kpot | 4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5

Analysis

max time kernel
146s
max time network
149s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
25-06-2024 09:02

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe
Size

2.0MB
MD5

5ff68306fd9ce16701e358ba722b6b00
SHA1

511d9af6a3c71e101edabe7e4977f79e6d4cd685
SHA256

4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5
SHA512

014af2a71d2d7b0637ced53ec93f5d40f9a8460cf747f8a0b3cf355c96c4f26ec0d527e92f15b3759c09c7981a07e621bebffd1215dc458b3ffb2a6e9e76d2f8
SSDEEP

49152:oezaTF8FcNkNdfE0pZ9ozt4wIC5aIwC+Agr6SNasrkc:oemTLkNdfE0pZrwc

Score

10^/10

kpot xmrig miner stealer trojan upx

Malware Config

Signatures

KPOT
KPOT is an information stealer that steals user data and account credentials.
trojan stealer kpot

KPOT Core Executable 32 IoCs

resource	yara_rule
behavioral1/files/0x000b000000014230-3.dat	family_kpot
behavioral1/files/0x003200000001630b-8.dat	family_kpot
behavioral1/files/0x0008000000016a9a-10.dat	family_kpot
behavioral1/files/0x0007000000016cb7-29.dat	family_kpot
behavioral1/files/0x0007000000016c63-20.dat	family_kpot
behavioral1/files/0x00070000000173d8-48.dat	family_kpot
behavioral1/files/0x00320000000164b2-59.dat	family_kpot
behavioral1/files/0x000600000001745e-82.dat	family_kpot
behavioral1/files/0x00050000000191cd-161.dat	family_kpot
behavioral1/files/0x000500000001924a-191.dat	family_kpot
behavioral1/files/0x0005000000019241-186.dat	family_kpot
behavioral1/files/0x000500000001923d-181.dat	family_kpot
behavioral1/files/0x000500000001922e-176.dat	family_kpot
behavioral1/files/0x0005000000019215-171.dat	family_kpot
behavioral1/files/0x00050000000191ed-166.dat	family_kpot
behavioral1/files/0x00050000000191a7-156.dat	family_kpot
behavioral1/files/0x00060000000190b6-151.dat	family_kpot
behavioral1/files/0x0006000000019021-146.dat	family_kpot
behavioral1/files/0x0006000000018f3a-141.dat	family_kpot
behavioral1/files/0x0006000000018c1a-136.dat	family_kpot
behavioral1/files/0x0006000000018c0a-131.dat	family_kpot
behavioral1/files/0x0005000000018778-126.dat	family_kpot
behavioral1/files/0x000500000001866d-121.dat	family_kpot
behavioral1/files/0x000500000001866b-116.dat	family_kpot
behavioral1/files/0x000900000001864e-111.dat	family_kpot
behavioral1/files/0x0006000000017556-104.dat	family_kpot
behavioral1/files/0x000600000001749c-97.dat	family_kpot
behavioral1/files/0x000600000001747d-89.dat	family_kpot
behavioral1/files/0x0006000000017456-76.dat	family_kpot
behavioral1/files/0x00060000000173e0-66.dat	family_kpot
behavioral1/files/0x0008000000016d0d-46.dat	family_kpot
behavioral1/files/0x0007000000016c6b-42.dat	family_kpot

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/2684-0-0x000000013F080000-0x000000013F3D4000-memory.dmp	xmrig
behavioral1/files/0x000b000000014230-3.dat	xmrig
behavioral1/memory/2684-6-0x000000013F660000-0x000000013F9B4000-memory.dmp	xmrig
behavioral1/files/0x003200000001630b-8.dat	xmrig
behavioral1/memory/2788-15-0x000000013F080000-0x000000013F3D4000-memory.dmp	xmrig
behavioral1/files/0x0008000000016a9a-10.dat	xmrig
behavioral1/files/0x0007000000016cb7-29.dat	xmrig
behavioral1/memory/3056-22-0x000000013FB80000-0x000000013FED4000-memory.dmp	xmrig
behavioral1/files/0x0007000000016c63-20.dat	xmrig
behavioral1/files/0x00070000000173d8-48.dat	xmrig
behavioral1/files/0x00320000000164b2-59.dat	xmrig
behavioral1/files/0x000600000001745e-82.dat	xmrig
behavioral1/memory/2564-100-0x000000013F950000-0x000000013FCA4000-memory.dmp	xmrig
behavioral1/files/0x00050000000191cd-161.dat	xmrig
behavioral1/files/0x000500000001924a-191.dat	xmrig
behavioral1/memory/2416-1039-0x000000013FF90000-0x00000001402E4000-memory.dmp	xmrig
behavioral1/memory/2488-1076-0x000000013FEF0000-0x0000000140244000-memory.dmp	xmrig
behavioral1/memory/2648-677-0x000000013F7C0000-0x000000013FB14000-memory.dmp	xmrig
behavioral1/files/0x0005000000019241-186.dat	xmrig
behavioral1/files/0x000500000001923d-181.dat	xmrig
behavioral1/files/0x000500000001922e-176.dat	xmrig
behavioral1/files/0x0005000000019215-171.dat	xmrig
behavioral1/files/0x00050000000191ed-166.dat	xmrig
behavioral1/files/0x00050000000191a7-156.dat	xmrig
behavioral1/files/0x00060000000190b6-151.dat	xmrig
behavioral1/files/0x0006000000019021-146.dat	xmrig
behavioral1/files/0x0006000000018f3a-141.dat	xmrig
behavioral1/files/0x0006000000018c1a-136.dat	xmrig
behavioral1/files/0x0006000000018c0a-131.dat	xmrig
behavioral1/files/0x0005000000018778-126.dat	xmrig
behavioral1/files/0x000500000001866d-121.dat	xmrig
behavioral1/files/0x000500000001866b-116.dat	xmrig
behavioral1/files/0x000900000001864e-111.dat	xmrig
behavioral1/memory/2684-107-0x000000013FAB0000-0x000000013FE04000-memory.dmp	xmrig
behavioral1/memory/2660-106-0x000000013FD40000-0x0000000140094000-memory.dmp	xmrig
behavioral1/files/0x0006000000017556-104.dat	xmrig
behavioral1/memory/2776-101-0x000000013F210000-0x000000013F564000-memory.dmp	xmrig
behavioral1/memory/2744-93-0x000000013FB70000-0x000000013FEC4000-memory.dmp	xmrig
behavioral1/memory/2684-92-0x000000013FB70000-0x000000013FEC4000-memory.dmp	xmrig
behavioral1/memory/2560-91-0x000000013FCB0000-0x0000000140004000-memory.dmp	xmrig
behavioral1/files/0x000600000001749c-97.dat	xmrig
behavioral1/files/0x000600000001747d-89.dat	xmrig
behavioral1/memory/2916-77-0x000000013F1A0000-0x000000013F4F4000-memory.dmp	xmrig
behavioral1/memory/2692-84-0x000000013F3C0000-0x000000013F714000-memory.dmp	xmrig
behavioral1/files/0x0006000000017456-76.dat	xmrig
behavioral1/memory/2416-63-0x000000013FF90000-0x00000001402E4000-memory.dmp	xmrig
behavioral1/memory/3056-61-0x000000013FB80000-0x000000013FED4000-memory.dmp	xmrig
behavioral1/memory/2488-71-0x000000013FEF0000-0x0000000140244000-memory.dmp	xmrig
behavioral1/files/0x00060000000173e0-66.dat	xmrig
behavioral1/memory/2648-56-0x000000013F7C0000-0x000000013FB14000-memory.dmp	xmrig
behavioral1/memory/2864-53-0x000000013F660000-0x000000013F9B4000-memory.dmp	xmrig
behavioral1/memory/2660-47-0x000000013FD40000-0x0000000140094000-memory.dmp	xmrig
behavioral1/files/0x0008000000016d0d-46.dat	xmrig
behavioral1/memory/2564-45-0x000000013F950000-0x000000013FCA4000-memory.dmp	xmrig
behavioral1/memory/2684-43-0x000000013F080000-0x000000013F3D4000-memory.dmp	xmrig
behavioral1/files/0x0007000000016c6b-42.dat	xmrig
behavioral1/memory/2420-41-0x000000013F030000-0x000000013F384000-memory.dmp	xmrig
behavioral1/memory/2560-40-0x000000013FCB0000-0x0000000140004000-memory.dmp	xmrig
behavioral1/memory/2916-1078-0x000000013F1A0000-0x000000013F4F4000-memory.dmp	xmrig
behavioral1/memory/2692-1080-0x000000013F3C0000-0x000000013F714000-memory.dmp	xmrig
behavioral1/memory/2744-1082-0x000000013FB70000-0x000000013FEC4000-memory.dmp	xmrig
behavioral1/memory/2684-1084-0x000000013FAB0000-0x000000013FE04000-memory.dmp	xmrig
behavioral1/memory/2788-1085-0x000000013F080000-0x000000013F3D4000-memory.dmp	xmrig
behavioral1/memory/2864-1086-0x000000013F660000-0x000000013F9B4000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2864	igfskJy.exe
2788	YOhuIDh.exe
3056	jElEEKQ.exe
2560	OVwNoae.exe
2420	WPGWjYy.exe
2564	oCIGrsi.exe
2660	NSxQJpM.exe
2648	pJJvvcX.exe
2416	CSqSbSS.exe
2488	NZyBfUZ.exe
2916	EPbFRSn.exe
2692	ffpMpOr.exe
2744	XBefTHQ.exe
2776	NrVNSOI.exe
1860	DyzYDhd.exe
1648	bQfKYXG.exe
312	EafZoeq.exe
2044	ROKxMWr.exe
1712	JDLZkBY.exe
344	MCOPlAF.exe
772	SZReCAP.exe
556	aSDYgLr.exe
1900	ZjTitwI.exe
592	zdwbCTt.exe
2952	hIFpGHD.exe
296	SBsgdfY.exe
1624	xxoHMej.exe
2932	ACpiVnx.exe
2940	msNMogz.exe
1508	rAoOmEl.exe
2808	hRTwgOO.exe
2296	gIFOCvw.exe
292	uAYuBEK.exe
1904	JcfieVb.exe
1968	NtZMTeQ.exe
2308	iWURzuc.exe
3064	zozJAmd.exe
2140	XsmCeyx.exe
2868	neRUktO.exe
1400	AxQQODd.exe
1804	TgyfwWw.exe
2148	TQnguDs.exe
1600	gTCsDVk.exe
1956	mdgeWuh.exe
1324	cdhYUnx.exe
1924	FkeTHoE.exe
932	nVYUwLM.exe
612	hoebOCe.exe
1368	AkLIgcV.exe
2168	qnXCXFx.exe
1388	IEMjttV.exe
1248	SZaRwUE.exe
2360	VpyemSY.exe
1736	AfnCSEa.exe
1580	mZETlKQ.exe
2356	isAhGeA.exe
2836	KCIGiAd.exe
1692	jRmmSRj.exe
2860	ZuXZQcl.exe
2504	BDcVhwD.exe
2316	WivZilQ.exe
2656	WErKVNf.exe
2972	OCzRsGg.exe
2664	Deiwbmq.exe

