Analysis

  • max time kernel
    159s
  • max time network
    167s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    02-03-2024 20:26

General

  • Target

    TrashMalwares-main/NetPakoe.bat

  • Size

    635B

  • MD5

    6c5a9741a170d3ac2e2c89d3e91ea6ea

  • SHA1

    7034266eefee8c6437d966f5d91ea82e50e10d59

  • SHA256

    4d1a5d2255194f08a772aef2363514890ecd620dfc49e5b701fc8f2e2388e616

  • SHA512

    9dcf12e971da1c78d92dd7ff824d50e8487ae61bfb9dcbfea6c38f8ebba22994fde19d825e44f4632aba9e0fc34d75cd87e090b75ed78b51b908128cc22ce29c

Score
8/10

Malware Config

Signatures

  • Modifies Installed Components in the registry 2 TTPs 2 IoCs
  • Drops startup file 6 IoCs
  • Kills process with taskkill 64 IoCs
  • Suspicious use of AdjustPrivilegeToken 3 IoCs
  • Suspicious use of WriteProcessMemory 42 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c "C:\Users\Admin\AppData\Local\Temp\TrashMalwares-main\NetPakoe.bat"
    1⤵
    • Drops startup file
    • Suspicious use of WriteProcessMemory
    PID:2632
    • C:\Windows\system32\taskkill.exe
      taskkill /im Task Manager.exe /F
      2⤵
      • Kills process with taskkill
      PID:2652
    • C:\Windows\system32\taskkill.exe
      taskkill /im explorer.exe /F
      2⤵
      • Kills process with taskkill
      • Suspicious use of AdjustPrivilegeToken
      PID:2640
    • C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /K NetPakoe.bat
      2⤵
      • Drops startup file
      • Suspicious use of WriteProcessMemory
      PID:3064
      • C:\Windows\system32\taskkill.exe
        taskkill /im Task Manager.exe /F
        3⤵
          PID:2432
        • C:\Windows\system32\taskkill.exe
          taskkill /im explorer.exe /F
          3⤵
          • Kills process with taskkill
          • Suspicious use of AdjustPrivilegeToken
          PID:1980
        • C:\Windows\system32\cmd.exe
          C:\Windows\system32\cmd.exe /K NetPakoe.bat
          3⤵
          • Drops startup file
          • Suspicious use of WriteProcessMemory
          PID:536
          • C:\Windows\system32\taskkill.exe
            taskkill /im Task Manager.exe /F
            4⤵
            • Kills process with taskkill
            PID:2752
          • C:\Windows\system32\taskkill.exe
            taskkill /im explorer.exe /F
            4⤵
            • Kills process with taskkill
            PID:1988
          • C:\Windows\system32\cmd.exe
            C:\Windows\system32\cmd.exe /K NetPakoe.bat
            4⤵
              PID:1932
              • C:\Windows\system32\taskkill.exe
                taskkill /im Task Manager.exe /F
                5⤵
                • Kills process with taskkill
                PID:2264
              • C:\Windows\system32\taskkill.exe
                taskkill /im explorer.exe /F
                5⤵
                • Kills process with taskkill
                PID:2916
              • C:\Windows\system32\cmd.exe
                C:\Windows\system32\cmd.exe /K NetPakoe.bat
                5⤵
                  PID:868
                  • C:\Windows\system32\taskkill.exe
                    taskkill /im Task Manager.exe /F
                    6⤵
                      PID:1588
                    • C:\Windows\system32\taskkill.exe
                      taskkill /im explorer.exe /F
                      6⤵
                      • Kills process with taskkill
                      PID:520
                    • C:\Windows\system32\cmd.exe
                      C:\Windows\system32\cmd.exe /K NetPakoe.bat
                      6⤵
                        PID:2264
                        • C:\Windows\system32\taskkill.exe
                          taskkill /im Task Manager.exe /F
                          7⤵
                          • Kills process with taskkill
                          PID:2532
                        • C:\Windows\system32\taskkill.exe
                          taskkill /im explorer.exe /F
                          7⤵
                            PID:1304
                        • C:\Windows\system32\cmd.exe
                          C:\Windows\system32\cmd.exe /K NetPakoe
                          6⤵
                            PID:2900
                            • C:\Windows\system32\taskkill.exe
                              taskkill /im Task Manager.exe /F
                              7⤵
                              • Kills process with taskkill
                              PID:2060
                            • C:\Windows\system32\taskkill.exe
                              taskkill /im explorer.exe /F
                              7⤵
                              • Kills process with taskkill
                              PID:2816
                          • C:\Windows\explorer.exe
                            explorer
                            6⤵
                              PID:2692
                          • C:\Windows\system32\cmd.exe
                            C:\Windows\system32\cmd.exe /K NetPakoe
                            5⤵
                              PID:2400
                              • C:\Windows\system32\taskkill.exe
                                taskkill /im Task Manager.exe /F
                                6⤵
                                  PID:1428
                                • C:\Windows\system32\taskkill.exe
                                  taskkill /im explorer.exe /F
                                  6⤵
                                  • Kills process with taskkill
                                  PID:1044
                                • C:\Windows\system32\cmd.exe
                                  C:\Windows\system32\cmd.exe /K NetPakoe.bat
                                  6⤵
                                    PID:1584
                                    • C:\Windows\system32\taskkill.exe
                                      taskkill /im Task Manager.exe /F
                                      7⤵
                                      • Kills process with taskkill
                                      PID:3084
                                    • C:\Windows\system32\taskkill.exe
                                      taskkill /im explorer.exe /F
                                      7⤵
                                        PID:3736
                                    • C:\Windows\system32\cmd.exe
                                      C:\Windows\system32\cmd.exe /K NetPakoe
                                      6⤵
                                        PID:1696
                                        • C:\Windows\system32\taskkill.exe
                                          taskkill /im Task Manager.exe /F
                                          7⤵
                                            PID:984
                                          • C:\Windows\system32\taskkill.exe
                                            taskkill /im explorer.exe /F
                                            7⤵
                                              PID:2060
                                          • C:\Windows\explorer.exe
                                            explorer
                                            6⤵
                                              PID:984
                                          • C:\Windows\explorer.exe
                                            explorer
                                            5⤵
                                              PID:704
                                          • C:\Windows\system32\cmd.exe
                                            C:\Windows\system32\cmd.exe /K NetPakoe
                                            4⤵
                                              PID:1544
                                              • C:\Windows\system32\taskkill.exe
                                                taskkill /im Task Manager.exe /F
                                                5⤵
                                                  PID:2568
                                                • C:\Windows\system32\taskkill.exe
                                                  taskkill /im explorer.exe /F
                                                  5⤵
                                                    PID:1796
                                                  • C:\Windows\system32\cmd.exe
                                                    C:\Windows\system32\cmd.exe /K NetPakoe.bat
                                                    5⤵
                                                      PID:1632
                                                      • C:\Windows\system32\taskkill.exe
                                                        taskkill /im Task Manager.exe /F
                                                        6⤵
                                                          PID:1436
                                                        • C:\Windows\system32\taskkill.exe
                                                          taskkill /im explorer.exe /F
                                                          6⤵
                                                            PID:320
                                                          • C:\Windows\system32\cmd.exe
                                                            C:\Windows\system32\cmd.exe /K NetPakoe.bat
                                                            6⤵
                                                              PID:2684
                                                              • C:\Windows\system32\taskkill.exe
                                                                taskkill /im Task Manager.exe /F
                                                                7⤵
                                                                • Kills process with taskkill
                                                                PID:3160
                                                              • C:\Windows\system32\taskkill.exe
                                                                taskkill /im explorer.exe /F
                                                                7⤵
                                                                • Kills process with taskkill
                                                                PID:1572
                                                            • C:\Windows\system32\cmd.exe
                                                              C:\Windows\system32\cmd.exe /K NetPakoe
                                                              6⤵
                                                                PID:2404
                                                                • C:\Windows\system32\taskkill.exe
                                                                  taskkill /im Task Manager.exe /F
                                                                  7⤵
                                                                    PID:1484
                                                                  • C:\Windows\system32\taskkill.exe
                                                                    taskkill /im explorer.exe /F
                                                                    7⤵
                                                                      PID:3500
                                                                  • C:\Windows\explorer.exe
                                                                    explorer
                                                                    6⤵
                                                                      PID:464
                                                                  • C:\Windows\system32\cmd.exe
                                                                    C:\Windows\system32\cmd.exe /K NetPakoe
                                                                    5⤵
                                                                      PID:1752
                                                                      • C:\Windows\system32\taskkill.exe
                                                                        taskkill /im Task Manager.exe /F
                                                                        6⤵
                                                                        • Kills process with taskkill
                                                                        PID:2424
                                                                      • C:\Windows\system32\taskkill.exe
                                                                        taskkill /im explorer.exe /F
                                                                        6⤵
                                                                        • Kills process with taskkill
                                                                        PID:2252
                                                                      • C:\Windows\system32\cmd.exe
                                                                        C:\Windows\system32\cmd.exe /K NetPakoe.bat
                                                                        6⤵
                                                                          PID:2176
                                                                          • C:\Windows\system32\taskkill.exe
                                                                            taskkill /im Task Manager.exe /F
                                                                            7⤵
                                                                            • Kills process with taskkill
                                                                            PID:3416
                                                                          • C:\Windows\system32\taskkill.exe
                                                                            taskkill /im explorer.exe /F
                                                                            7⤵
                                                                              PID:2396
                                                                          • C:\Windows\system32\cmd.exe
                                                                            C:\Windows\system32\cmd.exe /K NetPakoe
                                                                            6⤵
                                                                              PID:1776
                                                                              • C:\Windows\system32\taskkill.exe
                                                                                taskkill /im Task Manager.exe /F
                                                                                7⤵
                                                                                  PID:3460
                                                                                • C:\Windows\system32\taskkill.exe
                                                                                  taskkill /im explorer.exe /F
                                                                                  7⤵
                                                                                    PID:2896
                                                                                • C:\Windows\explorer.exe
                                                                                  explorer
                                                                                  6⤵
                                                                                    PID:2316
                                                                                • C:\Windows\explorer.exe
                                                                                  explorer
                                                                                  5⤵
                                                                                    PID:2168
                                                                                • C:\Windows\explorer.exe
                                                                                  explorer
                                                                                  4⤵
                                                                                    PID:1416
                                                                                • C:\Windows\system32\cmd.exe
                                                                                  C:\Windows\system32\cmd.exe /K NetPakoe
                                                                                  3⤵
                                                                                  • Drops startup file
                                                                                  • Suspicious use of WriteProcessMemory
                                                                                  PID:1508
                                                                                  • C:\Windows\system32\taskkill.exe
                                                                                    taskkill /im Task Manager.exe /F
                                                                                    4⤵
                                                                                    • Kills process with taskkill
                                                                                    PID:2728
                                                                                  • C:\Windows\system32\taskkill.exe
                                                                                    taskkill /im explorer.exe /F
                                                                                    4⤵
                                                                                      PID:1640
                                                                                    • C:\Windows\system32\cmd.exe
                                                                                      C:\Windows\system32\cmd.exe /K NetPakoe.bat
                                                                                      4⤵
                                                                                        PID:2812
                                                                                        • C:\Windows\system32\taskkill.exe
                                                                                          taskkill /im Task Manager.exe /F
                                                                                          5⤵
                                                                                          • Kills process with taskkill
                                                                                          PID:1252
                                                                                        • C:\Windows\system32\taskkill.exe
                                                                                          taskkill /im explorer.exe /F
                                                                                          5⤵
                                                                                            PID:2284
                                                                                          • C:\Windows\system32\cmd.exe
                                                                                            C:\Windows\system32\cmd.exe /K NetPakoe.bat
                                                                                            5⤵
                                                                                              PID:2736
                                                                                              • C:\Windows\system32\taskkill.exe
                                                                                                taskkill /im Task Manager.exe /F
                                                                                                6⤵
                                                                                                  PID:1944
                                                                                                • C:\Windows\system32\taskkill.exe
                                                                                                  taskkill /im explorer.exe /F
                                                                                                  6⤵
                                                                                                    PID:2924
                                                                                                  • C:\Windows\system32\cmd.exe
                                                                                                    C:\Windows\system32\cmd.exe /K NetPakoe.bat
                                                                                                    6⤵
                                                                                                      PID:1416
                                                                                                      • C:\Windows\system32\taskkill.exe
                                                                                                        taskkill /im Task Manager.exe /F
                                                                                                        7⤵
                                                                                                        • Kills process with taskkill
                                                                                                        PID:2884
                                                                                                      • C:\Windows\system32\taskkill.exe
                                                                                                        taskkill /im explorer.exe /F
                                                                                                        7⤵
                                                                                                        • Kills process with taskkill
                                                                                                        PID:1684
                                                                                                      • C:\Windows\system32\cmd.exe
                                                                                                        C:\Windows\system32\cmd.exe /K NetPakoe.bat
                                                                                                        7⤵
                                                                                                          PID:3212
                                                                                                          • C:\Windows\system32\taskkill.exe
                                                                                                            taskkill /im Task Manager.exe /F
                                                                                                            8⤵
                                                                                                            • Kills process with taskkill
                                                                                                            PID:3772
                                                                                                        • C:\Windows\system32\cmd.exe
                                                                                                          C:\Windows\system32\cmd.exe /K NetPakoe
                                                                                                          7⤵
                                                                                                            PID:2792
                                                                                                            • C:\Windows\system32\taskkill.exe
                                                                                                              taskkill /im Task Manager.exe /F
                                                                                                              8⤵
                                                                                                              • Kills process with taskkill
                                                                                                              PID:3696
                                                                                                          • C:\Windows\explorer.exe
                                                                                                            explorer
                                                                                                            7⤵
                                                                                                              PID:2588
                                                                                                          • C:\Windows\system32\cmd.exe
                                                                                                            C:\Windows\system32\cmd.exe /K NetPakoe
                                                                                                            6⤵
                                                                                                              PID:1800
                                                                                                              • C:\Windows\system32\taskkill.exe
                                                                                                                taskkill /im Task Manager.exe /F
                                                                                                                7⤵
