Malware Analysis Report

2024-10-10 09:08

Sample ID 240619-kbge4axcng
Target abcd6cc1baca16c3a5e073b2a3002610_NeikiAnalytics.exe
SHA256 c6e88faa2a7c22e32f55be267432e498f753198e31ed7126c5616ad14d586c12
Tags
kpot xmrig miner stealer trojan upx
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

c6e88faa2a7c22e32f55be267432e498f753198e31ed7126c5616ad14d586c12

Threat Level: Known bad

The file abcd6cc1baca16c3a5e073b2a3002610_NeikiAnalytics.exe was found to be: Known bad.

Malicious Activity Summary

kpot xmrig miner stealer trojan upx

Xmrig family

XMRig Miner payload

KPOT

xmrig

KPOT Core Executable

Kpot family

XMRig Miner payload

Loads dropped DLL

Executes dropped EXE

UPX packed file

Drops file in Windows directory

Unsigned PE

Suspicious use of WriteProcessMemory

Suspicious use of AdjustPrivilegeToken

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-19 08:25

Signatures

KPOT Core Executable

Description Indicator Process Target
N/A N/A N/A N/A

Kpot family

kpot

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A

Xmrig family

xmrig

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-19 08:25

Reported

2024-06-19 08:27

Platform

win7-20240221-en

Max time kernel

144s

Max time network

148s

Command Line

"C:\Users\Admin\AppData\Local\Temp\abcd6cc1baca16c3a5e073b2a3002610_NeikiAnalytics.exe"

Signatures

KPOT

trojan stealer kpot

KPOT Core Executable

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

xmrig

miner xmrig

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Windows\System\UIMrTNH.exe N/A
N/A N/A C:\Windows\System\DWgPgUi.exe N/A
N/A N/A C:\Windows\System\YwJWruU.exe N/A
N/A N/A C:\Windows\System\gsYJNuo.exe N/A
N/A N/A C:\Windows\System\VpnLOog.exe N/A
N/A N/A C:\Windows\System\hXryUDG.exe N/A
N/A N/A C:\Windows\System\RPYMatE.exe N/A
N/A N/A C:\Windows\System\UjAOdKT.exe N/A
N/A N/A C:\Windows\System\pEprLRG.exe N/A
N/A N/A C:\Windows\System\EHLQDpR.exe N/A
N/A N/A C:\Windows\System\NaiMMhR.exe N/A
N/A N/A C:\Windows\System\vgdwWmd.exe N/A
N/A N/A C:\Windows\System\HmvnJgu.exe N/A
N/A N/A C:\Windows\System\CEyYEDH.exe N/A
N/A N/A C:\Windows\System\skqUbaS.exe N/A
N/A N/A C:\Windows\System\aGxqwZM.exe N/A
N/A N/A C:\Windows\System\sVxHqHY.exe N/A
N/A N/A C:\Windows\System\nOpyLfk.exe N/A
N/A N/A C:\Windows\System\rhZSkwB.exe N/A
N/A N/A C:\Windows\System\cGgLJuJ.exe N/A
N/A N/A C:\Windows\System\KFdpeZt.exe N/A
N/A N/A C:\Windows\System\xFMtrOq.exe N/A
N/A N/A C:\Windows\System\eFnfZbz.exe N/A
N/A N/A C:\Windows\System\miDUpDF.exe N/A
N/A N/A C:\Windows\System\IebCtTK.exe N/A
N/A N/A C:\Windows\System\TTwiesd.exe N/A
N/A N/A C:\Windows\System\FjkzAYW.exe N/A
N/A N/A C:\Windows\System\ZTHsmSv.exe N/A
N/A N/A C:\Windows\System\yUbzqNf.exe N/A
N/A N/A C:\Windows\System\UegropU.exe N/A
N/A N/A C:\Windows\System\HeuHnwp.exe N/A
N/A N/A C:\Windows\System\TJCbgLK.exe N/A
N/A N/A C:\Windows\System\faCBbZX.exe N/A
N/A N/A C:\Windows\System\cHNIfoC.exe N/A
N/A N/A C:\Windows\System\rqcvLbb.exe N/A
N/A N/A C:\Windows\System\VOYOVyM.exe N/A
N/A N/A C:\Windows\System\wpQDHcn.exe N/A
N/A N/A C:\Windows\System\XHrMWdt.exe N/A
N/A N/A C:\Windows\System\ERNrnYZ.exe N/A
N/A N/A C:\Windows\System\eauzJZR.exe N/A
N/A N/A C:\Windows\System\DsvRaWg.exe N/A
N/A N/A C:\Windows\System\YFTNvit.exe N/A
N/A N/A C:\Windows\System\xRTjzLC.exe N/A
N/A N/A C:\Windows\System\VHmjjrH.exe N/A
N/A N/A C:\Windows\System\SbUdRhC.exe N/A
N/A N/A C:\Windows\System\NBFYQwf.exe N/A
N/A N/A C:\Windows\System\HzguVQb.exe N/A
N/A N/A C:\Windows\System\JXbRteF.exe N/A
N/A N/A C:\Windows\System\mmnSaqL.exe N/A
N/A N/A C:\Windows\System\ffiKidy.exe N/A
N/A N/A C:\Windows\System\uMIzdWA.exe N/A
N/A N/A C:\Windows\System\oyxJMeR.exe N/A
N/A N/A C:\Windows\System\MdJFECu.exe N/A
N/A N/A C:\Windows\System\JUwfUPd.exe N/A
N/A N/A C:\Windows\System\HUXFmHY.exe N/A
N/A N/A C:\Windows\System\SEYvpVx.exe N/A
N/A N/A C:\Windows\System\uunqhnl.exe N/A
N/A N/A C:\Windows\System\kBtukgb.exe N/A
N/A N/A C:\Windows\System\CKSJiSc.exe N/A
N/A N/A C:\Windows\System\MiiTtKz.exe N/A
N/A N/A C:\Windows\System\IUAXGVB.exe N/A
N/A N/A C:\Windows\System\VYspEHo.exe N/A
N/A N/A C:\Windows\System\DgwOExx.exe N/A
N/A N/A C:\Windows\System\NiSmdVc.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\abcd6cc1baca16c3a5e073b2a3002610_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\abcd6cc1baca16c3a5e073b2a3002610_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\abcd6cc1baca16c3a5e073b2a3002610_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\abcd6cc1baca16c3a5e073b2a3002610_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\abcd6cc1baca16c3a5e073b2a3002610_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\abcd6cc1baca16c3a5e073b2a3002610_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\abcd6cc1baca16c3a5e073b2a3002610_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\abcd6cc1baca16c3a5e073b2a3002610_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\abcd6cc1baca16c3a5e073b2a3002610_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\abcd6cc1baca16c3a5e073b2a3002610_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\abcd6cc1baca16c3a5e073b2a3002610_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\abcd6cc1baca16c3a5e073b2a3002610_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\abcd6cc1baca16c3a5e073b2a3002610_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\abcd6cc1baca16c3a5e073b2a3002610_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\abcd6cc1baca16c3a5e073b2a3002610_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\abcd6cc1baca16c3a5e073b2a3002610_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\abcd6cc1baca16c3a5e073b2a3002610_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\abcd6cc1baca16c3a5e073b2a3002610_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\abcd6cc1baca16c3a5e073b2a3002610_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\abcd6cc1baca16c3a5e073b2a3002610_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\abcd6cc1baca16c3a5e073b2a3002610_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\abcd6cc1baca16c3a5e073b2a3002610_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\abcd6cc1baca16c3a5e073b2a3002610_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\abcd6cc1baca16c3a5e073b2a3002610_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\abcd6cc1baca16c3a5e073b2a3002610_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\abcd6cc1baca16c3a5e073b2a3002610_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\abcd6cc1baca16c3a5e073b2a3002610_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\abcd6cc1baca16c3a5e073b2a3002610_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\abcd6cc1baca16c3a5e073b2a3002610_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\abcd6cc1baca16c3a5e073b2a3002610_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\abcd6cc1baca16c3a5e073b2a3002610_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\abcd6cc1baca16c3a5e073b2a3002610_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\abcd6cc1baca16c3a5e073b2a3002610_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\abcd6cc1baca16c3a5e073b2a3002610_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\abcd6cc1baca16c3a5e073b2a3002610_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\abcd6cc1baca16c3a5e073b2a3002610_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\abcd6cc1baca16c3a5e073b2a3002610_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\abcd6cc1baca16c3a5e073b2a3002610_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\abcd6cc1baca16c3a5e073b2a3002610_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\abcd6cc1baca16c3a5e073b2a3002610_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\abcd6cc1baca16c3a5e073b2a3002610_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\abcd6cc1baca16c3a5e073b2a3002610_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\abcd6cc1baca16c3a5e073b2a3002610_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\abcd6cc1baca16c3a5e073b2a3002610_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\abcd6cc1baca16c3a5e073b2a3002610_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\abcd6cc1baca16c3a5e073b2a3002610_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\abcd6cc1baca16c3a5e073b2a3002610_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\abcd6cc1baca16c3a5e073b2a3002610_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\abcd6cc1baca16c3a5e073b2a3002610_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\abcd6cc1baca16c3a5e073b2a3002610_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\abcd6cc1baca16c3a5e073b2a3002610_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\abcd6cc1baca16c3a5e073b2a3002610_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\abcd6cc1baca16c3a5e073b2a3002610_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\abcd6cc1baca16c3a5e073b2a3002610_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\abcd6cc1baca16c3a5e073b2a3002610_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\abcd6cc1baca16c3a5e073b2a3002610_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\abcd6cc1baca16c3a5e073b2a3002610_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\abcd6cc1baca16c3a5e073b2a3002610_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\abcd6cc1baca16c3a5e073b2a3002610_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\abcd6cc1baca16c3a5e073b2a3002610_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\abcd6cc1baca16c3a5e073b2a3002610_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\abcd6cc1baca16c3a5e073b2a3002610_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\abcd6cc1baca16c3a5e073b2a3002610_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\abcd6cc1baca16c3a5e073b2a3002610_NeikiAnalytics.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\System\NBFYQwf.exe C:\Users\Admin\AppData\Local\Temp\abcd6cc1baca16c3a5e073b2a3002610_NeikiAnalytics.exe N/A
File created C:\Windows\System\iVaMbaU.exe C:\Users\Admin\AppData\Local\Temp\abcd6cc1baca16c3a5e073b2a3002610_NeikiAnalytics.exe N/A
File created C:\Windows\System\gSxJOwT.exe C:\Users\Admin\AppData\Local\Temp\abcd6cc1baca16c3a5e073b2a3002610_NeikiAnalytics.exe N/A
File created C:\Windows\System\hGRPBuC.exe C:\Users\Admin\AppData\Local\Temp\abcd6cc1baca16c3a5e073b2a3002610_NeikiAnalytics.exe N/A
File created C:\Windows\System\IebCtTK.exe C:\Users\Admin\AppData\Local\Temp\abcd6cc1baca16c3a5e073b2a3002610_NeikiAnalytics.exe N/A
File created C:\Windows\System\VHmjjrH.exe C:\Users\Admin\AppData\Local\Temp\abcd6cc1baca16c3a5e073b2a3002610_NeikiAnalytics.exe N/A
File created C:\Windows\System\TINTJjG.exe C:\Users\Admin\AppData\Local\Temp\abcd6cc1baca16c3a5e073b2a3002610_NeikiAnalytics.exe N/A
File created C:\Windows\System\bGvPrLd.exe C:\Users\Admin\AppData\Local\Temp\abcd6cc1baca16c3a5e073b2a3002610_NeikiAnalytics.exe N/A
File created C:\Windows\System\KXVHzxw.exe C:\Users\Admin\AppData\Local\Temp\abcd6cc1baca16c3a5e073b2a3002610_NeikiAnalytics.exe N/A
File created C:\Windows\System\LgnWIlx.exe C:\Users\Admin\AppData\Local\Temp\abcd6cc1baca16c3a5e073b2a3002610_NeikiAnalytics.exe N/A
File created C:\Windows\System\ezFgdqY.exe C:\Users\Admin\AppData\Local\Temp\abcd6cc1baca16c3a5e073b2a3002610_NeikiAnalytics.exe N/A
File created C:\Windows\System\fJEZkvy.exe C:\Users\Admin\AppData\Local\Temp\abcd6cc1baca16c3a5e073b2a3002610_NeikiAnalytics.exe N/A
File created C:\Windows\System\TzMJHrQ.exe C:\Users\Admin\AppData\Local\Temp\abcd6cc1baca16c3a5e073b2a3002610_NeikiAnalytics.exe N/A
File created C:\Windows\System\WsVAeNb.exe C:\Users\Admin\AppData\Local\Temp\abcd6cc1baca16c3a5e073b2a3002610_NeikiAnalytics.exe N/A
File created C:\Windows\System\rqcvLbb.exe C:\Users\Admin\AppData\Local\Temp\abcd6cc1baca16c3a5e073b2a3002610_NeikiAnalytics.exe N/A
File created C:\Windows\System\MiiTtKz.exe C:\Users\Admin\AppData\Local\Temp\abcd6cc1baca16c3a5e073b2a3002610_NeikiAnalytics.exe N/A
File created C:\Windows\System\HhCwsQZ.exe C:\Users\Admin\AppData\Local\Temp\abcd6cc1baca16c3a5e073b2a3002610_NeikiAnalytics.exe N/A
File created C:\Windows\System\muqNdre.exe C:\Users\Admin\AppData\Local\Temp\abcd6cc1baca16c3a5e073b2a3002610_NeikiAnalytics.exe N/A
File created C:\Windows\System\OYjVaLH.exe C:\Users\Admin\AppData\Local\Temp\abcd6cc1baca16c3a5e073b2a3002610_NeikiAnalytics.exe N/A
File created C:\Windows\System\vPeUDcd.exe C:\Users\Admin\AppData\Local\Temp\abcd6cc1baca16c3a5e073b2a3002610_NeikiAnalytics.exe N/A
File created C:\Windows\System\agLRUhG.exe C:\Users\Admin\AppData\Local\Temp\abcd6cc1baca16c3a5e073b2a3002610_NeikiAnalytics.exe N/A
File created C:\Windows\System\fAqujXp.exe C:\Users\Admin\AppData\Local\Temp\abcd6cc1baca16c3a5e073b2a3002610_NeikiAnalytics.exe N/A
File created C:\Windows\System\VOYOVyM.exe C:\Users\Admin\AppData\Local\Temp\abcd6cc1baca16c3a5e073b2a3002610_NeikiAnalytics.exe N/A
File created C:\Windows\System\iVOyZPy.exe C:\Users\Admin\AppData\Local\Temp\abcd6cc1baca16c3a5e073b2a3002610_NeikiAnalytics.exe N/A
File created C:\Windows\System\plAzFQY.exe C:\Users\Admin\AppData\Local\Temp\abcd6cc1baca16c3a5e073b2a3002610_NeikiAnalytics.exe N/A
File created C:\Windows\System\zPhCXJi.exe C:\Users\Admin\AppData\Local\Temp\abcd6cc1baca16c3a5e073b2a3002610_NeikiAnalytics.exe N/A
File created C:\Windows\System\SEYvpVx.exe C:\Users\Admin\AppData\Local\Temp\abcd6cc1baca16c3a5e073b2a3002610_NeikiAnalytics.exe N/A
File created C:\Windows\System\kBtukgb.exe C:\Users\Admin\AppData\Local\Temp\abcd6cc1baca16c3a5e073b2a3002610_NeikiAnalytics.exe N/A
File created C:\Windows\System\ZGDbCdJ.exe C:\Users\Admin\AppData\Local\Temp\abcd6cc1baca16c3a5e073b2a3002610_NeikiAnalytics.exe N/A
File created C:\Windows\System\bdubGNA.exe C:\Users\Admin\AppData\Local\Temp\abcd6cc1baca16c3a5e073b2a3002610_NeikiAnalytics.exe N/A
File created C:\Windows\System\BcPxGlC.exe C:\Users\Admin\AppData\Local\Temp\abcd6cc1baca16c3a5e073b2a3002610_NeikiAnalytics.exe N/A
File created C:\Windows\System\FbSQHDg.exe C:\Users\Admin\AppData\Local\Temp\abcd6cc1baca16c3a5e073b2a3002610_NeikiAnalytics.exe N/A
File created C:\Windows\System\DqNPEXw.exe C:\Users\Admin\AppData\Local\Temp\abcd6cc1baca16c3a5e073b2a3002610_NeikiAnalytics.exe N/A
