFPAsjV.exe

C:\Windows\System\NnVIZzQ.exe

C:\Windows\System\NnVIZzQ.exe

C:\Windows\System\CLSnLIl.exe

C:\Windows\System\CLSnLIl.exe

C:\Windows\System\TPhuncn.exe

C:\Windows\System\TPhuncn.exe

C:\Windows\System\zgrHLCO.exe

C:\Windows\System\zgrHLCO.exe

C:\Windows\System\pDOZGJo.exe

C:\Windows\System\pDOZGJo.exe

C:\Windows\System\YjVpAYM.exe

C:\Windows\System\YjVpAYM.exe

C:\Windows\System\viFhKfx.exe

C:\Windows\System\viFhKfx.exe

C:\Windows\System\ypiYhJT.exe

C:\Windows\System\ypiYhJT.exe

C:\Windows\System\JcaUvVi.exe

C:\Windows\System\JcaUvVi.exe

C:\Windows\System\MMHaJpJ.exe

C:\Windows\System\MMHaJpJ.exe

C:\Windows\System\VBsPtmK.exe

C:\Windows\System\VBsPtmK.exe

C:\Windows\System\RNklRkr.exe

C:\Windows\System\RNklRkr.exe

C:\Windows\System\wPYArRI.exe

C:\Windows\System\wPYArRI.exe

C:\Windows\System\Nrymhhh.exe

C:\Windows\System\Nrymhhh.exe

C:\Windows\System\tVqXpso.exe

C:\Windows\System\tVqXpso.exe

C:\Windows\System\XcceDxY.exe

C:\Windows\System\XcceDxY.exe

C:\Windows\System\rOOJRkv.exe

C:\Windows\System\rOOJRkv.exe

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 149.220.183.52.in-addr.arpa udp
US 8.8.8.8:53 82.90.14.23.in-addr.arpa udp
US 8.8.8.8:53 68.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 232.168.11.51.in-addr.arpa udp
DE 3.120.209.58:8080 tcp
US 8.8.8.8:53 58.55.71.13.in-addr.arpa udp
US 8.8.8.8:53 183.59.114.20.in-addr.arpa udp
US 8.8.8.8:53 18.31.95.13.in-addr.arpa udp
DE 3.120.209.58:8080 tcp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp

Files

memory/2000-0-0x00007FF6A1DD0000-0x00007FF6A2124000-memory.dmp

memory/2000-1-0x0000012AA9AA0000-0x0000012AA9AB0000-memory.dmp

C:\Windows\System\DhsefgI.exe

MD5 307222a0c0e13710d119f4710451385b
SHA1 4890d270d11d19d1904410ad8556494857cbacfb
SHA256 b4a07da57290c39cbd0269155d31fd8aeedbc380b08b55df19aefc821278e2e1
SHA512 1f9356604146aab50480f9cdc813a08a9a62f111dd67aa15b640baaf674a5cca2546a0983909e72d81eb2d9138fa6c04a9bfe6f9568075a29a1c3e6b2efc598b

C:\Windows\System\YNDxNif.exe

MD5 1b723e920b4b646b79c265b526656688
SHA1 0917e8cc3386b8efae59ec5c066b87a5c165f747
SHA256 49f45d4942df7c9538c01027f1f1ac44ce6d54ac4deaf010fa29cd8fa66348ba
SHA512 46f84754cf976a10df334f94ddd845b9211cc44d0a1b57b1fc3c2c38ce7ac912690152dd5a6518755a00950ce109c5172bce86d736b3443f80e1a4aaae9d9b1f

C:\Windows\System\jrJleEf.exe

MD5 5f87cf47f7768ef8255eb675a7695169
SHA1 e04ef0a2b5880c2d4a8b53a8307f5a5a3750e638
SHA256 a99b6a58e8fd3aaf30e96759c129c6a951923c59cf8284970ff151e0b392f7c6
SHA512 b2656c763a891e1278a8d9e45b65fbbf1c7d6d4c8d62abb20f4f99791ca7c56a17706576c28ceb8964f95961d72a0524a92ac651e98cc70f8496cff16f9d3961

