Malware Analysis Report

2024-10-10 09:03

Sample ID 240605-b9h7xaaf71
Target 280022e29d8b75e5af9931f52e8a52f0_NeikiAnalytics.exe
SHA256 6523365170b041f231a266c7fd69739f4dc0441973e0a36356b94d3821066fd9
Tags
miner upx kpot xmrig stealer trojan
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

6523365170b041f231a266c7fd69739f4dc0441973e0a36356b94d3821066fd9

Threat Level: Known bad

The file 280022e29d8b75e5af9931f52e8a52f0_NeikiAnalytics.exe was found to be: Known bad.

Malicious Activity Summary

miner upx kpot xmrig stealer trojan

KPOT Core Executable

Kpot family

XMRig Miner payload

xmrig

Xmrig family

KPOT

XMRig Miner payload

UPX packed file

Loads dropped DLL

Executes dropped EXE

Drops file in Windows directory

Unsigned PE

Suspicious use of AdjustPrivilegeToken

Suspicious use of WriteProcessMemory

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-05 01:50

Signatures

KPOT Core Executable

Description Indicator Process Target
N/A N/A N/A N/A

Kpot family

kpot

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A

Xmrig family

xmrig

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-05 01:50

Reported

2024-06-05 01:53

Platform

win7-20240508-en

Max time kernel

138s

Max time network

148s

Command Line

"C:\Users\Admin\AppData\Local\Temp\280022e29d8b75e5af9931f52e8a52f0_NeikiAnalytics.exe"

Signatures

KPOT

trojan stealer kpot

KPOT Core Executable

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

xmrig

miner xmrig

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Windows\System\LMxbQLG.exe N/A
N/A N/A C:\Windows\System\JmigOve.exe N/A
N/A N/A C:\Windows\System\cJatTnP.exe N/A
N/A N/A C:\Windows\System\ypAHaCf.exe N/A
N/A N/A C:\Windows\System\FmUjPzs.exe N/A
N/A N/A C:\Windows\System\fmLlLVk.exe N/A
N/A N/A C:\Windows\System\bolHtlv.exe N/A
N/A N/A C:\Windows\System\gzMVBUy.exe N/A
N/A N/A C:\Windows\System\RmlbLBf.exe N/A
N/A N/A C:\Windows\System\scIrDJs.exe N/A
N/A N/A C:\Windows\System\GpxMBwx.exe N/A
N/A N/A C:\Windows\System\JOpXIMA.exe N/A
N/A N/A C:\Windows\System\xamimmZ.exe N/A
N/A N/A C:\Windows\System\DotioeK.exe N/A
N/A N/A C:\Windows\System\xaAsHym.exe N/A
N/A N/A C:\Windows\System\RHoliTO.exe N/A
N/A N/A C:\Windows\System\jZeACKX.exe N/A
N/A N/A C:\Windows\System\NKPpwMG.exe N/A
N/A N/A C:\Windows\System\YJOPaid.exe N/A
N/A N/A C:\Windows\System\ccCwSqc.exe N/A
N/A N/A C:\Windows\System\RCpmStr.exe N/A
N/A N/A C:\Windows\System\XmIuYTs.exe N/A
N/A N/A C:\Windows\System\PNKjLSF.exe N/A
N/A N/A C:\Windows\System\aynpyaT.exe N/A
N/A N/A C:\Windows\System\CzonaQv.exe N/A
N/A N/A C:\Windows\System\jqKbvGh.exe N/A
N/A N/A C:\Windows\System\rtEezSi.exe N/A
N/A N/A C:\Windows\System\QyWvALn.exe N/A
N/A N/A C:\Windows\System\zplbduK.exe N/A
N/A N/A C:\Windows\System\ifOfYJc.exe N/A
N/A N/A C:\Windows\System\SlxMbii.exe N/A
N/A N/A C:\Windows\System\RRgTmxG.exe N/A
N/A N/A C:\Windows\System\AgcAhRc.exe N/A
N/A N/A C:\Windows\System\eYyOneW.exe N/A
N/A N/A C:\Windows\System\bcApGTB.exe N/A
N/A N/A C:\Windows\System\ZuuEfTM.exe N/A
N/A N/A C:\Windows\System\PScnBgg.exe N/A
N/A N/A C:\Windows\System\jQLefjp.exe N/A
N/A N/A C:\Windows\System\nFLjmmt.exe N/A
N/A N/A C:\Windows\System\rZtVCZB.exe N/A
N/A N/A C:\Windows\System\QAAdMSL.exe N/A
N/A N/A C:\Windows\System\UGzVEXw.exe N/A
N/A N/A C:\Windows\System\FrGaUZr.exe N/A
N/A N/A C:\Windows\System\AYcdMHa.exe N/A
N/A N/A C:\Windows\System\zilNahi.exe N/A
N/A N/A C:\Windows\System\gmsCcvz.exe N/A
N/A N/A C:\Windows\System\yusqevs.exe N/A
N/A N/A C:\Windows\System\aYCisIj.exe N/A
N/A N/A C:\Windows\System\GywMPro.exe N/A
N/A N/A C:\Windows\System\GYIQmKP.exe N/A
N/A N/A C:\Windows\System\UPnsNID.exe N/A
N/A N/A C:\Windows\System\IZjqNgp.exe N/A
N/A N/A C:\Windows\System\JFwysGs.exe N/A
N/A N/A C:\Windows\System\pVqruqF.exe N/A
N/A N/A C:\Windows\System\kjfkCOR.exe N/A
N/A N/A C:\Windows\System\QQnivOd.exe N/A
N/A N/A C:\Windows\System\kEsiZbG.exe N/A
N/A N/A C:\Windows\System\BREqZMU.exe N/A
N/A N/A C:\Windows\System\AqCWslE.exe N/A
N/A N/A C:\Windows\System\ZZlTEnA.exe N/A
N/A N/A C:\Windows\System\ZtPVraL.exe N/A
N/A N/A C:\Windows\System\rHHPHev.exe N/A
N/A N/A C:\Windows\System\NPUmiyq.exe N/A
N/A N/A C:\Windows\System\sVnmrqP.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\280022e29d8b75e5af9931f52e8a52f0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\280022e29d8b75e5af9931f52e8a52f0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\280022e29d8b75e5af9931f52e8a52f0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\280022e29d8b75e5af9931f52e8a52f0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\280022e29d8b75e5af9931f52e8a52f0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\280022e29d8b75e5af9931f52e8a52f0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\280022e29d8b75e5af9931f52e8a52f0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\280022e29d8b75e5af9931f52e8a52f0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\280022e29d8b75e5af9931f52e8a52f0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\280022e29d8b75e5af9931f52e8a52f0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\280022e29d8b75e5af9931f52e8a52f0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\280022e29d8b75e5af9931f52e8a52f0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\280022e29d8b75e5af9931f52e8a52f0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\280022e29d8b75e5af9931f52e8a52f0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\280022e29d8b75e5af9931f52e8a52f0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\280022e29d8b75e5af9931f52e8a52f0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\280022e29d8b75e5af9931f52e8a52f0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\280022e29d8b75e5af9931f52e8a52f0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\280022e29d8b75e5af9931f52e8a52f0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\280022e29d8b75e5af9931f52e8a52f0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\280022e29d8b75e5af9931f52e8a52f0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\280022e29d8b75e5af9931f52e8a52f0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\280022e29d8b75e5af9931f52e8a52f0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\280022e29d8b75e5af9931f52e8a52f0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\280022e29d8b75e5af9931f52e8a52f0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\280022e29d8b75e5af9931f52e8a52f0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\280022e29d8b75e5af9931f52e8a52f0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\280022e29d8b75e5af9931f52e8a52f0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\280022e29d8b75e5af9931f52e8a52f0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\280022e29d8b75e5af9931f52e8a52f0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\280022e29d8b75e5af9931f52e8a52f0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\280022e29d8b75e5af9931f52e8a52f0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\280022e29d8b75e5af9931f52e8a52f0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\280022e29d8b75e5af9931f52e8a52f0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\280022e29d8b75e5af9931f52e8a52f0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\280022e29d8b75e5af9931f52e8a52f0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\280022e29d8b75e5af9931f52e8a52f0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\280022e29d8b75e5af9931f52e8a52f0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\280022e29d8b75e5af9931f52e8a52f0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\280022e29d8b75e5af9931f52e8a52f0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\280022e29d8b75e5af9931f52e8a52f0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\280022e29d8b75e5af9931f52e8a52f0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\280022e29d8b75e5af9931f52e8a52f0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\280022e29d8b75e5af9931f52e8a52f0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\280022e29d8b75e5af9931f52e8a52f0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\280022e29d8b75e5af9931f52e8a52f0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\280022e29d8b75e5af9931f52e8a52f0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\280022e29d8b75e5af9931f52e8a52f0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\280022e29d8b75e5af9931f52e8a52f0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\280022e29d8b75e5af9931f52e8a52f0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\280022e29d8b75e5af9931f52e8a52f0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\280022e29d8b75e5af9931f52e8a52f0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\280022e29d8b75e5af9931f52e8a52f0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\280022e29d8b75e5af9931f52e8a52f0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\280022e29d8b75e5af9931f52e8a52f0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\280022e29d8b75e5af9931f52e8a52f0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\280022e29d8b75e5af9931f52e8a52f0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\280022e29d8b75e5af9931f52e8a52f0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\280022e29d8b75e5af9931f52e8a52f0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\280022e29d8b75e5af9931f52e8a52f0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\280022e29d8b75e5af9931f52e8a52f0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\280022e29d8b75e5af9931f52e8a52f0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\280022e29d8b75e5af9931f52e8a52f0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\280022e29d8b75e5af9931f52e8a52f0_NeikiAnalytics.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\System\PNKjLSF.exe C:\Users\Admin\AppData\Local\Temp\280022e29d8b75e5af9931f52e8a52f0_NeikiAnalytics.exe N/A
File created C:\Windows\System\DJlamRq.exe C:\Users\Admin\AppData\Local\Temp\280022e29d8b75e5af9931f52e8a52f0_NeikiAnalytics.exe N/A
File created C:\Windows\System\VNKyZEO.exe C:\Users\Admin\AppData\Local\Temp\280022e29d8b75e5af9931f52e8a52f0_NeikiAnalytics.exe N/A
File created C:\Windows\System\niQSFhj.exe C:\Users\Admin\AppData\Local\Temp\280022e29d8b75e5af9931f52e8a52f0_NeikiAnalytics.exe N/A
File created C:\Windows\System\rjiHIlV.exe C:\Users\Admin\AppData\Local\Temp\280022e29d8b75e5af9931f52e8a52f0_NeikiAnalytics.exe N/A
File created C:\Windows\System\njppOyj.exe C:\Users\Admin\AppData\Local\Temp\280022e29d8b75e5af9931f52e8a52f0_NeikiAnalytics.exe N/A
File created C:\Windows\System\UnvtxMf.exe C:\Users\Admin\AppData\Local\Temp\280022e29d8b75e5af9931f52e8a52f0_NeikiAnalytics.exe N/A
File created C:\Windows\System\RVUgLqc.exe C:\Users\Admin\AppData\Local\Temp\280022e29d8b75e5af9931f52e8a52f0_NeikiAnalytics.exe N/A
File created C:\Windows\System\dzOnozU.exe C:\Users\Admin\AppData\Local\Temp\280022e29d8b75e5af9931f52e8a52f0_NeikiAnalytics.exe N/A
File created C:\Windows\System\yLaUaKb.exe C:\Users\Admin\AppData\Local\Temp\280022e29d8b75e5af9931f52e8a52f0_NeikiAnalytics.exe N/A
File created C:\Windows\System\AwrGfpo.exe C:\Users\Admin\AppData\Local\Temp\280022e29d8b75e5af9931f52e8a52f0_NeikiAnalytics.exe N/A
File created C:\Windows\System\wZJtJBD.exe C:\Users\Admin\AppData\Local\Temp\280022e29d8b75e5af9931f52e8a52f0_NeikiAnalytics.exe N/A
File created C:\Windows\System\IDTxnKj.exe C:\Users\Admin\AppData\Local\Temp\280022e29d8b75e5af9931f52e8a52f0_NeikiAnalytics.exe N/A
File created C:\Windows\System\fJiokLc.exe C:\Users\Admin\AppData\Local\Temp\280022e29d8b75e5af9931f52e8a52f0_NeikiAnalytics.exe N/A
File created C:\Windows\System\dxSSHnv.exe C:\Users\Admin\AppData\Local\Temp\280022e29d8b75e5af9931f52e8a52f0_NeikiAnalytics.exe N/A
File created C:\Windows\System\noAjioW.exe C:\Users\Admin\AppData\Local\Temp\280022e29d8b75e5af9931f52e8a52f0_NeikiAnalytics.exe N/A
File created C:\Windows\System\LDCiCto.exe C:\Users\Admin\AppData\Local\Temp\280022e29d8b75e5af9931f52e8a52f0_NeikiAnalytics.exe N/A
File created C:\Windows\System\ppNvVgY.exe C:\Users\Admin\AppData\Local\Temp\280022e29d8b75e5af9931f52e8a52f0_NeikiAnalytics.exe N/A
File created C:\Windows\System\keNgaJl.exe C:\Users\Admin\AppData\Local\Temp\280022e29d8b75e5af9931f52e8a52f0_NeikiAnalytics.exe N/A
File created C:\Windows\System\uVRGLuL.exe C:\Users\Admin\AppData\Local\Temp\280022e29d8b75e5af9931f52e8a52f0_NeikiAnalytics.exe N/A
File created C:\Windows\System\WewuBmK.exe C:\Users\Admin\AppData\Local\Temp\280022e29d8b75e5af9931f52e8a52f0_NeikiAnalytics.exe N/A
File created C:\Windows\System\GDLsywV.exe C:\Users\Admin\AppData\Local\Temp\280022e29d8b75e5af9931f52e8a52f0_NeikiAnalytics.exe N/A
File created C:\Windows\System\pXHxHtM.exe C:\Users\Admin\AppData\Local\Temp\280022e29d8b75e5af9931f52e8a52f0_NeikiAnalytics.exe N/A
File created C:\Windows\System\aYCisIj.exe C:\Users\Admin\AppData\Local\Temp\280022e29d8b75e5af9931f52e8a52f0_NeikiAnalytics.exe N/A
File created C:\Windows\System\ZtPVraL.exe C:\Users\Admin\AppData\Local\Temp\280022e29d8b75e5af9931f52e8a52f0_NeikiAnalytics.exe N/A
File created C:\Windows\System\ATxiXeA.exe C:\Users\Admin\AppData\Local\Temp\280022e29d8b75e5af9931f52e8a52f0_NeikiAnalytics.exe N/A
File created C:\Windows\System\WOChJax.exe C:\Users\Admin\AppData\Local\Temp\280022e29d8b75e5af9931f52e8a52f0_NeikiAnalytics.exe N/A
File created C:\Windows\System\nCBbktB.exe C:\Users\Admin\AppData\Local\Temp\280022e29d8b75e5af9931f52e8a52f0_NeikiAnalytics.exe N/A
File created C:\Windows\System\duJKnOS.exe C:\Users\Admin\AppData\Local\Temp\280022e29d8b75e5af9931f52e8a52f0_NeikiAnalytics.exe N/A
File created C:\Windows\System\eWDByoA.exe C:\Users\Admin\AppData\Local\Temp\280022e29d8b75e5af9931f52e8a52f0_NeikiAnalytics.exe N/A
File created C:\Windows\System\GKjiyci.exe C:\Users\Admin\AppData\Local\Temp\280022e29d8b75e5af9931f52e8a52f0_NeikiAnalytics.exe N/A
File created C:\Windows\System\IsWeZBc.exe C:\Users\Admin\AppData\Local\Temp\280022e29d8b75e5af9931f52e8a52f0_NeikiAnalytics.exe N/A
File created C:\Windows\System\bolHtlv.exe C:\Users\Admin\AppData\Local\Temp\280022e29d8b75e5af9931f52e8a52f0_NeikiAnalytics.exe N/A
