kpot | 1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69

Analysis

max time kernel
141s
max time network
144s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
23-06-2024 00:02

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe
Size

2.1MB
MD5

5ec918afabc8b2781bf7aa3dccf44f30
SHA1

620ef30d779681694504b05e2a99fea7c22e5d09
SHA256

1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69
SHA512

a48595eeade5987dae4b21c934dda66bbe5bcf69cfbaa2eed2698e0e3b151372ca26ca9d83f15625d03dbb0915618b1b9be0b0d81a7862195a9cfc6ca1d59aef
SSDEEP

49152:oezaTF8FcNkNdfE0pZ9ozt4wIC5aIwC+Agr6SNasrE:oemTLkNdfE0pZrwJ

Score

10^/10

kpot xmrig miner stealer trojan upx

Malware Config

Signatures

KPOT
KPOT is an information stealer that steals user data and account credentials.
trojan stealer kpot

KPOT Core Executable 32 IoCs

resource	yara_rule
behavioral1/files/0x000c00000001227b-3.dat	family_kpot
behavioral1/files/0x0038000000015c7f-11.dat	family_kpot
behavioral1/files/0x0008000000015cc7-28.dat	family_kpot
behavioral1/files/0x0007000000015d0c-34.dat	family_kpot
behavioral1/files/0x0008000000015d28-53.dat	family_kpot
behavioral1/files/0x0006000000016abb-63.dat	family_kpot
behavioral1/files/0x0006000000016c56-69.dat	family_kpot
behavioral1/files/0x0006000000016cc3-88.dat	family_kpot
behavioral1/files/0x0038000000015c93-95.dat	family_kpot
behavioral1/files/0x0006000000016d4e-124.dat	family_kpot
behavioral1/files/0x0006000000017477-164.dat	family_kpot
behavioral1/files/0x0006000000017042-160.dat	family_kpot
behavioral1/files/0x0006000000016eb9-156.dat	family_kpot
behavioral1/files/0x0006000000016de7-152.dat	family_kpot
behavioral1/files/0x0006000000016dde-148.dat	family_kpot
behavioral1/files/0x0006000000016dda-144.dat	family_kpot
behavioral1/files/0x0006000000016d71-140.dat	family_kpot
behavioral1/files/0x0006000000016d69-136.dat	family_kpot
behavioral1/files/0x0006000000016d65-132.dat	family_kpot
behavioral1/files/0x0006000000016d61-128.dat	family_kpot
behavioral1/files/0x0006000000016d45-120.dat	family_kpot
behavioral1/files/0x0006000000016d3d-116.dat	family_kpot
behavioral1/files/0x0006000000016d34-112.dat	family_kpot
behavioral1/files/0x0006000000016d2c-108.dat	family_kpot
behavioral1/files/0x0006000000016d1b-104.dat	family_kpot
behavioral1/files/0x0006000000016ce7-100.dat	family_kpot
behavioral1/files/0x0006000000016c7a-81.dat	family_kpot
behavioral1/files/0x0006000000016c71-74.dat	family_kpot
behavioral1/files/0x00080000000165a8-58.dat	family_kpot
behavioral1/files/0x0007000000015cf0-39.dat	family_kpot
behavioral1/files/0x0007000000015d02-38.dat	family_kpot
behavioral1/files/0x0008000000015ccf-25.dat	family_kpot

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/2216-0-0x000000013F780000-0x000000013FAD4000-memory.dmp	xmrig
behavioral1/files/0x000c00000001227b-3.dat	xmrig
behavioral1/memory/2200-8-0x000000013F2F0000-0x000000013F644000-memory.dmp	xmrig
behavioral1/files/0x0038000000015c7f-11.dat	xmrig
behavioral1/memory/492-24-0x000000013F130000-0x000000013F484000-memory.dmp	xmrig
behavioral1/files/0x0008000000015cc7-28.dat	xmrig
behavioral1/files/0x0007000000015d0c-34.dat	xmrig
behavioral1/memory/2668-49-0x000000013F530000-0x000000013F884000-memory.dmp	xmrig
behavioral1/files/0x0008000000015d28-53.dat	xmrig
behavioral1/memory/2792-55-0x000000013FCD0000-0x0000000140024000-memory.dmp	xmrig
behavioral1/files/0x0006000000016abb-63.dat	xmrig
behavioral1/memory/2872-60-0x000000013FE50000-0x00000001401A4000-memory.dmp	xmrig
behavioral1/memory/2560-65-0x000000013F610000-0x000000013F964000-memory.dmp	xmrig
behavioral1/files/0x0006000000016c56-69.dat	xmrig
behavioral1/memory/2516-71-0x000000013FF00000-0x0000000140254000-memory.dmp	xmrig
behavioral1/memory/2592-78-0x000000013FAB0000-0x000000013FE04000-memory.dmp	xmrig
behavioral1/memory/2216-77-0x0000000001FA0000-0x00000000022F4000-memory.dmp	xmrig
behavioral1/files/0x0006000000016cc3-88.dat	xmrig
behavioral1/files/0x0038000000015c93-95.dat	xmrig
behavioral1/files/0x0006000000016d4e-124.dat	xmrig
behavioral1/memory/2792-501-0x000000013FCD0000-0x0000000140024000-memory.dmp	xmrig
behavioral1/memory/2872-1048-0x000000013FE50000-0x00000001401A4000-memory.dmp	xmrig
behavioral1/memory/2560-1072-0x000000013F610000-0x000000013F964000-memory.dmp	xmrig
behavioral1/memory/2668-356-0x000000013F530000-0x000000013F884000-memory.dmp	xmrig
behavioral1/files/0x0006000000017477-164.dat	xmrig
behavioral1/files/0x0006000000017042-160.dat	xmrig
behavioral1/files/0x0006000000016eb9-156.dat	xmrig
behavioral1/files/0x0006000000016de7-152.dat	xmrig
behavioral1/files/0x0006000000016dde-148.dat	xmrig
behavioral1/files/0x0006000000016dda-144.dat	xmrig
behavioral1/files/0x0006000000016d71-140.dat	xmrig
behavioral1/files/0x0006000000016d69-136.dat	xmrig
behavioral1/files/0x0006000000016d65-132.dat	xmrig
behavioral1/files/0x0006000000016d61-128.dat	xmrig
behavioral1/files/0x0006000000016d45-120.dat	xmrig
behavioral1/files/0x0006000000016d3d-116.dat	xmrig
behavioral1/files/0x0006000000016d34-112.dat	xmrig
behavioral1/memory/2516-1073-0x000000013FF00000-0x0000000140254000-memory.dmp	xmrig
behavioral1/files/0x0006000000016d2c-108.dat	xmrig
behavioral1/files/0x0006000000016d1b-104.dat	xmrig
behavioral1/files/0x0006000000016ce7-100.dat	xmrig
behavioral1/memory/2332-87-0x000000013FEE0000-0x0000000140234000-memory.dmp	xmrig
behavioral1/memory/2216-85-0x000000013FEE0000-0x0000000140234000-memory.dmp	xmrig
behavioral1/memory/2200-83-0x000000013F2F0000-0x000000013F644000-memory.dmp	xmrig
behavioral1/files/0x0006000000016c7a-81.dat	xmrig
behavioral1/memory/2216-76-0x000000013F780000-0x000000013FAD4000-memory.dmp	xmrig
behavioral1/files/0x0006000000016c71-74.dat	xmrig
behavioral1/files/0x00080000000165a8-58.dat	xmrig
behavioral1/memory/2720-47-0x000000013F640000-0x000000013F994000-memory.dmp	xmrig
behavioral1/memory/2656-46-0x000000013FAB0000-0x000000013FE04000-memory.dmp	xmrig
behavioral1/memory/2340-44-0x000000013F090000-0x000000013F3E4000-memory.dmp	xmrig
behavioral1/files/0x0007000000015cf0-39.dat	xmrig
behavioral1/files/0x0007000000015d02-38.dat	xmrig
behavioral1/memory/1852-37-0x000000013F3A0000-0x000000013F6F4000-memory.dmp	xmrig
behavioral1/files/0x0008000000015ccf-25.dat	xmrig
behavioral1/memory/2592-1075-0x000000013FAB0000-0x000000013FE04000-memory.dmp	xmrig
behavioral1/memory/2216-1076-0x000000013FEE0000-0x0000000140234000-memory.dmp	xmrig
behavioral1/memory/2332-1077-0x000000013FEE0000-0x0000000140234000-memory.dmp	xmrig
behavioral1/memory/2300-1079-0x000000013FF00000-0x0000000140254000-memory.dmp	xmrig
behavioral1/memory/2216-1080-0x0000000001FA0000-0x00000000022F4000-memory.dmp	xmrig
behavioral1/memory/2200-1081-0x000000013F2F0000-0x000000013F644000-memory.dmp	xmrig
behavioral1/memory/492-1082-0x000000013F130000-0x000000013F484000-memory.dmp	xmrig
behavioral1/memory/2340-1084-0x000000013F090000-0x000000013F3E4000-memory.dmp	xmrig
behavioral1/memory/1852-1083-0x000000013F3A0000-0x000000013F6F4000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2200	elOcxYF.exe
492	XBlAqPq.exe
2340	iXYBGlQ.exe
1852	cQVCsYa.exe
2720	CkFNpKV.exe
2656	RzeojNp.exe
2668	QjZUKAf.exe
2792	aXgRZqA.exe
2872	imNzZtx.exe
2560	sDYWDcy.exe
2516	dBhxCAv.exe
2592	BsmLDxX.exe
2332	dvmhjml.exe
2300	MyOoSSJ.exe
2760	EDkjzPB.exe
2808	ETWEooA.exe
2176	MUzXCPe.exe
236	encoZXa.exe
2500	ntaYHDt.exe
2840	OOdcvKv.exe
2868	oQcCdRs.exe
2460	lGsdjKf.exe
2980	FfMtrFI.exe
1808	VBGZKir.exe
1492	HhleFPe.exe
1384	Wcmllzp.exe
1800	ZhCvRYl.exe
2112	yQslZoe.exe
2196	eKJTdZP.exe
1996	EfbmJhl.exe
2864	BAVMgYJ.exe
2132	IwwlNtP.exe
672	ptPGyRx.exe
1124	cQcJZxy.exe
300	UEsmPGL.exe
1464	NVTCaUj.exe
1736	PpgrIrV.exe
1844	WgGIEAd.exe
1104	JhyaEMo.exe
1788	IlHimuN.exe
2480	crwqfel.exe
844	ySgYcqc.exe
1656	aelZrVU.exe
2456	RgSZVBu.exe
2352	ILnEgbz.exe
980	XTqJyEZ.exe
784	OMyDJwa.exe
1500	JfWKcAG.exe
1988	qJHNCPS.exe
944	atHALhA.exe
1064	aBzXCfY.exe
2360	nRExGAn.exe
2892	MnOqPFg.exe
464	tysvhOa.exe
896	fkJElBe.exe
940	WGttKzu.exe
772	gviZwXF.exe
3068	uCVPnWr.exe
2884	jSljfzu.exe
3064	dOuHRDX.exe
2224	stmaIov.exe
976	nnGOBwq.exe
1144	stuTpfC.exe
1744	whYQjvG.exe

