Malware Analysis Report

2024-10-10 08:37

Sample ID 240604-ejmn7ada52
Target 2ab60d2aa7cbb09f63e57bdadebfed10_NeikiAnalytics.exe
SHA256 c36443bfac6592191d533fffb284e249a877c3a6190ee99b54dc4cccbcdde76d
Tags
kpot xmrig miner stealer trojan upx
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

c36443bfac6592191d533fffb284e249a877c3a6190ee99b54dc4cccbcdde76d

Threat Level: Known bad

The file 2ab60d2aa7cbb09f63e57bdadebfed10_NeikiAnalytics.exe was found to be: Known bad.

Malicious Activity Summary

kpot xmrig miner stealer trojan upx

KPOT

Kpot family

KPOT Core Executable

XMRig Miner payload

Xmrig family

xmrig

XMRig Miner payload

Loads dropped DLL

UPX packed file

Executes dropped EXE

Drops file in Windows directory

Unsigned PE

Suspicious use of AdjustPrivilegeToken

Suspicious use of WriteProcessMemory

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-04 03:58

Signatures

KPOT Core Executable

Description Indicator Process Target
N/A N/A N/A N/A

Kpot family

kpot

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A

Xmrig family

xmrig

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-04 03:58

Reported

2024-06-04 04:00

Platform

win10v2004-20240426-en

Max time kernel

148s

Max time network

150s

Command Line

"C:\Users\Admin\AppData\Local\Temp\2ab60d2aa7cbb09f63e57bdadebfed10_NeikiAnalytics.exe"

Signatures

KPOT

trojan stealer kpot

KPOT Core Executable

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

xmrig

miner xmrig

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Windows\System\pCROSNL.exe N/A
N/A N/A C:\Windows\System\oDGAxjG.exe N/A
N/A N/A C:\Windows\System\VfwCQjF.exe N/A
N/A N/A C:\Windows\System\xPeycXO.exe N/A
N/A N/A C:\Windows\System\rtxdPTE.exe N/A
N/A N/A C:\Windows\System\QmsGckB.exe N/A
N/A N/A C:\Windows\System\NdkdnSX.exe N/A
N/A N/A C:\Windows\System\kfcJQKW.exe N/A
N/A N/A C:\Windows\System\OSqrHdg.exe N/A
N/A N/A C:\Windows\System\oPwpUmM.exe N/A
N/A N/A C:\Windows\System\YgoeCHY.exe N/A
N/A N/A C:\Windows\System\ZjDgpRu.exe N/A
N/A N/A C:\Windows\System\wMMPoAV.exe N/A
N/A N/A C:\Windows\System\cYUqgzz.exe N/A
N/A N/A C:\Windows\System\neDlnvJ.exe N/A
N/A N/A C:\Windows\System\egfvSFK.exe N/A
N/A N/A C:\Windows\System\yEMQpXm.exe N/A
N/A N/A C:\Windows\System\kPcwdqx.exe N/A
N/A N/A C:\Windows\System\nnnSipm.exe N/A
N/A N/A C:\Windows\System\ItxTuwU.exe N/A
N/A N/A C:\Windows\System\FGWzoaV.exe N/A
N/A N/A C:\Windows\System\gRGKvSK.exe N/A
N/A N/A C:\Windows\System\OFwoHmW.exe N/A
N/A N/A C:\Windows\System\WaMaeAC.exe N/A
N/A N/A C:\Windows\System\OmvScKH.exe N/A
N/A N/A C:\Windows\System\ROgBOuV.exe N/A
N/A N/A C:\Windows\System\SieiPXJ.exe N/A
N/A N/A C:\Windows\System\LMhLqhC.exe N/A
N/A N/A C:\Windows\System\xtTGuLw.exe N/A
N/A N/A C:\Windows\System\rzVbhyt.exe N/A
N/A N/A C:\Windows\System\iAiTnZP.exe N/A
N/A N/A C:\Windows\System\MFtqiFn.exe N/A
N/A N/A C:\Windows\System\HLLeQLd.exe N/A
N/A N/A C:\Windows\System\PgVLqhh.exe N/A
N/A N/A C:\Windows\System\oTSYGWu.exe N/A
N/A N/A C:\Windows\System\mHuCmyp.exe N/A
N/A N/A C:\Windows\System\kPkwsnQ.exe N/A
N/A N/A C:\Windows\System\YDnuVcq.exe N/A
N/A N/A C:\Windows\System\NVscxOE.exe N/A
N/A N/A C:\Windows\System\uuKrLIs.exe N/A
N/A N/A C:\Windows\System\EHonmto.exe N/A
N/A N/A C:\Windows\System\iOKUKGu.exe N/A
N/A N/A C:\Windows\System\faHOFAW.exe N/A
N/A N/A C:\Windows\System\NXoVjmH.exe N/A
N/A N/A C:\Windows\System\bAvrmaW.exe N/A
N/A N/A C:\Windows\System\PDWjyfF.exe N/A
N/A N/A C:\Windows\System\dkQxTmB.exe N/A
N/A N/A C:\Windows\System\BKIPMeT.exe N/A
N/A N/A C:\Windows\System\GqbjbLc.exe N/A
N/A N/A C:\Windows\System\VNxpoys.exe N/A
N/A N/A C:\Windows\System\zKMABYZ.exe N/A
N/A N/A C:\Windows\System\IDOKhZM.exe N/A
N/A N/A C:\Windows\System\xuElCFw.exe N/A
N/A N/A C:\Windows\System\GzJJkvg.exe N/A
N/A N/A C:\Windows\System\lgQcFhC.exe N/A
N/A N/A C:\Windows\System\gLONurD.exe N/A
N/A N/A C:\Windows\System\UoFRdVp.exe N/A
N/A N/A C:\Windows\System\tikNbUU.exe N/A
N/A N/A C:\Windows\System\DSYcafU.exe N/A
N/A N/A C:\Windows\System\jpNrGri.exe N/A
N/A N/A C:\Windows\System\zSvLSvM.exe N/A
N/A N/A C:\Windows\System\ltIevyn.exe N/A
N/A N/A C:\Windows\System\SyENnaH.exe N/A
N/A N/A C:\Windows\System\OqeBUxz.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\System\VgPREIG.exe C:\Users\Admin\AppData\Local\Temp\2ab60d2aa7cbb09f63e57bdadebfed10_NeikiAnalytics.exe N/A
File created C:\Windows\System\GowqSUw.exe C:\Users\Admin\AppData\Local\Temp\2ab60d2aa7cbb09f63e57bdadebfed10_NeikiAnalytics.exe N/A
File created C:\Windows\System\kPkwsnQ.exe C:\Users\Admin\AppData\Local\Temp\2ab60d2aa7cbb09f63e57bdadebfed10_NeikiAnalytics.exe N/A
File created C:\Windows\System\cKQqxHO.exe C:\Users\Admin\AppData\Local\Temp\2ab60d2aa7cbb09f63e57bdadebfed10_NeikiAnalytics.exe N/A
File created C:\Windows\System\fHxXwKH.exe C:\Users\Admin\AppData\Local\Temp\2ab60d2aa7cbb09f63e57bdadebfed10_NeikiAnalytics.exe N/A
File created C:\Windows\System\aLzQUOE.exe C:\Users\Admin\AppData\Local\Temp\2ab60d2aa7cbb09f63e57bdadebfed10_NeikiAnalytics.exe N/A
File created C:\Windows\System\DaDBswG.exe C:\Users\Admin\AppData\Local\Temp\2ab60d2aa7cbb09f63e57bdadebfed10_NeikiAnalytics.exe N/A
File created C:\Windows\System\ucqmbNj.exe C:\Users\Admin\AppData\Local\Temp\2ab60d2aa7cbb09f63e57bdadebfed10_NeikiAnalytics.exe N/A
File created C:\Windows\System\DeggnQS.exe C:\Users\Admin\AppData\Local\Temp\2ab60d2aa7cbb09f63e57bdadebfed10_NeikiAnalytics.exe N/A
File created C:\Windows\System\uFncrZf.exe C:\Users\Admin\AppData\Local\Temp\2ab60d2aa7cbb09f63e57bdadebfed10_NeikiAnalytics.exe N/A
File created C:\Windows\System\rtxdPTE.exe C:\Users\Admin\AppData\Local\Temp\2ab60d2aa7cbb09f63e57bdadebfed10_NeikiAnalytics.exe N/A
File created C:\Windows\System\uzKpnEI.exe C:\Users\Admin\AppData\Local\Temp\2ab60d2aa7cbb09f63e57bdadebfed10_NeikiAnalytics.exe N/A
File created C:\Windows\System\UBvXGrD.exe C:\Users\Admin\AppData\Local\Temp\2ab60d2aa7cbb09f63e57bdadebfed10_NeikiAnalytics.exe N/A
File created C:\Windows\System\emFpPBo.exe C:\Users\Admin\AppData\Local\Temp\2ab60d2aa7cbb09f63e57bdadebfed10_NeikiAnalytics.exe N/A
File created C:\Windows\System\nepHWXn.exe C:\Users\Admin\AppData\Local\Temp\2ab60d2aa7cbb09f63e57bdadebfed10_NeikiAnalytics.exe N/A
File created C:\Windows\System\LLoLUfP.exe C:\Users\Admin\AppData\Local\Temp\2ab60d2aa7cbb09f63e57bdadebfed10_NeikiAnalytics.exe N/A
File created C:\Windows\System\YmzlLxf.exe C:\Users\Admin\AppData\Local\Temp\2ab60d2aa7cbb09f63e57bdadebfed10_NeikiAnalytics.exe N/A
File created C:\Windows\System\WAarRpb.exe C:\Users\Admin\AppData\Local\Temp\2ab60d2aa7cbb09f63e57bdadebfed10_NeikiAnalytics.exe N/A
File created C:\Windows\System\cpZSPgn.exe C:\Users\Admin\AppData\Local\Temp\2ab60d2aa7cbb09f63e57bdadebfed10_NeikiAnalytics.exe N/A
File created C:\Windows\System\OmvScKH.exe C:\Users\Admin\AppData\Local\Temp\2ab60d2aa7cbb09f63e57bdadebfed10_NeikiAnalytics.exe N/A
File created C:\Windows\System\yQWEQKi.exe C:\Users\Admin\AppData\Local\Temp\2ab60d2aa7cbb09f63e57bdadebfed10_NeikiAnalytics.exe N/A
File created C:\Windows\System\qNmNvdh.exe C:\Users\Admin\AppData\Local\Temp\2ab60d2aa7cbb09f63e57bdadebfed10_NeikiAnalytics.exe N/A
File created C:\Windows\System\TBuLcfE.exe C:\Users\Admin\AppData\Local\Temp\2ab60d2aa7cbb09f63e57bdadebfed10_NeikiAnalytics.exe N/A
File created C:\Windows\System\efuGYQu.exe C:\Users\Admin\AppData\Local\Temp\2ab60d2aa7cbb09f63e57bdadebfed10_NeikiAnalytics.exe N/A
File created C:\Windows\System\tprdSIn.exe C:\Users\Admin\AppData\Local\Temp\2ab60d2aa7cbb09f63e57bdadebfed10_NeikiAnalytics.exe N/A
File created C:\Windows\System\lAAldKC.exe C:\Users\Admin\AppData\Local\Temp\2ab60d2aa7cbb09f63e57bdadebfed10_NeikiAnalytics.exe N/A
File created C:\Windows\System\fQymxQM.exe C:\Users\Admin\AppData\Local\Temp\2ab60d2aa7cbb09f63e57bdadebfed10_NeikiAnalytics.exe N/A
File created C:\Windows\System\wooSEgP.exe C:\Users\Admin\AppData\Local\Temp\2ab60d2aa7cbb09f63e57bdadebfed10_NeikiAnalytics.exe N/A
File created C:\Windows\System\NlkygLM.exe C:\Users\Admin\AppData\Local\Temp\2ab60d2aa7cbb09f63e57bdadebfed10_NeikiAnalytics.exe N/A
File created C:\Windows\System\pULJdzW.exe C:\Users\Admin\AppData\Local\Temp\2ab60d2aa7cbb09f63e57bdadebfed10_NeikiAnalytics.exe N/A
File created C:\Windows\System\CPIdsxd.exe C:\Users\Admin\AppData\Local\Temp\2ab60d2aa7cbb09f63e57bdadebfed10_NeikiAnalytics.exe N/A
File created C:\Windows\System\BXfcBxc.exe C:\Users\Admin\AppData\Local\Temp\2ab60d2aa7cbb09f63e57bdadebfed10_NeikiAnalytics.exe N/A
File created C:\Windows\System\tLnIsvr.exe C:\Users\Admin\AppData\Local\Temp\2ab60d2aa7cbb09f63e57bdadebfed10_NeikiAnalytics.exe N/A
File created C:\Windows\System\ROgBOuV.exe C:\Users\Admin\AppData\Local\Temp\2ab60d2aa7cbb09f63e57bdadebfed10_NeikiAnalytics.exe N/A
File created C:\Windows\System\kguuDnJ.exe C:\Users\Admin\AppData\Local\Temp\2ab60d2aa7cbb09f63e57bdadebfed10_NeikiAnalytics.exe N/A
File created C:\Windows\System\QtOFPDN.exe C:\Users\Admin\AppData\Local\Temp\2ab60d2aa7cbb09f63e57bdadebfed10_NeikiAnalytics.exe N/A
File created C:\Windows\System\osctAgP.exe C:\Users\Admin\AppData\Local\Temp\2ab60d2aa7cbb09f63e57bdadebfed10_NeikiAnalytics.exe N/A
File created C:\Windows\System\GzJJkvg.exe C:\Users\Admin\AppData\Local\Temp\2ab60d2aa7cbb09f63e57bdadebfed10_NeikiAnalytics.exe N/A
File created C:\Windows\System\lgQcFhC.exe C:\Users\Admin\AppData\Local\Temp\2ab60d2aa7cbb09f63e57bdadebfed10_NeikiAnalytics.exe N/A
File created C:\Windows\System\zSvLSvM.exe C:\Users\Admin\AppData\Local\Temp\2ab60d2aa7cbb09f63e57bdadebfed10_NeikiAnalytics.exe N/A
File created C:\Windows\System\IBTJuuY.exe C:\Users\Admin\AppData\Local\Temp\2ab60d2aa7cbb09f63e57bdadebfed10_NeikiAnalytics.exe N/A
File created C:\Windows\System\LMhLqhC.exe C:\Users\Admin\AppData\Local\Temp\2ab60d2aa7cbb09f63e57bdadebfed10_NeikiAnalytics.exe N/A
File created C:\Windows\System\zKMABYZ.exe C:\Users\Admin\AppData\Local\Temp\2ab60d2aa7cbb09f63e57bdadebfed10_NeikiAnalytics.exe N/A
File created C:\Windows\System\BKIPMeT.exe C:\Users\Admin\AppData\Local\Temp\2ab60d2aa7cbb09f63e57bdadebfed10_NeikiAnalytics.exe N/A
File created C:\Windows\System\aELmMxX.exe C:\Users\Admin\AppData\Local\Temp\2ab60d2aa7cbb09f63e57bdadebfed10_NeikiAnalytics.exe N/A
File created C:\Windows\System\QvJGhsN.exe C:\Users\Admin\AppData\Local\Temp\2ab60d2aa7cbb09f63e57bdadebfed10_NeikiAnalytics.exe N/A
File created C:\Windows\System\xtTGuLw.exe C:\Users\Admin\AppData\Local\Temp\2ab60d2aa7cbb09f63e57bdadebfed10_NeikiAnalytics.exe N/A
File created C:\Windows\System\HLLeQLd.exe C:\Users\Admin\AppData\Local\Temp\2ab60d2aa7cbb09f63e57bdadebfed10_NeikiAnalytics.exe N/A
File created C:\Windows\System\gnpQRjP.exe C:\Users\Admin\AppData\Local\Temp\2ab60d2aa7cbb09f63e57bdadebfed10_NeikiAnalytics.exe N/A
File created C:\Windows\System\vkKUDxN.exe C:\Users\Admin\AppData\Local\Temp\2ab60d2aa7cbb09f63e57bdadebfed10_NeikiAnalytics.exe N/A
File created C:\Windows\System\FtvagzI.exe C:\Users\Admin\AppData\Local\Temp\2ab60d2aa7cbb09f63e57bdadebfed10_NeikiAnalytics.exe N/A
File created C:\Windows\System\oTSYGWu.exe C:\Users\Admin\AppData\Local\Temp\2ab60d2aa7cbb09f63e57bdadebfed10_NeikiAnalytics.exe N/A
File created C:\Windows\System\RWkxFQM.exe C:\Users\Admin\AppData\Local\Temp\2ab60d2aa7cbb09f63e57bdadebfed10_NeikiAnalytics.exe N/A
File created C:\Windows\System\oHZQqAd.exe C:\Users\Admin\AppData\Local\Temp\2ab60d2aa7cbb09f63e57bdadebfed10_NeikiAnalytics.exe N/A