                                                                                                                • Kills process with taskkill
                                                                                                                PID:2272
                                                                                                              • C:\Windows\system32\taskkill.exe
                                                                                                                taskkill /im explorer.exe /F
                                                                                                                7⤵
                                                                                                                  PID:1588
                                                                                                                • C:\Windows\system32\cmd.exe
                                                                                                                  C:\Windows\system32\cmd.exe /K NetPakoe.bat
                                                                                                                  7⤵
                                                                                                                    PID:3460
                                                                                                                    • C:\Windows\system32\taskkill.exe
                                                                                                                      taskkill /im Task Manager.exe /F
                                                                                                                      8⤵
                                                                                                                        PID:3804
                                                                                                                    • C:\Windows\system32\cmd.exe
                                                                                                                      C:\Windows\system32\cmd.exe /K NetPakoe
                                                                                                                      7⤵
                                                                                                                        PID:912
                                                                                                                        • C:\Windows\system32\taskkill.exe
                                                                                                                          taskkill /im Task Manager.exe /F
                                                                                                                          8⤵
                                                                                                                            PID:3436
                                                                                                                        • C:\Windows\explorer.exe
                                                                                                                          explorer
                                                                                                                          7⤵
                                                                                                                            PID:3408
                                                                                                                        • C:\Windows\explorer.exe
                                                                                                                          explorer
                                                                                                                          6⤵
                                                                                                                            PID:2644
                                                                                                                        • C:\Windows\system32\cmd.exe
                                                                                                                          C:\Windows\system32\cmd.exe /K NetPakoe
                                                                                                                          5⤵
                                                                                                                            PID:2712
                                                                                                                            • C:\Windows\system32\taskkill.exe
                                                                                                                              taskkill /im Task Manager.exe /F
                                                                                                                              6⤵
                                                                                                                              • Kills process with taskkill
                                                                                                                              PID:1336
                                                                                                                            • C:\Windows\system32\taskkill.exe
                                                                                                                              taskkill /im explorer.exe /F
                                                                                                                              6⤵
                                                                                                                                PID:1756
                                                                                                                              • C:\Windows\system32\cmd.exe
                                                                                                                                C:\Windows\system32\cmd.exe /K NetPakoe.bat
                                                                                                                                6⤵
                                                                                                                                  PID:872
                                                                                                                                  • C:\Windows\system32\taskkill.exe
                                                                                                                                    taskkill /im Task Manager.exe /F
                                                                                                                                    7⤵
                                                                                                                                      PID:1216
                                                                                                                                    • C:\Windows\system32\taskkill.exe
                                                                                                                                      taskkill /im explorer.exe /F
                                                                                                                                      7⤵
                                                                                                                                      • Kills process with taskkill
                                                                                                                                      PID:2160
                                                                                                                                    • C:\Windows\system32\cmd.exe
                                                                                                                                      C:\Windows\system32\cmd.exe /K NetPakoe.bat
                                                                                                                                      7⤵
                                                                                                                                        PID:2120
                                                                                                                                        • C:\Windows\system32\taskkill.exe
                                                                                                                                          taskkill /im Task Manager.exe /F
                                                                                                                                          8⤵
                                                                                                                                          • Kills process with taskkill
                                                                                                                                          PID:3140
                                                                                                                                      • C:\Windows\system32\cmd.exe
                                                                                                                                        C:\Windows\system32\cmd.exe /K NetPakoe
                                                                                                                                        7⤵
                                                                                                                                          PID:3572
                                                                                                                                          • C:\Windows\system32\taskkill.exe
                                                                                                                                            taskkill /im Task Manager.exe /F
                                                                                                                                            8⤵
                                                                                                                                            • Kills process with taskkill
                                                                                                                                            PID:3076
                                                                                                                                        • C:\Windows\explorer.exe
                                                                                                                                          explorer
                                                                                                                                          7⤵
                                                                                                                                            PID:3528
                                                                                                                                        • C:\Windows\system32\cmd.exe
                                                                                                                                          C:\Windows\system32\cmd.exe /K NetPakoe
                                                                                                                                          6⤵
                                                                                                                                            PID:2032
                                                                                                                                            • C:\Windows\system32\taskkill.exe
                                                                                                                                              taskkill /im Task Manager.exe /F
                                                                                                                                              7⤵
                                                                                                                                              • Kills process with taskkill
                                                                                                                                              PID:2164
                                                                                                                                            • C:\Windows\system32\taskkill.exe
                                                                                                                                              taskkill /im explorer.exe /F
                                                                                                                                              7⤵
                                                                                                                                              • Kills process with taskkill
                                                                                                                                              PID:1428
                                                                                                                                            • C:\Windows\system32\cmd.exe
                                                                                                                                              C:\Windows\system32\cmd.exe /K NetPakoe.bat
                                                                                                                                              7⤵
                                                                                                                                                PID:1712
                                                                                                                                                • C:\Windows\system32\taskkill.exe
                                                                                                                                                  taskkill /im Task Manager.exe /F
                                                                                                                                                  8⤵
                                                                                                                                                    PID:3820
                                                                                                                                                • C:\Windows\system32\cmd.exe
                                                                                                                                                  C:\Windows\system32\cmd.exe /K NetPakoe
                                                                                                                                                  7⤵
                                                                                                                                                    PID:3308
                                                                                                                                                    • C:\Windows\system32\taskkill.exe
                                                                                                                                                      taskkill /im Task Manager.exe /F
                                                                                                                                                      8⤵
                                                                                                                                                      • Kills process with taskkill
                                                                                                                                                      PID:3996
                                                                                                                                                  • C:\Windows\explorer.exe
                                                                                                                                                    explorer
                                                                                                                                                    7⤵
                                                                                                                                                      PID:3456
                                                                                                                                                  • C:\Windows\explorer.exe
                                                                                                                                                    explorer
                                                                                                                                                    6⤵
                                                                                                                                                      PID:3060
                                                                                                                                                  • C:\Windows\explorer.exe
                                                                                                                                                    explorer
                                                                                                                                                    5⤵
                                                                                                                                                      PID:2716
                                                                                                                                                  • C:\Windows\system32\cmd.exe
                                                                                                                                                    C:\Windows\system32\cmd.exe /K NetPakoe
                                                                                                                                                    4⤵
                                                                                                                                                      PID:568
                                                                                                                                                      • C:\Windows\system32\taskkill.exe
                                                                                                                                                        taskkill /im Task Manager.exe /F
                                                                                                                                                        5⤵
                                                                                                                                                        • Kills process with taskkill
                                                                                                                                                        PID:1672
                                                                                                                                                      • C:\Windows\system32\taskkill.exe
                                                                                                                                                        taskkill /im explorer.exe /F
                                                                                                                                                        5⤵
                                                                                                                                                          PID:532
                                                                                                                                                        • C:\Windows\system32\cmd.exe
                                                                                                                                                          C:\Windows\system32\cmd.exe /K NetPakoe.bat
                                                                                                                                                          5⤵
                                                                                                                                                            PID:1060
                                                                                                                                                            • C:\Windows\system32\taskkill.exe
                                                                                                                                                              taskkill /im Task Manager.exe /F
                                                                                                                                                              6⤵
                                                                                                                                                              • Kills process with taskkill
                                                                                                                                                              PID:2456
                                                                                                                                                            • C:\Windows\system32\taskkill.exe
                                                                                                                                                              taskkill /im explorer.exe /F
                                                                                                                                                              6⤵
                                                                                                                                                                PID:1896
                                                                                                                                                              • C:\Windows\system32\cmd.exe
                                                                                                                                                                C:\Windows\system32\cmd.exe /K NetPakoe.bat
                                                                                                                                                                6⤵
                                                                                                                                                                  PID:1100
                                                                                                                                                                  • C:\Windows\system32\taskkill.exe
                                                                                                                                                                    taskkill /im Task Manager.exe /F
                                                                                                                                                                    7⤵
                                                                                                                                                                      PID:3648
                                                                                                                                                                    • C:\Windows\system32\taskkill.exe
                                                                                                                                                                      taskkill /im explorer.exe /F
                                                                                                                                                                      7⤵
                                                                                                                                                                      • Kills process with taskkill
                                                                                                                                                                      PID:3276
                                                                                                                                                                  • C:\Windows\system32\cmd.exe
                                                                                                                                                                    C:\Windows\system32\cmd.exe /K NetPakoe
                                                                                                                                                                    6⤵
                                                                                                                                                                      PID:1628
                                                                                                                                                                      • C:\Windows\system32\taskkill.exe