File created C:\Windows\System\NuhHguS.exe C:\Users\Admin\AppData\Local\Temp\abcd6cc1baca16c3a5e073b2a3002610_NeikiAnalytics.exe N/A
File created C:\Windows\System\IUAXGVB.exe C:\Users\Admin\AppData\Local\Temp\abcd6cc1baca16c3a5e073b2a3002610_NeikiAnalytics.exe N/A
File created C:\Windows\System\RbWAwWY.exe C:\Users\Admin\AppData\Local\Temp\abcd6cc1baca16c3a5e073b2a3002610_NeikiAnalytics.exe N/A
File created C:\Windows\System\OXXUsYW.exe C:\Users\Admin\AppData\Local\Temp\abcd6cc1baca16c3a5e073b2a3002610_NeikiAnalytics.exe N/A
File created C:\Windows\System\mbyosLh.exe C:\Users\Admin\AppData\Local\Temp\abcd6cc1baca16c3a5e073b2a3002610_NeikiAnalytics.exe N/A
File created C:\Windows\System\KfqutyG.exe C:\Users\Admin\AppData\Local\Temp\abcd6cc1baca16c3a5e073b2a3002610_NeikiAnalytics.exe N/A
File created C:\Windows\System\ykiHONp.exe C:\Users\Admin\AppData\Local\Temp\abcd6cc1baca16c3a5e073b2a3002610_NeikiAnalytics.exe N/A
File created C:\Windows\System\wfholjZ.exe C:\Users\Admin\AppData\Local\Temp\abcd6cc1baca16c3a5e073b2a3002610_NeikiAnalytics.exe N/A
File created C:\Windows\System\nOpyLfk.exe C:\Users\Admin\AppData\Local\Temp\abcd6cc1baca16c3a5e073b2a3002610_NeikiAnalytics.exe N/A
File created C:\Windows\System\IuJDFRt.exe C:\Users\Admin\AppData\Local\Temp\abcd6cc1baca16c3a5e073b2a3002610_NeikiAnalytics.exe N/A
File created C:\Windows\System\tBJOAUx.exe C:\Users\Admin\AppData\Local\Temp\abcd6cc1baca16c3a5e073b2a3002610_NeikiAnalytics.exe N/A
File created C:\Windows\System\HpBBSCZ.exe C:\Users\Admin\AppData\Local\Temp\abcd6cc1baca16c3a5e073b2a3002610_NeikiAnalytics.exe N/A
File created C:\Windows\System\IOebuqn.exe C:\Users\Admin\AppData\Local\Temp\abcd6cc1baca16c3a5e073b2a3002610_NeikiAnalytics.exe N/A
File created C:\Windows\System\NvxuiAJ.exe C:\Users\Admin\AppData\Local\Temp\abcd6cc1baca16c3a5e073b2a3002610_NeikiAnalytics.exe N/A
File created C:\Windows\System\TJCbgLK.exe C:\Users\Admin\AppData\Local\Temp\abcd6cc1baca16c3a5e073b2a3002610_NeikiAnalytics.exe N/A
File created C:\Windows\System\SbUdRhC.exe C:\Users\Admin\AppData\Local\Temp\abcd6cc1baca16c3a5e073b2a3002610_NeikiAnalytics.exe N/A
File created C:\Windows\System\AoVLXsA.exe C:\Users\Admin\AppData\Local\Temp\abcd6cc1baca16c3a5e073b2a3002610_NeikiAnalytics.exe N/A
File created C:\Windows\System\DSKnPEY.exe C:\Users\Admin\AppData\Local\Temp\abcd6cc1baca16c3a5e073b2a3002610_NeikiAnalytics.exe N/A
File created C:\Windows\System\MwUlTAa.exe C:\Users\Admin\AppData\Local\Temp\abcd6cc1baca16c3a5e073b2a3002610_NeikiAnalytics.exe N/A
File created C:\Windows\System\ffaqmSl.exe C:\Users\Admin\AppData\Local\Temp\abcd6cc1baca16c3a5e073b2a3002610_NeikiAnalytics.exe N/A
File created C:\Windows\System\gFtleaQ.exe C:\Users\Admin\AppData\Local\Temp\abcd6cc1baca16c3a5e073b2a3002610_NeikiAnalytics.exe N/A
File created C:\Windows\System\xRTjzLC.exe C:\Users\Admin\AppData\Local\Temp\abcd6cc1baca16c3a5e073b2a3002610_NeikiAnalytics.exe N/A
File created C:\Windows\System\uunqhnl.exe C:\Users\Admin\AppData\Local\Temp\abcd6cc1baca16c3a5e073b2a3002610_NeikiAnalytics.exe N/A
File created C:\Windows\System\cMuavqj.exe C:\Users\Admin\AppData\Local\Temp\abcd6cc1baca16c3a5e073b2a3002610_NeikiAnalytics.exe N/A
File created C:\Windows\System\pSjdfsy.exe C:\Users\Admin\AppData\Local\Temp\abcd6cc1baca16c3a5e073b2a3002610_NeikiAnalytics.exe N/A
File created C:\Windows\System\zlNanam.exe C:\Users\Admin\AppData\Local\Temp\abcd6cc1baca16c3a5e073b2a3002610_NeikiAnalytics.exe N/A
File created C:\Windows\System\TUSSRXQ.exe C:\Users\Admin\AppData\Local\Temp\abcd6cc1baca16c3a5e073b2a3002610_NeikiAnalytics.exe N/A
File created C:\Windows\System\VKSGLSF.exe C:\Users\Admin\AppData\Local\Temp\abcd6cc1baca16c3a5e073b2a3002610_NeikiAnalytics.exe N/A
File created C:\Windows\System\CKSJiSc.exe C:\Users\Admin\AppData\Local\Temp\abcd6cc1baca16c3a5e073b2a3002610_NeikiAnalytics.exe N/A
File created C:\Windows\System\klkIrFr.exe C:\Users\Admin\AppData\Local\Temp\abcd6cc1baca16c3a5e073b2a3002610_NeikiAnalytics.exe N/A
File created C:\Windows\System\IxrxYKK.exe C:\Users\Admin\AppData\Local\Temp\abcd6cc1baca16c3a5e073b2a3002610_NeikiAnalytics.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\abcd6cc1baca16c3a5e073b2a3002610_NeikiAnalytics.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\abcd6cc1baca16c3a5e073b2a3002610_NeikiAnalytics.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2236 wrote to memory of 1928 N/A C:\Users\Admin\AppData\Local\Temp\abcd6cc1baca16c3a5e073b2a3002610_NeikiAnalytics.exe C:\Windows\System\UIMrTNH.exe
PID 2236 wrote to memory of 1928 N/A C:\Users\Admin\AppData\Local\Temp\abcd6cc1baca16c3a5e073b2a3002610_NeikiAnalytics.exe C:\Windows\System\UIMrTNH.exe
PID 2236 wrote to memory of 1928 N/A C:\Users\Admin\AppData\Local\Temp\abcd6cc1baca16c3a5e073b2a3002610_NeikiAnalytics.exe C:\Windows\System\UIMrTNH.exe
PID 2236 wrote to memory of 3044 N/A C:\Users\Admin\AppData\Local\Temp\abcd6cc1baca16c3a5e073b2a3002610_NeikiAnalytics.exe C:\Windows\System\DWgPgUi.exe
PID 2236 wrote to memory of 3044 N/A C:\Users\Admin\AppData\Local\Temp\abcd6cc1baca16c3a5e073b2a3002610_NeikiAnalytics.exe C:\Windows\System\DWgPgUi.exe
PID 2236 wrote to memory of 3044 N/A C:\Users\Admin\AppData\Local\Temp\abcd6cc1baca16c3a5e073b2a3002610_NeikiAnalytics.exe C:\Windows\System\DWgPgUi.exe
PID 2236 wrote to memory of 2568 N/A C:\Users\Admin\AppData\Local\Temp\abcd6cc1baca16c3a5e073b2a3002610_NeikiAnalytics.exe C:\Windows\System\YwJWruU.exe
PID 2236 wrote to memory of 2568 N/A C:\Users\Admin\AppData\Local\Temp\abcd6cc1baca16c3a5e073b2a3002610_NeikiAnalytics.exe C:\Windows\System\YwJWruU.exe
PID 2236 wrote to memory of 2568 N/A C:\Users\Admin\AppData\Local\Temp\abcd6cc1baca16c3a5e073b2a3002610_NeikiAnalytics.exe C:\Windows\System\YwJWruU.exe
PID 2236 wrote to memory of 2632 N/A C:\Users\Admin\AppData\Local\Temp\abcd6cc1baca16c3a5e073b2a3002610_NeikiAnalytics.exe C:\Windows\System\gsYJNuo.exe
PID 2236 wrote to memory of 2632 N/A C:\Users\Admin\AppData\Local\Temp\abcd6cc1baca16c3a5e073b2a3002610_NeikiAnalytics.exe C:\Windows\System\gsYJNuo.exe
PID 2236 wrote to memory of 2632 N/A C:\Users\Admin\AppData\Local\Temp\abcd6cc1baca16c3a5e073b2a3002610_NeikiAnalytics.exe C:\Windows\System\gsYJNuo.exe
PID 2236 wrote to memory of 2856 N/A C:\Users\Admin\AppData\Local\Temp\abcd6cc1baca16c3a5e073b2a3002610_NeikiAnalytics.exe C:\Windows\System\VpnLOog.exe
PID 2236 wrote to memory of 2856 N/A C:\Users\Admin\AppData\Local\Temp\abcd6cc1baca16c3a5e073b2a3002610_NeikiAnalytics.exe C:\Windows\System\VpnLOog.exe
PID 2236 wrote to memory of 2856 N/A C:\Users\Admin\AppData\Local\Temp\abcd6cc1baca16c3a5e073b2a3002610_NeikiAnalytics.exe C:\Windows\System\VpnLOog.exe
PID 2236 wrote to memory of 2552 N/A C:\Users\Admin\AppData\Local\Temp\abcd6cc1baca16c3a5e073b2a3002610_NeikiAnalytics.exe C:\Windows\System\hXryUDG.exe
PID 2236 wrote to memory of 2552 N/A C:\Users\Admin\AppData\Local\Temp\abcd6cc1baca16c3a5e073b2a3002610_NeikiAnalytics.exe C:\Windows\System\hXryUDG.exe
PID 2236 wrote to memory of 2552 N/A C:\Users\Admin\AppData\Local\Temp\abcd6cc1baca16c3a5e073b2a3002610_NeikiAnalytics.exe C:\Windows\System\hXryUDG.exe
PID 2236 wrote to memory of 2740 N/A C:\Users\Admin\AppData\Local\Temp\abcd6cc1baca16c3a5e073b2a3002610_NeikiAnalytics.exe C:\Windows\System\RPYMatE.exe
PID 2236 wrote to memory of 2740 N/A C:\Users\Admin\AppData\Local\Temp\abcd6cc1baca16c3a5e073b2a3002610_NeikiAnalytics.exe C:\Windows\System\RPYMatE.exe
PID 2236 wrote to memory of 2740 N/A C:\Users\Admin\AppData\Local\Temp\abcd6cc1baca16c3a5e073b2a3002610_NeikiAnalytics.exe C:\Windows\System\RPYMatE.exe
PID 2236 wrote to memory of 2452 N/A C:\Users\Admin\AppData\Local\Temp\abcd6cc1baca16c3a5e073b2a3002610_NeikiAnalytics.exe C:\Windows\System\UjAOdKT.exe
PID 2236 wrote to memory of 2452 N/A C:\Users\Admin\AppData\Local\Temp\abcd6cc1baca16c3a5e073b2a3002610_NeikiAnalytics.exe C:\Windows\System\UjAOdKT.exe
PID 2236 wrote to memory of 2452 N/A C:\Users\Admin\AppData\Local\Temp\abcd6cc1baca16c3a5e073b2a3002610_NeikiAnalytics.exe C:\Windows\System\UjAOdKT.exe
PID 2236 wrote to memory of 2608 N/A C:\Users\Admin\AppData\Local\Temp\abcd6cc1baca16c3a5e073b2a3002610_NeikiAnalytics.exe C:\Windows\System\pEprLRG.exe
PID 2236 wrote to memory of 2608 N/A C:\Users\Admin\AppData\Local\Temp\abcd6cc1baca16c3a5e073b2a3002610_NeikiAnalytics.exe C:\Windows\System\pEprLRG.exe
PID 2236 wrote to memory of 2608 N/A C:\Users\Admin\AppData\Local\Temp\abcd6cc1baca16c3a5e073b2a3002610_NeikiAnalytics.exe C:\Windows\System\pEprLRG.exe
PID 2236 wrote to memory of 776 N/A C:\Users\Admin\AppData\Local\Temp\abcd6cc1baca16c3a5e073b2a3002610_NeikiAnalytics.exe C:\Windows\System\EHLQDpR.exe
PID 2236 wrote to memory of 776 N/A C:\Users\Admin\AppData\Local\Temp\abcd6cc1baca16c3a5e073b2a3002610_NeikiAnalytics.exe C:\Windows\System\EHLQDpR.exe
PID 2236 wrote to memory of 776 N/A C:\Users\Admin\AppData\Local\Temp\abcd6cc1baca16c3a5e073b2a3002610_NeikiAnalytics.exe C:\Windows\System\EHLQDpR.exe
PID 2236 wrote to memory of 2420 N/A C:\Users\Admin\AppData\Local\Temp\abcd6cc1baca16c3a5e073b2a3002610_NeikiAnalytics.exe C:\Windows\System\NaiMMhR.exe
PID 2236 wrote to memory of 2420 N/A C:\Users\Admin\AppData\Local\Temp\abcd6cc1baca16c3a5e073b2a3002610_NeikiAnalytics.exe C:\Windows\System\NaiMMhR.exe
PID 2236 wrote to memory of 2420 N/A C:\Users\Admin\AppData\Local\Temp\abcd6cc1baca16c3a5e073b2a3002610_NeikiAnalytics.exe C:\Windows\System\NaiMMhR.exe
PID 2236 wrote to memory of 2492 N/A C:\Users\Admin\AppData\Local\Temp\abcd6cc1baca16c3a5e073b2a3002610_NeikiAnalytics.exe C:\Windows\System\vgdwWmd.exe
PID 2236 wrote to memory of 2492 N/A C:\Users\Admin\AppData\Local\Temp\abcd6cc1baca16c3a5e073b2a3002610_NeikiAnalytics.exe C:\Windows\System\vgdwWmd.exe
PID 2236 wrote to memory of 2492 N/A C:\Users\Admin\AppData\Local\Temp\abcd6cc1baca16c3a5e073b2a3002610_NeikiAnalytics.exe C:\Windows\System\vgdwWmd.exe
PID 2236 wrote to memory of 2948 N/A C:\Users\Admin\AppData\Local\Temp\abcd6cc1baca16c3a5e073b2a3002610_NeikiAnalytics.exe C:\Windows\System\HmvnJgu.exe
PID 2236 wrote to memory of 2948 N/A C:\Users\Admin\AppData\Local\Temp\abcd6cc1baca16c3a5e073b2a3002610_NeikiAnalytics.exe C:\Windows\System\HmvnJgu.exe
PID 2236 wrote to memory of 2948 N/A C:\Users\Admin\AppData\Local\Temp\abcd6cc1baca16c3a5e073b2a3002610_NeikiAnalytics.exe C:\Windows\System\HmvnJgu.exe
PID 2236 wrote to memory of 1868 N/A C:\Users\Admin\AppData\Local\Temp\abcd6cc1baca16c3a5e073b2a3002610_NeikiAnalytics.exe C:\Windows\System\CEyYEDH.exe
PID 2236 wrote to memory of 1868 N/A C:\Users\Admin\AppData\Local\Temp\abcd6cc1baca16c3a5e073b2a3002610_NeikiAnalytics.exe C:\Windows\System\CEyYEDH.exe
PID 2236 wrote to memory of 1868 N/A C:\Users\Admin\AppData\Local\Temp\abcd6cc1baca16c3a5e073b2a3002610_NeikiAnalytics.exe C:\Windows\System\CEyYEDH.exe
PID 2236 wrote to memory of 1640 N/A C:\Users\Admin\AppData\Local\Temp\abcd6cc1baca16c3a5e073b2a3002610_NeikiAnalytics.exe C:\Windows\System\skqUbaS.exe
PID 2236 wrote to memory of 1640 N/A C:\Users\Admin\AppData\Local\Temp\abcd6cc1baca16c3a5e073b2a3002610_NeikiAnalytics.exe C:\Windows\System\skqUbaS.exe
PID 2236 wrote to memory of 1640 N/A C:\Users\Admin\AppData\Local\Temp\abcd6cc1baca16c3a5e073b2a3002610_NeikiAnalytics.exe C:\Windows\System\skqUbaS.exe
PID 2236 wrote to memory of 2812 N/A C:\Users\Admin\AppData\Local\Temp\abcd6cc1baca16c3a5e073b2a3002610_NeikiAnalytics.exe C:\Windows\System\aGxqwZM.exe
PID 2236 wrote to memory of 2812 N/A C:\Users\Admin\AppData\Local\Temp\abcd6cc1baca16c3a5e073b2a3002610_NeikiAnalytics.exe C:\Windows\System\aGxqwZM.exe
PID 2236 wrote to memory of 2812 N/A C:\Users\Admin\AppData\Local\Temp\abcd6cc1baca16c3a5e073b2a3002610_NeikiAnalytics.exe C:\Windows\System\aGxqwZM.exe
PID 2236 wrote to memory of 2956 N/A C:\Users\Admin\AppData\Local\Temp\abcd6cc1baca16c3a5e073b2a3002610_NeikiAnalytics.exe C:\Windows\System\sVxHqHY.exe
PID 2236 wrote to memory of 2956 N/A C:\Users\Admin\AppData\Local\Temp\abcd6cc1baca16c3a5e073b2a3002610_NeikiAnalytics.exe C:\Windows\System\sVxHqHY.exe
PID 2236 wrote to memory of 2956 N/A C:\Users\Admin\AppData\Local\Temp\abcd6cc1baca16c3a5e073b2a3002610_NeikiAnalytics.exe C:\Windows\System\sVxHqHY.exe
PID 2236 wrote to memory of 2952 N/A C:\Users\Admin\AppData\Local\Temp\abcd6cc1baca16c3a5e073b2a3002610_NeikiAnalytics.exe C:\Windows\System\nOpyLfk.exe
PID 2236 wrote to memory of 2952 N/A C:\Users\Admin\AppData\Local\Temp\abcd6cc1baca16c3a5e073b2a3002610_NeikiAnalytics.exe C:\Windows\System\nOpyLfk.exe
PID 2236 wrote to memory of 2952 N/A C:\Users\Admin\AppData\Local\Temp\abcd6cc1baca16c3a5e073b2a3002610_NeikiAnalytics.exe C:\Windows\System\nOpyLfk.exe
PID 2236 wrote to memory of 1812 N/A C:\Users\Admin\AppData\Local\Temp\abcd6cc1baca16c3a5e073b2a3002610_NeikiAnalytics.exe C:\Windows\System\rhZSkwB.exe
PID 2236 wrote to memory of 1812 N/A C:\Users\Admin\AppData\Local\Temp\abcd6cc1baca16c3a5e073b2a3002610_NeikiAnalytics.exe C:\Windows\System\rhZSkwB.exe
PID 2236 wrote to memory of 1812 N/A C:\Users\Admin\AppData\Local\Temp\abcd6cc1baca16c3a5e073b2a3002610_NeikiAnalytics.exe C:\Windows\System\rhZSkwB.exe
PID 2236 wrote to memory of 1588 N/A C:\Users\Admin\AppData\Local\Temp\abcd6cc1baca16c3a5e073b2a3002610_NeikiAnalytics.exe C:\Windows\System\cGgLJuJ.exe
PID 2236 wrote to memory of 1588 N/A C:\Users\Admin\AppData\Local\Temp\abcd6cc1baca16c3a5e073b2a3002610_NeikiAnalytics.exe C:\Windows\System\cGgLJuJ.exe
PID 2236 wrote to memory of 1588 N/A C:\Users\Admin\AppData\Local\Temp\abcd6cc1baca16c3a5e073b2a3002610_NeikiAnalytics.exe C:\Windows\System\cGgLJuJ.exe
PID 2236 wrote to memory of 1048 N/A C:\Users\Admin\AppData\Local\Temp\abcd6cc1baca16c3a5e073b2a3002610_NeikiAnalytics.exe C:\Windows\System\KFdpeZt.exe
PID 2236 wrote to memory of 1048 N/A C:\Users\Admin\AppData\Local\Temp\abcd6cc1baca16c3a5e073b2a3002610_NeikiAnalytics.exe C:\Windows\System\KFdpeZt.exe
PID 2236 wrote to memory of 1048 N/A C:\Users\Admin\AppData\Local\Temp\abcd6cc1baca16c3a5e073b2a3002610_NeikiAnalytics.exe C:\Windows\System\KFdpeZt.exe
PID 2236 wrote to memory of 2700 N/A C:\Users\Admin\AppData\Local\Temp\abcd6cc1baca16c3a5e073b2a3002610_NeikiAnalytics.exe C:\Windows\System\xFMtrOq.exe

