Malware Analysis Report

2024-10-10 08:36

Sample ID 240607-cn9neaga3v
Target 2f1de83dcc3f829a94e37736efc5c5c0_NeikiAnalytics.exe
SHA256 438d10ac55b971eb1259c7335dddc389b01de18c435a96bb0976fe3c5e182db1
Tags
miner upx kpot xmrig stealer trojan
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

438d10ac55b971eb1259c7335dddc389b01de18c435a96bb0976fe3c5e182db1

Threat Level: Known bad

The file 2f1de83dcc3f829a94e37736efc5c5c0_NeikiAnalytics.exe was found to be: Known bad.

Malicious Activity Summary

miner upx kpot xmrig stealer trojan

XMRig Miner payload

Xmrig family

KPOT Core Executable

xmrig

KPOT

Kpot family

XMRig Miner payload

Loads dropped DLL

UPX packed file

Executes dropped EXE

Drops file in Windows directory

Unsigned PE

Suspicious use of WriteProcessMemory

Suspicious use of AdjustPrivilegeToken

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-07 02:15

Signatures

KPOT Core Executable

Description Indicator Process Target
N/A N/A N/A N/A

Kpot family

kpot

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A

Xmrig family

xmrig

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-07 02:14

Reported

2024-06-07 02:17

Platform

win7-20240508-en

Max time kernel

140s

Max time network

150s

Command Line

"C:\Users\Admin\AppData\Local\Temp\2f1de83dcc3f829a94e37736efc5c5c0_NeikiAnalytics.exe"

Signatures

KPOT

trojan stealer kpot

KPOT Core Executable

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

xmrig

miner xmrig

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Windows\System\nuKYWBD.exe N/A
N/A N/A C:\Windows\System\HLSHPtq.exe N/A
N/A N/A C:\Windows\System\zZEYlvU.exe N/A
N/A N/A C:\Windows\System\mAjOnYJ.exe N/A
N/A N/A C:\Windows\System\wtcEfqS.exe N/A
N/A N/A C:\Windows\System\tVTrjKU.exe N/A
N/A N/A C:\Windows\System\cIqQzYZ.exe N/A
N/A N/A C:\Windows\System\BFjAhbx.exe N/A
N/A N/A C:\Windows\System\nzMDinR.exe N/A
N/A N/A C:\Windows\System\fsKzywe.exe N/A
N/A N/A C:\Windows\System\MeymbAi.exe N/A
N/A N/A C:\Windows\System\LSNewyf.exe N/A
N/A N/A C:\Windows\System\mIqxORr.exe N/A
N/A N/A C:\Windows\System\pgBDCzD.exe N/A
N/A N/A C:\Windows\System\bvxxMng.exe N/A
N/A N/A C:\Windows\System\fJZEzLT.exe N/A
N/A N/A C:\Windows\System\LZwpSdf.exe N/A
N/A N/A C:\Windows\System\yXtfGIM.exe N/A
N/A N/A C:\Windows\System\WKIipdZ.exe N/A
N/A N/A C:\Windows\System\infhFVj.exe N/A
N/A N/A C:\Windows\System\SbyHAFc.exe N/A
N/A N/A C:\Windows\System\oinBpYT.exe N/A
N/A N/A C:\Windows\System\zmHldlC.exe N/A
N/A N/A C:\Windows\System\gEBfdxO.exe N/A
N/A N/A C:\Windows\System\znHqoGG.exe N/A
N/A N/A C:\Windows\System\cXmaiqQ.exe N/A
N/A N/A C:\Windows\System\XNawIbH.exe N/A
N/A N/A C:\Windows\System\qLellNx.exe N/A
N/A N/A C:\Windows\System\QuUfIkV.exe N/A
N/A N/A C:\Windows\System\jpLzhNg.exe N/A
N/A N/A C:\Windows\System\ribRnOb.exe N/A
N/A N/A C:\Windows\System\FhjjTap.exe N/A
N/A N/A C:\Windows\System\EITmaOL.exe N/A
N/A N/A C:\Windows\System\lLPCFAR.exe N/A
N/A N/A C:\Windows\System\sXPLplH.exe N/A
N/A N/A C:\Windows\System\OErpSuo.exe N/A
N/A N/A C:\Windows\System\TipgwaV.exe N/A
N/A N/A C:\Windows\System\gjeAygE.exe N/A
N/A N/A C:\Windows\System\IjDpAuy.exe N/A
N/A N/A C:\Windows\System\dKxZTZT.exe N/A
N/A N/A C:\Windows\System\RkhzrVn.exe N/A
N/A N/A C:\Windows\System\CBdQEnr.exe N/A
N/A N/A C:\Windows\System\JVHcBtE.exe N/A
N/A N/A C:\Windows\System\usKVbcx.exe N/A
N/A N/A C:\Windows\System\zdIBouz.exe N/A
N/A N/A C:\Windows\System\LzRZiXR.exe N/A
N/A N/A C:\Windows\System\Natmxbh.exe N/A
N/A N/A C:\Windows\System\jjfqIKd.exe N/A
N/A N/A C:\Windows\System\faKTSFc.exe N/A
N/A N/A C:\Windows\System\oBKACBn.exe N/A
N/A N/A C:\Windows\System\JxwsXqt.exe N/A
N/A N/A C:\Windows\System\SNaVqCr.exe N/A
N/A N/A C:\Windows\System\pQzjTqD.exe N/A
N/A N/A C:\Windows\System\eXQadAT.exe N/A
N/A N/A C:\Windows\System\XSmsjkn.exe N/A
N/A N/A C:\Windows\System\IKIqlyp.exe N/A
N/A N/A C:\Windows\System\SjcXsfY.exe N/A
N/A N/A C:\Windows\System\tyQupUj.exe N/A
N/A N/A C:\Windows\System\fzCZKsn.exe N/A
N/A N/A C:\Windows\System\yYYRHpW.exe N/A
N/A N/A C:\Windows\System\lWcYYcO.exe N/A
N/A N/A C:\Windows\System\lYYfSGb.exe N/A
N/A N/A C:\Windows\System\VfIOINc.exe N/A
N/A N/A C:\Windows\System\uDScKFO.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\2f1de83dcc3f829a94e37736efc5c5c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2f1de83dcc3f829a94e37736efc5c5c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2f1de83dcc3f829a94e37736efc5c5c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2f1de83dcc3f829a94e37736efc5c5c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2f1de83dcc3f829a94e37736efc5c5c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2f1de83dcc3f829a94e37736efc5c5c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2f1de83dcc3f829a94e37736efc5c5c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2f1de83dcc3f829a94e37736efc5c5c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2f1de83dcc3f829a94e37736efc5c5c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2f1de83dcc3f829a94e37736efc5c5c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2f1de83dcc3f829a94e37736efc5c5c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2f1de83dcc3f829a94e37736efc5c5c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2f1de83dcc3f829a94e37736efc5c5c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2f1de83dcc3f829a94e37736efc5c5c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2f1de83dcc3f829a94e37736efc5c5c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2f1de83dcc3f829a94e37736efc5c5c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2f1de83dcc3f829a94e37736efc5c5c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2f1de83dcc3f829a94e37736efc5c5c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2f1de83dcc3f829a94e37736efc5c5c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2f1de83dcc3f829a94e37736efc5c5c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2f1de83dcc3f829a94e37736efc5c5c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2f1de83dcc3f829a94e37736efc5c5c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2f1de83dcc3f829a94e37736efc5c5c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2f1de83dcc3f829a94e37736efc5c5c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2f1de83dcc3f829a94e37736efc5c5c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2f1de83dcc3f829a94e37736efc5c5c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2f1de83dcc3f829a94e37736efc5c5c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2f1de83dcc3f829a94e37736efc5c5c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2f1de83dcc3f829a94e37736efc5c5c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2f1de83dcc3f829a94e37736efc5c5c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2f1de83dcc3f829a94e37736efc5c5c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2f1de83dcc3f829a94e37736efc5c5c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2f1de83dcc3f829a94e37736efc5c5c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2f1de83dcc3f829a94e37736efc5c5c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2f1de83dcc3f829a94e37736efc5c5c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2f1de83dcc3f829a94e37736efc5c5c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2f1de83dcc3f829a94e37736efc5c5c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2f1de83dcc3f829a94e37736efc5c5c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2f1de83dcc3f829a94e37736efc5c5c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2f1de83dcc3f829a94e37736efc5c5c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2f1de83dcc3f829a94e37736efc5c5c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2f1de83dcc3f829a94e37736efc5c5c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2f1de83dcc3f829a94e37736efc5c5c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2f1de83dcc3f829a94e37736efc5c5c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2f1de83dcc3f829a94e37736efc5c5c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2f1de83dcc3f829a94e37736efc5c5c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2f1de83dcc3f829a94e37736efc5c5c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2f1de83dcc3f829a94e37736efc5c5c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2f1de83dcc3f829a94e37736efc5c5c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2f1de83dcc3f829a94e37736efc5c5c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2f1de83dcc3f829a94e37736efc5c5c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2f1de83dcc3f829a94e37736efc5c5c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2f1de83dcc3f829a94e37736efc5c5c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2f1de83dcc3f829a94e37736efc5c5c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2f1de83dcc3f829a94e37736efc5c5c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2f1de83dcc3f829a94e37736efc5c5c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2f1de83dcc3f829a94e37736efc5c5c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2f1de83dcc3f829a94e37736efc5c5c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2f1de83dcc3f829a94e37736efc5c5c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2f1de83dcc3f829a94e37736efc5c5c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2f1de83dcc3f829a94e37736efc5c5c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2f1de83dcc3f829a94e37736efc5c5c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2f1de83dcc3f829a94e37736efc5c5c0_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2f1de83dcc3f829a94e37736efc5c5c0_NeikiAnalytics.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\System\yXtfGIM.exe C:\Users\Admin\AppData\Local\Temp\2f1de83dcc3f829a94e37736efc5c5c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\dgOSIqP.exe C:\Users\Admin\AppData\Local\Temp\2f1de83dcc3f829a94e37736efc5c5c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\ZyyVMoJ.exe C:\Users\Admin\AppData\Local\Temp\2f1de83dcc3f829a94e37736efc5c5c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\jObeOOY.exe C:\Users\Admin\AppData\Local\Temp\2f1de83dcc3f829a94e37736efc5c5c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\aJSnxCc.exe C:\Users\Admin\AppData\Local\Temp\2f1de83dcc3f829a94e37736efc5c5c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\WzZhxLp.exe C:\Users\Admin\AppData\Local\Temp\2f1de83dcc3f829a94e37736efc5c5c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\ssGcRfJ.exe C:\Users\Admin\AppData\Local\Temp\2f1de83dcc3f829a94e37736efc5c5c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\BSZIPUb.exe C:\Users\Admin\AppData\Local\Temp\2f1de83dcc3f829a94e37736efc5c5c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\lYYfSGb.exe C:\Users\Admin\AppData\Local\Temp\2f1de83dcc3f829a94e37736efc5c5c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\sICcsWb.exe C:\Users\Admin\AppData\Local\Temp\2f1de83dcc3f829a94e37736efc5c5c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\janZhUX.exe C:\Users\Admin\AppData\Local\Temp\2f1de83dcc3f829a94e37736efc5c5c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\KQXosei.exe C:\Users\Admin\AppData\Local\Temp\2f1de83dcc3f829a94e37736efc5c5c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\dEVnVZQ.exe C:\Users\Admin\AppData\Local\Temp\2f1de83dcc3f829a94e37736efc5c5c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\QuUfIkV.exe C:\Users\Admin\AppData\Local\Temp\2f1de83dcc3f829a94e37736efc5c5c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\FhjjTap.exe C:\Users\Admin\AppData\Local\Temp\2f1de83dcc3f829a94e37736efc5c5c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\dKxZTZT.exe C:\Users\Admin\AppData\Local\Temp\2f1de83dcc3f829a94e37736efc5c5c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\XSmsjkn.exe C:\Users\Admin\AppData\Local\Temp\2f1de83dcc3f829a94e37736efc5c5c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\IKIqlyp.exe C:\Users\Admin\AppData\Local\Temp\2f1de83dcc3f829a94e37736efc5c5c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\lWcYYcO.exe C:\Users\Admin\AppData\Local\Temp\2f1de83dcc3f829a94e37736efc5c5c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\FPfieTZ.exe C:\Users\Admin\AppData\Local\Temp\2f1de83dcc3f829a94e37736efc5c5c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\XNawIbH.exe C:\Users\Admin\AppData\Local\Temp\2f1de83dcc3f829a94e37736efc5c5c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\EITmaOL.exe C:\Users\Admin\AppData\Local\Temp\2f1de83dcc3f829a94e37736efc5c5c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\Ohlevio.exe C:\Users\Admin\AppData\Local\Temp\2f1de83dcc3f829a94e37736efc5c5c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\OhGFKkw.exe C:\Users\Admin\AppData\Local\Temp\2f1de83dcc3f829a94e37736efc5c5c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\hJJDBkA.exe C:\Users\Admin\AppData\Local\Temp\2f1de83dcc3f829a94e37736efc5c5c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\KUxvWFm.exe C:\Users\Admin\AppData\Local\Temp\2f1de83dcc3f829a94e37736efc5c5c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\ezfGgqI.exe C:\Users\Admin\AppData\Local\Temp\2f1de83dcc3f829a94e37736efc5c5c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\toSzLMS.exe C:\Users\Admin\AppData\Local\Temp\2f1de83dcc3f829a94e37736efc5c5c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\fJZEzLT.exe C:\Users\Admin\AppData\Local\Temp\2f1de83dcc3f829a94e37736efc5c5c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\aMNZvQh.exe C:\Users\Admin\AppData\Local\Temp\2f1de83dcc3f829a94e37736efc5c5c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\wdCAWCh.exe C:\Users\Admin\AppData\Local\Temp\2f1de83dcc3f829a94e37736efc5c5c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\GxseSjP.exe C:\Users\Admin\AppData\Local\Temp\2f1de83dcc3f829a94e37736efc5c5c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\ofKeWyM.exe C:\Users\Admin\AppData\Local\Temp\2f1de83dcc3f829a94e37736efc5c5c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\HvLFHCS.exe