Loads dropped DLL 64 IoCs

pid	Process
2684	4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe
2684	4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe
2684	4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe
2684	4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe
2684	4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe
2684	4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe
2684	4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe
2684	4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe
2684	4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe
2684	4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe
2684	4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe
2684	4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe
2684	4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe
2684	4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe
2684	4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe
2684	4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe
2684	4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe
2684	4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe
2684	4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe
2684	4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe
2684	4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe
2684	4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe
2684	4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe
2684	4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe
2684	4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe
2684	4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe
2684	4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe
2684	4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe
2684	4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe
2684	4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe
2684	4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe
2684	4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe
2684	4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe
2684	4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe
2684	4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe
2684	4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe
2684	4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe
2684	4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe
2684	4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe
2684	4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe
2684	4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe
2684	4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe
2684	4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe
2684	4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe
2684	4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe
2684	4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe
2684	4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe
2684	4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe
2684	4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe
2684	4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe
2684	4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe
2684	4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe
2684	4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe
2684	4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe
2684	4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe
2684	4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe
2684	4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe
2684	4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe
2684	4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe
2684	4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe
2684	4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe
2684	4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe
2684	4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe
2684	4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2684-0-0x000000013F080000-0x000000013F3D4000-memory.dmp	upx
behavioral1/files/0x000b000000014230-3.dat	upx
behavioral1/memory/2684-6-0x000000013F660000-0x000000013F9B4000-memory.dmp	upx
behavioral1/files/0x003200000001630b-8.dat	upx
behavioral1/memory/2788-15-0x000000013F080000-0x000000013F3D4000-memory.dmp	upx
behavioral1/files/0x0008000000016a9a-10.dat	upx
behavioral1/files/0x0007000000016cb7-29.dat	upx
behavioral1/memory/3056-22-0x000000013FB80000-0x000000013FED4000-memory.dmp	upx
behavioral1/files/0x0007000000016c63-20.dat	upx
behavioral1/files/0x00070000000173d8-48.dat	upx
behavioral1/files/0x00320000000164b2-59.dat	upx
behavioral1/files/0x000600000001745e-82.dat	upx
behavioral1/memory/2564-100-0x000000013F950000-0x000000013FCA4000-memory.dmp	upx
behavioral1/files/0x00050000000191cd-161.dat	upx
behavioral1/files/0x000500000001924a-191.dat	upx
behavioral1/memory/2416-1039-0x000000013FF90000-0x00000001402E4000-memory.dmp	upx
behavioral1/memory/2488-1076-0x000000013FEF0000-0x0000000140244000-memory.dmp	upx
behavioral1/memory/2648-677-0x000000013F7C0000-0x000000013FB14000-memory.dmp	upx
behavioral1/files/0x0005000000019241-186.dat	upx
behavioral1/files/0x000500000001923d-181.dat	upx
behavioral1/files/0x000500000001922e-176.dat	upx
behavioral1/files/0x0005000000019215-171.dat	upx
behavioral1/files/0x00050000000191ed-166.dat	upx
behavioral1/files/0x00050000000191a7-156.dat	upx
behavioral1/files/0x00060000000190b6-151.dat	upx
behavioral1/files/0x0006000000019021-146.dat	upx
behavioral1/files/0x0006000000018f3a-141.dat	upx
behavioral1/files/0x0006000000018c1a-136.dat	upx
behavioral1/files/0x0006000000018c0a-131.dat	upx
behavioral1/files/0x0005000000018778-126.dat	upx
behavioral1/files/0x000500000001866d-121.dat	upx
behavioral1/files/0x000500000001866b-116.dat	upx
behavioral1/files/0x000900000001864e-111.dat	upx
behavioral1/memory/2660-106-0x000000013FD40000-0x0000000140094000-memory.dmp	upx
behavioral1/files/0x0006000000017556-104.dat	upx
behavioral1/memory/2776-101-0x000000013F210000-0x000000013F564000-memory.dmp	upx
behavioral1/memory/2744-93-0x000000013FB70000-0x000000013FEC4000-memory.dmp	upx
behavioral1/memory/2560-91-0x000000013FCB0000-0x0000000140004000-memory.dmp	upx
behavioral1/files/0x000600000001749c-97.dat	upx
behavioral1/files/0x000600000001747d-89.dat	upx
behavioral1/memory/2916-77-0x000000013F1A0000-0x000000013F4F4000-memory.dmp	upx
behavioral1/memory/2692-84-0x000000013F3C0000-0x000000013F714000-memory.dmp	upx
behavioral1/files/0x0006000000017456-76.dat	upx
behavioral1/memory/2416-63-0x000000013FF90000-0x00000001402E4000-memory.dmp	upx
behavioral1/memory/3056-61-0x000000013FB80000-0x000000013FED4000-memory.dmp	upx
behavioral1/memory/2488-71-0x000000013FEF0000-0x0000000140244000-memory.dmp	upx
behavioral1/files/0x00060000000173e0-66.dat	upx
behavioral1/memory/2648-56-0x000000013F7C0000-0x000000013FB14000-memory.dmp	upx
behavioral1/memory/2864-53-0x000000013F660000-0x000000013F9B4000-memory.dmp	upx
behavioral1/memory/2660-47-0x000000013FD40000-0x0000000140094000-memory.dmp	upx
behavioral1/files/0x0008000000016d0d-46.dat	upx
behavioral1/memory/2564-45-0x000000013F950000-0x000000013FCA4000-memory.dmp	upx
behavioral1/memory/2684-43-0x000000013F080000-0x000000013F3D4000-memory.dmp	upx
behavioral1/files/0x0007000000016c6b-42.dat	upx
behavioral1/memory/2420-41-0x000000013F030000-0x000000013F384000-memory.dmp	upx
behavioral1/memory/2560-40-0x000000013FCB0000-0x0000000140004000-memory.dmp	upx
behavioral1/memory/2916-1078-0x000000013F1A0000-0x000000013F4F4000-memory.dmp	upx
behavioral1/memory/2692-1080-0x000000013F3C0000-0x000000013F714000-memory.dmp	upx
behavioral1/memory/2744-1082-0x000000013FB70000-0x000000013FEC4000-memory.dmp	upx
behavioral1/memory/2788-1085-0x000000013F080000-0x000000013F3D4000-memory.dmp	upx
behavioral1/memory/2864-1086-0x000000013F660000-0x000000013F9B4000-memory.dmp	upx
behavioral1/memory/3056-1087-0x000000013FB80000-0x000000013FED4000-memory.dmp	upx
behavioral1/memory/2420-1088-0x000000013F030000-0x000000013F384000-memory.dmp	upx
behavioral1/memory/2560-1089-0x000000013FCB0000-0x0000000140004000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\ladUYyO.exe	4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe
File created	C:\Windows\System\AFOxyxW.exe	4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe
File created	C:\Windows\System\DEPkJPa.exe	4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe
File created	C:\Windows\System\cwlblES.exe	4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe
File created	C:\Windows\System\KCIGiAd.exe	4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe
File created	C:\Windows\System\aSzYtxC.exe	4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe
File created	C:\Windows\System\wbTNrGq.exe	4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe
File created	C:\Windows\System\nBAWFmv.exe	4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe
File created	C:\Windows\System\lxFEYEm.exe	4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe
File created	C:\Windows\System\gXOqRuh.exe	4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe
File created	C:\Windows\System\zYaEXQq.exe	4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe
File created	C:\Windows\System\HFXQrrc.exe	4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe
File created	C:\Windows\System\YOhuIDh.exe	4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe
File created	C:\Windows\System\TgyfwWw.exe	4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe
File created	C:\Windows\System\OCzRsGg.exe	4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe
File created	C:\Windows\System\iNccaGB.exe	4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe
File created	C:\Windows\System\UWzgmLk.exe	4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe
File created	C:\Windows\System\luBgKUr.exe	4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe
File created	C:\Windows\System\VpyemSY.exe	4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe
File created	C:\Windows\System\nHpCylv.exe	4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe
File created	C:\Windows\System\uwRGzKH.exe	4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe
File created	C:\Windows\System\EtUOPre.exe	4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe
File created	C:\Windows\System\zcLwkJV.exe	4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe
File created	C:\Windows\System\AmWnsCx.exe	4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe
File created	C:\Windows\System\mNJFHtN.exe	4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe
File created	C:\Windows\System\PZROGKt.exe	4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe
File created	C:\Windows\System\hIBaRTq.exe	4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe
File created	C:\Windows\System\VZPeOTx.exe	4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe
File created	C:\Windows\System\JKRcGWZ.exe	4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe
File created	C:\Windows\System\GXhSiOU.exe	4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe
File created	C:\Windows\System\Ilgmwrz.exe	4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe
File created	C:\Windows\System\MvMZCpZ.exe	4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe
File created	C:\Windows\System\YIYOBFW.exe	4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe
File created	C:\Windows\System\chLmBLs.exe	4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe
File created	C:\Windows\System\JaxCAHH.exe	4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe
File created	C:\Windows\System\mdgeWuh.exe	4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe
File created	C:\Windows\System\BwQohnf.exe	4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe
File created	C:\Windows\System\MyoHXRL.exe	4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe
File created	C:\Windows\System\swoFVAn.exe	4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe
File created	C:\Windows\System\BNorwbt.exe	4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe
File created	C:\Windows\System\SZZgqhM.exe	4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe
File created	C:\Windows\System\FPGayBR.exe	4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe
File created	C:\Windows\System\LTcQOBb.exe	4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe
File created	C:\Windows\System\DyzYDhd.exe	4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe
File created	C:\Windows\System\ACpiVnx.exe	4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe
File created	C:\Windows\System\gCyKvKn.exe	4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe
File created	C:\Windows\System\FLqbzvh.exe	4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe
File created	C:\Windows\System\neRUktO.exe	4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe
File created	C:\Windows\System\QlfIYiS.exe	4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe
File created	C:\Windows\System\XfQUbyR.exe	4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe
File created	C:\Windows\System\rAoOmEl.exe	4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe
File created	C:\Windows\System\ZuXZQcl.exe	4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe
File created	C:\Windows\System\xxrMfso.exe	4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe
File created	C:\Windows\System\ekUUmhx.exe	4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe
File created	C:\Windows\System\FkeTHoE.exe	4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe
File created	C:\Windows\System\nVYUwLM.exe	4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe
File created	C:\Windows\System\yaFBWyl.exe	4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe
File created	C:\Windows\System\mmTxCNm.exe	4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe
File created	C:\Windows\System\UCsmPzo.exe	4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe
File created	C:\Windows\System\SZReCAP.exe	4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe
File created	C:\Windows\System\bQbyxPU.exe	4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe
File created	C:\Windows\System\HOrjrYB.exe	4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe
File created	C:\Windows\System\jTFIozg.exe	4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe
File created	C:\Windows\System\xLsqEHz.exe	4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeLockMemoryPrivilege	2684	4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe
Token: SeLockMemoryPrivilege	2684	4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2684 wrote to memory of 2864	2684	4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe	29
PID 2684 wrote to memory of 2864	2684	4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe	29
PID 2684 wrote to memory of 2864	2684	4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe	29
PID 2684 wrote to memory of 2788	2684	4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe	30
PID 2684 wrote to memory of 2788	2684	4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe	30
PID 2684 wrote to memory of 2788	2684	4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe	30
PID 2684 wrote to memory of 3056	2684	4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe	31
PID 2684 wrote to memory of 3056	2684	4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe	31
PID 2684 wrote to memory of 3056	2684	4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe	31
PID 2684 wrote to memory of 2560	2684	4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe	32
PID 2684 wrote to memory of 2560	2684	4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe	32
PID 2684 wrote to memory of 2560	2684	4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe	32
PID 2684 wrote to memory of 2564	2684	4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe	33
PID 2684 wrote to memory of 2564	2684	4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe	33
PID 2684 wrote to memory of 2564	2684	4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe	33
PID 2684 wrote to memory of 2420	2684	4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe	34
PID 2684 wrote to memory of 2420	2684	4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe	34
PID 2684 wrote to memory of 2420	2684	4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe	34
PID 2684 wrote to memory of 2660	2684	4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe	35
PID 2684 wrote to memory of 2660	2684	4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe	35
PID 2684 wrote to memory of 2660	2684	4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe	35
PID 2684 wrote to memory of 2648	2684	4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe	36
PID 2684 wrote to memory of 2648	2684	4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe	36
PID 2684 wrote to memory of 2648	2684	4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe	36
PID 2684 wrote to memory of 2416	2684	4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe	37
PID 2684 wrote to memory of 2416	2684	4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe	37
PID 2684 wrote to memory of 2416	2684	4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe	37
PID 2684 wrote to memory of 2488	2684	4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe	38
PID 2684 wrote to memory of 2488	2684	4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe	38
PID 2684 wrote to memory of 2488	2684	4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe	38
PID 2684 wrote to memory of 2916	2684	4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe	39
PID 2684 wrote to memory of 2916	2684	4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe	39
PID 2684 wrote to memory of 2916	2684	4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe	39
PID 2684 wrote to memory of 2692	2684	4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe	40
PID 2684 wrote to memory of 2692	2684	4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe	40
PID 2684 wrote to memory of 2692	2684	4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe	40
PID 2684 wrote to memory of 2744	2684	4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe	41
PID 2684 wrote to memory of 2744	2684	4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe	41
PID 2684 wrote to memory of 2744	2684	4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe	41
PID 2684 wrote to memory of 2776	2684	4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe	42
PID 2684 wrote to memory of 2776	2684	4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe	42
PID 2684 wrote to memory of 2776	2684	4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe	42
PID 2684 wrote to memory of 1860	2684	4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe	43
PID 2684 wrote to memory of 1860	2684	4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe	43
PID 2684 wrote to memory of 1860	2684	4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe	43
PID 2684 wrote to memory of 1648	2684	4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe	44
PID 2684 wrote to memory of 1648	2684	4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe	44
PID 2684 wrote to memory of 1648	2684	4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe	44
PID 2684 wrote to memory of 312	2684	4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe	45
PID 2684 wrote to memory of 312	2684	4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe	45
PID 2684 wrote to memory of 312	2684	4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe	45
PID 2684 wrote to memory of 2044	2684	4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe	46
PID 2684 wrote to memory of 2044	2684	4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe	46
PID 2684 wrote to memory of 2044	2684	4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe	46
PID 2684 wrote to memory of 1712	2684	4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe	47
PID 2684 wrote to memory of 1712	2684	4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe	47
PID 2684 wrote to memory of 1712	2684	4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe	47
PID 2684 wrote to memory of 344	2684	4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe	48
PID 2684 wrote to memory of 344	2684	4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe	48
PID 2684 wrote to memory of 344	2684	4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe	48
PID 2684 wrote to memory of 772	2684	4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe	49
PID 2684 wrote to memory of 772	2684	4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe	49
PID 2684 wrote to memory of 772	2684	4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe	49
PID 2684 wrote to memory of 556	2684	4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe	50