Loads dropped DLL 64 IoCs

pid	Process
2216	1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe
2216	1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe
2216	1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe
2216	1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe
2216	1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe
2216	1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe
2216	1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe
2216	1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe
2216	1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe
2216	1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe
2216	1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe
2216	1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe
2216	1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe
2216	1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe
2216	1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe
2216	1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe
2216	1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe
2216	1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe
2216	1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe
2216	1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe
2216	1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe
2216	1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe
2216	1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe
2216	1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe
2216	1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe
2216	1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe
2216	1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe
2216	1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe
2216	1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe
2216	1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe
2216	1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe
2216	1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe
2216	1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe
2216	1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe
2216	1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe
2216	1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe
2216	1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe
2216	1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe
2216	1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe
2216	1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe
2216	1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe
2216	1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe
2216	1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe
2216	1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe
2216	1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe
2216	1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe
2216	1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe
2216	1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe
2216	1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe
2216	1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe
2216	1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe
2216	1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe
2216	1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe
2216	1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe
2216	1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe
2216	1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe
2216	1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe
2216	1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe
2216	1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe
2216	1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe
2216	1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe
2216	1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe
2216	1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe
2216	1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2216-0-0x000000013F780000-0x000000013FAD4000-memory.dmp	upx
behavioral1/files/0x000c00000001227b-3.dat	upx
behavioral1/memory/2200-8-0x000000013F2F0000-0x000000013F644000-memory.dmp	upx
behavioral1/files/0x0038000000015c7f-11.dat	upx
behavioral1/memory/492-24-0x000000013F130000-0x000000013F484000-memory.dmp	upx
behavioral1/files/0x0008000000015cc7-28.dat	upx
behavioral1/files/0x0007000000015d0c-34.dat	upx
behavioral1/memory/2668-49-0x000000013F530000-0x000000013F884000-memory.dmp	upx
behavioral1/files/0x0008000000015d28-53.dat	upx
behavioral1/memory/2792-55-0x000000013FCD0000-0x0000000140024000-memory.dmp	upx
behavioral1/files/0x0006000000016abb-63.dat	upx
behavioral1/memory/2872-60-0x000000013FE50000-0x00000001401A4000-memory.dmp	upx
behavioral1/memory/2560-65-0x000000013F610000-0x000000013F964000-memory.dmp	upx
behavioral1/files/0x0006000000016c56-69.dat	upx
behavioral1/memory/2516-71-0x000000013FF00000-0x0000000140254000-memory.dmp	upx
behavioral1/memory/2592-78-0x000000013FAB0000-0x000000013FE04000-memory.dmp	upx
behavioral1/files/0x0006000000016cc3-88.dat	upx
behavioral1/files/0x0038000000015c93-95.dat	upx
behavioral1/files/0x0006000000016d4e-124.dat	upx
behavioral1/memory/2792-501-0x000000013FCD0000-0x0000000140024000-memory.dmp	upx
behavioral1/memory/2872-1048-0x000000013FE50000-0x00000001401A4000-memory.dmp	upx
behavioral1/memory/2560-1072-0x000000013F610000-0x000000013F964000-memory.dmp	upx
behavioral1/memory/2668-356-0x000000013F530000-0x000000013F884000-memory.dmp	upx
behavioral1/files/0x0006000000017477-164.dat	upx
behavioral1/files/0x0006000000017042-160.dat	upx
behavioral1/files/0x0006000000016eb9-156.dat	upx
behavioral1/files/0x0006000000016de7-152.dat	upx
behavioral1/files/0x0006000000016dde-148.dat	upx
behavioral1/files/0x0006000000016dda-144.dat	upx
behavioral1/files/0x0006000000016d71-140.dat	upx
behavioral1/files/0x0006000000016d69-136.dat	upx
behavioral1/files/0x0006000000016d65-132.dat	upx
behavioral1/files/0x0006000000016d61-128.dat	upx
behavioral1/files/0x0006000000016d45-120.dat	upx
behavioral1/files/0x0006000000016d3d-116.dat	upx
behavioral1/files/0x0006000000016d34-112.dat	upx
behavioral1/memory/2516-1073-0x000000013FF00000-0x0000000140254000-memory.dmp	upx
behavioral1/files/0x0006000000016d2c-108.dat	upx
behavioral1/files/0x0006000000016d1b-104.dat	upx
behavioral1/files/0x0006000000016ce7-100.dat	upx
behavioral1/memory/2332-87-0x000000013FEE0000-0x0000000140234000-memory.dmp	upx
behavioral1/memory/2200-83-0x000000013F2F0000-0x000000013F644000-memory.dmp	upx
behavioral1/files/0x0006000000016c7a-81.dat	upx
behavioral1/memory/2216-76-0x000000013F780000-0x000000013FAD4000-memory.dmp	upx
behavioral1/files/0x0006000000016c71-74.dat	upx
behavioral1/files/0x00080000000165a8-58.dat	upx
behavioral1/memory/2720-47-0x000000013F640000-0x000000013F994000-memory.dmp	upx
behavioral1/memory/2656-46-0x000000013FAB0000-0x000000013FE04000-memory.dmp	upx
behavioral1/memory/2340-44-0x000000013F090000-0x000000013F3E4000-memory.dmp	upx
behavioral1/files/0x0007000000015cf0-39.dat	upx
behavioral1/files/0x0007000000015d02-38.dat	upx
behavioral1/memory/1852-37-0x000000013F3A0000-0x000000013F6F4000-memory.dmp	upx
behavioral1/files/0x0008000000015ccf-25.dat	upx
behavioral1/memory/2592-1075-0x000000013FAB0000-0x000000013FE04000-memory.dmp	upx
behavioral1/memory/2332-1077-0x000000013FEE0000-0x0000000140234000-memory.dmp	upx
behavioral1/memory/2300-1079-0x000000013FF00000-0x0000000140254000-memory.dmp	upx
behavioral1/memory/2200-1081-0x000000013F2F0000-0x000000013F644000-memory.dmp	upx
behavioral1/memory/492-1082-0x000000013F130000-0x000000013F484000-memory.dmp	upx
behavioral1/memory/2340-1084-0x000000013F090000-0x000000013F3E4000-memory.dmp	upx
behavioral1/memory/1852-1083-0x000000013F3A0000-0x000000013F6F4000-memory.dmp	upx
behavioral1/memory/2720-1085-0x000000013F640000-0x000000013F994000-memory.dmp	upx
behavioral1/memory/2656-1086-0x000000013FAB0000-0x000000013FE04000-memory.dmp	upx
behavioral1/memory/2792-1087-0x000000013FCD0000-0x0000000140024000-memory.dmp	upx
behavioral1/memory/2332-1088-0x000000013FEE0000-0x0000000140234000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\xmLcgpL.exe	1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe
File created	C:\Windows\System\sAfPoog.exe	1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe
File created	C:\Windows\System\QqXGoON.exe	1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe
File created	C:\Windows\System\jFUvawe.exe	1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe
File created	C:\Windows\System\ELgmqjF.exe	1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe
File created	C:\Windows\System\TmOqlNA.exe	1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe
File created	C:\Windows\System\Wcmllzp.exe	1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe
File created	C:\Windows\System\OoKxYBD.exe	1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe
File created	C:\Windows\System\YqdVQCe.exe	1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe
File created	C:\Windows\System\fDsPcPg.exe	1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe
File created	C:\Windows\System\FzBQMDG.exe	1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe
File created	C:\Windows\System\ExreYSN.exe	1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe
File created	C:\Windows\System\HhleFPe.exe	1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe
File created	C:\Windows\System\KeYaCnF.exe	1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe
File created	C:\Windows\System\HkdPQvH.exe	1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe
File created	C:\Windows\System\FOHmXPu.exe	1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe
File created	C:\Windows\System\CraZDrg.exe	1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe
File created	C:\Windows\System\BIvimJo.exe	1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe
File created	C:\Windows\System\rqJkYlE.exe	1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe
File created	C:\Windows\System\WgGIEAd.exe	1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe
File created	C:\Windows\System\OMyDJwa.exe	1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe
File created	C:\Windows\System\MRoPQeY.exe	1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe
File created	C:\Windows\System\OureuBM.exe	1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe
File created	C:\Windows\System\TfxjQRg.exe	1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe
File created	C:\Windows\System\aXgRZqA.exe	1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe
File created	C:\Windows\System\FxcFawn.exe	1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe
File created	C:\Windows\System\jkWAOJs.exe	1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe
File created	C:\Windows\System\jHYdwQT.exe	1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe
File created	C:\Windows\System\zXARTIP.exe	1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe
File created	C:\Windows\System\RzeojNp.exe	1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe
File created	C:\Windows\System\ZhCvRYl.exe	1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe
File created	C:\Windows\System\dvmhjml.exe	1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe
File created	C:\Windows\System\TPdJnvy.exe	1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe
File created	C:\Windows\System\WVubvsl.exe	1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe
File created	C:\Windows\System\WwOFlrp.exe	1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe
File created	C:\Windows\System\ahCYMjc.exe	1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe
File created	C:\Windows\System\PNEyJPX.exe	1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe
File created	C:\Windows\System\xdejYCC.exe	1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe
File created	C:\Windows\System\ECmGpbl.exe	1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe
File created	C:\Windows\System\QjZUKAf.exe	1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe
File created	C:\Windows\System\KjdQJcU.exe	1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe
File created	C:\Windows\System\NVTCaUj.exe	1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe
File created	C:\Windows\System\aBzXCfY.exe	1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe
File created	C:\Windows\System\nnmNIpD.exe	1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe
File created	C:\Windows\System\qUKpkTA.exe	1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe
File created	C:\Windows\System\BsmLDxX.exe	1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe
File created	C:\Windows\System\YMjdkth.exe	1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe
File created	C:\Windows\System\stmaIov.exe	1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe
File created	C:\Windows\System\SAJiKtW.exe	1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe
File created	C:\Windows\System\lIuGzPD.exe	1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe
File created	C:\Windows\System\eMGkxWp.exe	1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe
File created	C:\Windows\System\awhGAlb.exe	1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe
File created	C:\Windows\System\fhTWlvK.exe	1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe
File created	C:\Windows\System\dBhxCAv.exe	1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe
File created	C:\Windows\System\vwqtKPw.exe	1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe
File created	C:\Windows\System\qlNzGmk.exe	1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe
File created	C:\Windows\System\NpBqEbc.exe	1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe
File created	C:\Windows\System\aPqOwYW.exe	1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe
File created	C:\Windows\System\nKyCyHe.exe	1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe
File created	C:\Windows\System\HHQFXxE.exe	1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe
File created	C:\Windows\System\TByPnhD.exe	1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe
File created	C:\Windows\System\VIZNiIK.exe	1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe
File created	C:\Windows\System\ZeKcFUj.exe	1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe
File created	C:\Windows\System\dOuHRDX.exe	1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeLockMemoryPrivilege	2216	1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe
Token: SeLockMemoryPrivilege	2216	1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2216 wrote to memory of 2200	2216	1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe	29
PID 2216 wrote to memory of 2200	2216	1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe	29
PID 2216 wrote to memory of 2200	2216	1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe	29
PID 2216 wrote to memory of 492	2216	1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe	30
PID 2216 wrote to memory of 492	2216	1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe	30
PID 2216 wrote to memory of 492	2216	1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe	30
PID 2216 wrote to memory of 1852	2216	1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe	31
PID 2216 wrote to memory of 1852	2216	1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe	31
PID 2216 wrote to memory of 1852	2216	1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe	31
PID 2216 wrote to memory of 2340	2216	1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe	32
PID 2216 wrote to memory of 2340	2216	1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe	32
PID 2216 wrote to memory of 2340	2216	1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe	32
PID 2216 wrote to memory of 2656	2216	1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe	33
PID 2216 wrote to memory of 2656	2216	1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe	33
PID 2216 wrote to memory of 2656	2216	1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe	33
PID 2216 wrote to memory of 2720	2216	1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe	34
PID 2216 wrote to memory of 2720	2216	1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe	34
PID 2216 wrote to memory of 2720	2216	1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe	34
PID 2216 wrote to memory of 2668	2216	1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe	35
PID 2216 wrote to memory of 2668	2216	1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe	35
PID 2216 wrote to memory of 2668	2216	1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe	35
PID 2216 wrote to memory of 2792	2216	1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe	36
PID 2216 wrote to memory of 2792	2216	1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe	36
PID 2216 wrote to memory of 2792	2216	1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe	36
PID 2216 wrote to memory of 2872	2216	1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe	37
PID 2216 wrote to memory of 2872	2216	1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe	37
PID 2216 wrote to memory of 2872	2216	1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe	37
PID 2216 wrote to memory of 2560	2216	1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe	38
PID 2216 wrote to memory of 2560	2216	1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe	38
PID 2216 wrote to memory of 2560	2216	1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe	38
PID 2216 wrote to memory of 2516	2216	1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe	39
PID 2216 wrote to memory of 2516	2216	1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe	39
PID 2216 wrote to memory of 2516	2216	1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe	39
PID 2216 wrote to memory of 2592	2216	1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe	40
PID 2216 wrote to memory of 2592	2216	1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe	40
PID 2216 wrote to memory of 2592	2216	1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe	40
PID 2216 wrote to memory of 2332	2216	1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe	41
PID 2216 wrote to memory of 2332	2216	1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe	41
PID 2216 wrote to memory of 2332	2216	1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe	41
PID 2216 wrote to memory of 2300	2216	1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe	42
PID 2216 wrote to memory of 2300	2216	1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe	42
PID 2216 wrote to memory of 2300	2216	1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe	42
PID 2216 wrote to memory of 2760	2216	1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe	43
PID 2216 wrote to memory of 2760	2216	1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe	43
PID 2216 wrote to memory of 2760	2216	1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe	43
PID 2216 wrote to memory of 2808	2216	1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe	44
PID 2216 wrote to memory of 2808	2216	1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe	44
PID 2216 wrote to memory of 2808	2216	1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe	44
PID 2216 wrote to memory of 2176	2216	1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe	45
PID 2216 wrote to memory of 2176	2216	1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe	45
PID 2216 wrote to memory of 2176	2216	1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe	45
PID 2216 wrote to memory of 236	2216	1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe	46
PID 2216 wrote to memory of 236	2216	1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe	46
PID 2216 wrote to memory of 236	2216	1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe	46
PID 2216 wrote to memory of 2500	2216	1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe	47
PID 2216 wrote to memory of 2500	2216	1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe	47
PID 2216 wrote to memory of 2500	2216	1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe	47
PID 2216 wrote to memory of 2840	2216	1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe	48
PID 2216 wrote to memory of 2840	2216	1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe	48
PID 2216 wrote to memory of 2840	2216	1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe	48
PID 2216 wrote to memory of 2868	2216	1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe	49
PID 2216 wrote to memory of 2868	2216	1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe	49
PID 2216 wrote to memory of 2868	2216	1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe	49
PID 2216 wrote to memory of 2460	2216	1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe	50

