Malware Analysis Report

2024-10-10 09:03

Sample ID 240604-21vsfsfc29
Target 13f5ddd3b72c5124ec1a8ad700cd41c0_NeikiAnalytics.exe
SHA256 314b3617900fee361964e0d8a32d47dc80fe6d8436a800fa18c89b493f7992f9
Tags
miner upx kpot xmrig stealer trojan
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

314b3617900fee361964e0d8a32d47dc80fe6d8436a800fa18c89b493f7992f9

Threat Level: Known bad

The file 13f5ddd3b72c5124ec1a8ad700cd41c0_NeikiAnalytics.exe was found to be: Known bad.

Malicious Activity Summary

miner upx kpot xmrig stealer trojan

KPOT Core Executable

Xmrig family

xmrig

Kpot family

XMRig Miner payload

KPOT

XMRig Miner payload

Loads dropped DLL

Executes dropped EXE

UPX packed file

Drops file in Windows directory

Unsigned PE

Suspicious use of WriteProcessMemory

Suspicious use of AdjustPrivilegeToken

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-04 23:03

Signatures

KPOT Core Executable

Description Indicator Process Target
N/A N/A N/A N/A

Kpot family

kpot

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A

Xmrig family

xmrig

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-04 23:03

Reported

2024-06-04 23:06

Platform

win7-20240221-en

Max time kernel

140s

Max time network

149s

Command Line

"C:\Users\Admin\AppData\Local\Temp\13f5ddd3b72c5124ec1a8ad700cd41c0_NeikiAnalytics.exe"

Signatures

KPOT

trojan stealer kpot

KPOT Core Executable

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

xmrig

miner xmrig

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Windows\System\GkrEUSL.exe N/A
N/A N/A C:\Windows\System\WEhpamQ.exe N/A
N/A N/A C:\Windows\System\MVjGovs.exe N/A
N/A N/A C:\Windows\System\EniDVhU.exe N/A
N/A N/A C:\Windows\System\FGnorHc.exe N/A
N/A N/A C:\Windows\System\fymZDkh.exe N/A
N/A N/A C:\Windows\System\tzgVRLH.exe N/A
N/A N/A C:\Windows\System\IAizOxI.exe N/A
N/A N/A C:\Windows\System\SSsajpI.exe N/A
N/A N/A C:\Windows\System\hFBwLdy.exe N/A
N/A N/A C:\Windows\System\ZJoHoEP.exe N/A
N/A N/A C:\Windows\System\cMCtIOO.exe N/A
N/A N/A C:\Windows\System\uIlZfvC.exe N/A
N/A N/A C:\Windows\System\UAnOFiI.exe N/A
N/A N/A C:\Windows\System\ApOUAaS.exe N/A
N/A N/A C:\Windows\System\NAJGcvB.exe N/A
N/A N/A C:\Windows\System\RORUWfO.exe N/A
N/A N/A C:\Windows\System\LodavkQ.exe N/A
N/A N/A C:\Windows\System\pCwrTUZ.exe N/A
N/A N/A C:\Windows\System\nFaQaVZ.exe N/A
N/A N/A C:\Windows\System\ZhBTSKb.exe N/A
N/A N/A C:\Windows\System\ZaYBbue.exe N/A
N/A N/A C:\Windows\System\pSpWPHM.exe N/A
N/A N/A C:\Windows\System\uOSWhBa.exe N/A
N/A N/A C:\Windows\System\VHVOfJw.exe N/A
N/A N/A C:\Windows\System\jHpgtaG.exe N/A
N/A N/A C:\Windows\System\tVWfPiK.exe N/A
N/A N/A C:\Windows\System\wLzFGVA.exe N/A
N/A N/A C:\Windows\System\FBMnBeS.exe N/A
N/A N/A C:\Windows\System\KIugXNw.exe N/A
N/A N/A C:\Windows\System\SDqjSor.exe N/A
N/A N/A C:\Windows\System\gYPIyfO.exe N/A
N/A N/A C:\Windows\System\GroiUPZ.exe N/A
N/A N/A C:\Windows\System\cCTgodn.exe N/A
N/A N/A C:\Windows\System\SCmfuuz.exe N/A
N/A N/A C:\Windows\System\wZqSxIY.exe N/A
N/A N/A C:\Windows\System\sGxrquh.exe N/A
N/A N/A C:\Windows\System\MxOeCaV.exe N/A
N/A N/A C:\Windows\System\VyCZOoi.exe N/A
N/A N/A C:\Windows\System\uccbnli.exe N/A
N/A N/A C:\Windows\System\RxyxihL.exe N/A
N/A N/A C:\Windows\System\YOtTNvM.exe N/A
N/A N/A C:\Windows\System\fTIpnVl.exe N/A
N/A N/A C:\Windows\System\DRqKDSS.exe N/A
N/A N/A C:\Windows\System\vfqHelP.exe N/A
N/A N/A C:\Windows\System\hqagIFb.exe N/A
N/A N/A C:\Windows\System\FWTPFgw.exe N/A
N/A N/A C:\Windows\System\rWirwNY.exe N/A
N/A N/A C:\Windows\System\JbZUJSQ.exe N/A
N/A N/A C:\Windows\System\UgjOrUX.exe N/A
N/A N/A C:\Windows\System\fHMyUQx.exe N/A
N/A N/A C:\Windows\System\kenaxwp.exe N/A
N/A N/A C:\Windows\System\UjAiBxh.exe N/A
N/A N/A C:\Windows\System\mnkvlCW.exe N/A
N/A N/A C:\Windows\System\hHhwGoN.exe N/A
N/A N/A C:\Windows\System\DxUHAaU.exe N/A
N/A N/A C:\Windows\System\VSzKhtT.exe N/A
N/A N/A C:\Windows\System\zxJuxrF.exe N/A
N/A N/A C:\Windows\System\qVWZrpR.exe N/A
N/A N/A C:\Windows\System\NAYilyo.exe N/A
N/A N/A C:\Windows\System\ijLuHxf.exe N/A
N/A N/A C:\Windows\System\iMzcfAp.exe N/A
N/A N/A C:\Windows\System\UdubyAh.exe N/A
N/A N/A C:\Windows\System\zMVGEee.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\13f5ddd3b72c5124ec1a8ad700cd41c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\13f5ddd3b72c5124ec1a8ad700cd41c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\13f5ddd3b72c5124ec1a8ad700cd41c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\13f5ddd3b72c5124ec1a8ad700cd41c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\13f5ddd3b72c5124ec1a8ad700cd41c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\13f5ddd3b72c5124ec1a8ad700cd41c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\13f5ddd3b72c5124ec1a8ad700cd41c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\13f5ddd3b72c5124ec1a8ad700cd41c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\13f5ddd3b72c5124ec1a8ad700cd41c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\13f5ddd3b72c5124ec1a8ad700cd41c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\13f5ddd3b72c5124ec1a8ad700cd41c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\13f5ddd3b72c5124ec1a8ad700cd41c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\13f5ddd3b72c5124ec1a8ad700cd41c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\13f5ddd3b72c5124ec1a8ad700cd41c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\13f5ddd3b72c5124ec1a8ad700cd41c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\13f5ddd3b72c5124ec1a8ad700cd41c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\13f5ddd3b72c5124ec1a8ad700cd41c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\13f5ddd3b72c5124ec1a8ad700cd41c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\13f5ddd3b72c5124ec1a8ad700cd41c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\13f5ddd3b72c5124ec1a8ad700cd41c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\13f5ddd3b72c5124ec1a8ad700cd41c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\13f5ddd3b72c5124ec1a8ad700cd41c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\13f5ddd3b72c5124ec1a8ad700cd41c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\13f5ddd3b72c5124ec1a8ad700cd41c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\13f5ddd3b72c5124ec1a8ad700cd41c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\13f5ddd3b72c5124ec1a8ad700cd41c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\13f5ddd3b72c5124ec1a8ad700cd41c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\13f5ddd3b72c5124ec1a8ad700cd41c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\13f5ddd3b72c5124ec1a8ad700cd41c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\13f5ddd3b72c5124ec1a8ad700cd41c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\13f5ddd3b72c5124ec1a8ad700cd41c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\13f5ddd3b72c5124ec1a8ad700cd41c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\13f5ddd3b72c5124ec1a8ad700cd41c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\13f5ddd3b72c5124ec1a8ad700cd41c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\13f5ddd3b72c5124ec1a8ad700cd41c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\13f5ddd3b72c5124ec1a8ad700cd41c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\13f5ddd3b72c5124ec1a8ad700cd41c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\13f5ddd3b72c5124ec1a8ad700cd41c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\13f5ddd3b72c5124ec1a8ad700cd41c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\13f5ddd3b72c5124ec1a8ad700cd41c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\13f5ddd3b72c5124ec1a8ad700cd41c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\13f5ddd3b72c5124ec1a8ad700cd41c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\13f5ddd3b72c5124ec1a8ad700cd41c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\13f5ddd3b72c5124ec1a8ad700cd41c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\13f5ddd3b72c5124ec1a8ad700cd41c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\13f5ddd3b72c5124ec1a8ad700cd41c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\13f5ddd3b72c5124ec1a8ad700cd41c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\13f5ddd3b72c5124ec1a8ad700cd41c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\13f5ddd3b72c5124ec1a8ad700cd41c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\13f5ddd3b72c5124ec1a8ad700cd41c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\13f5ddd3b72c5124ec1a8ad700cd41c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\13f5ddd3b72c5124ec1a8ad700cd41c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\13f5ddd3b72c5124ec1a8ad700cd41c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\13f5ddd3b72c5124ec1a8ad700cd41c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\13f5ddd3b72c5124ec1a8ad700cd41c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\13f5ddd3b72c5124ec1a8ad700cd41c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\13f5ddd3b72c5124ec1a8ad700cd41c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\13f5ddd3b72c5124ec1a8ad700cd41c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\13f5ddd3b72c5124ec1a8ad700cd41c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\13f5ddd3b72c5124ec1a8ad700cd41c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\13f5ddd3b72c5124ec1a8ad700cd41c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\13f5ddd3b72c5124ec1a8ad700cd41c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\13f5ddd3b72c5124ec1a8ad700cd41c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\13f5ddd3b72c5124ec1a8ad700cd41c0_NeikiAnalytics.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\System\EIhTzKZ.exe C:\Users\Admin\AppData\Local\Temp\13f5ddd3b72c5124ec1a8ad700cd41c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\dlaVKAU.exe C:\Users\Admin\AppData\Local\Temp\13f5ddd3b72c5124ec1a8ad700cd41c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\WTqBDWO.exe C:\Users\Admin\AppData\Local\Temp\13f5ddd3b72c5124ec1a8ad700cd41c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\jMthVuw.exe C:\Users\Admin\AppData\Local\Temp\13f5ddd3b72c5124ec1a8ad700cd41c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\spTZlwF.exe C:\Users\Admin\AppData\Local\Temp\13f5ddd3b72c5124ec1a8ad700cd41c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\nFaQaVZ.exe C:\Users\Admin\AppData\Local\Temp\13f5ddd3b72c5124ec1a8ad700cd41c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\fHMyUQx.exe C:\Users\Admin\AppData\Local\Temp\13f5ddd3b72c5124ec1a8ad700cd41c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\wlUTzye.exe C:\Users\Admin\AppData\Local\Temp\13f5ddd3b72c5124ec1a8ad700cd41c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\JuGfemC.exe C:\Users\Admin\AppData\Local\Temp\13f5ddd3b72c5124ec1a8ad700cd41c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\roRZQgD.exe C:\Users\Admin\AppData\Local\Temp\13f5ddd3b72c5124ec1a8ad700cd41c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\QFksydj.exe C:\Users\Admin\AppData\Local\Temp\13f5ddd3b72c5124ec1a8ad700cd41c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\MVKycLa.exe C:\Users\Admin\AppData\Local\Temp\13f5ddd3b72c5124ec1a8ad700cd41c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\foCqPxv.exe C:\Users\Admin\AppData\Local\Temp\13f5ddd3b72c5124ec1a8ad700cd41c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\AZFWSWP.exe C:\Users\Admin\AppData\Local\Temp\13f5ddd3b72c5124ec1a8ad700cd41c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\uccbnli.exe C:\Users\Admin\AppData\Local\Temp\13f5ddd3b72c5124ec1a8ad700cd41c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\RxyxihL.exe C:\Users\Admin\AppData\Local\Temp\13f5ddd3b72c5124ec1a8ad700cd41c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\UdubyAh.exe C:\Users\Admin\AppData\Local\Temp\13f5ddd3b72c5124ec1a8ad700cd41c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\LlejDkb.exe C:\Users\Admin\AppData\Local\Temp\13f5ddd3b72c5124ec1a8ad700cd41c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\scWdDwC.exe C:\Users\Admin\AppData\Local\Temp\13f5ddd3b72c5124ec1a8ad700cd41c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\NNuHLJm.exe C:\Users\Admin\AppData\Local\Temp\13f5ddd3b72c5124ec1a8ad700cd41c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\hHRkHrm.exe C:\Users\Admin\AppData\Local\Temp\13f5ddd3b72c5124ec1a8ad700cd41c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\Ppatidx.exe C:\Users\Admin\AppData\Local\Temp\13f5ddd3b72c5124ec1a8ad700cd41c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\mcweXeW.exe C:\Users\Admin\AppData\Local\Temp\13f5ddd3b72c5124ec1a8ad700cd41c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\Dqxgrvr.exe C:\Users\Admin\AppData\Local\Temp\13f5ddd3b72c5124ec1a8ad700cd41c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\MVjGovs.exe C:\Users\Admin\AppData\Local\Temp\13f5ddd3b72c5124ec1a8ad700cd41c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\JbZUJSQ.exe C:\Users\Admin\AppData\Local\Temp\13f5ddd3b72c5124ec1a8ad700cd41c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\oAIKLvv.exe C:\Users\Admin\AppData\Local\Temp\13f5ddd3b72c5124ec1a8ad700cd41c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\mehkQub.exe C:\Users\Admin\AppData\Local\Temp\13f5ddd3b72c5124ec1a8ad700cd41c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\NUgWeZL.exe C:\Users\Admin\AppData\Local\Temp\13f5ddd3b72c5124ec1a8ad700cd41c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\sUylTyv.exe C:\Users\Admin\AppData\Local\Temp\13f5ddd3b72c5124ec1a8ad700cd41c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\OVktGzk.exe C:\Users\Admin\AppData\Local\Temp\13f5ddd3b72c5124ec1a8ad700cd41c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\vIRcyIU.exe C:\Users\Admin\AppData\Local\Temp\13f5ddd3b72c5124ec1a8ad700cd41c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\jHpgtaG.exe C:\Users\Admin\AppData\Local\Temp\13f5ddd3b72c5124ec1a8ad700cd41c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\qVWZrpR.exe