File created C:\Windows\System\hVdzdYl.exe C:\Users\Admin\AppData\Local\Temp\2ab60d2aa7cbb09f63e57bdadebfed10_NeikiAnalytics.exe N/A
File created C:\Windows\System\ZBFuRin.exe C:\Users\Admin\AppData\Local\Temp\2ab60d2aa7cbb09f63e57bdadebfed10_NeikiAnalytics.exe N/A
File created C:\Windows\System\jYpbORT.exe C:\Users\Admin\AppData\Local\Temp\2ab60d2aa7cbb09f63e57bdadebfed10_NeikiAnalytics.exe N/A
File created C:\Windows\System\aSCucEP.exe C:\Users\Admin\AppData\Local\Temp\2ab60d2aa7cbb09f63e57bdadebfed10_NeikiAnalytics.exe N/A
File created C:\Windows\System\OocHrxB.exe C:\Users\Admin\AppData\Local\Temp\2ab60d2aa7cbb09f63e57bdadebfed10_NeikiAnalytics.exe N/A
File created C:\Windows\System\IxhrCHx.exe C:\Users\Admin\AppData\Local\Temp\2ab60d2aa7cbb09f63e57bdadebfed10_NeikiAnalytics.exe N/A
File created C:\Windows\System\RUYDTGr.exe C:\Users\Admin\AppData\Local\Temp\2ab60d2aa7cbb09f63e57bdadebfed10_NeikiAnalytics.exe N/A
File created C:\Windows\System\nnnSipm.exe C:\Users\Admin\AppData\Local\Temp\2ab60d2aa7cbb09f63e57bdadebfed10_NeikiAnalytics.exe N/A
File created C:\Windows\System\tfSTtGB.exe C:\Users\Admin\AppData\Local\Temp\2ab60d2aa7cbb09f63e57bdadebfed10_NeikiAnalytics.exe N/A
File created C:\Windows\System\KOWhOmk.exe C:\Users\Admin\AppData\Local\Temp\2ab60d2aa7cbb09f63e57bdadebfed10_NeikiAnalytics.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2ab60d2aa7cbb09f63e57bdadebfed10_NeikiAnalytics.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2ab60d2aa7cbb09f63e57bdadebfed10_NeikiAnalytics.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4804 wrote to memory of 1688 N/A C:\Users\Admin\AppData\Local\Temp\2ab60d2aa7cbb09f63e57bdadebfed10_NeikiAnalytics.exe C:\Windows\System\pCROSNL.exe
PID 4804 wrote to memory of 1688 N/A C:\Users\Admin\AppData\Local\Temp\2ab60d2aa7cbb09f63e57bdadebfed10_NeikiAnalytics.exe C:\Windows\System\pCROSNL.exe
PID 4804 wrote to memory of 3724 N/A C:\Users\Admin\AppData\Local\Temp\2ab60d2aa7cbb09f63e57bdadebfed10_NeikiAnalytics.exe C:\Windows\System\VfwCQjF.exe
PID 4804 wrote to memory of 3724 N/A C:\Users\Admin\AppData\Local\Temp\2ab60d2aa7cbb09f63e57bdadebfed10_NeikiAnalytics.exe C:\Windows\System\VfwCQjF.exe
PID 4804 wrote to memory of 4736 N/A C:\Users\Admin\AppData\Local\Temp\2ab60d2aa7cbb09f63e57bdadebfed10_NeikiAnalytics.exe C:\Windows\System\oDGAxjG.exe
PID 4804 wrote to memory of 4736 N/A C:\Users\Admin\AppData\Local\Temp\2ab60d2aa7cbb09f63e57bdadebfed10_NeikiAnalytics.exe C:\Windows\System\oDGAxjG.exe
PID 4804 wrote to memory of 4412 N/A C:\Users\Admin\AppData\Local\Temp\2ab60d2aa7cbb09f63e57bdadebfed10_NeikiAnalytics.exe C:\Windows\System\xPeycXO.exe
PID 4804 wrote to memory of 4412 N/A C:\Users\Admin\AppData\Local\Temp\2ab60d2aa7cbb09f63e57bdadebfed10_NeikiAnalytics.exe C:\Windows\System\xPeycXO.exe
PID 4804 wrote to memory of 744 N/A C:\Users\Admin\AppData\Local\Temp\2ab60d2aa7cbb09f63e57bdadebfed10_NeikiAnalytics.exe C:\Windows\System\rtxdPTE.exe
PID 4804 wrote to memory of 744 N/A C:\Users\Admin\AppData\Local\Temp\2ab60d2aa7cbb09f63e57bdadebfed10_NeikiAnalytics.exe C:\Windows\System\rtxdPTE.exe
PID 4804 wrote to memory of 3168 N/A C:\Users\Admin\AppData\Local\Temp\2ab60d2aa7cbb09f63e57bdadebfed10_NeikiAnalytics.exe C:\Windows\System\QmsGckB.exe
PID 4804 wrote to memory of 3168 N/A C:\Users\Admin\AppData\Local\Temp\2ab60d2aa7cbb09f63e57bdadebfed10_NeikiAnalytics.exe C:\Windows\System\QmsGckB.exe
PID 4804 wrote to memory of 4844 N/A C:\Users\Admin\AppData\Local\Temp\2ab60d2aa7cbb09f63e57bdadebfed10_NeikiAnalytics.exe C:\Windows\System\NdkdnSX.exe
PID 4804 wrote to memory of 4844 N/A C:\Users\Admin\AppData\Local\Temp\2ab60d2aa7cbb09f63e57bdadebfed10_NeikiAnalytics.exe C:\Windows\System\NdkdnSX.exe
PID 4804 wrote to memory of 3432 N/A C:\Users\Admin\AppData\Local\Temp\2ab60d2aa7cbb09f63e57bdadebfed10_NeikiAnalytics.exe C:\Windows\System\kfcJQKW.exe
PID 4804 wrote to memory of 3432 N/A C:\Users\Admin\AppData\Local\Temp\2ab60d2aa7cbb09f63e57bdadebfed10_NeikiAnalytics.exe C:\Windows\System\kfcJQKW.exe
PID 4804 wrote to memory of 3524 N/A C:\Users\Admin\AppData\Local\Temp\2ab60d2aa7cbb09f63e57bdadebfed10_NeikiAnalytics.exe C:\Windows\System\OSqrHdg.exe
PID 4804 wrote to memory of 3524 N/A C:\Users\Admin\AppData\Local\Temp\2ab60d2aa7cbb09f63e57bdadebfed10_NeikiAnalytics.exe C:\Windows\System\OSqrHdg.exe
PID 4804 wrote to memory of 1604 N/A C:\Users\Admin\AppData\Local\Temp\2ab60d2aa7cbb09f63e57bdadebfed10_NeikiAnalytics.exe C:\Windows\System\oPwpUmM.exe
PID 4804 wrote to memory of 1604 N/A C:\Users\Admin\AppData\Local\Temp\2ab60d2aa7cbb09f63e57bdadebfed10_NeikiAnalytics.exe C:\Windows\System\oPwpUmM.exe
PID 4804 wrote to memory of 1256 N/A C:\Users\Admin\AppData\Local\Temp\2ab60d2aa7cbb09f63e57bdadebfed10_NeikiAnalytics.exe C:\Windows\System\YgoeCHY.exe
PID 4804 wrote to memory of 1256 N/A C:\Users\Admin\AppData\Local\Temp\2ab60d2aa7cbb09f63e57bdadebfed10_NeikiAnalytics.exe C:\Windows\System\YgoeCHY.exe
PID 4804 wrote to memory of 3348 N/A C:\Users\Admin\AppData\Local\Temp\2ab60d2aa7cbb09f63e57bdadebfed10_NeikiAnalytics.exe C:\Windows\System\ZjDgpRu.exe
PID 4804 wrote to memory of 3348 N/A C:\Users\Admin\AppData\Local\Temp\2ab60d2aa7cbb09f63e57bdadebfed10_NeikiAnalytics.exe C:\Windows\System\ZjDgpRu.exe
PID 4804 wrote to memory of 4128 N/A C:\Users\Admin\AppData\Local\Temp\2ab60d2aa7cbb09f63e57bdadebfed10_NeikiAnalytics.exe C:\Windows\System\wMMPoAV.exe
PID 4804 wrote to memory of 4128 N/A C:\Users\Admin\AppData\Local\Temp\2ab60d2aa7cbb09f63e57bdadebfed10_NeikiAnalytics.exe C:\Windows\System\wMMPoAV.exe
PID 4804 wrote to memory of 5068 N/A C:\Users\Admin\AppData\Local\Temp\2ab60d2aa7cbb09f63e57bdadebfed10_NeikiAnalytics.exe C:\Windows\System\cYUqgzz.exe
PID 4804 wrote to memory of 5068 N/A C:\Users\Admin\AppData\Local\Temp\2ab60d2aa7cbb09f63e57bdadebfed10_NeikiAnalytics.exe C:\Windows\System\cYUqgzz.exe
PID 4804 wrote to memory of 3608 N/A C:\Users\Admin\AppData\Local\Temp\2ab60d2aa7cbb09f63e57bdadebfed10_NeikiAnalytics.exe C:\Windows\System\neDlnvJ.exe
PID 4804 wrote to memory of 3608 N/A C:\Users\Admin\AppData\Local\Temp\2ab60d2aa7cbb09f63e57bdadebfed10_NeikiAnalytics.exe C:\Windows\System\neDlnvJ.exe
PID 4804 wrote to memory of 2468 N/A C:\Users\Admin\AppData\Local\Temp\2ab60d2aa7cbb09f63e57bdadebfed10_NeikiAnalytics.exe C:\Windows\System\egfvSFK.exe
PID 4804 wrote to memory of 2468 N/A C:\Users\Admin\AppData\Local\Temp\2ab60d2aa7cbb09f63e57bdadebfed10_NeikiAnalytics.exe C:\Windows\System\egfvSFK.exe
PID 4804 wrote to memory of 5084 N/A C:\Users\Admin\AppData\Local\Temp\2ab60d2aa7cbb09f63e57bdadebfed10_NeikiAnalytics.exe C:\Windows\System\yEMQpXm.exe
PID 4804 wrote to memory of 5084 N/A C:\Users\Admin\AppData\Local\Temp\2ab60d2aa7cbb09f63e57bdadebfed10_NeikiAnalytics.exe C:\Windows\System\yEMQpXm.exe
PID 4804 wrote to memory of 2232 N/A C:\Users\Admin\AppData\Local\Temp\2ab60d2aa7cbb09f63e57bdadebfed10_NeikiAnalytics.exe C:\Windows\System\kPcwdqx.exe
PID 4804 wrote to memory of 2232 N/A C:\Users\Admin\AppData\Local\Temp\2ab60d2aa7cbb09f63e57bdadebfed10_NeikiAnalytics.exe C:\Windows\System\kPcwdqx.exe
PID 4804 wrote to memory of 1816 N/A C:\Users\Admin\AppData\Local\Temp\2ab60d2aa7cbb09f63e57bdadebfed10_NeikiAnalytics.exe C:\Windows\System\nnnSipm.exe
PID 4804 wrote to memory of 1816 N/A C:\Users\Admin\AppData\Local\Temp\2ab60d2aa7cbb09f63e57bdadebfed10_NeikiAnalytics.exe C:\Windows\System\nnnSipm.exe
PID 4804 wrote to memory of 3752 N/A C:\Users\Admin\AppData\Local\Temp\2ab60d2aa7cbb09f63e57bdadebfed10_NeikiAnalytics.exe C:\Windows\System\ItxTuwU.exe
PID 4804 wrote to memory of 3752 N/A C:\Users\Admin\AppData\Local\Temp\2ab60d2aa7cbb09f63e57bdadebfed10_NeikiAnalytics.exe C:\Windows\System\ItxTuwU.exe
PID 4804 wrote to memory of 1104 N/A C:\Users\Admin\AppData\Local\Temp\2ab60d2aa7cbb09f63e57bdadebfed10_NeikiAnalytics.exe C:\Windows\System\FGWzoaV.exe
PID 4804 wrote to memory of 1104 N/A C:\Users\Admin\AppData\Local\Temp\2ab60d2aa7cbb09f63e57bdadebfed10_NeikiAnalytics.exe C:\Windows\System\FGWzoaV.exe
PID 4804 wrote to memory of 5036 N/A C:\Users\Admin\AppData\Local\Temp\2ab60d2aa7cbb09f63e57bdadebfed10_NeikiAnalytics.exe C:\Windows\System\gRGKvSK.exe
PID 4804 wrote to memory of 5036 N/A C:\Users\Admin\AppData\Local\Temp\2ab60d2aa7cbb09f63e57bdadebfed10_NeikiAnalytics.exe C:\Windows\System\gRGKvSK.exe
PID 4804 wrote to memory of 1908 N/A C:\Users\Admin\AppData\Local\Temp\2ab60d2aa7cbb09f63e57bdadebfed10_NeikiAnalytics.exe C:\Windows\System\OFwoHmW.exe
PID 4804 wrote to memory of 1908 N/A C:\Users\Admin\AppData\Local\Temp\2ab60d2aa7cbb09f63e57bdadebfed10_NeikiAnalytics.exe C:\Windows\System\OFwoHmW.exe
PID 4804 wrote to memory of 2484 N/A C:\Users\Admin\AppData\Local\Temp\2ab60d2aa7cbb09f63e57bdadebfed10_NeikiAnalytics.exe C:\Windows\System\WaMaeAC.exe
PID 4804 wrote to memory of 2484 N/A C:\Users\Admin\AppData\Local\Temp\2ab60d2aa7cbb09f63e57bdadebfed10_NeikiAnalytics.exe C:\Windows\System\WaMaeAC.exe
PID 4804 wrote to memory of 1944 N/A C:\Users\Admin\AppData\Local\Temp\2ab60d2aa7cbb09f63e57bdadebfed10_NeikiAnalytics.exe C:\Windows\System\OmvScKH.exe
PID 4804 wrote to memory of 1944 N/A C:\Users\Admin\AppData\Local\Temp\2ab60d2aa7cbb09f63e57bdadebfed10_NeikiAnalytics.exe C:\Windows\System\OmvScKH.exe
PID 4804 wrote to memory of 3400 N/A C:\Users\Admin\AppData\Local\Temp\2ab60d2aa7cbb09f63e57bdadebfed10_NeikiAnalytics.exe C:\Windows\System\ROgBOuV.exe
PID 4804 wrote to memory of 3400 N/A C:\Users\Admin\AppData\Local\Temp\2ab60d2aa7cbb09f63e57bdadebfed10_NeikiAnalytics.exe C:\Windows\System\ROgBOuV.exe
PID 4804 wrote to memory of 3624 N/A C:\Users\Admin\AppData\Local\Temp\2ab60d2aa7cbb09f63e57bdadebfed10_NeikiAnalytics.exe C:\Windows\System\SieiPXJ.exe
PID 4804 wrote to memory of 3624 N/A C:\Users\Admin\AppData\Local\Temp\2ab60d2aa7cbb09f63e57bdadebfed10_NeikiAnalytics.exe C:\Windows\System\SieiPXJ.exe
PID 4804 wrote to memory of 4080 N/A C:\Users\Admin\AppData\Local\Temp\2ab60d2aa7cbb09f63e57bdadebfed10_NeikiAnalytics.exe C:\Windows\System\LMhLqhC.exe
PID 4804 wrote to memory of 4080 N/A C:\Users\Admin\AppData\Local\Temp\2ab60d2aa7cbb09f63e57bdadebfed10_NeikiAnalytics.exe C:\Windows\System\LMhLqhC.exe
PID 4804 wrote to memory of 3676 N/A C:\Users\Admin\AppData\Local\Temp\2ab60d2aa7cbb09f63e57bdadebfed10_NeikiAnalytics.exe C:\Windows\System\xtTGuLw.exe
PID 4804 wrote to memory of 3676 N/A C:\Users\Admin\AppData\Local\Temp\2ab60d2aa7cbb09f63e57bdadebfed10_NeikiAnalytics.exe C:\Windows\System\xtTGuLw.exe
PID 4804 wrote to memory of 1536 N/A C:\Users\Admin\AppData\Local\Temp\2ab60d2aa7cbb09f63e57bdadebfed10_NeikiAnalytics.exe C:\Windows\System\rzVbhyt.exe
PID 4804 wrote to memory of 1536 N/A C:\Users\Admin\AppData\Local\Temp\2ab60d2aa7cbb09f63e57bdadebfed10_NeikiAnalytics.exe C:\Windows\System\rzVbhyt.exe
PID 4804 wrote to memory of 3648 N/A C:\Users\Admin\AppData\Local\Temp\2ab60d2aa7cbb09f63e57bdadebfed10_NeikiAnalytics.exe C:\Windows\System\iAiTnZP.exe
PID 4804 wrote to memory of 3648 N/A C:\Users\Admin\AppData\Local\Temp\2ab60d2aa7cbb09f63e57bdadebfed10_NeikiAnalytics.exe C:\Windows\System\iAiTnZP.exe
PID 4804 wrote to memory of 4796 N/A C:\Users\Admin\AppData\Local\Temp\2ab60d2aa7cbb09f63e57bdadebfed10_NeikiAnalytics.exe C:\Windows\System\MFtqiFn.exe
PID 4804 wrote to memory of 4796 N/A C:\Users\Admin\AppData\Local\Temp\2ab60d2aa7cbb09f63e57bdadebfed10_NeikiAnalytics.exe C:\Windows\System\MFtqiFn.exe

