Analysis Overview
SHA256
4451ea9ddb042e7f3866f67213f9b6ab54d4e4a138a8760cac06f6ea20d9fd43
Threat Level: Known bad
The file 414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe was found to be: Known bad.
Malicious Activity Summary
XMRig Miner payload
Xmrig family
KPOT
KPOT Core Executable
xmrig
Kpot family
XMRig Miner payload
Loads dropped DLL
Executes dropped EXE
UPX packed file
Drops file in Windows directory
Unsigned PE
Suspicious use of WriteProcessMemory
Suspicious use of AdjustPrivilegeToken
MITRE ATT&CK
Analysis: static1
Detonation Overview
Reported
2024-06-05 05:45
Signatures
KPOT Core Executable
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Kpot family
XMRig Miner payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Xmrig family
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-05 05:45
Reported
2024-06-05 05:49
Platform
win7-20240220-en
Max time kernel
136s
Max time network
146s
Command Line
Signatures
KPOT
KPOT Core Executable
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
xmrig
XMRig Miner payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Executes dropped EXE
Loads dropped DLL
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Drops file in Windows directory
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeLockMemoryPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe | N/A |
| Token: SeLockMemoryPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe"
C:\Windows\System\wYoSeyV.exe
C:\Windows\System\wYoSeyV.exe
C:\Windows\System\ZRQuOiN.exe
C:\Windows\System\ZRQuOiN.exe
C:\Windows\System\vXFIwEr.exe
C:\Windows\System\vXFIwEr.exe
C:\Windows\System\jVWQdEP.exe
C:\Windows\System\jVWQdEP.exe
C:\Windows\System\AFbcEAU.exe
C:\Windows\System\AFbcEAU.exe
C:\Windows\System\dlwIigQ.exe
C:\Windows\System\dlwIigQ.exe
C:\Windows\System\ijweTFJ.exe
C:\Windows\System\ijweTFJ.exe
C:\Windows\System\NihbksL.exe
C:\Windows\System\NihbksL.exe
C:\Windows\System\rNTKZHE.exe
C:\Windows\System\rNTKZHE.exe
C:\Windows\System\EqFbLDE.exe
C:\Windows\System\EqFbLDE.exe
C:\Windows\System\ElQVvWo.exe
C:\Windows\System\ElQVvWo.exe
C:\Windows\System\QBLhQIO.exe
C:\Windows\System\QBLhQIO.exe
C:\Windows\System\LmKDOdx.exe
C:\Windows\System\LmKDOdx.exe
C:\Windows\System\EJIdTsw.exe
C:\Windows\System\EJIdTsw.exe
C:\Windows\System\PSDHzxb.exe
C:\Windows\System\PSDHzxb.exe
C:\Windows\System\DvleuJN.exe
C:\Windows\System\DvleuJN.exe
C:\Windows\System\AgrPEJx.exe
C:\Windows\System\AgrPEJx.exe
C:\Windows\System\cPeyGaw.exe
C:\Windows\System\cPeyGaw.exe
C:\Windows\System\aYcfwrB.exe
C:\Windows\System\aYcfwrB.exe
C:\Windows\System\xPkhRCq.exe
C:\Windows\System\xPkhRCq.exe
C:\Windows\System\YDoHanM.exe
C:\Windows\System\YDoHanM.exe
C:\Windows\System\qtOESKH.exe
C:\Windows\System\qtOESKH.exe
C:\Windows\System\SxfYwgY.exe
C:\Windows\System\SxfYwgY.exe
C:\Windows\System\YzMzdkF.exe
C:\Windows\System\YzMzdkF.exe
C:\Windows\System\mkmLzil.exe
C:\Windows\System\mkmLzil.exe
C:\Windows\System\HXBKFtf.exe
C:\Windows\System\HXBKFtf.exe
C:\Windows\System\efBnCjg.exe
C:\Windows\System\efBnCjg.exe
C:\Windows\System\jaTwTdm.exe
C:\Windows\System\jaTwTdm.exe
C:\Windows\System\xCIpuOO.exe
C:\Windows\System\xCIpuOO.exe
C:\Windows\System\nMqMSeE.exe
C:\Windows\System\nMqMSeE.exe
C:\Windows\System\uggIEIx.exe
C:\Windows\System\uggIEIx.exe
C:\Windows\System\taWlvSG.exe
C:\Windows\System\taWlvSG.exe
C:\Windows\System\kdAUapQ.exe
C:\Windows\System\kdAUapQ.exe
C:\Windows\System\DFsKEVi.exe
C:\Windows\System\DFsKEVi.exe
C:\Windows\System\MvTaFmk.exe
C:\Windows\System\MvTaFmk.exe
C:\Windows\System\powdQgr.exe
C:\Windows\System\powdQgr.exe
C:\Windows\System\MlDFaQo.exe
C:\Windows\System\MlDFaQo.exe
C:\Windows\System\bYVvxaw.exe
C:\Windows\System\bYVvxaw.exe
C:\Windows\System\NcCBLnv.exe
C:\Windows\System\NcCBLnv.exe
C:\Windows\System\KeHlkqK.exe
C:\Windows\System\KeHlkqK.exe
C:\Windows\System\BuyFusw.exe
C:\Windows\System\BuyFusw.exe
C:\Windows\System\qLqryUo.exe
C:\Windows\System\qLqryUo.exe
C:\Windows\System\VwNutcZ.exe
C:\Windows\System\VwNutcZ.exe
C:\Windows\System\tWhymjt.exe
C:\Windows\System\tWhymjt.exe
C:\Windows\System\AjqlVyu.exe
C:\Windows\System\AjqlVyu.exe
C:\Windows\System\mIYhpEO.exe
C:\Windows\System\mIYhpEO.exe
C:\Windows\System\aGWRunQ.exe
C:\Windows\System\aGWRunQ.exe
C:\Windows\System\ZGachDe.exe
C:\Windows\System\ZGachDe.exe
C:\Windows\System\KXnhbBB.exe
C:\Windows\System\KXnhbBB.exe
C:\Windows\System\hfkjXRK.exe
C:\Windows\System\hfkjXRK.exe
C:\Windows\System\qVdYBib.exe
C:\Windows\System\qVdYBib.exe
C:\Windows\System\vhOkDUg.exe
C:\Windows\System\vhOkDUg.exe
C:\Windows\System\oOYREmK.exe
C:\Windows\System\oOYREmK.exe
C:\Windows\System\TGqTkRo.exe
C:\Windows\System\TGqTkRo.exe
C:\Windows\System\eonkZgf.exe
C:\Windows\System\eonkZgf.exe
C:\Windows\System\PXMLJJB.exe
C:\Windows\System\PXMLJJB.exe
C:\Windows\System\PFdNvWT.exe
C:\Windows\System\PFdNvWT.exe
C:\Windows\System\ggNSUkM.exe
C:\Windows\System\ggNSUkM.exe
C:\Windows\System\PJRsHHG.exe
C:\Windows\System\PJRsHHG.exe
C:\Windows\System\aDFIszI.exe
C:\Windows\System\aDFIszI.exe
C:\Windows\System\QEmlPvn.exe
C:\Windows\System\QEmlPvn.exe
C:\Windows\System\emwFZgP.exe
C:\Windows\System\emwFZgP.exe
C:\Windows\System\AVmutEE.exe
C:\Windows\System\AVmutEE.exe
C:\Windows\System\DGTACXF.exe
C:\Windows\System\DGTACXF.exe
C:\Windows\System\xypvJSI.exe
C:\Windows\System\xypvJSI.exe
C:\Windows\System\DiBaBRV.exe
C:\Windows\System\DiBaBRV.exe
C:\Windows\System\GxOJNiH.exe
C:\Windows\System\GxOJNiH.exe
C:\Windows\System\hgGBsPY.exe
C:\Windows\System\hgGBsPY.exe
C:\Windows\System\tysStAZ.exe
C:\Windows\System\tysStAZ.exe
C:\Windows\System\yTmUPTt.exe
C:\Windows\System\yTmUPTt.exe
C:\Windows\System\QwDkYbi.exe
C:\Windows\System\QwDkYbi.exe
C:\Windows\System\vCHCRrt.exe
C:\Windows\System\vCHCRrt.exe
C:\Windows\System\CBmvysq.exe
C:\Windows\System\CBmvysq.exe
C:\Windows\System\IQevYOT.exe
C:\Windows\System\IQevYOT.exe
C:\Windows\System\sgqGgwb.exe
C:\Windows\System\sgqGgwb.exe
C:\Windows\System\nuWRSoA.exe
C:\Windows\System\nuWRSoA.exe
C:\Windows\System\TSgkmbQ.exe
C:\Windows\System\TSgkmbQ.exe
C:\Windows\System\fwyveTj.exe
C:\Windows\System\fwyveTj.exe
C:\Windows\System\xvaqkCh.exe
C:\Windows\System\xvaqkCh.exe
C:\Windows\System\btKnama.exe
C:\Windows\System\btKnama.exe
C:\Windows\System\cTWLaMZ.exe
C:\Windows\System\cTWLaMZ.exe
C:\Windows\System\FDKnQzP.exe
C:\Windows\System\FDKnQzP.exe
C:\Windows\System\ufSIOVW.exe
C:\Windows\System\ufSIOVW.exe
C:\Windows\System\wZvLBbS.exe
C:\Windows\System\wZvLBbS.exe
C:\Windows\System\ztehJrO.exe
C:\Windows\System\ztehJrO.exe
C:\Windows\System\CUIvOUt.exe
C:\Windows\System\CUIvOUt.exe
C:\Windows\System\AwFGNmQ.exe
C:\Windows\System\AwFGNmQ.exe
C:\Windows\System\FyEjaYe.exe
C:\Windows\System\FyEjaYe.exe
C:\Windows\System\IZjfMXy.exe
C:\Windows\System\IZjfMXy.exe
C:\Windows\System\DidhPrC.exe
C:\Windows\System\DidhPrC.exe
C:\Windows\System\qKLKzYX.exe
C:\Windows\System\qKLKzYX.exe
C:\Windows\System\QdxvRlf.exe
C:\Windows\System\QdxvRlf.exe
C:\Windows\System\MiDshCr.exe
C:\Windows\System\MiDshCr.exe
C:\Windows\System\JyayxGy.exe
C:\Windows\System\JyayxGy.exe
C:\Windows\System\jyRiklt.exe
C:\Windows\System\jyRiklt.exe
C:\Windows\System\jbYuhsM.exe
C:\Windows\System\jbYuhsM.exe