C:\Users\Admin\AppData\Local\Temp\13f5ddd3b72c5124ec1a8ad700cd41c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\eWtllKU.exe C:\Users\Admin\AppData\Local\Temp\13f5ddd3b72c5124ec1a8ad700cd41c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\khfzdkT.exe C:\Users\Admin\AppData\Local\Temp\13f5ddd3b72c5124ec1a8ad700cd41c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\TZHBTRy.exe C:\Users\Admin\AppData\Local\Temp\13f5ddd3b72c5124ec1a8ad700cd41c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\GcDNdGU.exe C:\Users\Admin\AppData\Local\Temp\13f5ddd3b72c5124ec1a8ad700cd41c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\unxQJgh.exe C:\Users\Admin\AppData\Local\Temp\13f5ddd3b72c5124ec1a8ad700cd41c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\BoFZHWs.exe C:\Users\Admin\AppData\Local\Temp\13f5ddd3b72c5124ec1a8ad700cd41c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\NAJGcvB.exe C:\Users\Admin\AppData\Local\Temp\13f5ddd3b72c5124ec1a8ad700cd41c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\mnkvlCW.exe C:\Users\Admin\AppData\Local\Temp\13f5ddd3b72c5124ec1a8ad700cd41c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\rQKJHyw.exe C:\Users\Admin\AppData\Local\Temp\13f5ddd3b72c5124ec1a8ad700cd41c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\FtOzDKa.exe C:\Users\Admin\AppData\Local\Temp\13f5ddd3b72c5124ec1a8ad700cd41c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\azydoFC.exe C:\Users\Admin\AppData\Local\Temp\13f5ddd3b72c5124ec1a8ad700cd41c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\BfRgDkQ.exe C:\Users\Admin\AppData\Local\Temp\13f5ddd3b72c5124ec1a8ad700cd41c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\uOeUSBX.exe C:\Users\Admin\AppData\Local\Temp\13f5ddd3b72c5124ec1a8ad700cd41c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\RPDbTla.exe C:\Users\Admin\AppData\Local\Temp\13f5ddd3b72c5124ec1a8ad700cd41c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\VHVOfJw.exe C:\Users\Admin\AppData\Local\Temp\13f5ddd3b72c5124ec1a8ad700cd41c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\fTIpnVl.exe C:\Users\Admin\AppData\Local\Temp\13f5ddd3b72c5124ec1a8ad700cd41c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\hqagIFb.exe C:\Users\Admin\AppData\Local\Temp\13f5ddd3b72c5124ec1a8ad700cd41c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\UgjOrUX.exe C:\Users\Admin\AppData\Local\Temp\13f5ddd3b72c5124ec1a8ad700cd41c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\NDWZrVP.exe C:\Users\Admin\AppData\Local\Temp\13f5ddd3b72c5124ec1a8ad700cd41c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\PtSIjGN.exe C:\Users\Admin\AppData\Local\Temp\13f5ddd3b72c5124ec1a8ad700cd41c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\jYrifkC.exe C:\Users\Admin\AppData\Local\Temp\13f5ddd3b72c5124ec1a8ad700cd41c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\KwZKNwZ.exe C:\Users\Admin\AppData\Local\Temp\13f5ddd3b72c5124ec1a8ad700cd41c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\JBLiUyC.exe C:\Users\Admin\AppData\Local\Temp\13f5ddd3b72c5124ec1a8ad700cd41c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\mXHNTMi.exe C:\Users\Admin\AppData\Local\Temp\13f5ddd3b72c5124ec1a8ad700cd41c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\cMYmIMj.exe C:\Users\Admin\AppData\Local\Temp\13f5ddd3b72c5124ec1a8ad700cd41c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\KDvopgK.exe C:\Users\Admin\AppData\Local\Temp\13f5ddd3b72c5124ec1a8ad700cd41c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\dHdyhgh.exe C:\Users\Admin\AppData\Local\Temp\13f5ddd3b72c5124ec1a8ad700cd41c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\IAizOxI.exe C:\Users\Admin\AppData\Local\Temp\13f5ddd3b72c5124ec1a8ad700cd41c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\MxOeCaV.exe C:\Users\Admin\AppData\Local\Temp\13f5ddd3b72c5124ec1a8ad700cd41c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\YOtTNvM.exe C:\Users\Admin\AppData\Local\Temp\13f5ddd3b72c5124ec1a8ad700cd41c0_NeikiAnalytics.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\13f5ddd3b72c5124ec1a8ad700cd41c0_NeikiAnalytics.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\13f5ddd3b72c5124ec1a8ad700cd41c0_NeikiAnalytics.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2224 wrote to memory of 1648 N/A C:\Users\Admin\AppData\Local\Temp\13f5ddd3b72c5124ec1a8ad700cd41c0_NeikiAnalytics.exe C:\Windows\System\GkrEUSL.exe
PID 2224 wrote to memory of 1648 N/A C:\Users\Admin\AppData\Local\Temp\13f5ddd3b72c5124ec1a8ad700cd41c0_NeikiAnalytics.exe C:\Windows\System\GkrEUSL.exe
PID 2224 wrote to memory of 1648 N/A C:\Users\Admin\AppData\Local\Temp\13f5ddd3b72c5124ec1a8ad700cd41c0_NeikiAnalytics.exe C:\Windows\System\GkrEUSL.exe
PID 2224 wrote to memory of 2928 N/A C:\Users\Admin\AppData\Local\Temp\13f5ddd3b72c5124ec1a8ad700cd41c0_NeikiAnalytics.exe C:\Windows\System\WEhpamQ.exe
PID 2224 wrote to memory of 2928 N/A C:\Users\Admin\AppData\Local\Temp\13f5ddd3b72c5124ec1a8ad700cd41c0_NeikiAnalytics.exe C:\Windows\System\WEhpamQ.exe
PID 2224 wrote to memory of 2928 N/A C:\Users\Admin\AppData\Local\Temp\13f5ddd3b72c5124ec1a8ad700cd41c0_NeikiAnalytics.exe C:\Windows\System\WEhpamQ.exe
PID 2224 wrote to memory of 3000 N/A C:\Users\Admin\AppData\Local\Temp\13f5ddd3b72c5124ec1a8ad700cd41c0_NeikiAnalytics.exe C:\Windows\System\MVjGovs.exe
PID 2224 wrote to memory of 3000 N/A C:\Users\Admin\AppData\Local\Temp\13f5ddd3b72c5124ec1a8ad700cd41c0_NeikiAnalytics.exe C:\Windows\System\MVjGovs.exe
PID 2224 wrote to memory of 3000 N/A C:\Users\Admin\AppData\Local\Temp\13f5ddd3b72c5124ec1a8ad700cd41c0_NeikiAnalytics.exe C:\Windows\System\MVjGovs.exe
PID 2224 wrote to memory of 2592 N/A C:\Users\Admin\AppData\Local\Temp\13f5ddd3b72c5124ec1a8ad700cd41c0_NeikiAnalytics.exe C:\Windows\System\EniDVhU.exe
PID 2224 wrote to memory of 2592 N/A C:\Users\Admin\AppData\Local\Temp\13f5ddd3b72c5124ec1a8ad700cd41c0_NeikiAnalytics.exe C:\Windows\System\EniDVhU.exe
PID 2224 wrote to memory of 2592 N/A C:\Users\Admin\AppData\Local\Temp\13f5ddd3b72c5124ec1a8ad700cd41c0_NeikiAnalytics.exe C:\Windows\System\EniDVhU.exe
PID 2224 wrote to memory of 2512 N/A C:\Users\Admin\AppData\Local\Temp\13f5ddd3b72c5124ec1a8ad700cd41c0_NeikiAnalytics.exe C:\Windows\System\FGnorHc.exe
PID 2224 wrote to memory of 2512 N/A C:\Users\Admin\AppData\Local\Temp\13f5ddd3b72c5124ec1a8ad700cd41c0_NeikiAnalytics.exe C:\Windows\System\FGnorHc.exe
PID 2224 wrote to memory of 2512 N/A C:\Users\Admin\AppData\Local\Temp\13f5ddd3b72c5124ec1a8ad700cd41c0_NeikiAnalytics.exe C:\Windows\System\FGnorHc.exe
PID 2224 wrote to memory of 2644 N/A C:\Users\Admin\AppData\Local\Temp\13f5ddd3b72c5124ec1a8ad700cd41c0_NeikiAnalytics.exe C:\Windows\System\fymZDkh.exe
PID 2224 wrote to memory of 2644 N/A C:\Users\Admin\AppData\Local\Temp\13f5ddd3b72c5124ec1a8ad700cd41c0_NeikiAnalytics.exe C:\Windows\System\fymZDkh.exe
PID 2224 wrote to memory of 2644 N/A C:\Users\Admin\AppData\Local\Temp\13f5ddd3b72c5124ec1a8ad700cd41c0_NeikiAnalytics.exe C:\Windows\System\fymZDkh.exe
PID 2224 wrote to memory of 2096 N/A C:\Users\Admin\AppData\Local\Temp\13f5ddd3b72c5124ec1a8ad700cd41c0_NeikiAnalytics.exe C:\Windows\System\tzgVRLH.exe
PID 2224 wrote to memory of 2096 N/A C:\Users\Admin\AppData\Local\Temp\13f5ddd3b72c5124ec1a8ad700cd41c0_NeikiAnalytics.exe C:\Windows\System\tzgVRLH.exe
PID 2224 wrote to memory of 2096 N/A C:\Users\Admin\AppData\Local\Temp\13f5ddd3b72c5124ec1a8ad700cd41c0_NeikiAnalytics.exe C:\Windows\System\tzgVRLH.exe
PID 2224 wrote to memory of 2520 N/A C:\Users\Admin\AppData\Local\Temp\13f5ddd3b72c5124ec1a8ad700cd41c0_NeikiAnalytics.exe C:\Windows\System\IAizOxI.exe
PID 2224 wrote to memory of 2520 N/A C:\Users\Admin\AppData\Local\Temp\13f5ddd3b72c5124ec1a8ad700cd41c0_NeikiAnalytics.exe C:\Windows\System\IAizOxI.exe
PID 2224 wrote to memory of 2520 N/A C:\Users\Admin\AppData\Local\Temp\13f5ddd3b72c5124ec1a8ad700cd41c0_NeikiAnalytics.exe C:\Windows\System\IAizOxI.exe
PID 2224 wrote to memory of 2556 N/A C:\Users\Admin\AppData\Local\Temp\13f5ddd3b72c5124ec1a8ad700cd41c0_NeikiAnalytics.exe C:\Windows\System\SSsajpI.exe
PID 2224 wrote to memory of 2556 N/A C:\Users\Admin\AppData\Local\Temp\13f5ddd3b72c5124ec1a8ad700cd41c0_NeikiAnalytics.exe C:\Windows\System\SSsajpI.exe
PID 2224 wrote to memory of 2556 N/A C:\Users\Admin\AppData\Local\Temp\13f5ddd3b72c5124ec1a8ad700cd41c0_NeikiAnalytics.exe C:\Windows\System\SSsajpI.exe
PID 2224 wrote to memory of 2460 N/A C:\Users\Admin\AppData\Local\Temp\13f5ddd3b72c5124ec1a8ad700cd41c0_NeikiAnalytics.exe C:\Windows\System\hFBwLdy.exe
PID 2224 wrote to memory of 2460 N/A C:\Users\Admin\AppData\Local\Temp\13f5ddd3b72c5124ec1a8ad700cd41c0_NeikiAnalytics.exe C:\Windows\System\hFBwLdy.exe
PID 2224 wrote to memory of 2460 N/A C:\Users\Admin\AppData\Local\Temp\13f5ddd3b72c5124ec1a8ad700cd41c0_NeikiAnalytics.exe C:\Windows\System\hFBwLdy.exe
PID 2224 wrote to memory of 2856 N/A C:\Users\Admin\AppData\Local\Temp\13f5ddd3b72c5124ec1a8ad700cd41c0_NeikiAnalytics.exe C:\Windows\System\ZJoHoEP.exe
PID 2224 wrote to memory of 2856 N/A C:\Users\Admin\AppData\Local\Temp\13f5ddd3b72c5124ec1a8ad700cd41c0_NeikiAnalytics.exe C:\Windows\System\ZJoHoEP.exe
PID 2224 wrote to memory of 2856 N/A C:\Users\Admin\AppData\Local\Temp\13f5ddd3b72c5124ec1a8ad700cd41c0_NeikiAnalytics.exe C:\Windows\System\ZJoHoEP.exe
PID 2224 wrote to memory of 2168 N/A C:\Users\Admin\AppData\Local\Temp\13f5ddd3b72c5124ec1a8ad700cd41c0_NeikiAnalytics.exe C:\Windows\System\uIlZfvC.exe
PID 2224 wrote to memory of 2168 N/A C:\Users\Admin\AppData\Local\Temp\13f5ddd3b72c5124ec1a8ad700cd41c0_NeikiAnalytics.exe C:\Windows\System\uIlZfvC.exe
PID 2224 wrote to memory of 2168 N/A C:\Users\Admin\AppData\Local\Temp\13f5ddd3b72c5124ec1a8ad700cd41c0_NeikiAnalytics.exe C:\Windows\System\uIlZfvC.exe
PID 2224 wrote to memory of 1564 N/A C:\Users\Admin\AppData\Local\Temp\13f5ddd3b72c5124ec1a8ad700cd41c0_NeikiAnalytics.exe C:\Windows\System\cMCtIOO.exe
PID 2224 wrote to memory of 1564 N/A C:\Users\Admin\AppData\Local\Temp\13f5ddd3b72c5124ec1a8ad700cd41c0_NeikiAnalytics.exe C:\Windows\System\cMCtIOO.exe
PID 2224 wrote to memory of 1564 N/A C:\Users\Admin\AppData\Local\Temp\13f5ddd3b72c5124ec1a8ad700cd41c0_NeikiAnalytics.exe C:\Windows\System\cMCtIOO.exe
PID 2224 wrote to memory of 1348 N/A C:\Users\Admin\AppData\Local\Temp\13f5ddd3b72c5124ec1a8ad700cd41c0_NeikiAnalytics.exe C:\Windows\System\UAnOFiI.exe
PID 2224 wrote to memory of 1348 N/A C:\Users\Admin\AppData\Local\Temp\13f5ddd3b72c5124ec1a8ad700cd41c0_NeikiAnalytics.exe C:\Windows\System\UAnOFiI.exe
PID 2224 wrote to memory of 1348 N/A C:\Users\Admin\AppData\Local\Temp\13f5ddd3b72c5124ec1a8ad700cd41c0_NeikiAnalytics.exe C:\Windows\System\UAnOFiI.exe
PID 2224 wrote to memory of 1548 N/A C:\Users\Admin\AppData\Local\Temp\13f5ddd3b72c5124ec1a8ad700cd41c0_NeikiAnalytics.exe C:\Windows\System\ApOUAaS.exe
PID 2224 wrote to memory of 1548 N/A C:\Users\Admin\AppData\Local\Temp\13f5ddd3b72c5124ec1a8ad700cd41c0_NeikiAnalytics.exe C:\Windows\System\ApOUAaS.exe
PID 2224 wrote to memory of 1548 N/A C:\Users\Admin\AppData\Local\Temp\13f5ddd3b72c5124ec1a8ad700cd41c0_NeikiAnalytics.exe C:\Windows\System\ApOUAaS.exe
PID 2224 wrote to memory of 996 N/A C:\Users\Admin\AppData\Local\Temp\13f5ddd3b72c5124ec1a8ad700cd41c0_NeikiAnalytics.exe C:\Windows\System\NAJGcvB.exe
PID 2224 wrote to memory of 996 N/A C:\Users\Admin\AppData\Local\Temp\13f5ddd3b72c5124ec1a8ad700cd41c0_NeikiAnalytics.exe C:\Windows\System\NAJGcvB.exe
PID 2224 wrote to memory of 996 N/A C:\Users\Admin\AppData\Local\Temp\13f5ddd3b72c5124ec1a8ad700cd41c0_NeikiAnalytics.exe C:\Windows\System\NAJGcvB.exe
PID 2224 wrote to memory of 2156 N/A C:\Users\Admin\AppData\Local\Temp\13f5ddd3b72c5124ec1a8ad700cd41c0_NeikiAnalytics.exe C:\Windows\System\RORUWfO.exe
PID 2224 wrote to memory of 2156 N/A C:\Users\Admin\AppData\Local\Temp\13f5ddd3b72c5124ec1a8ad700cd41c0_NeikiAnalytics.exe C:\Windows\System\RORUWfO.exe
PID 2224 wrote to memory of 2156 N/A C:\Users\Admin\AppData\Local\Temp\13f5ddd3b72c5124ec1a8ad700cd41c0_NeikiAnalytics.exe C:\Windows\System\RORUWfO.exe
PID 2224 wrote to memory of 2064 N/A C:\Users\Admin\AppData\Local\Temp\13f5ddd3b72c5124ec1a8ad700cd41c0_NeikiAnalytics.exe C:\Windows\System\LodavkQ.exe
PID 2224 wrote to memory of 2064 N/A C:\Users\Admin\AppData\Local\Temp\13f5ddd3b72c5124ec1a8ad700cd41c0_NeikiAnalytics.exe C:\Windows\System\LodavkQ.exe
PID 2224 wrote to memory of 2064 N/A C:\Users\Admin\AppData\Local\Temp\13f5ddd3b72c5124ec1a8ad700cd41c0_NeikiAnalytics.exe C:\Windows\System\LodavkQ.exe
PID 2224 wrote to memory of 1728 N/A C:\Users\Admin\AppData\Local\Temp\13f5ddd3b72c5124ec1a8ad700cd41c0_NeikiAnalytics.exe C:\Windows\System\pCwrTUZ.exe
PID 2224 wrote to memory of 1728 N/A C:\Users\Admin\AppData\Local\Temp\13f5ddd3b72c5124ec1a8ad700cd41c0_NeikiAnalytics.exe C:\Windows\System\pCwrTUZ.exe
PID 2224 wrote to memory of 1728 N/A C:\Users\Admin\AppData\Local\Temp\13f5ddd3b72c5124ec1a8ad700cd41c0_NeikiAnalytics.exe C:\Windows\System\pCwrTUZ.exe
PID 2224 wrote to memory of 2032 N/A C:\Users\Admin\AppData\Local\Temp\13f5ddd3b72c5124ec1a8ad700cd41c0_NeikiAnalytics.exe C:\Windows\System\nFaQaVZ.exe
PID 2224 wrote to memory of 2032 N/A C:\Users\Admin\AppData\Local\Temp\13f5ddd3b72c5124ec1a8ad700cd41c0_NeikiAnalytics.exe C:\Windows\System\nFaQaVZ.exe
PID 2224 wrote to memory of 2032 N/A C:\Users\Admin\AppData\Local\Temp\13f5ddd3b72c5124ec1a8ad700cd41c0_NeikiAnalytics.exe C:\Windows\System\nFaQaVZ.exe
PID 2224 wrote to memory of 1184 N/A C:\Users\Admin\AppData\Local\Temp\13f5ddd3b72c5124ec1a8ad700cd41c0_NeikiAnalytics.exe C:\Windows\System\ZhBTSKb.exe
PID 2224 wrote to memory of 1184 N/A C:\Users\Admin\AppData\Local\Temp\13f5ddd3b72c5124ec1a8ad700cd41c0_NeikiAnalytics.exe C:\Windows\System\ZhBTSKb.exe
PID 2224 wrote to memory of 1184 N/A C:\Users\Admin\AppData\Local\Temp\13f5ddd3b72c5124ec1a8ad700cd41c0_NeikiAnalytics.exe C:\Windows\System\ZhBTSKb.exe
PID 2224 wrote to memory of 2848 N/A C:\Users\Admin\AppData\Local\Temp\13f5ddd3b72c5124ec1a8ad700cd41c0_NeikiAnalytics.exe C:\Windows\System\ZaYBbue.exe