File created C:\Windows\System\QyWvALn.exe C:\Users\Admin\AppData\Local\Temp\280022e29d8b75e5af9931f52e8a52f0_NeikiAnalytics.exe N/A
File created C:\Windows\System\kEsiZbG.exe C:\Users\Admin\AppData\Local\Temp\280022e29d8b75e5af9931f52e8a52f0_NeikiAnalytics.exe N/A
File created C:\Windows\System\WUXTfpg.exe C:\Users\Admin\AppData\Local\Temp\280022e29d8b75e5af9931f52e8a52f0_NeikiAnalytics.exe N/A
File created C:\Windows\System\oCdgdRW.exe C:\Users\Admin\AppData\Local\Temp\280022e29d8b75e5af9931f52e8a52f0_NeikiAnalytics.exe N/A
File created C:\Windows\System\PbFRllS.exe C:\Users\Admin\AppData\Local\Temp\280022e29d8b75e5af9931f52e8a52f0_NeikiAnalytics.exe N/A
File created C:\Windows\System\vqNtYWN.exe C:\Users\Admin\AppData\Local\Temp\280022e29d8b75e5af9931f52e8a52f0_NeikiAnalytics.exe N/A
File created C:\Windows\System\qHIGyYn.exe C:\Users\Admin\AppData\Local\Temp\280022e29d8b75e5af9931f52e8a52f0_NeikiAnalytics.exe N/A
File created C:\Windows\System\XrfIRUz.exe C:\Users\Admin\AppData\Local\Temp\280022e29d8b75e5af9931f52e8a52f0_NeikiAnalytics.exe N/A
File created C:\Windows\System\gdQbsOu.exe C:\Users\Admin\AppData\Local\Temp\280022e29d8b75e5af9931f52e8a52f0_NeikiAnalytics.exe N/A
File created C:\Windows\System\hfGaWjN.exe C:\Users\Admin\AppData\Local\Temp\280022e29d8b75e5af9931f52e8a52f0_NeikiAnalytics.exe N/A
File created C:\Windows\System\DoIBIOv.exe C:\Users\Admin\AppData\Local\Temp\280022e29d8b75e5af9931f52e8a52f0_NeikiAnalytics.exe N/A
File created C:\Windows\System\RHoliTO.exe C:\Users\Admin\AppData\Local\Temp\280022e29d8b75e5af9931f52e8a52f0_NeikiAnalytics.exe N/A
File created C:\Windows\System\IZjqNgp.exe C:\Users\Admin\AppData\Local\Temp\280022e29d8b75e5af9931f52e8a52f0_NeikiAnalytics.exe N/A
File created C:\Windows\System\eNpBroV.exe C:\Users\Admin\AppData\Local\Temp\280022e29d8b75e5af9931f52e8a52f0_NeikiAnalytics.exe N/A
File created C:\Windows\System\FljvTwr.exe C:\Users\Admin\AppData\Local\Temp\280022e29d8b75e5af9931f52e8a52f0_NeikiAnalytics.exe N/A
File created C:\Windows\System\ltFOWVW.exe C:\Users\Admin\AppData\Local\Temp\280022e29d8b75e5af9931f52e8a52f0_NeikiAnalytics.exe N/A
File created C:\Windows\System\KnpijdR.exe C:\Users\Admin\AppData\Local\Temp\280022e29d8b75e5af9931f52e8a52f0_NeikiAnalytics.exe N/A
File created C:\Windows\System\eCCKELR.exe C:\Users\Admin\AppData\Local\Temp\280022e29d8b75e5af9931f52e8a52f0_NeikiAnalytics.exe N/A
File created C:\Windows\System\GqINqvK.exe C:\Users\Admin\AppData\Local\Temp\280022e29d8b75e5af9931f52e8a52f0_NeikiAnalytics.exe N/A
File created C:\Windows\System\pVLTrEx.exe C:\Users\Admin\AppData\Local\Temp\280022e29d8b75e5af9931f52e8a52f0_NeikiAnalytics.exe N/A
File created C:\Windows\System\gzMVBUy.exe C:\Users\Admin\AppData\Local\Temp\280022e29d8b75e5af9931f52e8a52f0_NeikiAnalytics.exe N/A
File created C:\Windows\System\AgcAhRc.exe C:\Users\Admin\AppData\Local\Temp\280022e29d8b75e5af9931f52e8a52f0_NeikiAnalytics.exe N/A
File created C:\Windows\System\rHHPHev.exe C:\Users\Admin\AppData\Local\Temp\280022e29d8b75e5af9931f52e8a52f0_NeikiAnalytics.exe N/A
File created C:\Windows\System\KOhXoDA.exe C:\Users\Admin\AppData\Local\Temp\280022e29d8b75e5af9931f52e8a52f0_NeikiAnalytics.exe N/A
File created C:\Windows\System\qoSqrzN.exe C:\Users\Admin\AppData\Local\Temp\280022e29d8b75e5af9931f52e8a52f0_NeikiAnalytics.exe N/A
File created C:\Windows\System\VtjQRVy.exe C:\Users\Admin\AppData\Local\Temp\280022e29d8b75e5af9931f52e8a52f0_NeikiAnalytics.exe N/A
File created C:\Windows\System\yaYHzrl.exe C:\Users\Admin\AppData\Local\Temp\280022e29d8b75e5af9931f52e8a52f0_NeikiAnalytics.exe N/A
File created C:\Windows\System\uPfKPns.exe C:\Users\Admin\AppData\Local\Temp\280022e29d8b75e5af9931f52e8a52f0_NeikiAnalytics.exe N/A
File created C:\Windows\System\LCLBPId.exe C:\Users\Admin\AppData\Local\Temp\280022e29d8b75e5af9931f52e8a52f0_NeikiAnalytics.exe N/A
File created C:\Windows\System\ACJRFez.exe C:\Users\Admin\AppData\Local\Temp\280022e29d8b75e5af9931f52e8a52f0_NeikiAnalytics.exe N/A
File created C:\Windows\System\cJatTnP.exe C:\Users\Admin\AppData\Local\Temp\280022e29d8b75e5af9931f52e8a52f0_NeikiAnalytics.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\280022e29d8b75e5af9931f52e8a52f0_NeikiAnalytics.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\280022e29d8b75e5af9931f52e8a52f0_NeikiAnalytics.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1576 wrote to memory of 1316 N/A C:\Users\Admin\AppData\Local\Temp\280022e29d8b75e5af9931f52e8a52f0_NeikiAnalytics.exe C:\Windows\System\LMxbQLG.exe
PID 1576 wrote to memory of 1316 N/A C:\Users\Admin\AppData\Local\Temp\280022e29d8b75e5af9931f52e8a52f0_NeikiAnalytics.exe C:\Windows\System\LMxbQLG.exe
PID 1576 wrote to memory of 1316 N/A C:\Users\Admin\AppData\Local\Temp\280022e29d8b75e5af9931f52e8a52f0_NeikiAnalytics.exe C:\Windows\System\LMxbQLG.exe
PID 1576 wrote to memory of 1996 N/A C:\Users\Admin\AppData\Local\Temp\280022e29d8b75e5af9931f52e8a52f0_NeikiAnalytics.exe C:\Windows\System\FmUjPzs.exe
PID 1576 wrote to memory of 1996 N/A C:\Users\Admin\AppData\Local\Temp\280022e29d8b75e5af9931f52e8a52f0_NeikiAnalytics.exe C:\Windows\System\FmUjPzs.exe
PID 1576 wrote to memory of 1996 N/A C:\Users\Admin\AppData\Local\Temp\280022e29d8b75e5af9931f52e8a52f0_NeikiAnalytics.exe C:\Windows\System\FmUjPzs.exe
PID 1576 wrote to memory of 2320 N/A C:\Users\Admin\AppData\Local\Temp\280022e29d8b75e5af9931f52e8a52f0_NeikiAnalytics.exe C:\Windows\System\JmigOve.exe
PID 1576 wrote to memory of 2320 N/A C:\Users\Admin\AppData\Local\Temp\280022e29d8b75e5af9931f52e8a52f0_NeikiAnalytics.exe C:\Windows\System\JmigOve.exe
PID 1576 wrote to memory of 2320 N/A C:\Users\Admin\AppData\Local\Temp\280022e29d8b75e5af9931f52e8a52f0_NeikiAnalytics.exe C:\Windows\System\JmigOve.exe
PID 1576 wrote to memory of 2924 N/A C:\Users\Admin\AppData\Local\Temp\280022e29d8b75e5af9931f52e8a52f0_NeikiAnalytics.exe C:\Windows\System\bolHtlv.exe
PID 1576 wrote to memory of 2924 N/A C:\Users\Admin\AppData\Local\Temp\280022e29d8b75e5af9931f52e8a52f0_NeikiAnalytics.exe C:\Windows\System\bolHtlv.exe
PID 1576 wrote to memory of 2924 N/A C:\Users\Admin\AppData\Local\Temp\280022e29d8b75e5af9931f52e8a52f0_NeikiAnalytics.exe C:\Windows\System\bolHtlv.exe
PID 1576 wrote to memory of 2360 N/A C:\Users\Admin\AppData\Local\Temp\280022e29d8b75e5af9931f52e8a52f0_NeikiAnalytics.exe C:\Windows\System\cJatTnP.exe
PID 1576 wrote to memory of 2360 N/A C:\Users\Admin\AppData\Local\Temp\280022e29d8b75e5af9931f52e8a52f0_NeikiAnalytics.exe C:\Windows\System\cJatTnP.exe
PID 1576 wrote to memory of 2360 N/A C:\Users\Admin\AppData\Local\Temp\280022e29d8b75e5af9931f52e8a52f0_NeikiAnalytics.exe C:\Windows\System\cJatTnP.exe
PID 1576 wrote to memory of 2652 N/A C:\Users\Admin\AppData\Local\Temp\280022e29d8b75e5af9931f52e8a52f0_NeikiAnalytics.exe C:\Windows\System\gzMVBUy.exe
PID 1576 wrote to memory of 2652 N/A C:\Users\Admin\AppData\Local\Temp\280022e29d8b75e5af9931f52e8a52f0_NeikiAnalytics.exe C:\Windows\System\gzMVBUy.exe
PID 1576 wrote to memory of 2652 N/A C:\Users\Admin\AppData\Local\Temp\280022e29d8b75e5af9931f52e8a52f0_NeikiAnalytics.exe C:\Windows\System\gzMVBUy.exe
PID 1576 wrote to memory of 2740 N/A C:\Users\Admin\AppData\Local\Temp\280022e29d8b75e5af9931f52e8a52f0_NeikiAnalytics.exe C:\Windows\System\ypAHaCf.exe
PID 1576 wrote to memory of 2740 N/A C:\Users\Admin\AppData\Local\Temp\280022e29d8b75e5af9931f52e8a52f0_NeikiAnalytics.exe C:\Windows\System\ypAHaCf.exe
PID 1576 wrote to memory of 2740 N/A C:\Users\Admin\AppData\Local\Temp\280022e29d8b75e5af9931f52e8a52f0_NeikiAnalytics.exe C:\Windows\System\ypAHaCf.exe
PID 1576 wrote to memory of 2800 N/A C:\Users\Admin\AppData\Local\Temp\280022e29d8b75e5af9931f52e8a52f0_NeikiAnalytics.exe C:\Windows\System\RmlbLBf.exe
PID 1576 wrote to memory of 2800 N/A C:\Users\Admin\AppData\Local\Temp\280022e29d8b75e5af9931f52e8a52f0_NeikiAnalytics.exe C:\Windows\System\RmlbLBf.exe
PID 1576 wrote to memory of 2800 N/A C:\Users\Admin\AppData\Local\Temp\280022e29d8b75e5af9931f52e8a52f0_NeikiAnalytics.exe C:\Windows\System\RmlbLBf.exe
PID 1576 wrote to memory of 2612 N/A C:\Users\Admin\AppData\Local\Temp\280022e29d8b75e5af9931f52e8a52f0_NeikiAnalytics.exe C:\Windows\System\fmLlLVk.exe
PID 1576 wrote to memory of 2612 N/A C:\Users\Admin\AppData\Local\Temp\280022e29d8b75e5af9931f52e8a52f0_NeikiAnalytics.exe C:\Windows\System\fmLlLVk.exe
PID 1576 wrote to memory of 2612 N/A C:\Users\Admin\AppData\Local\Temp\280022e29d8b75e5af9931f52e8a52f0_NeikiAnalytics.exe C:\Windows\System\fmLlLVk.exe
PID 1576 wrote to memory of 2708 N/A C:\Users\Admin\AppData\Local\Temp\280022e29d8b75e5af9931f52e8a52f0_NeikiAnalytics.exe C:\Windows\System\GpxMBwx.exe
PID 1576 wrote to memory of 2708 N/A C:\Users\Admin\AppData\Local\Temp\280022e29d8b75e5af9931f52e8a52f0_NeikiAnalytics.exe C:\Windows\System\GpxMBwx.exe
PID 1576 wrote to memory of 2708 N/A C:\Users\Admin\AppData\Local\Temp\280022e29d8b75e5af9931f52e8a52f0_NeikiAnalytics.exe C:\Windows\System\GpxMBwx.exe
PID 1576 wrote to memory of 2160 N/A C:\Users\Admin\AppData\Local\Temp\280022e29d8b75e5af9931f52e8a52f0_NeikiAnalytics.exe C:\Windows\System\scIrDJs.exe
PID 1576 wrote to memory of 2160 N/A C:\Users\Admin\AppData\Local\Temp\280022e29d8b75e5af9931f52e8a52f0_NeikiAnalytics.exe C:\Windows\System\scIrDJs.exe
PID 1576 wrote to memory of 2160 N/A C:\Users\Admin\AppData\Local\Temp\280022e29d8b75e5af9931f52e8a52f0_NeikiAnalytics.exe C:\Windows\System\scIrDJs.exe
PID 1576 wrote to memory of 2524 N/A C:\Users\Admin\AppData\Local\Temp\280022e29d8b75e5af9931f52e8a52f0_NeikiAnalytics.exe C:\Windows\System\JOpXIMA.exe
PID 1576 wrote to memory of 2524 N/A C:\Users\Admin\AppData\Local\Temp\280022e29d8b75e5af9931f52e8a52f0_NeikiAnalytics.exe C:\Windows\System\JOpXIMA.exe
PID 1576 wrote to memory of 2524 N/A C:\Users\Admin\AppData\Local\Temp\280022e29d8b75e5af9931f52e8a52f0_NeikiAnalytics.exe C:\Windows\System\JOpXIMA.exe
PID 1576 wrote to memory of 1780 N/A C:\Users\Admin\AppData\Local\Temp\280022e29d8b75e5af9931f52e8a52f0_NeikiAnalytics.exe C:\Windows\System\xamimmZ.exe
PID 1576 wrote to memory of 1780 N/A C:\Users\Admin\AppData\Local\Temp\280022e29d8b75e5af9931f52e8a52f0_NeikiAnalytics.exe C:\Windows\System\xamimmZ.exe
PID 1576 wrote to memory of 1780 N/A C:\Users\Admin\AppData\Local\Temp\280022e29d8b75e5af9931f52e8a52f0_NeikiAnalytics.exe C:\Windows\System\xamimmZ.exe
PID 1576 wrote to memory of 2684 N/A C:\Users\Admin\AppData\Local\Temp\280022e29d8b75e5af9931f52e8a52f0_NeikiAnalytics.exe C:\Windows\System\DotioeK.exe
PID 1576 wrote to memory of 2684 N/A C:\Users\Admin\AppData\Local\Temp\280022e29d8b75e5af9931f52e8a52f0_NeikiAnalytics.exe C:\Windows\System\DotioeK.exe
PID 1576 wrote to memory of 2684 N/A C:\Users\Admin\AppData\Local\Temp\280022e29d8b75e5af9931f52e8a52f0_NeikiAnalytics.exe C:\Windows\System\DotioeK.exe
PID 1576 wrote to memory of 2824 N/A C:\Users\Admin\AppData\Local\Temp\280022e29d8b75e5af9931f52e8a52f0_NeikiAnalytics.exe C:\Windows\System\xaAsHym.exe
PID 1576 wrote to memory of 2824 N/A C:\Users\Admin\AppData\Local\Temp\280022e29d8b75e5af9931f52e8a52f0_NeikiAnalytics.exe C:\Windows\System\xaAsHym.exe
PID 1576 wrote to memory of 2824 N/A C:\Users\Admin\AppData\Local\Temp\280022e29d8b75e5af9931f52e8a52f0_NeikiAnalytics.exe C:\Windows\System\xaAsHym.exe
PID 1576 wrote to memory of 2856 N/A C:\Users\Admin\AppData\Local\Temp\280022e29d8b75e5af9931f52e8a52f0_NeikiAnalytics.exe C:\Windows\System\RHoliTO.exe
PID 1576 wrote to memory of 2856 N/A C:\Users\Admin\AppData\Local\Temp\280022e29d8b75e5af9931f52e8a52f0_NeikiAnalytics.exe C:\Windows\System\RHoliTO.exe
PID 1576 wrote to memory of 2856 N/A C:\Users\Admin\AppData\Local\Temp\280022e29d8b75e5af9931f52e8a52f0_NeikiAnalytics.exe C:\Windows\System\RHoliTO.exe
PID 1576 wrote to memory of 2756 N/A C:\Users\Admin\AppData\Local\Temp\280022e29d8b75e5af9931f52e8a52f0_NeikiAnalytics.exe C:\Windows\System\jZeACKX.exe
PID 1576 wrote to memory of 2756 N/A C:\Users\Admin\AppData\Local\Temp\280022e29d8b75e5af9931f52e8a52f0_NeikiAnalytics.exe C:\Windows\System\jZeACKX.exe
PID 1576 wrote to memory of 2756 N/A C:\Users\Admin\AppData\Local\Temp\280022e29d8b75e5af9931f52e8a52f0_NeikiAnalytics.exe C:\Windows\System\jZeACKX.exe
PID 1576 wrote to memory of 1092 N/A C:\Users\Admin\AppData\Local\Temp\280022e29d8b75e5af9931f52e8a52f0_NeikiAnalytics.exe C:\Windows\System\NKPpwMG.exe
PID 1576 wrote to memory of 1092 N/A C:\Users\Admin\AppData\Local\Temp\280022e29d8b75e5af9931f52e8a52f0_NeikiAnalytics.exe C:\Windows\System\NKPpwMG.exe
PID 1576 wrote to memory of 1092 N/A C:\Users\Admin\AppData\Local\Temp\280022e29d8b75e5af9931f52e8a52f0_NeikiAnalytics.exe C:\Windows\System\NKPpwMG.exe
PID 1576 wrote to memory of 324 N/A C:\Users\Admin\AppData\Local\Temp\280022e29d8b75e5af9931f52e8a52f0_NeikiAnalytics.exe C:\Windows\System\YJOPaid.exe
PID 1576 wrote to memory of 324 N/A C:\Users\Admin\AppData\Local\Temp\280022e29d8b75e5af9931f52e8a52f0_NeikiAnalytics.exe C:\Windows\System\YJOPaid.exe
PID 1576 wrote to memory of 324 N/A C:\Users\Admin\AppData\Local\Temp\280022e29d8b75e5af9931f52e8a52f0_NeikiAnalytics.exe C:\Windows\System\YJOPaid.exe
PID 1576 wrote to memory of 2480 N/A C:\Users\Admin\AppData\Local\Temp\280022e29d8b75e5af9931f52e8a52f0_NeikiAnalytics.exe C:\Windows\System\ccCwSqc.exe
PID 1576 wrote to memory of 2480 N/A C:\Users\Admin\AppData\Local\Temp\280022e29d8b75e5af9931f52e8a52f0_NeikiAnalytics.exe C:\Windows\System\ccCwSqc.exe
PID 1576 wrote to memory of 2480 N/A C:\Users\Admin\AppData\Local\Temp\280022e29d8b75e5af9931f52e8a52f0_NeikiAnalytics.exe C:\Windows\System\ccCwSqc.exe
PID 1576 wrote to memory of 2216 N/A C:\Users\Admin\AppData\Local\Temp\280022e29d8b75e5af9931f52e8a52f0_NeikiAnalytics.exe C:\Windows\System\RCpmStr.exe
PID 1576 wrote to memory of 2216 N/A C:\Users\Admin\AppData\Local\Temp\280022e29d8b75e5af9931f52e8a52f0_NeikiAnalytics.exe C:\Windows\System\RCpmStr.exe
PID 1576 wrote to memory of 2216 N/A C:\Users\Admin\AppData\Local\Temp\280022e29d8b75e5af9931f52e8a52f0_NeikiAnalytics.exe C:\Windows\System\RCpmStr.exe
PID 1576 wrote to memory of 680 N/A C:\Users\Admin\AppData\Local\Temp\280022e29d8b75e5af9931f52e8a52f0_NeikiAnalytics.exe C:\Windows\System\XmIuYTs.exe