Processes

C:\Users\Admin\AppData\Local\Temp\2ab60d2aa7cbb09f63e57bdadebfed10_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\2ab60d2aa7cbb09f63e57bdadebfed10_NeikiAnalytics.exe"

C:\Windows\System\pCROSNL.exe

C:\Windows\System\pCROSNL.exe

C:\Windows\System\VfwCQjF.exe

C:\Windows\System\VfwCQjF.exe

C:\Windows\System\oDGAxjG.exe

C:\Windows\System\oDGAxjG.exe

C:\Windows\System\xPeycXO.exe

C:\Windows\System\xPeycXO.exe

C:\Windows\System\rtxdPTE.exe

C:\Windows\System\rtxdPTE.exe

C:\Windows\System\QmsGckB.exe

C:\Windows\System\QmsGckB.exe

C:\Windows\System\NdkdnSX.exe

C:\Windows\System\NdkdnSX.exe

C:\Windows\System\kfcJQKW.exe

C:\Windows\System\kfcJQKW.exe

C:\Windows\System\OSqrHdg.exe

C:\Windows\System\OSqrHdg.exe

C:\Windows\System\oPwpUmM.exe

C:\Windows\System\oPwpUmM.exe

C:\Windows\System\YgoeCHY.exe

C:\Windows\System\YgoeCHY.exe

C:\Windows\System\ZjDgpRu.exe

C:\Windows\System\ZjDgpRu.exe

C:\Windows\System\wMMPoAV.exe

C:\Windows\System\wMMPoAV.exe

C:\Windows\System\cYUqgzz.exe

C:\Windows\System\cYUqgzz.exe

C:\Windows\System\neDlnvJ.exe

C:\Windows\System\neDlnvJ.exe

C:\Windows\System\egfvSFK.exe

C:\Windows\System\egfvSFK.exe

C:\Windows\System\yEMQpXm.exe

C:\Windows\System\yEMQpXm.exe

C:\Windows\System\kPcwdqx.exe

C:\Windows\System\kPcwdqx.exe

C:\Windows\System\nnnSipm.exe

C:\Windows\System\nnnSipm.exe

C:\Windows\System\ItxTuwU.exe

C:\Windows\System\ItxTuwU.exe

C:\Windows\System\FGWzoaV.exe

C:\Windows\System\FGWzoaV.exe

C:\Windows\System\gRGKvSK.exe

C:\Windows\System\gRGKvSK.exe

C:\Windows\System\OFwoHmW.exe

C:\Windows\System\OFwoHmW.exe

C:\Windows\System\WaMaeAC.exe

C:\Windows\System\WaMaeAC.exe

C:\Windows\System\OmvScKH.exe

C:\Windows\System\OmvScKH.exe

C:\Windows\System\ROgBOuV.exe

C:\Windows\System\ROgBOuV.exe

C:\Windows\System\SieiPXJ.exe

C:\Windows\System\SieiPXJ.exe

C:\Windows\System\LMhLqhC.exe

C:\Windows\System\LMhLqhC.exe

C:\Windows\System\xtTGuLw.exe

C:\Windows\System\xtTGuLw.exe

C:\Windows\System\rzVbhyt.exe

C:\Windows\System\rzVbhyt.exe

C:\Windows\System\iAiTnZP.exe

C:\Windows\System\iAiTnZP.exe

C:\Windows\System\MFtqiFn.exe

C:\Windows\System\MFtqiFn.exe

C:\Windows\System\HLLeQLd.exe

C:\Windows\System\HLLeQLd.exe

C:\Windows\System\PgVLqhh.exe

C:\Windows\System\PgVLqhh.exe

C:\Windows\System\oTSYGWu.exe

C:\Windows\System\oTSYGWu.exe

C:\Windows\System\mHuCmyp.exe

C:\Windows\System\mHuCmyp.exe

C:\Windows\System\kPkwsnQ.exe

C:\Windows\System\kPkwsnQ.exe

C:\Windows\System\YDnuVcq.exe

C:\Windows\System\YDnuVcq.exe

C:\Windows\System\NVscxOE.exe

C:\Windows\System\NVscxOE.exe

C:\Windows\System\uuKrLIs.exe

C:\Windows\System\uuKrLIs.exe

C:\Windows\System\EHonmto.exe

C:\Windows\System\EHonmto.exe

C:\Windows\System\iOKUKGu.exe

C:\Windows\System\iOKUKGu.exe

C:\Windows\System\faHOFAW.exe

C:\Windows\System\faHOFAW.exe

C:\Windows\System\NXoVjmH.exe

C:\Windows\System\NXoVjmH.exe

C:\Windows\System\bAvrmaW.exe

C:\Windows\System\bAvrmaW.exe

C:\Windows\System\PDWjyfF.exe

C:\Windows\System\PDWjyfF.exe

C:\Windows\System\dkQxTmB.exe

C:\Windows\System\dkQxTmB.exe

C:\Windows\System\BKIPMeT.exe

C:\Windows\System\BKIPMeT.exe

C:\Windows\System\GqbjbLc.exe

C:\Windows\System\GqbjbLc.exe

C:\Windows\System\VNxpoys.exe

C:\Windows\System\VNxpoys.exe

C:\Windows\System\zKMABYZ.exe

C:\Windows\System\zKMABYZ.exe

C:\Windows\System\IDOKhZM.exe

C:\Windows\System\IDOKhZM.exe

C:\Windows\System\xuElCFw.exe

C:\Windows\System\xuElCFw.exe

C:\Windows\System\GzJJkvg.exe

C:\Windows\System\GzJJkvg.exe

C:\Windows\System\lgQcFhC.exe

C:\Windows\System\lgQcFhC.exe

C:\Windows\System\gLONurD.exe

C:\Windows\System\gLONurD.exe

C:\Windows\System\UoFRdVp.exe

C:\Windows\System\UoFRdVp.exe

C:\Windows\System\tikNbUU.exe

C:\Windows\System\tikNbUU.exe

C:\Windows\System\DSYcafU.exe

C:\Windows\System\DSYcafU.exe

C:\Windows\System\jpNrGri.exe

C:\Windows\System\jpNrGri.exe

C:\Windows\System\zSvLSvM.exe

C:\Windows\System\zSvLSvM.exe

C:\Windows\System\ltIevyn.exe

C:\Windows\System\ltIevyn.exe

C:\Windows\System\SyENnaH.exe

C:\Windows\System\SyENnaH.exe

C:\Windows\System\OqeBUxz.exe

C:\Windows\System\OqeBUxz.exe

C:\Windows\System\aTzoaRX.exe

C:\Windows\System\aTzoaRX.exe

C:\Windows\System\kguuDnJ.exe

C:\Windows\System\kguuDnJ.exe

C:\Windows\System\HkXzues.exe

C:\Windows\System\HkXzues.exe

C:\Windows\System\RWkxFQM.exe

C:\Windows\System\RWkxFQM.exe

C:\Windows\System\poqBEej.exe

C:\Windows\System\poqBEej.exe

C:\Windows\System\BcXszUo.exe

C:\Windows\System\BcXszUo.exe

C:\Windows\System\mLMspko.exe

C:\Windows\System\mLMspko.exe

C:\Windows\System\fnCbecT.exe

C:\Windows\System\fnCbecT.exe

C:\Windows\System\UIemWed.exe

C:\Windows\System\UIemWed.exe

C:\Windows\System\SdOYjbo.exe

C:\Windows\System\SdOYjbo.exe

C:\Windows\System\tIhxtuB.exe

C:\Windows\System\tIhxtuB.exe

C:\Windows\System\JJKEUyM.exe

C:\Windows\System\JJKEUyM.exe

C:\Windows\System\iULGPNe.exe

C:\Windows\System\iULGPNe.exe

C:\Windows\System\FivnBwp.exe

C:\Windows\System\FivnBwp.exe

C:\Windows\System\iDKypcE.exe

C:\Windows\System\iDKypcE.exe

C:\Windows\System\VJbbqIl.exe

C:\Windows\System\VJbbqIl.exe

C:\Windows\System\RlFWTEY.exe

C:\Windows\System\RlFWTEY.exe

C:\Windows\System\QAYwjHY.exe

C:\Windows\System\QAYwjHY.exe

C:\Windows\System\BXXrFkZ.exe

C:\Windows\System\BXXrFkZ.exe

C:\Windows\System\wSwiuQq.exe

C:\Windows\System\wSwiuQq.exe

C:\Windows\System\aELmMxX.exe

C:\Windows\System\aELmMxX.exe

C:\Windows\System\EDDPsTD.exe

C:\Windows\System\EDDPsTD.exe

C:\Windows\System\OocHrxB.exe

C:\Windows\System\OocHrxB.exe

C:\Windows\System\LLoLUfP.exe

C:\Windows\System\LLoLUfP.exe

C:\Windows\System\DprWVSK.exe

C:\Windows\System\DprWVSK.exe

C:\Windows\System\IlYBVuV.exe

C:\Windows\System\IlYBVuV.exe

C:\Windows\System\xUGGQdm.exe

C:\Windows\System\xUGGQdm.exe

C:\Windows\System\OvAHMvz.exe

C:\Windows\System\OvAHMvz.exe

C:\Windows\System\gGkZtdl.exe

C:\Windows\System\gGkZtdl.exe

C:\Windows\System\nCUZvJy.exe

C:\Windows\System\nCUZvJy.exe

C:\Windows\System\gVkHqHc.exe

C:\Windows\System\gVkHqHc.exe

C:\Windows\System\TGepssh.exe

C:\Windows\System\TGepssh.exe

C:\Windows\System\vadaZTW.exe

C:\Windows\System\vadaZTW.exe

C:\Windows\System\OQbtKpL.exe

C:\Windows\System\OQbtKpL.exe

C:\Windows\System\HogpwfQ.exe

C:\Windows\System\HogpwfQ.exe

C:\Windows\System\NlkygLM.exe

C:\Windows\System\NlkygLM.exe

C:\Windows\System\koTEBxb.exe

C:\Windows\System\koTEBxb.exe

C:\Windows\System\wMZMRku.exe

C:\Windows\System\wMZMRku.exe

C:\Windows\System\njNBgJD.exe

C:\Windows\System\njNBgJD.exe

C:\Windows\System\VypnOrT.exe

C:\Windows\System\VypnOrT.exe

C:\Windows\System\OdaOncD.exe

C:\Windows\System\OdaOncD.exe

C:\Windows\System\GtHnLKJ.exe

C:\Windows\System\GtHnLKJ.exe

C:\Windows\System\egWWYKZ.exe

C:\Windows\System\egWWYKZ.exe

C:\Windows\System\eRVgEEp.exe

C:\Windows\System\eRVgEEp.exe

C:\Windows\System\Fgoxmkp.exe

C:\Windows\System\Fgoxmkp.exe

C:\Windows\System\Olqrpxf.exe

C:\Windows\System\Olqrpxf.exe

C:\Windows\System\rzzUhvp.exe

C:\Windows\System\rzzUhvp.exe

C:\Windows\System\mNTvvka.exe

C:\Windows\System\mNTvvka.exe

C:\Windows\System\cKQqxHO.exe

C:\Windows\System\cKQqxHO.exe

C:\Windows\System\VatcowV.exe

C:\Windows\System\VatcowV.exe

C:\Windows\System\FehXZch.exe

C:\Windows\System\FehXZch.exe

C:\Windows\System\TXtDtSS.exe

C:\Windows\System\TXtDtSS.exe

C:\Windows\System\AXgcVDW.exe

C:\Windows\System\AXgcVDW.exe

C:\Windows\System\hkerdUt.exe

C:\Windows\System\hkerdUt.exe

C:\Windows\System\qMGavKc.exe

C:\Windows\System\qMGavKc.exe

C:\Windows\System\pULJdzW.exe

C:\Windows\System\pULJdzW.exe

C:\Windows\System\yQWEQKi.exe

C:\Windows\System\yQWEQKi.exe

C:\Windows\System\CszeFCM.exe

C:\Windows\System\CszeFCM.exe

C:\Windows\System\QeWtFHV.exe

C:\Windows\System\QeWtFHV.exe

C:\Windows\System\IxhrCHx.exe

C:\Windows\System\IxhrCHx.exe

C:\Windows\System\HbcRpqH.exe

C:\Windows\System\HbcRpqH.exe

C:\Windows\System\PFNLHiv.exe

C:\Windows\System\PFNLHiv.exe

C:\Windows\System\LGGjGvY.exe

C:\Windows\System\LGGjGvY.exe

C:\Windows\System\TFJoZTM.exe

C:\Windows\System\TFJoZTM.exe

C:\Windows\System\JxJCHdB.exe

C:\Windows\System\JxJCHdB.exe

C:\Windows\System\nUtrkYM.exe

C:\Windows\System\nUtrkYM.exe

C:\Windows\System\fQymxQM.exe

C:\Windows\System\fQymxQM.exe

C:\Windows\System\KLSZqGA.exe

C:\Windows\System\KLSZqGA.exe

C:\Windows\System\SuwmfvV.exe

C:\Windows\System\SuwmfvV.exe

C:\Windows\System\oHZQqAd.exe

C:\Windows\System\oHZQqAd.exe

C:\Windows\System\oaTZrJZ.exe

C:\Windows\System\oaTZrJZ.exe

C:\Windows\System\uzKpnEI.exe

C:\Windows\System\uzKpnEI.exe

C:\Windows\System\gnpQRjP.exe

C:\Windows\System\gnpQRjP.exe

C:\Windows\System\fHxXwKH.exe

C:\Windows\System\fHxXwKH.exe

C:\Windows\System\aLzQUOE.exe

C:\Windows\System\aLzQUOE.exe

C:\Windows\System\nEpiLyc.exe

C:\Windows\System\nEpiLyc.exe

C:\Windows\System\wooSEgP.exe

C:\Windows\System\wooSEgP.exe

C:\Windows\System\hVdzdYl.exe

C:\Windows\System\hVdzdYl.exe

C:\Windows\System\ANQavAY.exe

C:\Windows\System\ANQavAY.exe

C:\Windows\System\AmhEAtq.exe

C:\Windows\System\AmhEAtq.exe

C:\Windows\System\WAarRpb.exe

C:\Windows\System\WAarRpb.exe

C:\Windows\System\EBUNsaz.exe

C:\Windows\System\EBUNsaz.exe

C:\Windows\System\HypUdVr.exe

C:\Windows\System\HypUdVr.exe

C:\Windows\System\qNmNvdh.exe

C:\Windows\System\qNmNvdh.exe

C:\Windows\System\oOqaeew.exe

C:\Windows\System\oOqaeew.exe

C:\Windows\System\eGMjMjx.exe

C:\Windows\System\eGMjMjx.exe

C:\Windows\System\ogbhjcg.exe

C:\Windows\System\ogbhjcg.exe

C:\Windows\System\vkhqQAb.exe

C:\Windows\System\vkhqQAb.exe

C:\Windows\System\aNqUycu.exe

C:\Windows\System\aNqUycu.exe

C:\Windows\System\QtOFPDN.exe

C:\Windows\System\QtOFPDN.exe

C:\Windows\System\spfjSDP.exe

C:\Windows\System\spfjSDP.exe

C:\Windows\System\UzSTRFB.exe

C:\Windows\System\UzSTRFB.exe

C:\Windows\System\HrqNWFa.exe

C:\Windows\System\HrqNWFa.exe

C:\Windows\System\KOWhOmk.exe

C:\Windows\System\KOWhOmk.exe

C:\Windows\System\QvJGhsN.exe

C:\Windows\System\QvJGhsN.exe

C:\Windows\System\CPIdsxd.exe

C:\Windows\System\CPIdsxd.exe

C:\Windows\System\gvzYGGM.exe

C:\Windows\System\gvzYGGM.exe

C:\Windows\System\JUfQRgY.exe

C:\Windows\System\JUfQRgY.exe

C:\Windows\System\KRfmgRS.exe

C:\Windows\System\KRfmgRS.exe

C:\Windows\System\NQhMdcU.exe

C:\Windows\System\NQhMdcU.exe

C:\Windows\System\HPIhHFN.exe

C:\Windows\System\HPIhHFN.exe

C:\Windows\System\aaiWErI.exe

C:\Windows\System\aaiWErI.exe

C:\Windows\System\WfKioXL.exe

C:\Windows\System\WfKioXL.exe

C:\Windows\System\tatUcbp.exe

C:\Windows\System\tatUcbp.exe

C:\Windows\System\TBuLcfE.exe

C:\Windows\System\TBuLcfE.exe

C:\Windows\System\tBZjHkA.exe

C:\Windows\System\tBZjHkA.exe

C:\Windows\System\BprRRFo.exe

C:\Windows\System\BprRRFo.exe

C:\Windows\System\ZBFuRin.exe

C:\Windows\System\ZBFuRin.exe

C:\Windows\System\PoVHhsr.exe

C:\Windows\System\PoVHhsr.exe

C:\Windows\System\mhWOHjJ.exe

C:\Windows\System\mhWOHjJ.exe

C:\Windows\System\UwZITbx.exe

C:\Windows\System\UwZITbx.exe

C:\Windows\System\jTHscnv.exe

C:\Windows\System\jTHscnv.exe

C:\Windows\System\ojQcfMu.exe

C:\Windows\System\ojQcfMu.exe

C:\Windows\System\CPxbirG.exe

C:\Windows\System\CPxbirG.exe

C:\Windows\System\LRnqSlx.exe

C:\Windows\System\LRnqSlx.exe

C:\Windows\System\QpXbOtW.exe

C:\Windows\System\QpXbOtW.exe

C:\Windows\System\QfJEuXC.exe

C:\Windows\System\QfJEuXC.exe

C:\Windows\System\aiqkVIX.exe

C:\Windows\System\aiqkVIX.exe

C:\Windows\System\ppeHpni.exe

C:\Windows\System\ppeHpni.exe

C:\Windows\System\lEometo.exe

C:\Windows\System\lEometo.exe

C:\Windows\System\rxyirKZ.exe

C:\Windows\System\rxyirKZ.exe

C:\Windows\System\sdonKHP.exe

C:\Windows\System\sdonKHP.exe

C:\Windows\System\hRNVPdo.exe

C:\Windows\System\hRNVPdo.exe

C:\Windows\System\KCdmtTW.exe

C:\Windows\System\KCdmtTW.exe

C:\Windows\System\uQDDDrF.exe

C:\Windows\System\uQDDDrF.exe

C:\Windows\System\bOQaACM.exe

C:\Windows\System\bOQaACM.exe

C:\Windows\System\KnKAVUa.exe

C:\Windows\System\KnKAVUa.exe

C:\Windows\System\APNMMrs.exe

C:\Windows\System\APNMMrs.exe

C:\Windows\System\CVaJgQc.exe

C:\Windows\System\CVaJgQc.exe

C:\Windows\System\fMRIkXa.exe

C:\Windows\System\fMRIkXa.exe

C:\Windows\System\SxRCePj.exe

C:\Windows\System\SxRCePj.exe

C:\Windows\System\GRXBoWh.exe

C:\Windows\System\GRXBoWh.exe

C:\Windows\System\kUrTsRn.exe

C:\Windows\System\kUrTsRn.exe

C:\Windows\System\icqWOXD.exe

C:\Windows\System\icqWOXD.exe

C:\Windows\System\NiuoZlw.exe

C:\Windows\System\NiuoZlw.exe

C:\Windows\System\BXfcBxc.exe

C:\Windows\System\BXfcBxc.exe

C:\Windows\System\VgPREIG.exe

C:\Windows\System\VgPREIG.exe

C:\Windows\System\oACnbTI.exe

C:\Windows\System\oACnbTI.exe

C:\Windows\System\DaDBswG.exe

C:\Windows\System\DaDBswG.exe

C:\Windows\System\vkKUDxN.exe

C:\Windows\System\vkKUDxN.exe

C:\Windows\System\efuGYQu.exe

C:\Windows\System\efuGYQu.exe

C:\Windows\System\mWiBqzf.exe

C:\Windows\System\mWiBqzf.exe

C:\Windows\System\fpCENTJ.exe

C:\Windows\System\fpCENTJ.exe

C:\Windows\System\zynRXvz.exe

C:\Windows\System\zynRXvz.exe

C:\Windows\System\ucqmbNj.exe

C:\Windows\System\ucqmbNj.exe

C:\Windows\System\tqtevXt.exe

C:\Windows\System\tqtevXt.exe

C:\Windows\System\mVYuIcM.exe

C:\Windows\System\mVYuIcM.exe

C:\Windows\System\iiQKzUp.exe

C:\Windows\System\iiQKzUp.exe

C:\Windows\System\BAtWRpV.exe

C:\Windows\System\BAtWRpV.exe

C:\Windows\System\WbYikPw.exe

C:\Windows\System\WbYikPw.exe

C:\Windows\System\oupdHWu.exe

C:\Windows\System\oupdHWu.exe

C:\Windows\System\bZrNbnH.exe

C:\Windows\System\bZrNbnH.exe

C:\Windows\System\sEIxwTb.exe

C:\Windows\System\sEIxwTb.exe

C:\Windows\System\fQpXmKE.exe

C:\Windows\System\fQpXmKE.exe

C:\Windows\System\DeggnQS.exe

C:\Windows\System\DeggnQS.exe

C:\Windows\System\IBTJuuY.exe

C:\Windows\System\IBTJuuY.exe

C:\Windows\System\PDqexrd.exe

C:\Windows\System\PDqexrd.exe

C:\Windows\System\fQXkhon.exe

C:\Windows\System\fQXkhon.exe

C:\Windows\System\yjBgJcz.exe

C:\Windows\System\yjBgJcz.exe

C:\Windows\System\tfzaawl.exe

C:\Windows\System\tfzaawl.exe

C:\Windows\System\YmzlLxf.exe

C:\Windows\System\YmzlLxf.exe

C:\Windows\System\EgHAhgz.exe

C:\Windows\System\EgHAhgz.exe

C:\Windows\System\uFncrZf.exe

C:\Windows\System\uFncrZf.exe

C:\Windows\System\chmQPta.exe

C:\Windows\System\chmQPta.exe

C:\Windows\System\HPmmvaK.exe

C:\Windows\System\HPmmvaK.exe

C:\Windows\System\jpLKzee.exe

C:\Windows\System\jpLKzee.exe

C:\Windows\System\UcGEAOM.exe

C:\Windows\System\UcGEAOM.exe

C:\Windows\System\sVvFQhb.exe

C:\Windows\System\sVvFQhb.exe

C:\Windows\System\ynqiJVJ.exe

C:\Windows\System\ynqiJVJ.exe

C:\Windows\System\JLIMtHh.exe

C:\Windows\System\JLIMtHh.exe

C:\Windows\System\oyNeUyS.exe

C:\Windows\System\oyNeUyS.exe

C:\Windows\System\WeMLHnO.exe

C:\Windows\System\WeMLHnO.exe

C:\Windows\System\ZXwxZxU.exe

C:\Windows\System\ZXwxZxU.exe

C:\Windows\System\VzloOUF.exe

C:\Windows\System\VzloOUF.exe

C:\Windows\System\CKqcZib.exe

C:\Windows\System\CKqcZib.exe

C:\Windows\System\cpZSPgn.exe

C:\Windows\System\cpZSPgn.exe

C:\Windows\System\TmjRpEG.exe

C:\Windows\System\TmjRpEG.exe

C:\Windows\System\qDLfuhB.exe

C:\Windows\System\qDLfuhB.exe

C:\Windows\System\uUvrKIA.exe

C:\Windows\System\uUvrKIA.exe

C:\Windows\System\wtAdihv.exe

C:\Windows\System\wtAdihv.exe

C:\Windows\System\gmPUBwW.exe

C:\Windows\System\gmPUBwW.exe

C:\Windows\System\NqpsqUv.exe

C:\Windows\System\NqpsqUv.exe

C:\Windows\System\WkWGfXq.exe

C:\Windows\System\WkWGfXq.exe

C:\Windows\System\lZLPKFx.exe

C:\Windows\System\lZLPKFx.exe

C:\Windows\System\ZEuWLap.exe

C:\Windows\System\ZEuWLap.exe

C:\Windows\System\NiJBUsi.exe

C:\Windows\System\NiJBUsi.exe

C:\Windows\System\aIFvXYj.exe

C:\Windows\System\aIFvXYj.exe

C:\Windows\System\LtczYCH.exe

C:\Windows\System\LtczYCH.exe

C:\Windows\System\ZgTGflu.exe

C:\Windows\System\ZgTGflu.exe

C:\Windows\System\RtGkFVy.exe

C:\Windows\System\RtGkFVy.exe

C:\Windows\System\DOKzglN.exe

C:\Windows\System\DOKzglN.exe

C:\Windows\System\tprdSIn.exe

C:\Windows\System\tprdSIn.exe

C:\Windows\System\NfWsOzP.exe

C:\Windows\System\NfWsOzP.exe

C:\Windows\System\SjGSxoI.exe

C:\Windows\System\SjGSxoI.exe

C:\Windows\System\OhSOBfi.exe

C:\Windows\System\OhSOBfi.exe

C:\Windows\System\UBvXGrD.exe

C:\Windows\System\UBvXGrD.exe

C:\Windows\System\hBzcstn.exe

C:\Windows\System\hBzcstn.exe

C:\Windows\System\KmWotSN.exe

C:\Windows\System\KmWotSN.exe

C:\Windows\System\IpTyTVs.exe

C:\Windows\System\IpTyTVs.exe

C:\Windows\System\RKFbSEm.exe

C:\Windows\System\RKFbSEm.exe

C:\Windows\System\BCQAIwi.exe

C:\Windows\System\BCQAIwi.exe

C:\Windows\System\ecHcodh.exe

C:\Windows\System\ecHcodh.exe

C:\Windows\System\MZPRSEA.exe

C:\Windows\System\MZPRSEA.exe

C:\Windows\System\efiEyoD.exe

C:\Windows\System\efiEyoD.exe

C:\Windows\System\tfSTtGB.exe

C:\Windows\System\tfSTtGB.exe

C:\Windows\System\ecaSbmV.exe

C:\Windows\System\ecaSbmV.exe

C:\Windows\System\liGETvj.exe

C:\Windows\System\liGETvj.exe

C:\Windows\System\yibXhfX.exe

C:\Windows\System\yibXhfX.exe

C:\Windows\System\fiksBVA.exe

C:\Windows\System\fiksBVA.exe

C:\Windows\System\xWcwgNu.exe

C:\Windows\System\xWcwgNu.exe

C:\Windows\System\cIMUVIU.exe

C:\Windows\System\cIMUVIU.exe

C:\Windows\System\osctAgP.exe

C:\Windows\System\osctAgP.exe

C:\Windows\System\rlGvwlY.exe

C:\Windows\System\rlGvwlY.exe

C:\Windows\System\kGvfVbc.exe

C:\Windows\System\kGvfVbc.exe

C:\Windows\System\ieKYvlc.exe

C:\Windows\System\ieKYvlc.exe

C:\Windows\System\wRXFzjV.exe

C:\Windows\System\wRXFzjV.exe

C:\Windows\System\DDtplFe.exe

C:\Windows\System\DDtplFe.exe

C:\Windows\System\LGABwad.exe

C:\Windows\System\LGABwad.exe

C:\Windows\System\uavOeKM.exe

C:\Windows\System\uavOeKM.exe

C:\Windows\System\FtvagzI.exe

C:\Windows\System\FtvagzI.exe

C:\Windows\System\ODyrSKI.exe

C:\Windows\System\ODyrSKI.exe

C:\Windows\System\zILOHpg.exe

C:\Windows\System\zILOHpg.exe

C:\Windows\System\KZBAAlv.exe

C:\Windows\System\KZBAAlv.exe

C:\Windows\System\JzjbDoM.exe

C:\Windows\System\JzjbDoM.exe

C:\Windows\System\OSzFUsI.exe

C:\Windows\System\OSzFUsI.exe

C:\Windows\System\czREUtq.exe

C:\Windows\System\czREUtq.exe

C:\Windows\System\xIhHviT.exe

C:\Windows\System\xIhHviT.exe

C:\Windows\System\pAxTVpR.exe

C:\Windows\System\pAxTVpR.exe

C:\Windows\System\HWIgSQG.exe

C:\Windows\System\HWIgSQG.exe

C:\Windows\System\yDisvdJ.exe

C:\Windows\System\yDisvdJ.exe

C:\Windows\System\EQVOJgH.exe

C:\Windows\System\EQVOJgH.exe

C:\Windows\System\jYpbORT.exe

C:\Windows\System\jYpbORT.exe

C:\Windows\System\DaoJLDo.exe

C:\Windows\System\DaoJLDo.exe

C:\Windows\System\AGgRaMq.exe

C:\Windows\System\AGgRaMq.exe

C:\Windows\System\kOAbpYc.exe

C:\Windows\System\kOAbpYc.exe

C:\Windows\System\aSCucEP.exe

C:\Windows\System\aSCucEP.exe

C:\Windows\System\EKEJkPd.exe

C:\Windows\System\EKEJkPd.exe

C:\Windows\System\eOOYhNO.exe

C:\Windows\System\eOOYhNO.exe

C:\Windows\System\XnySQle.exe

C:\Windows\System\XnySQle.exe

C:\Windows\System\tLnIsvr.exe

C:\Windows\System\tLnIsvr.exe

C:\Windows\System\LDCETDE.exe

C:\Windows\System\LDCETDE.exe

C:\Windows\System\qbuPMAo.exe

C:\Windows\System\qbuPMAo.exe

C:\Windows\System\oLXjkZC.exe

C:\Windows\System\oLXjkZC.exe

C:\Windows\System\JqUyDAx.exe

C:\Windows\System\JqUyDAx.exe

C:\Windows\System\jlmZCUl.exe

C:\Windows\System\jlmZCUl.exe

C:\Windows\System\GowqSUw.exe

C:\Windows\System\GowqSUw.exe

C:\Windows\System\lRBUlPX.exe

C:\Windows\System\lRBUlPX.exe

C:\Windows\System\SJzxXCB.exe

C:\Windows\System\SJzxXCB.exe

C:\Windows\System\ORIdGWq.exe

C:\Windows\System\ORIdGWq.exe

C:\Windows\System\vCLHVoX.exe

C:\Windows\System\vCLHVoX.exe

C:\Windows\System\MubdAdR.exe

C:\Windows\System\MubdAdR.exe

C:\Windows\System\CeOjwVm.exe

C:\Windows\System\CeOjwVm.exe

C:\Windows\System\lAAldKC.exe

C:\Windows\System\lAAldKC.exe

C:\Windows\System\hCEhVwR.exe

C:\Windows\System\hCEhVwR.exe

C:\Windows\System\yDFAkRl.exe

C:\Windows\System\yDFAkRl.exe

C:\Windows\System\DPietLG.exe

C:\Windows\System\DPietLG.exe

C:\Windows\System\emFpPBo.exe

C:\Windows\System\emFpPBo.exe

C:\Windows\System\hugllXs.exe

C:\Windows\System\hugllXs.exe

C:\Windows\System\RUYDTGr.exe

C:\Windows\System\RUYDTGr.exe

C:\Windows\System\MXRfDLK.exe

C:\Windows\System\MXRfDLK.exe

C:\Windows\System\nepHWXn.exe

C:\Windows\System\nepHWXn.exe

Network

Country Destination Domain Proto
US 8.8.8.8:53 228.249.119.40.in-addr.arpa udp
US 8.8.8.8:53 82.90.14.23.in-addr.arpa udp
US 8.8.8.8:53 14.160.190.20.in-addr.arpa udp
US 8.8.8.8:53 183.142.211.20.in-addr.arpa udp
DE 3.120.209.58:8080 tcp
US 8.8.8.8:53 209.205.72.20.in-addr.arpa udp
US 8.8.8.8:53 86.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
DE 3.120.209.58:8080 tcp
US 8.8.8.8:53 138.107.17.2.in-addr.arpa udp
DE 3.120.209.58:8080 tcp
US 8.8.8.8:53 30.243.111.52.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp
US 8.8.8.8:53 10.173.189.20.in-addr.arpa udp

Files

memory/4804-0-0x00007FF660EC0000-0x00007FF661214000-memory.dmp

memory/4804-1-0x000001D8BEF90000-0x000001D8BEFA0000-memory.dmp

C:\Windows\System\pCROSNL.exe

MD5 aaf1cd4f88e6ad1191812015ce95c536
SHA1 12a935fd61daa520bab3a28b2064e8ec8d36210b
SHA256 3478750fa99d7b93af4349da3d85e7a51aca6d96d55115da89e010f8e5d4928f
SHA512 4e8c6139341e72d81753a5d188daf09000d85283ee746444b55f9ef4da9ca3f433a450170d7f079adc45b2a7d18bccee3798c5b059455369731d847fcab2e504

C:\Windows\System\VfwCQjF.exe

MD5 ecca9effd35902bb6dc3f84727013751
SHA1 12cc605e95427a9c098463cccbd9750891368a92
SHA256 23aca66958b84c64dcf9aa227b53d26970d773dd27d9b297f388a9feb3217060
SHA512 de43612762a56e61716ac7aff1801409266ced3cb07e3d704500b6e8ea63b3f4126432b850decc8c930f198356446c2431fe833b83d65b7b46ce9d1ab5e844e5