C:\Windows\System\JZobBMe.exe

MD5 816326c717a0f80260d528d7bc02b702
SHA1 6db921ea3df5676b6d48197293cae6afbbfa1aea
SHA256 1d3ef26eff8fbec8eb8bb8ed7f4e02b59afb2168cccfd8db511d02a37b1f5b2e
SHA512 3533e22bc2931a1d52519cde0e4a097d069a734eabc5be7d4e233eba5d08774b24cf13852a26419493256fdc8226f1036f1a4056e6c9f857c0b4a2ef4c38773a

memory/4588-49-0x00007FF7353A0000-0x00007FF7356F4000-memory.dmp

memory/4960-53-0x00007FF6DA850000-0x00007FF6DABA4000-memory.dmp

memory/2816-56-0x00007FF68F570000-0x00007FF68F8C4000-memory.dmp

C:\Windows\System\RgwfkdI.exe

MD5 6f3673f6ed2861552caa654d9a55b856
SHA1 a22f82e42db3e38100b1926e3a84247c0435296e
SHA256 f7022ee3e10d90fdc1799e327f62c7533d291ff44454d1e9fc1ce341df00f052
SHA512 76207c659c3201f18a7e5f7a9bc374bd3515b0112d99c7f11e558f423cb0072f85d590acbc96bb53db8e1d44c3d40859c2ee76cb39e1edc9fbeb33fb7c919660

C:\Windows\System\TZvNBoz.exe

MD5 f4cc0b1071197c812be114367720ba2c
SHA1 baf082d9fadc1f444a47e71d653526805cd5a494
SHA256 501198a4a413d214ae7014e2cabb9c7f78980c4fe1fbd3f473881d05c4af16b1
SHA512 9af1f115c194f12c779f275b3ce2e933d2d86655d5aa2c796a7922defa671f2cd732df192c1176667e78f0647b855f3ea99662bf26f787d6bd22d3ad28acb1bf

memory/552-50-0x00007FF642CC0000-0x00007FF643014000-memory.dmp

C:\Windows\System\PcSXjxl.exe

MD5 67cb83f3713d08e9b1a8468ce2c60ffe
SHA1 b9a762b076e5e28242fd07b7b261f14098017e17
SHA256 33adb3c51a65cf09dd0d86ebbcddc0f92a86864603078e384ac5ccf4cf445cf8
SHA512 adb55ba8dd26ec8cdcd608a46878f696589adf23b9f3263439cb362147cacb1b8b103a640465b7e298dd3ee9917e7d57c205c6c42b053b25328ceb16076c84bd

memory/2404-37-0x00007FF7DBCA0000-0x00007FF7DBFF4000-memory.dmp

C:\Windows\System\PNUhlEi.exe

MD5 ba95dc69ea0551b249a2184f32cb073c
SHA1 8bbfa30b8ddcf1117ce204e95deca5dcb1ce3242
SHA256 50d69bcee543138ea4e8ccb0a73ac76589886f6c81743a970de38c73a3af1bf9
SHA512 bfbd9711ca23b767175ba35b123b98692c7d90526c0ea2ff282c1a1c31dd16d91bbf38746eed2a336ab8591218c1a3b4bc57bd18571f60c4110b70c2ebd725ee

memory/4624-28-0x00007FF726160000-0x00007FF7264B4000-memory.dmp

memory/2672-24-0x00007FF7AECB0000-0x00007FF7AF004000-memory.dmp

memory/2920-22-0x00007FF660130000-0x00007FF660484000-memory.dmp

C:\Windows\System\KWYtwol.exe

MD5 5d7455b12bac5481f029e5db1bdc699f
SHA1 f79ba744c630120cd66b05764f458114979c79a2
SHA256 bd2442143fddf4cd1e8ba6ff8aae7bcff32b5a66d286b6944a112f8b5820e8b9
SHA512 88bacd779150058d7e1ca71c650131e6f1136d22f9c653b6155ce4062e00bf0e08caf895f14c82ad1bdbf160b6ca0cca790fce84bb0fc2fb88aa07fbf875cb67

memory/376-8-0x00007FF75DEF0000-0x00007FF75E244000-memory.dmp

memory/4824-69-0x00007FF61A200000-0x00007FF61A554000-memory.dmp

C:\Windows\System\VXyyVWv.exe

MD5 ae72972154e37c4fc0f9d829ae723d8b
SHA1 f179a0ae9473eb1fe5fdf5fe6b6a79026052ec72
SHA256 99b2974b8572755b87fe5030f1086d53b7de75d735a50073786bf698812891fb
SHA512 1a1c1763cc778232c71aa3a4df4b20e5ce92555de214bd81124e448a0cd46cf43d92b0b4a3f60a2dbb6ed43272a638486171f7122ef8694db65d87ce6af8b548