Processes

C:\Users\Admin\AppData\Local\Temp\280022e29d8b75e5af9931f52e8a52f0_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\280022e29d8b75e5af9931f52e8a52f0_NeikiAnalytics.exe"

C:\Windows\System\LMxbQLG.exe

C:\Windows\System\LMxbQLG.exe

C:\Windows\System\FmUjPzs.exe

C:\Windows\System\FmUjPzs.exe

C:\Windows\System\JmigOve.exe

C:\Windows\System\JmigOve.exe

C:\Windows\System\bolHtlv.exe

C:\Windows\System\bolHtlv.exe

C:\Windows\System\cJatTnP.exe

C:\Windows\System\cJatTnP.exe

C:\Windows\System\gzMVBUy.exe

C:\Windows\System\gzMVBUy.exe

C:\Windows\System\ypAHaCf.exe

C:\Windows\System\ypAHaCf.exe

C:\Windows\System\RmlbLBf.exe

C:\Windows\System\RmlbLBf.exe

C:\Windows\System\fmLlLVk.exe

C:\Windows\System\fmLlLVk.exe

C:\Windows\System\GpxMBwx.exe

C:\Windows\System\GpxMBwx.exe

C:\Windows\System\scIrDJs.exe

C:\Windows\System\scIrDJs.exe

C:\Windows\System\JOpXIMA.exe

C:\Windows\System\JOpXIMA.exe

C:\Windows\System\xamimmZ.exe

C:\Windows\System\xamimmZ.exe

C:\Windows\System\DotioeK.exe

C:\Windows\System\DotioeK.exe

C:\Windows\System\xaAsHym.exe

C:\Windows\System\xaAsHym.exe

C:\Windows\System\RHoliTO.exe

C:\Windows\System\RHoliTO.exe

C:\Windows\System\jZeACKX.exe

C:\Windows\System\jZeACKX.exe

C:\Windows\System\NKPpwMG.exe

C:\Windows\System\NKPpwMG.exe

C:\Windows\System\YJOPaid.exe

C:\Windows\System\YJOPaid.exe

C:\Windows\System\ccCwSqc.exe

C:\Windows\System\ccCwSqc.exe

C:\Windows\System\RCpmStr.exe

C:\Windows\System\RCpmStr.exe

C:\Windows\System\XmIuYTs.exe

C:\Windows\System\XmIuYTs.exe

C:\Windows\System\PNKjLSF.exe

C:\Windows\System\PNKjLSF.exe

C:\Windows\System\aynpyaT.exe

C:\Windows\System\aynpyaT.exe

C:\Windows\System\CzonaQv.exe

C:\Windows\System\CzonaQv.exe

C:\Windows\System\jqKbvGh.exe

C:\Windows\System\jqKbvGh.exe

C:\Windows\System\rtEezSi.exe

C:\Windows\System\rtEezSi.exe

C:\Windows\System\QyWvALn.exe

C:\Windows\System\QyWvALn.exe

C:\Windows\System\zplbduK.exe

C:\Windows\System\zplbduK.exe

C:\Windows\System\ifOfYJc.exe

C:\Windows\System\ifOfYJc.exe

C:\Windows\System\SlxMbii.exe

C:\Windows\System\SlxMbii.exe

C:\Windows\System\RRgTmxG.exe

C:\Windows\System\RRgTmxG.exe

C:\Windows\System\AgcAhRc.exe

C:\Windows\System\AgcAhRc.exe

C:\Windows\System\eYyOneW.exe

C:\Windows\System\eYyOneW.exe

C:\Windows\System\bcApGTB.exe

C:\Windows\System\bcApGTB.exe

C:\Windows\System\ZuuEfTM.exe

C:\Windows\System\ZuuEfTM.exe

C:\Windows\System\PScnBgg.exe

C:\Windows\System\PScnBgg.exe

C:\Windows\System\jQLefjp.exe

C:\Windows\System\jQLefjp.exe

C:\Windows\System\nFLjmmt.exe

C:\Windows\System\nFLjmmt.exe

C:\Windows\System\rZtVCZB.exe

C:\Windows\System\rZtVCZB.exe

C:\Windows\System\QAAdMSL.exe

C:\Windows\System\QAAdMSL.exe

C:\Windows\System\UGzVEXw.exe

C:\Windows\System\UGzVEXw.exe

C:\Windows\System\FrGaUZr.exe

C:\Windows\System\FrGaUZr.exe

C:\Windows\System\AYcdMHa.exe

C:\Windows\System\AYcdMHa.exe

C:\Windows\System\zilNahi.exe

C:\Windows\System\zilNahi.exe

C:\Windows\System\gmsCcvz.exe

C:\Windows\System\gmsCcvz.exe

C:\Windows\System\yusqevs.exe

C:\Windows\System\yusqevs.exe

C:\Windows\System\aYCisIj.exe

C:\Windows\System\aYCisIj.exe

C:\Windows\System\GywMPro.exe

C:\Windows\System\GywMPro.exe

C:\Windows\System\GYIQmKP.exe

C:\Windows\System\GYIQmKP.exe

C:\Windows\System\UPnsNID.exe

C:\Windows\System\UPnsNID.exe

C:\Windows\System\IZjqNgp.exe

C:\Windows\System\IZjqNgp.exe

C:\Windows\System\JFwysGs.exe

C:\Windows\System\JFwysGs.exe

C:\Windows\System\pVqruqF.exe

C:\Windows\System\pVqruqF.exe

C:\Windows\System\kjfkCOR.exe

C:\Windows\System\kjfkCOR.exe

C:\Windows\System\QQnivOd.exe

C:\Windows\System\QQnivOd.exe

C:\Windows\System\kEsiZbG.exe

C:\Windows\System\kEsiZbG.exe

C:\Windows\System\BREqZMU.exe

C:\Windows\System\BREqZMU.exe

C:\Windows\System\AqCWslE.exe

C:\Windows\System\AqCWslE.exe

C:\Windows\System\ZZlTEnA.exe

C:\Windows\System\ZZlTEnA.exe

C:\Windows\System\ZtPVraL.exe

C:\Windows\System\ZtPVraL.exe

C:\Windows\System\rHHPHev.exe

C:\Windows\System\rHHPHev.exe

C:\Windows\System\NPUmiyq.exe

C:\Windows\System\NPUmiyq.exe

C:\Windows\System\sVnmrqP.exe

C:\Windows\System\sVnmrqP.exe

C:\Windows\System\uwpSkHx.exe

C:\Windows\System\uwpSkHx.exe

C:\Windows\System\oRrKgRH.exe

C:\Windows\System\oRrKgRH.exe

C:\Windows\System\nNxYxhK.exe

C:\Windows\System\nNxYxhK.exe

C:\Windows\System\HUGSiQh.exe

C:\Windows\System\HUGSiQh.exe

C:\Windows\System\rdIXXeL.exe

C:\Windows\System\rdIXXeL.exe

C:\Windows\System\IlsXGNW.exe

C:\Windows\System\IlsXGNW.exe

C:\Windows\System\noAjioW.exe

C:\Windows\System\noAjioW.exe

C:\Windows\System\VtjQRVy.exe

C:\Windows\System\VtjQRVy.exe

C:\Windows\System\OOpDZbC.exe

C:\Windows\System\OOpDZbC.exe

C:\Windows\System\LDCiCto.exe

C:\Windows\System\LDCiCto.exe

C:\Windows\System\WUXTfpg.exe

C:\Windows\System\WUXTfpg.exe

C:\Windows\System\eiROwUC.exe

C:\Windows\System\eiROwUC.exe

C:\Windows\System\vmzzTbM.exe

C:\Windows\System\vmzzTbM.exe

C:\Windows\System\zRrMKdw.exe

C:\Windows\System\zRrMKdw.exe

C:\Windows\System\bsoUcki.exe

C:\Windows\System\bsoUcki.exe

C:\Windows\System\KOhXoDA.exe

C:\Windows\System\KOhXoDA.exe

C:\Windows\System\oCdgdRW.exe

C:\Windows\System\oCdgdRW.exe

C:\Windows\System\Wiqwooi.exe

C:\Windows\System\Wiqwooi.exe

C:\Windows\System\rWKWllj.exe

C:\Windows\System\rWKWllj.exe

C:\Windows\System\HYEnDHI.exe

C:\Windows\System\HYEnDHI.exe

C:\Windows\System\ptKHUWx.exe

C:\Windows\System\ptKHUWx.exe

C:\Windows\System\yCUeLNc.exe

C:\Windows\System\yCUeLNc.exe

C:\Windows\System\bXvLnaA.exe

C:\Windows\System\bXvLnaA.exe

C:\Windows\System\UOdPLcX.exe

C:\Windows\System\UOdPLcX.exe

C:\Windows\System\MaCdEDb.exe

C:\Windows\System\MaCdEDb.exe

C:\Windows\System\EJonYWh.exe

C:\Windows\System\EJonYWh.exe

C:\Windows\System\YOIzjmY.exe

C:\Windows\System\YOIzjmY.exe

C:\Windows\System\oBjREcm.exe

C:\Windows\System\oBjREcm.exe

C:\Windows\System\bJKcVCp.exe

C:\Windows\System\bJKcVCp.exe

C:\Windows\System\AbVLeNH.exe

C:\Windows\System\AbVLeNH.exe

C:\Windows\System\eNpBroV.exe

C:\Windows\System\eNpBroV.exe

C:\Windows\System\cPHwKnL.exe

C:\Windows\System\cPHwKnL.exe

C:\Windows\System\FsIYorq.exe

C:\Windows\System\FsIYorq.exe

C:\Windows\System\wOXsbnU.exe

C:\Windows\System\wOXsbnU.exe

C:\Windows\System\ppNvVgY.exe

C:\Windows\System\ppNvVgY.exe

C:\Windows\System\LbnVKwM.exe

C:\Windows\System\LbnVKwM.exe

C:\Windows\System\suWNbNc.exe

C:\Windows\System\suWNbNc.exe

C:\Windows\System\iKwJDXz.exe

C:\Windows\System\iKwJDXz.exe

C:\Windows\System\XbaTgJs.exe

C:\Windows\System\XbaTgJs.exe

C:\Windows\System\mTBMlgj.exe

C:\Windows\System\mTBMlgj.exe

C:\Windows\System\HblfMjV.exe

C:\Windows\System\HblfMjV.exe

C:\Windows\System\aTJoDRr.exe

C:\Windows\System\aTJoDRr.exe

C:\Windows\System\ATxiXeA.exe

C:\Windows\System\ATxiXeA.exe

C:\Windows\System\RMTHdqY.exe

C:\Windows\System\RMTHdqY.exe

C:\Windows\System\gpQMziA.exe

C:\Windows\System\gpQMziA.exe

C:\Windows\System\oSNbHCx.exe

C:\Windows\System\oSNbHCx.exe

C:\Windows\System\rxNbSzh.exe

C:\Windows\System\rxNbSzh.exe

C:\Windows\System\pPDocpJ.exe

C:\Windows\System\pPDocpJ.exe

C:\Windows\System\xQPauBl.exe

C:\Windows\System\xQPauBl.exe

C:\Windows\System\XNIOSKy.exe

C:\Windows\System\XNIOSKy.exe

C:\Windows\System\WOChJax.exe

C:\Windows\System\WOChJax.exe

C:\Windows\System\iOJCtGb.exe

C:\Windows\System\iOJCtGb.exe

C:\Windows\System\LMxUwxz.exe

C:\Windows\System\LMxUwxz.exe

C:\Windows\System\yhSgEJv.exe

C:\Windows\System\yhSgEJv.exe

C:\Windows\System\EsennGc.exe

C:\Windows\System\EsennGc.exe

C:\Windows\System\SqPGmfj.exe

C:\Windows\System\SqPGmfj.exe

C:\Windows\System\nCBbktB.exe

C:\Windows\System\nCBbktB.exe

C:\Windows\System\rjiHIlV.exe

C:\Windows\System\rjiHIlV.exe

C:\Windows\System\yLaUaKb.exe

C:\Windows\System\yLaUaKb.exe

C:\Windows\System\GrQNNIb.exe

C:\Windows\System\GrQNNIb.exe

C:\Windows\System\tHGYjtN.exe

C:\Windows\System\tHGYjtN.exe

C:\Windows\System\WewuBmK.exe

C:\Windows\System\WewuBmK.exe

C:\Windows\System\QjUBdGT.exe

C:\Windows\System\QjUBdGT.exe

C:\Windows\System\djuFmMd.exe

C:\Windows\System\djuFmMd.exe

C:\Windows\System\GKuDbKF.exe

C:\Windows\System\GKuDbKF.exe

C:\Windows\System\xdZCZic.exe

C:\Windows\System\xdZCZic.exe

C:\Windows\System\AwrGfpo.exe

C:\Windows\System\AwrGfpo.exe

C:\Windows\System\zbrYZGm.exe

C:\Windows\System\zbrYZGm.exe

C:\Windows\System\lpeqIUk.exe

C:\Windows\System\lpeqIUk.exe

C:\Windows\System\CEXAZLS.exe

C:\Windows\System\CEXAZLS.exe

C:\Windows\System\kKWHKDU.exe

C:\Windows\System\kKWHKDU.exe

C:\Windows\System\PxdmJCW.exe

C:\Windows\System\PxdmJCW.exe

C:\Windows\System\edlNacE.exe

C:\Windows\System\edlNacE.exe

C:\Windows\System\TwnGMcP.exe

C:\Windows\System\TwnGMcP.exe

C:\Windows\System\aMRPokn.exe

C:\Windows\System\aMRPokn.exe

C:\Windows\System\wlfhrLQ.exe

C:\Windows\System\wlfhrLQ.exe

C:\Windows\System\DvIIxmY.exe

C:\Windows\System\DvIIxmY.exe

C:\Windows\System\XtOQOXC.exe

C:\Windows\System\XtOQOXC.exe

C:\Windows\System\qoSqrzN.exe

C:\Windows\System\qoSqrzN.exe

C:\Windows\System\yFpeHlr.exe

C:\Windows\System\yFpeHlr.exe

C:\Windows\System\WBajqhi.exe

C:\Windows\System\WBajqhi.exe

C:\Windows\System\SGgZQfj.exe

C:\Windows\System\SGgZQfj.exe

C:\Windows\System\AbrNhmw.exe

C:\Windows\System\AbrNhmw.exe

C:\Windows\System\cejlrXj.exe

C:\Windows\System\cejlrXj.exe

C:\Windows\System\EIbhsee.exe

C:\Windows\System\EIbhsee.exe

C:\Windows\System\FHBMtHA.exe

C:\Windows\System\FHBMtHA.exe

C:\Windows\System\njppOyj.exe

C:\Windows\System\njppOyj.exe

C:\Windows\System\eWDByoA.exe

C:\Windows\System\eWDByoA.exe

C:\Windows\System\mWqqddW.exe

C:\Windows\System\mWqqddW.exe

C:\Windows\System\XnKQJlC.exe

C:\Windows\System\XnKQJlC.exe

C:\Windows\System\IDIBAoY.exe

C:\Windows\System\IDIBAoY.exe

C:\Windows\System\dSlOGsQ.exe

C:\Windows\System\dSlOGsQ.exe

C:\Windows\System\GKjiyci.exe

C:\Windows\System\GKjiyci.exe

C:\Windows\System\DJlamRq.exe

C:\Windows\System\DJlamRq.exe

C:\Windows\System\zySFJvo.exe

C:\Windows\System\zySFJvo.exe

C:\Windows\System\equHfuu.exe

C:\Windows\System\equHfuu.exe

C:\Windows\System\DjamPlT.exe

C:\Windows\System\DjamPlT.exe

C:\Windows\System\kbLvRuM.exe

C:\Windows\System\kbLvRuM.exe

C:\Windows\System\BCBTAjw.exe

C:\Windows\System\BCBTAjw.exe

C:\Windows\System\RPSohoI.exe

C:\Windows\System\RPSohoI.exe

C:\Windows\System\SDAZrQy.exe

C:\Windows\System\SDAZrQy.exe

C:\Windows\System\ebDvhLA.exe

C:\Windows\System\ebDvhLA.exe

C:\Windows\System\cofvwPy.exe

C:\Windows\System\cofvwPy.exe

C:\Windows\System\wZJtJBD.exe

C:\Windows\System\wZJtJBD.exe

C:\Windows\System\jAIlSRv.exe

C:\Windows\System\jAIlSRv.exe

C:\Windows\System\GNalLtE.exe

C:\Windows\System\GNalLtE.exe

C:\Windows\System\RPrDiaD.exe

C:\Windows\System\RPrDiaD.exe

C:\Windows\System\TWAdBOe.exe

C:\Windows\System\TWAdBOe.exe

C:\Windows\System\XrfIRUz.exe

C:\Windows\System\XrfIRUz.exe

C:\Windows\System\wAHzYJq.exe

C:\Windows\System\wAHzYJq.exe

C:\Windows\System\syEbUwx.exe

C:\Windows\System\syEbUwx.exe

C:\Windows\System\GDLsywV.exe

C:\Windows\System\GDLsywV.exe

C:\Windows\System\VpRmvmG.exe

C:\Windows\System\VpRmvmG.exe

C:\Windows\System\aHBRibO.exe

C:\Windows\System\aHBRibO.exe

C:\Windows\System\GQgjVds.exe

C:\Windows\System\GQgjVds.exe

C:\Windows\System\dpVOQVQ.exe

C:\Windows\System\dpVOQVQ.exe

C:\Windows\System\wghbCld.exe

C:\Windows\System\wghbCld.exe

C:\Windows\System\kXVwORV.exe

C:\Windows\System\kXVwORV.exe

C:\Windows\System\IDTxnKj.exe

C:\Windows\System\IDTxnKj.exe

C:\Windows\System\XoGfEyn.exe

C:\Windows\System\XoGfEyn.exe

C:\Windows\System\yOsIKYg.exe

C:\Windows\System\yOsIKYg.exe

C:\Windows\System\HWIMIxv.exe

C:\Windows\System\HWIMIxv.exe

C:\Windows\System\IsWeZBc.exe

C:\Windows\System\IsWeZBc.exe

C:\Windows\System\PbFRllS.exe

C:\Windows\System\PbFRllS.exe

C:\Windows\System\vqNtYWN.exe

C:\Windows\System\vqNtYWN.exe

C:\Windows\System\pXHxHtM.exe

C:\Windows\System\pXHxHtM.exe

C:\Windows\System\PSjCizE.exe

C:\Windows\System\PSjCizE.exe

C:\Windows\System\keNgaJl.exe

C:\Windows\System\keNgaJl.exe

C:\Windows\System\eFtPkeo.exe

C:\Windows\System\eFtPkeo.exe

C:\Windows\System\FljvTwr.exe

C:\Windows\System\FljvTwr.exe

C:\Windows\System\zvpsLPI.exe

C:\Windows\System\zvpsLPI.exe

C:\Windows\System\gkzVaZk.exe

C:\Windows\System\gkzVaZk.exe

C:\Windows\System\JyAuysz.exe

C:\Windows\System\JyAuysz.exe

C:\Windows\System\TiLoHxS.exe

C:\Windows\System\TiLoHxS.exe

C:\Windows\System\duJKnOS.exe

C:\Windows\System\duJKnOS.exe

C:\Windows\System\BFiZpiF.exe

C:\Windows\System\BFiZpiF.exe

C:\Windows\System\WRqeCGi.exe

C:\Windows\System\WRqeCGi.exe

C:\Windows\System\FCwkCNN.exe

C:\Windows\System\FCwkCNN.exe

C:\Windows\System\FYgxRpr.exe

C:\Windows\System\FYgxRpr.exe

C:\Windows\System\eCCKELR.exe

C:\Windows\System\eCCKELR.exe

C:\Windows\System\BvJjIQG.exe

C:\Windows\System\BvJjIQG.exe

C:\Windows\System\oiQLxeD.exe

C:\Windows\System\oiQLxeD.exe

C:\Windows\System\FzaHRmH.exe

C:\Windows\System\FzaHRmH.exe

C:\Windows\System\ZEcDLOA.exe

C:\Windows\System\ZEcDLOA.exe

C:\Windows\System\wbsFCNk.exe

C:\Windows\System\wbsFCNk.exe

C:\Windows\System\VNKyZEO.exe

C:\Windows\System\VNKyZEO.exe

C:\Windows\System\EDOCeBu.exe

C:\Windows\System\EDOCeBu.exe

C:\Windows\System\pyEKlAv.exe

C:\Windows\System\pyEKlAv.exe

C:\Windows\System\uDXhHvA.exe

C:\Windows\System\uDXhHvA.exe

C:\Windows\System\FKxKatP.exe

C:\Windows\System\FKxKatP.exe

C:\Windows\System\gdQbsOu.exe

C:\Windows\System\gdQbsOu.exe

C:\Windows\System\BWAIBCP.exe

C:\Windows\System\BWAIBCP.exe

C:\Windows\System\xNrBoUo.exe

C:\Windows\System\xNrBoUo.exe

C:\Windows\System\suIvfSp.exe

C:\Windows\System\suIvfSp.exe

C:\Windows\System\mALgGht.exe

C:\Windows\System\mALgGht.exe

C:\Windows\System\uVRGLuL.exe

C:\Windows\System\uVRGLuL.exe

C:\Windows\System\LCLBPId.exe

C:\Windows\System\LCLBPId.exe

C:\Windows\System\zZyIMQQ.exe

C:\Windows\System\zZyIMQQ.exe

C:\Windows\System\VmRkRyj.exe

C:\Windows\System\VmRkRyj.exe

C:\Windows\System\eUNPNwq.exe

C:\Windows\System\eUNPNwq.exe

C:\Windows\System\ukJsoHD.exe

C:\Windows\System\ukJsoHD.exe

C:\Windows\System\QFfDHXx.exe

C:\Windows\System\QFfDHXx.exe

C:\Windows\System\TydEIZb.exe

C:\Windows\System\TydEIZb.exe

C:\Windows\System\kxmLylb.exe

C:\Windows\System\kxmLylb.exe

C:\Windows\System\crViGhB.exe

C:\Windows\System\crViGhB.exe

C:\Windows\System\GqINqvK.exe

C:\Windows\System\GqINqvK.exe

C:\Windows\System\GHFpfaX.exe

C:\Windows\System\GHFpfaX.exe

C:\Windows\System\tTgLBPY.exe

C:\Windows\System\tTgLBPY.exe

C:\Windows\System\TkYRDXN.exe

C:\Windows\System\TkYRDXN.exe

C:\Windows\System\yLiHvIO.exe

C:\Windows\System\yLiHvIO.exe

C:\Windows\System\VHyltsE.exe

C:\Windows\System\VHyltsE.exe

C:\Windows\System\dxSSHnv.exe

C:\Windows\System\dxSSHnv.exe

C:\Windows\System\RuhNwlw.exe

C:\Windows\System\RuhNwlw.exe

C:\Windows\System\BhnKYPD.exe

C:\Windows\System\BhnKYPD.exe

C:\Windows\System\tSseqdG.exe

C:\Windows\System\tSseqdG.exe

C:\Windows\System\uymGQaf.exe

C:\Windows\System\uymGQaf.exe

C:\Windows\System\qHIGyYn.exe

C:\Windows\System\qHIGyYn.exe

C:\Windows\System\gtEpnXA.exe

C:\Windows\System\gtEpnXA.exe

C:\Windows\System\hfGaWjN.exe

C:\Windows\System\hfGaWjN.exe

C:\Windows\System\waXFmQl.exe

C:\Windows\System\waXFmQl.exe

C:\Windows\System\HHpbUwI.exe

C:\Windows\System\HHpbUwI.exe

C:\Windows\System\WUBzZdq.exe

C:\Windows\System\WUBzZdq.exe

C:\Windows\System\ltNKuuV.exe

C:\Windows\System\ltNKuuV.exe

C:\Windows\System\SSZRcjF.exe

C:\Windows\System\SSZRcjF.exe

C:\Windows\System\pMsbHaW.exe

C:\Windows\System\pMsbHaW.exe

C:\Windows\System\SkiLoTi.exe

C:\Windows\System\SkiLoTi.exe

C:\Windows\System\bhRStDy.exe

C:\Windows\System\bhRStDy.exe

C:\Windows\System\QRMlrKk.exe

C:\Windows\System\QRMlrKk.exe

C:\Windows\System\HETOqla.exe

C:\Windows\System\HETOqla.exe

C:\Windows\System\dWjXeJe.exe

C:\Windows\System\dWjXeJe.exe

C:\Windows\System\PrHzicc.exe

C:\Windows\System\PrHzicc.exe

C:\Windows\System\FUPoCQe.exe

C:\Windows\System\FUPoCQe.exe

C:\Windows\System\XUZqEam.exe

C:\Windows\System\XUZqEam.exe

C:\Windows\System\UtBBdMH.exe

C:\Windows\System\UtBBdMH.exe

C:\Windows\System\pVLTrEx.exe

C:\Windows\System\pVLTrEx.exe

C:\Windows\System\ujsqmgo.exe

C:\Windows\System\ujsqmgo.exe

C:\Windows\System\rGhkAWb.exe

C:\Windows\System\rGhkAWb.exe

C:\Windows\System\yaYHzrl.exe

C:\Windows\System\yaYHzrl.exe

C:\Windows\System\oEekkJH.exe

C:\Windows\System\oEekkJH.exe

C:\Windows\System\wCXRtgR.exe

C:\Windows\System\wCXRtgR.exe

C:\Windows\System\KIJikoH.exe

C:\Windows\System\KIJikoH.exe

C:\Windows\System\VXwqwRU.exe

C:\Windows\System\VXwqwRU.exe

C:\Windows\System\SQZAvgw.exe

C:\Windows\System\SQZAvgw.exe

C:\Windows\System\pJvLTQD.exe

C:\Windows\System\pJvLTQD.exe

C:\Windows\System\PApXCzm.exe

C:\Windows\System\PApXCzm.exe

C:\Windows\System\ZVHWrRk.exe

C:\Windows\System\ZVHWrRk.exe

C:\Windows\System\VbjkOkZ.exe

C:\Windows\System\VbjkOkZ.exe

C:\Windows\System\yAUJcou.exe

C:\Windows\System\yAUJcou.exe

C:\Windows\System\niQSFhj.exe

C:\Windows\System\niQSFhj.exe

C:\Windows\System\yNUZaHf.exe

C:\Windows\System\yNUZaHf.exe

C:\Windows\System\PkyEzZl.exe

C:\Windows\System\PkyEzZl.exe

C:\Windows\System\fBKuyhp.exe

C:\Windows\System\fBKuyhp.exe

C:\Windows\System\uPfKPns.exe

C:\Windows\System\uPfKPns.exe

C:\Windows\System\WgGLhTS.exe

C:\Windows\System\WgGLhTS.exe

C:\Windows\System\JyaosiM.exe

C:\Windows\System\JyaosiM.exe

C:\Windows\System\ACJRFez.exe

C:\Windows\System\ACJRFez.exe

C:\Windows\System\NLPcSXO.exe

C:\Windows\System\NLPcSXO.exe

C:\Windows\System\ltFOWVW.exe

C:\Windows\System\ltFOWVW.exe

C:\Windows\System\fJiokLc.exe

C:\Windows\System\fJiokLc.exe

C:\Windows\System\QHqaWvx.exe

C:\Windows\System\QHqaWvx.exe

C:\Windows\System\XPctByZ.exe

C:\Windows\System\XPctByZ.exe

C:\Windows\System\QviShgG.exe

C:\Windows\System\QviShgG.exe

C:\Windows\System\vwWLYVt.exe

C:\Windows\System\vwWLYVt.exe

C:\Windows\System\FWvAcEs.exe

C:\Windows\System\FWvAcEs.exe

C:\Windows\System\lHTZPFY.exe

C:\Windows\System\lHTZPFY.exe

C:\Windows\System\FHOHeTw.exe

C:\Windows\System\FHOHeTw.exe

C:\Windows\System\kgkSgUb.exe

C:\Windows\System\kgkSgUb.exe

C:\Windows\System\IhwxlWF.exe

C:\Windows\System\IhwxlWF.exe

C:\Windows\System\kMykDUn.exe

C:\Windows\System\kMykDUn.exe

C:\Windows\System\fjKxOLH.exe

C:\Windows\System\fjKxOLH.exe

C:\Windows\System\RQwDZxh.exe

C:\Windows\System\RQwDZxh.exe

C:\Windows\System\cBzdqEj.exe

C:\Windows\System\cBzdqEj.exe

C:\Windows\System\kVhhfFS.exe

C:\Windows\System\kVhhfFS.exe

C:\Windows\System\TYORAkS.exe

C:\Windows\System\TYORAkS.exe

C:\Windows\System\UnvtxMf.exe

C:\Windows\System\UnvtxMf.exe

C:\Windows\System\dzOnozU.exe

C:\Windows\System\dzOnozU.exe

C:\Windows\System\KtbQbPX.exe

C:\Windows\System\KtbQbPX.exe

C:\Windows\System\LcJgbag.exe

C:\Windows\System\LcJgbag.exe

C:\Windows\System\IrGdxFW.exe

C:\Windows\System\IrGdxFW.exe

C:\Windows\System\BVpYvNO.exe

C:\Windows\System\BVpYvNO.exe

C:\Windows\System\DoIBIOv.exe

C:\Windows\System\DoIBIOv.exe

C:\Windows\System\MzMSVZb.exe

C:\Windows\System\MzMSVZb.exe

C:\Windows\System\ryLikvT.exe

C:\Windows\System\ryLikvT.exe

C:\Windows\System\gaCGWHC.exe

C:\Windows\System\gaCGWHC.exe

C:\Windows\System\onVhWsk.exe

C:\Windows\System\onVhWsk.exe

C:\Windows\System\JijFwev.exe

C:\Windows\System\JijFwev.exe

C:\Windows\System\nkVbcqP.exe

C:\Windows\System\nkVbcqP.exe

C:\Windows\System\nBIggLQ.exe

C:\Windows\System\nBIggLQ.exe

C:\Windows\System\tEqROJI.exe

C:\Windows\System\tEqROJI.exe

C:\Windows\System\UXjchfk.exe

C:\Windows\System\UXjchfk.exe

C:\Windows\System\iyvaFqy.exe

C:\Windows\System\iyvaFqy.exe

C:\Windows\System\XqYAAHi.exe

C:\Windows\System\XqYAAHi.exe

C:\Windows\System\TbJZtmh.exe

C:\Windows\System\TbJZtmh.exe

C:\Windows\System\WvCsRBn.exe

C:\Windows\System\WvCsRBn.exe

C:\Windows\System\wSwPkkA.exe

C:\Windows\System\wSwPkkA.exe

C:\Windows\System\KnpijdR.exe

C:\Windows\System\KnpijdR.exe

C:\Windows\System\AoPlbiA.exe

C:\Windows\System\AoPlbiA.exe

C:\Windows\System\FliBcTh.exe

C:\Windows\System\FliBcTh.exe

C:\Windows\System\RVUgLqc.exe

C:\Windows\System\RVUgLqc.exe

C:\Windows\System\wbWxFrd.exe

C:\Windows\System\wbWxFrd.exe

C:\Windows\System\ZvJOjaZ.exe

C:\Windows\System\ZvJOjaZ.exe

Network

Country Destination Domain Proto
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp

Files

\Windows\system\RmlbLBf.exe

MD5 6f842c238d98f1fb94c8673c7e25c221
SHA1 33ef04f45f405f27a781ddc5d3f50a44f818b16e
SHA256 3daea121efa0fe4e97155701472b2e55864518b3b1182b209640ae96cd3942ea
SHA512 a6fd3acb5176955a9a9e38773a1e77948fe094df9b1da7a976320e52b16c27b6b939fa287f58430281a73403adbe54b972aa2f8c7afe2cef9c7d06e0b36bac2e

\Windows\system\gzMVBUy.exe

MD5 68b168a1ef0e66c606d5fcc67c1f3ebf
SHA1 23a4d3381741ab11242c0695c43543f615f11304
SHA256 5d1a0d3c5ccc35a9b5d438ffe9c5ba792cb890165252339172eaa129a0233200
SHA512 4ab454cd94304deb3c5ae63d446527319d0f008b5c9fb259908a68dbd7640ce74d6fb1831610c75052122fc4dfe7e372261e3a4000dd755c37f0d5cd33fda450

C:\Windows\system\JmigOve.exe

MD5 2cd9e086d3f92cfca58b2992b696506b
SHA1 ff1114bed3e5470bffd0e9b7909fc1549510f9d3
SHA256 62af17f91cca07578425978ac3348a1de1812d1cb564ac5c8a3a527f26765f3a
SHA512 0513eee219d4cb56f39623b2888c77c6dc69f4250972966fd261257603fd0c64c0fce83112ade49ab05a6438d7a0a67a0ce3e5e193b15aa99f976fe21395a9fd

\Windows\system\bolHtlv.exe

MD5 da5d23b6ce1bf707c0cdc190e42c45af
SHA1 c9c81eef43382aa9facb4b1698b36509171403ac
SHA256 bc6bbe136ec72528b267137b469afc0e9e42f81813ecbad5a31b6396e800cb9f
SHA512 a8d70bd7006b9433040c1c9bd5fff5a64aded3174b00f370658f18a32d21ef4a39f044b7ccfe96a7583e9876e4c6600af3d0fc48765e4e3fbcc8bf3df3f3ec7b

C:\Windows\system\fmLlLVk.exe

MD5 322ffc93839690630cb0e799a3e07f42
SHA1 03a1e6f9e6b00aa4871fbfe46d3b8f6cce4b5afd
SHA256 6056fe57d5272905802a0f23d6259988b736e06da649192dee5a35759a951b4f
SHA512 151b73068b6560f655cde73317e30e52b00842b9fd95e33804ee8752048a65942996187b6ad3317d2d0b43c11a3956cff81a06b7e366bc330001381e45af732d

\Windows\system\ypAHaCf.exe

MD5 e6aaae6bef269c1e86ee70a229ff35fe
SHA1 e207f72394ff1fff4b46163f8fcc062b5fe704f7
SHA256 f45e2d489d29debabecd973e2f5eb63e5a652ef1a5d7d5c17313ac065cdd097f
SHA512 2063c79539d37ece16cbc8fafc3c23ee84b06f84e938477baa2f533d66624d8a97f54365fe43087d82d6bb2feeeef7a8b08bd64bcd6dad21a2fceef0c3ee5c89

C:\Windows\system\cJatTnP.exe

MD5 e3fa55576fd8f836f36cf02075a05671
SHA1 97162eccb75168fe8a964ba735afa6942131acce
SHA256 78d7a6a661f1ed91822bc62c307b62c6843fa17c5cad10f9c9b30eebb9d19488
SHA512 ec5053eb54714bc85a14d741a8c88bbc1ee89191c3a69acaa2bdb54826dfb385d85f9e47655ff1f2c7c23e1c86989f8d2bf903002e3c917e22e2f17b83fc92b0

C:\Windows\system\LMxbQLG.exe

MD5 75e537a340d31d8e9dd9b67e72d77589
SHA1 da0c4e8850754c45a865e41e68dcfb34a518f43d
SHA256 1b1009e92fd6ff46510bc907261b86eefeb233e20e78f4547c04e03ef1d7a857
SHA512 28728be44e0dd4a08c596651621af5744efffa47cf4497be7da896b14ffe66db416bdd16dc20cd314973f7f7b9afcc920854988db6c92f153d9386b91c1878fb

memory/1576-0-0x000000013FCB0000-0x0000000140004000-memory.dmp

\Windows\system\FmUjPzs.exe

MD5 9b7f98019af57379e3d5fadb43459aa7
SHA1 04b2da483bef967fcb69f28df4486e0c918ff405
SHA256 160ed79a7ee62c776653c2125741de4bcff2759880b892195c145c7f433f9e21
SHA512 8bd38cce1d76f05057c204f4c5ac343d44213e2eb5443845ef649646a1c5d0a4c6e6c25f29dd7cc494ecdd7beb06d76d267819db71d8b9759411b149370dd9c7

C:\Windows\system\scIrDJs.exe

MD5 3358406d5b5adf8fd5af1bb30c2e86ac
SHA1 983207094bd32b7147087290efdc78f2a3127b4e
SHA256 24bba0d3c1a4326898c465700cd1358af8b652a96787ac1bc68cbc986cd40cde
SHA512 3192f53b124ac8cdcde14e5d3372238a879f4e3d12d8f6ba917dfcccad124420d0879fd76cc242db588b74b2fd82b36543e870c157a4c28d54bbb6ace3e5d55b

C:\Windows\system\DotioeK.exe

MD5 cc740bddbc6d606843d1167cbcc8388b
SHA1 ae9ad57303b58693cc5f137af443a7affaa39f88
SHA256 0a26f5c1a6a22a324ce8b79e6f2b5d48ca472b25fbd23f8289e358c6e2a751fd
SHA512 076f67c4048d96442b7137fe4b988e643d775deeb3c11335e624bef36155fb7c715496f9b52590644915af14a9e7639f5961fa658b895c1f1db3418328eb3223

memory/2684-99-0x000000013F5F0000-0x000000013F944000-memory.dmp

C:\Windows\system\NKPpwMG.exe

MD5 f88e75aa60d55b5fe917227a19b4cfe5
SHA1 849cc1795a1f812ca0746e1e13d4538c440d54e5
SHA256 5a5f41219ec76e2d5afd935b3b45c3bc7a75a009c652c59067c514ca2beec2d5
SHA512 9f4a439dffbe1faf741a6e55544a480eec1f6c156b78851f0cda531e8f3456c01ab9acbcd944fb190e566e6ac8ecdb9e997e367c9c45ac9b588994e108c97535

C:\Windows\system\PNKjLSF.exe

MD5 58124b6184aeb76dfcdc78bdb2333122
SHA1 1026260a8cf3352f57c44421e38946daa1c901d7
SHA256 91de1e0244adfc74dbdb7548532602e868503ee7952d167a4d4576110085eba2
SHA512 4766d40193aa502dee798647bb29d3193212a73839d3216f594ca5fb48dfec463f2b86b8f13efc0be8ea43181253a526bb934477c9bdd1cbdb54c1e2ff8c2691

C:\Windows\system\RRgTmxG.exe

MD5 ba320f74b225271874d7382787467a3b
SHA1 a9cca98e2dcf8d987947e3d7e8c7d5c5fc771bf4
SHA256 2f74c3f07846a4f49415945adb66d355fc415c3dbc4b2c9747dd41501c5aa579
SHA512 9c3899bd1003b8bd42e9c6d9210a54ea9bd165807ac2a495e05fbccc7802580f5f182248b856eca909710dbdf7ee94b45ea0e252aff31da5c9ee575fbfac0e8f

memory/1576-1068-0x000000013FCB0000-0x0000000140004000-memory.dmp

memory/1576-1069-0x0000000001E10000-0x0000000002164000-memory.dmp

memory/1576-1070-0x0000000001E10000-0x0000000002164000-memory.dmp

C:\Windows\system\SlxMbii.exe

MD5 b4a184a3322aa6e1dad2fb721ace1cb6
SHA1 fdc08d67ce24658469d165685f8518d6ea1ccc8a
SHA256 a5eedec87c9d9fbc57b1b765be2083dde778635338bf2448da31381c97a8a6f4
SHA512 b51900ec6fe2abe44ee5df505cda0942967e44a5002d82a5e830b53a8989ff091e3d86a170e09eda699868d4499597ac3502c6e3425e93cdcadc4435340d0fb9

C:\Windows\system\ifOfYJc.exe

MD5 1b12dbeb40973769ca02235d38e7d21a
SHA1 770da2f5a5575616636f509e1b30bd503328f46f
SHA256 0fc1b415bb928872f55b70b53c23dc5d82dd0c6d7c0190f8fdce61d522c4a9a5
SHA512 0221b6dd9dd5f04c050209c72a46df701aa9bf62c8bdb9f1757e57a77dd42604128e0ac7c9f8e0b532036ee750444d9ed9c0595747b467f1a35cae1eb9a8db05

C:\Windows\system\zplbduK.exe

MD5 e1af97f5021a4e351a563461149c66b9
SHA1 7364d2bf207a7ffba2d1306335dfb239e45d5def
SHA256 5f083d1118245cca932a35e5c44d3d5d48edbede6d4a680ea823a3aed37938af
SHA512 95e8cc737dfab16a56a6dd869933829b4d0566e016a7681ffd2491c64fea2a5af2030d0ef1dd6c05304386016dccc51e0d5ca119a16aa5e2d9e53fccf65ce342

C:\Windows\system\QyWvALn.exe

MD5 2c0ef410cf9b17950b8aaba7f2a908cf
SHA1 76ddce853d5090d26463afe07d2d2db1c9766275
SHA256 dcbd1b420e703f9f160b703ee71ef3cfddf92da3f1baeb80973804cb8d741ffe
SHA512 63d5b5cd4a9e51252515444de427f213dffab696d67e87bf2308c7210d8fc3ea5e683dbcd9356ad0eec068bef6cd74aeaf73c082aecf4f8a648025f049a15449

C:\Windows\system\rtEezSi.exe

MD5 79b2ac29b256e1d6e74a9eda0bf6f5a6
SHA1 2d6ecc09622ae10ed558e23361308c8a4a72f3e5
SHA256 1dcea55e843dd99096bcead496586ad20f154141ad304914478e49f3aab5051d
SHA512 305f7d046844d506b87f429a2867d11763022e5ecceb59cd9164995422106867bbc463c3032c4697a4392475240dc80abba061e3ab80290c31de8f72a8b49b07

C:\Windows\system\jqKbvGh.exe

MD5 046442f8330470f08e69eb94fbb6617d
SHA1 606c8da90e9bd1a071d5e3e6d1f5e794c056a7af
SHA256 94ddecf5d0139e647e30623c54bc647ee20935fce547e84885f063c4ad07ed25
SHA512 cb313fb8aa66c7668d23b6aa58daa6ebf9b79b497e58def40ef607cd0c7470ba3ba5ab0b4380437d4a7893ab1bee653c9dbc75f8cd9770fe95ba881753d22d9f

C:\Windows\system\CzonaQv.exe

MD5 44d2f79d93971d53268a8c7e4839c596
SHA1 54894e03bd5df1da13a65d3906654584cd310282
SHA256 9e6bf5c754503b97691f466773a6c82f683370cc1b6f1426fbeac40cc4410c0f
SHA512 3b1c0808ca28416437401a97f7540d19fffd105d9d89235803b9fce4d291c8dc724ffb046af82aacefcf9db65079063208e89c25b356f4fd61d0d0cf3db23435

C:\Windows\system\aynpyaT.exe

MD5 2e8cc7c7bf5a65c7beb5f41c5a71f384
SHA1 64cc4219de34efc37b88973131d1f4fc4b305484
SHA256 120ea70be2e6dbc7391fd73751b5d98aaa2f716bae33fde54bebed80a003dc50
SHA512 193c0618472986d38c3d76e1a1ce33ae446b4a2d4fe0c25b6c09378f6c26fb2ff0b835c4d9bb34ca976b9a331c983b5f5c6341becc0b19c1837d93c1d576251e

C:\Windows\system\XmIuYTs.exe

MD5 e210b73d1abede42d43f8a5d3d58e520
SHA1 e1420b7a84494870a1c176734a05406ebcbbbc9d
SHA256 b2c78dd7c30517c70738320411724766ae5776cc50337daa4250c6115eea9f84
SHA512 54526c31e39694cf1c680c59297e9880a27c9a4a461f3e6b0e2fb54e478a95b2656b2ccf488c604ed83eebbea28b3431bff396ecfe04aa004f3df5c03bf409c8

C:\Windows\system\RCpmStr.exe

MD5 5112c92027727f6dff4a3bcbab114ad2
SHA1 f4572f816fdafa8c4f39ef18b9909ef139ebc3d7
SHA256 4d0a0724ef2ee76340e0fb8e70de328add1b63b82dd517d93974e582ec2bd954
SHA512 6ddf53037bbd27b51782a9ddd053fca8fe3269b64731e602a04363962c7ae743081d402f0bd0ff9cad5bd1fb3169cf89791e231b1919322e0b4a5f3b7489a459

C:\Windows\system\ccCwSqc.exe

MD5 3d5d05e2067883adbc4a10bed67cf747
SHA1 2381bcdddc5ac73b4ff44e149259e1a798247497
SHA256 250ab25d15ebc1cd1e49f8595d15e4d2e37f589ac691852c51ced203320fe359
SHA512 422f7778e550a2f0b80619f9c124c6e186c634de514cf099fbca4045f80557c1841b7ac8c58e680d54e5ecfd48fdeba913b7bb6583a0656c1295c5a44c40d7bb

C:\Windows\system\YJOPaid.exe

MD5 c9270660feea55c6c9f95340fbf734c7
SHA1 384cf1fb868cc3508c2d115276feec03e1fc6508
SHA256 03c23f5f1169a7bb32bb30b9e263ce66abc3f148630ad8a490c1193f5daaa6d7
SHA512 1930b697414d2dd468f6df57b18bb4db2c47e600d3a1f3bb32f8e026e1e1138cfab98f93b5375ae00cc8200cd068d8fb46dc271897f46ccffc62fcb1d378a064

C:\Windows\system\jZeACKX.exe

MD5 094e1c9aaa3883c0e287bcdb32131482
SHA1 73dffd0ae61af0a587a92c1fe5b09f5d55981808
SHA256 60759e4d847ebaae3c5dc7c547bce37d8d2ea38aa75b2e7c9b5cc3e1be2f01e2
SHA512 a5c87cfc22a541ac96c5b61a79f6a2f029faf891c91cb5d0f512c911365f7c8ca09b65c014aa52f1fa68cefd15ccfc14e42b7a9852367e2540b0f91cdb225581

memory/2524-1071-0x000000013FA70000-0x000000013FDC4000-memory.dmp

C:\Windows\system\RHoliTO.exe

MD5 a1f2b9866c6f2c83def95cf87d439026
SHA1 c2a97748706a2ea8dddfbfa4e197ed33df844437
SHA256 0b6760e66bf6bbf12075f305ec29cd2848a7b5c22d2dae7cbf11c2c910c22cdc
SHA512 e2a2ef06567dd4d49205c7469a45d23f00a935e4a64f94b19327519d1eba9ab6dc1862117aec95c8c65084cc70a31708c6f11f76ac6a6eaed04405d283485332

memory/1576-105-0x000000013F900000-0x000000013FC54000-memory.dmp

memory/1576-98-0x000000013F5F0000-0x000000013F944000-memory.dmp

C:\Windows\system\xaAsHym.exe

MD5 8cfd8dfae87873cf4dda11c79554b037
SHA1 edfa76396fe686c762939d5be56d4076e0feb40e
SHA256 a400c2ee7c284f3df941730269bc8d2a72dc1e44e9f63456964f3dc7e5054a29
SHA512 315e5ebd7d40642fec0df71c877adf20b0195c2dbd01774c2e83bbad62ca2a92ca152d66ffa9734117160d3d6d941d99bf7a517610227605fd7fc0d97e95c445

memory/1780-92-0x000000013FDB0000-0x0000000140104000-memory.dmp

memory/1576-91-0x0000000001E10000-0x0000000002164000-memory.dmp

memory/2524-84-0x000000013FA70000-0x000000013FDC4000-memory.dmp

memory/2708-83-0x000000013F5A0000-0x000000013F8F4000-memory.dmp

C:\Windows\system\JOpXIMA.exe

MD5 557e952bd315d959a568a8ed7afe2885
SHA1 275f75ca622b684df4848907854fb1744892d060
SHA256 02ee79b9ed7b9e840479538fc81629e16be86079482fafe83e2f09d30b95a476
SHA512 3f8cf628ebeec77c8d64b430270e913a3c20ea293989921e59ee837c16912a932fd74dad685808467a97f36d1e64e57284c1f37a0d43ba189c8bc9d4fb869065

C:\Windows\system\GpxMBwx.exe

MD5 44cc0cda981ded73bc32e192b5361e23
SHA1 e131d9c98078f8b605636f998cac1070054e0bac
SHA256 93c26afd2c0c4535f3eb8171a1ac2f0a15a084daaed5f52fa718a5307114b8ea
SHA512 0ef4510e081c32a78ffe5870aae2a30e36463b91cdf3ba972cbeb2e2cdeab45d721ba9a3a669ad2039d4e805fdf883dc97e52440a67d939ca0a122982aa27bdb

memory/2160-79-0x000000013F580000-0x000000013F8D4000-memory.dmp

memory/1576-78-0x0000000001E10000-0x0000000002164000-memory.dmp

memory/1576-77-0x000000013F580000-0x000000013F8D4000-memory.dmp

memory/2800-76-0x000000013F310000-0x000000013F664000-memory.dmp

memory/2652-75-0x000000013FCF0000-0x0000000140044000-memory.dmp

memory/2924-73-0x000000013FC50000-0x000000013FFA4000-memory.dmp

memory/1576-71-0x0000000001E10000-0x0000000002164000-memory.dmp

C:\Windows\system\xamimmZ.exe

MD5 d006e0bd5fc3f341aabbf4bc2b995bfa
SHA1 fba760597f82952bad261e92421d40fd39aef268
SHA256 c3552ba1b56472ac4c57564e83d5ea8e062ef66a13fb49ce2da4153b5f40f81a
SHA512 643ce219a9015d0ba0a90e9a8e03f5430acc1b64588abf711070fba16c333a6ca5594634afa671822f517c1262d4874a5509fc35beb30dcb86a77bfbdd52ddf8

memory/2612-62-0x000000013FFB0000-0x0000000140304000-memory.dmp

memory/1576-61-0x0000000001E10000-0x0000000002164000-memory.dmp

memory/1996-60-0x000000013F5D0000-0x000000013F924000-memory.dmp

memory/2740-57-0x000000013F9A0000-0x000000013FCF4000-memory.dmp

memory/2360-55-0x000000013F870000-0x000000013FBC4000-memory.dmp

memory/1576-54-0x000000013F310000-0x000000013F664000-memory.dmp

memory/1576-53-0x0000000001E10000-0x0000000002164000-memory.dmp

memory/1576-52-0x0000000001E10000-0x0000000002164000-memory.dmp

memory/1576-51-0x000000013F870000-0x000000013FBC4000-memory.dmp

memory/2320-49-0x000000013FE40000-0x0000000140194000-memory.dmp

memory/1576-48-0x0000000001E10000-0x0000000002164000-memory.dmp

memory/1316-46-0x000000013FE20000-0x0000000140174000-memory.dmp

memory/1576-41-0x000000013F5D0000-0x000000013F924000-memory.dmp

memory/1576-1-0x0000000000180000-0x0000000000190000-memory.dmp

memory/1576-66-0x000000013F5A0000-0x000000013F8F4000-memory.dmp

memory/1576-1072-0x0000000001E10000-0x0000000002164000-memory.dmp

memory/2740-1078-0x000000013F9A0000-0x000000013FCF4000-memory.dmp

memory/2924-1079-0x000000013FC50000-0x000000013FFA4000-memory.dmp

memory/2652-1080-0x000000013FCF0000-0x0000000140044000-memory.dmp

memory/2160-1082-0x000000013F580000-0x000000013F8D4000-memory.dmp

memory/2524-1085-0x000000013FA70000-0x000000013FDC4000-memory.dmp

memory/2684-1086-0x000000013F5F0000-0x000000013F944000-memory.dmp

memory/1780-1084-0x000000013FDB0000-0x0000000140104000-memory.dmp

memory/2708-1083-0x000000013F5A0000-0x000000013F8F4000-memory.dmp

memory/2800-1081-0x000000013F310000-0x000000013F664000-memory.dmp

memory/2320-1077-0x000000013FE40000-0x0000000140194000-memory.dmp

memory/2360-1076-0x000000013F870000-0x000000013FBC4000-memory.dmp

memory/2612-1075-0x000000013FFB0000-0x0000000140304000-memory.dmp

memory/1316-1074-0x000000013FE20000-0x0000000140174000-memory.dmp

memory/1996-1073-0x000000013F5D0000-0x000000013F924000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-05 01:50

Reported

2024-06-05 01:53

Platform

win10v2004-20240426-en

Max time kernel

148s

Max time network

150s

Command Line

"C:\Users\Admin\AppData\Local\Temp\280022e29d8b75e5af9931f52e8a52f0_NeikiAnalytics.exe"

