kpot | 48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28

Analysis

max time kernel
138s
max time network
148s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
20-06-2024 08:12

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe
Size

2.0MB
MD5

f6c3fb8900b7ae66a118ece7cf0a4810
SHA1

9cffe3556ab093d4f6fb0240ee6c53c830eb567d
SHA256

48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28
SHA512

a040641d6fa1197f50499a6abf97649846b89f3d3df775fa5b6c99d83ec6ea82b23f5f09bd87a6ad506167814e8a5065267847c8f9c775aae1217f4138504bde
SSDEEP

49152:BezaTF8FcNkNdfE0pZ9ozt4wIC5aIwC+Agr6StVEnmcvQv9u:BemTLkNdfE0pZrwP

Score

10^/10

kpot xmrig miner stealer trojan upx

Malware Config

Signatures

KPOT
KPOT is an information stealer that steals user data and account credentials.
trojan stealer kpot

KPOT Core Executable 32 IoCs

resource	yara_rule
behavioral1/files/0x000b000000015bb9-7.dat	family_kpot
behavioral1/files/0x0007000000015cdb-9.dat	family_kpot
behavioral1/files/0x0007000000015cec-30.dat	family_kpot
behavioral1/files/0x0007000000016c2e-47.dat	family_kpot
behavioral1/files/0x0006000000016ce1-68.dat	family_kpot
behavioral1/files/0x0006000000016cf5-78.dat	family_kpot
behavioral1/files/0x0006000000016d0e-93.dat	family_kpot
behavioral1/files/0x0006000000016d4b-126.dat	family_kpot
behavioral1/files/0x0006000000016f82-138.dat	family_kpot
behavioral1/files/0x0006000000017384-151.dat	family_kpot
behavioral1/files/0x0006000000017465-167.dat	family_kpot
behavioral1/files/0x0006000000017458-163.dat	family_kpot
behavioral1/files/0x0006000000017387-158.dat	family_kpot
behavioral1/files/0x0006000000017185-148.dat	family_kpot
behavioral1/files/0x0006000000017060-143.dat	family_kpot
behavioral1/files/0x0006000000016d67-134.dat	family_kpot
behavioral1/files/0x0006000000016d44-123.dat	family_kpot
behavioral1/files/0x0006000000016d40-118.dat	family_kpot
behavioral1/files/0x0006000000016d3b-114.dat	family_kpot
behavioral1/files/0x0006000000016d1f-103.dat	family_kpot
behavioral1/files/0x0006000000016d27-107.dat	family_kpot
behavioral1/files/0x0006000000016d17-98.dat	family_kpot
behavioral1/files/0x0006000000016d06-88.dat	family_kpot
behavioral1/files/0x0006000000016cfe-83.dat	family_kpot
behavioral1/files/0x0006000000016ced-73.dat	family_kpot
behavioral1/files/0x0006000000016cc9-63.dat	family_kpot
behavioral1/files/0x0006000000016cab-57.dat	family_kpot
behavioral1/files/0x0006000000016c7a-52.dat	family_kpot
behavioral1/files/0x0008000000015d6e-44.dat	family_kpot
behavioral1/files/0x0007000000015cf7-43.dat	family_kpot
behavioral1/files/0x0007000000015d06-31.dat	family_kpot
behavioral1/files/0x0038000000015ca5-6.dat	family_kpot

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 63 IoCs

miner

resource	yara_rule
behavioral1/memory/1924-2-0x000000013FC40000-0x000000013FF94000-memory.dmp	xmrig
behavioral1/files/0x000b000000015bb9-7.dat	xmrig
behavioral1/files/0x0007000000015cdb-9.dat	xmrig
behavioral1/memory/2332-18-0x000000013F510000-0x000000013F864000-memory.dmp	xmrig
behavioral1/files/0x0007000000015cec-30.dat	xmrig
behavioral1/memory/2516-37-0x000000013F3F0000-0x000000013F744000-memory.dmp	xmrig
behavioral1/files/0x0007000000016c2e-47.dat	xmrig
behavioral1/files/0x0006000000016ce1-68.dat	xmrig
behavioral1/files/0x0006000000016cf5-78.dat	xmrig
behavioral1/files/0x0006000000016d0e-93.dat	xmrig
behavioral1/files/0x0006000000016d4b-126.dat	xmrig
behavioral1/files/0x0006000000016f82-138.dat	xmrig
behavioral1/files/0x0006000000017384-151.dat	xmrig
behavioral1/memory/2152-719-0x000000013F4D0000-0x000000013F824000-memory.dmp	xmrig
behavioral1/memory/1940-748-0x000000013F0F0000-0x000000013F444000-memory.dmp	xmrig
behavioral1/memory/2656-743-0x000000013FD80000-0x00000001400D4000-memory.dmp	xmrig
behavioral1/memory/760-741-0x000000013F480000-0x000000013F7D4000-memory.dmp	xmrig
behavioral1/memory/2908-729-0x000000013F390000-0x000000013F6E4000-memory.dmp	xmrig
behavioral1/memory/2404-711-0x000000013F1C0000-0x000000013F514000-memory.dmp	xmrig
behavioral1/memory/2440-709-0x000000013FC60000-0x000000013FFB4000-memory.dmp	xmrig
behavioral1/memory/2156-706-0x000000013F110000-0x000000013F464000-memory.dmp	xmrig
behavioral1/memory/2580-701-0x000000013FD00000-0x0000000140054000-memory.dmp	xmrig
behavioral1/files/0x0006000000017465-167.dat	xmrig
behavioral1/files/0x0006000000017458-163.dat	xmrig
behavioral1/files/0x0006000000017387-158.dat	xmrig
behavioral1/files/0x0006000000017185-148.dat	xmrig
behavioral1/files/0x0006000000017060-143.dat	xmrig
behavioral1/files/0x0006000000016d67-134.dat	xmrig
behavioral1/files/0x0006000000016d44-123.dat	xmrig
behavioral1/files/0x0006000000016d40-118.dat	xmrig
behavioral1/files/0x0006000000016d3b-114.dat	xmrig
behavioral1/files/0x0006000000016d1f-103.dat	xmrig
behavioral1/files/0x0006000000016d27-107.dat	xmrig
behavioral1/files/0x0006000000016d17-98.dat	xmrig
behavioral1/files/0x0006000000016d06-88.dat	xmrig
behavioral1/files/0x0006000000016cfe-83.dat	xmrig
behavioral1/files/0x0006000000016ced-73.dat	xmrig
behavioral1/files/0x0006000000016cc9-63.dat	xmrig
behavioral1/files/0x0006000000016cab-57.dat	xmrig
behavioral1/files/0x0006000000016c7a-52.dat	xmrig
behavioral1/files/0x0008000000015d6e-44.dat	xmrig
behavioral1/files/0x0007000000015cf7-43.dat	xmrig
behavioral1/memory/2820-42-0x000000013FF40000-0x0000000140294000-memory.dmp	xmrig
behavioral1/memory/2608-38-0x000000013FE10000-0x0000000140164000-memory.dmp	xmrig
behavioral1/files/0x0007000000015d06-31.dat	xmrig
behavioral1/memory/2320-14-0x000000013FB90000-0x000000013FEE4000-memory.dmp	xmrig
behavioral1/files/0x0038000000015ca5-6.dat	xmrig
behavioral1/memory/1924-1069-0x000000013FC40000-0x000000013FF94000-memory.dmp	xmrig
behavioral1/memory/2580-1071-0x000000013FD00000-0x0000000140054000-memory.dmp	xmrig
behavioral1/memory/2320-1083-0x000000013FB90000-0x000000013FEE4000-memory.dmp	xmrig
behavioral1/memory/2332-1084-0x000000013F510000-0x000000013F864000-memory.dmp	xmrig
behavioral1/memory/2608-1087-0x000000013FE10000-0x0000000140164000-memory.dmp	xmrig
behavioral1/memory/2516-1086-0x000000013F3F0000-0x000000013F744000-memory.dmp	xmrig
behavioral1/memory/2820-1085-0x000000013FF40000-0x0000000140294000-memory.dmp	xmrig
behavioral1/memory/2404-1090-0x000000013F1C0000-0x000000013F514000-memory.dmp	xmrig
behavioral1/memory/1940-1091-0x000000013F0F0000-0x000000013F444000-memory.dmp	xmrig
behavioral1/memory/2908-1092-0x000000013F390000-0x000000013F6E4000-memory.dmp	xmrig
behavioral1/memory/760-1093-0x000000013F480000-0x000000013F7D4000-memory.dmp	xmrig
behavioral1/memory/2656-1094-0x000000013FD80000-0x00000001400D4000-memory.dmp	xmrig
behavioral1/memory/2440-1089-0x000000013FC60000-0x000000013FFB4000-memory.dmp	xmrig
behavioral1/memory/2156-1088-0x000000013F110000-0x000000013F464000-memory.dmp	xmrig
behavioral1/memory/2152-1095-0x000000013F4D0000-0x000000013F824000-memory.dmp	xmrig
behavioral1/memory/2580-1096-0x000000013FD00000-0x0000000140054000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2320	hzObRmV.exe
2332	vNcSlyw.exe
2516	SmFUzTo.exe
2608	uUCacof.exe
2820	vgqAWGN.exe
2580	mYvCUYY.exe
1940	SfbRVsr.exe
2156	arpxZZE.exe
2440	yBTdcRI.exe
2404	anSmohW.exe
2152	TrIgmvl.exe
2908	cYzWwEg.exe
760	MsKdUBW.exe
2656	gBjOxQA.exe
2660	lvCaPIW.exe
2732	XVnwDwx.exe
2764	GEHyQcg.exe
2128	BudkRyF.exe
280	uHRhLXV.exe
1836	ZEhwfDk.exe
1660	sVHKEvB.exe
852	doTAijP.exe
848	gADXOoD.exe
1168	qCEisAB.exe
2304	EFIluFx.exe
2196	mWRkzvF.exe
2088	CABKUmR.exe
2244	JMqkLkH.exe
676	lAgMolj.exe
1052	jKqjaOa.exe
1564	zGebJaa.exe
1704	Ptzllzo.exe
1904	gIDNwGR.exe
1132	kWHnhIV.exe
1944	RdyuyWl.exe
2108	ZvOWNUD.exe
2352	QQXVMaj.exe
2988	guvnlbK.exe
2956	VvFCViW.exe
992	ToADmZn.exe
1692	KMTzRVM.exe
1500	IgdKIaU.exe
1276	OxCvEeD.exe
2300	LwusVjC.exe
240	wIOwiUQ.exe
1616	BeumArl.exe
768	mOZRuNv.exe
2960	yzrDQdF.exe
2252	ktHfgak.exe
1860	DMdqrhP.exe
2832	DUskxYw.exe
2600	NpoYmAv.exe
1224	SKHNJqd.exe
3048	ajQWGbM.exe
888	frsBUGg.exe
764	oVAIzqP.exe
2296	GgdSGbR.exe
2708	BEElbuO.exe
1528	FcXNHue.exe
2804	tFnssop.exe
2400	bRRTXdR.exe
2604	VenUPAd.exe
2492	gewAhDs.exe
2448	eGVycXE.exe

Loads dropped DLL 64 IoCs

pid	Process
1924	48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe
1924	48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe
1924	48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe
1924	48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe
1924	48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe
1924	48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe
1924	48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe
1924	48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe
1924	48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe
1924	48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe
1924	48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe
1924	48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe
1924	48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe
1924	48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe
1924	48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe
1924	48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe
1924	48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe
1924	48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe
1924	48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe
1924	48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe
1924	48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe
1924	48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe
1924	48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe
1924	48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe
1924	48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe
1924	48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe
1924	48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe
1924	48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe
1924	48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe
1924	48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe
1924	48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe
1924	48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe
1924	48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe
1924	48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe
1924	48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe
1924	48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe
1924	48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe
1924	48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe
1924	48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe
1924	48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe
1924	48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe
1924	48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe
1924	48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe
1924	48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe
1924	48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe
1924	48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe
1924	48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe
1924	48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe
1924	48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe
1924	48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe
1924	48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe
1924	48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe
1924	48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe
1924	48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe
1924	48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe
1924	48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe
1924	48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe
1924	48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe
1924	48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe
1924	48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe
1924	48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe
1924	48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe
1924	48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe
1924	48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe

UPX packed file 63 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1924-2-0x000000013FC40000-0x000000013FF94000-memory.dmp	upx
behavioral1/files/0x000b000000015bb9-7.dat	upx
behavioral1/files/0x0007000000015cdb-9.dat	upx
behavioral1/memory/2332-18-0x000000013F510000-0x000000013F864000-memory.dmp	upx
behavioral1/files/0x0007000000015cec-30.dat	upx
behavioral1/memory/2516-37-0x000000013F3F0000-0x000000013F744000-memory.dmp	upx
behavioral1/files/0x0007000000016c2e-47.dat	upx
behavioral1/files/0x0006000000016ce1-68.dat	upx
behavioral1/files/0x0006000000016cf5-78.dat	upx
behavioral1/files/0x0006000000016d0e-93.dat	upx
behavioral1/files/0x0006000000016d4b-126.dat	upx
behavioral1/files/0x0006000000016f82-138.dat	upx
behavioral1/files/0x0006000000017384-151.dat	upx
behavioral1/memory/2152-719-0x000000013F4D0000-0x000000013F824000-memory.dmp	upx
behavioral1/memory/1940-748-0x000000013F0F0000-0x000000013F444000-memory.dmp	upx
behavioral1/memory/2656-743-0x000000013FD80000-0x00000001400D4000-memory.dmp	upx
behavioral1/memory/760-741-0x000000013F480000-0x000000013F7D4000-memory.dmp	upx
behavioral1/memory/2908-729-0x000000013F390000-0x000000013F6E4000-memory.dmp	upx
behavioral1/memory/2404-711-0x000000013F1C0000-0x000000013F514000-memory.dmp	upx
behavioral1/memory/2440-709-0x000000013FC60000-0x000000013FFB4000-memory.dmp	upx
behavioral1/memory/2156-706-0x000000013F110000-0x000000013F464000-memory.dmp	upx
behavioral1/memory/2580-701-0x000000013FD00000-0x0000000140054000-memory.dmp	upx
behavioral1/files/0x0006000000017465-167.dat	upx
behavioral1/files/0x0006000000017458-163.dat	upx
behavioral1/files/0x0006000000017387-158.dat	upx
behavioral1/files/0x0006000000017185-148.dat	upx
behavioral1/files/0x0006000000017060-143.dat	upx
behavioral1/files/0x0006000000016d67-134.dat	upx
behavioral1/files/0x0006000000016d44-123.dat	upx
behavioral1/files/0x0006000000016d40-118.dat	upx
behavioral1/files/0x0006000000016d3b-114.dat	upx
behavioral1/files/0x0006000000016d1f-103.dat	upx
behavioral1/files/0x0006000000016d27-107.dat	upx
behavioral1/files/0x0006000000016d17-98.dat	upx
behavioral1/files/0x0006000000016d06-88.dat	upx
behavioral1/files/0x0006000000016cfe-83.dat	upx
behavioral1/files/0x0006000000016ced-73.dat	upx
behavioral1/files/0x0006000000016cc9-63.dat	upx
behavioral1/files/0x0006000000016cab-57.dat	upx
behavioral1/files/0x0006000000016c7a-52.dat	upx
behavioral1/files/0x0008000000015d6e-44.dat	upx
behavioral1/files/0x0007000000015cf7-43.dat	upx
behavioral1/memory/2820-42-0x000000013FF40000-0x0000000140294000-memory.dmp	upx
behavioral1/memory/2608-38-0x000000013FE10000-0x0000000140164000-memory.dmp	upx
behavioral1/files/0x0007000000015d06-31.dat	upx
behavioral1/memory/2320-14-0x000000013FB90000-0x000000013FEE4000-memory.dmp	upx
behavioral1/files/0x0038000000015ca5-6.dat	upx
behavioral1/memory/1924-1069-0x000000013FC40000-0x000000013FF94000-memory.dmp	upx
behavioral1/memory/2580-1071-0x000000013FD00000-0x0000000140054000-memory.dmp	upx
behavioral1/memory/2320-1083-0x000000013FB90000-0x000000013FEE4000-memory.dmp	upx
behavioral1/memory/2332-1084-0x000000013F510000-0x000000013F864000-memory.dmp	upx
behavioral1/memory/2608-1087-0x000000013FE10000-0x0000000140164000-memory.dmp	upx
behavioral1/memory/2516-1086-0x000000013F3F0000-0x000000013F744000-memory.dmp	upx
behavioral1/memory/2820-1085-0x000000013FF40000-0x0000000140294000-memory.dmp	upx
behavioral1/memory/2404-1090-0x000000013F1C0000-0x000000013F514000-memory.dmp	upx
behavioral1/memory/1940-1091-0x000000013F0F0000-0x000000013F444000-memory.dmp	upx
behavioral1/memory/2908-1092-0x000000013F390000-0x000000013F6E4000-memory.dmp	upx
behavioral1/memory/760-1093-0x000000013F480000-0x000000013F7D4000-memory.dmp	upx
behavioral1/memory/2656-1094-0x000000013FD80000-0x00000001400D4000-memory.dmp	upx
behavioral1/memory/2440-1089-0x000000013FC60000-0x000000013FFB4000-memory.dmp	upx
behavioral1/memory/2156-1088-0x000000013F110000-0x000000013F464000-memory.dmp	upx
behavioral1/memory/2152-1095-0x000000013F4D0000-0x000000013F824000-memory.dmp	upx
behavioral1/memory/2580-1096-0x000000013FD00000-0x0000000140054000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\EFIluFx.exe	48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe
File created	C:\Windows\System\YNyRemr.exe	48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe
File created	C:\Windows\System\aYbSwTA.exe	48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe
File created	C:\Windows\System\ggNiqgj.exe	48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe
File created	C:\Windows\System\tTLWBas.exe	48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe
File created	C:\Windows\System\GzjPAdI.exe	48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe
File created	C:\Windows\System\HtyNaAe.exe	48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe
File created	C:\Windows\System\eGVycXE.exe	48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe
File created	C:\Windows\System\qqvArGG.exe	48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe
File created	C:\Windows\System\xeCznny.exe	48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe
File created	C:\Windows\System\nOFPejx.exe	48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe
File created	C:\Windows\System\DtrYfxq.exe	48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe
File created	C:\Windows\System\jDJSXvq.exe	48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe
File created	C:\Windows\System\OSivjEW.exe	48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe
File created	C:\Windows\System\FqVjuYW.exe	48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe
File created	C:\Windows\System\YuicHqL.exe	48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe
File created	C:\Windows\System\YgWIYTF.exe	48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe
File created	C:\Windows\System\eCMytlg.exe	48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe
File created	C:\Windows\System\gXYGYji.exe	48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe
File created	C:\Windows\System\LHJjagb.exe	48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe
File created	C:\Windows\System\ZcbVKwQ.exe	48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe
File created	C:\Windows\System\GysnuCX.exe	48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe
File created	C:\Windows\System\efliPoU.exe	48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe
File created	C:\Windows\System\TzSauFE.exe	48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe
File created	C:\Windows\System\MLhvmbn.exe	48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe
File created	C:\Windows\System\ESgzYoP.exe	48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe
File created	C:\Windows\System\vuwsqSD.exe	48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe
File created	C:\Windows\System\lUmXcnD.exe	48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe
File created	C:\Windows\System\MpcgiMM.exe	48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe
File created	C:\Windows\System\txJNsYp.exe	48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe
File created	C:\Windows\System\LwusVjC.exe	48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe
File created	C:\Windows\System\yekUdUh.exe	48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe
File created	C:\Windows\System\MXILeML.exe	48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe
File created	C:\Windows\System\ZYheAnU.exe	48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe
File created	C:\Windows\System\uGhpGpX.exe	48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe
File created	C:\Windows\System\wadYMiX.exe	48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe
File created	C:\Windows\System\cYzWwEg.exe	48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe
File created	C:\Windows\System\UHhXowX.exe	48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe
File created	C:\Windows\System\vqIftXS.exe	48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe
File created	C:\Windows\System\EcVnzpa.exe	48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe
File created	C:\Windows\System\tINiKcj.exe	48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe
File created	C:\Windows\System\xgSgiIY.exe	48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe
File created	C:\Windows\System\anSmohW.exe	48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe
File created	C:\Windows\System\CABKUmR.exe	48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe
File created	C:\Windows\System\LWegJtw.exe	48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe
File created	C:\Windows\System\zCjSKDe.exe	48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe
File created	C:\Windows\System\lWJHPTT.exe	48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe
File created	C:\Windows\System\emMBgLG.exe	48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe
File created	C:\Windows\System\mYvCUYY.exe	48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe
File created	C:\Windows\System\guvnlbK.exe	48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe
File created	C:\Windows\System\uzeEOJk.exe	48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe
File created	C:\Windows\System\tXtFkqs.exe	48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe
File created	C:\Windows\System\EkzCdqt.exe	48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe
File created	C:\Windows\System\fojxQzF.exe	48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe
File created	C:\Windows\System\HsgHVsk.exe	48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe
File created	C:\Windows\System\YNXAZig.exe	48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe
File created	C:\Windows\System\sVHKEvB.exe	48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe
File created	C:\Windows\System\frsBUGg.exe	48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe
File created	C:\Windows\System\sudcGfW.exe	48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe
File created	C:\Windows\System\lnlZWhv.exe	48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe
File created	C:\Windows\System\ZeaJQYR.exe	48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe
File created	C:\Windows\System\ZEhwfDk.exe	48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe
File created	C:\Windows\System\qCEisAB.exe	48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe
File created	C:\Windows\System\FcXNHue.exe	48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeLockMemoryPrivilege	1924	48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe
Token: SeLockMemoryPrivilege	1924	48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1924 wrote to memory of 2320	1924	48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe	29
PID 1924 wrote to memory of 2320	1924	48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe	29
PID 1924 wrote to memory of 2320	1924	48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe	29
PID 1924 wrote to memory of 2332	1924	48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe	30
PID 1924 wrote to memory of 2332	1924	48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe	30
PID 1924 wrote to memory of 2332	1924	48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe	30
PID 1924 wrote to memory of 2516	1924	48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe	31
PID 1924 wrote to memory of 2516	1924	48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe	31
PID 1924 wrote to memory of 2516	1924	48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe	31
PID 1924 wrote to memory of 2608	1924	48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe	32
PID 1924 wrote to memory of 2608	1924	48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe	32
PID 1924 wrote to memory of 2608	1924	48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe	32
PID 1924 wrote to memory of 2580	1924	48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe	33
PID 1924 wrote to memory of 2580	1924	48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe	33
PID 1924 wrote to memory of 2580	1924	48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe	33
PID 1924 wrote to memory of 2820	1924	48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe	34
PID 1924 wrote to memory of 2820	1924	48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe	34
PID 1924 wrote to memory of 2820	1924	48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe	34
PID 1924 wrote to memory of 1940	1924	48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe	35
PID 1924 wrote to memory of 1940	1924	48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe	35
PID 1924 wrote to memory of 1940	1924	48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe	35
PID 1924 wrote to memory of 2156	1924	48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe	36
PID 1924 wrote to memory of 2156	1924	48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe	36
PID 1924 wrote to memory of 2156	1924	48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe	36
PID 1924 wrote to memory of 2440	1924	48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe	37
PID 1924 wrote to memory of 2440	1924	48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe	37
PID 1924 wrote to memory of 2440	1924	48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe	37
PID 1924 wrote to memory of 2404	1924	48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe	38
PID 1924 wrote to memory of 2404	1924	48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe	38
PID 1924 wrote to memory of 2404	1924	48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe	38
PID 1924 wrote to memory of 2152	1924	48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe	39
PID 1924 wrote to memory of 2152	1924	48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe	39
PID 1924 wrote to memory of 2152	1924	48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe	39
PID 1924 wrote to memory of 2908	1924	48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe	40
PID 1924 wrote to memory of 2908	1924	48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe	40
PID 1924 wrote to memory of 2908	1924	48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe	40
PID 1924 wrote to memory of 760	1924	48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe	41
PID 1924 wrote to memory of 760	1924	48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe	41
PID 1924 wrote to memory of 760	1924	48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe	41
PID 1924 wrote to memory of 2656	1924	48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe	42
PID 1924 wrote to memory of 2656	1924	48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe	42
PID 1924 wrote to memory of 2656	1924	48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe	42
PID 1924 wrote to memory of 2660	1924	48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe	43
PID 1924 wrote to memory of 2660	1924	48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe	43
PID 1924 wrote to memory of 2660	1924	48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe	43
PID 1924 wrote to memory of 2732	1924	48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe	44
PID 1924 wrote to memory of 2732	1924	48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe	44
PID 1924 wrote to memory of 2732	1924	48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe	44
PID 1924 wrote to memory of 2764	1924	48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe	45
PID 1924 wrote to memory of 2764	1924	48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe	45
PID 1924 wrote to memory of 2764	1924	48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe	45
PID 1924 wrote to memory of 2128	1924	48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe	46
PID 1924 wrote to memory of 2128	1924	48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe	46
PID 1924 wrote to memory of 2128	1924	48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe	46
PID 1924 wrote to memory of 280	1924	48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe	47
PID 1924 wrote to memory of 280	1924	48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe	47
PID 1924 wrote to memory of 280	1924	48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe	47
PID 1924 wrote to memory of 1836	1924	48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe	48
PID 1924 wrote to memory of 1836	1924	48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe	48
PID 1924 wrote to memory of 1836	1924	48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe	48
PID 1924 wrote to memory of 1660	1924	48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe	49
PID 1924 wrote to memory of 1660	1924	48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe	49
PID 1924 wrote to memory of 1660	1924	48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe	49
PID 1924 wrote to memory of 852	1924	48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe	50

