Malware Analysis Report

2024-10-10 08:49

Sample ID 240605-abkgmsfg91
Target 1abd62ff92b9c50bf56d4aed85579370_NeikiAnalytics.exe
SHA256 479989f074f96fd7720645349b808a79c903769ceb8e1d8f75d3052fd3a9e9e3
Tags
miner upx kpot xmrig stealer trojan
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

479989f074f96fd7720645349b808a79c903769ceb8e1d8f75d3052fd3a9e9e3

Threat Level: Known bad

The file 1abd62ff92b9c50bf56d4aed85579370_NeikiAnalytics.exe was found to be: Known bad.

Malicious Activity Summary

miner upx kpot xmrig stealer trojan

Xmrig family

xmrig

KPOT Core Executable

Kpot family

XMRig Miner payload

KPOT

XMRig Miner payload

Loads dropped DLL

UPX packed file

Executes dropped EXE

Drops file in Windows directory

Unsigned PE

Suspicious use of AdjustPrivilegeToken

Suspicious use of WriteProcessMemory

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-05 00:02

Signatures

KPOT Core Executable

Description Indicator Process Target
N/A N/A N/A N/A

Kpot family

kpot

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A

Xmrig family

xmrig

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-05 00:02

Reported

2024-06-05 00:04

Platform

win7-20240419-en

Max time kernel

144s

Max time network

148s

Command Line

"C:\Users\Admin\AppData\Local\Temp\1abd62ff92b9c50bf56d4aed85579370_NeikiAnalytics.exe"

Signatures

KPOT

trojan stealer kpot

KPOT Core Executable

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

xmrig

miner xmrig

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Windows\System\VibkfDn.exe N/A
N/A N/A C:\Windows\System\GmLBvQq.exe N/A
N/A N/A C:\Windows\System\SoqnEXw.exe N/A
N/A N/A C:\Windows\System\fISTwJk.exe N/A
N/A N/A C:\Windows\System\rEcRSES.exe N/A
N/A N/A C:\Windows\System\fQqMXcp.exe N/A
N/A N/A C:\Windows\System\fNKwryb.exe N/A
N/A N/A C:\Windows\System\HwRDoJT.exe N/A
N/A N/A C:\Windows\System\BkHMIqU.exe N/A
N/A N/A C:\Windows\System\xMCARTp.exe N/A
N/A N/A C:\Windows\System\WqXspAK.exe N/A
N/A N/A C:\Windows\System\YxKkMaf.exe N/A
N/A N/A C:\Windows\System\knYbqPP.exe N/A
N/A N/A C:\Windows\System\ZPssSTW.exe N/A
N/A N/A C:\Windows\System\pEuIZBW.exe N/A
N/A N/A C:\Windows\System\ucKghPA.exe N/A
N/A N/A C:\Windows\System\AouCxoJ.exe N/A
N/A N/A C:\Windows\System\NmajDdd.exe N/A
N/A N/A C:\Windows\System\HzBPQdS.exe N/A
N/A N/A C:\Windows\System\jaMpqay.exe N/A
N/A N/A C:\Windows\System\KgfpCsU.exe N/A
N/A N/A C:\Windows\System\esppjay.exe N/A
N/A N/A C:\Windows\System\aChBCgY.exe N/A
N/A N/A C:\Windows\System\iuEINLS.exe N/A
N/A N/A C:\Windows\System\hvJfgmu.exe N/A
N/A N/A C:\Windows\System\EaWFTFb.exe N/A
N/A N/A C:\Windows\System\YbyheWT.exe N/A
N/A N/A C:\Windows\System\EUdNwTR.exe N/A
N/A N/A C:\Windows\System\Rjhgxye.exe N/A
N/A N/A C:\Windows\System\kvDiqrh.exe N/A
N/A N/A C:\Windows\System\FjhbDfu.exe N/A
N/A N/A C:\Windows\System\tGrnqtd.exe N/A
N/A N/A C:\Windows\System\nEELAIV.exe N/A
N/A N/A C:\Windows\System\NQkVBMS.exe N/A
N/A N/A C:\Windows\System\fsvzxRA.exe N/A
N/A N/A C:\Windows\System\IzCCRXm.exe N/A
N/A N/A C:\Windows\System\CxwUnKN.exe N/A
N/A N/A C:\Windows\System\zvFuNSd.exe N/A
N/A N/A C:\Windows\System\CGooJbi.exe N/A
N/A N/A C:\Windows\System\ZlvwfTp.exe N/A
N/A N/A C:\Windows\System\rpTKMZU.exe N/A
N/A N/A C:\Windows\System\ouuyhRz.exe N/A
N/A N/A C:\Windows\System\LIMyUDn.exe N/A
N/A N/A C:\Windows\System\BIXUqGi.exe N/A
N/A N/A C:\Windows\System\DVUTzQj.exe N/A
N/A N/A C:\Windows\System\vpvHgqp.exe N/A
N/A N/A C:\Windows\System\XJVZlcB.exe N/A
N/A N/A C:\Windows\System\IVFHsor.exe N/A
N/A N/A C:\Windows\System\qTxXrIX.exe N/A
N/A N/A C:\Windows\System\gUwSgUZ.exe N/A
N/A N/A C:\Windows\System\MVjOcfs.exe N/A
N/A N/A C:\Windows\System\qDGmCQM.exe N/A
N/A N/A C:\Windows\System\XfkqHKD.exe N/A
N/A N/A C:\Windows\System\cwjcMvf.exe N/A
N/A N/A C:\Windows\System\QHZKQml.exe N/A
N/A N/A C:\Windows\System\PZPURTx.exe N/A
N/A N/A C:\Windows\System\ygKWhxE.exe N/A
N/A N/A C:\Windows\System\cvJjwrh.exe N/A
N/A N/A C:\Windows\System\QOlorVr.exe N/A
N/A N/A C:\Windows\System\EmmoHgy.exe N/A
N/A N/A C:\Windows\System\HOUlDRR.exe N/A
N/A N/A C:\Windows\System\dcfAucB.exe N/A
N/A N/A C:\Windows\System\RnaCBJf.exe N/A
N/A N/A C:\Windows\System\YMJgIKa.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\1abd62ff92b9c50bf56d4aed85579370_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1abd62ff92b9c50bf56d4aed85579370_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1abd62ff92b9c50bf56d4aed85579370_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1abd62ff92b9c50bf56d4aed85579370_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1abd62ff92b9c50bf56d4aed85579370_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1abd62ff92b9c50bf56d4aed85579370_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1abd62ff92b9c50bf56d4aed85579370_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1abd62ff92b9c50bf56d4aed85579370_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1abd62ff92b9c50bf56d4aed85579370_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1abd62ff92b9c50bf56d4aed85579370_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1abd62ff92b9c50bf56d4aed85579370_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1abd62ff92b9c50bf56d4aed85579370_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1abd62ff92b9c50bf56d4aed85579370_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1abd62ff92b9c50bf56d4aed85579370_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1abd62ff92b9c50bf56d4aed85579370_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1abd62ff92b9c50bf56d4aed85579370_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1abd62ff92b9c50bf56d4aed85579370_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1abd62ff92b9c50bf56d4aed85579370_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1abd62ff92b9c50bf56d4aed85579370_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1abd62ff92b9c50bf56d4aed85579370_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1abd62ff92b9c50bf56d4aed85579370_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1abd62ff92b9c50bf56d4aed85579370_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1abd62ff92b9c50bf56d4aed85579370_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1abd62ff92b9c50bf56d4aed85579370_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1abd62ff92b9c50bf56d4aed85579370_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1abd62ff92b9c50bf56d4aed85579370_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1abd62ff92b9c50bf56d4aed85579370_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1abd62ff92b9c50bf56d4aed85579370_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1abd62ff92b9c50bf56d4aed85579370_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1abd62ff92b9c50bf56d4aed85579370_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1abd62ff92b9c50bf56d4aed85579370_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1abd62ff92b9c50bf56d4aed85579370_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1abd62ff92b9c50bf56d4aed85579370_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1abd62ff92b9c50bf56d4aed85579370_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1abd62ff92b9c50bf56d4aed85579370_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1abd62ff92b9c50bf56d4aed85579370_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1abd62ff92b9c50bf56d4aed85579370_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1abd62ff92b9c50bf56d4aed85579370_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1abd62ff92b9c50bf56d4aed85579370_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1abd62ff92b9c50bf56d4aed85579370_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1abd62ff92b9c50bf56d4aed85579370_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1abd62ff92b9c50bf56d4aed85579370_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1abd62ff92b9c50bf56d4aed85579370_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1abd62ff92b9c50bf56d4aed85579370_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1abd62ff92b9c50bf56d4aed85579370_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1abd62ff92b9c50bf56d4aed85579370_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1abd62ff92b9c50bf56d4aed85579370_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1abd62ff92b9c50bf56d4aed85579370_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1abd62ff92b9c50bf56d4aed85579370_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1abd62ff92b9c50bf56d4aed85579370_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1abd62ff92b9c50bf56d4aed85579370_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1abd62ff92b9c50bf56d4aed85579370_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1abd62ff92b9c50bf56d4aed85579370_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1abd62ff92b9c50bf56d4aed85579370_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1abd62ff92b9c50bf56d4aed85579370_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1abd62ff92b9c50bf56d4aed85579370_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1abd62ff92b9c50bf56d4aed85579370_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1abd62ff92b9c50bf56d4aed85579370_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1abd62ff92b9c50bf56d4aed85579370_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1abd62ff92b9c50bf56d4aed85579370_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1abd62ff92b9c50bf56d4aed85579370_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1abd62ff92b9c50bf56d4aed85579370_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1abd62ff92b9c50bf56d4aed85579370_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1abd62ff92b9c50bf56d4aed85579370_NeikiAnalytics.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\System\AouCxoJ.exe C:\Users\Admin\AppData\Local\Temp\1abd62ff92b9c50bf56d4aed85579370_NeikiAnalytics.exe N/A
File created C:\Windows\System\nEELAIV.exe C:\Users\Admin\AppData\Local\Temp\1abd62ff92b9c50bf56d4aed85579370_NeikiAnalytics.exe N/A
File created C:\Windows\System\CxwUnKN.exe C:\Users\Admin\AppData\Local\Temp\1abd62ff92b9c50bf56d4aed85579370_NeikiAnalytics.exe N/A
File created C:\Windows\System\HbfTSqs.exe C:\Users\Admin\AppData\Local\Temp\1abd62ff92b9c50bf56d4aed85579370_NeikiAnalytics.exe N/A
File created C:\Windows\System\bYnmvJA.exe C:\Users\Admin\AppData\Local\Temp\1abd62ff92b9c50bf56d4aed85579370_NeikiAnalytics.exe N/A
File created C:\Windows\System\SyYsVdG.exe C:\Users\Admin\AppData\Local\Temp\1abd62ff92b9c50bf56d4aed85579370_NeikiAnalytics.exe N/A
File created C:\Windows\System\nXWexrQ.exe C:\Users\Admin\AppData\Local\Temp\1abd62ff92b9c50bf56d4aed85579370_NeikiAnalytics.exe N/A
File created C:\Windows\System\SoqnEXw.exe C:\Users\Admin\AppData\Local\Temp\1abd62ff92b9c50bf56d4aed85579370_NeikiAnalytics.exe N/A
File created C:\Windows\System\XfkqHKD.exe C:\Users\Admin\AppData\Local\Temp\1abd62ff92b9c50bf56d4aed85579370_NeikiAnalytics.exe N/A
File created C:\Windows\System\qGacWgU.exe C:\Users\Admin\AppData\Local\Temp\1abd62ff92b9c50bf56d4aed85579370_NeikiAnalytics.exe N/A
File created C:\Windows\System\tFCmfCF.exe C:\Users\Admin\AppData\Local\Temp\1abd62ff92b9c50bf56d4aed85579370_NeikiAnalytics.exe N/A
File created C:\Windows\System\VjBNSwu.exe C:\Users\Admin\AppData\Local\Temp\1abd62ff92b9c50bf56d4aed85579370_NeikiAnalytics.exe N/A
File created C:\Windows\System\hMutUux.exe C:\Users\Admin\AppData\Local\Temp\1abd62ff92b9c50bf56d4aed85579370_NeikiAnalytics.exe N/A
File created C:\Windows\System\dAjcePF.exe C:\Users\Admin\AppData\Local\Temp\1abd62ff92b9c50bf56d4aed85579370_NeikiAnalytics.exe N/A
File created C:\Windows\System\YaYMjsm.exe C:\Users\Admin\AppData\Local\Temp\1abd62ff92b9c50bf56d4aed85579370_NeikiAnalytics.exe N/A
File created C:\Windows\System\xVGEfuE.exe C:\Users\Admin\AppData\Local\Temp\1abd62ff92b9c50bf56d4aed85579370_NeikiAnalytics.exe N/A
File created C:\Windows\System\XJVZlcB.exe C:\Users\Admin\AppData\Local\Temp\1abd62ff92b9c50bf56d4aed85579370_NeikiAnalytics.exe N/A
File created C:\Windows\System\EdBVyqV.exe C:\Users\Admin\AppData\Local\Temp\1abd62ff92b9c50bf56d4aed85579370_NeikiAnalytics.exe N/A
File created C:\Windows\System\EmmoHgy.exe C:\Users\Admin\AppData\Local\Temp\1abd62ff92b9c50bf56d4aed85579370_NeikiAnalytics.exe N/A
File created C:\Windows\System\vPMNoWS.exe C:\Users\Admin\AppData\Local\Temp\1abd62ff92b9c50bf56d4aed85579370_NeikiAnalytics.exe N/A
File created C:\Windows\System\WWqGvhQ.exe C:\Users\Admin\AppData\Local\Temp\1abd62ff92b9c50bf56d4aed85579370_NeikiAnalytics.exe N/A
File created C:\Windows\System\RUzqDMj.exe C:\Users\Admin\AppData\Local\Temp\1abd62ff92b9c50bf56d4aed85579370_NeikiAnalytics.exe N/A
File created C:\Windows\System\jZxiRBv.exe C:\Users\Admin\AppData\Local\Temp\1abd62ff92b9c50bf56d4aed85579370_NeikiAnalytics.exe N/A
File created C:\Windows\System\HzBPQdS.exe C:\Users\Admin\AppData\Local\Temp\1abd62ff92b9c50bf56d4aed85579370_NeikiAnalytics.exe N/A
File created C:\Windows\System\DZtRNQx.exe C:\Users\Admin\AppData\Local\Temp\1abd62ff92b9c50bf56d4aed85579370_NeikiAnalytics.exe N/A
File created C:\Windows\System\EOmItTB.exe C:\Users\Admin\AppData\Local\Temp\1abd62ff92b9c50bf56d4aed85579370_NeikiAnalytics.exe N/A
File created C:\Windows\System\QVMmhZP.exe C:\Users\Admin\AppData\Local\Temp\1abd62ff92b9c50bf56d4aed85579370_NeikiAnalytics.exe N/A
File created C:\Windows\System\nIcgaHN.exe C:\Users\Admin\AppData\Local\Temp\1abd62ff92b9c50bf56d4aed85579370_NeikiAnalytics.exe N/A
File created C:\Windows\System\DvrfUhF.exe C:\Users\Admin\AppData\Local\Temp\1abd62ff92b9c50bf56d4aed85579370_NeikiAnalytics.exe N/A
File created C:\Windows\System\shLImOP.exe C:\Users\Admin\AppData\Local\Temp\1abd62ff92b9c50bf56d4aed85579370_NeikiAnalytics.exe N/A
File created C:\Windows\System\eYwmAmr.exe C:\Users\Admin\AppData\Local\Temp\1abd62ff92b9c50bf56d4aed85579370_NeikiAnalytics.exe N/A
File created C:\Windows\System\InNHETd.exe C:\Users\Admin\AppData\Local\Temp\1abd62ff92b9c50bf56d4aed85579370_NeikiAnalytics.exe N/A
File created C:\Windows\System\ZPssSTW.exe C:\Users\Admin\AppData\Local\Temp\1abd62ff92b9c50bf56d4aed85579370_NeikiAnalytics.exe N/A