Signatures

KPOT

trojan stealer kpot

KPOT Core Executable

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

xmrig

miner xmrig

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Windows\System\PwRHamy.exe N/A
N/A N/A C:\Windows\System\aVOrSjh.exe N/A
N/A N/A C:\Windows\System\seJTXFh.exe N/A
N/A N/A C:\Windows\System\skXopUK.exe N/A
N/A N/A C:\Windows\System\JoPZONg.exe N/A
N/A N/A C:\Windows\System\qQqJPBK.exe N/A
N/A N/A C:\Windows\System\ASxrSro.exe N/A
N/A N/A C:\Windows\System\kBWfQEA.exe N/A
N/A N/A C:\Windows\System\hXDArvm.exe N/A
N/A N/A C:\Windows\System\BolFour.exe N/A
N/A N/A C:\Windows\System\SYGcKAa.exe N/A
N/A N/A C:\Windows\System\PooQqEn.exe N/A
N/A N/A C:\Windows\System\EiCuGrL.exe N/A
N/A N/A C:\Windows\System\gCyNuJY.exe N/A
N/A N/A C:\Windows\System\aedppDR.exe N/A
N/A N/A C:\Windows\System\AhkrYnK.exe N/A
N/A N/A C:\Windows\System\oylqKNW.exe N/A
N/A N/A C:\Windows\System\KHuxMkU.exe N/A
N/A N/A C:\Windows\System\RrOcQBu.exe N/A
N/A N/A C:\Windows\System\rNkaPmh.exe N/A
N/A N/A C:\Windows\System\cvpBaEH.exe N/A
N/A N/A C:\Windows\System\NgXUqUk.exe N/A
N/A N/A C:\Windows\System\RyWtPTn.exe N/A
N/A N/A C:\Windows\System\yrMPixz.exe N/A
N/A N/A C:\Windows\System\LKyiIGc.exe N/A
N/A N/A C:\Windows\System\GEAYUoR.exe N/A
N/A N/A C:\Windows\System\mLaDLYR.exe N/A
N/A N/A C:\Windows\System\bNozGKZ.exe N/A
N/A N/A C:\Windows\System\GKqMQaX.exe N/A
N/A N/A C:\Windows\System\JgHPCaw.exe N/A
N/A N/A C:\Windows\System\qmlGQoa.exe N/A
N/A N/A C:\Windows\System\KbcAnpq.exe N/A
N/A N/A C:\Windows\System\tpxedck.exe N/A
N/A N/A C:\Windows\System\TFUwICf.exe N/A
N/A N/A C:\Windows\System\CTvdesG.exe N/A
N/A N/A C:\Windows\System\Hwqsynz.exe N/A
N/A N/A C:\Windows\System\cAcqBxx.exe N/A
N/A N/A C:\Windows\System\wGIYMmj.exe N/A
N/A N/A C:\Windows\System\aaORtsq.exe N/A
N/A N/A C:\Windows\System\mmFQzlB.exe N/A
N/A N/A C:\Windows\System\gPpGkUi.exe N/A
N/A N/A C:\Windows\System\pfOBzOW.exe N/A
N/A N/A C:\Windows\System\vRqIrfA.exe N/A
N/A N/A C:\Windows\System\YptXOUV.exe N/A
N/A N/A C:\Windows\System\NbKoUWM.exe N/A
N/A N/A C:\Windows\System\FQixAKL.exe N/A
N/A N/A C:\Windows\System\YfeeVtQ.exe N/A
N/A N/A C:\Windows\System\ccxiQfz.exe N/A
N/A N/A C:\Windows\System\Dssqnxt.exe N/A
N/A N/A C:\Windows\System\PHmyqxc.exe N/A
N/A N/A C:\Windows\System\sMCbDuS.exe N/A
N/A N/A C:\Windows\System\KDYSfVR.exe N/A
N/A N/A C:\Windows\System\zNXtpVU.exe N/A
N/A N/A C:\Windows\System\QDZrDku.exe N/A
N/A N/A C:\Windows\System\UenijSb.exe N/A
N/A N/A C:\Windows\System\FMYRpYu.exe N/A
N/A N/A C:\Windows\System\VoHRbDn.exe N/A
N/A N/A C:\Windows\System\gfMlGNi.exe N/A
N/A N/A C:\Windows\System\tkIRxys.exe N/A
N/A N/A C:\Windows\System\ywLtHMv.exe N/A
N/A N/A C:\Windows\System\fujvhbT.exe N/A
N/A N/A C:\Windows\System\bOAqoJM.exe N/A
N/A N/A C:\Windows\System\rNahTAp.exe N/A
N/A N/A C:\Windows\System\kGRfZof.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\System\YptXOUV.exe C:\Users\Admin\AppData\Local\Temp\280022e29d8b75e5af9931f52e8a52f0_NeikiAnalytics.exe N/A
File created C:\Windows\System\Nwzfqac.exe C:\Users\Admin\AppData\Local\Temp\280022e29d8b75e5af9931f52e8a52f0_NeikiAnalytics.exe N/A
File created C:\Windows\System\OsxdkWz.exe C:\Users\Admin\AppData\Local\Temp\280022e29d8b75e5af9931f52e8a52f0_NeikiAnalytics.exe N/A
File created C:\Windows\System\UenijSb.exe C:\Users\Admin\AppData\Local\Temp\280022e29d8b75e5af9931f52e8a52f0_NeikiAnalytics.exe N/A
File created C:\Windows\System\rzWuGMs.exe C:\Users\Admin\AppData\Local\Temp\280022e29d8b75e5af9931f52e8a52f0_NeikiAnalytics.exe N/A
File created C:\Windows\System\KGOhXDi.exe C:\Users\Admin\AppData\Local\Temp\280022e29d8b75e5af9931f52e8a52f0_NeikiAnalytics.exe N/A
File created C:\Windows\System\VuUlhPY.exe C:\Users\Admin\AppData\Local\Temp\280022e29d8b75e5af9931f52e8a52f0_NeikiAnalytics.exe N/A
File created C:\Windows\System\lrJBzFn.exe C:\Users\Admin\AppData\Local\Temp\280022e29d8b75e5af9931f52e8a52f0_NeikiAnalytics.exe N/A
File created C:\Windows\System\mLaDLYR.exe C:\Users\Admin\AppData\Local\Temp\280022e29d8b75e5af9931f52e8a52f0_NeikiAnalytics.exe N/A
File created C:\Windows\System\JgHPCaw.exe C:\Users\Admin\AppData\Local\Temp\280022e29d8b75e5af9931f52e8a52f0_NeikiAnalytics.exe N/A
File created C:\Windows\System\cAcqBxx.exe C:\Users\Admin\AppData\Local\Temp\280022e29d8b75e5af9931f52e8a52f0_NeikiAnalytics.exe N/A
File created C:\Windows\System\JEfjZCF.exe C:\Users\Admin\AppData\Local\Temp\280022e29d8b75e5af9931f52e8a52f0_NeikiAnalytics.exe N/A
File created C:\Windows\System\tXqXcJd.exe C:\Users\Admin\AppData\Local\Temp\280022e29d8b75e5af9931f52e8a52f0_NeikiAnalytics.exe N/A
File created C:\Windows\System\qQqJPBK.exe C:\Users\Admin\AppData\Local\Temp\280022e29d8b75e5af9931f52e8a52f0_NeikiAnalytics.exe N/A
File created C:\Windows\System\yYTiNcp.exe C:\Users\Admin\AppData\Local\Temp\280022e29d8b75e5af9931f52e8a52f0_NeikiAnalytics.exe N/A
File created C:\Windows\System\XBMPpFo.exe C:\Users\Admin\AppData\Local\Temp\280022e29d8b75e5af9931f52e8a52f0_NeikiAnalytics.exe N/A
File created C:\Windows\System\ZjRvHZv.exe C:\Users\Admin\AppData\Local\Temp\280022e29d8b75e5af9931f52e8a52f0_NeikiAnalytics.exe N/A
File created C:\Windows\System\MljmomR.exe C:\Users\Admin\AppData\Local\Temp\280022e29d8b75e5af9931f52e8a52f0_NeikiAnalytics.exe N/A
File created C:\Windows\System\MUwOXUq.exe C:\Users\Admin\AppData\Local\Temp\280022e29d8b75e5af9931f52e8a52f0_NeikiAnalytics.exe N/A
File created C:\Windows\System\cGZgjzw.exe C:\Users\Admin\AppData\Local\Temp\280022e29d8b75e5af9931f52e8a52f0_NeikiAnalytics.exe N/A
File created C:\Windows\System\oMeVjkq.exe C:\Users\Admin\AppData\Local\Temp\280022e29d8b75e5af9931f52e8a52f0_NeikiAnalytics.exe N/A
File created C:\Windows\System\ASxrSro.exe C:\Users\Admin\AppData\Local\Temp\280022e29d8b75e5af9931f52e8a52f0_NeikiAnalytics.exe N/A
File created C:\Windows\System\LVzHqld.exe C:\Users\Admin\AppData\Local\Temp\280022e29d8b75e5af9931f52e8a52f0_NeikiAnalytics.exe N/A
File created C:\Windows\System\xiwWFCE.exe C:\Users\Admin\AppData\Local\Temp\280022e29d8b75e5af9931f52e8a52f0_NeikiAnalytics.exe N/A
File created C:\Windows\System\BszKAYV.exe C:\Users\Admin\AppData\Local\Temp\280022e29d8b75e5af9931f52e8a52f0_NeikiAnalytics.exe N/A
File created C:\Windows\System\DQTpxIc.exe C:\Users\Admin\AppData\Local\Temp\280022e29d8b75e5af9931f52e8a52f0_NeikiAnalytics.exe N/A
File created C:\Windows\System\qcnZIju.exe C:\Users\Admin\AppData\Local\Temp\280022e29d8b75e5af9931f52e8a52f0_NeikiAnalytics.exe N/A
File created C:\Windows\System\DxGrDYN.exe C:\Users\Admin\AppData\Local\Temp\280022e29d8b75e5af9931f52e8a52f0_NeikiAnalytics.exe N/A
File created C:\Windows\System\WgZOnXo.exe C:\Users\Admin\AppData\Local\Temp\280022e29d8b75e5af9931f52e8a52f0_NeikiAnalytics.exe N/A
File created C:\Windows\System\CUdCwTU.exe C:\Users\Admin\AppData\Local\Temp\280022e29d8b75e5af9931f52e8a52f0_NeikiAnalytics.exe N/A
File created C:\Windows\System\vRqIrfA.exe C:\Users\Admin\AppData\Local\Temp\280022e29d8b75e5af9931f52e8a52f0_NeikiAnalytics.exe N/A
File created C:\Windows\System\FhXofkD.exe C:\Users\Admin\AppData\Local\Temp\280022e29d8b75e5af9931f52e8a52f0_NeikiAnalytics.exe N/A
File created C:\Windows\System\laoEKzd.exe C:\Users\Admin\AppData\Local\Temp\280022e29d8b75e5af9931f52e8a52f0_NeikiAnalytics.exe N/A
File created C:\Windows\System\HQbirmM.exe C:\Users\Admin\AppData\Local\Temp\280022e29d8b75e5af9931f52e8a52f0_NeikiAnalytics.exe N/A
File created C:\Windows\System\MNJQsOT.exe C:\Users\Admin\AppData\Local\Temp\280022e29d8b75e5af9931f52e8a52f0_NeikiAnalytics.exe N/A
File created C:\Windows\System\ptyELrS.exe C:\Users\Admin\AppData\Local\Temp\280022e29d8b75e5af9931f52e8a52f0_NeikiAnalytics.exe N/A
File created C:\Windows\System\HyjFfHe.exe C:\Users\Admin\AppData\Local\Temp\280022e29d8b75e5af9931f52e8a52f0_NeikiAnalytics.exe N/A
File created C:\Windows\System\eyWoIIA.exe C:\Users\Admin\AppData\Local\Temp\280022e29d8b75e5af9931f52e8a52f0_NeikiAnalytics.exe N/A
File created C:\Windows\System\BolFour.exe C:\Users\Admin\AppData\Local\Temp\280022e29d8b75e5af9931f52e8a52f0_NeikiAnalytics.exe N/A
File created C:\Windows\System\tZwmcgT.exe C:\Users\Admin\AppData\Local\Temp\280022e29d8b75e5af9931f52e8a52f0_NeikiAnalytics.exe N/A
File created C:\Windows\System\cUEpbNp.exe C:\Users\Admin\AppData\Local\Temp\280022e29d8b75e5af9931f52e8a52f0_NeikiAnalytics.exe N/A
File created C:\Windows\System\GVMlEzn.exe C:\Users\Admin\AppData\Local\Temp\280022e29d8b75e5af9931f52e8a52f0_NeikiAnalytics.exe N/A
File created C:\Windows\System\FQFnwwD.exe C:\Users\Admin\AppData\Local\Temp\280022e29d8b75e5af9931f52e8a52f0_NeikiAnalytics.exe N/A
File created C:\Windows\System\GUOIggT.exe C:\Users\Admin\AppData\Local\Temp\280022e29d8b75e5af9931f52e8a52f0_NeikiAnalytics.exe N/A
File created C:\Windows\System\NhDYptz.exe C:\Users\Admin\AppData\Local\Temp\280022e29d8b75e5af9931f52e8a52f0_NeikiAnalytics.exe N/A
File created C:\Windows\System\veINfDb.exe C:\Users\Admin\AppData\Local\Temp\280022e29d8b75e5af9931f52e8a52f0_NeikiAnalytics.exe N/A
File created C:\Windows\System\xEbfhlC.exe C:\Users\Admin\AppData\Local\Temp\280022e29d8b75e5af9931f52e8a52f0_NeikiAnalytics.exe N/A
File created C:\Windows\System\TpdbBFL.exe C:\Users\Admin\AppData\Local\Temp\280022e29d8b75e5af9931f52e8a52f0_NeikiAnalytics.exe N/A
File created C:\Windows\System\hzeJEQp.exe C:\Users\Admin\AppData\Local\Temp\280022e29d8b75e5af9931f52e8a52f0_NeikiAnalytics.exe N/A
File created C:\Windows\System\DrtTvaa.exe C:\Users\Admin\AppData\Local\Temp\280022e29d8b75e5af9931f52e8a52f0_NeikiAnalytics.exe N/A
File created C:\Windows\System\JpYHDdZ.exe C:\Users\Admin\AppData\Local\Temp\280022e29d8b75e5af9931f52e8a52f0_NeikiAnalytics.exe N/A
File created C:\Windows\System\YvsJiSE.exe C:\Users\Admin\AppData\Local\Temp\280022e29d8b75e5af9931f52e8a52f0_NeikiAnalytics.exe N/A
File created C:\Windows\System\aedppDR.exe C:\Users\Admin\AppData\Local\Temp\280022e29d8b75e5af9931f52e8a52f0_NeikiAnalytics.exe N/A
File created C:\Windows\System\aituxzC.exe C:\Users\Admin\AppData\Local\Temp\280022e29d8b75e5af9931f52e8a52f0_NeikiAnalytics.exe N/A
File created C:\Windows\System\pfxSDsr.exe C:\Users\Admin\AppData\Local\Temp\280022e29d8b75e5af9931f52e8a52f0_NeikiAnalytics.exe N/A
File created C:\Windows\System\RBHiNpd.exe C:\Users\Admin\AppData\Local\Temp\280022e29d8b75e5af9931f52e8a52f0_NeikiAnalytics.exe N/A
File created C:\Windows\System\BJyXpcs.exe C:\Users\Admin\AppData\Local\Temp\280022e29d8b75e5af9931f52e8a52f0_NeikiAnalytics.exe N/A
File created C:\Windows\System\UPhuTuB.exe C:\Users\Admin\AppData\Local\Temp\280022e29d8b75e5af9931f52e8a52f0_NeikiAnalytics.exe N/A
File created C:\Windows\System\nqTXwCP.exe C:\Users\Admin\AppData\Local\Temp\280022e29d8b75e5af9931f52e8a52f0_NeikiAnalytics.exe N/A
File created C:\Windows\System\AhkrYnK.exe C:\Users\Admin\AppData\Local\Temp\280022e29d8b75e5af9931f52e8a52f0_NeikiAnalytics.exe N/A
File created C:\Windows\System\PHmyqxc.exe C:\Users\Admin\AppData\Local\Temp\280022e29d8b75e5af9931f52e8a52f0_NeikiAnalytics.exe N/A
File created C:\Windows\System\obEsbKW.exe C:\Users\Admin\AppData\Local\Temp\280022e29d8b75e5af9931f52e8a52f0_NeikiAnalytics.exe N/A
File created C:\Windows\System\CpGXkMH.exe C:\Users\Admin\AppData\Local\Temp\280022e29d8b75e5af9931f52e8a52f0_NeikiAnalytics.exe N/A
File created C:\Windows\System\kDxlRjr.exe C:\Users\Admin\AppData\Local\Temp\280022e29d8b75e5af9931f52e8a52f0_NeikiAnalytics.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\280022e29d8b75e5af9931f52e8a52f0_NeikiAnalytics.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\280022e29d8b75e5af9931f52e8a52f0_NeikiAnalytics.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 540 wrote to memory of 2856 N/A C:\Users\Admin\AppData\Local\Temp\280022e29d8b75e5af9931f52e8a52f0_NeikiAnalytics.exe C:\Windows\System\PwRHamy.exe
PID 540 wrote to memory of 2856 N/A C:\Users\Admin\AppData\Local\Temp\280022e29d8b75e5af9931f52e8a52f0_NeikiAnalytics.exe C:\Windows\System\PwRHamy.exe
PID 540 wrote to memory of 5016 N/A C:\Users\Admin\AppData\Local\Temp\280022e29d8b75e5af9931f52e8a52f0_NeikiAnalytics.exe C:\Windows\System\aVOrSjh.exe
PID 540 wrote to memory of 5016 N/A C:\Users\Admin\AppData\Local\Temp\280022e29d8b75e5af9931f52e8a52f0_NeikiAnalytics.exe C:\Windows\System\aVOrSjh.exe
PID 540 wrote to memory of 3556 N/A C:\Users\Admin\AppData\Local\Temp\280022e29d8b75e5af9931f52e8a52f0_NeikiAnalytics.exe C:\Windows\System\seJTXFh.exe
PID 540 wrote to memory of 3556 N/A C:\Users\Admin\AppData\Local\Temp\280022e29d8b75e5af9931f52e8a52f0_NeikiAnalytics.exe C:\Windows\System\seJTXFh.exe
PID 540 wrote to memory of 1544 N/A C:\Users\Admin\AppData\Local\Temp\280022e29d8b75e5af9931f52e8a52f0_NeikiAnalytics.exe C:\Windows\System\JoPZONg.exe
PID 540 wrote to memory of 1544 N/A C:\Users\Admin\AppData\Local\Temp\280022e29d8b75e5af9931f52e8a52f0_NeikiAnalytics.exe C:\Windows\System\JoPZONg.exe
PID 540 wrote to memory of 2260 N/A C:\Users\Admin\AppData\Local\Temp\280022e29d8b75e5af9931f52e8a52f0_NeikiAnalytics.exe C:\Windows\System\skXopUK.exe
PID 540 wrote to memory of 2260 N/A C:\Users\Admin\AppData\Local\Temp\280022e29d8b75e5af9931f52e8a52f0_NeikiAnalytics.exe C:\Windows\System\skXopUK.exe
PID 540 wrote to memory of 2180 N/A C:\Users\Admin\AppData\Local\Temp\280022e29d8b75e5af9931f52e8a52f0_NeikiAnalytics.exe C:\Windows\System\qQqJPBK.exe
PID 540 wrote to memory of 2180 N/A C:\Users\Admin\AppData\Local\Temp\280022e29d8b75e5af9931f52e8a52f0_NeikiAnalytics.exe C:\Windows\System\qQqJPBK.exe
PID 540 wrote to memory of 3460 N/A C:\Users\Admin\AppData\Local\Temp\280022e29d8b75e5af9931f52e8a52f0_NeikiAnalytics.exe C:\Windows\System\ASxrSro.exe
PID 540 wrote to memory of 3460 N/A C:\Users\Admin\AppData\Local\Temp\280022e29d8b75e5af9931f52e8a52f0_NeikiAnalytics.exe C:\Windows\System\ASxrSro.exe
PID 540 wrote to memory of 5244 N/A C:\Users\Admin\AppData\Local\Temp\280022e29d8b75e5af9931f52e8a52f0_NeikiAnalytics.exe C:\Windows\System\kBWfQEA.exe
PID 540 wrote to memory of 5244 N/A C:\Users\Admin\AppData\Local\Temp\280022e29d8b75e5af9931f52e8a52f0_NeikiAnalytics.exe C:\Windows\System\kBWfQEA.exe
PID 540 wrote to memory of 4324 N/A C:\Users\Admin\AppData\Local\Temp\280022e29d8b75e5af9931f52e8a52f0_NeikiAnalytics.exe C:\Windows\System\hXDArvm.exe
PID 540 wrote to memory of 4324 N/A C:\Users\Admin\AppData\Local\Temp\280022e29d8b75e5af9931f52e8a52f0_NeikiAnalytics.exe C:\Windows\System\hXDArvm.exe
PID 540 wrote to memory of 1224 N/A C:\Users\Admin\AppData\Local\Temp\280022e29d8b75e5af9931f52e8a52f0_NeikiAnalytics.exe C:\Windows\System\SYGcKAa.exe
PID 540 wrote to memory of 1224 N/A C:\Users\Admin\AppData\Local\Temp\280022e29d8b75e5af9931f52e8a52f0_NeikiAnalytics.exe C:\Windows\System\SYGcKAa.exe
PID 540 wrote to memory of 2876 N/A C:\Users\Admin\AppData\Local\Temp\280022e29d8b75e5af9931f52e8a52f0_NeikiAnalytics.exe C:\Windows\System\PooQqEn.exe
PID 540 wrote to memory of 2876 N/A C:\Users\Admin\AppData\Local\Temp\280022e29d8b75e5af9931f52e8a52f0_NeikiAnalytics.exe C:\Windows\System\PooQqEn.exe
PID 540 wrote to memory of 1392 N/A C:\Users\Admin\AppData\Local\Temp\280022e29d8b75e5af9931f52e8a52f0_NeikiAnalytics.exe C:\Windows\System\BolFour.exe
PID 540 wrote to memory of 1392 N/A C:\Users\Admin\AppData\Local\Temp\280022e29d8b75e5af9931f52e8a52f0_NeikiAnalytics.exe C:\Windows\System\BolFour.exe
PID 540 wrote to memory of 2052 N/A C:\Users\Admin\AppData\Local\Temp\280022e29d8b75e5af9931f52e8a52f0_NeikiAnalytics.exe C:\Windows\System\EiCuGrL.exe
PID 540 wrote to memory of 2052 N/A C:\Users\Admin\AppData\Local\Temp\280022e29d8b75e5af9931f52e8a52f0_NeikiAnalytics.exe C:\Windows\System\EiCuGrL.exe
PID 540 wrote to memory of 2296 N/A C:\Users\Admin\AppData\Local\Temp\280022e29d8b75e5af9931f52e8a52f0_NeikiAnalytics.exe C:\Windows\System\gCyNuJY.exe
PID 540 wrote to memory of 2296 N/A C:\Users\Admin\AppData\Local\Temp\280022e29d8b75e5af9931f52e8a52f0_NeikiAnalytics.exe C:\Windows\System\gCyNuJY.exe
PID 540 wrote to memory of 4600 N/A C:\Users\Admin\AppData\Local\Temp\280022e29d8b75e5af9931f52e8a52f0_NeikiAnalytics.exe C:\Windows\System\oylqKNW.exe
PID 540 wrote to memory of 4600 N/A C:\Users\Admin\AppData\Local\Temp\280022e29d8b75e5af9931f52e8a52f0_NeikiAnalytics.exe C:\Windows\System\oylqKNW.exe
PID 540 wrote to memory of 6052 N/A C:\Users\Admin\AppData\Local\Temp\280022e29d8b75e5af9931f52e8a52f0_NeikiAnalytics.exe C:\Windows\System\aedppDR.exe
PID 540 wrote to memory of 6052 N/A C:\Users\Admin\AppData\Local\Temp\280022e29d8b75e5af9931f52e8a52f0_NeikiAnalytics.exe C:\Windows\System\aedppDR.exe
PID 540 wrote to memory of 5564 N/A C:\Users\Admin\AppData\Local\Temp\280022e29d8b75e5af9931f52e8a52f0_NeikiAnalytics.exe C:\Windows\System\AhkrYnK.exe
PID 540 wrote to memory of 5564 N/A C:\Users\Admin\AppData\Local\Temp\280022e29d8b75e5af9931f52e8a52f0_NeikiAnalytics.exe C:\Windows\System\AhkrYnK.exe
PID 540 wrote to memory of 2864 N/A C:\Users\Admin\AppData\Local\Temp\280022e29d8b75e5af9931f52e8a52f0_NeikiAnalytics.exe C:\Windows\System\KHuxMkU.exe
PID 540 wrote to memory of 2864 N/A C:\Users\Admin\AppData\Local\Temp\280022e29d8b75e5af9931f52e8a52f0_NeikiAnalytics.exe C:\Windows\System\KHuxMkU.exe
PID 540 wrote to memory of 3944 N/A C:\Users\Admin\AppData\Local\Temp\280022e29d8b75e5af9931f52e8a52f0_NeikiAnalytics.exe C:\Windows\System\RrOcQBu.exe
PID 540 wrote to memory of 3944 N/A C:\Users\Admin\AppData\Local\Temp\280022e29d8b75e5af9931f52e8a52f0_NeikiAnalytics.exe C:\Windows\System\RrOcQBu.exe
PID 540 wrote to memory of 5200 N/A C:\Users\Admin\AppData\Local\Temp\280022e29d8b75e5af9931f52e8a52f0_NeikiAnalytics.exe C:\Windows\System\rNkaPmh.exe
PID 540 wrote to memory of 5200 N/A C:\Users\Admin\AppData\Local\Temp\280022e29d8b75e5af9931f52e8a52f0_NeikiAnalytics.exe C:\Windows\System\rNkaPmh.exe
PID 540 wrote to memory of 3376 N/A C:\Users\Admin\AppData\Local\Temp\280022e29d8b75e5af9931f52e8a52f0_NeikiAnalytics.exe C:\Windows\System\cvpBaEH.exe
PID 540 wrote to memory of 3376 N/A C:\Users\Admin\AppData\Local\Temp\280022e29d8b75e5af9931f52e8a52f0_NeikiAnalytics.exe C:\Windows\System\cvpBaEH.exe
PID 540 wrote to memory of 5368 N/A C:\Users\Admin\AppData\Local\Temp\280022e29d8b75e5af9931f52e8a52f0_NeikiAnalytics.exe C:\Windows\System\NgXUqUk.exe
PID 540 wrote to memory of 5368 N/A C:\Users\Admin\AppData\Local\Temp\280022e29d8b75e5af9931f52e8a52f0_NeikiAnalytics.exe C:\Windows\System\NgXUqUk.exe
PID 540 wrote to memory of 3168 N/A C:\Users\Admin\AppData\Local\Temp\280022e29d8b75e5af9931f52e8a52f0_NeikiAnalytics.exe C:\Windows\System\RyWtPTn.exe
PID 540 wrote to memory of 3168 N/A C:\Users\Admin\AppData\Local\Temp\280022e29d8b75e5af9931f52e8a52f0_NeikiAnalytics.exe C:\Windows\System\RyWtPTn.exe
PID 540 wrote to memory of 6120 N/A C:\Users\Admin\AppData\Local\Temp\280022e29d8b75e5af9931f52e8a52f0_NeikiAnalytics.exe C:\Windows\System\yrMPixz.exe
PID 540 wrote to memory of 6120 N/A C:\Users\Admin\AppData\Local\Temp\280022e29d8b75e5af9931f52e8a52f0_NeikiAnalytics.exe C:\Windows\System\yrMPixz.exe
PID 540 wrote to memory of 4976 N/A C:\Users\Admin\AppData\Local\Temp\280022e29d8b75e5af9931f52e8a52f0_NeikiAnalytics.exe C:\Windows\System\LKyiIGc.exe
PID 540 wrote to memory of 4976 N/A C:\Users\Admin\AppData\Local\Temp\280022e29d8b75e5af9931f52e8a52f0_NeikiAnalytics.exe C:\Windows\System\LKyiIGc.exe
PID 540 wrote to memory of 6004 N/A C:\Users\Admin\AppData\Local\Temp\280022e29d8b75e5af9931f52e8a52f0_NeikiAnalytics.exe C:\Windows\System\GEAYUoR.exe
PID 540 wrote to memory of 6004 N/A C:\Users\Admin\AppData\Local\Temp\280022e29d8b75e5af9931f52e8a52f0_NeikiAnalytics.exe C:\Windows\System\GEAYUoR.exe
PID 540 wrote to memory of 376 N/A C:\Users\Admin\AppData\Local\Temp\280022e29d8b75e5af9931f52e8a52f0_NeikiAnalytics.exe C:\Windows\System\mLaDLYR.exe
PID 540 wrote to memory of 376 N/A C:\Users\Admin\AppData\Local\Temp\280022e29d8b75e5af9931f52e8a52f0_NeikiAnalytics.exe C:\Windows\System\mLaDLYR.exe
PID 540 wrote to memory of 3880 N/A C:\Users\Admin\AppData\Local\Temp\280022e29d8b75e5af9931f52e8a52f0_NeikiAnalytics.exe C:\Windows\System\bNozGKZ.exe
PID 540 wrote to memory of 3880 N/A C:\Users\Admin\AppData\Local\Temp\280022e29d8b75e5af9931f52e8a52f0_NeikiAnalytics.exe C:\Windows\System\bNozGKZ.exe
PID 540 wrote to memory of 3288 N/A C:\Users\Admin\AppData\Local\Temp\280022e29d8b75e5af9931f52e8a52f0_NeikiAnalytics.exe C:\Windows\System\GKqMQaX.exe
PID 540 wrote to memory of 3288 N/A C:\Users\Admin\AppData\Local\Temp\280022e29d8b75e5af9931f52e8a52f0_NeikiAnalytics.exe C:\Windows\System\GKqMQaX.exe
PID 540 wrote to memory of 3492 N/A C:\Users\Admin\AppData\Local\Temp\280022e29d8b75e5af9931f52e8a52f0_NeikiAnalytics.exe C:\Windows\System\JgHPCaw.exe
PID 540 wrote to memory of 3492 N/A C:\Users\Admin\AppData\Local\Temp\280022e29d8b75e5af9931f52e8a52f0_NeikiAnalytics.exe C:\Windows\System\JgHPCaw.exe
PID 540 wrote to memory of 3272 N/A C:\Users\Admin\AppData\Local\Temp\280022e29d8b75e5af9931f52e8a52f0_NeikiAnalytics.exe C:\Windows\System\qmlGQoa.exe
PID 540 wrote to memory of 3272 N/A C:\Users\Admin\AppData\Local\Temp\280022e29d8b75e5af9931f52e8a52f0_NeikiAnalytics.exe C:\Windows\System\qmlGQoa.exe
PID 540 wrote to memory of 5068 N/A C:\Users\Admin\AppData\Local\Temp\280022e29d8b75e5af9931f52e8a52f0_NeikiAnalytics.exe C:\Windows\System\KbcAnpq.exe
PID 540 wrote to memory of 5068 N/A C:\Users\Admin\AppData\Local\Temp\280022e29d8b75e5af9931f52e8a52f0_NeikiAnalytics.exe C:\Windows\System\KbcAnpq.exe