C:\Windows\System\oKLtBZk.exe
C:\Windows\System\oKLtBZk.exe
C:\Windows\System\JHUGolC.exe
C:\Windows\System\JHUGolC.exe
C:\Windows\System\TpykTqM.exe
C:\Windows\System\TpykTqM.exe
C:\Windows\System\HfFqSIZ.exe
C:\Windows\System\HfFqSIZ.exe
C:\Windows\System\fYoCJHq.exe
C:\Windows\System\fYoCJHq.exe
C:\Windows\System\LCHzbKD.exe
C:\Windows\System\LCHzbKD.exe
C:\Windows\System\YvpZOUU.exe
C:\Windows\System\YvpZOUU.exe
C:\Windows\System\AKbprGw.exe
C:\Windows\System\AKbprGw.exe
C:\Windows\System\JkQTFsu.exe
C:\Windows\System\JkQTFsu.exe
C:\Windows\System\UNMiSbY.exe
C:\Windows\System\UNMiSbY.exe
C:\Windows\System\TlwZopm.exe
C:\Windows\System\TlwZopm.exe
C:\Windows\System\ssrEDSP.exe
C:\Windows\System\ssrEDSP.exe
C:\Windows\System\MUyIxiw.exe
C:\Windows\System\MUyIxiw.exe
C:\Windows\System\hmZFGmG.exe
C:\Windows\System\hmZFGmG.exe
C:\Windows\System\sCeQStZ.exe
C:\Windows\System\sCeQStZ.exe
C:\Windows\System\XUUDjzc.exe
C:\Windows\System\XUUDjzc.exe
C:\Windows\System\EVbJcYM.exe
C:\Windows\System\EVbJcYM.exe
C:\Windows\System\JQKdCwA.exe
C:\Windows\System\JQKdCwA.exe
C:\Windows\System\SldBYOg.exe
C:\Windows\System\SldBYOg.exe
C:\Windows\System\UzXuihr.exe
C:\Windows\System\UzXuihr.exe
C:\Windows\System\VUerZCV.exe
C:\Windows\System\VUerZCV.exe
C:\Windows\System\OhyGcwd.exe
C:\Windows\System\OhyGcwd.exe
C:\Windows\System\gFZYTZH.exe
C:\Windows\System\gFZYTZH.exe
C:\Windows\System\lPawTTJ.exe
C:\Windows\System\lPawTTJ.exe
C:\Windows\System\GwOXWKt.exe
C:\Windows\System\GwOXWKt.exe
C:\Windows\System\aNZnEyj.exe
C:\Windows\System\aNZnEyj.exe
C:\Windows\System\MvfOXrn.exe
C:\Windows\System\MvfOXrn.exe
C:\Windows\System\lzGKBKh.exe
C:\Windows\System\lzGKBKh.exe
C:\Windows\System\LwMlbhr.exe
C:\Windows\System\LwMlbhr.exe
C:\Windows\System\clwZNaG.exe
C:\Windows\System\clwZNaG.exe
C:\Windows\System\LqwIIhj.exe
C:\Windows\System\LqwIIhj.exe
C:\Windows\System\rNVozso.exe
C:\Windows\System\rNVozso.exe
C:\Windows\System\EzxRjLi.exe
C:\Windows\System\EzxRjLi.exe
C:\Windows\System\dZjLxDo.exe
C:\Windows\System\dZjLxDo.exe
C:\Windows\System\qYUnDLm.exe
C:\Windows\System\qYUnDLm.exe
C:\Windows\System\WWMiWrJ.exe
C:\Windows\System\WWMiWrJ.exe
C:\Windows\System\aXVKjKn.exe
C:\Windows\System\aXVKjKn.exe
C:\Windows\System\iRxogTG.exe
C:\Windows\System\iRxogTG.exe
C:\Windows\System\kkaysSP.exe
C:\Windows\System\kkaysSP.exe
C:\Windows\System\RzZmRca.exe
C:\Windows\System\RzZmRca.exe
C:\Windows\System\qIbXiTA.exe
C:\Windows\System\qIbXiTA.exe
C:\Windows\System\kIkGjRj.exe
C:\Windows\System\kIkGjRj.exe
C:\Windows\System\mPyliyG.exe
C:\Windows\System\mPyliyG.exe
C:\Windows\System\yOXQcVq.exe
C:\Windows\System\yOXQcVq.exe
C:\Windows\System\mEdzXVt.exe
C:\Windows\System\mEdzXVt.exe
C:\Windows\System\rfOeokH.exe
C:\Windows\System\rfOeokH.exe
C:\Windows\System\FTgOxho.exe
C:\Windows\System\FTgOxho.exe
C:\Windows\System\rRHdPJs.exe
C:\Windows\System\rRHdPJs.exe
C:\Windows\System\ANjILxa.exe
C:\Windows\System\ANjILxa.exe
C:\Windows\System\WhieQLh.exe
C:\Windows\System\WhieQLh.exe
C:\Windows\System\OfUyGel.exe
C:\Windows\System\OfUyGel.exe
C:\Windows\System\VaZtYYX.exe
C:\Windows\System\VaZtYYX.exe
C:\Windows\System\mhJypCm.exe
C:\Windows\System\mhJypCm.exe
C:\Windows\System\kDqmyQE.exe
C:\Windows\System\kDqmyQE.exe
C:\Windows\System\TWqwhuU.exe
C:\Windows\System\TWqwhuU.exe
C:\Windows\System\eKxdtvW.exe
C:\Windows\System\eKxdtvW.exe
C:\Windows\System\ImbIZmI.exe
C:\Windows\System\ImbIZmI.exe
C:\Windows\System\zCSROZK.exe
C:\Windows\System\zCSROZK.exe
C:\Windows\System\MCZImAJ.exe
C:\Windows\System\MCZImAJ.exe
C:\Windows\System\HfQTXyZ.exe
C:\Windows\System\HfQTXyZ.exe
C:\Windows\System\CbbBZKr.exe
C:\Windows\System\CbbBZKr.exe
C:\Windows\System\MTVJbDF.exe
C:\Windows\System\MTVJbDF.exe
C:\Windows\System\FrQFHjP.exe
C:\Windows\System\FrQFHjP.exe
C:\Windows\System\NVidpgM.exe
C:\Windows\System\NVidpgM.exe
C:\Windows\System\FrsifPe.exe
C:\Windows\System\FrsifPe.exe
C:\Windows\System\aWgNxVg.exe
C:\Windows\System\aWgNxVg.exe
C:\Windows\System\KdfAelO.exe
C:\Windows\System\KdfAelO.exe
C:\Windows\System\SJgnIUh.exe
C:\Windows\System\SJgnIUh.exe
C:\Windows\System\mweBqtm.exe
C:\Windows\System\mweBqtm.exe
C:\Windows\System\pYgfwvq.exe
C:\Windows\System\pYgfwvq.exe
C:\Windows\System\pcORQVO.exe
C:\Windows\System\pcORQVO.exe
C:\Windows\System\KUTHXZY.exe
C:\Windows\System\KUTHXZY.exe
C:\Windows\System\yUESXhp.exe
C:\Windows\System\yUESXhp.exe
C:\Windows\System\mLGrUJu.exe
C:\Windows\System\mLGrUJu.exe
C:\Windows\System\rnnHRCa.exe
C:\Windows\System\rnnHRCa.exe
C:\Windows\System\FazCjFa.exe
C:\Windows\System\FazCjFa.exe
C:\Windows\System\zaeILNp.exe
C:\Windows\System\zaeILNp.exe
C:\Windows\System\qSNlqRm.exe
C:\Windows\System\qSNlqRm.exe
C:\Windows\System\iOlnrQr.exe
C:\Windows\System\iOlnrQr.exe
C:\Windows\System\FuBFTOg.exe
C:\Windows\System\FuBFTOg.exe
C:\Windows\System\omayOlT.exe
C:\Windows\System\omayOlT.exe
C:\Windows\System\mXYhDFB.exe
C:\Windows\System\mXYhDFB.exe
C:\Windows\System\qRqxZgD.exe
C:\Windows\System\qRqxZgD.exe
C:\Windows\System\kvKMFry.exe
C:\Windows\System\kvKMFry.exe
C:\Windows\System\eONbENK.exe
C:\Windows\System\eONbENK.exe
C:\Windows\System\OTleYMf.exe
C:\Windows\System\OTleYMf.exe
C:\Windows\System\pQtcZyQ.exe
C:\Windows\System\pQtcZyQ.exe
C:\Windows\System\SwRnGcQ.exe
C:\Windows\System\SwRnGcQ.exe
C:\Windows\System\PPxSooT.exe
C:\Windows\System\PPxSooT.exe
C:\Windows\System\EgHvubh.exe
C:\Windows\System\EgHvubh.exe
C:\Windows\System\YtOrJji.exe
C:\Windows\System\YtOrJji.exe
C:\Windows\System\FHJMNKH.exe
C:\Windows\System\FHJMNKH.exe
C:\Windows\System\NNSvsmP.exe
C:\Windows\System\NNSvsmP.exe
C:\Windows\System\VsuWJlN.exe
C:\Windows\System\VsuWJlN.exe
C:\Windows\System\JjNnMbL.exe
C:\Windows\System\JjNnMbL.exe
C:\Windows\System\rSsyhwy.exe
C:\Windows\System\rSsyhwy.exe
C:\Windows\System\kbDeBdO.exe
C:\Windows\System\kbDeBdO.exe
C:\Windows\System\ShuHQQy.exe
C:\Windows\System\ShuHQQy.exe
C:\Windows\System\RAaMEnM.exe
C:\Windows\System\RAaMEnM.exe
C:\Windows\System\oktrsUS.exe
C:\Windows\System\oktrsUS.exe
C:\Windows\System\SurwiAV.exe
C:\Windows\System\SurwiAV.exe
C:\Windows\System\uagcBxr.exe
C:\Windows\System\uagcBxr.exe
C:\Windows\System\anScdSd.exe
C:\Windows\System\anScdSd.exe
C:\Windows\System\HFwFeha.exe
C:\Windows\System\HFwFeha.exe
C:\Windows\System\hiPYPPE.exe
C:\Windows\System\hiPYPPE.exe
C:\Windows\System\zJiSgvb.exe
C:\Windows\System\zJiSgvb.exe
C:\Windows\System\RcVFqiT.exe
C:\Windows\System\RcVFqiT.exe
C:\Windows\System\QdDkynZ.exe
C:\Windows\System\QdDkynZ.exe
C:\Windows\System\qLUttWR.exe
C:\Windows\System\qLUttWR.exe
C:\Windows\System\ASxsOab.exe
C:\Windows\System\ASxsOab.exe
C:\Windows\System\DPYNZUE.exe
C:\Windows\System\DPYNZUE.exe
C:\Windows\System\anySqMC.exe
C:\Windows\System\anySqMC.exe
C:\Windows\System\zJHkceg.exe
C:\Windows\System\zJHkceg.exe
C:\Windows\System\eYyDuqx.exe
C:\Windows\System\eYyDuqx.exe
C:\Windows\System\iobiIeT.exe
C:\Windows\System\iobiIeT.exe
C:\Windows\System\jLKvbHt.exe
C:\Windows\System\jLKvbHt.exe
C:\Windows\System\ArEZLdp.exe
C:\Windows\System\ArEZLdp.exe
C:\Windows\System\nhCRCgQ.exe
C:\Windows\System\nhCRCgQ.exe
C:\Windows\System\wbuPxqd.exe
C:\Windows\System\wbuPxqd.exe
C:\Windows\System\rIamqVJ.exe
