kpot | 64db4a20ee72adcbc9a8ae5d80142629a65729a30cce436b8f604d6b6120e757

Analysis

max time kernel
147s
max time network
148s
platform
windows7_x64
resource
win7-20240611-en
resource tags

arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system
submitted
26-06-2024 07:16

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

64db4a20ee72adcbc9a8ae5d80142629a65729a30cce436b8f604d6b6120e757_NeikiAnalytics.exe
Size

2.3MB
MD5

29a859f0e624818c3af7a8e0c82214c0
SHA1

9e030d86ce717ee4f6b24ed8ff38e0b25d5ea4ea
SHA256

64db4a20ee72adcbc9a8ae5d80142629a65729a30cce436b8f604d6b6120e757
SHA512

1690cb067be502e5057c5ed494ba8277069677fe49bfe01c069b91a22334b07939771aee1c546b0f01c4e7925b6959ccadaeab25a4ca1a9b5dbbf76f447c72c1
SSDEEP

49152:BezaTF8FcNkNdfE0pZ9ozt4wIC5aIwC+Agr6StVEnmcKxYDvZThTRzG:BemTLkNdfE0pZrw8

Score

10^/10

kpot xmrig miner stealer trojan upx

Malware Config

Signatures

KPOT
KPOT is an information stealer that steals user data and account credentials.
trojan stealer kpot

KPOT Core Executable 32 IoCs

resource	yara_rule
behavioral1/files/0x000500000000b309-3.dat	family_kpot
behavioral1/files/0x0063000000014162-12.dat	family_kpot
behavioral1/files/0x000c000000014230-20.dat	family_kpot
behavioral1/files/0x00070000000142f9-23.dat	family_kpot
behavioral1/files/0x000700000001430e-34.dat	family_kpot
behavioral1/files/0x0007000000014f57-48.dat	family_kpot
behavioral1/files/0x0006000000016820-61.dat	family_kpot
behavioral1/files/0x0006000000016c4f-98.dat	family_kpot
behavioral1/files/0x0006000000016d09-129.dat	family_kpot
behavioral1/files/0x0006000000017038-192.dat	family_kpot
behavioral1/files/0x0006000000016da9-189.dat	family_kpot
behavioral1/files/0x0006000000016da2-184.dat	family_kpot
behavioral1/files/0x0006000000016d97-179.dat	family_kpot
behavioral1/files/0x0006000000016d8e-174.dat	family_kpot
behavioral1/files/0x0006000000016d7f-169.dat	family_kpot
behavioral1/files/0x0006000000016d65-164.dat	family_kpot
behavioral1/files/0x0006000000016d51-159.dat	family_kpot
behavioral1/files/0x0006000000016d35-154.dat	family_kpot
behavioral1/files/0x0006000000016d2e-149.dat	family_kpot
behavioral1/files/0x0006000000016d2a-144.dat	family_kpot
behavioral1/files/0x0006000000016d25-139.dat	family_kpot
behavioral1/files/0x0006000000016d11-134.dat	family_kpot
behavioral1/files/0x0006000000016d01-124.dat	family_kpot
behavioral1/files/0x0006000000016cf0-119.dat	family_kpot
behavioral1/files/0x0006000000016cc7-114.dat	family_kpot
behavioral1/files/0x0006000000016c9c-108.dat	family_kpot
behavioral1/files/0x00630000000141ec-93.dat	family_kpot
behavioral1/files/0x0006000000016c46-85.dat	family_kpot
behavioral1/files/0x0006000000016c2d-77.dat	family_kpot
behavioral1/files/0x0006000000016a74-70.dat	family_kpot
behavioral1/files/0x00070000000165f9-54.dat	family_kpot
behavioral1/files/0x0009000000014e32-40.dat	family_kpot

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/2384-0-0x000000013F430000-0x000000013F784000-memory.dmp	xmrig
behavioral1/files/0x000500000000b309-3.dat	xmrig
behavioral1/files/0x0063000000014162-12.dat	xmrig
behavioral1/memory/1936-15-0x000000013F1F0000-0x000000013F544000-memory.dmp	xmrig
behavioral1/memory/2964-11-0x000000013F5E0000-0x000000013F934000-memory.dmp	xmrig
behavioral1/memory/2384-9-0x0000000001FD0000-0x0000000002324000-memory.dmp	xmrig
behavioral1/files/0x000c000000014230-20.dat	xmrig
behavioral1/files/0x00070000000142f9-23.dat	xmrig
behavioral1/files/0x000700000001430e-34.dat	xmrig
behavioral1/memory/2976-43-0x000000013FE60000-0x00000001401B4000-memory.dmp	xmrig
behavioral1/files/0x0007000000014f57-48.dat	xmrig
behavioral1/files/0x0006000000016820-61.dat	xmrig
behavioral1/files/0x0006000000016c4f-98.dat	xmrig
behavioral1/files/0x0006000000016d09-129.dat	xmrig
behavioral1/files/0x0006000000017038-192.dat	xmrig
behavioral1/memory/2868-1042-0x000000013F710000-0x000000013FA64000-memory.dmp	xmrig
behavioral1/memory/2124-1080-0x000000013F1C0000-0x000000013F514000-memory.dmp	xmrig
behavioral1/memory/1712-1082-0x000000013FEC0000-0x0000000140214000-memory.dmp	xmrig
behavioral1/memory/2548-684-0x000000013F870000-0x000000013FBC4000-memory.dmp	xmrig
behavioral1/memory/2728-368-0x000000013F130000-0x000000013F484000-memory.dmp	xmrig
behavioral1/files/0x0006000000016da9-189.dat	xmrig
behavioral1/files/0x0006000000016da2-184.dat	xmrig
behavioral1/files/0x0006000000016d97-179.dat	xmrig
behavioral1/files/0x0006000000016d8e-174.dat	xmrig
behavioral1/files/0x0006000000016d7f-169.dat	xmrig
behavioral1/files/0x0006000000016d65-164.dat	xmrig
behavioral1/files/0x0006000000016d51-159.dat	xmrig
behavioral1/files/0x0006000000016d35-154.dat	xmrig
behavioral1/files/0x0006000000016d2e-149.dat	xmrig
behavioral1/files/0x0006000000016d2a-144.dat	xmrig
behavioral1/files/0x0006000000016d25-139.dat	xmrig
behavioral1/files/0x0006000000016d11-134.dat	xmrig
behavioral1/files/0x0006000000016d01-124.dat	xmrig
behavioral1/files/0x0006000000016cf0-119.dat	xmrig
behavioral1/files/0x0006000000016cc7-114.dat	xmrig
behavioral1/files/0x0006000000016c9c-108.dat	xmrig
behavioral1/memory/2236-103-0x000000013F6B0000-0x000000013FA04000-memory.dmp	xmrig
behavioral1/memory/2976-102-0x000000013FE60000-0x00000001401B4000-memory.dmp	xmrig
behavioral1/memory/2872-96-0x000000013F7F0000-0x000000013FB44000-memory.dmp	xmrig
behavioral1/memory/2824-95-0x000000013FFC0000-0x0000000140314000-memory.dmp	xmrig
behavioral1/files/0x00630000000141ec-93.dat	xmrig
behavioral1/memory/1712-88-0x000000013FEC0000-0x0000000140214000-memory.dmp	xmrig
behavioral1/memory/2660-86-0x000000013F940000-0x000000013FC94000-memory.dmp	xmrig
behavioral1/files/0x0006000000016c46-85.dat	xmrig
behavioral1/memory/2124-79-0x000000013F1C0000-0x000000013F514000-memory.dmp	xmrig
behavioral1/files/0x0006000000016c2d-77.dat	xmrig
behavioral1/memory/2868-73-0x000000013F710000-0x000000013FA64000-memory.dmp	xmrig
behavioral1/files/0x0006000000016a74-70.dat	xmrig
behavioral1/memory/2548-66-0x000000013F870000-0x000000013FBC4000-memory.dmp	xmrig
behavioral1/memory/2964-65-0x000000013F5E0000-0x000000013F934000-memory.dmp	xmrig
behavioral1/memory/2384-63-0x000000013F430000-0x000000013F784000-memory.dmp	xmrig
behavioral1/memory/2728-56-0x000000013F130000-0x000000013F484000-memory.dmp	xmrig
behavioral1/files/0x00070000000165f9-54.dat	xmrig
behavioral1/memory/852-51-0x000000013FED0000-0x0000000140224000-memory.dmp	xmrig
behavioral1/files/0x0009000000014e32-40.dat	xmrig
behavioral1/memory/2696-37-0x000000013F030000-0x000000013F384000-memory.dmp	xmrig
behavioral1/memory/2824-29-0x000000013FFC0000-0x0000000140314000-memory.dmp	xmrig
behavioral1/memory/2660-22-0x000000013F940000-0x000000013FC94000-memory.dmp	xmrig
behavioral1/memory/2872-1084-0x000000013F7F0000-0x000000013FB44000-memory.dmp	xmrig
behavioral1/memory/2236-1086-0x000000013F6B0000-0x000000013FA04000-memory.dmp	xmrig
behavioral1/memory/1936-1088-0x000000013F1F0000-0x000000013F544000-memory.dmp	xmrig
behavioral1/memory/2964-1089-0x000000013F5E0000-0x000000013F934000-memory.dmp	xmrig
behavioral1/memory/2660-1090-0x000000013F940000-0x000000013FC94000-memory.dmp	xmrig
behavioral1/memory/2824-1091-0x000000013FFC0000-0x0000000140314000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2964	vUnzBwp.exe
1936	VUXnqdN.exe
2660	kViHrva.exe
2824	BzwmiUM.exe
2696	ziGolDf.exe
2976	lryBeGw.exe
852	wrhDxlY.exe
2728	MoQqbZb.exe
2548	VLXgkcq.exe
2868	voZbCNB.exe
2124	rVmcaLE.exe
1712	FBVBirS.exe
2872	uZLGXmj.exe
2236	XmhwHuh.exe
2780	jnbzFdM.exe
2924	npXSOmC.exe
1692	DzxCwmY.exe
2400	wRphpjC.exe
2020	mOEavSN.exe
2016	NRBjgMS.exe
1512	gOUzyQc.exe
1592	JvQRWdR.exe
2476	MaIxJQF.exe
2036	ewdHsRG.exe
2748	xWZMLAe.exe
2532	juMfjLI.exe
2280	KDSuazU.exe
1660	BACMUwt.exe
680	OfpNSpb.exe
768	EwHnUpN.exe
572	GQPcfDu.exe
2472	COxevDt.exe
1088	XbLmRdT.exe
660	VjHeKVb.exe
1996	BnFIEbm.exe
2328	aqvajPl.exe
2056	pSwDDnD.exe
2060	qZqeHbD.exe
2432	XqAsYJg.exe
2644	pmMSCiw.exe
1780	KzwasNG.exe
1388	HymeQRL.exe
772	GVWNLdM.exe
1048	VrwOYBA.exe
284	aamkwkb.exe
1096	mjJshTU.exe
1312	NwpCuSI.exe
1676	nmBfxiu.exe
2972	wvkUYBT.exe
1720	cZFUvVZ.exe
1280	wipkIhL.exe
2080	YdRUpmn.exe
2336	TzvZXeu.exe
2636	HoIuqIA.exe
2152	vxmuKNB.exe
1972	SoSmVAX.exe
1680	odShgkG.exe
1700	HJeczMj.exe
3048	ljvplCp.exe
2708	rpKnrhU.exe
2688	rJoSKmX.exe
2588	AmUIUEy.exe
2556	uCpnwdm.exe
2960	jIhyFZE.exe