C:\Users\Admin\AppData\Local\Temp\48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\48fedb9e1224cb4a2adc93a3787652a2920f8fbb6fa5277435e933b995a9fe28_NeikiAnalytics.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1924
- C:\Windows\System\hzObRmV.exe
  C:\Windows\System\hzObRmV.exe
  2⤵
  - Executes dropped EXE
  PID:2320
- C:\Windows\System\vNcSlyw.exe
  C:\Windows\System\vNcSlyw.exe
  2⤵
  - Executes dropped EXE
  PID:2332
- C:\Windows\System\SmFUzTo.exe
  C:\Windows\System\SmFUzTo.exe
  2⤵
  - Executes dropped EXE
  PID:2516
- C:\Windows\System\uUCacof.exe
  C:\Windows\System\uUCacof.exe
  2⤵
  - Executes dropped EXE
  PID:2608
- C:\Windows\System\mYvCUYY.exe
  C:\Windows\System\mYvCUYY.exe
  2⤵
  - Executes dropped EXE
  PID:2580
- C:\Windows\System\vgqAWGN.exe
  C:\Windows\System\vgqAWGN.exe
  2⤵
  - Executes dropped EXE
  PID:2820
- C:\Windows\System\SfbRVsr.exe
  C:\Windows\System\SfbRVsr.exe
  2⤵
  - Executes dropped EXE
  PID:1940
- C:\Windows\System\arpxZZE.exe
  C:\Windows\System\arpxZZE.exe
  2⤵
  - Executes dropped EXE
  PID:2156
- C:\Windows\System\yBTdcRI.exe
  C:\Windows\System\yBTdcRI.exe
  2⤵
  - Executes dropped EXE
  PID:2440
- C:\Windows\System\anSmohW.exe
  C:\Windows\System\anSmohW.exe
  2⤵
  - Executes dropped EXE
  PID:2404
- C:\Windows\System\TrIgmvl.exe
  C:\Windows\System\TrIgmvl.exe
  2⤵
  - Executes dropped EXE
  PID:2152
- C:\Windows\System\cYzWwEg.exe
  C:\Windows\System\cYzWwEg.exe
  2⤵
  - Executes dropped EXE
  PID:2908
- C:\Windows\System\MsKdUBW.exe
  C:\Windows\System\MsKdUBW.exe
  2⤵
  - Executes dropped EXE
  PID:760
- C:\Windows\System\gBjOxQA.exe
  C:\Windows\System\gBjOxQA.exe
  2⤵
  - Executes dropped EXE
  PID:2656
- C:\Windows\System\lvCaPIW.exe
  C:\Windows\System\lvCaPIW.exe
  2⤵
  - Executes dropped EXE
  PID:2660
- C:\Windows\System\XVnwDwx.exe
  C:\Windows\System\XVnwDwx.exe
  2⤵
  - Executes dropped EXE
  PID:2732
- C:\Windows\System\GEHyQcg.exe
  C:\Windows\System\GEHyQcg.exe
  2⤵
  - Executes dropped EXE
  PID:2764
- C:\Windows\System\BudkRyF.exe
  C:\Windows\System\BudkRyF.exe
  2⤵
  - Executes dropped EXE
  PID:2128
- C:\Windows\System\uHRhLXV.exe
  C:\Windows\System\uHRhLXV.exe
  2⤵
  - Executes dropped EXE
  PID:280
- C:\Windows\System\ZEhwfDk.exe
  C:\Windows\System\ZEhwfDk.exe
  2⤵
  - Executes dropped EXE
  PID:1836
- C:\Windows\System\sVHKEvB.exe
  C:\Windows\System\sVHKEvB.exe
  2⤵
  - Executes dropped EXE
  PID:1660
- C:\Windows\System\doTAijP.exe
  C:\Windows\System\doTAijP.exe
  2⤵
  - Executes dropped EXE
  PID:852
- C:\Windows\System\gADXOoD.exe
  C:\Windows\System\gADXOoD.exe
  2⤵
  - Executes dropped EXE
  PID:848
- C:\Windows\System\qCEisAB.exe
  C:\Windows\System\qCEisAB.exe
  2⤵
  - Executes dropped EXE
  PID:1168
- C:\Windows\System\EFIluFx.exe
  C:\Windows\System\EFIluFx.exe
  2⤵
  - Executes dropped EXE
  PID:2304
- C:\Windows\System\mWRkzvF.exe
  C:\Windows\System\mWRkzvF.exe
  2⤵
  - Executes dropped EXE
  PID:2196
- C:\Windows\System\CABKUmR.exe
  C:\Windows\System\CABKUmR.exe
  2⤵
  - Executes dropped EXE
  PID:2088
- C:\Windows\System\JMqkLkH.exe
  C:\Windows\System\JMqkLkH.exe
  2⤵
  - Executes dropped EXE
  PID:2244
- C:\Windows\System\lAgMolj.exe
  C:\Windows\System\lAgMolj.exe
  2⤵
  - Executes dropped EXE
  PID:676
- C:\Windows\System\jKqjaOa.exe
  C:\Windows\System\jKqjaOa.exe
  2⤵
  - Executes dropped EXE
  PID:1052
- C:\Windows\System\zGebJaa.exe
  C:\Windows\System\zGebJaa.exe
  2⤵
  - Executes dropped EXE
  PID:1564
- C:\Windows\System\Ptzllzo.exe
  C:\Windows\System\Ptzllzo.exe
  2⤵
  - Executes dropped EXE
  PID:1704
- C:\Windows\System\gIDNwGR.exe
  C:\Windows\System\gIDNwGR.exe
  2⤵
  - Executes dropped EXE
  PID:1904
- C:\Windows\System\kWHnhIV.exe
  C:\Windows\System\kWHnhIV.exe
  2⤵
  - Executes dropped EXE
  PID:1132
- C:\Windows\System\RdyuyWl.exe
  C:\Windows\System\RdyuyWl.exe
  2⤵
  - Executes dropped EXE
  PID:1944
- C:\Windows\System\ZvOWNUD.exe
  C:\Windows\System\ZvOWNUD.exe
  2⤵
  - Executes dropped EXE
  PID:2108
- C:\Windows\System\QQXVMaj.exe
  C:\Windows\System\QQXVMaj.exe
  2⤵
  - Executes dropped EXE
  PID:2352
- C:\Windows\System\guvnlbK.exe
  C:\Windows\System\guvnlbK.exe
  2⤵
  - Executes dropped EXE
  PID:2988
- C:\Windows\System\VvFCViW.exe
  C:\Windows\System\VvFCViW.exe
  2⤵
  - Executes dropped EXE
  PID:2956
- C:\Windows\System\ToADmZn.exe
  C:\Windows\System\ToADmZn.exe
  2⤵
  - Executes dropped EXE
  PID:992
- C:\Windows\System\KMTzRVM.exe
  C:\Windows\System\KMTzRVM.exe
  2⤵
  - Executes dropped EXE
  PID:1692
- C:\Windows\System\IgdKIaU.exe
  C:\Windows\System\IgdKIaU.exe
  2⤵
  - Executes dropped EXE
  PID:1500
- C:\Windows\System\OxCvEeD.exe
  C:\Windows\System\OxCvEeD.exe
  2⤵
  - Executes dropped EXE
  PID:1276
- C:\Windows\System\LwusVjC.exe
  C:\Windows\System\LwusVjC.exe
  2⤵
  - Executes dropped EXE
  PID:2300
- C:\Windows\System\wIOwiUQ.exe
  C:\Windows\System\wIOwiUQ.exe
  2⤵
  - Executes dropped EXE
  PID:240
- C:\Windows\System\BeumArl.exe
  C:\Windows\System\BeumArl.exe
  2⤵
  - Executes dropped EXE
  PID:1616
- C:\Windows\System\mOZRuNv.exe
  C:\Windows\System\mOZRuNv.exe
  2⤵
  - Executes dropped EXE
  PID:768
- C:\Windows\System\yzrDQdF.exe
  C:\Windows\System\yzrDQdF.exe
  2⤵
  - Executes dropped EXE
  PID:2960
- C:\Windows\System\ktHfgak.exe
  C:\Windows\System\ktHfgak.exe
  2⤵
  - Executes dropped EXE
  PID:2252
- C:\Windows\System\DMdqrhP.exe
  C:\Windows\System\DMdqrhP.exe
  2⤵
  - Executes dropped EXE
  PID:1860
- C:\Windows\System\DUskxYw.exe
  C:\Windows\System\DUskxYw.exe
  2⤵
  - Executes dropped EXE
  PID:2832
- C:\Windows\System\NpoYmAv.exe
  C:\Windows\System\NpoYmAv.exe
  2⤵
  - Executes dropped EXE
  PID:2600
- C:\Windows\System\ajQWGbM.exe
  C:\Windows\System\ajQWGbM.exe
  2⤵
  - Executes dropped EXE
  PID:3048
- C:\Windows\System\SKHNJqd.exe
  C:\Windows\System\SKHNJqd.exe
  2⤵
  - Executes dropped EXE
  PID:1224
- C:\Windows\System\frsBUGg.exe
  C:\Windows\System\frsBUGg.exe
  2⤵
  - Executes dropped EXE
  PID:888
- C:\Windows\System\oVAIzqP.exe
  C:\Windows\System\oVAIzqP.exe
  2⤵
  - Executes dropped EXE
  PID:764
- C:\Windows\System\GgdSGbR.exe
  C:\Windows\System\GgdSGbR.exe
  2⤵
  - Executes dropped EXE
  PID:2296
- C:\Windows\System\BEElbuO.exe
  C:\Windows\System\BEElbuO.exe
  2⤵
  - Executes dropped EXE
  PID:2708
- C:\Windows\System\FcXNHue.exe
  C:\Windows\System\FcXNHue.exe
  2⤵
  - Executes dropped EXE
  PID:1528
- C:\Windows\System\tFnssop.exe
  C:\Windows\System\tFnssop.exe
  2⤵
  - Executes dropped EXE
  PID:2804
- C:\Windows\System\bRRTXdR.exe
  C:\Windows\System\bRRTXdR.exe
  2⤵
  - Executes dropped EXE
  PID:2400
- C:\Windows\System\VenUPAd.exe
  C:\Windows\System\VenUPAd.exe
  2⤵
  - Executes dropped EXE
  PID:2604
- C:\Windows\System\gewAhDs.exe
  C:\Windows\System\gewAhDs.exe
  2⤵
  - Executes dropped EXE
  PID:2492
- C:\Windows\System\eGVycXE.exe
  C:\Windows\System\eGVycXE.exe
  2⤵
  - Executes dropped EXE
  PID:2448