Processes

C:\Users\Admin\AppData\Local\Temp\abcd6cc1baca16c3a5e073b2a3002610_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\abcd6cc1baca16c3a5e073b2a3002610_NeikiAnalytics.exe"

C:\Windows\System\UIMrTNH.exe

C:\Windows\System\UIMrTNH.exe

C:\Windows\System\DWgPgUi.exe

C:\Windows\System\DWgPgUi.exe

C:\Windows\System\YwJWruU.exe

C:\Windows\System\YwJWruU.exe

C:\Windows\System\gsYJNuo.exe

C:\Windows\System\gsYJNuo.exe

C:\Windows\System\VpnLOog.exe

C:\Windows\System\VpnLOog.exe

C:\Windows\System\hXryUDG.exe

C:\Windows\System\hXryUDG.exe

C:\Windows\System\RPYMatE.exe

C:\Windows\System\RPYMatE.exe

C:\Windows\System\UjAOdKT.exe

C:\Windows\System\UjAOdKT.exe

C:\Windows\System\pEprLRG.exe

C:\Windows\System\pEprLRG.exe

C:\Windows\System\EHLQDpR.exe

C:\Windows\System\EHLQDpR.exe

C:\Windows\System\NaiMMhR.exe

C:\Windows\System\NaiMMhR.exe

C:\Windows\System\vgdwWmd.exe

C:\Windows\System\vgdwWmd.exe

C:\Windows\System\HmvnJgu.exe

C:\Windows\System\HmvnJgu.exe

C:\Windows\System\CEyYEDH.exe

C:\Windows\System\CEyYEDH.exe

C:\Windows\System\skqUbaS.exe

C:\Windows\System\skqUbaS.exe

C:\Windows\System\aGxqwZM.exe

C:\Windows\System\aGxqwZM.exe

C:\Windows\System\sVxHqHY.exe

C:\Windows\System\sVxHqHY.exe

C:\Windows\System\nOpyLfk.exe

C:\Windows\System\nOpyLfk.exe

C:\Windows\System\rhZSkwB.exe

C:\Windows\System\rhZSkwB.exe

C:\Windows\System\cGgLJuJ.exe

C:\Windows\System\cGgLJuJ.exe

C:\Windows\System\KFdpeZt.exe

C:\Windows\System\KFdpeZt.exe

C:\Windows\System\xFMtrOq.exe

C:\Windows\System\xFMtrOq.exe

C:\Windows\System\eFnfZbz.exe

C:\Windows\System\eFnfZbz.exe

C:\Windows\System\miDUpDF.exe

C:\Windows\System\miDUpDF.exe

C:\Windows\System\IebCtTK.exe

C:\Windows\System\IebCtTK.exe

C:\Windows\System\TTwiesd.exe

C:\Windows\System\TTwiesd.exe

C:\Windows\System\FjkzAYW.exe

C:\Windows\System\FjkzAYW.exe

C:\Windows\System\ZTHsmSv.exe

C:\Windows\System\ZTHsmSv.exe

C:\Windows\System\yUbzqNf.exe

C:\Windows\System\yUbzqNf.exe

C:\Windows\System\UegropU.exe

C:\Windows\System\UegropU.exe

C:\Windows\System\HeuHnwp.exe

C:\Windows\System\HeuHnwp.exe

C:\Windows\System\TJCbgLK.exe

C:\Windows\System\TJCbgLK.exe

C:\Windows\System\faCBbZX.exe

C:\Windows\System\faCBbZX.exe

C:\Windows\System\cHNIfoC.exe

C:\Windows\System\cHNIfoC.exe

C:\Windows\System\rqcvLbb.exe

C:\Windows\System\rqcvLbb.exe

C:\Windows\System\VOYOVyM.exe

C:\Windows\System\VOYOVyM.exe

C:\Windows\System\wpQDHcn.exe

C:\Windows\System\wpQDHcn.exe

C:\Windows\System\XHrMWdt.exe

C:\Windows\System\XHrMWdt.exe

C:\Windows\System\ERNrnYZ.exe

C:\Windows\System\ERNrnYZ.exe

C:\Windows\System\eauzJZR.exe

C:\Windows\System\eauzJZR.exe

C:\Windows\System\DsvRaWg.exe

C:\Windows\System\DsvRaWg.exe

C:\Windows\System\YFTNvit.exe

C:\Windows\System\YFTNvit.exe

C:\Windows\System\xRTjzLC.exe

C:\Windows\System\xRTjzLC.exe

C:\Windows\System\VHmjjrH.exe

C:\Windows\System\VHmjjrH.exe

C:\Windows\System\SbUdRhC.exe

C:\Windows\System\SbUdRhC.exe

C:\Windows\System\NBFYQwf.exe

C:\Windows\System\NBFYQwf.exe

C:\Windows\System\HzguVQb.exe

C:\Windows\System\HzguVQb.exe

C:\Windows\System\JXbRteF.exe

C:\Windows\System\JXbRteF.exe

C:\Windows\System\mmnSaqL.exe

C:\Windows\System\mmnSaqL.exe

C:\Windows\System\ffiKidy.exe

C:\Windows\System\ffiKidy.exe

C:\Windows\System\uMIzdWA.exe

C:\Windows\System\uMIzdWA.exe

C:\Windows\System\oyxJMeR.exe

C:\Windows\System\oyxJMeR.exe

C:\Windows\System\MdJFECu.exe

C:\Windows\System\MdJFECu.exe

C:\Windows\System\JUwfUPd.exe

C:\Windows\System\JUwfUPd.exe

C:\Windows\System\HUXFmHY.exe

C:\Windows\System\HUXFmHY.exe

C:\Windows\System\SEYvpVx.exe

C:\Windows\System\SEYvpVx.exe

C:\Windows\System\uunqhnl.exe

C:\Windows\System\uunqhnl.exe

C:\Windows\System\kBtukgb.exe

C:\Windows\System\kBtukgb.exe

C:\Windows\System\CKSJiSc.exe

C:\Windows\System\CKSJiSc.exe

C:\Windows\System\MiiTtKz.exe

C:\Windows\System\MiiTtKz.exe

C:\Windows\System\IUAXGVB.exe

C:\Windows\System\IUAXGVB.exe

C:\Windows\System\VYspEHo.exe

C:\Windows\System\VYspEHo.exe

C:\Windows\System\DgwOExx.exe

C:\Windows\System\DgwOExx.exe

C:\Windows\System\NiSmdVc.exe

C:\Windows\System\NiSmdVc.exe

C:\Windows\System\kPJsDYj.exe

C:\Windows\System\kPJsDYj.exe

C:\Windows\System\RbWAwWY.exe

C:\Windows\System\RbWAwWY.exe

C:\Windows\System\NEyHAIY.exe

C:\Windows\System\NEyHAIY.exe

C:\Windows\System\klkIrFr.exe

C:\Windows\System\klkIrFr.exe

C:\Windows\System\ZSXQSro.exe

C:\Windows\System\ZSXQSro.exe

C:\Windows\System\JqBzwKM.exe

C:\Windows\System\JqBzwKM.exe

C:\Windows\System\GMZLTNB.exe

C:\Windows\System\GMZLTNB.exe

C:\Windows\System\ghyskqz.exe

C:\Windows\System\ghyskqz.exe

C:\Windows\System\iVOyZPy.exe

C:\Windows\System\iVOyZPy.exe

C:\Windows\System\zPGhmel.exe

C:\Windows\System\zPGhmel.exe

C:\Windows\System\UuajOLL.exe

C:\Windows\System\UuajOLL.exe

C:\Windows\System\bdubGNA.exe

C:\Windows\System\bdubGNA.exe

C:\Windows\System\IvtBnOo.exe

C:\Windows\System\IvtBnOo.exe

C:\Windows\System\hRnfMUU.exe

C:\Windows\System\hRnfMUU.exe

C:\Windows\System\gWKzgql.exe

C:\Windows\System\gWKzgql.exe

C:\Windows\System\czVXIsp.exe

C:\Windows\System\czVXIsp.exe

C:\Windows\System\SrTkCJg.exe

C:\Windows\System\SrTkCJg.exe

C:\Windows\System\lAAbdNU.exe

C:\Windows\System\lAAbdNU.exe

C:\Windows\System\ejQcRgy.exe

C:\Windows\System\ejQcRgy.exe

C:\Windows\System\TINTJjG.exe

C:\Windows\System\TINTJjG.exe

C:\Windows\System\ShFFQPz.exe

C:\Windows\System\ShFFQPz.exe

C:\Windows\System\yEjpXJB.exe

C:\Windows\System\yEjpXJB.exe

C:\Windows\System\umaCnDZ.exe

C:\Windows\System\umaCnDZ.exe

C:\Windows\System\tBKoDvQ.exe

C:\Windows\System\tBKoDvQ.exe

C:\Windows\System\HXCeEqH.exe

C:\Windows\System\HXCeEqH.exe

C:\Windows\System\XtMQwbp.exe

C:\Windows\System\XtMQwbp.exe

C:\Windows\System\AoVLXsA.exe

C:\Windows\System\AoVLXsA.exe

C:\Windows\System\cMuavqj.exe

C:\Windows\System\cMuavqj.exe

C:\Windows\System\uBuYKPD.exe

C:\Windows\System\uBuYKPD.exe

C:\Windows\System\FkQJufC.exe

C:\Windows\System\FkQJufC.exe

C:\Windows\System\wvzaMAE.exe

C:\Windows\System\wvzaMAE.exe

C:\Windows\System\xBBCxJY.exe

C:\Windows\System\xBBCxJY.exe

C:\Windows\System\sOYSlxa.exe

C:\Windows\System\sOYSlxa.exe

C:\Windows\System\kSLqKwf.exe

C:\Windows\System\kSLqKwf.exe

C:\Windows\System\qcfNOwC.exe

C:\Windows\System\qcfNOwC.exe

C:\Windows\System\jPmgZyW.exe

C:\Windows\System\jPmgZyW.exe

C:\Windows\System\smxfswV.exe

C:\Windows\System\smxfswV.exe

C:\Windows\System\nvGgcey.exe

C:\Windows\System\nvGgcey.exe

C:\Windows\System\sNJkAfX.exe

C:\Windows\System\sNJkAfX.exe

C:\Windows\System\bOURjUt.exe

C:\Windows\System\bOURjUt.exe

C:\Windows\System\yEPScLo.exe

C:\Windows\System\yEPScLo.exe

C:\Windows\System\vBiZnrn.exe

C:\Windows\System\vBiZnrn.exe

C:\Windows\System\whHtbmC.exe

C:\Windows\System\whHtbmC.exe

C:\Windows\System\VzuXbZK.exe

C:\Windows\System\VzuXbZK.exe

C:\Windows\System\pmGweyH.exe

C:\Windows\System\pmGweyH.exe

C:\Windows\System\HhCwsQZ.exe

C:\Windows\System\HhCwsQZ.exe

C:\Windows\System\YRCxLaZ.exe

C:\Windows\System\YRCxLaZ.exe

C:\Windows\System\YQsRORX.exe

C:\Windows\System\YQsRORX.exe

C:\Windows\System\IxrxYKK.exe

C:\Windows\System\IxrxYKK.exe

C:\Windows\System\bGvPrLd.exe

C:\Windows\System\bGvPrLd.exe

C:\Windows\System\nIhexgM.exe

C:\Windows\System\nIhexgM.exe

C:\Windows\System\linYnoB.exe

C:\Windows\System\linYnoB.exe

C:\Windows\System\AhxXaFi.exe

C:\Windows\System\AhxXaFi.exe

C:\Windows\System\DoNyqUC.exe

C:\Windows\System\DoNyqUC.exe

C:\Windows\System\PIDyIwX.exe

C:\Windows\System\PIDyIwX.exe

C:\Windows\System\ApeAmoo.exe

C:\Windows\System\ApeAmoo.exe

C:\Windows\System\cCSacqL.exe

C:\Windows\System\cCSacqL.exe

C:\Windows\System\syhyQLI.exe

C:\Windows\System\syhyQLI.exe

C:\Windows\System\WfALSmv.exe

C:\Windows\System\WfALSmv.exe

C:\Windows\System\eeRTlNw.exe

C:\Windows\System\eeRTlNw.exe

C:\Windows\System\muqNdre.exe

C:\Windows\System\muqNdre.exe

C:\Windows\System\pADBJRX.exe

C:\Windows\System\pADBJRX.exe

C:\Windows\System\OKrIbDD.exe

C:\Windows\System\OKrIbDD.exe

C:\Windows\System\DSKnPEY.exe

C:\Windows\System\DSKnPEY.exe

C:\Windows\System\KHkZHWE.exe

C:\Windows\System\KHkZHWE.exe

C:\Windows\System\GheqyyA.exe

C:\Windows\System\GheqyyA.exe

C:\Windows\System\OYjVaLH.exe

C:\Windows\System\OYjVaLH.exe

C:\Windows\System\mksaeHk.exe

C:\Windows\System\mksaeHk.exe

C:\Windows\System\Cjdmkvg.exe

C:\Windows\System\Cjdmkvg.exe

C:\Windows\System\KXVHzxw.exe

C:\Windows\System\KXVHzxw.exe

C:\Windows\System\SPJCcYj.exe

C:\Windows\System\SPJCcYj.exe

C:\Windows\System\sEWmlzm.exe

C:\Windows\System\sEWmlzm.exe

C:\Windows\System\EcmFOUP.exe

C:\Windows\System\EcmFOUP.exe

C:\Windows\System\GLaXXZU.exe

C:\Windows\System\GLaXXZU.exe

C:\Windows\System\WuTXvnt.exe

C:\Windows\System\WuTXvnt.exe

C:\Windows\System\qTKkesn.exe

C:\Windows\System\qTKkesn.exe

C:\Windows\System\hTZcyWh.exe

C:\Windows\System\hTZcyWh.exe

C:\Windows\System\OXXUsYW.exe

C:\Windows\System\OXXUsYW.exe

C:\Windows\System\DVMiEGR.exe

C:\Windows\System\DVMiEGR.exe

C:\Windows\System\XIORCTQ.exe

C:\Windows\System\XIORCTQ.exe

C:\Windows\System\NvxuiAJ.exe

C:\Windows\System\NvxuiAJ.exe

C:\Windows\System\WNYEptf.exe

C:\Windows\System\WNYEptf.exe

C:\Windows\System\dVIMACW.exe

C:\Windows\System\dVIMACW.exe

C:\Windows\System\RYBFVbx.exe

C:\Windows\System\RYBFVbx.exe

C:\Windows\System\RZyRzLc.exe

C:\Windows\System\RZyRzLc.exe

C:\Windows\System\dYNPWsJ.exe

C:\Windows\System\dYNPWsJ.exe

C:\Windows\System\hlBMRUB.exe

C:\Windows\System\hlBMRUB.exe

C:\Windows\System\loqObJl.exe

C:\Windows\System\loqObJl.exe

C:\Windows\System\UTtsvgF.exe

C:\Windows\System\UTtsvgF.exe

C:\Windows\System\vlRaULM.exe

C:\Windows\System\vlRaULM.exe

C:\Windows\System\bJrPHNu.exe

C:\Windows\System\bJrPHNu.exe

C:\Windows\System\JrFzQpl.exe

C:\Windows\System\JrFzQpl.exe

C:\Windows\System\fVeqwII.exe

C:\Windows\System\fVeqwII.exe

C:\Windows\System\pSjdfsy.exe

C:\Windows\System\pSjdfsy.exe

C:\Windows\System\EeTLpQt.exe

C:\Windows\System\EeTLpQt.exe

C:\Windows\System\PdKyVwR.exe

C:\Windows\System\PdKyVwR.exe

C:\Windows\System\kvNtnml.exe

C:\Windows\System\kvNtnml.exe

C:\Windows\System\nBZULvT.exe

C:\Windows\System\nBZULvT.exe

C:\Windows\System\ZCfTcap.exe

C:\Windows\System\ZCfTcap.exe

C:\Windows\System\qPcdNGl.exe

C:\Windows\System\qPcdNGl.exe

C:\Windows\System\tfXPrFb.exe

C:\Windows\System\tfXPrFb.exe

C:\Windows\System\ChQcFGM.exe

C:\Windows\System\ChQcFGM.exe

C:\Windows\System\nPtwZTJ.exe

C:\Windows\System\nPtwZTJ.exe

C:\Windows\System\xvqTjwX.exe

C:\Windows\System\xvqTjwX.exe

C:\Windows\System\MCXOlIK.exe

C:\Windows\System\MCXOlIK.exe

C:\Windows\System\qFSlpXo.exe

C:\Windows\System\qFSlpXo.exe

C:\Windows\System\iRFTxaV.exe

C:\Windows\System\iRFTxaV.exe

C:\Windows\System\OoqNCgj.exe

C:\Windows\System\OoqNCgj.exe

C:\Windows\System\EcorIhM.exe

C:\Windows\System\EcorIhM.exe

C:\Windows\System\TqtqYds.exe

C:\Windows\System\TqtqYds.exe

C:\Windows\System\YBqvKIz.exe

C:\Windows\System\YBqvKIz.exe

C:\Windows\System\zoVpRCo.exe

C:\Windows\System\zoVpRCo.exe

C:\Windows\System\VuFfWyN.exe

C:\Windows\System\VuFfWyN.exe

C:\Windows\System\iVaMbaU.exe

C:\Windows\System\iVaMbaU.exe

C:\Windows\System\sjIBXFP.exe

C:\Windows\System\sjIBXFP.exe

C:\Windows\System\giRWJjq.exe

C:\Windows\System\giRWJjq.exe

C:\Windows\System\vJaublN.exe

C:\Windows\System\vJaublN.exe

C:\Windows\System\rRpUokl.exe

C:\Windows\System\rRpUokl.exe

C:\Windows\System\gSxJOwT.exe

C:\Windows\System\gSxJOwT.exe

C:\Windows\System\dFNltBN.exe

C:\Windows\System\dFNltBN.exe

C:\Windows\System\MwUlTAa.exe

C:\Windows\System\MwUlTAa.exe

C:\Windows\System\MXnzRsZ.exe

C:\Windows\System\MXnzRsZ.exe

C:\Windows\System\dHXNnAT.exe

C:\Windows\System\dHXNnAT.exe

C:\Windows\System\BcPxGlC.exe

C:\Windows\System\BcPxGlC.exe

C:\Windows\System\VIcUWWh.exe

C:\Windows\System\VIcUWWh.exe

C:\Windows\System\kuWzHCL.exe

C:\Windows\System\kuWzHCL.exe

C:\Windows\System\bVxQaVm.exe

C:\Windows\System\bVxQaVm.exe

C:\Windows\System\JuveDYf.exe

C:\Windows\System\JuveDYf.exe

C:\Windows\System\WlrjjgG.exe

C:\Windows\System\WlrjjgG.exe

C:\Windows\System\AprUyPX.exe

C:\Windows\System\AprUyPX.exe

C:\Windows\System\vPeUDcd.exe

C:\Windows\System\vPeUDcd.exe

C:\Windows\System\LgnWIlx.exe

C:\Windows\System\LgnWIlx.exe

C:\Windows\System\agLRUhG.exe

C:\Windows\System\agLRUhG.exe

C:\Windows\System\aJJSjjM.exe

C:\Windows\System\aJJSjjM.exe

C:\Windows\System\EYsXZXm.exe

C:\Windows\System\EYsXZXm.exe

C:\Windows\System\ruHgVWQ.exe

C:\Windows\System\ruHgVWQ.exe

C:\Windows\System\pUmlIdJ.exe

C:\Windows\System\pUmlIdJ.exe

C:\Windows\System\uOTeOVX.exe

C:\Windows\System\uOTeOVX.exe

C:\Windows\System\MmhcHwq.exe

C:\Windows\System\MmhcHwq.exe

C:\Windows\System\ezFgdqY.exe

C:\Windows\System\ezFgdqY.exe

C:\Windows\System\mbyosLh.exe

C:\Windows\System\mbyosLh.exe

C:\Windows\System\twGHBEy.exe

C:\Windows\System\twGHBEy.exe

C:\Windows\System\vKunxGu.exe

C:\Windows\System\vKunxGu.exe

C:\Windows\System\WsVAeNb.exe

C:\Windows\System\WsVAeNb.exe

C:\Windows\System\DlRMGqf.exe

C:\Windows\System\DlRMGqf.exe

C:\Windows\System\supxEft.exe

C:\Windows\System\supxEft.exe

C:\Windows\System\IuJDFRt.exe

C:\Windows\System\IuJDFRt.exe

C:\Windows\System\xpbOSjJ.exe

C:\Windows\System\xpbOSjJ.exe

C:\Windows\System\ddDKBIt.exe

C:\Windows\System\ddDKBIt.exe

C:\Windows\System\iSTNeGG.exe

C:\Windows\System\iSTNeGG.exe

C:\Windows\System\JOfBrIJ.exe

C:\Windows\System\JOfBrIJ.exe

C:\Windows\System\pWrnhce.exe

C:\Windows\System\pWrnhce.exe

C:\Windows\System\rsDoWKM.exe

C:\Windows\System\rsDoWKM.exe

C:\Windows\System\HGTlrIH.exe

C:\Windows\System\HGTlrIH.exe

C:\Windows\System\DRiHirO.exe

C:\Windows\System\DRiHirO.exe

C:\Windows\System\gAnGUUT.exe

C:\Windows\System\gAnGUUT.exe

C:\Windows\System\cAABAFD.exe

C:\Windows\System\cAABAFD.exe

C:\Windows\System\mHRFJxL.exe

C:\Windows\System\mHRFJxL.exe

C:\Windows\System\qSLzWsO.exe

C:\Windows\System\qSLzWsO.exe

C:\Windows\System\toHTuGq.exe

C:\Windows\System\toHTuGq.exe

C:\Windows\System\hGRPBuC.exe

C:\Windows\System\hGRPBuC.exe

C:\Windows\System\rUJXuva.exe

C:\Windows\System\rUJXuva.exe

C:\Windows\System\QXUyjNP.exe

C:\Windows\System\QXUyjNP.exe

C:\Windows\System\AUYVmml.exe

C:\Windows\System\AUYVmml.exe

C:\Windows\System\uXOIJsX.exe

C:\Windows\System\uXOIJsX.exe

C:\Windows\System\fEGRjWE.exe

C:\Windows\System\fEGRjWE.exe

C:\Windows\System\ZGDbCdJ.exe

C:\Windows\System\ZGDbCdJ.exe

C:\Windows\System\ffaqmSl.exe

C:\Windows\System\ffaqmSl.exe

C:\Windows\System\sFuYfBA.exe

C:\Windows\System\sFuYfBA.exe

C:\Windows\System\tEguZkw.exe

C:\Windows\System\tEguZkw.exe

C:\Windows\System\gQfWZUX.exe

C:\Windows\System\gQfWZUX.exe

C:\Windows\System\KTFfCSw.exe

C:\Windows\System\KTFfCSw.exe

C:\Windows\System\jZknBtY.exe

C:\Windows\System\jZknBtY.exe

C:\Windows\System\plAzFQY.exe

C:\Windows\System\plAzFQY.exe

C:\Windows\System\VrpfNhv.exe

C:\Windows\System\VrpfNhv.exe

C:\Windows\System\KQsmCJR.exe

C:\Windows\System\KQsmCJR.exe

C:\Windows\System\IYTAoim.exe

C:\Windows\System\IYTAoim.exe

C:\Windows\System\KfqutyG.exe

C:\Windows\System\KfqutyG.exe

C:\Windows\System\paXlnbK.exe

C:\Windows\System\paXlnbK.exe

C:\Windows\System\tBJOAUx.exe

C:\Windows\System\tBJOAUx.exe

C:\Windows\System\HQplaYT.exe

C:\Windows\System\HQplaYT.exe

C:\Windows\System\xoklxEc.exe

C:\Windows\System\xoklxEc.exe

C:\Windows\System\ASPrUEw.exe

C:\Windows\System\ASPrUEw.exe

C:\Windows\System\floAmbV.exe

C:\Windows\System\floAmbV.exe

C:\Windows\System\ykiHONp.exe

C:\Windows\System\ykiHONp.exe

C:\Windows\System\wfholjZ.exe

C:\Windows\System\wfholjZ.exe

C:\Windows\System\QInQTDB.exe

C:\Windows\System\QInQTDB.exe

C:\Windows\System\QHtWvYg.exe

C:\Windows\System\QHtWvYg.exe

C:\Windows\System\oiQjpeE.exe

C:\Windows\System\oiQjpeE.exe

C:\Windows\System\spbfsuF.exe

C:\Windows\System\spbfsuF.exe

C:\Windows\System\eqSwZqO.exe

C:\Windows\System\eqSwZqO.exe

C:\Windows\System\HpBBSCZ.exe

C:\Windows\System\HpBBSCZ.exe

C:\Windows\System\odEdrmd.exe

C:\Windows\System\odEdrmd.exe

C:\Windows\System\NuhHguS.exe

C:\Windows\System\NuhHguS.exe

C:\Windows\System\AaVDpqa.exe

C:\Windows\System\AaVDpqa.exe

C:\Windows\System\xKqtfCM.exe

C:\Windows\System\xKqtfCM.exe

C:\Windows\System\XgTtSNE.exe

C:\Windows\System\XgTtSNE.exe

C:\Windows\System\EmDfzNC.exe

C:\Windows\System\EmDfzNC.exe

C:\Windows\System\IOebuqn.exe

C:\Windows\System\IOebuqn.exe

C:\Windows\System\bohovvB.exe

C:\Windows\System\bohovvB.exe

C:\Windows\System\MGoleNk.exe

C:\Windows\System\MGoleNk.exe

C:\Windows\System\VpVefDp.exe

C:\Windows\System\VpVefDp.exe

C:\Windows\System\fJEZkvy.exe

C:\Windows\System\fJEZkvy.exe

C:\Windows\System\JtMudYG.exe

C:\Windows\System\JtMudYG.exe

C:\Windows\System\XaIAMyF.exe

C:\Windows\System\XaIAMyF.exe

C:\Windows\System\LdYyRkP.exe

C:\Windows\System\LdYyRkP.exe

C:\Windows\System\SgTHuCV.exe

C:\Windows\System\SgTHuCV.exe

C:\Windows\System\RoILgoR.exe

C:\Windows\System\RoILgoR.exe

C:\Windows\System\jAdYXMv.exe

C:\Windows\System\jAdYXMv.exe

C:\Windows\System\tSAAlLO.exe

C:\Windows\System\tSAAlLO.exe

C:\Windows\System\bXDQRGr.exe

C:\Windows\System\bXDQRGr.exe

C:\Windows\System\zlNanam.exe

C:\Windows\System\zlNanam.exe

C:\Windows\System\ZUyXhHA.exe

C:\Windows\System\ZUyXhHA.exe

C:\Windows\System\CCrMuAs.exe

C:\Windows\System\CCrMuAs.exe

C:\Windows\System\ohUsNDX.exe

C:\Windows\System\ohUsNDX.exe

C:\Windows\System\RzxCtGS.exe

C:\Windows\System\RzxCtGS.exe

C:\Windows\System\NyUDZHt.exe

C:\Windows\System\NyUDZHt.exe

C:\Windows\System\cuadAIM.exe

C:\Windows\System\cuadAIM.exe

C:\Windows\System\uxrcTsy.exe

C:\Windows\System\uxrcTsy.exe

C:\Windows\System\ROsFVfe.exe

C:\Windows\System\ROsFVfe.exe

C:\Windows\System\ZAOQOhx.exe

C:\Windows\System\ZAOQOhx.exe

C:\Windows\System\atibauB.exe

C:\Windows\System\atibauB.exe

C:\Windows\System\fAqujXp.exe

C:\Windows\System\fAqujXp.exe

C:\Windows\System\PfCAOox.exe

C:\Windows\System\PfCAOox.exe

C:\Windows\System\syIQQBE.exe

C:\Windows\System\syIQQBE.exe

C:\Windows\System\zKZSLFU.exe

C:\Windows\System\zKZSLFU.exe

C:\Windows\System\TUSSRXQ.exe

C:\Windows\System\TUSSRXQ.exe

C:\Windows\System\zSQHjiC.exe

C:\Windows\System\zSQHjiC.exe

C:\Windows\System\izqKokS.exe

C:\Windows\System\izqKokS.exe

C:\Windows\System\FBKatKs.exe

C:\Windows\System\FBKatKs.exe

C:\Windows\System\gflMMga.exe

C:\Windows\System\gflMMga.exe

C:\Windows\System\VKSGLSF.exe

C:\Windows\System\VKSGLSF.exe

C:\Windows\System\uKAxthU.exe

C:\Windows\System\uKAxthU.exe

C:\Windows\System\FbSQHDg.exe

C:\Windows\System\FbSQHDg.exe

C:\Windows\System\XfrhzIl.exe

C:\Windows\System\XfrhzIl.exe

C:\Windows\System\DQKSuTv.exe

C:\Windows\System\DQKSuTv.exe

C:\Windows\System\OvcUELn.exe

C:\Windows\System\OvcUELn.exe

C:\Windows\System\qZOvuIt.exe

C:\Windows\System\qZOvuIt.exe

C:\Windows\System\RCoicDM.exe

C:\Windows\System\RCoicDM.exe

C:\Windows\System\lkcbFRU.exe

C:\Windows\System\lkcbFRU.exe

C:\Windows\System\BQcAayg.exe

C:\Windows\System\BQcAayg.exe

C:\Windows\System\WGXxIwL.exe

C:\Windows\System\WGXxIwL.exe

C:\Windows\System\rNsKmuI.exe

C:\Windows\System\rNsKmuI.exe

C:\Windows\System\gFtleaQ.exe

C:\Windows\System\gFtleaQ.exe

C:\Windows\System\TzMJHrQ.exe

C:\Windows\System\TzMJHrQ.exe

C:\Windows\System\doSYbkB.exe

C:\Windows\System\doSYbkB.exe

C:\Windows\System\VDzETzO.exe

C:\Windows\System\VDzETzO.exe

C:\Windows\System\RNdytPt.exe

C:\Windows\System\RNdytPt.exe

C:\Windows\System\bBvspKK.exe

C:\Windows\System\bBvspKK.exe

C:\Windows\System\pLdeXXM.exe

C:\Windows\System\pLdeXXM.exe

C:\Windows\System\ITswFIe.exe

C:\Windows\System\ITswFIe.exe

C:\Windows\System\QcmysSs.exe

C:\Windows\System\QcmysSs.exe

C:\Windows\System\zPhCXJi.exe

C:\Windows\System\zPhCXJi.exe

C:\Windows\System\XOEvGTb.exe

C:\Windows\System\XOEvGTb.exe

C:\Windows\System\fpeRoPX.exe

C:\Windows\System\fpeRoPX.exe

C:\Windows\System\RDdQPJe.exe

C:\Windows\System\RDdQPJe.exe

C:\Windows\System\ZOZlTrC.exe

C:\Windows\System\ZOZlTrC.exe

C:\Windows\System\DqNPEXw.exe

C:\Windows\System\DqNPEXw.exe

C:\Windows\System\lACPKiv.exe

C:\Windows\System\lACPKiv.exe

C:\Windows\System\yBjbGgA.exe

C:\Windows\System\yBjbGgA.exe

C:\Windows\System\sIspbyZ.exe

C:\Windows\System\sIspbyZ.exe

Network

Country Destination Domain Proto
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp

Files

memory/2236-0-0x000000013F920000-0x000000013FC74000-memory.dmp

memory/2236-1-0x0000000000180000-0x0000000000190000-memory.dmp

\Windows\system\UIMrTNH.exe

MD5 e75843ba98c10d2fd71d1d14e152e019
SHA1 e508422ad5647518011dadae59f805c652addcc5
SHA256 91e003840b72a393cf797df1c1bf8856407785d4f843369662ee94c1fa275503
SHA512 a65b36e8c190864401d68d0d5e5c67ac9e96c1b90bf5eaf5dad4d337cedd9dff6015ceba6378859b8f97e6d6346f7f9eca04660f934eeb7ead461c46c12e3dfc

\Windows\system\DWgPgUi.exe

MD5 5c5259024e81d73cb40df89de8fbbf28
SHA1 3ac142fbb1b3ad4087f0c3cb46a2fa7771ba1549
SHA256 896fd0ccbc8764e93eabc14d26bd11e12bb889b21c64df6454e0c96df10de8d3
SHA512 8248f6c523bba2b170892eadd62506a682375a6470a452743f2023ae1ec52d9cbb68aac5844fc993f56f50a77fb7362b4b06812aabb088a32165d5b740917751

C:\Windows\system\YwJWruU.exe

MD5 07e736bae370c9039fac3d10c178412c
SHA1 735b1c3df45aaf1249cd907160075a824e4fd5af
SHA256 e55dd7e0e7cf71807e0e43ff9638b9ecbed1045af1833f273822ed808b9bf7ae
SHA512 16bd1a36bfcf74f72f93104ef4e6823bef249d1dfd5be29698ee61ba5c02726f47e8957e6d55fa58c1b9f357505dd376babf0b23c68e9af61287af54c3ba63a4

C:\Windows\system\gsYJNuo.exe

MD5 5bc50df44218f4df8aac0bff4c4e8ede
SHA1 faf80e513ccc4aef396dfed0a19ab71f7279e3d1
SHA256 3bb06614d9a681a81cad3501b7874bf50702d6a48c71e65f144aab6aa60fb503
SHA512 70a49df72ed55f711def19ccdd198f2dc14565e40a254e67c306731698e339188cb3ed9a4030e500edc3084a262f90c4578db27b382b2cf92d988c0eb6312b62

C:\Windows\system\VpnLOog.exe

MD5 1a57e3a7635893d83deb5be43f515aa8
SHA1 ff8c7bb34c966b98de0defa56da0c53e9e4c0abe
SHA256 af3654f537768b99a911f39e27d0b6f8272f28d1f2606af428289a4f5452d869
SHA512 cbfbf7202f3ff9c4b04e7e6ac358cc9a8eb803652873ed4cb5ffd69fa43c1eb4d42bc745f5a780f793c516b71ca82e213bc8f7cb3aad518c62d78f4d2e216077

\Windows\system\hXryUDG.exe

MD5 bf1167f1f72efb0e7f5facae23e8fdf7
SHA1 6aaa667ba9f7a50501b3c1ecadb6901db57191dd
SHA256 3b55dabb69c89753b6d0ca314bfa10e38a56c53d60527f4dddb6dfe9cb496854
SHA512 adf0ff2b231bb7d88ca4e2df35dea797a3840b618b052ae9cdfe31f44ff6912d8e8f2ab1922ad2b78f85534da729c9189acaf51b6254f78e35ee9a5b000e51a5

C:\Windows\system\UjAOdKT.exe

MD5 043c77a35452658a1cde1a08720986ee
SHA1 faa3fb22951a72bdefb386acc46e1706cda256b0
SHA256 83ca73b307758b26a8b8d10e66448db246b8187f9f56ce5dda8dc95902d306e4
SHA512 4a38bd49247a313d07112cde910bd3367a45f539287c42673c0b5784ec3b115b12f3d73df9cbdcc679401fbf7d023cc1193ecdcd062580e5e8ff4c1389e6f74a

C:\Windows\system\pEprLRG.exe

MD5 0e0d131891122fa264c9029cf01209cc
SHA1 52d8c7b3894569b27ae87fd3bfca5d08f4ec1625
SHA256 3ca957815f3754e0a65b774e4fc44639f3ac8026b7cb4343dab781e5ec0d92cc
SHA512 beff197ed1d9efabc5304a0aa7c4bc58351ebef3902524c5ba269e815d8041459ce9c0f8d7faf464a1fac1a72b9911b003b3d8704a327f63337175f19f338f2a

C:\Windows\system\EHLQDpR.exe

MD5 824cfabe437a79c21342e4ae208825a1
SHA1 8508a4bde7d75ec6d36620d295115e5f92c269f1
SHA256 cb188f58ef0539e338bb481fef08c8d2a04faa82a44148a827a44b213f0f9981
SHA512 bc0d00e07a4746e437fed572c6173e4574db5861135fa314de900cb516f5b97ee4e6600008577aa24ab2877eca0d8152071ce36445f6d5f294dcf4aa01f70476

C:\Windows\system\skqUbaS.exe

MD5 999cc5f1d615e4039c26d60b3e26ce86
SHA1 511159e876788ce4b1c208e0902c6321bec2f462
SHA256 7afef9598836909f57a731b1966ec2530cf420f9d316fbae20ab0731b6347c27
SHA512 bfdfc73d33536555c7f6669662ef262466804125d51a0e9c8f71e8e265bef9f3047356d2f678947921d5214e6bf67b68d9ae34651ccca3ba8035940cf3fcedbd

C:\Windows\system\miDUpDF.exe

MD5 4749687e2a9cedf1735c0947cd9d8efc
SHA1 444f1b01c69c9ce9c4d99a31410b1ea392158fe5
SHA256 cf5e7ec0dff43e497f04b13c74b34030de50bceea2c37dea719af5dc5f7344ac
SHA512 9cec4f7af91ed672e2967300bd3cf3cf944716100fb347c6f10368fafca3877f333e9596da57ac79cd492c9a36a226d2261cc7a68dcfd046fe20eb01d7ec1738

C:\Windows\system\FjkzAYW.exe

MD5 a97d7a16894736ced176d5917545e593
SHA1 a3608201600b041bb55e531a8ffedc3bb57d7d2f
SHA256 d51badce12c863c979fcfe3f1b586df651bffcdbc1cdbc66616acdf88c762c3c
SHA512 ed6e37eada7dd767436c4c436ecb4696bd578aa4969cc3e3dd685eab2745f724c05f38648792b373407e3cbbb7583ecc5a56d7b59c3129789bba4ceb00942fc1

C:\Windows\system\TJCbgLK.exe

MD5 aadd7872bdd5bd0ee507422928912b70
SHA1 7e7df0311fd89b7a99b28b9de6ff6c1c66c6260f
SHA256 7f19112bd639355e51fa0f72fffc10be71c41f76ddfa767bd1baeb4064c7549e
SHA512 8d2cfcba14f53ba12ddf41b8d40c6cc01cc71d07a38bb6d3e8f6a348955aac74a59eaca0539a79fdb619a746113a765c046e91268e174331ad771eb49993cac9

memory/2236-900-0x0000000001F30000-0x0000000002284000-memory.dmp

memory/2552-911-0x000000013F420000-0x000000013F774000-memory.dmp

memory/2236-910-0x000000013F420000-0x000000013F774000-memory.dmp

memory/2948-925-0x000000013F5C0000-0x000000013F914000-memory.dmp

memory/3044-929-0x000000013FA30000-0x000000013FD84000-memory.dmp

memory/2236-928-0x0000000001F30000-0x0000000002284000-memory.dmp

memory/1868-927-0x000000013FFB0000-0x0000000140304000-memory.dmp

memory/2236-926-0x000000013FFB0000-0x0000000140304000-memory.dmp

memory/2236-924-0x000000013F5C0000-0x000000013F914000-memory.dmp

memory/2492-923-0x000000013FC50000-0x000000013FFA4000-memory.dmp

memory/2236-922-0x0000000001F30000-0x0000000002284000-memory.dmp

memory/2420-921-0x000000013F890000-0x000000013FBE4000-memory.dmp

memory/2236-920-0x0000000001F30000-0x0000000002284000-memory.dmp

memory/776-919-0x000000013F330000-0x000000013F684000-memory.dmp

memory/2236-918-0x000000013F330000-0x000000013F684000-memory.dmp

memory/2608-917-0x000000013F740000-0x000000013FA94000-memory.dmp

memory/2236-916-0x0000000001F30000-0x0000000002284000-memory.dmp

memory/2452-915-0x000000013F790000-0x000000013FAE4000-memory.dmp

memory/2236-914-0x0000000001F30000-0x0000000002284000-memory.dmp

memory/2740-913-0x000000013F120000-0x000000013F474000-memory.dmp

memory/2236-912-0x000000013F120000-0x000000013F474000-memory.dmp

memory/2856-909-0x000000013F150000-0x000000013F4A4000-memory.dmp

memory/2236-908-0x000000013F150000-0x000000013F4A4000-memory.dmp

memory/2632-907-0x000000013FC90000-0x000000013FFE4000-memory.dmp

memory/2236-906-0x000000013FC90000-0x000000013FFE4000-memory.dmp

memory/2568-905-0x000000013F8D0000-0x000000013FC24000-memory.dmp

memory/2236-904-0x0000000001F30000-0x0000000002284000-memory.dmp

memory/1928-903-0x000000013F8D0000-0x000000013FC24000-memory.dmp

C:\Windows\system\HeuHnwp.exe

MD5 2243d650908652984a9496a18504e4e2
SHA1 10f8d429e2b21e0b67fa510d66df67fd9aaa6992
SHA256 c6c94349d207a348d317c1fc8298d0d079266a0c6e4f82d97d625441cb3ff009
SHA512 c0f302d3cac37a393388386785391dd9f8fb3f363219cdf10dfaa302295368cac1a16d001331e83d73bcf47b31cbbdeed732eee8fb76af6f4d3554917d8ba773

C:\Windows\system\UegropU.exe

MD5 1967699dd6ae9bcbbc6a87745ca20896
SHA1 53a20ae0adaf6052d027adc94db4b294478999bb
SHA256 77335098738c1294ff6c8d76fe354e9a047fb2fd5a239f24430738cbaf0dc50c
SHA512 c10532a21b8febfd3bb37dd391f92d81d0f13720bcc53c6f3356467945117a4390dcc9475b22fd72e7fade31fa9b06674d05e58d46a94e6e0efccfbb13ea8d16

C:\Windows\system\yUbzqNf.exe

MD5 977090ac94a0e5038cd31234ad34abc4
SHA1 b71fcb403b9dd12e6cd2ad3ad37d55cefab8ec14
SHA256 f2bb6c0d6080fbe40eaee452b9dbd80e41578e4919d40af72a35071fc618c694
SHA512 192aabf0be9d9d9b174b124a6f3498f3106d01773ca521f68c1b401c10e2a5e2fb5d679ecc11e6d6abf01811109c66262aa15b343e4a49944f6aac1244e2c23b

C:\Windows\system\ZTHsmSv.exe

MD5 fd253c3a093c94d26f1bd4ea3edd4fd7
SHA1 686483e638bf6438a782e2602024c67f8f321be4
SHA256 762eadf9d387634fd5562da77ecfdb7a68074e644b0d90a93a2d0687e7545013
SHA512 f58c41d653a53ffba1fd493e6f3ff6ea0071b2bceb43fd93319d26ecf70f606c7b553cce3f978ee65932055fd2fd0af94c26d99a5e7243735b899a547cd4bbf3

C:\Windows\system\TTwiesd.exe

MD5 cb64ba17912908fc088089e36481d22f
SHA1 a4a0a0f1623fdfb08ff318df35953e7effe92196
SHA256 eb93a1c841f950c7601cda02f7d5b3971b807898b15ea633c96bcf80cecc15c9
SHA512 af20def1507c6a2400ade0a1663da8bd3c691659bc6c2fe27e8e17daaee067b69eada4b9e6b1608af268c15ecdeb9aa63a5246886d44851bac6aa659506a4c52

C:\Windows\system\IebCtTK.exe

MD5 38ef8f8a4a963e87db7f6dc2d1b0cb3c
SHA1 39e003d69f04b9b25c9d2e58ecf8b8f6a590adbf
SHA256 0665fd55690e0c1257e686056947b4097df89f2422619e83f01a7615d2fafac0
SHA512 7689e6d2b2e0d27a8f89170e683d2842b766a7ae7184cf3d9d5a893a554db8b6f9be8b6a1f8726d8361a0d9e34930bd16b608ea59168a5fa07f52b42e67e7aa3

C:\Windows\system\eFnfZbz.exe

MD5 c70565bba8d698e59a6bf2e1651f054e
SHA1 1539a7a96199d63da3fe64936aa16811632ecffb
SHA256 b970d33693c482a7b6743a8607a05eb754741cb992fca8e1450c430bb490e5b4
SHA512 6f6d7af4a04da4437ef9162615b3623dad403295983f238acef625f55575e6c386980b3f67a5cece870649f912288d3ab8347a5568c937419cb340d286608e17

C:\Windows\system\xFMtrOq.exe

MD5 d294eac6d935167830dc173aceea29be
SHA1 b2a15836a139192914e035655741c7301940823d
SHA256 32b0c4fa3249114fe362a9f82ae7bcf3c26503ee0fb53283b9ec4b6b09a1802e
SHA512 b5b27508a211bdde3a7d55b63a16f4e7cb985a25abcb5d025b0d4419d31fa01b4529b7c4a4888b5b87f5cbf76daf3bbe93dbecb4b2271b2642a03a7c363e8717

C:\Windows\system\KFdpeZt.exe

MD5 c91e708964296fd076689dfe63a4f3f2
SHA1 070c1bdbcbaab0a6a918bc1c4bbe8cb1855bffba
SHA256 46ce82ff8beceb0b0b91c8f26163d5ea81482140424751be23bf92b04c1465e5
SHA512 63000efed3ffc0c423ea47b4c767ade96472fd189f6553b84413fa01f5c32fc84011a337bd21a2519d0a1ba0b3d4ece36ff01c65dbf93da0162e220ae533b68d

C:\Windows\system\cGgLJuJ.exe

MD5 1f13a2f56f5581f4fbc8dcdec46d7d66
SHA1 b1cbbc4edd1cbe8a58ed0a43e9ed629478c6551a
SHA256 d7ba2025e2ac605364ece0d15b5a326e6797b891ba79636465906ad5cdb23ccd
SHA512 528cad4ddad20e56f0af2e284743adbc4227153ded4faf06e7713e97df4d6f4803b80fb950947bb927aa84314c944abd8c2c4fc3cafb25961b7514a47b393e9b

C:\Windows\system\rhZSkwB.exe

MD5 4bf8db321867219b1ba07ddffa3f7a53
SHA1 3e9f4ebffba01c66d60ed3a8fdd38b0c12d250cf
SHA256 62ced67f52afac39b52ae3bfe924085adcbb555d47086f1a2a838842a1debad2
SHA512 818be425ea6b22a48e1cb579dc7af408c618e7dd9f17b781f6609f2fa4bd8fcd57d4633cbcbd333e1855eb4818a9f38e082fec1c32ee28b88995fabaa2e136af

C:\Windows\system\nOpyLfk.exe

MD5 2cc335601c5bc9d5ab29ae7cbc128f74
SHA1 31885f78f61b81994987778d772c921f28762ada
SHA256 ab58645d3c5e8e504ae0f92acf203fec12fb1ad1f0aeff15c7b34b9cd7a18e95
SHA512 e9e139743dac4e15b51455f5ad07cb5463e46489a814cb96f561fd7405e048ae2e7a54b1f9ca6551c14feaba69da970b50cea4322fd805c8f56e04e642c81371

C:\Windows\system\sVxHqHY.exe

MD5 8c40d7d041954ed78311732ecfe61d3f
SHA1 87e6ed47e00895f06ce63197a1ccc5979407d16f
SHA256 90ba52543fa94363324802c100376b7e656172b70bb23743ac8058ccbb0709e2
SHA512 f851c3a6e5801e170e9465cbfd68f605ae095adf8b533ea1e974cd8517e680ac9e9ee8f8fb009f4e609109d8959dc487ce01e6f5f58d469b1a55636a5b315813

C:\Windows\system\aGxqwZM.exe

MD5 ac24e743b2e27cd222ddf0f891a0f8ea
SHA1 129850c2ba68b9c90483d961fedf7fe615880f6b
SHA256 6af678a80092aff92f839531db56ca10467387dd23d284f1e94a953c684e61ee
SHA512 557796fbbe0f372486e3987a952388852bbde36be6fe6f44565e64c032dc331e2b5d8002404077905e30ad87315acbb9ecee16a8802d9065087d784f4718ab79

C:\Windows\system\CEyYEDH.exe

MD5 b5d76409e3b5dea51dcf00a998c6c915
SHA1 90aaa03553b26d29f717d7e8cc23c91fb375247d
SHA256 b00377e0c33d51c78cea3a133db8901222955565b92552692c58b078889d1ee6
SHA512 35c416653f2b1ab42d76f60026f236c56445bae5f7f7ce428546141a3247481bec5f7ea120ad85fcfcf030258b43ec31cbed00493ceb8156164452375d2aa743

C:\Windows\system\HmvnJgu.exe

MD5 a8f623adb79d0f09f06fd8abed12ad07
SHA1 06b215bdd74e126fd70eca2dee492c21d9c3fddc
SHA256 03e841f5f90919f697d7a0d0d3ce0c028eeefe9cc5e7f4eedc4de835d8921fd1
SHA512 9f07a11fca1378818d863c0afc17e1c64287f2e45c91cefb64d9e7be94bb5630e714a41c5cef468bcdd9d0a3aec5f69fd863d0f096e91c95594ade4380340291

C:\Windows\system\vgdwWmd.exe

MD5 8ac789ac1242c6edb6875f4711a950f0
SHA1 e390131a505b0040ec29f78ea342e59a2fe3787c
SHA256 832666efc9d8635c38f8c4ff1b479ce5596a38914a5eda9b81a384fab0a1b667
SHA512 b3bdc247bbb66f1ff2b4e1c93d25028b6b527fdefbb48ce7543e5ff9a6594f75b4989dfaff15b2eb52a9598204aee442c14d84cfcda0ffd4202d5c84cd1bf100

C:\Windows\system\NaiMMhR.exe

MD5 dbcd66ddad11030878d31a7cb08b4d7b
SHA1 b973500b9cca05e7588cfcd5e2b589d12655e148
SHA256 042e4c55851c159a6d1269e7da466cb37c98e4999a3dc394657215d6d643b058
SHA512 bc7a34aadddee2a382427fc817f1e74b1c7c777c8812c0a6b62c057967a7090c79258aa99030625e90a640e1362c095d4db795f2ccadc37d6a9df47ddb9adb21

C:\Windows\system\RPYMatE.exe

MD5 0ced887449dec3ce57afac0ead31f4e3
SHA1 2816edcb23e4fe84a8fd8d0836a26699835c58cf
SHA256 2caee15ef25af3e0463cd2b59abc78c4ecfb6da2595337e77d284359445dd1a7
SHA512 8ad661a6e773c90824c05bffb5bf288aceafcba037cbac6482567bb10aac8da36c721ca87d1ccc31ef6debaea1278651b3649064e55b5368da457299bad69098

memory/2236-1069-0x000000013F920000-0x000000013FC74000-memory.dmp

memory/2236-1070-0x0000000001F30000-0x0000000002284000-memory.dmp

memory/2236-1071-0x0000000001F30000-0x0000000002284000-memory.dmp

memory/2236-1072-0x0000000001F30000-0x0000000002284000-memory.dmp

memory/2236-1073-0x000000013FC90000-0x000000013FFE4000-memory.dmp

memory/2236-1075-0x000000013F420000-0x000000013F774000-memory.dmp

memory/2236-1074-0x000000013F150000-0x000000013F4A4000-memory.dmp

memory/2236-1079-0x000000013F330000-0x000000013F684000-memory.dmp

memory/2236-1078-0x0000000001F30000-0x0000000002284000-memory.dmp

memory/2236-1077-0x0000000001F30000-0x0000000002284000-memory.dmp

memory/2236-1076-0x000000013F120000-0x000000013F474000-memory.dmp

memory/2236-1080-0x0000000001F30000-0x0000000002284000-memory.dmp

memory/2236-1081-0x0000000001F30000-0x0000000002284000-memory.dmp

memory/2236-1082-0x000000013F5C0000-0x000000013F914000-memory.dmp

memory/2236-1083-0x000000013FFB0000-0x0000000140304000-memory.dmp

memory/2236-1084-0x0000000001F30000-0x0000000002284000-memory.dmp

memory/1928-1085-0x000000013F8D0000-0x000000013FC24000-memory.dmp

memory/3044-1086-0x000000013FA30000-0x000000013FD84000-memory.dmp

memory/2632-1087-0x000000013FC90000-0x000000013FFE4000-memory.dmp

memory/2856-1088-0x000000013F150000-0x000000013F4A4000-memory.dmp

memory/2552-1089-0x000000013F420000-0x000000013F774000-memory.dmp

memory/2740-1090-0x000000013F120000-0x000000013F474000-memory.dmp

memory/2452-1091-0x000000013F790000-0x000000013FAE4000-memory.dmp

memory/2608-1092-0x000000013F740000-0x000000013FA94000-memory.dmp

memory/776-1093-0x000000013F330000-0x000000013F684000-memory.dmp

memory/2420-1094-0x000000013F890000-0x000000013FBE4000-memory.dmp

memory/2492-1095-0x000000013FC50000-0x000000013FFA4000-memory.dmp

memory/1868-1097-0x000000013FFB0000-0x0000000140304000-memory.dmp

memory/2948-1096-0x000000013F5C0000-0x000000013F914000-memory.dmp

memory/2568-1098-0x000000013F8D0000-0x000000013FC24000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-19 08:25