C:\Users\Admin\AppData\Local\Temp\4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\4b4dca72f432cff7cd27d29144416a3404c590f3b6073e2a9faa5d9504e50ad5_NeikiAnalytics.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2684
- C:\Windows\System\igfskJy.exe
  C:\Windows\System\igfskJy.exe
  2⤵
  - Executes dropped EXE
  PID:2864
- C:\Windows\System\YOhuIDh.exe
  C:\Windows\System\YOhuIDh.exe
  2⤵
  - Executes dropped EXE
  PID:2788
- C:\Windows\System\jElEEKQ.exe
  C:\Windows\System\jElEEKQ.exe
  2⤵
  - Executes dropped EXE
  PID:3056
- C:\Windows\System\OVwNoae.exe
  C:\Windows\System\OVwNoae.exe
  2⤵
  - Executes dropped EXE
  PID:2560
- C:\Windows\System\oCIGrsi.exe
  C:\Windows\System\oCIGrsi.exe
  2⤵
  - Executes dropped EXE
  PID:2564
- C:\Windows\System\WPGWjYy.exe
  C:\Windows\System\WPGWjYy.exe
  2⤵
  - Executes dropped EXE
  PID:2420
- C:\Windows\System\NSxQJpM.exe
  C:\Windows\System\NSxQJpM.exe
  2⤵
  - Executes dropped EXE
  PID:2660
- C:\Windows\System\pJJvvcX.exe
  C:\Windows\System\pJJvvcX.exe
  2⤵
  - Executes dropped EXE
  PID:2648
- C:\Windows\System\CSqSbSS.exe
  C:\Windows\System\CSqSbSS.exe
  2⤵
  - Executes dropped EXE
  PID:2416
- C:\Windows\System\NZyBfUZ.exe
  C:\Windows\System\NZyBfUZ.exe
  2⤵
  - Executes dropped EXE
  PID:2488
- C:\Windows\System\EPbFRSn.exe
  C:\Windows\System\EPbFRSn.exe
  2⤵
  - Executes dropped EXE
  PID:2916
- C:\Windows\System\ffpMpOr.exe
  C:\Windows\System\ffpMpOr.exe
  2⤵
  - Executes dropped EXE
  PID:2692
- C:\Windows\System\XBefTHQ.exe
  C:\Windows\System\XBefTHQ.exe
  2⤵
  - Executes dropped EXE
  PID:2744
- C:\Windows\System\NrVNSOI.exe
  C:\Windows\System\NrVNSOI.exe
  2⤵
  - Executes dropped EXE
  PID:2776
- C:\Windows\System\DyzYDhd.exe
  C:\Windows\System\DyzYDhd.exe
  2⤵
  - Executes dropped EXE
  PID:1860
- C:\Windows\System\bQfKYXG.exe
  C:\Windows\System\bQfKYXG.exe
  2⤵
  - Executes dropped EXE
  PID:1648
- C:\Windows\System\EafZoeq.exe
  C:\Windows\System\EafZoeq.exe
  2⤵
  - Executes dropped EXE
  PID:312
- C:\Windows\System\ROKxMWr.exe
  C:\Windows\System\ROKxMWr.exe
  2⤵
  - Executes dropped EXE
  PID:2044
- C:\Windows\System\JDLZkBY.exe
  C:\Windows\System\JDLZkBY.exe
  2⤵
  - Executes dropped EXE
  PID:1712
- C:\Windows\System\MCOPlAF.exe
  C:\Windows\System\MCOPlAF.exe
  2⤵
  - Executes dropped EXE
  PID:344
- C:\Windows\System\SZReCAP.exe
  C:\Windows\System\SZReCAP.exe
  2⤵
  - Executes dropped EXE
  PID:772
- C:\Windows\System\aSDYgLr.exe
  C:\Windows\System\aSDYgLr.exe
  2⤵
  - Executes dropped EXE
  PID:556
- C:\Windows\System\ZjTitwI.exe
  C:\Windows\System\ZjTitwI.exe
  2⤵
  - Executes dropped EXE
  PID:1900
- C:\Windows\System\zdwbCTt.exe
  C:\Windows\System\zdwbCTt.exe
  2⤵
  - Executes dropped EXE
  PID:592
- C:\Windows\System\hIFpGHD.exe
  C:\Windows\System\hIFpGHD.exe
  2⤵
  - Executes dropped EXE
  PID:2952
- C:\Windows\System\SBsgdfY.exe
  C:\Windows\System\SBsgdfY.exe
  2⤵
  - Executes dropped EXE
  PID:296
- C:\Windows\System\xxoHMej.exe
  C:\Windows\System\xxoHMej.exe
  2⤵
  - Executes dropped EXE
  PID:1624
- C:\Windows\System\ACpiVnx.exe
  C:\Windows\System\ACpiVnx.exe
  2⤵
  - Executes dropped EXE
  PID:2932
- C:\Windows\System\msNMogz.exe
  C:\Windows\System\msNMogz.exe
  2⤵
  - Executes dropped EXE
  PID:2940
- C:\Windows\System\rAoOmEl.exe
  C:\Windows\System\rAoOmEl.exe
  2⤵
  - Executes dropped EXE
  PID:1508
- C:\Windows\System\hRTwgOO.exe
  C:\Windows\System\hRTwgOO.exe
  2⤵
  - Executes dropped EXE
  PID:2808
- C:\Windows\System\gIFOCvw.exe
  C:\Windows\System\gIFOCvw.exe
  2⤵
  - Executes dropped EXE
  PID:2296
- C:\Windows\System\uAYuBEK.exe
  C:\Windows\System\uAYuBEK.exe
  2⤵
  - Executes dropped EXE
  PID:292
- C:\Windows\System\JcfieVb.exe
  C:\Windows\System\JcfieVb.exe
  2⤵
  - Executes dropped EXE
  PID:1904
- C:\Windows\System\NtZMTeQ.exe
  C:\Windows\System\NtZMTeQ.exe
  2⤵
  - Executes dropped EXE
  PID:1968
- C:\Windows\System\iWURzuc.exe
  C:\Windows\System\iWURzuc.exe
  2⤵
  - Executes dropped EXE
  PID:2308
- C:\Windows\System\zozJAmd.exe
  C:\Windows\System\zozJAmd.exe
  2⤵
  - Executes dropped EXE
  PID:3064
- C:\Windows\System\XsmCeyx.exe
  C:\Windows\System\XsmCeyx.exe
  2⤵
  - Executes dropped EXE
  PID:2140
- C:\Windows\System\neRUktO.exe
  C:\Windows\System\neRUktO.exe
  2⤵
  - Executes dropped EXE
  PID:2868
- C:\Windows\System\AxQQODd.exe
  C:\Windows\System\AxQQODd.exe
  2⤵
  - Executes dropped EXE
  PID:1400
- C:\Windows\System\TgyfwWw.exe
  C:\Windows\System\TgyfwWw.exe
  2⤵
  - Executes dropped EXE
  PID:1804
- C:\Windows\System\TQnguDs.exe
  C:\Windows\System\TQnguDs.exe
  2⤵
  - Executes dropped EXE
  PID:2148
- C:\Windows\System\gTCsDVk.exe
  C:\Windows\System\gTCsDVk.exe
  2⤵
  - Executes dropped EXE
  PID:1600
- C:\Windows\System\mdgeWuh.exe
  C:\Windows\System\mdgeWuh.exe
  2⤵
  - Executes dropped EXE
  PID:1956
- C:\Windows\System\cdhYUnx.exe
  C:\Windows\System\cdhYUnx.exe
  2⤵
  - Executes dropped EXE
  PID:1324
- C:\Windows\System\FkeTHoE.exe
  C:\Windows\System\FkeTHoE.exe
  2⤵
  - Executes dropped EXE
  PID:1924
- C:\Windows\System\nVYUwLM.exe
  C:\Windows\System\nVYUwLM.exe
  2⤵
  - Executes dropped EXE
  PID:932
- C:\Windows\System\hoebOCe.exe
  C:\Windows\System\hoebOCe.exe
  2⤵
  - Executes dropped EXE
  PID:612
- C:\Windows\System\AkLIgcV.exe
  C:\Windows\System\AkLIgcV.exe
  2⤵
  - Executes dropped EXE
  PID:1368
- C:\Windows\System\qnXCXFx.exe
  C:\Windows\System\qnXCXFx.exe
  2⤵
  - Executes dropped EXE
  PID:2168
- C:\Windows\System\IEMjttV.exe
  C:\Windows\System\IEMjttV.exe
  2⤵
  - Executes dropped EXE
  PID:1388
- C:\Windows\System\SZaRwUE.exe
  C:\Windows\System\SZaRwUE.exe
  2⤵
  - Executes dropped EXE
  PID:1248
- C:\Windows\System\VpyemSY.exe
  C:\Windows\System\VpyemSY.exe
  2⤵
  - Executes dropped EXE
  PID:2360
- C:\Windows\System\AfnCSEa.exe
  C:\Windows\System\AfnCSEa.exe
  2⤵
  - Executes dropped EXE
  PID:1736
- C:\Windows\System\mZETlKQ.exe
  C:\Windows\System\mZETlKQ.exe
  2⤵
  - Executes dropped EXE
  PID:1580
- C:\Windows\System\isAhGeA.exe
  C:\Windows\System\isAhGeA.exe
  2⤵
  - Executes dropped EXE
  PID:2356
- C:\Windows\System\KCIGiAd.exe
  C:\Windows\System\KCIGiAd.exe
  2⤵
  - Executes dropped EXE
  PID:2836
- C:\Windows\System\jRmmSRj.exe
  C:\Windows\System\jRmmSRj.exe
  2⤵
  - Executes dropped EXE
  PID:1692
- C:\Windows\System\ZuXZQcl.exe
  C:\Windows\System\ZuXZQcl.exe
  2⤵
  - Executes dropped EXE
  PID:2860
- C:\Windows\System\BDcVhwD.exe
  C:\Windows\System\BDcVhwD.exe
  2⤵
  - Executes dropped EXE
  PID:2504
- C:\Windows\System\WivZilQ.exe
  C:\Windows\System\WivZilQ.exe
  2⤵
  - Executes dropped EXE
  PID:2316
- C:\Windows\System\WErKVNf.exe
  C:\Windows\System\WErKVNf.exe
  2⤵
  - Executes dropped EXE
  PID:2656
- C:\Windows\System\OCzRsGg.exe
  C:\Windows\System\OCzRsGg.exe
  2⤵
  - Executes dropped EXE
  PID:2972
- C:\Windows\System\Deiwbmq.exe
  C:\Windows\System\Deiwbmq.exe
  2⤵
  - Executes dropped EXE
  PID:2664