C:\Users\Admin\AppData\Local\Temp\1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\1fc91cd40d261bb9b2855360c95fd2f25d4095581e23c4a65716a2c5e9d6cf69_NeikiAnalytics.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2216
- C:\Windows\System\elOcxYF.exe
  C:\Windows\System\elOcxYF.exe
  2⤵
  - Executes dropped EXE
  PID:2200
- C:\Windows\System\XBlAqPq.exe
  C:\Windows\System\XBlAqPq.exe
  2⤵
  - Executes dropped EXE
  PID:492
- C:\Windows\System\cQVCsYa.exe
  C:\Windows\System\cQVCsYa.exe
  2⤵
  - Executes dropped EXE
  PID:1852
- C:\Windows\System\iXYBGlQ.exe
  C:\Windows\System\iXYBGlQ.exe
  2⤵
  - Executes dropped EXE
  PID:2340
- C:\Windows\System\RzeojNp.exe
  C:\Windows\System\RzeojNp.exe
  2⤵
  - Executes dropped EXE
  PID:2656
- C:\Windows\System\CkFNpKV.exe
  C:\Windows\System\CkFNpKV.exe
  2⤵
  - Executes dropped EXE
  PID:2720
- C:\Windows\System\QjZUKAf.exe
  C:\Windows\System\QjZUKAf.exe
  2⤵
  - Executes dropped EXE
  PID:2668
- C:\Windows\System\aXgRZqA.exe
  C:\Windows\System\aXgRZqA.exe
  2⤵
  - Executes dropped EXE
  PID:2792
- C:\Windows\System\imNzZtx.exe
  C:\Windows\System\imNzZtx.exe
  2⤵
  - Executes dropped EXE
  PID:2872
- C:\Windows\System\sDYWDcy.exe
  C:\Windows\System\sDYWDcy.exe
  2⤵
  - Executes dropped EXE
  PID:2560
- C:\Windows\System\dBhxCAv.exe
  C:\Windows\System\dBhxCAv.exe
  2⤵
  - Executes dropped EXE
  PID:2516
- C:\Windows\System\BsmLDxX.exe
  C:\Windows\System\BsmLDxX.exe
  2⤵
  - Executes dropped EXE
  PID:2592
- C:\Windows\System\dvmhjml.exe
  C:\Windows\System\dvmhjml.exe
  2⤵
  - Executes dropped EXE
  PID:2332
- C:\Windows\System\MyOoSSJ.exe
  C:\Windows\System\MyOoSSJ.exe
  2⤵
  - Executes dropped EXE
  PID:2300
- C:\Windows\System\EDkjzPB.exe
  C:\Windows\System\EDkjzPB.exe
  2⤵
  - Executes dropped EXE
  PID:2760
- C:\Windows\System\ETWEooA.exe
  C:\Windows\System\ETWEooA.exe
  2⤵
  - Executes dropped EXE
  PID:2808
- C:\Windows\System\MUzXCPe.exe
  C:\Windows\System\MUzXCPe.exe
  2⤵
  - Executes dropped EXE
  PID:2176
- C:\Windows\System\encoZXa.exe
  C:\Windows\System\encoZXa.exe
  2⤵
  - Executes dropped EXE
  PID:236
- C:\Windows\System\ntaYHDt.exe
  C:\Windows\System\ntaYHDt.exe
  2⤵
  - Executes dropped EXE
  PID:2500
- C:\Windows\System\OOdcvKv.exe
  C:\Windows\System\OOdcvKv.exe
  2⤵
  - Executes dropped EXE
  PID:2840
- C:\Windows\System\oQcCdRs.exe
  C:\Windows\System\oQcCdRs.exe
  2⤵
  - Executes dropped EXE
  PID:2868
- C:\Windows\System\lGsdjKf.exe
  C:\Windows\System\lGsdjKf.exe
  2⤵
  - Executes dropped EXE
  PID:2460
- C:\Windows\System\FfMtrFI.exe
  C:\Windows\System\FfMtrFI.exe
  2⤵
  - Executes dropped EXE
  PID:2980
- C:\Windows\System\VBGZKir.exe
  C:\Windows\System\VBGZKir.exe
  2⤵
  - Executes dropped EXE
  PID:1808
- C:\Windows\System\HhleFPe.exe
  C:\Windows\System\HhleFPe.exe
  2⤵
  - Executes dropped EXE
  PID:1492
- C:\Windows\System\Wcmllzp.exe
  C:\Windows\System\Wcmllzp.exe
  2⤵
  - Executes dropped EXE
  PID:1384
- C:\Windows\System\ZhCvRYl.exe
  C:\Windows\System\ZhCvRYl.exe
  2⤵
  - Executes dropped EXE
  PID:1800
- C:\Windows\System\yQslZoe.exe
  C:\Windows\System\yQslZoe.exe
  2⤵
  - Executes dropped EXE
  PID:2112
- C:\Windows\System\eKJTdZP.exe
  C:\Windows\System\eKJTdZP.exe
  2⤵
  - Executes dropped EXE
  PID:2196
- C:\Windows\System\EfbmJhl.exe
  C:\Windows\System\EfbmJhl.exe
  2⤵
  - Executes dropped EXE
  PID:1996
- C:\Windows\System\BAVMgYJ.exe
  C:\Windows\System\BAVMgYJ.exe
  2⤵
  - Executes dropped EXE
  PID:2864
- C:\Windows\System\IwwlNtP.exe
  C:\Windows\System\IwwlNtP.exe
  2⤵
  - Executes dropped EXE
  PID:2132
- C:\Windows\System\ptPGyRx.exe
  C:\Windows\System\ptPGyRx.exe
  2⤵
  - Executes dropped EXE
  PID:672
- C:\Windows\System\cQcJZxy.exe
  C:\Windows\System\cQcJZxy.exe
  2⤵
  - Executes dropped EXE
  PID:1124
- C:\Windows\System\UEsmPGL.exe
  C:\Windows\System\UEsmPGL.exe
  2⤵
  - Executes dropped EXE
  PID:300
- C:\Windows\System\NVTCaUj.exe
  C:\Windows\System\NVTCaUj.exe
  2⤵
  - Executes dropped EXE
  PID:1464
- C:\Windows\System\PpgrIrV.exe
  C:\Windows\System\PpgrIrV.exe
  2⤵
  - Executes dropped EXE
  PID:1736
- C:\Windows\System\WgGIEAd.exe
  C:\Windows\System\WgGIEAd.exe
  2⤵
  - Executes dropped EXE
  PID:1844
- C:\Windows\System\JhyaEMo.exe
  C:\Windows\System\JhyaEMo.exe
  2⤵
  - Executes dropped EXE
  PID:1104
- C:\Windows\System\IlHimuN.exe
  C:\Windows\System\IlHimuN.exe
  2⤵
  - Executes dropped EXE
  PID:1788
- C:\Windows\System\crwqfel.exe
  C:\Windows\System\crwqfel.exe
  2⤵
  - Executes dropped EXE
  PID:2480
- C:\Windows\System\ySgYcqc.exe
  C:\Windows\System\ySgYcqc.exe
  2⤵
  - Executes dropped EXE
  PID:844
- C:\Windows\System\aelZrVU.exe
  C:\Windows\System\aelZrVU.exe
  2⤵
  - Executes dropped EXE
  PID:1656
- C:\Windows\System\RgSZVBu.exe
  C:\Windows\System\RgSZVBu.exe
  2⤵
  - Executes dropped EXE
  PID:2456
- C:\Windows\System\ILnEgbz.exe
  C:\Windows\System\ILnEgbz.exe
  2⤵
  - Executes dropped EXE
  PID:2352
- C:\Windows\System\XTqJyEZ.exe
  C:\Windows\System\XTqJyEZ.exe
  2⤵
  - Executes dropped EXE
  PID:980
- C:\Windows\System\OMyDJwa.exe
  C:\Windows\System\OMyDJwa.exe
  2⤵
  - Executes dropped EXE
  PID:784
- C:\Windows\System\JfWKcAG.exe
  C:\Windows\System\JfWKcAG.exe
  2⤵
  - Executes dropped EXE
  PID:1500
- C:\Windows\System\qJHNCPS.exe
  C:\Windows\System\qJHNCPS.exe
  2⤵
  - Executes dropped EXE
  PID:1988
- C:\Windows\System\atHALhA.exe
  C:\Windows\System\atHALhA.exe
  2⤵
  - Executes dropped EXE
  PID:944
- C:\Windows\System\aBzXCfY.exe
  C:\Windows\System\aBzXCfY.exe
  2⤵
  - Executes dropped EXE
  PID:1064
- C:\Windows\System\nRExGAn.exe
  C:\Windows\System\nRExGAn.exe
  2⤵
  - Executes dropped EXE
  PID:2360
- C:\Windows\System\MnOqPFg.exe
  C:\Windows\System\MnOqPFg.exe
  2⤵
  - Executes dropped EXE
  PID:2892
- C:\Windows\System\tysvhOa.exe
  C:\Windows\System\tysvhOa.exe
  2⤵
  - Executes dropped EXE
  PID:464
- C:\Windows\System\fkJElBe.exe
  C:\Windows\System\fkJElBe.exe
  2⤵
  - Executes dropped EXE
  PID:896
- C:\Windows\System\WGttKzu.exe
  C:\Windows\System\WGttKzu.exe
  2⤵
  - Executes dropped EXE
  PID:940
- C:\Windows\System\gviZwXF.exe
  C:\Windows\System\gviZwXF.exe
  2⤵
  - Executes dropped EXE
  PID:772
- C:\Windows\System\uCVPnWr.exe
  C:\Windows\System\uCVPnWr.exe
  2⤵
  - Executes dropped EXE
  PID:3068
- C:\Windows\System\jSljfzu.exe
  C:\Windows\System\jSljfzu.exe
  2⤵
  - Executes dropped EXE
  PID:2884
- C:\Windows\System\dOuHRDX.exe
  C:\Windows\System\dOuHRDX.exe
  2⤵
  - Executes dropped EXE
  PID:3064
- C:\Windows\System\stmaIov.exe
  C:\Windows\System\stmaIov.exe
  2⤵
  - Executes dropped EXE
  PID:2224
- C:\Windows\System\nnGOBwq.exe
  C:\Windows\System\nnGOBwq.exe
  2⤵
  - Executes dropped EXE
  PID:976
- C:\Windows\System\stuTpfC.exe
  C:\Windows\System\stuTpfC.exe
  2⤵
  - Executes dropped EXE
  PID:1144
- C:\Windows\System\whYQjvG.exe
  C:\Windows\System\whYQjvG.exe
  2⤵
  - Executes dropped EXE
  PID:1744