                                                                                                                                                                        taskkill /im Task Manager.exe /F
                                                                                                                                                                        7⤵
                                                                                                                                                                        • Kills process with taskkill
                                                                                                                                                                        PID:3724
                                                                                                                                                                      • C:\Windows\system32\taskkill.exe
                                                                                                                                                                        taskkill /im explorer.exe /F
                                                                                                                                                                        7⤵
                                                                                                                                                                          PID:3176
                                                                                                                                                                      • C:\Windows\explorer.exe
                                                                                                                                                                        explorer
                                                                                                                                                                        6⤵
                                                                                                                                                                          PID:2456
                                                                                                                                                                      • C:\Windows\system32\cmd.exe
                                                                                                                                                                        C:\Windows\system32\cmd.exe /K NetPakoe
                                                                                                                                                                        5⤵
                                                                                                                                                                          PID:2904
                                                                                                                                                                          • C:\Windows\system32\taskkill.exe
                                                                                                                                                                            taskkill /im Task Manager.exe /F
                                                                                                                                                                            6⤵
                                                                                                                                                                              PID:1420
                                                                                                                                                                            • C:\Windows\system32\taskkill.exe
                                                                                                                                                                              taskkill /im explorer.exe /F
                                                                                                                                                                              6⤵
                                                                                                                                                                                PID:2656
                                                                                                                                                                              • C:\Windows\system32\cmd.exe
                                                                                                                                                                                C:\Windows\system32\cmd.exe /K NetPakoe.bat
                                                                                                                                                                                6⤵
                                                                                                                                                                                  PID:1320
                                                                                                                                                                                  • C:\Windows\system32\taskkill.exe
                                                                                                                                                                                    taskkill /im Task Manager.exe /F
                                                                                                                                                                                    7⤵
                                                                                                                                                                                    • Kills process with taskkill
                                                                                                                                                                                    PID:3368
                                                                                                                                                                                  • C:\Windows\system32\taskkill.exe
                                                                                                                                                                                    taskkill /im explorer.exe /F
                                                                                                                                                                                    7⤵
                                                                                                                                                                                    • Kills process with taskkill
                                                                                                                                                                                    PID:2172
                                                                                                                                                                                • C:\Windows\system32\cmd.exe
                                                                                                                                                                                  C:\Windows\system32\cmd.exe /K NetPakoe
                                                                                                                                                                                  6⤵
                                                                                                                                                                                    PID:1664
                                                                                                                                                                                    • C:\Windows\system32\taskkill.exe
                                                                                                                                                                                      taskkill /im Task Manager.exe /F
                                                                                                                                                                                      7⤵
                                                                                                                                                                                        PID:3628
                                                                                                                                                                                      • C:\Windows\system32\taskkill.exe
                                                                                                                                                                                        taskkill /im explorer.exe /F
                                                                                                                                                                                        7⤵
                                                                                                                                                                                        • Kills process with taskkill
                                                                                                                                                                                        PID:3884
                                                                                                                                                                                    • C:\Windows\explorer.exe
                                                                                                                                                                                      explorer
                                                                                                                                                                                      6⤵
                                                                                                                                                                                        PID:2056
                                                                                                                                                                                    • C:\Windows\explorer.exe
                                                                                                                                                                                      explorer
                                                                                                                                                                                      5⤵
                                                                                                                                                                                        PID:2144
                                                                                                                                                                                    • C:\Windows\explorer.exe
                                                                                                                                                                                      explorer
                                                                                                                                                                                      4⤵
                                                                                                                                                                                        PID:3032
                                                                                                                                                                                    • C:\Windows\explorer.exe
                                                                                                                                                                                      explorer
                                                                                                                                                                                      3⤵
                                                                                                                                                                                      • Modifies Installed Components in the registry
                                                                                                                                                                                      PID:1660
                                                                                                                                                                                  • C:\Windows\system32\cmd.exe
                                                                                                                                                                                    C:\Windows\system32\cmd.exe /K NetPakoe
                                                                                                                                                                                    2⤵
                                                                                                                                                                                    • Drops startup file
                                                                                                                                                                                    • Suspicious use of WriteProcessMemory
                                                                                                                                                                                    PID:2544
                                                                                                                                                                                    • C:\Windows\system32\taskkill.exe
                                                                                                                                                                                      taskkill /im Task Manager.exe /F
                                                                                                                                                                                      3⤵
                                                                                                                                                                                      • Kills process with taskkill
                                                                                                                                                                                      PID:3036
                                                                                                                                                                                    • C:\Windows\system32\taskkill.exe
                                                                                                                                                                                      taskkill /im explorer.exe /F
                                                                                                                                                                                      3⤵
                                                                                                                                                                                      • Suspicious use of AdjustPrivilegeToken
                                                                                                                                                                                      PID:1044
                                                                                                                                                                                    • C:\Windows\system32\cmd.exe
                                                                                                                                                                                      C:\Windows\system32\cmd.exe /K NetPakoe.bat
                                                                                                                                                                                      3⤵
                                                                                                                                                                                        PID:1900
                                                                                                                                                                                        • C:\Windows\system32\taskkill.exe
                                                                                                                                                                                          taskkill /im Task Manager.exe /F
                                                                                                                                                                                          4⤵
                                                                                                                                                                                            PID:2056
                                                                                                                                                                                          • C:\Windows\system32\taskkill.exe
                                                                                                                                                                                            taskkill /im explorer.exe /F
                                                                                                                                                                                            4⤵
                                                                                                                                                                                            • Kills process with taskkill
                                                                                                                                                                                            PID:2244
                                                                                                                                                                                          • C:\Windows\system32\cmd.exe
                                                                                                                                                                                            C:\Windows\system32\cmd.exe /K NetPakoe.bat
                                                                                                                                                                                            4⤵
                                                                                                                                                                                              PID:1568
                                                                                                                                                                                              • C:\Windows\system32\taskkill.exe
                                                                                                                                                                                                taskkill /im Task Manager.exe /F
                                                                                                                                                                                                5⤵
                                                                                                                                                                                                  PID:2868
                                                                                                                                                                                                • C:\Windows\system32\taskkill.exe
                                                                                                                                                                                                  taskkill /im explorer.exe /F
                                                                                                                                                                                                  5⤵
                                                                                                                                                                                                  • Kills process with taskkill
                                                                                                                                                                                                  PID:2132
                                                                                                                                                                                                • C:\Windows\system32\cmd.exe
                                                                                                                                                                                                  C:\Windows\system32\cmd.exe /K NetPakoe.bat
                                                                                                                                                                                                  5⤵
                                                                                                                                                                                                    PID:1732
                                                                                                                                                                                                    • C:\Windows\system32\taskkill.exe
                                                                                                                                                                                                      taskkill /im Task Manager.exe /F
                                                                                                                                                                                                      6⤵
                                                                                                                                                                                                      • Kills process with taskkill
                                                                                                                                                                                                      PID:3848
                                                                                                                                                                                                    • C:\Windows\system32\taskkill.exe
                                                                                                                                                                                                      taskkill /im explorer.exe /F
                                                                                                                                                                                                      6⤵
                                                                                                                                                                                                      • Kills process with taskkill
                                                                                                                                                                                                      PID:4084
                                                                                                                                                                                                  • C:\Windows\system32\cmd.exe
                                                                                                                                                                                                    C:\Windows\system32\cmd.exe /K NetPakoe
                                                                                                                                                                                                    5⤵
                                                                                                                                                                                                      PID:2008
                                                                                                                                                                                                      • C:\Windows\system32\taskkill.exe
                                                                                                                                                                                                        taskkill /im Task Manager.exe /F