Processes

C:\Users\Admin\AppData\Local\Temp\13f5ddd3b72c5124ec1a8ad700cd41c0_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\13f5ddd3b72c5124ec1a8ad700cd41c0_NeikiAnalytics.exe"

C:\Windows\System\GkrEUSL.exe

C:\Windows\System\GkrEUSL.exe

C:\Windows\System\WEhpamQ.exe

C:\Windows\System\WEhpamQ.exe

C:\Windows\System\MVjGovs.exe

C:\Windows\System\MVjGovs.exe

C:\Windows\System\EniDVhU.exe

C:\Windows\System\EniDVhU.exe

C:\Windows\System\FGnorHc.exe

C:\Windows\System\FGnorHc.exe

C:\Windows\System\fymZDkh.exe

C:\Windows\System\fymZDkh.exe

C:\Windows\System\tzgVRLH.exe

C:\Windows\System\tzgVRLH.exe

C:\Windows\System\IAizOxI.exe

C:\Windows\System\IAizOxI.exe

C:\Windows\System\SSsajpI.exe

C:\Windows\System\SSsajpI.exe

C:\Windows\System\hFBwLdy.exe

C:\Windows\System\hFBwLdy.exe

C:\Windows\System\ZJoHoEP.exe

C:\Windows\System\ZJoHoEP.exe

C:\Windows\System\uIlZfvC.exe

C:\Windows\System\uIlZfvC.exe

C:\Windows\System\cMCtIOO.exe

C:\Windows\System\cMCtIOO.exe

C:\Windows\System\UAnOFiI.exe

C:\Windows\System\UAnOFiI.exe

C:\Windows\System\ApOUAaS.exe

C:\Windows\System\ApOUAaS.exe

C:\Windows\System\NAJGcvB.exe

C:\Windows\System\NAJGcvB.exe

C:\Windows\System\RORUWfO.exe

C:\Windows\System\RORUWfO.exe

C:\Windows\System\LodavkQ.exe

C:\Windows\System\LodavkQ.exe

C:\Windows\System\pCwrTUZ.exe

C:\Windows\System\pCwrTUZ.exe

C:\Windows\System\nFaQaVZ.exe

C:\Windows\System\nFaQaVZ.exe

C:\Windows\System\ZhBTSKb.exe

C:\Windows\System\ZhBTSKb.exe

C:\Windows\System\ZaYBbue.exe

C:\Windows\System\ZaYBbue.exe

C:\Windows\System\pSpWPHM.exe

C:\Windows\System\pSpWPHM.exe

C:\Windows\System\uOSWhBa.exe

C:\Windows\System\uOSWhBa.exe

C:\Windows\System\VHVOfJw.exe

C:\Windows\System\VHVOfJw.exe

C:\Windows\System\jHpgtaG.exe

C:\Windows\System\jHpgtaG.exe

C:\Windows\System\tVWfPiK.exe

C:\Windows\System\tVWfPiK.exe

C:\Windows\System\wLzFGVA.exe

C:\Windows\System\wLzFGVA.exe

C:\Windows\System\FBMnBeS.exe

C:\Windows\System\FBMnBeS.exe

C:\Windows\System\KIugXNw.exe

C:\Windows\System\KIugXNw.exe

C:\Windows\System\SDqjSor.exe

C:\Windows\System\SDqjSor.exe

C:\Windows\System\gYPIyfO.exe

C:\Windows\System\gYPIyfO.exe

C:\Windows\System\GroiUPZ.exe

C:\Windows\System\GroiUPZ.exe

C:\Windows\System\cCTgodn.exe

C:\Windows\System\cCTgodn.exe

C:\Windows\System\SCmfuuz.exe

C:\Windows\System\SCmfuuz.exe

C:\Windows\System\wZqSxIY.exe

C:\Windows\System\wZqSxIY.exe

C:\Windows\System\sGxrquh.exe

C:\Windows\System\sGxrquh.exe

C:\Windows\System\MxOeCaV.exe

C:\Windows\System\MxOeCaV.exe

C:\Windows\System\VyCZOoi.exe

C:\Windows\System\VyCZOoi.exe

C:\Windows\System\uccbnli.exe

C:\Windows\System\uccbnli.exe

C:\Windows\System\RxyxihL.exe

C:\Windows\System\RxyxihL.exe

C:\Windows\System\YOtTNvM.exe

C:\Windows\System\YOtTNvM.exe

C:\Windows\System\fTIpnVl.exe

C:\Windows\System\fTIpnVl.exe

C:\Windows\System\DRqKDSS.exe

C:\Windows\System\DRqKDSS.exe

C:\Windows\System\vfqHelP.exe

C:\Windows\System\vfqHelP.exe

C:\Windows\System\hqagIFb.exe

C:\Windows\System\hqagIFb.exe

C:\Windows\System\FWTPFgw.exe

C:\Windows\System\FWTPFgw.exe

C:\Windows\System\rWirwNY.exe

C:\Windows\System\rWirwNY.exe

C:\Windows\System\JbZUJSQ.exe

C:\Windows\System\JbZUJSQ.exe

C:\Windows\System\UgjOrUX.exe

C:\Windows\System\UgjOrUX.exe

C:\Windows\System\fHMyUQx.exe

C:\Windows\System\fHMyUQx.exe

C:\Windows\System\kenaxwp.exe

C:\Windows\System\kenaxwp.exe

C:\Windows\System\UjAiBxh.exe

C:\Windows\System\UjAiBxh.exe

C:\Windows\System\mnkvlCW.exe

C:\Windows\System\mnkvlCW.exe

C:\Windows\System\hHhwGoN.exe

C:\Windows\System\hHhwGoN.exe

C:\Windows\System\DxUHAaU.exe

C:\Windows\System\DxUHAaU.exe

C:\Windows\System\VSzKhtT.exe

C:\Windows\System\VSzKhtT.exe

C:\Windows\System\zxJuxrF.exe

C:\Windows\System\zxJuxrF.exe

C:\Windows\System\qVWZrpR.exe

C:\Windows\System\qVWZrpR.exe

C:\Windows\System\NAYilyo.exe

C:\Windows\System\NAYilyo.exe

C:\Windows\System\ijLuHxf.exe

C:\Windows\System\ijLuHxf.exe

C:\Windows\System\iMzcfAp.exe

C:\Windows\System\iMzcfAp.exe

C:\Windows\System\UdubyAh.exe

C:\Windows\System\UdubyAh.exe

C:\Windows\System\zMVGEee.exe

C:\Windows\System\zMVGEee.exe

C:\Windows\System\oyYBAKn.exe

C:\Windows\System\oyYBAKn.exe

C:\Windows\System\NDWZrVP.exe

C:\Windows\System\NDWZrVP.exe

C:\Windows\System\XaWrrVD.exe

C:\Windows\System\XaWrrVD.exe

C:\Windows\System\OzeKcZX.exe

C:\Windows\System\OzeKcZX.exe

C:\Windows\System\AnSnpZm.exe

C:\Windows\System\AnSnpZm.exe

C:\Windows\System\LvuDVaV.exe

C:\Windows\System\LvuDVaV.exe

C:\Windows\System\jUjVVvl.exe

C:\Windows\System\jUjVVvl.exe

C:\Windows\System\RJRbjwz.exe

C:\Windows\System\RJRbjwz.exe

C:\Windows\System\bAhRgoo.exe

C:\Windows\System\bAhRgoo.exe

C:\Windows\System\MimRfzF.exe

C:\Windows\System\MimRfzF.exe

C:\Windows\System\zHXloNj.exe

C:\Windows\System\zHXloNj.exe

C:\Windows\System\hoSicrJ.exe

C:\Windows\System\hoSicrJ.exe

C:\Windows\System\wliUawU.exe

C:\Windows\System\wliUawU.exe

C:\Windows\System\ZVRSCgL.exe

C:\Windows\System\ZVRSCgL.exe

C:\Windows\System\PtSIjGN.exe

C:\Windows\System\PtSIjGN.exe

C:\Windows\System\OEcRUSw.exe

C:\Windows\System\OEcRUSw.exe

C:\Windows\System\uNnuWnt.exe

C:\Windows\System\uNnuWnt.exe

C:\Windows\System\qOPqpGR.exe

C:\Windows\System\qOPqpGR.exe

C:\Windows\System\nJCpxXv.exe

C:\Windows\System\nJCpxXv.exe

C:\Windows\System\TNuaqOf.exe

C:\Windows\System\TNuaqOf.exe

C:\Windows\System\vxgBIJy.exe

C:\Windows\System\vxgBIJy.exe

C:\Windows\System\ztlQhUX.exe

C:\Windows\System\ztlQhUX.exe

C:\Windows\System\YdqcMIQ.exe

C:\Windows\System\YdqcMIQ.exe

C:\Windows\System\zWvaPfH.exe

C:\Windows\System\zWvaPfH.exe

C:\Windows\System\KDvopgK.exe

C:\Windows\System\KDvopgK.exe

C:\Windows\System\oAIKLvv.exe

C:\Windows\System\oAIKLvv.exe

C:\Windows\System\oAUyMWd.exe

C:\Windows\System\oAUyMWd.exe

C:\Windows\System\TGiEAaW.exe

C:\Windows\System\TGiEAaW.exe

C:\Windows\System\BihmfzC.exe

C:\Windows\System\BihmfzC.exe

C:\Windows\System\fnqqyhh.exe

C:\Windows\System\fnqqyhh.exe

C:\Windows\System\tHTINLQ.exe

C:\Windows\System\tHTINLQ.exe

C:\Windows\System\cmaKlQe.exe

C:\Windows\System\cmaKlQe.exe

C:\Windows\System\eNZwTgy.exe

C:\Windows\System\eNZwTgy.exe

C:\Windows\System\eWtllKU.exe

C:\Windows\System\eWtllKU.exe

C:\Windows\System\QYqVQCr.exe

C:\Windows\System\QYqVQCr.exe

C:\Windows\System\bGqJWgn.exe

C:\Windows\System\bGqJWgn.exe

C:\Windows\System\KGnpqoq.exe

C:\Windows\System\KGnpqoq.exe

C:\Windows\System\UCylORJ.exe

C:\Windows\System\UCylORJ.exe

C:\Windows\System\LlejDkb.exe

C:\Windows\System\LlejDkb.exe

C:\Windows\System\mehkQub.exe

C:\Windows\System\mehkQub.exe

C:\Windows\System\xNEbzuy.exe

C:\Windows\System\xNEbzuy.exe

C:\Windows\System\QFksydj.exe

C:\Windows\System\QFksydj.exe

C:\Windows\System\mByXAek.exe

C:\Windows\System\mByXAek.exe

C:\Windows\System\YDtdoGQ.exe

C:\Windows\System\YDtdoGQ.exe

C:\Windows\System\NNuHLJm.exe

C:\Windows\System\NNuHLJm.exe

C:\Windows\System\VKaSCPY.exe

C:\Windows\System\VKaSCPY.exe

C:\Windows\System\lmncmMA.exe

C:\Windows\System\lmncmMA.exe

C:\Windows\System\JlbeRNW.exe

C:\Windows\System\JlbeRNW.exe

C:\Windows\System\ApXSswL.exe

C:\Windows\System\ApXSswL.exe

C:\Windows\System\OUKXlPy.exe

C:\Windows\System\OUKXlPy.exe

C:\Windows\System\AbPmdsJ.exe

C:\Windows\System\AbPmdsJ.exe

C:\Windows\System\uyesRmY.exe

C:\Windows\System\uyesRmY.exe

C:\Windows\System\KyuvczA.exe

C:\Windows\System\KyuvczA.exe

C:\Windows\System\GORQhtU.exe

C:\Windows\System\GORQhtU.exe

C:\Windows\System\Lxskjwp.exe

C:\Windows\System\Lxskjwp.exe

C:\Windows\System\uOeUSBX.exe

C:\Windows\System\uOeUSBX.exe

C:\Windows\System\toLeUjt.exe

C:\Windows\System\toLeUjt.exe

C:\Windows\System\olPsgIC.exe

C:\Windows\System\olPsgIC.exe

C:\Windows\System\mqfHWRb.exe

C:\Windows\System\mqfHWRb.exe

C:\Windows\System\EIhTzKZ.exe

C:\Windows\System\EIhTzKZ.exe

C:\Windows\System\lxlWNDx.exe

C:\Windows\System\lxlWNDx.exe

C:\Windows\System\qBhkiag.exe

C:\Windows\System\qBhkiag.exe

C:\Windows\System\QWPFzUr.exe

C:\Windows\System\QWPFzUr.exe

C:\Windows\System\ICDjhKt.exe

C:\Windows\System\ICDjhKt.exe

C:\Windows\System\VwBjEdS.exe

C:\Windows\System\VwBjEdS.exe

C:\Windows\System\BIpYDpq.exe

C:\Windows\System\BIpYDpq.exe

C:\Windows\System\kROLNUB.exe

C:\Windows\System\kROLNUB.exe

C:\Windows\System\rQKJHyw.exe

C:\Windows\System\rQKJHyw.exe

C:\Windows\System\bCTZuKj.exe

C:\Windows\System\bCTZuKj.exe

C:\Windows\System\FtOzDKa.exe

C:\Windows\System\FtOzDKa.exe

C:\Windows\System\QVBZOFA.exe

C:\Windows\System\QVBZOFA.exe

C:\Windows\System\jYrifkC.exe

C:\Windows\System\jYrifkC.exe

C:\Windows\System\qiNlKsG.exe

C:\Windows\System\qiNlKsG.exe

C:\Windows\System\NUgWeZL.exe

C:\Windows\System\NUgWeZL.exe

C:\Windows\System\mcweXeW.exe

C:\Windows\System\mcweXeW.exe

C:\Windows\System\ShnjqyH.exe

C:\Windows\System\ShnjqyH.exe

C:\Windows\System\FkuSLTG.exe

C:\Windows\System\FkuSLTG.exe

C:\Windows\System\gnPjlBK.exe

C:\Windows\System\gnPjlBK.exe

C:\Windows\System\scWdDwC.exe

C:\Windows\System\scWdDwC.exe

C:\Windows\System\EWcDqOC.exe

C:\Windows\System\EWcDqOC.exe

C:\Windows\System\nUdFfBk.exe

C:\Windows\System\nUdFfBk.exe

C:\Windows\System\GiQhCvW.exe

C:\Windows\System\GiQhCvW.exe

C:\Windows\System\NeBvKtp.exe

C:\Windows\System\NeBvKtp.exe

C:\Windows\System\BkNUsGT.exe

C:\Windows\System\BkNUsGT.exe

C:\Windows\System\dmCJhIE.exe

C:\Windows\System\dmCJhIE.exe

C:\Windows\System\BgKxzTi.exe

C:\Windows\System\BgKxzTi.exe

C:\Windows\System\OtOvmXm.exe

C:\Windows\System\OtOvmXm.exe

C:\Windows\System\koylwYc.exe

C:\Windows\System\koylwYc.exe

C:\Windows\System\mUFXwYb.exe

C:\Windows\System\mUFXwYb.exe

C:\Windows\System\iLxcANJ.exe

C:\Windows\System\iLxcANJ.exe

C:\Windows\System\kRzMkmv.exe

C:\Windows\System\kRzMkmv.exe

C:\Windows\System\MUhXClC.exe

C:\Windows\System\MUhXClC.exe

C:\Windows\System\JMrkwbW.exe

C:\Windows\System\JMrkwbW.exe

C:\Windows\System\fiyexyT.exe

C:\Windows\System\fiyexyT.exe

C:\Windows\System\WcsGFUG.exe

C:\Windows\System\WcsGFUG.exe

C:\Windows\System\FyfvINt.exe

C:\Windows\System\FyfvINt.exe

C:\Windows\System\wjeCJcO.exe

C:\Windows\System\wjeCJcO.exe

C:\Windows\System\roRmgkl.exe

C:\Windows\System\roRmgkl.exe

C:\Windows\System\bVLHNbH.exe

C:\Windows\System\bVLHNbH.exe

C:\Windows\System\yWylYHd.exe

C:\Windows\System\yWylYHd.exe

C:\Windows\System\eYrPwhc.exe

C:\Windows\System\eYrPwhc.exe

C:\Windows\System\sUylTyv.exe

C:\Windows\System\sUylTyv.exe

C:\Windows\System\fInOwBt.exe

C:\Windows\System\fInOwBt.exe

C:\Windows\System\aiPxvMM.exe

C:\Windows\System\aiPxvMM.exe

C:\Windows\System\IxquZFb.exe

C:\Windows\System\IxquZFb.exe

C:\Windows\System\hHRkHrm.exe

C:\Windows\System\hHRkHrm.exe

C:\Windows\System\hACoszb.exe

C:\Windows\System\hACoszb.exe

C:\Windows\System\pVEICHF.exe

C:\Windows\System\pVEICHF.exe

C:\Windows\System\wlUTzye.exe

C:\Windows\System\wlUTzye.exe

C:\Windows\System\MVKycLa.exe

C:\Windows\System\MVKycLa.exe

C:\Windows\System\YVXhsjK.exe

C:\Windows\System\YVXhsjK.exe

C:\Windows\System\XCLsZBU.exe

C:\Windows\System\XCLsZBU.exe

C:\Windows\System\KElynfY.exe

C:\Windows\System\KElynfY.exe

C:\Windows\System\kBfMtvB.exe

C:\Windows\System\kBfMtvB.exe

C:\Windows\System\IdHeZxA.exe

C:\Windows\System\IdHeZxA.exe

C:\Windows\System\qxlvACd.exe

C:\Windows\System\qxlvACd.exe

C:\Windows\System\JuGfemC.exe

C:\Windows\System\JuGfemC.exe

C:\Windows\System\JJSJWmH.exe

C:\Windows\System\JJSJWmH.exe

C:\Windows\System\IeKeJpl.exe

C:\Windows\System\IeKeJpl.exe

C:\Windows\System\ihGBOVa.exe

C:\Windows\System\ihGBOVa.exe

C:\Windows\System\VenvOHY.exe

C:\Windows\System\VenvOHY.exe

C:\Windows\System\ibjFuJE.exe

C:\Windows\System\ibjFuJE.exe

C:\Windows\System\eXNNPdJ.exe

C:\Windows\System\eXNNPdJ.exe

C:\Windows\System\dlaVKAU.exe

C:\Windows\System\dlaVKAU.exe

C:\Windows\System\LVkSOvS.exe

C:\Windows\System\LVkSOvS.exe

C:\Windows\System\SKveaHZ.exe

C:\Windows\System\SKveaHZ.exe

C:\Windows\System\mOIkpXu.exe

C:\Windows\System\mOIkpXu.exe

C:\Windows\System\xtHUtzk.exe

C:\Windows\System\xtHUtzk.exe

C:\Windows\System\VWmGKqi.exe

C:\Windows\System\VWmGKqi.exe

C:\Windows\System\dHdyhgh.exe

C:\Windows\System\dHdyhgh.exe

C:\Windows\System\pjguNre.exe

C:\Windows\System\pjguNre.exe

C:\Windows\System\vReqvSq.exe

C:\Windows\System\vReqvSq.exe

C:\Windows\System\bcyaBwY.exe

C:\Windows\System\bcyaBwY.exe

C:\Windows\System\BvqsWRZ.exe

C:\Windows\System\BvqsWRZ.exe

C:\Windows\System\MvnvbmW.exe

C:\Windows\System\MvnvbmW.exe

C:\Windows\System\VIWpCPF.exe

C:\Windows\System\VIWpCPF.exe

C:\Windows\System\MBFnEKt.exe

C:\Windows\System\MBFnEKt.exe

C:\Windows\System\KZkCwMa.exe

C:\Windows\System\KZkCwMa.exe

C:\Windows\System\xrXnYLJ.exe

C:\Windows\System\xrXnYLJ.exe

C:\Windows\System\aBPlkbK.exe

C:\Windows\System\aBPlkbK.exe

C:\Windows\System\Kttbimf.exe

C:\Windows\System\Kttbimf.exe

C:\Windows\System\roRZQgD.exe

C:\Windows\System\roRZQgD.exe

C:\Windows\System\loebbLt.exe

C:\Windows\System\loebbLt.exe

C:\Windows\System\PheMAWU.exe

C:\Windows\System\PheMAWU.exe

C:\Windows\System\azydoFC.exe

C:\Windows\System\azydoFC.exe

C:\Windows\System\aFRLBVX.exe

C:\Windows\System\aFRLBVX.exe

C:\Windows\System\xJHYhAj.exe

C:\Windows\System\xJHYhAj.exe

C:\Windows\System\nMfAybF.exe

C:\Windows\System\nMfAybF.exe

C:\Windows\System\EGNRAGK.exe

C:\Windows\System\EGNRAGK.exe

C:\Windows\System\RPDbTla.exe

C:\Windows\System\RPDbTla.exe

C:\Windows\System\isPfpce.exe

C:\Windows\System\isPfpce.exe

C:\Windows\System\fNmvvSM.exe

C:\Windows\System\fNmvvSM.exe

C:\Windows\System\pwXuzXh.exe

C:\Windows\System\pwXuzXh.exe

C:\Windows\System\UgPUbCG.exe

C:\Windows\System\UgPUbCG.exe

C:\Windows\System\ssRhXyF.exe

C:\Windows\System\ssRhXyF.exe

C:\Windows\System\xqrUeHM.exe

C:\Windows\System\xqrUeHM.exe

C:\Windows\System\vVrJMtF.exe

C:\Windows\System\vVrJMtF.exe

C:\Windows\System\ClCGJxG.exe

C:\Windows\System\ClCGJxG.exe

C:\Windows\System\CVcuJQa.exe

C:\Windows\System\CVcuJQa.exe

C:\Windows\System\LJpnJyE.exe

C:\Windows\System\LJpnJyE.exe

C:\Windows\System\pFmiVOC.exe

C:\Windows\System\pFmiVOC.exe

C:\Windows\System\CAGeeCF.exe

C:\Windows\System\CAGeeCF.exe

C:\Windows\System\GQVkRUK.exe

C:\Windows\System\GQVkRUK.exe

C:\Windows\System\jryuCQk.exe

C:\Windows\System\jryuCQk.exe

C:\Windows\System\GVYjxTF.exe

C:\Windows\System\GVYjxTF.exe

C:\Windows\System\hyJzEhn.exe

C:\Windows\System\hyJzEhn.exe

C:\Windows\System\WkTnZQF.exe

C:\Windows\System\WkTnZQF.exe

C:\Windows\System\GcDNdGU.exe

C:\Windows\System\GcDNdGU.exe

C:\Windows\System\NNEeLvR.exe

C:\Windows\System\NNEeLvR.exe

C:\Windows\System\eCwcSuE.exe

C:\Windows\System\eCwcSuE.exe

C:\Windows\System\QuTUaYS.exe

C:\Windows\System\QuTUaYS.exe

C:\Windows\System\MoSpVHX.exe

C:\Windows\System\MoSpVHX.exe

C:\Windows\System\DQPSlvh.exe

C:\Windows\System\DQPSlvh.exe

C:\Windows\System\ZwtvLcy.exe

C:\Windows\System\ZwtvLcy.exe

C:\Windows\System\GJqsTgu.exe

C:\Windows\System\GJqsTgu.exe

C:\Windows\System\mBbNjxW.exe

C:\Windows\System\mBbNjxW.exe

C:\Windows\System\PYyHvYO.exe

C:\Windows\System\PYyHvYO.exe

C:\Windows\System\eRuHfeX.exe

C:\Windows\System\eRuHfeX.exe

C:\Windows\System\eKNAPPI.exe

C:\Windows\System\eKNAPPI.exe

C:\Windows\System\khfzdkT.exe

C:\Windows\System\khfzdkT.exe

C:\Windows\System\sFcDCFY.exe

C:\Windows\System\sFcDCFY.exe

C:\Windows\System\WMCQEJo.exe

C:\Windows\System\WMCQEJo.exe

C:\Windows\System\YrksMCA.exe

C:\Windows\System\YrksMCA.exe

C:\Windows\System\nnXowsw.exe

C:\Windows\System\nnXowsw.exe

C:\Windows\System\DJCVell.exe

C:\Windows\System\DJCVell.exe

C:\Windows\System\onoRvfN.exe

C:\Windows\System\onoRvfN.exe

C:\Windows\System\bhxSTBy.exe

C:\Windows\System\bhxSTBy.exe

C:\Windows\System\EZiUuhI.exe

C:\Windows\System\EZiUuhI.exe

C:\Windows\System\TPdEtmP.exe

C:\Windows\System\TPdEtmP.exe

C:\Windows\System\QPkpDhT.exe

C:\Windows\System\QPkpDhT.exe

C:\Windows\System\ADMEMXr.exe

C:\Windows\System\ADMEMXr.exe

C:\Windows\System\vmIEbkL.exe

C:\Windows\System\vmIEbkL.exe

C:\Windows\System\foCqPxv.exe

C:\Windows\System\foCqPxv.exe

C:\Windows\System\OUDgfYX.exe

C:\Windows\System\OUDgfYX.exe

C:\Windows\System\erzRFSE.exe

C:\Windows\System\erzRFSE.exe

C:\Windows\System\BBJrcoq.exe

C:\Windows\System\BBJrcoq.exe

C:\Windows\System\vzOWkex.exe

C:\Windows\System\vzOWkex.exe

C:\Windows\System\IRlKGxW.exe

C:\Windows\System\IRlKGxW.exe

C:\Windows\System\KwZKNwZ.exe

C:\Windows\System\KwZKNwZ.exe

C:\Windows\System\IrXSfrT.exe

C:\Windows\System\IrXSfrT.exe

C:\Windows\System\VTYeCnq.exe

C:\Windows\System\VTYeCnq.exe

C:\Windows\System\zLBNwis.exe

C:\Windows\System\zLBNwis.exe

C:\Windows\System\tXHmnBf.exe

C:\Windows\System\tXHmnBf.exe

C:\Windows\System\ACfRjqn.exe

C:\Windows\System\ACfRjqn.exe

C:\Windows\System\nhpvomI.exe

C:\Windows\System\nhpvomI.exe

C:\Windows\System\TZHBTRy.exe

C:\Windows\System\TZHBTRy.exe

C:\Windows\System\TIVHMql.exe

C:\Windows\System\TIVHMql.exe

C:\Windows\System\WTqBDWO.exe

C:\Windows\System\WTqBDWO.exe

C:\Windows\System\wOzLuQZ.exe

C:\Windows\System\wOzLuQZ.exe

C:\Windows\System\Dqxgrvr.exe

C:\Windows\System\Dqxgrvr.exe

C:\Windows\System\EKZBLIs.exe

C:\Windows\System\EKZBLIs.exe

C:\Windows\System\jMthVuw.exe

C:\Windows\System\jMthVuw.exe

C:\Windows\System\IcFYShU.exe

C:\Windows\System\IcFYShU.exe

C:\Windows\System\gWvjOhs.exe

C:\Windows\System\gWvjOhs.exe

C:\Windows\System\lIWQYTf.exe

C:\Windows\System\lIWQYTf.exe

C:\Windows\System\unxQJgh.exe

C:\Windows\System\unxQJgh.exe

C:\Windows\System\eIoffYU.exe

C:\Windows\System\eIoffYU.exe

C:\Windows\System\LAjohYD.exe

C:\Windows\System\LAjohYD.exe

C:\Windows\System\JBLiUyC.exe

C:\Windows\System\JBLiUyC.exe

C:\Windows\System\AZFWSWP.exe

C:\Windows\System\AZFWSWP.exe

C:\Windows\System\BoFZHWs.exe

C:\Windows\System\BoFZHWs.exe

C:\Windows\System\rYNkCyw.exe

C:\Windows\System\rYNkCyw.exe

C:\Windows\System\gpEaChs.exe

C:\Windows\System\gpEaChs.exe

C:\Windows\System\qpqGEze.exe

C:\Windows\System\qpqGEze.exe

C:\Windows\System\EXKSJCN.exe

C:\Windows\System\EXKSJCN.exe

C:\Windows\System\tqxtrHB.exe

C:\Windows\System\tqxtrHB.exe

C:\Windows\System\qUxoUSx.exe

C:\Windows\System\qUxoUSx.exe

C:\Windows\System\KotIBbk.exe

C:\Windows\System\KotIBbk.exe

C:\Windows\System\azXjBZd.exe

C:\Windows\System\azXjBZd.exe

C:\Windows\System\OVktGzk.exe

C:\Windows\System\OVktGzk.exe

C:\Windows\System\sDPsgKX.exe

C:\Windows\System\sDPsgKX.exe

C:\Windows\System\vIRcyIU.exe

C:\Windows\System\vIRcyIU.exe

C:\Windows\System\BCtXCqF.exe

C:\Windows\System\BCtXCqF.exe

C:\Windows\System\QwACLYJ.exe

C:\Windows\System\QwACLYJ.exe

C:\Windows\System\pSHnDaE.exe

C:\Windows\System\pSHnDaE.exe

C:\Windows\System\eCIEclq.exe

C:\Windows\System\eCIEclq.exe

C:\Windows\System\XgcDyBc.exe

C:\Windows\System\XgcDyBc.exe

C:\Windows\System\BfRgDkQ.exe

C:\Windows\System\BfRgDkQ.exe

C:\Windows\System\aFRcyzz.exe

C:\Windows\System\aFRcyzz.exe

C:\Windows\System\SeaZIlD.exe

C:\Windows\System\SeaZIlD.exe

C:\Windows\System\mXHNTMi.exe

C:\Windows\System\mXHNTMi.exe

C:\Windows\System\RLOaFCR.exe

C:\Windows\System\RLOaFCR.exe

C:\Windows\System\cMYmIMj.exe

C:\Windows\System\cMYmIMj.exe

C:\Windows\System\itVFSZP.exe

C:\Windows\System\itVFSZP.exe

C:\Windows\System\UKPZWcy.exe

C:\Windows\System\UKPZWcy.exe

C:\Windows\System\ePugiGL.exe

C:\Windows\System\ePugiGL.exe

C:\Windows\System\etCQMIM.exe

C:\Windows\System\etCQMIM.exe

C:\Windows\System\EWKLlEe.exe

C:\Windows\System\EWKLlEe.exe

C:\Windows\System\DTZhqRD.exe

C:\Windows\System\DTZhqRD.exe

C:\Windows\System\Ppatidx.exe

C:\Windows\System\Ppatidx.exe

C:\Windows\System\UVzqemn.exe

C:\Windows\System\UVzqemn.exe

C:\Windows\System\bOpFKjC.exe

C:\Windows\System\bOpFKjC.exe

C:\Windows\System\bXrGWtA.exe

C:\Windows\System\bXrGWtA.exe

C:\Windows\System\JlJpYtY.exe

C:\Windows\System\JlJpYtY.exe

C:\Windows\System\gYcRTSx.exe

C:\Windows\System\gYcRTSx.exe

C:\Windows\System\mGrTIhR.exe

C:\Windows\System\mGrTIhR.exe

C:\Windows\System\IaiTmSv.exe

C:\Windows\System\IaiTmSv.exe

C:\Windows\System\jPjcDIR.exe

C:\Windows\System\jPjcDIR.exe

C:\Windows\System\gJYKieI.exe

C:\Windows\System\gJYKieI.exe

C:\Windows\System\yKkmZQz.exe

C:\Windows\System\yKkmZQz.exe

C:\Windows\System\spTZlwF.exe

C:\Windows\System\spTZlwF.exe

Network

Country Destination Domain Proto
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp

Files

memory/2224-0-0x00000000000F0000-0x0000000000100000-memory.dmp

memory/2224-2-0x000000013F300000-0x000000013F654000-memory.dmp

\Windows\system\GkrEUSL.exe

MD5 6d3fc766e922eb6d1773cc51219ad177
SHA1 184c66dec1129a23f92cd77a71c35ceed1f4ead4
SHA256 6c081460c007a5117f4ee2544713b30551d4182a36e4ff5b113df651d152e836
SHA512 b7b1c07193005228db14a12b5d0552643ce7701f1a0c9bf4e2f327ff26d02fc0a39f758d9f0c9d401efaa3065091ca0e7ac697ce61ad2036730e01128c466831

memory/2224-6-0x000000013FCF0000-0x0000000140044000-memory.dmp

memory/1648-9-0x000000013FCF0000-0x0000000140044000-memory.dmp

\Windows\system\WEhpamQ.exe

MD5 10006d9d1cdee25de0420b8747efa794
SHA1 c2103bfc639062363ff227c8685d9c421e1b07fe
SHA256 2df1efb995ea23be8fed3d32703493bd1a9cee6dd064b5df33c3783afd4b9e1a
SHA512 e4ba5feb184a921262b1fdf03342902678d87fd8c125087752c2eec280dedd991d2beda4bdaaf69f0ba719672344ef1e14207ebf6f543ecd86bf00d4ca23ade7

memory/2224-13-0x0000000001FC0000-0x0000000002314000-memory.dmp

C:\Windows\system\MVjGovs.exe

MD5 17ebc33c5581784807be775dbf40333d
SHA1 0f6b4a9123188711167958e4c7ab664762481340
SHA256 31e7cb267d58cc7173e4e9e60126daf9f9ee2b0618feade6d1e565bdbf5515bc
SHA512 27b5d83fdd06db75fc896f76d829dc91bd3b0c18f4d19d8a5918f056780194e7f1a61093d81752d6aac55d7d94d8975e2629dfe3f2c783804ada35f31035bebc

C:\Windows\system\EniDVhU.exe

MD5 14dcb947ced1350141d3b0fe86ff8c3c
SHA1 aa40f3f76b3c9cc6d982e3f880de53d1f47fa7a3
SHA256 e97c9645963605aadc0132edbf7e875f73ad0f725727aca03924c957f95b9504
SHA512 bdbe45f6c81416aba6fe6cf6448c1cd3f046aa4f4ae6424221c5815e232783c9c6530dbf9ebc940e7178860111e08d648b6ff8b8e614641e1d23f278f24c0058

memory/2592-30-0x000000013F9B0000-0x000000013FD04000-memory.dmp

memory/2224-29-0x000000013F9B0000-0x000000013FD04000-memory.dmp

memory/3000-28-0x000000013FD40000-0x0000000140094000-memory.dmp

memory/2928-26-0x000000013F140000-0x000000013F494000-memory.dmp

memory/2224-23-0x000000013FD40000-0x0000000140094000-memory.dmp

memory/2224-36-0x000000013FD10000-0x0000000140064000-memory.dmp

memory/2096-50-0x000000013F4E0000-0x000000013F834000-memory.dmp

memory/2224-49-0x000000013FDC0000-0x0000000140114000-memory.dmp

memory/2224-56-0x0000000001FC0000-0x0000000002314000-memory.dmp

C:\Windows\system\hFBwLdy.exe

MD5 685c7e9439dcd4a0791a93c440dfa788
SHA1 1db3f3e30d5ba12cf75ad0982536f81d869b6950
SHA256 5ea854c9d4e502c5d629ca1e3596eac5bdc06f092e9b7927bed15521cfc2ceaf
SHA512 4fa756fe71d75455319006c2956250d4fc5588176b6751a1533530ce2cbc8b0b7f24c4840f6275881ab9f4114d73b20332a572ffb56816c2239bfd2df74ffec9

memory/1648-69-0x000000013FCF0000-0x0000000140044000-memory.dmp

memory/2556-64-0x000000013FE40000-0x0000000140194000-memory.dmp

memory/2520-62-0x000000013F610000-0x000000013F964000-memory.dmp

C:\Windows\system\SSsajpI.exe

MD5 79ef9ff2dbdb58d66580820aa497e4f9
SHA1 58a1c07a8cbb763b263080ea380be9af1c432a3d
SHA256 100ddb93c8326b0e5ba304cf6356b81e31eaa0cf78952dcca46650b9c22aa935
SHA512 9a2bd23e2e388f1722f1d5f984ffa970c0511b54797ed1a7296fbf0934c3445191aacf3767e96eb5f3e73d338512f003e10c2afd6c455c5caafe840d0328273d

\Windows\system\SSsajpI.exe

MD5 51369f826a63b5c57383d4bee114cc2e
SHA1 c6832b582417ce20cbe6cc0ea6cfd4be7db47b01
SHA256 5a66462099758220d2cddcb7bc7b4f6b68f9db2c0f3bc27521d5ff24ddab311a
SHA512 e1663771c78df2a3698d5400aadfbbd5a3cd47fdb5cbf31267f08f6ae1e5d4c49d87e577dd0a1f56d80fb0abde092c85bbb49883109a394b556ade962472981c

C:\Windows\system\IAizOxI.exe

MD5 c53716794d8a0b3371927fedb43aabbd
SHA1 b7dd0408bcff446c8a7d25f76665bdef1907aa37
SHA256 e3c3109bd040f674ac9d1c20244aa0fc9c67a7957ca7fef8bb34940826379005
SHA512 27e93c52471e565e690fc3a92d9bae1fd96615684db2d61161cf87ca3351c1b92bfd7c4f02411b7fcc841a0282a374e5f6bdc4b84bce261bbc7f4c8504856110

\Windows\system\IAizOxI.exe

MD5 07028623e1fbd44fe1a06d6eae474915
SHA1 b64944942aeb6472f2cf610c5f1671f2fd569669
SHA256 b88a5ed630629712cd7871eff08932028c2d24c880826ebef21c444a855561d3
SHA512 3b14dcf34f01f9f41f0d18e54781687f11e28a1ee55eead145c2ac76a93d8d17c5de9dbaba627b945272b95fc47842785b3f834f26f49f59ebce644e61b6ef3e

memory/2644-51-0x000000013FDC0000-0x0000000140114000-memory.dmp

memory/2224-47-0x000000013F300000-0x000000013F654000-memory.dmp

C:\Windows\system\tzgVRLH.exe

MD5 5471c58ce56e3b0bfc8282055c2a750b
SHA1 b43384b617f2dc99fcf5834c241987c312695952
SHA256 82a12d0bd4c1e3d307bbc643ec995be30b84ef2bc1a89bc74c4902baf8a7fba8
SHA512 6626fab2105dc4d992568e5d4ea73dcdcd550f4ae14e9496c4251ca1ffcd84df66ae2f84d7eba73377e46fa6ce5e142e361001d9a3731794e892e6621edab186

memory/2856-78-0x000000013FAC0000-0x000000013FE14000-memory.dmp

\Windows\system\uIlZfvC.exe

MD5 cd5ef36ef03eac2b20cce67daca8e60e
SHA1 78ffe5bdf11fd5c1af061891a6f825c7e6d5971e
SHA256 c9394411c09cedeb6199f3ce46bf92c0c6fd19fa68844008591c10a1cf195974
SHA512 5806b974fa088e66d040826bc66b929a74fa0017878d780c1b5daeca898125a6d7965ed63fbdb5f892a98e1909fc8fae29ef3faa316e6f8db54adbdaa8571a2a

memory/2168-90-0x000000013F660000-0x000000013F9B4000-memory.dmp

memory/2224-91-0x000000013FDC0000-0x0000000140114000-memory.dmp

C:\Windows\system\UAnOFiI.exe

MD5 6233713d34e02db34bf21bc182c04715
SHA1 3ed3c9763eb5cfe1d8e037fba64818f72bed51f2
SHA256 e52530402f6dd75f6cd45c5abf907f590086680e18c9d33bf0ed4be923f935d6
SHA512 4d616757c923a42da5904e4c5eb6163600173dbb639a8f391ab461881019c236fd44c985dcc2501aeae7de2c2fcc103ab705392b265bfdb2ddc7625ebc327695

memory/2224-99-0x0000000001FC0000-0x0000000002314000-memory.dmp

memory/2224-105-0x000000013FDC0000-0x0000000140114000-memory.dmp

memory/2224-112-0x000000013FC60000-0x000000013FFB4000-memory.dmp

C:\Windows\system\nFaQaVZ.exe

MD5 cee1d7c75ec08ec3a0aa1b8d4f177dfa
SHA1 1207597f2e309bc114f05644994b14dd66867494
SHA256 aa8ddc9425332a6bee37c4e0cdbeb60d28c71352fc9d454ff68cbf78457825d8
SHA512 83e5da81ccdb7e0e25cbade96c3e7093378153d455d369d7d4f6a3aea8f892a34b9bfa83bb0709e115260a1817b227b386a9401fd7ac3a3fca4238ed40b276eb

\Windows\system\ZaYBbue.exe

MD5 746c4c23cd491917fc8d38d2b615bbab
SHA1 f3c1628af360a685367d898e90bc092233ef66b3
SHA256 9086b96708e2822595f6877f4fc78c5c0ce2f487f6dbc8a95722717f7b7d6de8
SHA512 4642eb4870ac0dbe85f42424de01a0c725854ad397f838bedee2c0d356833cad4b0dda233ba029cba21c39729f9dd274e5fbe7e218a41b1bb09ea7f3578303b6

C:\Windows\system\jHpgtaG.exe

MD5 c32ef30291e46d2ea227a02bbbd102ef
SHA1 cf17fe56475d93bc9444a45b8ca9110abf7ab2ae
SHA256 6ab2444df43348332f65f3559083f107e26d03dbac41397c5e214a1f884355fe
SHA512 55b68bdf70f3c88582f7400351d0fa565792354fb4e42370effc4da4cff3940c330439fe385d83279620351f3d044872cb40f373b6fc61d613ece0f202caa442

\Windows\system\tVWfPiK.exe

MD5 bac0dcfab1e89339e06ebecbcc032dd9
SHA1 9e5825cac008f0af5998930d9761789c04f957ef
SHA256 9f331115c7c8b87cf1ab6b0a0304f7f97deaff945d6960bdbf34ebe09eacf4d8
SHA512 9199cac788057a10cc28b4ca2238a7e54a833e3ed2d410a26aef2086e1160d018c8cb17c86e203df18078400c920d504c135c26a1cd27d635cfbd12bb29960b4

C:\Windows\system\wLzFGVA.exe

MD5 8b2eab9a9bb1361eafd5bc47cb69d5dd
SHA1 d26c0c240cf96c7874a2470914ecaee58edf1c7c
SHA256 f7e76e45ee22d9a423b9f2a47e6138b6b56aac3e32e93aef3e9d227671709cc9
SHA512 158532117b03f91d18e84735461eb50a4919361d94c7826029cc08c6c331c2e68aeb6d8d3e6b16484cc8263386da449fe3dc3358b3327ec0b2843a796fef56af

memory/2556-748-0x000000013FE40000-0x0000000140194000-memory.dmp

memory/2224-747-0x0000000001FC0000-0x0000000002314000-memory.dmp

memory/2520-328-0x000000013F610000-0x000000013F964000-memory.dmp

memory/2224-1073-0x000000013F660000-0x000000013F9B4000-memory.dmp

\Windows\system\gYPIyfO.exe

MD5 cdcf7356647142d422479f05aad1001b
SHA1 2fda40d60a5615f87789846dc8219bea51def515
SHA256 2cbe7d6b79d031ef87e25b9df210f15a283114a83369809ccac96683171ab551
SHA512 30ff3785f4f2744e1b83fc3ae807e49c2e99d8ebda936a47f59bd97d0ed22a8fce2c2933fd2a4452a2399dd28d53bea5e5764a413a49014c1a4fa6622137e1e5

\Windows\system\jHpgtaG.exe

MD5 5b552c5677c9f46ff5640bc7d9110131
SHA1 04a72e07c6f876605a7530576c3df9ef6e1ac1fe
SHA256 9ab1b091bae9b1b3c34795ffb5d56e17b6f81e999cb016750b9e1769502460c7
SHA512 352406ee79d102dd7fdb5cf7f522c4fb444cf50de730a4fc6e2fafbedbed6840ac64f32d68a0ffe150a80231a1fd871c6ebe9d270301c2825b40a819adbe8cb5

C:\Windows\system\VHVOfJw.exe

MD5 2be3d3173c2f2f4b1d81e2fb40b4871d
SHA1 f8e6e4c88bb2d9880ee794bfab7b93c6a1d2bde3
SHA256 f6be1b0224d10a427614284a9e1f2dbd357a5e917e64b93ae006161e1f689b85
SHA512 30b65643131e4c94a81e2f786f0a582a5e5fd49951165f815e963ff26efac4f5076b97755f0a114dd886bea7eb221c0163607924d8b63d29aa10e5554a7aa2cd

C:\Windows\system\pSpWPHM.exe

MD5 715ae8678dfe5e37835e0a4ee340b32f
SHA1 3cfa5c28cc4fa0918bccfc72631b0d75ad71e117
SHA256 7602626f3a7783f224f9405532701a817c9244440ebe0b4e3c678b7d5fd35149
SHA512 2f1fe493247ab1a933655e74630e0de53d1244d85d656584c05ab177ed439bab6feb863c19c67d220ed337c11754c0020f4482d0b4e4635088d5c3806050eb07

\Windows\system\ZhBTSKb.exe

MD5 cedfc0cd39f42656c456b79cee5bb1d3
SHA1 dd1ce38b53a5ced40eb69137fbe4b7e507946074
SHA256 945925ea2314ea1d312b256e92d5b33d633177954fe5d16d9983ba1d797d676d
SHA512 4440ec927b1931c01098d52108a2720f4d78a09f45f388aa2e7b74e70eabced156e55a871fc61a3616710db23b6949a6811c19674e1723e48c2529ec836a007a

\Windows\system\nFaQaVZ.exe

MD5 0475f0bef4c2e99ab9dbe3c7e6240518
SHA1 a12198eb26a00db7b401417819ca1a2e5edf701b
SHA256 a7162e6016ff2f717180f36e6420343cc71851826026be77404bc3a9629bb1ea
SHA512 1463c243872fd9940868c02621c0cdad3972766eb6cbc5b8b17a14dc3c89808b0dde4d3499465eab7871f02d10b91daf53c38e8ce87f3b8f1db8e9ce9acdcaa7

\Windows\system\pCwrTUZ.exe

MD5 325ec2d21735dc0d7d8e1ee7db035c7e
SHA1 8aee7e1b361a4f3a0161d75900eb3c6d87b3b806
SHA256 82248d023e67f4bc2dfac7215e5f10bcc4b05c47bdabb0e3a7072daa22cc85b9
SHA512 1e0a36b67a89b6527c992aa856333a0c8e7bb737de1c815bbbd18c947ca61d564bd2da18ebe823c13109382036582879779acb30de7fdaec6e4a5d0818e96650

C:\Windows\system\NAJGcvB.exe

MD5 e2c839e92042314a9cc4221d9f0280e5
SHA1 2b4f6b8804d780ec3b7c3a1b6cb0088134729395
SHA256 6bb8b27b6fae6d7967fcad4ebebf411982555916c36962db4c3be23edfb10e39
SHA512 6d19a9f20eb4db3d6e18aceef358fc559116edd2df69bbf214568bd17f9d1d9eea54cd7f7fa775042677993dec68778aece1f91e491d8b7c22f92de96f996ef5

memory/1348-100-0x000000013F110000-0x000000013F464000-memory.dmp

memory/2224-97-0x000000013FD10000-0x0000000140064000-memory.dmp

\Windows\system\UAnOFiI.exe

MD5 2d6568b8d11b82e9727fbe7d78540034
SHA1 68dcecf677f1a767ddda18b39691244da8636dfd
SHA256 93925e4349af7b0d20acaf6db64a5eaaaf83c37675fa39b8d43ba14a8bd2b3a3
SHA512 654f3113e4f7e8d014f48146aedc6a17dcfaca2c966a2e3144cf25950c7c746647fc6eafeea252b6a7c4d032ce669815450043f98212a5c53be247958abbe1c0

memory/1564-92-0x000000013FDC0000-0x0000000140114000-memory.dmp

memory/2224-89-0x000000013F660000-0x000000013F9B4000-memory.dmp

C:\Windows\system\uIlZfvC.exe

MD5 50ca87deff3c0d90c670c67189bb98eb
SHA1 d87452369867442ab833b41f02261df4e21a93e3
SHA256 c54f0887f5e80edb12b212d7d59ad649a6f2ef41f2492fb8dfa79783c618d716
SHA512 ad3aab29b799806444576757cce16c27775f5336ac01a3bfe8d382efe35d01ca03d48d926ab31db71bb294ee5da72c32ad691bb728e1cac3a6574109d87b9830

C:\Windows\system\cMCtIOO.exe

MD5 fd47a65205fdcec50152f177c6a02813
SHA1 f5073d3f53f63601033e4f4f55d7f13392156838
SHA256 13ef66e8a552454caceefa6aefbea9a0e154cdf27b1448f97c69f703573ed8d4
SHA512 ef5e89c6ad0eb94c39a7652dd32fca6fcad006e9ba9c79e4b3ade9f88dafd571bda4a20c498d86754e53d9d9678c8457c99e7bb5c79d5a77ab851ee3745870f0

memory/2224-77-0x000000013FAC0000-0x000000013FE14000-memory.dmp

memory/2460-76-0x000000013FC10000-0x000000013FF64000-memory.dmp

\Windows\system\ZJoHoEP.exe

MD5 c43f05324366d1d73cff0cfdbf11b4f7
SHA1 df63b95c835fcc1a3f3796fe6bbd4802c3c2d2ae
SHA256 c9a9dc87bbf062813c83cb0448fb78daf342e5745906fa5071bca16e948f43eb
SHA512 0bf15b48228a982a72c4a2e90c5af18d6c57c8704518fed477f0ac23aba0a91e64b18fe65172bdd13f1409853190f8a5bb34e8099d6743c794081c9a00b67eb9

C:\Windows\system\fymZDkh.exe

MD5 a861e69b4ef4ab484d8c3c00ae9ac95f
SHA1 5edeb9e75c967ae9235249dbcc436fbfd371c73d
SHA256 27be6bf7bf756b79321174a5eac2324fe2bb1a73935211446a484052ed5d6d5f
SHA512 8f2f1daef952ad7217efdcc290898db63ecee6cbea607f92a33f59110f4597898cd2aebdfcb4cb58df6ae4c14801b34dc208d4d326a74bf040d8ceb29271cfc1

memory/2512-37-0x000000013FD10000-0x0000000140064000-memory.dmp

C:\Windows\system\FGnorHc.exe

MD5 9338d5a25804fe237b7f1e4244ef82f4
SHA1 6141b6acb0318555100a606c76b016d7035780d7
SHA256 9b97bdb4de3795c46963fb6e5be2e0daee3b45ce277eceffcaf8f7dbf9700c61
SHA512 c04dc931ea08195906ec98b86422b43ef3a51d9e45e38479a24e311f477af10339071cdbecdd3405f4405d817adccc72d298fdb6c665d31b09b5eeddeb9f391f

memory/2224-1074-0x000000013FDC0000-0x0000000140114000-memory.dmp

memory/2224-1075-0x0000000001FC0000-0x0000000002314000-memory.dmp

memory/2224-1076-0x000000013FC60000-0x000000013FFB4000-memory.dmp

memory/1648-1077-0x000000013FCF0000-0x0000000140044000-memory.dmp

memory/2928-1078-0x000000013F140000-0x000000013F494000-memory.dmp

memory/3000-1079-0x000000013FD40000-0x0000000140094000-memory.dmp

memory/2592-1080-0x000000013F9B0000-0x000000013FD04000-memory.dmp

memory/2512-1081-0x000000013FD10000-0x0000000140064000-memory.dmp

memory/2644-1082-0x000000013FDC0000-0x0000000140114000-memory.dmp

memory/2096-1083-0x000000013F4E0000-0x000000013F834000-memory.dmp

memory/2520-1084-0x000000013F610000-0x000000013F964000-memory.dmp

memory/2556-1085-0x000000013FE40000-0x0000000140194000-memory.dmp

memory/2460-1086-0x000000013FC10000-0x000000013FF64000-memory.dmp

memory/2856-1087-0x000000013FAC0000-0x000000013FE14000-memory.dmp

memory/2168-1089-0x000000013F660000-0x000000013F9B4000-memory.dmp

memory/1564-1088-0x000000013FDC0000-0x0000000140114000-memory.dmp

memory/1348-1090-0x000000013F110000-0x000000013F464000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-04 23:03