- C:\Windows\System\gLaUiUW.exe
  C:\Windows\System\gLaUiUW.exe
  2⤵
  PID:872
- C:\Windows\System\FxcFawn.exe
  C:\Windows\System\FxcFawn.exe
  2⤵
  PID:2020
- C:\Windows\System\qmSxFDD.exe
  C:\Windows\System\qmSxFDD.exe
  2⤵
  PID:2596
- C:\Windows\System\SZtXIIM.exe
  C:\Windows\System\SZtXIIM.exe
  2⤵
  PID:2944
- C:\Windows\System\PJPApvM.exe
  C:\Windows\System\PJPApvM.exe
  2⤵
  PID:1572
- C:\Windows\System\bxrrWnh.exe
  C:\Windows\System\bxrrWnh.exe
  2⤵
  PID:1568
- C:\Windows\System\OoKxYBD.exe
  C:\Windows\System\OoKxYBD.exe
  2⤵
  PID:316
- C:\Windows\System\MLKAELM.exe
  C:\Windows\System\MLKAELM.exe
  2⤵
  PID:2208
- C:\Windows\System\UPANtqg.exe
  C:\Windows\System\UPANtqg.exe
  2⤵
  PID:1836
- C:\Windows\System\lIuGzPD.exe
  C:\Windows\System\lIuGzPD.exe
  2⤵
  PID:2608
- C:\Windows\System\VNtsJXo.exe
  C:\Windows\System\VNtsJXo.exe
  2⤵
  PID:2620
- C:\Windows\System\dCNVNdt.exe
  C:\Windows\System\dCNVNdt.exe
  2⤵
  PID:2708
- C:\Windows\System\xKBMDry.exe
  C:\Windows\System\xKBMDry.exe
  2⤵
  PID:1216
- C:\Windows\System\ETFPziX.exe
  C:\Windows\System\ETFPziX.exe
  2⤵
  PID:1980
- C:\Windows\System\EIiAzZm.exe
  C:\Windows\System\EIiAzZm.exe
  2⤵
  PID:1976
- C:\Windows\System\TPdJnvy.exe
  C:\Windows\System\TPdJnvy.exe
  2⤵
  PID:2140
- C:\Windows\System\vOUfPOd.exe
  C:\Windows\System\vOUfPOd.exe
  2⤵
  PID:2396
- C:\Windows\System\UTtZUEI.exe
  C:\Windows\System\UTtZUEI.exe
  2⤵
  PID:1924
- C:\Windows\System\uxoppEV.exe
  C:\Windows\System\uxoppEV.exe
  2⤵
  PID:2844
- C:\Windows\System\mYNQraD.exe
  C:\Windows\System\mYNQraD.exe
  2⤵
  PID:2832
- C:\Windows\System\VBrmImO.exe
  C:\Windows\System\VBrmImO.exe
  2⤵
  PID:2976
- C:\Windows\System\bBKfNvx.exe
  C:\Windows\System\bBKfNvx.exe
  2⤵
  PID:1196
- C:\Windows\System\WvTvuNn.exe
  C:\Windows\System\WvTvuNn.exe
  2⤵
  PID:856
- C:\Windows\System\bwvkYet.exe
  C:\Windows\System\bwvkYet.exe
  2⤵
  PID:2032
- C:\Windows\System\cRxajUJ.exe
  C:\Windows\System\cRxajUJ.exe
  2⤵
  PID:2916
- C:\Windows\System\plIzxfo.exe
  C:\Windows\System\plIzxfo.exe
  2⤵
  PID:688
- C:\Windows\System\rqJkYlE.exe
  C:\Windows\System\rqJkYlE.exe
  2⤵
  PID:776
- C:\Windows\System\xmLcgpL.exe
  C:\Windows\System\xmLcgpL.exe
  2⤵
  PID:576
- C:\Windows\System\SgyGLSx.exe
  C:\Windows\System\SgyGLSx.exe
  2⤵
  PID:1848
- C:\Windows\System\vYnjnBP.exe
  C:\Windows\System\vYnjnBP.exe
  2⤵
  PID:1096
- C:\Windows\System\EQqWxdI.exe
  C:\Windows\System\EQqWxdI.exe
  2⤵
  PID:540
- C:\Windows\System\KeYaCnF.exe
  C:\Windows\System\KeYaCnF.exe
  2⤵
  PID:2268
- C:\Windows\System\IzpwWNg.exe
  C:\Windows\System\IzpwWNg.exe
  2⤵
  PID:1752
- C:\Windows\System\cgmtVnr.exe
  C:\Windows\System\cgmtVnr.exe
  2⤵
  PID:1336
- C:\Windows\System\DblHkrY.exe
  C:\Windows\System\DblHkrY.exe
  2⤵
  PID:352
- C:\Windows\System\nKyCyHe.exe
  C:\Windows\System\nKyCyHe.exe
  2⤵
  PID:1856
- C:\Windows\System\huWznBB.exe
  C:\Windows\System\huWznBB.exe
  2⤵
  PID:1768
- C:\Windows\System\ofXUAxA.exe
  C:\Windows\System\ofXUAxA.exe
  2⤵
  PID:2044
- C:\Windows\System\LPQmmCx.exe
  C:\Windows\System\LPQmmCx.exe
  2⤵
  PID:1972
- C:\Windows\System\xBgURlR.exe
  C:\Windows\System\xBgURlR.exe
  2⤵
  PID:2932
- C:\Windows\System\xdjJIgK.exe
  C:\Windows\System\xdjJIgK.exe
  2⤵
  PID:1700
- C:\Windows\System\ERDsBEz.exe
  C:\Windows\System\ERDsBEz.exe
  2⤵
  PID:1748
- C:\Windows\System\rxqBscP.exe
  C:\Windows\System\rxqBscP.exe
  2⤵
  PID:2600
- C:\Windows\System\tTxefjt.exe
  C:\Windows\System\tTxefjt.exe
  2⤵
  PID:1528
- C:\Windows\System\ezsuDGo.exe
  C:\Windows\System\ezsuDGo.exe
  2⤵
  PID:2192
- C:\Windows\System\KOlJDHE.exe
  C:\Windows\System\KOlJDHE.exe
  2⤵
  PID:1796
- C:\Windows\System\hkuWfDu.exe
  C:\Windows\System\hkuWfDu.exe
  2⤵
  PID:2292
- C:\Windows\System\JCmtlWy.exe
  C:\Windows\System\JCmtlWy.exe
  2⤵
  PID:2776
- C:\Windows\System\LyWyuaQ.exe
  C:\Windows\System\LyWyuaQ.exe
  2⤵
  PID:2680
- C:\Windows\System\zBLkCrO.exe
  C:\Windows\System\zBLkCrO.exe
  2⤵
  PID:2764
- C:\Windows\System\MRoPQeY.exe
  C:\Windows\System\MRoPQeY.exe
  2⤵
  PID:1552
- C:\Windows\System\obeLVgT.exe
  C:\Windows\System\obeLVgT.exe
  2⤵
  PID:2752
- C:\Windows\System\FiGuwic.exe
  C:\Windows\System\FiGuwic.exe
  2⤵
  PID:1696
- C:\Windows\System\AMVHBXM.exe
  C:\Windows\System\AMVHBXM.exe
  2⤵
  PID:1664
- C:\Windows\System\LeseEki.exe
  C:\Windows\System\LeseEki.exe
  2⤵
  PID:480
- C:\Windows\System\jxZrfdz.exe
  C:\Windows\System\jxZrfdz.exe
  2⤵
  PID:1616
- C:\Windows\System\MYqwXGR.exe
  C:\Windows\System\MYqwXGR.exe
  2⤵
  PID:1792
- C:\Windows\System\FJXJXSU.exe
  C:\Windows\System\FJXJXSU.exe
  2⤵
  PID:2348
- C:\Windows\System\GRFgoyg.exe
  C:\Windows\System\GRFgoyg.exe
  2⤵
  PID:2908
- C:\Windows\System\vIZpgSO.exe
  C:\Windows\System\vIZpgSO.exe
  2⤵
  PID:296
- C:\Windows\System\eMGkxWp.exe
  C:\Windows\System\eMGkxWp.exe
  2⤵
  PID:1228
- C:\Windows\System\OKOSHzk.exe
  C:\Windows\System\OKOSHzk.exe
  2⤵
  PID:2228
- C:\Windows\System\wEGDEek.exe
  C:\Windows\System\wEGDEek.exe
  2⤵
  PID:1652
- C:\Windows\System\PVBWqRD.exe
  C:\Windows\System\PVBWqRD.exe
  2⤵
  PID:2700
- C:\Windows\System\sAfPoog.exe
  C:\Windows\System\sAfPoog.exe
  2⤵
  PID:2204
- C:\Windows\System\XqRkGEQ.exe
  C:\Windows\System\XqRkGEQ.exe
  2⤵
  PID:2120
- C:\Windows\System\cdBZNtJ.exe
  C:\Windows\System\cdBZNtJ.exe
  2⤵
  PID:2532
- C:\Windows\System\dlLkUPJ.exe
  C:\Windows\System\dlLkUPJ.exe
  2⤵
  PID:2316
- C:\Windows\System\ZsOlJoi.exe
  C:\Windows\System\ZsOlJoi.exe
  2⤵
  PID:1488
- C:\Windows\System\qAuIJRw.exe
  C:\Windows\System\qAuIJRw.exe
  2⤵
  PID:1904
- C:\Windows\System\HHQFXxE.exe
  C:\Windows\System\HHQFXxE.exe
  2⤵
  PID:1592
- C:\Windows\System\vwqtKPw.exe
  C:\Windows\System\vwqtKPw.exe
  2⤵
  PID:1340
- C:\Windows\System\dSGUbvS.exe
  C:\Windows\System\dSGUbvS.exe
  2⤵
  PID:2088
- C:\Windows\System\IFOXdRc.exe
  C:\Windows\System\IFOXdRc.exe
  2⤵
  PID:2948
- C:\Windows\System\XqTIkKF.exe
  C:\Windows\System\XqTIkKF.exe
  2⤵
  PID:1564
- C:\Windows\System\QqXGoON.exe
  C:\Windows\System\QqXGoON.exe
  2⤵
  PID:3016
- C:\Windows\System\iOZQBnP.exe
  C:\Windows\System\iOZQBnP.exe
  2⤵
  PID:2972
- C:\Windows\System\HkdPQvH.exe
  C:\Windows\System\HkdPQvH.exe
  2⤵
  PID:612
- C:\Windows\System\YMjdkth.exe
  C:\Windows\System\YMjdkth.exe
  2⤵
  PID:880
- C:\Windows\System\jkWAOJs.exe
  C:\Windows\System\jkWAOJs.exe
  2⤵
  PID:3076
- C:\Windows\System\NlVmVeu.exe
  C:\Windows\System\NlVmVeu.exe
  2⤵
  PID:3092
- C:\Windows\System\vfkwCLW.exe
  C:\Windows\System\vfkwCLW.exe
  2⤵
  PID:3108
- C:\Windows\System\jFUvawe.exe
  C:\Windows\System\jFUvawe.exe
  2⤵
  PID:3124
- C:\Windows\System\sCsDNKF.exe
  C:\Windows\System\sCsDNKF.exe
  2⤵
  PID:3140
- C:\Windows\System\OureuBM.exe
  C:\Windows\System\OureuBM.exe
  2⤵
  PID:3156
- C:\Windows\System\QPhIEEq.exe
  C:\Windows\System\QPhIEEq.exe
  2⤵
  PID:3172
- C:\Windows\System\iTiUvWA.exe
  C:\Windows\System\iTiUvWA.exe
  2⤵
  PID:3188
- C:\Windows\System\iZFBxSu.exe