C:\Users\Admin\AppData\Local\Temp\2f1de83dcc3f829a94e37736efc5c5c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\IbEGpdL.exe C:\Users\Admin\AppData\Local\Temp\2f1de83dcc3f829a94e37736efc5c5c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\ARbPYBo.exe C:\Users\Admin\AppData\Local\Temp\2f1de83dcc3f829a94e37736efc5c5c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\jzCYjsc.exe C:\Users\Admin\AppData\Local\Temp\2f1de83dcc3f829a94e37736efc5c5c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\RroAopz.exe C:\Users\Admin\AppData\Local\Temp\2f1de83dcc3f829a94e37736efc5c5c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\OWuUyMg.exe C:\Users\Admin\AppData\Local\Temp\2f1de83dcc3f829a94e37736efc5c5c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\KiUxxCF.exe C:\Users\Admin\AppData\Local\Temp\2f1de83dcc3f829a94e37736efc5c5c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\VWcdwDv.exe C:\Users\Admin\AppData\Local\Temp\2f1de83dcc3f829a94e37736efc5c5c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\cIqQzYZ.exe C:\Users\Admin\AppData\Local\Temp\2f1de83dcc3f829a94e37736efc5c5c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\RrGOhMA.exe C:\Users\Admin\AppData\Local\Temp\2f1de83dcc3f829a94e37736efc5c5c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\hEnSdMF.exe C:\Users\Admin\AppData\Local\Temp\2f1de83dcc3f829a94e37736efc5c5c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\StrYkIz.exe C:\Users\Admin\AppData\Local\Temp\2f1de83dcc3f829a94e37736efc5c5c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\TipgwaV.exe C:\Users\Admin\AppData\Local\Temp\2f1de83dcc3f829a94e37736efc5c5c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\otFfKAZ.exe C:\Users\Admin\AppData\Local\Temp\2f1de83dcc3f829a94e37736efc5c5c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\lqCETBh.exe C:\Users\Admin\AppData\Local\Temp\2f1de83dcc3f829a94e37736efc5c5c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\CYdASkt.exe C:\Users\Admin\AppData\Local\Temp\2f1de83dcc3f829a94e37736efc5c5c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\ImjnHwD.exe C:\Users\Admin\AppData\Local\Temp\2f1de83dcc3f829a94e37736efc5c5c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\dWAjuYW.exe C:\Users\Admin\AppData\Local\Temp\2f1de83dcc3f829a94e37736efc5c5c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\zmHldlC.exe C:\Users\Admin\AppData\Local\Temp\2f1de83dcc3f829a94e37736efc5c5c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\NovtVOV.exe C:\Users\Admin\AppData\Local\Temp\2f1de83dcc3f829a94e37736efc5c5c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\vIJolAN.exe C:\Users\Admin\AppData\Local\Temp\2f1de83dcc3f829a94e37736efc5c5c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\gksVKwa.exe C:\Users\Admin\AppData\Local\Temp\2f1de83dcc3f829a94e37736efc5c5c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\YbPnZIG.exe C:\Users\Admin\AppData\Local\Temp\2f1de83dcc3f829a94e37736efc5c5c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\mIqxORr.exe C:\Users\Admin\AppData\Local\Temp\2f1de83dcc3f829a94e37736efc5c5c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\EGMaDPA.exe C:\Users\Admin\AppData\Local\Temp\2f1de83dcc3f829a94e37736efc5c5c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\sDtUlrp.exe C:\Users\Admin\AppData\Local\Temp\2f1de83dcc3f829a94e37736efc5c5c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\YFoEEku.exe C:\Users\Admin\AppData\Local\Temp\2f1de83dcc3f829a94e37736efc5c5c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\kSPtPqc.exe C:\Users\Admin\AppData\Local\Temp\2f1de83dcc3f829a94e37736efc5c5c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\pjStQqc.exe C:\Users\Admin\AppData\Local\Temp\2f1de83dcc3f829a94e37736efc5c5c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\infhFVj.exe C:\Users\Admin\AppData\Local\Temp\2f1de83dcc3f829a94e37736efc5c5c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\IQOWbSw.exe C:\Users\Admin\AppData\Local\Temp\2f1de83dcc3f829a94e37736efc5c5c0_NeikiAnalytics.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2f1de83dcc3f829a94e37736efc5c5c0_NeikiAnalytics.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2f1de83dcc3f829a94e37736efc5c5c0_NeikiAnalytics.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1952 wrote to memory of 1716 N/A C:\Users\Admin\AppData\Local\Temp\2f1de83dcc3f829a94e37736efc5c5c0_NeikiAnalytics.exe C:\Windows\System\nuKYWBD.exe
PID 1952 wrote to memory of 1716 N/A C:\Users\Admin\AppData\Local\Temp\2f1de83dcc3f829a94e37736efc5c5c0_NeikiAnalytics.exe C:\Windows\System\nuKYWBD.exe
PID 1952 wrote to memory of 1716 N/A C:\Users\Admin\AppData\Local\Temp\2f1de83dcc3f829a94e37736efc5c5c0_NeikiAnalytics.exe C:\Windows\System\nuKYWBD.exe
PID 1952 wrote to memory of 1780 N/A C:\Users\Admin\AppData\Local\Temp\2f1de83dcc3f829a94e37736efc5c5c0_NeikiAnalytics.exe C:\Windows\System\HLSHPtq.exe
PID 1952 wrote to memory of 1780 N/A C:\Users\Admin\AppData\Local\Temp\2f1de83dcc3f829a94e37736efc5c5c0_NeikiAnalytics.exe C:\Windows\System\HLSHPtq.exe
PID 1952 wrote to memory of 1780 N/A C:\Users\Admin\AppData\Local\Temp\2f1de83dcc3f829a94e37736efc5c5c0_NeikiAnalytics.exe C:\Windows\System\HLSHPtq.exe
PID 1952 wrote to memory of 2336 N/A C:\Users\Admin\AppData\Local\Temp\2f1de83dcc3f829a94e37736efc5c5c0_NeikiAnalytics.exe C:\Windows\System\zZEYlvU.exe
PID 1952 wrote to memory of 2336 N/A C:\Users\Admin\AppData\Local\Temp\2f1de83dcc3f829a94e37736efc5c5c0_NeikiAnalytics.exe C:\Windows\System\zZEYlvU.exe
PID 1952 wrote to memory of 2336 N/A C:\Users\Admin\AppData\Local\Temp\2f1de83dcc3f829a94e37736efc5c5c0_NeikiAnalytics.exe C:\Windows\System\zZEYlvU.exe
PID 1952 wrote to memory of 2440 N/A C:\Users\Admin\AppData\Local\Temp\2f1de83dcc3f829a94e37736efc5c5c0_NeikiAnalytics.exe C:\Windows\System\mAjOnYJ.exe
PID 1952 wrote to memory of 2440 N/A C:\Users\Admin\AppData\Local\Temp\2f1de83dcc3f829a94e37736efc5c5c0_NeikiAnalytics.exe C:\Windows\System\mAjOnYJ.exe
PID 1952 wrote to memory of 2440 N/A C:\Users\Admin\AppData\Local\Temp\2f1de83dcc3f829a94e37736efc5c5c0_NeikiAnalytics.exe C:\Windows\System\mAjOnYJ.exe
PID 1952 wrote to memory of 2704 N/A C:\Users\Admin\AppData\Local\Temp\2f1de83dcc3f829a94e37736efc5c5c0_NeikiAnalytics.exe C:\Windows\System\wtcEfqS.exe
PID 1952 wrote to memory of 2704 N/A C:\Users\Admin\AppData\Local\Temp\2f1de83dcc3f829a94e37736efc5c5c0_NeikiAnalytics.exe C:\Windows\System\wtcEfqS.exe
PID 1952 wrote to memory of 2704 N/A C:\Users\Admin\AppData\Local\Temp\2f1de83dcc3f829a94e37736efc5c5c0_NeikiAnalytics.exe C:\Windows\System\wtcEfqS.exe
PID 1952 wrote to memory of 2692 N/A C:\Users\Admin\AppData\Local\Temp\2f1de83dcc3f829a94e37736efc5c5c0_NeikiAnalytics.exe C:\Windows\System\tVTrjKU.exe
PID 1952 wrote to memory of 2692 N/A C:\Users\Admin\AppData\Local\Temp\2f1de83dcc3f829a94e37736efc5c5c0_NeikiAnalytics.exe C:\Windows\System\tVTrjKU.exe
PID 1952 wrote to memory of 2692 N/A C:\Users\Admin\AppData\Local\Temp\2f1de83dcc3f829a94e37736efc5c5c0_NeikiAnalytics.exe C:\Windows\System\tVTrjKU.exe
PID 1952 wrote to memory of 2616 N/A C:\Users\Admin\AppData\Local\Temp\2f1de83dcc3f829a94e37736efc5c5c0_NeikiAnalytics.exe C:\Windows\System\cIqQzYZ.exe
PID 1952 wrote to memory of 2616 N/A C:\Users\Admin\AppData\Local\Temp\2f1de83dcc3f829a94e37736efc5c5c0_NeikiAnalytics.exe C:\Windows\System\cIqQzYZ.exe
PID 1952 wrote to memory of 2616 N/A C:\Users\Admin\AppData\Local\Temp\2f1de83dcc3f829a94e37736efc5c5c0_NeikiAnalytics.exe C:\Windows\System\cIqQzYZ.exe
PID 1952 wrote to memory of 2744 N/A C:\Users\Admin\AppData\Local\Temp\2f1de83dcc3f829a94e37736efc5c5c0_NeikiAnalytics.exe C:\Windows\System\BFjAhbx.exe
PID 1952 wrote to memory of 2744 N/A C:\Users\Admin\AppData\Local\Temp\2f1de83dcc3f829a94e37736efc5c5c0_NeikiAnalytics.exe C:\Windows\System\BFjAhbx.exe
PID 1952 wrote to memory of 2744 N/A C:\Users\Admin\AppData\Local\Temp\2f1de83dcc3f829a94e37736efc5c5c0_NeikiAnalytics.exe C:\Windows\System\BFjAhbx.exe
PID 1952 wrote to memory of 2516 N/A C:\Users\Admin\AppData\Local\Temp\2f1de83dcc3f829a94e37736efc5c5c0_NeikiAnalytics.exe C:\Windows\System\nzMDinR.exe
PID 1952 wrote to memory of 2516 N/A C:\Users\Admin\AppData\Local\Temp\2f1de83dcc3f829a94e37736efc5c5c0_NeikiAnalytics.exe C:\Windows\System\nzMDinR.exe
PID 1952 wrote to memory of 2516 N/A C:\Users\Admin\AppData\Local\Temp\2f1de83dcc3f829a94e37736efc5c5c0_NeikiAnalytics.exe C:\Windows\System\nzMDinR.exe
PID 1952 wrote to memory of 1728 N/A C:\Users\Admin\AppData\Local\Temp\2f1de83dcc3f829a94e37736efc5c5c0_NeikiAnalytics.exe C:\Windows\System\fsKzywe.exe
PID 1952 wrote to memory of 1728 N/A C:\Users\Admin\AppData\Local\Temp\2f1de83dcc3f829a94e37736efc5c5c0_NeikiAnalytics.exe C:\Windows\System\fsKzywe.exe
PID 1952 wrote to memory of 1728 N/A C:\Users\Admin\AppData\Local\Temp\2f1de83dcc3f829a94e37736efc5c5c0_NeikiAnalytics.exe C:\Windows\System\fsKzywe.exe
PID 1952 wrote to memory of 2936 N/A C:\Users\Admin\AppData\Local\Temp\2f1de83dcc3f829a94e37736efc5c5c0_NeikiAnalytics.exe C:\Windows\System\MeymbAi.exe
PID 1952 wrote to memory of 2936 N/A C:\Users\Admin\AppData\Local\Temp\2f1de83dcc3f829a94e37736efc5c5c0_NeikiAnalytics.exe C:\Windows\System\MeymbAi.exe
PID 1952 wrote to memory of 2936 N/A C:\Users\Admin\AppData\Local\Temp\2f1de83dcc3f829a94e37736efc5c5c0_NeikiAnalytics.exe C:\Windows\System\MeymbAi.exe
PID 1952 wrote to memory of 1668 N/A C:\Users\Admin\AppData\Local\Temp\2f1de83dcc3f829a94e37736efc5c5c0_NeikiAnalytics.exe C:\Windows\System\LSNewyf.exe
PID 1952 wrote to memory of 1668 N/A C:\Users\Admin\AppData\Local\Temp\2f1de83dcc3f829a94e37736efc5c5c0_NeikiAnalytics.exe C:\Windows\System\LSNewyf.exe
PID 1952 wrote to memory of 1668 N/A C:\Users\Admin\AppData\Local\Temp\2f1de83dcc3f829a94e37736efc5c5c0_NeikiAnalytics.exe C:\Windows\System\LSNewyf.exe
PID 1952 wrote to memory of 1428 N/A C:\Users\Admin\AppData\Local\Temp\2f1de83dcc3f829a94e37736efc5c5c0_NeikiAnalytics.exe C:\Windows\System\mIqxORr.exe
PID 1952 wrote to memory of 1428 N/A C:\Users\Admin\AppData\Local\Temp\2f1de83dcc3f829a94e37736efc5c5c0_NeikiAnalytics.exe C:\Windows\System\mIqxORr.exe
PID 1952 wrote to memory of 1428 N/A C:\Users\Admin\AppData\Local\Temp\2f1de83dcc3f829a94e37736efc5c5c0_NeikiAnalytics.exe C:\Windows\System\mIqxORr.exe
PID 1952 wrote to memory of 2784 N/A C:\Users\Admin\AppData\Local\Temp\2f1de83dcc3f829a94e37736efc5c5c0_NeikiAnalytics.exe C:\Windows\System\pgBDCzD.exe
PID 1952 wrote to memory of 2784 N/A C:\Users\Admin\AppData\Local\Temp\2f1de83dcc3f829a94e37736efc5c5c0_NeikiAnalytics.exe C:\Windows\System\pgBDCzD.exe
PID 1952 wrote to memory of 2784 N/A C:\Users\Admin\AppData\Local\Temp\2f1de83dcc3f829a94e37736efc5c5c0_NeikiAnalytics.exe C:\Windows\System\pgBDCzD.exe
PID 1952 wrote to memory of 1916 N/A C:\Users\Admin\AppData\Local\Temp\2f1de83dcc3f829a94e37736efc5c5c0_NeikiAnalytics.exe C:\Windows\System\bvxxMng.exe
PID 1952 wrote to memory of 1916 N/A C:\Users\Admin\AppData\Local\Temp\2f1de83dcc3f829a94e37736efc5c5c0_NeikiAnalytics.exe C:\Windows\System\bvxxMng.exe
PID 1952 wrote to memory of 1916 N/A C:\Users\Admin\AppData\Local\Temp\2f1de83dcc3f829a94e37736efc5c5c0_NeikiAnalytics.exe C:\Windows\System\bvxxMng.exe
PID 1952 wrote to memory of 1008 N/A C:\Users\Admin\AppData\Local\Temp\2f1de83dcc3f829a94e37736efc5c5c0_NeikiAnalytics.exe C:\Windows\System\fJZEzLT.exe
PID 1952 wrote to memory of 1008 N/A C:\Users\Admin\AppData\Local\Temp\2f1de83dcc3f829a94e37736efc5c5c0_NeikiAnalytics.exe C:\Windows\System\fJZEzLT.exe
PID 1952 wrote to memory of 1008 N/A C:\Users\Admin\AppData\Local\Temp\2f1de83dcc3f829a94e37736efc5c5c0_NeikiAnalytics.exe C:\Windows\System\fJZEzLT.exe
PID 1952 wrote to memory of 308 N/A C:\Users\Admin\AppData\Local\Temp\2f1de83dcc3f829a94e37736efc5c5c0_NeikiAnalytics.exe C:\Windows\System\LZwpSdf.exe
PID 1952 wrote to memory of 308 N/A C:\Users\Admin\AppData\Local\Temp\2f1de83dcc3f829a94e37736efc5c5c0_NeikiAnalytics.exe C:\Windows\System\LZwpSdf.exe
PID 1952 wrote to memory of 308 N/A C:\Users\Admin\AppData\Local\Temp\2f1de83dcc3f829a94e37736efc5c5c0_NeikiAnalytics.exe C:\Windows\System\LZwpSdf.exe
PID 1952 wrote to memory of 2416 N/A C:\Users\Admin\AppData\Local\Temp\2f1de83dcc3f829a94e37736efc5c5c0_NeikiAnalytics.exe C:\Windows\System\yXtfGIM.exe
PID 1952 wrote to memory of 2416 N/A C:\Users\Admin\AppData\Local\Temp\2f1de83dcc3f829a94e37736efc5c5c0_NeikiAnalytics.exe C:\Windows\System\yXtfGIM.exe
PID 1952 wrote to memory of 2416 N/A C:\Users\Admin\AppData\Local\Temp\2f1de83dcc3f829a94e37736efc5c5c0_NeikiAnalytics.exe C:\Windows\System\yXtfGIM.exe
PID 1952 wrote to memory of 2436 N/A C:\Users\Admin\AppData\Local\Temp\2f1de83dcc3f829a94e37736efc5c5c0_NeikiAnalytics.exe C:\Windows\System\WKIipdZ.exe
PID 1952 wrote to memory of 2436 N/A C:\Users\Admin\AppData\Local\Temp\2f1de83dcc3f829a94e37736efc5c5c0_NeikiAnalytics.exe C:\Windows\System\WKIipdZ.exe
PID 1952 wrote to memory of 2436 N/A C:\Users\Admin\AppData\Local\Temp\2f1de83dcc3f829a94e37736efc5c5c0_NeikiAnalytics.exe C:\Windows\System\WKIipdZ.exe
PID 1952 wrote to memory of 2816 N/A C:\Users\Admin\AppData\Local\Temp\2f1de83dcc3f829a94e37736efc5c5c0_NeikiAnalytics.exe C:\Windows\System\infhFVj.exe
PID 1952 wrote to memory of 2816 N/A C:\Users\Admin\AppData\Local\Temp\2f1de83dcc3f829a94e37736efc5c5c0_NeikiAnalytics.exe C:\Windows\System\infhFVj.exe
PID 1952 wrote to memory of 2816 N/A C:\Users\Admin\AppData\Local\Temp\2f1de83dcc3f829a94e37736efc5c5c0_NeikiAnalytics.exe C:\Windows\System\infhFVj.exe
PID 1952 wrote to memory of 304 N/A C:\Users\Admin\AppData\Local\Temp\2f1de83dcc3f829a94e37736efc5c5c0_NeikiAnalytics.exe C:\Windows\System\SbyHAFc.exe
PID 1952 wrote to memory of 304 N/A C:\Users\Admin\AppData\Local\Temp\2f1de83dcc3f829a94e37736efc5c5c0_NeikiAnalytics.exe C:\Windows\System\SbyHAFc.exe
PID 1952 wrote to memory of 304 N/A C:\Users\Admin\AppData\Local\Temp\2f1de83dcc3f829a94e37736efc5c5c0_NeikiAnalytics.exe C:\Windows\System\SbyHAFc.exe
PID 1952 wrote to memory of 2916 N/A C:\Users\Admin\AppData\Local\Temp\2f1de83dcc3f829a94e37736efc5c5c0_NeikiAnalytics.exe C:\Windows\System\oinBpYT.exe