File created C:\Windows\System\MnsBJzs.exe C:\Users\Admin\AppData\Local\Temp\1abd62ff92b9c50bf56d4aed85579370_NeikiAnalytics.exe N/A
File created C:\Windows\System\rsqUAov.exe C:\Users\Admin\AppData\Local\Temp\1abd62ff92b9c50bf56d4aed85579370_NeikiAnalytics.exe N/A
File created C:\Windows\System\gJkTZSJ.exe C:\Users\Admin\AppData\Local\Temp\1abd62ff92b9c50bf56d4aed85579370_NeikiAnalytics.exe N/A
File created C:\Windows\System\LnXmTQw.exe C:\Users\Admin\AppData\Local\Temp\1abd62ff92b9c50bf56d4aed85579370_NeikiAnalytics.exe N/A
File created C:\Windows\System\lfRzfIR.exe C:\Users\Admin\AppData\Local\Temp\1abd62ff92b9c50bf56d4aed85579370_NeikiAnalytics.exe N/A
File created C:\Windows\System\GCStxYV.exe C:\Users\Admin\AppData\Local\Temp\1abd62ff92b9c50bf56d4aed85579370_NeikiAnalytics.exe N/A
File created C:\Windows\System\sYxHrWC.exe C:\Users\Admin\AppData\Local\Temp\1abd62ff92b9c50bf56d4aed85579370_NeikiAnalytics.exe N/A
File created C:\Windows\System\UdfEIth.exe C:\Users\Admin\AppData\Local\Temp\1abd62ff92b9c50bf56d4aed85579370_NeikiAnalytics.exe N/A
File created C:\Windows\System\BIXUqGi.exe C:\Users\Admin\AppData\Local\Temp\1abd62ff92b9c50bf56d4aed85579370_NeikiAnalytics.exe N/A
File created C:\Windows\System\sPwMkHz.exe C:\Users\Admin\AppData\Local\Temp\1abd62ff92b9c50bf56d4aed85579370_NeikiAnalytics.exe N/A
File created C:\Windows\System\VMAcSUO.exe C:\Users\Admin\AppData\Local\Temp\1abd62ff92b9c50bf56d4aed85579370_NeikiAnalytics.exe N/A
File created C:\Windows\System\PZPURTx.exe C:\Users\Admin\AppData\Local\Temp\1abd62ff92b9c50bf56d4aed85579370_NeikiAnalytics.exe N/A
File created C:\Windows\System\JgYuiEL.exe C:\Users\Admin\AppData\Local\Temp\1abd62ff92b9c50bf56d4aed85579370_NeikiAnalytics.exe N/A
File created C:\Windows\System\WDSqDsx.exe C:\Users\Admin\AppData\Local\Temp\1abd62ff92b9c50bf56d4aed85579370_NeikiAnalytics.exe N/A
File created C:\Windows\System\hrpEZav.exe C:\Users\Admin\AppData\Local\Temp\1abd62ff92b9c50bf56d4aed85579370_NeikiAnalytics.exe N/A
File created C:\Windows\System\RWFiWgH.exe C:\Users\Admin\AppData\Local\Temp\1abd62ff92b9c50bf56d4aed85579370_NeikiAnalytics.exe N/A
File created C:\Windows\System\jaMpqay.exe C:\Users\Admin\AppData\Local\Temp\1abd62ff92b9c50bf56d4aed85579370_NeikiAnalytics.exe N/A
File created C:\Windows\System\qTxXrIX.exe C:\Users\Admin\AppData\Local\Temp\1abd62ff92b9c50bf56d4aed85579370_NeikiAnalytics.exe N/A
File created C:\Windows\System\eZPStGT.exe C:\Users\Admin\AppData\Local\Temp\1abd62ff92b9c50bf56d4aed85579370_NeikiAnalytics.exe N/A
File created C:\Windows\System\LDgbTCF.exe C:\Users\Admin\AppData\Local\Temp\1abd62ff92b9c50bf56d4aed85579370_NeikiAnalytics.exe N/A
File created C:\Windows\System\xduWHbz.exe C:\Users\Admin\AppData\Local\Temp\1abd62ff92b9c50bf56d4aed85579370_NeikiAnalytics.exe N/A
File created C:\Windows\System\gsLFRlY.exe C:\Users\Admin\AppData\Local\Temp\1abd62ff92b9c50bf56d4aed85579370_NeikiAnalytics.exe N/A
File created C:\Windows\System\rWkMHNQ.exe C:\Users\Admin\AppData\Local\Temp\1abd62ff92b9c50bf56d4aed85579370_NeikiAnalytics.exe N/A
File created C:\Windows\System\MHBtZJn.exe C:\Users\Admin\AppData\Local\Temp\1abd62ff92b9c50bf56d4aed85579370_NeikiAnalytics.exe N/A
File created C:\Windows\System\xfSluBW.exe C:\Users\Admin\AppData\Local\Temp\1abd62ff92b9c50bf56d4aed85579370_NeikiAnalytics.exe N/A
File created C:\Windows\System\DdHybvy.exe C:\Users\Admin\AppData\Local\Temp\1abd62ff92b9c50bf56d4aed85579370_NeikiAnalytics.exe N/A
File created C:\Windows\System\cvJjwrh.exe C:\Users\Admin\AppData\Local\Temp\1abd62ff92b9c50bf56d4aed85579370_NeikiAnalytics.exe N/A
File created C:\Windows\System\dcfAucB.exe C:\Users\Admin\AppData\Local\Temp\1abd62ff92b9c50bf56d4aed85579370_NeikiAnalytics.exe N/A
File created C:\Windows\System\tlJrFcw.exe C:\Users\Admin\AppData\Local\Temp\1abd62ff92b9c50bf56d4aed85579370_NeikiAnalytics.exe N/A
File created C:\Windows\System\EXILPue.exe C:\Users\Admin\AppData\Local\Temp\1abd62ff92b9c50bf56d4aed85579370_NeikiAnalytics.exe N/A
File created C:\Windows\System\mbkHFLo.exe C:\Users\Admin\AppData\Local\Temp\1abd62ff92b9c50bf56d4aed85579370_NeikiAnalytics.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\1abd62ff92b9c50bf56d4aed85579370_NeikiAnalytics.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\1abd62ff92b9c50bf56d4aed85579370_NeikiAnalytics.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2084 wrote to memory of 1720 N/A C:\Users\Admin\AppData\Local\Temp\1abd62ff92b9c50bf56d4aed85579370_NeikiAnalytics.exe C:\Windows\System\GmLBvQq.exe
PID 2084 wrote to memory of 1720 N/A C:\Users\Admin\AppData\Local\Temp\1abd62ff92b9c50bf56d4aed85579370_NeikiAnalytics.exe C:\Windows\System\GmLBvQq.exe
PID 2084 wrote to memory of 1720 N/A C:\Users\Admin\AppData\Local\Temp\1abd62ff92b9c50bf56d4aed85579370_NeikiAnalytics.exe C:\Windows\System\GmLBvQq.exe
PID 2084 wrote to memory of 3060 N/A C:\Users\Admin\AppData\Local\Temp\1abd62ff92b9c50bf56d4aed85579370_NeikiAnalytics.exe C:\Windows\System\VibkfDn.exe
PID 2084 wrote to memory of 3060 N/A C:\Users\Admin\AppData\Local\Temp\1abd62ff92b9c50bf56d4aed85579370_NeikiAnalytics.exe C:\Windows\System\VibkfDn.exe
PID 2084 wrote to memory of 3060 N/A C:\Users\Admin\AppData\Local\Temp\1abd62ff92b9c50bf56d4aed85579370_NeikiAnalytics.exe C:\Windows\System\VibkfDn.exe
PID 2084 wrote to memory of 2612 N/A C:\Users\Admin\AppData\Local\Temp\1abd62ff92b9c50bf56d4aed85579370_NeikiAnalytics.exe C:\Windows\System\SoqnEXw.exe
PID 2084 wrote to memory of 2612 N/A C:\Users\Admin\AppData\Local\Temp\1abd62ff92b9c50bf56d4aed85579370_NeikiAnalytics.exe C:\Windows\System\SoqnEXw.exe
PID 2084 wrote to memory of 2612 N/A C:\Users\Admin\AppData\Local\Temp\1abd62ff92b9c50bf56d4aed85579370_NeikiAnalytics.exe C:\Windows\System\SoqnEXw.exe
PID 2084 wrote to memory of 2632 N/A C:\Users\Admin\AppData\Local\Temp\1abd62ff92b9c50bf56d4aed85579370_NeikiAnalytics.exe C:\Windows\System\fISTwJk.exe
PID 2084 wrote to memory of 2632 N/A C:\Users\Admin\AppData\Local\Temp\1abd62ff92b9c50bf56d4aed85579370_NeikiAnalytics.exe C:\Windows\System\fISTwJk.exe
PID 2084 wrote to memory of 2632 N/A C:\Users\Admin\AppData\Local\Temp\1abd62ff92b9c50bf56d4aed85579370_NeikiAnalytics.exe C:\Windows\System\fISTwJk.exe
PID 2084 wrote to memory of 2616 N/A C:\Users\Admin\AppData\Local\Temp\1abd62ff92b9c50bf56d4aed85579370_NeikiAnalytics.exe C:\Windows\System\rEcRSES.exe
PID 2084 wrote to memory of 2616 N/A C:\Users\Admin\AppData\Local\Temp\1abd62ff92b9c50bf56d4aed85579370_NeikiAnalytics.exe C:\Windows\System\rEcRSES.exe
PID 2084 wrote to memory of 2616 N/A C:\Users\Admin\AppData\Local\Temp\1abd62ff92b9c50bf56d4aed85579370_NeikiAnalytics.exe C:\Windows\System\rEcRSES.exe
PID 2084 wrote to memory of 2748 N/A C:\Users\Admin\AppData\Local\Temp\1abd62ff92b9c50bf56d4aed85579370_NeikiAnalytics.exe C:\Windows\System\fQqMXcp.exe
PID 2084 wrote to memory of 2748 N/A C:\Users\Admin\AppData\Local\Temp\1abd62ff92b9c50bf56d4aed85579370_NeikiAnalytics.exe C:\Windows\System\fQqMXcp.exe
PID 2084 wrote to memory of 2748 N/A C:\Users\Admin\AppData\Local\Temp\1abd62ff92b9c50bf56d4aed85579370_NeikiAnalytics.exe C:\Windows\System\fQqMXcp.exe
PID 2084 wrote to memory of 2620 N/A C:\Users\Admin\AppData\Local\Temp\1abd62ff92b9c50bf56d4aed85579370_NeikiAnalytics.exe C:\Windows\System\fNKwryb.exe
PID 2084 wrote to memory of 2620 N/A C:\Users\Admin\AppData\Local\Temp\1abd62ff92b9c50bf56d4aed85579370_NeikiAnalytics.exe C:\Windows\System\fNKwryb.exe
PID 2084 wrote to memory of 2620 N/A C:\Users\Admin\AppData\Local\Temp\1abd62ff92b9c50bf56d4aed85579370_NeikiAnalytics.exe C:\Windows\System\fNKwryb.exe
PID 2084 wrote to memory of 2376 N/A C:\Users\Admin\AppData\Local\Temp\1abd62ff92b9c50bf56d4aed85579370_NeikiAnalytics.exe C:\Windows\System\HwRDoJT.exe
PID 2084 wrote to memory of 2376 N/A C:\Users\Admin\AppData\Local\Temp\1abd62ff92b9c50bf56d4aed85579370_NeikiAnalytics.exe C:\Windows\System\HwRDoJT.exe
PID 2084 wrote to memory of 2376 N/A C:\Users\Admin\AppData\Local\Temp\1abd62ff92b9c50bf56d4aed85579370_NeikiAnalytics.exe C:\Windows\System\HwRDoJT.exe
PID 2084 wrote to memory of 2532 N/A C:\Users\Admin\AppData\Local\Temp\1abd62ff92b9c50bf56d4aed85579370_NeikiAnalytics.exe C:\Windows\System\WqXspAK.exe
PID 2084 wrote to memory of 2532 N/A C:\Users\Admin\AppData\Local\Temp\1abd62ff92b9c50bf56d4aed85579370_NeikiAnalytics.exe C:\Windows\System\WqXspAK.exe
PID 2084 wrote to memory of 2532 N/A C:\Users\Admin\AppData\Local\Temp\1abd62ff92b9c50bf56d4aed85579370_NeikiAnalytics.exe C:\Windows\System\WqXspAK.exe
PID 2084 wrote to memory of 1508 N/A C:\Users\Admin\AppData\Local\Temp\1abd62ff92b9c50bf56d4aed85579370_NeikiAnalytics.exe C:\Windows\System\BkHMIqU.exe
PID 2084 wrote to memory of 1508 N/A C:\Users\Admin\AppData\Local\Temp\1abd62ff92b9c50bf56d4aed85579370_NeikiAnalytics.exe C:\Windows\System\BkHMIqU.exe
PID 2084 wrote to memory of 1508 N/A C:\Users\Admin\AppData\Local\Temp\1abd62ff92b9c50bf56d4aed85579370_NeikiAnalytics.exe C:\Windows\System\BkHMIqU.exe
PID 2084 wrote to memory of 1620 N/A C:\Users\Admin\AppData\Local\Temp\1abd62ff92b9c50bf56d4aed85579370_NeikiAnalytics.exe C:\Windows\System\ZPssSTW.exe
PID 2084 wrote to memory of 1620 N/A C:\Users\Admin\AppData\Local\Temp\1abd62ff92b9c50bf56d4aed85579370_NeikiAnalytics.exe C:\Windows\System\ZPssSTW.exe
PID 2084 wrote to memory of 1620 N/A C:\Users\Admin\AppData\Local\Temp\1abd62ff92b9c50bf56d4aed85579370_NeikiAnalytics.exe C:\Windows\System\ZPssSTW.exe
PID 2084 wrote to memory of 1520 N/A C:\Users\Admin\AppData\Local\Temp\1abd62ff92b9c50bf56d4aed85579370_NeikiAnalytics.exe C:\Windows\System\xMCARTp.exe
PID 2084 wrote to memory of 1520 N/A C:\Users\Admin\AppData\Local\Temp\1abd62ff92b9c50bf56d4aed85579370_NeikiAnalytics.exe C:\Windows\System\xMCARTp.exe
PID 2084 wrote to memory of 1520 N/A C:\Users\Admin\AppData\Local\Temp\1abd62ff92b9c50bf56d4aed85579370_NeikiAnalytics.exe C:\Windows\System\xMCARTp.exe
PID 2084 wrote to memory of 2660 N/A C:\Users\Admin\AppData\Local\Temp\1abd62ff92b9c50bf56d4aed85579370_NeikiAnalytics.exe C:\Windows\System\AouCxoJ.exe
PID 2084 wrote to memory of 2660 N/A C:\Users\Admin\AppData\Local\Temp\1abd62ff92b9c50bf56d4aed85579370_NeikiAnalytics.exe C:\Windows\System\AouCxoJ.exe
PID 2084 wrote to memory of 2660 N/A C:\Users\Admin\AppData\Local\Temp\1abd62ff92b9c50bf56d4aed85579370_NeikiAnalytics.exe C:\Windows\System\AouCxoJ.exe
PID 2084 wrote to memory of 2584 N/A C:\Users\Admin\AppData\Local\Temp\1abd62ff92b9c50bf56d4aed85579370_NeikiAnalytics.exe C:\Windows\System\YxKkMaf.exe
PID 2084 wrote to memory of 2584 N/A C:\Users\Admin\AppData\Local\Temp\1abd62ff92b9c50bf56d4aed85579370_NeikiAnalytics.exe C:\Windows\System\YxKkMaf.exe
PID 2084 wrote to memory of 2584 N/A C:\Users\Admin\AppData\Local\Temp\1abd62ff92b9c50bf56d4aed85579370_NeikiAnalytics.exe C:\Windows\System\YxKkMaf.exe
PID 2084 wrote to memory of 1548 N/A C:\Users\Admin\AppData\Local\Temp\1abd62ff92b9c50bf56d4aed85579370_NeikiAnalytics.exe C:\Windows\System\NmajDdd.exe
PID 2084 wrote to memory of 1548 N/A C:\Users\Admin\AppData\Local\Temp\1abd62ff92b9c50bf56d4aed85579370_NeikiAnalytics.exe C:\Windows\System\NmajDdd.exe
PID 2084 wrote to memory of 1548 N/A C:\Users\Admin\AppData\Local\Temp\1abd62ff92b9c50bf56d4aed85579370_NeikiAnalytics.exe C:\Windows\System\NmajDdd.exe
PID 2084 wrote to memory of 1816 N/A C:\Users\Admin\AppData\Local\Temp\1abd62ff92b9c50bf56d4aed85579370_NeikiAnalytics.exe C:\Windows\System\knYbqPP.exe
PID 2084 wrote to memory of 1816 N/A C:\Users\Admin\AppData\Local\Temp\1abd62ff92b9c50bf56d4aed85579370_NeikiAnalytics.exe C:\Windows\System\knYbqPP.exe
PID 2084 wrote to memory of 1816 N/A C:\Users\Admin\AppData\Local\Temp\1abd62ff92b9c50bf56d4aed85579370_NeikiAnalytics.exe C:\Windows\System\knYbqPP.exe
PID 2084 wrote to memory of 2136 N/A C:\Users\Admin\AppData\Local\Temp\1abd62ff92b9c50bf56d4aed85579370_NeikiAnalytics.exe C:\Windows\System\HzBPQdS.exe
PID 2084 wrote to memory of 2136 N/A C:\Users\Admin\AppData\Local\Temp\1abd62ff92b9c50bf56d4aed85579370_NeikiAnalytics.exe C:\Windows\System\HzBPQdS.exe
PID 2084 wrote to memory of 2136 N/A C:\Users\Admin\AppData\Local\Temp\1abd62ff92b9c50bf56d4aed85579370_NeikiAnalytics.exe C:\Windows\System\HzBPQdS.exe
PID 2084 wrote to memory of 316 N/A C:\Users\Admin\AppData\Local\Temp\1abd62ff92b9c50bf56d4aed85579370_NeikiAnalytics.exe C:\Windows\System\pEuIZBW.exe
PID 2084 wrote to memory of 316 N/A C:\Users\Admin\AppData\Local\Temp\1abd62ff92b9c50bf56d4aed85579370_NeikiAnalytics.exe C:\Windows\System\pEuIZBW.exe
PID 2084 wrote to memory of 316 N/A C:\Users\Admin\AppData\Local\Temp\1abd62ff92b9c50bf56d4aed85579370_NeikiAnalytics.exe C:\Windows\System\pEuIZBW.exe
PID 2084 wrote to memory of 1572 N/A C:\Users\Admin\AppData\Local\Temp\1abd62ff92b9c50bf56d4aed85579370_NeikiAnalytics.exe C:\Windows\System\jaMpqay.exe
PID 2084 wrote to memory of 1572 N/A C:\Users\Admin\AppData\Local\Temp\1abd62ff92b9c50bf56d4aed85579370_NeikiAnalytics.exe C:\Windows\System\jaMpqay.exe
PID 2084 wrote to memory of 1572 N/A C:\Users\Admin\AppData\Local\Temp\1abd62ff92b9c50bf56d4aed85579370_NeikiAnalytics.exe C:\Windows\System\jaMpqay.exe
PID 2084 wrote to memory of 268 N/A C:\Users\Admin\AppData\Local\Temp\1abd62ff92b9c50bf56d4aed85579370_NeikiAnalytics.exe C:\Windows\System\ucKghPA.exe
PID 2084 wrote to memory of 268 N/A C:\Users\Admin\AppData\Local\Temp\1abd62ff92b9c50bf56d4aed85579370_NeikiAnalytics.exe C:\Windows\System\ucKghPA.exe
PID 2084 wrote to memory of 268 N/A C:\Users\Admin\AppData\Local\Temp\1abd62ff92b9c50bf56d4aed85579370_NeikiAnalytics.exe C:\Windows\System\ucKghPA.exe
PID 2084 wrote to memory of 1428 N/A C:\Users\Admin\AppData\Local\Temp\1abd62ff92b9c50bf56d4aed85579370_NeikiAnalytics.exe C:\Windows\System\KgfpCsU.exe
PID 2084 wrote to memory of 1428 N/A C:\Users\Admin\AppData\Local\Temp\1abd62ff92b9c50bf56d4aed85579370_NeikiAnalytics.exe C:\Windows\System\KgfpCsU.exe
PID 2084 wrote to memory of 1428 N/A C:\Users\Admin\AppData\Local\Temp\1abd62ff92b9c50bf56d4aed85579370_NeikiAnalytics.exe C:\Windows\System\KgfpCsU.exe
PID 2084 wrote to memory of 2328 N/A C:\Users\Admin\AppData\Local\Temp\1abd62ff92b9c50bf56d4aed85579370_NeikiAnalytics.exe C:\Windows\System\esppjay.exe