- C:\Windows\System\HDuxmpI.exe
  C:\Windows\System\HDuxmpI.exe
  2⤵
  PID:2388
- C:\Windows\System\QqSvKgh.exe
  C:\Windows\System\QqSvKgh.exe
  2⤵
  PID:2900
- C:\Windows\System\TzSauFE.exe
  C:\Windows\System\TzSauFE.exe
  2⤵
  PID:2120
- C:\Windows\System\QELANyb.exe
  C:\Windows\System\QELANyb.exe
  2⤵
  PID:2736
- C:\Windows\System\EiyQQLu.exe
  C:\Windows\System\EiyQQLu.exe
  2⤵
  PID:2760
- C:\Windows\System\FqVjuYW.exe
  C:\Windows\System\FqVjuYW.exe
  2⤵
  PID:1840
- C:\Windows\System\rYYAsGL.exe
  C:\Windows\System\rYYAsGL.exe
  2⤵
  PID:1832
- C:\Windows\System\KfXNqbx.exe
  C:\Windows\System\KfXNqbx.exe
  2⤵
  PID:2276
- C:\Windows\System\LWegJtw.exe
  C:\Windows\System\LWegJtw.exe
  2⤵
  PID:1212
- C:\Windows\System\LwdpGYk.exe
  C:\Windows\System\LwdpGYk.exe
  2⤵
  PID:2968
- C:\Windows\System\zCjSKDe.exe
  C:\Windows\System\zCjSKDe.exe
  2⤵
  PID:2616
- C:\Windows\System\oxGaxta.exe
  C:\Windows\System\oxGaxta.exe
  2⤵
  PID:2224
- C:\Windows\System\UHFtIVI.exe
  C:\Windows\System\UHFtIVI.exe
  2⤵
  PID:788
- C:\Windows\System\UeExMqi.exe
  C:\Windows\System\UeExMqi.exe
  2⤵
  PID:1768
- C:\Windows\System\qqvArGG.exe
  C:\Windows\System\qqvArGG.exe
  2⤵
  PID:920
- C:\Windows\System\JRwijvE.exe
  C:\Windows\System\JRwijvE.exe
  2⤵
  PID:1900
- C:\Windows\System\yDZntkX.exe
  C:\Windows\System\yDZntkX.exe
  2⤵
  PID:840
- C:\Windows\System\TXCskhA.exe
  C:\Windows\System\TXCskhA.exe
  2⤵
  PID:2984
- C:\Windows\System\sudcGfW.exe
  C:\Windows\System\sudcGfW.exe
  2⤵
  PID:1196
- C:\Windows\System\fxCnmnb.exe
  C:\Windows\System\fxCnmnb.exe
  2⤵
  PID:884
- C:\Windows\System\ohyGeAZ.exe
  C:\Windows\System\ohyGeAZ.exe
  2⤵
  PID:404
- C:\Windows\System\BRkKSVI.exe
  C:\Windows\System\BRkKSVI.exe
  2⤵
  PID:964
- C:\Windows\System\nmfWeUt.exe
  C:\Windows\System\nmfWeUt.exe
  2⤵
  PID:2248
- C:\Windows\System\COPkMnc.exe
  C:\Windows\System\COPkMnc.exe
  2⤵
  PID:2316
- C:\Windows\System\YuicHqL.exe
  C:\Windows\System\YuicHqL.exe
  2⤵
  PID:2084
- C:\Windows\System\xQGHEDr.exe
  C:\Windows\System\xQGHEDr.exe
  2⤵
  PID:1936
- C:\Windows\System\vwVfgDW.exe
  C:\Windows\System\vwVfgDW.exe
  2⤵
  PID:1624
- C:\Windows\System\rOUbQhj.exe
  C:\Windows\System\rOUbQhj.exe
  2⤵
  PID:1180
- C:\Windows\System\FnovadD.exe
  C:\Windows\System\FnovadD.exe
  2⤵
  PID:3008
- C:\Windows\System\SnReSEB.exe
  C:\Windows\System\SnReSEB.exe
  2⤵
  PID:1532
- C:\Windows\System\GliHxoi.exe
  C:\Windows\System\GliHxoi.exe
  2⤵
  PID:1912
- C:\Windows\System\rRwdLFZ.exe
  C:\Windows\System\rRwdLFZ.exe
  2⤵
  PID:2916
- C:\Windows\System\nNNLXfe.exe
  C:\Windows\System\nNNLXfe.exe
  2⤵
  PID:2592
- C:\Windows\System\UpPMZtW.exe
  C:\Windows\System\UpPMZtW.exe
  2⤵
  PID:2468
- C:\Windows\System\YgWIYTF.exe
  C:\Windows\System\YgWIYTF.exe
  2⤵
  PID:2620
- C:\Windows\System\UHhXowX.exe
  C:\Windows\System\UHhXowX.exe
  2⤵
  PID:2568
- C:\Windows\System\CavIRNn.exe
  C:\Windows\System\CavIRNn.exe
  2⤵
  PID:1728
- C:\Windows\System\QsMeWHy.exe
  C:\Windows\System\QsMeWHy.exe
  2⤵
  PID:1236
- C:\Windows\System\YnejwdK.exe
  C:\Windows\System\YnejwdK.exe
  2⤵
  PID:2280
- C:\Windows\System\OroHGuO.exe
  C:\Windows\System\OroHGuO.exe
  2⤵
  PID:1828
- C:\Windows\System\RzCDlZB.exe
  C:\Windows\System\RzCDlZB.exe
  2⤵
  PID:2200
- C:\Windows\System\GhVffKL.exe
  C:\Windows\System\GhVffKL.exe
  2⤵
  PID:560
- C:\Windows\System\agKfQDJ.exe
  C:\Windows\System\agKfQDJ.exe
  2⤵
  PID:1476
- C:\Windows\System\aURRukp.exe
  C:\Windows\System\aURRukp.exe
  2⤵
  PID:1128
- C:\Windows\System\uxINMCS.exe
  C:\Windows\System\uxINMCS.exe
  2⤵
  PID:860
- C:\Windows\System\cNfLfVI.exe
  C:\Windows\System\cNfLfVI.exe
  2⤵
  PID:968
- C:\Windows\System\IzMCVAi.exe
  C:\Windows\System\IzMCVAi.exe
  2⤵
  PID:892
- C:\Windows\System\EQdTYtl.exe
  C:\Windows\System\EQdTYtl.exe
  2⤵
  PID:2080
- C:\Windows\System\xeCznny.exe
  C:\Windows\System\xeCznny.exe
  2⤵
  PID:2052
- C:\Windows\System\zuZOxOm.exe
  C:\Windows\System\zuZOxOm.exe
  2⤵
  PID:1584
- C:\Windows\System\jtuIPro.exe
  C:\Windows\System\jtuIPro.exe
  2⤵
  PID:2588
- C:\Windows\System\jSDiHel.exe
  C:\Windows\System\jSDiHel.exe
  2⤵
  PID:1496
- C:\Windows\System\bMTkkCh.exe
  C:\Windows\System\bMTkkCh.exe
  2⤵
  PID:1524
- C:\Windows\System\ncRLLmJ.exe
  C:\Windows\System\ncRLLmJ.exe
  2⤵
  PID:1716
- C:\Windows\System\BUvqQlC.exe
  C:\Windows\System\BUvqQlC.exe
  2⤵
  PID:2396
- C:\Windows\System\nLFfmIC.exe
  C:\Windows\System\nLFfmIC.exe
  2⤵
  PID:2752
- C:\Windows\System\oMqCvMP.exe
  C:\Windows\System\oMqCvMP.exe
  2⤵
  PID:1648
- C:\Windows\System\nOFPejx.exe
  C:\Windows\System\nOFPejx.exe
  2⤵
  PID:1708
- C:\Windows\System\ukwpzUQ.exe
  C:\Windows\System\ukwpzUQ.exe
  2⤵
  PID:1684
- C:\Windows\System\nSMtleF.exe
  C:\Windows\System\nSMtleF.exe
  2⤵
  PID:1016
- C:\Windows\System\ZqknFLB.exe
  C:\Windows\System\ZqknFLB.exe
  2⤵
  PID:3092
- C:\Windows\System\qynIrPx.exe
  C:\Windows\System\qynIrPx.exe
  2⤵
  PID:3108
- C:\Windows\System\kmNrwbP.exe
  C:\Windows\System\kmNrwbP.exe
  2⤵
  PID:3128
- C:\Windows\System\fpaIqWG.exe
  C:\Windows\System\fpaIqWG.exe
  2⤵
  PID:3148
- C:\Windows\System\ExdSjYP.exe
  C:\Windows\System\ExdSjYP.exe
  2⤵
  PID:3168
- C:\Windows\System\yekUdUh.exe
  C:\Windows\System\yekUdUh.exe
  2⤵
  PID:3184
- C:\Windows\System\rMJUkQE.exe
  C:\Windows\System\rMJUkQE.exe
  2⤵
  PID:3204
- C:\Windows\System\YBPNGUR.exe
  C:\Windows\System\YBPNGUR.exe
  2⤵
  PID:3224
- C:\Windows\System\lfCOmCo.exe
  C:\Windows\System\lfCOmCo.exe
  2⤵
  PID:3264
- C:\Windows\System\WpzeemA.exe
  C:\Windows\System\WpzeemA.exe
  2⤵
  PID:3280
- C:\Windows\System\pHEeOVE.exe
  C:\Windows\System\pHEeOVE.exe
  2⤵
  PID:3300
- C:\Windows\System\SnuNtvg.exe
  C:\Windows\System\SnuNtvg.exe
  2⤵
  PID:3320
- C:\Windows\System\RYXRCxW.exe
  C:\Windows\System\RYXRCxW.exe
  2⤵
  PID:3344
- C:\Windows\System\xBmRSNR.exe
  C:\Windows\System\xBmRSNR.exe
  2⤵
  PID:3360
- C:\Windows\System\DtrYfxq.exe
  C:\Windows\System\DtrYfxq.exe
  2⤵
  PID:3380
- C:\Windows\System\roYAJhW.exe
  C:\Windows\System\roYAJhW.exe
  2⤵
  PID:3400
- C:\Windows\System\QmGqSix.exe
  C:\Windows\System\QmGqSix.exe
  2⤵
  PID:3416
- C:\Windows\System\iwcLObi.exe
  C:\Windows\System\iwcLObi.exe
  2⤵
  PID:3436
- C:\Windows\System\FfcMPrX.exe
  C:\Windows\System\FfcMPrX.exe
  2⤵
  PID:3456
- C:\Windows\System\CiXgYIC.exe
  C:\Windows\System\CiXgYIC.exe
  2⤵
  PID:3476
- C:\Windows\System\vVCPSeC.exe
  C:\Windows\System\vVCPSeC.exe
  2⤵
  PID:3492
- C:\Windows\System\lnlZWhv.exe
  C:\Windows\System\lnlZWhv.exe
  2⤵
  PID:3512
- C:\Windows\System\PkiPcYa.exe
  C:\Windows\System\PkiPcYa.exe
  2⤵
  PID:3532
- C:\Windows\System\Scehpbb.exe
  C:\Windows\System\Scehpbb.exe
  2⤵
  PID:3552
- C:\Windows\System\pWlKuPM.exe
  C:\Windows\System\pWlKuPM.exe
  2⤵
  PID:3572
- C:\Windows\System\MLhvmbn.exe
  C:\Windows\System\MLhvmbn.exe
  2⤵
  PID:3592
- C:\Windows\System\UpOEaHv.exe
  C:\Windows\System\UpOEaHv.exe
  2⤵
  PID:3612