Reported

2024-06-04 23:06

Platform

win10v2004-20240508-en

Max time kernel

148s

Max time network

156s

Command Line

"C:\Users\Admin\AppData\Local\Temp\13f5ddd3b72c5124ec1a8ad700cd41c0_NeikiAnalytics.exe"

Signatures

KPOT

trojan stealer kpot

KPOT Core Executable

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

xmrig

miner xmrig

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Windows\System\aegALOJ.exe N/A
N/A N/A C:\Windows\System\aOuFnZC.exe N/A
N/A N/A C:\Windows\System\xXPkWOT.exe N/A
N/A N/A C:\Windows\System\VCNXjrC.exe N/A
N/A N/A C:\Windows\System\GcNKPcM.exe N/A
N/A N/A C:\Windows\System\BaNEzWL.exe N/A
N/A N/A C:\Windows\System\ApHOWlu.exe N/A
N/A N/A C:\Windows\System\QHFjMiw.exe N/A
N/A N/A C:\Windows\System\WMKddJL.exe N/A
N/A N/A C:\Windows\System\YZtLFKP.exe N/A
N/A N/A C:\Windows\System\LsgbWCl.exe N/A
N/A N/A C:\Windows\System\mBMEfcJ.exe N/A
N/A N/A C:\Windows\System\PCLTpDx.exe N/A
N/A N/A C:\Windows\System\axcrxFP.exe N/A
N/A N/A C:\Windows\System\lDTyvtB.exe N/A
N/A N/A C:\Windows\System\XCcmjrC.exe N/A
N/A N/A C:\Windows\System\NiYuNKC.exe N/A
N/A N/A C:\Windows\System\KaphANO.exe N/A
N/A N/A C:\Windows\System\UgpPnkg.exe N/A
N/A N/A C:\Windows\System\ZgVnxAu.exe N/A
N/A N/A C:\Windows\System\iuolwQo.exe N/A
N/A N/A C:\Windows\System\RJTiAaV.exe N/A
N/A N/A C:\Windows\System\sqIOYAR.exe N/A
N/A N/A C:\Windows\System\tpFnyob.exe N/A
N/A N/A C:\Windows\System\hUKISsY.exe N/A
N/A N/A C:\Windows\System\QczhGpT.exe N/A
N/A N/A C:\Windows\System\onuUfjz.exe N/A
N/A N/A C:\Windows\System\sHmuTyF.exe N/A
N/A N/A C:\Windows\System\bSksVii.exe N/A
N/A N/A C:\Windows\System\HsaBPBk.exe N/A
N/A N/A C:\Windows\System\yTbiLkX.exe N/A
N/A N/A C:\Windows\System\VuPGsYd.exe N/A
N/A N/A C:\Windows\System\FqCppBC.exe N/A
N/A N/A C:\Windows\System\xBwnduR.exe N/A
N/A N/A C:\Windows\System\viaemlG.exe N/A
N/A N/A C:\Windows\System\DjIzPyu.exe N/A
N/A N/A C:\Windows\System\vIwEdll.exe N/A
N/A N/A C:\Windows\System\ZiGgtNF.exe N/A
N/A N/A C:\Windows\System\rozPEpQ.exe N/A
N/A N/A C:\Windows\System\JAfQIpt.exe N/A
N/A N/A C:\Windows\System\KvKgpWV.exe N/A
N/A N/A C:\Windows\System\edwKfoR.exe N/A
N/A N/A C:\Windows\System\YBWdsPH.exe N/A
N/A N/A C:\Windows\System\kiuVKxo.exe N/A
N/A N/A C:\Windows\System\PmJHebv.exe N/A
N/A N/A C:\Windows\System\nXchnQA.exe N/A
N/A N/A C:\Windows\System\enfaOQC.exe N/A
N/A N/A C:\Windows\System\TmhnDHk.exe N/A
N/A N/A C:\Windows\System\ZZdxFgp.exe N/A
N/A N/A C:\Windows\System\MDNSpwp.exe N/A
N/A N/A C:\Windows\System\lqDRVmj.exe N/A
N/A N/A C:\Windows\System\ashzoWZ.exe N/A
N/A N/A C:\Windows\System\XwlmmCu.exe N/A
N/A N/A C:\Windows\System\inXNwDZ.exe N/A
N/A N/A C:\Windows\System\svDmhat.exe N/A
N/A N/A C:\Windows\System\LNcqPQS.exe N/A
N/A N/A C:\Windows\System\qkBrohk.exe N/A
N/A N/A C:\Windows\System\gVxpqiN.exe N/A
N/A N/A C:\Windows\System\zMCzzYK.exe N/A
N/A N/A C:\Windows\System\wxJoITT.exe N/A
N/A N/A C:\Windows\System\dtcHpck.exe N/A
N/A N/A C:\Windows\System\tugRiLW.exe N/A
N/A N/A C:\Windows\System\obeYDwm.exe N/A
N/A N/A C:\Windows\System\dITGrKR.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\System\VuPGsYd.exe C:\Users\Admin\AppData\Local\Temp\13f5ddd3b72c5124ec1a8ad700cd41c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\svDmhat.exe C:\Users\Admin\AppData\Local\Temp\13f5ddd3b72c5124ec1a8ad700cd41c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\upaEyPF.exe C:\Users\Admin\AppData\Local\Temp\13f5ddd3b72c5124ec1a8ad700cd41c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\EBJoQHE.exe C:\Users\Admin\AppData\Local\Temp\13f5ddd3b72c5124ec1a8ad700cd41c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\LIWelqh.exe C:\Users\Admin\AppData\Local\Temp\13f5ddd3b72c5124ec1a8ad700cd41c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\QvFOSMd.exe C:\Users\Admin\AppData\Local\Temp\13f5ddd3b72c5124ec1a8ad700cd41c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\SVYkacv.exe C:\Users\Admin\AppData\Local\Temp\13f5ddd3b72c5124ec1a8ad700cd41c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\iHsSxPb.exe C:\Users\Admin\AppData\Local\Temp\13f5ddd3b72c5124ec1a8ad700cd41c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\aOuFnZC.exe C:\Users\Admin\AppData\Local\Temp\13f5ddd3b72c5124ec1a8ad700cd41c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\iesMsHP.exe C:\Users\Admin\AppData\Local\Temp\13f5ddd3b72c5124ec1a8ad700cd41c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\kulYdHP.exe C:\Users\Admin\AppData\Local\Temp\13f5ddd3b72c5124ec1a8ad700cd41c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\WzWgEQV.exe C:\Users\Admin\AppData\Local\Temp\13f5ddd3b72c5124ec1a8ad700cd41c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\PzqNTsI.exe C:\Users\Admin\AppData\Local\Temp\13f5ddd3b72c5124ec1a8ad700cd41c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\sgSRDxI.exe C:\Users\Admin\AppData\Local\Temp\13f5ddd3b72c5124ec1a8ad700cd41c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\boaoUlK.exe C:\Users\Admin\AppData\Local\Temp\13f5ddd3b72c5124ec1a8ad700cd41c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\hqvNrDi.exe C:\Users\Admin\AppData\Local\Temp\13f5ddd3b72c5124ec1a8ad700cd41c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\aegALOJ.exe C:\Users\Admin\AppData\Local\Temp\13f5ddd3b72c5124ec1a8ad700cd41c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\xBwnduR.exe C:\Users\Admin\AppData\Local\Temp\13f5ddd3b72c5124ec1a8ad700cd41c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\NYdyAQU.exe C:\Users\Admin\AppData\Local\Temp\13f5ddd3b72c5124ec1a8ad700cd41c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\NbdZMMb.exe C:\Users\Admin\AppData\Local\Temp\13f5ddd3b72c5124ec1a8ad700cd41c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\tugRiLW.exe C:\Users\Admin\AppData\Local\Temp\13f5ddd3b72c5124ec1a8ad700cd41c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\IQgPNsN.exe C:\Users\Admin\AppData\Local\Temp\13f5ddd3b72c5124ec1a8ad700cd41c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\vMIfibT.exe C:\Users\Admin\AppData\Local\Temp\13f5ddd3b72c5124ec1a8ad700cd41c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\NsjLGXN.exe C:\Users\Admin\AppData\Local\Temp\13f5ddd3b72c5124ec1a8ad700cd41c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\RJTiAaV.exe C:\Users\Admin\AppData\Local\Temp\13f5ddd3b72c5124ec1a8ad700cd41c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\zMCzzYK.exe C:\Users\Admin\AppData\Local\Temp\13f5ddd3b72c5124ec1a8ad700cd41c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\AbCsJnU.exe C:\Users\Admin\AppData\Local\Temp\13f5ddd3b72c5124ec1a8ad700cd41c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\OcbMNah.exe C:\Users\Admin\AppData\Local\Temp\13f5ddd3b72c5124ec1a8ad700cd41c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\TDCVgTo.exe C:\Users\Admin\AppData\Local\Temp\13f5ddd3b72c5124ec1a8ad700cd41c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\EKCikgC.exe C:\Users\Admin\AppData\Local\Temp\13f5ddd3b72c5124ec1a8ad700cd41c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\onuUfjz.exe C:\Users\Admin\AppData\Local\Temp\13f5ddd3b72c5124ec1a8ad700cd41c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\kRYSZwh.exe C:\Users\Admin\AppData\Local\Temp\13f5ddd3b72c5124ec1a8ad700cd41c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\UKEkumY.exe C:\Users\Admin\AppData\Local\Temp\13f5ddd3b72c5124ec1a8ad700cd41c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\NOJwydm.exe C:\Users\Admin\AppData\Local\Temp\13f5ddd3b72c5124ec1a8ad700cd41c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\ockNZPu.exe C:\Users\Admin\AppData\Local\Temp\13f5ddd3b72c5124ec1a8ad700cd41c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\QHFjMiw.exe C:\Users\Admin\AppData\Local\Temp\13f5ddd3b72c5124ec1a8ad700cd41c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\edwKfoR.exe C:\Users\Admin\AppData\Local\Temp\13f5ddd3b72c5124ec1a8ad700cd41c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\oPHsKxp.exe C:\Users\Admin\AppData\Local\Temp\13f5ddd3b72c5124ec1a8ad700cd41c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\PrEcpBL.exe C:\Users\Admin\AppData\Local\Temp\13f5ddd3b72c5124ec1a8ad700cd41c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\ySULByb.exe C:\Users\Admin\AppData\Local\Temp\13f5ddd3b72c5124ec1a8ad700cd41c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\PzyYYAJ.exe C:\Users\Admin\AppData\Local\Temp\13f5ddd3b72c5124ec1a8ad700cd41c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\xXPkWOT.exe C:\Users\Admin\AppData\Local\Temp\13f5ddd3b72c5124ec1a8ad700cd41c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\JAfQIpt.exe C:\Users\Admin\AppData\Local\Temp\13f5ddd3b72c5124ec1a8ad700cd41c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\OtWOeXC.exe C:\Users\Admin\AppData\Local\Temp\13f5ddd3b72c5124ec1a8ad700cd41c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\wDkMHIV.exe C:\Users\Admin\AppData\Local\Temp\13f5ddd3b72c5124ec1a8ad700cd41c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\NbXvKRN.exe C:\Users\Admin\AppData\Local\Temp\13f5ddd3b72c5124ec1a8ad700cd41c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\pEeYMwS.exe C:\Users\Admin\AppData\Local\Temp\13f5ddd3b72c5124ec1a8ad700cd41c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\ouyzKgE.exe C:\Users\Admin\AppData\Local\Temp\13f5ddd3b72c5124ec1a8ad700cd41c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\wLflciS.exe C:\Users\Admin\AppData\Local\Temp\13f5ddd3b72c5124ec1a8ad700cd41c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\HNXNTlX.exe C:\Users\Admin\AppData\Local\Temp\13f5ddd3b72c5124ec1a8ad700cd41c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\ApHOWlu.exe C:\Users\Admin\AppData\Local\Temp\13f5ddd3b72c5124ec1a8ad700cd41c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\ashzoWZ.exe C:\Users\Admin\AppData\Local\Temp\13f5ddd3b72c5124ec1a8ad700cd41c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\NlzSshF.exe C:\Users\Admin\AppData\Local\Temp\13f5ddd3b72c5124ec1a8ad700cd41c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\OAdTBJP.exe C:\Users\Admin\AppData\Local\Temp\13f5ddd3b72c5124ec1a8ad700cd41c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\jQolitD.exe C:\Users\Admin\AppData\Local\Temp\13f5ddd3b72c5124ec1a8ad700cd41c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\qhpHPDg.exe C:\Users\Admin\AppData\Local\Temp\13f5ddd3b72c5124ec1a8ad700cd41c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\UsFDhPd.exe C:\Users\Admin\AppData\Local\Temp\13f5ddd3b72c5124ec1a8ad700cd41c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\fArVEPw.exe C:\Users\Admin\AppData\Local\Temp\13f5ddd3b72c5124ec1a8ad700cd41c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\oCRtsDG.exe C:\Users\Admin\AppData\Local\Temp\13f5ddd3b72c5124ec1a8ad700cd41c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\tpVlExx.exe C:\Users\Admin\AppData\Local\Temp\13f5ddd3b72c5124ec1a8ad700cd41c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\PVpQheJ.exe C:\Users\Admin\AppData\Local\Temp\13f5ddd3b72c5124ec1a8ad700cd41c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\hBGpeyI.exe C:\Users\Admin\AppData\Local\Temp\13f5ddd3b72c5124ec1a8ad700cd41c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\gBbbNcA.exe C:\Users\Admin\AppData\Local\Temp\13f5ddd3b72c5124ec1a8ad700cd41c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\ZTiZLbf.exe C:\Users\Admin\AppData\Local\Temp\13f5ddd3b72c5124ec1a8ad700cd41c0_NeikiAnalytics.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\13f5ddd3b72c5124ec1a8ad700cd41c0_NeikiAnalytics.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\13f5ddd3b72c5124ec1a8ad700cd41c0_NeikiAnalytics.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1468 wrote to memory of 1632 N/A C:\Users\Admin\AppData\Local\Temp\13f5ddd3b72c5124ec1a8ad700cd41c0_NeikiAnalytics.exe C:\Windows\System\aegALOJ.exe
PID 1468 wrote to memory of 1632 N/A C:\Users\Admin\AppData\Local\Temp\13f5ddd3b72c5124ec1a8ad700cd41c0_NeikiAnalytics.exe C:\Windows\System\aegALOJ.exe
PID 1468 wrote to memory of 1548 N/A C:\Users\Admin\AppData\Local\Temp\13f5ddd3b72c5124ec1a8ad700cd41c0_NeikiAnalytics.exe C:\Windows\System\aOuFnZC.exe
PID 1468 wrote to memory of 1548 N/A C:\Users\Admin\AppData\Local\Temp\13f5ddd3b72c5124ec1a8ad700cd41c0_NeikiAnalytics.exe C:\Windows\System\aOuFnZC.exe
PID 1468 wrote to memory of 4556 N/A C:\Users\Admin\AppData\Local\Temp\13f5ddd3b72c5124ec1a8ad700cd41c0_NeikiAnalytics.exe C:\Windows\System\xXPkWOT.exe
PID 1468 wrote to memory of 4556 N/A C:\Users\Admin\AppData\Local\Temp\13f5ddd3b72c5124ec1a8ad700cd41c0_NeikiAnalytics.exe C:\Windows\System\xXPkWOT.exe
PID 1468 wrote to memory of 4468 N/A C:\Users\Admin\AppData\Local\Temp\13f5ddd3b72c5124ec1a8ad700cd41c0_NeikiAnalytics.exe C:\Windows\System\VCNXjrC.exe
PID 1468 wrote to memory of 4468 N/A C:\Users\Admin\AppData\Local\Temp\13f5ddd3b72c5124ec1a8ad700cd41c0_NeikiAnalytics.exe C:\Windows\System\VCNXjrC.exe
PID 1468 wrote to memory of 636 N/A C:\Users\Admin\AppData\Local\Temp\13f5ddd3b72c5124ec1a8ad700cd41c0_NeikiAnalytics.exe C:\Windows\System\GcNKPcM.exe
PID 1468 wrote to memory of 636 N/A C:\Users\Admin\AppData\Local\Temp\13f5ddd3b72c5124ec1a8ad700cd41c0_NeikiAnalytics.exe C:\Windows\System\GcNKPcM.exe
PID 1468 wrote to memory of 1888 N/A C:\Users\Admin\AppData\Local\Temp\13f5ddd3b72c5124ec1a8ad700cd41c0_NeikiAnalytics.exe C:\Windows\System\BaNEzWL.exe
PID 1468 wrote to memory of 1888 N/A C:\Users\Admin\AppData\Local\Temp\13f5ddd3b72c5124ec1a8ad700cd41c0_NeikiAnalytics.exe C:\Windows\System\BaNEzWL.exe
PID 1468 wrote to memory of 2868 N/A C:\Users\Admin\AppData\Local\Temp\13f5ddd3b72c5124ec1a8ad700cd41c0_NeikiAnalytics.exe C:\Windows\System\ApHOWlu.exe
PID 1468 wrote to memory of 2868 N/A C:\Users\Admin\AppData\Local\Temp\13f5ddd3b72c5124ec1a8ad700cd41c0_NeikiAnalytics.exe C:\Windows\System\ApHOWlu.exe
PID 1468 wrote to memory of 4248 N/A C:\Users\Admin\AppData\Local\Temp\13f5ddd3b72c5124ec1a8ad700cd41c0_NeikiAnalytics.exe C:\Windows\System\QHFjMiw.exe
PID 1468 wrote to memory of 4248 N/A C:\Users\Admin\AppData\Local\Temp\13f5ddd3b72c5124ec1a8ad700cd41c0_NeikiAnalytics.exe C:\Windows\System\QHFjMiw.exe
PID 1468 wrote to memory of 4076 N/A C:\Users\Admin\AppData\Local\Temp\13f5ddd3b72c5124ec1a8ad700cd41c0_NeikiAnalytics.exe C:\Windows\System\WMKddJL.exe
PID 1468 wrote to memory of 4076 N/A C:\Users\Admin\AppData\Local\Temp\13f5ddd3b72c5124ec1a8ad700cd41c0_NeikiAnalytics.exe C:\Windows\System\WMKddJL.exe
PID 1468 wrote to memory of 2696 N/A C:\Users\Admin\AppData\Local\Temp\13f5ddd3b72c5124ec1a8ad700cd41c0_NeikiAnalytics.exe C:\Windows\System\YZtLFKP.exe
PID 1468 wrote to memory of 2696 N/A C:\Users\Admin\AppData\Local\Temp\13f5ddd3b72c5124ec1a8ad700cd41c0_NeikiAnalytics.exe C:\Windows\System\YZtLFKP.exe
PID 1468 wrote to memory of 3628 N/A C:\Users\Admin\AppData\Local\Temp\13f5ddd3b72c5124ec1a8ad700cd41c0_NeikiAnalytics.exe C:\Windows\System\LsgbWCl.exe
PID 1468 wrote to memory of 3628 N/A C:\Users\Admin\AppData\Local\Temp\13f5ddd3b72c5124ec1a8ad700cd41c0_NeikiAnalytics.exe C:\Windows\System\LsgbWCl.exe
PID 1468 wrote to memory of 2608 N/A C:\Users\Admin\AppData\Local\Temp\13f5ddd3b72c5124ec1a8ad700cd41c0_NeikiAnalytics.exe C:\Windows\System\mBMEfcJ.exe
PID 1468 wrote to memory of 2608 N/A C:\Users\Admin\AppData\Local\Temp\13f5ddd3b72c5124ec1a8ad700cd41c0_NeikiAnalytics.exe C:\Windows\System\mBMEfcJ.exe
PID 1468 wrote to memory of 1484 N/A C:\Users\Admin\AppData\Local\Temp\13f5ddd3b72c5124ec1a8ad700cd41c0_NeikiAnalytics.exe C:\Windows\System\PCLTpDx.exe
PID 1468 wrote to memory of 1484 N/A C:\Users\Admin\AppData\Local\Temp\13f5ddd3b72c5124ec1a8ad700cd41c0_NeikiAnalytics.exe C:\Windows\System\PCLTpDx.exe
PID 1468 wrote to memory of 4716 N/A C:\Users\Admin\AppData\Local\Temp\13f5ddd3b72c5124ec1a8ad700cd41c0_NeikiAnalytics.exe C:\Windows\System\axcrxFP.exe
PID 1468 wrote to memory of 4716 N/A C:\Users\Admin\AppData\Local\Temp\13f5ddd3b72c5124ec1a8ad700cd41c0_NeikiAnalytics.exe C:\Windows\System\axcrxFP.exe
PID 1468 wrote to memory of 364 N/A C:\Users\Admin\AppData\Local\Temp\13f5ddd3b72c5124ec1a8ad700cd41c0_NeikiAnalytics.exe C:\Windows\System\lDTyvtB.exe
PID 1468 wrote to memory of 364 N/A C:\Users\Admin\AppData\Local\Temp\13f5ddd3b72c5124ec1a8ad700cd41c0_NeikiAnalytics.exe C:\Windows\System\lDTyvtB.exe
PID 1468 wrote to memory of 652 N/A C:\Users\Admin\AppData\Local\Temp\13f5ddd3b72c5124ec1a8ad700cd41c0_NeikiAnalytics.exe C:\Windows\System\XCcmjrC.exe
PID 1468 wrote to memory of 652 N/A C:\Users\Admin\AppData\Local\Temp\13f5ddd3b72c5124ec1a8ad700cd41c0_NeikiAnalytics.exe C:\Windows\System\XCcmjrC.exe
PID 1468 wrote to memory of 5064 N/A C:\Users\Admin\AppData\Local\Temp\13f5ddd3b72c5124ec1a8ad700cd41c0_NeikiAnalytics.exe C:\Windows\System\NiYuNKC.exe
PID 1468 wrote to memory of 5064 N/A C:\Users\Admin\AppData\Local\Temp\13f5ddd3b72c5124ec1a8ad700cd41c0_NeikiAnalytics.exe C:\Windows\System\NiYuNKC.exe
PID 1468 wrote to memory of 4044 N/A C:\Users\Admin\AppData\Local\Temp\13f5ddd3b72c5124ec1a8ad700cd41c0_NeikiAnalytics.exe C:\Windows\System\KaphANO.exe
PID 1468 wrote to memory of 4044 N/A C:\Users\Admin\AppData\Local\Temp\13f5ddd3b72c5124ec1a8ad700cd41c0_NeikiAnalytics.exe C:\Windows\System\KaphANO.exe
PID 1468 wrote to memory of 1760 N/A C:\Users\Admin\AppData\Local\Temp\13f5ddd3b72c5124ec1a8ad700cd41c0_NeikiAnalytics.exe C:\Windows\System\UgpPnkg.exe
PID 1468 wrote to memory of 1760 N/A C:\Users\Admin\AppData\Local\Temp\13f5ddd3b72c5124ec1a8ad700cd41c0_NeikiAnalytics.exe C:\Windows\System\UgpPnkg.exe
PID 1468 wrote to memory of 2408 N/A C:\Users\Admin\AppData\Local\Temp\13f5ddd3b72c5124ec1a8ad700cd41c0_NeikiAnalytics.exe C:\Windows\System\ZgVnxAu.exe
PID 1468 wrote to memory of 2408 N/A C:\Users\Admin\AppData\Local\Temp\13f5ddd3b72c5124ec1a8ad700cd41c0_NeikiAnalytics.exe C:\Windows\System\ZgVnxAu.exe
PID 1468 wrote to memory of 4924 N/A C:\Users\Admin\AppData\Local\Temp\13f5ddd3b72c5124ec1a8ad700cd41c0_NeikiAnalytics.exe C:\Windows\System\iuolwQo.exe
PID 1468 wrote to memory of 4924 N/A C:\Users\Admin\AppData\Local\Temp\13f5ddd3b72c5124ec1a8ad700cd41c0_NeikiAnalytics.exe C:\Windows\System\iuolwQo.exe
PID 1468 wrote to memory of 2040 N/A C:\Users\Admin\AppData\Local\Temp\13f5ddd3b72c5124ec1a8ad700cd41c0_NeikiAnalytics.exe C:\Windows\System\RJTiAaV.exe
PID 1468 wrote to memory of 2040 N/A C:\Users\Admin\AppData\Local\Temp\13f5ddd3b72c5124ec1a8ad700cd41c0_NeikiAnalytics.exe C:\Windows\System\RJTiAaV.exe
PID 1468 wrote to memory of 432 N/A C:\Users\Admin\AppData\Local\Temp\13f5ddd3b72c5124ec1a8ad700cd41c0_NeikiAnalytics.exe C:\Windows\System\tpFnyob.exe
PID 1468 wrote to memory of 432 N/A C:\Users\Admin\AppData\Local\Temp\13f5ddd3b72c5124ec1a8ad700cd41c0_NeikiAnalytics.exe C:\Windows\System\tpFnyob.exe
PID 1468 wrote to memory of 1732 N/A C:\Users\Admin\AppData\Local\Temp\13f5ddd3b72c5124ec1a8ad700cd41c0_NeikiAnalytics.exe C:\Windows\System\sqIOYAR.exe
PID 1468 wrote to memory of 1732 N/A C:\Users\Admin\AppData\Local\Temp\13f5ddd3b72c5124ec1a8ad700cd41c0_NeikiAnalytics.exe C:\Windows\System\sqIOYAR.exe
PID 1468 wrote to memory of 1912 N/A C:\Users\Admin\AppData\Local\Temp\13f5ddd3b72c5124ec1a8ad700cd41c0_NeikiAnalytics.exe C:\Windows\System\hUKISsY.exe
PID 1468 wrote to memory of 1912 N/A C:\Users\Admin\AppData\Local\Temp\13f5ddd3b72c5124ec1a8ad700cd41c0_NeikiAnalytics.exe C:\Windows\System\hUKISsY.exe
PID 1468 wrote to memory of 2120 N/A C:\Users\Admin\AppData\Local\Temp\13f5ddd3b72c5124ec1a8ad700cd41c0_NeikiAnalytics.exe C:\Windows\System\QczhGpT.exe
PID 1468 wrote to memory of 2120 N/A C:\Users\Admin\AppData\Local\Temp\13f5ddd3b72c5124ec1a8ad700cd41c0_NeikiAnalytics.exe C:\Windows\System\QczhGpT.exe
PID 1468 wrote to memory of 1660 N/A C:\Users\Admin\AppData\Local\Temp\13f5ddd3b72c5124ec1a8ad700cd41c0_NeikiAnalytics.exe C:\Windows\System\onuUfjz.exe
PID 1468 wrote to memory of 1660 N/A C:\Users\Admin\AppData\Local\Temp\13f5ddd3b72c5124ec1a8ad700cd41c0_NeikiAnalytics.exe C:\Windows\System\onuUfjz.exe
PID 1468 wrote to memory of 4084 N/A C:\Users\Admin\AppData\Local\Temp\13f5ddd3b72c5124ec1a8ad700cd41c0_NeikiAnalytics.exe C:\Windows\System\sHmuTyF.exe
PID 1468 wrote to memory of 4084 N/A C:\Users\Admin\AppData\Local\Temp\13f5ddd3b72c5124ec1a8ad700cd41c0_NeikiAnalytics.exe C:\Windows\System\sHmuTyF.exe
PID 1468 wrote to memory of 4484 N/A C:\Users\Admin\AppData\Local\Temp\13f5ddd3b72c5124ec1a8ad700cd41c0_NeikiAnalytics.exe C:\Windows\System\bSksVii.exe
PID 1468 wrote to memory of 4484 N/A C:\Users\Admin\AppData\Local\Temp\13f5ddd3b72c5124ec1a8ad700cd41c0_NeikiAnalytics.exe C:\Windows\System\bSksVii.exe
PID 1468 wrote to memory of 3540 N/A C:\Users\Admin\AppData\Local\Temp\13f5ddd3b72c5124ec1a8ad700cd41c0_NeikiAnalytics.exe C:\Windows\System\HsaBPBk.exe
PID 1468 wrote to memory of 3540 N/A C:\Users\Admin\AppData\Local\Temp\13f5ddd3b72c5124ec1a8ad700cd41c0_NeikiAnalytics.exe C:\Windows\System\HsaBPBk.exe
PID 1468 wrote to memory of 3392 N/A C:\Users\Admin\AppData\Local\Temp\13f5ddd3b72c5124ec1a8ad700cd41c0_NeikiAnalytics.exe C:\Windows\System\yTbiLkX.exe
PID 1468 wrote to memory of 3392 N/A C:\Users\Admin\AppData\Local\Temp\13f5ddd3b72c5124ec1a8ad700cd41c0_NeikiAnalytics.exe C:\Windows\System\yTbiLkX.exe
PID 1468 wrote to memory of 2844 N/A C:\Users\Admin\AppData\Local\Temp\13f5ddd3b72c5124ec1a8ad700cd41c0_NeikiAnalytics.exe C:\Windows\System\VuPGsYd.exe
PID 1468 wrote to memory of 2844 N/A C:\Users\Admin\AppData\Local\Temp\13f5ddd3b72c5124ec1a8ad700cd41c0_NeikiAnalytics.exe C:\Windows\System\VuPGsYd.exe