C:\Windows\System\xPeycXO.exe

MD5 de4a3cd2962bc583606daf27812b3575
SHA1 5929ea32b0f1b49ca10c71f81dad685d421eaafc
SHA256 2074a9c67265d7b3289c4057b354758de00cc20885753ffbabf8d0775401ba0f
SHA512 6243d51aa0da96a2dca1e772f31ee0517f971e53e2ca6394b20c48e5a10382ef80337d9ce69bff0e5b634074a7616eb9a8f57ed714bfc1c7f228f1ed4b792359

memory/4412-21-0x00007FF67D140000-0x00007FF67D494000-memory.dmp

C:\Windows\System\QmsGckB.exe

MD5 4174a34d0477948850c15d036b8f351b
SHA1 a77e16a17dbae6f5d62cdbad22db776ec96f12cd
SHA256 502a3a9ca0d201b3ed6463f86c31a452d9af09edb01ef69f24209901f4132af4
SHA512 483123d55ff6a5583fbba8ef319433af0a65b581313004ec45c80e485eccb0245d428c94851f96d6316484a526a356d7479b57668cd6a155dac4aa495c311b02

C:\Windows\System\rtxdPTE.exe

MD5 286ec2588cf7a12161eafe7d6d0963ed
SHA1 a12f12e5e410baaf4469112051ca9fe20645a657
SHA256 19de1ddd411caa34572e4c4490b99a3db2687d47a7487011fabc6384c52802d6
SHA512 922a1d119e4ef81772faadb42a6675ad6fae4202577fbd92b7c9c1ce721cfbe6746361eb77989d7ee5ff018e21a7be59800fde5812015b9990d89aec05feb44c

memory/3724-22-0x00007FF635EF0000-0x00007FF636244000-memory.dmp

memory/4736-20-0x00007FF6842E0000-0x00007FF684634000-memory.dmp

C:\Windows\System\oDGAxjG.exe

MD5 7197ff2a0a965ea9b525a77cf3b231e6
SHA1 9f6ec84a1de0c40c56f1df494c4543e032f3ac7a
SHA256 5d597008814615cedd41e3b1fee4ca78230939473e22bb692e973b43cd60feee
SHA512 f676fc7b18a5c2f966fc59dfb5b2606a5bf3df37bfc5783cf1a4c57a01ccda0a910f738103e399f520e942f6ef3dfd4e8e34faa7f498829785eeb980d946a919

memory/1688-13-0x00007FF755140000-0x00007FF755494000-memory.dmp

memory/3168-40-0x00007FF7DB580000-0x00007FF7DB8D4000-memory.dmp

C:\Windows\System\kfcJQKW.exe

MD5 babfd79d50cdd370d102756e87e09c54
SHA1 c8c5dce703d3dfda8835ef1523a9f860ace2ec34
SHA256 e4357c108c3b9473a9a18d67b397d8b7c7157f0c12f0a1831f2d854c199411c8
SHA512 664a0e4a90de0afcc6738a919d3752ef37d0501f308d447d4bee8d66976aa7080d6bcdcf7647d46c7227139c94163cf1a3fa54f351a4cd421cbe5e8f02c0fff1

memory/3432-48-0x00007FF6B4520000-0x00007FF6B4874000-memory.dmp

C:\Windows\System\ZjDgpRu.exe

MD5 128b0c046c1783de58a2973fb5301da4
SHA1 63268aa5b5388b1b5fa585aedd40e0b3fa5bddb7
SHA256 e20c2fb0ff628821fc7e764d23f2caa4708eaf97d433d78402247f7ff4d2be6e
SHA512 886c92bf6e171ac2e102bd7f65895c8a37348a237c3ccad19b2ebbe177dc4a33d48eea3ca46e738089eaee2601209e026fe51075c78a1dd932c0ac3f47ac497e

C:\Windows\System\wMMPoAV.exe

MD5 4e5ea175b9b93d63ff2e69e6b4fff6fc
SHA1 f7004768355f0ab43c5fbe1cc02f234ae84fcb67
SHA256 c8e023784c72e760dcc7103192e1e2f0e13f19648d232179d7c3af9396444075
SHA512 f0fbef6a4e346676182d9972d937fdbccf63c6109bd9568fc1581e0842191a8bac2ebe3f69b19a279fc0aa003418f7a42ada9c023d9d1afd436c541e69de9056

C:\Windows\System\egfvSFK.exe

MD5 bb31dd5fee659c557875694a117bd4ba
SHA1 bf5efd0e9a4aa9980f4b61ff43e1da455b2e8c0e
SHA256 7c81b838d1cc7fa37b56ab07f3316f04c97dc230b27f25852d0e8d9c7da16dfc
SHA512 5fbfc3cf149f4645d9fb6026ddb818b657cb8d3787e1a97fb51b1350d1433bb83d8fe2fe559563ab22d50ef9ad2a43732067c454a3382d8d781203f0970941b0

C:\Windows\System\nnnSipm.exe

MD5 ab08f5f74f8fb1c44a20635a27c13e26
SHA1 26ca13849ed5212f2ff263648b927a6c7d5da68c
SHA256 51e046f11f1dac5c64d18e06ea37da8b66e63d61915dc6f750b7fbc8f959cd74
SHA512 7579dc6fed51f60e5bb131a2cf7e8bfc3b133311bbb4f718dc4a26968022124d8efed1f2e42a40b13d59d320048e68657fb0e4fe7fa7d834b1a4fad305bf030f

C:\Windows\System\gRGKvSK.exe

MD5 8e658ad1077ac5ec981d6179c40ca4e0
SHA1 29f52683aa9cb2d4a1d7ad93901f581495f1c1a0
SHA256 a6bc6792fb24995b252a6f544a65c319b9efa81a8eec88bf3ffe7086a867d34c
SHA512 5857e3d285bad014d85f71eaa182ab850be68848c9aab38fe1a18d7c7b97b10d65d56e6cc3ac2257d1dcc48d898e5240d3e486b78efbbb4f29894e1be7e033bc

C:\Windows\System\ROgBOuV.exe

MD5 1a84c906c37e0c94ab4fb5b20cd6d129
SHA1 a229717661c5eabf94ec51771aeb6980a33a3784
SHA256 e8cfa9df946b461675c0d742208e1e937c9df286b62b08155657540fd3d0e099
SHA512 b0842af67a996dc06b4ea6c04caffb97e5f636f00aa75c1c12cf0353f06781bb73b4445e5e5c580119795b9444f3b1784377ca44e0abb58f0b0e8f8b088a62db

memory/1256-628-0x00007FF658180000-0x00007FF6584D4000-memory.dmp

memory/4128-630-0x00007FF701F10000-0x00007FF702264000-memory.dmp

memory/5068-631-0x00007FF621CA0000-0x00007FF621FF4000-memory.dmp

memory/3348-629-0x00007FF7DB9A0000-0x00007FF7DBCF4000-memory.dmp

memory/3608-632-0x00007FF6D3CF0000-0x00007FF6D4044000-memory.dmp

memory/1604-627-0x00007FF6E0270000-0x00007FF6E05C4000-memory.dmp

memory/2232-635-0x00007FF676380000-0x00007FF6766D4000-memory.dmp

memory/1816-636-0x00007FF7AE230000-0x00007FF7AE584000-memory.dmp

memory/5084-634-0x00007FF630500000-0x00007FF630854000-memory.dmp

memory/2468-633-0x00007FF6EFEB0000-0x00007FF6F0204000-memory.dmp

memory/3752-637-0x00007FF651EE0000-0x00007FF652234000-memory.dmp

memory/1104-642-0x00007FF6A7450000-0x00007FF6A77A4000-memory.dmp

memory/2484-652-0x00007FF71CDA0000-0x00007FF71D0F4000-memory.dmp

memory/1908-649-0x00007FF615CD0000-0x00007FF616024000-memory.dmp

memory/3624-665-0x00007FF735F70000-0x00007FF7362C4000-memory.dmp

memory/3524-677-0x00007FF67CA60000-0x00007FF67CDB4000-memory.dmp

memory/3676-674-0x00007FF73F3A0000-0x00007FF73F6F4000-memory.dmp

memory/4080-672-0x00007FF60B160000-0x00007FF60B4B4000-memory.dmp

memory/3400-660-0x00007FF716A80000-0x00007FF716DD4000-memory.dmp

memory/1944-659-0x00007FF68A640000-0x00007FF68A994000-memory.dmp

memory/5036-646-0x00007FF765340000-0x00007FF765694000-memory.dmp

C:\Windows\System\HLLeQLd.exe

MD5 cc5fe128616aa7b31415a549a70be351
SHA1 bde47525c2d11fd8a0c5d9b206051d4d228043dc
SHA256 73ebe22e30dd400be202ff39f2895dbd1cfbb59b48feb0cfffb9a666fafdbce2
SHA512 7fed1d5227a59c26f1d4c22047db674458a48b8cbf7000242e0dcb6a09474c5f960b829641e2bb32896c79907887596bffa34576e4a598fec2e1aca9515939dd

C:\Windows\System\iAiTnZP.exe

MD5 b86bc14a9419e83a1e4ed966487d67ba
SHA1 40641bffb6a6dd3ecaf69b2f48e455bce9f9054e
SHA256 ff788cac379f7847cf5353ad3463e536dd0e0a2861fa0a226ea35fa4d36203d1
SHA512 7f49282b870f53c6d81fedfc434e72008a69d66b92673801f2fbb70c75bf756f81ee0d5c4176d8d38046fd9a5e7c48f51e6a93af9bbbd3c174f1b64f378a59b1

C:\Windows\System\MFtqiFn.exe

MD5 d7e0288651fa168b469f55c66e8fea67
SHA1 aea8e501eb7d4a530f09751a89432bbdcbeac0e4
SHA256 b5de199a28895d2647c1aeda95b7a3e8be19b92942153f2109ba7dd8a874c468
SHA512 c06614ad37bd3a208d40b7344a770d27f694beebd6b7d9135c935873a0ba054fcfce71531a8b762f4141b2a72be095450dbdf3b752a82f04043537afb4e728e1

C:\Windows\System\rzVbhyt.exe

MD5 9fa589146f5220efed82942200244b4c
SHA1 e5c4cbc790a1113869b07ea148d6bc4f09ca1cdd
SHA256 b5f16620eef58dcdec93af2ed0db12a475156f9c297273cc4868bf64c6846037
SHA512 7cd2d3c9c0861a29ce64bedbfc0cc9b1628310c13ca3e22d07a7a1f863c51b1437340c8f4d85c1e0f7d0bc4c1bc95147f11e575a5575a4fff973e8607ef32da1

C:\Windows\System\xtTGuLw.exe

MD5 9193f677867b385c30c5712b7889b3b8
SHA1 f312b39d732218f415b935c25e2203836a0ed2b6
SHA256 7c16dc629c8e3e93aa6038c1ddc50b4402c027e80237bc5a45c3aad1add1584f
SHA512 22f07e71f00f542c3f3fe804cf6c69c51d11d76c3bbef48a0e805358fa9b64a0f6b8e7648921c936610fe04af7071e63c060b8c0503e2abc0a7826a36cf586be

C:\Windows\System\LMhLqhC.exe

MD5 4458b965e7d419270eae6e7835ecdcd7
SHA1 ef6232464f3b78ec880468ef0002fe364f8f3e73
SHA256 84449e9295f9f7ca1b5c7cefb17dabece2e3dcdda6019dbfc0ca276254f1362b
SHA512 7cd7a26c9ac69b48dfb9517c1b71d7bc8d735a29791ea5740dbe646d918521fe9539150eb7f5af795f300af14a8b668d2010f9b6d5bdd5624d29cafab1e68fec

C:\Windows\System\SieiPXJ.exe

MD5 0b0d97790c9b2010ff68f43703497d1d
SHA1 5a6bc9a5ca0091c7d99686acd0335433b56900bf
SHA256 953f8685390938073cf553ff4f1057c25e7734e9d13326cd1be13fd3dd15a16e
SHA512 e4ee10675837a35440cc5bd11569d63dd0576ca0c238f9625461ded57ba333b25304bfd54d19fee938dcb426ec4477c3261d33270078bd1841b9d5c2b73fdec5

C:\Windows\System\OmvScKH.exe

MD5 fca5fd510923512704754206c6db6098
SHA1 278f2715b5d9601158c1a9ed61a2f86e1cbd51c1
SHA256 2703c0ae4d1ad3f9148b365a368d285b9695036213bb42f6a8e620fe4da68f7b
SHA512 77481d063fa84bd27366ab73bb06f604b1201cf4350d1f4b15937cc24854bc9c564d613cd134170e610929df01220d3294a8c019e7beca8c7333d1ae97fc6e19

C:\Windows\System\WaMaeAC.exe

MD5 92f6ad878e78dfcc9b1a0794b4de3f3d
SHA1 4889a439df4245d6bb0c2fb13da3feb1648ef2f3
SHA256 9705063bb9a81e83477dbdcb8cc1480dedf3f0751d7f7273aedcca7d13d69360
SHA512 f0ef95436b5a39de22d15e2e963fe838efa07edd6c0d04f0b433a0df04e018237aeaf9dbb5da6ccee22100ba3935d37c94df852748f35b6d03840ce62fdd2806

C:\Windows\System\OFwoHmW.exe

MD5 131db2573b786b0f72b979697582ed8c
SHA1 9d1f7e250cd0daf0d83e6d4186fe9be73eeeeea1
SHA256 c5522a2f9998ac2336e60318bedaf2efcb93003d1ae522b167803827dbb6c7e4
SHA512 10e93631bcb7b7fdaa4ac2116391ecb0aca368b7ccbf71f8fcdf3df5429904e29842b8858043405f62fb714011493ccdc26958004b1313c17b64889848e6d0e3

C:\Windows\System\FGWzoaV.exe

MD5 3f00b88dec597289d4dbf8aadf0a9435
SHA1 790be36c378e18bbb709d34c9a787ce598765977
SHA256 54fd38c923b6880579460ae69d77b179bcbcfb16f28cbf584c2815b7a4220281
SHA512 57c32e13ba0be51e1ba0da2fe757bd2c2dad0a91091ce2b01ffc748281eb55eb8adb2288f46fab15a2a53f848c80cfbe54b94b6a69cb49001b897c0042b83ee9

C:\Windows\System\ItxTuwU.exe

MD5 c86693f235320e6742348b8dc0909a1d
SHA1 ea708482022ef4924dd5429ace1a658f42b3bda2
SHA256 82092d19c3da7008468dde8d234098639e7abf81d0292b1c3fa9272daac5bcae
SHA512 eca66b3eac36a6224df211cd1610589df837cef30027aec185094f06fc80ac4eb65ee5945131cf38fdf8034db892ceb708eb6ec8d738e273ed9e9bb12556b98f

C:\Windows\System\kPcwdqx.exe

MD5 99909133f31d43b20eed9471252cdb10
SHA1 0335efbd42b4abcf9c570394c638a5fba5c93cb6
SHA256 a7b49a814ab584340f7373b37987308d2c4173f7283ac392f765d394b86a7542
SHA512 7d067a69cfecaac1ede253ddf6bdc905b6760345bddaef8891577079c41ba8d05d5e5416d32d6929d77e083e459e28855869d06a9a269ce5ea11718a78017fdc

C:\Windows\System\yEMQpXm.exe

MD5 1e9c0f89d4d4fbf597a4f53d60c2f99c
SHA1 9aaf6f2ee087c01662cbb625edeb478ec0ea0697
SHA256 6529c5e2213b32c5380182055331fca7ac9320e475167b925a673023a08c36f6
SHA512 ffba91af22c7ab5989649f07ef0aa064c3880de2553c67f67c8213c6536855920cf4c1c2616cf30124010d1d5ead507fa7309867f3838858ecbb50d1944ae6d6

C:\Windows\System\neDlnvJ.exe

MD5 a8972d7ddd495e4ae924342ef530427d
SHA1 c370ed2da1098cd591932e302c0e0bcc2706d286
SHA256 9cb283555ff3ef7d3d967bdff9851422b3f9dca78d861895ef3a503f51222f4e
SHA512 a79287adecdfee6e5020a8b54f4bfd5cbc355ced35872852b77ac11ac58c7f6dea4277039827fe8c1527a258437cb44049f8b1900d62f005f4088c98d77c71f5

C:\Windows\System\cYUqgzz.exe

MD5 6d504d77dc45e3590e042d5fd7c35251
SHA1 346e6bde21d9cf7ce387e060d1acaa2888657eec
SHA256 54ef53968cff6f366069d632bc412fa1d5c12454f9a9a5e69b3aedcc58fc29f3
SHA512 9a89554be0d1a17e5027815aa5ae56aa46dd109d601e412dc9927262bf45877635aa8bb1d7d13c8ca3b561a26466df4509da7b9cf4104fd4624b72813a569162

C:\Windows\System\YgoeCHY.exe

MD5 7f833392418fc26086e3a633ccc8d204
SHA1 ecddcd77a534767b8aff734e6952d73a6ba2351e
SHA256 dac2fd12f9f59cbcc22724da0a1c8dc89c74044f85bcf5b29bb90d07581a2114
SHA512 9f5688e60b8a6cf0991b5671989fc80613a776e410ca204e580ef9768adcf26660328a56fa09d743311eb5e11fa17cc7e76af5acfa57b3b10fce06390d3b66b0

C:\Windows\System\oPwpUmM.exe

MD5 a515b7eb370b21df3488eb7df043a8c2
SHA1 82e73c7e9be9d2e8a0cd886d1b480f6b7880dce3
SHA256 40079359c906461821b401556f12aa65b65edbb53956be647f89fb7090e7692f
SHA512 7c70c4fca365f0669aec9c5092f82d985a66e94d8abf759ed4e2960bafdba3485917eecf2dc42d1f63535e1d5d0b10cb35e12202314a3cdc45875b6e5b74c6bf

C:\Windows\System\OSqrHdg.exe

MD5 5f50c28cf2f786e00dae5f93837db173
SHA1 36291af7f5e614cd554f01108f7fac9dc85382aa
SHA256 a3ec79cab975ace9c4bd30da56d5a11c7c4b0caa5f05950329c766103e81f7c7
SHA512 c8d13c7a2d4c0f4b9df0a0bbcc5d0b1c94b535457b36c840f079ae3cd0c747182d4d2cd4d625ca0dccdb7e268da5435d966512b16df7aa9ad460f8e84a4ea90f

C:\Windows\System\NdkdnSX.exe

MD5 5492599da53926b98db7fb8c70739596
SHA1 ac47ccc2be6da448dcc3ec92e89784b0a66e434c
SHA256 9ccf8bb3a3753ba10cc3ca4262a0cc2c54f7bc5080cefa6c7499ea2c06c54c62
SHA512 7552d07275b945cb581dce20bfc886e68dc2db8ab509eb6159d60f18d2c82d5fe9efe1a45f45cfbdcf8ad6de7f03b918abbe220831ddcd62539d0ec14dbcac1c

memory/4844-43-0x00007FF7F2C30000-0x00007FF7F2F84000-memory.dmp

memory/744-37-0x00007FF7AFAC0000-0x00007FF7AFE14000-memory.dmp

memory/4804-1070-0x00007FF660EC0000-0x00007FF661214000-memory.dmp

memory/1688-1071-0x00007FF755140000-0x00007FF755494000-memory.dmp

memory/4412-1072-0x00007FF67D140000-0x00007FF67D494000-memory.dmp

memory/3724-1073-0x00007FF635EF0000-0x00007FF636244000-memory.dmp

memory/4844-1074-0x00007FF7F2C30000-0x00007FF7F2F84000-memory.dmp

memory/3432-1075-0x00007FF6B4520000-0x00007FF6B4874000-memory.dmp

memory/4736-1076-0x00007FF6842E0000-0x00007FF684634000-memory.dmp

memory/1688-1077-0x00007FF755140000-0x00007FF755494000-memory.dmp

memory/4412-1078-0x00007FF67D140000-0x00007FF67D494000-memory.dmp

memory/3724-1079-0x00007FF635EF0000-0x00007FF636244000-memory.dmp

memory/3168-1081-0x00007FF7DB580000-0x00007FF7DB8D4000-memory.dmp

memory/744-1080-0x00007FF7AFAC0000-0x00007FF7AFE14000-memory.dmp

memory/4844-1082-0x00007FF7F2C30000-0x00007FF7F2F84000-memory.dmp

memory/3432-1083-0x00007FF6B4520000-0x00007FF6B4874000-memory.dmp

memory/3524-1084-0x00007FF67CA60000-0x00007FF67CDB4000-memory.dmp

memory/1256-1085-0x00007FF658180000-0x00007FF6584D4000-memory.dmp

memory/1604-1086-0x00007FF6E0270000-0x00007FF6E05C4000-memory.dmp

memory/3348-1087-0x00007FF7DB9A0000-0x00007FF7DBCF4000-memory.dmp

memory/4128-1088-0x00007FF701F10000-0x00007FF702264000-memory.dmp

memory/5068-1089-0x00007FF621CA0000-0x00007FF621FF4000-memory.dmp

memory/2468-1093-0x00007FF6EFEB0000-0x00007FF6F0204000-memory.dmp

memory/3752-1095-0x00007FF651EE0000-0x00007FF652234000-memory.dmp

memory/1816-1094-0x00007FF7AE230000-0x00007FF7AE584000-memory.dmp

memory/3608-1092-0x00007FF6D3CF0000-0x00007FF6D4044000-memory.dmp

memory/2232-1091-0x00007FF676380000-0x00007FF6766D4000-memory.dmp

memory/5084-1090-0x00007FF630500000-0x00007FF630854000-memory.dmp

memory/5036-1102-0x00007FF765340000-0x00007FF765694000-memory.dmp

memory/3400-1103-0x00007FF716A80000-0x00007FF716DD4000-memory.dmp

memory/1908-1101-0x00007FF615CD0000-0x00007FF616024000-memory.dmp

memory/2484-1100-0x00007FF71CDA0000-0x00007FF71D0F4000-memory.dmp

memory/3624-1099-0x00007FF735F70000-0x00007FF7362C4000-memory.dmp

memory/1944-1098-0x00007FF68A640000-0x00007FF68A994000-memory.dmp

memory/4080-1097-0x00007FF60B160000-0x00007FF60B4B4000-memory.dmp

memory/3676-1096-0x00007FF73F3A0000-0x00007FF73F6F4000-memory.dmp

memory/1104-1104-0x00007FF6A7450000-0x00007FF6A77A4000-memory.dmp

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-04 03:58

Reported

2024-06-04 04:00

Platform

win7-20240220-en

Max time kernel

139s

Max time network

148s

Command Line

"C:\Users\Admin\AppData\Local\Temp\2ab60d2aa7cbb09f63e57bdadebfed10_NeikiAnalytics.exe"