Processes

C:\Users\Admin\AppData\Local\Temp\2f1de83dcc3f829a94e37736efc5c5c0_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\2f1de83dcc3f829a94e37736efc5c5c0_NeikiAnalytics.exe"

C:\Windows\System\nuKYWBD.exe

C:\Windows\System\nuKYWBD.exe

C:\Windows\System\HLSHPtq.exe

C:\Windows\System\HLSHPtq.exe

C:\Windows\System\zZEYlvU.exe

C:\Windows\System\zZEYlvU.exe

C:\Windows\System\mAjOnYJ.exe

C:\Windows\System\mAjOnYJ.exe

C:\Windows\System\wtcEfqS.exe

C:\Windows\System\wtcEfqS.exe

C:\Windows\System\tVTrjKU.exe

C:\Windows\System\tVTrjKU.exe

C:\Windows\System\cIqQzYZ.exe

C:\Windows\System\cIqQzYZ.exe

C:\Windows\System\BFjAhbx.exe

C:\Windows\System\BFjAhbx.exe

C:\Windows\System\nzMDinR.exe

C:\Windows\System\nzMDinR.exe

C:\Windows\System\fsKzywe.exe

C:\Windows\System\fsKzywe.exe

C:\Windows\System\MeymbAi.exe

C:\Windows\System\MeymbAi.exe

C:\Windows\System\LSNewyf.exe

C:\Windows\System\LSNewyf.exe

C:\Windows\System\mIqxORr.exe

C:\Windows\System\mIqxORr.exe

C:\Windows\System\pgBDCzD.exe

C:\Windows\System\pgBDCzD.exe

C:\Windows\System\bvxxMng.exe

C:\Windows\System\bvxxMng.exe

C:\Windows\System\fJZEzLT.exe

C:\Windows\System\fJZEzLT.exe

C:\Windows\System\LZwpSdf.exe

C:\Windows\System\LZwpSdf.exe

C:\Windows\System\yXtfGIM.exe

C:\Windows\System\yXtfGIM.exe

C:\Windows\System\WKIipdZ.exe

C:\Windows\System\WKIipdZ.exe

C:\Windows\System\infhFVj.exe

C:\Windows\System\infhFVj.exe

C:\Windows\System\SbyHAFc.exe

C:\Windows\System\SbyHAFc.exe

C:\Windows\System\oinBpYT.exe

C:\Windows\System\oinBpYT.exe

C:\Windows\System\zmHldlC.exe

C:\Windows\System\zmHldlC.exe

C:\Windows\System\gEBfdxO.exe

C:\Windows\System\gEBfdxO.exe

C:\Windows\System\znHqoGG.exe

C:\Windows\System\znHqoGG.exe

C:\Windows\System\cXmaiqQ.exe

C:\Windows\System\cXmaiqQ.exe

C:\Windows\System\XNawIbH.exe

C:\Windows\System\XNawIbH.exe

C:\Windows\System\qLellNx.exe

C:\Windows\System\qLellNx.exe

C:\Windows\System\QuUfIkV.exe

C:\Windows\System\QuUfIkV.exe

C:\Windows\System\jpLzhNg.exe

C:\Windows\System\jpLzhNg.exe

C:\Windows\System\ribRnOb.exe

C:\Windows\System\ribRnOb.exe

C:\Windows\System\FhjjTap.exe

C:\Windows\System\FhjjTap.exe

C:\Windows\System\EITmaOL.exe

C:\Windows\System\EITmaOL.exe

C:\Windows\System\lLPCFAR.exe

C:\Windows\System\lLPCFAR.exe

C:\Windows\System\sXPLplH.exe

C:\Windows\System\sXPLplH.exe

C:\Windows\System\OErpSuo.exe

C:\Windows\System\OErpSuo.exe

C:\Windows\System\TipgwaV.exe

C:\Windows\System\TipgwaV.exe

C:\Windows\System\gjeAygE.exe

C:\Windows\System\gjeAygE.exe

C:\Windows\System\IjDpAuy.exe

C:\Windows\System\IjDpAuy.exe

C:\Windows\System\dKxZTZT.exe

C:\Windows\System\dKxZTZT.exe

C:\Windows\System\RkhzrVn.exe

C:\Windows\System\RkhzrVn.exe

C:\Windows\System\CBdQEnr.exe

C:\Windows\System\CBdQEnr.exe

C:\Windows\System\JVHcBtE.exe

C:\Windows\System\JVHcBtE.exe

C:\Windows\System\usKVbcx.exe

C:\Windows\System\usKVbcx.exe

C:\Windows\System\zdIBouz.exe

C:\Windows\System\zdIBouz.exe

C:\Windows\System\LzRZiXR.exe

C:\Windows\System\LzRZiXR.exe

C:\Windows\System\Natmxbh.exe

C:\Windows\System\Natmxbh.exe

C:\Windows\System\jjfqIKd.exe

C:\Windows\System\jjfqIKd.exe

C:\Windows\System\faKTSFc.exe

C:\Windows\System\faKTSFc.exe

C:\Windows\System\oBKACBn.exe

C:\Windows\System\oBKACBn.exe

C:\Windows\System\JxwsXqt.exe

C:\Windows\System\JxwsXqt.exe

C:\Windows\System\SNaVqCr.exe

C:\Windows\System\SNaVqCr.exe

C:\Windows\System\pQzjTqD.exe

C:\Windows\System\pQzjTqD.exe

C:\Windows\System\eXQadAT.exe

C:\Windows\System\eXQadAT.exe

C:\Windows\System\XSmsjkn.exe

C:\Windows\System\XSmsjkn.exe

C:\Windows\System\IKIqlyp.exe

C:\Windows\System\IKIqlyp.exe

C:\Windows\System\SjcXsfY.exe

C:\Windows\System\SjcXsfY.exe

C:\Windows\System\tyQupUj.exe

C:\Windows\System\tyQupUj.exe

C:\Windows\System\fzCZKsn.exe

C:\Windows\System\fzCZKsn.exe

C:\Windows\System\yYYRHpW.exe

C:\Windows\System\yYYRHpW.exe

C:\Windows\System\lWcYYcO.exe

C:\Windows\System\lWcYYcO.exe

C:\Windows\System\lYYfSGb.exe

C:\Windows\System\lYYfSGb.exe

C:\Windows\System\VfIOINc.exe

C:\Windows\System\VfIOINc.exe

C:\Windows\System\uDScKFO.exe

C:\Windows\System\uDScKFO.exe

C:\Windows\System\kkjUYNB.exe

C:\Windows\System\kkjUYNB.exe

C:\Windows\System\ARbPYBo.exe

C:\Windows\System\ARbPYBo.exe

C:\Windows\System\gUPHIEj.exe

C:\Windows\System\gUPHIEj.exe

C:\Windows\System\xpvBPZR.exe

C:\Windows\System\xpvBPZR.exe

C:\Windows\System\bsEgFgw.exe

C:\Windows\System\bsEgFgw.exe

C:\Windows\System\BaBGQEC.exe

C:\Windows\System\BaBGQEC.exe

C:\Windows\System\TSsGzkI.exe

C:\Windows\System\TSsGzkI.exe

C:\Windows\System\EGMaDPA.exe

C:\Windows\System\EGMaDPA.exe

C:\Windows\System\PPbBDKJ.exe

C:\Windows\System\PPbBDKJ.exe

C:\Windows\System\XREnkVB.exe

C:\Windows\System\XREnkVB.exe

C:\Windows\System\otFfKAZ.exe

C:\Windows\System\otFfKAZ.exe

C:\Windows\System\jjbJznE.exe

C:\Windows\System\jjbJznE.exe

C:\Windows\System\Ohlevio.exe

C:\Windows\System\Ohlevio.exe

C:\Windows\System\KTNnZiK.exe

C:\Windows\System\KTNnZiK.exe

C:\Windows\System\NBqCenG.exe

C:\Windows\System\NBqCenG.exe

C:\Windows\System\aMNZvQh.exe

C:\Windows\System\aMNZvQh.exe

C:\Windows\System\lqCETBh.exe

C:\Windows\System\lqCETBh.exe

C:\Windows\System\ycJEIOh.exe

C:\Windows\System\ycJEIOh.exe

C:\Windows\System\UXEFkbk.exe

C:\Windows\System\UXEFkbk.exe

C:\Windows\System\vgjYzbc.exe

C:\Windows\System\vgjYzbc.exe

C:\Windows\System\zwoVfpP.exe

C:\Windows\System\zwoVfpP.exe

C:\Windows\System\RrGOhMA.exe

C:\Windows\System\RrGOhMA.exe

C:\Windows\System\LACxZOd.exe

C:\Windows\System\LACxZOd.exe

C:\Windows\System\qDaHJtU.exe

C:\Windows\System\qDaHJtU.exe

C:\Windows\System\YTPfNdD.exe

C:\Windows\System\YTPfNdD.exe

C:\Windows\System\sncZycy.exe

C:\Windows\System\sncZycy.exe

C:\Windows\System\CYdASkt.exe

C:\Windows\System\CYdASkt.exe

C:\Windows\System\HPSeUZz.exe

C:\Windows\System\HPSeUZz.exe

C:\Windows\System\TXzeLNp.exe

C:\Windows\System\TXzeLNp.exe

C:\Windows\System\pQgiJAH.exe

C:\Windows\System\pQgiJAH.exe

C:\Windows\System\nOdgYic.exe

C:\Windows\System\nOdgYic.exe

C:\Windows\System\Txixgun.exe

C:\Windows\System\Txixgun.exe

C:\Windows\System\gOHcMbG.exe

C:\Windows\System\gOHcMbG.exe

C:\Windows\System\qRcALsN.exe

C:\Windows\System\qRcALsN.exe

C:\Windows\System\NyecJqL.exe

C:\Windows\System\NyecJqL.exe

C:\Windows\System\EsHGbzt.exe

C:\Windows\System\EsHGbzt.exe

C:\Windows\System\wbvJuzT.exe

C:\Windows\System\wbvJuzT.exe

C:\Windows\System\vDAdEWr.exe

C:\Windows\System\vDAdEWr.exe

C:\Windows\System\IKDijgv.exe

C:\Windows\System\IKDijgv.exe

C:\Windows\System\jObeOOY.exe

C:\Windows\System\jObeOOY.exe

C:\Windows\System\NFZtmii.exe

C:\Windows\System\NFZtmii.exe

C:\Windows\System\sDtUlrp.exe

C:\Windows\System\sDtUlrp.exe

C:\Windows\System\zqxtjty.exe

C:\Windows\System\zqxtjty.exe

C:\Windows\System\TuWAUix.exe

C:\Windows\System\TuWAUix.exe

C:\Windows\System\TfwkvEu.exe

C:\Windows\System\TfwkvEu.exe

C:\Windows\System\lGBYQAa.exe

C:\Windows\System\lGBYQAa.exe

C:\Windows\System\jzCYjsc.exe

C:\Windows\System\jzCYjsc.exe

C:\Windows\System\RHejDLy.exe

C:\Windows\System\RHejDLy.exe

C:\Windows\System\QeLnTVq.exe

C:\Windows\System\QeLnTVq.exe

C:\Windows\System\IOTQVQx.exe

C:\Windows\System\IOTQVQx.exe

C:\Windows\System\jdshTdl.exe

C:\Windows\System\jdshTdl.exe

C:\Windows\System\uGZCnMV.exe

C:\Windows\System\uGZCnMV.exe

C:\Windows\System\EjMVhhl.exe

C:\Windows\System\EjMVhhl.exe

C:\Windows\System\hmaISJd.exe

C:\Windows\System\hmaISJd.exe

C:\Windows\System\sEXYmqt.exe

C:\Windows\System\sEXYmqt.exe

C:\Windows\System\aSRBFyv.exe

C:\Windows\System\aSRBFyv.exe

C:\Windows\System\cwCLfQv.exe

C:\Windows\System\cwCLfQv.exe

C:\Windows\System\gVppURs.exe

C:\Windows\System\gVppURs.exe

C:\Windows\System\loMhnnM.exe

C:\Windows\System\loMhnnM.exe

C:\Windows\System\ZReiAMa.exe

C:\Windows\System\ZReiAMa.exe

C:\Windows\System\pnTiRtC.exe

C:\Windows\System\pnTiRtC.exe

C:\Windows\System\kDnNoik.exe

C:\Windows\System\kDnNoik.exe

C:\Windows\System\wXCeRVi.exe

C:\Windows\System\wXCeRVi.exe

C:\Windows\System\JhLTdVY.exe

C:\Windows\System\JhLTdVY.exe

C:\Windows\System\wdCAWCh.exe

C:\Windows\System\wdCAWCh.exe

C:\Windows\System\eHIbDta.exe

C:\Windows\System\eHIbDta.exe

C:\Windows\System\ZbbuiOh.exe

C:\Windows\System\ZbbuiOh.exe

C:\Windows\System\KQXosei.exe

C:\Windows\System\KQXosei.exe

C:\Windows\System\NWEmeUF.exe

C:\Windows\System\NWEmeUF.exe

C:\Windows\System\fGGkZBe.exe

C:\Windows\System\fGGkZBe.exe

C:\Windows\System\UWpKINM.exe

C:\Windows\System\UWpKINM.exe

C:\Windows\System\DaeATFf.exe

C:\Windows\System\DaeATFf.exe

C:\Windows\System\QhpmdRm.exe

C:\Windows\System\QhpmdRm.exe

C:\Windows\System\wVbDjFD.exe

C:\Windows\System\wVbDjFD.exe

C:\Windows\System\sICcsWb.exe

C:\Windows\System\sICcsWb.exe

C:\Windows\System\GxseSjP.exe

C:\Windows\System\GxseSjP.exe

C:\Windows\System\eTVPnJc.exe

C:\Windows\System\eTVPnJc.exe

C:\Windows\System\hEnSdMF.exe

C:\Windows\System\hEnSdMF.exe

C:\Windows\System\ypPdUAl.exe

C:\Windows\System\ypPdUAl.exe

C:\Windows\System\mmCXVIC.exe

C:\Windows\System\mmCXVIC.exe

C:\Windows\System\JBuBccM.exe

C:\Windows\System\JBuBccM.exe

C:\Windows\System\aJSnxCc.exe

C:\Windows\System\aJSnxCc.exe

C:\Windows\System\WzZhxLp.exe

C:\Windows\System\WzZhxLp.exe

C:\Windows\System\Hftmodj.exe

C:\Windows\System\Hftmodj.exe

C:\Windows\System\bpzrcod.exe

C:\Windows\System\bpzrcod.exe

C:\Windows\System\rkgpaFr.exe

C:\Windows\System\rkgpaFr.exe

C:\Windows\System\RvNQWap.exe

C:\Windows\System\RvNQWap.exe

C:\Windows\System\QnXwuqo.exe

C:\Windows\System\QnXwuqo.exe

C:\Windows\System\nRvnLPo.exe

C:\Windows\System\nRvnLPo.exe

C:\Windows\System\pTrQMQP.exe

C:\Windows\System\pTrQMQP.exe

C:\Windows\System\yniIuWa.exe

C:\Windows\System\yniIuWa.exe

C:\Windows\System\DkxzXml.exe

C:\Windows\System\DkxzXml.exe

C:\Windows\System\XDrdNnv.exe

C:\Windows\System\XDrdNnv.exe

C:\Windows\System\qDUHwSb.exe

C:\Windows\System\qDUHwSb.exe

C:\Windows\System\gITBJpz.exe

C:\Windows\System\gITBJpz.exe

C:\Windows\System\VVBEyAp.exe

C:\Windows\System\VVBEyAp.exe

C:\Windows\System\rJexqLX.exe

C:\Windows\System\rJexqLX.exe

C:\Windows\System\TnjHzBU.exe

C:\Windows\System\TnjHzBU.exe

C:\Windows\System\KJGOjhb.exe

C:\Windows\System\KJGOjhb.exe

C:\Windows\System\EpHezPD.exe

C:\Windows\System\EpHezPD.exe

C:\Windows\System\ofKeWyM.exe

C:\Windows\System\ofKeWyM.exe

C:\Windows\System\sKlYtnj.exe

C:\Windows\System\sKlYtnj.exe

C:\Windows\System\aTFFGCh.exe

C:\Windows\System\aTFFGCh.exe

C:\Windows\System\rKWyboo.exe

C:\Windows\System\rKWyboo.exe

C:\Windows\System\UMZFSyC.exe

C:\Windows\System\UMZFSyC.exe

C:\Windows\System\DZrAnNj.exe

C:\Windows\System\DZrAnNj.exe

C:\Windows\System\ZWELApw.exe

C:\Windows\System\ZWELApw.exe

C:\Windows\System\bBhMxpO.exe

C:\Windows\System\bBhMxpO.exe

C:\Windows\System\QoFcgcU.exe

C:\Windows\System\QoFcgcU.exe

C:\Windows\System\FThClwM.exe

C:\Windows\System\FThClwM.exe

C:\Windows\System\janZhUX.exe

C:\Windows\System\janZhUX.exe

C:\Windows\System\TnmFohT.exe

C:\Windows\System\TnmFohT.exe

C:\Windows\System\rrjhdne.exe

C:\Windows\System\rrjhdne.exe

C:\Windows\System\ULpRHJG.exe

C:\Windows\System\ULpRHJG.exe

C:\Windows\System\dEVnVZQ.exe

C:\Windows\System\dEVnVZQ.exe

C:\Windows\System\NovtVOV.exe

C:\Windows\System\NovtVOV.exe

C:\Windows\System\metcyWX.exe

C:\Windows\System\metcyWX.exe

C:\Windows\System\vSbNGZl.exe

C:\Windows\System\vSbNGZl.exe

C:\Windows\System\jMbtRQs.exe

C:\Windows\System\jMbtRQs.exe

C:\Windows\System\YFoEEku.exe

C:\Windows\System\YFoEEku.exe

C:\Windows\System\ImjnHwD.exe

C:\Windows\System\ImjnHwD.exe

C:\Windows\System\SWLQtox.exe

C:\Windows\System\SWLQtox.exe

C:\Windows\System\fUjtyVV.exe

C:\Windows\System\fUjtyVV.exe

C:\Windows\System\CneFBGc.exe

C:\Windows\System\CneFBGc.exe

C:\Windows\System\ALrcjEK.exe

C:\Windows\System\ALrcjEK.exe

C:\Windows\System\iwoyqXj.exe

C:\Windows\System\iwoyqXj.exe

C:\Windows\System\AgQNWYh.exe

C:\Windows\System\AgQNWYh.exe

C:\Windows\System\hTFqTVx.exe

C:\Windows\System\hTFqTVx.exe

C:\Windows\System\tmVSMRq.exe

C:\Windows\System\tmVSMRq.exe

C:\Windows\System\LETMogS.exe

C:\Windows\System\LETMogS.exe

C:\Windows\System\WJjfFGC.exe

C:\Windows\System\WJjfFGC.exe

C:\Windows\System\hMmhEKF.exe

C:\Windows\System\hMmhEKF.exe

C:\Windows\System\wZqDFJS.exe

C:\Windows\System\wZqDFJS.exe

C:\Windows\System\HvLFHCS.exe

C:\Windows\System\HvLFHCS.exe

C:\Windows\System\vIJolAN.exe

C:\Windows\System\vIJolAN.exe

C:\Windows\System\eOeshwV.exe

C:\Windows\System\eOeshwV.exe

C:\Windows\System\olyiqft.exe

C:\Windows\System\olyiqft.exe

C:\Windows\System\chPXxZQ.exe

C:\Windows\System\chPXxZQ.exe

C:\Windows\System\kSPtPqc.exe

C:\Windows\System\kSPtPqc.exe

C:\Windows\System\SdNaBvy.exe

C:\Windows\System\SdNaBvy.exe

C:\Windows\System\LArSpVg.exe

C:\Windows\System\LArSpVg.exe

C:\Windows\System\mSwXZmm.exe

C:\Windows\System\mSwXZmm.exe

C:\Windows\System\dWAjuYW.exe

C:\Windows\System\dWAjuYW.exe

C:\Windows\System\GXdOdRK.exe

C:\Windows\System\GXdOdRK.exe

C:\Windows\System\ntaptjM.exe

C:\Windows\System\ntaptjM.exe

C:\Windows\System\rhEabsa.exe

C:\Windows\System\rhEabsa.exe

C:\Windows\System\RCvlwMG.exe

C:\Windows\System\RCvlwMG.exe

C:\Windows\System\wwzvtuL.exe

C:\Windows\System\wwzvtuL.exe

C:\Windows\System\gZiKAPK.exe

C:\Windows\System\gZiKAPK.exe

C:\Windows\System\EsNMCAD.exe

C:\Windows\System\EsNMCAD.exe

C:\Windows\System\qsTlbSW.exe

C:\Windows\System\qsTlbSW.exe

C:\Windows\System\OhGFKkw.exe

C:\Windows\System\OhGFKkw.exe

C:\Windows\System\cICZwZr.exe

C:\Windows\System\cICZwZr.exe

C:\Windows\System\RroAopz.exe

C:\Windows\System\RroAopz.exe

C:\Windows\System\vBARwzK.exe

C:\Windows\System\vBARwzK.exe

C:\Windows\System\mcAZKlF.exe

C:\Windows\System\mcAZKlF.exe

C:\Windows\System\ezfGgqI.exe

C:\Windows\System\ezfGgqI.exe

C:\Windows\System\IBTTcIU.exe

C:\Windows\System\IBTTcIU.exe

C:\Windows\System\gksVKwa.exe

C:\Windows\System\gksVKwa.exe

C:\Windows\System\npKILkl.exe

C:\Windows\System\npKILkl.exe

C:\Windows\System\rtkwYaM.exe

C:\Windows\System\rtkwYaM.exe

C:\Windows\System\BECqdUO.exe

C:\Windows\System\BECqdUO.exe

C:\Windows\System\gsDtUKR.exe

C:\Windows\System\gsDtUKR.exe

C:\Windows\System\yQZkDnG.exe

C:\Windows\System\yQZkDnG.exe

C:\Windows\System\pjStQqc.exe

C:\Windows\System\pjStQqc.exe

C:\Windows\System\zKoWngA.exe

C:\Windows\System\zKoWngA.exe

C:\Windows\System\yFLPFkN.exe

C:\Windows\System\yFLPFkN.exe

C:\Windows\System\OWuUyMg.exe

C:\Windows\System\OWuUyMg.exe

C:\Windows\System\MFbodaj.exe

C:\Windows\System\MFbodaj.exe

C:\Windows\System\ZLmFYJk.exe

C:\Windows\System\ZLmFYJk.exe

C:\Windows\System\vOcEKAZ.exe

C:\Windows\System\vOcEKAZ.exe

C:\Windows\System\YFrQOyw.exe

C:\Windows\System\YFrQOyw.exe

C:\Windows\System\QpzgzdN.exe

C:\Windows\System\QpzgzdN.exe

C:\Windows\System\XScCHkU.exe

C:\Windows\System\XScCHkU.exe

C:\Windows\System\lKqlzIs.exe

C:\Windows\System\lKqlzIs.exe

C:\Windows\System\lDbADVm.exe

C:\Windows\System\lDbADVm.exe

C:\Windows\System\MCiOmaL.exe

C:\Windows\System\MCiOmaL.exe

C:\Windows\System\FPfieTZ.exe

C:\Windows\System\FPfieTZ.exe

C:\Windows\System\koQyVvb.exe

C:\Windows\System\koQyVvb.exe

C:\Windows\System\NzAfWHh.exe

C:\Windows\System\NzAfWHh.exe

C:\Windows\System\hYPXQwI.exe

C:\Windows\System\hYPXQwI.exe

C:\Windows\System\PhYRDYl.exe

C:\Windows\System\PhYRDYl.exe

C:\Windows\System\lCvmoCP.exe

C:\Windows\System\lCvmoCP.exe

C:\Windows\System\mAvPAXn.exe

C:\Windows\System\mAvPAXn.exe

C:\Windows\System\SyjkqQk.exe

C:\Windows\System\SyjkqQk.exe

C:\Windows\System\lAyMQAM.exe

C:\Windows\System\lAyMQAM.exe

C:\Windows\System\VIAODYs.exe

C:\Windows\System\VIAODYs.exe

C:\Windows\System\NviXvMK.exe

C:\Windows\System\NviXvMK.exe

C:\Windows\System\ILgiclN.exe

C:\Windows\System\ILgiclN.exe

C:\Windows\System\hqNBoKn.exe

C:\Windows\System\hqNBoKn.exe

C:\Windows\System\jywmbqR.exe

C:\Windows\System\jywmbqR.exe

C:\Windows\System\BcAuLQq.exe

C:\Windows\System\BcAuLQq.exe

C:\Windows\System\NGbrWxR.exe

C:\Windows\System\NGbrWxR.exe

C:\Windows\System\IOzZLXy.exe

C:\Windows\System\IOzZLXy.exe

C:\Windows\System\wYlkTbu.exe

C:\Windows\System\wYlkTbu.exe

C:\Windows\System\KiUxxCF.exe

C:\Windows\System\KiUxxCF.exe

C:\Windows\System\PjkmXkV.exe

C:\Windows\System\PjkmXkV.exe

C:\Windows\System\eGOApHE.exe

C:\Windows\System\eGOApHE.exe

C:\Windows\System\gPIVyoL.exe

C:\Windows\System\gPIVyoL.exe

C:\Windows\System\NCqbNNS.exe

C:\Windows\System\NCqbNNS.exe

C:\Windows\System\JPOAYIU.exe

C:\Windows\System\JPOAYIU.exe

C:\Windows\System\ZscNoMF.exe

C:\Windows\System\ZscNoMF.exe

C:\Windows\System\ssGcRfJ.exe

C:\Windows\System\ssGcRfJ.exe

C:\Windows\System\VWcdwDv.exe

C:\Windows\System\VWcdwDv.exe

C:\Windows\System\ckpQafb.exe

C:\Windows\System\ckpQafb.exe

C:\Windows\System\hJJDBkA.exe

C:\Windows\System\hJJDBkA.exe

C:\Windows\System\StrYkIz.exe

C:\Windows\System\StrYkIz.exe

C:\Windows\System\SZcZfgR.exe

C:\Windows\System\SZcZfgR.exe

C:\Windows\System\nTkHTRe.exe

C:\Windows\System\nTkHTRe.exe

C:\Windows\System\ntnpMzo.exe

C:\Windows\System\ntnpMzo.exe

C:\Windows\System\fRSOFPC.exe

C:\Windows\System\fRSOFPC.exe

C:\Windows\System\EuQOvzI.exe

C:\Windows\System\EuQOvzI.exe

C:\Windows\System\tJjSGFL.exe

C:\Windows\System\tJjSGFL.exe

C:\Windows\System\TZBdnEM.exe

C:\Windows\System\TZBdnEM.exe

C:\Windows\System\BCjZwdQ.exe

C:\Windows\System\BCjZwdQ.exe

C:\Windows\System\toSzLMS.exe

C:\Windows\System\toSzLMS.exe

C:\Windows\System\HhbSubD.exe

C:\Windows\System\HhbSubD.exe

C:\Windows\System\WGuMvIG.exe

C:\Windows\System\WGuMvIG.exe

C:\Windows\System\bHnqwot.exe

C:\Windows\System\bHnqwot.exe

C:\Windows\System\KUxvWFm.exe

C:\Windows\System\KUxvWFm.exe

C:\Windows\System\emlGOwd.exe

C:\Windows\System\emlGOwd.exe

C:\Windows\System\dgOSIqP.exe

C:\Windows\System\dgOSIqP.exe

C:\Windows\System\diwbDXf.exe

C:\Windows\System\diwbDXf.exe

C:\Windows\System\NQogalR.exe

C:\Windows\System\NQogalR.exe

C:\Windows\System\WoSGTNP.exe

C:\Windows\System\WoSGTNP.exe

C:\Windows\System\KRnFeVv.exe

C:\Windows\System\KRnFeVv.exe

C:\Windows\System\BSZIPUb.exe

C:\Windows\System\BSZIPUb.exe

C:\Windows\System\uJntsHS.exe

C:\Windows\System\uJntsHS.exe

C:\Windows\System\SrHHQLL.exe

C:\Windows\System\SrHHQLL.exe

C:\Windows\System\YbPnZIG.exe

C:\Windows\System\YbPnZIG.exe

C:\Windows\System\IlTvoVa.exe

C:\Windows\System\IlTvoVa.exe

C:\Windows\System\hOLSLKK.exe

C:\Windows\System\hOLSLKK.exe

C:\Windows\System\jrVGlFJ.exe

C:\Windows\System\jrVGlFJ.exe

C:\Windows\System\IQOWbSw.exe

C:\Windows\System\IQOWbSw.exe

C:\Windows\System\pOiDHMs.exe

C:\Windows\System\pOiDHMs.exe

C:\Windows\System\srAizIH.exe

C:\Windows\System\srAizIH.exe

C:\Windows\System\ZyyVMoJ.exe

C:\Windows\System\ZyyVMoJ.exe

C:\Windows\System\cvOBtEw.exe

C:\Windows\System\cvOBtEw.exe

C:\Windows\System\xwVbFji.exe

C:\Windows\System\xwVbFji.exe

C:\Windows\System\ziJjIPJ.exe

C:\Windows\System\ziJjIPJ.exe

C:\Windows\System\jfoijQx.exe

C:\Windows\System\jfoijQx.exe

C:\Windows\System\BnrwMft.exe

C:\Windows\System\BnrwMft.exe

C:\Windows\System\qDoekXM.exe

C:\Windows\System\qDoekXM.exe

C:\Windows\System\cERgwLX.exe

C:\Windows\System\cERgwLX.exe

C:\Windows\System\QlHXJtk.exe

C:\Windows\System\QlHXJtk.exe

C:\Windows\System\glULrcf.exe

C:\Windows\System\glULrcf.exe

C:\Windows\System\ddtNXbg.exe

C:\Windows\System\ddtNXbg.exe

C:\Windows\System\hSPUzAT.exe

C:\Windows\System\hSPUzAT.exe

C:\Windows\System\CYfEqbX.exe

C:\Windows\System\CYfEqbX.exe

C:\Windows\System\YZGhdZf.exe

C:\Windows\System\YZGhdZf.exe

C:\Windows\System\PIhkCcn.exe

C:\Windows\System\PIhkCcn.exe

C:\Windows\System\rsFEElB.exe

C:\Windows\System\rsFEElB.exe

C:\Windows\System\smCaDnz.exe

C:\Windows\System\smCaDnz.exe

C:\Windows\System\HKRriWw.exe

C:\Windows\System\HKRriWw.exe

C:\Windows\System\IbEGpdL.exe

C:\Windows\System\IbEGpdL.exe

C:\Windows\System\xJBickJ.exe

C:\Windows\System\xJBickJ.exe

C:\Windows\System\LfIWpQo.exe

C:\Windows\System\LfIWpQo.exe

C:\Windows\System\mqBTkNZ.exe

C:\Windows\System\mqBTkNZ.exe

C:\Windows\System\VJgBHzB.exe

C:\Windows\System\VJgBHzB.exe

C:\Windows\System\mRtfpSx.exe

C:\Windows\System\mRtfpSx.exe

C:\Windows\System\qQABCoo.exe

C:\Windows\System\qQABCoo.exe

Network

Country Destination Domain Proto
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp

Files

memory/1952-0-0x000000013F080000-0x000000013F3D4000-memory.dmp

memory/1952-1-0x0000000000080000-0x0000000000090000-memory.dmp

\Windows\system\nuKYWBD.exe

MD5 98d4c4b398d4dc337e1366c17c060a8d
SHA1 7dec2993c22a4697feed65cac6ce909fe384c915
SHA256 890a08ba3e53426fd903abc5db8b4aad25063ac998f4e0f6cb3265f23cd5d5b6
SHA512 6478dc24ad3d5ce0bde929e22fde1da0d802434000334ef1e6d698a17290841f863c21c58d8d58ffc0c75100c962e8d935e4f7548ec592b5cc4d935426e1186d

memory/1952-6-0x000000013F790000-0x000000013FAE4000-memory.dmp

\Windows\system\HLSHPtq.exe

MD5 0552e7cf5cd34de71bb618f1bd408e95
SHA1 206f10b24b7a9c15529e92e401b6f2fc05c2a813
SHA256 8125910ffd93b95632d69f5d746633cd71ce2db1b7a437740939bf03020105c9
SHA512 d75c0b17c3cd000bfedc2df0c308890bc2f35bed2f4748bab0b52aff4cf883db622586573c1c9fb8f2771513b490307ea5b7d83a9133839e42f3e5b6e66da136

memory/1780-14-0x000000013F640000-0x000000013F994000-memory.dmp

memory/1952-13-0x000000013F640000-0x000000013F994000-memory.dmp

C:\Windows\system\zZEYlvU.exe

MD5 6d68650321c49bdae744c1b6027987ff
SHA1 8058bfcb3e76cdd7443e14256bea3881aedec4de
SHA256 f36bc2ae7bc1c73157c4889e600059504d7228a09d073de7757fb79329f8da55
SHA512 9f4d600b3c03e6149a12a71940d3303fe2411e4758f940f6882a32970451d18045ffe5da3d3a66b3e34fcd2375e71ad704bcbe40b046f6de728e37beff3d9db2

C:\Windows\system\mAjOnYJ.exe

MD5 93011f503c1cc7b3f60bcb494ffd8151
SHA1 291afe98e85a63fab32d68e687a298a573035268
SHA256 e988f80051ac581381e2406006a7984f1ddc5cf5788b758210c37f02cfb8f9a2
SHA512 4db15340650e47beb46329a7bc6203dfa0c06af90c16836fc5027ef077285035904872630601def3d9b8a89a547e91f45f092866f0edd3da1c7c46f9411b3157

\Windows\system\wtcEfqS.exe

MD5 e86567dc612f1b6cca771cb042d5a9c8
SHA1 aac49944d73d7573b83f7760ae9775ade4934093
SHA256 cb2a0acd3590d08349f8dff1a1688e251c1c472497b4afaadec1e1700b7209b9
SHA512 71c11164620eb5e6229cc4dac363d3dbdbab1b2083d9b658087ab6869f7ad0a47aacee90752dc62b689fc3d089f3b912df89ee50fc45a7ce8ca9a04ce9ef50c4

memory/1952-38-0x000000013FAD0000-0x000000013FE24000-memory.dmp

memory/1952-27-0x0000000002020000-0x0000000002374000-memory.dmp

memory/2692-42-0x000000013FAD0000-0x000000013FE24000-memory.dmp

memory/2704-41-0x000000013F040000-0x000000013F394000-memory.dmp

memory/2336-20-0x000000013F7F0000-0x000000013FB44000-memory.dmp

C:\Windows\system\tVTrjKU.exe

MD5 c242c4330c5001a36839cefcd019c9cd
SHA1 a7c347a6dccda66be3a82405a89e115835ab4feb
SHA256 ee7c20d3395a37890b5e8b5c576f6d923931241671653de86963a860cfc10772
SHA512 ca82f580a80ca2bdbb17cf8e062728d0086fd882eb0ecd541ef687c0085a6edfe7ec4ea1f4d498ed8e4df413abb1eb4a9483f5f7dc91f6b21536c88c5dffefc0

memory/1952-36-0x0000000002020000-0x0000000002374000-memory.dmp

memory/2440-34-0x000000013F290000-0x000000013F5E4000-memory.dmp

memory/2616-48-0x000000013F1A0000-0x000000013F4F4000-memory.dmp

C:\Windows\system\fsKzywe.exe

MD5 d96ca62b9934fa8767304e2383f2d567
SHA1 f9b745ef66eaf8f9a5929881a186edff8e31f9d4
SHA256 2b6debaa48b2f7cea3e6b1033452beaea36b28011060c82e81e5d99810e54d00
SHA512 d292d9bef78e8905d003e3c349be9e64ccd25a05477a3c7d80064a574f2bb9b70fac9e3b97487ca4c35c5eb98b9148139aa9ed5063302fe8765e3d63188982f7

memory/1728-69-0x000000013F7F0000-0x000000013FB44000-memory.dmp

memory/1716-79-0x000000013F790000-0x000000013FAE4000-memory.dmp

memory/1668-86-0x000000013FB10000-0x000000013FE64000-memory.dmp

memory/2784-101-0x000000013FFC0000-0x0000000140314000-memory.dmp

C:\Windows\system\yXtfGIM.exe

MD5 e26acc72cc30f47602e1b52861de625e
SHA1 67635862c85ef9d4392b4df3dfe6e8992bd14a52
SHA256 fd6b45193545d751ffeb513920b8cedc2cd30c78348fbf3141dac85ffe9cb0c6
SHA512 a426f708447100f63e1b4ba29f077d98508e84f59aae68c261e87bf19011be01131da271e1d5da567ebfed8c7f7937d21c0488f78904f3be48ffd6373d9a8172

memory/2516-1075-0x000000013FD40000-0x0000000140094000-memory.dmp

memory/2744-785-0x000000013F740000-0x000000013FA94000-memory.dmp

memory/1728-1076-0x000000013F7F0000-0x000000013FB44000-memory.dmp

memory/2616-476-0x000000013F1A0000-0x000000013F4F4000-memory.dmp

memory/1952-1077-0x000000013F950000-0x000000013FCA4000-memory.dmp

memory/2936-1078-0x000000013F950000-0x000000013FCA4000-memory.dmp

C:\Windows\system\FhjjTap.exe

MD5 1d45d80be5a5a1a586a6a825124cc72f
SHA1 31bb66353ed40eb39b8a1d149efa861f98324cf9
SHA256 7b1727babf16619b9f8743705f92e838e7a053536305b6956317061ac940765c
SHA512 90ef11beb17f98268f7271f1f6418a7c46d19ab0b6a4d009306cd59e106e405ac553f1f38a2b51113fb49bc229a4df517db29a71c66277e859447f0671bcb07f

C:\Windows\system\ribRnOb.exe

MD5 85adf6738394188c0f6b5a6448ccf7cb
SHA1 11b9a04c97ea1075d0fa37b71f3825722bb90cb7
SHA256 a51deff368e2dc1603a72fbb9c6104cdee4738db732611e9610f0aa7a3ee1286
SHA512 233ca6fd64757d4da1aa8f9f48e03a10c1d2714299a379b5851ca602467bfde4eac5ed64790f299b29d3b27873350fc92535d909ce51bc8c368ff7cf058bc190

C:\Windows\system\jpLzhNg.exe

MD5 cdcd65b133d69ee7e8975cbbf7f73731
SHA1 e15f6bcc99ada89b6aaa5ba94a11b91dabe7d70b
SHA256 2c0e1f7b027797584e08f54627bf1054cefaa99a05c5a70bc542b99957a0ec93
SHA512 e0b791f7dae0a0dd67cb119cba2f2a8b338b90901a425257f3e617f64d802a0940ac037f75713f29892bfbac62bbe19cd4a99f6bd5f9648b33b259ea04f73808

C:\Windows\system\QuUfIkV.exe

MD5 a98e2af518f269887095e1fc1492f7b2
SHA1 3738f06b879439814cae798e23ddf9198d9881fc
SHA256 c10e1b118f934c584eaf3ac9af0fe762438b5af9e56df453b403e33b269b8472
SHA512 f2d4e2e24f6234802864ac79fe428766f57b8cf6ee58c019ccff0baa933cfd17e3ffda854a32ebdef9fb18f384ae3482725fd75e44df21d7eba06a60921e8bdf

C:\Windows\system\qLellNx.exe

MD5 5ebc972d40375dcb650ac7249cff5984
SHA1 8899c092642c05b1acd31d2e8a772ad8dd9c59ad
SHA256 19599be6f433a7213ad9616b3dfebf2f48cb1fd68aa1cbfd8206fe8a78f377ea
SHA512 960c13f0a067a1af1f11f576822cda5971ed1c07d44d87a8875e55577459ea46471cb353866b0c44adaad70c3b9252e478e9296acf9e4cede91d4e9546adc26d

C:\Windows\system\XNawIbH.exe

MD5 9b078204528deabbd70718b9a6af85e1
SHA1 c910d1e07c31b2a548b2f66127ef5ee02b079572
SHA256 18a791199b68895340da997ab6bd959b26add7a6840c9b1118958bdd0c0f9eb8
SHA512 9ba9b0b75338feea547d67165825263c12e5441218bac75e6c3a442c0c2fd69a2613409a88563477f712b01e8c54d1ed0eabc0735d87446739316d8ac4ea64e5

C:\Windows\system\cXmaiqQ.exe

MD5 23ee38c82119185b708a9a5af80db9d8
SHA1 4658fec5a85256622de9dc758a8d4345f98d1697
SHA256 bd45d23cf2f3458af4bce581126e4294824c3515f68ad4623c29ef78af42ad32
SHA512 a3118425a5755c8a487a4d39560b16d111dd40773117793e3e5dc39de2a10c916141c7232de1e37f80d11cc0389c83ca2e5eeca64a4d90ec8ac0e78e115560b6

C:\Windows\system\znHqoGG.exe

MD5 ebdcea21a1795d5618a1fc7f6276a1dd
SHA1 a77b081802600cf6cdb36cbc413cf1b88bfbbc1f
SHA256 6a2a5ca53b29f010ec9ee1b38b78ac30657850937e59ebe55a7b821c133597e7
SHA512 12f4f0e15e0a2db605dd8e5f3f682fd43570ed68e0706d990f8dea7745300a220c7110cedd420f1d7aca3dc82480330d95c3222d05e2973fdb33a33396106ae5

C:\Windows\system\gEBfdxO.exe

MD5 a03e92835d406ba8df95ed0027cb54d2
SHA1 36b8e2ea7ba096e4948795e99b584fd468af5fcf
SHA256 14987f8fb7a26633973de5aeba1589345d2e4323d64795242c7967bb964bd145
SHA512 23d53cae409953f4a8e18608bd755176626bffeb1ce16571820486da5a459ec5cb7e7a7dd75ebb62827fa1a4dcd24022430f0a87f3afa01903668789a96f7ac8

C:\Windows\system\zmHldlC.exe

MD5 b6cdc80eb50c4a90da8a556d4e9d871a
SHA1 1a68b33a3cbdc127e8baccf7e32d43851be1f23b
SHA256 494956bdd13edebb76f67e5239324d7c7082d8c82f0011bd98e13209d392632d
SHA512 805d7d9a5587fc527130c901afdb7a41c682a01697941e0047f6e98dfc6d43c3d874bb1baf91afbe7ee4a86a4546a0a799aa065b10dd72d08c106737be76f388

C:\Windows\system\oinBpYT.exe

MD5 fc6a41bc0db18af5afb43699d382ee4d
SHA1 ddd1834a827b3172eb942fb08dc9f31139c18bdb
SHA256 fbcae7592b9997fb447ad2aaf94ce4c2eccc6649963edcec51d808edc6256d50
SHA512 57087602b24c820c55d1e77fcd888012633cac34e4aa8d2f60faaf6edeb932f3934669efcb8d60379c62d2fb8b0a18381c15075e50c7545921f8fac20135e4b0

C:\Windows\system\SbyHAFc.exe

MD5 6c84512c330aae883b948a12249b942f
SHA1 319eefc21b26cd2572fdbd46a18adb8d009e5846
SHA256 c012b20ff89d519f772c9d1796227ef5b628b265c81422e75897d3d81b260566
SHA512 ed29851e3f8527f3b5baebbf9a7007cf40e4560baeb12ecf8ce5e975744befb5f63f531bac5733611e61d454b3337b39d5e5fbfb41fd578aa7db4c77fad67b58

C:\Windows\system\infhFVj.exe

MD5 792e3318d94311517087d936c1c27fb3
SHA1 30d92d6a766f4ae5664b6f44c0ee492df64cdbf2
SHA256 737018e0c1ecc9b127db7089830d56651ac334da6ecfe6189adcc4316d51443d
SHA512 acc8280b196894df9c9a9428b9af46f594963b9148e206cbc6c73ee2842a8a28b7afc4abba45fefb74a724d7ecc3bf0bc51ff8deec99b686afebc1beca6f3334

C:\Windows\system\WKIipdZ.exe

MD5 cb15659bbc2b9bdf3803b016087d8b0a
SHA1 e60c0e526bd90c9d8b0d9a221e3a5ec5cc128ae6
SHA256 1aed93742fb3e20f323a5e0ba5018ef2fcd651cb33b68b2593e7b3906d8ac16e
SHA512 6c4cdd897d34a226a723adf6c30ae87083702c7e9d66ba7a59df1c5dc79dfd576e702944aa3518143da6a04eb62ad0aea60434f202baeb2edc68b170450aa866

C:\Windows\system\LZwpSdf.exe

MD5 ea9bd3de6a19bddff6d84dfca1c75d0f
SHA1 2b17a431bf09ed93d9aef6e93425baa7a302324d
SHA256 733a6d67d85cc662e47855157e0ba74f4e00968fa54835eb3f1b8d6b32e35f2f
SHA512 8e551fafc148d38e7b3488507507a0dd0eb56ecf3111f13a3c460449049cfc4428b34e1338c3896ba561f5b8983e76474c0e1732e4d66931118d9c09fe595915

memory/1952-1079-0x000000013FB10000-0x000000013FE64000-memory.dmp

C:\Windows\system\fJZEzLT.exe

MD5 2a4680a3104e68d88041a9607364a0a5
SHA1 2c7af8c636361707ccd89c01c3f8a9fa8f54ec35
SHA256 4ebf47327aa72421b71f820897e7b746b64f21ef2c8414443f97ec5cb8c5040d
SHA512 a141e418ac384da9799d10502388dc4bfde864ebb19a2b7451fafe1ff5217f64d3dc7ff463dcf6a1cbb809b8d15b8d8fc1caa5041d0cbbfa4dbdc4302dad6185

memory/1952-107-0x000000013F970000-0x000000013FCC4000-memory.dmp

memory/2704-106-0x000000013F040000-0x000000013F394000-memory.dmp

C:\Windows\system\bvxxMng.exe

MD5 4ac11f33386e58a9db87d9a008890ffa
SHA1 704288f6cc1d2754caaf9651540f0594b92dcc5d
SHA256 b1ad0e555963ac4b7f0af2312c90c40a48964d5c11293627769932deb2f5734f
SHA512 0925469def44d394a4957ca85f02045e2e9d84691a1d7dac1220dc2d2e2d6039a431cc38786c89592264e4e896166759d9978b6cd651e825feae72cfa1b429e6

memory/1952-100-0x000000013FFC0000-0x0000000140314000-memory.dmp

memory/1428-93-0x000000013F530000-0x000000013F884000-memory.dmp

memory/1952-92-0x000000013F530000-0x000000013F884000-memory.dmp

memory/2440-91-0x000000013F290000-0x000000013F5E4000-memory.dmp

memory/2336-90-0x000000013F7F0000-0x000000013FB44000-memory.dmp

C:\Windows\system\mIqxORr.exe

MD5 88e14e83d937e5ef0bb44ca7a278ba75
SHA1 10c4c76d3e2a1ae6814c8a8cc12bf3afcd1195db
SHA256 23ed7e19a44eaaebf1f9a73152407a6e561229fa67cb8819f2e0c0a0c2758983
SHA512 4a1d8d41ce0f6639fb07d3f1cede59e20d302c6e00529d992a6ca93275f936abde9afc286f571ff5a39c7e6e62a755de15fd9b6b6246a31a9cf7028c094a105f

C:\Windows\system\pgBDCzD.exe

MD5 b889a73d3d4acb32abda5e3f235e2632
SHA1 8bac43c34fe0ed0bd56bdd2d0b68f17f22c570ad
SHA256 76423b277cbe58f02ea2f7875da2ba4d8a1d72b60ee17e2dfd642bffdec1a001
SHA512 a51f676b113609a51529cb111b45d48a51606e43d596bc02c64ea9e0aa4bf81f2bf095c2083ae19bc269d06e80e972e2c55b6f2b3a891edeaa3ff2190373a341

C:\Windows\system\LSNewyf.exe

MD5 a20d704670b6495d7e0b637eb51f3456
SHA1 03f172f15fc05a24dcdb22290f73d1196b9d5072
SHA256 acb6e50595b6a9b5547d7663e56170c4df79074aa42cf02b2400244ccad8dc04
SHA512 87c5ca18ba1900b19e16c5eb53973a457b938a718805a3345e872aac16ecdc6078d1a101245b20269279a824724cce0dcd662fee6d134b99975cc9ba0bc392cf

memory/1780-81-0x000000013F640000-0x000000013F994000-memory.dmp

memory/1952-80-0x000000013F640000-0x000000013F994000-memory.dmp

memory/2936-75-0x000000013F950000-0x000000013FCA4000-memory.dmp

memory/1952-74-0x000000013F950000-0x000000013FCA4000-memory.dmp

C:\Windows\system\MeymbAi.exe

MD5 5948200785406c42fc195c6be751137e
SHA1 6a5f107aae5b4ba0ac7cfe12493a961b5593fb39
SHA256 3df7970defb028c1fe4e37bbd469893dad0fe0c854a78f80193db8f326f167e4
SHA512 c85ffab4f6219418ecfbd2a1771bd8393961aa167327c29fe539ae8dbe0f61b5e2bb50826d6fb5280b4a5249faaa1fd7fc32a2ae9c6f95b5ca239dbc511c06be

memory/1952-68-0x000000013F080000-0x000000013F3D4000-memory.dmp

memory/2516-62-0x000000013FD40000-0x0000000140094000-memory.dmp

memory/1952-61-0x000000013FD40000-0x0000000140094000-memory.dmp

C:\Windows\system\nzMDinR.exe

MD5 8c4c60d9ce83afd1deed78178da86bdb
SHA1 a7ec730beb932ccd414a9832040e40ab321d9f1d
SHA256 bc86c83451a7e2bd226ce2f7f0dc9dd55e5d300ba259647bbc494f64869a992b
SHA512 216b9418e416aaa76003d2f8cab589a2a2ff389482a790d6545e968ffa2a5bfb17678646f145a41d67724196cad8f0de5609bc91eb312ffd63d9c188155d4ab8

memory/2744-55-0x000000013F740000-0x000000013FA94000-memory.dmp

memory/1952-54-0x000000013F740000-0x000000013FA94000-memory.dmp

C:\Windows\system\BFjAhbx.exe

MD5 d6338841260a8e703a1282937f5f8b3d
SHA1 313fc207f878ae04ef4a28550a020ce0b0476621
SHA256 a595641910a3f9ae8ea31d21867ac3cf902cae23aab29f48f48f54dda09c5361
SHA512 3f9079a7245608e8387cec9474124c0151d3ddb818aa448fedcde7a8da22240eabae57bfd3fc35012484a4636213a03be820387af08c016e6ae8f6dd8efd09a8

memory/1952-47-0x0000000002020000-0x0000000002374000-memory.dmp

C:\Windows\system\cIqQzYZ.exe

MD5 007e6391fdf7614485fb6c9e9ecfce0d
SHA1 c82fd1b6eeea9dca47f77dd0496422c7ac2e4d60
SHA256 6c458258c14dd9b8fea18fc02323ce59b668cb814408b123e403855d5f4d7ed8
SHA512 c4c437388e9f3bcd04a11e6689160349fe0eb4d488b4fc3de2a56725324ba4a1159eb93bc5924bf0850803de5ec03f0a6ff9d12a2bf65753906e52e544547e8f

memory/1428-1081-0x000000013F530000-0x000000013F884000-memory.dmp

memory/1952-1080-0x000000013F530000-0x000000013F884000-memory.dmp

memory/2784-1083-0x000000013FFC0000-0x0000000140314000-memory.dmp

memory/1952-1082-0x000000013FFC0000-0x0000000140314000-memory.dmp

memory/1952-1084-0x000000013F970000-0x000000013FCC4000-memory.dmp

memory/1716-1085-0x000000013F790000-0x000000013FAE4000-memory.dmp

memory/2336-1087-0x000000013F7F0000-0x000000013FB44000-memory.dmp

memory/2440-1088-0x000000013F290000-0x000000013F5E4000-memory.dmp

memory/2704-1090-0x000000013F040000-0x000000013F394000-memory.dmp

memory/2692-1089-0x000000013FAD0000-0x000000013FE24000-memory.dmp

memory/1780-1086-0x000000013F640000-0x000000013F994000-memory.dmp

memory/2616-1091-0x000000013F1A0000-0x000000013F4F4000-memory.dmp

memory/2744-1092-0x000000013F740000-0x000000013FA94000-memory.dmp

memory/2516-1093-0x000000013FD40000-0x0000000140094000-memory.dmp

memory/1728-1094-0x000000013F7F0000-0x000000013FB44000-memory.dmp

memory/2936-1095-0x000000013F950000-0x000000013FCA4000-memory.dmp

memory/1668-1096-0x000000013FB10000-0x000000013FE64000-memory.dmp

memory/1428-1097-0x000000013F530000-0x000000013F884000-memory.dmp

memory/2784-1098-0x000000013FFC0000-0x0000000140314000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-07 02:14