Reported

2024-06-19 08:27

Platform

win10v2004-20240611-en

Max time kernel

144s

Max time network

148s

Command Line

"C:\Users\Admin\AppData\Local\Temp\abcd6cc1baca16c3a5e073b2a3002610_NeikiAnalytics.exe"

Signatures

KPOT

trojan stealer kpot

KPOT Core Executable

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

xmrig

miner xmrig

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Windows\System\XtoednA.exe N/A
N/A N/A C:\Windows\System\QFZXiDX.exe N/A
N/A N/A C:\Windows\System\HokBAFX.exe N/A
N/A N/A C:\Windows\System\GsBTiVZ.exe N/A
N/A N/A C:\Windows\System\tQkGjWi.exe N/A
N/A N/A C:\Windows\System\koWmqlS.exe N/A
N/A N/A C:\Windows\System\aAVwSiN.exe N/A
N/A N/A C:\Windows\System\nqlKaMx.exe N/A
N/A N/A C:\Windows\System\jopGrrI.exe N/A
N/A N/A C:\Windows\System\QhdYMtu.exe N/A
N/A N/A C:\Windows\System\kmOlHUM.exe N/A
N/A N/A C:\Windows\System\vGZmCUL.exe N/A
N/A N/A C:\Windows\System\GvLzdlf.exe N/A
N/A N/A C:\Windows\System\fKLDKjd.exe N/A
N/A N/A C:\Windows\System\rQbJWoC.exe N/A
N/A N/A C:\Windows\System\jeeuMBP.exe N/A
N/A N/A C:\Windows\System\JWDrMcD.exe N/A
N/A N/A C:\Windows\System\kLUGbEp.exe N/A
N/A N/A C:\Windows\System\kHZejPa.exe N/A
N/A N/A C:\Windows\System\rqOpFrG.exe N/A
N/A N/A C:\Windows\System\WylMecS.exe N/A
N/A N/A C:\Windows\System\nrbKBHj.exe N/A
N/A N/A C:\Windows\System\gqypdUh.exe N/A
N/A N/A C:\Windows\System\Sjbuial.exe N/A
N/A N/A C:\Windows\System\SpdxbJr.exe N/A
N/A N/A C:\Windows\System\phmXDbN.exe N/A
N/A N/A C:\Windows\System\ABFZMfx.exe N/A
N/A N/A C:\Windows\System\tiZnlRi.exe N/A
N/A N/A C:\Windows\System\wxZjVlr.exe N/A
N/A N/A C:\Windows\System\vnhbSGn.exe N/A
N/A N/A C:\Windows\System\fohBcuh.exe N/A
N/A N/A C:\Windows\System\NTGIivu.exe N/A
N/A N/A C:\Windows\System\YcPfXko.exe N/A
N/A N/A C:\Windows\System\RojpBML.exe N/A
N/A N/A C:\Windows\System\RhfbiAh.exe N/A
N/A N/A C:\Windows\System\EPTCoSy.exe N/A
N/A N/A C:\Windows\System\JPQHItE.exe N/A
N/A N/A C:\Windows\System\jGxGDgo.exe N/A
N/A N/A C:\Windows\System\rePZueW.exe N/A
N/A N/A C:\Windows\System\ZmGuGlY.exe N/A
N/A N/A C:\Windows\System\bAkuFYL.exe N/A
N/A N/A C:\Windows\System\BdhtpRM.exe N/A
N/A N/A C:\Windows\System\nrDaVRT.exe N/A
N/A N/A C:\Windows\System\ugCdmEC.exe N/A
N/A N/A C:\Windows\System\gUtFLWo.exe N/A
N/A N/A C:\Windows\System\enwbwCz.exe N/A
N/A N/A C:\Windows\System\ZkShUOH.exe N/A
N/A N/A C:\Windows\System\LTeSSAW.exe N/A
N/A N/A C:\Windows\System\igjvpoQ.exe N/A
N/A N/A C:\Windows\System\xOLtuRL.exe N/A
N/A N/A C:\Windows\System\SJXaLIP.exe N/A
N/A N/A C:\Windows\System\jcmtfMB.exe N/A
N/A N/A C:\Windows\System\ucsABQX.exe N/A
N/A N/A C:\Windows\System\jDXfdKa.exe N/A
N/A N/A C:\Windows\System\sGXDTTb.exe N/A
N/A N/A C:\Windows\System\HAKVboO.exe N/A
N/A N/A C:\Windows\System\WlCYkQT.exe N/A
N/A N/A C:\Windows\System\OPAqShp.exe N/A
N/A N/A C:\Windows\System\vwYEgfX.exe N/A
N/A N/A C:\Windows\System\kFItvju.exe N/A
N/A N/A C:\Windows\System\NVUxEWJ.exe N/A
N/A N/A C:\Windows\System\FflQueF.exe N/A
N/A N/A C:\Windows\System\heCRpHo.exe N/A
N/A N/A C:\Windows\System\FTFWKTs.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\System\RojpBML.exe C:\Users\Admin\AppData\Local\Temp\abcd6cc1baca16c3a5e073b2a3002610_NeikiAnalytics.exe N/A
File created C:\Windows\System\bAkuFYL.exe C:\Users\Admin\AppData\Local\Temp\abcd6cc1baca16c3a5e073b2a3002610_NeikiAnalytics.exe N/A
File created C:\Windows\System\vvHPlfm.exe C:\Users\Admin\AppData\Local\Temp\abcd6cc1baca16c3a5e073b2a3002610_NeikiAnalytics.exe N/A
File created C:\Windows\System\CGnssHb.exe C:\Users\Admin\AppData\Local\Temp\abcd6cc1baca16c3a5e073b2a3002610_NeikiAnalytics.exe N/A
File created C:\Windows\System\oZnemaf.exe C:\Users\Admin\AppData\Local\Temp\abcd6cc1baca16c3a5e073b2a3002610_NeikiAnalytics.exe N/A
File created C:\Windows\System\HhISvZR.exe C:\Users\Admin\AppData\Local\Temp\abcd6cc1baca16c3a5e073b2a3002610_NeikiAnalytics.exe N/A
File created C:\Windows\System\cavkWAI.exe C:\Users\Admin\AppData\Local\Temp\abcd6cc1baca16c3a5e073b2a3002610_NeikiAnalytics.exe N/A
File created C:\Windows\System\aLqWMZp.exe C:\Users\Admin\AppData\Local\Temp\abcd6cc1baca16c3a5e073b2a3002610_NeikiAnalytics.exe N/A
File created C:\Windows\System\GsBTiVZ.exe C:\Users\Admin\AppData\Local\Temp\abcd6cc1baca16c3a5e073b2a3002610_NeikiAnalytics.exe N/A
File created C:\Windows\System\ssYGMvL.exe C:\Users\Admin\AppData\Local\Temp\abcd6cc1baca16c3a5e073b2a3002610_NeikiAnalytics.exe N/A
File created C:\Windows\System\qsUKowY.exe C:\Users\Admin\AppData\Local\Temp\abcd6cc1baca16c3a5e073b2a3002610_NeikiAnalytics.exe N/A
File created C:\Windows\System\BYFtVqq.exe C:\Users\Admin\AppData\Local\Temp\abcd6cc1baca16c3a5e073b2a3002610_NeikiAnalytics.exe N/A
File created C:\Windows\System\EHEkgfX.exe C:\Users\Admin\AppData\Local\Temp\abcd6cc1baca16c3a5e073b2a3002610_NeikiAnalytics.exe N/A
File created C:\Windows\System\DWObIjO.exe C:\Users\Admin\AppData\Local\Temp\abcd6cc1baca16c3a5e073b2a3002610_NeikiAnalytics.exe N/A
File created C:\Windows\System\ktDHgls.exe C:\Users\Admin\AppData\Local\Temp\abcd6cc1baca16c3a5e073b2a3002610_NeikiAnalytics.exe N/A
File created C:\Windows\System\emrIMul.exe C:\Users\Admin\AppData\Local\Temp\abcd6cc1baca16c3a5e073b2a3002610_NeikiAnalytics.exe N/A
File created C:\Windows\System\YhxnhYY.exe C:\Users\Admin\AppData\Local\Temp\abcd6cc1baca16c3a5e073b2a3002610_NeikiAnalytics.exe N/A
File created C:\Windows\System\evpUeYf.exe C:\Users\Admin\AppData\Local\Temp\abcd6cc1baca16c3a5e073b2a3002610_NeikiAnalytics.exe N/A
File created C:\Windows\System\UHjaaop.exe C:\Users\Admin\AppData\Local\Temp\abcd6cc1baca16c3a5e073b2a3002610_NeikiAnalytics.exe N/A
File created C:\Windows\System\jeeuMBP.exe C:\Users\Admin\AppData\Local\Temp\abcd6cc1baca16c3a5e073b2a3002610_NeikiAnalytics.exe N/A
File created C:\Windows\System\SDNabiD.exe C:\Users\Admin\AppData\Local\Temp\abcd6cc1baca16c3a5e073b2a3002610_NeikiAnalytics.exe N/A
File created C:\Windows\System\ZpLqdFa.exe C:\Users\Admin\AppData\Local\Temp\abcd6cc1baca16c3a5e073b2a3002610_NeikiAnalytics.exe N/A
File created C:\Windows\System\CZdoYjG.exe C:\Users\Admin\AppData\Local\Temp\abcd6cc1baca16c3a5e073b2a3002610_NeikiAnalytics.exe N/A
File created C:\Windows\System\nOUkMAn.exe C:\Users\Admin\AppData\Local\Temp\abcd6cc1baca16c3a5e073b2a3002610_NeikiAnalytics.exe N/A
File created C:\Windows\System\LLBblFk.exe C:\Users\Admin\AppData\Local\Temp\abcd6cc1baca16c3a5e073b2a3002610_NeikiAnalytics.exe N/A
File created C:\Windows\System\gqypdUh.exe C:\Users\Admin\AppData\Local\Temp\abcd6cc1baca16c3a5e073b2a3002610_NeikiAnalytics.exe N/A
File created C:\Windows\System\ugCdmEC.exe C:\Users\Admin\AppData\Local\Temp\abcd6cc1baca16c3a5e073b2a3002610_NeikiAnalytics.exe N/A
File created C:\Windows\System\esHNJcB.exe C:\Users\Admin\AppData\Local\Temp\abcd6cc1baca16c3a5e073b2a3002610_NeikiAnalytics.exe N/A
File created C:\Windows\System\cHXkuXu.exe C:\Users\Admin\AppData\Local\Temp\abcd6cc1baca16c3a5e073b2a3002610_NeikiAnalytics.exe N/A
File created C:\Windows\System\tHbfbBw.exe C:\Users\Admin\AppData\Local\Temp\abcd6cc1baca16c3a5e073b2a3002610_NeikiAnalytics.exe N/A
File created C:\Windows\System\rwqcyBi.exe C:\Users\Admin\AppData\Local\Temp\abcd6cc1baca16c3a5e073b2a3002610_NeikiAnalytics.exe N/A
File created C:\Windows\System\EaKYnxC.exe C:\Users\Admin\AppData\Local\Temp\abcd6cc1baca16c3a5e073b2a3002610_NeikiAnalytics.exe N/A
File created C:\Windows\System\WNDOMfX.exe C:\Users\Admin\AppData\Local\Temp\abcd6cc1baca16c3a5e073b2a3002610_NeikiAnalytics.exe N/A
File created C:\Windows\System\YhKQvOi.exe C:\Users\Admin\AppData\Local\Temp\abcd6cc1baca16c3a5e073b2a3002610_NeikiAnalytics.exe N/A
File created C:\Windows\System\TRWtatE.exe C:\Users\Admin\AppData\Local\Temp\abcd6cc1baca16c3a5e073b2a3002610_NeikiAnalytics.exe N/A
File created C:\Windows\System\ylbfQfB.exe C:\Users\Admin\AppData\Local\Temp\abcd6cc1baca16c3a5e073b2a3002610_NeikiAnalytics.exe N/A
File created C:\Windows\System\UdgWHoh.exe C:\Users\Admin\AppData\Local\Temp\abcd6cc1baca16c3a5e073b2a3002610_NeikiAnalytics.exe N/A
File created C:\Windows\System\rqOpFrG.exe C:\Users\Admin\AppData\Local\Temp\abcd6cc1baca16c3a5e073b2a3002610_NeikiAnalytics.exe N/A
File created C:\Windows\System\EPTCoSy.exe C:\Users\Admin\AppData\Local\Temp\abcd6cc1baca16c3a5e073b2a3002610_NeikiAnalytics.exe N/A
File created C:\Windows\System\xOLtuRL.exe C:\Users\Admin\AppData\Local\Temp\abcd6cc1baca16c3a5e073b2a3002610_NeikiAnalytics.exe N/A
File created C:\Windows\System\HITPzPG.exe C:\Users\Admin\AppData\Local\Temp\abcd6cc1baca16c3a5e073b2a3002610_NeikiAnalytics.exe N/A
File created C:\Windows\System\nXVdlyQ.exe C:\Users\Admin\AppData\Local\Temp\abcd6cc1baca16c3a5e073b2a3002610_NeikiAnalytics.exe N/A
File created C:\Windows\System\DDIpNpZ.exe C:\Users\Admin\AppData\Local\Temp\abcd6cc1baca16c3a5e073b2a3002610_NeikiAnalytics.exe N/A
File created C:\Windows\System\BdhtpRM.exe C:\Users\Admin\AppData\Local\Temp\abcd6cc1baca16c3a5e073b2a3002610_NeikiAnalytics.exe N/A
File created C:\Windows\System\sGXDTTb.exe C:\Users\Admin\AppData\Local\Temp\abcd6cc1baca16c3a5e073b2a3002610_NeikiAnalytics.exe N/A
File created C:\Windows\System\anJlfKP.exe C:\Users\Admin\AppData\Local\Temp\abcd6cc1baca16c3a5e073b2a3002610_NeikiAnalytics.exe N/A
File created C:\Windows\System\ENBPGCR.exe C:\Users\Admin\AppData\Local\Temp\abcd6cc1baca16c3a5e073b2a3002610_NeikiAnalytics.exe N/A
File created C:\Windows\System\zGDbasr.exe C:\Users\Admin\AppData\Local\Temp\abcd6cc1baca16c3a5e073b2a3002610_NeikiAnalytics.exe N/A
File created C:\Windows\System\RUniyAN.exe C:\Users\Admin\AppData\Local\Temp\abcd6cc1baca16c3a5e073b2a3002610_NeikiAnalytics.exe N/A
File created C:\Windows\System\UyNgWDY.exe C:\Users\Admin\AppData\Local\Temp\abcd6cc1baca16c3a5e073b2a3002610_NeikiAnalytics.exe N/A
File created C:\Windows\System\PkruCQm.exe C:\Users\Admin\AppData\Local\Temp\abcd6cc1baca16c3a5e073b2a3002610_NeikiAnalytics.exe N/A
File created C:\Windows\System\mvEpIeh.exe C:\Users\Admin\AppData\Local\Temp\abcd6cc1baca16c3a5e073b2a3002610_NeikiAnalytics.exe N/A
File created C:\Windows\System\MbrMNDL.exe C:\Users\Admin\AppData\Local\Temp\abcd6cc1baca16c3a5e073b2a3002610_NeikiAnalytics.exe N/A
File created C:\Windows\System\xFDYpmD.exe C:\Users\Admin\AppData\Local\Temp\abcd6cc1baca16c3a5e073b2a3002610_NeikiAnalytics.exe N/A
File created C:\Windows\System\onrkXUt.exe C:\Users\Admin\AppData\Local\Temp\abcd6cc1baca16c3a5e073b2a3002610_NeikiAnalytics.exe N/A
File created C:\Windows\System\YcPfXko.exe C:\Users\Admin\AppData\Local\Temp\abcd6cc1baca16c3a5e073b2a3002610_NeikiAnalytics.exe N/A
File created C:\Windows\System\PdqIuvc.exe C:\Users\Admin\AppData\Local\Temp\abcd6cc1baca16c3a5e073b2a3002610_NeikiAnalytics.exe N/A
File created C:\Windows\System\NxkTIZM.exe C:\Users\Admin\AppData\Local\Temp\abcd6cc1baca16c3a5e073b2a3002610_NeikiAnalytics.exe N/A
File created C:\Windows\System\QhdYMtu.exe C:\Users\Admin\AppData\Local\Temp\abcd6cc1baca16c3a5e073b2a3002610_NeikiAnalytics.exe N/A
File created C:\Windows\System\WlCYkQT.exe C:\Users\Admin\AppData\Local\Temp\abcd6cc1baca16c3a5e073b2a3002610_NeikiAnalytics.exe N/A
File created C:\Windows\System\QIeAcnM.exe C:\Users\Admin\AppData\Local\Temp\abcd6cc1baca16c3a5e073b2a3002610_NeikiAnalytics.exe N/A
File created C:\Windows\System\zryVMNN.exe C:\Users\Admin\AppData\Local\Temp\abcd6cc1baca16c3a5e073b2a3002610_NeikiAnalytics.exe N/A
File created C:\Windows\System\QFZXiDX.exe C:\Users\Admin\AppData\Local\Temp\abcd6cc1baca16c3a5e073b2a3002610_NeikiAnalytics.exe N/A
File created C:\Windows\System\ASzjKKB.exe C:\Users\Admin\AppData\Local\Temp\abcd6cc1baca16c3a5e073b2a3002610_NeikiAnalytics.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\abcd6cc1baca16c3a5e073b2a3002610_NeikiAnalytics.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\abcd6cc1baca16c3a5e073b2a3002610_NeikiAnalytics.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4764 wrote to memory of 4520 N/A C:\Users\Admin\AppData\Local\Temp\abcd6cc1baca16c3a5e073b2a3002610_NeikiAnalytics.exe C:\Windows\System\XtoednA.exe
PID 4764 wrote to memory of 4520 N/A C:\Users\Admin\AppData\Local\Temp\abcd6cc1baca16c3a5e073b2a3002610_NeikiAnalytics.exe C:\Windows\System\XtoednA.exe
PID 4764 wrote to memory of 4148 N/A C:\Users\Admin\AppData\Local\Temp\abcd6cc1baca16c3a5e073b2a3002610_NeikiAnalytics.exe C:\Windows\System\QFZXiDX.exe
PID 4764 wrote to memory of 4148 N/A C:\Users\Admin\AppData\Local\Temp\abcd6cc1baca16c3a5e073b2a3002610_NeikiAnalytics.exe C:\Windows\System\QFZXiDX.exe
PID 4764 wrote to memory of 2776 N/A C:\Users\Admin\AppData\Local\Temp\abcd6cc1baca16c3a5e073b2a3002610_NeikiAnalytics.exe C:\Windows\System\HokBAFX.exe
PID 4764 wrote to memory of 2776 N/A C:\Users\Admin\AppData\Local\Temp\abcd6cc1baca16c3a5e073b2a3002610_NeikiAnalytics.exe C:\Windows\System\HokBAFX.exe
PID 4764 wrote to memory of 3964 N/A C:\Users\Admin\AppData\Local\Temp\abcd6cc1baca16c3a5e073b2a3002610_NeikiAnalytics.exe C:\Windows\System\GsBTiVZ.exe
PID 4764 wrote to memory of 3964 N/A C:\Users\Admin\AppData\Local\Temp\abcd6cc1baca16c3a5e073b2a3002610_NeikiAnalytics.exe C:\Windows\System\GsBTiVZ.exe
PID 4764 wrote to memory of 3704 N/A C:\Users\Admin\AppData\Local\Temp\abcd6cc1baca16c3a5e073b2a3002610_NeikiAnalytics.exe C:\Windows\System\tQkGjWi.exe
PID 4764 wrote to memory of 3704 N/A C:\Users\Admin\AppData\Local\Temp\abcd6cc1baca16c3a5e073b2a3002610_NeikiAnalytics.exe C:\Windows\System\tQkGjWi.exe
PID 4764 wrote to memory of 1040 N/A C:\Users\Admin\AppData\Local\Temp\abcd6cc1baca16c3a5e073b2a3002610_NeikiAnalytics.exe C:\Windows\System\koWmqlS.exe
PID 4764 wrote to memory of 1040 N/A C:\Users\Admin\AppData\Local\Temp\abcd6cc1baca16c3a5e073b2a3002610_NeikiAnalytics.exe C:\Windows\System\koWmqlS.exe
PID 4764 wrote to memory of 2584 N/A C:\Users\Admin\AppData\Local\Temp\abcd6cc1baca16c3a5e073b2a3002610_NeikiAnalytics.exe C:\Windows\System\aAVwSiN.exe
PID 4764 wrote to memory of 2584 N/A C:\Users\Admin\AppData\Local\Temp\abcd6cc1baca16c3a5e073b2a3002610_NeikiAnalytics.exe C:\Windows\System\aAVwSiN.exe
PID 4764 wrote to memory of 1912 N/A C:\Users\Admin\AppData\Local\Temp\abcd6cc1baca16c3a5e073b2a3002610_NeikiAnalytics.exe C:\Windows\System\nqlKaMx.exe
PID 4764 wrote to memory of 1912 N/A C:\Users\Admin\AppData\Local\Temp\abcd6cc1baca16c3a5e073b2a3002610_NeikiAnalytics.exe C:\Windows\System\nqlKaMx.exe
PID 4764 wrote to memory of 3228 N/A C:\Users\Admin\AppData\Local\Temp\abcd6cc1baca16c3a5e073b2a3002610_NeikiAnalytics.exe C:\Windows\System\jopGrrI.exe
PID 4764 wrote to memory of 3228 N/A C:\Users\Admin\AppData\Local\Temp\abcd6cc1baca16c3a5e073b2a3002610_NeikiAnalytics.exe C:\Windows\System\jopGrrI.exe
PID 4764 wrote to memory of 4176 N/A C:\Users\Admin\AppData\Local\Temp\abcd6cc1baca16c3a5e073b2a3002610_NeikiAnalytics.exe C:\Windows\System\QhdYMtu.exe
PID 4764 wrote to memory of 4176 N/A C:\Users\Admin\AppData\Local\Temp\abcd6cc1baca16c3a5e073b2a3002610_NeikiAnalytics.exe C:\Windows\System\QhdYMtu.exe
PID 4764 wrote to memory of 1320 N/A C:\Users\Admin\AppData\Local\Temp\abcd6cc1baca16c3a5e073b2a3002610_NeikiAnalytics.exe C:\Windows\System\kmOlHUM.exe
PID 4764 wrote to memory of 1320 N/A C:\Users\Admin\AppData\Local\Temp\abcd6cc1baca16c3a5e073b2a3002610_NeikiAnalytics.exe C:\Windows\System\kmOlHUM.exe
PID 4764 wrote to memory of 1992 N/A C:\Users\Admin\AppData\Local\Temp\abcd6cc1baca16c3a5e073b2a3002610_NeikiAnalytics.exe C:\Windows\System\vGZmCUL.exe
PID 4764 wrote to memory of 1992 N/A C:\Users\Admin\AppData\Local\Temp\abcd6cc1baca16c3a5e073b2a3002610_NeikiAnalytics.exe C:\Windows\System\vGZmCUL.exe
PID 4764 wrote to memory of 3568 N/A C:\Users\Admin\AppData\Local\Temp\abcd6cc1baca16c3a5e073b2a3002610_NeikiAnalytics.exe C:\Windows\System\GvLzdlf.exe
PID 4764 wrote to memory of 3568 N/A C:\Users\Admin\AppData\Local\Temp\abcd6cc1baca16c3a5e073b2a3002610_NeikiAnalytics.exe C:\Windows\System\GvLzdlf.exe
PID 4764 wrote to memory of 4056 N/A C:\Users\Admin\AppData\Local\Temp\abcd6cc1baca16c3a5e073b2a3002610_NeikiAnalytics.exe C:\Windows\System\fKLDKjd.exe
PID 4764 wrote to memory of 4056 N/A C:\Users\Admin\AppData\Local\Temp\abcd6cc1baca16c3a5e073b2a3002610_NeikiAnalytics.exe C:\Windows\System\fKLDKjd.exe
PID 4764 wrote to memory of 3340 N/A C:\Users\Admin\AppData\Local\Temp\abcd6cc1baca16c3a5e073b2a3002610_NeikiAnalytics.exe C:\Windows\System\rQbJWoC.exe
PID 4764 wrote to memory of 3340 N/A C:\Users\Admin\AppData\Local\Temp\abcd6cc1baca16c3a5e073b2a3002610_NeikiAnalytics.exe C:\Windows\System\rQbJWoC.exe
PID 4764 wrote to memory of 4556 N/A C:\Users\Admin\AppData\Local\Temp\abcd6cc1baca16c3a5e073b2a3002610_NeikiAnalytics.exe C:\Windows\System\jeeuMBP.exe
PID 4764 wrote to memory of 4556 N/A C:\Users\Admin\AppData\Local\Temp\abcd6cc1baca16c3a5e073b2a3002610_NeikiAnalytics.exe C:\Windows\System\jeeuMBP.exe
PID 4764 wrote to memory of 2336 N/A C:\Users\Admin\AppData\Local\Temp\abcd6cc1baca16c3a5e073b2a3002610_NeikiAnalytics.exe C:\Windows\System\JWDrMcD.exe
PID 4764 wrote to memory of 2336 N/A C:\Users\Admin\AppData\Local\Temp\abcd6cc1baca16c3a5e073b2a3002610_NeikiAnalytics.exe C:\Windows\System\JWDrMcD.exe
PID 4764 wrote to memory of 2976 N/A C:\Users\Admin\AppData\Local\Temp\abcd6cc1baca16c3a5e073b2a3002610_NeikiAnalytics.exe C:\Windows\System\kLUGbEp.exe
PID 4764 wrote to memory of 2976 N/A C:\Users\Admin\AppData\Local\Temp\abcd6cc1baca16c3a5e073b2a3002610_NeikiAnalytics.exe C:\Windows\System\kLUGbEp.exe
PID 4764 wrote to memory of 1956 N/A C:\Users\Admin\AppData\Local\Temp\abcd6cc1baca16c3a5e073b2a3002610_NeikiAnalytics.exe C:\Windows\System\kHZejPa.exe
PID 4764 wrote to memory of 1956 N/A C:\Users\Admin\AppData\Local\Temp\abcd6cc1baca16c3a5e073b2a3002610_NeikiAnalytics.exe C:\Windows\System\kHZejPa.exe
PID 4764 wrote to memory of 1460 N/A C:\Users\Admin\AppData\Local\Temp\abcd6cc1baca16c3a5e073b2a3002610_NeikiAnalytics.exe C:\Windows\System\rqOpFrG.exe
PID 4764 wrote to memory of 1460 N/A C:\Users\Admin\AppData\Local\Temp\abcd6cc1baca16c3a5e073b2a3002610_NeikiAnalytics.exe C:\Windows\System\rqOpFrG.exe
PID 4764 wrote to memory of 5028 N/A C:\Users\Admin\AppData\Local\Temp\abcd6cc1baca16c3a5e073b2a3002610_NeikiAnalytics.exe C:\Windows\System\WylMecS.exe
PID 4764 wrote to memory of 5028 N/A C:\Users\Admin\AppData\Local\Temp\abcd6cc1baca16c3a5e073b2a3002610_NeikiAnalytics.exe C:\Windows\System\WylMecS.exe
PID 4764 wrote to memory of 3472 N/A C:\Users\Admin\AppData\Local\Temp\abcd6cc1baca16c3a5e073b2a3002610_NeikiAnalytics.exe C:\Windows\System\nrbKBHj.exe
PID 4764 wrote to memory of 3472 N/A C:\Users\Admin\AppData\Local\Temp\abcd6cc1baca16c3a5e073b2a3002610_NeikiAnalytics.exe C:\Windows\System\nrbKBHj.exe
PID 4764 wrote to memory of 4956 N/A C:\Users\Admin\AppData\Local\Temp\abcd6cc1baca16c3a5e073b2a3002610_NeikiAnalytics.exe C:\Windows\System\gqypdUh.exe
PID 4764 wrote to memory of 4956 N/A C:\Users\Admin\AppData\Local\Temp\abcd6cc1baca16c3a5e073b2a3002610_NeikiAnalytics.exe C:\Windows\System\gqypdUh.exe
PID 4764 wrote to memory of 3468 N/A C:\Users\Admin\AppData\Local\Temp\abcd6cc1baca16c3a5e073b2a3002610_NeikiAnalytics.exe C:\Windows\System\Sjbuial.exe
PID 4764 wrote to memory of 3468 N/A C:\Users\Admin\AppData\Local\Temp\abcd6cc1baca16c3a5e073b2a3002610_NeikiAnalytics.exe C:\Windows\System\Sjbuial.exe
PID 4764 wrote to memory of 2352 N/A C:\Users\Admin\AppData\Local\Temp\abcd6cc1baca16c3a5e073b2a3002610_NeikiAnalytics.exe C:\Windows\System\SpdxbJr.exe
PID 4764 wrote to memory of 2352 N/A C:\Users\Admin\AppData\Local\Temp\abcd6cc1baca16c3a5e073b2a3002610_NeikiAnalytics.exe C:\Windows\System\SpdxbJr.exe
PID 4764 wrote to memory of 1536 N/A C:\Users\Admin\AppData\Local\Temp\abcd6cc1baca16c3a5e073b2a3002610_NeikiAnalytics.exe C:\Windows\System\phmXDbN.exe
PID 4764 wrote to memory of 1536 N/A C:\Users\Admin\AppData\Local\Temp\abcd6cc1baca16c3a5e073b2a3002610_NeikiAnalytics.exe C:\Windows\System\phmXDbN.exe
PID 4764 wrote to memory of 1980 N/A C:\Users\Admin\AppData\Local\Temp\abcd6cc1baca16c3a5e073b2a3002610_NeikiAnalytics.exe C:\Windows\System\ABFZMfx.exe
PID 4764 wrote to memory of 1980 N/A C:\Users\Admin\AppData\Local\Temp\abcd6cc1baca16c3a5e073b2a3002610_NeikiAnalytics.exe C:\Windows\System\ABFZMfx.exe
PID 4764 wrote to memory of 1028 N/A C:\Users\Admin\AppData\Local\Temp\abcd6cc1baca16c3a5e073b2a3002610_NeikiAnalytics.exe C:\Windows\System\tiZnlRi.exe
PID 4764 wrote to memory of 1028 N/A C:\Users\Admin\AppData\Local\Temp\abcd6cc1baca16c3a5e073b2a3002610_NeikiAnalytics.exe C:\Windows\System\tiZnlRi.exe
PID 4764 wrote to memory of 5076 N/A C:\Users\Admin\AppData\Local\Temp\abcd6cc1baca16c3a5e073b2a3002610_NeikiAnalytics.exe C:\Windows\System\wxZjVlr.exe
PID 4764 wrote to memory of 5076 N/A C:\Users\Admin\AppData\Local\Temp\abcd6cc1baca16c3a5e073b2a3002610_NeikiAnalytics.exe C:\Windows\System\wxZjVlr.exe
PID 4764 wrote to memory of 3380 N/A C:\Users\Admin\AppData\Local\Temp\abcd6cc1baca16c3a5e073b2a3002610_NeikiAnalytics.exe C:\Windows\System\vnhbSGn.exe
PID 4764 wrote to memory of 3380 N/A C:\Users\Admin\AppData\Local\Temp\abcd6cc1baca16c3a5e073b2a3002610_NeikiAnalytics.exe C:\Windows\System\vnhbSGn.exe
PID 4764 wrote to memory of 1520 N/A C:\Users\Admin\AppData\Local\Temp\abcd6cc1baca16c3a5e073b2a3002610_NeikiAnalytics.exe C:\Windows\System\fohBcuh.exe
PID 4764 wrote to memory of 1520 N/A C:\Users\Admin\AppData\Local\Temp\abcd6cc1baca16c3a5e073b2a3002610_NeikiAnalytics.exe C:\Windows\System\fohBcuh.exe
PID 4764 wrote to memory of 3392 N/A C:\Users\Admin\AppData\Local\Temp\abcd6cc1baca16c3a5e073b2a3002610_NeikiAnalytics.exe C:\Windows\System\NTGIivu.exe
PID 4764 wrote to memory of 3392 N/A C:\Users\Admin\AppData\Local\Temp\abcd6cc1baca16c3a5e073b2a3002610_NeikiAnalytics.exe C:\Windows\System\NTGIivu.exe