- C:\Windows\System\mrqMeoW.exe
  C:\Windows\System\mrqMeoW.exe
  2⤵
  PID:3632
- C:\Windows\System\toiwlnB.exe
  C:\Windows\System\toiwlnB.exe
  2⤵
  PID:3652
- C:\Windows\System\fKPDohc.exe
  C:\Windows\System\fKPDohc.exe
  2⤵
  PID:3668
- C:\Windows\System\EkzCdqt.exe
  C:\Windows\System\EkzCdqt.exe
  2⤵
  PID:3704
- C:\Windows\System\YNyRemr.exe
  C:\Windows\System\YNyRemr.exe
  2⤵
  PID:3720
- C:\Windows\System\lWJHPTT.exe
  C:\Windows\System\lWJHPTT.exe
  2⤵
  PID:3740
- C:\Windows\System\vqIftXS.exe
  C:\Windows\System\vqIftXS.exe
  2⤵
  PID:3760
- C:\Windows\System\eCMytlg.exe
  C:\Windows\System\eCMytlg.exe
  2⤵
  PID:3784
- C:\Windows\System\MQypehl.exe
  C:\Windows\System\MQypehl.exe
  2⤵
  PID:3804
- C:\Windows\System\dDBDqQY.exe
  C:\Windows\System\dDBDqQY.exe
  2⤵
  PID:3824
- C:\Windows\System\jDJSXvq.exe
  C:\Windows\System\jDJSXvq.exe
  2⤵
  PID:3840
- C:\Windows\System\GzjPAdI.exe
  C:\Windows\System\GzjPAdI.exe
  2⤵
  PID:3864
- C:\Windows\System\VdvHPnT.exe
  C:\Windows\System\VdvHPnT.exe
  2⤵
  PID:3880
- C:\Windows\System\TPvhMGx.exe
  C:\Windows\System\TPvhMGx.exe
  2⤵
  PID:3900
- C:\Windows\System\dsQoYHq.exe
  C:\Windows\System\dsQoYHq.exe
  2⤵
  PID:3920
- C:\Windows\System\qpaCzXM.exe
  C:\Windows\System\qpaCzXM.exe
  2⤵
  PID:3944
- C:\Windows\System\IJyLoNt.exe
  C:\Windows\System\IJyLoNt.exe
  2⤵
  PID:3960
- C:\Windows\System\vQriCEH.exe
  C:\Windows\System\vQriCEH.exe
  2⤵
  PID:3980
- C:\Windows\System\DGrNUPG.exe
  C:\Windows\System\DGrNUPG.exe
  2⤵
  PID:4000
- C:\Windows\System\mbevTdf.exe
  C:\Windows\System\mbevTdf.exe
  2⤵
  PID:4024
- C:\Windows\System\LevpCMx.exe
  C:\Windows\System\LevpCMx.exe
  2⤵
  PID:4040
- C:\Windows\System\EqXKlCO.exe
  C:\Windows\System\EqXKlCO.exe
  2⤵
  PID:4056
- C:\Windows\System\ODKuiuw.exe
  C:\Windows\System\ODKuiuw.exe
  2⤵
  PID:4080
- C:\Windows\System\hFDJXzG.exe
  C:\Windows\System\hFDJXzG.exe
  2⤵
  PID:1656
- C:\Windows\System\twULbaF.exe
  C:\Windows\System\twULbaF.exe
  2⤵
  PID:2096
- C:\Windows\System\cEAqPPQ.exe
  C:\Windows\System\cEAqPPQ.exe
  2⤵
  PID:1412
- C:\Windows\System\DoHveBZ.exe
  C:\Windows\System\DoHveBZ.exe
  2⤵
  PID:2536
- C:\Windows\System\ElCzcTw.exe
  C:\Windows\System\ElCzcTw.exe
  2⤵
  PID:1392
- C:\Windows\System\ESgzYoP.exe
  C:\Windows\System\ESgzYoP.exe
  2⤵
  PID:1680
- C:\Windows\System\LQvvtua.exe
  C:\Windows\System\LQvvtua.exe
  2⤵
  PID:3012
- C:\Windows\System\KjPnNBG.exe
  C:\Windows\System\KjPnNBG.exe
  2⤵
  PID:3088
- C:\Windows\System\ZeaJQYR.exe
  C:\Windows\System\ZeaJQYR.exe
  2⤵
  PID:2292
- C:\Windows\System\JxXTbvn.exe
  C:\Windows\System\JxXTbvn.exe
  2⤵
  PID:276
- C:\Windows\System\ZqOIpEe.exe
  C:\Windows\System\ZqOIpEe.exe
  2⤵
  PID:2636
- C:\Windows\System\yvExzCg.exe
  C:\Windows\System\yvExzCg.exe
  2⤵
  PID:3200
- C:\Windows\System\jLqWdIp.exe
  C:\Windows\System\jLqWdIp.exe
  2⤵
  PID:3236
- C:\Windows\System\TkRcGbO.exe
  C:\Windows\System\TkRcGbO.exe
  2⤵
  PID:3252
- C:\Windows\System\vibzMsk.exe
  C:\Windows\System\vibzMsk.exe
  2⤵
  PID:3292
- C:\Windows\System\mLJnixa.exe
  C:\Windows\System\mLJnixa.exe
  2⤵
  PID:3332
- C:\Windows\System\hEhBapL.exe
  C:\Windows\System\hEhBapL.exe
  2⤵
  PID:3176
- C:\Windows\System\kgQTuDE.exe
  C:\Windows\System\kgQTuDE.exe
  2⤵
  PID:2716
- C:\Windows\System\aYbSwTA.exe
  C:\Windows\System\aYbSwTA.exe
  2⤵
  PID:3216
- C:\Windows\System\EygSHWI.exe
  C:\Windows\System\EygSHWI.exe
  2⤵
  PID:3004
- C:\Windows\System\EcVnzpa.exe
  C:\Windows\System\EcVnzpa.exe
  2⤵
  PID:3452
- C:\Windows\System\vLvcIWc.exe
  C:\Windows\System\vLvcIWc.exe
  2⤵
  PID:3312
- C:\Windows\System\zcXlLcw.exe
  C:\Windows\System\zcXlLcw.exe
  2⤵
  PID:3520
- C:\Windows\System\hhlrWzM.exe
  C:\Windows\System\hhlrWzM.exe
  2⤵
  PID:3352
- C:\Windows\System\CUTflTb.exe
  C:\Windows\System\CUTflTb.exe
  2⤵
  PID:3568
- C:\Windows\System\vzvuPlq.exe
  C:\Windows\System\vzvuPlq.exe
  2⤵
  PID:3464
- C:\Windows\System\WEEdLYE.exe
  C:\Windows\System\WEEdLYE.exe
  2⤵
  PID:3604
- C:\Windows\System\emMBgLG.exe
  C:\Windows\System\emMBgLG.exe
  2⤵
  PID:2560
- C:\Windows\System\TborvwV.exe
  C:\Windows\System\TborvwV.exe
  2⤵
  PID:3620
- C:\Windows\System\HtyNaAe.exe
  C:\Windows\System\HtyNaAe.exe
  2⤵
  PID:3688
- C:\Windows\System\QcnUqJx.exe
  C:\Windows\System\QcnUqJx.exe
  2⤵
  PID:3696
- C:\Windows\System\zoPfRQG.exe
  C:\Windows\System\zoPfRQG.exe
  2⤵
  PID:3712
- C:\Windows\System\umcSUYa.exe
  C:\Windows\System\umcSUYa.exe
  2⤵
  PID:3748
- C:\Windows\System\giyysOT.exe
  C:\Windows\System\giyysOT.exe
  2⤵
  PID:2412
- C:\Windows\System\rnKRoZP.exe
  C:\Windows\System\rnKRoZP.exe
  2⤵
  PID:3792
- C:\Windows\System\CzWmCXV.exe
  C:\Windows\System\CzWmCXV.exe
  2⤵
  PID:3820
- C:\Windows\System\KycgQnN.exe
  C:\Windows\System\KycgQnN.exe
  2⤵
  PID:3832
- C:\Windows\System\MAxVtut.exe
  C:\Windows\System\MAxVtut.exe
  2⤵
  PID:3928
- C:\Windows\System\OSivjEW.exe
  C:\Windows\System\OSivjEW.exe
  2⤵
  PID:4008
- C:\Windows\System\MXILeML.exe
  C:\Windows\System\MXILeML.exe
  2⤵
  PID:4052
- C:\Windows\System\vuwsqSD.exe
  C:\Windows\System\vuwsqSD.exe
  2⤵
  PID:3956
- C:\Windows\System\zGPwROD.exe
  C:\Windows\System\zGPwROD.exe
  2⤵
  PID:2012
- C:\Windows\System\UwKAEXF.exe
  C:\Windows\System\UwKAEXF.exe
  2⤵
  PID:2144
- C:\Windows\System\uzeEOJk.exe
  C:\Windows\System\uzeEOJk.exe
  2⤵
  PID:984
- C:\Windows\System\tXtFkqs.exe
  C:\Windows\System\tXtFkqs.exe
  2⤵
  PID:2720
- C:\Windows\System\DmWavfZ.exe
  C:\Windows\System\DmWavfZ.exe
  2⤵
  PID:2896
- C:\Windows\System\BUjQNqW.exe
  C:\Windows\System\BUjQNqW.exe
  2⤵
  PID:568
- C:\Windows\System\iGCTxdM.exe
  C:\Windows\System\iGCTxdM.exe
  2⤵
  PID:2980
- C:\Windows\System\Rounaxu.exe
  C:\Windows\System\Rounaxu.exe
  2⤵
  PID:2756
- C:\Windows\System\pvleXzz.exe
  C:\Windows\System\pvleXzz.exe
  2⤵
  PID:1096
- C:\Windows\System\ggNiqgj.exe
  C:\Windows\System\ggNiqgj.exe
  2⤵
  PID:3468
- C:\Windows\System\fojxQzF.exe
  C:\Windows\System\fojxQzF.exe
  2⤵
  PID:2532
- C:\Windows\System\VhiqTUC.exe
  C:\Windows\System\VhiqTUC.exe
  2⤵
  PID:808
- C:\Windows\System\ZsYKXvM.exe
  C:\Windows\System\ZsYKXvM.exe
  2⤵
  PID:3584
- C:\Windows\System\tINiKcj.exe
  C:\Windows\System\tINiKcj.exe
  2⤵
  PID:3164
- C:\Windows\System\BBjwLOJ.exe
  C:\Windows\System\BBjwLOJ.exe
  2⤵
  PID:3588
- C:\Windows\System\iYhwWFr.exe
  C:\Windows\System\iYhwWFr.exe
  2⤵
  PID:3328
- C:\Windows\System\riNINmT.exe
  C:\Windows\System\riNINmT.exe
  2⤵
  PID:1988
- C:\Windows\System\PnTnoIy.exe
  C:\Windows\System\PnTnoIy.exe
  2⤵
  PID:3308
- C:\Windows\System\FyBwTTY.exe
  C:\Windows\System\FyBwTTY.exe
  2⤵
  PID:3432
- C:\Windows\System\mlMYwZT.exe
  C:\Windows\System\mlMYwZT.exe
  2⤵
  PID:3664
- C:\Windows\System\GtAjXHZ.exe
  C:\Windows\System\GtAjXHZ.exe
  2⤵
  PID:3644
- C:\Windows\System\GGDYYkm.exe
  C:\Windows\System\GGDYYkm.exe
  2⤵
  PID:3684
- C:\Windows\System\JalTFTx.exe
  C:\Windows\System\JalTFTx.exe
  2⤵
  PID:3524