C:\Windows\System\nwbTQiJ.exe

MD5 eb38e28cb19e8d13a6bfe63a87a5413a
SHA1 ef09b49d02593f57bc7265e2b2080ce4e4a874b0
SHA256 bd09f4c0c186a7aa5b437bc1523c01a2e455f6494f5084eb9e5fd1bdf951562b
SHA512 abc0fc919348a855a13d58c4b33fd2666933b6dda2e2f9527e457a5b8b132f9ce2abe4f02fcb087e2c32feb49e01df241aee1dac65f3a93e944e5340b388b90e

C:\Windows\System\IZynpIn.exe

MD5 007389488c951638ee87fe05a23f7a27
SHA1 bbb74aee4850f27bb125f98847013b2c1eef73b4
SHA256 40ca22d111c5af5b84eef93593dfc8f61ea4a4e038696bcefbd8e88921cf843c
SHA512 c5ed7978213c268fe2d02682a094c05d5465d3ab66cbaf26f4c7e7b239138e23f8758e191dd38710a8f2b85ad271affa74533c84fc741c13c9cbe4dbc9c648b9

memory/404-137-0x00007FF7DB140000-0x00007FF7DB494000-memory.dmp

C:\Windows\System\kGHghDL.exe

MD5 2007404c4e1e1978e7b1ffe28570a179
SHA1 8e6933c64082b71b725bccf7d97b35fdc54cce8c
SHA256 d5e238149dc7c8f91b0447859a518cd34071921988e6dba26b7b130aa329768b
SHA512 63a3a2fec213808725203d983bb0e04e185943467105b3ad35212a68a918b5ecf09114aded1db0a8d1bc0a8557a3c9ee9fe81bd89d019c5e8d89e33870c153fd

memory/3628-149-0x00007FF7EAD20000-0x00007FF7EB074000-memory.dmp

memory/4780-160-0x00007FF60CCE0000-0x00007FF60D034000-memory.dmp

memory/4024-165-0x00007FF75CB90000-0x00007FF75CEE4000-memory.dmp

memory/984-169-0x00007FF64FAB0000-0x00007FF64FE04000-memory.dmp

memory/3356-170-0x00007FF659750000-0x00007FF659AA4000-memory.dmp

memory/2168-168-0x00007FF794050000-0x00007FF7943A4000-memory.dmp

memory/3128-167-0x00007FF78BAF0000-0x00007FF78BE44000-memory.dmp

memory/1400-166-0x00007FF604B70000-0x00007FF604EC4000-memory.dmp

C:\Windows\System\lGvWEYB.exe

MD5 7f42224b97e62b823588e48dbe9b7db0
SHA1 2cf5650862f5e42bb6bc7b4ceb10d3f1f3751a35
SHA256 acbd77cc1e579643d6c5b8d584edfde9f0a7752e6c0666e29e26b5a8481027fd
SHA512 625bd08ca1149d5dc5889c1fc5962fae57ef9b87831666d0850b7a7b09c6c3222c1c876ef6fcd10cb3f8a4a54b654e1ae96c38df4e15a0cf07ec427f54793ef6

memory/4372-162-0x00007FF763C60000-0x00007FF763FB4000-memory.dmp

memory/3488-161-0x00007FF6E3110000-0x00007FF6E3464000-memory.dmp

C:\Windows\System\HoVLGqm.exe

MD5 170e3d4728d0f49b2f98dfc72fc91ae8
SHA1 224c35c34c0f4ade243b3c58615042ed56feb9ce
SHA256 cffb17f873284d2d16a0977c993df6fc85186949da02f2e3d1ac05d0f2bcf3e5
SHA512 4302345601f0a22b0e4923b03ad86fb8f9bd3591a16627d37899f2587eff826a4ac0c35b51f7de5ddd0c854557aa150a8af99576378eb3411331998454072e27

C:\Windows\System\GbaaOiZ.exe

MD5 ddbd67115058a76421a7c1aa3fcfb83a
SHA1 7198c7dfa9f4c84dd5fe0ebdd680f95760ca03e8
SHA256 d8565d5c6a0963ee97fa456db8fc4a60715f2451db0918869778c40b308f9328
SHA512 af097cc61f8c2423ab83d48148e7968e6e417fe03f4dc7cabf390dad411c721dac08c8614d692e8d2546d4f6a22c98c7cae0e89d0963d9769d6e2458b052e7a3