Processes

C:\Users\Admin\AppData\Local\Temp\1abd62ff92b9c50bf56d4aed85579370_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\1abd62ff92b9c50bf56d4aed85579370_NeikiAnalytics.exe"

C:\Windows\System\GmLBvQq.exe

C:\Windows\System\GmLBvQq.exe

C:\Windows\System\VibkfDn.exe

C:\Windows\System\VibkfDn.exe

C:\Windows\System\SoqnEXw.exe

C:\Windows\System\SoqnEXw.exe

C:\Windows\System\fISTwJk.exe

C:\Windows\System\fISTwJk.exe

C:\Windows\System\rEcRSES.exe

C:\Windows\System\rEcRSES.exe

C:\Windows\System\fQqMXcp.exe

C:\Windows\System\fQqMXcp.exe

C:\Windows\System\fNKwryb.exe

C:\Windows\System\fNKwryb.exe

C:\Windows\System\HwRDoJT.exe

C:\Windows\System\HwRDoJT.exe

C:\Windows\System\WqXspAK.exe

C:\Windows\System\WqXspAK.exe

C:\Windows\System\BkHMIqU.exe

C:\Windows\System\BkHMIqU.exe

C:\Windows\System\ZPssSTW.exe

C:\Windows\System\ZPssSTW.exe

C:\Windows\System\xMCARTp.exe

C:\Windows\System\xMCARTp.exe

C:\Windows\System\AouCxoJ.exe

C:\Windows\System\AouCxoJ.exe

C:\Windows\System\YxKkMaf.exe

C:\Windows\System\YxKkMaf.exe

C:\Windows\System\NmajDdd.exe

C:\Windows\System\NmajDdd.exe

C:\Windows\System\knYbqPP.exe

C:\Windows\System\knYbqPP.exe

C:\Windows\System\HzBPQdS.exe

C:\Windows\System\HzBPQdS.exe

C:\Windows\System\pEuIZBW.exe

C:\Windows\System\pEuIZBW.exe

C:\Windows\System\jaMpqay.exe

C:\Windows\System\jaMpqay.exe

C:\Windows\System\ucKghPA.exe

C:\Windows\System\ucKghPA.exe

C:\Windows\System\KgfpCsU.exe

C:\Windows\System\KgfpCsU.exe

C:\Windows\System\esppjay.exe

C:\Windows\System\esppjay.exe

C:\Windows\System\aChBCgY.exe

C:\Windows\System\aChBCgY.exe

C:\Windows\System\iuEINLS.exe

C:\Windows\System\iuEINLS.exe

C:\Windows\System\hvJfgmu.exe

C:\Windows\System\hvJfgmu.exe

C:\Windows\System\EaWFTFb.exe

C:\Windows\System\EaWFTFb.exe

C:\Windows\System\YbyheWT.exe

C:\Windows\System\YbyheWT.exe

C:\Windows\System\EUdNwTR.exe

C:\Windows\System\EUdNwTR.exe

C:\Windows\System\Rjhgxye.exe

C:\Windows\System\Rjhgxye.exe

C:\Windows\System\kvDiqrh.exe

C:\Windows\System\kvDiqrh.exe

C:\Windows\System\FjhbDfu.exe

C:\Windows\System\FjhbDfu.exe

C:\Windows\System\tGrnqtd.exe

C:\Windows\System\tGrnqtd.exe

C:\Windows\System\nEELAIV.exe

C:\Windows\System\nEELAIV.exe

C:\Windows\System\NQkVBMS.exe

C:\Windows\System\NQkVBMS.exe

C:\Windows\System\fsvzxRA.exe

C:\Windows\System\fsvzxRA.exe

C:\Windows\System\IzCCRXm.exe

C:\Windows\System\IzCCRXm.exe

C:\Windows\System\CxwUnKN.exe

C:\Windows\System\CxwUnKN.exe

C:\Windows\System\zvFuNSd.exe

C:\Windows\System\zvFuNSd.exe

C:\Windows\System\CGooJbi.exe

C:\Windows\System\CGooJbi.exe

C:\Windows\System\ZlvwfTp.exe

C:\Windows\System\ZlvwfTp.exe

C:\Windows\System\rpTKMZU.exe

C:\Windows\System\rpTKMZU.exe

C:\Windows\System\ouuyhRz.exe

C:\Windows\System\ouuyhRz.exe

C:\Windows\System\LIMyUDn.exe

C:\Windows\System\LIMyUDn.exe

C:\Windows\System\BIXUqGi.exe

C:\Windows\System\BIXUqGi.exe

C:\Windows\System\DVUTzQj.exe

C:\Windows\System\DVUTzQj.exe

C:\Windows\System\vpvHgqp.exe

C:\Windows\System\vpvHgqp.exe

C:\Windows\System\XJVZlcB.exe

C:\Windows\System\XJVZlcB.exe

C:\Windows\System\IVFHsor.exe

C:\Windows\System\IVFHsor.exe

C:\Windows\System\qTxXrIX.exe

C:\Windows\System\qTxXrIX.exe

C:\Windows\System\gUwSgUZ.exe

C:\Windows\System\gUwSgUZ.exe

C:\Windows\System\MVjOcfs.exe

C:\Windows\System\MVjOcfs.exe

C:\Windows\System\qDGmCQM.exe

C:\Windows\System\qDGmCQM.exe

C:\Windows\System\XfkqHKD.exe

C:\Windows\System\XfkqHKD.exe

C:\Windows\System\cwjcMvf.exe

C:\Windows\System\cwjcMvf.exe

C:\Windows\System\QHZKQml.exe

C:\Windows\System\QHZKQml.exe

C:\Windows\System\PZPURTx.exe

C:\Windows\System\PZPURTx.exe

C:\Windows\System\ygKWhxE.exe

C:\Windows\System\ygKWhxE.exe

C:\Windows\System\cvJjwrh.exe

C:\Windows\System\cvJjwrh.exe

C:\Windows\System\QOlorVr.exe

C:\Windows\System\QOlorVr.exe

C:\Windows\System\EmmoHgy.exe

C:\Windows\System\EmmoHgy.exe

C:\Windows\System\HOUlDRR.exe

C:\Windows\System\HOUlDRR.exe

C:\Windows\System\dcfAucB.exe

C:\Windows\System\dcfAucB.exe

C:\Windows\System\RnaCBJf.exe

C:\Windows\System\RnaCBJf.exe

C:\Windows\System\YMJgIKa.exe

C:\Windows\System\YMJgIKa.exe

C:\Windows\System\tvHxvOY.exe

C:\Windows\System\tvHxvOY.exe

C:\Windows\System\cfIEerD.exe

C:\Windows\System\cfIEerD.exe

C:\Windows\System\XmzUHdv.exe

C:\Windows\System\XmzUHdv.exe

C:\Windows\System\eYwmAmr.exe

C:\Windows\System\eYwmAmr.exe

C:\Windows\System\kZjjtsZ.exe

C:\Windows\System\kZjjtsZ.exe

C:\Windows\System\jqtwLZk.exe

C:\Windows\System\jqtwLZk.exe

C:\Windows\System\qGacWgU.exe

C:\Windows\System\qGacWgU.exe

C:\Windows\System\ZNiAuUE.exe

C:\Windows\System\ZNiAuUE.exe

C:\Windows\System\KtWIzUf.exe

C:\Windows\System\KtWIzUf.exe

C:\Windows\System\ynOdGwB.exe

C:\Windows\System\ynOdGwB.exe

C:\Windows\System\YdiMPMW.exe

C:\Windows\System\YdiMPMW.exe

C:\Windows\System\JkzvqQZ.exe

C:\Windows\System\JkzvqQZ.exe

C:\Windows\System\FTBdDjU.exe

C:\Windows\System\FTBdDjU.exe

C:\Windows\System\MvXmhgL.exe

C:\Windows\System\MvXmhgL.exe

C:\Windows\System\QujBOnK.exe

C:\Windows\System\QujBOnK.exe

C:\Windows\System\FWQFpkn.exe

C:\Windows\System\FWQFpkn.exe

C:\Windows\System\wucAMSt.exe

C:\Windows\System\wucAMSt.exe

C:\Windows\System\hXUmfod.exe

C:\Windows\System\hXUmfod.exe

C:\Windows\System\fRHNWsC.exe

C:\Windows\System\fRHNWsC.exe

C:\Windows\System\ldlWgle.exe

C:\Windows\System\ldlWgle.exe

C:\Windows\System\yyRMnaZ.exe

C:\Windows\System\yyRMnaZ.exe

C:\Windows\System\kInezyS.exe

C:\Windows\System\kInezyS.exe

C:\Windows\System\tyfgSOy.exe

C:\Windows\System\tyfgSOy.exe

C:\Windows\System\ImhCmJX.exe

C:\Windows\System\ImhCmJX.exe

C:\Windows\System\gFwZANB.exe

C:\Windows\System\gFwZANB.exe

C:\Windows\System\HcaFZfE.exe

C:\Windows\System\HcaFZfE.exe

C:\Windows\System\RYWsAfz.exe

C:\Windows\System\RYWsAfz.exe

C:\Windows\System\aadrHYI.exe

C:\Windows\System\aadrHYI.exe

C:\Windows\System\DZtRNQx.exe

C:\Windows\System\DZtRNQx.exe

C:\Windows\System\eAnGAdT.exe

C:\Windows\System\eAnGAdT.exe

C:\Windows\System\ZhAeicz.exe

C:\Windows\System\ZhAeicz.exe

C:\Windows\System\ROKVbYQ.exe

C:\Windows\System\ROKVbYQ.exe

C:\Windows\System\QfczLpr.exe

C:\Windows\System\QfczLpr.exe

C:\Windows\System\XkkzZgr.exe

C:\Windows\System\XkkzZgr.exe

C:\Windows\System\TabZwik.exe

C:\Windows\System\TabZwik.exe

C:\Windows\System\dSfpEjE.exe

C:\Windows\System\dSfpEjE.exe

C:\Windows\System\wOFZMoe.exe

C:\Windows\System\wOFZMoe.exe

C:\Windows\System\pmfGwuD.exe

C:\Windows\System\pmfGwuD.exe

C:\Windows\System\GikXJeN.exe

C:\Windows\System\GikXJeN.exe

C:\Windows\System\eZPStGT.exe

C:\Windows\System\eZPStGT.exe

C:\Windows\System\DPwnjCe.exe

C:\Windows\System\DPwnjCe.exe

C:\Windows\System\xyeDaZD.exe

C:\Windows\System\xyeDaZD.exe

C:\Windows\System\vPMNoWS.exe

C:\Windows\System\vPMNoWS.exe

C:\Windows\System\MnsBJzs.exe

C:\Windows\System\MnsBJzs.exe

C:\Windows\System\HnjIUzr.exe

C:\Windows\System\HnjIUzr.exe

C:\Windows\System\PXVbKhD.exe

C:\Windows\System\PXVbKhD.exe

C:\Windows\System\LDgbTCF.exe

C:\Windows\System\LDgbTCF.exe

C:\Windows\System\GJzgUzG.exe

C:\Windows\System\GJzgUzG.exe

C:\Windows\System\NUDonDq.exe

C:\Windows\System\NUDonDq.exe

C:\Windows\System\LmNZezF.exe

C:\Windows\System\LmNZezF.exe

C:\Windows\System\bDmDkVF.exe

C:\Windows\System\bDmDkVF.exe

C:\Windows\System\LdLwXZR.exe

C:\Windows\System\LdLwXZR.exe

C:\Windows\System\pKIDiir.exe

C:\Windows\System\pKIDiir.exe

C:\Windows\System\MOnpABX.exe

C:\Windows\System\MOnpABX.exe

C:\Windows\System\LqoXNll.exe

C:\Windows\System\LqoXNll.exe

C:\Windows\System\MTfUGVT.exe

C:\Windows\System\MTfUGVT.exe

C:\Windows\System\JuSyKps.exe

C:\Windows\System\JuSyKps.exe

C:\Windows\System\HGvDoHt.exe

C:\Windows\System\HGvDoHt.exe

C:\Windows\System\eMnVnQq.exe

C:\Windows\System\eMnVnQq.exe

C:\Windows\System\qQzLvFu.exe

C:\Windows\System\qQzLvFu.exe

C:\Windows\System\kyYQfLU.exe

C:\Windows\System\kyYQfLU.exe

C:\Windows\System\gJkTZSJ.exe

C:\Windows\System\gJkTZSJ.exe

C:\Windows\System\LnXmTQw.exe

C:\Windows\System\LnXmTQw.exe

C:\Windows\System\xduWHbz.exe

C:\Windows\System\xduWHbz.exe

C:\Windows\System\ckBCSyy.exe

C:\Windows\System\ckBCSyy.exe

C:\Windows\System\FmUSFHA.exe

C:\Windows\System\FmUSFHA.exe

C:\Windows\System\HbfTSqs.exe

C:\Windows\System\HbfTSqs.exe

C:\Windows\System\NUwNKpN.exe

C:\Windows\System\NUwNKpN.exe

C:\Windows\System\TTVXMQR.exe

C:\Windows\System\TTVXMQR.exe

C:\Windows\System\IrRIxoK.exe

C:\Windows\System\IrRIxoK.exe

C:\Windows\System\WWqGvhQ.exe

C:\Windows\System\WWqGvhQ.exe

C:\Windows\System\gkpHAnm.exe

C:\Windows\System\gkpHAnm.exe

C:\Windows\System\KQjMcqK.exe

C:\Windows\System\KQjMcqK.exe

C:\Windows\System\tfgOdOA.exe

C:\Windows\System\tfgOdOA.exe

C:\Windows\System\QRMKptX.exe

C:\Windows\System\QRMKptX.exe

C:\Windows\System\gTFnGrN.exe

C:\Windows\System\gTFnGrN.exe

C:\Windows\System\wscEgWU.exe

C:\Windows\System\wscEgWU.exe

C:\Windows\System\wtxVshH.exe

C:\Windows\System\wtxVshH.exe

C:\Windows\System\iuEIOTG.exe

C:\Windows\System\iuEIOTG.exe

C:\Windows\System\YSvlTNs.exe

C:\Windows\System\YSvlTNs.exe

C:\Windows\System\ZNseXcI.exe

C:\Windows\System\ZNseXcI.exe

C:\Windows\System\qZQiWup.exe

C:\Windows\System\qZQiWup.exe

C:\Windows\System\FJGUuuw.exe

C:\Windows\System\FJGUuuw.exe

C:\Windows\System\ocIUoJK.exe

C:\Windows\System\ocIUoJK.exe

C:\Windows\System\wNHtdcw.exe

C:\Windows\System\wNHtdcw.exe

C:\Windows\System\TbKjGQt.exe

C:\Windows\System\TbKjGQt.exe

C:\Windows\System\LdzHsOY.exe

C:\Windows\System\LdzHsOY.exe

C:\Windows\System\InNHETd.exe

C:\Windows\System\InNHETd.exe

C:\Windows\System\fDQzWKy.exe

C:\Windows\System\fDQzWKy.exe

C:\Windows\System\rsqUAov.exe

C:\Windows\System\rsqUAov.exe

C:\Windows\System\DTJFCQl.exe

C:\Windows\System\DTJFCQl.exe

C:\Windows\System\hMutUux.exe

C:\Windows\System\hMutUux.exe

C:\Windows\System\fINxxes.exe

C:\Windows\System\fINxxes.exe

C:\Windows\System\tlJrFcw.exe

C:\Windows\System\tlJrFcw.exe

C:\Windows\System\yuDmHiA.exe

C:\Windows\System\yuDmHiA.exe

C:\Windows\System\QshyUvb.exe

C:\Windows\System\QshyUvb.exe

C:\Windows\System\teQMUQI.exe

C:\Windows\System\teQMUQI.exe

C:\Windows\System\HhDvAbQ.exe

C:\Windows\System\HhDvAbQ.exe

C:\Windows\System\CNKtDcd.exe

C:\Windows\System\CNKtDcd.exe

C:\Windows\System\eHxpxZp.exe

C:\Windows\System\eHxpxZp.exe

C:\Windows\System\EdBVyqV.exe

C:\Windows\System\EdBVyqV.exe

C:\Windows\System\bNSHJQV.exe

C:\Windows\System\bNSHJQV.exe

C:\Windows\System\JShrrvq.exe

C:\Windows\System\JShrrvq.exe

C:\Windows\System\gbqarBS.exe

C:\Windows\System\gbqarBS.exe

C:\Windows\System\bGJiZkP.exe

C:\Windows\System\bGJiZkP.exe

C:\Windows\System\VHiumBM.exe

C:\Windows\System\VHiumBM.exe

C:\Windows\System\tALrUVi.exe

C:\Windows\System\tALrUVi.exe

C:\Windows\System\EOmItTB.exe

C:\Windows\System\EOmItTB.exe

C:\Windows\System\JStUVmn.exe

C:\Windows\System\JStUVmn.exe

C:\Windows\System\XZcATiQ.exe

C:\Windows\System\XZcATiQ.exe

C:\Windows\System\bYnmvJA.exe

C:\Windows\System\bYnmvJA.exe

C:\Windows\System\SyYsVdG.exe

C:\Windows\System\SyYsVdG.exe

C:\Windows\System\wlxyhoE.exe

C:\Windows\System\wlxyhoE.exe

C:\Windows\System\DupytBS.exe

C:\Windows\System\DupytBS.exe

C:\Windows\System\sPwMkHz.exe

C:\Windows\System\sPwMkHz.exe

C:\Windows\System\lfRzfIR.exe

C:\Windows\System\lfRzfIR.exe

C:\Windows\System\wrLsOuI.exe

C:\Windows\System\wrLsOuI.exe

C:\Windows\System\gekbZpZ.exe

C:\Windows\System\gekbZpZ.exe

C:\Windows\System\NxkRcZU.exe

C:\Windows\System\NxkRcZU.exe

C:\Windows\System\fDnijzJ.exe

C:\Windows\System\fDnijzJ.exe

C:\Windows\System\MbSDlTH.exe

C:\Windows\System\MbSDlTH.exe

C:\Windows\System\pjApBii.exe

C:\Windows\System\pjApBii.exe

C:\Windows\System\tQUiDzr.exe

C:\Windows\System\tQUiDzr.exe

C:\Windows\System\huEwBMV.exe

C:\Windows\System\huEwBMV.exe

C:\Windows\System\fAbBDVo.exe

C:\Windows\System\fAbBDVo.exe

C:\Windows\System\XViifff.exe

C:\Windows\System\XViifff.exe

C:\Windows\System\VjxaPOU.exe

C:\Windows\System\VjxaPOU.exe

C:\Windows\System\FbLmmUZ.exe

C:\Windows\System\FbLmmUZ.exe

C:\Windows\System\PBoDOHG.exe

C:\Windows\System\PBoDOHG.exe

C:\Windows\System\MiiIRCG.exe

C:\Windows\System\MiiIRCG.exe

C:\Windows\System\QNSZVvh.exe

C:\Windows\System\QNSZVvh.exe

C:\Windows\System\gkEFTOG.exe

C:\Windows\System\gkEFTOG.exe

C:\Windows\System\HnjGkYD.exe

C:\Windows\System\HnjGkYD.exe

C:\Windows\System\gsLFRlY.exe

C:\Windows\System\gsLFRlY.exe

C:\Windows\System\VOAMGWT.exe

C:\Windows\System\VOAMGWT.exe

C:\Windows\System\ewgZeau.exe

C:\Windows\System\ewgZeau.exe

C:\Windows\System\Gmhtyld.exe

C:\Windows\System\Gmhtyld.exe

C:\Windows\System\qCJMXjD.exe

C:\Windows\System\qCJMXjD.exe

C:\Windows\System\EXILPue.exe

C:\Windows\System\EXILPue.exe

C:\Windows\System\cSYbYHv.exe

C:\Windows\System\cSYbYHv.exe

C:\Windows\System\GCStxYV.exe

C:\Windows\System\GCStxYV.exe

C:\Windows\System\MeFNhGB.exe

C:\Windows\System\MeFNhGB.exe

C:\Windows\System\otiPNJR.exe

C:\Windows\System\otiPNJR.exe

C:\Windows\System\VoZkjFz.exe

C:\Windows\System\VoZkjFz.exe

C:\Windows\System\jEWhUvx.exe

C:\Windows\System\jEWhUvx.exe

C:\Windows\System\ODMdgsW.exe

C:\Windows\System\ODMdgsW.exe

C:\Windows\System\JgYuiEL.exe

C:\Windows\System\JgYuiEL.exe

C:\Windows\System\sYxHrWC.exe

C:\Windows\System\sYxHrWC.exe

C:\Windows\System\ZioUqyM.exe

C:\Windows\System\ZioUqyM.exe

C:\Windows\System\tBFRXTj.exe

C:\Windows\System\tBFRXTj.exe

C:\Windows\System\mbkHFLo.exe

C:\Windows\System\mbkHFLo.exe

C:\Windows\System\qppaFdX.exe

C:\Windows\System\qppaFdX.exe

C:\Windows\System\KsNyuVf.exe

C:\Windows\System\KsNyuVf.exe

C:\Windows\System\SqhurJX.exe

C:\Windows\System\SqhurJX.exe

C:\Windows\System\wcLIMlY.exe

C:\Windows\System\wcLIMlY.exe

C:\Windows\System\nGtojNt.exe

C:\Windows\System\nGtojNt.exe

C:\Windows\System\dAjcePF.exe

C:\Windows\System\dAjcePF.exe

C:\Windows\System\UdfEIth.exe

C:\Windows\System\UdfEIth.exe

C:\Windows\System\iMcabXE.exe

C:\Windows\System\iMcabXE.exe

C:\Windows\System\tTjphZQ.exe

C:\Windows\System\tTjphZQ.exe

C:\Windows\System\vcaSIAA.exe

C:\Windows\System\vcaSIAA.exe

C:\Windows\System\xAxtDCH.exe

C:\Windows\System\xAxtDCH.exe

C:\Windows\System\iaJIywI.exe

C:\Windows\System\iaJIywI.exe

C:\Windows\System\zxsRAhO.exe

C:\Windows\System\zxsRAhO.exe

C:\Windows\System\WhjrLTJ.exe

C:\Windows\System\WhjrLTJ.exe

C:\Windows\System\WLawdTy.exe

C:\Windows\System\WLawdTy.exe

C:\Windows\System\hJjHvau.exe

C:\Windows\System\hJjHvau.exe

C:\Windows\System\luwRhDS.exe

C:\Windows\System\luwRhDS.exe

C:\Windows\System\PUbBoUE.exe

C:\Windows\System\PUbBoUE.exe

C:\Windows\System\YaYMjsm.exe

C:\Windows\System\YaYMjsm.exe

C:\Windows\System\BCFHksn.exe

C:\Windows\System\BCFHksn.exe

C:\Windows\System\rJOWYgl.exe

C:\Windows\System\rJOWYgl.exe

C:\Windows\System\WDSqDsx.exe

C:\Windows\System\WDSqDsx.exe

C:\Windows\System\veEChpc.exe

C:\Windows\System\veEChpc.exe

C:\Windows\System\QVMmhZP.exe

C:\Windows\System\QVMmhZP.exe

C:\Windows\System\RUzqDMj.exe

C:\Windows\System\RUzqDMj.exe

C:\Windows\System\IxhZhSh.exe

C:\Windows\System\IxhZhSh.exe

C:\Windows\System\OAEjbXP.exe

C:\Windows\System\OAEjbXP.exe

C:\Windows\System\jkVKMdP.exe

C:\Windows\System\jkVKMdP.exe

C:\Windows\System\qcdqVwJ.exe

C:\Windows\System\qcdqVwJ.exe

C:\Windows\System\ONKbGpu.exe

C:\Windows\System\ONKbGpu.exe

C:\Windows\System\RPGCprj.exe

C:\Windows\System\RPGCprj.exe

C:\Windows\System\QrWrajC.exe

C:\Windows\System\QrWrajC.exe

C:\Windows\System\QxuPdgs.exe

C:\Windows\System\QxuPdgs.exe

C:\Windows\System\nIcgaHN.exe

C:\Windows\System\nIcgaHN.exe

C:\Windows\System\lVMqWZI.exe

C:\Windows\System\lVMqWZI.exe

C:\Windows\System\rWkMHNQ.exe

C:\Windows\System\rWkMHNQ.exe

C:\Windows\System\EMHhiFK.exe

C:\Windows\System\EMHhiFK.exe

C:\Windows\System\cgFlcep.exe

C:\Windows\System\cgFlcep.exe

C:\Windows\System\uBZiXIp.exe

C:\Windows\System\uBZiXIp.exe

C:\Windows\System\QykGCNb.exe

C:\Windows\System\QykGCNb.exe

C:\Windows\System\TrnFFYM.exe

C:\Windows\System\TrnFFYM.exe

C:\Windows\System\TRQddyu.exe

C:\Windows\System\TRQddyu.exe

C:\Windows\System\JgsEwFt.exe

C:\Windows\System\JgsEwFt.exe

C:\Windows\System\oAQRlgY.exe

C:\Windows\System\oAQRlgY.exe

C:\Windows\System\DHulhFO.exe

C:\Windows\System\DHulhFO.exe

C:\Windows\System\rYrwgfF.exe

C:\Windows\System\rYrwgfF.exe

C:\Windows\System\woanErw.exe

C:\Windows\System\woanErw.exe

C:\Windows\System\tFCmfCF.exe

C:\Windows\System\tFCmfCF.exe

C:\Windows\System\SetFQwb.exe

C:\Windows\System\SetFQwb.exe

C:\Windows\System\mAYOPaT.exe

C:\Windows\System\mAYOPaT.exe

C:\Windows\System\RWFiWgH.exe

C:\Windows\System\RWFiWgH.exe

C:\Windows\System\RpAmlCm.exe

C:\Windows\System\RpAmlCm.exe

C:\Windows\System\fwQBbxt.exe

C:\Windows\System\fwQBbxt.exe

C:\Windows\System\FmDJXyw.exe

C:\Windows\System\FmDJXyw.exe

C:\Windows\System\MHBtZJn.exe

C:\Windows\System\MHBtZJn.exe

C:\Windows\System\jIafShH.exe

C:\Windows\System\jIafShH.exe

C:\Windows\System\xfSluBW.exe

C:\Windows\System\xfSluBW.exe

C:\Windows\System\cOcEHVW.exe

C:\Windows\System\cOcEHVW.exe

C:\Windows\System\cnSDjKR.exe

C:\Windows\System\cnSDjKR.exe

C:\Windows\System\fgUWiyf.exe

C:\Windows\System\fgUWiyf.exe

C:\Windows\System\DvrfUhF.exe

C:\Windows\System\DvrfUhF.exe

C:\Windows\System\bVwfgLA.exe

C:\Windows\System\bVwfgLA.exe

C:\Windows\System\nnWwurl.exe

C:\Windows\System\nnWwurl.exe

C:\Windows\System\xVGEfuE.exe

C:\Windows\System\xVGEfuE.exe

C:\Windows\System\yajICmj.exe

C:\Windows\System\yajICmj.exe

C:\Windows\System\lZQJIFm.exe

C:\Windows\System\lZQJIFm.exe

C:\Windows\System\Wdiquej.exe

C:\Windows\System\Wdiquej.exe

C:\Windows\System\WqdGiRv.exe

C:\Windows\System\WqdGiRv.exe

C:\Windows\System\yYQLZfZ.exe

C:\Windows\System\yYQLZfZ.exe

C:\Windows\System\VjBNSwu.exe

C:\Windows\System\VjBNSwu.exe

C:\Windows\System\sVzXZwo.exe

C:\Windows\System\sVzXZwo.exe

C:\Windows\System\WUWLkZr.exe

C:\Windows\System\WUWLkZr.exe

C:\Windows\System\YsYsKja.exe

C:\Windows\System\YsYsKja.exe

C:\Windows\System\UuscBtc.exe

C:\Windows\System\UuscBtc.exe

C:\Windows\System\ptvnDhi.exe

C:\Windows\System\ptvnDhi.exe

C:\Windows\System\BsCmdxD.exe

C:\Windows\System\BsCmdxD.exe

C:\Windows\System\RGZBNmW.exe

C:\Windows\System\RGZBNmW.exe

C:\Windows\System\WABIJIO.exe

C:\Windows\System\WABIJIO.exe

C:\Windows\System\EVLeylW.exe

C:\Windows\System\EVLeylW.exe

C:\Windows\System\VUCMFSK.exe

C:\Windows\System\VUCMFSK.exe

C:\Windows\System\oOlrIxM.exe

C:\Windows\System\oOlrIxM.exe

C:\Windows\System\shLImOP.exe

C:\Windows\System\shLImOP.exe

C:\Windows\System\sfaNErd.exe

C:\Windows\System\sfaNErd.exe

C:\Windows\System\LKiiMCh.exe

C:\Windows\System\LKiiMCh.exe

C:\Windows\System\nXWexrQ.exe

C:\Windows\System\nXWexrQ.exe

C:\Windows\System\cODXsyM.exe

C:\Windows\System\cODXsyM.exe

C:\Windows\System\XXxUVZf.exe

C:\Windows\System\XXxUVZf.exe

C:\Windows\System\ZKPmFUR.exe

C:\Windows\System\ZKPmFUR.exe

C:\Windows\System\tQWvQRd.exe

C:\Windows\System\tQWvQRd.exe

C:\Windows\System\XhedDzl.exe

C:\Windows\System\XhedDzl.exe

C:\Windows\System\jPuyiUy.exe

C:\Windows\System\jPuyiUy.exe

C:\Windows\System\hrpEZav.exe

C:\Windows\System\hrpEZav.exe

C:\Windows\System\jZxiRBv.exe

C:\Windows\System\jZxiRBv.exe

C:\Windows\System\VMAcSUO.exe

C:\Windows\System\VMAcSUO.exe

C:\Windows\System\pHydDDQ.exe

C:\Windows\System\pHydDDQ.exe

C:\Windows\System\XVEeFfr.exe

C:\Windows\System\XVEeFfr.exe

C:\Windows\System\AUEaOtB.exe

C:\Windows\System\AUEaOtB.exe

C:\Windows\System\HhvKxMu.exe

C:\Windows\System\HhvKxMu.exe

C:\Windows\System\nhDCTgE.exe

C:\Windows\System\nhDCTgE.exe

C:\Windows\System\DdHybvy.exe

C:\Windows\System\DdHybvy.exe

C:\Windows\System\mpvPIfQ.exe

C:\Windows\System\mpvPIfQ.exe

C:\Windows\System\fpTIMTU.exe

C:\Windows\System\fpTIMTU.exe

C:\Windows\System\BpJCNgS.exe

C:\Windows\System\BpJCNgS.exe

C:\Windows\System\CUtYayu.exe

C:\Windows\System\CUtYayu.exe

C:\Windows\System\jhZqEXB.exe

C:\Windows\System\jhZqEXB.exe

C:\Windows\System\CZWUFOp.exe

C:\Windows\System\CZWUFOp.exe

C:\Windows\System\tvBmcDe.exe

C:\Windows\System\tvBmcDe.exe

C:\Windows\System\uZFskQc.exe

C:\Windows\System\uZFskQc.exe

C:\Windows\System\fWpCdFl.exe

C:\Windows\System\fWpCdFl.exe

C:\Windows\System\APCEoiZ.exe

C:\Windows\System\APCEoiZ.exe

Network

Country Destination Domain Proto
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp

Files

memory/2084-0-0x000000013FCA0000-0x000000013FFF4000-memory.dmp

memory/2084-1-0x00000000000F0000-0x0000000000100000-memory.dmp

\Windows\system\GmLBvQq.exe

MD5 6a9d26c9bc20cbcb52740d43f779bf9e
SHA1 3b20123ca93dcd419186bb1d8195d3474a382d23
SHA256 930de44ecb7d36c433ab5732cd0d2eb9e1c60f0b945c5d9d69a919b520e76766
SHA512 69a4454438b31557919d7ea6c0e5304ff26bf9af708639b75e0a16f9e44dfdd31f203662b514a8d98ae3f6e71c6acb1774699227db55fd933409285786e4079b

C:\Windows\system\VibkfDn.exe

MD5 35e8461f5fad3c0a99369f3e481f0d41
SHA1 f9508b5d5ebc456b0a911607950f2f8657317afb
SHA256 924082ae7230e5f4f50b4fc4e3f6b26e2ffbda9662dfa399dbb5e2d08d1b89ac
SHA512 dae56efc903bb8fc9b747a0a22039fed60dbae6d486853b9c35f12df484284b11740056fa8a16d4518676441d11600a8efd414d08c9a86abd2ca388eb9e765ae

memory/2084-9-0x000000013F180000-0x000000013F4D4000-memory.dmp

C:\Windows\system\SoqnEXw.exe

MD5 fb474dfa7af9771f4aa5a05d1d02c14f
SHA1 f408a6ff0be3e86e79af81b67a03dbb3cf5862ea
SHA256 799808eb7a945e1fe83c948b28cd0bd0751caded78ed2df38383ad6288cd8a5d
SHA512 2ed4259ee2363ab2df83e7b2c5cf74bd4a4419fa151e1e28a23142df8cf48fb7c6b2429893b91a4d00b829dd05715ad0a96276d203b4ac63a14931d8b66bd8ca

memory/3060-20-0x000000013F810000-0x000000013FB64000-memory.dmp

memory/1720-19-0x000000013F180000-0x000000013F4D4000-memory.dmp

C:\Windows\system\fISTwJk.exe

MD5 09fcf25463cde4f30655992d19b45945
SHA1 36cfb806be411d09c89ef5e4f0f38215b58d5597
SHA256 cc9e4a190f7f3044eba850fe83360467640b505299d36f51fb833b8f08eef179
SHA512 ae96be8babfe2d9a564284f168091a6dcb99335fb0641356298a7cd1139f8f2891aea7be28b2caa392010d46efcb4c4ef45ddb452812a63a025d5def6850c6c3

memory/2632-28-0x000000013F330000-0x000000013F684000-memory.dmp

C:\Windows\system\fQqMXcp.exe

MD5 51f5f5e7e58cdb3868e58cce29396794
SHA1 3af592c0d91e7e3905c0ba14ea962abe55c11c8e
SHA256 9853c1059ba4814ad24c0a8b55b0a5c46ea089e905c34f831714c4c2b7a0f705
SHA512 c579288072344ea2a1cdd41133a1e39e15a29641e39d7b90ae36b1e55daf23b610723e4f1dd6dd634c0f629042a003fa5831e39adc9bf494f68cc5e1835ea3f4

memory/2084-42-0x000000013F510000-0x000000013F864000-memory.dmp

memory/2748-43-0x000000013F510000-0x000000013F864000-memory.dmp

memory/2616-36-0x000000013F960000-0x000000013FCB4000-memory.dmp

memory/2084-35-0x0000000001E50000-0x00000000021A4000-memory.dmp

C:\Windows\system\rEcRSES.exe

MD5 79798c003ece06d039671818850a8435
SHA1 db3092ef4039b8e6dc7ab15d9162a8270d0578a8
SHA256 387d3ee28a28261d799e0205674e81a40ab46c642510eeff72fac447622e4fa0
SHA512 dd8aa77b91ed64bea7419fcbaf216bca1fe41b6af04651533885a8f0b3b05817fe76ef7e92ffc76c4ac3470e78e6fb04b5d1fe49723c695eb78f4d0d8631c4d6

memory/2612-22-0x000000013FFF0000-0x0000000140344000-memory.dmp

memory/2084-52-0x0000000001E50000-0x00000000021A4000-memory.dmp

memory/2376-55-0x000000013F990000-0x000000013FCE4000-memory.dmp

memory/2084-54-0x0000000001E50000-0x00000000021A4000-memory.dmp

memory/2620-53-0x000000013FFA0000-0x00000001402F4000-memory.dmp

C:\Windows\system\fNKwryb.exe

MD5 fb9f50972e1e05e66ed3766e922d1048
SHA1 042c0e98737770c4566beca1e3c850d04880df1a
SHA256 a716d3b2e21173602d583f796460feb9338322967f1c4bcf2317986131efb243
SHA512 b297b551958d948ddb8067c57475dd376b49aba7848d528ce78f99bed97eab1552de59cb0bc38819544d7fa71c5f5bc5f647eeb3b7880cb1b2a80f4af5791b8b

C:\Windows\system\HwRDoJT.exe

MD5 32ffe2b2cfb82e2b9dc56de54bf837fd
SHA1 cbafa7cddffc10696bf3c72e34bf6ef86a58cb3a
SHA256 b88561545cfb2e0fabb92daf760413aeb525880c3a9fee7f523d3820ea12c486
SHA512 29d0cd07875545fb7969a1668c04ec26f109d783c654fe763d2050e39d7cb2796c4e8c80dbef29cc16ac195311e9667ba240510cec0db92fb8b8ae7e619342e6

memory/2084-27-0x000000013F330000-0x000000013F684000-memory.dmp

memory/2084-18-0x0000000001E50000-0x00000000021A4000-memory.dmp

memory/2084-13-0x000000013F810000-0x000000013FB64000-memory.dmp

memory/2084-56-0x000000013FCA0000-0x000000013FFF4000-memory.dmp

C:\Windows\system\xMCARTp.exe

MD5 3034d08d8d2a1f725de031684b2a7118
SHA1 829133d105e5bc4f7226f9d14118f2cb4205be45
SHA256 aadffc9ec728c8714c2237427c525285048495bf4a76960263641a48fe48a523
SHA512 c0323c35880dc22df4d9d81147f9eb5eafc6d178653968ac0ff467d4ef32d7f236261f082d745655d7287fc6c2128fc718e6633e7afd3419a45ef602789dfb5b

memory/1520-77-0x000000013F690000-0x000000013F9E4000-memory.dmp

C:\Windows\system\YxKkMaf.exe

MD5 2675bae8ad5caee546fe6bd1a4252828
SHA1 76dbcccbb0cc5ca95f666ad2f3086b05e41365cf
SHA256 5cf66f703577d73d94f1c6e1ee2c044e840b0ac4e78c4f1c82069eee9f965095
SHA512 b93a348390ba09491efc186ef2ab373ecf558e8049322c3fdd7dcc0e2d6942c9a7b86970b081d3f90186b1eab533272fce7d8ce82a765f9ae5703f724417c427

C:\Windows\system\ZPssSTW.exe

MD5 0744ee6a378886d5de316fc6d70cbcaa
SHA1 44a6f7703d321fd4de004ba2c6f6cd92346bde2a
SHA256 5a43ffefd1ce9720108769096b1efb4359111c7c5b8b49b9eca6d67422060e90
SHA512 b33dbe8ce60e244155a0ca1e5c2621ebaede5fb99582ce72eb90c2c2e1d20e68f579113146dc9a832292fe79e83d4d7fb6bc289cb80096bdb9f184dd8983f68e

\Windows\system\ucKghPA.exe

MD5 23ec860f1cc357f77477450ef9ccf248
SHA1 2c0eacb307b4ee6e9db506a41f4f6f1cb9f2a35f
SHA256 61c1e0177e5298559f8b0ccba9fef627dd3de489135e1a6ebf350ebacc2057ab
SHA512 8d37505f7309b7e45c3370ce97426d6e6bca77a947e8f327811f933b16e8ad5a21a212c9ceeff39b78924a1031327764a01dedf2e15b23e86eabec4c2e74805e

memory/2084-116-0x000000013F350000-0x000000013F6A4000-memory.dmp

memory/2584-119-0x000000013F770000-0x000000013FAC4000-memory.dmp

C:\Windows\system\NmajDdd.exe

MD5 7f18ccd9569356c2d88373a65b9876dc
SHA1 a4dc5d997155fb3594047f6de841bb2ed30b417b
SHA256 28bd927c5925c449c1af8ccbc5488eb70b7a02c3f7abf527496c6aa4c44f164a
SHA512 54fbbaa3cedbbe7b94c11823f8da0834f2905f5d0267637ffe7b77fd0293da8418734df83b10fef7391ebb2f7546e3facfd0a639c360434685eb0aa0bf7a86cb

\Windows\system\jaMpqay.exe

MD5 9e8f613b73b03b54e8ffc718a1e7fffa
SHA1 bfd3954ec19d6d845f1458c7e351f4d93678a5f7
SHA256 bf4ff9865908601fad3937c11727054437621dadf92ed4315f9261997162f9c9
SHA512 d60343990973968af1f716dd0b84a949961ac3659058931af3997878c902e922abde97c0ec8c802d79f712bf3ed22f24b36a56c1d01d85ab4475f96188ab28b9

memory/1816-103-0x000000013F350000-0x000000013F6A4000-memory.dmp

\Windows\system\HzBPQdS.exe

MD5 e0b80cf9325da1e24609b37f04342520
SHA1 aaadf5e91a3465d6d2104136db4ddfaae62578dc
SHA256 de2e5700ddac2bd2cc382cd3115c6adaf2a7882359aba94767e491edfb651aa2
SHA512 0d2a7531bc28f3f781c8437e10cd99b3257918c81a818507a83215fb80f681308848765e67db9c9f7caffb0d48d199affb241a7b53fe692e4d518c20792cd271

C:\Windows\system\WqXspAK.exe

MD5 b4caa1e546b1f79312ab99caf7558ea7
SHA1 6fd4e1516b010f89477bef3c17591c6e0f8861ea
SHA256 539d3901d68ed4bd361de37debe80a05dfe96faba22bdc29bfaf67f4a3d96cdf
SHA512 eea4c73539ad6510e31a8d3ae4333da041e59cc75b8d13ec71586b915426ed80691e8556958458ae9338fb92894e99a3b2bc365bc3c83112d2c8d56ed8777f04

\Windows\system\AouCxoJ.exe

MD5 ede2b8e5153167d559f1706b38e945c5
SHA1 1453edb3d046c32f026f8fd2e8cd11ade0e87ed4
SHA256 eb95ae98d0f6c1dd091da549bb22de7bbad225ba776a6e4192674dc66b24110b
SHA512 9f0bc95a6e2fb00c2ac7947a13cdf48691c9f0d1e429482c6f137d6ad5e91c133b434fefe97ba1bd1bef910a3e9795af3b4160012dbe89729434b4b80fe4ea1d

memory/2084-115-0x000000013F5A0000-0x000000013F8F4000-memory.dmp

C:\Windows\system\pEuIZBW.exe

MD5 2ecac359beb49329439ad16b033e03e6
SHA1 15c3f167c29c86be5cd7c31810b6acafb38c2a59
SHA256 b80be708c5c8e93667d5d6c215766311e1a0d188763d7549c5592fac30d1b560
SHA512 3d754db6da7d54f535b993c1cf52af14eda8bd79a07d239744a3a1a37d493a456db8eb6a98677e312580fed042153056e9051ef526a418cfe15193b708dea45d

memory/2532-108-0x000000013F2E0000-0x000000013F634000-memory.dmp

memory/2084-100-0x000000013F770000-0x000000013FAC4000-memory.dmp

memory/2084-98-0x0000000001E50000-0x00000000021A4000-memory.dmp

memory/1508-95-0x000000013F1A0000-0x000000013F4F4000-memory.dmp

C:\Windows\system\knYbqPP.exe

MD5 19b591b9a06bb33c4bc3b7a8a0a6560a
SHA1 4ceb7f1a222c4478d1ee8e610571f02dcfb57332
SHA256 5d0288ad152e85316bfaf8d2d3e6ca9b2cd959a43bab75cecdf02ef0d3909ecb
SHA512 79e6e91f8dfb7a2abf53ad614f06dae08dc616643e5dd9be244b858468ea8dfa1ff32a375714b139c2be91afdb878c79abf38dbbb4812b2a755cecdac4bacb09

memory/2084-92-0x000000013F690000-0x000000013F9E4000-memory.dmp

C:\Windows\system\BkHMIqU.exe

MD5 b1250c7f9a2fed1ee925f18f68a20a54
SHA1 08baa25cf812586fc88145e2eda285b083b55951
SHA256 44cc44f601d20331f04e059412a392236808455f2501713d9a8b50dbfdbb0a43
SHA512 851ee50e4bc31735b0d1b6495181444f38d2c324558e755fff65040df45b929f90539f5930bbe82f0488d440ca2333ff1aa77f44f1a5d1facc8920e66c2f5240

memory/2084-72-0x000000013F2E0000-0x000000013F634000-memory.dmp

\Windows\system\KgfpCsU.exe

MD5 fa1ab912742250da803edaf2829b103c
SHA1 ab704706619461b6e253906a3370837b81337929
SHA256 45f0b5d2ea5ce006804ce268301b3d05b6b0698b01808a7b1ab844b4a34fefd6
SHA512 56d52cd8245d3561da5de25f57083809dd9aed8c3de08555075256427679b0c39e9a7f3227bac38bdd9dc26ec394c0a52e228129d7c172b47095ccb642d1be22

C:\Windows\system\esppjay.exe

MD5 eedcee515cc27b1cbad9e629c1f44099
SHA1 2cd41b94d99ca26b9c4d0b3f1a130913eaae4af7
SHA256 60b1ef949fe1f1d23a9ee9f0566fcd23c04cce50a78203aed882799099bfb038
SHA512 adfedd3023e3e21240e90c2aed2c2ecb0af21e348fcf9f320b1037cbf7942ddba713429ed61b5cdd8777dd467b82da64c18a90a19fde72a40d9adcf783d1d4ae

\Windows\system\aChBCgY.exe

MD5 4048b41bfcb9b8cdda06ff0d90005722
SHA1 1d457cbb521b4960191b28608080833786511c41
SHA256 5541c3e89d1410810475e1fe8212ad58574875a5eed1e3109846df36df628e1c
SHA512 5bbc2190f9bcbc81ba94f9536fc38c14f66f674402c8fd580c302966019f7d7e606914e427d89c583848d59bd9a25a2f049ba751ab45c57ab663b2b873574f38

\Windows\system\iuEINLS.exe

MD5 b686aa0804e81d59428a84e0ee747f45
SHA1 716ed531878d0dc96bfd02fb6559c8e71ebd2cf2
SHA256 9e70cbf08bb1b68432147dc5b41522f9d9c18909ba69d8f32f30c53f7defc83a
SHA512 4060347b63529560c6158d0cc75a6c7e49ff4b841cef9c8fdd81022d351728bd8a78252b07b0e315057796275120d9d1ee8803bba0c12fe776237719c9b9cbf5

C:\Windows\system\EaWFTFb.exe

MD5 37dc778f809125dc33c77eb3a8b4e507
SHA1 2627cd69d61e8e72efc3bab3ceda99aa8488dc24
SHA256 fab6cde4cdbb4b5999d03d9ad966ea51a21eb9ab8467e4bda552fd0b21e99268
SHA512 29dc7a2c700f661f55ba2e80ee1760aa122c4b19d09380ad7a57f0cd0458468715694de47ad1ca60e06bdb2904f19aa82d9092f0a150eea8f54a3fb1d1fde4e4

C:\Windows\system\hvJfgmu.exe

MD5 823ca66a5d8789a28a6d9faa4a8aa0a8
SHA1 6b4783b290a7e8494efe20cdd0af5261af478794
SHA256 dedc1f2ae3e6ed858542b388b7a4ff09daf0f6155a0ef3fcf2fdf1de97e36c95
SHA512 dd26a9661f21452751ca34c8b05f29d66c31652d588619431b165381590ccd11968d5c0b75a89ed5187d58d9b4b31768b59890dd16f87366d18cb611234f18af

C:\Windows\system\YbyheWT.exe

MD5 8e1415a7e36648144858bc455bf6ce61
SHA1 5de4ad51a8f260dc6717cec82e321407a098008b
SHA256 19f3b10d08883bae39835d83654a4da0a5bebcf8ff3478860703159be41f1b2d
SHA512 5264321821a5f4c8ec5a1249b8c7341b58abcce32be004c203f665b6ad88fccdb9b70134e2918a6273769143fb44b41c165fe662cf2b237d80b30a5cde7ea63a

C:\Windows\system\EUdNwTR.exe

MD5 025c242047b06d995701e0326b53193a
SHA1 ea5f4a983df459cc032a0d5e0d46ae05aa9a868c
SHA256 68414b57f60f5fb1805229ab6d40b2ceef86dd644d353e05410b4e3dfbb48e82
SHA512 8ce043a4588fb64ce4409c4fab3efe8c6bad5449055a781ab78e4e6a43c3f2dff69719ab76744d9fe8ef2942b70bdd75f185521428bd33fb55025d4ed4bc4762

C:\Windows\system\kvDiqrh.exe

MD5 bb4f06ec032aa42a0f40f5eadd0cedb5
SHA1 549cccb225637a23cc2f90261250132d22098112
SHA256 f91ef873c0bd4e0ac3ed5f724658f59deadcd517ad7fd70a936a02d9afd108bc
SHA512 a7c7b63b17607e45081bae218485946679f0b5fd7164d251fe718e64b9f4abb07437c2febc64dd2f9ee095f5fd8780fbd428de3f449afb9c5f5cf9faa4752e4d

C:\Windows\system\tGrnqtd.exe

MD5 9f870323ae3737e415cf7f6d6aad34ec
SHA1 c4c56fb02b413afeb22af3c526fe94b3686087e0
SHA256 7dcb9f5bf03c1bf8105d19a96c1385700550141e549b227e9f70c7048d072bf2
SHA512 864b843a6f94eca122e24ac11a6bee89b366f07e97304bff49c8b963abceb584b3f6e232fd25f10ff2d14a31e5e564e1fe0c3bb6902e037acb90d61703a9c7f0

memory/2612-213-0x000000013FFF0000-0x0000000140344000-memory.dmp

C:\Windows\system\FjhbDfu.exe

MD5 c570948b09173568b7e9de8b06900eef
SHA1 c6e70d63dc2ed609af1fa009df4d14ae9e1f3c37
SHA256 323f212edc9109dbc2e5c175952ed82888ed98aea761cda94f00aeef0261a209
SHA512 80c699f4272ec9543f8e0eefd2f4b3cd24c4ee4945efa6e2f6c2eb51fb2004c47511ad3c35cb8f626a2bafdd440ec016c592e3a011eaeebca2abfb27c4ca6ebb

C:\Windows\system\Rjhgxye.exe

MD5 1e0da4cc86c3e6b8139ac40b69f26c7d
SHA1 fc8bf3db2d5af842bced424535db11427e83c47f
SHA256 1a02084a6170af7a1e1c9cdc318216ccbf38991e039a9d5714daf3ae3797f395
SHA512 e01ec2a263b1ff2035730053070565ce8fa8720052197fe5fde5c53b7f9dcd54f097cdf82c6427896140036c1dad0f70b37a874072d4173d8b437cf9951811f6

memory/2632-712-0x000000013F330000-0x000000013F684000-memory.dmp

memory/2084-1070-0x0000000001E50000-0x00000000021A4000-memory.dmp

memory/2616-1071-0x000000013F960000-0x000000013FCB4000-memory.dmp

memory/2376-1072-0x000000013F990000-0x000000013FCE4000-memory.dmp

memory/2084-1073-0x0000000001E50000-0x00000000021A4000-memory.dmp

memory/2620-1074-0x000000013FFA0000-0x00000001402F4000-memory.dmp

memory/2084-1075-0x000000013F690000-0x000000013F9E4000-memory.dmp

memory/2084-1076-0x0000000001E50000-0x00000000021A4000-memory.dmp

memory/2084-1077-0x000000013F5A0000-0x000000013F8F4000-memory.dmp

memory/3060-1078-0x000000013F810000-0x000000013FB64000-memory.dmp

memory/1720-1079-0x000000013F180000-0x000000013F4D4000-memory.dmp

memory/2632-1080-0x000000013F330000-0x000000013F684000-memory.dmp

memory/2748-1082-0x000000013F510000-0x000000013F864000-memory.dmp

memory/2612-1081-0x000000013FFF0000-0x0000000140344000-memory.dmp

memory/2376-1084-0x000000013F990000-0x000000013FCE4000-memory.dmp

memory/2616-1083-0x000000013F960000-0x000000013FCB4000-memory.dmp

memory/2620-1085-0x000000013FFA0000-0x00000001402F4000-memory.dmp

memory/1520-1086-0x000000013F690000-0x000000013F9E4000-memory.dmp

memory/1816-1088-0x000000013F350000-0x000000013F6A4000-memory.dmp

memory/1508-1087-0x000000013F1A0000-0x000000013F4F4000-memory.dmp

memory/2584-1089-0x000000013F770000-0x000000013FAC4000-memory.dmp

memory/2532-1090-0x000000013F2E0000-0x000000013F634000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-05 00:02