Signatures

KPOT

trojan stealer kpot

KPOT Core Executable

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

xmrig

miner xmrig

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Windows\System\pCROSNL.exe N/A
N/A N/A C:\Windows\System\VfwCQjF.exe N/A
N/A N/A C:\Windows\System\oDGAxjG.exe N/A
N/A N/A C:\Windows\System\rtxdPTE.exe N/A
N/A N/A C:\Windows\System\xPeycXO.exe N/A
N/A N/A C:\Windows\System\QmsGckB.exe N/A
N/A N/A C:\Windows\System\NdkdnSX.exe N/A
N/A N/A C:\Windows\System\kfcJQKW.exe N/A
N/A N/A C:\Windows\System\OSqrHdg.exe N/A
N/A N/A C:\Windows\System\oPwpUmM.exe N/A
N/A N/A C:\Windows\System\YgoeCHY.exe N/A
N/A N/A C:\Windows\System\ZjDgpRu.exe N/A
N/A N/A C:\Windows\System\wMMPoAV.exe N/A
N/A N/A C:\Windows\System\neDlnvJ.exe N/A
N/A N/A C:\Windows\System\cYUqgzz.exe N/A
N/A N/A C:\Windows\System\yEMQpXm.exe N/A
N/A N/A C:\Windows\System\egfvSFK.exe N/A
N/A N/A C:\Windows\System\kPcwdqx.exe N/A
N/A N/A C:\Windows\System\nnnSipm.exe N/A
N/A N/A C:\Windows\System\ItxTuwU.exe N/A
N/A N/A C:\Windows\System\FGWzoaV.exe N/A
N/A N/A C:\Windows\System\gRGKvSK.exe N/A
N/A N/A C:\Windows\System\OFwoHmW.exe N/A
N/A N/A C:\Windows\System\WaMaeAC.exe N/A
N/A N/A C:\Windows\System\OmvScKH.exe N/A
N/A N/A C:\Windows\System\ROgBOuV.exe N/A
N/A N/A C:\Windows\System\SieiPXJ.exe N/A
N/A N/A C:\Windows\System\LMhLqhC.exe N/A
N/A N/A C:\Windows\System\xtTGuLw.exe N/A
N/A N/A C:\Windows\System\rzVbhyt.exe N/A
N/A N/A C:\Windows\System\iAiTnZP.exe N/A
N/A N/A C:\Windows\System\MFtqiFn.exe N/A
N/A N/A C:\Windows\System\HLLeQLd.exe N/A
N/A N/A C:\Windows\System\PgVLqhh.exe N/A
N/A N/A C:\Windows\System\oTSYGWu.exe N/A
N/A N/A C:\Windows\System\kPkwsnQ.exe N/A
N/A N/A C:\Windows\System\mHuCmyp.exe N/A
N/A N/A C:\Windows\System\YDnuVcq.exe N/A
N/A N/A C:\Windows\System\NVscxOE.exe N/A
N/A N/A C:\Windows\System\uuKrLIs.exe N/A
N/A N/A C:\Windows\System\EHonmto.exe N/A
N/A N/A C:\Windows\System\iOKUKGu.exe N/A
N/A N/A C:\Windows\System\faHOFAW.exe N/A
N/A N/A C:\Windows\System\NXoVjmH.exe N/A
N/A N/A C:\Windows\System\bAvrmaW.exe N/A
N/A N/A C:\Windows\System\PDWjyfF.exe N/A
N/A N/A C:\Windows\System\dkQxTmB.exe N/A
N/A N/A C:\Windows\System\BKIPMeT.exe N/A
N/A N/A C:\Windows\System\GqbjbLc.exe N/A
N/A N/A C:\Windows\System\VNxpoys.exe N/A
N/A N/A C:\Windows\System\zKMABYZ.exe N/A
N/A N/A C:\Windows\System\IDOKhZM.exe N/A
N/A N/A C:\Windows\System\xuElCFw.exe N/A
N/A N/A C:\Windows\System\GzJJkvg.exe N/A
N/A N/A C:\Windows\System\lgQcFhC.exe N/A
N/A N/A C:\Windows\System\gLONurD.exe N/A
N/A N/A C:\Windows\System\UoFRdVp.exe N/A
N/A N/A C:\Windows\System\tikNbUU.exe N/A
N/A N/A C:\Windows\System\DSYcafU.exe N/A
N/A N/A C:\Windows\System\jpNrGri.exe N/A
N/A N/A C:\Windows\System\zSvLSvM.exe N/A
N/A N/A C:\Windows\System\ltIevyn.exe N/A
N/A N/A C:\Windows\System\SyENnaH.exe N/A
N/A N/A C:\Windows\System\aTzoaRX.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\2ab60d2aa7cbb09f63e57bdadebfed10_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2ab60d2aa7cbb09f63e57bdadebfed10_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2ab60d2aa7cbb09f63e57bdadebfed10_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2ab60d2aa7cbb09f63e57bdadebfed10_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2ab60d2aa7cbb09f63e57bdadebfed10_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2ab60d2aa7cbb09f63e57bdadebfed10_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2ab60d2aa7cbb09f63e57bdadebfed10_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2ab60d2aa7cbb09f63e57bdadebfed10_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2ab60d2aa7cbb09f63e57bdadebfed10_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2ab60d2aa7cbb09f63e57bdadebfed10_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2ab60d2aa7cbb09f63e57bdadebfed10_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2ab60d2aa7cbb09f63e57bdadebfed10_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2ab60d2aa7cbb09f63e57bdadebfed10_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2ab60d2aa7cbb09f63e57bdadebfed10_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2ab60d2aa7cbb09f63e57bdadebfed10_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2ab60d2aa7cbb09f63e57bdadebfed10_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2ab60d2aa7cbb09f63e57bdadebfed10_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2ab60d2aa7cbb09f63e57bdadebfed10_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2ab60d2aa7cbb09f63e57bdadebfed10_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2ab60d2aa7cbb09f63e57bdadebfed10_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2ab60d2aa7cbb09f63e57bdadebfed10_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2ab60d2aa7cbb09f63e57bdadebfed10_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2ab60d2aa7cbb09f63e57bdadebfed10_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2ab60d2aa7cbb09f63e57bdadebfed10_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2ab60d2aa7cbb09f63e57bdadebfed10_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2ab60d2aa7cbb09f63e57bdadebfed10_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2ab60d2aa7cbb09f63e57bdadebfed10_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2ab60d2aa7cbb09f63e57bdadebfed10_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2ab60d2aa7cbb09f63e57bdadebfed10_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2ab60d2aa7cbb09f63e57bdadebfed10_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2ab60d2aa7cbb09f63e57bdadebfed10_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2ab60d2aa7cbb09f63e57bdadebfed10_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2ab60d2aa7cbb09f63e57bdadebfed10_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2ab60d2aa7cbb09f63e57bdadebfed10_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2ab60d2aa7cbb09f63e57bdadebfed10_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2ab60d2aa7cbb09f63e57bdadebfed10_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2ab60d2aa7cbb09f63e57bdadebfed10_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2ab60d2aa7cbb09f63e57bdadebfed10_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2ab60d2aa7cbb09f63e57bdadebfed10_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2ab60d2aa7cbb09f63e57bdadebfed10_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2ab60d2aa7cbb09f63e57bdadebfed10_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2ab60d2aa7cbb09f63e57bdadebfed10_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2ab60d2aa7cbb09f63e57bdadebfed10_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2ab60d2aa7cbb09f63e57bdadebfed10_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2ab60d2aa7cbb09f63e57bdadebfed10_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2ab60d2aa7cbb09f63e57bdadebfed10_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2ab60d2aa7cbb09f63e57bdadebfed10_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2ab60d2aa7cbb09f63e57bdadebfed10_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2ab60d2aa7cbb09f63e57bdadebfed10_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2ab60d2aa7cbb09f63e57bdadebfed10_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2ab60d2aa7cbb09f63e57bdadebfed10_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2ab60d2aa7cbb09f63e57bdadebfed10_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2ab60d2aa7cbb09f63e57bdadebfed10_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2ab60d2aa7cbb09f63e57bdadebfed10_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2ab60d2aa7cbb09f63e57bdadebfed10_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2ab60d2aa7cbb09f63e57bdadebfed10_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2ab60d2aa7cbb09f63e57bdadebfed10_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2ab60d2aa7cbb09f63e57bdadebfed10_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2ab60d2aa7cbb09f63e57bdadebfed10_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2ab60d2aa7cbb09f63e57bdadebfed10_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2ab60d2aa7cbb09f63e57bdadebfed10_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2ab60d2aa7cbb09f63e57bdadebfed10_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2ab60d2aa7cbb09f63e57bdadebfed10_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2ab60d2aa7cbb09f63e57bdadebfed10_NeikiAnalytics.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\System\wMZMRku.exe C:\Users\Admin\AppData\Local\Temp\2ab60d2aa7cbb09f63e57bdadebfed10_NeikiAnalytics.exe N/A
File created C:\Windows\System\CPIdsxd.exe C:\Users\Admin\AppData\Local\Temp\2ab60d2aa7cbb09f63e57bdadebfed10_NeikiAnalytics.exe N/A
File created C:\Windows\System\JUfQRgY.exe C:\Users\Admin\AppData\Local\Temp\2ab60d2aa7cbb09f63e57bdadebfed10_NeikiAnalytics.exe N/A
File created C:\Windows\System\WfKioXL.exe C:\Users\Admin\AppData\Local\Temp\2ab60d2aa7cbb09f63e57bdadebfed10_NeikiAnalytics.exe N/A
File created C:\Windows\System\fQXkhon.exe C:\Users\Admin\AppData\Local\Temp\2ab60d2aa7cbb09f63e57bdadebfed10_NeikiAnalytics.exe N/A
File created C:\Windows\System\DOKzglN.exe C:\Users\Admin\AppData\Local\Temp\2ab60d2aa7cbb09f63e57bdadebfed10_NeikiAnalytics.exe N/A
File created C:\Windows\System\UBvXGrD.exe C:\Users\Admin\AppData\Local\Temp\2ab60d2aa7cbb09f63e57bdadebfed10_NeikiAnalytics.exe N/A
File created C:\Windows\System\poqBEej.exe C:\Users\Admin\AppData\Local\Temp\2ab60d2aa7cbb09f63e57bdadebfed10_NeikiAnalytics.exe N/A
File created C:\Windows\System\njNBgJD.exe C:\Users\Admin\AppData\Local\Temp\2ab60d2aa7cbb09f63e57bdadebfed10_NeikiAnalytics.exe N/A
File created C:\Windows\System\egWWYKZ.exe C:\Users\Admin\AppData\Local\Temp\2ab60d2aa7cbb09f63e57bdadebfed10_NeikiAnalytics.exe N/A
File created C:\Windows\System\TFJoZTM.exe C:\Users\Admin\AppData\Local\Temp\2ab60d2aa7cbb09f63e57bdadebfed10_NeikiAnalytics.exe N/A
File created C:\Windows\System\KnKAVUa.exe C:\Users\Admin\AppData\Local\Temp\2ab60d2aa7cbb09f63e57bdadebfed10_NeikiAnalytics.exe N/A
File created C:\Windows\System\BXXrFkZ.exe C:\Users\Admin\AppData\Local\Temp\2ab60d2aa7cbb09f63e57bdadebfed10_NeikiAnalytics.exe N/A
File created C:\Windows\System\RWkxFQM.exe C:\Users\Admin\AppData\Local\Temp\2ab60d2aa7cbb09f63e57bdadebfed10_NeikiAnalytics.exe N/A
File created C:\Windows\System\FehXZch.exe C:\Users\Admin\AppData\Local\Temp\2ab60d2aa7cbb09f63e57bdadebfed10_NeikiAnalytics.exe N/A
File created C:\Windows\System\ucqmbNj.exe C:\Users\Admin\AppData\Local\Temp\2ab60d2aa7cbb09f63e57bdadebfed10_NeikiAnalytics.exe N/A
File created C:\Windows\System\chmQPta.exe C:\Users\Admin\AppData\Local\Temp\2ab60d2aa7cbb09f63e57bdadebfed10_NeikiAnalytics.exe N/A
File created C:\Windows\System\SjGSxoI.exe C:\Users\Admin\AppData\Local\Temp\2ab60d2aa7cbb09f63e57bdadebfed10_NeikiAnalytics.exe N/A
File created C:\Windows\System\czREUtq.exe C:\Users\Admin\AppData\Local\Temp\2ab60d2aa7cbb09f63e57bdadebfed10_NeikiAnalytics.exe N/A
File created C:\Windows\System\DPietLG.exe C:\Users\Admin\AppData\Local\Temp\2ab60d2aa7cbb09f63e57bdadebfed10_NeikiAnalytics.exe N/A
File created C:\Windows\System\ItxTuwU.exe C:\Users\Admin\AppData\Local\Temp\2ab60d2aa7cbb09f63e57bdadebfed10_NeikiAnalytics.exe N/A
File created C:\Windows\System\hVdzdYl.exe C:\Users\Admin\AppData\Local\Temp\2ab60d2aa7cbb09f63e57bdadebfed10_NeikiAnalytics.exe N/A
File created C:\Windows\System\OmvScKH.exe C:\Users\Admin\AppData\Local\Temp\2ab60d2aa7cbb09f63e57bdadebfed10_NeikiAnalytics.exe N/A
File created C:\Windows\System\oaTZrJZ.exe C:\Users\Admin\AppData\Local\Temp\2ab60d2aa7cbb09f63e57bdadebfed10_NeikiAnalytics.exe N/A
File created C:\Windows\System\AmhEAtq.exe C:\Users\Admin\AppData\Local\Temp\2ab60d2aa7cbb09f63e57bdadebfed10_NeikiAnalytics.exe N/A
File created C:\Windows\System\IpTyTVs.exe C:\Users\Admin\AppData\Local\Temp\2ab60d2aa7cbb09f63e57bdadebfed10_NeikiAnalytics.exe N/A
File created C:\Windows\System\LGABwad.exe C:\Users\Admin\AppData\Local\Temp\2ab60d2aa7cbb09f63e57bdadebfed10_NeikiAnalytics.exe N/A
File created C:\Windows\System\OQbtKpL.exe C:\Users\Admin\AppData\Local\Temp\2ab60d2aa7cbb09f63e57bdadebfed10_NeikiAnalytics.exe N/A
File created C:\Windows\System\aTzoaRX.exe C:\Users\Admin\AppData\Local\Temp\2ab60d2aa7cbb09f63e57bdadebfed10_NeikiAnalytics.exe N/A
File created C:\Windows\System\wooSEgP.exe C:\Users\Admin\AppData\Local\Temp\2ab60d2aa7cbb09f63e57bdadebfed10_NeikiAnalytics.exe N/A
File created C:\Windows\System\yDisvdJ.exe C:\Users\Admin\AppData\Local\Temp\2ab60d2aa7cbb09f63e57bdadebfed10_NeikiAnalytics.exe N/A
File created C:\Windows\System\SJzxXCB.exe C:\Users\Admin\AppData\Local\Temp\2ab60d2aa7cbb09f63e57bdadebfed10_NeikiAnalytics.exe N/A
File created C:\Windows\System\MubdAdR.exe C:\Users\Admin\AppData\Local\Temp\2ab60d2aa7cbb09f63e57bdadebfed10_NeikiAnalytics.exe N/A
File created C:\Windows\System\mHuCmyp.exe C:\Users\Admin\AppData\Local\Temp\2ab60d2aa7cbb09f63e57bdadebfed10_NeikiAnalytics.exe N/A
File created C:\Windows\System\iOKUKGu.exe C:\Users\Admin\AppData\Local\Temp\2ab60d2aa7cbb09f63e57bdadebfed10_NeikiAnalytics.exe N/A
File created C:\Windows\System\SyENnaH.exe C:\Users\Admin\AppData\Local\Temp\2ab60d2aa7cbb09f63e57bdadebfed10_NeikiAnalytics.exe N/A
File created C:\Windows\System\gnpQRjP.exe C:\Users\Admin\AppData\Local\Temp\2ab60d2aa7cbb09f63e57bdadebfed10_NeikiAnalytics.exe N/A
File created C:\Windows\System\yjBgJcz.exe C:\Users\Admin\AppData\Local\Temp\2ab60d2aa7cbb09f63e57bdadebfed10_NeikiAnalytics.exe N/A