Reported

2024-06-07 02:17

Platform

win10v2004-20240508-en

Max time kernel

148s

Max time network

150s

Command Line

"C:\Users\Admin\AppData\Local\Temp\2f1de83dcc3f829a94e37736efc5c5c0_NeikiAnalytics.exe"

Signatures

KPOT

trojan stealer kpot

KPOT Core Executable

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

xmrig

miner xmrig

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Windows\System\nuKYWBD.exe N/A
N/A N/A C:\Windows\System\HLSHPtq.exe N/A
N/A N/A C:\Windows\System\zZEYlvU.exe N/A
N/A N/A C:\Windows\System\mAjOnYJ.exe N/A
N/A N/A C:\Windows\System\wtcEfqS.exe N/A
N/A N/A C:\Windows\System\tVTrjKU.exe N/A
N/A N/A C:\Windows\System\cIqQzYZ.exe N/A
N/A N/A C:\Windows\System\BFjAhbx.exe N/A
N/A N/A C:\Windows\System\nzMDinR.exe N/A
N/A N/A C:\Windows\System\fsKzywe.exe N/A
N/A N/A C:\Windows\System\MeymbAi.exe N/A
N/A N/A C:\Windows\System\LSNewyf.exe N/A
N/A N/A C:\Windows\System\mIqxORr.exe N/A
N/A N/A C:\Windows\System\pgBDCzD.exe N/A
N/A N/A C:\Windows\System\bvxxMng.exe N/A
N/A N/A C:\Windows\System\fJZEzLT.exe N/A
N/A N/A C:\Windows\System\LZwpSdf.exe N/A
N/A N/A C:\Windows\System\yXtfGIM.exe N/A
N/A N/A C:\Windows\System\WKIipdZ.exe N/A
N/A N/A C:\Windows\System\infhFVj.exe N/A
N/A N/A C:\Windows\System\SbyHAFc.exe N/A
N/A N/A C:\Windows\System\oinBpYT.exe N/A
N/A N/A C:\Windows\System\zmHldlC.exe N/A
N/A N/A C:\Windows\System\gEBfdxO.exe N/A
N/A N/A C:\Windows\System\znHqoGG.exe N/A
N/A N/A C:\Windows\System\cXmaiqQ.exe N/A
N/A N/A C:\Windows\System\XNawIbH.exe N/A
N/A N/A C:\Windows\System\qLellNx.exe N/A
N/A N/A C:\Windows\System\QuUfIkV.exe N/A
N/A N/A C:\Windows\System\jpLzhNg.exe N/A
N/A N/A C:\Windows\System\ribRnOb.exe N/A
N/A N/A C:\Windows\System\FhjjTap.exe N/A
N/A N/A C:\Windows\System\EITmaOL.exe N/A
N/A N/A C:\Windows\System\lLPCFAR.exe N/A
N/A N/A C:\Windows\System\sXPLplH.exe N/A
N/A N/A C:\Windows\System\OErpSuo.exe N/A
N/A N/A C:\Windows\System\TipgwaV.exe N/A
N/A N/A C:\Windows\System\gjeAygE.exe N/A
N/A N/A C:\Windows\System\IjDpAuy.exe N/A
N/A N/A C:\Windows\System\dKxZTZT.exe N/A
N/A N/A C:\Windows\System\RkhzrVn.exe N/A
N/A N/A C:\Windows\System\CBdQEnr.exe N/A
N/A N/A C:\Windows\System\JVHcBtE.exe N/A
N/A N/A C:\Windows\System\usKVbcx.exe N/A
N/A N/A C:\Windows\System\zdIBouz.exe N/A
N/A N/A C:\Windows\System\LzRZiXR.exe N/A
N/A N/A C:\Windows\System\Natmxbh.exe N/A
N/A N/A C:\Windows\System\jjfqIKd.exe N/A
N/A N/A C:\Windows\System\faKTSFc.exe N/A
N/A N/A C:\Windows\System\oBKACBn.exe N/A
N/A N/A C:\Windows\System\JxwsXqt.exe N/A
N/A N/A C:\Windows\System\SNaVqCr.exe N/A
N/A N/A C:\Windows\System\pQzjTqD.exe N/A
N/A N/A C:\Windows\System\eXQadAT.exe N/A
N/A N/A C:\Windows\System\XSmsjkn.exe N/A
N/A N/A C:\Windows\System\IKIqlyp.exe N/A
N/A N/A C:\Windows\System\SjcXsfY.exe N/A
N/A N/A C:\Windows\System\tyQupUj.exe N/A
N/A N/A C:\Windows\System\fzCZKsn.exe N/A
N/A N/A C:\Windows\System\yYYRHpW.exe N/A
N/A N/A C:\Windows\System\lWcYYcO.exe N/A
N/A N/A C:\Windows\System\lYYfSGb.exe N/A
N/A N/A C:\Windows\System\VfIOINc.exe N/A
N/A N/A C:\Windows\System\uDScKFO.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\System\IjDpAuy.exe C:\Users\Admin\AppData\Local\Temp\2f1de83dcc3f829a94e37736efc5c5c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\qDaHJtU.exe C:\Users\Admin\AppData\Local\Temp\2f1de83dcc3f829a94e37736efc5c5c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\QeLnTVq.exe C:\Users\Admin\AppData\Local\Temp\2f1de83dcc3f829a94e37736efc5c5c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\ZReiAMa.exe C:\Users\Admin\AppData\Local\Temp\2f1de83dcc3f829a94e37736efc5c5c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\bBhMxpO.exe C:\Users\Admin\AppData\Local\Temp\2f1de83dcc3f829a94e37736efc5c5c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\yQZkDnG.exe C:\Users\Admin\AppData\Local\Temp\2f1de83dcc3f829a94e37736efc5c5c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\PhYRDYl.exe C:\Users\Admin\AppData\Local\Temp\2f1de83dcc3f829a94e37736efc5c5c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\hJJDBkA.exe C:\Users\Admin\AppData\Local\Temp\2f1de83dcc3f829a94e37736efc5c5c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\fGGkZBe.exe C:\Users\Admin\AppData\Local\Temp\2f1de83dcc3f829a94e37736efc5c5c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\sICcsWb.exe C:\Users\Admin\AppData\Local\Temp\2f1de83dcc3f829a94e37736efc5c5c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\mSwXZmm.exe C:\Users\Admin\AppData\Local\Temp\2f1de83dcc3f829a94e37736efc5c5c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\lAyMQAM.exe C:\Users\Admin\AppData\Local\Temp\2f1de83dcc3f829a94e37736efc5c5c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\gPIVyoL.exe C:\Users\Admin\AppData\Local\Temp\2f1de83dcc3f829a94e37736efc5c5c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\LfIWpQo.exe C:\Users\Admin\AppData\Local\Temp\2f1de83dcc3f829a94e37736efc5c5c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\usKVbcx.exe C:\Users\Admin\AppData\Local\Temp\2f1de83dcc3f829a94e37736efc5c5c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\TXzeLNp.exe C:\Users\Admin\AppData\Local\Temp\2f1de83dcc3f829a94e37736efc5c5c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\QoFcgcU.exe C:\Users\Admin\AppData\Local\Temp\2f1de83dcc3f829a94e37736efc5c5c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\ImjnHwD.exe C:\Users\Admin\AppData\Local\Temp\2f1de83dcc3f829a94e37736efc5c5c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\jywmbqR.exe C:\Users\Admin\AppData\Local\Temp\2f1de83dcc3f829a94e37736efc5c5c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\tJjSGFL.exe C:\Users\Admin\AppData\Local\Temp\2f1de83dcc3f829a94e37736efc5c5c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\yYYRHpW.exe C:\Users\Admin\AppData\Local\Temp\2f1de83dcc3f829a94e37736efc5c5c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\ypPdUAl.exe C:\Users\Admin\AppData\Local\Temp\2f1de83dcc3f829a94e37736efc5c5c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\olyiqft.exe C:\Users\Admin\AppData\Local\Temp\2f1de83dcc3f829a94e37736efc5c5c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\rhEabsa.exe C:\Users\Admin\AppData\Local\Temp\2f1de83dcc3f829a94e37736efc5c5c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\gsDtUKR.exe C:\Users\Admin\AppData\Local\Temp\2f1de83dcc3f829a94e37736efc5c5c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\CBdQEnr.exe C:\Users\Admin\AppData\Local\Temp\2f1de83dcc3f829a94e37736efc5c5c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\UXEFkbk.exe C:\Users\Admin\AppData\Local\Temp\2f1de83dcc3f829a94e37736efc5c5c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\zqxtjty.exe C:\Users\Admin\AppData\Local\Temp\2f1de83dcc3f829a94e37736efc5c5c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\EjMVhhl.exe C:\Users\Admin\AppData\Local\Temp\2f1de83dcc3f829a94e37736efc5c5c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\hEnSdMF.exe C:\Users\Admin\AppData\Local\Temp\2f1de83dcc3f829a94e37736efc5c5c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\rrjhdne.exe C:\Users\Admin\AppData\Local\Temp\2f1de83dcc3f829a94e37736efc5c5c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\KiUxxCF.exe C:\Users\Admin\AppData\Local\Temp\2f1de83dcc3f829a94e37736efc5c5c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\WoSGTNP.exe C:\Users\Admin\AppData\Local\Temp\2f1de83dcc3f829a94e37736efc5c5c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\XSmsjkn.exe C:\Users\Admin\AppData\Local\Temp\2f1de83dcc3f829a94e37736efc5c5c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\metcyWX.exe C:\Users\Admin\AppData\Local\Temp\2f1de83dcc3f829a94e37736efc5c5c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\SdNaBvy.exe C:\Users\Admin\AppData\Local\Temp\2f1de83dcc3f829a94e37736efc5c5c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\mcAZKlF.exe C:\Users\Admin\AppData\Local\Temp\2f1de83dcc3f829a94e37736efc5c5c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\wdCAWCh.exe C:\Users\Admin\AppData\Local\Temp\2f1de83dcc3f829a94e37736efc5c5c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\gksVKwa.exe C:\Users\Admin\AppData\Local\Temp\2f1de83dcc3f829a94e37736efc5c5c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\WKIipdZ.exe C:\Users\Admin\AppData\Local\Temp\2f1de83dcc3f829a94e37736efc5c5c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\infhFVj.exe C:\Users\Admin\AppData\Local\Temp\2f1de83dcc3f829a94e37736efc5c5c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\sXPLplH.exe C:\Users\Admin\AppData\Local\Temp\2f1de83dcc3f829a94e37736efc5c5c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\gjeAygE.exe C:\Users\Admin\AppData\Local\Temp\2f1de83dcc3f829a94e37736efc5c5c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\JVHcBtE.exe C:\Users\Admin\AppData\Local\Temp\2f1de83dcc3f829a94e37736efc5c5c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\JhLTdVY.exe C:\Users\Admin\AppData\Local\Temp\2f1de83dcc3f829a94e37736efc5c5c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\eHIbDta.exe C:\Users\Admin\AppData\Local\Temp\2f1de83dcc3f829a94e37736efc5c5c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\MeymbAi.exe C:\Users\Admin\AppData\Local\Temp\2f1de83dcc3f829a94e37736efc5c5c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\rkgpaFr.exe C:\Users\Admin\AppData\Local\Temp\2f1de83dcc3f829a94e37736efc5c5c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\FhjjTap.exe C:\Users\Admin\AppData\Local\Temp\2f1de83dcc3f829a94e37736efc5c5c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\gVppURs.exe C:\Users\Admin\AppData\Local\Temp\2f1de83dcc3f829a94e37736efc5c5c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\DZrAnNj.exe C:\Users\Admin\AppData\Local\Temp\2f1de83dcc3f829a94e37736efc5c5c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\yFLPFkN.exe C:\Users\Admin\AppData\Local\Temp\2f1de83dcc3f829a94e37736efc5c5c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\OWuUyMg.exe C:\Users\Admin\AppData\Local\Temp\2f1de83dcc3f829a94e37736efc5c5c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\ssGcRfJ.exe C:\Users\Admin\AppData\Local\Temp\2f1de83dcc3f829a94e37736efc5c5c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\ribRnOb.exe C:\Users\Admin\AppData\Local\Temp\2f1de83dcc3f829a94e37736efc5c5c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\dKxZTZT.exe C:\Users\Admin\AppData\Local\Temp\2f1de83dcc3f829a94e37736efc5c5c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\pQgiJAH.exe C:\Users\Admin\AppData\Local\Temp\2f1de83dcc3f829a94e37736efc5c5c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\wXCeRVi.exe C:\Users\Admin\AppData\Local\Temp\2f1de83dcc3f829a94e37736efc5c5c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\ZyyVMoJ.exe C:\Users\Admin\AppData\Local\Temp\2f1de83dcc3f829a94e37736efc5c5c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\zZEYlvU.exe C:\Users\Admin\AppData\Local\Temp\2f1de83dcc3f829a94e37736efc5c5c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\SbyHAFc.exe C:\Users\Admin\AppData\Local\Temp\2f1de83dcc3f829a94e37736efc5c5c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\PPbBDKJ.exe C:\Users\Admin\AppData\Local\Temp\2f1de83dcc3f829a94e37736efc5c5c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\RroAopz.exe C:\Users\Admin\AppData\Local\Temp\2f1de83dcc3f829a94e37736efc5c5c0_NeikiAnalytics.exe N/A
File created C:\Windows\System\BSZIPUb.exe C:\Users\Admin\AppData\Local\Temp\2f1de83dcc3f829a94e37736efc5c5c0_NeikiAnalytics.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2f1de83dcc3f829a94e37736efc5c5c0_NeikiAnalytics.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2f1de83dcc3f829a94e37736efc5c5c0_NeikiAnalytics.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 644 wrote to memory of 4140 N/A C:\Users\Admin\AppData\Local\Temp\2f1de83dcc3f829a94e37736efc5c5c0_NeikiAnalytics.exe C:\Windows\System\nuKYWBD.exe
PID 644 wrote to memory of 4140 N/A C:\Users\Admin\AppData\Local\Temp\2f1de83dcc3f829a94e37736efc5c5c0_NeikiAnalytics.exe C:\Windows\System\nuKYWBD.exe
PID 644 wrote to memory of 4168 N/A C:\Users\Admin\AppData\Local\Temp\2f1de83dcc3f829a94e37736efc5c5c0_NeikiAnalytics.exe C:\Windows\System\HLSHPtq.exe
PID 644 wrote to memory of 4168 N/A C:\Users\Admin\AppData\Local\Temp\2f1de83dcc3f829a94e37736efc5c5c0_NeikiAnalytics.exe C:\Windows\System\HLSHPtq.exe
PID 644 wrote to memory of 2728 N/A C:\Users\Admin\AppData\Local\Temp\2f1de83dcc3f829a94e37736efc5c5c0_NeikiAnalytics.exe C:\Windows\System\zZEYlvU.exe
PID 644 wrote to memory of 2728 N/A C:\Users\Admin\AppData\Local\Temp\2f1de83dcc3f829a94e37736efc5c5c0_NeikiAnalytics.exe C:\Windows\System\zZEYlvU.exe
PID 644 wrote to memory of 2408 N/A C:\Users\Admin\AppData\Local\Temp\2f1de83dcc3f829a94e37736efc5c5c0_NeikiAnalytics.exe C:\Windows\System\mAjOnYJ.exe
PID 644 wrote to memory of 2408 N/A C:\Users\Admin\AppData\Local\Temp\2f1de83dcc3f829a94e37736efc5c5c0_NeikiAnalytics.exe C:\Windows\System\mAjOnYJ.exe
PID 644 wrote to memory of 716 N/A C:\Users\Admin\AppData\Local\Temp\2f1de83dcc3f829a94e37736efc5c5c0_NeikiAnalytics.exe C:\Windows\System\wtcEfqS.exe
PID 644 wrote to memory of 716 N/A C:\Users\Admin\AppData\Local\Temp\2f1de83dcc3f829a94e37736efc5c5c0_NeikiAnalytics.exe C:\Windows\System\wtcEfqS.exe
PID 644 wrote to memory of 5100 N/A C:\Users\Admin\AppData\Local\Temp\2f1de83dcc3f829a94e37736efc5c5c0_NeikiAnalytics.exe C:\Windows\System\tVTrjKU.exe
PID 644 wrote to memory of 5100 N/A C:\Users\Admin\AppData\Local\Temp\2f1de83dcc3f829a94e37736efc5c5c0_NeikiAnalytics.exe C:\Windows\System\tVTrjKU.exe
PID 644 wrote to memory of 1528 N/A C:\Users\Admin\AppData\Local\Temp\2f1de83dcc3f829a94e37736efc5c5c0_NeikiAnalytics.exe C:\Windows\System\cIqQzYZ.exe
PID 644 wrote to memory of 1528 N/A C:\Users\Admin\AppData\Local\Temp\2f1de83dcc3f829a94e37736efc5c5c0_NeikiAnalytics.exe C:\Windows\System\cIqQzYZ.exe
PID 644 wrote to memory of 4196 N/A C:\Users\Admin\AppData\Local\Temp\2f1de83dcc3f829a94e37736efc5c5c0_NeikiAnalytics.exe C:\Windows\System\BFjAhbx.exe
PID 644 wrote to memory of 4196 N/A C:\Users\Admin\AppData\Local\Temp\2f1de83dcc3f829a94e37736efc5c5c0_NeikiAnalytics.exe C:\Windows\System\BFjAhbx.exe
PID 644 wrote to memory of 4220 N/A C:\Users\Admin\AppData\Local\Temp\2f1de83dcc3f829a94e37736efc5c5c0_NeikiAnalytics.exe C:\Windows\System\nzMDinR.exe
PID 644 wrote to memory of 4220 N/A C:\Users\Admin\AppData\Local\Temp\2f1de83dcc3f829a94e37736efc5c5c0_NeikiAnalytics.exe C:\Windows\System\nzMDinR.exe
PID 644 wrote to memory of 680 N/A C:\Users\Admin\AppData\Local\Temp\2f1de83dcc3f829a94e37736efc5c5c0_NeikiAnalytics.exe C:\Windows\System\fsKzywe.exe
PID 644 wrote to memory of 680 N/A C:\Users\Admin\AppData\Local\Temp\2f1de83dcc3f829a94e37736efc5c5c0_NeikiAnalytics.exe C:\Windows\System\fsKzywe.exe
PID 644 wrote to memory of 3804 N/A C:\Users\Admin\AppData\Local\Temp\2f1de83dcc3f829a94e37736efc5c5c0_NeikiAnalytics.exe C:\Windows\System\MeymbAi.exe
PID 644 wrote to memory of 3804 N/A C:\Users\Admin\AppData\Local\Temp\2f1de83dcc3f829a94e37736efc5c5c0_NeikiAnalytics.exe C:\Windows\System\MeymbAi.exe
PID 644 wrote to memory of 4716 N/A C:\Users\Admin\AppData\Local\Temp\2f1de83dcc3f829a94e37736efc5c5c0_NeikiAnalytics.exe C:\Windows\System\LSNewyf.exe
PID 644 wrote to memory of 4716 N/A C:\Users\Admin\AppData\Local\Temp\2f1de83dcc3f829a94e37736efc5c5c0_NeikiAnalytics.exe C:\Windows\System\LSNewyf.exe
PID 644 wrote to memory of 1080 N/A C:\Users\Admin\AppData\Local\Temp\2f1de83dcc3f829a94e37736efc5c5c0_NeikiAnalytics.exe C:\Windows\System\mIqxORr.exe
PID 644 wrote to memory of 1080 N/A C:\Users\Admin\AppData\Local\Temp\2f1de83dcc3f829a94e37736efc5c5c0_NeikiAnalytics.exe C:\Windows\System\mIqxORr.exe
PID 644 wrote to memory of 1700 N/A C:\Users\Admin\AppData\Local\Temp\2f1de83dcc3f829a94e37736efc5c5c0_NeikiAnalytics.exe C:\Windows\System\pgBDCzD.exe
PID 644 wrote to memory of 1700 N/A C:\Users\Admin\AppData\Local\Temp\2f1de83dcc3f829a94e37736efc5c5c0_NeikiAnalytics.exe C:\Windows\System\pgBDCzD.exe
PID 644 wrote to memory of 700 N/A C:\Users\Admin\AppData\Local\Temp\2f1de83dcc3f829a94e37736efc5c5c0_NeikiAnalytics.exe C:\Windows\System\bvxxMng.exe
PID 644 wrote to memory of 700 N/A C:\Users\Admin\AppData\Local\Temp\2f1de83dcc3f829a94e37736efc5c5c0_NeikiAnalytics.exe C:\Windows\System\bvxxMng.exe
PID 644 wrote to memory of 3796 N/A C:\Users\Admin\AppData\Local\Temp\2f1de83dcc3f829a94e37736efc5c5c0_NeikiAnalytics.exe C:\Windows\System\fJZEzLT.exe
PID 644 wrote to memory of 3796 N/A C:\Users\Admin\AppData\Local\Temp\2f1de83dcc3f829a94e37736efc5c5c0_NeikiAnalytics.exe C:\Windows\System\fJZEzLT.exe
PID 644 wrote to memory of 1864 N/A C:\Users\Admin\AppData\Local\Temp\2f1de83dcc3f829a94e37736efc5c5c0_NeikiAnalytics.exe C:\Windows\System\LZwpSdf.exe
PID 644 wrote to memory of 1864 N/A C:\Users\Admin\AppData\Local\Temp\2f1de83dcc3f829a94e37736efc5c5c0_NeikiAnalytics.exe C:\Windows\System\LZwpSdf.exe
PID 644 wrote to memory of 3856 N/A C:\Users\Admin\AppData\Local\Temp\2f1de83dcc3f829a94e37736efc5c5c0_NeikiAnalytics.exe C:\Windows\System\yXtfGIM.exe
PID 644 wrote to memory of 3856 N/A C:\Users\Admin\AppData\Local\Temp\2f1de83dcc3f829a94e37736efc5c5c0_NeikiAnalytics.exe C:\Windows\System\yXtfGIM.exe
PID 644 wrote to memory of 2660 N/A C:\Users\Admin\AppData\Local\Temp\2f1de83dcc3f829a94e37736efc5c5c0_NeikiAnalytics.exe C:\Windows\System\WKIipdZ.exe
PID 644 wrote to memory of 2660 N/A C:\Users\Admin\AppData\Local\Temp\2f1de83dcc3f829a94e37736efc5c5c0_NeikiAnalytics.exe C:\Windows\System\WKIipdZ.exe
PID 644 wrote to memory of 3488 N/A C:\Users\Admin\AppData\Local\Temp\2f1de83dcc3f829a94e37736efc5c5c0_NeikiAnalytics.exe C:\Windows\System\infhFVj.exe
PID 644 wrote to memory of 3488 N/A C:\Users\Admin\AppData\Local\Temp\2f1de83dcc3f829a94e37736efc5c5c0_NeikiAnalytics.exe C:\Windows\System\infhFVj.exe
PID 644 wrote to memory of 2528 N/A C:\Users\Admin\AppData\Local\Temp\2f1de83dcc3f829a94e37736efc5c5c0_NeikiAnalytics.exe C:\Windows\System\SbyHAFc.exe
PID 644 wrote to memory of 2528 N/A C:\Users\Admin\AppData\Local\Temp\2f1de83dcc3f829a94e37736efc5c5c0_NeikiAnalytics.exe C:\Windows\System\SbyHAFc.exe
PID 644 wrote to memory of 2120 N/A C:\Users\Admin\AppData\Local\Temp\2f1de83dcc3f829a94e37736efc5c5c0_NeikiAnalytics.exe C:\Windows\System\oinBpYT.exe
PID 644 wrote to memory of 2120 N/A C:\Users\Admin\AppData\Local\Temp\2f1de83dcc3f829a94e37736efc5c5c0_NeikiAnalytics.exe C:\Windows\System\oinBpYT.exe
PID 644 wrote to memory of 2456 N/A C:\Users\Admin\AppData\Local\Temp\2f1de83dcc3f829a94e37736efc5c5c0_NeikiAnalytics.exe C:\Windows\System\zmHldlC.exe
PID 644 wrote to memory of 2456 N/A C:\Users\Admin\AppData\Local\Temp\2f1de83dcc3f829a94e37736efc5c5c0_NeikiAnalytics.exe C:\Windows\System\zmHldlC.exe
PID 644 wrote to memory of 684 N/A C:\Users\Admin\AppData\Local\Temp\2f1de83dcc3f829a94e37736efc5c5c0_NeikiAnalytics.exe C:\Windows\System\gEBfdxO.exe
PID 644 wrote to memory of 684 N/A C:\Users\Admin\AppData\Local\Temp\2f1de83dcc3f829a94e37736efc5c5c0_NeikiAnalytics.exe C:\Windows\System\gEBfdxO.exe
PID 644 wrote to memory of 4912 N/A C:\Users\Admin\AppData\Local\Temp\2f1de83dcc3f829a94e37736efc5c5c0_NeikiAnalytics.exe C:\Windows\System\znHqoGG.exe
PID 644 wrote to memory of 4912 N/A C:\Users\Admin\AppData\Local\Temp\2f1de83dcc3f829a94e37736efc5c5c0_NeikiAnalytics.exe C:\Windows\System\znHqoGG.exe
PID 644 wrote to memory of 2832 N/A C:\Users\Admin\AppData\Local\Temp\2f1de83dcc3f829a94e37736efc5c5c0_NeikiAnalytics.exe C:\Windows\System\cXmaiqQ.exe
PID 644 wrote to memory of 2832 N/A C:\Users\Admin\AppData\Local\Temp\2f1de83dcc3f829a94e37736efc5c5c0_NeikiAnalytics.exe C:\Windows\System\cXmaiqQ.exe
PID 644 wrote to memory of 1768 N/A C:\Users\Admin\AppData\Local\Temp\2f1de83dcc3f829a94e37736efc5c5c0_NeikiAnalytics.exe C:\Windows\System\XNawIbH.exe
PID 644 wrote to memory of 1768 N/A C:\Users\Admin\AppData\Local\Temp\2f1de83dcc3f829a94e37736efc5c5c0_NeikiAnalytics.exe C:\Windows\System\XNawIbH.exe
PID 644 wrote to memory of 3292 N/A C:\Users\Admin\AppData\Local\Temp\2f1de83dcc3f829a94e37736efc5c5c0_NeikiAnalytics.exe C:\Windows\System\qLellNx.exe
PID 644 wrote to memory of 3292 N/A C:\Users\Admin\AppData\Local\Temp\2f1de83dcc3f829a94e37736efc5c5c0_NeikiAnalytics.exe C:\Windows\System\qLellNx.exe
PID 644 wrote to memory of 3656 N/A C:\Users\Admin\AppData\Local\Temp\2f1de83dcc3f829a94e37736efc5c5c0_NeikiAnalytics.exe C:\Windows\System\QuUfIkV.exe
PID 644 wrote to memory of 3656 N/A C:\Users\Admin\AppData\Local\Temp\2f1de83dcc3f829a94e37736efc5c5c0_NeikiAnalytics.exe C:\Windows\System\QuUfIkV.exe
PID 644 wrote to memory of 3336 N/A C:\Users\Admin\AppData\Local\Temp\2f1de83dcc3f829a94e37736efc5c5c0_NeikiAnalytics.exe C:\Windows\System\jpLzhNg.exe
PID 644 wrote to memory of 3336 N/A C:\Users\Admin\AppData\Local\Temp\2f1de83dcc3f829a94e37736efc5c5c0_NeikiAnalytics.exe C:\Windows\System\jpLzhNg.exe
PID 644 wrote to memory of 4972 N/A C:\Users\Admin\AppData\Local\Temp\2f1de83dcc3f829a94e37736efc5c5c0_NeikiAnalytics.exe C:\Windows\System\ribRnOb.exe
PID 644 wrote to memory of 4972 N/A C:\Users\Admin\AppData\Local\Temp\2f1de83dcc3f829a94e37736efc5c5c0_NeikiAnalytics.exe C:\Windows\System\ribRnOb.exe
PID 644 wrote to memory of 4084 N/A C:\Users\Admin\AppData\Local\Temp\2f1de83dcc3f829a94e37736efc5c5c0_NeikiAnalytics.exe C:\Windows\System\FhjjTap.exe
PID 644 wrote to memory of 4084 N/A C:\Users\Admin\AppData\Local\Temp\2f1de83dcc3f829a94e37736efc5c5c0_NeikiAnalytics.exe C:\Windows\System\FhjjTap.exe