                                                                                                                                                                                                        6⤵
                                                                                                                                                                                                          PID:3828
                                                                                                                                                                                                        • C:\Windows\system32\taskkill.exe
                                                                                                                                                                                                          taskkill /im explorer.exe /F
                                                                                                                                                                                                          6⤵
                                                                                                                                                                                                            PID:924
                                                                                                                                                                                                        • C:\Windows\explorer.exe
                                                                                                                                                                                                          explorer
                                                                                                                                                                                                          5⤵
                                                                                                                                                                                                            PID:1712
                                                                                                                                                                                                        • C:\Windows\system32\cmd.exe
                                                                                                                                                                                                          C:\Windows\system32\cmd.exe /K NetPakoe
                                                                                                                                                                                                          4⤵
                                                                                                                                                                                                            PID:1864
                                                                                                                                                                                                            • C:\Windows\system32\taskkill.exe
                                                                                                                                                                                                              taskkill /im Task Manager.exe /F
                                                                                                                                                                                                              5⤵
                                                                                                                                                                                                                PID:1828
                                                                                                                                                                                                              • C:\Windows\system32\taskkill.exe
                                                                                                                                                                                                                taskkill /im explorer.exe /F
                                                                                                                                                                                                                5⤵
                                                                                                                                                                                                                • Kills process with taskkill
                                                                                                                                                                                                                PID:2220
                                                                                                                                                                                                              • C:\Windows\system32\cmd.exe
                                                                                                                                                                                                                C:\Windows\system32\cmd.exe /K NetPakoe.bat
                                                                                                                                                                                                                5⤵
                                                                                                                                                                                                                  PID:3292
                                                                                                                                                                                                                  • C:\Windows\system32\taskkill.exe
                                                                                                                                                                                                                    taskkill /im Task Manager.exe /F
                                                                                                                                                                                                                    6⤵
                                                                                                                                                                                                                    • Kills process with taskkill
                                                                                                                                                                                                                    PID:3180
                                                                                                                                                                                                                • C:\Windows\system32\cmd.exe
                                                                                                                                                                                                                  C:\Windows\system32\cmd.exe /K NetPakoe
                                                                                                                                                                                                                  5⤵
                                                                                                                                                                                                                    PID:3300
                                                                                                                                                                                                                    • C:\Windows\system32\taskkill.exe
                                                                                                                                                                                                                      taskkill /im Task Manager.exe /F
                                                                                                                                                                                                                      6⤵
                                                                                                                                                                                                                      • Kills process with taskkill
                                                                                                                                                                                                                      PID:3552
                                                                                                                                                                                                                    • C:\Windows\system32\taskkill.exe
                                                                                                                                                                                                                      taskkill /im explorer.exe /F
                                                                                                                                                                                                                      6⤵
                                                                                                                                                                                                                        PID:3916
                                                                                                                                                                                                                    • C:\Windows\explorer.exe
                                                                                                                                                                                                                      explorer
                                                                                                                                                                                                                      5⤵
                                                                                                                                                                                                                        PID:3308
                                                                                                                                                                                                                    • C:\Windows\explorer.exe
                                                                                                                                                                                                                      explorer
                                                                                                                                                                                                                      4⤵
                                                                                                                                                                                                                        PID:2836
                                                                                                                                                                                                                    • C:\Windows\system32\cmd.exe
                                                                                                                                                                                                                      C:\Windows\system32\cmd.exe /K NetPakoe
                                                                                                                                                                                                                      3⤵
                                                                                                                                                                                                                        PID:1916
                                                                                                                                                                                                                        • C:\Windows\system32\taskkill.exe
                                                                                                                                                                                                                          taskkill /im Task Manager.exe /F
                                                                                                                                                                                                                          4⤵
                                                                                                                                                                                                                          • Kills process with taskkill
                                                                                                                                                                                                                          PID:1424
                                                                                                                                                                                                                        • C:\Windows\system32\taskkill.exe
                                                                                                                                                                                                                          taskkill /im explorer.exe /F
                                                                                                                                                                                                                          4⤵
                                                                                                                                                                                                                            PID:1964
                                                                                                                                                                                                                          • C:\Windows\system32\cmd.exe
                                                                                                                                                                                                                            C:\Windows\system32\cmd.exe /K NetPakoe.bat
                                                                                                                                                                                                                            4⤵
                                                                                                                                                                                                                              PID:2000
                                                                                                                                                                                                                              • C:\Windows\system32\taskkill.exe
                                                                                                                                                                                                                                taskkill /im Task Manager.exe /F
                                                                                                                                                                                                                                5⤵
                                                                                                                                                                                                                                • Kills process with taskkill
                                                                                                                                                                                                                                PID:1284
                                                                                                                                                                                                                              • C:\Windows\system32\taskkill.exe
                                                                                                                                                                                                                                taskkill /im explorer.exe /F
                                                                                                                                                                                                                                5⤵
                                                                                                                                                                                                                                  PID:1376
                                                                                                                                                                                                                                • C:\Windows\system32\cmd.exe
                                                                                                                                                                                                                                  C:\Windows\system32\cmd.exe /K NetPakoe.bat
                                                                                                                                                                                                                                  5⤵
                                                                                                                                                                                                                                    PID:1368
                                                                                                                                                                                                                                    • C:\Windows\system32\taskkill.exe
                                                                                                                                                                                                                                      taskkill /im Task Manager.exe /F
                                                                                                                                                                                                                                      6⤵
                                                                                                                                                                                                                                      • Kills process with taskkill
                                                                                                                                                                                                                                      PID:2164
                                                                                                                                                                                                                                    • C:\Windows\system32\taskkill.exe
                                                                                                                                                                                                                                      taskkill /im explorer.exe /F
                                                                                                                                                                                                                                      6⤵
                                                                                                                                                                                                                                      • Kills process with taskkill
                                                                                                                                                                                                                                      PID:2832
                                                                                                                                                                                                                                    • C:\Windows\system32\cmd.exe
                                                                                                                                                                                                                                      C:\Windows\system32\cmd.exe /K NetPakoe.bat
                                                                                                                                                                                                                                      6⤵
                                                                                                                                                                                                                                        PID:612
                                                                                                                                                                                                                                        • C:\Windows\system32\taskkill.exe
                                                                                                                                                                                                                                          taskkill /im Task Manager.exe /F
                                                                                                                                                                                                                                          7⤵
                                                                                                                                                                                                                                            PID:2100
                                                                                                                                                                                                                                          • C:\Windows\system32\taskkill.exe
                                                                                                                                                                                                                                            taskkill /im explorer.exe /F
                                                                                                                                                                                                                                            7⤵
                                                                                                                                                                                                                                            • Kills process with taskkill
                                                                                                                                                                                                                                            PID:2780
                                                                                                                                                                                                                                          • C:\Windows\system32\cmd.exe
                                                                                                                                                                                                                                            C:\Windows\system32\cmd.exe /K NetPakoe.bat
                                                                                                                                                                                                                                            7⤵
                                                                                                                                                                                                                                              PID:3668