C:\Windows\System\rIamqVJ.exe
C:\Windows\System\SuWphqy.exe
C:\Windows\System\SuWphqy.exe
C:\Windows\System\urHcjdp.exe
C:\Windows\System\urHcjdp.exe
C:\Windows\System\vfkrvDC.exe
C:\Windows\System\vfkrvDC.exe
C:\Windows\System\gALjdJr.exe
C:\Windows\System\gALjdJr.exe
C:\Windows\System\klkYTIa.exe
C:\Windows\System\klkYTIa.exe
C:\Windows\System\ivbzBNF.exe
C:\Windows\System\ivbzBNF.exe
C:\Windows\System\BnibKql.exe
C:\Windows\System\BnibKql.exe
C:\Windows\System\GxufPQH.exe
C:\Windows\System\GxufPQH.exe
C:\Windows\System\wDzopCU.exe
C:\Windows\System\wDzopCU.exe
C:\Windows\System\nWBaUYV.exe
C:\Windows\System\nWBaUYV.exe
C:\Windows\System\NFXCbPD.exe
C:\Windows\System\NFXCbPD.exe
C:\Windows\System\nOSYCuh.exe
C:\Windows\System\nOSYCuh.exe
C:\Windows\System\QCcnAOM.exe
C:\Windows\System\QCcnAOM.exe
C:\Windows\System\RkYLMFa.exe
C:\Windows\System\RkYLMFa.exe
C:\Windows\System\nVSNOkA.exe
C:\Windows\System\nVSNOkA.exe
C:\Windows\System\QPoqtHX.exe
C:\Windows\System\QPoqtHX.exe
C:\Windows\System\hAgZRDN.exe
C:\Windows\System\hAgZRDN.exe
C:\Windows\System\bTZGPrL.exe
C:\Windows\System\bTZGPrL.exe
C:\Windows\System\wTUHoux.exe
C:\Windows\System\wTUHoux.exe
C:\Windows\System\rPaYCeJ.exe
C:\Windows\System\rPaYCeJ.exe
C:\Windows\System\uVTeeXg.exe
C:\Windows\System\uVTeeXg.exe
C:\Windows\System\ZCzSlha.exe
C:\Windows\System\ZCzSlha.exe
C:\Windows\System\vdbnvYB.exe
C:\Windows\System\vdbnvYB.exe
C:\Windows\System\SegRxsm.exe
C:\Windows\System\SegRxsm.exe
C:\Windows\System\ZPzuuEE.exe
C:\Windows\System\ZPzuuEE.exe
C:\Windows\System\GSTABKB.exe
C:\Windows\System\GSTABKB.exe
C:\Windows\System\iDreziU.exe
C:\Windows\System\iDreziU.exe
C:\Windows\System\ZvkiYSb.exe
C:\Windows\System\ZvkiYSb.exe
C:\Windows\System\GOZZtLv.exe
C:\Windows\System\GOZZtLv.exe
C:\Windows\System\oIapMFU.exe
C:\Windows\System\oIapMFU.exe
C:\Windows\System\vzQIfpV.exe
C:\Windows\System\vzQIfpV.exe
C:\Windows\System\GmotzcW.exe
C:\Windows\System\GmotzcW.exe
C:\Windows\System\lEvNuyq.exe
C:\Windows\System\lEvNuyq.exe
C:\Windows\System\BYAxOny.exe
C:\Windows\System\BYAxOny.exe
C:\Windows\System\dZhNMCh.exe
C:\Windows\System\dZhNMCh.exe
C:\Windows\System\mtrmcnZ.exe
C:\Windows\System\mtrmcnZ.exe
C:\Windows\System\DkVDDGN.exe
C:\Windows\System\DkVDDGN.exe
C:\Windows\System\HRLWFmN.exe
C:\Windows\System\HRLWFmN.exe
C:\Windows\System\DDMhTaP.exe
C:\Windows\System\DDMhTaP.exe
C:\Windows\System\yoYPdzu.exe
C:\Windows\System\yoYPdzu.exe
C:\Windows\System\eWoIvNW.exe
C:\Windows\System\eWoIvNW.exe
C:\Windows\System\vRhRLpC.exe
C:\Windows\System\vRhRLpC.exe
C:\Windows\System\jNCLNLE.exe
C:\Windows\System\jNCLNLE.exe
C:\Windows\System\zxMcubc.exe
C:\Windows\System\zxMcubc.exe
C:\Windows\System\TiOVXFF.exe
C:\Windows\System\TiOVXFF.exe
C:\Windows\System\RipFVHV.exe
C:\Windows\System\RipFVHV.exe
C:\Windows\System\VuOqEPc.exe
C:\Windows\System\VuOqEPc.exe
C:\Windows\System\tUEOYww.exe
C:\Windows\System\tUEOYww.exe
C:\Windows\System\ojShvLA.exe
C:\Windows\System\ojShvLA.exe
C:\Windows\System\yYFsqUt.exe
C:\Windows\System\yYFsqUt.exe
C:\Windows\System\TSeIoez.exe
C:\Windows\System\TSeIoez.exe
C:\Windows\System\fThQXLx.exe
C:\Windows\System\fThQXLx.exe
C:\Windows\System\pKnkJuQ.exe
C:\Windows\System\pKnkJuQ.exe
C:\Windows\System\UXvfQpc.exe
C:\Windows\System\UXvfQpc.exe
C:\Windows\System\ihDIFdY.exe
C:\Windows\System\ihDIFdY.exe
C:\Windows\System\VNFFnKS.exe
C:\Windows\System\VNFFnKS.exe
C:\Windows\System\bxCNZZC.exe
C:\Windows\System\bxCNZZC.exe
C:\Windows\System\esszxpo.exe
C:\Windows\System\esszxpo.exe
C:\Windows\System\qTyhztA.exe
C:\Windows\System\qTyhztA.exe
C:\Windows\System\zytBCWD.exe
C:\Windows\System\zytBCWD.exe
C:\Windows\System\DREWXun.exe
C:\Windows\System\DREWXun.exe
C:\Windows\System\kChNNGY.exe
C:\Windows\System\kChNNGY.exe
C:\Windows\System\jDUxlgf.exe
C:\Windows\System\jDUxlgf.exe
C:\Windows\System\fvrUwnW.exe
C:\Windows\System\fvrUwnW.exe
C:\Windows\System\dVzKBnV.exe
C:\Windows\System\dVzKBnV.exe
C:\Windows\System\RKmFWFT.exe
C:\Windows\System\RKmFWFT.exe
C:\Windows\System\lyExlOO.exe
C:\Windows\System\lyExlOO.exe
C:\Windows\System\HAIzSst.exe
C:\Windows\System\HAIzSst.exe
C:\Windows\System\yMlRPCf.exe
C:\Windows\System\yMlRPCf.exe
C:\Windows\System\MivSCsp.exe
C:\Windows\System\MivSCsp.exe
C:\Windows\System\nuDutaP.exe
C:\Windows\System\nuDutaP.exe
C:\Windows\System\fRqKhml.exe
C:\Windows\System\fRqKhml.exe
C:\Windows\System\lpSWLOe.exe
C:\Windows\System\lpSWLOe.exe
C:\Windows\System\cPeVZOM.exe
C:\Windows\System\cPeVZOM.exe
C:\Windows\System\HfhWCIP.exe
C:\Windows\System\HfhWCIP.exe
C:\Windows\System\JLDWcBl.exe
C:\Windows\System\JLDWcBl.exe
C:\Windows\System\SIfCUvu.exe
C:\Windows\System\SIfCUvu.exe
C:\Windows\System\KwCccsu.exe
C:\Windows\System\KwCccsu.exe
C:\Windows\System\EdBRgcP.exe
C:\Windows\System\EdBRgcP.exe
C:\Windows\System\dOuNcFF.exe
C:\Windows\System\dOuNcFF.exe
C:\Windows\System\GbBkjbZ.exe
C:\Windows\System\GbBkjbZ.exe
C:\Windows\System\wgAkEXm.exe
C:\Windows\System\wgAkEXm.exe
C:\Windows\System\wjMFxhO.exe
C:\Windows\System\wjMFxhO.exe
C:\Windows\System\THwmuUh.exe
C:\Windows\System\THwmuUh.exe
C:\Windows\System\ZOsnfZG.exe
C:\Windows\System\ZOsnfZG.exe
C:\Windows\System\tVcjVnw.exe
C:\Windows\System\tVcjVnw.exe
C:\Windows\System\hPXmbCb.exe
C:\Windows\System\hPXmbCb.exe
C:\Windows\System\fLbLklM.exe
C:\Windows\System\fLbLklM.exe
C:\Windows\System\ImfrLrA.exe
C:\Windows\System\ImfrLrA.exe
C:\Windows\System\hrnMBCv.exe
C:\Windows\System\hrnMBCv.exe
C:\Windows\System\xCICHbI.exe
C:\Windows\System\xCICHbI.exe
C:\Windows\System\sekJLzj.exe
C:\Windows\System\sekJLzj.exe
C:\Windows\System\CDpFYkC.exe
C:\Windows\System\CDpFYkC.exe
C:\Windows\System\IZGczfz.exe
C:\Windows\System\IZGczfz.exe
C:\Windows\System\WwNpJWj.exe
C:\Windows\System\WwNpJWj.exe
C:\Windows\System\GRgMiHD.exe
C:\Windows\System\GRgMiHD.exe
C:\Windows\System\JJLkwaF.exe
C:\Windows\System\JJLkwaF.exe
C:\Windows\System\yxrxLnJ.exe
C:\Windows\System\yxrxLnJ.exe
C:\Windows\System\gGJKZAB.exe
C:\Windows\System\gGJKZAB.exe
C:\Windows\System\ZPbUjRA.exe
C:\Windows\System\ZPbUjRA.exe
C:\Windows\System\NYwVnBp.exe
C:\Windows\System\NYwVnBp.exe
C:\Windows\System\yybXcMx.exe
C:\Windows\System\yybXcMx.exe
C:\Windows\System\ktKEtPw.exe
C:\Windows\System\ktKEtPw.exe
C:\Windows\System\hLkpzFZ.exe
C:\Windows\System\hLkpzFZ.exe
C:\Windows\System\tUAdAxL.exe
C:\Windows\System\tUAdAxL.exe
C:\Windows\System\HTVhpch.exe
C:\Windows\System\HTVhpch.exe
C:\Windows\System\FPBgtJf.exe
C:\Windows\System\FPBgtJf.exe
C:\Windows\System\RVSFrWP.exe
C:\Windows\System\RVSFrWP.exe
C:\Windows\System\mnNPGBY.exe
C:\Windows\System\mnNPGBY.exe
Network
| Country | Destination | Domain | Proto |
| DE | 3.120.209.58:8080 | tcp | |
| DE | 3.120.209.58:8080 | tcp | |
| DE | 3.120.209.58:8080 | tcp | |
| DE | 3.120.209.58:8080 | tcp | |
| DE | 3.120.209.58:8080 | tcp | |
| DE | 3.120.209.58:8080 | tcp |
Files
\Windows\system\uggIEIx.exe
| MD5 | 6f79929539cf65dcb1e405ed0a538ec1 |
| SHA1 | 46963681601be609a978fb70a544460fdecbb830 |
| SHA256 | 8292e8db4cea39d46d950b64cc55f87ab625ecdebcbe27f469743b8d918b78e8 |
| SHA512 | e991eb3fcf3d9e8bf2f4b7d6bc5ccb92f66bf173e56c3693b2cbd12083aeda0fcdb439b0c82e3da3f8abfa3d37b16394bcf458c3b338809e1ffa376eff9aa3d0 |