- C:\Windows\System\QBZwyaJ.exe
  C:\Windows\System\QBZwyaJ.exe
  2⤵
  PID:2908
- C:\Windows\System\mNJFHtN.exe
  C:\Windows\System\mNJFHtN.exe
  2⤵
  PID:2904
- C:\Windows\System\PZROGKt.exe
  C:\Windows\System\PZROGKt.exe
  2⤵
  PID:2036
- C:\Windows\System\JXJkSVr.exe
  C:\Windows\System\JXJkSVr.exe
  2⤵
  PID:2740
- C:\Windows\System\QkxmAQA.exe
  C:\Windows\System\QkxmAQA.exe
  2⤵
  PID:2876
- C:\Windows\System\bQbyxPU.exe
  C:\Windows\System\bQbyxPU.exe
  2⤵
  PID:2388
- C:\Windows\System\iBIWllg.exe
  C:\Windows\System\iBIWllg.exe
  2⤵
  PID:1636
- C:\Windows\System\AFOxyxW.exe
  C:\Windows\System\AFOxyxW.exe
  2⤵
  PID:324
- C:\Windows\System\OXTVBdw.exe
  C:\Windows\System\OXTVBdw.exe
  2⤵
  PID:2884
- C:\Windows\System\lmOGqlZ.exe
  C:\Windows\System\lmOGqlZ.exe
  2⤵
  PID:2400
- C:\Windows\System\CJcInYK.exe
  C:\Windows\System\CJcInYK.exe
  2⤵
  PID:660
- C:\Windows\System\edmstOh.exe
  C:\Windows\System\edmstOh.exe
  2⤵
  PID:2288
- C:\Windows\System\AnzfAEW.exe
  C:\Windows\System\AnzfAEW.exe
  2⤵
  PID:1272
- C:\Windows\System\giASIRB.exe
  C:\Windows\System\giASIRB.exe
  2⤵
  PID:2068
- C:\Windows\System\QXGeCNC.exe
  C:\Windows\System\QXGeCNC.exe
  2⤵
  PID:2816
- C:\Windows\System\DHfPlQE.exe
  C:\Windows\System\DHfPlQE.exe
  2⤵
  PID:1524
- C:\Windows\System\hIBaRTq.exe
  C:\Windows\System\hIBaRTq.exe
  2⤵
  PID:1136
- C:\Windows\System\QlfIYiS.exe
  C:\Windows\System\QlfIYiS.exe
  2⤵
  PID:1380
- C:\Windows\System\nRixsxV.exe
  C:\Windows\System\nRixsxV.exe
  2⤵
  PID:1672
- C:\Windows\System\Rntlxhy.exe
  C:\Windows\System\Rntlxhy.exe
  2⤵
  PID:1656
- C:\Windows\System\JJnVztq.exe
  C:\Windows\System\JJnVztq.exe
  2⤵
  PID:1352
- C:\Windows\System\nHpCylv.exe
  C:\Windows\System\nHpCylv.exe
  2⤵
  PID:2260
- C:\Windows\System\CUrqSgZ.exe
  C:\Windows\System\CUrqSgZ.exe
  2⤵
  PID:1232
- C:\Windows\System\nBAWFmv.exe
  C:\Windows\System\nBAWFmv.exe
  2⤵
  PID:636
- C:\Windows\System\djfatKb.exe
  C:\Windows\System\djfatKb.exe
  2⤵
  PID:2080
- C:\Windows\System\CXiuxnv.exe
  C:\Windows\System\CXiuxnv.exe
  2⤵
  PID:2112
- C:\Windows\System\RTHOYjB.exe
  C:\Windows\System\RTHOYjB.exe
  2⤵
  PID:1748
- C:\Windows\System\MNIROMZ.exe
  C:\Windows\System\MNIROMZ.exe
  2⤵
  PID:872
- C:\Windows\System\LdfwyEM.exe
  C:\Windows\System\LdfwyEM.exe
  2⤵
  PID:2212
- C:\Windows\System\PWFJlEl.exe
  C:\Windows\System\PWFJlEl.exe
  2⤵
  PID:1588
- C:\Windows\System\STfnLEA.exe
  C:\Windows\System\STfnLEA.exe
  2⤵
  PID:2976
- C:\Windows\System\stGXDtA.exe
  C:\Windows\System\stGXDtA.exe
  2⤵
  PID:2624
- C:\Windows\System\wZNrFWJ.exe
  C:\Windows\System\wZNrFWJ.exe
  2⤵
  PID:2612
- C:\Windows\System\eEYjglN.exe
  C:\Windows\System\eEYjglN.exe
  2⤵
  PID:2704
- C:\Windows\System\ngRjYwP.exe
  C:\Windows\System\ngRjYwP.exe
  2⤵
  PID:3076
- C:\Windows\System\HgJofyS.exe
  C:\Windows\System\HgJofyS.exe
  2⤵
  PID:3100
- C:\Windows\System\zJftDyr.exe
  C:\Windows\System\zJftDyr.exe
  2⤵
  PID:3120
- C:\Windows\System\eIPjumI.exe
  C:\Windows\System\eIPjumI.exe
  2⤵
  PID:3140
- C:\Windows\System\jTFIozg.exe
  C:\Windows\System\jTFIozg.exe
  2⤵
  PID:3160
- C:\Windows\System\SOPUraO.exe
  C:\Windows\System\SOPUraO.exe
  2⤵
  PID:3180
- C:\Windows\System\uCkUvoC.exe
  C:\Windows\System\uCkUvoC.exe
  2⤵
  PID:3200
- C:\Windows\System\Lgqoagr.exe
  C:\Windows\System\Lgqoagr.exe
  2⤵
  PID:3220
- C:\Windows\System\KIBimgv.exe
  C:\Windows\System\KIBimgv.exe
  2⤵
  PID:3240
- C:\Windows\System\scPCKtB.exe
  C:\Windows\System\scPCKtB.exe
  2⤵
  PID:3260
- C:\Windows\System\vIryAWt.exe
  C:\Windows\System\vIryAWt.exe
  2⤵
  PID:3280
- C:\Windows\System\vFTDBqP.exe
  C:\Windows\System\vFTDBqP.exe
  2⤵
  PID:3300
- C:\Windows\System\dezTKHu.exe
  C:\Windows\System\dezTKHu.exe
  2⤵
  PID:3320
- C:\Windows\System\daiwELk.exe
  C:\Windows\System\daiwELk.exe
  2⤵
  PID:3340
- C:\Windows\System\apZzPmO.exe
  C:\Windows\System\apZzPmO.exe
  2⤵
  PID:3360
- C:\Windows\System\zvZLLeB.exe
  C:\Windows\System\zvZLLeB.exe
  2⤵
  PID:3380
- C:\Windows\System\UTMogUc.exe
  C:\Windows\System\UTMogUc.exe
  2⤵
  PID:3400
- C:\Windows\System\JKRcGWZ.exe
  C:\Windows\System\JKRcGWZ.exe
  2⤵
  PID:3420
- C:\Windows\System\EBeZEXS.exe
  C:\Windows\System\EBeZEXS.exe
  2⤵
  PID:3440
- C:\Windows\System\DlZgTnb.exe
  C:\Windows\System\DlZgTnb.exe
  2⤵
  PID:3460
- C:\Windows\System\OsymfVs.exe
  C:\Windows\System\OsymfVs.exe
  2⤵
  PID:3480
- C:\Windows\System\YgYBsXT.exe
  C:\Windows\System\YgYBsXT.exe
  2⤵
  PID:3500
- C:\Windows\System\yaFBWyl.exe
  C:\Windows\System\yaFBWyl.exe
  2⤵
  PID:3520
- C:\Windows\System\YOiXflq.exe
  C:\Windows\System\YOiXflq.exe
  2⤵
  PID:3540
- C:\Windows\System\hkocllC.exe
  C:\Windows\System\hkocllC.exe
  2⤵
  PID:3560
- C:\Windows\System\EtUOPre.exe
  C:\Windows\System\EtUOPre.exe
  2⤵
  PID:3580
- C:\Windows\System\txabHOG.exe
  C:\Windows\System\txabHOG.exe
  2⤵
  PID:3604
- C:\Windows\System\dzKEIoh.exe
  C:\Windows\System\dzKEIoh.exe
  2⤵
  PID:3628
- C:\Windows\System\JZrOKyH.exe
  C:\Windows\System\JZrOKyH.exe
  2⤵
  PID:3648
- C:\Windows\System\ziKIpYN.exe
  C:\Windows\System\ziKIpYN.exe
  2⤵
  PID:3668
- C:\Windows\System\EhyGLFG.exe
  C:\Windows\System\EhyGLFG.exe
  2⤵
  PID:3688
- C:\Windows\System\uKTstbB.exe
  C:\Windows\System\uKTstbB.exe
  2⤵
  PID:3708
- C:\Windows\System\fcCPOLC.exe
  C:\Windows\System\fcCPOLC.exe
  2⤵
  PID:3728
- C:\Windows\System\rlsQIaN.exe
  C:\Windows\System\rlsQIaN.exe
  2⤵
  PID:3748
- C:\Windows\System\gjwGYda.exe
  C:\Windows\System\gjwGYda.exe
  2⤵
  PID:3768
- C:\Windows\System\rcYvrfE.exe
  C:\Windows\System\rcYvrfE.exe
  2⤵
  PID:3788
- C:\Windows\System\VABqSrg.exe
  C:\Windows\System\VABqSrg.exe
  2⤵
  PID:3808
- C:\Windows\System\xTqXfyN.exe
  C:\Windows\System\xTqXfyN.exe
  2⤵
  PID:3828
- C:\Windows\System\JbLlACw.exe
  C:\Windows\System\JbLlACw.exe
  2⤵
  PID:3848
- C:\Windows\System\dRXOfVw.exe
  C:\Windows\System\dRXOfVw.exe
  2⤵
  PID:3868
- C:\Windows\System\FZGSAXU.exe
  C:\Windows\System\FZGSAXU.exe
  2⤵
  PID:3888
- C:\Windows\System\wPqSVQs.exe
  C:\Windows\System\wPqSVQs.exe
  2⤵
  PID:3908
- C:\Windows\System\VvGjIiM.exe
  C:\Windows\System\VvGjIiM.exe
  2⤵
  PID:3928
- C:\Windows\System\xirpCKD.exe
  C:\Windows\System\xirpCKD.exe
  2⤵
  PID:3948
- C:\Windows\System\HsRWuuQ.exe
  C:\Windows\System\HsRWuuQ.exe
  2⤵
  PID:3968
- C:\Windows\System\MsiwMFe.exe
  C:\Windows\System\MsiwMFe.exe
  2⤵
  PID:3988
- C:\Windows\System\YpPJnRA.exe
  C:\Windows\System\YpPJnRA.exe
  2⤵
  PID:4008
- C:\Windows\System\gCyKvKn.exe
  C:\Windows\System\gCyKvKn.exe
  2⤵
  PID:4028
- C:\Windows\System\uCvomJm.exe
  C:\Windows\System\uCvomJm.exe
  2⤵
  PID:4048
- C:\Windows\System\BwQohnf.exe
  C:\Windows\System\BwQohnf.exe
  2⤵
  PID:4068
- C:\Windows\System\gMDcHGB.exe
  C:\Windows\System\gMDcHGB.exe
  2⤵
  PID:4088
- C:\Windows\System\zcLwkJV.exe
  C:\Windows\System\zcLwkJV.exe
  2⤵
  PID:1188
- C:\Windows\System\ipmUMSU.exe
  C:\Windows\System\ipmUMSU.exe
  2⤵
  PID:2872