Processes

C:\Users\Admin\AppData\Local\Temp\13f5ddd3b72c5124ec1a8ad700cd41c0_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\13f5ddd3b72c5124ec1a8ad700cd41c0_NeikiAnalytics.exe"

C:\Windows\System\aegALOJ.exe

C:\Windows\System\aegALOJ.exe

C:\Windows\System\aOuFnZC.exe

C:\Windows\System\aOuFnZC.exe

C:\Windows\System\xXPkWOT.exe

C:\Windows\System\xXPkWOT.exe

C:\Windows\System\VCNXjrC.exe

C:\Windows\System\VCNXjrC.exe

C:\Windows\System\GcNKPcM.exe

C:\Windows\System\GcNKPcM.exe

C:\Windows\System\BaNEzWL.exe

C:\Windows\System\BaNEzWL.exe

C:\Windows\System\ApHOWlu.exe

C:\Windows\System\ApHOWlu.exe

C:\Windows\System\QHFjMiw.exe

C:\Windows\System\QHFjMiw.exe

C:\Windows\System\WMKddJL.exe

C:\Windows\System\WMKddJL.exe

C:\Windows\System\YZtLFKP.exe

C:\Windows\System\YZtLFKP.exe

C:\Windows\System\LsgbWCl.exe

C:\Windows\System\LsgbWCl.exe

C:\Windows\System\mBMEfcJ.exe

C:\Windows\System\mBMEfcJ.exe

C:\Windows\System\PCLTpDx.exe

C:\Windows\System\PCLTpDx.exe

C:\Windows\System\axcrxFP.exe

C:\Windows\System\axcrxFP.exe

C:\Windows\System\lDTyvtB.exe

C:\Windows\System\lDTyvtB.exe

C:\Windows\System\XCcmjrC.exe

C:\Windows\System\XCcmjrC.exe

C:\Windows\System\NiYuNKC.exe

C:\Windows\System\NiYuNKC.exe

C:\Windows\System\KaphANO.exe

C:\Windows\System\KaphANO.exe

C:\Windows\System\UgpPnkg.exe

C:\Windows\System\UgpPnkg.exe

C:\Windows\System\ZgVnxAu.exe

C:\Windows\System\ZgVnxAu.exe

C:\Windows\System\iuolwQo.exe

C:\Windows\System\iuolwQo.exe

C:\Windows\System\RJTiAaV.exe

C:\Windows\System\RJTiAaV.exe

C:\Windows\System\tpFnyob.exe

C:\Windows\System\tpFnyob.exe

C:\Windows\System\sqIOYAR.exe

C:\Windows\System\sqIOYAR.exe

C:\Windows\System\hUKISsY.exe

C:\Windows\System\hUKISsY.exe

C:\Windows\System\QczhGpT.exe

C:\Windows\System\QczhGpT.exe

C:\Windows\System\onuUfjz.exe

C:\Windows\System\onuUfjz.exe

C:\Windows\System\sHmuTyF.exe

C:\Windows\System\sHmuTyF.exe

C:\Windows\System\bSksVii.exe

C:\Windows\System\bSksVii.exe

C:\Windows\System\HsaBPBk.exe

C:\Windows\System\HsaBPBk.exe

C:\Windows\System\yTbiLkX.exe

C:\Windows\System\yTbiLkX.exe

C:\Windows\System\VuPGsYd.exe

C:\Windows\System\VuPGsYd.exe

C:\Windows\System\FqCppBC.exe

C:\Windows\System\FqCppBC.exe

C:\Windows\System\xBwnduR.exe

C:\Windows\System\xBwnduR.exe

C:\Windows\System\viaemlG.exe

C:\Windows\System\viaemlG.exe

C:\Windows\System\DjIzPyu.exe

C:\Windows\System\DjIzPyu.exe

C:\Windows\System\vIwEdll.exe

C:\Windows\System\vIwEdll.exe

C:\Windows\System\ZiGgtNF.exe

C:\Windows\System\ZiGgtNF.exe

C:\Windows\System\rozPEpQ.exe

C:\Windows\System\rozPEpQ.exe

C:\Windows\System\JAfQIpt.exe

C:\Windows\System\JAfQIpt.exe

C:\Windows\System\KvKgpWV.exe

C:\Windows\System\KvKgpWV.exe

C:\Windows\System\edwKfoR.exe

C:\Windows\System\edwKfoR.exe

C:\Windows\System\YBWdsPH.exe

C:\Windows\System\YBWdsPH.exe

C:\Windows\System\kiuVKxo.exe

C:\Windows\System\kiuVKxo.exe

C:\Windows\System\PmJHebv.exe

C:\Windows\System\PmJHebv.exe

C:\Windows\System\nXchnQA.exe

C:\Windows\System\nXchnQA.exe

C:\Windows\System\enfaOQC.exe

C:\Windows\System\enfaOQC.exe

C:\Windows\System\TmhnDHk.exe

C:\Windows\System\TmhnDHk.exe

C:\Windows\System\ZZdxFgp.exe

C:\Windows\System\ZZdxFgp.exe

C:\Windows\System\MDNSpwp.exe

C:\Windows\System\MDNSpwp.exe

C:\Windows\System\lqDRVmj.exe

C:\Windows\System\lqDRVmj.exe

C:\Windows\System\ashzoWZ.exe

C:\Windows\System\ashzoWZ.exe

C:\Windows\System\XwlmmCu.exe

C:\Windows\System\XwlmmCu.exe

C:\Windows\System\inXNwDZ.exe

C:\Windows\System\inXNwDZ.exe

C:\Windows\System\svDmhat.exe

C:\Windows\System\svDmhat.exe

C:\Windows\System\LNcqPQS.exe

C:\Windows\System\LNcqPQS.exe

C:\Windows\System\qkBrohk.exe

C:\Windows\System\qkBrohk.exe

C:\Windows\System\gVxpqiN.exe

C:\Windows\System\gVxpqiN.exe

C:\Windows\System\zMCzzYK.exe

C:\Windows\System\zMCzzYK.exe

C:\Windows\System\wxJoITT.exe

C:\Windows\System\wxJoITT.exe

C:\Windows\System\dtcHpck.exe

C:\Windows\System\dtcHpck.exe

C:\Windows\System\tugRiLW.exe

C:\Windows\System\tugRiLW.exe

C:\Windows\System\obeYDwm.exe

C:\Windows\System\obeYDwm.exe

C:\Windows\System\dITGrKR.exe

C:\Windows\System\dITGrKR.exe

C:\Windows\System\sMbPDaH.exe

C:\Windows\System\sMbPDaH.exe

C:\Windows\System\upaEyPF.exe

C:\Windows\System\upaEyPF.exe

C:\Windows\System\vDxgbFN.exe

C:\Windows\System\vDxgbFN.exe

C:\Windows\System\mmCxUCe.exe

C:\Windows\System\mmCxUCe.exe

C:\Windows\System\tpVlExx.exe

C:\Windows\System\tpVlExx.exe

C:\Windows\System\povuMJg.exe

C:\Windows\System\povuMJg.exe

C:\Windows\System\UFNTWNe.exe

C:\Windows\System\UFNTWNe.exe

C:\Windows\System\NlzSshF.exe

C:\Windows\System\NlzSshF.exe

C:\Windows\System\iRmdfAJ.exe

C:\Windows\System\iRmdfAJ.exe

C:\Windows\System\KbwRzOo.exe

C:\Windows\System\KbwRzOo.exe

C:\Windows\System\QnjWyjx.exe

C:\Windows\System\QnjWyjx.exe

C:\Windows\System\mUUvICj.exe

C:\Windows\System\mUUvICj.exe

C:\Windows\System\IQgPNsN.exe

C:\Windows\System\IQgPNsN.exe

C:\Windows\System\GlyxoSu.exe

C:\Windows\System\GlyxoSu.exe

C:\Windows\System\dEVuDqK.exe

C:\Windows\System\dEVuDqK.exe

C:\Windows\System\dIMBhxE.exe

C:\Windows\System\dIMBhxE.exe

C:\Windows\System\wDHDntV.exe

C:\Windows\System\wDHDntV.exe

C:\Windows\System\sDvBCof.exe

C:\Windows\System\sDvBCof.exe

C:\Windows\System\RADiYed.exe

C:\Windows\System\RADiYed.exe

C:\Windows\System\OtWOeXC.exe

C:\Windows\System\OtWOeXC.exe

C:\Windows\System\uUYQLAi.exe

C:\Windows\System\uUYQLAi.exe

C:\Windows\System\uadffID.exe

C:\Windows\System\uadffID.exe

C:\Windows\System\kRhbKfZ.exe

C:\Windows\System\kRhbKfZ.exe

C:\Windows\System\PVHVbUI.exe

C:\Windows\System\PVHVbUI.exe

C:\Windows\System\rywzXHL.exe

C:\Windows\System\rywzXHL.exe

C:\Windows\System\pylkTvv.exe

C:\Windows\System\pylkTvv.exe

C:\Windows\System\socbOCX.exe

C:\Windows\System\socbOCX.exe

C:\Windows\System\yzQsrPN.exe

C:\Windows\System\yzQsrPN.exe

C:\Windows\System\CamMHQA.exe

C:\Windows\System\CamMHQA.exe

C:\Windows\System\iRpCtNK.exe

C:\Windows\System\iRpCtNK.exe

C:\Windows\System\PVpQheJ.exe

C:\Windows\System\PVpQheJ.exe

C:\Windows\System\sdDVnnY.exe

C:\Windows\System\sdDVnnY.exe

C:\Windows\System\YwoGjEN.exe

C:\Windows\System\YwoGjEN.exe

C:\Windows\System\nfEpjgW.exe

C:\Windows\System\nfEpjgW.exe

C:\Windows\System\fVJWlsV.exe

C:\Windows\System\fVJWlsV.exe

C:\Windows\System\xoMEDwv.exe

C:\Windows\System\xoMEDwv.exe

C:\Windows\System\WlWETze.exe

C:\Windows\System\WlWETze.exe

C:\Windows\System\JcXFIqi.exe

C:\Windows\System\JcXFIqi.exe

C:\Windows\System\uTLbENC.exe

C:\Windows\System\uTLbENC.exe

C:\Windows\System\AUduTLH.exe

C:\Windows\System\AUduTLH.exe

C:\Windows\System\oPHsKxp.exe

C:\Windows\System\oPHsKxp.exe

C:\Windows\System\TUxUZpR.exe

C:\Windows\System\TUxUZpR.exe

C:\Windows\System\QsQIBVf.exe

C:\Windows\System\QsQIBVf.exe

C:\Windows\System\nEYMqvQ.exe

C:\Windows\System\nEYMqvQ.exe

C:\Windows\System\BriuJog.exe

C:\Windows\System\BriuJog.exe

C:\Windows\System\OunDWBC.exe

C:\Windows\System\OunDWBC.exe

C:\Windows\System\iesMsHP.exe

C:\Windows\System\iesMsHP.exe

C:\Windows\System\xIEbBoR.exe

C:\Windows\System\xIEbBoR.exe

C:\Windows\System\qrgVVRw.exe

C:\Windows\System\qrgVVRw.exe

C:\Windows\System\ALSpSeU.exe

C:\Windows\System\ALSpSeU.exe

C:\Windows\System\cBxEBnt.exe

C:\Windows\System\cBxEBnt.exe

C:\Windows\System\wDkMHIV.exe

C:\Windows\System\wDkMHIV.exe

C:\Windows\System\OXcGicg.exe

C:\Windows\System\OXcGicg.exe

C:\Windows\System\kulYdHP.exe

C:\Windows\System\kulYdHP.exe

C:\Windows\System\ZnAOIeV.exe

C:\Windows\System\ZnAOIeV.exe

C:\Windows\System\HjfpQQG.exe

C:\Windows\System\HjfpQQG.exe

C:\Windows\System\kRYSZwh.exe

C:\Windows\System\kRYSZwh.exe

C:\Windows\System\hnItfSw.exe

C:\Windows\System\hnItfSw.exe

C:\Windows\System\WzWgEQV.exe

C:\Windows\System\WzWgEQV.exe

C:\Windows\System\SQISbpp.exe

C:\Windows\System\SQISbpp.exe

C:\Windows\System\mjiPuCO.exe

C:\Windows\System\mjiPuCO.exe

C:\Windows\System\CSRHTYN.exe

C:\Windows\System\CSRHTYN.exe

C:\Windows\System\WCIwDSU.exe

C:\Windows\System\WCIwDSU.exe

C:\Windows\System\fvuWbSy.exe

C:\Windows\System\fvuWbSy.exe

C:\Windows\System\AcdbjMK.exe

C:\Windows\System\AcdbjMK.exe

C:\Windows\System\tFXKScD.exe

C:\Windows\System\tFXKScD.exe

C:\Windows\System\UsFDhPd.exe

C:\Windows\System\UsFDhPd.exe

C:\Windows\System\oBmwieI.exe

C:\Windows\System\oBmwieI.exe

C:\Windows\System\nGXOLsZ.exe

C:\Windows\System\nGXOLsZ.exe

C:\Windows\System\OQDVNRd.exe

C:\Windows\System\OQDVNRd.exe

C:\Windows\System\CMKUCWS.exe

C:\Windows\System\CMKUCWS.exe

C:\Windows\System\BvRTiDg.exe

C:\Windows\System\BvRTiDg.exe

C:\Windows\System\AdlqANP.exe

C:\Windows\System\AdlqANP.exe

C:\Windows\System\PrEcpBL.exe

C:\Windows\System\PrEcpBL.exe

C:\Windows\System\QOUekrR.exe

C:\Windows\System\QOUekrR.exe

C:\Windows\System\AOTSwIp.exe

C:\Windows\System\AOTSwIp.exe

C:\Windows\System\UPJlGYb.exe

C:\Windows\System\UPJlGYb.exe

C:\Windows\System\TcufJfy.exe

C:\Windows\System\TcufJfy.exe

C:\Windows\System\qxJFnor.exe

C:\Windows\System\qxJFnor.exe

C:\Windows\System\DPBqAjw.exe

C:\Windows\System\DPBqAjw.exe

C:\Windows\System\mouZBcp.exe

C:\Windows\System\mouZBcp.exe

C:\Windows\System\ySULByb.exe

C:\Windows\System\ySULByb.exe

C:\Windows\System\mVlvGDB.exe

C:\Windows\System\mVlvGDB.exe

C:\Windows\System\YCJRPvz.exe

C:\Windows\System\YCJRPvz.exe

C:\Windows\System\hzWknAr.exe

C:\Windows\System\hzWknAr.exe

C:\Windows\System\IqqQGOC.exe

C:\Windows\System\IqqQGOC.exe

C:\Windows\System\odojMTL.exe

C:\Windows\System\odojMTL.exe

C:\Windows\System\ZSyvHTB.exe

C:\Windows\System\ZSyvHTB.exe

C:\Windows\System\zagKTiP.exe

C:\Windows\System\zagKTiP.exe

C:\Windows\System\VkvxpQR.exe

C:\Windows\System\VkvxpQR.exe

C:\Windows\System\PzqNTsI.exe

C:\Windows\System\PzqNTsI.exe

C:\Windows\System\jSxaapt.exe

C:\Windows\System\jSxaapt.exe

C:\Windows\System\YYcSHxs.exe

C:\Windows\System\YYcSHxs.exe

C:\Windows\System\SpnEtvM.exe

C:\Windows\System\SpnEtvM.exe

C:\Windows\System\hBGpeyI.exe

C:\Windows\System\hBGpeyI.exe

C:\Windows\System\OBwRooJ.exe

C:\Windows\System\OBwRooJ.exe

C:\Windows\System\ZmdcIcQ.exe

C:\Windows\System\ZmdcIcQ.exe

C:\Windows\System\NNRmTFZ.exe

C:\Windows\System\NNRmTFZ.exe

C:\Windows\System\uBQAWei.exe

C:\Windows\System\uBQAWei.exe

C:\Windows\System\ItYhBCs.exe

C:\Windows\System\ItYhBCs.exe

C:\Windows\System\UYaLDMl.exe

C:\Windows\System\UYaLDMl.exe

C:\Windows\System\HKHODpc.exe

C:\Windows\System\HKHODpc.exe

C:\Windows\System\qmpsALV.exe

C:\Windows\System\qmpsALV.exe

C:\Windows\System\ytTyUxc.exe

C:\Windows\System\ytTyUxc.exe

C:\Windows\System\VWXdEuB.exe

C:\Windows\System\VWXdEuB.exe

C:\Windows\System\BIIFgKk.exe

C:\Windows\System\BIIFgKk.exe

C:\Windows\System\IwKCXve.exe

C:\Windows\System\IwKCXve.exe

C:\Windows\System\UKEkumY.exe

C:\Windows\System\UKEkumY.exe

C:\Windows\System\gBbbNcA.exe

C:\Windows\System\gBbbNcA.exe

C:\Windows\System\OhJKHYU.exe

C:\Windows\System\OhJKHYU.exe

C:\Windows\System\QMgKNbt.exe

C:\Windows\System\QMgKNbt.exe

C:\Windows\System\WEXZhTF.exe

C:\Windows\System\WEXZhTF.exe

C:\Windows\System\EBJoQHE.exe