C:\Windows\system\uggIEIx.exe
| MD5 | 460a560d9343614b4f5d3d4dba3f4ee8 |
| SHA1 | b7e4e11f7bd5df3f2363cf6c1fa4d5ae53e0122e |
| SHA256 | fd744e6808c52535a94243828181a8d013638b8f8817cf398b9172e0ee7b110d |
| SHA512 | 1f115a8993e51d1f37533d08960597baad579468fd9fc33ed73870d8dbecffbacf74c482d28ec7d6893e63aba21811f0abf2dfee545d005b933bc73799ad2c80 |
\Windows\system\xCIpuOO.exe
| MD5 | 0b4145c2cc110331e4da5e560102704d |
| SHA1 | c566b9a6ceb44b7f1c214b316c08f6bec9d9b2b1 |
| SHA256 | 45685ced1acb15c50a2e82577fa387cda30481d8f7a525239c32c5f5bf6e48b4 |
| SHA512 | abf913119d63f487a6aab21c7aef0828fd1abea0d0c9a3b66bf2a375882b42bf9f76fd9b59dbd74e92020f35616ebd4ca75dc1ea4b5b55a7e8ed17cc28d58dc6 |
C:\Windows\system\efBnCjg.exe
| MD5 | 127f4866c00e3ecb45b1d23b1d0c741c |
| SHA1 | bbd6a9cffc79a79bd90d816b9900c68bfca18543 |
| SHA256 | bcc97a96b21714501a1a73d093ecbf16bebdde5c4d96059fba2ad80c8b5330a5 |
| SHA512 | c7527a9f1edae2d067417b282065ad27153e8fbc1423f8998711e828f7b5c2f6434c8cd15eb1be193ec5e0e78c50d3413aca371edb5d76738fe331728ad68c91 |
memory/1984-143-0x0000000002080000-0x00000000023D4000-memory.dmp
memory/1984-149-0x000000013F4E0000-0x000000013F834000-memory.dmp
memory/1984-131-0x0000000002080000-0x00000000023D4000-memory.dmp
memory/1984-121-0x0000000002080000-0x00000000023D4000-memory.dmp
memory/2852-138-0x000000013F560000-0x000000013F8B4000-memory.dmp
memory/1984-137-0x000000013F560000-0x000000013F8B4000-memory.dmp
C:\Windows\system\SxfYwgY.exe
| MD5 | 1979b0879876186bd0f5aa0f254c132a |
| SHA1 | e892dbefcbe90935ad660042061e35b51203706e |
| SHA256 | 7da4f6f471002ec76d839ba97be537c656ab453f09a6bdb3e3d038b53e35c156 |
| SHA512 | 1aae061748aa9b3f592b54687a21b721bcbaa1962fbcde211e2eb6b16e91b420fcff2582b6b47f09b0b5676c869963698eb54cb0695c46e63e130c4a2be1965d |
memory/1984-126-0x0000000002080000-0x00000000023D4000-memory.dmp
memory/1984-116-0x0000000002080000-0x00000000023D4000-memory.dmp
memory/2372-107-0x000000013F4E0000-0x000000013F834000-memory.dmp
memory/2864-104-0x000000013F890000-0x000000013FBE4000-memory.dmp
memory/2460-103-0x000000013F800000-0x000000013FB54000-memory.dmp
memory/2500-94-0x000000013F930000-0x000000013FC84000-memory.dmp
memory/2304-91-0x000000013F050000-0x000000013F3A4000-memory.dmp
memory/2576-87-0x000000013F970000-0x000000013FCC4000-memory.dmp
memory/2392-79-0x000000013FA80000-0x000000013FDD4000-memory.dmp
memory/1984-78-0x000000013F050000-0x000000013F3A4000-memory.dmp
memory/2664-77-0x000000013F360000-0x000000013F6B4000-memory.dmp
memory/1984-75-0x0000000002080000-0x00000000023D4000-memory.dmp
memory/1984-69-0x000000013F360000-0x000000013F6B4000-memory.dmp
memory/2600-66-0x000000013F940000-0x000000013FC94000-memory.dmp
memory/2584-60-0x000000013F860000-0x000000013FBB4000-memory.dmp
memory/1984-55-0x0000000002080000-0x00000000023D4000-memory.dmp
memory/1984-1068-0x0000000002080000-0x00000000023D4000-memory.dmp
memory/1984-1067-0x000000013FB10000-0x000000013FE64000-memory.dmp
memory/2532-41-0x000000013FA00000-0x000000013FD54000-memory.dmp
\Windows\system\ijweTFJ.exe
| MD5 | 9b577ffff6c1f5ffff7f64441d883431 |
| SHA1 | 10ba0bbbec3c90794664c7d383f12f8e5eb6c74b |
| SHA256 | 91f3e82906a538100a99ed926f9fc65724c6b25f34a3a65f82125b966c8582db |
| SHA512 | f8bb3727a9f20749433ece4d83348bcfd5e5e28efa7ccba238d5a6d724481df6d5f37b94f4ffcea847376be6b1b47a9ca7c6e243f6823afe20547eef85d0ed8f |
memory/1036-28-0x000000013FD00000-0x0000000140054000-memory.dmp
C:\Windows\system\jVWQdEP.exe
| MD5 | 9f03c1e8a19f19c9c45da43a423e0a14 |
| SHA1 | d2a703fa74678641f486c752be544e84b61a98ce |
| SHA256 | 19e57cb695e9244fe767c678339f563de14070b43eb07b000264ced259475064 |
| SHA512 | a1c0cdac6a9ce360516c585d2a64c7c50034a342c0accadf24adb66c4908020d1d1abe105ce2e8bca3f50f328aa140b7cb1764d4a36d28c426f912a4bdf10e38 |
C:\Windows\system\AFbcEAU.exe
| MD5 | c82368624fc0cbc229c201ce1985bc94 |
| SHA1 | ee5f9762a48551b4aca0f410ce58ba6b3a31c5e7 |
| SHA256 | 931c951679eb1fb702111027aabfe5c2dbae5ee0133b51e3a18f5413cb866a95 |
| SHA512 | a02b7bbdc00adbf81d06cac9c2ff95404ee7daaf391f997518b816e211a80c24bef9f62cfffbf4467be156c5ab3f90c9c19fabf63f6e25a559ab78ca4191369f |
memory/1360-18-0x000000013FA80000-0x000000013FDD4000-memory.dmp
memory/1984-12-0x0000000002080000-0x00000000023D4000-memory.dmp
memory/1984-1-0x0000000000080000-0x0000000000090000-memory.dmp
memory/1984-0-0x000000013FB10000-0x000000013FE64000-memory.dmp
memory/1984-1069-0x0000000002080000-0x00000000023D4000-memory.dmp
memory/1360-1070-0x000000013FA80000-0x000000013FDD4000-memory.dmp
memory/1036-1071-0x000000013FD00000-0x0000000140054000-memory.dmp
memory/2460-1080-0x000000013F800000-0x000000013FB54000-memory.dmp
memory/2864-1082-0x000000013F890000-0x000000013FBE4000-memory.dmp
memory/2372-1083-0x000000013F4E0000-0x000000013F834000-memory.dmp
memory/2852-1081-0x000000013F560000-0x000000013F8B4000-memory.dmp
memory/2500-1079-0x000000013F930000-0x000000013FC84000-memory.dmp
memory/2304-1078-0x000000013F050000-0x000000013F3A4000-memory.dmp
memory/2576-1077-0x000000013F970000-0x000000013FCC4000-memory.dmp
memory/2664-1076-0x000000013F360000-0x000000013F6B4000-memory.dmp
memory/2392-1075-0x000000013FA80000-0x000000013FDD4000-memory.dmp
memory/2600-1074-0x000000013F940000-0x000000013FC94000-memory.dmp
memory/2584-1073-0x000000013F860000-0x000000013FBB4000-memory.dmp
memory/2532-1072-0x000000013FA00000-0x000000013FD54000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-05 05:45
Reported
2024-06-05 05:48
Platform
win10v2004-20240508-en
Max time kernel
2s
Max time network
150s
Command Line
Signatures
KPOT
KPOT Core Executable
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
xmrig
XMRig Miner payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Executes dropped EXE
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Drops file in Windows directory
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\2731331116\zmstage.exe
C:\Users\Admin\AppData\Local\Temp\2731331116\zmstage.exe
C:\Users\Admin\AppData\Local\Temp\414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\414374feb07dd96ebe8af6256db984d0_NeikiAnalytics.exe"
C:\Windows\System\QEOtYyB.exe
C:\Windows\System\QEOtYyB.exe
C:\Windows\System\IPcPsRL.exe
C:\Windows\System\IPcPsRL.exe
C:\Windows\System\iKMKFvv.exe
C:\Windows\System\iKMKFvv.exe
C:\Windows\System\Cydqkfg.exe
C:\Windows\System\Cydqkfg.exe
C:\Windows\System\nHVaHJy.exe
C:\Windows\System\nHVaHJy.exe
C:\Windows\System\qGDaaQy.exe
C:\Windows\System\qGDaaQy.exe
C:\Windows\System\vRgEDkB.exe
C:\Windows\System\vRgEDkB.exe
C:\Windows\System\aiJAxiY.exe
C:\Windows\System\aiJAxiY.exe
C:\Windows\System\nlbyyDI.exe
C:\Windows\System\nlbyyDI.exe
C:\Windows\System\BTMWgNb.exe
C:\Windows\System\BTMWgNb.exe
C:\Windows\System\ZqHOFIm.exe
C:\Windows\System\ZqHOFIm.exe
C:\Windows\System\hPCxctJ.exe
C:\Windows\System\hPCxctJ.exe
C:\Windows\System\HOphxJK.exe
C:\Windows\System\HOphxJK.exe
C:\Windows\System\pbxqCIc.exe
C:\Windows\System\pbxqCIc.exe
C:\Windows\System\ywPDHfM.exe
C:\Windows\System\ywPDHfM.exe
C:\Windows\System\AechukS.exe
C:\Windows\System\AechukS.exe
C:\Windows\System\yBFwVoo.exe
C:\Windows\System\yBFwVoo.exe
C:\Windows\System\orGcNCT.exe
C:\Windows\System\orGcNCT.exe
C:\Windows\System\ugrJzEN.exe