- C:\Windows\System\MyoHXRL.exe
  C:\Windows\System\MyoHXRL.exe
  2⤵
  PID:2040
- C:\Windows\System\lxFEYEm.exe
  C:\Windows\System\lxFEYEm.exe
  2⤵
  PID:580
- C:\Windows\System\AmWnsCx.exe
  C:\Windows\System\AmWnsCx.exe
  2⤵
  PID:992
- C:\Windows\System\xIDJehC.exe
  C:\Windows\System\xIDJehC.exe
  2⤵
  PID:2944
- C:\Windows\System\rBSNUPz.exe
  C:\Windows\System\rBSNUPz.exe
  2⤵
  PID:2508
- C:\Windows\System\AFMvSPP.exe
  C:\Windows\System\AFMvSPP.exe
  2⤵
  PID:1296
- C:\Windows\System\UPueAZC.exe
  C:\Windows\System\UPueAZC.exe
  2⤵
  PID:2928
- C:\Windows\System\KSLUbJr.exe
  C:\Windows\System\KSLUbJr.exe
  2⤵
  PID:2132
- C:\Windows\System\sZFSKrn.exe
  C:\Windows\System\sZFSKrn.exe
  2⤵
  PID:1780
- C:\Windows\System\uNqpNDj.exe
  C:\Windows\System\uNqpNDj.exe
  2⤵
  PID:1528
- C:\Windows\System\sDCvKpy.exe
  C:\Windows\System\sDCvKpy.exe
  2⤵
  PID:2804
- C:\Windows\System\qsbtXDu.exe
  C:\Windows\System\qsbtXDu.exe
  2⤵
  PID:1704
- C:\Windows\System\iKsgsAt.exe
  C:\Windows\System\iKsgsAt.exe
  2⤵
  PID:1144
- C:\Windows\System\oYtoQXw.exe
  C:\Windows\System\oYtoQXw.exe
  2⤵
  PID:2016
- C:\Windows\System\ToEMHXd.exe
  C:\Windows\System\ToEMHXd.exe
  2⤵
  PID:2340
- C:\Windows\System\psxiRcQ.exe
  C:\Windows\System\psxiRcQ.exe
  2⤵
  PID:1700
- C:\Windows\System\VtzbINT.exe
  C:\Windows\System\VtzbINT.exe
  2⤵
  PID:2800
- C:\Windows\System\EhCPdAQ.exe
  C:\Windows\System\EhCPdAQ.exe
  2⤵
  PID:2428
- C:\Windows\System\LSeYUVn.exe
  C:\Windows\System\LSeYUVn.exe
  2⤵
  PID:1644
- C:\Windows\System\dbSMQjp.exe
  C:\Windows\System\dbSMQjp.exe
  2⤵
  PID:3108
- C:\Windows\System\uwRGzKH.exe
  C:\Windows\System\uwRGzKH.exe
  2⤵
  PID:3132
- C:\Windows\System\XBWHTyc.exe
  C:\Windows\System\XBWHTyc.exe
  2⤵
  PID:3168
- C:\Windows\System\XfQUbyR.exe
  C:\Windows\System\XfQUbyR.exe
  2⤵
  PID:2516
- C:\Windows\System\anFvIlN.exe
  C:\Windows\System\anFvIlN.exe
  2⤵
  PID:3212
- C:\Windows\System\aSzYtxC.exe
  C:\Windows\System\aSzYtxC.exe
  2⤵
  PID:3256
- C:\Windows\System\DjKygeF.exe
  C:\Windows\System\DjKygeF.exe
  2⤵
  PID:3308
- C:\Windows\System\BlxboQk.exe
  C:\Windows\System\BlxboQk.exe
  2⤵
  PID:3336
- C:\Windows\System\ttxESmT.exe
  C:\Windows\System\ttxESmT.exe
  2⤵
  PID:3388
- C:\Windows\System\VnYvldg.exe
  C:\Windows\System\VnYvldg.exe
  2⤵
  PID:3372
- C:\Windows\System\MOMeFQd.exe
  C:\Windows\System\MOMeFQd.exe
  2⤵
  PID:3436
- C:\Windows\System\HOrjrYB.exe
  C:\Windows\System\HOrjrYB.exe
  2⤵
  PID:3476
- C:\Windows\System\hHMaRfW.exe
  C:\Windows\System\hHMaRfW.exe
  2⤵
  PID:3512
- C:\Windows\System\jntElEB.exe
  C:\Windows\System\jntElEB.exe
  2⤵
  PID:3556
- C:\Windows\System\FbJCqvK.exe
  C:\Windows\System\FbJCqvK.exe
  2⤵
  PID:3568
- C:\Windows\System\qcFELwQ.exe
  C:\Windows\System\qcFELwQ.exe
  2⤵
  PID:3592
- C:\Windows\System\xLsqEHz.exe
  C:\Windows\System\xLsqEHz.exe
  2⤵
  PID:3616
- C:\Windows\System\eWxVVBa.exe
  C:\Windows\System\eWxVVBa.exe
  2⤵
  PID:3684
- C:\Windows\System\xxrMfso.exe
  C:\Windows\System\xxrMfso.exe
  2⤵
  PID:3716
- C:\Windows\System\CzJHHkx.exe
  C:\Windows\System\CzJHHkx.exe
  2⤵
  PID:3756
- C:\Windows\System\trHHQgc.exe
  C:\Windows\System\trHHQgc.exe
  2⤵
  PID:3760
- C:\Windows\System\nBfvVWY.exe
  C:\Windows\System\nBfvVWY.exe
  2⤵
  PID:3784
- C:\Windows\System\ueiBCfI.exe
  C:\Windows\System\ueiBCfI.exe
  2⤵
  PID:3840
- C:\Windows\System\yOOJKpU.exe
  C:\Windows\System\yOOJKpU.exe
  2⤵
  PID:3864
- C:\Windows\System\ECVjUjz.exe
  C:\Windows\System\ECVjUjz.exe
  2⤵
  PID:3904
- C:\Windows\System\MvMZCpZ.exe
  C:\Windows\System\MvMZCpZ.exe
  2⤵
  PID:3936
- C:\Windows\System\xFRJrtD.exe
  C:\Windows\System\xFRJrtD.exe
  2⤵
  PID:3996
- C:\Windows\System\hgcVmKi.exe
  C:\Windows\System\hgcVmKi.exe
  2⤵
  PID:3976
- C:\Windows\System\PfHyrrz.exe
  C:\Windows\System\PfHyrrz.exe
  2⤵
  PID:4076
- C:\Windows\System\OXjEiHP.exe
  C:\Windows\System\OXjEiHP.exe
  2⤵
  PID:4080
- C:\Windows\System\ykzGzRO.exe
  C:\Windows\System\ykzGzRO.exe
  2⤵
  PID:2144
- C:\Windows\System\mqumOeL.exe
  C:\Windows\System\mqumOeL.exe
  2⤵
  PID:2028
- C:\Windows\System\UzyPDeu.exe
  C:\Windows\System\UzyPDeu.exe
  2⤵
  PID:3008
- C:\Windows\System\dcnRLEN.exe
  C:\Windows\System\dcnRLEN.exe
  2⤵
  PID:760
- C:\Windows\System\DtfOuDG.exe
  C:\Windows\System\DtfOuDG.exe
  2⤵
  PID:1660
- C:\Windows\System\hNGsphP.exe
  C:\Windows\System\hNGsphP.exe
  2⤵
  PID:2100
- C:\Windows\System\alkjOmQ.exe
  C:\Windows\System\alkjOmQ.exe
  2⤵
  PID:2108
- C:\Windows\System\xzmoGSw.exe
  C:\Windows\System\xzmoGSw.exe
  2⤵
  PID:1916
- C:\Windows\System\nPANdmA.exe
  C:\Windows\System\nPANdmA.exe
  2⤵
  PID:1936
- C:\Windows\System\QNfgQmB.exe
  C:\Windows\System\QNfgQmB.exe
  2⤵
  PID:1332
- C:\Windows\System\RtpVMaX.exe
  C:\Windows\System\RtpVMaX.exe
  2⤵
  PID:308
- C:\Windows\System\XheMqQj.exe
  C:\Windows\System\XheMqQj.exe
  2⤵
  PID:2208
- C:\Windows\System\swoFVAn.exe
  C:\Windows\System\swoFVAn.exe
  2⤵
  PID:2616
- C:\Windows\System\RaQHjjs.exe
  C:\Windows\System\RaQHjjs.exe
  2⤵
  PID:3600
- C:\Windows\System\dGimrXl.exe
  C:\Windows\System\dGimrXl.exe
  2⤵
  PID:3112
- C:\Windows\System\tiPXLYM.exe
  C:\Windows\System\tiPXLYM.exe
  2⤵
  PID:3172
- C:\Windows\System\DEPkJPa.exe
  C:\Windows\System\DEPkJPa.exe
  2⤵
  PID:3296
- C:\Windows\System\WXjLpej.exe
  C:\Windows\System\WXjLpej.exe
  2⤵
  PID:3316
- C:\Windows\System\ZnyLrPD.exe
  C:\Windows\System\ZnyLrPD.exe
  2⤵
  PID:3332
- C:\Windows\System\IlgeqPW.exe
  C:\Windows\System\IlgeqPW.exe
  2⤵
  PID:3376
- C:\Windows\System\XeiWtPT.exe
  C:\Windows\System\XeiWtPT.exe
  2⤵
  PID:3448
- C:\Windows\System\tJvoglc.exe
  C:\Windows\System\tJvoglc.exe
  2⤵
  PID:3536
- C:\Windows\System\ocHmQQg.exe
  C:\Windows\System\ocHmQQg.exe
  2⤵
  PID:2632
- C:\Windows\System\QndNsxt.exe
  C:\Windows\System\QndNsxt.exe
  2⤵
  PID:3596
- C:\Windows\System\mmTxCNm.exe
  C:\Windows\System\mmTxCNm.exe
  2⤵
  PID:3676
- C:\Windows\System\LDqathv.exe
  C:\Windows\System\LDqathv.exe
  2⤵
  PID:3740
- C:\Windows\System\diPnppd.exe
  C:\Windows\System\diPnppd.exe
  2⤵
  PID:3804
- C:\Windows\System\YIYOBFW.exe
  C:\Windows\System\YIYOBFW.exe
  2⤵
  PID:3052
- C:\Windows\System\BNorwbt.exe
  C:\Windows\System\BNorwbt.exe
  2⤵
  PID:3820
- C:\Windows\System\mwkLovH.exe
  C:\Windows\System\mwkLovH.exe
  2⤵
  PID:3960
- C:\Windows\System\edQpXUZ.exe
  C:\Windows\System\edQpXUZ.exe
  2⤵
  PID:3980
- C:\Windows\System\kWxJGsT.exe
  C:\Windows\System\kWxJGsT.exe
  2⤵
  PID:4056
- C:\Windows\System\oIQLtOh.exe
  C:\Windows\System\oIQLtOh.exe
  2⤵
  PID:2156
- C:\Windows\System\EyTblOa.exe
  C:\Windows\System\EyTblOa.exe
  2⤵
  PID:1856
- C:\Windows\System\hBJxhKz.exe
  C:\Windows\System\hBJxhKz.exe
  2⤵
  PID:2300
- C:\Windows\System\uknngtL.exe
  C:\Windows\System\uknngtL.exe
  2⤵
  PID:2588
- C:\Windows\System\TYsnJes.exe
  C:\Windows\System\TYsnJes.exe
  2⤵
  PID:1604
- C:\Windows\System\TBVKuYI.exe
  C:\Windows\System\TBVKuYI.exe
  2⤵
  PID:4104