Reported

2024-06-05 00:04

Platform

win10v2004-20240508-en

Max time kernel

149s

Max time network

139s

Command Line

"C:\Users\Admin\AppData\Local\Temp\1abd62ff92b9c50bf56d4aed85579370_NeikiAnalytics.exe"

Signatures

KPOT

trojan stealer kpot

KPOT Core Executable

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

xmrig

miner xmrig

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Windows\System\GmLBvQq.exe N/A
N/A N/A C:\Windows\System\VibkfDn.exe N/A
N/A N/A C:\Windows\System\SoqnEXw.exe N/A
N/A N/A C:\Windows\System\fISTwJk.exe N/A
N/A N/A C:\Windows\System\rEcRSES.exe N/A
N/A N/A C:\Windows\System\fNKwryb.exe N/A
N/A N/A C:\Windows\System\HwRDoJT.exe N/A
N/A N/A C:\Windows\System\WqXspAK.exe N/A
N/A N/A C:\Windows\System\fQqMXcp.exe N/A
N/A N/A C:\Windows\System\BkHMIqU.exe N/A
N/A N/A C:\Windows\System\ZPssSTW.exe N/A
N/A N/A C:\Windows\System\xMCARTp.exe N/A
N/A N/A C:\Windows\System\AouCxoJ.exe N/A
N/A N/A C:\Windows\System\YxKkMaf.exe N/A
N/A N/A C:\Windows\System\NmajDdd.exe N/A
N/A N/A C:\Windows\System\knYbqPP.exe N/A
N/A N/A C:\Windows\System\HzBPQdS.exe N/A
N/A N/A C:\Windows\System\pEuIZBW.exe N/A
N/A N/A C:\Windows\System\jaMpqay.exe N/A
N/A N/A C:\Windows\System\KgfpCsU.exe N/A
N/A N/A C:\Windows\System\esppjay.exe N/A
N/A N/A C:\Windows\System\aChBCgY.exe N/A
N/A N/A C:\Windows\System\iuEINLS.exe N/A
N/A N/A C:\Windows\System\hvJfgmu.exe N/A
N/A N/A C:\Windows\System\EaWFTFb.exe N/A
N/A N/A C:\Windows\System\YbyheWT.exe N/A
N/A N/A C:\Windows\System\EUdNwTR.exe N/A
N/A N/A C:\Windows\System\Rjhgxye.exe N/A
N/A N/A C:\Windows\System\ucKghPA.exe N/A
N/A N/A C:\Windows\System\kvDiqrh.exe N/A
N/A N/A C:\Windows\System\FjhbDfu.exe N/A
N/A N/A C:\Windows\System\tGrnqtd.exe N/A
N/A N/A C:\Windows\System\nEELAIV.exe N/A
N/A N/A C:\Windows\System\NQkVBMS.exe N/A
N/A N/A C:\Windows\System\fsvzxRA.exe N/A
N/A N/A C:\Windows\System\IzCCRXm.exe N/A
N/A N/A C:\Windows\System\CxwUnKN.exe N/A
N/A N/A C:\Windows\System\zvFuNSd.exe N/A
N/A N/A C:\Windows\System\CGooJbi.exe N/A
N/A N/A C:\Windows\System\ZlvwfTp.exe N/A
N/A N/A C:\Windows\System\rpTKMZU.exe N/A
N/A N/A C:\Windows\System\ouuyhRz.exe N/A
N/A N/A C:\Windows\System\LIMyUDn.exe N/A
N/A N/A C:\Windows\System\BIXUqGi.exe N/A
N/A N/A C:\Windows\System\DVUTzQj.exe N/A
N/A N/A C:\Windows\System\vpvHgqp.exe N/A
N/A N/A C:\Windows\System\XJVZlcB.exe N/A
N/A N/A C:\Windows\System\IVFHsor.exe N/A
N/A N/A C:\Windows\System\qTxXrIX.exe N/A
N/A N/A C:\Windows\System\gUwSgUZ.exe N/A
N/A N/A C:\Windows\System\MVjOcfs.exe N/A
N/A N/A C:\Windows\System\qDGmCQM.exe N/A
N/A N/A C:\Windows\System\XfkqHKD.exe N/A
N/A N/A C:\Windows\System\cwjcMvf.exe N/A
N/A N/A C:\Windows\System\QHZKQml.exe N/A
N/A N/A C:\Windows\System\PZPURTx.exe N/A
N/A N/A C:\Windows\System\ygKWhxE.exe N/A
N/A N/A C:\Windows\System\cvJjwrh.exe N/A
N/A N/A C:\Windows\System\QOlorVr.exe N/A
N/A N/A C:\Windows\System\EmmoHgy.exe N/A
N/A N/A C:\Windows\System\HOUlDRR.exe N/A
N/A N/A C:\Windows\System\dcfAucB.exe N/A
N/A N/A C:\Windows\System\RnaCBJf.exe N/A
N/A N/A C:\Windows\System\YMJgIKa.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\System\otiPNJR.exe C:\Users\Admin\AppData\Local\Temp\1abd62ff92b9c50bf56d4aed85579370_NeikiAnalytics.exe N/A
File created C:\Windows\System\xAxtDCH.exe C:\Users\Admin\AppData\Local\Temp\1abd62ff92b9c50bf56d4aed85579370_NeikiAnalytics.exe N/A
File created C:\Windows\System\cOcEHVW.exe C:\Users\Admin\AppData\Local\Temp\1abd62ff92b9c50bf56d4aed85579370_NeikiAnalytics.exe N/A
File created C:\Windows\System\cnSDjKR.exe C:\Users\Admin\AppData\Local\Temp\1abd62ff92b9c50bf56d4aed85579370_NeikiAnalytics.exe N/A
File created C:\Windows\System\wucAMSt.exe C:\Users\Admin\AppData\Local\Temp\1abd62ff92b9c50bf56d4aed85579370_NeikiAnalytics.exe N/A
File created C:\Windows\System\ckBCSyy.exe C:\Users\Admin\AppData\Local\Temp\1abd62ff92b9c50bf56d4aed85579370_NeikiAnalytics.exe N/A
File created C:\Windows\System\rsqUAov.exe C:\Users\Admin\AppData\Local\Temp\1abd62ff92b9c50bf56d4aed85579370_NeikiAnalytics.exe N/A
File created C:\Windows\System\CUtYayu.exe C:\Users\Admin\AppData\Local\Temp\1abd62ff92b9c50bf56d4aed85579370_NeikiAnalytics.exe N/A
File created C:\Windows\System\ucKghPA.exe C:\Users\Admin\AppData\Local\Temp\1abd62ff92b9c50bf56d4aed85579370_NeikiAnalytics.exe N/A
File created C:\Windows\System\CGooJbi.exe C:\Users\Admin\AppData\Local\Temp\1abd62ff92b9c50bf56d4aed85579370_NeikiAnalytics.exe N/A
File created C:\Windows\System\tlJrFcw.exe C:\Users\Admin\AppData\Local\Temp\1abd62ff92b9c50bf56d4aed85579370_NeikiAnalytics.exe N/A
File created C:\Windows\System\iaJIywI.exe C:\Users\Admin\AppData\Local\Temp\1abd62ff92b9c50bf56d4aed85579370_NeikiAnalytics.exe N/A
File created C:\Windows\System\BCFHksn.exe C:\Users\Admin\AppData\Local\Temp\1abd62ff92b9c50bf56d4aed85579370_NeikiAnalytics.exe N/A
File created C:\Windows\System\yYQLZfZ.exe C:\Users\Admin\AppData\Local\Temp\1abd62ff92b9c50bf56d4aed85579370_NeikiAnalytics.exe N/A
File created C:\Windows\System\YsYsKja.exe C:\Users\Admin\AppData\Local\Temp\1abd62ff92b9c50bf56d4aed85579370_NeikiAnalytics.exe N/A
File created C:\Windows\System\GmLBvQq.exe C:\Users\Admin\AppData\Local\Temp\1abd62ff92b9c50bf56d4aed85579370_NeikiAnalytics.exe N/A
File created C:\Windows\System\QOlorVr.exe C:\Users\Admin\AppData\Local\Temp\1abd62ff92b9c50bf56d4aed85579370_NeikiAnalytics.exe N/A
File created C:\Windows\System\JkzvqQZ.exe C:\Users\Admin\AppData\Local\Temp\1abd62ff92b9c50bf56d4aed85579370_NeikiAnalytics.exe N/A
File created C:\Windows\System\ZNseXcI.exe C:\Users\Admin\AppData\Local\Temp\1abd62ff92b9c50bf56d4aed85579370_NeikiAnalytics.exe N/A
File created C:\Windows\System\PUbBoUE.exe C:\Users\Admin\AppData\Local\Temp\1abd62ff92b9c50bf56d4aed85579370_NeikiAnalytics.exe N/A
File created C:\Windows\System\DPwnjCe.exe C:\Users\Admin\AppData\Local\Temp\1abd62ff92b9c50bf56d4aed85579370_NeikiAnalytics.exe N/A
File created C:\Windows\System\bNSHJQV.exe C:\Users\Admin\AppData\Local\Temp\1abd62ff92b9c50bf56d4aed85579370_NeikiAnalytics.exe N/A
File created C:\Windows\System\bVwfgLA.exe C:\Users\Admin\AppData\Local\Temp\1abd62ff92b9c50bf56d4aed85579370_NeikiAnalytics.exe N/A
File created C:\Windows\System\qDGmCQM.exe C:\Users\Admin\AppData\Local\Temp\1abd62ff92b9c50bf56d4aed85579370_NeikiAnalytics.exe N/A
File created C:\Windows\System\HcaFZfE.exe C:\Users\Admin\AppData\Local\Temp\1abd62ff92b9c50bf56d4aed85579370_NeikiAnalytics.exe N/A
File created C:\Windows\System\wOFZMoe.exe C:\Users\Admin\AppData\Local\Temp\1abd62ff92b9c50bf56d4aed85579370_NeikiAnalytics.exe N/A
File created C:\Windows\System\MnsBJzs.exe C:\Users\Admin\AppData\Local\Temp\1abd62ff92b9c50bf56d4aed85579370_NeikiAnalytics.exe N/A
File created C:\Windows\System\VoZkjFz.exe C:\Users\Admin\AppData\Local\Temp\1abd62ff92b9c50bf56d4aed85579370_NeikiAnalytics.exe N/A
File created C:\Windows\System\sYxHrWC.exe C:\Users\Admin\AppData\Local\Temp\1abd62ff92b9c50bf56d4aed85579370_NeikiAnalytics.exe N/A
File created C:\Windows\System\dAjcePF.exe C:\Users\Admin\AppData\Local\Temp\1abd62ff92b9c50bf56d4aed85579370_NeikiAnalytics.exe N/A
File created C:\Windows\System\BsCmdxD.exe C:\Users\Admin\AppData\Local\Temp\1abd62ff92b9c50bf56d4aed85579370_NeikiAnalytics.exe N/A
File created C:\Windows\System\IzCCRXm.exe C:\Users\Admin\AppData\Local\Temp\1abd62ff92b9c50bf56d4aed85579370_NeikiAnalytics.exe N/A
File created C:\Windows\System\MVjOcfs.exe C:\Users\Admin\AppData\Local\Temp\1abd62ff92b9c50bf56d4aed85579370_NeikiAnalytics.exe N/A
File created C:\Windows\System\LqoXNll.exe C:\Users\Admin\AppData\Local\Temp\1abd62ff92b9c50bf56d4aed85579370_NeikiAnalytics.exe N/A
File created C:\Windows\System\WDSqDsx.exe C:\Users\Admin\AppData\Local\Temp\1abd62ff92b9c50bf56d4aed85579370_NeikiAnalytics.exe N/A
File created C:\Windows\System\oAQRlgY.exe C:\Users\Admin\AppData\Local\Temp\1abd62ff92b9c50bf56d4aed85579370_NeikiAnalytics.exe N/A
File created C:\Windows\System\FmDJXyw.exe C:\Users\Admin\AppData\Local\Temp\1abd62ff92b9c50bf56d4aed85579370_NeikiAnalytics.exe N/A
File created C:\Windows\System\ptvnDhi.exe C:\Users\Admin\AppData\Local\Temp\1abd62ff92b9c50bf56d4aed85579370_NeikiAnalytics.exe N/A
File created C:\Windows\System\sfaNErd.exe C:\Users\Admin\AppData\Local\Temp\1abd62ff92b9c50bf56d4aed85579370_NeikiAnalytics.exe N/A
File created C:\Windows\System\VibkfDn.exe C:\Users\Admin\AppData\Local\Temp\1abd62ff92b9c50bf56d4aed85579370_NeikiAnalytics.exe N/A
File created C:\Windows\System\IVFHsor.exe C:\Users\Admin\AppData\Local\Temp\1abd62ff92b9c50bf56d4aed85579370_NeikiAnalytics.exe N/A
File created C:\Windows\System\gUwSgUZ.exe C:\Users\Admin\AppData\Local\Temp\1abd62ff92b9c50bf56d4aed85579370_NeikiAnalytics.exe N/A
File created C:\Windows\System\hXUmfod.exe C:\Users\Admin\AppData\Local\Temp\1abd62ff92b9c50bf56d4aed85579370_NeikiAnalytics.exe N/A
File created C:\Windows\System\PXVbKhD.exe C:\Users\Admin\AppData\Local\Temp\1abd62ff92b9c50bf56d4aed85579370_NeikiAnalytics.exe N/A
File created C:\Windows\System\QrWrajC.exe C:\Users\Admin\AppData\Local\Temp\1abd62ff92b9c50bf56d4aed85579370_NeikiAnalytics.exe N/A
File created C:\Windows\System\PZPURTx.exe C:\Users\Admin\AppData\Local\Temp\1abd62ff92b9c50bf56d4aed85579370_NeikiAnalytics.exe N/A
File created C:\Windows\System\MbSDlTH.exe C:\Users\Admin\AppData\Local\Temp\1abd62ff92b9c50bf56d4aed85579370_NeikiAnalytics.exe N/A
File created C:\Windows\System\XViifff.exe C:\Users\Admin\AppData\Local\Temp\1abd62ff92b9c50bf56d4aed85579370_NeikiAnalytics.exe N/A
File created C:\Windows\System\uBZiXIp.exe C:\Users\Admin\AppData\Local\Temp\1abd62ff92b9c50bf56d4aed85579370_NeikiAnalytics.exe N/A
File created C:\Windows\System\TRQddyu.exe C:\Users\Admin\AppData\Local\Temp\1abd62ff92b9c50bf56d4aed85579370_NeikiAnalytics.exe N/A
File created C:\Windows\System\WUWLkZr.exe C:\Users\Admin\AppData\Local\Temp\1abd62ff92b9c50bf56d4aed85579370_NeikiAnalytics.exe N/A
File created C:\Windows\System\pmfGwuD.exe C:\Users\Admin\AppData\Local\Temp\1abd62ff92b9c50bf56d4aed85579370_NeikiAnalytics.exe N/A
File created C:\Windows\System\GikXJeN.exe C:\Users\Admin\AppData\Local\Temp\1abd62ff92b9c50bf56d4aed85579370_NeikiAnalytics.exe N/A
File created C:\Windows\System\HGvDoHt.exe C:\Users\Admin\AppData\Local\Temp\1abd62ff92b9c50bf56d4aed85579370_NeikiAnalytics.exe N/A
File created C:\Windows\System\RUzqDMj.exe C:\Users\Admin\AppData\Local\Temp\1abd62ff92b9c50bf56d4aed85579370_NeikiAnalytics.exe N/A
File created C:\Windows\System\APCEoiZ.exe C:\Users\Admin\AppData\Local\Temp\1abd62ff92b9c50bf56d4aed85579370_NeikiAnalytics.exe N/A
File created C:\Windows\System\ldlWgle.exe C:\Users\Admin\AppData\Local\Temp\1abd62ff92b9c50bf56d4aed85579370_NeikiAnalytics.exe N/A
File created C:\Windows\System\dSfpEjE.exe C:\Users\Admin\AppData\Local\Temp\1abd62ff92b9c50bf56d4aed85579370_NeikiAnalytics.exe N/A
File created C:\Windows\System\KQjMcqK.exe C:\Users\Admin\AppData\Local\Temp\1abd62ff92b9c50bf56d4aed85579370_NeikiAnalytics.exe N/A
File created C:\Windows\System\tBFRXTj.exe C:\Users\Admin\AppData\Local\Temp\1abd62ff92b9c50bf56d4aed85579370_NeikiAnalytics.exe N/A
File created C:\Windows\System\hJjHvau.exe C:\Users\Admin\AppData\Local\Temp\1abd62ff92b9c50bf56d4aed85579370_NeikiAnalytics.exe N/A
File created C:\Windows\System\nIcgaHN.exe C:\Users\Admin\AppData\Local\Temp\1abd62ff92b9c50bf56d4aed85579370_NeikiAnalytics.exe N/A
File created C:\Windows\System\shLImOP.exe C:\Users\Admin\AppData\Local\Temp\1abd62ff92b9c50bf56d4aed85579370_NeikiAnalytics.exe N/A
File created C:\Windows\System\JuSyKps.exe C:\Users\Admin\AppData\Local\Temp\1abd62ff92b9c50bf56d4aed85579370_NeikiAnalytics.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\1abd62ff92b9c50bf56d4aed85579370_NeikiAnalytics.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\1abd62ff92b9c50bf56d4aed85579370_NeikiAnalytics.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1636 wrote to memory of 1340 N/A C:\Users\Admin\AppData\Local\Temp\1abd62ff92b9c50bf56d4aed85579370_NeikiAnalytics.exe C:\Windows\System\GmLBvQq.exe
PID 1636 wrote to memory of 1340 N/A C:\Users\Admin\AppData\Local\Temp\1abd62ff92b9c50bf56d4aed85579370_NeikiAnalytics.exe C:\Windows\System\GmLBvQq.exe
PID 1636 wrote to memory of 348 N/A C:\Users\Admin\AppData\Local\Temp\1abd62ff92b9c50bf56d4aed85579370_NeikiAnalytics.exe C:\Windows\System\VibkfDn.exe
PID 1636 wrote to memory of 348 N/A C:\Users\Admin\AppData\Local\Temp\1abd62ff92b9c50bf56d4aed85579370_NeikiAnalytics.exe C:\Windows\System\VibkfDn.exe
PID 1636 wrote to memory of 4572 N/A C:\Users\Admin\AppData\Local\Temp\1abd62ff92b9c50bf56d4aed85579370_NeikiAnalytics.exe C:\Windows\System\SoqnEXw.exe
PID 1636 wrote to memory of 4572 N/A C:\Users\Admin\AppData\Local\Temp\1abd62ff92b9c50bf56d4aed85579370_NeikiAnalytics.exe C:\Windows\System\SoqnEXw.exe
PID 1636 wrote to memory of 3520 N/A C:\Users\Admin\AppData\Local\Temp\1abd62ff92b9c50bf56d4aed85579370_NeikiAnalytics.exe C:\Windows\System\fISTwJk.exe
PID 1636 wrote to memory of 3520 N/A C:\Users\Admin\AppData\Local\Temp\1abd62ff92b9c50bf56d4aed85579370_NeikiAnalytics.exe C:\Windows\System\fISTwJk.exe
PID 1636 wrote to memory of 1176 N/A C:\Users\Admin\AppData\Local\Temp\1abd62ff92b9c50bf56d4aed85579370_NeikiAnalytics.exe C:\Windows\System\rEcRSES.exe
PID 1636 wrote to memory of 1176 N/A C:\Users\Admin\AppData\Local\Temp\1abd62ff92b9c50bf56d4aed85579370_NeikiAnalytics.exe C:\Windows\System\rEcRSES.exe
PID 1636 wrote to memory of 440 N/A C:\Users\Admin\AppData\Local\Temp\1abd62ff92b9c50bf56d4aed85579370_NeikiAnalytics.exe C:\Windows\System\fQqMXcp.exe
PID 1636 wrote to memory of 440 N/A C:\Users\Admin\AppData\Local\Temp\1abd62ff92b9c50bf56d4aed85579370_NeikiAnalytics.exe C:\Windows\System\fQqMXcp.exe
PID 1636 wrote to memory of 1652 N/A C:\Users\Admin\AppData\Local\Temp\1abd62ff92b9c50bf56d4aed85579370_NeikiAnalytics.exe C:\Windows\System\fNKwryb.exe
PID 1636 wrote to memory of 1652 N/A C:\Users\Admin\AppData\Local\Temp\1abd62ff92b9c50bf56d4aed85579370_NeikiAnalytics.exe C:\Windows\System\fNKwryb.exe
PID 1636 wrote to memory of 2912 N/A C:\Users\Admin\AppData\Local\Temp\1abd62ff92b9c50bf56d4aed85579370_NeikiAnalytics.exe C:\Windows\System\HwRDoJT.exe
PID 1636 wrote to memory of 2912 N/A C:\Users\Admin\AppData\Local\Temp\1abd62ff92b9c50bf56d4aed85579370_NeikiAnalytics.exe C:\Windows\System\HwRDoJT.exe
PID 1636 wrote to memory of 1244 N/A C:\Users\Admin\AppData\Local\Temp\1abd62ff92b9c50bf56d4aed85579370_NeikiAnalytics.exe C:\Windows\System\WqXspAK.exe
PID 1636 wrote to memory of 1244 N/A C:\Users\Admin\AppData\Local\Temp\1abd62ff92b9c50bf56d4aed85579370_NeikiAnalytics.exe C:\Windows\System\WqXspAK.exe
PID 1636 wrote to memory of 1108 N/A C:\Users\Admin\AppData\Local\Temp\1abd62ff92b9c50bf56d4aed85579370_NeikiAnalytics.exe C:\Windows\System\BkHMIqU.exe
PID 1636 wrote to memory of 1108 N/A C:\Users\Admin\AppData\Local\Temp\1abd62ff92b9c50bf56d4aed85579370_NeikiAnalytics.exe C:\Windows\System\BkHMIqU.exe
PID 1636 wrote to memory of 556 N/A C:\Users\Admin\AppData\Local\Temp\1abd62ff92b9c50bf56d4aed85579370_NeikiAnalytics.exe C:\Windows\System\ZPssSTW.exe
PID 1636 wrote to memory of 556 N/A C:\Users\Admin\AppData\Local\Temp\1abd62ff92b9c50bf56d4aed85579370_NeikiAnalytics.exe C:\Windows\System\ZPssSTW.exe
PID 1636 wrote to memory of 60 N/A C:\Users\Admin\AppData\Local\Temp\1abd62ff92b9c50bf56d4aed85579370_NeikiAnalytics.exe C:\Windows\System\xMCARTp.exe
PID 1636 wrote to memory of 60 N/A C:\Users\Admin\AppData\Local\Temp\1abd62ff92b9c50bf56d4aed85579370_NeikiAnalytics.exe C:\Windows\System\xMCARTp.exe
PID 1636 wrote to memory of 1860 N/A C:\Users\Admin\AppData\Local\Temp\1abd62ff92b9c50bf56d4aed85579370_NeikiAnalytics.exe C:\Windows\System\AouCxoJ.exe
PID 1636 wrote to memory of 1860 N/A C:\Users\Admin\AppData\Local\Temp\1abd62ff92b9c50bf56d4aed85579370_NeikiAnalytics.exe C:\Windows\System\AouCxoJ.exe
PID 1636 wrote to memory of 1008 N/A C:\Users\Admin\AppData\Local\Temp\1abd62ff92b9c50bf56d4aed85579370_NeikiAnalytics.exe C:\Windows\System\YxKkMaf.exe
PID 1636 wrote to memory of 1008 N/A C:\Users\Admin\AppData\Local\Temp\1abd62ff92b9c50bf56d4aed85579370_NeikiAnalytics.exe C:\Windows\System\YxKkMaf.exe
PID 1636 wrote to memory of 2056 N/A C:\Users\Admin\AppData\Local\Temp\1abd62ff92b9c50bf56d4aed85579370_NeikiAnalytics.exe C:\Windows\System\NmajDdd.exe
PID 1636 wrote to memory of 2056 N/A C:\Users\Admin\AppData\Local\Temp\1abd62ff92b9c50bf56d4aed85579370_NeikiAnalytics.exe C:\Windows\System\NmajDdd.exe
PID 1636 wrote to memory of 2164 N/A C:\Users\Admin\AppData\Local\Temp\1abd62ff92b9c50bf56d4aed85579370_NeikiAnalytics.exe C:\Windows\System\knYbqPP.exe
PID 1636 wrote to memory of 2164 N/A C:\Users\Admin\AppData\Local\Temp\1abd62ff92b9c50bf56d4aed85579370_NeikiAnalytics.exe C:\Windows\System\knYbqPP.exe
PID 1636 wrote to memory of 1404 N/A C:\Users\Admin\AppData\Local\Temp\1abd62ff92b9c50bf56d4aed85579370_NeikiAnalytics.exe C:\Windows\System\HzBPQdS.exe
PID 1636 wrote to memory of 1404 N/A C:\Users\Admin\AppData\Local\Temp\1abd62ff92b9c50bf56d4aed85579370_NeikiAnalytics.exe C:\Windows\System\HzBPQdS.exe
PID 1636 wrote to memory of 3764 N/A C:\Users\Admin\AppData\Local\Temp\1abd62ff92b9c50bf56d4aed85579370_NeikiAnalytics.exe C:\Windows\System\pEuIZBW.exe
PID 1636 wrote to memory of 3764 N/A C:\Users\Admin\AppData\Local\Temp\1abd62ff92b9c50bf56d4aed85579370_NeikiAnalytics.exe C:\Windows\System\pEuIZBW.exe
PID 1636 wrote to memory of 4704 N/A C:\Users\Admin\AppData\Local\Temp\1abd62ff92b9c50bf56d4aed85579370_NeikiAnalytics.exe C:\Windows\System\jaMpqay.exe
PID 1636 wrote to memory of 4704 N/A C:\Users\Admin\AppData\Local\Temp\1abd62ff92b9c50bf56d4aed85579370_NeikiAnalytics.exe C:\Windows\System\jaMpqay.exe
PID 1636 wrote to memory of 2072 N/A C:\Users\Admin\AppData\Local\Temp\1abd62ff92b9c50bf56d4aed85579370_NeikiAnalytics.exe C:\Windows\System\ucKghPA.exe
PID 1636 wrote to memory of 2072 N/A C:\Users\Admin\AppData\Local\Temp\1abd62ff92b9c50bf56d4aed85579370_NeikiAnalytics.exe C:\Windows\System\ucKghPA.exe
PID 1636 wrote to memory of 4892 N/A C:\Users\Admin\AppData\Local\Temp\1abd62ff92b9c50bf56d4aed85579370_NeikiAnalytics.exe C:\Windows\System\KgfpCsU.exe
PID 1636 wrote to memory of 4892 N/A C:\Users\Admin\AppData\Local\Temp\1abd62ff92b9c50bf56d4aed85579370_NeikiAnalytics.exe C:\Windows\System\KgfpCsU.exe
PID 1636 wrote to memory of 3500 N/A C:\Users\Admin\AppData\Local\Temp\1abd62ff92b9c50bf56d4aed85579370_NeikiAnalytics.exe C:\Windows\System\esppjay.exe
PID 1636 wrote to memory of 3500 N/A C:\Users\Admin\AppData\Local\Temp\1abd62ff92b9c50bf56d4aed85579370_NeikiAnalytics.exe C:\Windows\System\esppjay.exe
PID 1636 wrote to memory of 1352 N/A C:\Users\Admin\AppData\Local\Temp\1abd62ff92b9c50bf56d4aed85579370_NeikiAnalytics.exe C:\Windows\System\aChBCgY.exe
PID 1636 wrote to memory of 1352 N/A C:\Users\Admin\AppData\Local\Temp\1abd62ff92b9c50bf56d4aed85579370_NeikiAnalytics.exe C:\Windows\System\aChBCgY.exe
PID 1636 wrote to memory of 2424 N/A C:\Users\Admin\AppData\Local\Temp\1abd62ff92b9c50bf56d4aed85579370_NeikiAnalytics.exe C:\Windows\System\iuEINLS.exe
PID 1636 wrote to memory of 2424 N/A C:\Users\Admin\AppData\Local\Temp\1abd62ff92b9c50bf56d4aed85579370_NeikiAnalytics.exe C:\Windows\System\iuEINLS.exe
PID 1636 wrote to memory of 4604 N/A C:\Users\Admin\AppData\Local\Temp\1abd62ff92b9c50bf56d4aed85579370_NeikiAnalytics.exe C:\Windows\System\hvJfgmu.exe
PID 1636 wrote to memory of 4604 N/A C:\Users\Admin\AppData\Local\Temp\1abd62ff92b9c50bf56d4aed85579370_NeikiAnalytics.exe C:\Windows\System\hvJfgmu.exe
PID 1636 wrote to memory of 1740 N/A C:\Users\Admin\AppData\Local\Temp\1abd62ff92b9c50bf56d4aed85579370_NeikiAnalytics.exe C:\Windows\System\EaWFTFb.exe
PID 1636 wrote to memory of 1740 N/A C:\Users\Admin\AppData\Local\Temp\1abd62ff92b9c50bf56d4aed85579370_NeikiAnalytics.exe C:\Windows\System\EaWFTFb.exe
PID 1636 wrote to memory of 4216 N/A C:\Users\Admin\AppData\Local\Temp\1abd62ff92b9c50bf56d4aed85579370_NeikiAnalytics.exe C:\Windows\System\YbyheWT.exe
PID 1636 wrote to memory of 4216 N/A C:\Users\Admin\AppData\Local\Temp\1abd62ff92b9c50bf56d4aed85579370_NeikiAnalytics.exe C:\Windows\System\YbyheWT.exe
PID 1636 wrote to memory of 5088 N/A C:\Users\Admin\AppData\Local\Temp\1abd62ff92b9c50bf56d4aed85579370_NeikiAnalytics.exe C:\Windows\System\EUdNwTR.exe
PID 1636 wrote to memory of 5088 N/A C:\Users\Admin\AppData\Local\Temp\1abd62ff92b9c50bf56d4aed85579370_NeikiAnalytics.exe C:\Windows\System\EUdNwTR.exe
PID 1636 wrote to memory of 1328 N/A C:\Users\Admin\AppData\Local\Temp\1abd62ff92b9c50bf56d4aed85579370_NeikiAnalytics.exe C:\Windows\System\Rjhgxye.exe
PID 1636 wrote to memory of 1328 N/A C:\Users\Admin\AppData\Local\Temp\1abd62ff92b9c50bf56d4aed85579370_NeikiAnalytics.exe C:\Windows\System\Rjhgxye.exe
PID 1636 wrote to memory of 4848 N/A C:\Users\Admin\AppData\Local\Temp\1abd62ff92b9c50bf56d4aed85579370_NeikiAnalytics.exe C:\Windows\System\kvDiqrh.exe
PID 1636 wrote to memory of 4848 N/A C:\Users\Admin\AppData\Local\Temp\1abd62ff92b9c50bf56d4aed85579370_NeikiAnalytics.exe C:\Windows\System\kvDiqrh.exe
PID 1636 wrote to memory of 4776 N/A C:\Users\Admin\AppData\Local\Temp\1abd62ff92b9c50bf56d4aed85579370_NeikiAnalytics.exe C:\Windows\System\FjhbDfu.exe
PID 1636 wrote to memory of 4776 N/A C:\Users\Admin\AppData\Local\Temp\1abd62ff92b9c50bf56d4aed85579370_NeikiAnalytics.exe C:\Windows\System\FjhbDfu.exe
PID 1636 wrote to memory of 1296 N/A C:\Users\Admin\AppData\Local\Temp\1abd62ff92b9c50bf56d4aed85579370_NeikiAnalytics.exe C:\Windows\System\tGrnqtd.exe
PID 1636 wrote to memory of 1296 N/A C:\Users\Admin\AppData\Local\Temp\1abd62ff92b9c50bf56d4aed85579370_NeikiAnalytics.exe C:\Windows\System\tGrnqtd.exe