                                                                                                                                                                                                                                              • C:\Windows\system32\taskkill.exe
                                                                                                                                                                                                                                                taskkill /im Task Manager.exe /F
                                                                                                                                                                                                                                                8⤵
                                                                                                                                                                                                                                                  PID:2276
                                                                                                                                                                                                                                              • C:\Windows\system32\cmd.exe
                                                                                                                                                                                                                                                C:\Windows\system32\cmd.exe /K NetPakoe
                                                                                                                                                                                                                                                7⤵
                                                                                                                                                                                                                                                  PID:3680
                                                                                                                                                                                                                                                  • C:\Windows\system32\taskkill.exe
                                                                                                                                                                                                                                                    taskkill /im Task Manager.exe /F
                                                                                                                                                                                                                                                    8⤵
                                                                                                                                                                                                                                                      PID:4064
                                                                                                                                                                                                                                                    • C:\Windows\system32\taskkill.exe
                                                                                                                                                                                                                                                      taskkill /im explorer.exe /F
                                                                                                                                                                                                                                                      8⤵
                                                                                                                                                                                                                                                      • Kills process with taskkill
                                                                                                                                                                                                                                                      PID:300
                                                                                                                                                                                                                                                  • C:\Windows\explorer.exe
                                                                                                                                                                                                                                                    explorer
                                                                                                                                                                                                                                                    7⤵
                                                                                                                                                                                                                                                      PID:3688
                                                                                                                                                                                                                                                  • C:\Windows\system32\cmd.exe
                                                                                                                                                                                                                                                    C:\Windows\system32\cmd.exe /K NetPakoe
                                                                                                                                                                                                                                                    6⤵
                                                                                                                                                                                                                                                      PID:936
                                                                                                                                                                                                                                                      • C:\Windows\system32\taskkill.exe
                                                                                                                                                                                                                                                        taskkill /im Task Manager.exe /F
                                                                                                                                                                                                                                                        7⤵
                                                                                                                                                                                                                                                        • Kills process with taskkill
                                                                                                                                                                                                                                                        PID:2096
                                                                                                                                                                                                                                                      • C:\Windows\system32\taskkill.exe
                                                                                                                                                                                                                                                        taskkill /im explorer.exe /F
                                                                                                                                                                                                                                                        7⤵
                                                                                                                                                                                                                                                          PID:1376
                                                                                                                                                                                                                                                        • C:\Windows\system32\cmd.exe
                                                                                                                                                                                                                                                          C:\Windows\system32\cmd.exe /K NetPakoe.bat
                                                                                                                                                                                                                                                          7⤵
                                                                                                                                                                                                                                                            PID:3940
                                                                                                                                                                                                                                                            • C:\Windows\system32\taskkill.exe
                                                                                                                                                                                                                                                              taskkill /im Task Manager.exe /F
                                                                                                                                                                                                                                                              8⤵
                                                                                                                                                                                                                                                              • Kills process with taskkill
                                                                                                                                                                                                                                                              PID:3404
                                                                                                                                                                                                                                                          • C:\Windows\system32\cmd.exe
                                                                                                                                                                                                                                                            C:\Windows\system32\cmd.exe /K NetPakoe
                                                                                                                                                                                                                                                            7⤵
                                                                                                                                                                                                                                                              PID:3948
                                                                                                                                                                                                                                                              • C:\Windows\system32\taskkill.exe
                                                                                                                                                                                                                                                                taskkill /im Task Manager.exe /F
                                                                                                                                                                                                                                                                8⤵
                                                                                                                                                                                                                                                                • Kills process with taskkill
                                                                                                                                                                                                                                                                PID:1284
                                                                                                                                                                                                                                                            • C:\Windows\explorer.exe
                                                                                                                                                                                                                                                              explorer
                                                                                                                                                                                                                                                              7⤵
                                                                                                                                                                                                                                                                PID:3956
                                                                                                                                                                                                                                                            • C:\Windows\explorer.exe
                                                                                                                                                                                                                                                              explorer
                                                                                                                                                                                                                                                              6⤵
                                                                                                                                                                                                                                                                PID:1072
                                                                                                                                                                                                                                                            • C:\Windows\system32\cmd.exe
                                                                                                                                                                                                                                                              C:\Windows\system32\cmd.exe /K NetPakoe
                                                                                                                                                                                                                                                              5⤵
                                                                                                                                                                                                                                                                PID:368
                                                                                                                                                                                                                                                                • C:\Windows\system32\taskkill.exe
                                                                                                                                                                                                                                                                  taskkill /im Task Manager.exe /F
                                                                                                                                                                                                                                                                  6⤵
                                                                                                                                                                                                                                                                    PID:1904
                                                                                                                                                                                                                                                                  • C:\Windows\system32\taskkill.exe
                                                                                                                                                                                                                                                                    taskkill /im explorer.exe /F
                                                                                                                                                                                                                                                                    6⤵
                                                                                                                                                                                                                                                                    • Kills process with taskkill
                                                                                                                                                                                                                                                                    PID:2916
                                                                                                                                                                                                                                                                  • C:\Windows\system32\cmd.exe
                                                                                                                                                                                                                                                                    C:\Windows\system32\cmd.exe /K NetPakoe.bat
                                                                                                                                                                                                                                                                    6⤵
                                                                                                                                                                                                                                                                      PID:2284
                                                                                                                                                                                                                                                                      • C:\Windows\system32\taskkill.exe
                                                                                                                                                                                                                                                                        taskkill /im Task Manager.exe /F
                                                                                                                                                                                                                                                                        7⤵
                                                                                                                                                                                                                                                                        • Kills process with taskkill
                                                                                                                                                                                                                                                                        PID:1552
                                                                                                                                                                                                                                                                      • C:\Windows\system32\taskkill.exe
                                                                                                                                                                                                                                                                        taskkill /im explorer.exe /F
                                                                                                                                                                                                                                                                        7⤵
                                                                                                                                                                                                                                                                          PID:2236
                                                                                                                                                                                                                                                                      • C:\Windows\system32\cmd.exe
                                                                                                                                                                                                                                                                        C:\Windows\system32\cmd.exe /K NetPakoe
                                                                                                                                                                                                                                                                        6⤵
                                                                                                                                                                                                                                                                          PID:1576
                                                                                                                                                                                                                                                                          • C:\Windows\system32\taskkill.exe
                                                                                                                                                                                                                                                                            taskkill /im Task Manager.exe /F
                                                                                                                                                                                                                                                                            7⤵
                                                                                                                                                                                                                                                                            • Kills process with taskkill
                                                                                                                                                                                                                                                                            PID:1336
                                                                                                                                                                                                                                                                          • C:\Windows\system32\taskkill.exe
                                                                                                                                                                                                                                                                            taskkill /im explorer.exe /F