Loads dropped DLL 64 IoCs

pid	Process
2384	64db4a20ee72adcbc9a8ae5d80142629a65729a30cce436b8f604d6b6120e757_NeikiAnalytics.exe
2384	64db4a20ee72adcbc9a8ae5d80142629a65729a30cce436b8f604d6b6120e757_NeikiAnalytics.exe
2384	64db4a20ee72adcbc9a8ae5d80142629a65729a30cce436b8f604d6b6120e757_NeikiAnalytics.exe
2384	64db4a20ee72adcbc9a8ae5d80142629a65729a30cce436b8f604d6b6120e757_NeikiAnalytics.exe
2384	64db4a20ee72adcbc9a8ae5d80142629a65729a30cce436b8f604d6b6120e757_NeikiAnalytics.exe
2384	64db4a20ee72adcbc9a8ae5d80142629a65729a30cce436b8f604d6b6120e757_NeikiAnalytics.exe
2384	64db4a20ee72adcbc9a8ae5d80142629a65729a30cce436b8f604d6b6120e757_NeikiAnalytics.exe
2384	64db4a20ee72adcbc9a8ae5d80142629a65729a30cce436b8f604d6b6120e757_NeikiAnalytics.exe
2384	64db4a20ee72adcbc9a8ae5d80142629a65729a30cce436b8f604d6b6120e757_NeikiAnalytics.exe
2384	64db4a20ee72adcbc9a8ae5d80142629a65729a30cce436b8f604d6b6120e757_NeikiAnalytics.exe
2384	64db4a20ee72adcbc9a8ae5d80142629a65729a30cce436b8f604d6b6120e757_NeikiAnalytics.exe
2384	64db4a20ee72adcbc9a8ae5d80142629a65729a30cce436b8f604d6b6120e757_NeikiAnalytics.exe
2384	64db4a20ee72adcbc9a8ae5d80142629a65729a30cce436b8f604d6b6120e757_NeikiAnalytics.exe
2384	64db4a20ee72adcbc9a8ae5d80142629a65729a30cce436b8f604d6b6120e757_NeikiAnalytics.exe
2384	64db4a20ee72adcbc9a8ae5d80142629a65729a30cce436b8f604d6b6120e757_NeikiAnalytics.exe
2384	64db4a20ee72adcbc9a8ae5d80142629a65729a30cce436b8f604d6b6120e757_NeikiAnalytics.exe
2384	64db4a20ee72adcbc9a8ae5d80142629a65729a30cce436b8f604d6b6120e757_NeikiAnalytics.exe
2384	64db4a20ee72adcbc9a8ae5d80142629a65729a30cce436b8f604d6b6120e757_NeikiAnalytics.exe
2384	64db4a20ee72adcbc9a8ae5d80142629a65729a30cce436b8f604d6b6120e757_NeikiAnalytics.exe
2384	64db4a20ee72adcbc9a8ae5d80142629a65729a30cce436b8f604d6b6120e757_NeikiAnalytics.exe
2384	64db4a20ee72adcbc9a8ae5d80142629a65729a30cce436b8f604d6b6120e757_NeikiAnalytics.exe
2384	64db4a20ee72adcbc9a8ae5d80142629a65729a30cce436b8f604d6b6120e757_NeikiAnalytics.exe
2384	64db4a20ee72adcbc9a8ae5d80142629a65729a30cce436b8f604d6b6120e757_NeikiAnalytics.exe
2384	64db4a20ee72adcbc9a8ae5d80142629a65729a30cce436b8f604d6b6120e757_NeikiAnalytics.exe
2384	64db4a20ee72adcbc9a8ae5d80142629a65729a30cce436b8f604d6b6120e757_NeikiAnalytics.exe
2384	64db4a20ee72adcbc9a8ae5d80142629a65729a30cce436b8f604d6b6120e757_NeikiAnalytics.exe
2384	64db4a20ee72adcbc9a8ae5d80142629a65729a30cce436b8f604d6b6120e757_NeikiAnalytics.exe
2384	64db4a20ee72adcbc9a8ae5d80142629a65729a30cce436b8f604d6b6120e757_NeikiAnalytics.exe
2384	64db4a20ee72adcbc9a8ae5d80142629a65729a30cce436b8f604d6b6120e757_NeikiAnalytics.exe
2384	64db4a20ee72adcbc9a8ae5d80142629a65729a30cce436b8f604d6b6120e757_NeikiAnalytics.exe
2384	64db4a20ee72adcbc9a8ae5d80142629a65729a30cce436b8f604d6b6120e757_NeikiAnalytics.exe
2384	64db4a20ee72adcbc9a8ae5d80142629a65729a30cce436b8f604d6b6120e757_NeikiAnalytics.exe
2384	64db4a20ee72adcbc9a8ae5d80142629a65729a30cce436b8f604d6b6120e757_NeikiAnalytics.exe
2384	64db4a20ee72adcbc9a8ae5d80142629a65729a30cce436b8f604d6b6120e757_NeikiAnalytics.exe
2384	64db4a20ee72adcbc9a8ae5d80142629a65729a30cce436b8f604d6b6120e757_NeikiAnalytics.exe
2384	64db4a20ee72adcbc9a8ae5d80142629a65729a30cce436b8f604d6b6120e757_NeikiAnalytics.exe
2384	64db4a20ee72adcbc9a8ae5d80142629a65729a30cce436b8f604d6b6120e757_NeikiAnalytics.exe
2384	64db4a20ee72adcbc9a8ae5d80142629a65729a30cce436b8f604d6b6120e757_NeikiAnalytics.exe
2384	64db4a20ee72adcbc9a8ae5d80142629a65729a30cce436b8f604d6b6120e757_NeikiAnalytics.exe
2384	64db4a20ee72adcbc9a8ae5d80142629a65729a30cce436b8f604d6b6120e757_NeikiAnalytics.exe
2384	64db4a20ee72adcbc9a8ae5d80142629a65729a30cce436b8f604d6b6120e757_NeikiAnalytics.exe
2384	64db4a20ee72adcbc9a8ae5d80142629a65729a30cce436b8f604d6b6120e757_NeikiAnalytics.exe
2384	64db4a20ee72adcbc9a8ae5d80142629a65729a30cce436b8f604d6b6120e757_NeikiAnalytics.exe
2384	64db4a20ee72adcbc9a8ae5d80142629a65729a30cce436b8f604d6b6120e757_NeikiAnalytics.exe
2384	64db4a20ee72adcbc9a8ae5d80142629a65729a30cce436b8f604d6b6120e757_NeikiAnalytics.exe
2384	64db4a20ee72adcbc9a8ae5d80142629a65729a30cce436b8f604d6b6120e757_NeikiAnalytics.exe
2384	64db4a20ee72adcbc9a8ae5d80142629a65729a30cce436b8f604d6b6120e757_NeikiAnalytics.exe
2384	64db4a20ee72adcbc9a8ae5d80142629a65729a30cce436b8f604d6b6120e757_NeikiAnalytics.exe
2384	64db4a20ee72adcbc9a8ae5d80142629a65729a30cce436b8f604d6b6120e757_NeikiAnalytics.exe
2384	64db4a20ee72adcbc9a8ae5d80142629a65729a30cce436b8f604d6b6120e757_NeikiAnalytics.exe
2384	64db4a20ee72adcbc9a8ae5d80142629a65729a30cce436b8f604d6b6120e757_NeikiAnalytics.exe
2384	64db4a20ee72adcbc9a8ae5d80142629a65729a30cce436b8f604d6b6120e757_NeikiAnalytics.exe
2384	64db4a20ee72adcbc9a8ae5d80142629a65729a30cce436b8f604d6b6120e757_NeikiAnalytics.exe
2384	64db4a20ee72adcbc9a8ae5d80142629a65729a30cce436b8f604d6b6120e757_NeikiAnalytics.exe
2384	64db4a20ee72adcbc9a8ae5d80142629a65729a30cce436b8f604d6b6120e757_NeikiAnalytics.exe
2384	64db4a20ee72adcbc9a8ae5d80142629a65729a30cce436b8f604d6b6120e757_NeikiAnalytics.exe
2384	64db4a20ee72adcbc9a8ae5d80142629a65729a30cce436b8f604d6b6120e757_NeikiAnalytics.exe
2384	64db4a20ee72adcbc9a8ae5d80142629a65729a30cce436b8f604d6b6120e757_NeikiAnalytics.exe
2384	64db4a20ee72adcbc9a8ae5d80142629a65729a30cce436b8f604d6b6120e757_NeikiAnalytics.exe