Processes

C:\Users\Admin\AppData\Local\Temp\280022e29d8b75e5af9931f52e8a52f0_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\280022e29d8b75e5af9931f52e8a52f0_NeikiAnalytics.exe"

C:\Windows\System\PwRHamy.exe

C:\Windows\System\PwRHamy.exe

C:\Windows\System\aVOrSjh.exe

C:\Windows\System\aVOrSjh.exe

C:\Windows\System\seJTXFh.exe

C:\Windows\System\seJTXFh.exe

C:\Windows\System\JoPZONg.exe

C:\Windows\System\JoPZONg.exe

C:\Windows\System\skXopUK.exe

C:\Windows\System\skXopUK.exe

C:\Windows\System\qQqJPBK.exe

C:\Windows\System\qQqJPBK.exe

C:\Windows\System\ASxrSro.exe

C:\Windows\System\ASxrSro.exe

C:\Windows\System\kBWfQEA.exe

C:\Windows\System\kBWfQEA.exe

C:\Windows\System\hXDArvm.exe

C:\Windows\System\hXDArvm.exe

C:\Windows\System\SYGcKAa.exe

C:\Windows\System\SYGcKAa.exe

C:\Windows\System\PooQqEn.exe

C:\Windows\System\PooQqEn.exe

C:\Windows\System\BolFour.exe

C:\Windows\System\BolFour.exe

C:\Windows\System\EiCuGrL.exe

C:\Windows\System\EiCuGrL.exe

C:\Windows\System\gCyNuJY.exe

C:\Windows\System\gCyNuJY.exe

C:\Windows\System\oylqKNW.exe

C:\Windows\System\oylqKNW.exe

C:\Windows\System\aedppDR.exe

C:\Windows\System\aedppDR.exe

C:\Windows\System\AhkrYnK.exe

C:\Windows\System\AhkrYnK.exe

C:\Windows\System\KHuxMkU.exe

C:\Windows\System\KHuxMkU.exe

C:\Windows\System\RrOcQBu.exe

C:\Windows\System\RrOcQBu.exe

C:\Windows\System\rNkaPmh.exe

C:\Windows\System\rNkaPmh.exe

C:\Windows\System\cvpBaEH.exe

C:\Windows\System\cvpBaEH.exe

C:\Windows\System\NgXUqUk.exe

C:\Windows\System\NgXUqUk.exe

C:\Windows\System\RyWtPTn.exe

C:\Windows\System\RyWtPTn.exe

C:\Windows\System\yrMPixz.exe

C:\Windows\System\yrMPixz.exe

C:\Windows\System\LKyiIGc.exe

C:\Windows\System\LKyiIGc.exe

C:\Windows\System\GEAYUoR.exe

C:\Windows\System\GEAYUoR.exe

C:\Windows\System\mLaDLYR.exe

C:\Windows\System\mLaDLYR.exe

C:\Windows\System\bNozGKZ.exe

C:\Windows\System\bNozGKZ.exe

C:\Windows\System\GKqMQaX.exe

C:\Windows\System\GKqMQaX.exe

C:\Windows\System\JgHPCaw.exe

C:\Windows\System\JgHPCaw.exe

C:\Windows\System\qmlGQoa.exe

C:\Windows\System\qmlGQoa.exe

C:\Windows\System\KbcAnpq.exe

C:\Windows\System\KbcAnpq.exe

C:\Windows\System\tpxedck.exe

C:\Windows\System\tpxedck.exe

C:\Windows\System\TFUwICf.exe

C:\Windows\System\TFUwICf.exe

C:\Windows\System\CTvdesG.exe

C:\Windows\System\CTvdesG.exe

C:\Windows\System\Hwqsynz.exe

C:\Windows\System\Hwqsynz.exe

C:\Windows\System\cAcqBxx.exe

C:\Windows\System\cAcqBxx.exe

C:\Windows\System\wGIYMmj.exe

C:\Windows\System\wGIYMmj.exe

C:\Windows\System\aaORtsq.exe

C:\Windows\System\aaORtsq.exe

C:\Windows\System\mmFQzlB.exe

C:\Windows\System\mmFQzlB.exe

C:\Windows\System\gPpGkUi.exe

C:\Windows\System\gPpGkUi.exe

C:\Windows\System\pfOBzOW.exe

C:\Windows\System\pfOBzOW.exe

C:\Windows\System\vRqIrfA.exe

C:\Windows\System\vRqIrfA.exe

C:\Windows\System\YptXOUV.exe

C:\Windows\System\YptXOUV.exe

C:\Windows\System\NbKoUWM.exe

C:\Windows\System\NbKoUWM.exe

C:\Windows\System\FQixAKL.exe

C:\Windows\System\FQixAKL.exe

C:\Windows\System\YfeeVtQ.exe

C:\Windows\System\YfeeVtQ.exe

C:\Windows\System\ccxiQfz.exe

C:\Windows\System\ccxiQfz.exe

C:\Windows\System\Dssqnxt.exe

C:\Windows\System\Dssqnxt.exe

C:\Windows\System\PHmyqxc.exe

C:\Windows\System\PHmyqxc.exe

C:\Windows\System\sMCbDuS.exe

C:\Windows\System\sMCbDuS.exe

C:\Windows\System\KDYSfVR.exe

C:\Windows\System\KDYSfVR.exe

C:\Windows\System\zNXtpVU.exe

C:\Windows\System\zNXtpVU.exe

C:\Windows\System\QDZrDku.exe

C:\Windows\System\QDZrDku.exe

C:\Windows\System\UenijSb.exe

C:\Windows\System\UenijSb.exe

C:\Windows\System\FMYRpYu.exe

C:\Windows\System\FMYRpYu.exe

C:\Windows\System\VoHRbDn.exe

C:\Windows\System\VoHRbDn.exe

C:\Windows\System\gfMlGNi.exe

C:\Windows\System\gfMlGNi.exe

C:\Windows\System\tkIRxys.exe

C:\Windows\System\tkIRxys.exe

C:\Windows\System\ywLtHMv.exe

C:\Windows\System\ywLtHMv.exe

C:\Windows\System\fujvhbT.exe

C:\Windows\System\fujvhbT.exe

C:\Windows\System\bOAqoJM.exe

C:\Windows\System\bOAqoJM.exe

C:\Windows\System\rNahTAp.exe

C:\Windows\System\rNahTAp.exe

C:\Windows\System\kGRfZof.exe

C:\Windows\System\kGRfZof.exe

C:\Windows\System\aituxzC.exe

C:\Windows\System\aituxzC.exe

C:\Windows\System\lOaGeSj.exe

C:\Windows\System\lOaGeSj.exe

C:\Windows\System\sMNzYzq.exe

C:\Windows\System\sMNzYzq.exe

C:\Windows\System\YbuQCGB.exe

C:\Windows\System\YbuQCGB.exe

C:\Windows\System\QYUlpSs.exe

C:\Windows\System\QYUlpSs.exe

C:\Windows\System\AcXkyXY.exe

C:\Windows\System\AcXkyXY.exe

C:\Windows\System\GUOIggT.exe

C:\Windows\System\GUOIggT.exe

C:\Windows\System\ohGxhKB.exe

C:\Windows\System\ohGxhKB.exe

C:\Windows\System\ivRDLOC.exe

C:\Windows\System\ivRDLOC.exe

C:\Windows\System\mumUjXJ.exe

C:\Windows\System\mumUjXJ.exe

C:\Windows\System\XRTRWKL.exe

C:\Windows\System\XRTRWKL.exe

C:\Windows\System\cYxFxaW.exe

C:\Windows\System\cYxFxaW.exe

C:\Windows\System\XkBENxQ.exe

C:\Windows\System\XkBENxQ.exe

C:\Windows\System\yLVbZHN.exe

C:\Windows\System\yLVbZHN.exe

C:\Windows\System\ViWovkX.exe

C:\Windows\System\ViWovkX.exe

C:\Windows\System\JDieYgN.exe

C:\Windows\System\JDieYgN.exe

C:\Windows\System\eXuUdai.exe

C:\Windows\System\eXuUdai.exe

C:\Windows\System\LVzHqld.exe

C:\Windows\System\LVzHqld.exe

C:\Windows\System\mAcUUCP.exe

C:\Windows\System\mAcUUCP.exe

C:\Windows\System\nmjQnrM.exe

C:\Windows\System\nmjQnrM.exe

C:\Windows\System\JvNXOjH.exe

C:\Windows\System\JvNXOjH.exe

C:\Windows\System\rUCZLvC.exe

C:\Windows\System\rUCZLvC.exe

C:\Windows\System\zONpxOw.exe

C:\Windows\System\zONpxOw.exe

C:\Windows\System\Jwokwdf.exe

C:\Windows\System\Jwokwdf.exe

C:\Windows\System\YQMnbfV.exe

C:\Windows\System\YQMnbfV.exe

C:\Windows\System\ZwmjziY.exe

C:\Windows\System\ZwmjziY.exe

C:\Windows\System\GJScYxO.exe

C:\Windows\System\GJScYxO.exe

C:\Windows\System\AnAVeMa.exe

C:\Windows\System\AnAVeMa.exe

C:\Windows\System\DBJMwuH.exe

C:\Windows\System\DBJMwuH.exe

C:\Windows\System\obEsbKW.exe

C:\Windows\System\obEsbKW.exe

C:\Windows\System\aDkyzdw.exe

C:\Windows\System\aDkyzdw.exe

C:\Windows\System\PQZHCWw.exe

C:\Windows\System\PQZHCWw.exe

C:\Windows\System\xeLDyuD.exe

C:\Windows\System\xeLDyuD.exe

C:\Windows\System\AaUucKh.exe

C:\Windows\System\AaUucKh.exe

C:\Windows\System\shWzaOn.exe

C:\Windows\System\shWzaOn.exe

C:\Windows\System\nuuoolC.exe

C:\Windows\System\nuuoolC.exe

C:\Windows\System\oHCcnzV.exe

C:\Windows\System\oHCcnzV.exe

C:\Windows\System\PNDJpoQ.exe

C:\Windows\System\PNDJpoQ.exe

C:\Windows\System\HuOmDvS.exe

C:\Windows\System\HuOmDvS.exe

C:\Windows\System\hacVEFW.exe

C:\Windows\System\hacVEFW.exe

C:\Windows\System\EwglYNj.exe

C:\Windows\System\EwglYNj.exe

C:\Windows\System\prIplEg.exe

C:\Windows\System\prIplEg.exe

C:\Windows\System\woqHktz.exe

C:\Windows\System\woqHktz.exe

C:\Windows\System\buqPHDO.exe

C:\Windows\System\buqPHDO.exe

C:\Windows\System\qBLpGtS.exe

C:\Windows\System\qBLpGtS.exe

C:\Windows\System\rnVeHKx.exe

C:\Windows\System\rnVeHKx.exe

C:\Windows\System\KaZqVaY.exe

C:\Windows\System\KaZqVaY.exe

C:\Windows\System\wHDxYHu.exe

C:\Windows\System\wHDxYHu.exe

C:\Windows\System\TFPtakN.exe

C:\Windows\System\TFPtakN.exe

C:\Windows\System\DxGrDYN.exe

C:\Windows\System\DxGrDYN.exe

C:\Windows\System\Plzemtw.exe

C:\Windows\System\Plzemtw.exe

C:\Windows\System\EIUmaqv.exe

C:\Windows\System\EIUmaqv.exe

C:\Windows\System\lLEIvzm.exe

C:\Windows\System\lLEIvzm.exe

C:\Windows\System\rzWuGMs.exe

C:\Windows\System\rzWuGMs.exe

C:\Windows\System\KziiZrx.exe

C:\Windows\System\KziiZrx.exe

C:\Windows\System\qBTwHBD.exe

C:\Windows\System\qBTwHBD.exe

C:\Windows\System\yHVivHW.exe

C:\Windows\System\yHVivHW.exe

C:\Windows\System\Xtfhqms.exe

C:\Windows\System\Xtfhqms.exe

C:\Windows\System\JVBWVTz.exe

C:\Windows\System\JVBWVTz.exe

C:\Windows\System\ZCvbfEe.exe

C:\Windows\System\ZCvbfEe.exe

C:\Windows\System\KhRaMEA.exe

C:\Windows\System\KhRaMEA.exe

C:\Windows\System\anpSPLz.exe

C:\Windows\System\anpSPLz.exe

C:\Windows\System\lJDYhmG.exe

C:\Windows\System\lJDYhmG.exe

C:\Windows\System\hBjLRRr.exe

C:\Windows\System\hBjLRRr.exe

C:\Windows\System\QadJxRs.exe

C:\Windows\System\QadJxRs.exe

C:\Windows\System\VntPuMd.exe

C:\Windows\System\VntPuMd.exe

C:\Windows\System\KGOhXDi.exe

C:\Windows\System\KGOhXDi.exe

C:\Windows\System\tZwmcgT.exe

C:\Windows\System\tZwmcgT.exe

C:\Windows\System\lZqAkHe.exe

C:\Windows\System\lZqAkHe.exe

C:\Windows\System\RiQvJaA.exe

C:\Windows\System\RiQvJaA.exe

C:\Windows\System\OKjALJs.exe

C:\Windows\System\OKjALJs.exe

C:\Windows\System\ORgBdKX.exe

C:\Windows\System\ORgBdKX.exe

C:\Windows\System\yeAFkGc.exe

C:\Windows\System\yeAFkGc.exe

C:\Windows\System\jxxdXYd.exe

C:\Windows\System\jxxdXYd.exe

C:\Windows\System\VuUlhPY.exe

C:\Windows\System\VuUlhPY.exe

C:\Windows\System\DyuQaio.exe

C:\Windows\System\DyuQaio.exe

C:\Windows\System\DOGLLeW.exe

C:\Windows\System\DOGLLeW.exe

C:\Windows\System\MnTYYqc.exe

C:\Windows\System\MnTYYqc.exe

C:\Windows\System\xEbfhlC.exe

C:\Windows\System\xEbfhlC.exe

C:\Windows\System\xpFJikh.exe

C:\Windows\System\xpFJikh.exe

C:\Windows\System\cUEpbNp.exe

C:\Windows\System\cUEpbNp.exe

C:\Windows\System\GcuSSVG.exe

C:\Windows\System\GcuSSVG.exe

C:\Windows\System\gdovuSI.exe

C:\Windows\System\gdovuSI.exe

C:\Windows\System\SXBuVMt.exe

C:\Windows\System\SXBuVMt.exe

C:\Windows\System\LQjIZwg.exe

C:\Windows\System\LQjIZwg.exe

C:\Windows\System\kDxlRjr.exe

C:\Windows\System\kDxlRjr.exe

C:\Windows\System\dFxEPNa.exe

C:\Windows\System\dFxEPNa.exe

C:\Windows\System\ZieiRbk.exe

C:\Windows\System\ZieiRbk.exe

C:\Windows\System\xpqRrFN.exe

C:\Windows\System\xpqRrFN.exe

C:\Windows\System\pBzjtaU.exe

C:\Windows\System\pBzjtaU.exe

C:\Windows\System\TpdbBFL.exe

C:\Windows\System\TpdbBFL.exe

C:\Windows\System\LrEbHyO.exe

C:\Windows\System\LrEbHyO.exe

C:\Windows\System\tQPCONU.exe

C:\Windows\System\tQPCONU.exe

C:\Windows\System\SxOoeLP.exe

C:\Windows\System\SxOoeLP.exe

C:\Windows\System\OqXSgzH.exe

C:\Windows\System\OqXSgzH.exe

C:\Windows\System\otwHgDD.exe

C:\Windows\System\otwHgDD.exe

C:\Windows\System\FKZwtlQ.exe

C:\Windows\System\FKZwtlQ.exe

C:\Windows\System\XEKGINL.exe

C:\Windows\System\XEKGINL.exe

C:\Windows\System\MUfYJUH.exe

C:\Windows\System\MUfYJUH.exe

C:\Windows\System\WTvQAzg.exe

C:\Windows\System\WTvQAzg.exe

C:\Windows\System\tqlUMfl.exe

C:\Windows\System\tqlUMfl.exe

C:\Windows\System\yHihnjD.exe

C:\Windows\System\yHihnjD.exe

C:\Windows\System\HQbirmM.exe

C:\Windows\System\HQbirmM.exe

C:\Windows\System\hrxsIng.exe

C:\Windows\System\hrxsIng.exe

C:\Windows\System\jBazOfW.exe

C:\Windows\System\jBazOfW.exe

C:\Windows\System\foPHHBF.exe

C:\Windows\System\foPHHBF.exe

C:\Windows\System\iDEXxam.exe

C:\Windows\System\iDEXxam.exe

C:\Windows\System\RBHiNpd.exe

C:\Windows\System\RBHiNpd.exe

C:\Windows\System\pkgPYgg.exe

C:\Windows\System\pkgPYgg.exe

C:\Windows\System\YhkkzXN.exe

C:\Windows\System\YhkkzXN.exe

C:\Windows\System\IoZGNKS.exe

C:\Windows\System\IoZGNKS.exe

C:\Windows\System\ATgtsSk.exe

C:\Windows\System\ATgtsSk.exe

C:\Windows\System\utjXjUe.exe

C:\Windows\System\utjXjUe.exe

C:\Windows\System\QEAtnsm.exe

C:\Windows\System\QEAtnsm.exe

C:\Windows\System\TDubkmR.exe

C:\Windows\System\TDubkmR.exe

C:\Windows\System\gbhyyHf.exe

C:\Windows\System\gbhyyHf.exe

C:\Windows\System\jebePTg.exe

C:\Windows\System\jebePTg.exe

C:\Windows\System\FhXofkD.exe

C:\Windows\System\FhXofkD.exe

C:\Windows\System\XDOxQIg.exe

C:\Windows\System\XDOxQIg.exe

C:\Windows\System\lrJBzFn.exe

C:\Windows\System\lrJBzFn.exe

C:\Windows\System\uZjzMzb.exe

C:\Windows\System\uZjzMzb.exe

C:\Windows\System\YlMSWdZ.exe

C:\Windows\System\YlMSWdZ.exe

C:\Windows\System\HitOziu.exe

C:\Windows\System\HitOziu.exe

C:\Windows\System\ULqtpde.exe

C:\Windows\System\ULqtpde.exe

C:\Windows\System\TlOeagV.exe

C:\Windows\System\TlOeagV.exe