C:\Windows\System\ugrJzEN.exe
C:\Windows\System\KrKvQeB.exe
C:\Windows\System\KrKvQeB.exe
C:\Windows\System\OPWRZxc.exe
C:\Windows\System\OPWRZxc.exe
C:\Windows\System\mHCopyL.exe
C:\Windows\System\mHCopyL.exe
C:\Windows\System\ybWKuNa.exe
C:\Windows\System\ybWKuNa.exe
C:\Windows\System\ficYgop.exe
C:\Windows\System\ficYgop.exe
C:\Windows\System\ogWFiuS.exe
C:\Windows\System\ogWFiuS.exe
C:\Windows\System\vsVBewf.exe
C:\Windows\System\vsVBewf.exe
C:\Windows\System\ufwBkAU.exe
C:\Windows\System\ufwBkAU.exe
C:\Windows\System\VOVJwMA.exe
C:\Windows\System\VOVJwMA.exe
C:\Windows\System\JiPtgRz.exe
C:\Windows\System\JiPtgRz.exe
C:\Windows\System\usXBokG.exe
C:\Windows\System\usXBokG.exe
C:\Windows\System\eBlqDMw.exe
C:\Windows\System\eBlqDMw.exe
C:\Windows\System\lJeKKIv.exe
C:\Windows\System\lJeKKIv.exe
C:\Windows\System\fzOGVBh.exe
C:\Windows\System\fzOGVBh.exe
C:\Windows\System\jeXSRbc.exe
C:\Windows\System\jeXSRbc.exe
C:\Windows\System\xYyvQIq.exe
C:\Windows\System\xYyvQIq.exe
C:\Windows\System\sgwrhwP.exe
C:\Windows\System\sgwrhwP.exe
C:\Windows\System\lZFdBQW.exe
C:\Windows\System\lZFdBQW.exe
C:\Windows\System\RInWerZ.exe
C:\Windows\System\RInWerZ.exe
C:\Windows\System\xWEuuyZ.exe
C:\Windows\System\xWEuuyZ.exe
C:\Windows\System\PPJOazu.exe
C:\Windows\System\PPJOazu.exe
C:\Windows\System\oMnliKj.exe
C:\Windows\System\oMnliKj.exe
C:\Windows\System\fuxcDRH.exe
C:\Windows\System\fuxcDRH.exe
C:\Windows\System\RXEHTPA.exe
C:\Windows\System\RXEHTPA.exe
C:\Windows\System\TcGYeur.exe
C:\Windows\System\TcGYeur.exe
C:\Windows\System\WxBnsth.exe
C:\Windows\System\WxBnsth.exe
C:\Windows\System\IMAkrEn.exe
C:\Windows\System\IMAkrEn.exe
C:\Windows\System\UDWVLQB.exe
C:\Windows\System\UDWVLQB.exe
C:\Windows\System\irgtXHn.exe
C:\Windows\System\irgtXHn.exe
C:\Windows\System\HOIhfeQ.exe
C:\Windows\System\HOIhfeQ.exe
C:\Windows\System\Xojisns.exe
C:\Windows\System\Xojisns.exe
C:\Windows\System\rGYCNOp.exe
C:\Windows\System\rGYCNOp.exe
C:\Windows\System\DENorrY.exe
C:\Windows\System\DENorrY.exe
C:\Windows\System\GnDqjUo.exe
C:\Windows\System\GnDqjUo.exe
C:\Windows\System\bPZspVF.exe
C:\Windows\System\bPZspVF.exe
C:\Windows\System\dmvBUPY.exe
C:\Windows\System\dmvBUPY.exe
C:\Windows\System\saTCbxu.exe
C:\Windows\System\saTCbxu.exe
C:\Windows\System\kfCGmHB.exe
C:\Windows\System\kfCGmHB.exe
C:\Windows\System\aMChEDP.exe
C:\Windows\System\aMChEDP.exe
C:\Windows\System\jxYntOu.exe
C:\Windows\System\jxYntOu.exe
C:\Windows\System\xLcDDGF.exe
C:\Windows\System\xLcDDGF.exe
C:\Windows\System\BEmSpUB.exe
C:\Windows\System\BEmSpUB.exe
C:\Windows\System\cbbbbKj.exe
C:\Windows\System\cbbbbKj.exe
C:\Windows\System\SemznYk.exe
C:\Windows\System\SemznYk.exe
C:\Windows\System\hcfkjzJ.exe
C:\Windows\System\hcfkjzJ.exe
C:\Windows\System\QnkPUfd.exe
C:\Windows\System\QnkPUfd.exe
C:\Windows\System\sDEIslJ.exe
C:\Windows\System\sDEIslJ.exe
C:\Windows\System\OhjgoPF.exe
C:\Windows\System\OhjgoPF.exe
C:\Windows\System\MbmVFgx.exe
C:\Windows\System\MbmVFgx.exe
C:\Windows\System\xsXPFoQ.exe
C:\Windows\System\xsXPFoQ.exe
C:\Windows\System\SKCcfNT.exe
C:\Windows\System\SKCcfNT.exe
C:\Windows\System\YfOkSbr.exe
C:\Windows\System\YfOkSbr.exe
C:\Windows\System\rReiOrh.exe
C:\Windows\System\rReiOrh.exe
C:\Windows\System\TRXVoCP.exe
C:\Windows\System\TRXVoCP.exe
C:\Windows\System\PEmTkcA.exe
C:\Windows\System\PEmTkcA.exe
C:\Windows\System\dOKiVns.exe
C:\Windows\System\dOKiVns.exe
C:\Windows\System\oNwoswy.exe
C:\Windows\System\oNwoswy.exe
C:\Windows\System\IwvMAuw.exe
C:\Windows\System\IwvMAuw.exe
C:\Windows\System\QGuQlPq.exe
C:\Windows\System\QGuQlPq.exe
C:\Windows\System\IwBaiSb.exe
C:\Windows\System\IwBaiSb.exe
C:\Windows\System\KgkZbpt.exe
C:\Windows\System\KgkZbpt.exe
C:\Windows\System\MuXMAZA.exe
C:\Windows\System\MuXMAZA.exe
C:\Windows\System\fGRmoke.exe
C:\Windows\System\fGRmoke.exe
C:\Windows\System\cxHUXpR.exe
C:\Windows\System\cxHUXpR.exe
C:\Windows\System\IoBhJdo.exe
C:\Windows\System\IoBhJdo.exe
C:\Windows\System\inkchRF.exe
C:\Windows\System\inkchRF.exe
C:\Windows\System\sIFAJAk.exe
C:\Windows\System\sIFAJAk.exe
C:\Windows\System\SbAZlUh.exe
C:\Windows\System\SbAZlUh.exe
C:\Windows\System\SJCrYnu.exe
C:\Windows\System\SJCrYnu.exe
C:\Windows\System\MaLnrSu.exe
C:\Windows\System\MaLnrSu.exe
C:\Windows\System\BGkYCPl.exe
C:\Windows\System\BGkYCPl.exe
C:\Windows\System\GgPTZiQ.exe
C:\Windows\System\GgPTZiQ.exe
C:\Windows\System\TFPTIkj.exe
C:\Windows\System\TFPTIkj.exe
C:\Windows\System\MfJUegh.exe
C:\Windows\System\MfJUegh.exe
C:\Windows\System\nqwZLDV.exe
C:\Windows\System\nqwZLDV.exe
C:\Windows\System\jnOWFbz.exe
C:\Windows\System\jnOWFbz.exe
C:\Windows\System\dSttFaC.exe
C:\Windows\System\dSttFaC.exe
C:\Windows\System\iXlxwMb.exe
C:\Windows\System\iXlxwMb.exe
C:\Windows\System\qzcuBiB.exe
C:\Windows\System\qzcuBiB.exe
C:\Windows\System\xZebfjj.exe
C:\Windows\System\xZebfjj.exe
C:\Windows\System\lrqwOPq.exe
C:\Windows\System\lrqwOPq.exe
C:\Windows\System\JmQmJIQ.exe
C:\Windows\System\JmQmJIQ.exe
C:\Windows\System\DAPnTLo.exe
C:\Windows\System\DAPnTLo.exe
C:\Windows\System\SPFZOlb.exe
C:\Windows\System\SPFZOlb.exe
C:\Windows\System\OsdofeJ.exe
C:\Windows\System\OsdofeJ.exe
C:\Windows\System\NHrfFtC.exe
C:\Windows\System\NHrfFtC.exe
C:\Windows\System\eXjnpVl.exe
C:\Windows\System\eXjnpVl.exe
C:\Windows\System\LzyIdzn.exe
C:\Windows\System\LzyIdzn.exe
C:\Windows\System\iFazrww.exe
C:\Windows\System\iFazrww.exe
C:\Windows\System\LtUgXoJ.exe
C:\Windows\System\LtUgXoJ.exe
C:\Windows\System\LOXqTuV.exe
C:\Windows\System\LOXqTuV.exe
C:\Windows\System\dglReFm.exe
C:\Windows\System\dglReFm.exe
C:\Windows\System\RJQiOxH.exe
C:\Windows\System\RJQiOxH.exe
C:\Windows\System\QESrJJm.exe
C:\Windows\System\QESrJJm.exe
C:\Windows\System\xmwrMlF.exe
C:\Windows\System\xmwrMlF.exe
C:\Windows\System\AwXMpuA.exe
C:\Windows\System\AwXMpuA.exe
C:\Windows\System\sahhHJB.exe
C:\Windows\System\sahhHJB.exe
C:\Windows\System\EjkrSJi.exe
C:\Windows\System\EjkrSJi.exe
C:\Windows\System\cxJKhYn.exe
C:\Windows\System\cxJKhYn.exe
C:\Windows\System\BVQHtOb.exe
C:\Windows\System\BVQHtOb.exe
C:\Windows\System\WvzXDju.exe
C:\Windows\System\WvzXDju.exe
C:\Windows\System\osaXZLx.exe
C:\Windows\System\osaXZLx.exe
C:\Windows\System\BfRdmnS.exe
C:\Windows\System\BfRdmnS.exe
C:\Windows\System\UHreoJv.exe
C:\Windows\System\UHreoJv.exe
C:\Windows\System\EGFwgBA.exe
C:\Windows\System\EGFwgBA.exe
C:\Windows\System\sYFDjGi.exe
C:\Windows\System\sYFDjGi.exe
C:\Windows\System\PUPUTeW.exe
C:\Windows\System\PUPUTeW.exe
C:\Windows\System\ZVVVIxJ.exe
C:\Windows\System\ZVVVIxJ.exe
C:\Windows\System\WBtcVug.exe
C:\Windows\System\WBtcVug.exe
C:\Windows\System\VUUATIZ.exe
C:\Windows\System\VUUATIZ.exe
C:\Windows\System\vGGPJjI.exe
C:\Windows\System\vGGPJjI.exe
C:\Windows\System\hIpqQFd.exe
C:\Windows\System\hIpqQFd.exe
C:\Windows\System\OnZjseq.exe
C:\Windows\System\OnZjseq.exe
C:\Windows\System\mimQDVL.exe
C:\Windows\System\mimQDVL.exe
C:\Windows\System\eoqmgrX.exe
C:\Windows\System\eoqmgrX.exe
C:\Windows\System\NDZnkGN.exe
C:\Windows\System\NDZnkGN.exe
C:\Windows\System\WromAND.exe
C:\Windows\System\WromAND.exe
C:\Windows\System\EOKrNst.exe
C:\Windows\System\EOKrNst.exe
C:\Windows\System\UiQulFa.exe
C:\Windows\System\UiQulFa.exe
C:\Windows\System\cGQMvsg.exe