- C:\Windows\System\HAEniZj.exe
  C:\Windows\System\HAEniZj.exe
  2⤵
  PID:2436
- C:\Windows\System\jDpkAlH.exe
  C:\Windows\System\jDpkAlH.exe
  2⤵
  PID:1548
- C:\Windows\System\xgSgiIY.exe
  C:\Windows\System\xgSgiIY.exe
  2⤵
  PID:2728
- C:\Windows\System\bSWdFCG.exe
  C:\Windows\System\bSWdFCG.exe
  2⤵
  PID:1884
- C:\Windows\System\ZJzQzRP.exe
  C:\Windows\System\ZJzQzRP.exe
  2⤵
  PID:3816
- C:\Windows\System\fXpSqdb.exe
  C:\Windows\System\fXpSqdb.exe
  2⤵
  PID:3908
- C:\Windows\System\gXYGYji.exe
  C:\Windows\System\gXYGYji.exe
  2⤵
  PID:2628
- C:\Windows\System\YMwHjMc.exe
  C:\Windows\System\YMwHjMc.exe
  2⤵
  PID:1352
- C:\Windows\System\rVfycft.exe
  C:\Windows\System\rVfycft.exe
  2⤵
  PID:3856
- C:\Windows\System\IKKHecs.exe
  C:\Windows\System\IKKHecs.exe
  2⤵
  PID:480
- C:\Windows\System\PxhVgIb.exe
  C:\Windows\System\PxhVgIb.exe
  2⤵
  PID:4036
- C:\Windows\System\MJLUSWa.exe
  C:\Windows\System\MJLUSWa.exe
  2⤵
  PID:1948
- C:\Windows\System\wXxrxRq.exe
  C:\Windows\System\wXxrxRq.exe
  2⤵
  PID:3412
- C:\Windows\System\ZYheAnU.exe
  C:\Windows\System\ZYheAnU.exe
  2⤵
  PID:2692
- C:\Windows\System\lmXthKj.exe
  C:\Windows\System\lmXthKj.exe
  2⤵
  PID:2284
- C:\Windows\System\EHmIurs.exe
  C:\Windows\System\EHmIurs.exe
  2⤵
  PID:3600
- C:\Windows\System\pLsGlkx.exe
  C:\Windows\System\pLsGlkx.exe
  2⤵
  PID:2528
- C:\Windows\System\NDEigtQ.exe
  C:\Windows\System\NDEigtQ.exe
  2⤵
  PID:2948
- C:\Windows\System\mhsseZG.exe
  C:\Windows\System\mhsseZG.exe
  2⤵
  PID:3248
- C:\Windows\System\uGhpGpX.exe
  C:\Windows\System\uGhpGpX.exe
  2⤵
  PID:3276
- C:\Windows\System\lUmXcnD.exe
  C:\Windows\System\lUmXcnD.exe
  2⤵
  PID:3500
- C:\Windows\System\ngJGlrU.exe
  C:\Windows\System\ngJGlrU.exe
  2⤵
  PID:3544
- C:\Windows\System\BJdopHo.exe
  C:\Windows\System\BJdopHo.exe
  2⤵
  PID:3692
- C:\Windows\System\CQhzCcw.exe
  C:\Windows\System\CQhzCcw.exe
  2⤵
  PID:3728
- C:\Windows\System\NaGCkcC.exe
  C:\Windows\System\NaGCkcC.exe
  2⤵
  PID:3892
- C:\Windows\System\YWkzKsc.exe
  C:\Windows\System\YWkzKsc.exe
  2⤵
  PID:1516
- C:\Windows\System\JtoHULc.exe
  C:\Windows\System\JtoHULc.exe
  2⤵
  PID:4020
- C:\Windows\System\UaaudLl.exe
  C:\Windows\System\UaaudLl.exe
  2⤵
  PID:3952
- C:\Windows\System\PRuzRJb.exe
  C:\Windows\System\PRuzRJb.exe
  2⤵
  PID:2964
- C:\Windows\System\xbHlqUn.exe
  C:\Windows\System\xbHlqUn.exe
  2⤵
  PID:1388
- C:\Windows\System\cyKqsZo.exe
  C:\Windows\System\cyKqsZo.exe
  2⤵
  PID:2452
- C:\Windows\System\FaJeIJc.exe
  C:\Windows\System\FaJeIJc.exe
  2⤵
  PID:4068
- C:\Windows\System\SbrHZAV.exe
  C:\Windows\System\SbrHZAV.exe
  2⤵
  PID:2892
- C:\Windows\System\yhnNqib.exe
  C:\Windows\System\yhnNqib.exe
  2⤵
  PID:576
- C:\Windows\System\lwtqRXO.exe
  C:\Windows\System\lwtqRXO.exe
  2⤵
  PID:3080
- C:\Windows\System\ACbooWr.exe
  C:\Windows\System\ACbooWr.exe
  2⤵
  PID:3144
- C:\Windows\System\ZcbVKwQ.exe
  C:\Windows\System\ZcbVKwQ.exe
  2⤵
  PID:2392
- C:\Windows\System\ouMvYRT.exe
  C:\Windows\System\ouMvYRT.exe
  2⤵
  PID:3628
- C:\Windows\System\XtXckXY.exe
  C:\Windows\System\XtXckXY.exe
  2⤵
  PID:3736
- C:\Windows\System\ztyGCpr.exe
  C:\Windows\System\ztyGCpr.exe
  2⤵
  PID:2836
- C:\Windows\System\pItHCoE.exe
  C:\Windows\System\pItHCoE.exe
  2⤵
  PID:4092
- C:\Windows\System\sxUIjSH.exe
  C:\Windows\System\sxUIjSH.exe
  2⤵
  PID:3936
- C:\Windows\System\OWVeOri.exe
  C:\Windows\System\OWVeOri.exe
  2⤵
  PID:3860
- C:\Windows\System\lEDFOmA.exe
  C:\Windows\System\lEDFOmA.exe
  2⤵
  PID:2512
- C:\Windows\System\KuFVBBu.exe
  C:\Windows\System\KuFVBBu.exe
  2⤵
  PID:3396
- C:\Windows\System\kxVJRTn.exe
  C:\Windows\System\kxVJRTn.exe
  2⤵
  PID:1992
- C:\Windows\System\OSetOXU.exe
  C:\Windows\System\OSetOXU.exe
  2⤵
  PID:2768
- C:\Windows\System\PhjmRua.exe
  C:\Windows\System\PhjmRua.exe
  2⤵
  PID:2428
- C:\Windows\System\SAnLDpG.exe
  C:\Windows\System\SAnLDpG.exe
  2⤵
  PID:3772
- C:\Windows\System\aZlzayV.exe
  C:\Windows\System\aZlzayV.exe
  2⤵
  PID:1984
- C:\Windows\System\aOwAVQc.exe
  C:\Windows\System\aOwAVQc.exe
  2⤵
  PID:3988
- C:\Windows\System\nmzcGVe.exe
  C:\Windows\System\nmzcGVe.exe
  2⤵
  PID:3372
- C:\Windows\System\QKROnFX.exe
  C:\Windows\System\QKROnFX.exe
  2⤵
  PID:2944
- C:\Windows\System\GysnuCX.exe
  C:\Windows\System\GysnuCX.exe
  2⤵
  PID:4100
- C:\Windows\System\HsgHVsk.exe
  C:\Windows\System\HsgHVsk.exe
  2⤵
  PID:4120
- C:\Windows\System\kMpflRI.exe
  C:\Windows\System\kMpflRI.exe
  2⤵
  PID:4144
- C:\Windows\System\YNXAZig.exe
  C:\Windows\System\YNXAZig.exe
  2⤵
  PID:4164
- C:\Windows\System\efliPoU.exe
  C:\Windows\System\efliPoU.exe
  2⤵
  PID:4180
- C:\Windows\System\hbfTxqm.exe
  C:\Windows\System\hbfTxqm.exe
  2⤵
  PID:4204
- C:\Windows\System\PKYDNrd.exe
  C:\Windows\System\PKYDNrd.exe
  2⤵
  PID:4220
- C:\Windows\System\KfvmvXj.exe
  C:\Windows\System\KfvmvXj.exe
  2⤵
  PID:4244
- C:\Windows\System\wadYMiX.exe
  C:\Windows\System\wadYMiX.exe
  2⤵
  PID:4264
- C:\Windows\System\JGsydvg.exe
  C:\Windows\System\JGsydvg.exe
  2⤵
  PID:4284
- C:\Windows\System\zyrrcXL.exe
  C:\Windows\System\zyrrcXL.exe
  2⤵
  PID:4300
- C:\Windows\System\byRgJbR.exe
  C:\Windows\System\byRgJbR.exe
  2⤵
  PID:4324
- C:\Windows\System\ZPyinuB.exe
  C:\Windows\System\ZPyinuB.exe
  2⤵
  PID:4340
- C:\Windows\System\QxnsWrZ.exe
  C:\Windows\System\QxnsWrZ.exe
  2⤵
  PID:4364
- C:\Windows\System\LHJjagb.exe
  C:\Windows\System\LHJjagb.exe
  2⤵
  PID:4380
- C:\Windows\System\CcgJMck.exe
  C:\Windows\System\CcgJMck.exe
  2⤵
  PID:4404
- C:\Windows\System\sBlIfaU.exe
  C:\Windows\System\sBlIfaU.exe
  2⤵
  PID:4424
- C:\Windows\System\tTLWBas.exe
  C:\Windows\System\tTLWBas.exe
  2⤵
  PID:4444
- C:\Windows\System\AOYwePo.exe
  C:\Windows\System\AOYwePo.exe
  2⤵
  PID:4460
- C:\Windows\System\XnkycpT.exe
  C:\Windows\System\XnkycpT.exe
  2⤵
  PID:4484
- C:\Windows\System\vDWkzTw.exe
  C:\Windows\System\vDWkzTw.exe
  2⤵
  PID:4500
- C:\Windows\System\MpcgiMM.exe
  C:\Windows\System\MpcgiMM.exe
  2⤵
  PID:4524
- C:\Windows\System\bWQPXpm.exe
  C:\Windows\System\bWQPXpm.exe
  2⤵
  PID:4540
- C:\Windows\System\txJNsYp.exe
  C:\Windows\System\txJNsYp.exe
  2⤵
  PID:4564
- C:\Windows\System\JZoHmHD.exe
  C:\Windows\System\JZoHmHD.exe
  2⤵
  PID:4580
- C:\Windows\System\bCpydCs.exe
  C:\Windows\System\bCpydCs.exe
  2⤵
  PID:4604
- C:\Windows\System\JYrQWgn.exe
  C:\Windows\System\JYrQWgn.exe
  2⤵
  PID:4620
- C:\Windows\System\PzPpcaf.exe
  C:\Windows\System\PzPpcaf.exe
  2⤵
  PID:4644
- C:\Windows\System\SdodRtz.exe
  C:\Windows\System\SdodRtz.exe
  2⤵
  PID:4660
- C:\Windows\System\lMRxnLp.exe
  C:\Windows\System\lMRxnLp.exe
  2⤵
  PID:4684
- C:\Windows\System\oFTowRY.exe
  C:\Windows\System\oFTowRY.exe
  2⤵
  PID:4700
- C:\Windows\System\ikwzoTQ.exe
  C:\Windows\System\ikwzoTQ.exe
  2⤵
  PID:4724
- C:\Windows\System\GGXDTMF.exe
  C:\Windows\System\GGXDTMF.exe
  2⤵
  PID:4740
- C:\Windows\System\jRNQmfy.exe
  C:\Windows\System\jRNQmfy.exe
  2⤵
  PID:4764