2384	64db4a20ee72adcbc9a8ae5d80142629a65729a30cce436b8f604d6b6120e757_NeikiAnalytics.exe
2384	64db4a20ee72adcbc9a8ae5d80142629a65729a30cce436b8f604d6b6120e757_NeikiAnalytics.exe
2384	64db4a20ee72adcbc9a8ae5d80142629a65729a30cce436b8f604d6b6120e757_NeikiAnalytics.exe
2384	64db4a20ee72adcbc9a8ae5d80142629a65729a30cce436b8f604d6b6120e757_NeikiAnalytics.exe
2384	64db4a20ee72adcbc9a8ae5d80142629a65729a30cce436b8f604d6b6120e757_NeikiAnalytics.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2384-0-0x000000013F430000-0x000000013F784000-memory.dmp	upx
behavioral1/files/0x000500000000b309-3.dat	upx
behavioral1/files/0x0063000000014162-12.dat	upx
behavioral1/memory/1936-15-0x000000013F1F0000-0x000000013F544000-memory.dmp	upx
behavioral1/memory/2964-11-0x000000013F5E0000-0x000000013F934000-memory.dmp	upx
behavioral1/files/0x000c000000014230-20.dat	upx
behavioral1/files/0x00070000000142f9-23.dat	upx
behavioral1/files/0x000700000001430e-34.dat	upx
behavioral1/memory/2976-43-0x000000013FE60000-0x00000001401B4000-memory.dmp	upx
behavioral1/files/0x0007000000014f57-48.dat	upx
behavioral1/files/0x0006000000016820-61.dat	upx
behavioral1/files/0x0006000000016c4f-98.dat	upx
behavioral1/files/0x0006000000016d09-129.dat	upx
behavioral1/files/0x0006000000017038-192.dat	upx
behavioral1/memory/2868-1042-0x000000013F710000-0x000000013FA64000-memory.dmp	upx
behavioral1/memory/2124-1080-0x000000013F1C0000-0x000000013F514000-memory.dmp	upx
behavioral1/memory/1712-1082-0x000000013FEC0000-0x0000000140214000-memory.dmp	upx
behavioral1/memory/2548-684-0x000000013F870000-0x000000013FBC4000-memory.dmp	upx
behavioral1/memory/2728-368-0x000000013F130000-0x000000013F484000-memory.dmp	upx
behavioral1/files/0x0006000000016da9-189.dat	upx
behavioral1/files/0x0006000000016da2-184.dat	upx
behavioral1/files/0x0006000000016d97-179.dat	upx
behavioral1/files/0x0006000000016d8e-174.dat	upx
behavioral1/files/0x0006000000016d7f-169.dat	upx
behavioral1/files/0x0006000000016d65-164.dat	upx
behavioral1/files/0x0006000000016d51-159.dat	upx
behavioral1/files/0x0006000000016d35-154.dat	upx
behavioral1/files/0x0006000000016d2e-149.dat	upx
behavioral1/files/0x0006000000016d2a-144.dat	upx
behavioral1/files/0x0006000000016d25-139.dat	upx
behavioral1/files/0x0006000000016d11-134.dat	upx
behavioral1/files/0x0006000000016d01-124.dat	upx
behavioral1/files/0x0006000000016cf0-119.dat	upx
behavioral1/files/0x0006000000016cc7-114.dat	upx
behavioral1/files/0x0006000000016c9c-108.dat	upx
behavioral1/memory/2236-103-0x000000013F6B0000-0x000000013FA04000-memory.dmp	upx
behavioral1/memory/2976-102-0x000000013FE60000-0x00000001401B4000-memory.dmp	upx
behavioral1/memory/2872-96-0x000000013F7F0000-0x000000013FB44000-memory.dmp	upx
behavioral1/memory/2824-95-0x000000013FFC0000-0x0000000140314000-memory.dmp	upx
behavioral1/files/0x00630000000141ec-93.dat	upx
behavioral1/memory/1712-88-0x000000013FEC0000-0x0000000140214000-memory.dmp	upx
behavioral1/memory/2660-86-0x000000013F940000-0x000000013FC94000-memory.dmp	upx
behavioral1/files/0x0006000000016c46-85.dat	upx
behavioral1/memory/2124-79-0x000000013F1C0000-0x000000013F514000-memory.dmp	upx
behavioral1/files/0x0006000000016c2d-77.dat	upx
behavioral1/memory/2868-73-0x000000013F710000-0x000000013FA64000-memory.dmp	upx
behavioral1/files/0x0006000000016a74-70.dat	upx
behavioral1/memory/2548-66-0x000000013F870000-0x000000013FBC4000-memory.dmp	upx
behavioral1/memory/2964-65-0x000000013F5E0000-0x000000013F934000-memory.dmp	upx
behavioral1/memory/2384-63-0x000000013F430000-0x000000013F784000-memory.dmp	upx
behavioral1/memory/2728-56-0x000000013F130000-0x000000013F484000-memory.dmp	upx
behavioral1/files/0x00070000000165f9-54.dat	upx
behavioral1/memory/852-51-0x000000013FED0000-0x0000000140224000-memory.dmp	upx
behavioral1/files/0x0009000000014e32-40.dat	upx
behavioral1/memory/2696-37-0x000000013F030000-0x000000013F384000-memory.dmp	upx
behavioral1/memory/2824-29-0x000000013FFC0000-0x0000000140314000-memory.dmp	upx
behavioral1/memory/2660-22-0x000000013F940000-0x000000013FC94000-memory.dmp	upx
behavioral1/memory/2872-1084-0x000000013F7F0000-0x000000013FB44000-memory.dmp	upx
behavioral1/memory/2236-1086-0x000000013F6B0000-0x000000013FA04000-memory.dmp	upx
behavioral1/memory/1936-1088-0x000000013F1F0000-0x000000013F544000-memory.dmp	upx
behavioral1/memory/2964-1089-0x000000013F5E0000-0x000000013F934000-memory.dmp	upx
behavioral1/memory/2660-1090-0x000000013F940000-0x000000013FC94000-memory.dmp	upx
behavioral1/memory/2824-1091-0x000000013FFC0000-0x0000000140314000-memory.dmp	upx
behavioral1/memory/2696-1092-0x000000013F030000-0x000000013F384000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\cfdMkYp.exe	64db4a20ee72adcbc9a8ae5d80142629a65729a30cce436b8f604d6b6120e757_NeikiAnalytics.exe
File created	C:\Windows\System\mSsHdIq.exe	64db4a20ee72adcbc9a8ae5d80142629a65729a30cce436b8f604d6b6120e757_NeikiAnalytics.exe
File created	C:\Windows\System\rmqNdYs.exe	64db4a20ee72adcbc9a8ae5d80142629a65729a30cce436b8f604d6b6120e757_NeikiAnalytics.exe
File created	C:\Windows\System\hOSTJuh.exe	64db4a20ee72adcbc9a8ae5d80142629a65729a30cce436b8f604d6b6120e757_NeikiAnalytics.exe
File created	C:\Windows\System\qqkLAeb.exe	64db4a20ee72adcbc9a8ae5d80142629a65729a30cce436b8f604d6b6120e757_NeikiAnalytics.exe