C:\Windows\System\cGjGufd.exe

C:\Windows\System\cGjGufd.exe

C:\Windows\System\GrtikMk.exe

C:\Windows\System\GrtikMk.exe

C:\Windows\System\bRXYtFP.exe

C:\Windows\System\bRXYtFP.exe

C:\Windows\System\FZFvqsk.exe

C:\Windows\System\FZFvqsk.exe

C:\Windows\System\mOuyZMD.exe

C:\Windows\System\mOuyZMD.exe

C:\Windows\System\cVqIKxS.exe

C:\Windows\System\cVqIKxS.exe

C:\Windows\System\tlbsGWI.exe

C:\Windows\System\tlbsGWI.exe

C:\Windows\System\yiTdGyN.exe

C:\Windows\System\yiTdGyN.exe

C:\Windows\System\trtxaZG.exe

C:\Windows\System\trtxaZG.exe

C:\Windows\System\yCbwrDf.exe

C:\Windows\System\yCbwrDf.exe

C:\Windows\System\xiwWFCE.exe

C:\Windows\System\xiwWFCE.exe

C:\Windows\System\Nwzfqac.exe

C:\Windows\System\Nwzfqac.exe

C:\Windows\System\hVCcDQs.exe

C:\Windows\System\hVCcDQs.exe

C:\Windows\System\wjDprbu.exe

C:\Windows\System\wjDprbu.exe

C:\Windows\System\srTLhMU.exe

C:\Windows\System\srTLhMU.exe

C:\Windows\System\kapJcqk.exe

C:\Windows\System\kapJcqk.exe

C:\Windows\System\RGeNVyd.exe

C:\Windows\System\RGeNVyd.exe

C:\Windows\System\MNJQsOT.exe

C:\Windows\System\MNJQsOT.exe

C:\Windows\System\CvvGfSW.exe

C:\Windows\System\CvvGfSW.exe

C:\Windows\System\pYaJvpq.exe

C:\Windows\System\pYaJvpq.exe

C:\Windows\System\tTEbajP.exe

C:\Windows\System\tTEbajP.exe

C:\Windows\System\WLmGvgu.exe

C:\Windows\System\WLmGvgu.exe

C:\Windows\System\IRQAndI.exe

C:\Windows\System\IRQAndI.exe

C:\Windows\System\SCnGToM.exe

C:\Windows\System\SCnGToM.exe

C:\Windows\System\YtQlgrd.exe

C:\Windows\System\YtQlgrd.exe

C:\Windows\System\ZjRvHZv.exe

C:\Windows\System\ZjRvHZv.exe

C:\Windows\System\yYTiNcp.exe

C:\Windows\System\yYTiNcp.exe

C:\Windows\System\BYsWtnP.exe

C:\Windows\System\BYsWtnP.exe

C:\Windows\System\PLNlWkb.exe

C:\Windows\System\PLNlWkb.exe

C:\Windows\System\BJyXpcs.exe

C:\Windows\System\BJyXpcs.exe

C:\Windows\System\dlvFlSD.exe

C:\Windows\System\dlvFlSD.exe

C:\Windows\System\xdnCgud.exe

C:\Windows\System\xdnCgud.exe

C:\Windows\System\MKAIGxl.exe

C:\Windows\System\MKAIGxl.exe

C:\Windows\System\ZnHydJd.exe

C:\Windows\System\ZnHydJd.exe

C:\Windows\System\qEpSsiF.exe

C:\Windows\System\qEpSsiF.exe

C:\Windows\System\YAnItUP.exe

C:\Windows\System\YAnItUP.exe

C:\Windows\System\mbqwbDK.exe

C:\Windows\System\mbqwbDK.exe

C:\Windows\System\pfxSDsr.exe

C:\Windows\System\pfxSDsr.exe

C:\Windows\System\cbTsBlL.exe

C:\Windows\System\cbTsBlL.exe

C:\Windows\System\MljmomR.exe

C:\Windows\System\MljmomR.exe

C:\Windows\System\crZtHzg.exe

C:\Windows\System\crZtHzg.exe

C:\Windows\System\OaMWYSw.exe

C:\Windows\System\OaMWYSw.exe

C:\Windows\System\vYMQTDV.exe

C:\Windows\System\vYMQTDV.exe

C:\Windows\System\OsxdkWz.exe

C:\Windows\System\OsxdkWz.exe

C:\Windows\System\ZqdHDAX.exe

C:\Windows\System\ZqdHDAX.exe

C:\Windows\System\mThMFxy.exe

C:\Windows\System\mThMFxy.exe

C:\Windows\System\uvnBdJe.exe

C:\Windows\System\uvnBdJe.exe

C:\Windows\System\QXmDEgC.exe

C:\Windows\System\QXmDEgC.exe

C:\Windows\System\NhDYptz.exe

C:\Windows\System\NhDYptz.exe

C:\Windows\System\MUwOXUq.exe

C:\Windows\System\MUwOXUq.exe

C:\Windows\System\azfOvkm.exe

C:\Windows\System\azfOvkm.exe

C:\Windows\System\ZMsiZgq.exe

C:\Windows\System\ZMsiZgq.exe

C:\Windows\System\yMtVbAI.exe

C:\Windows\System\yMtVbAI.exe

C:\Windows\System\RprpEFu.exe

C:\Windows\System\RprpEFu.exe

C:\Windows\System\AlqdcRF.exe

C:\Windows\System\AlqdcRF.exe

C:\Windows\System\veINfDb.exe

C:\Windows\System\veINfDb.exe

C:\Windows\System\jmwGUgp.exe

C:\Windows\System\jmwGUgp.exe

C:\Windows\System\vuWokHK.exe

C:\Windows\System\vuWokHK.exe

C:\Windows\System\cGZgjzw.exe

C:\Windows\System\cGZgjzw.exe

C:\Windows\System\laoEKzd.exe

C:\Windows\System\laoEKzd.exe

C:\Windows\System\GVMlEzn.exe

C:\Windows\System\GVMlEzn.exe

C:\Windows\System\qUnPdfl.exe

C:\Windows\System\qUnPdfl.exe

C:\Windows\System\Szmbcjt.exe

C:\Windows\System\Szmbcjt.exe

C:\Windows\System\tOJFIuG.exe

C:\Windows\System\tOJFIuG.exe

C:\Windows\System\WgZOnXo.exe

C:\Windows\System\WgZOnXo.exe

C:\Windows\System\DIinoKh.exe

C:\Windows\System\DIinoKh.exe

C:\Windows\System\ipNjjvk.exe

C:\Windows\System\ipNjjvk.exe

C:\Windows\System\pLxBdMq.exe

C:\Windows\System\pLxBdMq.exe

C:\Windows\System\MAtrnPW.exe

C:\Windows\System\MAtrnPW.exe

C:\Windows\System\QNMJUzT.exe

C:\Windows\System\QNMJUzT.exe

C:\Windows\System\hgZpKBe.exe

C:\Windows\System\hgZpKBe.exe

C:\Windows\System\FQFnwwD.exe

C:\Windows\System\FQFnwwD.exe

C:\Windows\System\JeOjktS.exe

C:\Windows\System\JeOjktS.exe

C:\Windows\System\cAgIQVk.exe

C:\Windows\System\cAgIQVk.exe

C:\Windows\System\oMeVjkq.exe

C:\Windows\System\oMeVjkq.exe

C:\Windows\System\LVWtxHm.exe

C:\Windows\System\LVWtxHm.exe

C:\Windows\System\oNpQlXw.exe

C:\Windows\System\oNpQlXw.exe

C:\Windows\System\QiQMhmH.exe

C:\Windows\System\QiQMhmH.exe

C:\Windows\System\xuAGJpL.exe

C:\Windows\System\xuAGJpL.exe

C:\Windows\System\CpGXkMH.exe

C:\Windows\System\CpGXkMH.exe

C:\Windows\System\xsduPWx.exe

C:\Windows\System\xsduPWx.exe

C:\Windows\System\uxDmpAy.exe

C:\Windows\System\uxDmpAy.exe

C:\Windows\System\gpTdznK.exe

C:\Windows\System\gpTdznK.exe

C:\Windows\System\dOQpTBY.exe

C:\Windows\System\dOQpTBY.exe

C:\Windows\System\ufHaBfQ.exe

C:\Windows\System\ufHaBfQ.exe

C:\Windows\System\aaGEYNr.exe

C:\Windows\System\aaGEYNr.exe

C:\Windows\System\FvOZjfZ.exe

C:\Windows\System\FvOZjfZ.exe

C:\Windows\System\CUdCwTU.exe

C:\Windows\System\CUdCwTU.exe

C:\Windows\System\fpPhQYK.exe

C:\Windows\System\fpPhQYK.exe

C:\Windows\System\UPhuTuB.exe

C:\Windows\System\UPhuTuB.exe

C:\Windows\System\griDBTF.exe

C:\Windows\System\griDBTF.exe

C:\Windows\System\DrtTvaa.exe

C:\Windows\System\DrtTvaa.exe

C:\Windows\System\xlWVuiD.exe

C:\Windows\System\xlWVuiD.exe

C:\Windows\System\cBBNdti.exe

C:\Windows\System\cBBNdti.exe

C:\Windows\System\nqTXwCP.exe

C:\Windows\System\nqTXwCP.exe

C:\Windows\System\FWQDNBT.exe

C:\Windows\System\FWQDNBT.exe

C:\Windows\System\ptyELrS.exe

C:\Windows\System\ptyELrS.exe

C:\Windows\System\LQXBbMM.exe

C:\Windows\System\LQXBbMM.exe

C:\Windows\System\KqcioMr.exe

C:\Windows\System\KqcioMr.exe

C:\Windows\System\KdpsqEh.exe

C:\Windows\System\KdpsqEh.exe

C:\Windows\System\vecLEoI.exe

C:\Windows\System\vecLEoI.exe

C:\Windows\System\MPaqkuk.exe

C:\Windows\System\MPaqkuk.exe

C:\Windows\System\JpYHDdZ.exe

C:\Windows\System\JpYHDdZ.exe

C:\Windows\System\HyjFfHe.exe

C:\Windows\System\HyjFfHe.exe

C:\Windows\System\ZuJlbjU.exe

C:\Windows\System\ZuJlbjU.exe

C:\Windows\System\gBBiRTz.exe

C:\Windows\System\gBBiRTz.exe

C:\Windows\System\ZKtWxjj.exe

C:\Windows\System\ZKtWxjj.exe

C:\Windows\System\baQPMZu.exe

C:\Windows\System\baQPMZu.exe

C:\Windows\System\JRqwrig.exe

C:\Windows\System\JRqwrig.exe

C:\Windows\System\OUnQkuZ.exe

C:\Windows\System\OUnQkuZ.exe

C:\Windows\System\SUAvxVN.exe

C:\Windows\System\SUAvxVN.exe

C:\Windows\System\hzeJEQp.exe

C:\Windows\System\hzeJEQp.exe

C:\Windows\System\sIWlXoT.exe

C:\Windows\System\sIWlXoT.exe

C:\Windows\System\YvsJiSE.exe

C:\Windows\System\YvsJiSE.exe

C:\Windows\System\BszKAYV.exe

C:\Windows\System\BszKAYV.exe

C:\Windows\System\XBMPpFo.exe

C:\Windows\System\XBMPpFo.exe

C:\Windows\System\JEfjZCF.exe

C:\Windows\System\JEfjZCF.exe

C:\Windows\System\DQTpxIc.exe

C:\Windows\System\DQTpxIc.exe

C:\Windows\System\TOiQuPa.exe

C:\Windows\System\TOiQuPa.exe

C:\Windows\System\POTBmlt.exe

C:\Windows\System\POTBmlt.exe

C:\Windows\System\UtZvfap.exe

C:\Windows\System\UtZvfap.exe

C:\Windows\System\KsuipGm.exe

C:\Windows\System\KsuipGm.exe

C:\Windows\System\dduAiUx.exe

C:\Windows\System\dduAiUx.exe

C:\Windows\System\TGSFJIS.exe

C:\Windows\System\TGSFJIS.exe

C:\Windows\System\VNSiiwU.exe

C:\Windows\System\VNSiiwU.exe

C:\Windows\System\ZLTJJkp.exe

C:\Windows\System\ZLTJJkp.exe

C:\Windows\System\venYbJG.exe

C:\Windows\System\venYbJG.exe

C:\Windows\System\MjmFEDb.exe

C:\Windows\System\MjmFEDb.exe

C:\Windows\System\qcnZIju.exe

C:\Windows\System\qcnZIju.exe

C:\Windows\System\XHoAtGc.exe

C:\Windows\System\XHoAtGc.exe

C:\Windows\System\eyWoIIA.exe

C:\Windows\System\eyWoIIA.exe

C:\Windows\System\pXaTYQL.exe

C:\Windows\System\pXaTYQL.exe

C:\Windows\System\jEOZBBg.exe

C:\Windows\System\jEOZBBg.exe

C:\Windows\System\NZIUMnn.exe

C:\Windows\System\NZIUMnn.exe

C:\Windows\System\HtoyaBT.exe

C:\Windows\System\HtoyaBT.exe

C:\Windows\System\tXqXcJd.exe

C:\Windows\System\tXqXcJd.exe

Network

Country Destination Domain Proto
US 8.8.8.8:53 228.249.119.40.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 76.32.126.40.in-addr.arpa udp
DE 3.120.209.58:8080 tcp
US 8.8.8.8:53 58.55.71.13.in-addr.arpa udp
US 8.8.8.8:53 183.59.114.20.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp
US 8.8.8.8:53 0.205.248.87.in-addr.arpa udp
DE 3.120.209.58:8080 tcp
US 8.8.8.8:53 14.227.111.52.in-addr.arpa udp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp

Files

memory/540-0-0x00007FF7C9930000-0x00007FF7C9C84000-memory.dmp

memory/540-1-0x000002CB33F40000-0x000002CB33F50000-memory.dmp

C:\Windows\System\PwRHamy.exe

MD5 df57a4e5a51ac052a73fd4a0a1aaa91e
SHA1 2a7bdd8a3eebcbc5122b7f5a36970c9268d393c0
SHA256 6d22093a0a720723887b620e25008635ca5253225c106a29e6c0414e7b624b62
SHA512 9f23537745cb27ba568178d475a7201e75f2a96be21e4b445af15f849c07cf0aa67a6a2bb38ebdc01df85abe17d4b96a512deab1bf8fc4a7da933416c0d6a6e2

C:\Windows\System\ASxrSro.exe

MD5 3cd3926c31c883cdcf133537d7ef6681
SHA1 ed2f452d058c1d4d9f753e49abf030d61a52f139
SHA256 92b938abaa0cb0df4c26070392bb776a15c45bd31be8f848b9c7580f4b73b9e7
SHA512 b81ba0a3a73387d8060a27f8e57a7275114ad63336655fbedc774643efc349958b138316a57c15c78a039ba33b0713e00e22b9e0774f1ade415b8b73b41179af

C:\Windows\System\qQqJPBK.exe

MD5 4d669d97b0fdc82baea5d179878ddd5e
SHA1 5f89de04897222ae5f1b51d8ba520e14131e946c
SHA256 4ca6262bdc99279741617211bbb240bdfdb7b80c9b6f05a2ed702a0c302f3a8a
SHA512 edfacbdeeb3dab79da1927f6eb4e406b511ef28fb55de6d90fd22135e357f9e4c6cddffd92069190a59714a25600d8b549abefa08137333fee9cd30587eb9044

memory/2296-104-0x00007FF64E320000-0x00007FF64E674000-memory.dmp

C:\Windows\System\RyWtPTn.exe

MD5 502d29d7b740dd569b54bb8f04d4ba8d
SHA1 e059b4882bcd49a03fb38e6a53e3b6d6dc0172fb
SHA256 ad2fb21a1f1197df1608170607f1fa2ba2901e3052903e8d5fa9b19d4feb8c84
SHA512 d2a2d4551ea15dcfc57d524cbff32087e637d4ac1e22e44a031ab16f8b25872af07ae57c7c25247c8c26a7ac1fa1be2c51acad78d6677429c37aafb1d9cca7e1

memory/6120-200-0x00007FF675280000-0x00007FF6755D4000-memory.dmp

memory/3880-206-0x00007FF757020000-0x00007FF757374000-memory.dmp

memory/5564-214-0x00007FF61C0F0000-0x00007FF61C444000-memory.dmp

memory/376-218-0x00007FF715FF0000-0x00007FF716344000-memory.dmp

memory/3168-217-0x00007FF6BBB10000-0x00007FF6BBE64000-memory.dmp

memory/5200-216-0x00007FF6D3CA0000-0x00007FF6D3FF4000-memory.dmp

memory/540-1069-0x00007FF7C9930000-0x00007FF7C9C84000-memory.dmp

memory/6052-213-0x00007FF712520000-0x00007FF712874000-memory.dmp

memory/1224-212-0x00007FF681F70000-0x00007FF6822C4000-memory.dmp

memory/3288-211-0x00007FF7FBA30000-0x00007FF7FBD84000-memory.dmp

memory/6004-202-0x00007FF655EA0000-0x00007FF6561F4000-memory.dmp

memory/4976-201-0x00007FF623E70000-0x00007FF6241C4000-memory.dmp

memory/5368-187-0x00007FF6B6160000-0x00007FF6B64B4000-memory.dmp

C:\Windows\System\CTvdesG.exe

MD5 2241c663b8cfad1cd87cc11a65b45839
SHA1 b52d92c9f35efbb6f3f90beb6c65fff5c52b4c3c
SHA256 d07b6645dc46888b0e272caadbbca907e96fdf368753f540d8be9c5eec0c3ae8
SHA512 2f87ae070e9b682862dd132272fb0c2c5883170c7addbf6018f5c74e2313216231e551ee0c77c8822d97785422146f496f900329931ac6e179c2819c26d1bac5

C:\Windows\System\TFUwICf.exe

MD5 87bc1baa4ad5040e346bdea367a60476
SHA1 57bc44f3dd5596265e315ee98bb401248303206c
SHA256 3baa3c558ffe84ae228f02ed422ce117ecf1a570417732664f6dd2a82271764d
SHA512 d3c4b843daafafd50a5e0266e8d82f7b0c5435d48a48e93e7c22786b40f625b72b1ac7b1713d8c0afba022acef57debec39df77502f1875e98f0461b912c8758