                                                                                                                                                                                                                                                                            7⤵
                                                                                                                                                                                                                                                                            • Kills process with taskkill
                                                                                                                                                                                                                                                                            PID:2932
                                                                                                                                                                                                                                                                        • C:\Windows\explorer.exe
                                                                                                                                                                                                                                                                          explorer
                                                                                                                                                                                                                                                                          6⤵
                                                                                                                                                                                                                                                                            PID:1556
                                                                                                                                                                                                                                                                        • C:\Windows\explorer.exe
                                                                                                                                                                                                                                                                          explorer
                                                                                                                                                                                                                                                                          5⤵
                                                                                                                                                                                                                                                                            PID:1728
                                                                                                                                                                                                                                                                        • C:\Windows\system32\cmd.exe
                                                                                                                                                                                                                                                                          C:\Windows\system32\cmd.exe /K NetPakoe
                                                                                                                                                                                                                                                                          4⤵
                                                                                                                                                                                                                                                                            PID:1884
                                                                                                                                                                                                                                                                            • C:\Windows\system32\taskkill.exe
                                                                                                                                                                                                                                                                              taskkill /im Task Manager.exe /F
                                                                                                                                                                                                                                                                              5⤵
                                                                                                                                                                                                                                                                                PID:968
                                                                                                                                                                                                                                                                              • C:\Windows\system32\taskkill.exe
                                                                                                                                                                                                                                                                                taskkill /im explorer.exe /F
                                                                                                                                                                                                                                                                                5⤵
                                                                                                                                                                                                                                                                                  PID:2692
                                                                                                                                                                                                                                                                                • C:\Windows\system32\cmd.exe
                                                                                                                                                                                                                                                                                  C:\Windows\system32\cmd.exe /K NetPakoe.bat
                                                                                                                                                                                                                                                                                  5⤵
                                                                                                                                                                                                                                                                                    PID:424
                                                                                                                                                                                                                                                                                    • C:\Windows\system32\taskkill.exe
                                                                                                                                                                                                                                                                                      taskkill /im Task Manager.exe /F
                                                                                                                                                                                                                                                                                      6⤵
                                                                                                                                                                                                                                                                                        PID:2584
                                                                                                                                                                                                                                                                                      • C:\Windows\system32\taskkill.exe
                                                                                                                                                                                                                                                                                        taskkill /im explorer.exe /F
                                                                                                                                                                                                                                                                                        6⤵
                                                                                                                                                                                                                                                                                          PID:1964
                                                                                                                                                                                                                                                                                        • C:\Windows\system32\cmd.exe
                                                                                                                                                                                                                                                                                          C:\Windows\system32\cmd.exe /K NetPakoe.bat
                                                                                                                                                                                                                                                                                          6⤵
                                                                                                                                                                                                                                                                                            PID:3224
                                                                                                                                                                                                                                                                                            • C:\Windows\system32\taskkill.exe
                                                                                                                                                                                                                                                                                              taskkill /im Task Manager.exe /F
                                                                                                                                                                                                                                                                                              7⤵
                                                                                                                                                                                                                                                                                                PID:3528
                                                                                                                                                                                                                                                                                              • C:\Windows\system32\taskkill.exe
                                                                                                                                                                                                                                                                                                taskkill /im explorer.exe /F
                                                                                                                                                                                                                                                                                                7⤵
                                                                                                                                                                                                                                                                                                  PID:3656
                                                                                                                                                                                                                                                                                              • C:\Windows\system32\cmd.exe
                                                                                                                                                                                                                                                                                                C:\Windows\system32\cmd.exe /K NetPakoe
                                                                                                                                                                                                                                                                                                6⤵
                                                                                                                                                                                                                                                                                                  PID:3240
                                                                                                                                                                                                                                                                                                  • C:\Windows\system32\taskkill.exe
                                                                                                                                                                                                                                                                                                    taskkill /im Task Manager.exe /F
                                                                                                                                                                                                                                                                                                    7⤵
                                                                                                                                                                                                                                                                                                      PID:3600
                                                                                                                                                                                                                                                                                                    • C:\Windows\system32\taskkill.exe
                                                                                                                                                                                                                                                                                                      taskkill /im explorer.exe /F
                                                                                                                                                                                                                                                                                                      7⤵
                                                                                                                                                                                                                                                                                                        PID:3392
                                                                                                                                                                                                                                                                                                    • C:\Windows\explorer.exe
                                                                                                                                                                                                                                                                                                      explorer
                                                                                                                                                                                                                                                                                                      6⤵
                                                                                                                                                                                                                                                                                                        PID:3248
                                                                                                                                                                                                                                                                                                    • C:\Windows\system32\cmd.exe
                                                                                                                                                                                                                                                                                                      C:\Windows\system32\cmd.exe /K NetPakoe
                                                                                                                                                                                                                                                                                                      5⤵
                                                                                                                                                                                                                                                                                                        PID:824
                                                                                                                                                                                                                                                                                                        • C:\Windows\system32\taskkill.exe
                                                                                                                                                                                                                                                                                                          taskkill /im Task Manager.exe /F
                                                                                                                                                                                                                                                                                                          6⤵
                                                                                                                                                                                                                                                                                                            PID:2668
                                                                                                                                                                                                                                                                                                          • C:\Windows\system32\taskkill.exe
                                                                                                                                                                                                                                                                                                            taskkill /im explorer.exe /F
                                                                                                                                                                                                                                                                                                            6⤵
                                                                                                                                                                                                                                                                                                              PID:1372
                                                                                                                                                                                                                                                                                                            • C:\Windows\system32\cmd.exe
                                                                                                                                                                                                                                                                                                              C:\Windows\system32\cmd.exe /K NetPakoe.bat
                                                                                                                                                                                                                                                                                                              6⤵
                                                                                                                                                                                                                                                                                                                PID:2360
                                                                                                                                                                                                                                                                                                                • C:\Windows\system32\taskkill.exe
                                                                                                                                                                                                                                                                                                                  taskkill /im Task Manager.exe /F
                                                                                                                                                                                                                                                                                                                  7⤵
                                                                                                                                                                                                                                                                                                                    PID:1664
                                                                                                                                                                                                                                                                                                                  • C:\Windows\system32\taskkill.exe
                                                                                                                                                                                                                                                                                                                    taskkill /im explorer.exe /F
                                                                                                                                                                                                                                                                                                                    7⤵