File created C:\Windows\System\zILOHpg.exe C:\Users\Admin\AppData\Local\Temp\2ab60d2aa7cbb09f63e57bdadebfed10_NeikiAnalytics.exe N/A
File created C:\Windows\System\xIhHviT.exe C:\Users\Admin\AppData\Local\Temp\2ab60d2aa7cbb09f63e57bdadebfed10_NeikiAnalytics.exe N/A
File created C:\Windows\System\EQVOJgH.exe C:\Users\Admin\AppData\Local\Temp\2ab60d2aa7cbb09f63e57bdadebfed10_NeikiAnalytics.exe N/A
File created C:\Windows\System\ROgBOuV.exe C:\Users\Admin\AppData\Local\Temp\2ab60d2aa7cbb09f63e57bdadebfed10_NeikiAnalytics.exe N/A
File created C:\Windows\System\zynRXvz.exe C:\Users\Admin\AppData\Local\Temp\2ab60d2aa7cbb09f63e57bdadebfed10_NeikiAnalytics.exe N/A
File created C:\Windows\System\oTSYGWu.exe C:\Users\Admin\AppData\Local\Temp\2ab60d2aa7cbb09f63e57bdadebfed10_NeikiAnalytics.exe N/A
File created C:\Windows\System\faHOFAW.exe C:\Users\Admin\AppData\Local\Temp\2ab60d2aa7cbb09f63e57bdadebfed10_NeikiAnalytics.exe N/A
File created C:\Windows\System\UoFRdVp.exe C:\Users\Admin\AppData\Local\Temp\2ab60d2aa7cbb09f63e57bdadebfed10_NeikiAnalytics.exe N/A
File created C:\Windows\System\pCROSNL.exe C:\Users\Admin\AppData\Local\Temp\2ab60d2aa7cbb09f63e57bdadebfed10_NeikiAnalytics.exe N/A
File created C:\Windows\System\VNxpoys.exe C:\Users\Admin\AppData\Local\Temp\2ab60d2aa7cbb09f63e57bdadebfed10_NeikiAnalytics.exe N/A
File created C:\Windows\System\oOqaeew.exe C:\Users\Admin\AppData\Local\Temp\2ab60d2aa7cbb09f63e57bdadebfed10_NeikiAnalytics.exe N/A
File created C:\Windows\System\yEMQpXm.exe C:\Users\Admin\AppData\Local\Temp\2ab60d2aa7cbb09f63e57bdadebfed10_NeikiAnalytics.exe N/A
File created C:\Windows\System\HbcRpqH.exe C:\Users\Admin\AppData\Local\Temp\2ab60d2aa7cbb09f63e57bdadebfed10_NeikiAnalytics.exe N/A
File created C:\Windows\System\ogbhjcg.exe C:\Users\Admin\AppData\Local\Temp\2ab60d2aa7cbb09f63e57bdadebfed10_NeikiAnalytics.exe N/A
File created C:\Windows\System\JLIMtHh.exe C:\Users\Admin\AppData\Local\Temp\2ab60d2aa7cbb09f63e57bdadebfed10_NeikiAnalytics.exe N/A
File created C:\Windows\System\fiksBVA.exe C:\Users\Admin\AppData\Local\Temp\2ab60d2aa7cbb09f63e57bdadebfed10_NeikiAnalytics.exe N/A
File created C:\Windows\System\QeWtFHV.exe C:\Users\Admin\AppData\Local\Temp\2ab60d2aa7cbb09f63e57bdadebfed10_NeikiAnalytics.exe N/A
File created C:\Windows\System\yQWEQKi.exe C:\Users\Admin\AppData\Local\Temp\2ab60d2aa7cbb09f63e57bdadebfed10_NeikiAnalytics.exe N/A
File created C:\Windows\System\QfJEuXC.exe C:\Users\Admin\AppData\Local\Temp\2ab60d2aa7cbb09f63e57bdadebfed10_NeikiAnalytics.exe N/A
File created C:\Windows\System\TmjRpEG.exe C:\Users\Admin\AppData\Local\Temp\2ab60d2aa7cbb09f63e57bdadebfed10_NeikiAnalytics.exe N/A
File created C:\Windows\System\kGvfVbc.exe C:\Users\Admin\AppData\Local\Temp\2ab60d2aa7cbb09f63e57bdadebfed10_NeikiAnalytics.exe N/A
File created C:\Windows\System\DSYcafU.exe C:\Users\Admin\AppData\Local\Temp\2ab60d2aa7cbb09f63e57bdadebfed10_NeikiAnalytics.exe N/A
File created C:\Windows\System\koTEBxb.exe C:\Users\Admin\AppData\Local\Temp\2ab60d2aa7cbb09f63e57bdadebfed10_NeikiAnalytics.exe N/A
File created C:\Windows\System\jTHscnv.exe C:\Users\Admin\AppData\Local\Temp\2ab60d2aa7cbb09f63e57bdadebfed10_NeikiAnalytics.exe N/A
File created C:\Windows\System\HWIgSQG.exe C:\Users\Admin\AppData\Local\Temp\2ab60d2aa7cbb09f63e57bdadebfed10_NeikiAnalytics.exe N/A
File created C:\Windows\System\YDnuVcq.exe C:\Users\Admin\AppData\Local\Temp\2ab60d2aa7cbb09f63e57bdadebfed10_NeikiAnalytics.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2ab60d2aa7cbb09f63e57bdadebfed10_NeikiAnalytics.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2ab60d2aa7cbb09f63e57bdadebfed10_NeikiAnalytics.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1740 wrote to memory of 2012 N/A C:\Users\Admin\AppData\Local\Temp\2ab60d2aa7cbb09f63e57bdadebfed10_NeikiAnalytics.exe C:\Windows\System\pCROSNL.exe
PID 1740 wrote to memory of 2012 N/A C:\Users\Admin\AppData\Local\Temp\2ab60d2aa7cbb09f63e57bdadebfed10_NeikiAnalytics.exe C:\Windows\System\pCROSNL.exe
PID 1740 wrote to memory of 2012 N/A C:\Users\Admin\AppData\Local\Temp\2ab60d2aa7cbb09f63e57bdadebfed10_NeikiAnalytics.exe C:\Windows\System\pCROSNL.exe
PID 1740 wrote to memory of 3048 N/A C:\Users\Admin\AppData\Local\Temp\2ab60d2aa7cbb09f63e57bdadebfed10_NeikiAnalytics.exe C:\Windows\System\VfwCQjF.exe
PID 1740 wrote to memory of 3048 N/A C:\Users\Admin\AppData\Local\Temp\2ab60d2aa7cbb09f63e57bdadebfed10_NeikiAnalytics.exe C:\Windows\System\VfwCQjF.exe
PID 1740 wrote to memory of 3048 N/A C:\Users\Admin\AppData\Local\Temp\2ab60d2aa7cbb09f63e57bdadebfed10_NeikiAnalytics.exe C:\Windows\System\VfwCQjF.exe
PID 1740 wrote to memory of 2792 N/A C:\Users\Admin\AppData\Local\Temp\2ab60d2aa7cbb09f63e57bdadebfed10_NeikiAnalytics.exe C:\Windows\System\oDGAxjG.exe
PID 1740 wrote to memory of 2792 N/A C:\Users\Admin\AppData\Local\Temp\2ab60d2aa7cbb09f63e57bdadebfed10_NeikiAnalytics.exe C:\Windows\System\oDGAxjG.exe
PID 1740 wrote to memory of 2792 N/A C:\Users\Admin\AppData\Local\Temp\2ab60d2aa7cbb09f63e57bdadebfed10_NeikiAnalytics.exe C:\Windows\System\oDGAxjG.exe
PID 1740 wrote to memory of 2140 N/A C:\Users\Admin\AppData\Local\Temp\2ab60d2aa7cbb09f63e57bdadebfed10_NeikiAnalytics.exe C:\Windows\System\xPeycXO.exe
PID 1740 wrote to memory of 2140 N/A C:\Users\Admin\AppData\Local\Temp\2ab60d2aa7cbb09f63e57bdadebfed10_NeikiAnalytics.exe C:\Windows\System\xPeycXO.exe
PID 1740 wrote to memory of 2140 N/A C:\Users\Admin\AppData\Local\Temp\2ab60d2aa7cbb09f63e57bdadebfed10_NeikiAnalytics.exe C:\Windows\System\xPeycXO.exe
PID 1740 wrote to memory of 2660 N/A C:\Users\Admin\AppData\Local\Temp\2ab60d2aa7cbb09f63e57bdadebfed10_NeikiAnalytics.exe C:\Windows\System\rtxdPTE.exe
PID 1740 wrote to memory of 2660 N/A C:\Users\Admin\AppData\Local\Temp\2ab60d2aa7cbb09f63e57bdadebfed10_NeikiAnalytics.exe C:\Windows\System\rtxdPTE.exe
PID 1740 wrote to memory of 2660 N/A C:\Users\Admin\AppData\Local\Temp\2ab60d2aa7cbb09f63e57bdadebfed10_NeikiAnalytics.exe C:\Windows\System\rtxdPTE.exe
PID 1740 wrote to memory of 2684 N/A C:\Users\Admin\AppData\Local\Temp\2ab60d2aa7cbb09f63e57bdadebfed10_NeikiAnalytics.exe C:\Windows\System\QmsGckB.exe
PID 1740 wrote to memory of 2684 N/A C:\Users\Admin\AppData\Local\Temp\2ab60d2aa7cbb09f63e57bdadebfed10_NeikiAnalytics.exe C:\Windows\System\QmsGckB.exe
PID 1740 wrote to memory of 2684 N/A C:\Users\Admin\AppData\Local\Temp\2ab60d2aa7cbb09f63e57bdadebfed10_NeikiAnalytics.exe C:\Windows\System\QmsGckB.exe
PID 1740 wrote to memory of 2712 N/A C:\Users\Admin\AppData\Local\Temp\2ab60d2aa7cbb09f63e57bdadebfed10_NeikiAnalytics.exe C:\Windows\System\NdkdnSX.exe
PID 1740 wrote to memory of 2712 N/A C:\Users\Admin\AppData\Local\Temp\2ab60d2aa7cbb09f63e57bdadebfed10_NeikiAnalytics.exe C:\Windows\System\NdkdnSX.exe
PID 1740 wrote to memory of 2712 N/A C:\Users\Admin\AppData\Local\Temp\2ab60d2aa7cbb09f63e57bdadebfed10_NeikiAnalytics.exe C:\Windows\System\NdkdnSX.exe
PID 1740 wrote to memory of 2592 N/A C:\Users\Admin\AppData\Local\Temp\2ab60d2aa7cbb09f63e57bdadebfed10_NeikiAnalytics.exe C:\Windows\System\kfcJQKW.exe
PID 1740 wrote to memory of 2592 N/A C:\Users\Admin\AppData\Local\Temp\2ab60d2aa7cbb09f63e57bdadebfed10_NeikiAnalytics.exe C:\Windows\System\kfcJQKW.exe
PID 1740 wrote to memory of 2592 N/A C:\Users\Admin\AppData\Local\Temp\2ab60d2aa7cbb09f63e57bdadebfed10_NeikiAnalytics.exe C:\Windows\System\kfcJQKW.exe
PID 1740 wrote to memory of 2468 N/A C:\Users\Admin\AppData\Local\Temp\2ab60d2aa7cbb09f63e57bdadebfed10_NeikiAnalytics.exe C:\Windows\System\OSqrHdg.exe
PID 1740 wrote to memory of 2468 N/A C:\Users\Admin\AppData\Local\Temp\2ab60d2aa7cbb09f63e57bdadebfed10_NeikiAnalytics.exe C:\Windows\System\OSqrHdg.exe
PID 1740 wrote to memory of 2468 N/A C:\Users\Admin\AppData\Local\Temp\2ab60d2aa7cbb09f63e57bdadebfed10_NeikiAnalytics.exe C:\Windows\System\OSqrHdg.exe
PID 1740 wrote to memory of 2212 N/A C:\Users\Admin\AppData\Local\Temp\2ab60d2aa7cbb09f63e57bdadebfed10_NeikiAnalytics.exe C:\Windows\System\oPwpUmM.exe
PID 1740 wrote to memory of 2212 N/A C:\Users\Admin\AppData\Local\Temp\2ab60d2aa7cbb09f63e57bdadebfed10_NeikiAnalytics.exe C:\Windows\System\oPwpUmM.exe
PID 1740 wrote to memory of 2212 N/A C:\Users\Admin\AppData\Local\Temp\2ab60d2aa7cbb09f63e57bdadebfed10_NeikiAnalytics.exe C:\Windows\System\oPwpUmM.exe
PID 1740 wrote to memory of 2504 N/A C:\Users\Admin\AppData\Local\Temp\2ab60d2aa7cbb09f63e57bdadebfed10_NeikiAnalytics.exe C:\Windows\System\YgoeCHY.exe
PID 1740 wrote to memory of 2504 N/A C:\Users\Admin\AppData\Local\Temp\2ab60d2aa7cbb09f63e57bdadebfed10_NeikiAnalytics.exe C:\Windows\System\YgoeCHY.exe
PID 1740 wrote to memory of 2504 N/A C:\Users\Admin\AppData\Local\Temp\2ab60d2aa7cbb09f63e57bdadebfed10_NeikiAnalytics.exe C:\Windows\System\YgoeCHY.exe
PID 1740 wrote to memory of 2704 N/A C:\Users\Admin\AppData\Local\Temp\2ab60d2aa7cbb09f63e57bdadebfed10_NeikiAnalytics.exe C:\Windows\System\ZjDgpRu.exe
PID 1740 wrote to memory of 2704 N/A C:\Users\Admin\AppData\Local\Temp\2ab60d2aa7cbb09f63e57bdadebfed10_NeikiAnalytics.exe C:\Windows\System\ZjDgpRu.exe
PID 1740 wrote to memory of 2704 N/A C:\Users\Admin\AppData\Local\Temp\2ab60d2aa7cbb09f63e57bdadebfed10_NeikiAnalytics.exe C:\Windows\System\ZjDgpRu.exe
PID 1740 wrote to memory of 820 N/A C:\Users\Admin\AppData\Local\Temp\2ab60d2aa7cbb09f63e57bdadebfed10_NeikiAnalytics.exe C:\Windows\System\wMMPoAV.exe
PID 1740 wrote to memory of 820 N/A C:\Users\Admin\AppData\Local\Temp\2ab60d2aa7cbb09f63e57bdadebfed10_NeikiAnalytics.exe C:\Windows\System\wMMPoAV.exe
PID 1740 wrote to memory of 820 N/A C:\Users\Admin\AppData\Local\Temp\2ab60d2aa7cbb09f63e57bdadebfed10_NeikiAnalytics.exe C:\Windows\System\wMMPoAV.exe
PID 1740 wrote to memory of 2628 N/A C:\Users\Admin\AppData\Local\Temp\2ab60d2aa7cbb09f63e57bdadebfed10_NeikiAnalytics.exe C:\Windows\System\cYUqgzz.exe
PID 1740 wrote to memory of 2628 N/A C:\Users\Admin\AppData\Local\Temp\2ab60d2aa7cbb09f63e57bdadebfed10_NeikiAnalytics.exe C:\Windows\System\cYUqgzz.exe
PID 1740 wrote to memory of 2628 N/A C:\Users\Admin\AppData\Local\Temp\2ab60d2aa7cbb09f63e57bdadebfed10_NeikiAnalytics.exe C:\Windows\System\cYUqgzz.exe
PID 1740 wrote to memory of 2724 N/A C:\Users\Admin\AppData\Local\Temp\2ab60d2aa7cbb09f63e57bdadebfed10_NeikiAnalytics.exe C:\Windows\System\neDlnvJ.exe
PID 1740 wrote to memory of 2724 N/A C:\Users\Admin\AppData\Local\Temp\2ab60d2aa7cbb09f63e57bdadebfed10_NeikiAnalytics.exe C:\Windows\System\neDlnvJ.exe
PID 1740 wrote to memory of 2724 N/A C:\Users\Admin\AppData\Local\Temp\2ab60d2aa7cbb09f63e57bdadebfed10_NeikiAnalytics.exe C:\Windows\System\neDlnvJ.exe
PID 1740 wrote to memory of 2260 N/A C:\Users\Admin\AppData\Local\Temp\2ab60d2aa7cbb09f63e57bdadebfed10_NeikiAnalytics.exe C:\Windows\System\egfvSFK.exe
PID 1740 wrote to memory of 2260 N/A C:\Users\Admin\AppData\Local\Temp\2ab60d2aa7cbb09f63e57bdadebfed10_NeikiAnalytics.exe C:\Windows\System\egfvSFK.exe
PID 1740 wrote to memory of 2260 N/A C:\Users\Admin\AppData\Local\Temp\2ab60d2aa7cbb09f63e57bdadebfed10_NeikiAnalytics.exe C:\Windows\System\egfvSFK.exe
PID 1740 wrote to memory of 1332 N/A C:\Users\Admin\AppData\Local\Temp\2ab60d2aa7cbb09f63e57bdadebfed10_NeikiAnalytics.exe C:\Windows\System\yEMQpXm.exe
PID 1740 wrote to memory of 1332 N/A C:\Users\Admin\AppData\Local\Temp\2ab60d2aa7cbb09f63e57bdadebfed10_NeikiAnalytics.exe C:\Windows\System\yEMQpXm.exe
PID 1740 wrote to memory of 1332 N/A C:\Users\Admin\AppData\Local\Temp\2ab60d2aa7cbb09f63e57bdadebfed10_NeikiAnalytics.exe C:\Windows\System\yEMQpXm.exe
PID 1740 wrote to memory of 684 N/A C:\Users\Admin\AppData\Local\Temp\2ab60d2aa7cbb09f63e57bdadebfed10_NeikiAnalytics.exe C:\Windows\System\kPcwdqx.exe
PID 1740 wrote to memory of 684 N/A C:\Users\Admin\AppData\Local\Temp\2ab60d2aa7cbb09f63e57bdadebfed10_NeikiAnalytics.exe C:\Windows\System\kPcwdqx.exe
PID 1740 wrote to memory of 684 N/A C:\Users\Admin\AppData\Local\Temp\2ab60d2aa7cbb09f63e57bdadebfed10_NeikiAnalytics.exe C:\Windows\System\kPcwdqx.exe
PID 1740 wrote to memory of 1652 N/A C:\Users\Admin\AppData\Local\Temp\2ab60d2aa7cbb09f63e57bdadebfed10_NeikiAnalytics.exe C:\Windows\System\nnnSipm.exe
PID 1740 wrote to memory of 1652 N/A C:\Users\Admin\AppData\Local\Temp\2ab60d2aa7cbb09f63e57bdadebfed10_NeikiAnalytics.exe C:\Windows\System\nnnSipm.exe
PID 1740 wrote to memory of 1652 N/A C:\Users\Admin\AppData\Local\Temp\2ab60d2aa7cbb09f63e57bdadebfed10_NeikiAnalytics.exe C:\Windows\System\nnnSipm.exe
PID 1740 wrote to memory of 548 N/A C:\Users\Admin\AppData\Local\Temp\2ab60d2aa7cbb09f63e57bdadebfed10_NeikiAnalytics.exe C:\Windows\System\ItxTuwU.exe
PID 1740 wrote to memory of 548 N/A C:\Users\Admin\AppData\Local\Temp\2ab60d2aa7cbb09f63e57bdadebfed10_NeikiAnalytics.exe C:\Windows\System\ItxTuwU.exe
PID 1740 wrote to memory of 548 N/A C:\Users\Admin\AppData\Local\Temp\2ab60d2aa7cbb09f63e57bdadebfed10_NeikiAnalytics.exe C:\Windows\System\ItxTuwU.exe
PID 1740 wrote to memory of 2780 N/A C:\Users\Admin\AppData\Local\Temp\2ab60d2aa7cbb09f63e57bdadebfed10_NeikiAnalytics.exe C:\Windows\System\FGWzoaV.exe
PID 1740 wrote to memory of 2780 N/A C:\Users\Admin\AppData\Local\Temp\2ab60d2aa7cbb09f63e57bdadebfed10_NeikiAnalytics.exe C:\Windows\System\FGWzoaV.exe
PID 1740 wrote to memory of 2780 N/A C:\Users\Admin\AppData\Local\Temp\2ab60d2aa7cbb09f63e57bdadebfed10_NeikiAnalytics.exe C:\Windows\System\FGWzoaV.exe
PID 1740 wrote to memory of 1804 N/A C:\Users\Admin\AppData\Local\Temp\2ab60d2aa7cbb09f63e57bdadebfed10_NeikiAnalytics.exe C:\Windows\System\gRGKvSK.exe