File created	C:\Windows\System\sOhOqsf.exe	64db4a20ee72adcbc9a8ae5d80142629a65729a30cce436b8f604d6b6120e757_NeikiAnalytics.exe
File created	C:\Windows\System\XbLmRdT.exe	64db4a20ee72adcbc9a8ae5d80142629a65729a30cce436b8f604d6b6120e757_NeikiAnalytics.exe
File created	C:\Windows\System\akGhMeN.exe	64db4a20ee72adcbc9a8ae5d80142629a65729a30cce436b8f604d6b6120e757_NeikiAnalytics.exe
File created	C:\Windows\System\isWuBIt.exe	64db4a20ee72adcbc9a8ae5d80142629a65729a30cce436b8f604d6b6120e757_NeikiAnalytics.exe
File created	C:\Windows\System\hPxFMFu.exe	64db4a20ee72adcbc9a8ae5d80142629a65729a30cce436b8f604d6b6120e757_NeikiAnalytics.exe
File created	C:\Windows\System\UzjMYAt.exe	64db4a20ee72adcbc9a8ae5d80142629a65729a30cce436b8f604d6b6120e757_NeikiAnalytics.exe
File created	C:\Windows\System\YqdAcoq.exe	64db4a20ee72adcbc9a8ae5d80142629a65729a30cce436b8f604d6b6120e757_NeikiAnalytics.exe
File created	C:\Windows\System\xHMtoim.exe	64db4a20ee72adcbc9a8ae5d80142629a65729a30cce436b8f604d6b6120e757_NeikiAnalytics.exe
File created	C:\Windows\System\ZAMRLvI.exe	64db4a20ee72adcbc9a8ae5d80142629a65729a30cce436b8f604d6b6120e757_NeikiAnalytics.exe
File created	C:\Windows\System\InSMkFN.exe	64db4a20ee72adcbc9a8ae5d80142629a65729a30cce436b8f604d6b6120e757_NeikiAnalytics.exe
File created	C:\Windows\System\QBRrxVC.exe	64db4a20ee72adcbc9a8ae5d80142629a65729a30cce436b8f604d6b6120e757_NeikiAnalytics.exe
File created	C:\Windows\System\hlUJcnk.exe	64db4a20ee72adcbc9a8ae5d80142629a65729a30cce436b8f604d6b6120e757_NeikiAnalytics.exe
File created	C:\Windows\System\WVIKEhi.exe	64db4a20ee72adcbc9a8ae5d80142629a65729a30cce436b8f604d6b6120e757_NeikiAnalytics.exe
File created	C:\Windows\System\zwatVWb.exe	64db4a20ee72adcbc9a8ae5d80142629a65729a30cce436b8f604d6b6120e757_NeikiAnalytics.exe
File created	C:\Windows\System\KeqCyBK.exe	64db4a20ee72adcbc9a8ae5d80142629a65729a30cce436b8f604d6b6120e757_NeikiAnalytics.exe
File created	C:\Windows\System\vTzuAPU.exe	64db4a20ee72adcbc9a8ae5d80142629a65729a30cce436b8f604d6b6120e757_NeikiAnalytics.exe
File created	C:\Windows\System\CEZelsd.exe	64db4a20ee72adcbc9a8ae5d80142629a65729a30cce436b8f604d6b6120e757_NeikiAnalytics.exe
File created	C:\Windows\System\YOameZh.exe	64db4a20ee72adcbc9a8ae5d80142629a65729a30cce436b8f604d6b6120e757_NeikiAnalytics.exe
File created	C:\Windows\System\OVjqzOn.exe	64db4a20ee72adcbc9a8ae5d80142629a65729a30cce436b8f604d6b6120e757_NeikiAnalytics.exe
File created	C:\Windows\System\CFaeSQk.exe	64db4a20ee72adcbc9a8ae5d80142629a65729a30cce436b8f604d6b6120e757_NeikiAnalytics.exe
File created	C:\Windows\System\JlSBYtY.exe	64db4a20ee72adcbc9a8ae5d80142629a65729a30cce436b8f604d6b6120e757_NeikiAnalytics.exe
File created	C:\Windows\System\VPNdJDn.exe	64db4a20ee72adcbc9a8ae5d80142629a65729a30cce436b8f604d6b6120e757_NeikiAnalytics.exe
File created	C:\Windows\System\RTZwwmV.exe	64db4a20ee72adcbc9a8ae5d80142629a65729a30cce436b8f604d6b6120e757_NeikiAnalytics.exe
File created	C:\Windows\System\iOwpQoj.exe	64db4a20ee72adcbc9a8ae5d80142629a65729a30cce436b8f604d6b6120e757_NeikiAnalytics.exe
File created	C:\Windows\System\juMfjLI.exe	64db4a20ee72adcbc9a8ae5d80142629a65729a30cce436b8f604d6b6120e757_NeikiAnalytics.exe
File created	C:\Windows\System\ikOFAFk.exe	64db4a20ee72adcbc9a8ae5d80142629a65729a30cce436b8f604d6b6120e757_NeikiAnalytics.exe
File created	C:\Windows\System\Trluotx.exe	64db4a20ee72adcbc9a8ae5d80142629a65729a30cce436b8f604d6b6120e757_NeikiAnalytics.exe
File created	C:\Windows\System\RqIDpxT.exe	64db4a20ee72adcbc9a8ae5d80142629a65729a30cce436b8f604d6b6120e757_NeikiAnalytics.exe
File created	C:\Windows\System\oTuIkCU.exe	64db4a20ee72adcbc9a8ae5d80142629a65729a30cce436b8f604d6b6120e757_NeikiAnalytics.exe
File created	C:\Windows\System\ApANQOm.exe	64db4a20ee72adcbc9a8ae5d80142629a65729a30cce436b8f604d6b6120e757_NeikiAnalytics.exe
File created	C:\Windows\System\SqBFwym.exe	64db4a20ee72adcbc9a8ae5d80142629a65729a30cce436b8f604d6b6120e757_NeikiAnalytics.exe
File created	C:\Windows\System\NwpCuSI.exe	64db4a20ee72adcbc9a8ae5d80142629a65729a30cce436b8f604d6b6120e757_NeikiAnalytics.exe
File created	C:\Windows\System\kaZkqGJ.exe	64db4a20ee72adcbc9a8ae5d80142629a65729a30cce436b8f604d6b6120e757_NeikiAnalytics.exe
File created	C:\Windows\System\LlyXPxr.exe	64db4a20ee72adcbc9a8ae5d80142629a65729a30cce436b8f604d6b6120e757_NeikiAnalytics.exe
File created	C:\Windows\System\bdBSTxG.exe	64db4a20ee72adcbc9a8ae5d80142629a65729a30cce436b8f604d6b6120e757_NeikiAnalytics.exe
File created	C:\Windows\System\voZbCNB.exe	64db4a20ee72adcbc9a8ae5d80142629a65729a30cce436b8f604d6b6120e757_NeikiAnalytics.exe
File created	C:\Windows\System\HJeczMj.exe	64db4a20ee72adcbc9a8ae5d80142629a65729a30cce436b8f604d6b6120e757_NeikiAnalytics.exe
File created	C:\Windows\System\qdDvgVA.exe	64db4a20ee72adcbc9a8ae5d80142629a65729a30cce436b8f604d6b6120e757_NeikiAnalytics.exe
File created	C:\Windows\System\xUyAqye.exe	64db4a20ee72adcbc9a8ae5d80142629a65729a30cce436b8f604d6b6120e757_NeikiAnalytics.exe
File created	C:\Windows\System\qzZvVpP.exe	64db4a20ee72adcbc9a8ae5d80142629a65729a30cce436b8f604d6b6120e757_NeikiAnalytics.exe
File created	C:\Windows\System\nZtvueE.exe	64db4a20ee72adcbc9a8ae5d80142629a65729a30cce436b8f604d6b6120e757_NeikiAnalytics.exe
File created	C:\Windows\System\bsSvONF.exe	64db4a20ee72adcbc9a8ae5d80142629a65729a30cce436b8f604d6b6120e757_NeikiAnalytics.exe