Processes

C:\Users\Admin\AppData\Local\Temp\2f1de83dcc3f829a94e37736efc5c5c0_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\2f1de83dcc3f829a94e37736efc5c5c0_NeikiAnalytics.exe"

C:\Windows\System\nuKYWBD.exe

C:\Windows\System\nuKYWBD.exe

C:\Windows\System\HLSHPtq.exe

C:\Windows\System\HLSHPtq.exe

C:\Windows\System\zZEYlvU.exe

C:\Windows\System\zZEYlvU.exe

C:\Windows\System\mAjOnYJ.exe

C:\Windows\System\mAjOnYJ.exe

C:\Windows\System\wtcEfqS.exe

C:\Windows\System\wtcEfqS.exe

C:\Windows\System\tVTrjKU.exe

C:\Windows\System\tVTrjKU.exe

C:\Windows\System\cIqQzYZ.exe

C:\Windows\System\cIqQzYZ.exe

C:\Windows\System\BFjAhbx.exe

C:\Windows\System\BFjAhbx.exe

C:\Windows\System\nzMDinR.exe

C:\Windows\System\nzMDinR.exe

C:\Windows\System\fsKzywe.exe

C:\Windows\System\fsKzywe.exe

C:\Windows\System\MeymbAi.exe

C:\Windows\System\MeymbAi.exe

C:\Windows\System\LSNewyf.exe

C:\Windows\System\LSNewyf.exe

C:\Windows\System\mIqxORr.exe

C:\Windows\System\mIqxORr.exe

C:\Windows\System\pgBDCzD.exe

C:\Windows\System\pgBDCzD.exe

C:\Windows\System\bvxxMng.exe

C:\Windows\System\bvxxMng.exe

C:\Windows\System\fJZEzLT.exe

C:\Windows\System\fJZEzLT.exe

C:\Windows\System\LZwpSdf.exe

C:\Windows\System\LZwpSdf.exe

C:\Windows\System\yXtfGIM.exe

C:\Windows\System\yXtfGIM.exe

C:\Windows\System\WKIipdZ.exe

C:\Windows\System\WKIipdZ.exe

C:\Windows\System\infhFVj.exe

C:\Windows\System\infhFVj.exe

C:\Windows\System\SbyHAFc.exe

C:\Windows\System\SbyHAFc.exe

C:\Windows\System\oinBpYT.exe

C:\Windows\System\oinBpYT.exe

C:\Windows\System\zmHldlC.exe

C:\Windows\System\zmHldlC.exe

C:\Windows\System\gEBfdxO.exe

C:\Windows\System\gEBfdxO.exe

C:\Windows\System\znHqoGG.exe

C:\Windows\System\znHqoGG.exe

C:\Windows\System\cXmaiqQ.exe

C:\Windows\System\cXmaiqQ.exe

C:\Windows\System\XNawIbH.exe

C:\Windows\System\XNawIbH.exe

C:\Windows\System\qLellNx.exe

C:\Windows\System\qLellNx.exe

C:\Windows\System\QuUfIkV.exe

C:\Windows\System\QuUfIkV.exe

C:\Windows\System\jpLzhNg.exe

C:\Windows\System\jpLzhNg.exe

C:\Windows\System\ribRnOb.exe

C:\Windows\System\ribRnOb.exe

C:\Windows\System\FhjjTap.exe

C:\Windows\System\FhjjTap.exe

C:\Windows\System\EITmaOL.exe

C:\Windows\System\EITmaOL.exe

C:\Windows\System\lLPCFAR.exe

C:\Windows\System\lLPCFAR.exe

C:\Windows\System\sXPLplH.exe

C:\Windows\System\sXPLplH.exe

C:\Windows\System\OErpSuo.exe

C:\Windows\System\OErpSuo.exe

C:\Windows\System\TipgwaV.exe

C:\Windows\System\TipgwaV.exe

C:\Windows\System\gjeAygE.exe

C:\Windows\System\gjeAygE.exe

C:\Windows\System\IjDpAuy.exe

C:\Windows\System\IjDpAuy.exe

C:\Windows\System\dKxZTZT.exe

C:\Windows\System\dKxZTZT.exe

C:\Windows\System\RkhzrVn.exe

C:\Windows\System\RkhzrVn.exe

C:\Windows\System\CBdQEnr.exe

C:\Windows\System\CBdQEnr.exe

C:\Windows\System\JVHcBtE.exe

C:\Windows\System\JVHcBtE.exe

C:\Windows\System\usKVbcx.exe

C:\Windows\System\usKVbcx.exe

C:\Windows\System\zdIBouz.exe

C:\Windows\System\zdIBouz.exe

C:\Windows\System\LzRZiXR.exe

C:\Windows\System\LzRZiXR.exe

C:\Windows\System\Natmxbh.exe

C:\Windows\System\Natmxbh.exe

C:\Windows\System\jjfqIKd.exe

C:\Windows\System\jjfqIKd.exe

C:\Windows\System\faKTSFc.exe

C:\Windows\System\faKTSFc.exe

C:\Windows\System\oBKACBn.exe

C:\Windows\System\oBKACBn.exe

C:\Windows\System\JxwsXqt.exe

C:\Windows\System\JxwsXqt.exe

C:\Windows\System\SNaVqCr.exe

C:\Windows\System\SNaVqCr.exe

C:\Windows\System\pQzjTqD.exe

C:\Windows\System\pQzjTqD.exe

C:\Windows\System\eXQadAT.exe

C:\Windows\System\eXQadAT.exe

C:\Windows\System\XSmsjkn.exe

C:\Windows\System\XSmsjkn.exe

C:\Windows\System\IKIqlyp.exe

C:\Windows\System\IKIqlyp.exe

C:\Windows\System\SjcXsfY.exe

C:\Windows\System\SjcXsfY.exe

C:\Windows\System\tyQupUj.exe

C:\Windows\System\tyQupUj.exe

C:\Windows\System\fzCZKsn.exe

C:\Windows\System\fzCZKsn.exe

C:\Windows\System\yYYRHpW.exe

C:\Windows\System\yYYRHpW.exe

C:\Windows\System\lWcYYcO.exe

C:\Windows\System\lWcYYcO.exe

C:\Windows\System\lYYfSGb.exe

C:\Windows\System\lYYfSGb.exe

C:\Windows\System\VfIOINc.exe

C:\Windows\System\VfIOINc.exe

C:\Windows\System\uDScKFO.exe

C:\Windows\System\uDScKFO.exe

C:\Windows\System\kkjUYNB.exe

C:\Windows\System\kkjUYNB.exe

C:\Windows\System\ARbPYBo.exe

C:\Windows\System\ARbPYBo.exe

C:\Windows\System\gUPHIEj.exe

C:\Windows\System\gUPHIEj.exe

C:\Windows\System\xpvBPZR.exe

C:\Windows\System\xpvBPZR.exe

C:\Windows\System\bsEgFgw.exe

C:\Windows\System\bsEgFgw.exe

C:\Windows\System\BaBGQEC.exe

C:\Windows\System\BaBGQEC.exe

C:\Windows\System\TSsGzkI.exe

C:\Windows\System\TSsGzkI.exe

C:\Windows\System\EGMaDPA.exe

C:\Windows\System\EGMaDPA.exe

C:\Windows\System\PPbBDKJ.exe

C:\Windows\System\PPbBDKJ.exe

C:\Windows\System\XREnkVB.exe

C:\Windows\System\XREnkVB.exe

C:\Windows\System\otFfKAZ.exe

C:\Windows\System\otFfKAZ.exe

C:\Windows\System\jjbJznE.exe

C:\Windows\System\jjbJznE.exe

C:\Windows\System\Ohlevio.exe

C:\Windows\System\Ohlevio.exe

C:\Windows\System\KTNnZiK.exe

C:\Windows\System\KTNnZiK.exe

C:\Windows\System\NBqCenG.exe

C:\Windows\System\NBqCenG.exe

C:\Windows\System\aMNZvQh.exe

C:\Windows\System\aMNZvQh.exe

C:\Windows\System\lqCETBh.exe

C:\Windows\System\lqCETBh.exe

C:\Windows\System\ycJEIOh.exe

C:\Windows\System\ycJEIOh.exe

C:\Windows\System\UXEFkbk.exe

C:\Windows\System\UXEFkbk.exe

C:\Windows\System\vgjYzbc.exe

C:\Windows\System\vgjYzbc.exe

C:\Windows\System\zwoVfpP.exe

C:\Windows\System\zwoVfpP.exe

C:\Windows\System\RrGOhMA.exe

C:\Windows\System\RrGOhMA.exe

C:\Windows\System\LACxZOd.exe

C:\Windows\System\LACxZOd.exe

C:\Windows\System\qDaHJtU.exe

C:\Windows\System\qDaHJtU.exe

C:\Windows\System\YTPfNdD.exe

C:\Windows\System\YTPfNdD.exe

C:\Windows\System\sncZycy.exe

C:\Windows\System\sncZycy.exe

C:\Windows\System\CYdASkt.exe

C:\Windows\System\CYdASkt.exe

C:\Windows\System\HPSeUZz.exe

C:\Windows\System\HPSeUZz.exe

C:\Windows\System\TXzeLNp.exe

C:\Windows\System\TXzeLNp.exe

C:\Windows\System\pQgiJAH.exe

C:\Windows\System\pQgiJAH.exe

C:\Windows\System\nOdgYic.exe

C:\Windows\System\nOdgYic.exe

C:\Windows\System\Txixgun.exe

C:\Windows\System\Txixgun.exe

C:\Windows\System\gOHcMbG.exe

C:\Windows\System\gOHcMbG.exe

C:\Windows\System\qRcALsN.exe

C:\Windows\System\qRcALsN.exe

C:\Windows\System\NyecJqL.exe

C:\Windows\System\NyecJqL.exe

C:\Windows\System\EsHGbzt.exe

C:\Windows\System\EsHGbzt.exe

C:\Windows\System\wbvJuzT.exe

C:\Windows\System\wbvJuzT.exe

C:\Windows\System\vDAdEWr.exe

C:\Windows\System\vDAdEWr.exe

C:\Windows\System\IKDijgv.exe

C:\Windows\System\IKDijgv.exe

C:\Windows\System\jObeOOY.exe

C:\Windows\System\jObeOOY.exe

C:\Windows\System\NFZtmii.exe

C:\Windows\System\NFZtmii.exe

C:\Windows\System\sDtUlrp.exe

C:\Windows\System\sDtUlrp.exe

C:\Windows\System\zqxtjty.exe

C:\Windows\System\zqxtjty.exe

C:\Windows\System\TuWAUix.exe

C:\Windows\System\TuWAUix.exe

C:\Windows\System\TfwkvEu.exe

C:\Windows\System\TfwkvEu.exe

C:\Windows\System\lGBYQAa.exe

C:\Windows\System\lGBYQAa.exe

C:\Windows\System\jzCYjsc.exe

C:\Windows\System\jzCYjsc.exe

C:\Windows\System\RHejDLy.exe

C:\Windows\System\RHejDLy.exe

C:\Windows\System\QeLnTVq.exe

C:\Windows\System\QeLnTVq.exe

C:\Windows\System\IOTQVQx.exe

C:\Windows\System\IOTQVQx.exe

C:\Windows\System\jdshTdl.exe

C:\Windows\System\jdshTdl.exe

C:\Windows\System\uGZCnMV.exe

C:\Windows\System\uGZCnMV.exe

C:\Windows\System\EjMVhhl.exe

C:\Windows\System\EjMVhhl.exe

C:\Windows\System\hmaISJd.exe

C:\Windows\System\hmaISJd.exe

C:\Windows\System\sEXYmqt.exe

C:\Windows\System\sEXYmqt.exe

C:\Windows\System\aSRBFyv.exe

C:\Windows\System\aSRBFyv.exe

C:\Windows\System\cwCLfQv.exe

C:\Windows\System\cwCLfQv.exe

C:\Windows\System\gVppURs.exe

C:\Windows\System\gVppURs.exe

C:\Windows\System\loMhnnM.exe

C:\Windows\System\loMhnnM.exe

C:\Windows\System\ZReiAMa.exe

C:\Windows\System\ZReiAMa.exe

C:\Windows\System\pnTiRtC.exe

C:\Windows\System\pnTiRtC.exe

C:\Windows\System\kDnNoik.exe

C:\Windows\System\kDnNoik.exe

C:\Windows\System\wXCeRVi.exe

C:\Windows\System\wXCeRVi.exe

C:\Windows\System\JhLTdVY.exe

C:\Windows\System\JhLTdVY.exe

C:\Windows\System\wdCAWCh.exe

C:\Windows\System\wdCAWCh.exe

C:\Windows\System\eHIbDta.exe

C:\Windows\System\eHIbDta.exe

C:\Windows\System\ZbbuiOh.exe

C:\Windows\System\ZbbuiOh.exe

C:\Windows\System\KQXosei.exe

C:\Windows\System\KQXosei.exe

C:\Windows\System\NWEmeUF.exe

C:\Windows\System\NWEmeUF.exe

C:\Windows\System\fGGkZBe.exe

C:\Windows\System\fGGkZBe.exe

C:\Windows\System\UWpKINM.exe

C:\Windows\System\UWpKINM.exe

C:\Windows\System\DaeATFf.exe

C:\Windows\System\DaeATFf.exe

C:\Windows\System\QhpmdRm.exe

C:\Windows\System\QhpmdRm.exe

C:\Windows\System\wVbDjFD.exe

C:\Windows\System\wVbDjFD.exe

C:\Windows\System\sICcsWb.exe

C:\Windows\System\sICcsWb.exe

C:\Windows\System\GxseSjP.exe

C:\Windows\System\GxseSjP.exe

C:\Windows\System\eTVPnJc.exe

C:\Windows\System\eTVPnJc.exe

C:\Windows\System\hEnSdMF.exe

C:\Windows\System\hEnSdMF.exe

C:\Windows\System\ypPdUAl.exe

C:\Windows\System\ypPdUAl.exe

C:\Windows\System\mmCXVIC.exe

C:\Windows\System\mmCXVIC.exe

C:\Windows\System\JBuBccM.exe

C:\Windows\System\JBuBccM.exe

C:\Windows\System\aJSnxCc.exe

C:\Windows\System\aJSnxCc.exe

C:\Windows\System\WzZhxLp.exe

C:\Windows\System\WzZhxLp.exe

C:\Windows\System\Hftmodj.exe

C:\Windows\System\Hftmodj.exe

C:\Windows\System\bpzrcod.exe

C:\Windows\System\bpzrcod.exe

C:\Windows\System\rkgpaFr.exe

C:\Windows\System\rkgpaFr.exe

C:\Windows\System\RvNQWap.exe

C:\Windows\System\RvNQWap.exe

C:\Windows\System\QnXwuqo.exe

C:\Windows\System\QnXwuqo.exe

C:\Windows\System\nRvnLPo.exe

C:\Windows\System\nRvnLPo.exe

C:\Windows\System\pTrQMQP.exe

C:\Windows\System\pTrQMQP.exe

C:\Windows\System\yniIuWa.exe

C:\Windows\System\yniIuWa.exe

C:\Windows\System\DkxzXml.exe

C:\Windows\System\DkxzXml.exe

C:\Windows\System\XDrdNnv.exe

C:\Windows\System\XDrdNnv.exe

C:\Windows\System\qDUHwSb.exe

C:\Windows\System\qDUHwSb.exe

C:\Windows\System\gITBJpz.exe

C:\Windows\System\gITBJpz.exe

C:\Windows\System\VVBEyAp.exe

C:\Windows\System\VVBEyAp.exe

C:\Windows\System\rJexqLX.exe

C:\Windows\System\rJexqLX.exe

C:\Windows\System\TnjHzBU.exe

C:\Windows\System\TnjHzBU.exe

C:\Windows\System\KJGOjhb.exe

C:\Windows\System\KJGOjhb.exe

C:\Windows\System\EpHezPD.exe

C:\Windows\System\EpHezPD.exe

C:\Windows\System\ofKeWyM.exe

C:\Windows\System\ofKeWyM.exe

C:\Windows\System\sKlYtnj.exe

C:\Windows\System\sKlYtnj.exe

C:\Windows\System\aTFFGCh.exe

C:\Windows\System\aTFFGCh.exe

C:\Windows\System\rKWyboo.exe

C:\Windows\System\rKWyboo.exe

C:\Windows\System\UMZFSyC.exe

C:\Windows\System\UMZFSyC.exe

C:\Windows\System\DZrAnNj.exe

C:\Windows\System\DZrAnNj.exe

C:\Windows\System\ZWELApw.exe

C:\Windows\System\ZWELApw.exe

C:\Windows\System\bBhMxpO.exe

C:\Windows\System\bBhMxpO.exe

C:\Windows\System\QoFcgcU.exe

C:\Windows\System\QoFcgcU.exe

C:\Windows\System\FThClwM.exe

C:\Windows\System\FThClwM.exe

C:\Windows\System\janZhUX.exe

C:\Windows\System\janZhUX.exe

C:\Windows\System\TnmFohT.exe

C:\Windows\System\TnmFohT.exe

C:\Windows\System\rrjhdne.exe

C:\Windows\System\rrjhdne.exe

C:\Windows\System\ULpRHJG.exe

C:\Windows\System\ULpRHJG.exe

C:\Windows\System\dEVnVZQ.exe

C:\Windows\System\dEVnVZQ.exe

C:\Windows\System\NovtVOV.exe