Processes

C:\Users\Admin\AppData\Local\Temp\2ab60d2aa7cbb09f63e57bdadebfed10_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\2ab60d2aa7cbb09f63e57bdadebfed10_NeikiAnalytics.exe"

C:\Windows\System\pCROSNL.exe

C:\Windows\System\pCROSNL.exe

C:\Windows\System\VfwCQjF.exe

C:\Windows\System\VfwCQjF.exe

C:\Windows\System\oDGAxjG.exe

C:\Windows\System\oDGAxjG.exe

C:\Windows\System\xPeycXO.exe

C:\Windows\System\xPeycXO.exe

C:\Windows\System\rtxdPTE.exe

C:\Windows\System\rtxdPTE.exe

C:\Windows\System\QmsGckB.exe

C:\Windows\System\QmsGckB.exe

C:\Windows\System\NdkdnSX.exe

C:\Windows\System\NdkdnSX.exe

C:\Windows\System\kfcJQKW.exe

C:\Windows\System\kfcJQKW.exe

C:\Windows\System\OSqrHdg.exe

C:\Windows\System\OSqrHdg.exe

C:\Windows\System\oPwpUmM.exe

C:\Windows\System\oPwpUmM.exe

C:\Windows\System\YgoeCHY.exe

C:\Windows\System\YgoeCHY.exe

C:\Windows\System\ZjDgpRu.exe

C:\Windows\System\ZjDgpRu.exe

C:\Windows\System\wMMPoAV.exe

C:\Windows\System\wMMPoAV.exe

C:\Windows\System\cYUqgzz.exe

C:\Windows\System\cYUqgzz.exe

C:\Windows\System\neDlnvJ.exe

C:\Windows\System\neDlnvJ.exe

C:\Windows\System\egfvSFK.exe

C:\Windows\System\egfvSFK.exe

C:\Windows\System\yEMQpXm.exe

C:\Windows\System\yEMQpXm.exe

C:\Windows\System\kPcwdqx.exe

C:\Windows\System\kPcwdqx.exe

C:\Windows\System\nnnSipm.exe

C:\Windows\System\nnnSipm.exe

C:\Windows\System\ItxTuwU.exe

C:\Windows\System\ItxTuwU.exe

C:\Windows\System\FGWzoaV.exe

C:\Windows\System\FGWzoaV.exe

C:\Windows\System\gRGKvSK.exe

C:\Windows\System\gRGKvSK.exe

C:\Windows\System\OFwoHmW.exe

C:\Windows\System\OFwoHmW.exe

C:\Windows\System\WaMaeAC.exe

C:\Windows\System\WaMaeAC.exe

C:\Windows\System\OmvScKH.exe

C:\Windows\System\OmvScKH.exe

C:\Windows\System\ROgBOuV.exe

C:\Windows\System\ROgBOuV.exe

C:\Windows\System\SieiPXJ.exe

C:\Windows\System\SieiPXJ.exe

C:\Windows\System\LMhLqhC.exe

C:\Windows\System\LMhLqhC.exe

C:\Windows\System\xtTGuLw.exe

C:\Windows\System\xtTGuLw.exe

C:\Windows\System\rzVbhyt.exe

C:\Windows\System\rzVbhyt.exe

C:\Windows\System\iAiTnZP.exe

C:\Windows\System\iAiTnZP.exe

C:\Windows\System\MFtqiFn.exe

C:\Windows\System\MFtqiFn.exe

C:\Windows\System\HLLeQLd.exe

C:\Windows\System\HLLeQLd.exe

C:\Windows\System\PgVLqhh.exe

C:\Windows\System\PgVLqhh.exe

C:\Windows\System\oTSYGWu.exe

C:\Windows\System\oTSYGWu.exe

C:\Windows\System\mHuCmyp.exe

C:\Windows\System\mHuCmyp.exe

C:\Windows\System\kPkwsnQ.exe

C:\Windows\System\kPkwsnQ.exe

C:\Windows\System\YDnuVcq.exe

C:\Windows\System\YDnuVcq.exe

C:\Windows\System\NVscxOE.exe

C:\Windows\System\NVscxOE.exe

C:\Windows\System\uuKrLIs.exe

C:\Windows\System\uuKrLIs.exe

C:\Windows\System\EHonmto.exe

C:\Windows\System\EHonmto.exe

C:\Windows\System\iOKUKGu.exe

C:\Windows\System\iOKUKGu.exe

C:\Windows\System\faHOFAW.exe

C:\Windows\System\faHOFAW.exe

C:\Windows\System\NXoVjmH.exe

C:\Windows\System\NXoVjmH.exe

C:\Windows\System\bAvrmaW.exe

C:\Windows\System\bAvrmaW.exe

C:\Windows\System\PDWjyfF.exe

C:\Windows\System\PDWjyfF.exe

C:\Windows\System\dkQxTmB.exe

C:\Windows\System\dkQxTmB.exe

C:\Windows\System\BKIPMeT.exe

C:\Windows\System\BKIPMeT.exe

C:\Windows\System\GqbjbLc.exe

C:\Windows\System\GqbjbLc.exe

C:\Windows\System\VNxpoys.exe

C:\Windows\System\VNxpoys.exe

C:\Windows\System\zKMABYZ.exe

C:\Windows\System\zKMABYZ.exe

C:\Windows\System\IDOKhZM.exe

C:\Windows\System\IDOKhZM.exe

C:\Windows\System\xuElCFw.exe

C:\Windows\System\xuElCFw.exe

C:\Windows\System\GzJJkvg.exe

C:\Windows\System\GzJJkvg.exe

C:\Windows\System\lgQcFhC.exe

C:\Windows\System\lgQcFhC.exe

C:\Windows\System\gLONurD.exe

C:\Windows\System\gLONurD.exe

C:\Windows\System\UoFRdVp.exe

C:\Windows\System\UoFRdVp.exe

C:\Windows\System\tikNbUU.exe

C:\Windows\System\tikNbUU.exe

C:\Windows\System\DSYcafU.exe

C:\Windows\System\DSYcafU.exe

C:\Windows\System\jpNrGri.exe

C:\Windows\System\jpNrGri.exe

C:\Windows\System\zSvLSvM.exe

C:\Windows\System\zSvLSvM.exe

C:\Windows\System\ltIevyn.exe

C:\Windows\System\ltIevyn.exe

C:\Windows\System\SyENnaH.exe

C:\Windows\System\SyENnaH.exe

C:\Windows\System\OqeBUxz.exe

C:\Windows\System\OqeBUxz.exe

C:\Windows\System\aTzoaRX.exe

C:\Windows\System\aTzoaRX.exe

C:\Windows\System\kguuDnJ.exe

C:\Windows\System\kguuDnJ.exe

C:\Windows\System\HkXzues.exe

C:\Windows\System\HkXzues.exe

C:\Windows\System\RWkxFQM.exe

C:\Windows\System\RWkxFQM.exe

C:\Windows\System\poqBEej.exe

C:\Windows\System\poqBEej.exe

C:\Windows\System\BcXszUo.exe

C:\Windows\System\BcXszUo.exe

C:\Windows\System\mLMspko.exe

C:\Windows\System\mLMspko.exe

C:\Windows\System\fnCbecT.exe

C:\Windows\System\fnCbecT.exe

C:\Windows\System\UIemWed.exe

C:\Windows\System\UIemWed.exe

C:\Windows\System\SdOYjbo.exe

C:\Windows\System\SdOYjbo.exe

C:\Windows\System\tIhxtuB.exe

C:\Windows\System\tIhxtuB.exe

C:\Windows\System\JJKEUyM.exe

C:\Windows\System\JJKEUyM.exe

C:\Windows\System\iULGPNe.exe

C:\Windows\System\iULGPNe.exe

C:\Windows\System\FivnBwp.exe

C:\Windows\System\FivnBwp.exe

C:\Windows\System\iDKypcE.exe

C:\Windows\System\iDKypcE.exe

C:\Windows\System\VJbbqIl.exe

C:\Windows\System\VJbbqIl.exe

C:\Windows\System\RlFWTEY.exe

C:\Windows\System\RlFWTEY.exe

C:\Windows\System\QAYwjHY.exe

C:\Windows\System\QAYwjHY.exe

C:\Windows\System\BXXrFkZ.exe

C:\Windows\System\BXXrFkZ.exe

C:\Windows\System\wSwiuQq.exe

C:\Windows\System\wSwiuQq.exe

C:\Windows\System\aELmMxX.exe

C:\Windows\System\aELmMxX.exe

C:\Windows\System\EDDPsTD.exe

C:\Windows\System\EDDPsTD.exe

C:\Windows\System\OocHrxB.exe

C:\Windows\System\OocHrxB.exe

C:\Windows\System\LLoLUfP.exe

C:\Windows\System\LLoLUfP.exe

C:\Windows\System\DprWVSK.exe

C:\Windows\System\DprWVSK.exe

C:\Windows\System\IlYBVuV.exe

C:\Windows\System\IlYBVuV.exe

C:\Windows\System\xUGGQdm.exe

C:\Windows\System\xUGGQdm.exe

C:\Windows\System\OvAHMvz.exe

C:\Windows\System\OvAHMvz.exe

C:\Windows\System\gGkZtdl.exe

C:\Windows\System\gGkZtdl.exe

C:\Windows\System\nCUZvJy.exe

C:\Windows\System\nCUZvJy.exe

C:\Windows\System\gVkHqHc.exe

C:\Windows\System\gVkHqHc.exe

C:\Windows\System\TGepssh.exe

C:\Windows\System\TGepssh.exe

C:\Windows\System\vadaZTW.exe

C:\Windows\System\vadaZTW.exe

C:\Windows\System\OQbtKpL.exe

C:\Windows\System\OQbtKpL.exe

C:\Windows\System\HogpwfQ.exe

C:\Windows\System\HogpwfQ.exe

C:\Windows\System\NlkygLM.exe

C:\Windows\System\NlkygLM.exe

C:\Windows\System\koTEBxb.exe

C:\Windows\System\koTEBxb.exe

C:\Windows\System\wMZMRku.exe

C:\Windows\System\wMZMRku.exe

C:\Windows\System\njNBgJD.exe

C:\Windows\System\njNBgJD.exe

C:\Windows\System\VypnOrT.exe

C:\Windows\System\VypnOrT.exe

C:\Windows\System\OdaOncD.exe

C:\Windows\System\OdaOncD.exe

C:\Windows\System\GtHnLKJ.exe

C:\Windows\System\GtHnLKJ.exe

C:\Windows\System\egWWYKZ.exe

C:\Windows\System\egWWYKZ.exe

C:\Windows\System\eRVgEEp.exe

C:\Windows\System\eRVgEEp.exe

C:\Windows\System\Fgoxmkp.exe

C:\Windows\System\Fgoxmkp.exe

C:\Windows\System\Olqrpxf.exe

C:\Windows\System\Olqrpxf.exe

C:\Windows\System\rzzUhvp.exe

C:\Windows\System\rzzUhvp.exe

C:\Windows\System\mNTvvka.exe

C:\Windows\System\mNTvvka.exe

C:\Windows\System\cKQqxHO.exe

C:\Windows\System\cKQqxHO.exe

C:\Windows\System\VatcowV.exe

C:\Windows\System\VatcowV.exe

C:\Windows\System\FehXZch.exe

C:\Windows\System\FehXZch.exe

C:\Windows\System\TXtDtSS.exe

C:\Windows\System\TXtDtSS.exe

C:\Windows\System\AXgcVDW.exe

C:\Windows\System\AXgcVDW.exe

C:\Windows\System\hkerdUt.exe

C:\Windows\System\hkerdUt.exe

C:\Windows\System\qMGavKc.exe

C:\Windows\System\qMGavKc.exe

C:\Windows\System\pULJdzW.exe

C:\Windows\System\pULJdzW.exe

C:\Windows\System\yQWEQKi.exe

C:\Windows\System\yQWEQKi.exe

C:\Windows\System\CszeFCM.exe

C:\Windows\System\CszeFCM.exe

C:\Windows\System\QeWtFHV.exe

C:\Windows\System\QeWtFHV.exe

C:\Windows\System\IxhrCHx.exe

C:\Windows\System\IxhrCHx.exe

C:\Windows\System\HbcRpqH.exe

C:\Windows\System\HbcRpqH.exe

C:\Windows\System\PFNLHiv.exe

C:\Windows\System\PFNLHiv.exe

C:\Windows\System\LGGjGvY.exe

C:\Windows\System\LGGjGvY.exe

C:\Windows\System\TFJoZTM.exe

C:\Windows\System\TFJoZTM.exe

C:\Windows\System\JxJCHdB.exe

C:\Windows\System\JxJCHdB.exe

C:\Windows\System\nUtrkYM.exe

C:\Windows\System\nUtrkYM.exe

C:\Windows\System\fQymxQM.exe

C:\Windows\System\fQymxQM.exe

C:\Windows\System\KLSZqGA.exe

C:\Windows\System\KLSZqGA.exe

C:\Windows\System\SuwmfvV.exe

C:\Windows\System\SuwmfvV.exe

C:\Windows\System\oHZQqAd.exe

C:\Windows\System\oHZQqAd.exe

C:\Windows\System\oaTZrJZ.exe

C:\Windows\System\oaTZrJZ.exe

C:\Windows\System\uzKpnEI.exe

C:\Windows\System\uzKpnEI.exe

C:\Windows\System\gnpQRjP.exe

C:\Windows\System\gnpQRjP.exe

C:\Windows\System\fHxXwKH.exe

C:\Windows\System\fHxXwKH.exe

C:\Windows\System\aLzQUOE.exe

C:\Windows\System\aLzQUOE.exe

C:\Windows\System\nEpiLyc.exe

C:\Windows\System\nEpiLyc.exe

C:\Windows\System\wooSEgP.exe

C:\Windows\System\wooSEgP.exe

C:\Windows\System\hVdzdYl.exe

C:\Windows\System\hVdzdYl.exe

C:\Windows\System\ANQavAY.exe

C:\Windows\System\ANQavAY.exe

C:\Windows\System\AmhEAtq.exe

C:\Windows\System\AmhEAtq.exe

C:\Windows\System\WAarRpb.exe

C:\Windows\System\WAarRpb.exe

C:\Windows\System\EBUNsaz.exe

C:\Windows\System\EBUNsaz.exe

C:\Windows\System\HypUdVr.exe

C:\Windows\System\HypUdVr.exe

C:\Windows\System\qNmNvdh.exe

C:\Windows\System\qNmNvdh.exe

C:\Windows\System\oOqaeew.exe

C:\Windows\System\oOqaeew.exe

C:\Windows\System\eGMjMjx.exe

C:\Windows\System\eGMjMjx.exe

C:\Windows\System\ogbhjcg.exe

C:\Windows\System\ogbhjcg.exe

C:\Windows\System\vkhqQAb.exe

C:\Windows\System\vkhqQAb.exe

C:\Windows\System\aNqUycu.exe

C:\Windows\System\aNqUycu.exe

C:\Windows\System\QtOFPDN.exe

C:\Windows\System\QtOFPDN.exe

C:\Windows\System\spfjSDP.exe

C:\Windows\System\spfjSDP.exe

C:\Windows\System\UzSTRFB.exe

C:\Windows\System\UzSTRFB.exe

C:\Windows\System\HrqNWFa.exe

C:\Windows\System\HrqNWFa.exe

C:\Windows\System\KOWhOmk.exe

C:\Windows\System\KOWhOmk.exe

C:\Windows\System\QvJGhsN.exe

C:\Windows\System\QvJGhsN.exe

C:\Windows\System\CPIdsxd.exe

C:\Windows\System\CPIdsxd.exe

C:\Windows\System\gvzYGGM.exe

C:\Windows\System\gvzYGGM.exe

C:\Windows\System\JUfQRgY.exe

C:\Windows\System\JUfQRgY.exe

C:\Windows\System\KRfmgRS.exe

C:\Windows\System\KRfmgRS.exe

C:\Windows\System\NQhMdcU.exe

C:\Windows\System\NQhMdcU.exe

C:\Windows\System\HPIhHFN.exe

C:\Windows\System\HPIhHFN.exe

C:\Windows\System\aaiWErI.exe

C:\Windows\System\aaiWErI.exe

C:\Windows\System\WfKioXL.exe

C:\Windows\System\WfKioXL.exe

C:\Windows\System\tatUcbp.exe

C:\Windows\System\tatUcbp.exe

C:\Windows\System\TBuLcfE.exe

C:\Windows\System\TBuLcfE.exe

C:\Windows\System\tBZjHkA.exe

C:\Windows\System\tBZjHkA.exe

C:\Windows\System\BprRRFo.exe

C:\Windows\System\BprRRFo.exe

C:\Windows\System\ZBFuRin.exe

C:\Windows\System\ZBFuRin.exe

C:\Windows\System\PoVHhsr.exe

C:\Windows\System\PoVHhsr.exe

C:\Windows\System\mhWOHjJ.exe

C:\Windows\System\mhWOHjJ.exe

C:\Windows\System\UwZITbx.exe

C:\Windows\System\UwZITbx.exe

C:\Windows\System\jTHscnv.exe

C:\Windows\System\jTHscnv.exe

C:\Windows\System\ojQcfMu.exe

C:\Windows\System\ojQcfMu.exe

C:\Windows\System\CPxbirG.exe

C:\Windows\System\CPxbirG.exe

C:\Windows\System\LRnqSlx.exe

C:\Windows\System\LRnqSlx.exe

C:\Windows\System\QpXbOtW.exe

C:\Windows\System\QpXbOtW.exe

C:\Windows\System\QfJEuXC.exe

C:\Windows\System\QfJEuXC.exe

C:\Windows\System\aiqkVIX.exe

C:\Windows\System\aiqkVIX.exe

C:\Windows\System\ppeHpni.exe

C:\Windows\System\ppeHpni.exe

C:\Windows\System\lEometo.exe

C:\Windows\System\lEometo.exe

C:\Windows\System\rxyirKZ.exe

C:\Windows\System\rxyirKZ.exe

C:\Windows\System\sdonKHP.exe

C:\Windows\System\sdonKHP.exe

C:\Windows\System\hRNVPdo.exe

C:\Windows\System\hRNVPdo.exe

C:\Windows\System\KCdmtTW.exe

C:\Windows\System\KCdmtTW.exe

C:\Windows\System\uQDDDrF.exe

C:\Windows\System\uQDDDrF.exe

C:\Windows\System\bOQaACM.exe

C:\Windows\System\bOQaACM.exe

C:\Windows\System\KnKAVUa.exe

C:\Windows\System\KnKAVUa.exe

C:\Windows\System\APNMMrs.exe

C:\Windows\System\APNMMrs.exe

C:\Windows\System\CVaJgQc.exe

C:\Windows\System\CVaJgQc.exe

C:\Windows\System\fMRIkXa.exe

C:\Windows\System\fMRIkXa.exe

C:\Windows\System\SxRCePj.exe

C:\Windows\System\SxRCePj.exe

C:\Windows\System\GRXBoWh.exe

C:\Windows\System\GRXBoWh.exe

C:\Windows\System\kUrTsRn.exe

C:\Windows\System\kUrTsRn.exe

C:\Windows\System\icqWOXD.exe

C:\Windows\System\icqWOXD.exe

C:\Windows\System\NiuoZlw.exe

C:\Windows\System\NiuoZlw.exe

C:\Windows\System\BXfcBxc.exe

C:\Windows\System\BXfcBxc.exe

C:\Windows\System\VgPREIG.exe

C:\Windows\System\VgPREIG.exe

C:\Windows\System\oACnbTI.exe

C:\Windows\System\oACnbTI.exe

C:\Windows\System\DaDBswG.exe

C:\Windows\System\DaDBswG.exe

C:\Windows\System\vkKUDxN.exe

C:\Windows\System\vkKUDxN.exe

C:\Windows\System\efuGYQu.exe

C:\Windows\System\efuGYQu.exe

C:\Windows\System\mWiBqzf.exe

C:\Windows\System\mWiBqzf.exe

C:\Windows\System\fpCENTJ.exe

C:\Windows\System\fpCENTJ.exe

C:\Windows\System\zynRXvz.exe

C:\Windows\System\zynRXvz.exe

C:\Windows\System\ucqmbNj.exe

C:\Windows\System\ucqmbNj.exe

C:\Windows\System\tqtevXt.exe

C:\Windows\System\tqtevXt.exe

C:\Windows\System\mVYuIcM.exe

C:\Windows\System\mVYuIcM.exe

C:\Windows\System\iiQKzUp.exe

C:\Windows\System\iiQKzUp.exe

C:\Windows\System\BAtWRpV.exe

C:\Windows\System\BAtWRpV.exe

C:\Windows\System\WbYikPw.exe

C:\Windows\System\WbYikPw.exe

C:\Windows\System\oupdHWu.exe

C:\Windows\System\oupdHWu.exe

C:\Windows\System\bZrNbnH.exe

C:\Windows\System\bZrNbnH.exe

C:\Windows\System\sEIxwTb.exe

C:\Windows\System\sEIxwTb.exe

C:\Windows\System\fQpXmKE.exe

C:\Windows\System\fQpXmKE.exe

C:\Windows\System\DeggnQS.exe

C:\Windows\System\DeggnQS.exe

C:\Windows\System\IBTJuuY.exe

C:\Windows\System\IBTJuuY.exe

C:\Windows\System\PDqexrd.exe

C:\Windows\System\PDqexrd.exe

C:\Windows\System\fQXkhon.exe

C:\Windows\System\fQXkhon.exe

C:\Windows\System\yjBgJcz.exe

C:\Windows\System\yjBgJcz.exe

C:\Windows\System\tfzaawl.exe

C:\Windows\System\tfzaawl.exe

C:\Windows\System\YmzlLxf.exe

C:\Windows\System\YmzlLxf.exe

C:\Windows\System\EgHAhgz.exe

C:\Windows\System\EgHAhgz.exe

C:\Windows\System\uFncrZf.exe

C:\Windows\System\uFncrZf.exe

C:\Windows\System\chmQPta.exe

C:\Windows\System\chmQPta.exe

C:\Windows\System\HPmmvaK.exe

C:\Windows\System\HPmmvaK.exe

C:\Windows\System\jpLKzee.exe

C:\Windows\System\jpLKzee.exe

C:\Windows\System\UcGEAOM.exe

C:\Windows\System\UcGEAOM.exe

C:\Windows\System\sVvFQhb.exe

C:\Windows\System\sVvFQhb.exe

C:\Windows\System\ynqiJVJ.exe

C:\Windows\System\ynqiJVJ.exe

C:\Windows\System\JLIMtHh.exe

C:\Windows\System\JLIMtHh.exe

C:\Windows\System\oyNeUyS.exe

C:\Windows\System\oyNeUyS.exe

C:\Windows\System\WeMLHnO.exe

C:\Windows\System\WeMLHnO.exe

C:\Windows\System\ZXwxZxU.exe

C:\Windows\System\ZXwxZxU.exe

C:\Windows\System\VzloOUF.exe

C:\Windows\System\VzloOUF.exe

C:\Windows\System\CKqcZib.exe

C:\Windows\System\CKqcZib.exe

C:\Windows\System\cpZSPgn.exe

C:\Windows\System\cpZSPgn.exe

C:\Windows\System\TmjRpEG.exe

C:\Windows\System\TmjRpEG.exe

C:\Windows\System\qDLfuhB.exe

C:\Windows\System\qDLfuhB.exe

C:\Windows\System\uUvrKIA.exe

C:\Windows\System\uUvrKIA.exe

C:\Windows\System\wtAdihv.exe

C:\Windows\System\wtAdihv.exe

C:\Windows\System\gmPUBwW.exe

C:\Windows\System\gmPUBwW.exe

C:\Windows\System\NqpsqUv.exe

C:\Windows\System\NqpsqUv.exe

C:\Windows\System\WkWGfXq.exe

C:\Windows\System\WkWGfXq.exe

C:\Windows\System\lZLPKFx.exe

C:\Windows\System\lZLPKFx.exe

C:\Windows\System\ZEuWLap.exe

C:\Windows\System\ZEuWLap.exe

C:\Windows\System\NiJBUsi.exe

C:\Windows\System\NiJBUsi.exe

C:\Windows\System\aIFvXYj.exe

C:\Windows\System\aIFvXYj.exe

C:\Windows\System\LtczYCH.exe

C:\Windows\System\LtczYCH.exe

C:\Windows\System\ZgTGflu.exe

C:\Windows\System\ZgTGflu.exe

C:\Windows\System\RtGkFVy.exe

C:\Windows\System\RtGkFVy.exe

C:\Windows\System\DOKzglN.exe

C:\Windows\System\DOKzglN.exe

C:\Windows\System\tprdSIn.exe

C:\Windows\System\tprdSIn.exe

C:\Windows\System\NfWsOzP.exe

C:\Windows\System\NfWsOzP.exe

C:\Windows\System\SjGSxoI.exe

C:\Windows\System\SjGSxoI.exe

C:\Windows\System\OhSOBfi.exe

C:\Windows\System\OhSOBfi.exe

C:\Windows\System\UBvXGrD.exe

C:\Windows\System\UBvXGrD.exe

C:\Windows\System\hBzcstn.exe

C:\Windows\System\hBzcstn.exe

C:\Windows\System\KmWotSN.exe

C:\Windows\System\KmWotSN.exe

C:\Windows\System\IpTyTVs.exe

C:\Windows\System\IpTyTVs.exe

C:\Windows\System\RKFbSEm.exe

C:\Windows\System\RKFbSEm.exe

C:\Windows\System\BCQAIwi.exe

C:\Windows\System\BCQAIwi.exe

C:\Windows\System\ecHcodh.exe

C:\Windows\System\ecHcodh.exe

C:\Windows\System\MZPRSEA.exe

C:\Windows\System\MZPRSEA.exe

C:\Windows\System\efiEyoD.exe

C:\Windows\System\efiEyoD.exe

C:\Windows\System\tfSTtGB.exe

C:\Windows\System\tfSTtGB.exe

C:\Windows\System\ecaSbmV.exe

C:\Windows\System\ecaSbmV.exe

C:\Windows\System\liGETvj.exe

C:\Windows\System\liGETvj.exe

C:\Windows\System\yibXhfX.exe

C:\Windows\System\yibXhfX.exe

C:\Windows\System\fiksBVA.exe

C:\Windows\System\fiksBVA.exe

C:\Windows\System\xWcwgNu.exe

C:\Windows\System\xWcwgNu.exe

C:\Windows\System\cIMUVIU.exe

C:\Windows\System\cIMUVIU.exe

C:\Windows\System\osctAgP.exe

C:\Windows\System\osctAgP.exe

C:\Windows\System\rlGvwlY.exe

C:\Windows\System\rlGvwlY.exe

C:\Windows\System\kGvfVbc.exe

C:\Windows\System\kGvfVbc.exe

C:\Windows\System\ieKYvlc.exe

C:\Windows\System\ieKYvlc.exe

C:\Windows\System\wRXFzjV.exe

C:\Windows\System\wRXFzjV.exe

C:\Windows\System\DDtplFe.exe

C:\Windows\System\DDtplFe.exe

C:\Windows\System\LGABwad.exe

C:\Windows\System\LGABwad.exe

C:\Windows\System\uavOeKM.exe

C:\Windows\System\uavOeKM.exe

C:\Windows\System\FtvagzI.exe

C:\Windows\System\FtvagzI.exe

C:\Windows\System\ODyrSKI.exe

C:\Windows\System\ODyrSKI.exe

C:\Windows\System\zILOHpg.exe

C:\Windows\System\zILOHpg.exe

C:\Windows\System\KZBAAlv.exe

C:\Windows\System\KZBAAlv.exe

C:\Windows\System\JzjbDoM.exe

C:\Windows\System\JzjbDoM.exe

C:\Windows\System\OSzFUsI.exe

C:\Windows\System\OSzFUsI.exe

C:\Windows\System\czREUtq.exe

C:\Windows\System\czREUtq.exe

C:\Windows\System\xIhHviT.exe

C:\Windows\System\xIhHviT.exe

C:\Windows\System\pAxTVpR.exe

C:\Windows\System\pAxTVpR.exe

C:\Windows\System\HWIgSQG.exe

C:\Windows\System\HWIgSQG.exe

C:\Windows\System\yDisvdJ.exe

C:\Windows\System\yDisvdJ.exe

C:\Windows\System\EQVOJgH.exe

C:\Windows\System\EQVOJgH.exe

C:\Windows\System\jYpbORT.exe

C:\Windows\System\jYpbORT.exe

C:\Windows\System\DaoJLDo.exe

C:\Windows\System\DaoJLDo.exe

C:\Windows\System\AGgRaMq.exe

C:\Windows\System\AGgRaMq.exe

C:\Windows\System\kOAbpYc.exe

C:\Windows\System\kOAbpYc.exe

C:\Windows\System\aSCucEP.exe

C:\Windows\System\aSCucEP.exe

C:\Windows\System\EKEJkPd.exe

C:\Windows\System\EKEJkPd.exe

C:\Windows\System\eOOYhNO.exe

C:\Windows\System\eOOYhNO.exe

C:\Windows\System\XnySQle.exe

C:\Windows\System\XnySQle.exe

C:\Windows\System\tLnIsvr.exe

C:\Windows\System\tLnIsvr.exe

C:\Windows\System\LDCETDE.exe

C:\Windows\System\LDCETDE.exe

C:\Windows\System\qbuPMAo.exe

C:\Windows\System\qbuPMAo.exe

C:\Windows\System\oLXjkZC.exe

C:\Windows\System\oLXjkZC.exe

C:\Windows\System\JqUyDAx.exe

C:\Windows\System\JqUyDAx.exe

C:\Windows\System\jlmZCUl.exe

C:\Windows\System\jlmZCUl.exe

C:\Windows\System\GowqSUw.exe

C:\Windows\System\GowqSUw.exe

C:\Windows\System\lRBUlPX.exe

C:\Windows\System\lRBUlPX.exe

C:\Windows\System\SJzxXCB.exe

C:\Windows\System\SJzxXCB.exe

C:\Windows\System\ORIdGWq.exe

C:\Windows\System\ORIdGWq.exe

C:\Windows\System\vCLHVoX.exe

C:\Windows\System\vCLHVoX.exe

C:\Windows\System\MubdAdR.exe

C:\Windows\System\MubdAdR.exe

C:\Windows\System\CeOjwVm.exe

C:\Windows\System\CeOjwVm.exe

C:\Windows\System\lAAldKC.exe

C:\Windows\System\lAAldKC.exe

C:\Windows\System\hCEhVwR.exe

C:\Windows\System\hCEhVwR.exe

C:\Windows\System\yDFAkRl.exe

C:\Windows\System\yDFAkRl.exe

C:\Windows\System\DPietLG.exe

C:\Windows\System\DPietLG.exe

C:\Windows\System\emFpPBo.exe

C:\Windows\System\emFpPBo.exe

C:\Windows\System\hugllXs.exe

C:\Windows\System\hugllXs.exe

C:\Windows\System\RUYDTGr.exe

C:\Windows\System\RUYDTGr.exe

C:\Windows\System\MXRfDLK.exe

C:\Windows\System\MXRfDLK.exe

C:\Windows\System\nepHWXn.exe

C:\Windows\System\nepHWXn.exe

Network

Country Destination Domain Proto
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp

Files

C:\Windows\system\pCROSNL.exe

MD5 aaf1cd4f88e6ad1191812015ce95c536
SHA1 12a935fd61daa520bab3a28b2064e8ec8d36210b
SHA256 3478750fa99d7b93af4349da3d85e7a51aca6d96d55115da89e010f8e5d4928f
SHA512 4e8c6139341e72d81753a5d188daf09000d85283ee746444b55f9ef4da9ca3f433a450170d7f079adc45b2a7d18bccee3798c5b059455369731d847fcab2e504

memory/1740-2-0x000000013F080000-0x000000013F3D4000-memory.dmp

memory/1740-0-0x00000000000F0000-0x0000000000100000-memory.dmp

C:\Windows\system\VfwCQjF.exe

MD5 ecca9effd35902bb6dc3f84727013751
SHA1 12cc605e95427a9c098463cccbd9750891368a92
SHA256 23aca66958b84c64dcf9aa227b53d26970d773dd27d9b297f388a9feb3217060
SHA512 de43612762a56e61716ac7aff1801409266ced3cb07e3d704500b6e8ea63b3f4126432b850decc8c930f198356446c2431fe833b83d65b7b46ce9d1ab5e844e5

C:\Windows\system\oDGAxjG.exe

MD5 7197ff2a0a965ea9b525a77cf3b231e6
SHA1 9f6ec84a1de0c40c56f1df494c4543e032f3ac7a
SHA256 5d597008814615cedd41e3b1fee4ca78230939473e22bb692e973b43cd60feee
SHA512 f676fc7b18a5c2f966fc59dfb5b2606a5bf3df37bfc5783cf1a4c57a01ccda0a910f738103e399f520e942f6ef3dfd4e8e34faa7f498829785eeb980d946a919

\Windows\system\rtxdPTE.exe

MD5 286ec2588cf7a12161eafe7d6d0963ed
SHA1 a12f12e5e410baaf4469112051ca9fe20645a657
SHA256 19de1ddd411caa34572e4c4490b99a3db2687d47a7487011fabc6384c52802d6
SHA512 922a1d119e4ef81772faadb42a6675ad6fae4202577fbd92b7c9c1ce721cfbe6746361eb77989d7ee5ff018e21a7be59800fde5812015b9990d89aec05feb44c

memory/1740-22-0x000000013F5B0000-0x000000013F904000-memory.dmp

C:\Windows\system\QmsGckB.exe

MD5 4174a34d0477948850c15d036b8f351b
SHA1 a77e16a17dbae6f5d62cdbad22db776ec96f12cd
SHA256 502a3a9ca0d201b3ed6463f86c31a452d9af09edb01ef69f24209901f4132af4
SHA512 483123d55ff6a5583fbba8ef319433af0a65b581313004ec45c80e485eccb0245d428c94851f96d6316484a526a356d7479b57668cd6a155dac4aa495c311b02

C:\Windows\system\NdkdnSX.exe

MD5 5492599da53926b98db7fb8c70739596
SHA1 ac47ccc2be6da448dcc3ec92e89784b0a66e434c
SHA256 9ccf8bb3a3753ba10cc3ca4262a0cc2c54f7bc5080cefa6c7499ea2c06c54c62
SHA512 7552d07275b945cb581dce20bfc886e68dc2db8ab509eb6159d60f18d2c82d5fe9efe1a45f45cfbdcf8ad6de7f03b918abbe220831ddcd62539d0ec14dbcac1c

memory/2712-48-0x000000013F2C0000-0x000000013F614000-memory.dmp

memory/1740-62-0x0000000001F60000-0x00000000022B4000-memory.dmp

memory/3048-70-0x000000013FA50000-0x000000013FDA4000-memory.dmp

\Windows\system\ZjDgpRu.exe

MD5 128b0c046c1783de58a2973fb5301da4
SHA1 63268aa5b5388b1b5fa585aedd40e0b3fa5bddb7
SHA256 e20c2fb0ff628821fc7e764d23f2caa4708eaf97d433d78402247f7ff4d2be6e
SHA512 886c92bf6e171ac2e102bd7f65895c8a37348a237c3ccad19b2ebbe177dc4a33d48eea3ca46e738089eaee2601209e026fe51075c78a1dd932c0ac3f47ac497e

memory/2704-86-0x000000013FA40000-0x000000013FD94000-memory.dmp

C:\Windows\system\kPcwdqx.exe

MD5 99909133f31d43b20eed9471252cdb10
SHA1 0335efbd42b4abcf9c570394c638a5fba5c93cb6
SHA256 a7b49a814ab584340f7373b37987308d2c4173f7283ac392f765d394b86a7542
SHA512 7d067a69cfecaac1ede253ddf6bdc905b6760345bddaef8891577079c41ba8d05d5e5416d32d6929d77e083e459e28855869d06a9a269ce5ea11718a78017fdc

C:\Windows\system\MFtqiFn.exe

MD5 d7e0288651fa168b469f55c66e8fea67
SHA1 aea8e501eb7d4a530f09751a89432bbdcbeac0e4
SHA256 b5de199a28895d2647c1aeda95b7a3e8be19b92942153f2109ba7dd8a874c468
SHA512 c06614ad37bd3a208d40b7344a770d27f694beebd6b7d9135c935873a0ba054fcfce71531a8b762f4141b2a72be095450dbdf3b752a82f04043537afb4e728e1

memory/1740-1073-0x0000000001F60000-0x00000000022B4000-memory.dmp

memory/2712-473-0x000000013F2C0000-0x000000013F614000-memory.dmp

C:\Windows\system\iAiTnZP.exe

MD5 b86bc14a9419e83a1e4ed966487d67ba
SHA1 40641bffb6a6dd3ecaf69b2f48e455bce9f9054e
SHA256 ff788cac379f7847cf5353ad3463e536dd0e0a2861fa0a226ea35fa4d36203d1
SHA512 7f49282b870f53c6d81fedfc434e72008a69d66b92673801f2fbb70c75bf756f81ee0d5c4176d8d38046fd9a5e7c48f51e6a93af9bbbd3c174f1b64f378a59b1

C:\Windows\system\rzVbhyt.exe

MD5 9fa589146f5220efed82942200244b4c
SHA1 e5c4cbc790a1113869b07ea148d6bc4f09ca1cdd
SHA256 b5f16620eef58dcdec93af2ed0db12a475156f9c297273cc4868bf64c6846037
SHA512 7cd2d3c9c0861a29ce64bedbfc0cc9b1628310c13ca3e22d07a7a1f863c51b1437340c8f4d85c1e0f7d0bc4c1bc95147f11e575a5575a4fff973e8607ef32da1

C:\Windows\system\LMhLqhC.exe

MD5 4458b965e7d419270eae6e7835ecdcd7
SHA1 ef6232464f3b78ec880468ef0002fe364f8f3e73
SHA256 84449e9295f9f7ca1b5c7cefb17dabece2e3dcdda6019dbfc0ca276254f1362b
SHA512 7cd7a26c9ac69b48dfb9517c1b71d7bc8d735a29791ea5740dbe646d918521fe9539150eb7f5af795f300af14a8b668d2010f9b6d5bdd5624d29cafab1e68fec

C:\Windows\system\xtTGuLw.exe

MD5 9193f677867b385c30c5712b7889b3b8
SHA1 f312b39d732218f415b935c25e2203836a0ed2b6
SHA256 7c16dc629c8e3e93aa6038c1ddc50b4402c027e80237bc5a45c3aad1add1584f
SHA512 22f07e71f00f542c3f3fe804cf6c69c51d11d76c3bbef48a0e805358fa9b64a0f6b8e7648921c936610fe04af7071e63c060b8c0503e2abc0a7826a36cf586be

C:\Windows\system\ROgBOuV.exe

MD5 1a84c906c37e0c94ab4fb5b20cd6d129
SHA1 a229717661c5eabf94ec51771aeb6980a33a3784
SHA256 e8cfa9df946b461675c0d742208e1e937c9df286b62b08155657540fd3d0e099
SHA512 b0842af67a996dc06b4ea6c04caffb97e5f636f00aa75c1c12cf0353f06781bb73b4445e5e5c580119795b9444f3b1784377ca44e0abb58f0b0e8f8b088a62db

C:\Windows\system\SieiPXJ.exe

MD5 0b0d97790c9b2010ff68f43703497d1d
SHA1 5a6bc9a5ca0091c7d99686acd0335433b56900bf
SHA256 953f8685390938073cf553ff4f1057c25e7734e9d13326cd1be13fd3dd15a16e
SHA512 e4ee10675837a35440cc5bd11569d63dd0576ca0c238f9625461ded57ba333b25304bfd54d19fee938dcb426ec4477c3261d33270078bd1841b9d5c2b73fdec5

C:\Windows\system\WaMaeAC.exe

MD5 92f6ad878e78dfcc9b1a0794b4de3f3d
SHA1 4889a439df4245d6bb0c2fb13da3feb1648ef2f3
SHA256 9705063bb9a81e83477dbdcb8cc1480dedf3f0751d7f7273aedcca7d13d69360
SHA512 f0ef95436b5a39de22d15e2e963fe838efa07edd6c0d04f0b433a0df04e018237aeaf9dbb5da6ccee22100ba3935d37c94df852748f35b6d03840ce62fdd2806

C:\Windows\system\OmvScKH.exe

MD5 fca5fd510923512704754206c6db6098
SHA1 278f2715b5d9601158c1a9ed61a2f86e1cbd51c1
SHA256 2703c0ae4d1ad3f9148b365a368d285b9695036213bb42f6a8e620fe4da68f7b
SHA512 77481d063fa84bd27366ab73bb06f604b1201cf4350d1f4b15937cc24854bc9c564d613cd134170e610929df01220d3294a8c019e7beca8c7333d1ae97fc6e19

C:\Windows\system\gRGKvSK.exe

MD5 8e658ad1077ac5ec981d6179c40ca4e0
SHA1 29f52683aa9cb2d4a1d7ad93901f581495f1c1a0
SHA256 a6bc6792fb24995b252a6f544a65c319b9efa81a8eec88bf3ffe7086a867d34c
SHA512 5857e3d285bad014d85f71eaa182ab850be68848c9aab38fe1a18d7c7b97b10d65d56e6cc3ac2257d1dcc48d898e5240d3e486b78efbbb4f29894e1be7e033bc

C:\Windows\system\ItxTuwU.exe

MD5 c86693f235320e6742348b8dc0909a1d
SHA1 ea708482022ef4924dd5429ace1a658f42b3bda2
SHA256 82092d19c3da7008468dde8d234098639e7abf81d0292b1c3fa9272daac5bcae
SHA512 eca66b3eac36a6224df211cd1610589df837cef30027aec185094f06fc80ac4eb65ee5945131cf38fdf8034db892ceb708eb6ec8d738e273ed9e9bb12556b98f

C:\Windows\system\OFwoHmW.exe

MD5 131db2573b786b0f72b979697582ed8c
SHA1 9d1f7e250cd0daf0d83e6d4186fe9be73eeeeea1
SHA256 c5522a2f9998ac2336e60318bedaf2efcb93003d1ae522b167803827dbb6c7e4
SHA512 10e93631bcb7b7fdaa4ac2116391ecb0aca368b7ccbf71f8fcdf3df5429904e29842b8858043405f62fb714011493ccdc26958004b1313c17b64889848e6d0e3

C:\Windows\system\FGWzoaV.exe

MD5 3f00b88dec597289d4dbf8aadf0a9435
SHA1 790be36c378e18bbb709d34c9a787ce598765977
SHA256 54fd38c923b6880579460ae69d77b179bcbcfb16f28cbf584c2815b7a4220281
SHA512 57c32e13ba0be51e1ba0da2fe757bd2c2dad0a91091ce2b01ffc748281eb55eb8adb2288f46fab15a2a53f848c80cfbe54b94b6a69cb49001b897c0042b83ee9

C:\Windows\system\nnnSipm.exe

MD5 ab08f5f74f8fb1c44a20635a27c13e26
SHA1 26ca13849ed5212f2ff263648b927a6c7d5da68c
SHA256 51e046f11f1dac5c64d18e06ea37da8b66e63d61915dc6f750b7fbc8f959cd74
SHA512 7579dc6fed51f60e5bb131a2cf7e8bfc3b133311bbb4f718dc4a26968022124d8efed1f2e42a40b13d59d320048e68657fb0e4fe7fa7d834b1a4fad305bf030f

\Windows\system\egfvSFK.exe

MD5 bb31dd5fee659c557875694a117bd4ba
SHA1 bf5efd0e9a4aa9980f4b61ff43e1da455b2e8c0e
SHA256 7c81b838d1cc7fa37b56ab07f3316f04c97dc230b27f25852d0e8d9c7da16dfc
SHA512 5fbfc3cf149f4645d9fb6026ddb818b657cb8d3787e1a97fb51b1350d1433bb83d8fe2fe559563ab22d50ef9ad2a43732067c454a3382d8d781203f0970941b0

C:\Windows\system\yEMQpXm.exe

MD5 1e9c0f89d4d4fbf597a4f53d60c2f99c
SHA1 9aaf6f2ee087c01662cbb625edeb478ec0ea0697
SHA256 6529c5e2213b32c5380182055331fca7ac9320e475167b925a673023a08c36f6
SHA512 ffba91af22c7ab5989649f07ef0aa064c3880de2553c67f67c8213c6536855920cf4c1c2616cf30124010d1d5ead507fa7309867f3838858ecbb50d1944ae6d6

memory/2724-112-0x000000013FE50000-0x00000001401A4000-memory.dmp

memory/2684-111-0x000000013FEB0000-0x0000000140204000-memory.dmp

memory/1740-96-0x000000013F970000-0x000000013FCC4000-memory.dmp

\Windows\system\cYUqgzz.exe

MD5 6d504d77dc45e3590e042d5fd7c35251
SHA1 346e6bde21d9cf7ce387e060d1acaa2888657eec
SHA256 54ef53968cff6f366069d632bc412fa1d5c12454f9a9a5e69b3aedcc58fc29f3
SHA512 9a89554be0d1a17e5027815aa5ae56aa46dd109d601e412dc9927262bf45877635aa8bb1d7d13c8ca3b561a26466df4509da7b9cf4104fd4624b72813a569162

C:\Windows\system\neDlnvJ.exe

MD5 a8972d7ddd495e4ae924342ef530427d
SHA1 c370ed2da1098cd591932e302c0e0bcc2706d286
SHA256 9cb283555ff3ef7d3d967bdff9851422b3f9dca78d861895ef3a503f51222f4e
SHA512 a79287adecdfee6e5020a8b54f4bfd5cbc355ced35872852b77ac11ac58c7f6dea4277039827fe8c1527a258437cb44049f8b1900d62f005f4088c98d77c71f5

memory/1740-100-0x000000013FE50000-0x00000001401A4000-memory.dmp

memory/1740-99-0x0000000001F60000-0x00000000022B4000-memory.dmp

memory/820-98-0x000000013F970000-0x000000013FCC4000-memory.dmp

memory/1740-83-0x000000013FA40000-0x000000013FD94000-memory.dmp

memory/2504-82-0x000000013FD00000-0x0000000140054000-memory.dmp

memory/1740-81-0x000000013FD00000-0x0000000140054000-memory.dmp

memory/2660-92-0x000000013FBA0000-0x000000013FEF4000-memory.dmp

C:\Windows\system\wMMPoAV.exe

MD5 4e5ea175b9b93d63ff2e69e6b4fff6fc
SHA1 f7004768355f0ab43c5fbe1cc02f234ae84fcb67
SHA256 c8e023784c72e760dcc7103192e1e2f0e13f19648d232179d7c3af9396444075
SHA512 f0fbef6a4e346676182d9972d937fdbccf63c6109bd9568fc1581e0842191a8bac2ebe3f69b19a279fc0aa003418f7a42ada9c023d9d1afd436c541e69de9056

memory/2212-71-0x000000013F1E0000-0x000000013F534000-memory.dmp

C:\Windows\system\YgoeCHY.exe

MD5 7f833392418fc26086e3a633ccc8d204
SHA1 ecddcd77a534767b8aff734e6952d73a6ba2351e
SHA256 dac2fd12f9f59cbcc22724da0a1c8dc89c74044f85bcf5b29bb90d07581a2114
SHA512 9f5688e60b8a6cf0991b5671989fc80613a776e410ca204e580ef9768adcf26660328a56fa09d743311eb5e11fa17cc7e76af5acfa57b3b10fce06390d3b66b0

C:\Windows\system\oPwpUmM.exe

MD5 a515b7eb370b21df3488eb7df043a8c2
SHA1 82e73c7e9be9d2e8a0cd886d1b480f6b7880dce3
SHA256 40079359c906461821b401556f12aa65b65edbb53956be647f89fb7090e7692f
SHA512 7c70c4fca365f0669aec9c5092f82d985a66e94d8abf759ed4e2960bafdba3485917eecf2dc42d1f63535e1d5d0b10cb35e12202314a3cdc45875b6e5b74c6bf

memory/1740-67-0x000000013F080000-0x000000013F3D4000-memory.dmp

memory/2468-66-0x000000013F3B0000-0x000000013F704000-memory.dmp

memory/2592-56-0x000000013F460000-0x000000013F7B4000-memory.dmp

C:\Windows\system\OSqrHdg.exe

MD5 5f50c28cf2f786e00dae5f93837db173
SHA1 36291af7f5e614cd554f01108f7fac9dc85382aa
SHA256 a3ec79cab975ace9c4bd30da56d5a11c7c4b0caa5f05950329c766103e81f7c7
SHA512 c8d13c7a2d4c0f4b9df0a0bbcc5d0b1c94b535457b36c840f079ae3cd0c747182d4d2cd4d625ca0dccdb7e268da5435d966512b16df7aa9ad460f8e84a4ea90f

memory/1740-55-0x000000013F460000-0x000000013F7B4000-memory.dmp

C:\Windows\system\kfcJQKW.exe

MD5 babfd79d50cdd370d102756e87e09c54
SHA1 c8c5dce703d3dfda8835ef1523a9f860ace2ec34
SHA256 e4357c108c3b9473a9a18d67b397d8b7c7157f0c12f0a1831f2d854c199411c8
SHA512 664a0e4a90de0afcc6738a919d3752ef37d0501f308d447d4bee8d66976aa7080d6bcdcf7647d46c7227139c94163cf1a3fa54f351a4cd421cbe5e8f02c0fff1

memory/1740-47-0x0000000001F60000-0x00000000022B4000-memory.dmp

memory/2684-42-0x000000013FEB0000-0x0000000140204000-memory.dmp

memory/2140-41-0x000000013F060000-0x000000013F3B4000-memory.dmp

C:\Windows\system\xPeycXO.exe

MD5 de4a3cd2962bc583606daf27812b3575
SHA1 5929ea32b0f1b49ca10c71f81dad685d421eaafc
SHA256 2074a9c67265d7b3289c4057b354758de00cc20885753ffbabf8d0775401ba0f
SHA512 6243d51aa0da96a2dca1e772f31ee0517f971e53e2ca6394b20c48e5a10382ef80337d9ce69bff0e5b634074a7616eb9a8f57ed714bfc1c7f228f1ed4b792359

memory/1740-37-0x000000013FEB0000-0x0000000140204000-memory.dmp

memory/2660-36-0x000000013FBA0000-0x000000013FEF4000-memory.dmp

memory/1740-34-0x000000013FBA0000-0x000000013FEF4000-memory.dmp

memory/2792-24-0x000000013FC60000-0x000000013FFB4000-memory.dmp

memory/1740-21-0x000000013FC60000-0x000000013FFB4000-memory.dmp

memory/3048-18-0x000000013FA50000-0x000000013FDA4000-memory.dmp

memory/1740-17-0x000000013FA50000-0x000000013FDA4000-memory.dmp

memory/2012-16-0x000000013F5B0000-0x000000013F904000-memory.dmp

memory/1740-1074-0x0000000001F60000-0x00000000022B4000-memory.dmp

memory/2212-1075-0x000000013F1E0000-0x000000013F534000-memory.dmp

memory/1740-1076-0x000000013FD00000-0x0000000140054000-memory.dmp

memory/1740-1077-0x000000013F970000-0x000000013FCC4000-memory.dmp

memory/1740-1078-0x0000000001F60000-0x00000000022B4000-memory.dmp

memory/2012-1079-0x000000013F5B0000-0x000000013F904000-memory.dmp

memory/2792-1080-0x000000013FC60000-0x000000013FFB4000-memory.dmp

memory/3048-1081-0x000000013FA50000-0x000000013FDA4000-memory.dmp

memory/2660-1082-0x000000013FBA0000-0x000000013FEF4000-memory.dmp

memory/2140-1083-0x000000013F060000-0x000000013F3B4000-memory.dmp

memory/2592-1084-0x000000013F460000-0x000000013F7B4000-memory.dmp

memory/2712-1085-0x000000013F2C0000-0x000000013F614000-memory.dmp

memory/2468-1086-0x000000013F3B0000-0x000000013F704000-memory.dmp

memory/2684-1087-0x000000013FEB0000-0x0000000140204000-memory.dmp

memory/2504-1088-0x000000013FD00000-0x0000000140054000-memory.dmp

memory/2212-1089-0x000000013F1E0000-0x000000013F534000-memory.dmp

memory/2704-1090-0x000000013FA40000-0x000000013FD94000-memory.dmp

memory/820-1091-0x000000013F970000-0x000000013FCC4000-memory.dmp

memory/2724-1092-0x000000013FE50000-0x00000001401A4000-memory.dmp