C:\Windows\System\WNfUBdy.exe

MD5 fde5740beb937784243d6813f33e8041
SHA1 b345c692775d55096caf0f67dc54b8aa99d7b718
SHA256 a230a76b63aa8d0fce38e56734e97adece070c717a661519da1ffde3a570251c
SHA512 f7a21d856e698d86612f485545640e381665a9e9e0d9cb05118217f51f5294087f666a60a070062bbe97f4acb0b21f9a32fa8ed1bd95918de4f89eab208368e9

memory/4100-152-0x00007FF717A50000-0x00007FF717DA4000-memory.dmp

C:\Windows\System\dSLAFog.exe

MD5 1100270903c80c43f7622e6fcb382aa9
SHA1 f4b73673c812e032a7ba9be6be3dd36afdcbd5b2
SHA256 cacf3c8831342f6c1dea5974de3cba9fc80e45a16322bb43b969ba70be264a26
SHA512 2ad097d46cbd0a4a083104d168432e38f7475aa029c5ae8628744e9972d2ab78f1a47b96ce237ad9633cb48cfd806d50dab8233c237eaf87a2109da1e269c51b

memory/1900-138-0x00007FF64A020000-0x00007FF64A374000-memory.dmp

C:\Windows\System\jPNLRVJ.exe

MD5 d55633fce53cfeef8d2994389c881bc1
SHA1 8172df567c9fd1457a57455efb2769a5890d7200
SHA256 3dd9625a904fc351c808b0f2f4321737815343021624c78f6e46fc07552c5704
SHA512 9e49b58c8396dad64f850f5e0695e8eafcd4f8c848779e9aa8784d831906fdae4f5002310fbbea0b0a2a503a6b86a78f0d28b292f038aad43daad55d0de4c46e

C:\Windows\System\cTtkmpf.exe

MD5 d716bd5613aaa290d50e67766e13011a
SHA1 0367f4dcb819788d38d8edc8ce8f2e35cce43b76
SHA256 f2336e51bd48457976e68efd9329c56604d93ce1b616b28bdb20d1a0342504c6
SHA512 dab51e7c6346f6ba5015c50f5ceba815b86c3a8fc2d2b6b8a6605f3a8529a4116e3ca209ae26fa563f15b5da2c37966937adec13a01015859e4ac675b8bc18b5

C:\Windows\System\vYUcoSM.exe

MD5 3a935fd06b0c756a328411bd599b77fe
SHA1 e38bbac567b764888a48f8fb549cbc84924cc84e
SHA256 280a1f19fdbc752a1d885e3c8d560525813d4bd3ee8dd53607771bf6a2fe42be
SHA512 8ae87524e7e7b6ee470e7834bbeec99bc4110d0efc471ff9fe5ec457bb6fd8e072519c11dea21f869e13b0094740f3ed846cc71c0c70c02a99e10e9d3091eb94

C:\Windows\System\eNsHbaa.exe

MD5 e2660383cf1b2730fdcfafa8faf60efa
SHA1 126d0e88c5e04aa985e33212a93ce08bac95c24e
SHA256 37e54538ed01ffc6dd14be3a5ac24be14adb0c291fd1ea0463fe8692fab28768
SHA512 276bd86d0b43c580a29cca54657be953ccee00d5e8976141ef9e870371d522e58ecc81c5b56bfd6a70a84fd0a55268398ced8b9a0e1d515af42c2420066cd334

C:\Windows\System\vttOqaG.exe

MD5 bb4fd37c3d2a7d931c091c05bf82e959
SHA1 8f13936ce80cb5a86f9fcd34c3228858f5050ff9
SHA256 ee6bcc948ed383c471767a2121e69afcc08046dd9b673a516376afb830bde124
SHA512 4afb0ad47c1c1635e09e6b6dc6070fef19f900f58ffc64c5ded0a6435339228a79caad24575d733c115320c45f4ade2b91e53f4025722078d5c2177437bf140f

memory/4596-120-0x00007FF670DC0000-0x00007FF671114000-memory.dmp

C:\Windows\System\GHkIOXT.exe

MD5 2991082e9838f88128846aa6094047c0
SHA1 933d99b1a904c4d16f7039d475c3d1677393f979
SHA256 2dfbef98ced25cd1b8eb0187b1f4e41f2293da798e32464b38e6c09f75707f2e
SHA512 315b7fc2202ad630dd755465ef9d33bda987d7d93e1b5d6c45b351be9099f36b781d55f6fd2dd09eeea6fe20a470d45c97c009b84a0d2884e57df543e246bbf3