Processes

C:\Users\Admin\AppData\Local\Temp\abcd6cc1baca16c3a5e073b2a3002610_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\abcd6cc1baca16c3a5e073b2a3002610_NeikiAnalytics.exe"

C:\Windows\System\XtoednA.exe

C:\Windows\System\XtoednA.exe

C:\Windows\System\QFZXiDX.exe

C:\Windows\System\QFZXiDX.exe

C:\Windows\System\HokBAFX.exe

C:\Windows\System\HokBAFX.exe

C:\Windows\System\GsBTiVZ.exe

C:\Windows\System\GsBTiVZ.exe

C:\Windows\System\tQkGjWi.exe

C:\Windows\System\tQkGjWi.exe

C:\Windows\System\koWmqlS.exe

C:\Windows\System\koWmqlS.exe

C:\Windows\System\aAVwSiN.exe

C:\Windows\System\aAVwSiN.exe

C:\Windows\System\nqlKaMx.exe

C:\Windows\System\nqlKaMx.exe

C:\Windows\System\jopGrrI.exe

C:\Windows\System\jopGrrI.exe

C:\Windows\System\QhdYMtu.exe

C:\Windows\System\QhdYMtu.exe

C:\Windows\System\kmOlHUM.exe

C:\Windows\System\kmOlHUM.exe

C:\Windows\System\vGZmCUL.exe

C:\Windows\System\vGZmCUL.exe

C:\Windows\System\GvLzdlf.exe

C:\Windows\System\GvLzdlf.exe

C:\Windows\System\fKLDKjd.exe

C:\Windows\System\fKLDKjd.exe

C:\Windows\System\rQbJWoC.exe

C:\Windows\System\rQbJWoC.exe

C:\Windows\System\jeeuMBP.exe

C:\Windows\System\jeeuMBP.exe

C:\Windows\System\JWDrMcD.exe

C:\Windows\System\JWDrMcD.exe

C:\Windows\System\kLUGbEp.exe

C:\Windows\System\kLUGbEp.exe

C:\Windows\System\kHZejPa.exe

C:\Windows\System\kHZejPa.exe

C:\Windows\System\rqOpFrG.exe

C:\Windows\System\rqOpFrG.exe

C:\Windows\System\WylMecS.exe

C:\Windows\System\WylMecS.exe

C:\Windows\System\nrbKBHj.exe

C:\Windows\System\nrbKBHj.exe

C:\Windows\System\gqypdUh.exe

C:\Windows\System\gqypdUh.exe

C:\Windows\System\Sjbuial.exe

C:\Windows\System\Sjbuial.exe

C:\Windows\System\SpdxbJr.exe

C:\Windows\System\SpdxbJr.exe

C:\Windows\System\phmXDbN.exe

C:\Windows\System\phmXDbN.exe

C:\Windows\System\ABFZMfx.exe

C:\Windows\System\ABFZMfx.exe

C:\Windows\System\tiZnlRi.exe

C:\Windows\System\tiZnlRi.exe

C:\Windows\System\wxZjVlr.exe

C:\Windows\System\wxZjVlr.exe

C:\Windows\System\vnhbSGn.exe

C:\Windows\System\vnhbSGn.exe

C:\Windows\System\fohBcuh.exe

C:\Windows\System\fohBcuh.exe

C:\Windows\System\NTGIivu.exe

C:\Windows\System\NTGIivu.exe

C:\Windows\System\YcPfXko.exe

C:\Windows\System\YcPfXko.exe

C:\Windows\System\RojpBML.exe

C:\Windows\System\RojpBML.exe

C:\Windows\System\RhfbiAh.exe

C:\Windows\System\RhfbiAh.exe

C:\Windows\System\EPTCoSy.exe

C:\Windows\System\EPTCoSy.exe

C:\Windows\System\JPQHItE.exe

C:\Windows\System\JPQHItE.exe

C:\Windows\System\jGxGDgo.exe

C:\Windows\System\jGxGDgo.exe

C:\Windows\System\rePZueW.exe

C:\Windows\System\rePZueW.exe

C:\Windows\System\ZmGuGlY.exe

C:\Windows\System\ZmGuGlY.exe

C:\Windows\System\bAkuFYL.exe

C:\Windows\System\bAkuFYL.exe

C:\Windows\System\BdhtpRM.exe

C:\Windows\System\BdhtpRM.exe

C:\Windows\System\nrDaVRT.exe

C:\Windows\System\nrDaVRT.exe

C:\Windows\System\ugCdmEC.exe

C:\Windows\System\ugCdmEC.exe

C:\Windows\System\gUtFLWo.exe

C:\Windows\System\gUtFLWo.exe

C:\Windows\System\enwbwCz.exe

C:\Windows\System\enwbwCz.exe

C:\Windows\System\ZkShUOH.exe

C:\Windows\System\ZkShUOH.exe

C:\Windows\System\LTeSSAW.exe

C:\Windows\System\LTeSSAW.exe

C:\Windows\System\igjvpoQ.exe

C:\Windows\System\igjvpoQ.exe

C:\Windows\System\xOLtuRL.exe

C:\Windows\System\xOLtuRL.exe

C:\Windows\System\SJXaLIP.exe

C:\Windows\System\SJXaLIP.exe

C:\Windows\System\jcmtfMB.exe

C:\Windows\System\jcmtfMB.exe

C:\Windows\System\ucsABQX.exe

C:\Windows\System\ucsABQX.exe

C:\Windows\System\jDXfdKa.exe

C:\Windows\System\jDXfdKa.exe

C:\Windows\System\sGXDTTb.exe

C:\Windows\System\sGXDTTb.exe

C:\Windows\System\HAKVboO.exe

C:\Windows\System\HAKVboO.exe

C:\Windows\System\WlCYkQT.exe

C:\Windows\System\WlCYkQT.exe

C:\Windows\System\OPAqShp.exe

C:\Windows\System\OPAqShp.exe

C:\Windows\System\vwYEgfX.exe

C:\Windows\System\vwYEgfX.exe

C:\Windows\System\kFItvju.exe

C:\Windows\System\kFItvju.exe

C:\Windows\System\NVUxEWJ.exe

C:\Windows\System\NVUxEWJ.exe

C:\Windows\System\FflQueF.exe

C:\Windows\System\FflQueF.exe

C:\Windows\System\heCRpHo.exe

C:\Windows\System\heCRpHo.exe

C:\Windows\System\FTFWKTs.exe

C:\Windows\System\FTFWKTs.exe

C:\Windows\System\XBFVQQo.exe

C:\Windows\System\XBFVQQo.exe

C:\Windows\System\NYGwCPH.exe

C:\Windows\System\NYGwCPH.exe

C:\Windows\System\SDNabiD.exe

C:\Windows\System\SDNabiD.exe

C:\Windows\System\ssYGMvL.exe

C:\Windows\System\ssYGMvL.exe

C:\Windows\System\yVqfrfN.exe

C:\Windows\System\yVqfrfN.exe

C:\Windows\System\thnMvUO.exe

C:\Windows\System\thnMvUO.exe

C:\Windows\System\RsnkYEy.exe

C:\Windows\System\RsnkYEy.exe

C:\Windows\System\zVVZAfD.exe

C:\Windows\System\zVVZAfD.exe

C:\Windows\System\CurySCG.exe

C:\Windows\System\CurySCG.exe

C:\Windows\System\aGqKTIH.exe

C:\Windows\System\aGqKTIH.exe

C:\Windows\System\VrOiygq.exe

C:\Windows\System\VrOiygq.exe

C:\Windows\System\aSaZHbU.exe

C:\Windows\System\aSaZHbU.exe

C:\Windows\System\ktDHgls.exe

C:\Windows\System\ktDHgls.exe

C:\Windows\System\hLZubzl.exe

C:\Windows\System\hLZubzl.exe

C:\Windows\System\aDrUzqb.exe

C:\Windows\System\aDrUzqb.exe

C:\Windows\System\jpXXsUK.exe

C:\Windows\System\jpXXsUK.exe

C:\Windows\System\IVkQKSs.exe

C:\Windows\System\IVkQKSs.exe

C:\Windows\System\anJlfKP.exe

C:\Windows\System\anJlfKP.exe

C:\Windows\System\ZNhbAxe.exe

C:\Windows\System\ZNhbAxe.exe

C:\Windows\System\HOsotTC.exe

C:\Windows\System\HOsotTC.exe

C:\Windows\System\esHNJcB.exe

C:\Windows\System\esHNJcB.exe

C:\Windows\System\rXZkWrU.exe

C:\Windows\System\rXZkWrU.exe

C:\Windows\System\LmthwrV.exe

C:\Windows\System\LmthwrV.exe

C:\Windows\System\qsUKowY.exe

C:\Windows\System\qsUKowY.exe

C:\Windows\System\cOMobKK.exe

C:\Windows\System\cOMobKK.exe

C:\Windows\System\kgSLXmg.exe

C:\Windows\System\kgSLXmg.exe

C:\Windows\System\isfoMDq.exe

C:\Windows\System\isfoMDq.exe

C:\Windows\System\nqLmdiY.exe

C:\Windows\System\nqLmdiY.exe

C:\Windows\System\WsuRsAW.exe

C:\Windows\System\WsuRsAW.exe

C:\Windows\System\tkAqrlJ.exe

C:\Windows\System\tkAqrlJ.exe

C:\Windows\System\teufNhf.exe

C:\Windows\System\teufNhf.exe

C:\Windows\System\jKTMptJ.exe

C:\Windows\System\jKTMptJ.exe

C:\Windows\System\kAbxvtf.exe

C:\Windows\System\kAbxvtf.exe

C:\Windows\System\ofIsLUs.exe

C:\Windows\System\ofIsLUs.exe

C:\Windows\System\tUwRTeR.exe

C:\Windows\System\tUwRTeR.exe

C:\Windows\System\LatIDnM.exe

C:\Windows\System\LatIDnM.exe

C:\Windows\System\xyUuwaW.exe

C:\Windows\System\xyUuwaW.exe

C:\Windows\System\UyNgWDY.exe

C:\Windows\System\UyNgWDY.exe

C:\Windows\System\UXxDgSx.exe

C:\Windows\System\UXxDgSx.exe

C:\Windows\System\WVuZCBf.exe

C:\Windows\System\WVuZCBf.exe

C:\Windows\System\EaKYnxC.exe

C:\Windows\System\EaKYnxC.exe

C:\Windows\System\LZZZdXc.exe

C:\Windows\System\LZZZdXc.exe

C:\Windows\System\sCAKoAB.exe

C:\Windows\System\sCAKoAB.exe

C:\Windows\System\fhRexlI.exe

C:\Windows\System\fhRexlI.exe

C:\Windows\System\zyBRlKi.exe

C:\Windows\System\zyBRlKi.exe

C:\Windows\System\SJKzthh.exe

C:\Windows\System\SJKzthh.exe

C:\Windows\System\sCOMWAQ.exe

C:\Windows\System\sCOMWAQ.exe

C:\Windows\System\eAAZKjI.exe

C:\Windows\System\eAAZKjI.exe

C:\Windows\System\emrIMul.exe

C:\Windows\System\emrIMul.exe

C:\Windows\System\HqtslYt.exe

C:\Windows\System\HqtslYt.exe

C:\Windows\System\hneTazL.exe

C:\Windows\System\hneTazL.exe

C:\Windows\System\zbyIUgd.exe

C:\Windows\System\zbyIUgd.exe

C:\Windows\System\ZgEEhPV.exe

C:\Windows\System\ZgEEhPV.exe

C:\Windows\System\vyQMkWz.exe

C:\Windows\System\vyQMkWz.exe

C:\Windows\System\VPHttZk.exe

C:\Windows\System\VPHttZk.exe

C:\Windows\System\YAjiHDH.exe

C:\Windows\System\YAjiHDH.exe

C:\Windows\System\nHmZnvY.exe

C:\Windows\System\nHmZnvY.exe

C:\Windows\System\YIWZyMX.exe

C:\Windows\System\YIWZyMX.exe

C:\Windows\System\opbOUvT.exe

C:\Windows\System\opbOUvT.exe

C:\Windows\System\xpviLKy.exe

C:\Windows\System\xpviLKy.exe

C:\Windows\System\ENBPGCR.exe

C:\Windows\System\ENBPGCR.exe

C:\Windows\System\mJFYXqN.exe

C:\Windows\System\mJFYXqN.exe

C:\Windows\System\jbannqp.exe

C:\Windows\System\jbannqp.exe

C:\Windows\System\PkruCQm.exe

C:\Windows\System\PkruCQm.exe

C:\Windows\System\UQTfddr.exe

C:\Windows\System\UQTfddr.exe

C:\Windows\System\dzqDTkB.exe

C:\Windows\System\dzqDTkB.exe

C:\Windows\System\YiGwaZI.exe

C:\Windows\System\YiGwaZI.exe

C:\Windows\System\YhxnhYY.exe

C:\Windows\System\YhxnhYY.exe

C:\Windows\System\uToFTia.exe

C:\Windows\System\uToFTia.exe

C:\Windows\System\aBPCsLe.exe

C:\Windows\System\aBPCsLe.exe

C:\Windows\System\wPWvlmH.exe

C:\Windows\System\wPWvlmH.exe

C:\Windows\System\iYZAGHm.exe

C:\Windows\System\iYZAGHm.exe

C:\Windows\System\ZVCxYxm.exe

C:\Windows\System\ZVCxYxm.exe

C:\Windows\System\XMkujVi.exe

C:\Windows\System\XMkujVi.exe

C:\Windows\System\RcVspaX.exe

C:\Windows\System\RcVspaX.exe

C:\Windows\System\xgZMFHM.exe

C:\Windows\System\xgZMFHM.exe

C:\Windows\System\hnPgMOn.exe

C:\Windows\System\hnPgMOn.exe

C:\Windows\System\DSccCsp.exe

C:\Windows\System\DSccCsp.exe

C:\Windows\System\SdVXuAH.exe

C:\Windows\System\SdVXuAH.exe

C:\Windows\System\WAXwcaH.exe

C:\Windows\System\WAXwcaH.exe

C:\Windows\System\MObATgI.exe

C:\Windows\System\MObATgI.exe

C:\Windows\System\JjuFsjC.exe

C:\Windows\System\JjuFsjC.exe

C:\Windows\System\BYFtVqq.exe

C:\Windows\System\BYFtVqq.exe

C:\Windows\System\HITPzPG.exe

C:\Windows\System\HITPzPG.exe

C:\Windows\System\ghOzgWW.exe

C:\Windows\System\ghOzgWW.exe

C:\Windows\System\IdJomMA.exe

C:\Windows\System\IdJomMA.exe

C:\Windows\System\OQJcKjr.exe

C:\Windows\System\OQJcKjr.exe

C:\Windows\System\gARnuoV.exe

C:\Windows\System\gARnuoV.exe

C:\Windows\System\fltbRHF.exe

C:\Windows\System\fltbRHF.exe

C:\Windows\System\VAFlwre.exe

C:\Windows\System\VAFlwre.exe

C:\Windows\System\mvEpIeh.exe

C:\Windows\System\mvEpIeh.exe

C:\Windows\System\iQYMZvi.exe

C:\Windows\System\iQYMZvi.exe

C:\Windows\System\SjKTUsu.exe

C:\Windows\System\SjKTUsu.exe

C:\Windows\System\EHEkgfX.exe

C:\Windows\System\EHEkgfX.exe

C:\Windows\System\cWZYMUM.exe

C:\Windows\System\cWZYMUM.exe

C:\Windows\System\ZpLqdFa.exe

C:\Windows\System\ZpLqdFa.exe

C:\Windows\System\dWMKSmj.exe

C:\Windows\System\dWMKSmj.exe

C:\Windows\System\ZeYfCOS.exe

C:\Windows\System\ZeYfCOS.exe

C:\Windows\System\lUIYkKz.exe

C:\Windows\System\lUIYkKz.exe

C:\Windows\System\vTFFhRB.exe

C:\Windows\System\vTFFhRB.exe

C:\Windows\System\UaALNMN.exe

C:\Windows\System\UaALNMN.exe

C:\Windows\System\WNDOMfX.exe

C:\Windows\System\WNDOMfX.exe

C:\Windows\System\SrxkUiQ.exe

C:\Windows\System\SrxkUiQ.exe

C:\Windows\System\iNmajqA.exe

C:\Windows\System\iNmajqA.exe

C:\Windows\System\NvychWk.exe

C:\Windows\System\NvychWk.exe

C:\Windows\System\PgIHlfp.exe

C:\Windows\System\PgIHlfp.exe

C:\Windows\System\zFRmMZE.exe

C:\Windows\System\zFRmMZE.exe

C:\Windows\System\MUpSHPq.exe

C:\Windows\System\MUpSHPq.exe

C:\Windows\System\VUhHHsB.exe

C:\Windows\System\VUhHHsB.exe

C:\Windows\System\DWObIjO.exe

C:\Windows\System\DWObIjO.exe

C:\Windows\System\ozLavXU.exe

C:\Windows\System\ozLavXU.exe

C:\Windows\System\lFzxLYD.exe

C:\Windows\System\lFzxLYD.exe

C:\Windows\System\uqYQLYm.exe

C:\Windows\System\uqYQLYm.exe