File created	C:\Windows\System\XmhwHuh.exe	64db4a20ee72adcbc9a8ae5d80142629a65729a30cce436b8f604d6b6120e757_NeikiAnalytics.exe
File created	C:\Windows\System\MaIxJQF.exe	64db4a20ee72adcbc9a8ae5d80142629a65729a30cce436b8f604d6b6120e757_NeikiAnalytics.exe
File created	C:\Windows\System\rpKnrhU.exe	64db4a20ee72adcbc9a8ae5d80142629a65729a30cce436b8f604d6b6120e757_NeikiAnalytics.exe
File created	C:\Windows\System\uDSSFgR.exe	64db4a20ee72adcbc9a8ae5d80142629a65729a30cce436b8f604d6b6120e757_NeikiAnalytics.exe
File created	C:\Windows\System\phihwkl.exe	64db4a20ee72adcbc9a8ae5d80142629a65729a30cce436b8f604d6b6120e757_NeikiAnalytics.exe
File created	C:\Windows\System\iogvDoP.exe	64db4a20ee72adcbc9a8ae5d80142629a65729a30cce436b8f604d6b6120e757_NeikiAnalytics.exe
File created	C:\Windows\System\MORcJTb.exe	64db4a20ee72adcbc9a8ae5d80142629a65729a30cce436b8f604d6b6120e757_NeikiAnalytics.exe
File created	C:\Windows\System\xnCBcHp.exe	64db4a20ee72adcbc9a8ae5d80142629a65729a30cce436b8f604d6b6120e757_NeikiAnalytics.exe
File created	C:\Windows\System\iutDkHG.exe	64db4a20ee72adcbc9a8ae5d80142629a65729a30cce436b8f604d6b6120e757_NeikiAnalytics.exe
File created	C:\Windows\System\IbZAshO.exe	64db4a20ee72adcbc9a8ae5d80142629a65729a30cce436b8f604d6b6120e757_NeikiAnalytics.exe
File created	C:\Windows\System\rJoSKmX.exe	64db4a20ee72adcbc9a8ae5d80142629a65729a30cce436b8f604d6b6120e757_NeikiAnalytics.exe
File created	C:\Windows\System\QhKGDQe.exe	64db4a20ee72adcbc9a8ae5d80142629a65729a30cce436b8f604d6b6120e757_NeikiAnalytics.exe
File created	C:\Windows\System\KLRKAXh.exe	64db4a20ee72adcbc9a8ae5d80142629a65729a30cce436b8f604d6b6120e757_NeikiAnalytics.exe
File created	C:\Windows\System\kumDOap.exe	64db4a20ee72adcbc9a8ae5d80142629a65729a30cce436b8f604d6b6120e757_NeikiAnalytics.exe
File created	C:\Windows\System\DSaqDly.exe	64db4a20ee72adcbc9a8ae5d80142629a65729a30cce436b8f604d6b6120e757_NeikiAnalytics.exe
File created	C:\Windows\System\tAXOIvX.exe	64db4a20ee72adcbc9a8ae5d80142629a65729a30cce436b8f604d6b6120e757_NeikiAnalytics.exe
File created	C:\Windows\System\jWrFaPj.exe	64db4a20ee72adcbc9a8ae5d80142629a65729a30cce436b8f604d6b6120e757_NeikiAnalytics.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeLockMemoryPrivilege	2384	64db4a20ee72adcbc9a8ae5d80142629a65729a30cce436b8f604d6b6120e757_NeikiAnalytics.exe
Token: SeLockMemoryPrivilege	2384	64db4a20ee72adcbc9a8ae5d80142629a65729a30cce436b8f604d6b6120e757_NeikiAnalytics.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2384 wrote to memory of 2964	2384	64db4a20ee72adcbc9a8ae5d80142629a65729a30cce436b8f604d6b6120e757_NeikiAnalytics.exe	29
PID 2384 wrote to memory of 2964	2384	64db4a20ee72adcbc9a8ae5d80142629a65729a30cce436b8f604d6b6120e757_NeikiAnalytics.exe	29
PID 2384 wrote to memory of 2964	2384	64db4a20ee72adcbc9a8ae5d80142629a65729a30cce436b8f604d6b6120e757_NeikiAnalytics.exe	29
PID 2384 wrote to memory of 1936	2384	64db4a20ee72adcbc9a8ae5d80142629a65729a30cce436b8f604d6b6120e757_NeikiAnalytics.exe	30
PID 2384 wrote to memory of 1936	2384	64db4a20ee72adcbc9a8ae5d80142629a65729a30cce436b8f604d6b6120e757_NeikiAnalytics.exe	30
PID 2384 wrote to memory of 1936	2384	64db4a20ee72adcbc9a8ae5d80142629a65729a30cce436b8f604d6b6120e757_NeikiAnalytics.exe	30
PID 2384 wrote to memory of 2660	2384	64db4a20ee72adcbc9a8ae5d80142629a65729a30cce436b8f604d6b6120e757_NeikiAnalytics.exe	31
PID 2384 wrote to memory of 2660	2384	64db4a20ee72adcbc9a8ae5d80142629a65729a30cce436b8f604d6b6120e757_NeikiAnalytics.exe	31
PID 2384 wrote to memory of 2660	2384	64db4a20ee72adcbc9a8ae5d80142629a65729a30cce436b8f604d6b6120e757_NeikiAnalytics.exe	31
PID 2384 wrote to memory of 2824	2384	64db4a20ee72adcbc9a8ae5d80142629a65729a30cce436b8f604d6b6120e757_NeikiAnalytics.exe	32
PID 2384 wrote to memory of 2824	2384	64db4a20ee72adcbc9a8ae5d80142629a65729a30cce436b8f604d6b6120e757_NeikiAnalytics.exe	32
PID 2384 wrote to memory of 2824	2384	64db4a20ee72adcbc9a8ae5d80142629a65729a30cce436b8f604d6b6120e757_NeikiAnalytics.exe	32
PID 2384 wrote to memory of 2696	2384	64db4a20ee72adcbc9a8ae5d80142629a65729a30cce436b8f604d6b6120e757_NeikiAnalytics.exe	33
PID 2384 wrote to memory of 2696	2384	64db4a20ee72adcbc9a8ae5d80142629a65729a30cce436b8f604d6b6120e757_NeikiAnalytics.exe	33
PID 2384 wrote to memory of 2696	2384	64db4a20ee72adcbc9a8ae5d80142629a65729a30cce436b8f604d6b6120e757_NeikiAnalytics.exe	33
PID 2384 wrote to memory of 2976	2384	64db4a20ee72adcbc9a8ae5d80142629a65729a30cce436b8f604d6b6120e757_NeikiAnalytics.exe	34
PID 2384 wrote to memory of 2976	2384	64db4a20ee72adcbc9a8ae5d80142629a65729a30cce436b8f604d6b6120e757_NeikiAnalytics.exe	34
PID 2384 wrote to memory of 2976	2384	64db4a20ee72adcbc9a8ae5d80142629a65729a30cce436b8f604d6b6120e757_NeikiAnalytics.exe	34
PID 2384 wrote to memory of 852	2384	64db4a20ee72adcbc9a8ae5d80142629a65729a30cce436b8f604d6b6120e757_NeikiAnalytics.exe	35
PID 2384 wrote to memory of 852	2384	64db4a20ee72adcbc9a8ae5d80142629a65729a30cce436b8f604d6b6120e757_NeikiAnalytics.exe	35
PID 2384 wrote to memory of 852	2384	64db4a20ee72adcbc9a8ae5d80142629a65729a30cce436b8f604d6b6120e757_NeikiAnalytics.exe	35
PID 2384 wrote to memory of 2728	2384	64db4a20ee72adcbc9a8ae5d80142629a65729a30cce436b8f604d6b6120e757_NeikiAnalytics.exe	36