memory/1888-110-0x00007FF714CF0000-0x00007FF715044000-memory.dmp

memory/4224-97-0x00007FF604A70000-0x00007FF604DC4000-memory.dmp

C:\Windows\System\UQbLPlo.exe

MD5 539b2b11284a74c3ee153e555034462b
SHA1 656b45914d17e5597628941ba5fbd7bcffbaf4a5
SHA256 9d2698e3b6ae313f8f3f8ba95d948339cc5cb5f3a533958c9df2681c3b38dc21
SHA512 0066962f504e76cbf76a4563e173cad26f37bc5be122c98831ca0e567f34f59767e236205154fda9ae274efed9d60aac76f3dd0e3e4a501dc07b14ae8641a1cf

memory/1308-93-0x00007FF708E60000-0x00007FF7091B4000-memory.dmp

C:\Windows\System\DCJoMSC.exe

MD5 b5c7adeed893608bf0f2b84376b10c20
SHA1 5d93f7a7dd481bb695c7398a668882aeb5304c58
SHA256 4aa601f49952fbf8683ce546be448077cfcc6f6bf723bdc9916273452029491b
SHA512 90e9aa4a07932e521a51aebc5e1219b82913a7b02c99b61e2a7aaceaadeb1caa26f3b4e37b7b12d28d64d294ee8652ee6055cd35f26b1c33fedb5f6b21bda583

C:\Windows\System\naDusLk.exe

MD5 0c981ada86e7f780e1cc0216a01a03bb
SHA1 87a837c2a5487586df57a54178cba9d3f0807f3b
SHA256 9e389964073758e9541654de972748dffc08d52408bd4e92aa0f9bebb4f9d20e
SHA512 67fa8839993b613b3a28dd65d979d84060ddead9d6fcea2d16551f1c51f566b8365653ee6c9aa3d286e22949a6f6b2e56a2ce5444601849de8a01808e165a705

C:\Windows\System\MbdsgPA.exe

MD5 b21b426ff07285b338f66d8921a34739
SHA1 28894237e6f3252840fc8a6fa6357d05c3bc4d83
SHA256 aa0b316c5b9df057e108060377abd21a0f6ca149801ba83f140305877a6aaad8
SHA512 20d4fcbb151256652b5a33130851c17c3e7f0e6ac9562b391b9a6afbfbc4e4d0f3aeeaaa02903a64b1949e7369821e55712ff6f70a2cf9fe1bacc08c8ac72e8c

memory/3808-82-0x00007FF7ED000000-0x00007FF7ED354000-memory.dmp

C:\Windows\System\NAXCUMv.exe

MD5 c3198b7b88a66f1408c7a9972a9723a7
SHA1 c0ee5cd29ce297499a95770514e763142806adab
SHA256 e9c7398b444d0d4ee1df80a935e77355bb2e8359a29be9e95a4dffb710f5c649
SHA512 d396c68d21aac81da87d81157ba93ce7e0dc00f71e64b8975bc2a20d9b6cbb9ddd69c5003ca441487f47d3ea8fad4415dea86932a2e8737af67afb76cf861072

C:\Windows\System\xglNLMp.exe

MD5 d63d5df7903dbca8cd4308614bf2ff25
SHA1 d22c7157aed0aea684bfb5a0d24e8c18ab2d694f
SHA256 8158338d946079c861b24769d5566a97211e25df0328255a58fddd43bbe90196
SHA512 8f991a736d5b01256acdcf27401e08cda1fcc5b4be416a2a416c61d66adcda4de0a9b60660a8f814c9d5a69a9eddd4f4af5cebc02a6a2398b2e3887392d10011

C:\Windows\System\NsHLszx.exe

MD5 62f169eb329a3d67eea2e345ab3ed28e
SHA1 15aa421154412f8b6e9389a1b482dc35cad64cbc
SHA256 e82bdfbf6dae4361595767d063fbb17c910485db8199a8ea702027840e96c7e8
SHA512 057914359a9f767b8edaf298238ba53dce2fb742aaf409d36b5b42d1fd2172b4444a437ab475acc2adfba12346bd6e9c11244f54b997b56f15c12d8e978f620a