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\BudkRyF.exe

Filesize
2.0MB

MD5
bffb06f99705b62bf8d726025e05433a

SHA1
ea61fca56ecc4e0cea3d0b1ad0792996a923e609

SHA256
eb2149e478ef002068609147c3b7227e70990e41eae6f55cb2f150829066a7a5

SHA512
276e3ff7b9d840c959a32192f5f48bb85e7c30a1685c6696946a3ece4aea59b46a4fe1560f9ed088a2d6a4e85381d75380fdbedb35b38ef2cee85bbecf8d7681

Download Submit
C:\Windows\system\CABKUmR.exe

Filesize
2.0MB

MD5
186cb7bf0548b2fcb6facc3882bfb917

SHA1
f793fac27aa2e980952d531763b5e50a5f225d91

SHA256
0ee98ffc5da1acc5f73899a0093121dbfb407ff1e0ed4e07a6e3da956973cfae

SHA512
ed7cf681f5b3c6904badcafad7e3f46abb40269075b85a917063ff94e7a71c46d40545bb1ae37849480d55eb70716b15c682382ae20a3d4562f5022abe1477dc

Download Submit
C:\Windows\system\EFIluFx.exe

Filesize
2.0MB

MD5
9aabb6299a63fb3cc72e1a9c1cd0a0f7

SHA1
38e3355ec455bae31954a12282d8c2cc765be0c4

SHA256
0aad5d520fe0f124ec5fe2253e7e6c5af001b573af37c13ccd372e4d34b77977

SHA512
3b1ad54deb9feed15d884adac4629305725f8e69dc7f55f64a2c4c7895e03e408518105e50548bdf0054f40437546e38594b77df554ae1b134bec8aaee309c91

Download Submit
C:\Windows\system\GEHyQcg.exe

Filesize
2.0MB

MD5
4d2fce8a47e2404fe974958ea91c651b

SHA1
0b9a66b7e503cbd56b68a832c01870c48715fde2

SHA256
0be3daf0e790eaab0b90a5788f4758ab6281117443a70a9ea8030d9b784253e7

SHA512
79dbebd66a58899649371b3b84cd76529677a7d5b0dc881d57748cd6acd2d685a76cc599884de61ac90804be08a034398504e8182268077766bb2cb8eaf1f488

Download Submit
C:\Windows\system\JMqkLkH.exe

Filesize
2.0MB

MD5
62992f7b14e23d90292f1cebb808dd64

SHA1
94f5a8ea47eb6381e34ad4dfb33a7913fe560dfe

SHA256
93e04273bc5a8b0cb6320f9c4b877c56c0d9ef159b742c5a7a0e73de625c6a79

SHA512
ad297693283a67cd506a3d8e6a89265fb61b3447f3c9e51f6d96a36f12064718d51c6600c48468ea18e6e78e4d61bbde5beef114bb5b1c8ec46050fddbddaacc

Download Submit
C:\Windows\system\MsKdUBW.exe

Filesize
2.0MB

MD5
fda8335bbfe9064d0221b8d8c50d4a6c

SHA1
d98591ad83ecc85a992928745484dfbd50241b2b

SHA256
30882bef39b337407a71727635b37a1a67cbe483ad774e348b4f9684c352c3c2

SHA512
72ab41d06cb7819ad15fb7e8dd909a7f2d55bb380b550840096a70c54ce2ad75c4410b2aa628cf75f4cf336d56e52e099735e23be1fbc2ebdd400d8516edb271

Download Submit
C:\Windows\system\Ptzllzo.exe

Filesize
2.0MB

MD5
6064d89d1b64a5c351c09c126c65b710

SHA1
171e74aacd544565a0d98e580727564a494a1351

SHA256
cb48e05525ca8299b4708b3780856198db62ce9a7a8308f07c2b1b8ee8f9807d

SHA512
ae587e63f949182d61c10aad9e3da7b2e0e260a50be5684718b88e9f53307edf39df1462c2953ef5e53a645df54bae7d1d505885043432dc29167be24db8ee1b

Download Submit
C:\Windows\system\SfbRVsr.exe

Filesize
2.0MB

MD5
0f5afaa9f972449534425d71d164ac16

SHA1
c42529576df1e95e222c14b99e57e0df11d36bd5

SHA256
9239c5d0b5656308b71e3ba0bea5cfb8411bfe8d60eee15e2dafea8da1e526e7

SHA512
bb9a2cb5cdaca8033cfd8f70a6152ef5286315db22ceb58aad61ed35b32bbff1abfb9e7702063ef22ec3a4f99f5fbc1b2e8c681b75137c8465a7a88049b45182

Download Submit
C:\Windows\system\SmFUzTo.exe

Filesize
2.0MB

MD5
741fdf7a753a6e8f52dccc369783862b

SHA1
f06be638da9c9eeb7d18cd21f59632c2ea02f908

SHA256
d09dcf720036a932a22fd533801ecf5751ce01c3edee9601dbf03338794d3446

SHA512
1527de499fc23b936e05ca0ff12db7fa089d50889352373102bc53367df4580a0dce74acbd8cf3cc5c26e4b3e0c1052a0a26b6cfcecf4d0cddea9e073e3feaff

Download Submit
C:\Windows\system\TrIgmvl.exe

Filesize
2.0MB

MD5
d4e31a34c51fc65bb8759e66f8007a38

SHA1
fc28e4adfb87c2b5a280cd4a7b83f099ae1aea32

SHA256
869140522a25a05051ceaf967307a3b14ff27298eb96181b8d2315f8305ffad9

SHA512
3314cad43304e989864ae718b0ad35c756dcfa6aebf53c53b385ce1a21038bac80027ca08fde0f3791a3e1790be2c8959538c90e5452cebd1a3f559a97f1b7f0

Download Submit
C:\Windows\system\XVnwDwx.exe

Filesize
2.0MB

MD5
789b65284f8a4c0ce693db227743920f

SHA1
aaa9191b2eb6a4b6afe37723d2a8202972ee0f59

SHA256
bba60646e8094f5aca7622085cd5f4355d940a50aff86233bf027372423feee6

SHA512
839f1c3d750e44fb7e19a4bc344c4a1b534adb1a0ffc45fa9fc7c9fada5fac0f6ccab4d0a5cd31438821cb63e21c3be74dfe32eb3e11d3712e4983176a1bd326

Download Submit
C:\Windows\system\ZEhwfDk.exe

Filesize
2.0MB

MD5
d4c93e520a9e64508f76b77a2e51b288

SHA1
b7713c1d3965aa3ae07d9e8be0cd8afa00679b02

SHA256
6a955db77c99507f0a1dcefe067e8ab66e366f7656022c03ccec53a3c144b2c1

SHA512
fa7dcfa50f50d5af31b5edae94bb7409a54e5658f42457c4563090601ab2145f47e8c0ac6478da657f5f4a5b8becab8a3925e919327257334356de8c39fb2088

Download Submit
C:\Windows\system\anSmohW.exe

Filesize
2.0MB

MD5
4a6bbaad1b38ffdca73f396713494eae

SHA1
9524bec1edcaa1a946504ea3920a80f22f56bea2

SHA256
c5ff678b9da8e99e20770db4c89aa8d61ae435f9233dcc2a9d8c9d96ef73aecb

SHA512
06760ffe1be38763bc9a1cb295fc24b7fbfa8717275a3eab72ba667087f3fcac8548949629bab6c0f3657eb6f3f9e0511c86ad7063233b78d24110c632025490

Download Submit
C:\Windows\system\arpxZZE.exe

Filesize
2.0MB

MD5
99f3c3f13e5f8f8fe861cd21d75053b2

SHA1
5b5fd81d7fcd50c40b733718b44293ba41805ef2

SHA256
5616ceeddcf5330a76716509629bb370a3d4c38f69d02b562d801c4091f74581

SHA512
9a20f6d1a35ba99a1ff60a0384ba38450803981abc281a26faad85e3fb13cbd2dc95fe68493cda83c8f774bd5254adebc031f4108722589165aee4481e50117e

Download Submit
C:\Windows\system\cYzWwEg.exe

Filesize
2.0MB

MD5
a6b8f09055da8fb9a9bfa6cff55b1f3b

SHA1
aa84001b9796449008285f42c161648ab4da637e

SHA256
b4f9e19116e9b601cda59b7cdc02576f14630d49e614fe93ae3ba270017549f0

SHA512
4c16f41a6babe061c1afd155de529b10f84b0bf0b73d9465effa4ef0631be0cb04fc3a105bd49ad4a28637f49dc4c41b65bea53a6d9eebc60869ce0da1822eb3

Download Submit
C:\Windows\system\doTAijP.exe

Filesize
2.0MB

MD5
08903bdba9285e5dc7c0e8e14866120f

SHA1
bb15dd41ed2b9335696771d833b50db56f870751

SHA256
e8da59db0869bd5ed843f149131efeec1f4b849f17aa8cec51af550479d72d67

SHA512
f00b4e0655b48b0ec99684a265e636d744d3fd7900c619d27144983905a2714824cd8e1fef6e110ac1055c3225b500708f1460ae298f5693dba3544245e5013b

Download Submit
C:\Windows\system\gADXOoD.exe

Filesize
2.0MB

MD5
174b2bfa933ad3ec2c80e6d23d14d61b

SHA1
664684c852c624f2b55ad1b778cf7764e95ae62e

SHA256
098f669a54325ab9188bccfa5fa82561c0f84cd67242e46babfa16d3579b603b

SHA512
f47cd9ac9bb8d72cfaab84b2ac702079ce499480dfa6bbef93042c1abd08295cbe1dd34419cc9839df97bf25202a374fd92e57f83b18391fab320ae42875a8ec

Download Submit
C:\Windows\system\gBjOxQA.exe

Filesize
2.0MB

MD5
0551af827af75bb7c491560a90def4e0

SHA1
2c59300b26924684d6e92b0ab17c8f26de2f4c15

SHA256
cb32853f64ff46962fb445476ab0216be6ce7c8fc48b4fbacd139716390cc476

SHA512
c7e62e0e6e50c454732a088d87ff4a97cdf2bce207f4e0905152ce67113e2437a02a14146dc7b9af9b436533811de3ab66eae0139ac054386068f48cad0af345

Download Submit
C:\Windows\system\hzObRmV.exe

Filesize
2.0MB

MD5
cf0d4b4152aa3a3e1b0d579b0c393ac2

SHA1
d0710cdc317be0f9a4ae60b66f19567c66d57f21

SHA256
8d778d09d0d519ec74129ee6cb1dab3b9ea751217a95ec6001b3c34881131889

SHA512
482bba9d12e54fafc4d5a23a39f38b6549142bf325f0e11f97e98a3d08ca43758f3cbf5a27dc142f1e2fc4a06ab6dda333fd4d4dd8c5394e718d05dc44a40f97

Download Submit
C:\Windows\system\jKqjaOa.exe

Filesize
2.0MB

MD5
a900d1667056ca13674b971a342cc336

SHA1
3f4c1f5280af127497a3c850ccb9c6b0fa44c983

SHA256
1cb7cd57b615fa17f99307081948cb51fb0a3ced217f50b99f7f0e3e3ab034d7

SHA512
b0992e0f7caf1220d286a25674f2796dab46b9c10b643e36d724f711740abd6548f3710a8071c1a77b55364f763ae096bdc738ae6259fdf4579c2fd52b5d2739

Download Submit
C:\Windows\system\lvCaPIW.exe

Filesize
2.0MB

MD5
92d7ee189d8283bcfb1997a607dbfe1e

SHA1
760c689223f2c653810f8057bd01d0d149003e91

SHA256
9e1beaab9e7846d3e4aba92b1a94b5c80532f2588a34e0a6fc9a49902639d02f

SHA512
35174a4ad84345cd532362c47da545d76fc92aff72e052bd655913e6839275d50bebb304d734cfdc0bfb128ce5186c0df74a69d61e6a85ec1277152bcb284b30

Download Submit
C:\Windows\system\mWRkzvF.exe

Filesize
2.0MB

MD5
8b450dfc64176a5af0d98ea413fcd17d

SHA1
2e0162b9e16abb28d5a1cd0c52a5834e9d442cf0

SHA256
9ad08559b5e16e8d36c8fd60758a9f1d57990791f33e665aa3147d04f18ac572

SHA512
e16a44c576043276c1edd509102e1b8a8a96a722a220effa0068468a7d999b8ad129c1f9c2d62c458f0705ac52008876f3bedae4e09ff0a9fc4576f56af6920a

Download Submit
C:\Windows\system\mYvCUYY.exe

Filesize
2.0MB

MD5
91b27f199ae95bf8453790aecfbec227

SHA1
cd296109a20d425813e3f50a353c0ac69b7c74f4

SHA256
b76c3c5c61d1aa2624a08f3a6fa836ba79f8ffd128b71a0528cd84d087107c9a

SHA512
1662d5c88ea6d219dff16b6d867ae6e29fcdb43280feeec1a03d4793d7c6e87d65b5c1f689528120336129a19541238b65d4ca624e35564a014cec4412eb5291