PID 2384 wrote to memory of 2728	2384	64db4a20ee72adcbc9a8ae5d80142629a65729a30cce436b8f604d6b6120e757_NeikiAnalytics.exe	36
PID 2384 wrote to memory of 2728	2384	64db4a20ee72adcbc9a8ae5d80142629a65729a30cce436b8f604d6b6120e757_NeikiAnalytics.exe	36
PID 2384 wrote to memory of 2548	2384	64db4a20ee72adcbc9a8ae5d80142629a65729a30cce436b8f604d6b6120e757_NeikiAnalytics.exe	37
PID 2384 wrote to memory of 2548	2384	64db4a20ee72adcbc9a8ae5d80142629a65729a30cce436b8f604d6b6120e757_NeikiAnalytics.exe	37
PID 2384 wrote to memory of 2548	2384	64db4a20ee72adcbc9a8ae5d80142629a65729a30cce436b8f604d6b6120e757_NeikiAnalytics.exe	37
PID 2384 wrote to memory of 2868	2384	64db4a20ee72adcbc9a8ae5d80142629a65729a30cce436b8f604d6b6120e757_NeikiAnalytics.exe	38
PID 2384 wrote to memory of 2868	2384	64db4a20ee72adcbc9a8ae5d80142629a65729a30cce436b8f604d6b6120e757_NeikiAnalytics.exe	38
PID 2384 wrote to memory of 2868	2384	64db4a20ee72adcbc9a8ae5d80142629a65729a30cce436b8f604d6b6120e757_NeikiAnalytics.exe	38
PID 2384 wrote to memory of 2124	2384	64db4a20ee72adcbc9a8ae5d80142629a65729a30cce436b8f604d6b6120e757_NeikiAnalytics.exe	39
PID 2384 wrote to memory of 2124	2384	64db4a20ee72adcbc9a8ae5d80142629a65729a30cce436b8f604d6b6120e757_NeikiAnalytics.exe	39
PID 2384 wrote to memory of 2124	2384	64db4a20ee72adcbc9a8ae5d80142629a65729a30cce436b8f604d6b6120e757_NeikiAnalytics.exe	39
PID 2384 wrote to memory of 1712	2384	64db4a20ee72adcbc9a8ae5d80142629a65729a30cce436b8f604d6b6120e757_NeikiAnalytics.exe	40
PID 2384 wrote to memory of 1712	2384	64db4a20ee72adcbc9a8ae5d80142629a65729a30cce436b8f604d6b6120e757_NeikiAnalytics.exe	40
PID 2384 wrote to memory of 1712	2384	64db4a20ee72adcbc9a8ae5d80142629a65729a30cce436b8f604d6b6120e757_NeikiAnalytics.exe	40
PID 2384 wrote to memory of 2872	2384	64db4a20ee72adcbc9a8ae5d80142629a65729a30cce436b8f604d6b6120e757_NeikiAnalytics.exe	41
PID 2384 wrote to memory of 2872	2384	64db4a20ee72adcbc9a8ae5d80142629a65729a30cce436b8f604d6b6120e757_NeikiAnalytics.exe	41
PID 2384 wrote to memory of 2872	2384	64db4a20ee72adcbc9a8ae5d80142629a65729a30cce436b8f604d6b6120e757_NeikiAnalytics.exe	41
PID 2384 wrote to memory of 2236	2384	64db4a20ee72adcbc9a8ae5d80142629a65729a30cce436b8f604d6b6120e757_NeikiAnalytics.exe	42
PID 2384 wrote to memory of 2236	2384	64db4a20ee72adcbc9a8ae5d80142629a65729a30cce436b8f604d6b6120e757_NeikiAnalytics.exe	42
PID 2384 wrote to memory of 2236	2384	64db4a20ee72adcbc9a8ae5d80142629a65729a30cce436b8f604d6b6120e757_NeikiAnalytics.exe	42
PID 2384 wrote to memory of 2780	2384	64db4a20ee72adcbc9a8ae5d80142629a65729a30cce436b8f604d6b6120e757_NeikiAnalytics.exe	43
PID 2384 wrote to memory of 2780	2384	64db4a20ee72adcbc9a8ae5d80142629a65729a30cce436b8f604d6b6120e757_NeikiAnalytics.exe	43
PID 2384 wrote to memory of 2780	2384	64db4a20ee72adcbc9a8ae5d80142629a65729a30cce436b8f604d6b6120e757_NeikiAnalytics.exe	43
PID 2384 wrote to memory of 2924	2384	64db4a20ee72adcbc9a8ae5d80142629a65729a30cce436b8f604d6b6120e757_NeikiAnalytics.exe	44
PID 2384 wrote to memory of 2924	2384	64db4a20ee72adcbc9a8ae5d80142629a65729a30cce436b8f604d6b6120e757_NeikiAnalytics.exe	44
PID 2384 wrote to memory of 2924	2384	64db4a20ee72adcbc9a8ae5d80142629a65729a30cce436b8f604d6b6120e757_NeikiAnalytics.exe	44
PID 2384 wrote to memory of 1692	2384	64db4a20ee72adcbc9a8ae5d80142629a65729a30cce436b8f604d6b6120e757_NeikiAnalytics.exe	45
PID 2384 wrote to memory of 1692	2384	64db4a20ee72adcbc9a8ae5d80142629a65729a30cce436b8f604d6b6120e757_NeikiAnalytics.exe	45
PID 2384 wrote to memory of 1692	2384	64db4a20ee72adcbc9a8ae5d80142629a65729a30cce436b8f604d6b6120e757_NeikiAnalytics.exe	45
PID 2384 wrote to memory of 2400	2384	64db4a20ee72adcbc9a8ae5d80142629a65729a30cce436b8f604d6b6120e757_NeikiAnalytics.exe	46
PID 2384 wrote to memory of 2400	2384	64db4a20ee72adcbc9a8ae5d80142629a65729a30cce436b8f604d6b6120e757_NeikiAnalytics.exe	46
PID 2384 wrote to memory of 2400	2384	64db4a20ee72adcbc9a8ae5d80142629a65729a30cce436b8f604d6b6120e757_NeikiAnalytics.exe	46
PID 2384 wrote to memory of 2020	2384	64db4a20ee72adcbc9a8ae5d80142629a65729a30cce436b8f604d6b6120e757_NeikiAnalytics.exe	47
PID 2384 wrote to memory of 2020	2384	64db4a20ee72adcbc9a8ae5d80142629a65729a30cce436b8f604d6b6120e757_NeikiAnalytics.exe	47
PID 2384 wrote to memory of 2020	2384	64db4a20ee72adcbc9a8ae5d80142629a65729a30cce436b8f604d6b6120e757_NeikiAnalytics.exe	47
PID 2384 wrote to memory of 2016	2384	64db4a20ee72adcbc9a8ae5d80142629a65729a30cce436b8f604d6b6120e757_NeikiAnalytics.exe	48
PID 2384 wrote to memory of 2016	2384	64db4a20ee72adcbc9a8ae5d80142629a65729a30cce436b8f604d6b6120e757_NeikiAnalytics.exe	48
PID 2384 wrote to memory of 2016	2384	64db4a20ee72adcbc9a8ae5d80142629a65729a30cce436b8f604d6b6120e757_NeikiAnalytics.exe	48
PID 2384 wrote to memory of 1512	2384	64db4a20ee72adcbc9a8ae5d80142629a65729a30cce436b8f604d6b6120e757_NeikiAnalytics.exe	49
PID 2384 wrote to memory of 1512	2384	64db4a20ee72adcbc9a8ae5d80142629a65729a30cce436b8f604d6b6120e757_NeikiAnalytics.exe	49
PID 2384 wrote to memory of 1512	2384	64db4a20ee72adcbc9a8ae5d80142629a65729a30cce436b8f604d6b6120e757_NeikiAnalytics.exe	49
PID 2384 wrote to memory of 1592	2384	64db4a20ee72adcbc9a8ae5d80142629a65729a30cce436b8f604d6b6120e757_NeikiAnalytics.exe	50