- C:\Windows\System\iNccaGB.exe
  C:\Windows\System\iNccaGB.exe
  2⤵
  PID:4124
- C:\Windows\System\kkCvFKQ.exe
  C:\Windows\System\kkCvFKQ.exe
  2⤵
  PID:4144
- C:\Windows\System\vhgfEIR.exe
  C:\Windows\System\vhgfEIR.exe
  2⤵
  PID:4164
- C:\Windows\System\chLmBLs.exe
  C:\Windows\System\chLmBLs.exe
  2⤵
  PID:4184
- C:\Windows\System\CFwvrFR.exe
  C:\Windows\System\CFwvrFR.exe
  2⤵
  PID:4204
- C:\Windows\System\ZsqwkHE.exe
  C:\Windows\System\ZsqwkHE.exe
  2⤵
  PID:4224
- C:\Windows\System\geYPVWH.exe
  C:\Windows\System\geYPVWH.exe
  2⤵
  PID:4244
- C:\Windows\System\nHwDZPh.exe
  C:\Windows\System\nHwDZPh.exe
  2⤵
  PID:4264
- C:\Windows\System\HeJXAbW.exe
  C:\Windows\System\HeJXAbW.exe
  2⤵
  PID:4284
- C:\Windows\System\PkImYpQ.exe
  C:\Windows\System\PkImYpQ.exe
  2⤵
  PID:4304
- C:\Windows\System\ekUUmhx.exe
  C:\Windows\System\ekUUmhx.exe
  2⤵
  PID:4324
- C:\Windows\System\cwlblES.exe
  C:\Windows\System\cwlblES.exe
  2⤵
  PID:4344
- C:\Windows\System\SZZgqhM.exe
  C:\Windows\System\SZZgqhM.exe
  2⤵
  PID:4364
- C:\Windows\System\aExsHRs.exe
  C:\Windows\System\aExsHRs.exe
  2⤵
  PID:4384
- C:\Windows\System\SgaQVFt.exe
  C:\Windows\System\SgaQVFt.exe
  2⤵
  PID:4404
- C:\Windows\System\SmwUIDD.exe
  C:\Windows\System\SmwUIDD.exe
  2⤵
  PID:4420
- C:\Windows\System\ZRqmbcW.exe
  C:\Windows\System\ZRqmbcW.exe
  2⤵
  PID:4444
- C:\Windows\System\AWehZlD.exe
  C:\Windows\System\AWehZlD.exe
  2⤵
  PID:4464
- C:\Windows\System\IzXhRyM.exe
  C:\Windows\System\IzXhRyM.exe
  2⤵
  PID:4484
- C:\Windows\System\uDfypXf.exe
  C:\Windows\System\uDfypXf.exe
  2⤵
  PID:4504
- C:\Windows\System\uRuCCcf.exe
  C:\Windows\System\uRuCCcf.exe
  2⤵
  PID:4524
- C:\Windows\System\PRTfqvr.exe
  C:\Windows\System\PRTfqvr.exe
  2⤵
  PID:4544
- C:\Windows\System\nVXCoeg.exe
  C:\Windows\System\nVXCoeg.exe
  2⤵
  PID:4560
- C:\Windows\System\aNEdSjl.exe
  C:\Windows\System\aNEdSjl.exe
  2⤵
  PID:4584
- C:\Windows\System\rCkvtJT.exe
  C:\Windows\System\rCkvtJT.exe
  2⤵
  PID:4604
- C:\Windows\System\cppvssx.exe
  C:\Windows\System\cppvssx.exe
  2⤵
  PID:4624
- C:\Windows\System\qxSwjCd.exe
  C:\Windows\System\qxSwjCd.exe
  2⤵
  PID:4644
- C:\Windows\System\zJuwsLO.exe
  C:\Windows\System\zJuwsLO.exe
  2⤵
  PID:4664
- C:\Windows\System\IYrIpRT.exe
  C:\Windows\System\IYrIpRT.exe
  2⤵
  PID:4684
- C:\Windows\System\IuuxILA.exe
  C:\Windows\System\IuuxILA.exe
  2⤵
  PID:4704
- C:\Windows\System\SVJgLBD.exe
  C:\Windows\System\SVJgLBD.exe
  2⤵
  PID:4724
- C:\Windows\System\cJgZYjt.exe
  C:\Windows\System\cJgZYjt.exe
  2⤵
  PID:4744
- C:\Windows\System\LrCAPnx.exe
  C:\Windows\System\LrCAPnx.exe
  2⤵
  PID:4764
- C:\Windows\System\TZPPTst.exe
  C:\Windows\System\TZPPTst.exe
  2⤵
  PID:4784
- C:\Windows\System\vVtShOp.exe
  C:\Windows\System\vVtShOp.exe
  2⤵
  PID:4804
- C:\Windows\System\ladUYyO.exe
  C:\Windows\System\ladUYyO.exe
  2⤵
  PID:4824
- C:\Windows\System\JaxCAHH.exe
  C:\Windows\System\JaxCAHH.exe
  2⤵
  PID:4844
- C:\Windows\System\UCsmPzo.exe
  C:\Windows\System\UCsmPzo.exe
  2⤵
  PID:4864
- C:\Windows\System\FPGayBR.exe
  C:\Windows\System\FPGayBR.exe
  2⤵
  PID:4884
- C:\Windows\System\lvFIHQx.exe
  C:\Windows\System\lvFIHQx.exe
  2⤵
  PID:4904
- C:\Windows\System\GXhSiOU.exe
  C:\Windows\System\GXhSiOU.exe
  2⤵
  PID:4924
- C:\Windows\System\DgbvirM.exe
  C:\Windows\System\DgbvirM.exe
  2⤵
  PID:4944
- C:\Windows\System\LTcQOBb.exe
  C:\Windows\System\LTcQOBb.exe
  2⤵
  PID:4964
- C:\Windows\System\gXOqRuh.exe
  C:\Windows\System\gXOqRuh.exe
  2⤵
  PID:4984
- C:\Windows\System\ijNQWhX.exe
  C:\Windows\System\ijNQWhX.exe
  2⤵
  PID:5004
- C:\Windows\System\UleghuX.exe
  C:\Windows\System\UleghuX.exe
  2⤵
  PID:5024
- C:\Windows\System\eCtYbDK.exe
  C:\Windows\System\eCtYbDK.exe
  2⤵
  PID:5044
- C:\Windows\System\sHbrxaY.exe
  C:\Windows\System\sHbrxaY.exe
  2⤵
  PID:5064
- C:\Windows\System\gyWSliL.exe
  C:\Windows\System\gyWSliL.exe
  2⤵
  PID:5084
- C:\Windows\System\ZGjrgww.exe
  C:\Windows\System\ZGjrgww.exe
  2⤵
  PID:5104
- C:\Windows\System\wbTNrGq.exe
  C:\Windows\System\wbTNrGq.exe
  2⤵
  PID:912
- C:\Windows\System\VuQhYNg.exe
  C:\Windows\System\VuQhYNg.exe
  2⤵
  PID:1724
- C:\Windows\System\RWgEWQz.exe
  C:\Windows\System\RWgEWQz.exe
  2⤵
  PID:3156
- C:\Windows\System\UWzgmLk.exe
  C:\Windows\System\UWzgmLk.exe
  2⤵
  PID:2772
- C:\Windows\System\zYaEXQq.exe
  C:\Windows\System\zYaEXQq.exe
  2⤵
  PID:3196
- C:\Windows\System\lFYrKNQ.exe
  C:\Windows\System\lFYrKNQ.exe
  2⤵
  PID:3312
- C:\Windows\System\qubhOtc.exe
  C:\Windows\System\qubhOtc.exe
  2⤵
  PID:3428
- C:\Windows\System\Ilgmwrz.exe
  C:\Windows\System\Ilgmwrz.exe
  2⤵
  PID:3552
- C:\Windows\System\PjBLtSD.exe
  C:\Windows\System\PjBLtSD.exe
  2⤵
  PID:3680
- C:\Windows\System\SkyRQuM.exe
  C:\Windows\System\SkyRQuM.exe
  2⤵
  PID:3612
- C:\Windows\System\uMdcUps.exe
  C:\Windows\System\uMdcUps.exe
  2⤵
  PID:3816
- C:\Windows\System\kEJaeyI.exe
  C:\Windows\System\kEJaeyI.exe
  2⤵
  PID:4000
- C:\Windows\System\gJLbJin.exe
  C:\Windows\System\gJLbJin.exe
  2⤵
  PID:3924
- C:\Windows\System\QuZRqFg.exe
  C:\Windows\System\QuZRqFg.exe
  2⤵
  PID:4064
- C:\Windows\System\IeSHOln.exe
  C:\Windows\System\IeSHOln.exe
  2⤵
  PID:1160
- C:\Windows\System\ShWWnHZ.exe
  C:\Windows\System\ShWWnHZ.exe
  2⤵
  PID:1012
- C:\Windows\System\luBgKUr.exe
  C:\Windows\System\luBgKUr.exe
  2⤵
  PID:4120
- C:\Windows\System\HrKAQRm.exe
  C:\Windows\System\HrKAQRm.exe
  2⤵
  PID:1696
- C:\Windows\System\lTBGaYc.exe
  C:\Windows\System\lTBGaYc.exe
  2⤵
  PID:4160
- C:\Windows\System\LFsSMbK.exe
  C:\Windows\System\LFsSMbK.exe
  2⤵
  PID:4172
- C:\Windows\System\FLqbzvh.exe
  C:\Windows\System\FLqbzvh.exe
  2⤵
  PID:4232
- C:\Windows\System\VtZcftr.exe
  C:\Windows\System\VtZcftr.exe
  2⤵
  PID:4280
- C:\Windows\System\shNGYgD.exe
  C:\Windows\System\shNGYgD.exe
  2⤵
  PID:4312
- C:\Windows\System\bflHyGJ.exe
  C:\Windows\System\bflHyGJ.exe
  2⤵
  PID:4296
- C:\Windows\System\adjzPqx.exe
  C:\Windows\System\adjzPqx.exe
  2⤵
  PID:4360
- C:\Windows\System\LTOyakH.exe
  C:\Windows\System\LTOyakH.exe
  2⤵
  PID:4396
- C:\Windows\System\HFXQrrc.exe
  C:\Windows\System\HFXQrrc.exe
  2⤵
  PID:4416
- C:\Windows\System\BSktijY.exe
  C:\Windows\System\BSktijY.exe
  2⤵
  PID:4476
- C:\Windows\System\rADMKvm.exe
  C:\Windows\System\rADMKvm.exe
  2⤵
  PID:4520
- C:\Windows\System\gmOxUkS.exe
  C:\Windows\System\gmOxUkS.exe
  2⤵
  PID:4496
- C:\Windows\System\rAhuaWl.exe
  C:\Windows\System\rAhuaWl.exe
  2⤵
  PID:4532
- C:\Windows\System\VZPeOTx.exe
  C:\Windows\System\VZPeOTx.exe
  2⤵
  PID:4596
- C:\Windows\System\UfaGUcJ.exe
  C:\Windows\System\UfaGUcJ.exe
  2⤵
  PID:4620
- C:\Windows\System\wzduLtq.exe
  C:\Windows\System\wzduLtq.exe
  2⤵
  PID:4656
- C:\Windows\System\QqksCRv.exe
  C:\Windows\System\QqksCRv.exe
  2⤵
  PID:4720
- C:\Windows\System\ZDeOKKi.exe
  C:\Windows\System\ZDeOKKi.exe
  2⤵
  PID:4692
- C:\Windows\System\lMfjsqA.exe
  C:\Windows\System\lMfjsqA.exe
  2⤵
  PID:4796