C:\Windows\System\EBJoQHE.exe

C:\Windows\System\jcVSPUs.exe

C:\Windows\System\jcVSPUs.exe

C:\Windows\System\TlYwqMG.exe

C:\Windows\System\TlYwqMG.exe

C:\Windows\System\DaqZauq.exe

C:\Windows\System\DaqZauq.exe

C:\Windows\System\lusTPsQ.exe

C:\Windows\System\lusTPsQ.exe

C:\Windows\System\rXdneci.exe

C:\Windows\System\rXdneci.exe

C:\Windows\System\gnFCvau.exe

C:\Windows\System\gnFCvau.exe

C:\Windows\System\nWOdfKQ.exe

C:\Windows\System\nWOdfKQ.exe

C:\Windows\System\GtSapwc.exe

C:\Windows\System\GtSapwc.exe

C:\Windows\System\NOJwydm.exe

C:\Windows\System\NOJwydm.exe

C:\Windows\System\SCLvdry.exe

C:\Windows\System\SCLvdry.exe

C:\Windows\System\ZTiZLbf.exe

C:\Windows\System\ZTiZLbf.exe

C:\Windows\System\KUssoSA.exe

C:\Windows\System\KUssoSA.exe

C:\Windows\System\dWkoEue.exe

C:\Windows\System\dWkoEue.exe

C:\Windows\System\VIcgioD.exe

C:\Windows\System\VIcgioD.exe

C:\Windows\System\OAdTBJP.exe

C:\Windows\System\OAdTBJP.exe

C:\Windows\System\KrJOfyt.exe

C:\Windows\System\KrJOfyt.exe

C:\Windows\System\hnEhtRP.exe

C:\Windows\System\hnEhtRP.exe

C:\Windows\System\tWUYJEo.exe

C:\Windows\System\tWUYJEo.exe

C:\Windows\System\pIxLuQl.exe

C:\Windows\System\pIxLuQl.exe

C:\Windows\System\hxIysjY.exe

C:\Windows\System\hxIysjY.exe

C:\Windows\System\AUWcOCH.exe

C:\Windows\System\AUWcOCH.exe

C:\Windows\System\SSudVYj.exe

C:\Windows\System\SSudVYj.exe

C:\Windows\System\xbzXBIC.exe

C:\Windows\System\xbzXBIC.exe

C:\Windows\System\LIWelqh.exe

C:\Windows\System\LIWelqh.exe

C:\Windows\System\QvFOSMd.exe

C:\Windows\System\QvFOSMd.exe

C:\Windows\System\wXQkHqi.exe

C:\Windows\System\wXQkHqi.exe

C:\Windows\System\XEcBEkr.exe

C:\Windows\System\XEcBEkr.exe

C:\Windows\System\AbCsJnU.exe

C:\Windows\System\AbCsJnU.exe

C:\Windows\System\KqRqXuj.exe

C:\Windows\System\KqRqXuj.exe

C:\Windows\System\ZZYhiDl.exe

C:\Windows\System\ZZYhiDl.exe

C:\Windows\System\gjTxFYP.exe

C:\Windows\System\gjTxFYP.exe

C:\Windows\System\NbXvKRN.exe

C:\Windows\System\NbXvKRN.exe

C:\Windows\System\zeXnKXV.exe

C:\Windows\System\zeXnKXV.exe

C:\Windows\System\vMIfibT.exe

C:\Windows\System\vMIfibT.exe

C:\Windows\System\QGaUUJA.exe

C:\Windows\System\QGaUUJA.exe

C:\Windows\System\TkfnZKH.exe

C:\Windows\System\TkfnZKH.exe

C:\Windows\System\QBOlNZl.exe

C:\Windows\System\QBOlNZl.exe

C:\Windows\System\KgafTca.exe

C:\Windows\System\KgafTca.exe

C:\Windows\System\bUKrlBE.exe

C:\Windows\System\bUKrlBE.exe

C:\Windows\System\pqXajPk.exe

C:\Windows\System\pqXajPk.exe

C:\Windows\System\pEeYMwS.exe

C:\Windows\System\pEeYMwS.exe

C:\Windows\System\mjVRCoZ.exe

C:\Windows\System\mjVRCoZ.exe

C:\Windows\System\ockNZPu.exe

C:\Windows\System\ockNZPu.exe

C:\Windows\System\WeqHRpm.exe

C:\Windows\System\WeqHRpm.exe

C:\Windows\System\jQolitD.exe

C:\Windows\System\jQolitD.exe

C:\Windows\System\qBCzDwP.exe

C:\Windows\System\qBCzDwP.exe

C:\Windows\System\ZXaTaRo.exe

C:\Windows\System\ZXaTaRo.exe

C:\Windows\System\vfxOmpn.exe

C:\Windows\System\vfxOmpn.exe

C:\Windows\System\utDRchT.exe

C:\Windows\System\utDRchT.exe

C:\Windows\System\ctZgFrG.exe

C:\Windows\System\ctZgFrG.exe

C:\Windows\System\ixaiYif.exe

C:\Windows\System\ixaiYif.exe

C:\Windows\System\WDKjxwf.exe

C:\Windows\System\WDKjxwf.exe

C:\Windows\System\qvJTSoL.exe

C:\Windows\System\qvJTSoL.exe

C:\Windows\System\sgSRDxI.exe

C:\Windows\System\sgSRDxI.exe

C:\Windows\System\cfuBWGD.exe

C:\Windows\System\cfuBWGD.exe

C:\Windows\System\PVKVBom.exe

C:\Windows\System\PVKVBom.exe

C:\Windows\System\OcbMNah.exe

C:\Windows\System\OcbMNah.exe

C:\Windows\System\oqNxzjv.exe

C:\Windows\System\oqNxzjv.exe

C:\Windows\System\OvrnWyB.exe

C:\Windows\System\OvrnWyB.exe

C:\Windows\System\aDhCrWG.exe

C:\Windows\System\aDhCrWG.exe

C:\Windows\System\sDBtxrj.exe

C:\Windows\System\sDBtxrj.exe

C:\Windows\System\oyyHSND.exe

C:\Windows\System\oyyHSND.exe

C:\Windows\System\nIrpTNj.exe

C:\Windows\System\nIrpTNj.exe

C:\Windows\System\gdGIDqZ.exe

C:\Windows\System\gdGIDqZ.exe

C:\Windows\System\qCjmzBU.exe

C:\Windows\System\qCjmzBU.exe

C:\Windows\System\iKznpTm.exe

C:\Windows\System\iKznpTm.exe

C:\Windows\System\kDnyNzA.exe

C:\Windows\System\kDnyNzA.exe

C:\Windows\System\Ynknmob.exe

C:\Windows\System\Ynknmob.exe

C:\Windows\System\YYwabKa.exe

C:\Windows\System\YYwabKa.exe

C:\Windows\System\lBzOtkj.exe

C:\Windows\System\lBzOtkj.exe

C:\Windows\System\PzyYYAJ.exe

C:\Windows\System\PzyYYAJ.exe

C:\Windows\System\npGhxuL.exe

C:\Windows\System\npGhxuL.exe

C:\Windows\System\hieoDrS.exe

C:\Windows\System\hieoDrS.exe

C:\Windows\System\cWssxSZ.exe

C:\Windows\System\cWssxSZ.exe

C:\Windows\System\xdeTpaa.exe

C:\Windows\System\xdeTpaa.exe

C:\Windows\System\udjzZqz.exe

C:\Windows\System\udjzZqz.exe

C:\Windows\System\tAKWAgv.exe

C:\Windows\System\tAKWAgv.exe

C:\Windows\System\WJPzJQn.exe

C:\Windows\System\WJPzJQn.exe

C:\Windows\System\TehqkPm.exe

C:\Windows\System\TehqkPm.exe

C:\Windows\System\JmIOVNt.exe

C:\Windows\System\JmIOVNt.exe

C:\Windows\System\UZyrhwn.exe

C:\Windows\System\UZyrhwn.exe

C:\Windows\System\dqtPexB.exe

C:\Windows\System\dqtPexB.exe

C:\Windows\System\vtDWXSA.exe

C:\Windows\System\vtDWXSA.exe

C:\Windows\System\SNfHeMS.exe

C:\Windows\System\SNfHeMS.exe

C:\Windows\System\dqfnbMa.exe

C:\Windows\System\dqfnbMa.exe

C:\Windows\System\DTJicvY.exe

C:\Windows\System\DTJicvY.exe

C:\Windows\System\NnboyVO.exe

C:\Windows\System\NnboyVO.exe

C:\Windows\System\ouyzKgE.exe

C:\Windows\System\ouyzKgE.exe

C:\Windows\System\dAuigKC.exe

C:\Windows\System\dAuigKC.exe

C:\Windows\System\QRWZIkj.exe

C:\Windows\System\QRWZIkj.exe

C:\Windows\System\sMQYgMj.exe

C:\Windows\System\sMQYgMj.exe

C:\Windows\System\wBEaaZs.exe

C:\Windows\System\wBEaaZs.exe

C:\Windows\System\TDCVgTo.exe

C:\Windows\System\TDCVgTo.exe

C:\Windows\System\dsiJheM.exe

C:\Windows\System\dsiJheM.exe

C:\Windows\System\NYdyAQU.exe

C:\Windows\System\NYdyAQU.exe

C:\Windows\System\SZWdPza.exe

C:\Windows\System\SZWdPza.exe

C:\Windows\System\EKCikgC.exe

C:\Windows\System\EKCikgC.exe

C:\Windows\System\XcwAoCs.exe

C:\Windows\System\XcwAoCs.exe

C:\Windows\System\dFmzAbt.exe

C:\Windows\System\dFmzAbt.exe

C:\Windows\System\aVmkhvN.exe

C:\Windows\System\aVmkhvN.exe

C:\Windows\System\yggqrKV.exe

C:\Windows\System\yggqrKV.exe

C:\Windows\System\NaCbhmJ.exe

C:\Windows\System\NaCbhmJ.exe

C:\Windows\System\wLflciS.exe

C:\Windows\System\wLflciS.exe

C:\Windows\System\QJJJztp.exe

C:\Windows\System\QJJJztp.exe

C:\Windows\System\gYxCaoJ.exe

C:\Windows\System\gYxCaoJ.exe

C:\Windows\System\sMszKMs.exe

C:\Windows\System\sMszKMs.exe

C:\Windows\System\Utarnbc.exe

C:\Windows\System\Utarnbc.exe

C:\Windows\System\QaapggH.exe

C:\Windows\System\QaapggH.exe

C:\Windows\System\iOzjasC.exe

C:\Windows\System\iOzjasC.exe

C:\Windows\System\AokVkqP.exe

C:\Windows\System\AokVkqP.exe

C:\Windows\System\SVYkacv.exe

C:\Windows\System\SVYkacv.exe

C:\Windows\System\wvvguDn.exe

C:\Windows\System\wvvguDn.exe

C:\Windows\System\TGxePUT.exe

C:\Windows\System\TGxePUT.exe

C:\Windows\System\efpudns.exe

C:\Windows\System\efpudns.exe

C:\Windows\System\NsjLGXN.exe

C:\Windows\System\NsjLGXN.exe

C:\Windows\System\fArVEPw.exe

C:\Windows\System\fArVEPw.exe

C:\Windows\System\boaoUlK.exe

C:\Windows\System\boaoUlK.exe

C:\Windows\System\wpqPCVj.exe

C:\Windows\System\wpqPCVj.exe

C:\Windows\System\xTaRGaF.exe

C:\Windows\System\xTaRGaF.exe

C:\Windows\System\izHCRPs.exe

C:\Windows\System\izHCRPs.exe

C:\Windows\System\yKWtAiF.exe

C:\Windows\System\yKWtAiF.exe

C:\Windows\System\rwlHNnW.exe

C:\Windows\System\rwlHNnW.exe

C:\Windows\System\iHsSxPb.exe

C:\Windows\System\iHsSxPb.exe

C:\Windows\System\XTUPDMn.exe

C:\Windows\System\XTUPDMn.exe

C:\Windows\System\fHoPFce.exe

C:\Windows\System\fHoPFce.exe

C:\Windows\System\hqvNrDi.exe

C:\Windows\System\hqvNrDi.exe

C:\Windows\System\IuAzOTk.exe

C:\Windows\System\IuAzOTk.exe

C:\Windows\System\itUUyXy.exe

C:\Windows\System\itUUyXy.exe

C:\Windows\System\dqDDEIG.exe

C:\Windows\System\dqDDEIG.exe

C:\Windows\System\wAvzSik.exe

C:\Windows\System\wAvzSik.exe

C:\Windows\System\GcvTjAB.exe

C:\Windows\System\GcvTjAB.exe

C:\Windows\System\yNxxTzY.exe

C:\Windows\System\yNxxTzY.exe

C:\Windows\System\ywRhDha.exe

C:\Windows\System\ywRhDha.exe

C:\Windows\System\DDRmTPx.exe

C:\Windows\System\DDRmTPx.exe

C:\Windows\System\eEzZWsk.exe

C:\Windows\System\eEzZWsk.exe

C:\Windows\System\NbdZMMb.exe

C:\Windows\System\NbdZMMb.exe

C:\Windows\System\kzsmxwA.exe

C:\Windows\System\kzsmxwA.exe

C:\Windows\System\PEyneHI.exe

C:\Windows\System\PEyneHI.exe

C:\Windows\System\oCRtsDG.exe

C:\Windows\System\oCRtsDG.exe

C:\Windows\System\JDfdfIS.exe

C:\Windows\System\JDfdfIS.exe

C:\Windows\System\ryToEYM.exe

C:\Windows\System\ryToEYM.exe

C:\Windows\System\hVRLghz.exe

C:\Windows\System\hVRLghz.exe

C:\Windows\System\VBeMxwX.exe

C:\Windows\System\VBeMxwX.exe

C:\Windows\System\acdOoKi.exe

C:\Windows\System\acdOoKi.exe

C:\Windows\System\qhpHPDg.exe

C:\Windows\System\qhpHPDg.exe

C:\Windows\System\piCIVIR.exe

C:\Windows\System\piCIVIR.exe

C:\Windows\System\HNXNTlX.exe

C:\Windows\System\HNXNTlX.exe

C:\Windows\System\LzaWiRK.exe

C:\Windows\System\LzaWiRK.exe

Network

Country Destination Domain Proto
US 8.8.8.8:53 232.168.11.51.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 72.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 149.220.183.52.in-addr.arpa udp
DE 3.120.209.58:8080 tcp
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.237:443 g.bing.com tcp
US 8.8.8.8:53 237.197.79.204.in-addr.arpa udp
BE 2.17.107.122:443 www.bing.com tcp
US 8.8.8.8:53 122.107.17.2.in-addr.arpa udp
US 8.8.8.8:53 88.156.103.20.in-addr.arpa udp
US 8.8.8.8:53 26.165.165.52.in-addr.arpa udp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp
US 52.111.229.43:443 tcp
US 8.8.8.8:53 23.236.111.52.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
DE 3.120.209.58:8080 tcp
US 8.8.8.8:53 200.197.79.204.in-addr.arpa udp
DE 3.120.209.58:8080 tcp
US 8.8.8.8:53 28.73.42.20.in-addr.arpa udp

Files

memory/1468-0-0x00007FF7E2DC0000-0x00007FF7E3114000-memory.dmp

memory/1468-1-0x0000016C96FF0000-0x0000016C97000000-memory.dmp

C:\Windows\System\aegALOJ.exe

MD5 00895399bf6b3c62465b876a8e29eb92
SHA1 a7ea1241b397dd41dd4a8fa4e9585c3161588f72
SHA256 a2e74b3cbf175c79abf8e321ffd0bf7453a860292165d96a16ed0a0f357f38b0
SHA512 9e9baef34bd6aa2d66805c2112ffb0216624a6270e092aa0dba6aa8abca94c8d52df11d7014addc3f61d6b1fab1cf60b149449606659e44b11c8751da682c3ee

C:\Windows\System\xXPkWOT.exe

MD5 a741a4fc0c101b1785cf667ce14e1222
SHA1 365af421d75e99e53eb93ecc065860a76ff00eaf
SHA256 47260de025e6097079cf4c95be2af36f20f1bfc12ec55cc1def0dc01986fd084
SHA512 476b5329aacb9dcf12d7d4b5c555e5b2ee8178b14d59d781f6f33ec3a57a47d2a637e8b2902cf96b392acaab5b8f4fb06fa83ec593800aa58135064ed5e786b2

C:\Windows\System\aOuFnZC.exe

MD5 8b87ddd41e26d759bbfeb3237bf3d63d
SHA1 8592c0a6d6d2cd78944914a40d9af17965017c93
SHA256 091a70b9c9ef23cc1f521cbc6d440c54106c51bf3a5ac27ce2caee93f6280712
SHA512 92f879015148382a99b74821182e8774f8b7a59d73b538338f0aeff99853b13a64e3eef9a4c805a8a048e852679ec08c1fd62fde438c33eb0084ec878b06733f