                                                                                                                                                                                                                                                                                                                    • Kills process with taskkill
                                                                                                                                                                                                                                                                                                                    PID:2600
                                                                                                                                                                                                                                                                                                                  • C:\Windows\system32\cmd.exe
                                                                                                                                                                                                                                                                                                                    C:\Windows\system32\cmd.exe /K NetPakoe.bat
                                                                                                                                                                                                                                                                                                                    7⤵
                                                                                                                                                                                                                                                                                                                      PID:2920
                                                                                                                                                                                                                                                                                                                      • C:\Windows\system32\taskkill.exe
                                                                                                                                                                                                                                                                                                                        taskkill /im Task Manager.exe /F
                                                                                                                                                                                                                                                                                                                        8⤵
                                                                                                                                                                                                                                                                                                                          PID:3844
                                                                                                                                                                                                                                                                                                                      • C:\Windows\system32\cmd.exe
                                                                                                                                                                                                                                                                                                                        C:\Windows\system32\cmd.exe /K NetPakoe
                                                                                                                                                                                                                                                                                                                        7⤵
                                                                                                                                                                                                                                                                                                                          PID:3148
                                                                                                                                                                                                                                                                                                                          • C:\Windows\system32\taskkill.exe
                                                                                                                                                                                                                                                                                                                            taskkill /im Task Manager.exe /F
                                                                                                                                                                                                                                                                                                                            8⤵
                                                                                                                                                                                                                                                                                                                              PID:4016
                                                                                                                                                                                                                                                                                                                          • C:\Windows\explorer.exe
                                                                                                                                                                                                                                                                                                                            explorer
                                                                                                                                                                                                                                                                                                                            7⤵
                                                                                                                                                                                                                                                                                                                              PID:2164
                                                                                                                                                                                                                                                                                                                          • C:\Windows\system32\cmd.exe
                                                                                                                                                                                                                                                                                                                            C:\Windows\system32\cmd.exe /K NetPakoe
                                                                                                                                                                                                                                                                                                                            6⤵
                                                                                                                                                                                                                                                                                                                              PID:2636
                                                                                                                                                                                                                                                                                                                              • C:\Windows\system32\taskkill.exe
                                                                                                                                                                                                                                                                                                                                taskkill /im Task Manager.exe /F
                                                                                                                                                                                                                                                                                                                                7⤵
                                                                                                                                                                                                                                                                                                                                • Kills process with taskkill
                                                                                                                                                                                                                                                                                                                                PID:2436
                                                                                                                                                                                                                                                                                                                              • C:\Windows\system32\taskkill.exe
                                                                                                                                                                                                                                                                                                                                taskkill /im explorer.exe /F
                                                                                                                                                                                                                                                                                                                                7⤵
                                                                                                                                                                                                                                                                                                                                • Kills process with taskkill
                                                                                                                                                                                                                                                                                                                                PID:2504
                                                                                                                                                                                                                                                                                                                              • C:\Windows\system32\cmd.exe
                                                                                                                                                                                                                                                                                                                                C:\Windows\system32\cmd.exe /K NetPakoe.bat
                                                                                                                                                                                                                                                                                                                                7⤵
                                                                                                                                                                                                                                                                                                                                  PID:2084
                                                                                                                                                                                                                                                                                                                                  • C:\Windows\system32\taskkill.exe
                                                                                                                                                                                                                                                                                                                                    taskkill /im Task Manager.exe /F
                                                                                                                                                                                                                                                                                                                                    8⤵
                                                                                                                                                                                                                                                                                                                                    • Kills process with taskkill
                                                                                                                                                                                                                                                                                                                                    PID:3080
                                                                                                                                                                                                                                                                                                                                • C:\Windows\system32\cmd.exe
                                                                                                                                                                                                                                                                                                                                  C:\Windows\system32\cmd.exe /K NetPakoe
                                                                                                                                                                                                                                                                                                                                  7⤵
                                                                                                                                                                                                                                                                                                                                    PID:1376
                                                                                                                                                                                                                                                                                                                                    • C:\Windows\system32\taskkill.exe
                                                                                                                                                                                                                                                                                                                                      taskkill /im Task Manager.exe /F
                                                                                                                                                                                                                                                                                                                                      8⤵
                                                                                                                                                                                                                                                                                                                                        PID:2740
                                                                                                                                                                                                                                                                                                                                    • C:\Windows\explorer.exe
                                                                                                                                                                                                                                                                                                                                      explorer
                                                                                                                                                                                                                                                                                                                                      7⤵
                                                                                                                                                                                                                                                                                                                                        PID:3972
                                                                                                                                                                                                                                                                                                                                    • C:\Windows\explorer.exe
                                                                                                                                                                                                                                                                                                                                      explorer
                                                                                                                                                                                                                                                                                                                                      6⤵
                                                                                                                                                                                                                                                                                                                                        PID:2920
                                                                                                                                                                                                                                                                                                                                    • C:\Windows\explorer.exe
                                                                                                                                                                                                                                                                                                                                      explorer
                                                                                                                                                                                                                                                                                                                                      5⤵
                                                                                                                                                                                                                                                                                                                                        PID:1980
                                                                                                                                                                                                                                                                                                                                    • C:\Windows\explorer.exe
                                                                                                                                                                                                                                                                                                                                      explorer
                                                                                                                                                                                                                                                                                                                                      4⤵
                                                                                                                                                                                                                                                                                                                                        PID:684
                                                                                                                                                                                                                                                                                                                                    • C:\Windows\explorer.exe
                                                                                                                                                                                                                                                                                                                                      explorer
                                                                                                                                                                                                                                                                                                                                      3⤵
                                                                                                                                                                                                                                                                                                                                        PID:2220
                                                                                                                                                                                                                                                                                                                                    • C:\Windows\explorer.exe
                                                                                                                                                                                                                                                                                                                                      explorer
                                                                                                                                                                                                                                                                                                                                      2⤵
                                                                                                                                                                                                                                                                                                                                      • Modifies Installed Components in the registry
                                                                                                                                                                                                                                                                                                                                      PID:2552