C:\Windows\System\bNozGKZ.exe

MD5 1ef2bc596119d2a4c2b92ed60cfe6fd8
SHA1 f28a07f20504b6825a533407e568c154b92a7968
SHA256 1f83b650a4465826f2d6035e67ba91e4807fa8025af9c4e39c7750a0e7994743
SHA512 6c04749431c7ff5f081e4fe00f055cbf3c459ed3a84c6347e5c7d3fd298f9bba85a78890516669134a4e052cf2f94abe6207da3d7a9909c9f8d6ce84947d23cb

C:\Windows\System\tpxedck.exe

MD5 30dd34a1d2b29c9bba1e0c4aec7099d3
SHA1 fabe8cd91746540376669c1ca99186960442a4d5
SHA256 f3dd3d26a56d81c2870125f3894ae79825103aeafc6d31dd74b99bb68fbf4c5c
SHA512 6b3557d80958fa1b7becdc21ba36bc5d05364d604f0bb914972046a86bded68c2f97d66d12069eeb83b866415d898d2fea81b21cf1a6226ec9f50ec57eeaa102

C:\Windows\System\tpxedck.exe

MD5 d9c5cbac1977f5aa86b5ce1fdd312d93
SHA1 abaecb0e21367c78824acc9ba02440539ed5d01e
SHA256 b628b5a02b47554134871be2af82a93400d3787f6ddcf9cc6f1c4b34930ceb9c
SHA512 5a25fb8416b04c9b4548ae8005f389316beda9db2fe438dc2d221401c8031af359f3c9c95766bd5a9ef509ba9b76d5d31de4d6200c652fa18a2c48151c1267f6

C:\Windows\System\GEAYUoR.exe

MD5 550f0ada7642babe13e58b4caf53005c
SHA1 f13808a07f09faa8f3e690f75b738e7fb151536e
SHA256 0380eba503db456d0781acdf47b3823574dffeb9576a95161947c533b3d5893f
SHA512 3d24669af7123a381ec1e8141449a2fe108531a74e125e8b0ff723f16cb7e5000386b569325600bd0e2b6dc0dd7a3617f77a4ea914b027243e740bb06ba45108

C:\Windows\System\KbcAnpq.exe

MD5 7aadba19cd56c11dce5bf1e5fb9686e3
SHA1 9e088ba26d376cd9591c68fa771d3e313711b193
SHA256 f68cfb4208051cdaa65e631e49be0911ed9028268130d169315e1bdaaf852e8d
SHA512 26a7cf1b0d9c28277ab1bdb5cd5461b93766c93bdb655d896aa1bfa7f01ec8c16610b8d41b9e907cf0f0890bedbd2e1a753299516d3e199a6406a13b479e4298

C:\Windows\System\mLaDLYR.exe

MD5 c3f75ab88b9c139c1a7cb35d7d87c5f0
SHA1 4bb5b73745d783dea01ef2a43ab407ff4dc42114
SHA256 55ed96bf7b23daec5c364fce4974e414a67f59775ab6ad4b7e27814a7938b29b
SHA512 184c90f4d51dd3f8e2125a2c84138968070db0a977a3a76347a93275bc26c7b90d30ecafbe0f0b323b389788842957285c708a0031123a392c58e07be65bae19

memory/3376-164-0x00007FF74F0E0000-0x00007FF74F434000-memory.dmp

C:\Windows\System\JgHPCaw.exe

MD5 e0ebab65a3150c85fbf862467927a419
SHA1 efa6c8e82d7701b328d75f0c96bf6d2e7ae47dbf
SHA256 4c3d2b9ca8da7a598b3909c5bf214022c8871a6c3fbccc73d9b154b73a81a2a9
SHA512 9ffac8c6d0a229274e9f9c48e98903d953834e9b0cc8d91077481f529e8f56196c24a3c9405aac894f5170eb02cb9c62d5465ae455d4452fbc59f281d3a2184b

memory/3944-159-0x00007FF600B00000-0x00007FF600E54000-memory.dmp

C:\Windows\System\qmlGQoa.exe

MD5 3c19d25729ee19f49e1ed2dc8262d729
SHA1 c829eb764bb6b5feb1f440a8ca4f40f2c3c0e980
SHA256 3aaa6370769f8f66874aecccbaf3b3661eed4270fad627ba42305c0b65e6d490
SHA512 9bbf46b3433363017efb09a87987e84ce6bd48210eedc849832ffba86ce874618fc1d54db2158603be9752c2507966392b703aa6bcef46d5ea79f565b8c65269

C:\Windows\System\GKqMQaX.exe

MD5 974bab954f81ec81b8cb1d182b988eac
SHA1 12fbb89c4f0fac37a8ac91c673d2a4e2537576ce
SHA256 3a143fcae6d3c48a9f7b256d0f333f18c272b94cac207cf1f1e282848d9ba809
SHA512 ec7221a3edbc7ef94929e5c8a372263de93587326b0a5150942d28fb2f6c3e84f6e3cedad38db793421d8d6393c5b4bf968e1044fe01d9b5b2d073fac721495c

C:\Windows\System\NgXUqUk.exe

MD5 3c04ae06dd0f4309d2b6daad959c47e7
SHA1 fbeb5d1024671e8ff35f7a78aa71dd7ecac8aa0f
SHA256 da99e37abc9c4ea4f2e46f3f9a26f6cf861b33bb7055ac9ec113ef85adfa5490
SHA512 dbb1c7718ce49ddef56a749457d1342fd03c8c3fa459b68ebd9c8057c48de383ed9ef4a9e8758a7b68f3dddf00447ff85371f9a6b7d03f33aa0c7312ea8d9f4e

C:\Windows\System\cvpBaEH.exe

MD5 08458d60e9e2ca4764af812d12e2903c
SHA1 fa5d13282a5184839d0c4fe7a4d994bfabca4c00
SHA256 5aaec09ebca9ae617987edc67dfdea9263ba22e346121fcdce1de562c41d71ab
SHA512 4d30f33ea985512237b56eed3c9ff98f1e32cf6bef672dcf7c3dfe579af429516c7a032ee4124628ee623c070970ee0174fb07f10f4c8919ff210100ce1cc36f

memory/2864-134-0x00007FF7CE700000-0x00007FF7CEA54000-memory.dmp

C:\Windows\System\LKyiIGc.exe

MD5 4dfa747eba85ecb5e7e477d6dc563038
SHA1 4423b59436655aeeec89b7cd082c11a7b10a1e98
SHA256 d1c3b1a04f1ab5fa09d8ef6bf5c4249dca4392a829e239e84d91d4aec4be1095
SHA512 4e6083cd35a3d4bc85b8abceaddf486c7d7a4ff68a83393eb2155ffea0b5111c9ebf63010b2f2e2d9628f188e661d8773d09e2396871b6c20cb5e8ecc4479a0e

C:\Windows\System\aedppDR.exe

MD5 ceedd3e95adce8073ceb500eec5d3e90
SHA1 872cc77deb9a78a4d380d54618446b39b9f0cc9e
SHA256 510193229b66dc786efabc83119ef6a8f53e0ed45c76f8c415496ab6f592133a
SHA512 6928abe13b1bde08149ea3b52aa98a1e45e79b630c61b5661a5c5c1e7b818b22974e152cb1f07a964283baa3a3c38fd2928419d4e170ed690d41084b1cbc528c

memory/4600-118-0x00007FF7AFCA0000-0x00007FF7AFFF4000-memory.dmp

C:\Windows\System\KHuxMkU.exe

MD5 a28996905b6540dfe67b06adc3d7d8f5
SHA1 d1d247cf2192f3e4fc21aa871f1b6fe40d6d46e2
SHA256 4f2f9596ffbdcf36739dc432aac4efc08a7ca8ebac338c508c66faa7d16b9cfa
SHA512 12a80b56f8bf535ab01ac865dd0f9c0d8739346a906d74d3179c9cde3d6ec47ea3f70c0689e3093237d1be5c94cb06cc6855a192344092245984655f2e982037

C:\Windows\System\yrMPixz.exe

MD5 4a2ff536aff52670ead13da271776cd4
SHA1 f9db93be922c0246c9a162f3f03cfebf6126c582
SHA256 6d064a7987b0bd79f3493c398d103883e2827073014a41bbf1726bd64f030a61
SHA512 bac12ed39448cf48f44e2ce072362af7ab38d505f819e49adefa917c0beaa8d53da921211830aa7e3ebeb017e5535428eabab99fa537b1f191b25a9f712b45ea

C:\Windows\System\oylqKNW.exe

MD5 783235e6dac21b83c34e898560fcc00e
SHA1 74828dbeb77581b3e0d40ae73b5c5eb738905138
SHA256 cda9df00aa1324a6fb50a4ea12a43b15c32770a1d137ec5296a2db7addaed14a
SHA512 ea7cf1002e67e27e0fd7ec6c2d7ed7b42775dc7aefe76bf2c663c3a07d18b53c13e403b662f5160e74250130c3a25bf6f047c0f059f99f42e23e591aee6552cb

C:\Windows\System\rNkaPmh.exe

MD5 088b80c53e6be70e3464682b9c09b41c
SHA1 11c0d1510f1fea81b33c0a8118bb9ca2b5b8e02f
SHA256 2e8699fa9e8c7149d5a90b5386121bf2d1a9734ef60d20f7c2ed1bab5c992170
SHA512 da568eda4db9ec3fc0095f702cd417cd5be1f4464e9fd09815864f0d090407e914684e6083ce5c805f1579695851712b9ad04773bd1ba3b43ac2f6601b5cc553

C:\Windows\System\SYGcKAa.exe

MD5 9f5cdcbaea751d45793971ab4698e9df
SHA1 ddc0103a413f726018c4e881598ed0afeb429f7b
SHA256 49235239226970b638e9cb6296de2f5a98b3b33c386e668e4fb54572757be1f4
SHA512 ed426d6ef7b3cd8f068dc113d5ef44a87fde2a4786e3e6b62cdf258fe38f869e83e637980ebaab02655b78a6fe160ece999220d6be2e31caf08a1978f0aec28e

C:\Windows\System\RrOcQBu.exe

MD5 f3308598d741a71b1b596659548795ff
SHA1 94e494fa4532b3db0a7027db0d0ac766a75159b5
SHA256 e2d96c873146a0bcf9822ed87cf3d771862339b648348f43f13b80c1566f3044
SHA512 b9bac1b027e16663cd06ced70db2bf036111429e138c8fa0ad4d72e3e7763028a943a568d7561b1f2443e12c9355744d0afd65799dc09acf5725073bb8e59552

C:\Windows\System\gCyNuJY.exe

MD5 0f174cdf9091be78772f6094e2333a9b
SHA1 ef6604a418694ba6873323cda3e65049a398759e
SHA256 4b31855334cde3ce2d1f20aa5b9137d4ded58ab9f033075cef6c133de8cfd421
SHA512 0b863a56e187eda8863e58dcc7e9b801fd9ba5031eaad7a4f2d85ba24f501fba29376157c484c4556501ea3c478819bed59922e6a253d41ceb89b159bd4bf777

C:\Windows\System\oylqKNW.exe

MD5 43b8a389733cc0213495bd41c509a5d1
SHA1 85060181b53c223597ec267099ed623ef95c8fce
SHA256 b5daa3edad945fb58d239f60e48a5feced72e05a74d82fb7b8fc164b786e50a7
SHA512 cb9ac9b6a50db10bb97f4c8ffa8988674e61e9fdce81bd5e8ddafa82c19c2145b00f6031f94ec0101b53eb619e91eeff1f60bab17f8a4a192cb3dcdc725f199b

C:\Windows\System\AhkrYnK.exe

MD5 9ce1afcd225c1cfcfde07f735ee8977b
SHA1 6eae438f99d91572aecc81813cdb63128a7796ec
SHA256 5fd3879c0dde037cb0ed052c573983792433d0448a26ec4ba5944fc9263d9271
SHA512 5747527b5fda5bb7db318b705dc76b9dbdd67048bcfaa04db3cc6e7db31fabab7ce2ca24b820e078c3d6a98e4638ca7b2db684305c41101e7a3130c9bceca9e3

memory/2052-89-0x00007FF6D68A0000-0x00007FF6D6BF4000-memory.dmp

memory/2876-85-0x00007FF6DECF0000-0x00007FF6DF044000-memory.dmp

C:\Windows\System\EiCuGrL.exe

MD5 e10c2e34523b3b756bfa39784f141647
SHA1 a38cdb49e37e8da38fd7221a71c4404326c70f94
SHA256 e5c4c36459422da73d72ff96bda9bb6f733f48ffd1141c7e99c0864cf3a9f4f3
SHA512 bec4eb93ed203bf4144605eb77610aa8ca4e979d227f346fe74320fd648b4dd51aea4c3b996701b156b4c8fc6f8917ad33c77881a733b22e5565f0c303799c69

C:\Windows\System\PooQqEn.exe

MD5 dba0e2df9257edc3f9a2409dc3962fd7
SHA1 748cd3de3246e91c9794ecf57e810afdc63e0338
SHA256 a25868a8389da33ac114447252b234d4195ba40af38132e3ff90081ce8fda724
SHA512 6ab9da7fc6b9e75d039042cba8bc6f3d956fe38824acd97224528c47acea84f7f924e202c30d76d81e673e6115cc78222fc6ecfc466872627ea3596db4aa4196

memory/1392-73-0x00007FF70A930000-0x00007FF70AC84000-memory.dmp

C:\Windows\System\BolFour.exe

MD5 607e1c7725ed12ae189c208cc2e5135c
SHA1 a8f3f41af050db8d0c5e6c7acbefd2a7a10c4076
SHA256 a622d6b58d1d0cc65d01d828cb200f4a1c2b93610054ffccd2a91017f4620aa6
SHA512 7f1cfcb8e0c0498feca1cbe0de541f0b035a448ef9a7e9de3c79dd2949dd1361ca7f03de859b87f070fc69b2cb3c73a948a3054db66277fa38d13989c4f6be01

C:\Windows\System\hXDArvm.exe

MD5 8b84fd4c20cea172354684c5063c03fb
SHA1 ab2e2d6aa75029e2fe6e6fb4ca45ad4966596471
SHA256 6efc48d20363673000ee450443aa172c49dd51f416d7e955f5576db7f890f59c
SHA512 32c4e6a0c6e0c461dc2ba935ae4fb1b30233f594d35a24c454d1b8768e54fd0466d97828c1f206c2dee8060742388b7056448809f5cefa6196233a568f042126

memory/5244-61-0x00007FF686B10000-0x00007FF686E64000-memory.dmp

memory/2180-57-0x00007FF7981C0000-0x00007FF798514000-memory.dmp

C:\Windows\System\JoPZONg.exe

MD5 3e17f2119ee3fe7ccfd88832294798f1
SHA1 2a7b3a6e8977567468fe0b8ea0bb5a8cdc486ba2
SHA256 9f5af45ebc0959961cd9361b2b652426c1e6bd4fde52f0b76c152ac4665b9198
SHA512 903d8a10ac0cd55937c4ff765c0d91faf8a2e36f5c6f84826135cff07366aeb7f1c7c25903dc73979cba5ca2e767a21b0764ff10de01a70d9fe53b834c4c1b68

C:\Windows\System\kBWfQEA.exe

MD5 cb1e55ea7c969ab57c20e01897204768
SHA1 a4d2fe5eaf8b4317966e773d1d4ea6555c59cfe6
SHA256 8e5f138e66eebad527b978996e6a1fe34b14bbd1ff1c445223cc71a8a95f2f90
SHA512 4eed42751ccb681389e673c4e36765bf978355330a82858b00f4b4ddeb24257e451d1205dc3010508a700ecdf85ea1e4629bbec846f5fe5b01e23076d8679279

memory/4324-48-0x00007FF619D70000-0x00007FF61A0C4000-memory.dmp

memory/3460-1072-0x00007FF75A8D0000-0x00007FF75AC24000-memory.dmp

memory/2260-1071-0x00007FF67C860000-0x00007FF67CBB4000-memory.dmp

memory/1544-1070-0x00007FF6C8AC0000-0x00007FF6C8E14000-memory.dmp

memory/2260-38-0x00007FF67C860000-0x00007FF67CBB4000-memory.dmp

memory/3460-40-0x00007FF75A8D0000-0x00007FF75AC24000-memory.dmp

memory/3556-26-0x00007FF793EC0000-0x00007FF794214000-memory.dmp

memory/1544-30-0x00007FF6C8AC0000-0x00007FF6C8E14000-memory.dmp

C:\Windows\System\skXopUK.exe

MD5 43e4f9c27269199c2bfc80433ff01618
SHA1 460107a01f1a65a904414add83c93d9e72568436
SHA256 2498f8b01dc32fd1a579b3f6a2aeb1b5aa248901a94408ae4d587f9cb643d518
SHA512 d64f6d2fb2a548468cc6fd4367306a203dfa216d3115cecd1103b2b4e72fcdcd0a45716bdc61a6bad95ebd5e876a88e9c1a6e5b4ba8710a33d239e96a25ff14b

C:\Windows\System\skXopUK.exe

MD5 20f97ec72cad6a22d905e8468e2cfb59
SHA1 b48f8dc269fc913f12095b6b711be988b1bedfd8
SHA256 cac53737055fbfbacb860481b8a9e104596769f3d42270f6053d1614df6951c4
SHA512 1f68b4dfb24fa0a65637baa083c171535a9ac58c3c9ebf76f859deaea5251875c35cc1674fca8a9f3849004c151cc1de1efad96da98ba8e52c03ab5f19a843da

memory/5016-21-0x00007FF692300000-0x00007FF692654000-memory.dmp

C:\Windows\System\seJTXFh.exe

MD5 fae18b6eab6132e2e723525b54ead025
SHA1 4d13acbc3f7980915baec3dd654ee2d67877afc4
SHA256 02e3e5e881fb96024d5357cd48246ae3cfbdc9d4cf349a92bf5c5ac1f6ff61d4
SHA512 730027260d0c9da8c9ea18a95b78e3b1df2ced961c8002de5969f18f562f16cf63e6819a0137beb5adb07de343a32dac7557f0276381dade657c249611fafbef

C:\Windows\System\aVOrSjh.exe

MD5 84576b5a866ce0e76d94c94d714efd2b
SHA1 7b43f1f1b66f0232e937db382aa2657cc750fe91
SHA256 fd709cfd53293487ec0900761ff4f95d4b3b762241fd5f4ff47adbee08f548bd
SHA512 c09c33efd18070a13768e6bb6bfe18aa3de81c9c2f8f6055110242e835b86b18c23f40d156e7e937a2a8f2bcde2632913a9f1d9255f7ea6798b861c7d9c006c3

memory/2856-13-0x00007FF7604F0000-0x00007FF760844000-memory.dmp

memory/4324-1073-0x00007FF619D70000-0x00007FF61A0C4000-memory.dmp

memory/2876-1076-0x00007FF6DECF0000-0x00007FF6DF044000-memory.dmp

memory/2864-1079-0x00007FF7CE700000-0x00007FF7CEA54000-memory.dmp

memory/4600-1078-0x00007FF7AFCA0000-0x00007FF7AFFF4000-memory.dmp

memory/2052-1077-0x00007FF6D68A0000-0x00007FF6D6BF4000-memory.dmp

memory/1392-1075-0x00007FF70A930000-0x00007FF70AC84000-memory.dmp

memory/5244-1074-0x00007FF686B10000-0x00007FF686E64000-memory.dmp

memory/6120-1080-0x00007FF675280000-0x00007FF6755D4000-memory.dmp

memory/3556-1083-0x00007FF793EC0000-0x00007FF794214000-memory.dmp

memory/5016-1082-0x00007FF692300000-0x00007FF692654000-memory.dmp

memory/2260-1084-0x00007FF67C860000-0x00007FF67CBB4000-memory.dmp

memory/2180-1085-0x00007FF7981C0000-0x00007FF798514000-memory.dmp

memory/3460-1086-0x00007FF75A8D0000-0x00007FF75AC24000-memory.dmp

memory/4324-1087-0x00007FF619D70000-0x00007FF61A0C4000-memory.dmp

memory/5244-1088-0x00007FF686B10000-0x00007FF686E64000-memory.dmp

memory/1392-1089-0x00007FF70A930000-0x00007FF70AC84000-memory.dmp

memory/2876-1093-0x00007FF6DECF0000-0x00007FF6DF044000-memory.dmp

memory/5564-1095-0x00007FF61C0F0000-0x00007FF61C444000-memory.dmp

memory/3944-1094-0x00007FF600B00000-0x00007FF600E54000-memory.dmp

memory/2864-1098-0x00007FF7CE700000-0x00007FF7CEA54000-memory.dmp

memory/3376-1100-0x00007FF74F0E0000-0x00007FF74F434000-memory.dmp

memory/376-1101-0x00007FF715FF0000-0x00007FF716344000-memory.dmp

memory/5200-1106-0x00007FF6D3CA0000-0x00007FF6D3FF4000-memory.dmp

memory/3288-1109-0x00007FF7FBA30000-0x00007FF7FBD84000-memory.dmp

memory/3168-1108-0x00007FF6BBB10000-0x00007FF6BBE64000-memory.dmp

memory/6120-1107-0x00007FF675280000-0x00007FF6755D4000-memory.dmp

memory/6004-1105-0x00007FF655EA0000-0x00007FF6561F4000-memory.dmp

memory/3880-1104-0x00007FF757020000-0x00007FF757374000-memory.dmp

memory/5368-1102-0x00007FF6B6160000-0x00007FF6B64B4000-memory.dmp

memory/4976-1103-0x00007FF623E70000-0x00007FF6241C4000-memory.dmp

memory/4600-1099-0x00007FF7AFCA0000-0x00007FF7AFFF4000-memory.dmp

memory/6052-1097-0x00007FF712520000-0x00007FF712874000-memory.dmp

memory/1224-1096-0x00007FF681F70000-0x00007FF6822C4000-memory.dmp

memory/2052-1092-0x00007FF6D68A0000-0x00007FF6D6BF4000-memory.dmp

memory/2296-1091-0x00007FF64E320000-0x00007FF64E674000-memory.dmp

memory/1544-1090-0x00007FF6C8AC0000-0x00007FF6C8E14000-memory.dmp

memory/2856-1081-0x00007FF7604F0000-0x00007FF760844000-memory.dmp