C:\Windows\System\VCNXjrC.exe

MD5 a26f9ac398ea73516f171cf8e86bd35d
SHA1 3462e517566d5703f1f267be0cc9ee6942dbd566
SHA256 72c66722bad715ebaa24e663c0233b68166bec21b10acc0119ef307618d11962
SHA512 bb9026ce01563a9bc396449c170b628383bb2851a85d45327dd5520c0849d8acc4e661712e4a823b3028444f996171ff1542a6648e2c2200825e34db6f025396

C:\Windows\System\GcNKPcM.exe

MD5 9d130d3603f30ab97303944f62cdb405
SHA1 1df925bf9895e1fd5c38aeaaf3ceb9f098c302db
SHA256 36e071d48f5c1c8e2cb0be2a847fc66990ea28ac119bb69eb8b048c080efe4d9
SHA512 f4cbb796435fb67c2006d351e7ea3a99b0f73576bb4ecdbaf638c16bda52963d1983e7ec1aa655f88c9b6ed4397c021d91821e456039f9d7fb0deb3e914c8b6b

C:\Windows\System\QHFjMiw.exe

MD5 a7e6c323cce9241bd76d5209adff62f6
SHA1 5b7c058fa6ef414bfd862ac47df8edbf84f552bd
SHA256 8cda3363fdc7e3fa1a254d445a9cf7a542b90aff21d437d6bdbd083d38b4cf12
SHA512 9eb9771672461030ca659066b04867a55dc21a51caa1472d337561d8c4f162dd655e4a4b3c95f0a85ec52153536e8d7d9f046b3b81095de05a7040f0e9bd3b80

C:\Windows\System\ApHOWlu.exe

MD5 5abe0ddcae7eac53602d5fbe313d2da0
SHA1 d18da68eb5cd9b8374c16b5dc0686ae1d9d4f41d
SHA256 dcda94397c8cd2622adea63630e3fd0f3414d9632deab1dc8d2ee92153dc3dcb
SHA512 d99dc6b06b4e95c7f0b5cd69f5d3000b9ad8ba8cb5bd0601fe0fffce0e473dee9289dda80f6c309444d1d3ec633f5654ed38f8dc52d59362b7862994207887a8

C:\Windows\System\YZtLFKP.exe

MD5 90b121c00f9a297dc74936df1d623fc5
SHA1 187e611a9ab76a760311706bb8c22f471d2e9465
SHA256 e23c3ab7ccff182d0f0074a5612ab5ccca2133ba8dc6296a244077684f8205c4
SHA512 435d19e4a431c35c18b8c3feb9b79aac19bf981a824b820ea239e9d485d657ad22ae720a1f5465e82c51ccb70595dd339ddca4e92ec86795a648a97bd66116f1

memory/2868-56-0x00007FF707190000-0x00007FF7074E4000-memory.dmp

memory/4248-62-0x00007FF75BE30000-0x00007FF75C184000-memory.dmp

memory/3628-67-0x00007FF73C320000-0x00007FF73C674000-memory.dmp

memory/2696-66-0x00007FF7BC2C0000-0x00007FF7BC614000-memory.dmp

C:\Windows\System\LsgbWCl.exe

MD5 b9eba2dcf63cb642ce767d69ec1f7438
SHA1 48de5826cc7ae5545797c1becac4ba39c6a79958
SHA256 aa18e2ad0becdaa293dceb014da726b5567834646079c776efa9fe596a54d4d5
SHA512 ecb36ab450b16ccc8c8b2a5ad9315394128b59202a382ec7da39cfca7b117b554f9705e68377df77cc71247e70416348bfbb1bb9da60453e993dcf586ef4fa62

memory/4076-63-0x00007FF649370000-0x00007FF6496C4000-memory.dmp

C:\Windows\System\WMKddJL.exe

MD5 37c5a8e2e0e80ab3ec1ef8c1cf7144e2
SHA1 2131b030c75246550e7bebeddb156f77fe0de7b9
SHA256 a6c740ea2e733325f2b6c06e83cae161e2209b8d05296d724c247f9d2a106bb5
SHA512 417184639f4ed61f10b421d9cd601233822fa5fddcf4968ceca7625a6288bbbff701d8640190a8da49cbf1f5a8ede621b89cfae2e512dbcb93b8c798f2b73f80

memory/636-49-0x00007FF6BD120000-0x00007FF6BD474000-memory.dmp

memory/1888-45-0x00007FF7C8D00000-0x00007FF7C9054000-memory.dmp

C:\Windows\System\BaNEzWL.exe

MD5 553609b0d3bcecdc4109783340a54adb
SHA1 25f5a5fc1d2b617d376949947ad7aa215dada126
SHA256 8716c149f5d193b50069e396473c2ecea2d3d1825c8de89d034dca6ed6ce2a39
SHA512 c771c4e6b0ccbd341432350acb64f59a12125f9db2471191054411dfa9dd2c13231fc0bdc3dbe4aa0063d8197aa315ceac2b0cae6691cffbcfaa536f1088e4a1

memory/4468-38-0x00007FF74C6E0000-0x00007FF74CA34000-memory.dmp

memory/4556-32-0x00007FF7674D0000-0x00007FF767824000-memory.dmp

memory/1548-16-0x00007FF6A94A0000-0x00007FF6A97F4000-memory.dmp

memory/1632-11-0x00007FF6F77F0000-0x00007FF6F7B44000-memory.dmp

C:\Windows\System\mBMEfcJ.exe

MD5 54dfbd18bff75b59e7aa1ad296cae24b
SHA1 74ce72a7d831d292621870b5637b0cf56d62f00d
SHA256 34b65e97c0096f5be4caf8e0e737e91b791e1ddc1ec75fc331193cb8b7e155bb
SHA512 90cce3d9bf600efb33e49ba11dc2ab9daa7893b6b880f8daa8b81032bdc6d8ce40b747afb95191a0e268ceb19cee759b3402cd466a4aa5b74901a658faf35cc5

memory/2608-73-0x00007FF71B4F0000-0x00007FF71B844000-memory.dmp

C:\Windows\System\lDTyvtB.exe

MD5 6a7d94ab1ce2f4541f09d4125e4caf85
SHA1 424d3edfd8156b3a75e45020af0ae6458feab12e
SHA256 31f01f4d212f169c44e43e41d3e10bd81f97231ba60bf88942468543f3b8d5a5
SHA512 e2a21c47aa24992e407d104f290b5636d347d5fd5d5dd8b8db89e5e62fe72c01bf048aa353b02680bfddbea5b7625dbcea3afff4c77b08d15e3cea0b800d29fd

C:\Windows\System\XCcmjrC.exe

MD5 d57c62329ca4397ae71093ff2d86e75b
SHA1 e8ad9b16abf5ff671a86cdbc20a1194f79e042e2
SHA256 cacd19af3ba9e90b60cbe05b2db565f1b28a6071790bd56ce3abdbc40fbe0a77
SHA512 b70225fd93f384538ecd39be68baead747530c51389c614da66e916250dcc5054975470d1b4eefa9c87c7726dc772b123696e1eb01912b63038493624570755b

memory/4716-90-0x00007FF7E8C80000-0x00007FF7E8FD4000-memory.dmp

C:\Windows\System\axcrxFP.exe

MD5 f64ebaed77dcf8f784d0719f28838568
SHA1 e581e7364f16a18ae5cfa24b1400aea2a07607a3
SHA256 30038b9d62d50ba2ff2d99a037fd776ccc4ff1e969aaf055b63e0d4107bdb9a9
SHA512 f493e7fb9d937f18d8316927b2aa5f5d712b39c153e8396124f9725ac800cbb59ed563e53738e542e83ab35dcbf5a5d5420954a4fcb48589cbbc106c8e97a4ae

C:\Windows\System\PCLTpDx.exe

MD5 31b43d3b6dfc29ef8ef092d945b6afd5
SHA1 0fc3490059bf286bb874d072216e31a57d84d0ab
SHA256 a377d226387547ba011356ea94b07957fdf85be5b24c45f6b5e4e5accc37643c
SHA512 e49c2bc93f5a51982456b67205c13f7ef76bee5d044d69a3fe54156325efeef05175b81dc15f193e45f15a183c010dfc4ec922ef31ffc179efdd09828c316d76

memory/1484-81-0x00007FF7D8120000-0x00007FF7D8474000-memory.dmp

memory/364-100-0x00007FF622100000-0x00007FF622454000-memory.dmp

C:\Windows\System\NiYuNKC.exe

MD5 09d4b441e818272a27d9423c3e61b02f
SHA1 19e04144e4e72470ace62a60e7949dc467e381e3
SHA256 d52febbe8395c61bd3549bc7112ee523c0802795adeb225905786ef1b16e6c4e
SHA512 f89536f966d0340c0f3a2ea385d6dcbb4f4980f2dbae45169a7882241934c7cd259accac6ec0a29993216dba8772b7ec655d4273f1b0f3ad887f06d521a97d9b

C:\Windows\System\KaphANO.exe

MD5 449536d37c4e73910678f8ad05be180c
SHA1 a2bdad316efc58332d76adb8378f017b6f36d1b5
SHA256 b17b58f9773351475e8e4afd0279cafbd9b4a85c160d7a94d2257bf3e4c98d9f
SHA512 6b015858af708a951708e57ed6fdcc02eb87f829bb86148cf91a81c5b253de0ee4915dbe139ec910a659312110aac6dea7ae4c01edd4cda1cc348ca1bce7ece3

C:\Windows\System\ZgVnxAu.exe

MD5 9ae6fcd72948cc85f4709d50d1bc8e5a
SHA1 0d987fbb7651ce56eb80a0a3e7901d738a3766cd
SHA256 8c30b974061b59af6e38cc7bca8fee4d91ac180782b8367023de5f7a2ccab5f0
SHA512 f1d36631ced9808de52018ca02abdd69fd8697adb475ff0ac05a241fe8724a336eeff5ec5a2e956c4a48fea714ffe4957e40b9e50d05747ae73b601352d9840e

C:\Windows\System\UgpPnkg.exe

MD5 1475bad3379d530da1609c962ebb4bbf
SHA1 abaa8fb461c2350945056b9fe31718d0007ac741
SHA256 dd2fce726920c8751ca40ba31f51f394253e6f10ffb05e9d947bcf00f8eefb55
SHA512 6611255cdeea72f01d9b6136033a7c232e43c5f2bad1aabe54632447c948b7c076ef78adddd6a1d326b500437fb84add8877467dc01c7d964f7018e4f39e3ae2

C:\Windows\System\iuolwQo.exe

MD5 4d18a90774b791bde234bfa509fc3d37
SHA1 776e398e3c5207c428d1f7b4d779412f8b804309
SHA256 cc9edd119363fad610eae03aac7bf0d235c129696624d061cb281b78aef3613f
SHA512 5a9ec35fb72047e9936dd9e27dfe2fe003dcbd5c78477a028f6ed9648f538a1d246a24fd89c1d64554dcc32b876ea1b200d57bde361aff92448f9dd3981509b5

C:\Windows\System\tpFnyob.exe

MD5 0f2373ad9674f769fbf6d07ec49eed71
SHA1 de15086ad99c74dce847ee8bfae39c7e70e67ac2
SHA256 889612962587e563f587abb258b96616ad8dcd38c991bacc9fee85bbcdc79453
SHA512 477b848fd218aa0dbeaaffee50407e0236ed45a1e97a467b6432f2ce70f53b582d7b9a36ae422c9b41594ca4d006ca99fe3f70da9f59d858830195edfc9373b6

C:\Windows\System\sqIOYAR.exe

MD5 2b0abf7af5672f0240f7d71d78eb3eb8
SHA1 6dff2b2e5e51d45652032ad49c85ebd214ca4036
SHA256 6a351eddfb5aa8df8eed9d47ddabdfdec1648ed4789b601f17b662b6b1ba4006
SHA512 10bde81a17239747c02a727b4dc9c8967b7f1b601f2ea17f64a871449507c80bac419ccc2ab41f0cb0316bb96bde8615875bbe0cb57bd558f3be8bded773dffd

C:\Windows\System\RJTiAaV.exe

MD5 b91a9c51bd0b63cc5d4037663f4a3646
SHA1 770ee324ac56e8dafa54d694adbecb0821b4ebf2
SHA256 66068686d1676fa062231a88292033ab676305fdaf4c2b61f09d864f6f25c293
SHA512 58828c250556bcc21b73669942bd9c15e31f7c7d607fb79d5074072219982696ba44dc9390ad7d9403b150aedf59dcc7361b9b18380660b5d92b834948ca1045

memory/1468-129-0x00007FF7E2DC0000-0x00007FF7E3114000-memory.dmp

memory/4924-126-0x00007FF6C6A80000-0x00007FF6C6DD4000-memory.dmp

memory/1760-119-0x00007FF782EF0000-0x00007FF783244000-memory.dmp

memory/5064-114-0x00007FF657460000-0x00007FF6577B4000-memory.dmp

memory/652-109-0x00007FF6B3160000-0x00007FF6B34B4000-memory.dmp

C:\Windows\System\onuUfjz.exe

MD5 d4d97df2caab15a8f2487fc66b54a9ef
SHA1 2135849ab946c2e7ad4d8eb02b429c3eb78b8818
SHA256 540b07665b559266414750d5fb2b4d4e476c1eded07bcba6471c5c347b0864f3
SHA512 6a51fe666e1ca447d10951603fefddf3969dbdecfb897a6cd10ba2e2a4240eafe7bffe12bfe95c732648847444df0d43ca39e77845a26655f46f90ea43917672

C:\Windows\System\bSksVii.exe

MD5 3fd16ae207e8e7c46a89b4b7c1234c65
SHA1 b746fdc119cd1620d6c1359c200b93e56d54b42f
SHA256 f80f575e21e3dd92249dfea4ed2aec49ddf6b2f5601e008487fa081a58b65c5a
SHA512 6868c2f5518eb34699db9071e1b2ad0a7a9780c293ff1ad76568a333e10c4fc4bacf24141fbe40e694125a1a95d66c98a73f13974d9467ef4808921e9353d485

C:\Windows\System\HsaBPBk.exe

MD5 183d0b7da4d5db9b0be228a744016512
SHA1 9311a5f9582fbef63a627c9bc1fac42f94a2ce9a
SHA256 97414e5806040d7226d4de7fffa1590dd9dbd4572a165481389feed6f087ce32
SHA512 cde0ffbb2b4caa31b175955a37b5fcacc92acdeff644f9fe9d4267c718a99a21c65b193fdf6a550319c00de1b8da855a9463738325a29b381ccf980b1bef50f1

memory/4484-187-0x00007FF7DC470000-0x00007FF7DC7C4000-memory.dmp

C:\Windows\System\VuPGsYd.exe

MD5 5af7c74b774f003c46154bd201738a0b
SHA1 87b31f464b8c8156d6d22ce66a17089f00a675cc
SHA256 4c965569de60c0586031ed0a5fe7ca7a35587adb8336c47a9b004885019938d4
SHA512 0638156be65c7a736d99f87e9a7d5bafe66112983936f69fec350ad19505a71aea00b8b7f14a61f0d76542ac819442f78410602959e31a35f277e7236247c172

C:\Windows\System\yTbiLkX.exe

MD5 4df2703783941e82831564b0dd13fb17
SHA1 5665edc9cce20de2dd7e1c818f461411bc748255
SHA256 9508c64476f2d8531dcde2ad516365305723800d4124d6ce0da4b7453a1a5778
SHA512 fb16fffd0730715ce471866cf7326d7e90f00c93552ae0ca0786e3215d5d25751c329975fef3c565a050a8180636ce4ace65d41498d2054548281caffeca0ebb

memory/4084-186-0x00007FF7AECD0000-0x00007FF7AF024000-memory.dmp

memory/1912-180-0x00007FF761290000-0x00007FF7615E4000-memory.dmp

C:\Windows\System\sHmuTyF.exe

MD5 e5825aacc93a819bbdb5022ce492aa10
SHA1 ecf7b60f43b48516e5c43a4f2604f4afccf6744a
SHA256 0112237086ed8916a51e3ca639935d4694373c98fa2425d98e00ab927c9910c0
SHA512 2cbd8946075e516421b7c5f4614e4a3c314ec2fb166f4115e8844e9ad0904d24de48b077ca25e59466d2f74e6311f949b7c40db3f239673459ab854069bb3ed9

memory/1732-173-0x00007FF744CE0000-0x00007FF745034000-memory.dmp

memory/1660-168-0x00007FF7A8690000-0x00007FF7A89E4000-memory.dmp

memory/2120-164-0x00007FF79A0A0000-0x00007FF79A3F4000-memory.dmp

C:\Windows\System\QczhGpT.exe

MD5 96a949536dc315f091f40f438b458d0d
SHA1 45bc6db47388d6b0017f451450513ecc1833aabb
SHA256 d1f4b2d92dc5783597a51c37b91306093aba410c5488f8216f5ec4de6e2ae8b1
SHA512 49a3c48cf6f051afd74470ce48219a4982cd5ce773a39481efeae000a0ac1ddc5928860119ca60b3da01671dd7480828b300a8583e5f84d0c773dd56f50c71ed

C:\Windows\System\hUKISsY.exe

MD5 d9cc417e9e97a089fee66e0e99cf05ea
SHA1 e60a31c5583de22948463beeb8bd41d44447c14d
SHA256 45862c67f2bd63316fbdf5454c351eed38eb817170c52503b875385d286872a5
SHA512 c98f3893b08e089c03cd5ee05d6442fa1f335aa95122dea84921112615fb547e43915cdd6d6d89ceffefbeb439a88064951209164cf322f3280ae3fd4e1c2e35

memory/432-155-0x00007FF677E10000-0x00007FF678164000-memory.dmp

memory/2040-149-0x00007FF697D60000-0x00007FF6980B4000-memory.dmp

memory/2408-146-0x00007FF7BA150000-0x00007FF7BA4A4000-memory.dmp

memory/4044-143-0x00007FF799730000-0x00007FF799A84000-memory.dmp

memory/1548-529-0x00007FF6A94A0000-0x00007FF6A97F4000-memory.dmp

memory/1888-534-0x00007FF7C8D00000-0x00007FF7C9054000-memory.dmp

memory/2608-1073-0x00007FF71B4F0000-0x00007FF71B844000-memory.dmp

memory/1484-1074-0x00007FF7D8120000-0x00007FF7D8474000-memory.dmp

memory/1760-1075-0x00007FF782EF0000-0x00007FF783244000-memory.dmp

memory/4924-1076-0x00007FF6C6A80000-0x00007FF6C6DD4000-memory.dmp

memory/2120-1077-0x00007FF79A0A0000-0x00007FF79A3F4000-memory.dmp

memory/1632-1078-0x00007FF6F77F0000-0x00007FF6F7B44000-memory.dmp

memory/1548-1079-0x00007FF6A94A0000-0x00007FF6A97F4000-memory.dmp

memory/4556-1080-0x00007FF7674D0000-0x00007FF767824000-memory.dmp

memory/4468-1081-0x00007FF74C6E0000-0x00007FF74CA34000-memory.dmp

memory/636-1082-0x00007FF6BD120000-0x00007FF6BD474000-memory.dmp

memory/1888-1083-0x00007FF7C8D00000-0x00007FF7C9054000-memory.dmp

memory/3628-1084-0x00007FF73C320000-0x00007FF73C674000-memory.dmp

memory/4248-1087-0x00007FF75BE30000-0x00007FF75C184000-memory.dmp

memory/2868-1088-0x00007FF707190000-0x00007FF7074E4000-memory.dmp

memory/4076-1086-0x00007FF649370000-0x00007FF6496C4000-memory.dmp

memory/2696-1085-0x00007FF7BC2C0000-0x00007FF7BC614000-memory.dmp

memory/2608-1089-0x00007FF71B4F0000-0x00007FF71B844000-memory.dmp

memory/1484-1090-0x00007FF7D8120000-0x00007FF7D8474000-memory.dmp

memory/4716-1091-0x00007FF7E8C80000-0x00007FF7E8FD4000-memory.dmp

memory/364-1093-0x00007FF622100000-0x00007FF622454000-memory.dmp

memory/652-1092-0x00007FF6B3160000-0x00007FF6B34B4000-memory.dmp

memory/5064-1094-0x00007FF657460000-0x00007FF6577B4000-memory.dmp

memory/4044-1095-0x00007FF799730000-0x00007FF799A84000-memory.dmp

memory/1760-1096-0x00007FF782EF0000-0x00007FF783244000-memory.dmp

memory/1732-1098-0x00007FF744CE0000-0x00007FF745034000-memory.dmp

memory/2408-1100-0x00007FF7BA150000-0x00007FF7BA4A4000-memory.dmp

memory/2040-1101-0x00007FF697D60000-0x00007FF6980B4000-memory.dmp

memory/4924-1099-0x00007FF6C6A80000-0x00007FF6C6DD4000-memory.dmp

memory/432-1097-0x00007FF677E10000-0x00007FF678164000-memory.dmp

memory/1660-1102-0x00007FF7A8690000-0x00007FF7A89E4000-memory.dmp

memory/1912-1103-0x00007FF761290000-0x00007FF7615E4000-memory.dmp

memory/2120-1104-0x00007FF79A0A0000-0x00007FF79A3F4000-memory.dmp

memory/4484-1105-0x00007FF7DC470000-0x00007FF7DC7C4000-memory.dmp

memory/4084-1106-0x00007FF7AECD0000-0x00007FF7AF024000-memory.dmp