C:\Windows\System\cGQMvsg.exe
C:\Windows\System\wYjSrvP.exe
C:\Windows\System\wYjSrvP.exe
C:\Windows\System\XhhEHwP.exe
C:\Windows\System\XhhEHwP.exe
C:\Windows\System\EbQJTxg.exe
C:\Windows\System\EbQJTxg.exe
C:\Windows\System\QDZvAkp.exe
C:\Windows\System\QDZvAkp.exe
C:\Windows\System\GGkGwot.exe
C:\Windows\System\GGkGwot.exe
C:\Windows\System\sMKgpGQ.exe
C:\Windows\System\sMKgpGQ.exe
C:\Windows\System\UyQJQVZ.exe
C:\Windows\System\UyQJQVZ.exe
C:\Windows\System\cBvNvnD.exe
C:\Windows\System\cBvNvnD.exe
C:\Windows\System\PTJLlVX.exe
C:\Windows\System\PTJLlVX.exe
C:\Windows\System\AYtpqEA.exe
C:\Windows\System\AYtpqEA.exe
C:\Windows\System\ncVHROs.exe
C:\Windows\System\ncVHROs.exe
C:\Windows\System\qlHybgo.exe
C:\Windows\System\qlHybgo.exe
C:\Windows\System\IczHJQJ.exe
C:\Windows\System\IczHJQJ.exe
C:\Windows\System\EKSsYOm.exe
C:\Windows\System\EKSsYOm.exe
C:\Windows\System\RZHwDnV.exe
C:\Windows\System\RZHwDnV.exe
C:\Windows\System\hRjOOXC.exe
C:\Windows\System\hRjOOXC.exe
C:\Windows\System\WvWoent.exe
C:\Windows\System\WvWoent.exe
C:\Windows\System\PZTokxQ.exe
C:\Windows\System\PZTokxQ.exe
C:\Windows\System\KqilsrI.exe
C:\Windows\System\KqilsrI.exe
C:\Windows\System\UrhNBiy.exe
C:\Windows\System\UrhNBiy.exe
C:\Windows\System\PfDetnG.exe
C:\Windows\System\PfDetnG.exe
C:\Windows\System\udqIyPd.exe
C:\Windows\System\udqIyPd.exe
C:\Windows\System\IVscOTD.exe
C:\Windows\System\IVscOTD.exe
C:\Windows\System\MlSgeBp.exe
C:\Windows\System\MlSgeBp.exe
C:\Windows\System\pXuAwrh.exe
C:\Windows\System\pXuAwrh.exe
C:\Windows\System\IgKISOl.exe
C:\Windows\System\IgKISOl.exe
C:\Windows\System\qTgOvLq.exe
C:\Windows\System\qTgOvLq.exe
C:\Windows\System\ciLkqwh.exe
C:\Windows\System\ciLkqwh.exe
C:\Windows\System\tYwuJky.exe
C:\Windows\System\tYwuJky.exe
C:\Windows\System\aHsdDoF.exe
C:\Windows\System\aHsdDoF.exe
C:\Windows\System\oMwCUvs.exe
C:\Windows\System\oMwCUvs.exe
C:\Windows\System\PfoSlJw.exe
C:\Windows\System\PfoSlJw.exe
C:\Windows\System\HzMJIHt.exe
C:\Windows\System\HzMJIHt.exe
C:\Windows\System\OpsPmGT.exe
C:\Windows\System\OpsPmGT.exe
C:\Windows\System\zyMjyFz.exe
C:\Windows\System\zyMjyFz.exe
C:\Windows\System\ODZsXRW.exe
C:\Windows\System\ODZsXRW.exe
C:\Windows\System\nPjjyNo.exe
C:\Windows\System\nPjjyNo.exe
C:\Windows\System\qvWfdwD.exe
C:\Windows\System\qvWfdwD.exe
C:\Windows\System\SHlhUpP.exe
C:\Windows\System\SHlhUpP.exe
C:\Windows\System\vTkDScQ.exe
C:\Windows\System\vTkDScQ.exe
C:\Windows\System\RWmgHuu.exe
C:\Windows\System\RWmgHuu.exe
C:\Windows\System\AMlUJZy.exe
C:\Windows\System\AMlUJZy.exe
C:\Windows\System\xRJPsAl.exe
C:\Windows\System\xRJPsAl.exe
C:\Windows\System\mqCgXaB.exe
C:\Windows\System\mqCgXaB.exe
C:\Windows\System\zPyikDb.exe
C:\Windows\System\zPyikDb.exe
C:\Windows\System\kPTUrCA.exe
C:\Windows\System\kPTUrCA.exe
C:\Windows\System\KlXZesa.exe
C:\Windows\System\KlXZesa.exe
C:\Windows\System\EAymgLh.exe
C:\Windows\System\EAymgLh.exe
C:\Windows\System\nLHtEdS.exe
C:\Windows\System\nLHtEdS.exe
C:\Windows\System\VPNaKSA.exe
C:\Windows\System\VPNaKSA.exe
C:\Windows\System\KnMjdql.exe
C:\Windows\System\KnMjdql.exe
C:\Windows\System\RCsOMRN.exe
C:\Windows\System\RCsOMRN.exe
C:\Windows\System\tnLtLMh.exe
C:\Windows\System\tnLtLMh.exe
C:\Windows\System\rXihYhk.exe
C:\Windows\System\rXihYhk.exe
C:\Windows\System\giVwGUp.exe
C:\Windows\System\giVwGUp.exe
C:\Windows\System\PSrVUmG.exe
C:\Windows\System\PSrVUmG.exe
C:\Windows\System\SwCAGbf.exe
C:\Windows\System\SwCAGbf.exe
C:\Windows\System\mHAaKoh.exe
C:\Windows\System\mHAaKoh.exe
C:\Windows\System\vLtqTdD.exe
C:\Windows\System\vLtqTdD.exe
C:\Windows\System\TsiNEZe.exe
C:\Windows\System\TsiNEZe.exe
C:\Windows\System\faQjCyn.exe
C:\Windows\System\faQjCyn.exe
C:\Windows\System\SWFckrQ.exe
C:\Windows\System\SWFckrQ.exe
C:\Windows\System\jvpmqAe.exe
C:\Windows\System\jvpmqAe.exe
C:\Windows\System\KmevgHi.exe
C:\Windows\System\KmevgHi.exe
C:\Windows\System\xKLHReQ.exe
C:\Windows\System\xKLHReQ.exe
C:\Windows\System\SvOBfND.exe
C:\Windows\System\SvOBfND.exe
C:\Windows\System\MujOnsK.exe
C:\Windows\System\MujOnsK.exe
C:\Windows\System\ofuwFbz.exe
C:\Windows\System\ofuwFbz.exe
C:\Windows\System\yQPFTJo.exe
C:\Windows\System\yQPFTJo.exe
C:\Windows\System\wtLKVLT.exe
C:\Windows\System\wtLKVLT.exe
C:\Windows\System\UubFYEL.exe
C:\Windows\System\UubFYEL.exe
C:\Windows\System\eyLnhgz.exe
C:\Windows\System\eyLnhgz.exe
C:\Windows\System\yAbggFN.exe
C:\Windows\System\yAbggFN.exe
C:\Windows\System\KoiXjAN.exe
C:\Windows\System\KoiXjAN.exe
C:\Windows\System\SpSuSsI.exe
C:\Windows\System\SpSuSsI.exe
C:\Windows\System\oRZLTEe.exe
C:\Windows\System\oRZLTEe.exe
C:\Windows\System\AyXsSvR.exe
C:\Windows\System\AyXsSvR.exe
C:\Windows\System\pkWveJt.exe
C:\Windows\System\pkWveJt.exe
C:\Windows\System\wnpRdyq.exe
C:\Windows\System\wnpRdyq.exe
C:\Windows\System\mGZGUxV.exe
C:\Windows\System\mGZGUxV.exe
C:\Windows\System\OYjwoXC.exe
C:\Windows\System\OYjwoXC.exe
C:\Windows\System\nToVIgy.exe
C:\Windows\System\nToVIgy.exe
C:\Windows\System\BHjxsaL.exe
C:\Windows\System\BHjxsaL.exe
C:\Windows\System\TlGjVIM.exe
C:\Windows\System\TlGjVIM.exe
C:\Windows\System\MotXFtH.exe
C:\Windows\System\MotXFtH.exe
C:\Windows\System\qZkyLSX.exe
C:\Windows\System\qZkyLSX.exe
C:\Windows\System\hScfEqT.exe
C:\Windows\System\hScfEqT.exe
C:\Windows\System\NKymzAB.exe
C:\Windows\System\NKymzAB.exe
C:\Windows\System\XKcSJLD.exe
C:\Windows\System\XKcSJLD.exe
C:\Windows\System\NhYnQSr.exe
C:\Windows\System\NhYnQSr.exe
C:\Windows\System\isPAJrP.exe
C:\Windows\System\isPAJrP.exe
C:\Windows\System\DfqZHzu.exe
C:\Windows\System\DfqZHzu.exe
C:\Windows\System\VhCiILB.exe
C:\Windows\System\VhCiILB.exe
C:\Windows\System\kCieIWv.exe
C:\Windows\System\kCieIWv.exe
C:\Windows\System\VWFfofd.exe
C:\Windows\System\VWFfofd.exe
C:\Windows\System\ZzqKNhm.exe
C:\Windows\System\ZzqKNhm.exe
C:\Windows\System\UgUmaaK.exe
C:\Windows\System\UgUmaaK.exe
C:\Windows\System\rtrqrVL.exe
C:\Windows\System\rtrqrVL.exe
C:\Windows\System\DoyPvLY.exe
C:\Windows\System\DoyPvLY.exe
C:\Windows\System\ZVDKLKC.exe
C:\Windows\System\ZVDKLKC.exe
C:\Windows\System\DRuWmnT.exe
C:\Windows\System\DRuWmnT.exe
C:\Windows\System\gFEvgjg.exe
C:\Windows\System\gFEvgjg.exe
C:\Windows\System\ZhZwwWX.exe
C:\Windows\System\ZhZwwWX.exe
C:\Windows\System\BeijPIj.exe
C:\Windows\System\BeijPIj.exe
C:\Windows\System\aZNjdsu.exe
C:\Windows\System\aZNjdsu.exe
C:\Windows\System\OtuSozU.exe
C:\Windows\System\OtuSozU.exe
C:\Windows\System\vbcbBAn.exe
C:\Windows\System\vbcbBAn.exe
C:\Windows\System\wiCQxrg.exe
C:\Windows\System\wiCQxrg.exe
C:\Windows\System\fokKCBm.exe
C:\Windows\System\fokKCBm.exe
C:\Windows\System\JUefPmD.exe
C:\Windows\System\JUefPmD.exe
C:\Windows\System\rwtLmcE.exe
C:\Windows\System\rwtLmcE.exe
C:\Windows\System\mFtGoSx.exe
C:\Windows\System\mFtGoSx.exe
C:\Windows\System\vCzUGFH.exe
C:\Windows\System\vCzUGFH.exe
C:\Windows\System\ZjwupRE.exe
C:\Windows\System\ZjwupRE.exe
C:\Windows\System\tAjqrNv.exe
C:\Windows\System\tAjqrNv.exe
C:\Windows\System\dZKazyR.exe
C:\Windows\System\dZKazyR.exe
C:\Windows\System\HgVYJrM.exe
C:\Windows\System\HgVYJrM.exe
C:\Windows\System\OAhQnKk.exe
C:\Windows\System\OAhQnKk.exe
C:\Windows\System\UGTxcyQ.exe
C:\Windows\System\UGTxcyQ.exe