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\ACpiVnx.exe

Filesize
2.1MB

MD5
324440a47b0e0da86f68b88075a24a58

SHA1
506383c0ebfab1e7adc941b45d125dd00f28a7f6

SHA256
f3e91d81e052c8eafd2485943008da6bb8f79de85086e5d59c339a9cbe33722c

SHA512
468dc272f03968c693705ebdb3fd268289fc6ef2073d416f630705d75780a3de3841fcb1eae32f30bc70e164ed5251604a8973d48b156e65f8034026070050a3

Download Submit
C:\Windows\system\CSqSbSS.exe

Filesize
2.0MB

MD5
7b4e95477cfa210c9f2ba1f811c2349a

SHA1
0d8191d0c76ff095779dc44bab4301c32960b0cf

SHA256
4692a525731ad255867e208268c0c04d071291855480514d99650af48cabb81f

SHA512
70e2fa205c81ab92070b6c920284ab3a5bf08aae183ae19e32e3be59e8d0ec0f584aa5700a18b91f001b88eb2c344bf85542a0273a840a9e7f130e0a27307610

Download Submit
C:\Windows\system\DyzYDhd.exe

Filesize
2.0MB

MD5
cb648fd14bebeb9b912eb76c94830258

SHA1
25ddd5e6dde6804f5cd2f07b9692353f8e7797e5

SHA256
93f102930a16d745295132ea26587e4cc03efa6f666e8c56423c7af95be5e1fe

SHA512
bbc242f8f1f9eb948c20b6ad5e5d24cdd6e39da6333d270a9f2db3a08c2fd83240fce78a3d84777169137814afcf87a074cb8b6465324439952e2409f004a82a

Download Submit
C:\Windows\system\EPbFRSn.exe

Filesize
2.0MB

MD5
66a52be6711ad27da27afde8ea93e909

SHA1
a7391649826d609c8b58d0bdc73805d02bb2a2dd

SHA256
877f5a01b0c3d3212fb6ee059880abf2592c934c59b1c433403f56986d870051

SHA512
75b179ae73d2603cb022fa73e3bbeb1c6d94cbb391ccb316d9072a14820193f29e3df7bf8a6e7ee580366090e47e337d1997b8ce7606b3d1040521249a78c342

Download Submit
C:\Windows\system\EafZoeq.exe

Filesize
2.0MB

MD5
a22e35d4723a0e97ee624becda01333f

SHA1
53a0706e04ef1ef3c731b811a2d482dc493d94e1

SHA256
2d594afd3514d91f59079237b77d143917c3a9724341dc22396f4683ae8d3adb

SHA512
72000f90b6267dc6332f9dec9b81315a7aaf00e55fc95bc30659f909966322185a81e46b1927b9c9b0b2b173fef3376b92bc39705ae562b527c8d5d38777ba14

Download Submit
C:\Windows\system\JDLZkBY.exe

Filesize
2.0MB

MD5
402d8655450edde76d76da2b6acab43c

SHA1
1a9b2424e69d4ea65a0d4104e69c7bcc9c48a2a3

SHA256
c9c2f645219a5970ff2c5a8b5b28173900096e564d5abeacc6380d14989e366c

SHA512
44d11cff230ecc805b91cd6b39953ab363aadab7f734dd79eb846a7741bd8b53744c91b2e0f4ffd8b6dad914007e47ae42e0399951400daee5eb9f77bf3492e4

Download Submit
C:\Windows\system\MCOPlAF.exe

Filesize
2.1MB

MD5
3a346a99916732d95140c1002e02ce70

SHA1
4bf028f74fa36a9413b6473c19536c55b797ae79

SHA256
e2084cf2480f5a7176604270150a0d711474be711c7f743b9cae7bd3288b38fe

SHA512
fd27b192c23e08361698a8669e4565a14deb60838acdd3506fd0b18b785b96cbcfd203e140309d2ffdf2f4264b616e5b446f520236540a0180637c4fc2043f83

Download Submit
C:\Windows\system\NSxQJpM.exe

Filesize
2.0MB

MD5
bf6ff3014611a0e127d86f688ed5fdc6

SHA1
29a978d8f90402edc2eb01e47012d6c379ef80f5

SHA256
12fbeab4c1d4d1bc89d6656647cbc46db74ae85232d6ed30707a7575efa54aed

SHA512
dafc3fba61dcac9726ea6222c4f55a8a8b7b5ad49835e20b63aa5067f2097c27e7bbc595ae092cc8cfb810c22d5538f0a8a505723390c8a914ecc68f8a026c15

Download Submit
C:\Windows\system\NZyBfUZ.exe

Filesize
2.0MB

MD5
29bd36edc06f44f6df8ec8158a747aa2

SHA1
9110be962b9be8d6e14343e093ebe3fd0f3196ab

SHA256
6441521aa4de0b35378d55998ef896bc47ddb4c6d0989c0d15b6283da4fe4365

SHA512
d1ca28b46057f7dd21dd265586fabb73a679758403052f677c59c649c73c0215e5affeaa573bab665b03e942d6dd6e2f84bf1a4966e35312a46240eda68cf332

Download Submit
C:\Windows\system\NrVNSOI.exe

Filesize
2.0MB

MD5
f0588392ee53f0854d7e1d1ea3c8dc54

SHA1
99549357f6364881fc0ba9bf37a971894bb0e6d3

SHA256
2ea71befa0b4b2ee6b37e1216529e2b40d9344c57a9e1ba7caa70c1afda1c15a

SHA512
2d0ae934ef8780547e662ca72ef181fc9341cf1090963b66abac8a2e31a054b9dcaa8a63df27b9ce93d2ed0fc64502f44bf9e471e4643cc57b2b1c25b78e737e

Download Submit
C:\Windows\system\ROKxMWr.exe

Filesize
2.0MB

MD5
3fca272918fa0b4997b2322956f6ec24

SHA1
230f2d156221c25b6f3e9f02d5cfb83732c07ea7

SHA256
a42bd036c92de07f8f6a2b829ada4a02342c1a6273292f677e6f5dfcf98b5b2b

SHA512
ded30f1a38a2a4c2e09df4f20fe482772f7e6c2821a67a35137cbb42422685495b5d5b3c4a5a4ecba6246234e7e3a96d03e7c595b43b3edd9771524220d45292

Download Submit
C:\Windows\system\SBsgdfY.exe

Filesize
2.1MB

MD5
18c1d8f81515d9fdcbb2dad256e7b222

SHA1
b1549e1ecdce698019c40b8eeccb4795bc0bbdb7

SHA256
c49737b634fa3de5b809a19e1af9cdc0068a61bf6e2b92c25769d4ef5b324357

SHA512
7a45c8341e117bc630a09d125829045e4e8f85815f4a2dc9deec2d26270a7e2c5752ca43c7d35a4de99bc69071e06c09b4e580ff90638ba0e40c14f376ebc611

Download Submit
C:\Windows\system\SZReCAP.exe

Filesize
2.1MB

MD5
b0c484c2bcbccf03da5f3e91a138eca9

SHA1
230d8fffc8a7e7b04f9603f124c34b679c264b1b

SHA256
b44cdcaf08970f6b420b40213c3a17e94992afef265e2f0bdb9a5811966ac972

SHA512
f6b9fd702746b3fb7bd5afff3ce57ad345c6778320f1a3494a9288f211cc89123227157360037fb9069921dec540614a2c600f4dcb3160c36fb7a817341d7f2a

Download Submit
C:\Windows\system\XBefTHQ.exe

Filesize
2.0MB

MD5
536a4bb2b7634288fce6322c68b7510a

SHA1
8d34c30a2b14c46a95a0669a1615b717ade23006

SHA256
9a53cfc79650044f826315a526517cba15503cdff7ef319f61721311cb8d1768

SHA512
9d4c71d56397ee068f176482772d12045d226c04886ccb351cc801f0b88f03a902ee9d40ab1b88f48f39e814bf777e7f4364dfdc99738548774ed76fec2785c5

Download Submit
C:\Windows\system\ZjTitwI.exe

Filesize
2.1MB

MD5
01c5086632370dec4e809c4ce22ee7f0

SHA1
b81d7e19f21251fe713549abb8d9d88940a3e40a

SHA256
225a733561bd73e64d765c99971a0ed0fad95ea98c562b9bde451108909689b1

SHA512
c9204e948d7069c01c695f363b2ac5a4cbe7c81956acefa2dcbb1e089593178fa5fa6515167f05848316853ea8f1073137924be0154c53f56ada2cedfc55f890

Download Submit
C:\Windows\system\aSDYgLr.exe

Filesize
2.1MB

MD5
00e012912f47310b4c808353a3ae4868

SHA1
eb4d12330f8185c143747498afa081132d16a001

SHA256
37f305c14cf677b519b13393d3bd1636e17b08e71e5131c13574dde344c2d524

SHA512
27f0a4315aefcc4e722bc20ae5c5d6d27e41fd1e231c164ab66dd93f77d23f79b6049ffa6f353e6db71df4b1f74321a8c9d4d853b56e42921fbdffe92d766511

Download Submit
C:\Windows\system\bQfKYXG.exe

Filesize
2.0MB

MD5
8a59ba003f395334c8bc80f89ee69cfd

SHA1
0092c232448f6d240dd1ffd17fe23e38a86b4255

SHA256
0c86da3e1bc515d5cfc21d481246db9c30196d941c49330f41ed61e8bf9a3dea

SHA512
9dfaa2b341cc82c8c8c0d857f89a373805ac894290ed0dbcd3f58fff69d6cf0638c02f2c67e85f8bcb87088c989f0104437771cad181a8aefed56f2492752261

Download Submit
C:\Windows\system\ffpMpOr.exe

Filesize
2.0MB

MD5
3d2bda3fe64b4c53cff28f6866370d14

SHA1
33e432848fbeb277a1204f2061193feda90fbc55

SHA256
b9bf3299ab1149decfad8aa94d4c58ab18b21238a47e63751aeb5e84156bb98a

SHA512
a29b93cb1d357a1c6e28f5299e61aebf09f73d9460107ed8eda19f8f75957f4337fc4df054cfe3399f6c7ceb5c429916fd6a3f51a32f17f0d71a082bbb485546

Download Submit
C:\Windows\system\gIFOCvw.exe

Filesize
2.1MB

MD5
034c22384b70d93566e9d331a4e5c1ed

SHA1
5f6f63e370094ac4d3154f0e26df1fa36d6a1597

SHA256
f6ef8082d33369aefccb10733fcf8d71e129082d612fd6e317a7cc8ab40ac783

SHA512
590485bb93ad2155051e7cd4eb0864c3346df8170fc1411836330dcdffedb3effa4320540ab6839584ca61cb9e32c42002041d6be271a2e6774656d2e6b93346

Download Submit
C:\Windows\system\hIFpGHD.exe

Filesize
2.1MB

MD5
db3763e16babb6e82d706dbee372b687

SHA1
94755b25a69080adeed73e7c3c3cd729194cf178

SHA256
5f735d514720427c97090950d6cfff8e015ed8230bac33a8b9b6b84c307d422f

SHA512
3a8310d3c42af004eb7785a61433fdb8cdfdf54b7fdcc5482e32ddc6ff56a5becfa597d172bb1f77678e9ae6ac995a1df5102cf56fdc25eff630d4a406ee6cc0

Download Submit
C:\Windows\system\hRTwgOO.exe

Filesize
2.1MB

MD5
11dc14177dacf43aa0c0280c00c7e452

SHA1
304278efa51a2841fbcc5772ffd28c87300d1afb

SHA256
42aa54da74d4171cedbd2c2c78420529e9f0334a0eff8caae4d5ea810d3e8a12

SHA512
c044abf08ad11b6d6f5b5d18c0359081d3b873e484bdb549638b4f068528da53e10db4dbb37e0235d77cec81d61bf4ee8425b999e3e5f7a5085d672aab178191

Download Submit
C:\Windows\system\jElEEKQ.exe

Filesize
2.0MB

MD5
ee99aa03c40d2d6b4b822a25e99914b7

SHA1
40d2ea1b1e8892aeb08ab5851446d8e71e1b0f4f

SHA256
300d33e1bcfc283e9f32de42e98bd5ade1b7b61b643f44a21056dfa1d105f302

SHA512
573ab14652fb99056e7d4885e48a4d750531d4478c8daa3147d9ce593e5c18818d953828e9150c59c0156d09291330e666f422cea760d330042a57085332a68a

Download Submit
C:\Windows\system\msNMogz.exe

Filesize
2.1MB

MD5
62a491d874b517c2b86995b3eccac0fd

SHA1
07bc4c5700084f220112df4799708579ebf775aa

SHA256
caa310ec994964b34bee082b751bdd9f188c1187aafa9490291d0c186d5c4e7e

SHA512
6d005f94a5ca670eadd3ed89697afcfd84e373135c23e0c1a9e63acc9b3e6178509d9c102b02b26b344257f0856d1b19a5c7abd0a0a5ff1b71faf376fc756081

Download Submit
C:\Windows\system\oCIGrsi.exe

Filesize
2.0MB

MD5
c3b109532193311b837d3d8a61720685

SHA1
c5323380e07ab8cdaf867b58f3504b4591616753

SHA256
6ca5a5c1a53eda4170d8c04bf1306f4c9fc58adc8aacb3945ebbdcb1aba2a856

SHA512
0fae54c85c69053758fbe0d33e899ef3df45122ccf6738ce9532e0bbd7005ec71af6385b963c1d5356953d79b7e132de045d3dd88915e1451727b222fcc48a34