C:\Windows\System\YSZpgqt.exe

C:\Windows\System\YSZpgqt.exe

C:\Windows\System\xWWtlVg.exe

C:\Windows\System\xWWtlVg.exe

C:\Windows\System\kUkGjdF.exe

C:\Windows\System\kUkGjdF.exe

C:\Windows\System\jHUxocR.exe

C:\Windows\System\jHUxocR.exe

C:\Windows\System\MbrMNDL.exe

C:\Windows\System\MbrMNDL.exe

C:\Windows\System\vSsRqvY.exe

C:\Windows\System\vSsRqvY.exe

C:\Windows\System\AIPIwIN.exe

C:\Windows\System\AIPIwIN.exe

C:\Windows\System\IILdVTM.exe

C:\Windows\System\IILdVTM.exe

C:\Windows\System\VmrFfYD.exe

C:\Windows\System\VmrFfYD.exe

C:\Windows\System\cymxVgd.exe

C:\Windows\System\cymxVgd.exe

C:\Windows\System\HUBZKdW.exe

C:\Windows\System\HUBZKdW.exe

C:\Windows\System\uEeFYgp.exe

C:\Windows\System\uEeFYgp.exe

C:\Windows\System\PdqIuvc.exe

C:\Windows\System\PdqIuvc.exe

C:\Windows\System\SuzwTia.exe

C:\Windows\System\SuzwTia.exe

C:\Windows\System\ApyOWLC.exe

C:\Windows\System\ApyOWLC.exe

C:\Windows\System\xFDYpmD.exe

C:\Windows\System\xFDYpmD.exe

C:\Windows\System\oaKXMfc.exe

C:\Windows\System\oaKXMfc.exe

C:\Windows\System\QpekCKn.exe

C:\Windows\System\QpekCKn.exe

C:\Windows\System\YhPkoiV.exe

C:\Windows\System\YhPkoiV.exe

C:\Windows\System\QIeAcnM.exe

C:\Windows\System\QIeAcnM.exe

C:\Windows\System\ASzjKKB.exe

C:\Windows\System\ASzjKKB.exe

C:\Windows\System\gfKBkMA.exe

C:\Windows\System\gfKBkMA.exe

C:\Windows\System\nXVdlyQ.exe

C:\Windows\System\nXVdlyQ.exe

C:\Windows\System\grDnxFD.exe

C:\Windows\System\grDnxFD.exe

C:\Windows\System\WZZePYK.exe

C:\Windows\System\WZZePYK.exe

C:\Windows\System\DFEUpit.exe

C:\Windows\System\DFEUpit.exe

C:\Windows\System\soehHqb.exe

C:\Windows\System\soehHqb.exe

C:\Windows\System\UFeGNlL.exe

C:\Windows\System\UFeGNlL.exe

C:\Windows\System\XMVJRYR.exe

C:\Windows\System\XMVJRYR.exe

C:\Windows\System\CZdoYjG.exe

C:\Windows\System\CZdoYjG.exe

C:\Windows\System\zjvLqRx.exe

C:\Windows\System\zjvLqRx.exe

C:\Windows\System\oizQzSl.exe

C:\Windows\System\oizQzSl.exe

C:\Windows\System\QrjbFKu.exe

C:\Windows\System\QrjbFKu.exe

C:\Windows\System\TCoQXxt.exe

C:\Windows\System\TCoQXxt.exe

C:\Windows\System\IAfEUUO.exe

C:\Windows\System\IAfEUUO.exe

C:\Windows\System\tjTjNCx.exe

C:\Windows\System\tjTjNCx.exe

C:\Windows\System\BBmokEM.exe

C:\Windows\System\BBmokEM.exe

C:\Windows\System\KUfWGLC.exe

C:\Windows\System\KUfWGLC.exe

C:\Windows\System\lYKNlCE.exe

C:\Windows\System\lYKNlCE.exe

C:\Windows\System\DLDJadn.exe

C:\Windows\System\DLDJadn.exe

C:\Windows\System\VfYchjt.exe

C:\Windows\System\VfYchjt.exe

C:\Windows\System\SaVrSmO.exe

C:\Windows\System\SaVrSmO.exe

C:\Windows\System\OXaFvkD.exe

C:\Windows\System\OXaFvkD.exe

C:\Windows\System\NbbCRjv.exe

C:\Windows\System\NbbCRjv.exe

C:\Windows\System\zASNLmo.exe

C:\Windows\System\zASNLmo.exe

C:\Windows\System\ncBNiLI.exe

C:\Windows\System\ncBNiLI.exe

C:\Windows\System\FYrVZrF.exe

C:\Windows\System\FYrVZrF.exe

C:\Windows\System\DWufHHO.exe

C:\Windows\System\DWufHHO.exe

C:\Windows\System\GqTQGjm.exe

C:\Windows\System\GqTQGjm.exe

C:\Windows\System\evpUeYf.exe

C:\Windows\System\evpUeYf.exe

C:\Windows\System\rpGtqvV.exe

C:\Windows\System\rpGtqvV.exe

C:\Windows\System\eabMywn.exe

C:\Windows\System\eabMywn.exe

C:\Windows\System\sFXGsaa.exe

C:\Windows\System\sFXGsaa.exe

C:\Windows\System\YhKQvOi.exe

C:\Windows\System\YhKQvOi.exe

C:\Windows\System\hsFvMGi.exe

C:\Windows\System\hsFvMGi.exe

C:\Windows\System\nOUkMAn.exe

C:\Windows\System\nOUkMAn.exe

C:\Windows\System\VkbmhlF.exe

C:\Windows\System\VkbmhlF.exe

C:\Windows\System\xcOEkYR.exe

C:\Windows\System\xcOEkYR.exe

C:\Windows\System\aRaNQoX.exe

C:\Windows\System\aRaNQoX.exe

C:\Windows\System\ivodJpm.exe

C:\Windows\System\ivodJpm.exe

C:\Windows\System\BkIOVuM.exe

C:\Windows\System\BkIOVuM.exe

C:\Windows\System\xutHvZf.exe

C:\Windows\System\xutHvZf.exe

C:\Windows\System\pSlmgbY.exe

C:\Windows\System\pSlmgbY.exe

C:\Windows\System\zdDcPyq.exe

C:\Windows\System\zdDcPyq.exe

C:\Windows\System\cyeTYaO.exe

C:\Windows\System\cyeTYaO.exe

C:\Windows\System\ZkJBWps.exe

C:\Windows\System\ZkJBWps.exe

C:\Windows\System\pMcnqVR.exe

C:\Windows\System\pMcnqVR.exe

C:\Windows\System\vvHPlfm.exe

C:\Windows\System\vvHPlfm.exe

C:\Windows\System\CGnssHb.exe

C:\Windows\System\CGnssHb.exe

C:\Windows\System\RUfVKRl.exe

C:\Windows\System\RUfVKRl.exe

C:\Windows\System\yYwOtzM.exe

C:\Windows\System\yYwOtzM.exe

C:\Windows\System\uqWlZuw.exe

C:\Windows\System\uqWlZuw.exe

C:\Windows\System\kPMOBHl.exe

C:\Windows\System\kPMOBHl.exe

C:\Windows\System\fnJNLgo.exe

C:\Windows\System\fnJNLgo.exe

C:\Windows\System\RxUMfxp.exe

C:\Windows\System\RxUMfxp.exe

C:\Windows\System\arOZPok.exe

C:\Windows\System\arOZPok.exe

C:\Windows\System\lzRWBQP.exe

C:\Windows\System\lzRWBQP.exe

C:\Windows\System\SHujfZL.exe

C:\Windows\System\SHujfZL.exe

C:\Windows\System\kKswrhf.exe

C:\Windows\System\kKswrhf.exe

C:\Windows\System\HUlgPPp.exe

C:\Windows\System\HUlgPPp.exe

C:\Windows\System\GBZxqxo.exe

C:\Windows\System\GBZxqxo.exe

C:\Windows\System\TRWtatE.exe

C:\Windows\System\TRWtatE.exe

C:\Windows\System\cHXkuXu.exe

C:\Windows\System\cHXkuXu.exe

C:\Windows\System\lqswOno.exe

C:\Windows\System\lqswOno.exe

C:\Windows\System\OquPkOc.exe

C:\Windows\System\OquPkOc.exe

C:\Windows\System\xKZzSCY.exe

C:\Windows\System\xKZzSCY.exe

C:\Windows\System\Tzorkza.exe

C:\Windows\System\Tzorkza.exe

C:\Windows\System\UTBwAgP.exe

C:\Windows\System\UTBwAgP.exe

C:\Windows\System\gfOEMJQ.exe

C:\Windows\System\gfOEMJQ.exe

C:\Windows\System\cavkWAI.exe

C:\Windows\System\cavkWAI.exe

C:\Windows\System\RfQpTxO.exe

C:\Windows\System\RfQpTxO.exe

C:\Windows\System\SYZttLZ.exe

C:\Windows\System\SYZttLZ.exe

C:\Windows\System\bAvVxxc.exe

C:\Windows\System\bAvVxxc.exe

C:\Windows\System\rCmJdRu.exe

C:\Windows\System\rCmJdRu.exe

C:\Windows\System\HeHnvnh.exe

C:\Windows\System\HeHnvnh.exe

C:\Windows\System\ZfVvtgc.exe

C:\Windows\System\ZfVvtgc.exe

C:\Windows\System\pbfBTjA.exe

C:\Windows\System\pbfBTjA.exe

C:\Windows\System\nFTQqtx.exe

C:\Windows\System\nFTQqtx.exe

C:\Windows\System\aXSNYZN.exe

C:\Windows\System\aXSNYZN.exe

C:\Windows\System\oYxXNod.exe

C:\Windows\System\oYxXNod.exe

C:\Windows\System\LLBblFk.exe

C:\Windows\System\LLBblFk.exe

C:\Windows\System\rqjHpPM.exe

C:\Windows\System\rqjHpPM.exe

C:\Windows\System\FpWopvY.exe

C:\Windows\System\FpWopvY.exe

C:\Windows\System\DmruCKx.exe

C:\Windows\System\DmruCKx.exe

C:\Windows\System\onrkXUt.exe

C:\Windows\System\onrkXUt.exe

C:\Windows\System\rpSBUZE.exe

C:\Windows\System\rpSBUZE.exe

C:\Windows\System\fFWJomE.exe

C:\Windows\System\fFWJomE.exe

C:\Windows\System\zGDbasr.exe

C:\Windows\System\zGDbasr.exe

C:\Windows\System\zryVMNN.exe

C:\Windows\System\zryVMNN.exe

C:\Windows\System\vUqkmPJ.exe

C:\Windows\System\vUqkmPJ.exe

C:\Windows\System\UHjaaop.exe

C:\Windows\System\UHjaaop.exe

C:\Windows\System\RUniyAN.exe

C:\Windows\System\RUniyAN.exe

C:\Windows\System\oZnemaf.exe

C:\Windows\System\oZnemaf.exe

C:\Windows\System\DDIpNpZ.exe

C:\Windows\System\DDIpNpZ.exe

C:\Windows\System\AakZBwe.exe

C:\Windows\System\AakZBwe.exe

C:\Windows\System\ylbfQfB.exe

C:\Windows\System\ylbfQfB.exe

C:\Windows\System\zMIWOaF.exe

C:\Windows\System\zMIWOaF.exe

C:\Windows\System\vIqrECs.exe

C:\Windows\System\vIqrECs.exe

C:\Windows\System\SUMySwF.exe

C:\Windows\System\SUMySwF.exe

C:\Windows\System\tHbfbBw.exe

C:\Windows\System\tHbfbBw.exe

C:\Windows\System\uTBuytu.exe

C:\Windows\System\uTBuytu.exe

C:\Windows\System\RMbMtqf.exe

C:\Windows\System\RMbMtqf.exe

C:\Windows\System\tdpbvqw.exe

C:\Windows\System\tdpbvqw.exe

C:\Windows\System\lBfNhLF.exe

C:\Windows\System\lBfNhLF.exe

C:\Windows\System\PFbzhVp.exe

C:\Windows\System\PFbzhVp.exe

C:\Windows\System\ayRPNXu.exe

C:\Windows\System\ayRPNXu.exe

C:\Windows\System\lHnNLcb.exe

C:\Windows\System\lHnNLcb.exe

C:\Windows\System\UdgWHoh.exe

C:\Windows\System\UdgWHoh.exe

C:\Windows\System\aLqWMZp.exe

C:\Windows\System\aLqWMZp.exe

C:\Windows\System\DXzRrHR.exe

C:\Windows\System\DXzRrHR.exe

C:\Windows\System\TthvDio.exe

C:\Windows\System\TthvDio.exe

C:\Windows\System\CbDWWkh.exe

C:\Windows\System\CbDWWkh.exe

C:\Windows\System\orAOTgv.exe

C:\Windows\System\orAOTgv.exe

C:\Windows\System\sLYMoXk.exe

C:\Windows\System\sLYMoXk.exe

C:\Windows\System\HhISvZR.exe

C:\Windows\System\HhISvZR.exe

C:\Windows\System\BDXnkKU.exe

C:\Windows\System\BDXnkKU.exe

C:\Windows\System\qBMkPnx.exe

C:\Windows\System\qBMkPnx.exe

C:\Windows\System\AgHnBKd.exe

C:\Windows\System\AgHnBKd.exe

C:\Windows\System\wYAWTUQ.exe

C:\Windows\System\wYAWTUQ.exe

C:\Windows\System\lXSiiac.exe

C:\Windows\System\lXSiiac.exe

C:\Windows\System\rwqcyBi.exe

C:\Windows\System\rwqcyBi.exe

C:\Windows\System\OnWKwkr.exe

C:\Windows\System\OnWKwkr.exe

C:\Windows\System\mPJfooO.exe

C:\Windows\System\mPJfooO.exe

C:\Windows\System\NxkTIZM.exe

C:\Windows\System\NxkTIZM.exe

C:\Windows\System\iJsndFn.exe

C:\Windows\System\iJsndFn.exe

C:\Windows\System\hFquTfG.exe

C:\Windows\System\hFquTfG.exe

C:\Windows\System\JTtbaxy.exe

C:\Windows\System\JTtbaxy.exe

C:\Windows\System\MkZGUZW.exe

C:\Windows\System\MkZGUZW.exe

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 228.249.119.40.in-addr.arpa udp
US 8.8.8.8:53 74.90.14.23.in-addr.arpa udp
DE 3.120.209.58:8080 tcp
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.237:443 g.bing.com tcp
US 8.8.8.8:53 88.156.103.20.in-addr.arpa udp
BE 88.221.83.226:443 www.bing.com tcp
US 8.8.8.8:53 226.83.221.88.in-addr.arpa udp
US 8.8.8.8:53 217.106.137.52.in-addr.arpa udp
US 8.8.8.8:53 58.55.71.13.in-addr.arpa udp
US 8.8.8.8:53 86.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 31.121.18.2.in-addr.arpa udp
DE 3.120.209.58:8080 tcp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
DE 3.120.209.58:8080 tcp
US 8.8.8.8:53 26.35.223.20.in-addr.arpa udp
US 8.8.8.8:53 21.236.111.52.in-addr.arpa udp
DE 3.120.209.58:8080 tcp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 10.28.171.150.in-addr.arpa udp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp

Files

memory/4764-0-0x00007FF6F0990000-0x00007FF6F0CE4000-memory.dmp

memory/4764-1-0x00000142DC410000-0x00000142DC420000-memory.dmp

C:\Windows\System\XtoednA.exe

MD5 d4a2604750c79b51b3dc7bcfdc3dda88
SHA1 544c6d4058775f718a458faad5555ade95604c4d
SHA256 f5ad18f4bc6784481a23b7a5d83b566b6e4d1484965af1f2d6abe06a639d14d2
SHA512 719364a128505f43286bf135028d6484acac21814b5497fde08554cebe573173c9f9f0c0b6abb1e110c17beb998a5debe54e40732959ee2ed101d38c2e7a343a

C:\Windows\System\HokBAFX.exe

MD5 e21b708696b9538b619266d3f1c3b2b5
SHA1 34d5a022c5bf8ece2413d69e3d4092730cf3b258
SHA256 f0824cc5c1010950f8d67a076fad658f0019af116c955b4d91efc31673a65ac8
SHA512 01df5846813d5f98409b2f7a630f23b1aaa74079a5a2ed6a7d7d633cf5204fe5c11aaae0ce8f3d09eff81fc5d68565989873ac127f82f71e5c480722f848dc27

C:\Windows\System\QFZXiDX.exe

MD5 944328d0ccba7178e255b00dcc46716e
SHA1 2cc3e265d803d5b0d145832414260ee2ab19f6dc
SHA256 66c37a6330ecfe20f1b771eb31ed45b47d3977d1916eacd3c1ce7d1b3cae90a0
SHA512 2aa0aad1b4c913e2c955c7b1d7fed433f571e1dc541d1606e51ed37262d4063b3ce57e50b6d9482b64802ea258c1e9d81f634d08f35079758e79a7efcb7f39c6