Processes

C:\Users\Admin\AppData\Local\Temp\1abd62ff92b9c50bf56d4aed85579370_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\1abd62ff92b9c50bf56d4aed85579370_NeikiAnalytics.exe"

C:\Windows\System\GmLBvQq.exe

C:\Windows\System\GmLBvQq.exe

C:\Windows\System\VibkfDn.exe

C:\Windows\System\VibkfDn.exe

C:\Windows\System\SoqnEXw.exe

C:\Windows\System\SoqnEXw.exe

C:\Windows\System\fISTwJk.exe

C:\Windows\System\fISTwJk.exe

C:\Windows\System\rEcRSES.exe

C:\Windows\System\rEcRSES.exe

C:\Windows\System\fQqMXcp.exe

C:\Windows\System\fQqMXcp.exe

C:\Windows\System\fNKwryb.exe

C:\Windows\System\fNKwryb.exe

C:\Windows\System\HwRDoJT.exe

C:\Windows\System\HwRDoJT.exe

C:\Windows\System\WqXspAK.exe

C:\Windows\System\WqXspAK.exe

C:\Windows\System\BkHMIqU.exe

C:\Windows\System\BkHMIqU.exe

C:\Windows\System\ZPssSTW.exe

C:\Windows\System\ZPssSTW.exe

C:\Windows\System\xMCARTp.exe

C:\Windows\System\xMCARTp.exe

C:\Windows\System\AouCxoJ.exe

C:\Windows\System\AouCxoJ.exe

C:\Windows\System\YxKkMaf.exe

C:\Windows\System\YxKkMaf.exe

C:\Windows\System\NmajDdd.exe

C:\Windows\System\NmajDdd.exe

C:\Windows\System\knYbqPP.exe

C:\Windows\System\knYbqPP.exe

C:\Windows\System\HzBPQdS.exe

C:\Windows\System\HzBPQdS.exe

C:\Windows\System\pEuIZBW.exe

C:\Windows\System\pEuIZBW.exe

C:\Windows\System\jaMpqay.exe

C:\Windows\System\jaMpqay.exe

C:\Windows\System\ucKghPA.exe

C:\Windows\System\ucKghPA.exe

C:\Windows\System\KgfpCsU.exe

C:\Windows\System\KgfpCsU.exe

C:\Windows\System\esppjay.exe

C:\Windows\System\esppjay.exe

C:\Windows\System\aChBCgY.exe

C:\Windows\System\aChBCgY.exe

C:\Windows\System\iuEINLS.exe

C:\Windows\System\iuEINLS.exe

C:\Windows\System\hvJfgmu.exe

C:\Windows\System\hvJfgmu.exe

C:\Windows\System\EaWFTFb.exe

C:\Windows\System\EaWFTFb.exe

C:\Windows\System\YbyheWT.exe

C:\Windows\System\YbyheWT.exe

C:\Windows\System\EUdNwTR.exe

C:\Windows\System\EUdNwTR.exe

C:\Windows\System\Rjhgxye.exe

C:\Windows\System\Rjhgxye.exe

C:\Windows\System\kvDiqrh.exe

C:\Windows\System\kvDiqrh.exe

C:\Windows\System\FjhbDfu.exe

C:\Windows\System\FjhbDfu.exe

C:\Windows\System\tGrnqtd.exe

C:\Windows\System\tGrnqtd.exe

C:\Windows\System\nEELAIV.exe

C:\Windows\System\nEELAIV.exe

C:\Windows\System\NQkVBMS.exe

C:\Windows\System\NQkVBMS.exe

C:\Windows\System\fsvzxRA.exe

C:\Windows\System\fsvzxRA.exe

C:\Windows\System\IzCCRXm.exe

C:\Windows\System\IzCCRXm.exe

C:\Windows\System\CxwUnKN.exe

C:\Windows\System\CxwUnKN.exe

C:\Windows\System\zvFuNSd.exe

C:\Windows\System\zvFuNSd.exe

C:\Windows\System\CGooJbi.exe

C:\Windows\System\CGooJbi.exe

C:\Windows\System\ZlvwfTp.exe

C:\Windows\System\ZlvwfTp.exe

C:\Windows\System\rpTKMZU.exe

C:\Windows\System\rpTKMZU.exe

C:\Windows\System\ouuyhRz.exe

C:\Windows\System\ouuyhRz.exe

C:\Windows\System\LIMyUDn.exe

C:\Windows\System\LIMyUDn.exe

C:\Windows\System\BIXUqGi.exe

C:\Windows\System\BIXUqGi.exe

C:\Windows\System\DVUTzQj.exe

C:\Windows\System\DVUTzQj.exe

C:\Windows\System\vpvHgqp.exe

C:\Windows\System\vpvHgqp.exe

C:\Windows\System\XJVZlcB.exe

C:\Windows\System\XJVZlcB.exe

C:\Windows\System\IVFHsor.exe

C:\Windows\System\IVFHsor.exe

C:\Windows\System\qTxXrIX.exe

C:\Windows\System\qTxXrIX.exe

C:\Windows\System\gUwSgUZ.exe

C:\Windows\System\gUwSgUZ.exe

C:\Windows\System\MVjOcfs.exe

C:\Windows\System\MVjOcfs.exe

C:\Windows\System\qDGmCQM.exe

C:\Windows\System\qDGmCQM.exe

C:\Windows\System\XfkqHKD.exe

C:\Windows\System\XfkqHKD.exe

C:\Windows\System\cwjcMvf.exe

C:\Windows\System\cwjcMvf.exe

C:\Windows\System\QHZKQml.exe

C:\Windows\System\QHZKQml.exe

C:\Windows\System\PZPURTx.exe

C:\Windows\System\PZPURTx.exe

C:\Windows\System\ygKWhxE.exe

C:\Windows\System\ygKWhxE.exe

C:\Windows\System\cvJjwrh.exe

C:\Windows\System\cvJjwrh.exe

C:\Windows\System\QOlorVr.exe

C:\Windows\System\QOlorVr.exe

C:\Windows\System\EmmoHgy.exe

C:\Windows\System\EmmoHgy.exe

C:\Windows\System\HOUlDRR.exe

C:\Windows\System\HOUlDRR.exe

C:\Windows\System\dcfAucB.exe

C:\Windows\System\dcfAucB.exe

C:\Windows\System\RnaCBJf.exe

C:\Windows\System\RnaCBJf.exe

C:\Windows\System\YMJgIKa.exe

C:\Windows\System\YMJgIKa.exe

C:\Windows\System\tvHxvOY.exe

C:\Windows\System\tvHxvOY.exe

C:\Windows\System\cfIEerD.exe

C:\Windows\System\cfIEerD.exe

C:\Windows\System\XmzUHdv.exe

C:\Windows\System\XmzUHdv.exe

C:\Windows\System\eYwmAmr.exe

C:\Windows\System\eYwmAmr.exe

C:\Windows\System\kZjjtsZ.exe

C:\Windows\System\kZjjtsZ.exe

C:\Windows\System\jqtwLZk.exe

C:\Windows\System\jqtwLZk.exe

C:\Windows\System\qGacWgU.exe

C:\Windows\System\qGacWgU.exe

C:\Windows\System\ZNiAuUE.exe

C:\Windows\System\ZNiAuUE.exe

C:\Windows\System\KtWIzUf.exe

C:\Windows\System\KtWIzUf.exe

C:\Windows\System\ynOdGwB.exe

C:\Windows\System\ynOdGwB.exe

C:\Windows\System\YdiMPMW.exe

C:\Windows\System\YdiMPMW.exe

C:\Windows\System\JkzvqQZ.exe

C:\Windows\System\JkzvqQZ.exe

C:\Windows\System\FTBdDjU.exe

C:\Windows\System\FTBdDjU.exe

C:\Windows\System\MvXmhgL.exe

C:\Windows\System\MvXmhgL.exe

C:\Windows\System\QujBOnK.exe

C:\Windows\System\QujBOnK.exe

C:\Windows\System\FWQFpkn.exe

C:\Windows\System\FWQFpkn.exe

C:\Windows\System\wucAMSt.exe

C:\Windows\System\wucAMSt.exe

C:\Windows\System\hXUmfod.exe

C:\Windows\System\hXUmfod.exe

C:\Windows\System\fRHNWsC.exe

C:\Windows\System\fRHNWsC.exe

C:\Windows\System\ldlWgle.exe

C:\Windows\System\ldlWgle.exe

C:\Windows\System\yyRMnaZ.exe

C:\Windows\System\yyRMnaZ.exe

C:\Windows\System\kInezyS.exe

C:\Windows\System\kInezyS.exe

C:\Windows\System\tyfgSOy.exe

C:\Windows\System\tyfgSOy.exe

C:\Windows\System\ImhCmJX.exe

C:\Windows\System\ImhCmJX.exe

C:\Windows\System\gFwZANB.exe

C:\Windows\System\gFwZANB.exe

C:\Windows\System\HcaFZfE.exe

C:\Windows\System\HcaFZfE.exe

C:\Windows\System\RYWsAfz.exe

C:\Windows\System\RYWsAfz.exe

C:\Windows\System\aadrHYI.exe

C:\Windows\System\aadrHYI.exe

C:\Windows\System\DZtRNQx.exe

C:\Windows\System\DZtRNQx.exe

C:\Windows\System\eAnGAdT.exe

C:\Windows\System\eAnGAdT.exe

C:\Windows\System\ZhAeicz.exe

C:\Windows\System\ZhAeicz.exe

C:\Windows\System\ROKVbYQ.exe

C:\Windows\System\ROKVbYQ.exe

C:\Windows\System\QfczLpr.exe

C:\Windows\System\QfczLpr.exe

C:\Windows\System\XkkzZgr.exe

C:\Windows\System\XkkzZgr.exe

C:\Windows\System\TabZwik.exe

C:\Windows\System\TabZwik.exe

C:\Windows\System\dSfpEjE.exe

C:\Windows\System\dSfpEjE.exe

C:\Windows\System\wOFZMoe.exe

C:\Windows\System\wOFZMoe.exe

C:\Windows\System\pmfGwuD.exe

C:\Windows\System\pmfGwuD.exe

C:\Windows\System\GikXJeN.exe

C:\Windows\System\GikXJeN.exe

C:\Windows\System\eZPStGT.exe

C:\Windows\System\eZPStGT.exe

C:\Windows\System\DPwnjCe.exe

C:\Windows\System\DPwnjCe.exe

C:\Windows\System\xyeDaZD.exe

C:\Windows\System\xyeDaZD.exe

C:\Windows\System\vPMNoWS.exe

C:\Windows\System\vPMNoWS.exe

C:\Windows\System\MnsBJzs.exe

C:\Windows\System\MnsBJzs.exe

C:\Windows\System\HnjIUzr.exe

C:\Windows\System\HnjIUzr.exe

C:\Windows\System\PXVbKhD.exe

C:\Windows\System\PXVbKhD.exe

C:\Windows\System\LDgbTCF.exe

C:\Windows\System\LDgbTCF.exe

C:\Windows\System\GJzgUzG.exe

C:\Windows\System\GJzgUzG.exe

C:\Windows\System\NUDonDq.exe

C:\Windows\System\NUDonDq.exe

C:\Windows\System\LmNZezF.exe

C:\Windows\System\LmNZezF.exe

C:\Windows\System\bDmDkVF.exe

C:\Windows\System\bDmDkVF.exe

C:\Windows\System\LdLwXZR.exe

C:\Windows\System\LdLwXZR.exe

C:\Windows\System\pKIDiir.exe

C:\Windows\System\pKIDiir.exe

C:\Windows\System\MOnpABX.exe

C:\Windows\System\MOnpABX.exe

C:\Windows\System\LqoXNll.exe

C:\Windows\System\LqoXNll.exe

C:\Windows\System\MTfUGVT.exe

C:\Windows\System\MTfUGVT.exe

C:\Windows\System\JuSyKps.exe

C:\Windows\System\JuSyKps.exe

C:\Windows\System\HGvDoHt.exe

C:\Windows\System\HGvDoHt.exe

C:\Windows\System\eMnVnQq.exe

C:\Windows\System\eMnVnQq.exe

C:\Windows\System\qQzLvFu.exe

C:\Windows\System\qQzLvFu.exe

C:\Windows\System\kyYQfLU.exe

C:\Windows\System\kyYQfLU.exe

C:\Windows\System\gJkTZSJ.exe

C:\Windows\System\gJkTZSJ.exe

C:\Windows\System\LnXmTQw.exe

C:\Windows\System\LnXmTQw.exe

C:\Windows\System\xduWHbz.exe

C:\Windows\System\xduWHbz.exe

C:\Windows\System\ckBCSyy.exe

C:\Windows\System\ckBCSyy.exe

C:\Windows\System\FmUSFHA.exe

C:\Windows\System\FmUSFHA.exe

C:\Windows\System\HbfTSqs.exe

C:\Windows\System\HbfTSqs.exe

C:\Windows\System\NUwNKpN.exe

C:\Windows\System\NUwNKpN.exe

C:\Windows\System\TTVXMQR.exe

C:\Windows\System\TTVXMQR.exe

C:\Windows\System\IrRIxoK.exe

C:\Windows\System\IrRIxoK.exe

C:\Windows\System\WWqGvhQ.exe

C:\Windows\System\WWqGvhQ.exe

C:\Windows\System\gkpHAnm.exe

C:\Windows\System\gkpHAnm.exe

C:\Windows\System\KQjMcqK.exe

C:\Windows\System\KQjMcqK.exe

C:\Windows\System\tfgOdOA.exe

C:\Windows\System\tfgOdOA.exe

C:\Windows\System\QRMKptX.exe

C:\Windows\System\QRMKptX.exe

C:\Windows\System\gTFnGrN.exe

C:\Windows\System\gTFnGrN.exe

C:\Windows\System\wscEgWU.exe

C:\Windows\System\wscEgWU.exe

C:\Windows\System\wtxVshH.exe

C:\Windows\System\wtxVshH.exe

C:\Windows\System\iuEIOTG.exe

C:\Windows\System\iuEIOTG.exe

C:\Windows\System\YSvlTNs.exe

C:\Windows\System\YSvlTNs.exe

C:\Windows\System\ZNseXcI.exe

C:\Windows\System\ZNseXcI.exe

C:\Windows\System\qZQiWup.exe

C:\Windows\System\qZQiWup.exe

C:\Windows\System\FJGUuuw.exe

C:\Windows\System\FJGUuuw.exe

C:\Windows\System\ocIUoJK.exe

C:\Windows\System\ocIUoJK.exe

C:\Windows\System\wNHtdcw.exe

C:\Windows\System\wNHtdcw.exe

C:\Windows\System\TbKjGQt.exe

C:\Windows\System\TbKjGQt.exe

C:\Windows\System\LdzHsOY.exe

C:\Windows\System\LdzHsOY.exe

C:\Windows\System\InNHETd.exe

C:\Windows\System\InNHETd.exe

C:\Windows\System\fDQzWKy.exe

C:\Windows\System\fDQzWKy.exe

C:\Windows\System\rsqUAov.exe

C:\Windows\System\rsqUAov.exe

C:\Windows\System\DTJFCQl.exe

C:\Windows\System\DTJFCQl.exe

C:\Windows\System\hMutUux.exe

C:\Windows\System\hMutUux.exe

C:\Windows\System\fINxxes.exe

C:\Windows\System\fINxxes.exe

C:\Windows\System\tlJrFcw.exe

C:\Windows\System\tlJrFcw.exe

C:\Windows\System\yuDmHiA.exe

C:\Windows\System\yuDmHiA.exe

C:\Windows\System\QshyUvb.exe

C:\Windows\System\QshyUvb.exe

C:\Windows\System\teQMUQI.exe

C:\Windows\System\teQMUQI.exe

C:\Windows\System\HhDvAbQ.exe

C:\Windows\System\HhDvAbQ.exe

C:\Windows\System\CNKtDcd.exe

C:\Windows\System\CNKtDcd.exe

C:\Windows\System\eHxpxZp.exe

C:\Windows\System\eHxpxZp.exe

C:\Windows\System\EdBVyqV.exe

C:\Windows\System\EdBVyqV.exe

C:\Windows\System\bNSHJQV.exe

C:\Windows\System\bNSHJQV.exe

C:\Windows\System\JShrrvq.exe

C:\Windows\System\JShrrvq.exe

C:\Windows\System\gbqarBS.exe

C:\Windows\System\gbqarBS.exe

C:\Windows\System\bGJiZkP.exe

C:\Windows\System\bGJiZkP.exe

C:\Windows\System\VHiumBM.exe

C:\Windows\System\VHiumBM.exe

C:\Windows\System\tALrUVi.exe

C:\Windows\System\tALrUVi.exe

C:\Windows\System\EOmItTB.exe

C:\Windows\System\EOmItTB.exe

C:\Windows\System\JStUVmn.exe

C:\Windows\System\JStUVmn.exe

C:\Windows\System\XZcATiQ.exe

C:\Windows\System\XZcATiQ.exe

C:\Windows\System\bYnmvJA.exe

C:\Windows\System\bYnmvJA.exe

C:\Windows\System\SyYsVdG.exe

C:\Windows\System\SyYsVdG.exe

C:\Windows\System\wlxyhoE.exe

C:\Windows\System\wlxyhoE.exe

C:\Windows\System\DupytBS.exe

C:\Windows\System\DupytBS.exe

C:\Windows\System\sPwMkHz.exe

C:\Windows\System\sPwMkHz.exe

C:\Windows\System\lfRzfIR.exe

C:\Windows\System\lfRzfIR.exe

C:\Windows\System\wrLsOuI.exe

C:\Windows\System\wrLsOuI.exe

C:\Windows\System\gekbZpZ.exe

C:\Windows\System\gekbZpZ.exe

C:\Windows\System\NxkRcZU.exe

C:\Windows\System\NxkRcZU.exe

C:\Windows\System\fDnijzJ.exe

C:\Windows\System\fDnijzJ.exe

C:\Windows\System\MbSDlTH.exe

C:\Windows\System\MbSDlTH.exe

C:\Windows\System\pjApBii.exe