Download Submit
C:\Windows\system\sVHKEvB.exe

Filesize
2.0MB

MD5
69a8a031db0a121232d226bced1877cd

SHA1
0ed519722fa535625396c35141aeed3babca1503

SHA256
e9455609272ae49384e29c3f679ae1d8d4008cd35f6c057ad6a652a912bc28e8

SHA512
e8ba07d475ab3cc5570e0989c56cfea606625afc176141fcebaf1cc8a13cb13be4a96ef99d2bebf34dafa46c1a2030aec19196b06a02c7c5756f2f0ced5e1f62

Download Submit
C:\Windows\system\uHRhLXV.exe

Filesize
2.0MB

MD5
7274da97fd0fbd1eb53d73eefad6d038

SHA1
a999318b84786cbb9a1886075d77129ddf7aaaff

SHA256
2b84750ea6e62273b3989a783b5700ec0b56732fcdbb21c6253597f52af1dfa3

SHA512
90d415f335a1598cc991405a927ed3e7247bb9cb39e3adc86811a16acaf92734dfdb1861a4c58f4abfa880400687d7e2328c59ad7cc020caeef2212c43a41d5d

Download Submit
C:\Windows\system\uUCacof.exe

Filesize
2.0MB

MD5
8e86a5db269c1b5bb2bcb1646801d515

SHA1
1331ca7dce5788de7fc9d341c6d9914eedf6cf44

SHA256
416fa73039e8cf45779190454b184c9d25f658a68b91d6138a972a7ab06b941c

SHA512
eb8c697afe53e0d3990c83f40117b2e03246a90f404b4246514f7261621a70165342fb2be9a5593c5186ea34c60fc817815c5c96df915b00aa148bbfaaadd56a

Download Submit
C:\Windows\system\vgqAWGN.exe

Filesize
2.0MB

MD5
53c1f635d8eee24e9cfbd9185e39076c

SHA1
b38618633d12ea7d2bf9745f0a59f6815f0db7f5

SHA256
2ae051c30db8b674d24f9f4532a9957356cdaf005ac70bc4a18368962946aa9a

SHA512
c56c413c15471d7000bf9451a7eb2ce3a5d50a7811003057a55f65823693eb74c315c2d18325aa6444f1bd94eae890e8bc7236ef3d5696952f7179e0d3418a23

Download Submit
C:\Windows\system\yBTdcRI.exe

Filesize
2.0MB

MD5
123f9caa9af690750bc8a28c9a8a2d5b

SHA1
d32c06fd64e4423505b77919ded3790f6ef25706

SHA256
8d3ced9daa30ea7ed6a34a1c3038efd245439f8b7fc71be716f0a19517462eb2

SHA512
9a84f6ddaa073cbda77da68dd8ff4af724b73769903714b1017a0730dca434fd88e595b117b50082e8535cd3d1af2ccedc953e60eb177ce14d02274fe3041528

Download Submit
C:\Windows\system\zGebJaa.exe

Filesize
2.0MB

MD5
8d380d7766c8a566eea3997f3e4519ef

SHA1
6ec56be8671042676c1f7d2cc30b2b6f3b723729

SHA256
b1d157937cd6da568a85ae664a8d4797488416f55b3925e0186a06a75cddf9f1

SHA512
a77a58d270331dfadc26974cf4078451541ef0989e74c03aeff998abd9497ea9109f5680c21cea583f80ee6ef18d6c81060c775e4cf8c2a814971dec9df3c1b1

Download Submit
\Windows\system\lAgMolj.exe

Filesize
2.0MB

MD5
fa8e55aa4e610af7b8891b4c6321549d

SHA1
19e96b0036d091a7831f555d8af1de649e84fe84

SHA256
51fe3544c031b0ab7bbe56acc717733fe07b8e7bdc882af653dfdd188e60cda6

SHA512
075b216132503808f6384a93fcfe17d6b26ad9a275fcd929ea83abac17577deeecc2b669aea8217a1868d272cda85525250aab5e6ddd8b6897cc84bdd185b104

Download Submit
\Windows\system\qCEisAB.exe

Filesize
2.0MB

MD5
7c8e496dec1f6ad5acf14f360b8dc592

SHA1
b925a430ff9f661644e8964a9377251ed810f934

SHA256
84f6e6cd698cca9860e8a24e952bc0ff3b2a9d2065a2def0c9bfcfe382fbdc8a

SHA512
638c7ba0913e81fbc6b9f7a8e4479f55d69fcab8baa332a25d146c0df08ca0814e7ffdacf8ccb20d31b3c42cf080b97bfe1ed1b438a3c23bae0fb2d0306d67fb

Download Submit
\Windows\system\vNcSlyw.exe

Filesize
2.0MB

MD5
6ddea91565d0a0edbfa4bdebc7a77a5d

SHA1
fb8037088a19890ab54ca6aace24ef289a20e7c3

SHA256
4647db82fdba61b86fb7d66ad59198be0f7443bcd6df48a06eba6e416412843e

SHA512
5e4d5977e37c80183d36ab4563a29f521869d80fd835864a8ca39a6f4e59ac339940652d14013bbbf68512b30780338661b896907cebe853cbacbd6adad7ddeb

Download Submit
memory/760-1093-0x000000013F480000-0x000000013F7D4000-memory.dmp

Filesize
3.3MB

Download
memory/760-741-0x000000013F480000-0x000000013F7D4000-memory.dmp

Filesize
3.3MB

Download
memory/1924-742-0x0000000001EF0000-0x0000000002244000-memory.dmp

Filesize
3.3MB

Download
memory/1924-1070-0x0000000001EF0000-0x0000000002244000-memory.dmp

Filesize
3.3MB

Download
memory/1924-705-0x000000013F110000-0x000000013F464000-memory.dmp

Filesize
3.3MB

Download
memory/1924-0-0x00000000000F0000-0x0000000000100000-memory.dmp

Filesize
64KB

Download
memory/1924-707-0x0000000001EF0000-0x0000000002244000-memory.dmp

Filesize
3.3MB

Download
memory/1924-1082-0x000000013F0F0000-0x000000013F444000-memory.dmp

Filesize
3.3MB

Download
memory/1924-710-0x000000013F1C0000-0x000000013F514000-memory.dmp

Filesize
3.3MB

Download
memory/1924-1081-0x0000000001EF0000-0x0000000002244000-memory.dmp

Filesize
3.3MB

Download
memory/1924-713-0x000000013F4D0000-0x000000013F824000-memory.dmp

Filesize
3.3MB

Download
memory/1924-1080-0x0000000001EF0000-0x0000000002244000-memory.dmp

Filesize
3.3MB

Download
memory/1924-735-0x000000013F480000-0x000000013F7D4000-memory.dmp

Filesize
3.3MB

Download
memory/1924-2-0x000000013FC40000-0x000000013FF94000-memory.dmp

Filesize
3.3MB

Download
memory/1924-1079-0x0000000001EF0000-0x0000000002244000-memory.dmp

Filesize
3.3MB

Download
memory/1924-744-0x0000000001EF0000-0x0000000002244000-memory.dmp

Filesize
3.3MB

Download
memory/1924-746-0x0000000001EF0000-0x0000000002244000-memory.dmp

Filesize
3.3MB

Download
memory/1924-747-0x000000013F0F0000-0x000000013F444000-memory.dmp

Filesize
3.3MB

Download
memory/1924-1078-0x0000000001EF0000-0x0000000002244000-memory.dmp

Filesize
3.3MB

Download
memory/1924-745-0x0000000001EF0000-0x0000000002244000-memory.dmp

Filesize
3.3MB

Download
memory/1924-724-0x000000013F390000-0x000000013F6E4000-memory.dmp

Filesize
3.3MB

Download
memory/1924-1077-0x000000013F480000-0x000000013F7D4000-memory.dmp

Filesize
3.3MB

Download
memory/1924-1076-0x000000013F390000-0x000000013F6E4000-memory.dmp

Filesize
3.3MB

Download
memory/1924-25-0x000000013F510000-0x000000013F864000-memory.dmp

Filesize
3.3MB

Download
memory/1924-1075-0x000000013F4D0000-0x000000013F824000-memory.dmp

Filesize
3.3MB

Download
memory/1924-34-0x0000000001EF0000-0x0000000002244000-memory.dmp

Filesize
3.3MB

Download
memory/1924-32-0x000000013F3F0000-0x000000013F744000-memory.dmp

Filesize
3.3MB

Download
memory/1924-1074-0x000000013F1C0000-0x000000013F514000-memory.dmp

Filesize
3.3MB

Download
memory/1924-1073-0x0000000001EF0000-0x0000000002244000-memory.dmp

Filesize
3.3MB

Download
memory/1924-13-0x0000000001EF0000-0x0000000002244000-memory.dmp

Filesize
3.3MB

Download
memory/1924-1072-0x000000013F110000-0x000000013F464000-memory.dmp

Filesize
3.3MB

Download
memory/1924-1069-0x000000013FC40000-0x000000013FF94000-memory.dmp

Filesize
3.3MB

Download
memory/1940-1091-0x000000013F0F0000-0x000000013F444000-memory.dmp

Filesize
3.3MB

Download
memory/1940-748-0x000000013F0F0000-0x000000013F444000-memory.dmp

Filesize
3.3MB

Download
memory/2152-1095-0x000000013F4D0000-0x000000013F824000-memory.dmp

Filesize
3.3MB

Download
memory/2152-719-0x000000013F4D0000-0x000000013F824000-memory.dmp

Filesize
3.3MB

Download
memory/2156-1088-0x000000013F110000-0x000000013F464000-memory.dmp

Filesize
3.3MB

Download
memory/2156-706-0x000000013F110000-0x000000013F464000-memory.dmp

Filesize
3.3MB

Download
memory/2320-1083-0x000000013FB90000-0x000000013FEE4000-memory.dmp

Filesize
3.3MB

Download
memory/2320-14-0x000000013FB90000-0x000000013FEE4000-memory.dmp

Filesize
3.3MB

Download
memory/2332-18-0x000000013F510000-0x000000013F864000-memory.dmp

Filesize
3.3MB

Download
memory/2332-1084-0x000000013F510000-0x000000013F864000-memory.dmp

Filesize
3.3MB

Download
memory/2404-1090-0x000000013F1C0000-0x000000013F514000-memory.dmp

Filesize
3.3MB

Download
memory/2404-711-0x000000013F1C0000-0x000000013F514000-memory.dmp

Filesize
3.3MB

Download
memory/2440-709-0x000000013FC60000-0x000000013FFB4000-memory.dmp

Filesize
3.3MB

Download
memory/2440-1089-0x000000013FC60000-0x000000013FFB4000-memory.dmp

Filesize
3.3MB

Download
memory/2516-1086-0x000000013F3F0000-0x000000013F744000-memory.dmp

Filesize
3.3MB

Download
memory/2516-37-0x000000013F3F0000-0x000000013F744000-memory.dmp

Filesize
3.3MB

Download
memory/2580-1096-0x000000013FD00000-0x0000000140054000-memory.dmp

Filesize
3.3MB

Download
memory/2580-1071-0x000000013FD00000-0x0000000140054000-memory.dmp

Filesize
3.3MB

Download
memory/2580-701-0x000000013FD00000-0x0000000140054000-memory.dmp

Filesize
3.3MB

Download
memory/2608-38-0x000000013FE10000-0x0000000140164000-memory.dmp

Filesize
3.3MB

Download
memory/2608-1087-0x000000013FE10000-0x0000000140164000-memory.dmp

Filesize
3.3MB

Download
memory/2656-1094-0x000000013FD80000-0x00000001400D4000-memory.dmp

Filesize
3.3MB

Download
memory/2656-743-0x000000013FD80000-0x00000001400D4000-memory.dmp

Filesize
3.3MB

Download
memory/2820-42-0x000000013FF40000-0x0000000140294000-memory.dmp

Filesize
3.3MB

Download
memory/2820-1085-0x000000013FF40000-0x0000000140294000-memory.dmp

Filesize
3.3MB

Download
memory/2908-1092-0x000000013F390000-0x000000013F6E4000-memory.dmp

Filesize
3.3MB

Download
memory/2908-729-0x000000013F390000-0x000000013F6E4000-memory.dmp

Filesize
3.3MB

Download