                                                                                                                                                                                                                                                                                                                                  Network

                                                                                                                                                                                                                                                                                                                                  MITRE ATT&CK Enterprise v15

                                                                                                                                                                                                                                                                                                                                  Replay Monitor

                                                                                                                                                                                                                                                                                                                                  Loading Replay Monitor...

                                                                                                                                                                                                                                                                                                                                  Downloads

                                                                                                                                                                                                                                                                                                                                  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NetPakoe.bat

                                                                                                                                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                                                                                                                                    635B

                                                                                                                                                                                                                                                                                                                                    MD5

                                                                                                                                                                                                                                                                                                                                    6c5a9741a170d3ac2e2c89d3e91ea6ea

                                                                                                                                                                                                                                                                                                                                    SHA1

                                                                                                                                                                                                                                                                                                                                    7034266eefee8c6437d966f5d91ea82e50e10d59

                                                                                                                                                                                                                                                                                                                                    SHA256

                                                                                                                                                                                                                                                                                                                                    4d1a5d2255194f08a772aef2363514890ecd620dfc49e5b701fc8f2e2388e616

                                                                                                                                                                                                                                                                                                                                    SHA512

                                                                                                                                                                                                                                                                                                                                    9dcf12e971da1c78d92dd7ff824d50e8487ae61bfb9dcbfea6c38f8ebba22994fde19d825e44f4632aba9e0fc34d75cd87e090b75ed78b51b908128cc22ce29c

                                                                                                                                                                                                                                                                                                                                  • \??\PIPE\srvsvc

                                                                                                                                                                                                                                                                                                                                    MD5

                                                                                                                                                                                                                                                                                                                                    d41d8cd98f00b204e9800998ecf8427e

                                                                                                                                                                                                                                                                                                                                    SHA1

                                                                                                                                                                                                                                                                                                                                    da39a3ee5e6b4b0d3255bfef95601890afd80709

                                                                                                                                                                                                                                                                                                                                    SHA256

                                                                                                                                                                                                                                                                                                                                    e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

                                                                                                                                                                                                                                                                                                                                    SHA512

                                                                                                                                                                                                                                                                                                                                    cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

                                                                                                                                                                                                                                                                                                                                  • memory/424-518-0x0000000001F30000-0x0000000001F31000-memory.dmp

                                                                                                                                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                                                                                                                                    4KB

                                                                                                                                                                                                                                                                                                                                  • memory/568-181-0x0000000002030000-0x0000000002031000-memory.dmp

                                                                                                                                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                                                                                                                                    4KB

                                                                                                                                                                                                                                                                                                                                  • memory/612-566-0x0000000001F10000-0x0000000001F11000-memory.dmp

                                                                                                                                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                                                                                                                                    4KB

                                                                                                                                                                                                                                                                                                                                  • memory/824-315-0x0000000002130000-0x0000000002131000-memory.dmp

                                                                                                                                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                                                                                                                                    4KB

                                                                                                                                                                                                                                                                                                                                  • memory/936-536-0x0000000000450000-0x0000000000451000-memory.dmp

                                                                                                                                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                                                                                                                                    4KB

                                                                                                                                                                                                                                                                                                                                  • memory/1060-443-0x0000000001F50000-0x0000000001F51000-memory.dmp

                                                                                                                                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                                                                                                                                    4KB

                                                                                                                                                                                                                                                                                                                                  • memory/1368-278-0x0000000002010000-0x0000000002011000-memory.dmp

                                                                                                                                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                                                                                                                                    4KB

                                                                                                                                                                                                                                                                                                                                  • memory/1416-583-0x0000000000510000-0x0000000000511000-memory.dmp

                                                                                                                                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                                                                                                                                    4KB

                                                                                                                                                                                                                                                                                                                                  • memory/1508-99-0x0000000001F90000-0x0000000001F91000-memory.dmp

                                                                                                                                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                                                                                                                                    4KB

                                                                                                                                                                                                                                                                                                                                  • memory/1544-254-0x0000000002050000-0x0000000002051000-memory.dmp

                                                                                                                                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                                                                                                                                    4KB

                                                                                                                                                                                                                                                                                                                                  • memory/1568-457-0x0000000002030000-0x0000000002031000-memory.dmp

                                                                                                                                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                                                                                                                                    4KB

                                                                                                                                                                                                                                                                                                                                  • memory/1632-386-0x0000000001EB0000-0x0000000001EB1000-memory.dmp

                                                                                                                                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                                                                                                                                    4KB

                                                                                                                                                                                                                                                                                                                                  • memory/1752-516-0x00000000023B0000-0x00000000023B1000-memory.dmp

                                                                                                                                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                                                                                                                                    4KB

                                                                                                                                                                                                                                                                                                                                  • memory/1864-532-0x00000000003C0000-0x00000000003C1000-memory.dmp

                                                                                                                                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                                                                                                                                    4KB

                                                                                                                                                                                                                                                                                                                                  • memory/1900-135-0x0000000001FD0000-0x0000000001FD1000-memory.dmp

                                                                                                                                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                                                                                                                                    4KB

                                                                                                                                                                                                                                                                                                                                  • memory/1916-119-0x0000000002230000-0x0000000002231000-memory.dmp

                                                                                                                                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                                                                                                                                    4KB

                                                                                                                                                                                                                                                                                                                                  • memory/1932-201-0x0000000001F90000-0x0000000001F91000-memory.dmp

                                                                                                                                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                                                                                                                                    4KB

                                                                                                                                                                                                                                                                                                                                  • memory/2000-204-0x0000000002030000-0x0000000002031000-memory.dmp

                                                                                                                                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                                                                                                                                    4KB

                                                                                                                                                                                                                                                                                                                                  • memory/2000-440-0x0000000002030000-0x0000000002031000-memory.dmp

                                                                                                                                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                                                                                                                                    4KB

                                                                                                                                                                                                                                                                                                                                  • memory/2032-597-0x0000000002130000-0x0000000002131000-memory.dmp

                                                                                                                                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                                                                                                                                    4KB

                                                                                                                                                                                                                                                                                                                                  • memory/2400-394-0x0000000002530000-0x0000000002531000-memory.dmp

                                                                                                                                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                                                                                                                                    4KB

                                                                                                                                                                                                                                                                                                                                  • memory/2544-60-0x0000000000320000-0x0000000000321000-memory.dmp

                                                                                                                                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                                                                                                                                    4KB

                                                                                                                                                                                                                                                                                                                                  • memory/2632-19-0x0000000000430000-0x0000000000431000-memory.dmp

                                                                                                                                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                                                                                                                                    4KB

                                                                                                                                                                                                                                                                                                                                  • memory/2636-622-0x00000000021B0000-0x00000000021B1000-memory.dmp

                                                                                                                                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                                                                                                                                    4KB

                                                                                                                                                                                                                                                                                                                                  • memory/2712-295-0x00000000004B0000-0x00000000004B1000-memory.dmp

                                                                                                                                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                                                                                                                                    4KB

                                                                                                                                                                                                                                                                                                                                  • memory/2736-323-0x0000000001EB0000-0x0000000001EB1000-memory.dmp

                                                                                                                                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                                                                                                                                    4KB

                                                                                                                                                                                                                                                                                                                                  • memory/2812-221-0x00000000022B0000-0x00000000022B1000-memory.dmp

                                                                                                                                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                                                                                                                                    4KB

                                                                                                                                                                                                                                                                                                                                  • memory/2904-415-0x0000000002110000-0x0000000002111000-memory.dmp

                                                                                                                                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                                                                                                                                    4KB

                                                                                                                                                                                                                                                                                                                                  • memory/3064-40-0x00000000004B0000-0x00000000004B1000-memory.dmp

                                                                                                                                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                                                                                                                                    4KB