C:\Windows\System\pjApBii.exe

C:\Windows\System\tQUiDzr.exe

C:\Windows\System\tQUiDzr.exe

C:\Windows\System\huEwBMV.exe

C:\Windows\System\huEwBMV.exe

C:\Windows\System\fAbBDVo.exe

C:\Windows\System\fAbBDVo.exe

C:\Windows\System\XViifff.exe

C:\Windows\System\XViifff.exe

C:\Windows\System\VjxaPOU.exe

C:\Windows\System\VjxaPOU.exe

C:\Windows\System\FbLmmUZ.exe

C:\Windows\System\FbLmmUZ.exe

C:\Windows\System\PBoDOHG.exe

C:\Windows\System\PBoDOHG.exe

C:\Windows\System\MiiIRCG.exe

C:\Windows\System\MiiIRCG.exe

C:\Windows\System\QNSZVvh.exe

C:\Windows\System\QNSZVvh.exe

C:\Windows\System\gkEFTOG.exe

C:\Windows\System\gkEFTOG.exe

C:\Windows\System\HnjGkYD.exe

C:\Windows\System\HnjGkYD.exe

C:\Windows\System\gsLFRlY.exe

C:\Windows\System\gsLFRlY.exe

C:\Windows\System\VOAMGWT.exe

C:\Windows\System\VOAMGWT.exe

C:\Windows\System\ewgZeau.exe

C:\Windows\System\ewgZeau.exe

C:\Windows\System\Gmhtyld.exe

C:\Windows\System\Gmhtyld.exe

C:\Windows\System\qCJMXjD.exe

C:\Windows\System\qCJMXjD.exe

C:\Windows\System\EXILPue.exe

C:\Windows\System\EXILPue.exe

C:\Windows\System\cSYbYHv.exe

C:\Windows\System\cSYbYHv.exe

C:\Windows\System\GCStxYV.exe

C:\Windows\System\GCStxYV.exe

C:\Windows\System\MeFNhGB.exe

C:\Windows\System\MeFNhGB.exe

C:\Windows\System\otiPNJR.exe

C:\Windows\System\otiPNJR.exe

C:\Windows\System\VoZkjFz.exe

C:\Windows\System\VoZkjFz.exe

C:\Windows\System\jEWhUvx.exe

C:\Windows\System\jEWhUvx.exe

C:\Windows\System\ODMdgsW.exe

C:\Windows\System\ODMdgsW.exe

C:\Windows\System\JgYuiEL.exe

C:\Windows\System\JgYuiEL.exe

C:\Windows\System\sYxHrWC.exe

C:\Windows\System\sYxHrWC.exe

C:\Windows\System\ZioUqyM.exe

C:\Windows\System\ZioUqyM.exe

C:\Windows\System\tBFRXTj.exe

C:\Windows\System\tBFRXTj.exe

C:\Windows\System\mbkHFLo.exe

C:\Windows\System\mbkHFLo.exe

C:\Windows\System\qppaFdX.exe

C:\Windows\System\qppaFdX.exe

C:\Windows\System\KsNyuVf.exe

C:\Windows\System\KsNyuVf.exe

C:\Windows\System\SqhurJX.exe

C:\Windows\System\SqhurJX.exe

C:\Windows\System\wcLIMlY.exe

C:\Windows\System\wcLIMlY.exe

C:\Windows\System\nGtojNt.exe

C:\Windows\System\nGtojNt.exe

C:\Windows\System\dAjcePF.exe

C:\Windows\System\dAjcePF.exe

C:\Windows\System\UdfEIth.exe

C:\Windows\System\UdfEIth.exe

C:\Windows\System\iMcabXE.exe

C:\Windows\System\iMcabXE.exe

C:\Windows\System\tTjphZQ.exe

C:\Windows\System\tTjphZQ.exe

C:\Windows\System\vcaSIAA.exe

C:\Windows\System\vcaSIAA.exe

C:\Windows\System\xAxtDCH.exe

C:\Windows\System\xAxtDCH.exe

C:\Windows\System\iaJIywI.exe

C:\Windows\System\iaJIywI.exe

C:\Windows\System\zxsRAhO.exe

C:\Windows\System\zxsRAhO.exe

C:\Windows\System\WhjrLTJ.exe

C:\Windows\System\WhjrLTJ.exe

C:\Windows\System\WLawdTy.exe

C:\Windows\System\WLawdTy.exe

C:\Windows\System\hJjHvau.exe

C:\Windows\System\hJjHvau.exe

C:\Windows\System\luwRhDS.exe

C:\Windows\System\luwRhDS.exe

C:\Windows\System\PUbBoUE.exe

C:\Windows\System\PUbBoUE.exe

C:\Windows\System\YaYMjsm.exe

C:\Windows\System\YaYMjsm.exe

C:\Windows\System\BCFHksn.exe

C:\Windows\System\BCFHksn.exe

C:\Windows\System\rJOWYgl.exe

C:\Windows\System\rJOWYgl.exe

C:\Windows\System\WDSqDsx.exe

C:\Windows\System\WDSqDsx.exe

C:\Windows\System\veEChpc.exe

C:\Windows\System\veEChpc.exe

C:\Windows\System\QVMmhZP.exe

C:\Windows\System\QVMmhZP.exe

C:\Windows\System\RUzqDMj.exe

C:\Windows\System\RUzqDMj.exe

C:\Windows\System\IxhZhSh.exe

C:\Windows\System\IxhZhSh.exe

C:\Windows\System\OAEjbXP.exe

C:\Windows\System\OAEjbXP.exe

C:\Windows\System\jkVKMdP.exe

C:\Windows\System\jkVKMdP.exe

C:\Windows\System\qcdqVwJ.exe

C:\Windows\System\qcdqVwJ.exe

C:\Windows\System\ONKbGpu.exe

C:\Windows\System\ONKbGpu.exe

C:\Windows\System\RPGCprj.exe

C:\Windows\System\RPGCprj.exe

C:\Windows\System\QrWrajC.exe

C:\Windows\System\QrWrajC.exe

C:\Windows\System\QxuPdgs.exe

C:\Windows\System\QxuPdgs.exe

C:\Windows\System\nIcgaHN.exe

C:\Windows\System\nIcgaHN.exe

C:\Windows\System\lVMqWZI.exe

C:\Windows\System\lVMqWZI.exe

C:\Windows\System\rWkMHNQ.exe

C:\Windows\System\rWkMHNQ.exe

C:\Windows\System\EMHhiFK.exe

C:\Windows\System\EMHhiFK.exe

C:\Windows\System\cgFlcep.exe

C:\Windows\System\cgFlcep.exe

C:\Windows\System\uBZiXIp.exe

C:\Windows\System\uBZiXIp.exe

C:\Windows\System\QykGCNb.exe

C:\Windows\System\QykGCNb.exe

C:\Windows\System\TrnFFYM.exe

C:\Windows\System\TrnFFYM.exe

C:\Windows\System\TRQddyu.exe

C:\Windows\System\TRQddyu.exe

C:\Windows\System\JgsEwFt.exe

C:\Windows\System\JgsEwFt.exe

C:\Windows\System\oAQRlgY.exe

C:\Windows\System\oAQRlgY.exe

C:\Windows\System\DHulhFO.exe

C:\Windows\System\DHulhFO.exe

C:\Windows\System\rYrwgfF.exe

C:\Windows\System\rYrwgfF.exe

C:\Windows\System\woanErw.exe

C:\Windows\System\woanErw.exe

C:\Windows\System\tFCmfCF.exe

C:\Windows\System\tFCmfCF.exe

C:\Windows\System\SetFQwb.exe

C:\Windows\System\SetFQwb.exe

C:\Windows\System\mAYOPaT.exe

C:\Windows\System\mAYOPaT.exe

C:\Windows\System\RWFiWgH.exe

C:\Windows\System\RWFiWgH.exe

C:\Windows\System\RpAmlCm.exe

C:\Windows\System\RpAmlCm.exe

C:\Windows\System\fwQBbxt.exe

C:\Windows\System\fwQBbxt.exe

C:\Windows\System\FmDJXyw.exe

C:\Windows\System\FmDJXyw.exe

C:\Windows\System\MHBtZJn.exe

C:\Windows\System\MHBtZJn.exe

C:\Windows\System\jIafShH.exe

C:\Windows\System\jIafShH.exe

C:\Windows\System\xfSluBW.exe

C:\Windows\System\xfSluBW.exe

C:\Windows\System\cOcEHVW.exe

C:\Windows\System\cOcEHVW.exe

C:\Windows\System\cnSDjKR.exe

C:\Windows\System\cnSDjKR.exe

C:\Windows\System\fgUWiyf.exe

C:\Windows\System\fgUWiyf.exe

C:\Windows\System\DvrfUhF.exe

C:\Windows\System\DvrfUhF.exe

C:\Windows\System\bVwfgLA.exe

C:\Windows\System\bVwfgLA.exe

C:\Windows\System\nnWwurl.exe

C:\Windows\System\nnWwurl.exe

C:\Windows\System\xVGEfuE.exe

C:\Windows\System\xVGEfuE.exe

C:\Windows\System\yajICmj.exe

C:\Windows\System\yajICmj.exe

C:\Windows\System\lZQJIFm.exe

C:\Windows\System\lZQJIFm.exe

C:\Windows\System\Wdiquej.exe

C:\Windows\System\Wdiquej.exe

C:\Windows\System\WqdGiRv.exe

C:\Windows\System\WqdGiRv.exe

C:\Windows\System\yYQLZfZ.exe

C:\Windows\System\yYQLZfZ.exe

C:\Windows\System\VjBNSwu.exe

C:\Windows\System\VjBNSwu.exe

C:\Windows\System\sVzXZwo.exe

C:\Windows\System\sVzXZwo.exe

C:\Windows\System\WUWLkZr.exe

C:\Windows\System\WUWLkZr.exe

C:\Windows\System\YsYsKja.exe

C:\Windows\System\YsYsKja.exe

C:\Windows\System\UuscBtc.exe

C:\Windows\System\UuscBtc.exe

C:\Windows\System\ptvnDhi.exe

C:\Windows\System\ptvnDhi.exe

C:\Windows\System\BsCmdxD.exe

C:\Windows\System\BsCmdxD.exe

C:\Windows\System\RGZBNmW.exe

C:\Windows\System\RGZBNmW.exe

C:\Windows\System\WABIJIO.exe

C:\Windows\System\WABIJIO.exe

C:\Windows\System\EVLeylW.exe

C:\Windows\System\EVLeylW.exe

C:\Windows\System\VUCMFSK.exe

C:\Windows\System\VUCMFSK.exe

C:\Windows\System\oOlrIxM.exe

C:\Windows\System\oOlrIxM.exe

C:\Windows\System\shLImOP.exe

C:\Windows\System\shLImOP.exe

C:\Windows\System\sfaNErd.exe

C:\Windows\System\sfaNErd.exe

C:\Windows\System\LKiiMCh.exe

C:\Windows\System\LKiiMCh.exe

C:\Windows\System\nXWexrQ.exe

C:\Windows\System\nXWexrQ.exe

C:\Windows\System\cODXsyM.exe

C:\Windows\System\cODXsyM.exe

C:\Windows\System\XXxUVZf.exe

C:\Windows\System\XXxUVZf.exe

C:\Windows\System\ZKPmFUR.exe

C:\Windows\System\ZKPmFUR.exe

C:\Windows\System\tQWvQRd.exe

C:\Windows\System\tQWvQRd.exe

C:\Windows\System\XhedDzl.exe

C:\Windows\System\XhedDzl.exe

C:\Windows\System\jPuyiUy.exe

C:\Windows\System\jPuyiUy.exe

C:\Windows\System\hrpEZav.exe

C:\Windows\System\hrpEZav.exe

C:\Windows\System\jZxiRBv.exe

C:\Windows\System\jZxiRBv.exe

C:\Windows\System\VMAcSUO.exe

C:\Windows\System\VMAcSUO.exe

C:\Windows\System\pHydDDQ.exe

C:\Windows\System\pHydDDQ.exe

C:\Windows\System\XVEeFfr.exe

C:\Windows\System\XVEeFfr.exe

C:\Windows\System\AUEaOtB.exe

C:\Windows\System\AUEaOtB.exe

C:\Windows\System\HhvKxMu.exe

C:\Windows\System\HhvKxMu.exe

C:\Windows\System\nhDCTgE.exe

C:\Windows\System\nhDCTgE.exe

C:\Windows\System\DdHybvy.exe

C:\Windows\System\DdHybvy.exe

C:\Windows\System\mpvPIfQ.exe

C:\Windows\System\mpvPIfQ.exe

C:\Windows\System\fpTIMTU.exe

C:\Windows\System\fpTIMTU.exe

C:\Windows\System\BpJCNgS.exe

C:\Windows\System\BpJCNgS.exe

C:\Windows\System\CUtYayu.exe

C:\Windows\System\CUtYayu.exe

C:\Windows\System\jhZqEXB.exe

C:\Windows\System\jhZqEXB.exe

C:\Windows\System\CZWUFOp.exe

C:\Windows\System\CZWUFOp.exe

C:\Windows\System\tvBmcDe.exe

C:\Windows\System\tvBmcDe.exe

C:\Windows\System\uZFskQc.exe

C:\Windows\System\uZFskQc.exe

C:\Windows\System\fWpCdFl.exe

C:\Windows\System\fWpCdFl.exe

C:\Windows\System\APCEoiZ.exe

C:\Windows\System\APCEoiZ.exe

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 232.168.11.51.in-addr.arpa udp
US 8.8.8.8:53 36.56.20.217.in-addr.arpa udp
US 8.8.8.8:53 136.32.126.40.in-addr.arpa udp
DE 3.120.209.58:8080 tcp
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.237:443 g.bing.com tcp
US 8.8.8.8:53 133.211.185.52.in-addr.arpa udp
US 8.8.8.8:53 237.197.79.204.in-addr.arpa udp
BE 88.221.83.187:443 www.bing.com tcp
US 8.8.8.8:53 209.205.72.20.in-addr.arpa udp
US 8.8.8.8:53 205.47.74.20.in-addr.arpa udp
US 8.8.8.8:53 187.83.221.88.in-addr.arpa udp
US 8.8.8.8:53 50.23.12.20.in-addr.arpa udp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
US 8.8.8.8:53 31.121.18.2.in-addr.arpa udp
DE 3.120.209.58:8080 tcp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
DE 3.120.209.58:8080 tcp
US 8.8.8.8:53 26.35.223.20.in-addr.arpa udp
DE 3.120.209.58:8080 tcp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp

Files

memory/1636-0-0x00007FF600A70000-0x00007FF600DC4000-memory.dmp

memory/1636-1-0x000001463B5C0000-0x000001463B5D0000-memory.dmp

C:\Windows\System\GmLBvQq.exe

MD5 6a9d26c9bc20cbcb52740d43f779bf9e
SHA1 3b20123ca93dcd419186bb1d8195d3474a382d23
SHA256 930de44ecb7d36c433ab5732cd0d2eb9e1c60f0b945c5d9d69a919b520e76766
SHA512 69a4454438b31557919d7ea6c0e5304ff26bf9af708639b75e0a16f9e44dfdd31f203662b514a8d98ae3f6e71c6acb1774699227db55fd933409285786e4079b

C:\Windows\System\rEcRSES.exe

MD5 79798c003ece06d039671818850a8435
SHA1 db3092ef4039b8e6dc7ab15d9162a8270d0578a8
SHA256 387d3ee28a28261d799e0205674e81a40ab46c642510eeff72fac447622e4fa0
SHA512 dd8aa77b91ed64bea7419fcbaf216bca1fe41b6af04651533885a8f0b3b05817fe76ef7e92ffc76c4ac3470e78e6fb04b5d1fe49723c695eb78f4d0d8631c4d6

C:\Windows\System\fNKwryb.exe

MD5 fb9f50972e1e05e66ed3766e922d1048
SHA1 042c0e98737770c4566beca1e3c850d04880df1a
SHA256 a716d3b2e21173602d583f796460feb9338322967f1c4bcf2317986131efb243
SHA512 b297b551958d948ddb8067c57475dd376b49aba7848d528ce78f99bed97eab1552de59cb0bc38819544d7fa71c5f5bc5f647eeb3b7880cb1b2a80f4af5791b8b

C:\Windows\System\ZPssSTW.exe

MD5 0744ee6a378886d5de316fc6d70cbcaa
SHA1 44a6f7703d321fd4de004ba2c6f6cd92346bde2a
SHA256 5a43ffefd1ce9720108769096b1efb4359111c7c5b8b49b9eca6d67422060e90
SHA512 b33dbe8ce60e244155a0ca1e5c2621ebaede5fb99582ce72eb90c2c2e1d20e68f579113146dc9a832292fe79e83d4d7fb6bc289cb80096bdb9f184dd8983f68e

C:\Windows\System\YxKkMaf.exe

MD5 2675bae8ad5caee546fe6bd1a4252828
SHA1 76dbcccbb0cc5ca95f666ad2f3086b05e41365cf
SHA256 5cf66f703577d73d94f1c6e1ee2c044e840b0ac4e78c4f1c82069eee9f965095
SHA512 b93a348390ba09491efc186ef2ab373ecf558e8049322c3fdd7dcc0e2d6942c9a7b86970b081d3f90186b1eab533272fce7d8ce82a765f9ae5703f724417c427

memory/2912-49-0x00007FF769AD0000-0x00007FF769E24000-memory.dmp

C:\Windows\System\YbyheWT.exe

MD5 8e1415a7e36648144858bc455bf6ce61
SHA1 5de4ad51a8f260dc6717cec82e321407a098008b
SHA256 19f3b10d08883bae39835d83654a4da0a5bebcf8ff3478860703159be41f1b2d
SHA512 5264321821a5f4c8ec5a1249b8c7341b58abcce32be004c203f665b6ad88fccdb9b70134e2918a6273769143fb44b41c165fe662cf2b237d80b30a5cde7ea63a