C:\Users\Admin\AppData\Local\Temp\64db4a20ee72adcbc9a8ae5d80142629a65729a30cce436b8f604d6b6120e757_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\64db4a20ee72adcbc9a8ae5d80142629a65729a30cce436b8f604d6b6120e757_NeikiAnalytics.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2384
- C:\Windows\System\vUnzBwp.exe
  C:\Windows\System\vUnzBwp.exe
  2⤵
  - Executes dropped EXE
  PID:2964
- C:\Windows\System\VUXnqdN.exe
  C:\Windows\System\VUXnqdN.exe
  2⤵
  - Executes dropped EXE
  PID:1936
- C:\Windows\System\kViHrva.exe
  C:\Windows\System\kViHrva.exe
  2⤵
  - Executes dropped EXE
  PID:2660
- C:\Windows\System\BzwmiUM.exe
  C:\Windows\System\BzwmiUM.exe
  2⤵
  - Executes dropped EXE
  PID:2824
- C:\Windows\System\ziGolDf.exe
  C:\Windows\System\ziGolDf.exe
  2⤵
  - Executes dropped EXE
  PID:2696
- C:\Windows\System\lryBeGw.exe
  C:\Windows\System\lryBeGw.exe
  2⤵
  - Executes dropped EXE
  PID:2976
- C:\Windows\System\wrhDxlY.exe
  C:\Windows\System\wrhDxlY.exe
  2⤵
  - Executes dropped EXE
  PID:852
- C:\Windows\System\MoQqbZb.exe
  C:\Windows\System\MoQqbZb.exe
  2⤵
  - Executes dropped EXE
  PID:2728
- C:\Windows\System\VLXgkcq.exe
  C:\Windows\System\VLXgkcq.exe
  2⤵
  - Executes dropped EXE
  PID:2548
- C:\Windows\System\voZbCNB.exe
  C:\Windows\System\voZbCNB.exe
  2⤵
  - Executes dropped EXE
  PID:2868
- C:\Windows\System\rVmcaLE.exe
  C:\Windows\System\rVmcaLE.exe
  2⤵
  - Executes dropped EXE
  PID:2124
- C:\Windows\System\FBVBirS.exe
  C:\Windows\System\FBVBirS.exe
  2⤵
  - Executes dropped EXE
  PID:1712
- C:\Windows\System\uZLGXmj.exe
  C:\Windows\System\uZLGXmj.exe
  2⤵
  - Executes dropped EXE
  PID:2872
- C:\Windows\System\XmhwHuh.exe
  C:\Windows\System\XmhwHuh.exe
  2⤵
  - Executes dropped EXE
  PID:2236
- C:\Windows\System\jnbzFdM.exe
  C:\Windows\System\jnbzFdM.exe
  2⤵
  - Executes dropped EXE
  PID:2780
- C:\Windows\System\npXSOmC.exe
  C:\Windows\System\npXSOmC.exe
  2⤵
  - Executes dropped EXE
  PID:2924
- C:\Windows\System\DzxCwmY.exe
  C:\Windows\System\DzxCwmY.exe
  2⤵
  - Executes dropped EXE
  PID:1692
- C:\Windows\System\wRphpjC.exe
  C:\Windows\System\wRphpjC.exe
  2⤵
  - Executes dropped EXE
  PID:2400
- C:\Windows\System\mOEavSN.exe
  C:\Windows\System\mOEavSN.exe
  2⤵
  - Executes dropped EXE
  PID:2020
- C:\Windows\System\NRBjgMS.exe
  C:\Windows\System\NRBjgMS.exe
  2⤵
  - Executes dropped EXE
  PID:2016
- C:\Windows\System\gOUzyQc.exe
  C:\Windows\System\gOUzyQc.exe
  2⤵
  - Executes dropped EXE
  PID:1512
- C:\Windows\System\JvQRWdR.exe
  C:\Windows\System\JvQRWdR.exe
  2⤵
  - Executes dropped EXE
  PID:1592
- C:\Windows\System\MaIxJQF.exe
  C:\Windows\System\MaIxJQF.exe
  2⤵
  - Executes dropped EXE
  PID:2476
- C:\Windows\System\ewdHsRG.exe
  C:\Windows\System\ewdHsRG.exe
  2⤵
  - Executes dropped EXE
  PID:2036
- C:\Windows\System\xWZMLAe.exe
  C:\Windows\System\xWZMLAe.exe
  2⤵
  - Executes dropped EXE
  PID:2748
- C:\Windows\System\juMfjLI.exe
  C:\Windows\System\juMfjLI.exe
  2⤵
  - Executes dropped EXE
  PID:2532
- C:\Windows\System\KDSuazU.exe
  C:\Windows\System\KDSuazU.exe
  2⤵
  - Executes dropped EXE
  PID:2280
- C:\Windows\System\BACMUwt.exe
  C:\Windows\System\BACMUwt.exe
  2⤵
  - Executes dropped EXE
  PID:1660
- C:\Windows\System\OfpNSpb.exe
  C:\Windows\System\OfpNSpb.exe
  2⤵
  - Executes dropped EXE
  PID:680
- C:\Windows\System\EwHnUpN.exe
  C:\Windows\System\EwHnUpN.exe
  2⤵
  - Executes dropped EXE
  PID:768
- C:\Windows\System\GQPcfDu.exe
  C:\Windows\System\GQPcfDu.exe
  2⤵
  - Executes dropped EXE
  PID:572
- C:\Windows\System\COxevDt.exe
  C:\Windows\System\COxevDt.exe
  2⤵
  - Executes dropped EXE
  PID:2472
- C:\Windows\System\XbLmRdT.exe
  C:\Windows\System\XbLmRdT.exe
  2⤵
  - Executes dropped EXE
  PID:1088
- C:\Windows\System\VjHeKVb.exe
  C:\Windows\System\VjHeKVb.exe
  2⤵
  - Executes dropped EXE
  PID:660
- C:\Windows\System\BnFIEbm.exe
  C:\Windows\System\BnFIEbm.exe
  2⤵
  - Executes dropped EXE
  PID:1996
- C:\Windows\System\aqvajPl.exe
  C:\Windows\System\aqvajPl.exe
  2⤵
  - Executes dropped EXE
  PID:2328
- C:\Windows\System\pSwDDnD.exe
  C:\Windows\System\pSwDDnD.exe
  2⤵
  - Executes dropped EXE
  PID:2056
- C:\Windows\System\qZqeHbD.exe
  C:\Windows\System\qZqeHbD.exe
  2⤵
  - Executes dropped EXE
  PID:2060
- C:\Windows\System\XqAsYJg.exe
  C:\Windows\System\XqAsYJg.exe
  2⤵
  - Executes dropped EXE
  PID:2432
- C:\Windows\System\pmMSCiw.exe
  C:\Windows\System\pmMSCiw.exe
  2⤵
  - Executes dropped EXE
  PID:2644
- C:\Windows\System\KzwasNG.exe
  C:\Windows\System\KzwasNG.exe
  2⤵
  - Executes dropped EXE
  PID:1780
- C:\Windows\System\HymeQRL.exe
  C:\Windows\System\HymeQRL.exe
  2⤵
  - Executes dropped EXE
  PID:1388
- C:\Windows\System\GVWNLdM.exe
  C:\Windows\System\GVWNLdM.exe
  2⤵
  - Executes dropped EXE
  PID:772
- C:\Windows\System\VrwOYBA.exe
  C:\Windows\System\VrwOYBA.exe
  2⤵
  - Executes dropped EXE
  PID:1048
- C:\Windows\System\aamkwkb.exe
  C:\Windows\System\aamkwkb.exe
  2⤵
  - Executes dropped EXE
  PID:284
- C:\Windows\System\mjJshTU.exe
  C:\Windows\System\mjJshTU.exe
  2⤵
  - Executes dropped EXE
  PID:1096
- C:\Windows\System\NwpCuSI.exe
  C:\Windows\System\NwpCuSI.exe
  2⤵
  - Executes dropped EXE
  PID:1312
- C:\Windows\System\nmBfxiu.exe
  C:\Windows\System\nmBfxiu.exe
  2⤵
  - Executes dropped EXE
  PID:1676
- C:\Windows\System\wvkUYBT.exe
  C:\Windows\System\wvkUYBT.exe
  2⤵
  - Executes dropped EXE
  PID:2972
- C:\Windows\System\cZFUvVZ.exe
  C:\Windows\System\cZFUvVZ.exe
  2⤵
  - Executes dropped EXE
  PID:1720
- C:\Windows\System\wipkIhL.exe
  C:\Windows\System\wipkIhL.exe
  2⤵
  - Executes dropped EXE
  PID:1280
- C:\Windows\System\YdRUpmn.exe
  C:\Windows\System\YdRUpmn.exe
  2⤵
  - Executes dropped EXE
  PID:2080
- C:\Windows\System\TzvZXeu.exe
  C:\Windows\System\TzvZXeu.exe
  2⤵
  - Executes dropped EXE
  PID:2336
- C:\Windows\System\HoIuqIA.exe
  C:\Windows\System\HoIuqIA.exe
  2⤵
  - Executes dropped EXE
  PID:2636
- C:\Windows\System\vxmuKNB.exe
  C:\Windows\System\vxmuKNB.exe
  2⤵
  - Executes dropped EXE
  PID:2152
- C:\Windows\System\SoSmVAX.exe
  C:\Windows\System\SoSmVAX.exe
  2⤵
  - Executes dropped EXE
  PID:1972
- C:\Windows\System\odShgkG.exe
  C:\Windows\System\odShgkG.exe
  2⤵
  - Executes dropped EXE
  PID:1680
- C:\Windows\System\HJeczMj.exe
  C:\Windows\System\HJeczMj.exe
  2⤵
  - Executes dropped EXE
  PID:1700
- C:\Windows\System\ljvplCp.exe
  C:\Windows\System\ljvplCp.exe
  2⤵
  - Executes dropped EXE
  PID:3048
- C:\Windows\System\rpKnrhU.exe
  C:\Windows\System\rpKnrhU.exe
  2⤵
  - Executes dropped EXE
  PID:2708
- C:\Windows\System\rJoSKmX.exe
  C:\Windows\System\rJoSKmX.exe
  2⤵
  - Executes dropped EXE