C:\Windows\System\NovtVOV.exe

C:\Windows\System\metcyWX.exe

C:\Windows\System\metcyWX.exe

C:\Windows\System\vSbNGZl.exe

C:\Windows\System\vSbNGZl.exe

C:\Windows\System\jMbtRQs.exe

C:\Windows\System\jMbtRQs.exe

C:\Windows\System\YFoEEku.exe

C:\Windows\System\YFoEEku.exe

C:\Windows\System\ImjnHwD.exe

C:\Windows\System\ImjnHwD.exe

C:\Windows\System\SWLQtox.exe

C:\Windows\System\SWLQtox.exe

C:\Windows\System\fUjtyVV.exe

C:\Windows\System\fUjtyVV.exe

C:\Windows\System\CneFBGc.exe

C:\Windows\System\CneFBGc.exe

C:\Windows\System\ALrcjEK.exe

C:\Windows\System\ALrcjEK.exe

C:\Windows\System\iwoyqXj.exe

C:\Windows\System\iwoyqXj.exe

C:\Windows\System\AgQNWYh.exe

C:\Windows\System\AgQNWYh.exe

C:\Windows\System\hTFqTVx.exe

C:\Windows\System\hTFqTVx.exe

C:\Windows\System\tmVSMRq.exe

C:\Windows\System\tmVSMRq.exe

C:\Windows\System\LETMogS.exe

C:\Windows\System\LETMogS.exe

C:\Windows\System\WJjfFGC.exe

C:\Windows\System\WJjfFGC.exe

C:\Windows\System\hMmhEKF.exe

C:\Windows\System\hMmhEKF.exe

C:\Windows\System\wZqDFJS.exe

C:\Windows\System\wZqDFJS.exe

C:\Windows\System\HvLFHCS.exe

C:\Windows\System\HvLFHCS.exe

C:\Windows\System\vIJolAN.exe

C:\Windows\System\vIJolAN.exe

C:\Windows\System\eOeshwV.exe

C:\Windows\System\eOeshwV.exe

C:\Windows\System\olyiqft.exe

C:\Windows\System\olyiqft.exe

C:\Windows\System\chPXxZQ.exe

C:\Windows\System\chPXxZQ.exe

C:\Windows\System\kSPtPqc.exe

C:\Windows\System\kSPtPqc.exe

C:\Windows\System\SdNaBvy.exe

C:\Windows\System\SdNaBvy.exe

C:\Windows\System\LArSpVg.exe

C:\Windows\System\LArSpVg.exe

C:\Windows\System\mSwXZmm.exe

C:\Windows\System\mSwXZmm.exe

C:\Windows\System\dWAjuYW.exe

C:\Windows\System\dWAjuYW.exe

C:\Windows\System\GXdOdRK.exe

C:\Windows\System\GXdOdRK.exe

C:\Windows\System\ntaptjM.exe

C:\Windows\System\ntaptjM.exe

C:\Windows\System\rhEabsa.exe

C:\Windows\System\rhEabsa.exe

C:\Windows\System\RCvlwMG.exe

C:\Windows\System\RCvlwMG.exe

C:\Windows\System\wwzvtuL.exe

C:\Windows\System\wwzvtuL.exe

C:\Windows\System\gZiKAPK.exe

C:\Windows\System\gZiKAPK.exe

C:\Windows\System\EsNMCAD.exe

C:\Windows\System\EsNMCAD.exe

C:\Windows\System\qsTlbSW.exe

C:\Windows\System\qsTlbSW.exe

C:\Windows\System\OhGFKkw.exe

C:\Windows\System\OhGFKkw.exe

C:\Windows\System\cICZwZr.exe

C:\Windows\System\cICZwZr.exe

C:\Windows\System\RroAopz.exe

C:\Windows\System\RroAopz.exe

C:\Windows\System\vBARwzK.exe

C:\Windows\System\vBARwzK.exe

C:\Windows\System\mcAZKlF.exe

C:\Windows\System\mcAZKlF.exe

C:\Windows\System\ezfGgqI.exe

C:\Windows\System\ezfGgqI.exe

C:\Windows\System\IBTTcIU.exe

C:\Windows\System\IBTTcIU.exe

C:\Windows\System\gksVKwa.exe

C:\Windows\System\gksVKwa.exe

C:\Windows\System\npKILkl.exe

C:\Windows\System\npKILkl.exe

C:\Windows\System\rtkwYaM.exe

C:\Windows\System\rtkwYaM.exe

C:\Windows\System\BECqdUO.exe

C:\Windows\System\BECqdUO.exe

C:\Windows\System\gsDtUKR.exe

C:\Windows\System\gsDtUKR.exe

C:\Windows\System\yQZkDnG.exe

C:\Windows\System\yQZkDnG.exe

C:\Windows\System\pjStQqc.exe

C:\Windows\System\pjStQqc.exe

C:\Windows\System\zKoWngA.exe

C:\Windows\System\zKoWngA.exe

C:\Windows\System\yFLPFkN.exe

C:\Windows\System\yFLPFkN.exe

C:\Windows\System\OWuUyMg.exe

C:\Windows\System\OWuUyMg.exe

C:\Windows\System\MFbodaj.exe

C:\Windows\System\MFbodaj.exe

C:\Windows\System\ZLmFYJk.exe

C:\Windows\System\ZLmFYJk.exe

C:\Windows\System\vOcEKAZ.exe

C:\Windows\System\vOcEKAZ.exe

C:\Windows\System\YFrQOyw.exe

C:\Windows\System\YFrQOyw.exe

C:\Windows\System\QpzgzdN.exe

C:\Windows\System\QpzgzdN.exe

C:\Windows\System\XScCHkU.exe

C:\Windows\System\XScCHkU.exe

C:\Windows\System\lKqlzIs.exe

C:\Windows\System\lKqlzIs.exe

C:\Windows\System\lDbADVm.exe

C:\Windows\System\lDbADVm.exe

C:\Windows\System\MCiOmaL.exe

C:\Windows\System\MCiOmaL.exe

C:\Windows\System\FPfieTZ.exe

C:\Windows\System\FPfieTZ.exe

C:\Windows\System\koQyVvb.exe

C:\Windows\System\koQyVvb.exe

C:\Windows\System\NzAfWHh.exe

C:\Windows\System\NzAfWHh.exe

C:\Windows\System\hYPXQwI.exe

C:\Windows\System\hYPXQwI.exe

C:\Windows\System\PhYRDYl.exe

C:\Windows\System\PhYRDYl.exe

C:\Windows\System\lCvmoCP.exe

C:\Windows\System\lCvmoCP.exe

C:\Windows\System\mAvPAXn.exe

C:\Windows\System\mAvPAXn.exe

C:\Windows\System\SyjkqQk.exe

C:\Windows\System\SyjkqQk.exe

C:\Windows\System\lAyMQAM.exe

C:\Windows\System\lAyMQAM.exe

C:\Windows\System\VIAODYs.exe

C:\Windows\System\VIAODYs.exe

C:\Windows\System\NviXvMK.exe

C:\Windows\System\NviXvMK.exe

C:\Windows\System\ILgiclN.exe

C:\Windows\System\ILgiclN.exe

C:\Windows\System\hqNBoKn.exe

C:\Windows\System\hqNBoKn.exe

C:\Windows\System\jywmbqR.exe

C:\Windows\System\jywmbqR.exe

C:\Windows\System\BcAuLQq.exe

C:\Windows\System\BcAuLQq.exe

C:\Windows\System\NGbrWxR.exe

C:\Windows\System\NGbrWxR.exe

C:\Windows\System\IOzZLXy.exe

C:\Windows\System\IOzZLXy.exe

C:\Windows\System\wYlkTbu.exe

C:\Windows\System\wYlkTbu.exe

C:\Windows\System\KiUxxCF.exe

C:\Windows\System\KiUxxCF.exe

C:\Windows\System\PjkmXkV.exe

C:\Windows\System\PjkmXkV.exe

C:\Windows\System\eGOApHE.exe

C:\Windows\System\eGOApHE.exe

C:\Windows\System\gPIVyoL.exe

C:\Windows\System\gPIVyoL.exe

C:\Windows\System\NCqbNNS.exe

C:\Windows\System\NCqbNNS.exe

C:\Windows\System\JPOAYIU.exe

C:\Windows\System\JPOAYIU.exe

C:\Windows\System\ZscNoMF.exe

C:\Windows\System\ZscNoMF.exe

C:\Windows\System\ssGcRfJ.exe

C:\Windows\System\ssGcRfJ.exe

C:\Windows\System\VWcdwDv.exe

C:\Windows\System\VWcdwDv.exe

C:\Windows\System\ckpQafb.exe

C:\Windows\System\ckpQafb.exe

C:\Windows\System\hJJDBkA.exe

C:\Windows\System\hJJDBkA.exe

C:\Windows\System\StrYkIz.exe

C:\Windows\System\StrYkIz.exe

C:\Windows\System\SZcZfgR.exe

C:\Windows\System\SZcZfgR.exe

C:\Windows\System\nTkHTRe.exe

C:\Windows\System\nTkHTRe.exe

C:\Windows\System\ntnpMzo.exe

C:\Windows\System\ntnpMzo.exe

C:\Windows\System\fRSOFPC.exe

C:\Windows\System\fRSOFPC.exe

C:\Windows\System\EuQOvzI.exe

C:\Windows\System\EuQOvzI.exe

C:\Windows\System\tJjSGFL.exe

C:\Windows\System\tJjSGFL.exe

C:\Windows\System\TZBdnEM.exe

C:\Windows\System\TZBdnEM.exe

C:\Windows\System\BCjZwdQ.exe

C:\Windows\System\BCjZwdQ.exe

C:\Windows\System\toSzLMS.exe

C:\Windows\System\toSzLMS.exe

C:\Windows\System\HhbSubD.exe

C:\Windows\System\HhbSubD.exe

C:\Windows\System\WGuMvIG.exe

C:\Windows\System\WGuMvIG.exe

C:\Windows\System\bHnqwot.exe

C:\Windows\System\bHnqwot.exe

C:\Windows\System\KUxvWFm.exe

C:\Windows\System\KUxvWFm.exe

C:\Windows\System\emlGOwd.exe

C:\Windows\System\emlGOwd.exe

C:\Windows\System\dgOSIqP.exe

C:\Windows\System\dgOSIqP.exe

C:\Windows\System\diwbDXf.exe

C:\Windows\System\diwbDXf.exe

C:\Windows\System\NQogalR.exe

C:\Windows\System\NQogalR.exe

C:\Windows\System\WoSGTNP.exe

C:\Windows\System\WoSGTNP.exe

C:\Windows\System\KRnFeVv.exe

C:\Windows\System\KRnFeVv.exe

C:\Windows\System\BSZIPUb.exe

C:\Windows\System\BSZIPUb.exe

C:\Windows\System\uJntsHS.exe

C:\Windows\System\uJntsHS.exe

C:\Windows\System\SrHHQLL.exe

C:\Windows\System\SrHHQLL.exe

C:\Windows\System\YbPnZIG.exe

C:\Windows\System\YbPnZIG.exe

C:\Windows\System\IlTvoVa.exe

C:\Windows\System\IlTvoVa.exe

C:\Windows\System\hOLSLKK.exe

C:\Windows\System\hOLSLKK.exe

C:\Windows\System\jrVGlFJ.exe

C:\Windows\System\jrVGlFJ.exe

C:\Windows\System\IQOWbSw.exe

C:\Windows\System\IQOWbSw.exe

C:\Windows\System\pOiDHMs.exe

C:\Windows\System\pOiDHMs.exe

C:\Windows\System\srAizIH.exe

C:\Windows\System\srAizIH.exe

C:\Windows\System\ZyyVMoJ.exe

C:\Windows\System\ZyyVMoJ.exe

C:\Windows\System\cvOBtEw.exe

C:\Windows\System\cvOBtEw.exe

C:\Windows\System\xwVbFji.exe

C:\Windows\System\xwVbFji.exe

C:\Windows\System\ziJjIPJ.exe

C:\Windows\System\ziJjIPJ.exe

C:\Windows\System\jfoijQx.exe

C:\Windows\System\jfoijQx.exe

C:\Windows\System\BnrwMft.exe

C:\Windows\System\BnrwMft.exe

C:\Windows\System\qDoekXM.exe

C:\Windows\System\qDoekXM.exe

C:\Windows\System\cERgwLX.exe

C:\Windows\System\cERgwLX.exe

C:\Windows\System\QlHXJtk.exe

C:\Windows\System\QlHXJtk.exe

C:\Windows\System\glULrcf.exe

C:\Windows\System\glULrcf.exe

C:\Windows\System\ddtNXbg.exe

C:\Windows\System\ddtNXbg.exe

C:\Windows\System\hSPUzAT.exe

C:\Windows\System\hSPUzAT.exe

C:\Windows\System\CYfEqbX.exe

C:\Windows\System\CYfEqbX.exe

C:\Windows\System\YZGhdZf.exe

C:\Windows\System\YZGhdZf.exe

C:\Windows\System\PIhkCcn.exe

C:\Windows\System\PIhkCcn.exe

C:\Windows\System\rsFEElB.exe

C:\Windows\System\rsFEElB.exe

C:\Windows\System\smCaDnz.exe

C:\Windows\System\smCaDnz.exe

C:\Windows\System\HKRriWw.exe

C:\Windows\System\HKRriWw.exe

C:\Windows\System\IbEGpdL.exe

C:\Windows\System\IbEGpdL.exe

C:\Windows\System\xJBickJ.exe

C:\Windows\System\xJBickJ.exe

C:\Windows\System\LfIWpQo.exe

C:\Windows\System\LfIWpQo.exe

C:\Windows\System\mqBTkNZ.exe

C:\Windows\System\mqBTkNZ.exe

C:\Windows\System\VJgBHzB.exe

C:\Windows\System\VJgBHzB.exe

C:\Windows\System\mRtfpSx.exe

C:\Windows\System\mRtfpSx.exe

C:\Windows\System\qQABCoo.exe

C:\Windows\System\qQABCoo.exe

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 154.239.44.20.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 20.160.190.20.in-addr.arpa udp
US 8.8.8.8:53 209.205.72.20.in-addr.arpa udp
DE 3.120.209.58:8080 tcp
NL 23.62.61.153:443 www.bing.com tcp
US 8.8.8.8:53 55.36.223.20.in-addr.arpa udp
US 8.8.8.8:53 153.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 28.118.140.52.in-addr.arpa udp
US 8.8.8.8:53 157.123.68.40.in-addr.arpa udp
US 8.8.8.8:53 18.31.95.13.in-addr.arpa udp
US 8.8.8.8:53 33.144.22.2.in-addr.arpa udp
DE 3.120.209.58:8080 tcp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp
US 8.8.8.8:53 23.236.111.52.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 88.156.103.20.in-addr.arpa udp
US 8.8.8.8:53 200.197.79.204.in-addr.arpa udp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp
US 8.8.8.8:53 4.173.189.20.in-addr.arpa udp

Files

memory/644-0-0x00007FF6B38F0000-0x00007FF6B3C44000-memory.dmp

memory/644-1-0x00000206D9F80000-0x00000206D9F90000-memory.dmp

C:\Windows\System\HLSHPtq.exe

MD5 0552e7cf5cd34de71bb618f1bd408e95
SHA1 206f10b24b7a9c15529e92e401b6f2fc05c2a813
SHA256 8125910ffd93b95632d69f5d746633cd71ce2db1b7a437740939bf03020105c9
SHA512 d75c0b17c3cd000bfedc2df0c308890bc2f35bed2f4748bab0b52aff4cf883db622586573c1c9fb8f2771513b490307ea5b7d83a9133839e42f3e5b6e66da136

C:\Windows\System\cIqQzYZ.exe

MD5 007e6391fdf7614485fb6c9e9ecfce0d
SHA1 c82fd1b6eeea9dca47f77dd0496422c7ac2e4d60
SHA256 6c458258c14dd9b8fea18fc02323ce59b668cb814408b123e403855d5f4d7ed8
SHA512 c4c437388e9f3bcd04a11e6689160349fe0eb4d488b4fc3de2a56725324ba4a1159eb93bc5924bf0850803de5ec03f0a6ff9d12a2bf65753906e52e544547e8f

C:\Windows\System\wtcEfqS.exe

MD5 e86567dc612f1b6cca771cb042d5a9c8
SHA1 aac49944d73d7573b83f7760ae9775ade4934093
SHA256 cb2a0acd3590d08349f8dff1a1688e251c1c472497b4afaadec1e1700b7209b9
SHA512 71c11164620eb5e6229cc4dac363d3dbdbab1b2083d9b658087ab6869f7ad0a47aacee90752dc62b689fc3d089f3b912df89ee50fc45a7ce8ca9a04ce9ef50c4

C:\Windows\System\nzMDinR.exe

MD5 8c4c60d9ce83afd1deed78178da86bdb
SHA1 a7ec730beb932ccd414a9832040e40ab321d9f1d
SHA256 bc86c83451a7e2bd226ce2f7f0dc9dd55e5d300ba259647bbc494f64869a992b
SHA512 216b9418e416aaa76003d2f8cab589a2a2ff389482a790d6545e968ffa2a5bfb17678646f145a41d67724196cad8f0de5609bc91eb312ffd63d9c188155d4ab8