C:\Windows\System\gyoCUkJ.exe
C:\Windows\System\gyoCUkJ.exe
C:\Windows\System\WIgJrJn.exe
C:\Windows\System\WIgJrJn.exe
C:\Windows\System\splOKNU.exe
C:\Windows\System\splOKNU.exe
C:\Windows\System\xtgCJnL.exe
C:\Windows\System\xtgCJnL.exe
C:\Windows\System\Glkifkz.exe
C:\Windows\System\Glkifkz.exe
C:\Windows\System\bpJeJFM.exe
C:\Windows\System\bpJeJFM.exe
C:\Windows\System\EHrFGKa.exe
C:\Windows\System\EHrFGKa.exe
C:\Windows\System\VZyvAdU.exe
C:\Windows\System\VZyvAdU.exe
C:\Windows\System\OPrjPYF.exe
C:\Windows\System\OPrjPYF.exe
C:\Windows\System\qNWARZd.exe
C:\Windows\System\qNWARZd.exe
C:\Windows\System\zRzTAsC.exe
C:\Windows\System\zRzTAsC.exe
C:\Windows\System\sAFdevf.exe
C:\Windows\System\sAFdevf.exe
C:\Windows\System\VFRAYmt.exe
C:\Windows\System\VFRAYmt.exe
C:\Windows\System\byVIhMk.exe
C:\Windows\System\byVIhMk.exe
C:\Windows\System\IXBPTEe.exe
C:\Windows\System\IXBPTEe.exe
C:\Windows\System\SVBrlRy.exe
C:\Windows\System\SVBrlRy.exe
C:\Windows\System\TPepigM.exe
C:\Windows\System\TPepigM.exe
C:\Windows\System\KzPsVwc.exe
C:\Windows\System\KzPsVwc.exe
C:\Windows\System\qxuqxPr.exe
C:\Windows\System\qxuqxPr.exe
C:\Windows\System\SsCcjKL.exe
C:\Windows\System\SsCcjKL.exe
C:\Windows\System\msvDWZI.exe
C:\Windows\System\msvDWZI.exe
C:\Windows\System\DOQDsUL.exe
C:\Windows\System\DOQDsUL.exe
C:\Windows\System\eocSUFM.exe
C:\Windows\System\eocSUFM.exe
C:\Windows\System\yyaAfrl.exe
C:\Windows\System\yyaAfrl.exe
C:\Windows\System\VUkTHet.exe
C:\Windows\System\VUkTHet.exe
C:\Windows\System\umaLLDE.exe
C:\Windows\System\umaLLDE.exe
C:\Windows\System\TJQLvxo.exe
C:\Windows\System\TJQLvxo.exe
C:\Windows\System\tHMHyqt.exe
C:\Windows\System\tHMHyqt.exe
C:\Windows\System\xVklizR.exe
C:\Windows\System\xVklizR.exe
C:\Windows\System\btnKymv.exe
C:\Windows\System\btnKymv.exe
C:\Windows\System\zrofyRD.exe
C:\Windows\System\zrofyRD.exe
C:\Windows\System\IUUOOXk.exe
C:\Windows\System\IUUOOXk.exe
C:\Windows\System\hcdpsKj.exe
C:\Windows\System\hcdpsKj.exe
C:\Windows\System\xTTAJeJ.exe
C:\Windows\System\xTTAJeJ.exe
C:\Windows\System\wDNbKwr.exe
C:\Windows\System\wDNbKwr.exe
C:\Windows\System\efUOzXV.exe
C:\Windows\System\efUOzXV.exe
C:\Windows\System\aOzagqj.exe
C:\Windows\System\aOzagqj.exe
C:\Windows\System\dSITrVd.exe
C:\Windows\System\dSITrVd.exe
C:\Windows\System\qSjZbZM.exe
C:\Windows\System\qSjZbZM.exe
C:\Windows\System\UoKUImf.exe
C:\Windows\System\UoKUImf.exe
C:\Windows\System\PYXiana.exe
C:\Windows\System\PYXiana.exe
C:\Windows\System\xflqExG.exe
C:\Windows\System\xflqExG.exe
C:\Windows\System\bsxDsDc.exe
C:\Windows\System\bsxDsDc.exe
C:\Windows\System\AdOiIeJ.exe
C:\Windows\System\AdOiIeJ.exe
C:\Windows\System\klXcBjJ.exe
C:\Windows\System\klXcBjJ.exe
C:\Windows\System\qHErrjw.exe
C:\Windows\System\qHErrjw.exe
C:\Windows\System\nULOyKF.exe
C:\Windows\System\nULOyKF.exe
C:\Windows\System\DzpwJmh.exe
C:\Windows\System\DzpwJmh.exe
C:\Windows\System\hKPxOGX.exe
C:\Windows\System\hKPxOGX.exe
C:\Windows\System\NhGAJGO.exe
C:\Windows\System\NhGAJGO.exe
C:\Windows\System\EleRRib.exe
C:\Windows\System\EleRRib.exe
C:\Windows\System\pQczlUI.exe
C:\Windows\System\pQczlUI.exe
C:\Windows\System\CAoElfF.exe
C:\Windows\System\CAoElfF.exe
C:\Windows\System\VqKPZhv.exe
C:\Windows\System\VqKPZhv.exe
C:\Windows\System\rDPSuim.exe
C:\Windows\System\rDPSuim.exe
C:\Windows\System\aCqmKqY.exe
C:\Windows\System\aCqmKqY.exe
C:\Windows\System\jWrEREC.exe
C:\Windows\System\jWrEREC.exe
C:\Windows\System\EXsnfhw.exe
C:\Windows\System\EXsnfhw.exe
C:\Windows\System\kTaStNC.exe
C:\Windows\System\kTaStNC.exe
C:\Windows\System\FnXoHJp.exe
C:\Windows\System\FnXoHJp.exe
C:\Windows\System\HeRBsTx.exe
C:\Windows\System\HeRBsTx.exe
C:\Windows\System\ElOPUdY.exe
C:\Windows\System\ElOPUdY.exe
C:\Windows\System\djVLijy.exe
C:\Windows\System\djVLijy.exe
C:\Windows\System\KWVLGCk.exe
C:\Windows\System\KWVLGCk.exe
C:\Windows\System\XZNwlBl.exe
C:\Windows\System\XZNwlBl.exe
C:\Windows\System\WyccuHP.exe
C:\Windows\System\WyccuHP.exe
C:\Windows\System\pfXDqMI.exe
C:\Windows\System\pfXDqMI.exe
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 232.168.11.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 134.32.126.40.in-addr.arpa | udp |
| DE | 3.120.209.58:8080 | tcp | |
| BE | 2.17.107.122:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 88.156.103.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 122.107.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 28.118.140.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 183.59.114.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 56.126.166.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| DE | 3.120.209.58:8080 | tcp | |
| DE | 3.120.209.58:8080 | tcp | |
| US | 8.8.8.8:53 | 43.58.199.20.in-addr.arpa | udp |
| DE | 3.120.209.58:8080 | tcp | |
| US | 8.8.8.8:53 | 31.243.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 200.197.79.204.in-addr.arpa | udp |
| DE | 3.120.209.58:8080 | tcp | |
| DE | 3.120.209.58:8080 | tcp |
Files
memory/4824-0-0x00007FF749BB0000-0x00007FF749F04000-memory.dmp
C:\Windows\System\IPcPsRL.exe
| MD5 | d25c1fdeb22cc98157fde0aa46096600 |
| SHA1 | c2a0b0b2db64a7038d39c7f82f9bb5f396508c50 |
| SHA256 | 7511aa59c4e02f472bc3d1c90613df12ace1da195fe4e4fe3e606ef30c5cfc1b |
| SHA512 | c5b07e576611c900a1045082c72693ee7834d636439b4c11ad26ce83d1b5455a5af406e559e4b9349a4334111ff760a9a61fc21d4a0a18d7d83c80cf35198cc7 |
memory/3992-19-0x00007FF63F290000-0x00007FF63F5E4000-memory.dmp
memory/4552-46-0x00007FF6BA160000-0x00007FF6BA4B4000-memory.dmp
C:\Windows\System\nlbyyDI.exe
| MD5 | 460a560d9343614b4f5d3d4dba3f4ee8 |
| SHA1 | b7e4e11f7bd5df3f2363cf6c1fa4d5ae53e0122e |
| SHA256 | fd744e6808c52535a94243828181a8d013638b8f8817cf398b9172e0ee7b110d |
| SHA512 | 1f115a8993e51d1f37533d08960597baad579468fd9fc33ed73870d8dbecffbacf74c482d28ec7d6893e63aba21811f0abf2dfee545d005b933bc73799ad2c80 |
memory/456-77-0x00007FF6E3B50000-0x00007FF6E3EA4000-memory.dmp
memory/3132-85-0x00007FF6C78F0000-0x00007FF6C7C44000-memory.dmp
memory/5048-97-0x00007FF7E3B60000-0x00007FF7E3EB4000-memory.dmp
C:\Windows\System\orGcNCT.exe
| MD5 | 9b577ffff6c1f5ffff7f64441d883431 |
| SHA1 | 10ba0bbbec3c90794664c7d383f12f8e5eb6c74b |
| SHA256 | 91f3e82906a538100a99ed926f9fc65724c6b25f34a3a65f82125b966c8582db |
| SHA512 | f8bb3727a9f20749433ece4d83348bcfd5e5e28efa7ccba238d5a6d724481df6d5f37b94f4ffcea847376be6b1b47a9ca7c6e243f6823afe20547eef85d0ed8f |
C:\Windows\System\vsVBewf.exe
| MD5 | 6f79929539cf65dcb1e405ed0a538ec1 |
| SHA1 | 46963681601be609a978fb70a544460fdecbb830 |
| SHA256 | 8292e8db4cea39d46d950b64cc55f87ab625ecdebcbe27f469743b8d918b78e8 |
| SHA512 | e991eb3fcf3d9e8bf2f4b7d6bc5ccb92f66bf173e56c3693b2cbd12083aeda0fcdb439b0c82e3da3f8abfa3d37b16394bcf458c3b338809e1ffa376eff9aa3d0 |
memory/792-191-0x00007FF75E660000-0x00007FF75E9B4000-memory.dmp
memory/4220-206-0x00007FF6E6E70000-0x00007FF6E71C4000-memory.dmp
memory/3232-227-0x00007FF6AF810000-0x00007FF6AFB64000-memory.dmp
memory/688-578-0x00007FF6C9D10000-0x00007FF6CA064000-memory.dmp
memory/4388-1071-0x00007FF7E0F40000-0x00007FF7E1294000-memory.dmp
memory/2812-1072-0x00007FF77D960000-0x00007FF77DCB4000-memory.dmp
memory/3688-1073-0x00007FF72BE50000-0x00007FF72C1A4000-memory.dmp