  C:\Windows\System\iZFBxSu.exe
  2⤵
  PID:3204
- C:\Windows\System\YEJlGte.exe
  C:\Windows\System\YEJlGte.exe
  2⤵
  PID:3220
- C:\Windows\System\xWLmHWD.exe
  C:\Windows\System\xWLmHWD.exe
  2⤵
  PID:3236
- C:\Windows\System\ynbCfIU.exe
  C:\Windows\System\ynbCfIU.exe
  2⤵
  PID:3252
- C:\Windows\System\bCzfwGn.exe
  C:\Windows\System\bCzfwGn.exe
  2⤵
  PID:3268
- C:\Windows\System\vTdfcmj.exe
  C:\Windows\System\vTdfcmj.exe
  2⤵
  PID:3284
- C:\Windows\System\Ycjblrz.exe
  C:\Windows\System\Ycjblrz.exe
  2⤵
  PID:3300
- C:\Windows\System\ZawzGsS.exe
  C:\Windows\System\ZawzGsS.exe
  2⤵
  PID:3316
- C:\Windows\System\OqOUDAz.exe
  C:\Windows\System\OqOUDAz.exe
  2⤵
  PID:3332
- C:\Windows\System\iPoJmKa.exe
  C:\Windows\System\iPoJmKa.exe
  2⤵
  PID:3348
- C:\Windows\System\OWmLsAw.exe
  C:\Windows\System\OWmLsAw.exe
  2⤵
  PID:3364
- C:\Windows\System\FOHmXPu.exe
  C:\Windows\System\FOHmXPu.exe
  2⤵
  PID:3380
- C:\Windows\System\bWCBwev.exe
  C:\Windows\System\bWCBwev.exe
  2⤵
  PID:3396
- C:\Windows\System\kISdVJJ.exe
  C:\Windows\System\kISdVJJ.exe
  2⤵
  PID:3412
- C:\Windows\System\ppkzhfN.exe
  C:\Windows\System\ppkzhfN.exe
  2⤵
  PID:3428
- C:\Windows\System\LojKKOk.exe
  C:\Windows\System\LojKKOk.exe
  2⤵
  PID:3444
- C:\Windows\System\OrEbaWS.exe
  C:\Windows\System\OrEbaWS.exe
  2⤵
  PID:3460
- C:\Windows\System\WVubvsl.exe
  C:\Windows\System\WVubvsl.exe
  2⤵
  PID:3476
- C:\Windows\System\skoDRmr.exe
  C:\Windows\System\skoDRmr.exe
  2⤵
  PID:3492
- C:\Windows\System\awhGAlb.exe
  C:\Windows\System\awhGAlb.exe
  2⤵
  PID:3508
- C:\Windows\System\ThQwKfG.exe
  C:\Windows\System\ThQwKfG.exe
  2⤵
  PID:3524
- C:\Windows\System\ZrkuhTZ.exe
  C:\Windows\System\ZrkuhTZ.exe
  2⤵
  PID:3540
- C:\Windows\System\JAlklOl.exe
  C:\Windows\System\JAlklOl.exe
  2⤵
  PID:3556
- C:\Windows\System\CraZDrg.exe
  C:\Windows\System\CraZDrg.exe
  2⤵
  PID:3572
- C:\Windows\System\RBgAVva.exe
  C:\Windows\System\RBgAVva.exe
  2⤵
  PID:3588
- C:\Windows\System\qlNzGmk.exe
  C:\Windows\System\qlNzGmk.exe
  2⤵
  PID:3604
- C:\Windows\System\URxqfoE.exe
  C:\Windows\System\URxqfoE.exe
  2⤵
  PID:3620
- C:\Windows\System\YxzYgzZ.exe
  C:\Windows\System\YxzYgzZ.exe
  2⤵
  PID:3652
- C:\Windows\System\EYbMWJs.exe
  C:\Windows\System\EYbMWJs.exe
  2⤵
  PID:3836
- C:\Windows\System\ceYnMQF.exe
  C:\Windows\System\ceYnMQF.exe
  2⤵
  PID:3872
- C:\Windows\System\nJKaLAP.exe
  C:\Windows\System\nJKaLAP.exe
  2⤵
  PID:3892
- C:\Windows\System\WKUHabt.exe
  C:\Windows\System\WKUHabt.exe
  2⤵
  PID:3912
- C:\Windows\System\AGrjARJ.exe
  C:\Windows\System\AGrjARJ.exe
  2⤵
  PID:3928
- C:\Windows\System\TByPnhD.exe
  C:\Windows\System\TByPnhD.exe
  2⤵
  PID:3964
- C:\Windows\System\yVYlXQx.exe
  C:\Windows\System\yVYlXQx.exe
  2⤵
  PID:3988
- C:\Windows\System\GUAzsRp.exe
  C:\Windows\System\GUAzsRp.exe
  2⤵
  PID:4004
- C:\Windows\System\JuhkBFX.exe
  C:\Windows\System\JuhkBFX.exe
  2⤵
  PID:4020
- C:\Windows\System\ubksSPv.exe
  C:\Windows\System\ubksSPv.exe
  2⤵
  PID:4036
- C:\Windows\System\rbTeSXZ.exe
  C:\Windows\System\rbTeSXZ.exe
  2⤵
  PID:4056
- C:\Windows\System\jGSFYsx.exe
  C:\Windows\System\jGSFYsx.exe
  2⤵
  PID:4072
- C:\Windows\System\jHYdwQT.exe
  C:\Windows\System\jHYdwQT.exe
  2⤵
  PID:4088
- C:\Windows\System\YUxeDud.exe
  C:\Windows\System\YUxeDud.exe
  2⤵
  PID:2964
- C:\Windows\System\frYwoGM.exe
  C:\Windows\System\frYwoGM.exe
  2⤵
  PID:2616
- C:\Windows\System\khzPIiP.exe
  C:\Windows\System\khzPIiP.exe
  2⤵
  PID:1128
- C:\Windows\System\PNsxcHh.exe
  C:\Windows\System\PNsxcHh.exe
  2⤵
  PID:1148
- C:\Windows\System\VcPUJbY.exe
  C:\Windows\System\VcPUJbY.exe
  2⤵
  PID:3120
- C:\Windows\System\NpBqEbc.exe
  C:\Windows\System\NpBqEbc.exe
  2⤵
  PID:3152
- C:\Windows\System\TNPZjjA.exe
  C:\Windows\System\TNPZjjA.exe
  2⤵
  PID:3168
- C:\Windows\System\HOdDLFd.exe
  C:\Windows\System\HOdDLFd.exe
  2⤵
  PID:3200
- C:\Windows\System\VIZNiIK.exe
  C:\Windows\System\VIZNiIK.exe
  2⤵
  PID:3232
- C:\Windows\System\APcDbiW.exe
  C:\Windows\System\APcDbiW.exe
  2⤵
  PID:3264
- C:\Windows\System\mjfOOzj.exe
  C:\Windows\System\mjfOOzj.exe
  2⤵
  PID:3296
- C:\Windows\System\CpeHDIc.exe
  C:\Windows\System\CpeHDIc.exe
  2⤵
  PID:3344
- C:\Windows\System\gnknyVM.exe
  C:\Windows\System\gnknyVM.exe
  2⤵
  PID:3360
- C:\Windows\System\ZSkaDVl.exe
  C:\Windows\System\ZSkaDVl.exe
  2⤵
  PID:3408
- C:\Windows\System\GShCypu.exe
  C:\Windows\System\GShCypu.exe
  2⤵
  PID:3424
- C:\Windows\System\YqdVQCe.exe
  C:\Windows\System\YqdVQCe.exe
  2⤵
  PID:3484
- C:\Windows\System\WwOFlrp.exe
  C:\Windows\System\WwOFlrp.exe
  2⤵
  PID:3516
- C:\Windows\System\nnmNIpD.exe
  C:\Windows\System\nnmNIpD.exe
  2⤵
  PID:3548
- C:\Windows\System\FuujOHu.exe
  C:\Windows\System\FuujOHu.exe
  2⤵
  PID:3636
- C:\Windows\System\eGcaUXy.exe
  C:\Windows\System\eGcaUXy.exe
  2⤵
  PID:1644
- C:\Windows\System\RQGJMfO.exe
  C:\Windows\System\RQGJMfO.exe
  2⤵
  PID:2548
- C:\Windows\System\JnvlQRl.exe
  C:\Windows\System\JnvlQRl.exe
  2⤵
  PID:3640
- C:\Windows\System\EgJBQUM.exe
  C:\Windows\System\EgJBQUM.exe
  2⤵
  PID:3552
- C:\Windows\System\WmaYRwE.exe
  C:\Windows\System\WmaYRwE.exe
  2⤵
  PID:3616
- C:\Windows\System\ryJQuXZ.exe
  C:\Windows\System\ryJQuXZ.exe
  2⤵
  PID:3664
- C:\Windows\System\CQVLkvO.exe
  C:\Windows\System\CQVLkvO.exe
  2⤵
  PID:3680
- C:\Windows\System\ecXxwpP.exe
  C:\Windows\System\ecXxwpP.exe
  2⤵
  PID:3696
- C:\Windows\System\AUXxqoR.exe
  C:\Windows\System\AUXxqoR.exe
  2⤵
  PID:3712
- C:\Windows\System\aPqOwYW.exe
  C:\Windows\System\aPqOwYW.exe
  2⤵
  PID:3728
- C:\Windows\System\mKcHtNo.exe
  C:\Windows\System\mKcHtNo.exe
  2⤵
  PID:3744
- C:\Windows\System\qnmnRHF.exe
  C:\Windows\System\qnmnRHF.exe
  2⤵
  PID:3760
- C:\Windows\System\OhjIWfB.exe
  C:\Windows\System\OhjIWfB.exe
  2⤵
  PID:3776
- C:\Windows\System\DDgyUrZ.exe
  C:\Windows\System\DDgyUrZ.exe
  2⤵
  PID:3792
- C:\Windows\System\ELgmqjF.exe
  C:\Windows\System\ELgmqjF.exe
  2⤵
  PID:3808
- C:\Windows\System\fSATGJk.exe
  C:\Windows\System\fSATGJk.exe
  2⤵
  PID:1860
- C:\Windows\System\TNVoIWi.exe
  C:\Windows\System\TNVoIWi.exe
  2⤵
  PID:2796
- C:\Windows\System\MuYBaIS.exe
  C:\Windows\System\MuYBaIS.exe
  2⤵
  PID:3848
- C:\Windows\System\BeVrDaQ.exe
  C:\Windows\System\BeVrDaQ.exe
  2⤵
  PID:3860
- C:\Windows\System\znRmDCF.exe
  C:\Windows\System\znRmDCF.exe
  2⤵
  PID:3904
- C:\Windows\System\RJtgPBa.exe
  C:\Windows\System\RJtgPBa.exe
  2⤵
  PID:1756
- C:\Windows\System\SxhQGwh.exe
  C:\Windows\System\SxhQGwh.exe
  2⤵
  PID:2920
- C:\Windows\System\wonPgeK.exe
  C:\Windows\System\wonPgeK.exe
  2⤵
  PID:3944
- C:\Windows\System\dQepgKq.exe
  C:\Windows\System\dQepgKq.exe
  2⤵
  PID:3960
- C:\Windows\System\hlTZfvS.exe
  C:\Windows\System\hlTZfvS.exe
  2⤵
  PID:3996
- C:\Windows\System\KEKPZrD.exe
  C:\Windows\System\KEKPZrD.exe
  2⤵
  PID:1180
- C:\Windows\System\fDsPcPg.exe
  C:\Windows\System\fDsPcPg.exe
  2⤵
  PID:3984