C:\Windows\System\fsKzywe.exe

MD5 d96ca62b9934fa8767304e2383f2d567
SHA1 f9b745ef66eaf8f9a5929881a186edff8e31f9d4
SHA256 2b6debaa48b2f7cea3e6b1033452beaea36b28011060c82e81e5d99810e54d00
SHA512 d292d9bef78e8905d003e3c349be9e64ccd25a05477a3c7d80064a574f2bb9b70fac9e3b97487ca4c35c5eb98b9148139aa9ed5063302fe8765e3d63188982f7

memory/1528-49-0x00007FF775540000-0x00007FF775894000-memory.dmp

C:\Windows\System\MeymbAi.exe

MD5 5948200785406c42fc195c6be751137e
SHA1 6a5f107aae5b4ba0ac7cfe12493a961b5593fb39
SHA256 3df7970defb028c1fe4e37bbd469893dad0fe0c854a78f80193db8f326f167e4
SHA512 c85ffab4f6219418ecfbd2a1771bd8393961aa167327c29fe539ae8dbe0f61b5e2bb50826d6fb5280b4a5249faaa1fd7fc32a2ae9c6f95b5ca239dbc511c06be

C:\Windows\System\mIqxORr.exe

MD5 88e14e83d937e5ef0bb44ca7a278ba75
SHA1 10c4c76d3e2a1ae6814c8a8cc12bf3afcd1195db
SHA256 23ed7e19a44eaaebf1f9a73152407a6e561229fa67cb8819f2e0c0a0c2758983
SHA512 4a1d8d41ce0f6639fb07d3f1cede59e20d302c6e00529d992a6ca93275f936abde9afc286f571ff5a39c7e6e62a755de15fd9b6b6246a31a9cf7028c094a105f

C:\Windows\System\fJZEzLT.exe

MD5 2a4680a3104e68d88041a9607364a0a5
SHA1 2c7af8c636361707ccd89c01c3f8a9fa8f54ec35
SHA256 4ebf47327aa72421b71f820897e7b746b64f21ef2c8414443f97ec5cb8c5040d
SHA512 a141e418ac384da9799d10502388dc4bfde864ebb19a2b7451fafe1ff5217f64d3dc7ff463dcf6a1cbb809b8d15b8d8fc1caa5041d0cbbfa4dbdc4302dad6185

C:\Windows\System\WKIipdZ.exe

MD5 cb15659bbc2b9bdf3803b016087d8b0a
SHA1 e60c0e526bd90c9d8b0d9a221e3a5ec5cc128ae6
SHA256 1aed93742fb3e20f323a5e0ba5018ef2fcd651cb33b68b2593e7b3906d8ac16e
SHA512 6c4cdd897d34a226a723adf6c30ae87083702c7e9d66ba7a59df1c5dc79dfd576e702944aa3518143da6a04eb62ad0aea60434f202baeb2edc68b170450aa866

C:\Windows\System\jpLzhNg.exe

MD5 cdcd65b133d69ee7e8975cbbf7f73731
SHA1 e15f6bcc99ada89b6aaa5ba94a11b91dabe7d70b
SHA256 2c0e1f7b027797584e08f54627bf1054cefaa99a05c5a70bc542b99957a0ec93
SHA512 e0b791f7dae0a0dd67cb119cba2f2a8b338b90901a425257f3e617f64d802a0940ac037f75713f29892bfbac62bbe19cd4a99f6bd5f9648b33b259ea04f73808

memory/4196-621-0x00007FF657F10000-0x00007FF658264000-memory.dmp

memory/680-622-0x00007FF6F35C0000-0x00007FF6F3914000-memory.dmp

memory/4716-623-0x00007FF6A6AC0000-0x00007FF6A6E14000-memory.dmp

memory/1080-624-0x00007FF648E00000-0x00007FF649154000-memory.dmp

memory/1700-625-0x00007FF7A2490000-0x00007FF7A27E4000-memory.dmp

memory/3488-654-0x00007FF766960000-0x00007FF766CB4000-memory.dmp

memory/2528-659-0x00007FF6310F0000-0x00007FF631444000-memory.dmp

memory/684-669-0x00007FF6B5C30000-0x00007FF6B5F84000-memory.dmp

memory/3804-699-0x00007FF784BC0000-0x00007FF784F14000-memory.dmp

memory/3656-692-0x00007FF6E0120000-0x00007FF6E0474000-memory.dmp

memory/3292-689-0x00007FF786C50000-0x00007FF786FA4000-memory.dmp

memory/1768-683-0x00007FF778B60000-0x00007FF778EB4000-memory.dmp

memory/2832-678-0x00007FF7223A0000-0x00007FF7226F4000-memory.dmp

memory/4912-673-0x00007FF7CE6D0000-0x00007FF7CEA24000-memory.dmp

memory/2456-666-0x00007FF78CCB0000-0x00007FF78D004000-memory.dmp

memory/2120-661-0x00007FF743530000-0x00007FF743884000-memory.dmp

memory/2660-647-0x00007FF779510000-0x00007FF779864000-memory.dmp

memory/1864-636-0x00007FF7CA720000-0x00007FF7CAA74000-memory.dmp

memory/3856-640-0x00007FF603E90000-0x00007FF6041E4000-memory.dmp

memory/3796-631-0x00007FF7D03B0000-0x00007FF7D0704000-memory.dmp

memory/700-626-0x00007FF71E360000-0x00007FF71E6B4000-memory.dmp

C:\Windows\System\EITmaOL.exe

MD5 2c82b0a7647948ac005190378f4235e4
SHA1 77369661db3e48723b6f06cdf809856576cb0048
SHA256 7ed7c46e39751f6137066dc946e97136b6f3367a9fd5e8200d3ffedd027eb004
SHA512 40974fed30e3586ff253f6945533035c888675409880a575ab4dd818622554604303026d9521c54fb5b3f9b355dad19f379cc86c7f43bd7f287bb7e8be99bc4b

C:\Windows\System\ribRnOb.exe

MD5 85adf6738394188c0f6b5a6448ccf7cb
SHA1 11b9a04c97ea1075d0fa37b71f3825722bb90cb7
SHA256 a51deff368e2dc1603a72fbb9c6104cdee4738db732611e9610f0aa7a3ee1286
SHA512 233ca6fd64757d4da1aa8f9f48e03a10c1d2714299a379b5851ca602467bfde4eac5ed64790f299b29d3b27873350fc92535d909ce51bc8c368ff7cf058bc190

C:\Windows\System\FhjjTap.exe

MD5 1d45d80be5a5a1a586a6a825124cc72f
SHA1 31bb66353ed40eb39b8a1d149efa861f98324cf9
SHA256 7b1727babf16619b9f8743705f92e838e7a053536305b6956317061ac940765c
SHA512 90ef11beb17f98268f7271f1f6418a7c46d19ab0b6a4d009306cd59e106e405ac553f1f38a2b51113fb49bc229a4df517db29a71c66277e859447f0671bcb07f

C:\Windows\System\QuUfIkV.exe

MD5 a98e2af518f269887095e1fc1492f7b2
SHA1 3738f06b879439814cae798e23ddf9198d9881fc
SHA256 c10e1b118f934c584eaf3ac9af0fe762438b5af9e56df453b403e33b269b8472
SHA512 f2d4e2e24f6234802864ac79fe428766f57b8cf6ee58c019ccff0baa933cfd17e3ffda854a32ebdef9fb18f384ae3482725fd75e44df21d7eba06a60921e8bdf

C:\Windows\System\qLellNx.exe

MD5 5ebc972d40375dcb650ac7249cff5984
SHA1 8899c092642c05b1acd31d2e8a772ad8dd9c59ad
SHA256 19599be6f433a7213ad9616b3dfebf2f48cb1fd68aa1cbfd8206fe8a78f377ea
SHA512 960c13f0a067a1af1f11f576822cda5971ed1c07d44d87a8875e55577459ea46471cb353866b0c44adaad70c3b9252e478e9296acf9e4cede91d4e9546adc26d

C:\Windows\System\XNawIbH.exe

MD5 9b078204528deabbd70718b9a6af85e1
SHA1 c910d1e07c31b2a548b2f66127ef5ee02b079572
SHA256 18a791199b68895340da997ab6bd959b26add7a6840c9b1118958bdd0c0f9eb8
SHA512 9ba9b0b75338feea547d67165825263c12e5441218bac75e6c3a442c0c2fd69a2613409a88563477f712b01e8c54d1ed0eabc0735d87446739316d8ac4ea64e5

C:\Windows\System\cXmaiqQ.exe

MD5 23ee38c82119185b708a9a5af80db9d8
SHA1 4658fec5a85256622de9dc758a8d4345f98d1697
SHA256 bd45d23cf2f3458af4bce581126e4294824c3515f68ad4623c29ef78af42ad32
SHA512 a3118425a5755c8a487a4d39560b16d111dd40773117793e3e5dc39de2a10c916141c7232de1e37f80d11cc0389c83ca2e5eeca64a4d90ec8ac0e78e115560b6

C:\Windows\System\znHqoGG.exe

MD5 ebdcea21a1795d5618a1fc7f6276a1dd
SHA1 a77b081802600cf6cdb36cbc413cf1b88bfbbc1f
SHA256 6a2a5ca53b29f010ec9ee1b38b78ac30657850937e59ebe55a7b821c133597e7
SHA512 12f4f0e15e0a2db605dd8e5f3f682fd43570ed68e0706d990f8dea7745300a220c7110cedd420f1d7aca3dc82480330d95c3222d05e2973fdb33a33396106ae5

C:\Windows\System\gEBfdxO.exe

MD5 a03e92835d406ba8df95ed0027cb54d2
SHA1 36b8e2ea7ba096e4948795e99b584fd468af5fcf
SHA256 14987f8fb7a26633973de5aeba1589345d2e4323d64795242c7967bb964bd145
SHA512 23d53cae409953f4a8e18608bd755176626bffeb1ce16571820486da5a459ec5cb7e7a7dd75ebb62827fa1a4dcd24022430f0a87f3afa01903668789a96f7ac8

C:\Windows\System\zmHldlC.exe

MD5 b6cdc80eb50c4a90da8a556d4e9d871a
SHA1 1a68b33a3cbdc127e8baccf7e32d43851be1f23b
SHA256 494956bdd13edebb76f67e5239324d7c7082d8c82f0011bd98e13209d392632d
SHA512 805d7d9a5587fc527130c901afdb7a41c682a01697941e0047f6e98dfc6d43c3d874bb1baf91afbe7ee4a86a4546a0a799aa065b10dd72d08c106737be76f388

C:\Windows\System\oinBpYT.exe

MD5 fc6a41bc0db18af5afb43699d382ee4d
SHA1 ddd1834a827b3172eb942fb08dc9f31139c18bdb
SHA256 fbcae7592b9997fb447ad2aaf94ce4c2eccc6649963edcec51d808edc6256d50
SHA512 57087602b24c820c55d1e77fcd888012633cac34e4aa8d2f60faaf6edeb932f3934669efcb8d60379c62d2fb8b0a18381c15075e50c7545921f8fac20135e4b0

C:\Windows\System\SbyHAFc.exe

MD5 6c84512c330aae883b948a12249b942f
SHA1 319eefc21b26cd2572fdbd46a18adb8d009e5846
SHA256 c012b20ff89d519f772c9d1796227ef5b628b265c81422e75897d3d81b260566
SHA512 ed29851e3f8527f3b5baebbf9a7007cf40e4560baeb12ecf8ce5e975744befb5f63f531bac5733611e61d454b3337b39d5e5fbfb41fd578aa7db4c77fad67b58

C:\Windows\System\infhFVj.exe

MD5 792e3318d94311517087d936c1c27fb3
SHA1 30d92d6a766f4ae5664b6f44c0ee492df64cdbf2
SHA256 737018e0c1ecc9b127db7089830d56651ac334da6ecfe6189adcc4316d51443d
SHA512 acc8280b196894df9c9a9428b9af46f594963b9148e206cbc6c73ee2842a8a28b7afc4abba45fefb74a724d7ecc3bf0bc51ff8deec99b686afebc1beca6f3334

C:\Windows\System\yXtfGIM.exe

MD5 e26acc72cc30f47602e1b52861de625e
SHA1 67635862c85ef9d4392b4df3dfe6e8992bd14a52
SHA256 fd6b45193545d751ffeb513920b8cedc2cd30c78348fbf3141dac85ffe9cb0c6
SHA512 a426f708447100f63e1b4ba29f077d98508e84f59aae68c261e87bf19011be01131da271e1d5da567ebfed8c7f7937d21c0488f78904f3be48ffd6373d9a8172

C:\Windows\System\LZwpSdf.exe

MD5 ea9bd3de6a19bddff6d84dfca1c75d0f
SHA1 2b17a431bf09ed93d9aef6e93425baa7a302324d
SHA256 733a6d67d85cc662e47855157e0ba74f4e00968fa54835eb3f1b8d6b32e35f2f
SHA512 8e551fafc148d38e7b3488507507a0dd0eb56ecf3111f13a3c460449049cfc4428b34e1338c3896ba561f5b8983e76474c0e1732e4d66931118d9c09fe595915

C:\Windows\System\bvxxMng.exe

MD5 4ac11f33386e58a9db87d9a008890ffa
SHA1 704288f6cc1d2754caaf9651540f0594b92dcc5d
SHA256 b1ad0e555963ac4b7f0af2312c90c40a48964d5c11293627769932deb2f5734f
SHA512 0925469def44d394a4957ca85f02045e2e9d84691a1d7dac1220dc2d2e2d6039a431cc38786c89592264e4e896166759d9978b6cd651e825feae72cfa1b429e6

C:\Windows\System\pgBDCzD.exe

MD5 b889a73d3d4acb32abda5e3f235e2632
SHA1 8bac43c34fe0ed0bd56bdd2d0b68f17f22c570ad
SHA256 76423b277cbe58f02ea2f7875da2ba4d8a1d72b60ee17e2dfd642bffdec1a001
SHA512 a51f676b113609a51529cb111b45d48a51606e43d596bc02c64ea9e0aa4bf81f2bf095c2083ae19bc269d06e80e972e2c55b6f2b3a891edeaa3ff2190373a341

C:\Windows\System\LSNewyf.exe

MD5 a20d704670b6495d7e0b637eb51f3456
SHA1 03f172f15fc05a24dcdb22290f73d1196b9d5072
SHA256 acb6e50595b6a9b5547d7663e56170c4df79074aa42cf02b2400244ccad8dc04
SHA512 87c5ca18ba1900b19e16c5eb53973a457b938a718805a3345e872aac16ecdc6078d1a101245b20269279a824724cce0dcd662fee6d134b99975cc9ba0bc392cf

memory/716-60-0x00007FF633B50000-0x00007FF633EA4000-memory.dmp

C:\Windows\System\BFjAhbx.exe

MD5 d6338841260a8e703a1282937f5f8b3d
SHA1 313fc207f878ae04ef4a28550a020ce0b0476621
SHA256 a595641910a3f9ae8ea31d21867ac3cf902cae23aab29f48f48f54dda09c5361
SHA512 3f9079a7245608e8387cec9474124c0151d3ddb818aa448fedcde7a8da22240eabae57bfd3fc35012484a4636213a03be820387af08c016e6ae8f6dd8efd09a8

memory/4220-53-0x00007FF795040000-0x00007FF795394000-memory.dmp

C:\Windows\System\tVTrjKU.exe

MD5 c242c4330c5001a36839cefcd019c9cd
SHA1 a7c347a6dccda66be3a82405a89e115835ab4feb
SHA256 ee7c20d3395a37890b5e8b5c576f6d923931241671653de86963a860cfc10772
SHA512 ca82f580a80ca2bdbb17cf8e062728d0086fd882eb0ecd541ef687c0085a6edfe7ec4ea1f4d498ed8e4df413abb1eb4a9483f5f7dc91f6b21536c88c5dffefc0

memory/5100-44-0x00007FF642480000-0x00007FF6427D4000-memory.dmp

memory/2408-43-0x00007FF789830000-0x00007FF789B84000-memory.dmp

memory/2728-38-0x00007FF752700000-0x00007FF752A54000-memory.dmp

C:\Windows\System\mAjOnYJ.exe

MD5 93011f503c1cc7b3f60bcb494ffd8151
SHA1 291afe98e85a63fab32d68e687a298a573035268
SHA256 e988f80051ac581381e2406006a7984f1ddc5cf5788b758210c37f02cfb8f9a2
SHA512 4db15340650e47beb46329a7bc6203dfa0c06af90c16836fc5027ef077285035904872630601def3d9b8a89a547e91f45f092866f0edd3da1c7c46f9411b3157

C:\Windows\System\zZEYlvU.exe

MD5 6d68650321c49bdae744c1b6027987ff
SHA1 8058bfcb3e76cdd7443e14256bea3881aedec4de
SHA256 f36bc2ae7bc1c73157c4889e600059504d7228a09d073de7757fb79329f8da55
SHA512 9f4d600b3c03e6149a12a71940d3303fe2411e4758f940f6882a32970451d18045ffe5da3d3a66b3e34fcd2375e71ad704bcbe40b046f6de728e37beff3d9db2

memory/4168-22-0x00007FF65A3D0000-0x00007FF65A724000-memory.dmp

memory/4140-10-0x00007FF76EC50000-0x00007FF76EFA4000-memory.dmp

C:\Windows\System\nuKYWBD.exe

MD5 98d4c4b398d4dc337e1366c17c060a8d
SHA1 7dec2993c22a4697feed65cac6ce909fe384c915
SHA256 890a08ba3e53426fd903abc5db8b4aad25063ac998f4e0f6cb3265f23cd5d5b6
SHA512 6478dc24ad3d5ce0bde929e22fde1da0d802434000334ef1e6d698a17290841f863c21c58d8d58ffc0c75100c962e8d935e4f7548ec592b5cc4d935426e1186d

memory/644-1070-0x00007FF6B38F0000-0x00007FF6B3C44000-memory.dmp

memory/4140-1071-0x00007FF76EC50000-0x00007FF76EFA4000-memory.dmp

memory/1528-1073-0x00007FF775540000-0x00007FF775894000-memory.dmp

memory/2728-1072-0x00007FF752700000-0x00007FF752A54000-memory.dmp

memory/5100-1074-0x00007FF642480000-0x00007FF6427D4000-memory.dmp

memory/4220-1075-0x00007FF795040000-0x00007FF795394000-memory.dmp

memory/4140-1076-0x00007FF76EC50000-0x00007FF76EFA4000-memory.dmp

memory/4168-1077-0x00007FF65A3D0000-0x00007FF65A724000-memory.dmp

memory/2728-1078-0x00007FF752700000-0x00007FF752A54000-memory.dmp

memory/2408-1079-0x00007FF789830000-0x00007FF789B84000-memory.dmp

memory/716-1081-0x00007FF633B50000-0x00007FF633EA4000-memory.dmp

memory/5100-1080-0x00007FF642480000-0x00007FF6427D4000-memory.dmp

memory/1528-1082-0x00007FF775540000-0x00007FF775894000-memory.dmp

memory/4220-1085-0x00007FF795040000-0x00007FF795394000-memory.dmp

memory/1080-1088-0x00007FF648E00000-0x00007FF649154000-memory.dmp

memory/3796-1091-0x00007FF7D03B0000-0x00007FF7D0704000-memory.dmp

memory/2660-1094-0x00007FF779510000-0x00007FF779864000-memory.dmp

memory/3488-1095-0x00007FF766960000-0x00007FF766CB4000-memory.dmp

memory/2120-1097-0x00007FF743530000-0x00007FF743884000-memory.dmp

memory/2832-1101-0x00007FF7223A0000-0x00007FF7226F4000-memory.dmp

memory/1768-1102-0x00007FF778B60000-0x00007FF778EB4000-memory.dmp

memory/3656-1104-0x00007FF6E0120000-0x00007FF6E0474000-memory.dmp

memory/3292-1103-0x00007FF786C50000-0x00007FF786FA4000-memory.dmp

memory/4912-1100-0x00007FF7CE6D0000-0x00007FF7CEA24000-memory.dmp

memory/684-1099-0x00007FF6B5C30000-0x00007FF6B5F84000-memory.dmp

memory/2456-1098-0x00007FF78CCB0000-0x00007FF78D004000-memory.dmp

memory/2528-1096-0x00007FF6310F0000-0x00007FF631444000-memory.dmp

memory/3856-1093-0x00007FF603E90000-0x00007FF6041E4000-memory.dmp

memory/1864-1092-0x00007FF7CA720000-0x00007FF7CAA74000-memory.dmp

memory/700-1090-0x00007FF71E360000-0x00007FF71E6B4000-memory.dmp

memory/1700-1089-0x00007FF7A2490000-0x00007FF7A27E4000-memory.dmp

memory/3804-1087-0x00007FF784BC0000-0x00007FF784F14000-memory.dmp

memory/4716-1086-0x00007FF6A6AC0000-0x00007FF6A6E14000-memory.dmp

memory/4196-1084-0x00007FF657F10000-0x00007FF658264000-memory.dmp

memory/680-1083-0x00007FF6F35C0000-0x00007FF6F3914000-memory.dmp