C:\Windows\System\IzCCRXm.exe

MD5 a4a60cfe66b9e83181127007c3f0597a
SHA1 cb358ba442f1af198d185186666bf1821136b527
SHA256 48c8bacb80a9d1a9fef845407aeeb380917d1434f26115ae8f6ae5b74f909c68
SHA512 149ef98b782bc03c59c2927afb0f4344d76f5612afc0525099fd1da9e96436022736f781932a56471041ff42c7d80538e2519beaf569615afc8c7106db68ebb7

C:\Windows\System\EUdNwTR.exe

MD5 025c242047b06d995701e0326b53193a
SHA1 ea5f4a983df459cc032a0d5e0d46ae05aa9a868c
SHA256 68414b57f60f5fb1805229ab6d40b2ceef86dd644d353e05410b4e3dfbb48e82
SHA512 8ce043a4588fb64ce4409c4fab3efe8c6bad5449055a781ab78e4e6a43c3f2dff69719ab76744d9fe8ef2942b70bdd75f185521428bd33fb55025d4ed4bc4762

memory/3764-188-0x00007FF7C2A70000-0x00007FF7C2DC4000-memory.dmp

memory/1740-194-0x00007FF74ED70000-0x00007FF74F0C4000-memory.dmp

memory/4572-199-0x00007FF6B30C0000-0x00007FF6B3414000-memory.dmp

memory/4892-203-0x00007FF73A640000-0x00007FF73A994000-memory.dmp

memory/2056-202-0x00007FF603740000-0x00007FF603A94000-memory.dmp

memory/556-201-0x00007FF614EC0000-0x00007FF615214000-memory.dmp

memory/1652-200-0x00007FF654FC0000-0x00007FF655314000-memory.dmp

memory/2072-198-0x00007FF704C90000-0x00007FF704FE4000-memory.dmp

memory/1328-197-0x00007FF72AEB0000-0x00007FF72B204000-memory.dmp

memory/5088-196-0x00007FF650560000-0x00007FF6508B4000-memory.dmp

memory/4216-195-0x00007FF71F690000-0x00007FF71F9E4000-memory.dmp

memory/4604-193-0x00007FF682DA0000-0x00007FF6830F4000-memory.dmp

memory/2424-192-0x00007FF691670000-0x00007FF6919C4000-memory.dmp

memory/1352-191-0x00007FF6FB420000-0x00007FF6FB774000-memory.dmp

memory/3500-190-0x00007FF61F840000-0x00007FF61FB94000-memory.dmp

memory/4704-189-0x00007FF741F30000-0x00007FF742284000-memory.dmp

memory/1404-187-0x00007FF7BEB30000-0x00007FF7BEE84000-memory.dmp

memory/2164-186-0x00007FF7FA2F0000-0x00007FF7FA644000-memory.dmp

memory/1008-181-0x00007FF6C2450000-0x00007FF6C27A4000-memory.dmp

C:\Windows\System\jaMpqay.exe

MD5 9e8f613b73b03b54e8ffc718a1e7fffa
SHA1 bfd3954ec19d6d845f1458c7e351f4d93678a5f7
SHA256 bf4ff9865908601fad3937c11727054437621dadf92ed4315f9261997162f9c9
SHA512 d60343990973968af1f716dd0b84a949961ac3659058931af3997878c902e922abde97c0ec8c802d79f712bf3ed22f24b36a56c1d01d85ab4475f96188ab28b9

C:\Windows\System\iuEINLS.exe

MD5 b686aa0804e81d59428a84e0ee747f45
SHA1 716ed531878d0dc96bfd02fb6559c8e71ebd2cf2
SHA256 9e70cbf08bb1b68432147dc5b41522f9d9c18909ba69d8f32f30c53f7defc83a
SHA512 4060347b63529560c6158d0cc75a6c7e49ff4b841cef9c8fdd81022d351728bd8a78252b07b0e315057796275120d9d1ee8803bba0c12fe776237719c9b9cbf5

C:\Windows\System\aChBCgY.exe

MD5 4048b41bfcb9b8cdda06ff0d90005722
SHA1 1d457cbb521b4960191b28608080833786511c41
SHA256 5541c3e89d1410810475e1fe8212ad58574875a5eed1e3109846df36df628e1c
SHA512 5bbc2190f9bcbc81ba94f9536fc38c14f66f674402c8fd580c302966019f7d7e606914e427d89c583848d59bd9a25a2f049ba751ab45c57ab663b2b873574f38

memory/1860-165-0x00007FF7FD380000-0x00007FF7FD6D4000-memory.dmp

memory/60-164-0x00007FF6E2800000-0x00007FF6E2B54000-memory.dmp

C:\Windows\System\fsvzxRA.exe

MD5 f9014a1e77754ef6f2ef6920434cc162
SHA1 12be11ddb8bf8460f8d0ccfb0b026258d77fc3c4
SHA256 6a810b3e0b187aac1e734d809876633084a6cf3445f1be01be5d67436c827d72
SHA512 1b47d6da5e5c5edce4e537805b662457bee40b6e2d8aacc539409aa330297bb131d11d24d47f018b08a356a834470c4d43df8297dcb475a8c12fb036396aad49

C:\Windows\System\KgfpCsU.exe

MD5 fa1ab912742250da803edaf2829b103c
SHA1 ab704706619461b6e253906a3370837b81337929
SHA256 45f0b5d2ea5ce006804ce268301b3d05b6b0698b01808a7b1ab844b4a34fefd6
SHA512 56d52cd8245d3561da5de25f57083809dd9aed8c3de08555075256427679b0c39e9a7f3227bac38bdd9dc26ec394c0a52e228129d7c172b47095ccb642d1be22

C:\Windows\System\NQkVBMS.exe

MD5 046941005e3384c03b9fa2cb90054b69
SHA1 29cd4cb1cab4baa5a1717dbf66835247063737aa
SHA256 43dd28beb2ea989ac8954ee34aa3adb55913ef80791e3b9dc1bb6619038b14c6
SHA512 02b7da0072dcef452af359f5b4054aebfb2cad00339e2ff7bd58ec0b6b0e91089c02d08c5e4e3700ecdbfe9ddd787d72e7f69151bf529f3f4c58e71737822b44

C:\Windows\System\nEELAIV.exe

MD5 adda52a94bdf8ebae518e0ca319a9a40
SHA1 c2e21766162c1c0ad710d37d6c586db9af735554
SHA256 afff4416ef82f19a41dcda7e028488d9c05299d7924f8beb2cb5d7f380a4053d
SHA512 73ccf44a72bdca7f918768808eb31e3218d2d0498b822d354b05ba3e4ce47d3a27a07cd307977cca46e54e373cfcaea83f5a59992753ae475b66ae57f718d2ae

C:\Windows\System\EaWFTFb.exe

MD5 37dc778f809125dc33c77eb3a8b4e507
SHA1 2627cd69d61e8e72efc3bab3ceda99aa8488dc24
SHA256 fab6cde4cdbb4b5999d03d9ad966ea51a21eb9ab8467e4bda552fd0b21e99268
SHA512 29dc7a2c700f661f55ba2e80ee1760aa122c4b19d09380ad7a57f0cd0458468715694de47ad1ca60e06bdb2904f19aa82d9092f0a150eea8f54a3fb1d1fde4e4

C:\Windows\System\hvJfgmu.exe

MD5 823ca66a5d8789a28a6d9faa4a8aa0a8
SHA1 6b4783b290a7e8494efe20cdd0af5261af478794
SHA256 dedc1f2ae3e6ed858542b388b7a4ff09daf0f6155a0ef3fcf2fdf1de97e36c95
SHA512 dd26a9661f21452751ca34c8b05f29d66c31652d588619431b165381590ccd11968d5c0b75a89ed5187d58d9b4b31768b59890dd16f87366d18cb611234f18af

C:\Windows\System\pEuIZBW.exe

MD5 2ecac359beb49329439ad16b033e03e6
SHA1 15c3f167c29c86be5cd7c31810b6acafb38c2a59
SHA256 b80be708c5c8e93667d5d6c215766311e1a0d188763d7549c5592fac30d1b560
SHA512 3d754db6da7d54f535b993c1cf52af14eda8bd79a07d239744a3a1a37d493a456db8eb6a98677e312580fed042153056e9051ef526a418cfe15193b708dea45d

C:\Windows\System\HzBPQdS.exe

MD5 e0b80cf9325da1e24609b37f04342520
SHA1 aaadf5e91a3465d6d2104136db4ddfaae62578dc
SHA256 de2e5700ddac2bd2cc382cd3115c6adaf2a7882359aba94767e491edfb651aa2
SHA512 0d2a7531bc28f3f781c8437e10cd99b3257918c81a818507a83215fb80f681308848765e67db9c9f7caffb0d48d199affb241a7b53fe692e4d518c20792cd271

memory/1108-145-0x00007FF712440000-0x00007FF712794000-memory.dmp

C:\Windows\System\esppjay.exe

MD5 eedcee515cc27b1cbad9e629c1f44099
SHA1 2cd41b94d99ca26b9c4d0b3f1a130913eaae4af7
SHA256 60b1ef949fe1f1d23a9ee9f0566fcd23c04cce50a78203aed882799099bfb038
SHA512 adfedd3023e3e21240e90c2aed2c2ecb0af21e348fcf9f320b1037cbf7942ddba713429ed61b5cdd8777dd467b82da64c18a90a19fde72a40d9adcf783d1d4ae

C:\Windows\System\tGrnqtd.exe

MD5 9f870323ae3737e415cf7f6d6aad34ec
SHA1 c4c56fb02b413afeb22af3c526fe94b3686087e0
SHA256 7dcb9f5bf03c1bf8105d19a96c1385700550141e549b227e9f70c7048d072bf2
SHA512 864b843a6f94eca122e24ac11a6bee89b366f07e97304bff49c8b963abceb584b3f6e232fd25f10ff2d14a31e5e564e1fe0c3bb6902e037acb90d61703a9c7f0

C:\Windows\System\FjhbDfu.exe

MD5 c570948b09173568b7e9de8b06900eef
SHA1 c6e70d63dc2ed609af1fa009df4d14ae9e1f3c37
SHA256 323f212edc9109dbc2e5c175952ed82888ed98aea761cda94f00aeef0261a209
SHA512 80c699f4272ec9543f8e0eefd2f4b3cd24c4ee4945efa6e2f6c2eb51fb2004c47511ad3c35cb8f626a2bafdd440ec016c592e3a011eaeebca2abfb27c4ca6ebb

C:\Windows\System\kvDiqrh.exe

MD5 bb4f06ec032aa42a0f40f5eadd0cedb5
SHA1 549cccb225637a23cc2f90261250132d22098112
SHA256 f91ef873c0bd4e0ac3ed5f724658f59deadcd517ad7fd70a936a02d9afd108bc
SHA512 a7c7b63b17607e45081bae218485946679f0b5fd7164d251fe718e64b9f4abb07437c2febc64dd2f9ee095f5fd8780fbd428de3f449afb9c5f5cf9faa4752e4d

C:\Windows\System\ucKghPA.exe

MD5 23ec860f1cc357f77477450ef9ccf248
SHA1 2c0eacb307b4ee6e9db506a41f4f6f1cb9f2a35f
SHA256 61c1e0177e5298559f8b0ccba9fef627dd3de489135e1a6ebf350ebacc2057ab
SHA512 8d37505f7309b7e45c3370ce97426d6e6bca77a947e8f327811f933b16e8ad5a21a212c9ceeff39b78924a1031327764a01dedf2e15b23e86eabec4c2e74805e

C:\Windows\System\Rjhgxye.exe

MD5 1e0da4cc86c3e6b8139ac40b69f26c7d
SHA1 fc8bf3db2d5af842bced424535db11427e83c47f
SHA256 1a02084a6170af7a1e1c9cdc318216ccbf38991e039a9d5714daf3ae3797f395
SHA512 e01ec2a263b1ff2035730053070565ce8fa8720052197fe5fde5c53b7f9dcd54f097cdf82c6427896140036c1dad0f70b37a874072d4173d8b437cf9951811f6

C:\Windows\System\AouCxoJ.exe

MD5 ede2b8e5153167d559f1706b38e945c5
SHA1 1453edb3d046c32f026f8fd2e8cd11ade0e87ed4
SHA256 eb95ae98d0f6c1dd091da549bb22de7bbad225ba776a6e4192674dc66b24110b
SHA512 9f0bc95a6e2fb00c2ac7947a13cdf48691c9f0d1e429482c6f137d6ad5e91c133b434fefe97ba1bd1bef910a3e9795af3b4160012dbe89729434b4b80fe4ea1d

C:\Windows\System\xMCARTp.exe

MD5 3034d08d8d2a1f725de031684b2a7118
SHA1 829133d105e5bc4f7226f9d14118f2cb4205be45
SHA256 aadffc9ec728c8714c2237427c525285048495bf4a76960263641a48fe48a523
SHA512 c0323c35880dc22df4d9d81147f9eb5eafc6d178653968ac0ff467d4ef32d7f236261f082d745655d7287fc6c2128fc718e6633e7afd3419a45ef602789dfb5b

C:\Windows\System\knYbqPP.exe

MD5 19b591b9a06bb33c4bc3b7a8a0a6560a
SHA1 4ceb7f1a222c4478d1ee8e610571f02dcfb57332
SHA256 5d0288ad152e85316bfaf8d2d3e6ca9b2cd959a43bab75cecdf02ef0d3909ecb
SHA512 79e6e91f8dfb7a2abf53ad614f06dae08dc616643e5dd9be244b858468ea8dfa1ff32a375714b139c2be91afdb878c79abf38dbbb4812b2a755cecdac4bacb09

C:\Windows\System\NmajDdd.exe

MD5 7f18ccd9569356c2d88373a65b9876dc
SHA1 a4dc5d997155fb3594047f6de841bb2ed30b417b
SHA256 28bd927c5925c449c1af8ccbc5488eb70b7a02c3f7abf527496c6aa4c44f164a
SHA512 54fbbaa3cedbbe7b94c11823f8da0834f2905f5d0267637ffe7b77fd0293da8418734df83b10fef7391ebb2f7546e3facfd0a639c360434685eb0aa0bf7a86cb

memory/440-106-0x00007FF7077C0000-0x00007FF707B14000-memory.dmp

C:\Windows\System\fQqMXcp.exe

MD5 51f5f5e7e58cdb3868e58cce29396794
SHA1 3af592c0d91e7e3905c0ba14ea962abe55c11c8e
SHA256 9853c1059ba4814ad24c0a8b55b0a5c46ea089e905c34f831714c4c2b7a0f705
SHA512 c579288072344ea2a1cdd41133a1e39e15a29641e39d7b90ae36b1e55daf23b610723e4f1dd6dd634c0f629042a003fa5831e39adc9bf494f68cc5e1835ea3f4

memory/1244-65-0x00007FF66EC50000-0x00007FF66EFA4000-memory.dmp

C:\Windows\System\BkHMIqU.exe

MD5 b1250c7f9a2fed1ee925f18f68a20a54
SHA1 08baa25cf812586fc88145e2eda285b083b55951
SHA256 44cc44f601d20331f04e059412a392236808455f2501713d9a8b50dbfdbb0a43
SHA512 851ee50e4bc31735b0d1b6495181444f38d2c324558e755fff65040df45b929f90539f5930bbe82f0488d440ca2333ff1aa77f44f1a5d1facc8920e66c2f5240

C:\Windows\System\WqXspAK.exe

MD5 b4caa1e546b1f79312ab99caf7558ea7
SHA1 6fd4e1516b010f89477bef3c17591c6e0f8861ea
SHA256 539d3901d68ed4bd361de37debe80a05dfe96faba22bdc29bfaf67f4a3d96cdf
SHA512 eea4c73539ad6510e31a8d3ae4333da041e59cc75b8d13ec71586b915426ed80691e8556958458ae9338fb92894e99a3b2bc365bc3c83112d2c8d56ed8777f04

C:\Windows\System\HwRDoJT.exe

MD5 32ffe2b2cfb82e2b9dc56de54bf837fd
SHA1 cbafa7cddffc10696bf3c72e34bf6ef86a58cb3a
SHA256 b88561545cfb2e0fabb92daf760413aeb525880c3a9fee7f523d3820ea12c486
SHA512 29d0cd07875545fb7969a1668c04ec26f109d783c654fe763d2050e39d7cb2796c4e8c80dbef29cc16ac195311e9667ba240510cec0db92fb8b8ae7e619342e6

memory/1176-45-0x00007FF6C3120000-0x00007FF6C3474000-memory.dmp

C:\Windows\System\fISTwJk.exe

MD5 09fcf25463cde4f30655992d19b45945
SHA1 36cfb806be411d09c89ef5e4f0f38215b58d5597
SHA256 cc9e4a190f7f3044eba850fe83360467640b505299d36f51fb833b8f08eef179
SHA512 ae96be8babfe2d9a564284f168091a6dcb99335fb0641356298a7cd1139f8f2891aea7be28b2caa392010d46efcb4c4ef45ddb452812a63a025d5def6850c6c3

C:\Windows\System\SoqnEXw.exe

MD5 fb474dfa7af9771f4aa5a05d1d02c14f
SHA1 f408a6ff0be3e86e79af81b67a03dbb3cf5862ea
SHA256 799808eb7a945e1fe83c948b28cd0bd0751caded78ed2df38383ad6288cd8a5d
SHA512 2ed4259ee2363ab2df83e7b2c5cf74bd4a4419fa151e1e28a23142df8cf48fb7c6b2429893b91a4d00b829dd05715ad0a96276d203b4ac63a14931d8b66bd8ca

memory/3520-32-0x00007FF7B94C0000-0x00007FF7B9814000-memory.dmp

C:\Windows\System\VibkfDn.exe

MD5 35e8461f5fad3c0a99369f3e481f0d41
SHA1 f9508b5d5ebc456b0a911607950f2f8657317afb
SHA256 924082ae7230e5f4f50b4fc4e3f6b26e2ffbda9662dfa399dbb5e2d08d1b89ac
SHA512 dae56efc903bb8fc9b747a0a22039fed60dbae6d486853b9c35f12df484284b11740056fa8a16d4518676441d11600a8efd414d08c9a86abd2ca388eb9e765ae

memory/348-27-0x00007FF77CCE0000-0x00007FF77D034000-memory.dmp

memory/1340-13-0x00007FF7753F0000-0x00007FF775744000-memory.dmp

memory/1636-1070-0x00007FF600A70000-0x00007FF600DC4000-memory.dmp

memory/1340-1071-0x00007FF7753F0000-0x00007FF775744000-memory.dmp

memory/1176-1073-0x00007FF6C3120000-0x00007FF6C3474000-memory.dmp

memory/348-1072-0x00007FF77CCE0000-0x00007FF77D034000-memory.dmp

memory/440-1075-0x00007FF7077C0000-0x00007FF707B14000-memory.dmp

memory/1244-1074-0x00007FF66EC50000-0x00007FF66EFA4000-memory.dmp

memory/3520-1076-0x00007FF7B94C0000-0x00007FF7B9814000-memory.dmp

memory/2912-1077-0x00007FF769AD0000-0x00007FF769E24000-memory.dmp

memory/1340-1078-0x00007FF7753F0000-0x00007FF775744000-memory.dmp

memory/348-1079-0x00007FF77CCE0000-0x00007FF77D034000-memory.dmp

memory/4572-1080-0x00007FF6B30C0000-0x00007FF6B3414000-memory.dmp

memory/3520-1081-0x00007FF7B94C0000-0x00007FF7B9814000-memory.dmp

memory/1008-1082-0x00007FF6C2450000-0x00007FF6C27A4000-memory.dmp

memory/1244-1083-0x00007FF66EC50000-0x00007FF66EFA4000-memory.dmp

memory/1652-1086-0x00007FF654FC0000-0x00007FF655314000-memory.dmp

memory/1176-1085-0x00007FF6C3120000-0x00007FF6C3474000-memory.dmp

memory/2912-1084-0x00007FF769AD0000-0x00007FF769E24000-memory.dmp

memory/1108-1087-0x00007FF712440000-0x00007FF712794000-memory.dmp

memory/4704-1089-0x00007FF741F30000-0x00007FF742284000-memory.dmp

memory/1328-1101-0x00007FF72AEB0000-0x00007FF72B204000-memory.dmp

memory/1404-1100-0x00007FF7BEB30000-0x00007FF7BEE84000-memory.dmp

memory/2164-1099-0x00007FF7FA2F0000-0x00007FF7FA644000-memory.dmp

memory/60-1098-0x00007FF6E2800000-0x00007FF6E2B54000-memory.dmp

memory/1860-1097-0x00007FF7FD380000-0x00007FF7FD6D4000-memory.dmp

memory/440-1096-0x00007FF7077C0000-0x00007FF707B14000-memory.dmp

memory/3764-1095-0x00007FF7C2A70000-0x00007FF7C2DC4000-memory.dmp

memory/4604-1094-0x00007FF682DA0000-0x00007FF6830F4000-memory.dmp

memory/2056-1093-0x00007FF603740000-0x00007FF603A94000-memory.dmp

memory/3500-1092-0x00007FF61F840000-0x00007FF61FB94000-memory.dmp

memory/1352-1091-0x00007FF6FB420000-0x00007FF6FB774000-memory.dmp

memory/4216-1090-0x00007FF71F690000-0x00007FF71F9E4000-memory.dmp

memory/2424-1088-0x00007FF691670000-0x00007FF6919C4000-memory.dmp

memory/4892-1105-0x00007FF73A640000-0x00007FF73A994000-memory.dmp

memory/2072-1106-0x00007FF704C90000-0x00007FF704FE4000-memory.dmp

memory/5088-1104-0x00007FF650560000-0x00007FF6508B4000-memory.dmp

memory/1740-1102-0x00007FF74ED70000-0x00007FF74F0C4000-memory.dmp

memory/556-1103-0x00007FF614EC0000-0x00007FF615214000-memory.dmp