- C:\Windows\System\ahCYMjc.exe
  C:\Windows\System\ahCYMjc.exe
  2⤵
  PID:4016
- C:\Windows\System\PNEyJPX.exe
  C:\Windows\System\PNEyJPX.exe
  2⤵
  PID:4068
- C:\Windows\System\FzBQMDG.exe
  C:\Windows\System\FzBQMDG.exe
  2⤵
  PID:2624
- C:\Windows\System\ryqtIfW.exe
  C:\Windows\System\ryqtIfW.exe
  2⤵
  PID:3180
- C:\Windows\System\weQLAzW.exe
  C:\Windows\System\weQLAzW.exe
  2⤵
  PID:3308
- C:\Windows\System\bvVJLGb.exe
  C:\Windows\System\bvVJLGb.exe
  2⤵
  PID:2248
- C:\Windows\System\vyjyfat.exe
  C:\Windows\System\vyjyfat.exe
  2⤵
  PID:3088
- C:\Windows\System\BEWRBOF.exe
  C:\Windows\System\BEWRBOF.exe
  2⤵
  PID:3212
- C:\Windows\System\VZvcYfN.exe
  C:\Windows\System\VZvcYfN.exe
  2⤵
  PID:3436
- C:\Windows\System\nLHoLpm.exe
  C:\Windows\System\nLHoLpm.exe
  2⤵
  PID:3504
- C:\Windows\System\ynWaEpf.exe
  C:\Windows\System\ynWaEpf.exe
  2⤵
  PID:804
- C:\Windows\System\QNyfuhO.exe
  C:\Windows\System\QNyfuhO.exe
  2⤵
  PID:3660
- C:\Windows\System\LUAczGP.exe
  C:\Windows\System\LUAczGP.exe
  2⤵
  PID:3536
- C:\Windows\System\BdRereG.exe
  C:\Windows\System\BdRereG.exe
  2⤵
  PID:3328
- C:\Windows\System\jXwiaGm.exe
  C:\Windows\System\jXwiaGm.exe
  2⤵
  PID:2404
- C:\Windows\System\syfmbPE.exe
  C:\Windows\System\syfmbPE.exe
  2⤵
  PID:3612
- C:\Windows\System\ZeKcFUj.exe
  C:\Windows\System\ZeKcFUj.exe
  2⤵
  PID:3708
- C:\Windows\System\IZOadHv.exe
  C:\Windows\System\IZOadHv.exe
  2⤵
  PID:3004
- C:\Windows\System\GzSxPbI.exe
  C:\Windows\System\GzSxPbI.exe
  2⤵
  PID:3804
- C:\Windows\System\dehOKrS.exe
  C:\Windows\System\dehOKrS.exe
  2⤵
  PID:2676
- C:\Windows\System\ZpbuKeR.exe
  C:\Windows\System\ZpbuKeR.exe
  2⤵
  PID:2704
- C:\Windows\System\EHyyOcX.exe
  C:\Windows\System\EHyyOcX.exe
  2⤵
  PID:1300
- C:\Windows\System\hReVUtT.exe
  C:\Windows\System\hReVUtT.exe
  2⤵
  PID:2820
- C:\Windows\System\fhTWlvK.exe
  C:\Windows\System\fhTWlvK.exe
  2⤵
  PID:624
- C:\Windows\System\nipJBpq.exe
  C:\Windows\System\nipJBpq.exe
  2⤵
  PID:2984
- C:\Windows\System\wQVDfqt.exe
  C:\Windows\System\wQVDfqt.exe
  2⤵
  PID:2064
- C:\Windows\System\YccLiSQ.exe
  C:\Windows\System\YccLiSQ.exe
  2⤵
  PID:828
- C:\Windows\System\xNMwPOH.exe
  C:\Windows\System\xNMwPOH.exe
  2⤵
  PID:1680
- C:\Windows\System\SetqzCU.exe
  C:\Windows\System\SetqzCU.exe
  2⤵
  PID:3824
- C:\Windows\System\EWZQZWA.exe
  C:\Windows\System\EWZQZWA.exe
  2⤵
  PID:3832
- C:\Windows\System\rgxPryl.exe
  C:\Windows\System\rgxPryl.exe
  2⤵
  PID:1948
- C:\Windows\System\iXAUijK.exe
  C:\Windows\System\iXAUijK.exe
  2⤵
  PID:3900
- C:\Windows\System\QjTjiVt.exe
  C:\Windows\System\QjTjiVt.exe
  2⤵
  PID:2260
- C:\Windows\System\rcOrgBw.exe
  C:\Windows\System\rcOrgBw.exe
  2⤵
  PID:2996
- C:\Windows\System\rpUIZcz.exe
  C:\Windows\System\rpUIZcz.exe
  2⤵
  PID:2836
- C:\Windows\System\xdejYCC.exe
  C:\Windows\System\xdejYCC.exe
  2⤵
  PID:3920
- C:\Windows\System\srqthob.exe
  C:\Windows\System\srqthob.exe
  2⤵
  PID:3104
- C:\Windows\System\TsTcIJJ.exe
  C:\Windows\System\TsTcIJJ.exe
  2⤵
  PID:1376
- C:\Windows\System\NLvtEcF.exe
  C:\Windows\System\NLvtEcF.exe
  2⤵
  PID:3500
- C:\Windows\System\ECmGpbl.exe
  C:\Windows\System\ECmGpbl.exe
  2⤵
  PID:2540
- C:\Windows\System\CRgaDaF.exe
  C:\Windows\System\CRgaDaF.exe
  2⤵
  PID:3584
- C:\Windows\System\AHVwocl.exe
  C:\Windows\System\AHVwocl.exe
  2⤵
  PID:3704
- C:\Windows\System\lShurhq.exe
  C:\Windows\System\lShurhq.exe
  2⤵
  PID:3736
- C:\Windows\System\MztBFLJ.exe
  C:\Windows\System\MztBFLJ.exe
  2⤵
  PID:3768
- C:\Windows\System\gzYidmD.exe
  C:\Windows\System\gzYidmD.exe
  2⤵
  PID:2788
- C:\Windows\System\ExreYSN.exe
  C:\Windows\System\ExreYSN.exe
  2⤵
  PID:2520
- C:\Windows\System\dLeXjpg.exe
  C:\Windows\System\dLeXjpg.exe
  2⤵
  PID:2780
- C:\Windows\System\uDVDefk.exe
  C:\Windows\System\uDVDefk.exe
  2⤵
  PID:2924
- C:\Windows\System\pygwQeL.exe
  C:\Windows\System\pygwQeL.exe
  2⤵
  PID:1320
- C:\Windows\System\EdFmFgs.exe
  C:\Windows\System\EdFmFgs.exe
  2⤵
  PID:2588
- C:\Windows\System\HUDvWuL.exe
  C:\Windows\System\HUDvWuL.exe
  2⤵
  PID:2080
- C:\Windows\System\wWkPrxS.exe
  C:\Windows\System\wWkPrxS.exe
  2⤵
  PID:2772
- C:\Windows\System\iWfVgeS.exe
  C:\Windows\System\iWfVgeS.exe
  2⤵
  PID:1532
- C:\Windows\System\eytGMPD.exe
  C:\Windows\System\eytGMPD.exe
  2⤵
  PID:2528
- C:\Windows\System\ZhlDTRG.exe
  C:\Windows\System\ZhlDTRG.exe
  2⤵
  PID:4032
- C:\Windows\System\ZmZFGte.exe
  C:\Windows\System\ZmZFGte.exe
  2⤵
  PID:3976
- C:\Windows\System\WJjuFWw.exe
  C:\Windows\System\WJjuFWw.exe
  2⤵
  PID:3884
- C:\Windows\System\APVLfPH.exe
  C:\Windows\System\APVLfPH.exe
  2⤵
  PID:3864
- C:\Windows\System\FyEmrkg.exe
  C:\Windows\System\FyEmrkg.exe
  2⤵
  PID:1952
- C:\Windows\System\mRoBOZd.exe
  C:\Windows\System\mRoBOZd.exe
  2⤵
  PID:884
- C:\Windows\System\SAJiKtW.exe
  C:\Windows\System\SAJiKtW.exe
  2⤵
  PID:3692
- C:\Windows\System\qUKpkTA.exe
  C:\Windows\System\qUKpkTA.exe
  2⤵
  PID:3784
- C:\Windows\System\TmOqlNA.exe
  C:\Windows\System\TmOqlNA.exe
  2⤵
  PID:3008
- C:\Windows\System\QWIpNHG.exe
  C:\Windows\System\QWIpNHG.exe
  2⤵
  PID:1588
- C:\Windows\System\adSedXe.exe
  C:\Windows\System\adSedXe.exe
  2⤵
  PID:2536
- C:\Windows\System\meiRHGX.exe
  C:\Windows\System\meiRHGX.exe
  2⤵
  PID:3628
- C:\Windows\System\zXARTIP.exe
  C:\Windows\System\zXARTIP.exe
  2⤵
  PID:2684
- C:\Windows\System\TfxjQRg.exe
  C:\Windows\System\TfxjQRg.exe
  2⤵
  PID:2692
- C:\Windows\System\qQoAaBb.exe
  C:\Windows\System\qQoAaBb.exe
  2⤵
  PID:3956
- C:\Windows\System\atvlmcp.exe
  C:\Windows\System\atvlmcp.exe
  2⤵
  PID:3372
- C:\Windows\System\UDJbhSS.exe
  C:\Windows\System\UDJbhSS.exe
  2⤵
  PID:3632
- C:\Windows\System\WvDYxRV.exe
  C:\Windows\System\WvDYxRV.exe
  2⤵
  PID:3276
- C:\Windows\System\mneUzwQ.exe
  C:\Windows\System\mneUzwQ.exe
  2⤵
  PID:2784
- C:\Windows\System\HlxruDk.exe
  C:\Windows\System\HlxruDk.exe
  2⤵
  PID:2280
- C:\Windows\System\wVWkZSS.exe
  C:\Windows\System\wVWkZSS.exe
  2⤵
  PID:4084
- C:\Windows\System\rObCsYX.exe
  C:\Windows\System\rObCsYX.exe
  2⤵
  PID:2524
- C:\Windows\System\BIvimJo.exe
  C:\Windows\System\BIvimJo.exe
  2⤵
  PID:2092
- C:\Windows\System\ZsRPSWj.exe
  C:\Windows\System\ZsRPSWj.exe
  2⤵
  PID:1628
- C:\Windows\System\ZwnpAQs.exe
  C:\Windows\System\ZwnpAQs.exe
  2⤵
  PID:4108
- C:\Windows\System\TNQFUkx.exe
  C:\Windows\System\TNQFUkx.exe
  2⤵
  PID:4124
- C:\Windows\System\ClGCvsU.exe
  C:\Windows\System\ClGCvsU.exe
  2⤵
  PID:4140
- C:\Windows\System\KjdQJcU.exe
  C:\Windows\System\KjdQJcU.exe
  2⤵
  PID:4156
- C:\Windows\System\csnYFux.exe
  C:\Windows\System\csnYFux.exe
  2⤵
  PID:4172
- C:\Windows\System\zMBeWOz.exe
  C:\Windows\System\zMBeWOz.exe
  2⤵
  PID:4188
- C:\Windows\System\XKwvkEb.exe
  C:\Windows\System\XKwvkEb.exe
  2⤵
  PID:4204
- C:\Windows\System\QDnaBFn.exe
  C:\Windows\System\QDnaBFn.exe
  2⤵
  PID:4220
- C:\Windows\System\Liozaet.exe
  C:\Windows\System\Liozaet.exe
  2⤵
  PID:4236