C:\Windows\System\EBdtBNE.exe

MD5 53b8ec42fde83535aba387c264577240
SHA1 5b9b570154d86bcb8a7410a62213bf2e32961436
SHA256 271985ded31dbcf062876cf24b91b57c84ca92ca0251db460432b93d18a526d6
SHA512 a19ac1dde953c071b2e9e9a61006f0a6c9aba981109bd8c4c23cac5e79b7559c24fced81793590e76c2f3ae7d7cba83085f66d6f37e8f06d0897ef3ae8100bd7

memory/1764-180-0x00007FF744A70000-0x00007FF744DC4000-memory.dmp

memory/2000-541-0x00007FF6A1DD0000-0x00007FF6A2124000-memory.dmp

memory/376-896-0x00007FF75DEF0000-0x00007FF75E244000-memory.dmp

memory/2920-900-0x00007FF660130000-0x00007FF660484000-memory.dmp

memory/2672-1073-0x00007FF7AECB0000-0x00007FF7AF004000-memory.dmp

memory/4624-1074-0x00007FF726160000-0x00007FF7264B4000-memory.dmp

memory/2404-1075-0x00007FF7DBCA0000-0x00007FF7DBFF4000-memory.dmp

memory/552-1076-0x00007FF642CC0000-0x00007FF643014000-memory.dmp

memory/4824-1077-0x00007FF61A200000-0x00007FF61A554000-memory.dmp

memory/3808-1078-0x00007FF7ED000000-0x00007FF7ED354000-memory.dmp

memory/1308-1079-0x00007FF708E60000-0x00007FF7091B4000-memory.dmp

memory/1888-1080-0x00007FF714CF0000-0x00007FF715044000-memory.dmp

memory/3628-1082-0x00007FF7EAD20000-0x00007FF7EB074000-memory.dmp

memory/4596-1081-0x00007FF670DC0000-0x00007FF671114000-memory.dmp

memory/4224-1083-0x00007FF604A70000-0x00007FF604DC4000-memory.dmp

memory/404-1084-0x00007FF7DB140000-0x00007FF7DB494000-memory.dmp

memory/376-1085-0x00007FF75DEF0000-0x00007FF75E244000-memory.dmp

memory/2920-1086-0x00007FF660130000-0x00007FF660484000-memory.dmp

memory/2672-1087-0x00007FF7AECB0000-0x00007FF7AF004000-memory.dmp

memory/4624-1089-0x00007FF726160000-0x00007FF7264B4000-memory.dmp

memory/4960-1088-0x00007FF6DA850000-0x00007FF6DABA4000-memory.dmp

memory/2404-1090-0x00007FF7DBCA0000-0x00007FF7DBFF4000-memory.dmp

memory/552-1092-0x00007FF642CC0000-0x00007FF643014000-memory.dmp

memory/2816-1093-0x00007FF68F570000-0x00007FF68F8C4000-memory.dmp

memory/4588-1091-0x00007FF7353A0000-0x00007FF7356F4000-memory.dmp

memory/4824-1094-0x00007FF61A200000-0x00007FF61A554000-memory.dmp

memory/1308-1095-0x00007FF708E60000-0x00007FF7091B4000-memory.dmp

memory/3808-1097-0x00007FF7ED000000-0x00007FF7ED354000-memory.dmp

memory/4024-1096-0x00007FF75CB90000-0x00007FF75CEE4000-memory.dmp

memory/4224-1098-0x00007FF604A70000-0x00007FF604DC4000-memory.dmp

memory/1888-1107-0x00007FF714CF0000-0x00007FF715044000-memory.dmp

memory/3488-1109-0x00007FF6E3110000-0x00007FF6E3464000-memory.dmp

memory/984-1111-0x00007FF64FAB0000-0x00007FF64FE04000-memory.dmp

memory/4372-1110-0x00007FF763C60000-0x00007FF763FB4000-memory.dmp

memory/1400-1108-0x00007FF604B70000-0x00007FF604EC4000-memory.dmp

memory/4596-1106-0x00007FF670DC0000-0x00007FF671114000-memory.dmp

memory/3128-1105-0x00007FF78BAF0000-0x00007FF78BE44000-memory.dmp

memory/404-1104-0x00007FF7DB140000-0x00007FF7DB494000-memory.dmp

memory/1900-1103-0x00007FF64A020000-0x00007FF64A374000-memory.dmp

memory/2168-1102-0x00007FF794050000-0x00007FF7943A4000-memory.dmp

memory/3628-1101-0x00007FF7EAD20000-0x00007FF7EB074000-memory.dmp

memory/4100-1100-0x00007FF717A50000-0x00007FF717DA4000-memory.dmp

memory/4780-1099-0x00007FF60CCE0000-0x00007FF60D034000-memory.dmp

memory/3356-1112-0x00007FF659750000-0x00007FF659AA4000-memory.dmp

memory/1764-1113-0x00007FF744A70000-0x00007FF744DC4000-memory.dmp