memory/3136-220-0x00007FF650BE0000-0x00007FF650F34000-memory.dmp
memory/3240-213-0x00007FF62E5B0000-0x00007FF62E904000-memory.dmp
memory/2252-202-0x00007FF750A60000-0x00007FF750DB4000-memory.dmp
memory/2880-198-0x00007FF791CC0000-0x00007FF792014000-memory.dmp
memory/4824-195-0x00007FF749BB0000-0x00007FF749F04000-memory.dmp
memory/1028-188-0x00007FF650160000-0x00007FF6504B4000-memory.dmp
memory/3668-185-0x00007FF74F310000-0x00007FF74F664000-memory.dmp
C:\Windows\System\lJeKKIv.exe
| MD5 | 4ff5b749dcb83e2cb01f6db9f7440c56 |
| SHA1 | 877ee49f9ba958b4b9c9a1f2e660fd769a67b1e2 |
| SHA256 | d15f74280c2223c9002f6dbd0f13390358f9e751ffa3c503b2eb304f37a79c57 |
| SHA512 | 9ce57c51b1284cd1676e822e8701444f6fe06e3cbbc14099a86fb28b301361158704a7d239ddb44dbf0aedc2abb4de4e9230828b6208301d96d55079b34f5262 |
memory/2868-176-0x00007FF768270000-0x00007FF7685C4000-memory.dmp
C:\Windows\System\JiPtgRz.exe
| MD5 | 76dc0affb33ac92c01948ae46a4d501a |
| SHA1 | ac76b45db2585c8da1761ce47d363420195313dc |
| SHA256 | 877f61a82b79c1157396cf2f663cd74f01ec1d7056926024c0874be45d6064a8 |
| SHA512 | 72d24cb1b6abdb538b8c0b16218924f686977ecd275027bdc9858e2b1a3e150546507b56c6673f46388d14f08c0bdb4879699afdc4912321fb46f4cbd5a9faaa |
memory/3132-1074-0x00007FF6C78F0000-0x00007FF6C7C44000-memory.dmp
C:\Windows\System\ybWKuNa.exe
| MD5 | ce178bd72ed852cee68a120a1b1fdee8 |
| SHA1 | 450b4db3f97e0fa9cf2857aacb158ac3998799fc |
| SHA256 | 09942dda717225533b45ca8503ef26ec7ce53502b28a59820843418dd9c55e48 |
| SHA512 | ac11f5d8bd6a4cdcaadc561628f8aa1e827b567dbb06f407fecd65c0ccc957413ba3aabab14edce8306016a228274a4e07c6e80f331f04c7c924977540fcd45f |
memory/1132-148-0x00007FF62DE70000-0x00007FF62E1C4000-memory.dmp
memory/3788-138-0x00007FF797EA0000-0x00007FF7981F4000-memory.dmp
memory/5092-122-0x00007FF660570000-0x00007FF6608C4000-memory.dmp
memory/1484-112-0x00007FF715920000-0x00007FF715C74000-memory.dmp
memory/4580-105-0x00007FF6F77F0000-0x00007FF6F7B44000-memory.dmp
C:\Windows\System\HOphxJK.exe
| MD5 | c86db0d47b23f7ee816e49bff9f2efcf |
| SHA1 | fa9bcb0060a4d1ab5506eb9c59f9fd9b9063c3b4 |
| SHA256 | 42dd2fd272eb778e8c9019e50fc289bb0cfc02a2e794fde8e21e1c6f66d1c4f4 |
| SHA512 | e5681099d8ecb2c4abfd74c3239c26e8f6043329549d4ecaf465cbd64f0a615ff70642600b43efe6400bc58ca540fc396e8c6e277ea5d600ccfdb420c1f88d17 |
C:\Windows\System\orGcNCT.exe
| MD5 | 127f4866c00e3ecb45b1d23b1d0c741c |
| SHA1 | bbd6a9cffc79a79bd90d816b9900c68bfca18543 |
| SHA256 | bcc97a96b21714501a1a73d093ecbf16bebdde5c4d96059fba2ad80c8b5330a5 |
| SHA512 | c7527a9f1edae2d067417b282065ad27153e8fbc1423f8998711e828f7b5c2f6434c8cd15eb1be193ec5e0e78c50d3413aca371edb5d76738fe331728ad68c91 |
memory/1824-96-0x00007FF76B7E0000-0x00007FF76BB34000-memory.dmp
C:\Windows\System\AechukS.exe
| MD5 | 363f3cb003d18317a2d8d77f54ccec03 |
| SHA1 | 2803668981d5da562348828d08e7c5d754e12f42 |
| SHA256 | 0387960456f46091de51d2deb0c577f8dccc9ca940f7c88b4cc37670f95ee371 |
| SHA512 | 601e4ca76fa093d875b7b19f4ad108c764c0af9f6e730c516b37383d030f46d3129c06ddee945b1fed7b9283a6237e7a7dcdd249fa6bd72b6442799a809aba4e |
C:\Windows\System\AechukS.exe
| MD5 | 0b4145c2cc110331e4da5e560102704d |
| SHA1 | c566b9a6ceb44b7f1c214b316c08f6bec9d9b2b1 |
| SHA256 | 45685ced1acb15c50a2e82577fa387cda30481d8f7a525239c32c5f5bf6e48b4 |
| SHA512 | abf913119d63f487a6aab21c7aef0828fd1abea0d0c9a3b66bf2a375882b42bf9f76fd9b59dbd74e92020f35616ebd4ca75dc1ea4b5b55a7e8ed17cc28d58dc6 |
memory/4504-70-0x00007FF78F480000-0x00007FF78F7D4000-memory.dmp
memory/3612-64-0x00007FF7BB960000-0x00007FF7BBCB4000-memory.dmp
memory/2872-59-0x00007FF60CE80000-0x00007FF60D1D4000-memory.dmp
C:\Windows\System\BTMWgNb.exe
| MD5 | 731b07d8bfa7d47f297c769e97a9a178 |
| SHA1 | ff684b7f64d9d88713c655ec0ba4806923378aec |
| SHA256 | b31b94b23cd69c936c0381cbce2375631dc5023f342415c04c2b2281f811fae4 |
| SHA512 | 31119fc677557846582cf15b90f46970f7de1bdfde2f8781987475ca25034d09371d9f7e51ae7418fa9ca5a1212ab1b05378b9f42d0c3fd8e616946564b5e68f |
memory/3688-54-0x00007FF72BE50000-0x00007FF72C1A4000-memory.dmp
memory/2812-37-0x00007FF77D960000-0x00007FF77DCB4000-memory.dmp
memory/4388-27-0x00007FF7E0F40000-0x00007FF7E1294000-memory.dmp
C:\Windows\System\qGDaaQy.exe
| MD5 | c82368624fc0cbc229c201ce1985bc94 |
| SHA1 | ee5f9762a48551b4aca0f410ce58ba6b3a31c5e7 |
| SHA256 | 931c951679eb1fb702111027aabfe5c2dbae5ee0133b51e3a18f5413cb866a95 |
| SHA512 | a02b7bbdc00adbf81d06cac9c2ff95404ee7daaf391f997518b816e211a80c24bef9f62cfffbf4467be156c5ab3f90c9c19fabf63f6e25a559ab78ca4191369f |
memory/1516-23-0x00007FF62DB50000-0x00007FF62DEA4000-memory.dmp
C:\Windows\System\iKMKFvv.exe
| MD5 | f1ec221f343a387bacb1541254cfea14 |
| SHA1 | 73563c39c5a25df3323788017c73f0f0aa6e4b2b |
| SHA256 | ec84a2b8b70fd7d90b72243eaedd064614567672f8091fcab4a99dc062196ee3 |
| SHA512 | 3a3443e10f99493614467d376f8921b08e04718d92dc155baabf57f2c1c1fdb925108795c3876c863666d9d8edbc34c288726dde8db357e262c70065ce31aab5 |
memory/688-9-0x00007FF6C9D10000-0x00007FF6CA064000-memory.dmp
memory/4824-1-0x00000276407A0000-0x00000276407B0000-memory.dmp
memory/4580-1076-0x00007FF6F77F0000-0x00007FF6F7B44000-memory.dmp
memory/1132-1078-0x00007FF62DE70000-0x00007FF62E1C4000-memory.dmp
memory/3788-1077-0x00007FF797EA0000-0x00007FF7981F4000-memory.dmp
memory/1824-1075-0x00007FF76B7E0000-0x00007FF76BB34000-memory.dmp
memory/1516-1081-0x00007FF62DB50000-0x00007FF62DEA4000-memory.dmp
memory/3992-1080-0x00007FF63F290000-0x00007FF63F5E4000-memory.dmp
memory/688-1079-0x00007FF6C9D10000-0x00007FF6CA064000-memory.dmp
memory/4388-1083-0x00007FF7E0F40000-0x00007FF7E1294000-memory.dmp
memory/2812-1084-0x00007FF77D960000-0x00007FF77DCB4000-memory.dmp
memory/4552-1082-0x00007FF6BA160000-0x00007FF6BA4B4000-memory.dmp
memory/3688-1087-0x00007FF72BE50000-0x00007FF72C1A4000-memory.dmp
memory/4504-1088-0x00007FF78F480000-0x00007FF78F7D4000-memory.dmp
memory/456-1089-0x00007FF6E3B50000-0x00007FF6E3EA4000-memory.dmp
memory/3612-1086-0x00007FF7BB960000-0x00007FF7BBCB4000-memory.dmp
memory/5048-1090-0x00007FF7E3B60000-0x00007FF7E3EB4000-memory.dmp
memory/2872-1085-0x00007FF60CE80000-0x00007FF60D1D4000-memory.dmp
memory/4580-1094-0x00007FF6F77F0000-0x00007FF6F7B44000-memory.dmp
memory/1824-1095-0x00007FF76B7E0000-0x00007FF76BB34000-memory.dmp
memory/2880-1096-0x00007FF791CC0000-0x00007FF792014000-memory.dmp
memory/3132-1093-0x00007FF6C78F0000-0x00007FF6C7C44000-memory.dmp
memory/1484-1092-0x00007FF715920000-0x00007FF715C74000-memory.dmp
memory/5092-1091-0x00007FF660570000-0x00007FF6608C4000-memory.dmp
memory/2868-1099-0x00007FF768270000-0x00007FF7685C4000-memory.dmp
memory/2252-1098-0x00007FF750A60000-0x00007FF750DB4000-memory.dmp
memory/1028-1102-0x00007FF650160000-0x00007FF6504B4000-memory.dmp
memory/3136-1107-0x00007FF650BE0000-0x00007FF650F34000-memory.dmp
memory/3788-1106-0x00007FF797EA0000-0x00007FF7981F4000-memory.dmp
memory/3240-1105-0x00007FF62E5B0000-0x00007FF62E904000-memory.dmp
memory/1132-1104-0x00007FF62DE70000-0x00007FF62E1C4000-memory.dmp
memory/4220-1103-0x00007FF6E6E70000-0x00007FF6E71C4000-memory.dmp
memory/792-1101-0x00007FF75E660000-0x00007FF75E9B4000-memory.dmp
memory/3668-1100-0x00007FF74F310000-0x00007FF74F664000-memory.dmp
memory/3232-1097-0x00007FF6AF810000-0x00007FF6AFB64000-memory.dmp