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\BAVMgYJ.exe

Filesize
2.1MB

MD5
37dc7b40989ba77bf2b39c4f67b806eb

SHA1
5776d977c311bab490b0c0afd6087daa0bb8faf3

SHA256
c693933396780e67568e033e293abc26300ddd8dfa8440a50fe85ac903e87fcc

SHA512
e070ca80f8866b0e849bdf3a8073aa4b3145cb9634b1376cfdbbbcf13eae0f86bce349c7d0509d571837820233d240e0bfe7c69324f47f6ea3827bf0622422b2

Download Submit
C:\Windows\system\BsmLDxX.exe

Filesize
2.1MB

MD5
fd2c70154b935937d037ba0080706ac3

SHA1
c8a7a33b616d8b1f93fdd5f97bc1caafc594b016

SHA256
563b73e868f3ddc9dab7349d527dc0f9bd471e7191bf452598f11ef6ec3a9e9b

SHA512
e0956e2c630e31aad45e0b5f2ff2cb77bf147fb8eea46774760edef792b716ebae0a77b5713e02b785633e9e9862b50d89e2669e81384990da62df8f5bde2a0d

Download Submit
C:\Windows\system\CkFNpKV.exe

Filesize
2.1MB

MD5
0b8390346921de8c851679080ba060aa

SHA1
106137efb2d016fa49be044ede0accde51d547b9

SHA256
32597c08bb2acb750c1a76524e55038a2b1460e9c4bd97f42dbc3f6f8037b252

SHA512
afe33453e5a2ca157064c3d5b3b4f55cecf585bdd2f042727d6ad9e30d08e3e71b7a5e7015a278b08dd996fba848012677a22147b3ffbadb7573e0c4d0429bdf

Download Submit
C:\Windows\system\EDkjzPB.exe

Filesize
2.1MB

MD5
52ec2d6af61e426c8c247f1e1181d537

SHA1
30ef4e76835d2eb1b681337b356dff8ac546124d

SHA256
60f12199fe915d0c893eaa6cf9e7aa711eecf1260b9726a801337dbcb5b68131

SHA512
6517361c3d8af74ada25360ef55dbe0382616f8c00b9fa39b821ae81973266873b7ce0ad8dbba640ab7488cdc4099d21780bf246c3948c454da174ef47ef7416

Download Submit
C:\Windows\system\ETWEooA.exe

Filesize
2.1MB

MD5
eb9b1ec39d49dab699c2e59e6ff948bf

SHA1
1ae820a5dac6d65e30b9b4530d683fcc84963021

SHA256
5b13cfe9e8022c521108eb772e88610edcd4461e53e18e8031a62611f8ec1d3e

SHA512
abe9d13a7be22fb365f074b68a1e4b6fcf108a2de68385306d3a6c7438a3e038797da657671bc704e8151aed4e6273f15448951b31407f793308be3abb5ab4b4

Download Submit
C:\Windows\system\EfbmJhl.exe

Filesize
2.1MB

MD5
91775c56fe0de79e60bb9ace81bb3fb1

SHA1
6fdfb266829ccdd4fb4b3ab54e4cedb47e675e9d

SHA256
2cb527a1daffc2dda92dee48d70bec143cc71e15f1205aaf1ce3e99ac7edafe4

SHA512
6952d414404844fe7c676efc58f19f6d37d8f719e73353e37ab5b4c816e6f9acde79cca84974dcdb206e9839fb8b44f6e842f5393d19c6cfd4f4384830406c68

Download Submit
C:\Windows\system\FfMtrFI.exe

Filesize
2.1MB

MD5
41ab7eceb88a7fdc6021c021f892f2d4

SHA1
412457a03734a11e81bbda19ce5b2b55371a22a5

SHA256
e9d601d3d95221e95e4587cc756b5cf09c3d141ed3a5b5d5a5ce2ec95e884e2e

SHA512
445ad42d0b9eb246251edddf3584fca442dac7d62ab19f8c6fb775c437be170efcca2c8b74c3e57d0665999a6e265ba4306cd15155145dda3a218eba6ce3cea6

Download Submit
C:\Windows\system\HhleFPe.exe

Filesize
2.1MB

MD5
1405401fa2210d7cc31c84bd95c14921

SHA1
69789dee9e0f0528ea096257bfca32b2a3e2b28d

SHA256
af4475b1d41ce5d1add8dd8a7144dcb2efa2e82e39673df1625e4be57e29547c

SHA512
5ae14726345babdebd0e2438ae3e2383fd4848bc4506b785f1a41629c057180bd6c8106d3d4fb7de2b35df2ff59f7b7907549c79ec70e8522d7b405597cb645e

Download Submit
C:\Windows\system\IwwlNtP.exe

Filesize
2.1MB

MD5
b58c9f2ad5473611a971349d953bf978

SHA1
0dd968e8e395e03d5622b74f65624ceed807f09b

SHA256
f4c13ea88e9fa2c107dcb717f7b131d3d8c0d311e0a649cd14705657f38ae4a2

SHA512
e652d53d0fa2cc659da37350c432c169eda7018c8529a40179395937d00af11a5c8cdc7f97ff10965ba469f27ba738a66fb976a4278feca5ceb44ec2043b6953

Download Submit
C:\Windows\system\MUzXCPe.exe

Filesize
2.1MB

MD5
d99ea8b0f749f874011c4f72815db896

SHA1
178ad73e3510fc2844a4e3d8d2870f0f007e3710

SHA256
1ac881b305f53bcc05bbce4d8f550979649fe011ea6d80409c798790d16ee927

SHA512
1a0abaa7ccd3dfd2e278ed4bfbb97892200fc46ddcf90c0b8776c2e3ca9d1b272459963c2a5b22cc29786cb6cdcee8ad744d5c26e4b48f7f935027724ce84d55

Download Submit
C:\Windows\system\OOdcvKv.exe

Filesize
2.1MB

MD5
3fd4faecb222d6c255315a92e5ee9e57

SHA1
669b5f66a847b1aa9507e9d938817cb228844e91

SHA256
34f7f5e709c237dcd06480b5cdee94a219777cff4d7847c674a9ea05af9920b6

SHA512
0a01c10bca0d6f45690d0438c78459342225fad7ae7e8e0dbd41ecc57ff2049ba3f6dc9c962d1b4a8006542f983417232d5fce86254609b7f88336758866aec2

Download Submit
C:\Windows\system\RzeojNp.exe

Filesize
2.1MB

MD5
a8814a17f3a01cc0347032fc50a14fe8

SHA1
7889d7fb9bdde4d1bd8372d996661238d6f9cf0e

SHA256
3371d49df427a85ae1d6ae6d8056cbef215e6bc73663cb5b4e8aa1a96931424d

SHA512
6a3ba2d701ac56bdd567da0ff71902e8baf090fb0c1123f298c65d21b3d1e21263ffa161542edd50982e7aac46fb4056fc2f33e05d757ceb8e887118e2c046ec

Download Submit
C:\Windows\system\VBGZKir.exe

Filesize
2.1MB

MD5
b9903f1aabba9a8e8f3215ecfecb8ac6

SHA1
7db684ee43208c6d5f25eb42293047568a6de45b

SHA256
b9cf12405228d51857448caac84f76be3b2af304cb518d3fa1a88c5555ab3b2a

SHA512
7dc7f99faa9bd313bb049b3bf2395546cc8d5309711c6766f81ecbf72b299d25528b2f057d9994b39fa3260ffe4381de19374b2bd7eb080efe11d324a42d1dd2

Download Submit
C:\Windows\system\Wcmllzp.exe

Filesize
2.1MB

MD5
8a0ea4c7b8e15d2edf193fd94c51a009

SHA1
0baace3401ede3996dd1cb5f01d7dc873909922d

SHA256
bc433a85fdec88d0eea2b2c121899dd51703e04037246ff17d677e3e634fa63c

SHA512
0548fafe7c78ea13006f68c1260276e5a8772fb5329fcf52d276fb75e6e5598521af8707664a060fd1888e2960abf4926ed3b3e2609f3610c94e15a1e5d51a48

Download Submit
C:\Windows\system\XBlAqPq.exe

Filesize
2.1MB

MD5
5f0484ae57db303c29efc336d4812725

SHA1
04c151ca86b35873eba2d857232f446c359f86df

SHA256
8160ff0ea0bd194051b247c5c4f9fbd52cd19d962ffc41c0b1508025c820abed

SHA512
66b9aaaf0da13bc854a1c4a89731afcaf8134c12c2a2ad0e89d2a38460214f3695f23ca08dcf7159cd3bb706229f569d90a44cb6f48c8238965735118ceabaae

Download Submit
C:\Windows\system\ZhCvRYl.exe

Filesize
2.1MB

MD5
618b476c5a6865d88a537a447968ae23

SHA1
6a1e346e374c88b04d22e28bda0e7d152620f358

SHA256
8b60b3552e1e3c3070d45d1695f57978926e64f47fd71970e9568a2649e62e7f

SHA512
4f273912dd5ec7fe78beccf4d91ef1714af876847aee1c78e51054dd1da960faa65171025fd6e4e2c965081ab205e9872084576fc1efc7c63a5f72309c531258

Download Submit
C:\Windows\system\aXgRZqA.exe

Filesize
2.1MB

MD5
08e349a960c6ac9801b99847183fba4f

SHA1
aabc519ec4eaa5a410590f32514d3a8a775eb1d6

SHA256
bc4b6442f8e63fdcdec113c52844868f70fde0e5708ae72139c419feaba26daf

SHA512
3f93601d198fcc5e10c77cda7e9dbf1054445ec0613b247626e468fe1deba06b2b2d44d88455069eb346a64babe31576985168d971a84346a16c1aee32f6a6d8

Download Submit
C:\Windows\system\cQVCsYa.exe

Filesize
2.1MB

MD5
13212d39f580796b01dfef023dc4ec4e

SHA1
bca00d55a02e5cebe5d8dece042f80eb57d532e9

SHA256
0d8eda73a4d7a881802b4f7a4d38fac14cdf1793df02d0ba50d6e76caaeed509

SHA512
8047bee53227e801775009bc14fd6494c667bb95b87b6795a1148b0dba6fbc25a7c28a0f67db7c4026b3651b4f21f2753be069fa8c499866abb608d03276dee3

Download Submit
C:\Windows\system\dBhxCAv.exe

Filesize
2.1MB

MD5
501f800da5657e1c1c7d8655cdc1897b

SHA1
de13224b0979d23b393e63d022dbc436adf003ff

SHA256
3d4c70af8fdd98e6c229d1ef148f2d40518a0173261209c2b3730b79d284e290

SHA512
fc250467e2e016f51bf9b8579981960a69ae6322f90deb672378a5b90d33370c0165ea888daf6b54e23bf94deb4ef760886e6e656f4ab9ba8275d18ae6f178d7

Download Submit
C:\Windows\system\dvmhjml.exe

Filesize
2.1MB

MD5
a0e7503e8fbe699940abe75533199071

SHA1
e1d260b17420190cda4105855ace565b5953e412

SHA256
f94792992678c700bf1205233749b6a50f4fb37e6f888f0dca91a534a4d2b529

SHA512
26e79e5cd369e259148a20ed348dc8ecd40f25653be74dad1c66da71e95c4e6052e53bd148638ebe51950382a08f9628e34e7f03e758532e580c714163740a37

Download Submit
C:\Windows\system\eKJTdZP.exe

Filesize
2.1MB

MD5
7fd2fdd3a68994ff74c9ec0cdf07dc40

SHA1
856c7c8d8d207177436203acd3e131c48af3a8b9

SHA256
62709f04766d038787c4dda610ebc0685e6473484e2f3395fc2fd15299847410

SHA512
78aa7f2dbd93bac65970a88c5ad13b94806476e58007e1d0e353ccd85e0526b7062053ccd0c868265bc01859455883467aaddfb07b0ce9b05024a85814aae385

Download Submit
C:\Windows\system\encoZXa.exe

Filesize
2.1MB

MD5
89aa70fa82a3f8743450c587b145a15c

SHA1
a8e15a1673708c673a847e9f392a7cd53e3507fc

SHA256
bdd273ceccdb12f8f53495f34f4b4c08cc4ac25d00b3464c75e14ed546af6022

SHA512
2c34febf6a8c939fe01a32d29419bec2f6375935a31d8a7ce9f5d272974b22d8826be9d4695f44cbaa5daa6e92c392f421a2f39da98cb635a12fbdc609aa20a9

Download Submit
C:\Windows\system\iXYBGlQ.exe

Filesize
2.1MB

MD5
b8ca30eca19da30b75c3fc63faf1495a

SHA1
2bba8700e97acad87f88a07e2e8d21165f67d288

SHA256
bb0263f4f230d10042b562c0ecfa4e3c9c5569f9bd96e6da1417786d12b5d679

SHA512
c7f6b19c1448de57e9ef5623a392d7bd83298949019a9115dde23e2205b8a9744b0f32fa20a8e1ab5399194267c88ba97ca4e1628a7c6866469f6beaaf14b366