C:\Windows\System\GsBTiVZ.exe

MD5 9be3a0a981adcc23bcf2009472f5a998
SHA1 64f7b6c015002e91921989a59bfc87e5186daf4a
SHA256 b6c4059a1393ee1517395f61015d1f50be6d47a547f18fd88d1ce422ea39aec6
SHA512 84628617d4175e8a0d5d0c2e00dfb66a038b01246b5d2c8b236c82134fcc51967d6bf339dd2c4afa0c57ec0fe0628b5c24085e6c282ba7b99204282161e22c65

memory/3964-26-0x00007FF7B7D20000-0x00007FF7B8074000-memory.dmp

memory/2776-18-0x00007FF71D970000-0x00007FF71DCC4000-memory.dmp

memory/4148-14-0x00007FF659F70000-0x00007FF65A2C4000-memory.dmp

memory/4520-11-0x00007FF64C610000-0x00007FF64C964000-memory.dmp

C:\Windows\System\tQkGjWi.exe

MD5 44317aa51ff5075c48b2c32d426ca7d0
SHA1 42742e44f942d940c55261c6e7a16461619bc075
SHA256 e44ed9d9ee36e0228ecea81c31cbcb1635e026f7806de1e45179a091d833a090
SHA512 f86e4e8e135c2f1a115aa8ac02da7826330a7619c8e063ae6550855985c1404a08e3d0a09f0396a3adaf7ac08046ed60897d36c51d7adc4e3b2031c7e813a18f

C:\Windows\System\aAVwSiN.exe

MD5 446c8d466993e37edae94f2040c670f5
SHA1 2a46e21666d3d4a2fe84922ffee67e2a50eb4cbd
SHA256 a8027aba0d45f82ebb5b06309789af555d713c3b3a3fbc8ec8c238c8e1300f3e
SHA512 26263d70946a4d742a2e71f77b32df21d12898f16df2361a1b56c668cf36335e986b5864200cff13885cde90a2c32897576474c52f4648879341152ed6d87487

memory/3704-37-0x00007FF6BC040000-0x00007FF6BC394000-memory.dmp

memory/1040-43-0x00007FF7B67D0000-0x00007FF7B6B24000-memory.dmp

C:\Windows\System\nqlKaMx.exe

MD5 38d0a1df2f556dac9f2fe3e568ead44b
SHA1 ab1184914b4f4e795dd2ed9534539b3cf5387c52
SHA256 2556ee77607d0a857cdd54c68759d8f67fe31d1e58ef741570207f255aef1657
SHA512 ae284612f50e294602203b6b059d3ed6bc313f52cae681467bd8693da5b76d5f55cf361244ebcfe21f3094dbdb6c5a32350f3cc6fb5942fe6b26204d893c6931

C:\Windows\System\jopGrrI.exe

MD5 8e3ac81a9fa4d56d08afd0f9c508243a
SHA1 99500b4c49998ce7f5f5ea3f068f3298bb5625e9
SHA256 719331e6706433456316a7c27c0023b475e20ae044c0f18d1c2a94771084f99d
SHA512 faaa6db85e92d008b905a471856748f5204b2d5b7e4495db93d87c4b401e101fb8ea087cda44cef5c59e3b21d330b6015b33b97fb8f4e08ef76d22e3e344f443

C:\Windows\System\koWmqlS.exe

MD5 27b0b0bd662586947739aeebde042149
SHA1 7abf13ca3fb7d2794bd4762e2831f95b0127c8ce
SHA256 077188437fb766d069cea63c23b98124ab64068274b09799d4bf558abfc0ac0d
SHA512 0fefb885ec8938af0e9289b87ec4db684592bb68c16182b966211dffa61afadcd69df389ac68a459ad9db7870c4d0bd4bb8796f6526612d784062b63fe778a53

memory/2584-38-0x00007FF698A00000-0x00007FF698D54000-memory.dmp

C:\Windows\System\QhdYMtu.exe

MD5 1b90c044a9bc9a1873dde7d0a5905886
SHA1 63fff5d508c3cd280af5542889e30343da394711
SHA256 55b7fef1625e62e537656d66b38b8cc6394ae8d9dcd1929f87269103e2ea260b
SHA512 ad93ac438797e40db2b2f48d17b5c2192f250605b6a79a64bb21af7edb867868f6dac85804b4bd175fcb141cb21cbbf7fd31bfa5500c5e463677af36cda19ff5

memory/1912-57-0x00007FF635C40000-0x00007FF635F94000-memory.dmp

memory/1320-67-0x00007FF6FC970000-0x00007FF6FCCC4000-memory.dmp

C:\Windows\System\GvLzdlf.exe

MD5 eed1086c86464e01709e4ecc0ac4efe3
SHA1 59c84751971f90d27893496714547ec9c8a12804
SHA256 f462ee0d4048435902a2daee5b67508f8b14da0dc45f12420eb19cea559d20b8
SHA512 393fb7d2b5f389989836084594448f9ec0efa832599f2bb828c8a519e0fb2ccf0ca4f22716077da63e58eb272dcb87ba4ae505c17018e8dd022e0aba61bc3f6e

C:\Windows\System\fKLDKjd.exe

MD5 8aa7db842bb42aa7a6958a5e4f67e0a6
SHA1 8f73792fbdcb41e504c0f5e140220e240b076cff
SHA256 33cd9352a0a905ad31ba457fd9112839ddea8bd053c0f791567f8b7570b3e792
SHA512 5e65d1704b084e9b1003d9742db4b1cc2149d9afda5e819bb4068385802e881379a77bc4ba4cf3fb0b8362ce0830025fd9d671f55635a3579a545a3b9a888b87

C:\Windows\System\rQbJWoC.exe

MD5 a40f635c64128d341d0badb06e75f2af
SHA1 228a59fe44b1d49527f12efdb8ddedc9943c0180
SHA256 3c35e92bf73c9f761e6d83c1300bbcc902662c1ba8b2cefb36cc67b9d35cfc6b
SHA512 f95cb446385c8247a98cb4a2c9b01b41e152f8a318c34f62487be9ffd91445ce804c7ba2745b98e936db938ad02d4615cca5c29b1665e5304ae3b6548b0a0d15

C:\Windows\System\JWDrMcD.exe

MD5 b76a425547b7e039c50e6a57929d7f74
SHA1 341acfef28df4c2d6a81f9bedaf637ac3234cd69
SHA256 cf677a7fc619456affde55482cbbba7f75db57c48ce157b815eaa2fbe25894a9
SHA512 c32a8296cd114daa1f60ba2c7214cf1b7b645a1b43a5cddd77f24d198c9da38f53bd98069173af273ecdc04905e1fb82c70bc29de8424edab0b8b94ec226932f

memory/4056-100-0x00007FF741200000-0x00007FF741554000-memory.dmp

C:\Windows\System\kHZejPa.exe

MD5 4e6ae0eaee638d66087e10f1f1cec892
SHA1 da845de84da058ba9c26b67cc21998926eb4bd7b
SHA256 0201e5bb90d42862a94dfccd39bb5505f094eb9ae7a01527bef4605ede80a443
SHA512 b0bcb872fe9665771ff88bbe5a9149be066647a7fec74e7cfcf87f23655bf62092d90e72ba9de89ef583fc43ea4e6a0a3da6efea86f1d19fc6ecebd34a975913

C:\Windows\System\rqOpFrG.exe

MD5 2c38a91ee53f1c2a1edcdc663bbdddee
SHA1 04284bb0f915093a5c1395e3c3579b39431cfa96
SHA256 895299837a74c53082d46bb8d9dd5d0b335c4c337850b32d0a27b3c623c21ea4
SHA512 0ebfc38f984863da119e739b492b5cee62e090609d62a440b7d4d465b066571a63454ea2224d099c572e079130a001e84376b01ff981af2a45a29500b70a0755

C:\Windows\System\WylMecS.exe

MD5 23999118d8e885786078769924056413
SHA1 82de33a0484f630850839e7af218de342734526a
SHA256 7bb166adf432dcf0ec2bcff8c0ebd8a1f78128e3795d64f7c17b314fdd6e9cc6
SHA512 a8873bbece27cf09533b7b7ec151b270916114f5c04f83e07c8eaf91ac58153152e8671aa0dec46043eb4804ac47b7682c3e35d3eed9aad680b5729a18546303

C:\Windows\System\Sjbuial.exe

MD5 2e25963c0cd5d480e55d77358cab3cd2
SHA1 6428eeedb7cf075024ecc6595096a3c80670ac10
SHA256 5528957add114a825651dfbc64707c125a23df11e61a55d69dac4f0d2c855189
SHA512 c98fc5b67b5c95b66b34e038c36fced6c7e266ac8c82e646a98658b3a5d2fcda8757a78ed3344c8be9a73644084eb4cf7d7afbb03df8e035cee9b55b3359705f

memory/4148-671-0x00007FF659F70000-0x00007FF65A2C4000-memory.dmp

memory/2776-672-0x00007FF71D970000-0x00007FF71DCC4000-memory.dmp

memory/4956-675-0x00007FF666770000-0x00007FF666AC4000-memory.dmp

memory/3468-676-0x00007FF6332D0000-0x00007FF633624000-memory.dmp

memory/3472-674-0x00007FF715720000-0x00007FF715A74000-memory.dmp

memory/5028-673-0x00007FF6E14E0000-0x00007FF6E1834000-memory.dmp

memory/1536-691-0x00007FF7092E0000-0x00007FF709634000-memory.dmp

memory/5076-702-0x00007FF6EF4B0000-0x00007FF6EF804000-memory.dmp

memory/1028-699-0x00007FF6D2310000-0x00007FF6D2664000-memory.dmp

memory/1980-693-0x00007FF735250000-0x00007FF7355A4000-memory.dmp

memory/2352-688-0x00007FF69E020000-0x00007FF69E374000-memory.dmp

C:\Windows\System\YcPfXko.exe

MD5 1d5e398544c097509221c1e6dcb1cdf7
SHA1 a4d763cb2bc419a037d485a2642636fe9d6d17ab
SHA256 4720b9f92eda2d1e19b39e78deb9f0f33fbeba0b068a473e77935fa5f1d0c3b8
SHA512 b0aaa19fa7d609bbeb6f0405e0faa083e7a851fdba72dd798e30941171540fb32f4c4309c31c5da21eaaaf745efb7a625ae7e3fd9d82c62717723b64834c658b

C:\Windows\System\fohBcuh.exe

MD5 bfade825980ab4ea79a29e0d48d52cd0
SHA1 7d5e2c99e8ca59352aaa5b8b80f93c14008d444c
SHA256 bfd8d2fbf6890d4ab434d7df9a6f07b93d5f114ebf76b7efa6362c2f218156f3
SHA512 05d40042796d15acade4fa2600252c0ad9452ea800c027675a493c86c43014e5b46067efd62bc87568dd55e189dc2835c4241ed23345919c342dfcbb21b8200e

C:\Windows\System\NTGIivu.exe

MD5 5e3eecc5a5884fe12ed200aadd8b96ba
SHA1 7709dfe5be3ce0da44bf7a67c1bc994a0082824d
SHA256 731c560060b3aed5061b74ebfc604378b3ddacfcf18ee92ed1684f90f437a6e7
SHA512 6165ebe7fafdd20c3f775d91d0e9dc2bce14c8310f62ff3a8d26528c2966fecacafb7de6b8167b9fb8182c83dea7c1fca04d607632812df0c331cd660cdb0850

C:\Windows\System\vnhbSGn.exe

MD5 1c1e76c19e2db06ef78f9dade2710f0d
SHA1 55384f65445ccda009a58a05c68ebd18f6ff094b
SHA256 9bf1c404a0fa2c675284ec3b31d5297769b48acc1d9d8977a0089247df15ab80
SHA512 68e904cc0a2dc8233ef395f29236f1b9e8dfb465b51d09ed87f384e587f8d319eedbaba450e57a7f500803917dd1a658de3791287cbb11df930e5e7600034774

C:\Windows\System\wxZjVlr.exe

MD5 7ea778755a8e518821b6f4d4f7e4981c
SHA1 3392c943a5b2c5ea108633d1cf31c5df7b6789f6
SHA256 013af19bc3f9c9787e23da35ded7455f675bb2f9dddf928b4009328ec94e8615
SHA512 193eb3781427ca7d438d895da752ecb0aa36ad669f65a7c5addb6e68f1e605d98b7e31fc1ad7dd7dc93e9d2c687563ffe3794c8eedc25057a2a313f96f1a63b4

C:\Windows\System\tiZnlRi.exe

MD5 012c20097f9450ba3b1fb29e08d35eb3
SHA1 b0f8cb25d8d144fe0dbfa86cee4aec13ddb40e6f
SHA256 a65cf12df01bdc28cd4c326f389eacdfcd4c0ce0181a39027cd2bd0abfcb291d
SHA512 91219c17f4c34d97fa21554484099bde26814a9670f8a82f26c859440263180708bcda16af71683712a322876bae8980811cabcf99dc905f9888b95524810f20

C:\Windows\System\ABFZMfx.exe

MD5 0d010d0c6b05f1208ebdb2e7df01d2c5
SHA1 4a945b4d3147037643eb60daecff48b0c29218ff
SHA256 262a329f367a07f1be8ca9ecbf24466cbcf7de11235d133c370fadaa2f214b60
SHA512 8b8e872882913ee0076e997c82c5e465dc66f25c8f58603b4c547e76f664cab8797b5243dfc9f3f50c06ab20686b9d2e21d0bfaa4ec86f515f13acc7b7bc038a

C:\Windows\System\phmXDbN.exe

MD5 49c415ab1c74a371767840d7e63fd95e
SHA1 a7002a2ae19450b5cbf88a5eeb5ab41f55029df5
SHA256 a71ea9d226ecfe9f54cedeba9a4609aab7c9ccf8f96a3deb7c94664c8bf96765
SHA512 240fafa6f550cee6aa5564a616c32e5b627411e557caa666a6dfa92c7df0b775bdc3be7930d076d9e9598eaeeca1b4dd9df20a34ca2ecc4720c6d0287e948daf

C:\Windows\System\SpdxbJr.exe

MD5 0dd30be019913faf669426bb9827c468
SHA1 af2c7f9c7f43d9e56115b1a0052d298dfc427502
SHA256 c7ff76c8c4f7629242289f1fa7a4dba189a146c1034b68e15d7023b6a7e9e018
SHA512 64ace727f452f028927c13f488df0a777b223d4929cd9179fe3ea2fd570579c43a0609ba4f9e0564f7b09e10425d7a52b82769bfebfb9718c9a52727c4e9668d

C:\Windows\System\gqypdUh.exe

MD5 247ba7279c1e71b6030acfee53dd1138
SHA1 e371f928f49b98725af37500b2d8185c5ad10bfe
SHA256 9cb8fa473198a769f47e97ad24028fa8c1b359ff53deba896751cc13323b474a
SHA512 c37ad309b2c6a7c8aaf85e45ce54086cad0b4e04055ac8076dc196d13ee883bc4044c09cce4e3df6a6b337e901d91a8fa75945e5511c4f4017bab782bdb2a25a

C:\Windows\System\nrbKBHj.exe

MD5 f368fc74a28890d96132348e8fa90ce3
SHA1 ea033e4090ebb770e868b1a7c3ae7d3c41bd7631
SHA256 34a2bc987cc6424373cb24d1100b863c0c1756d1f45cf37f761f02100f9dd9bc
SHA512 187c7514693dee6a4acd8972069f15eeebc67eabf15ab06908df3dd57ec4f2d63f597f9a7cdd06d5040f6427ba3ed31b617affe5df5b5eddb76a9505efc2ac8f

memory/1460-122-0x00007FF7E07A0000-0x00007FF7E0AF4000-memory.dmp

memory/1956-121-0x00007FF7D8DB0000-0x00007FF7D9104000-memory.dmp

memory/2976-117-0x00007FF61EEE0000-0x00007FF61F234000-memory.dmp

memory/4556-116-0x00007FF648750000-0x00007FF648AA4000-memory.dmp

C:\Windows\System\jeeuMBP.exe

MD5 2b1b7d37484429ffee20a6f771e577b2
SHA1 ce54f3b087ce1149855ec2417aa62b998e77c2a9
SHA256 62d28eaa4a0a9e4ff8dfeefc61d7cd9d82ce8fc577256310bb00827b04c92d62
SHA512 0b22be71a8ba98a12dbd7448fccad29c29cb752c6bcd9ae071311a78f4cbeba778820f631eb9991ae4a31bd874bba6b7bbe1a49623fdcf20efb4dbb298246fb7

memory/4520-112-0x00007FF64C610000-0x00007FF64C964000-memory.dmp

memory/4764-110-0x00007FF6F0990000-0x00007FF6F0CE4000-memory.dmp

memory/2336-109-0x00007FF665500000-0x00007FF665854000-memory.dmp

C:\Windows\System\kLUGbEp.exe

MD5 1e05c3daedc2bd0822987ac1a654a8bd
SHA1 063379421e4ee4cb0b9c1f0f72c87a881a1dd46b
SHA256 83d06864309c2a1e42a1776104c5edffa80fc910cdc353bd93f3132813b77273
SHA512 93d8cab5f15afb23ab1ffaf8a0382df675fe5d0ea1cb4402f8ef1eea360e75c7e0e972079ef375f7a47deb2b41a0fdad9b5ba51112d9aff78552ac43b116add1

memory/3340-101-0x00007FF6DA180000-0x00007FF6DA4D4000-memory.dmp

memory/3568-98-0x00007FF7EAAD0000-0x00007FF7EAE24000-memory.dmp

C:\Windows\System\vGZmCUL.exe

MD5 710e0c9b196668cccfd9848520eab1a3
SHA1 e4b5c361e7bf72fc8b42f23300712f560b0f5e21
SHA256 16178222f082c1e223af95f05095afca45d3d27e54f22d995cbeed5fb1e4e412
SHA512 f81af63dfcde57b008b25ede173551b61996a1b1d1b46e44e1ab55dd22936066408e4a1b4b9755e10103dd8d9988ef6bd8d1019755c242d373c343eef00f3389

memory/1992-87-0x00007FF7061D0000-0x00007FF706524000-memory.dmp

memory/4176-73-0x00007FF701E90000-0x00007FF7021E4000-memory.dmp

memory/3228-65-0x00007FF740300000-0x00007FF740654000-memory.dmp

C:\Windows\System\kmOlHUM.exe

MD5 c2354a9abfab57c143ae27771bb82bd1
SHA1 ed29d578fbcb1b3e629ff8332f9afe55a74b1f46
SHA256 7ba2a03c307c74cd35d5f6e10cdb89c974c10074a4911eb590fc95224c358df0
SHA512 ed1987eec6920102d8d67d89c7264b3af189a335c0455966626b382655895367bfecac09718877caf517d02a5917f812324428bfcc1161d04b9d485f452bcfbf

memory/3704-1074-0x00007FF6BC040000-0x00007FF6BC394000-memory.dmp

memory/2584-1075-0x00007FF698A00000-0x00007FF698D54000-memory.dmp

memory/1040-1076-0x00007FF7B67D0000-0x00007FF7B6B24000-memory.dmp

memory/4176-1077-0x00007FF701E90000-0x00007FF7021E4000-memory.dmp

memory/3568-1078-0x00007FF7EAAD0000-0x00007FF7EAE24000-memory.dmp

memory/2336-1079-0x00007FF665500000-0x00007FF665854000-memory.dmp

memory/1992-1080-0x00007FF7061D0000-0x00007FF706524000-memory.dmp

memory/4556-1081-0x00007FF648750000-0x00007FF648AA4000-memory.dmp

memory/1956-1082-0x00007FF7D8DB0000-0x00007FF7D9104000-memory.dmp

memory/1460-1083-0x00007FF7E07A0000-0x00007FF7E0AF4000-memory.dmp

memory/4520-1084-0x00007FF64C610000-0x00007FF64C964000-memory.dmp

memory/4148-1085-0x00007FF659F70000-0x00007FF65A2C4000-memory.dmp

memory/2776-1086-0x00007FF71D970000-0x00007FF71DCC4000-memory.dmp

memory/3964-1087-0x00007FF7B7D20000-0x00007FF7B8074000-memory.dmp

memory/1040-1089-0x00007FF7B67D0000-0x00007FF7B6B24000-memory.dmp

memory/3704-1088-0x00007FF6BC040000-0x00007FF6BC394000-memory.dmp

memory/2584-1090-0x00007FF698A00000-0x00007FF698D54000-memory.dmp

memory/3228-1091-0x00007FF740300000-0x00007FF740654000-memory.dmp

memory/1912-1092-0x00007FF635C40000-0x00007FF635F94000-memory.dmp

memory/1320-1093-0x00007FF6FC970000-0x00007FF6FCCC4000-memory.dmp

memory/3340-1094-0x00007FF6DA180000-0x00007FF6DA4D4000-memory.dmp

memory/4176-1095-0x00007FF701E90000-0x00007FF7021E4000-memory.dmp

memory/1992-1098-0x00007FF7061D0000-0x00007FF706524000-memory.dmp

memory/2336-1097-0x00007FF665500000-0x00007FF665854000-memory.dmp

memory/3568-1100-0x00007FF7EAAD0000-0x00007FF7EAE24000-memory.dmp

memory/2976-1099-0x00007FF61EEE0000-0x00007FF61F234000-memory.dmp

memory/4056-1096-0x00007FF741200000-0x00007FF741554000-memory.dmp

memory/4556-1111-0x00007FF648750000-0x00007FF648AA4000-memory.dmp

memory/5076-1112-0x00007FF6EF4B0000-0x00007FF6EF804000-memory.dmp

memory/1956-1110-0x00007FF7D8DB0000-0x00007FF7D9104000-memory.dmp

memory/1460-1109-0x00007FF7E07A0000-0x00007FF7E0AF4000-memory.dmp

memory/5028-1108-0x00007FF6E14E0000-0x00007FF6E1834000-memory.dmp

memory/3472-1107-0x00007FF715720000-0x00007FF715A74000-memory.dmp

memory/4956-1106-0x00007FF666770000-0x00007FF666AC4000-memory.dmp

memory/3468-1105-0x00007FF6332D0000-0x00007FF633624000-memory.dmp

memory/2352-1104-0x00007FF69E020000-0x00007FF69E374000-memory.dmp

memory/1536-1103-0x00007FF7092E0000-0x00007FF709634000-memory.dmp

memory/1980-1102-0x00007FF735250000-0x00007FF7355A4000-memory.dmp

memory/1028-1101-0x00007FF6D2310000-0x00007FF6D2664000-memory.dmp