Download Submit
C:\Windows\system\rAoOmEl.exe

Filesize
2.1MB

MD5
52a820f9915fdd805e24ff8e7d2cf2ac

SHA1
f62d62a2fa7eb8337bafbb78fae6afb28b998387

SHA256
81d734ac73d814478dbf38bc90570a67c7d75c7b30eecc3bdcda718bffd62199

SHA512
51f8d51a9f890d35b098447714b418b89ed7ae2fba644105e39bbf0ad86e215086825f722ade216d70ad997c656729610c4b24ba63b36aca133c5307c8cc1428

Download Submit
C:\Windows\system\xxoHMej.exe

Filesize
2.1MB

MD5
6cfd0a79556730d5aa33397e4f9db6da

SHA1
b21d1551c152befbc746f0c7f7e2ca62ecd8e33a

SHA256
bafb78d3758ad5bb0e9e644e2758d3e79288037c0fc5d28e4cd4f17f9a1d02ca

SHA512
b934d242be01b6339c8656f4f8f067d5712fecb27d7b88c07827a681565a9411d15a739c223a4e437100d67b065b893837032353f634e33a85f6fe1db850bb29

Download Submit
C:\Windows\system\zdwbCTt.exe

Filesize
2.1MB

MD5
02e5690c3c57150475569c7c78283652

SHA1
3aab83f0c1eeb2b063b3e1fe3bc3cfda2a6d01df

SHA256
aea7c1861e84241ab366453ff00137732ff07e7f0502d6e0ad5309c4b6abe732

SHA512
a1b6fec8b588b73271ca41dcdab1bc642ad86c5acdc2db584a1a58be2beae815c1f224864971e0f48fb06b8a1157c00d3cc7ac83d0c98dc5249140756e4044d3

Download Submit
\Windows\system\OVwNoae.exe

Filesize
2.0MB

MD5
bbaca49c13f5d704bfe011f719c4cf17

SHA1
862719d463f33b4db785e767ca1ca5c1d8fe068c

SHA256
8839298431bd19c488f86cead169b51577cbf54f2f4f531d45646b0a0f9bb10a

SHA512
a9b824cfc5d0d1dc023c8ccc36ee8556cdf4fd3d757b14f60991aeafd969ef2763bed28ecb84be5400682b338fb88c610fc37f65db286a5515b341289f2e4a10

Download Submit
\Windows\system\WPGWjYy.exe

Filesize
2.0MB

MD5
99605a19e08a80371240d24c62e32068

SHA1
4a603028b15dc172f117575f1bca674abceaec88

SHA256
0d9fcb63d8cb9eb658e706cbd7a0a550b4014b6eade72beb57251d0878e928da

SHA512
938d2c4173ca48c1efb7cbd614f3bef440dd434b712ff28c8708470aef30b4c194d514c03ec426c47cb4c480c955b145b13bdc156fc0f2465458cb381a9c58c1

Download Submit
\Windows\system\YOhuIDh.exe

Filesize
2.0MB

MD5
6a57f2d182f78fce88c671849195da89

SHA1
09adb8ba4f6214ce0f26678d70dd094f42f039d1

SHA256
caa43357febc9095c25ebb7f54f0116821c87110974d7ff0ceca29a43e9c282a

SHA512
233a547b3dfe756f0053d43762f99165bd626844b414fd0febcdfdc17c829f93cc392e3c127e3e2709275d9fdeb5e8ae9368d12add751dc1e542bf60a1289f5b

Download Submit
\Windows\system\igfskJy.exe

Filesize
2.0MB

MD5
bdf7d96d7c3129a0e6a3afcd5afb31b4

SHA1
70a9f8f7e44ffb553d9713c57cbd79cbdb5c0c0c

SHA256
82ed74b9a4c14331d7af52731952bca771380c9135654d4abedb665840b257e6

SHA512
2ae5b8aa3bffa68592266352241049f42f531cf0ceb9a341543fe4d3c21e6013f1d7a6a58dab59969d5185845c8debad22fc345b3d3a2c8dfdc38b45b15318b1

Download Submit
\Windows\system\pJJvvcX.exe

Filesize
2.0MB

MD5
795d5f95d7ada00bd630e01086db1c3f

SHA1
5b61361dd44797a16bf925806c476629a3670a21

SHA256
27b84028e023728b311dc89b017c9b6c3c58d121ee4bbe7c227fd8e701c57a9b

SHA512
abeade2971e048684ca8532e6d4926a8b228ea6f3a66b33117c2e793f3604dd8db8a4ce8d504420439602a0017c6693219e360ce0c55395e67d87e00e4448956

Download Submit
memory/2416-1039-0x000000013FF90000-0x00000001402E4000-memory.dmp

Filesize
3.3MB

Download
memory/2416-1098-0x000000013FF90000-0x00000001402E4000-memory.dmp

Filesize
3.3MB

Download
memory/2416-63-0x000000013FF90000-0x00000001402E4000-memory.dmp

Filesize
3.3MB

Download
memory/2420-41-0x000000013F030000-0x000000013F384000-memory.dmp

Filesize
3.3MB

Download
memory/2420-1088-0x000000013F030000-0x000000013F384000-memory.dmp

Filesize
3.3MB

Download
memory/2488-1093-0x000000013FEF0000-0x0000000140244000-memory.dmp

Filesize
3.3MB

Download
memory/2488-1076-0x000000013FEF0000-0x0000000140244000-memory.dmp

Filesize
3.3MB

Download
memory/2488-71-0x000000013FEF0000-0x0000000140244000-memory.dmp

Filesize
3.3MB

Download
memory/2560-91-0x000000013FCB0000-0x0000000140004000-memory.dmp

Filesize
3.3MB

Download
memory/2560-40-0x000000013FCB0000-0x0000000140004000-memory.dmp

Filesize
3.3MB

Download
memory/2560-1089-0x000000013FCB0000-0x0000000140004000-memory.dmp

Filesize
3.3MB

Download
memory/2564-100-0x000000013F950000-0x000000013FCA4000-memory.dmp

Filesize
3.3MB

Download
memory/2564-1091-0x000000013F950000-0x000000013FCA4000-memory.dmp

Filesize
3.3MB

Download
memory/2564-45-0x000000013F950000-0x000000013FCA4000-memory.dmp

Filesize
3.3MB

Download
memory/2648-677-0x000000013F7C0000-0x000000013FB14000-memory.dmp

Filesize
3.3MB

Download
memory/2648-1092-0x000000013F7C0000-0x000000013FB14000-memory.dmp

Filesize
3.3MB

Download
memory/2648-56-0x000000013F7C0000-0x000000013FB14000-memory.dmp

Filesize
3.3MB

Download
memory/2660-106-0x000000013FD40000-0x0000000140094000-memory.dmp

Filesize
3.3MB

Download
memory/2660-1090-0x000000013FD40000-0x0000000140094000-memory.dmp

Filesize
3.3MB

Download
memory/2660-47-0x000000013FD40000-0x0000000140094000-memory.dmp

Filesize
3.3MB

Download
memory/2684-35-0x0000000002000000-0x0000000002354000-memory.dmp

Filesize
3.3MB

Download
memory/2684-1079-0x0000000002000000-0x0000000002354000-memory.dmp

Filesize
3.3MB

Download
memory/2684-62-0x000000013FF90000-0x00000001402E4000-memory.dmp

Filesize
3.3MB

Download
memory/2684-1-0x0000000000200000-0x0000000000210000-memory.dmp

Filesize
64KB

Download
memory/2684-74-0x0000000002000000-0x0000000002354000-memory.dmp

Filesize
3.3MB

Download
memory/2684-70-0x000000013FEF0000-0x0000000140244000-memory.dmp

Filesize
3.3MB

Download
memory/2684-69-0x000000013FCB0000-0x0000000140004000-memory.dmp

Filesize
3.3MB

Download
memory/2684-107-0x000000013FAB0000-0x000000013FE04000-memory.dmp

Filesize
3.3MB

Download
memory/2684-6-0x000000013F660000-0x000000013F9B4000-memory.dmp

Filesize
3.3MB

Download
memory/2684-14-0x0000000002000000-0x0000000002354000-memory.dmp

Filesize
3.3MB

Download
memory/2684-83-0x0000000002000000-0x0000000002354000-memory.dmp

Filesize
3.3MB

Download
memory/2684-0-0x000000013F080000-0x000000013F3D4000-memory.dmp

Filesize
3.3MB

Download
memory/2684-1075-0x000000013FEF0000-0x0000000140244000-memory.dmp

Filesize
3.3MB

Download
memory/2684-43-0x000000013F080000-0x000000013F3D4000-memory.dmp

Filesize
3.3MB

Download
memory/2684-1038-0x000000013FF90000-0x00000001402E4000-memory.dmp

Filesize
3.3MB

Download
memory/2684-54-0x0000000002000000-0x0000000002354000-memory.dmp

Filesize
3.3MB

Download
memory/2684-36-0x000000013FD40000-0x0000000140094000-memory.dmp

Filesize
3.3MB

Download
memory/2684-92-0x000000013FB70000-0x000000013FEC4000-memory.dmp

Filesize
3.3MB

Download
memory/2684-28-0x000000013FCB0000-0x0000000140004000-memory.dmp

Filesize
3.3MB

Download
memory/2684-1077-0x0000000002000000-0x0000000002354000-memory.dmp

Filesize
3.3MB

Download
memory/2684-1084-0x000000013FAB0000-0x000000013FE04000-memory.dmp

Filesize
3.3MB

Download
memory/2684-1083-0x0000000002000000-0x0000000002354000-memory.dmp

Filesize
3.3MB

Download
memory/2684-1081-0x000000013FB70000-0x000000013FEC4000-memory.dmp

Filesize
3.3MB

Download
memory/2692-84-0x000000013F3C0000-0x000000013F714000-memory.dmp

Filesize
3.3MB

Download
memory/2692-1080-0x000000013F3C0000-0x000000013F714000-memory.dmp

Filesize
3.3MB

Download
memory/2692-1095-0x000000013F3C0000-0x000000013F714000-memory.dmp

Filesize
3.3MB

Download
memory/2744-1082-0x000000013FB70000-0x000000013FEC4000-memory.dmp

Filesize
3.3MB

Download
memory/2744-1096-0x000000013FB70000-0x000000013FEC4000-memory.dmp

Filesize
3.3MB

Download
memory/2744-93-0x000000013FB70000-0x000000013FEC4000-memory.dmp

Filesize
3.3MB

Download
memory/2776-101-0x000000013F210000-0x000000013F564000-memory.dmp

Filesize
3.3MB

Download
memory/2776-1097-0x000000013F210000-0x000000013F564000-memory.dmp

Filesize
3.3MB

Download
memory/2788-1085-0x000000013F080000-0x000000013F3D4000-memory.dmp

Filesize
3.3MB

Download
memory/2788-15-0x000000013F080000-0x000000013F3D4000-memory.dmp

Filesize
3.3MB

Download
memory/2864-53-0x000000013F660000-0x000000013F9B4000-memory.dmp

Filesize
3.3MB

Download
memory/2864-1086-0x000000013F660000-0x000000013F9B4000-memory.dmp

Filesize
3.3MB

Download
memory/2916-77-0x000000013F1A0000-0x000000013F4F4000-memory.dmp

Filesize
3.3MB

Download
memory/2916-1094-0x000000013F1A0000-0x000000013F4F4000-memory.dmp

Filesize
3.3MB

Download
memory/2916-1078-0x000000013F1A0000-0x000000013F4F4000-memory.dmp

Filesize
3.3MB

Download
memory/3056-22-0x000000013FB80000-0x000000013FED4000-memory.dmp

Filesize
3.3MB

Download
memory/3056-1087-0x000000013FB80000-0x000000013FED4000-memory.dmp

Filesize
3.3MB

Download
memory/3056-61-0x000000013FB80000-0x000000013FED4000-memory.dmp

Filesize
3.3MB

Download