Download Submit
C:\Windows\system\imNzZtx.exe

Filesize
2.1MB

MD5
af8fbb6b219ebfc89fd135471725b2af

SHA1
51532be093a11707f869d244bb3bc001017b5043

SHA256
06a077277ebff5d07143b0a2cd5e07138248e8fb0b579994897d07ebe5f8b8df

SHA512
9714ca73e052d5efb70455e1b0a8eb2eff2765c6abecfd794fb67af745dbf10681f1f8c4ad7bad18fd8dd67d7b6b346f062f5f22d2f400896caea5bedb0ece65

Download Submit
C:\Windows\system\lGsdjKf.exe

Filesize
2.1MB

MD5
b5951bc84ddd6a337c9a7f454f3206e5

SHA1
c16abd048888e9c0445e8fe656d951c9e84dfeee

SHA256
190d050ac1b824d5ea73f0fd5a78faf15679b3c9aff7088947d2efa28e8a3bd5

SHA512
e364a19eea29b6bb6200d7cd718a6a243a4ebe2b0888b9405069177c4c4aedd6877f0ccf567af06d727044beb10bb687ae87a870403f52e5afa6d4a75df47559

Download Submit
C:\Windows\system\ntaYHDt.exe

Filesize
2.1MB

MD5
a9c423501100454dab2bd066514a030a

SHA1
543c48ec461265f5be49a05b8e467f099e017cf8

SHA256
fb737ca2c142c2132c342d96ed7041a0124b4443815df99036a8d3e34c82e386

SHA512
1dbac44a72f5734cdcc29183af84c57340e95e4c0257aa0944a6419441f4fedaa31bfa18c7b15085ea1a6f7545e155986d700735169edd81514401c8ee6547c2

Download Submit
C:\Windows\system\oQcCdRs.exe

Filesize
2.1MB

MD5
de10c45df372e3489700b0a4cce90837

SHA1
e296bd0f70ada86d28263e77c88f785339df108b

SHA256
fa136f8bcef08f711421fbfb9a6385fa4c23936e29866f6ef87cac164a9bad90

SHA512
3765519c188125c22e1b308eae2eb102547bef59a5542132c5b48d545a186a4a76375a9d8b4536ae3a34b43f1aa9f6fd79ae3a5b5bdb8b6ba6b3f722ccaa906a

Download Submit
C:\Windows\system\sDYWDcy.exe

Filesize
2.1MB

MD5
25460c2c3f9d22a5a607f9fc1e44b1a9

SHA1
27b3cd9d860cc2f3ddbbe6e70b304a1b26986d16

SHA256
566e67807b25b3bdb4f087264be60c99ec2ad55a9afe5629989dcfa30f0cda62

SHA512
402f6718646bda4bec9ba7b4ce66a54c70f3a1d40de30c13187913bdb0cadb916b8dad41e7996e4e57a4c2a2df1488074e1431e601d66c0bd22935faa219eeeb

Download Submit
C:\Windows\system\yQslZoe.exe

Filesize
2.1MB

MD5
918a840ceed5db61f6c86b327c384648

SHA1
7e6a6b3b6128c7f363a3d4eea9b5be2b0801fd00

SHA256
e0e2a8b0fe5611400a9d07318f80a06cf63662c02bbfea1c7a0f1a7a3c086be2

SHA512
fe02d0ea96fd9c324351d78e1d3b52a3fb114c505cfa692d324177052a19046472a92a26520fe679fc43206bd89884cecd1b2fd4e5a13778e77c36ba9db226ec

Download Submit
\Windows\system\MyOoSSJ.exe

Filesize
2.1MB

MD5
8ed2f1ae694124159073bc7ae9db208e

SHA1
691bf4df3c1e1af76d5c19651b863f6826a3f2c2

SHA256
069933d22ba6e21052c842f43b60287f5c1df4e3c7afe07430c0cc4e34365d9a

SHA512
d927421f9f78c653ca3fd796e2b42c4f7df1841c4021442bfe51d8a2274c4d7527aa99e9bd100031efaecb08aff0bfe1717f0e4a134fa9abd1a1a7ef1dcfacb1

Download Submit
\Windows\system\QjZUKAf.exe

Filesize
2.1MB

MD5
fe14705bc1150cfb66534d122e08e763

SHA1
f5395c87c66895301e66b2a44e29983caa1b502f

SHA256
18876ec093adf067aac5de7a1ead8c4a9f0fc58275f06c1f09f3576bf74c6efa

SHA512
ed9f8161445b5c8facaa1ce73b92082151a957050ed3d9f16873f9ba993b5c5646c2de3b0c264f7b8e83405c607a26cbea7b46c63ce4d19fbb89d466d2881849

Download Submit
\Windows\system\elOcxYF.exe

Filesize
2.1MB

MD5
b6d03c0be5c8cdfd12a3b1f804454cac

SHA1
fba0382e0ba5225ca7cbd00e843a6333bb4516f8

SHA256
a4b0c7a72d22c06df47ccb4a08eb588f4de94af7874bed73140eabea6cd75b44

SHA512
f82d21634f2af558ffe1b10dc563394d3a41459f5c03d95abe13224f7da51ae7add9512aba8a471696f70ca6d5634d2ab19420ed10bb6cd32f2cb5a2e77632d4

Download Submit
memory/492-1082-0x000000013F130000-0x000000013F484000-memory.dmp

Filesize
3.3MB

Download
memory/492-24-0x000000013F130000-0x000000013F484000-memory.dmp

Filesize
3.3MB

Download
memory/1852-1083-0x000000013F3A0000-0x000000013F6F4000-memory.dmp

Filesize
3.3MB

Download
memory/1852-37-0x000000013F3A0000-0x000000013F6F4000-memory.dmp

Filesize
3.3MB

Download
memory/2200-8-0x000000013F2F0000-0x000000013F644000-memory.dmp

Filesize
3.3MB

Download
memory/2200-1081-0x000000013F2F0000-0x000000013F644000-memory.dmp

Filesize
3.3MB

Download
memory/2200-83-0x000000013F2F0000-0x000000013F644000-memory.dmp

Filesize
3.3MB

Download
memory/2216-1076-0x000000013FEE0000-0x0000000140234000-memory.dmp

Filesize
3.3MB

Download
memory/2216-31-0x000000013F090000-0x000000013F3E4000-memory.dmp

Filesize
3.3MB

Download
memory/2216-1-0x0000000000080000-0x0000000000090000-memory.dmp

Filesize
64KB

Download
memory/2216-1078-0x000000013FF00000-0x0000000140254000-memory.dmp

Filesize
3.3MB

Download
memory/2216-54-0x000000013FCD0000-0x0000000140024000-memory.dmp

Filesize
3.3MB

Download
memory/2216-1071-0x0000000001FA0000-0x00000000022F4000-memory.dmp

Filesize
3.3MB

Download
memory/2216-17-0x000000013F130000-0x000000013F484000-memory.dmp

Filesize
3.3MB

Download
memory/2216-97-0x0000000001FA0000-0x00000000022F4000-memory.dmp

Filesize
3.3MB

Download
memory/2216-41-0x000000013F3A0000-0x000000013F6F4000-memory.dmp

Filesize
3.3MB

Download
memory/2216-85-0x000000013FEE0000-0x0000000140234000-memory.dmp

Filesize
3.3MB

Download
memory/2216-84-0x000000013F130000-0x000000013F484000-memory.dmp

Filesize
3.3MB

Download
memory/2216-0-0x000000013F780000-0x000000013FAD4000-memory.dmp

Filesize
3.3MB

Download
memory/2216-89-0x000000013FF00000-0x0000000140254000-memory.dmp

Filesize
3.3MB

Download
memory/2216-43-0x0000000001FA0000-0x00000000022F4000-memory.dmp

Filesize
3.3MB

Download
memory/2216-76-0x000000013F780000-0x000000013FAD4000-memory.dmp

Filesize
3.3MB

Download
memory/2216-70-0x000000013FF00000-0x0000000140254000-memory.dmp

Filesize
3.3MB

Download
memory/2216-33-0x0000000001FA0000-0x00000000022F4000-memory.dmp

Filesize
3.3MB

Download
memory/2216-1080-0x0000000001FA0000-0x00000000022F4000-memory.dmp

Filesize
3.3MB

Download
memory/2216-77-0x0000000001FA0000-0x00000000022F4000-memory.dmp

Filesize
3.3MB

Download
memory/2216-1074-0x0000000001FA0000-0x00000000022F4000-memory.dmp

Filesize
3.3MB

Download
memory/2216-45-0x0000000001FA0000-0x00000000022F4000-memory.dmp

Filesize
3.3MB

Download
memory/2300-1079-0x000000013FF00000-0x0000000140254000-memory.dmp

Filesize
3.3MB

Download
memory/2300-1093-0x000000013FF00000-0x0000000140254000-memory.dmp

Filesize
3.3MB

Download
memory/2332-87-0x000000013FEE0000-0x0000000140234000-memory.dmp

Filesize
3.3MB

Download
memory/2332-1077-0x000000013FEE0000-0x0000000140234000-memory.dmp

Filesize
3.3MB

Download
memory/2332-1088-0x000000013FEE0000-0x0000000140234000-memory.dmp

Filesize
3.3MB

Download
memory/2340-44-0x000000013F090000-0x000000013F3E4000-memory.dmp

Filesize
3.3MB

Download
memory/2340-1084-0x000000013F090000-0x000000013F3E4000-memory.dmp

Filesize
3.3MB

Download
memory/2516-1073-0x000000013FF00000-0x0000000140254000-memory.dmp

Filesize
3.3MB

Download
memory/2516-71-0x000000013FF00000-0x0000000140254000-memory.dmp

Filesize
3.3MB

Download
memory/2516-1094-0x000000013FF00000-0x0000000140254000-memory.dmp

Filesize
3.3MB

Download
memory/2560-1072-0x000000013F610000-0x000000013F964000-memory.dmp

Filesize
3.3MB

Download
memory/2560-1091-0x000000013F610000-0x000000013F964000-memory.dmp

Filesize
3.3MB

Download
memory/2560-65-0x000000013F610000-0x000000013F964000-memory.dmp

Filesize
3.3MB

Download
memory/2592-78-0x000000013FAB0000-0x000000013FE04000-memory.dmp

Filesize
3.3MB

Download
memory/2592-1075-0x000000013FAB0000-0x000000013FE04000-memory.dmp

Filesize
3.3MB

Download
memory/2592-1090-0x000000013FAB0000-0x000000013FE04000-memory.dmp

Filesize
3.3MB

Download
memory/2656-46-0x000000013FAB0000-0x000000013FE04000-memory.dmp

Filesize
3.3MB

Download
memory/2656-1086-0x000000013FAB0000-0x000000013FE04000-memory.dmp

Filesize
3.3MB

Download
memory/2668-49-0x000000013F530000-0x000000013F884000-memory.dmp

Filesize
3.3MB

Download
memory/2668-1089-0x000000013F530000-0x000000013F884000-memory.dmp

Filesize
3.3MB

Download
memory/2668-356-0x000000013F530000-0x000000013F884000-memory.dmp

Filesize
3.3MB

Download
memory/2720-47-0x000000013F640000-0x000000013F994000-memory.dmp

Filesize
3.3MB

Download
memory/2720-1085-0x000000013F640000-0x000000013F994000-memory.dmp

Filesize
3.3MB

Download
memory/2792-55-0x000000013FCD0000-0x0000000140024000-memory.dmp

Filesize
3.3MB

Download
memory/2792-1087-0x000000013FCD0000-0x0000000140024000-memory.dmp

Filesize
3.3MB

Download
memory/2792-501-0x000000013FCD0000-0x0000000140024000-memory.dmp

Filesize
3.3MB

Download
memory/2872-1092-0x000000013FE50000-0x00000001401A4000-memory.dmp

Filesize
3.3MB

Download
memory/2872-60-0x000000013FE50000-0x00000001401A4000-memory.dmp

Filesize
3.3MB

Download
memory/2872-1048-0x000000013FE50000-0x00000001401A4000-memory.dmp

Filesize
3.3MB

Download