  PID:2688
- C:\Windows\System\AmUIUEy.exe
  C:\Windows\System\AmUIUEy.exe
  2⤵
  - Executes dropped EXE
  PID:2588
- C:\Windows\System\uCpnwdm.exe
  C:\Windows\System\uCpnwdm.exe
  2⤵
  - Executes dropped EXE
  PID:2556
- C:\Windows\System\jIhyFZE.exe
  C:\Windows\System\jIhyFZE.exe
  2⤵
  - Executes dropped EXE
  PID:2960
- C:\Windows\System\yDDRGSi.exe
  C:\Windows\System\yDDRGSi.exe
  2⤵
  PID:1724
- C:\Windows\System\OVjqzOn.exe
  C:\Windows\System\OVjqzOn.exe
  2⤵
  PID:1916
- C:\Windows\System\LYlRvwF.exe
  C:\Windows\System\LYlRvwF.exe
  2⤵
  PID:2952
- C:\Windows\System\qGyPYer.exe
  C:\Windows\System\qGyPYer.exe
  2⤵
  PID:2880
- C:\Windows\System\ikOFAFk.exe
  C:\Windows\System\ikOFAFk.exe
  2⤵
  PID:2508
- C:\Windows\System\CnfUAoo.exe
  C:\Windows\System\CnfUAoo.exe
  2⤵
  PID:1092
- C:\Windows\System\hFDRqLp.exe
  C:\Windows\System\hFDRqLp.exe
  2⤵
  PID:1544
- C:\Windows\System\QKcvAOU.exe
  C:\Windows\System\QKcvAOU.exe
  2⤵
  PID:1672
- C:\Windows\System\LlXyqSz.exe
  C:\Windows\System\LlXyqSz.exe
  2⤵
  PID:2272
- C:\Windows\System\RGxqjIU.exe
  C:\Windows\System\RGxqjIU.exe
  2⤵
  PID:2440
- C:\Windows\System\kjftzZp.exe
  C:\Windows\System\kjftzZp.exe
  2⤵
  PID:596
- C:\Windows\System\HxYjWxO.exe
  C:\Windows\System\HxYjWxO.exe
  2⤵
  PID:704
- C:\Windows\System\fKvGGow.exe
  C:\Windows\System\fKvGGow.exe
  2⤵
  PID:1472
- C:\Windows\System\uDSSFgR.exe
  C:\Windows\System\uDSSFgR.exe
  2⤵
  PID:1796
- C:\Windows\System\hxGQdoQ.exe
  C:\Windows\System\hxGQdoQ.exe
  2⤵
  PID:280
- C:\Windows\System\xUyAqye.exe
  C:\Windows\System\xUyAqye.exe
  2⤵
  PID:1752
- C:\Windows\System\CFaeSQk.exe
  C:\Windows\System\CFaeSQk.exe
  2⤵
  PID:2072
- C:\Windows\System\OXAMwrf.exe
  C:\Windows\System\OXAMwrf.exe
  2⤵
  PID:1488
- C:\Windows\System\DDUTTwh.exe
  C:\Windows\System\DDUTTwh.exe
  2⤵
  PID:1640
- C:\Windows\System\VQzVppE.exe
  C:\Windows\System\VQzVppE.exe
  2⤵
  PID:620
- C:\Windows\System\nAdAaAy.exe
  C:\Windows\System\nAdAaAy.exe
  2⤵
  PID:920
- C:\Windows\System\DFveFoE.exe
  C:\Windows\System\DFveFoE.exe
  2⤵
  PID:964
- C:\Windows\System\nWCKorS.exe
  C:\Windows\System\nWCKorS.exe
  2⤵
  PID:3020
- C:\Windows\System\fHrguqq.exe
  C:\Windows\System\fHrguqq.exe
  2⤵
  PID:592
- C:\Windows\System\tAXOIvX.exe
  C:\Windows\System\tAXOIvX.exe
  2⤵
  PID:2408
- C:\Windows\System\fWPweBz.exe
  C:\Windows\System\fWPweBz.exe
  2⤵
  PID:900
- C:\Windows\System\hXWJKJN.exe
  C:\Windows\System\hXWJKJN.exe
  2⤵
  PID:2656
- C:\Windows\System\ZAMRLvI.exe
  C:\Windows\System\ZAMRLvI.exe
  2⤵
  PID:1560
- C:\Windows\System\xckhzib.exe
  C:\Windows\System\xckhzib.exe
  2⤵
  PID:2340
- C:\Windows\System\JlSBYtY.exe
  C:\Windows\System\JlSBYtY.exe
  2⤵
  PID:2796
- C:\Windows\System\lcgvJjE.exe
  C:\Windows\System\lcgvJjE.exe
  2⤵
  PID:1268
- C:\Windows\System\wRqIDRM.exe
  C:\Windows\System\wRqIDRM.exe
  2⤵
  PID:2136
- C:\Windows\System\dBMqqqH.exe
  C:\Windows\System\dBMqqqH.exe
  2⤵
  PID:2620
- C:\Windows\System\akGhMeN.exe
  C:\Windows\System\akGhMeN.exe
  2⤵
  PID:2540
- C:\Windows\System\QQHuOAq.exe
  C:\Windows\System\QQHuOAq.exe
  2⤵
  PID:2624
- C:\Windows\System\rDOpBdu.exe
  C:\Windows\System\rDOpBdu.exe
  2⤵
  PID:2092
- C:\Windows\System\XBMOGXW.exe
  C:\Windows\System\XBMOGXW.exe
  2⤵
  PID:1520
- C:\Windows\System\qzZvVpP.exe
  C:\Windows\System\qzZvVpP.exe
  2⤵
  PID:904
- C:\Windows\System\xnenfor.exe
  C:\Windows\System\xnenfor.exe
  2⤵
  PID:3004
- C:\Windows\System\aHXVALR.exe
  C:\Windows\System\aHXVALR.exe
  2⤵
  PID:588
- C:\Windows\System\dNzVxMU.exe
  C:\Windows\System\dNzVxMU.exe
  2⤵
  PID:3088
- C:\Windows\System\gxnikxn.exe
  C:\Windows\System\gxnikxn.exe
  2⤵
  PID:3108
- C:\Windows\System\xEARrxv.exe
  C:\Windows\System\xEARrxv.exe
  2⤵
  PID:3128
- C:\Windows\System\BEnEPYY.exe
  C:\Windows\System\BEnEPYY.exe
  2⤵
  PID:3148
- C:\Windows\System\QiCLxSg.exe
  C:\Windows\System\QiCLxSg.exe
  2⤵
  PID:3168
- C:\Windows\System\nZtvueE.exe
  C:\Windows\System\nZtvueE.exe
  2⤵
  PID:3188
- C:\Windows\System\CtjlLET.exe
  C:\Windows\System\CtjlLET.exe
  2⤵
  PID:3208
- C:\Windows\System\Trluotx.exe
  C:\Windows\System\Trluotx.exe
  2⤵
  PID:3228
- C:\Windows\System\OmrjCyN.exe
  C:\Windows\System\OmrjCyN.exe
  2⤵
  PID:3248
- C:\Windows\System\GnSfrOK.exe
  C:\Windows\System\GnSfrOK.exe
  2⤵
  PID:3268
- C:\Windows\System\paLgcnw.exe
  C:\Windows\System\paLgcnw.exe
  2⤵
  PID:3288
- C:\Windows\System\kaZkqGJ.exe
  C:\Windows\System\kaZkqGJ.exe
  2⤵
  PID:3308
- C:\Windows\System\VqxovNq.exe
  C:\Windows\System\VqxovNq.exe
  2⤵
  PID:3328
- C:\Windows\System\xQJJhqy.exe
  C:\Windows\System\xQJJhqy.exe
  2⤵
  PID:3348
- C:\Windows\System\TZrMryS.exe
  C:\Windows\System\TZrMryS.exe
  2⤵
  PID:3368
- C:\Windows\System\ENzfMJf.exe
  C:\Windows\System\ENzfMJf.exe
  2⤵
  PID:3388
- C:\Windows\System\dSwYXwc.exe
  C:\Windows\System\dSwYXwc.exe
  2⤵
  PID:3408
- C:\Windows\System\CpemVYT.exe
  C:\Windows\System\CpemVYT.exe
  2⤵
  PID:3424
- C:\Windows\System\qzYuECo.exe
  C:\Windows\System\qzYuECo.exe
  2⤵
  PID:3448
- C:\Windows\System\klcVQOc.exe
  C:\Windows\System\klcVQOc.exe
  2⤵
  PID:3468
- C:\Windows\System\hxqWkTr.exe
  C:\Windows\System\hxqWkTr.exe
  2⤵
  PID:3488
- C:\Windows\System\ezPXXIO.exe
  C:\Windows\System\ezPXXIO.exe
  2⤵
  PID:3508
- C:\Windows\System\UkRgKtD.exe
  C:\Windows\System\UkRgKtD.exe
  2⤵
  PID:3528
- C:\Windows\System\rULFdGx.exe
  C:\Windows\System\rULFdGx.exe
  2⤵
  PID:3544
- C:\Windows\System\gDeIbJB.exe
  C:\Windows\System\gDeIbJB.exe
  2⤵
  PID:3568
- C:\Windows\System\vRZcCfd.exe
  C:\Windows\System\vRZcCfd.exe
  2⤵
  PID:3588
- C:\Windows\System\RQeihio.exe
  C:\Windows\System\RQeihio.exe
  2⤵
  PID:3604
- C:\Windows\System\joUdKTH.exe
  C:\Windows\System\joUdKTH.exe
  2⤵
  PID:3624
- C:\Windows\System\mBjZfbw.exe
  C:\Windows\System\mBjZfbw.exe
  2⤵
  PID:3648
- C:\Windows\System\CHwQuiv.exe
  C:\Windows\System\CHwQuiv.exe
  2⤵
  PID:3668
- C:\Windows\System\seFkoTc.exe
  C:\Windows\System\seFkoTc.exe
  2⤵
  PID:3688
- C:\Windows\System\WSlercd.exe
  C:\Windows\System\WSlercd.exe
  2⤵
  PID:3708
- C:\Windows\System\UsFCVSS.exe
  C:\Windows\System\UsFCVSS.exe
  2⤵
  PID:3728
- C:\Windows\System\bCXISGh.exe
  C:\Windows\System\bCXISGh.exe
  2⤵
  PID:3748
- C:\Windows\System\CXlWubu.exe
  C:\Windows\System\CXlWubu.exe
  2⤵
  PID:3768
- C:\Windows\System\ourSvln.exe
  C:\Windows\System\ourSvln.exe
  2⤵
  PID:3792
- C:\Windows\System\FRJVZeO.exe
  C:\Windows\System\FRJVZeO.exe
  2⤵
  PID:3812
- C:\Windows\System\QhKGDQe.exe
  C:\Windows\System\QhKGDQe.exe
  2⤵
  PID:3832
- C:\Windows\System\KHWyCmB.exe
  C:\Windows\System\KHWyCmB.exe
  2⤵
  PID:3852
- C:\Windows\System\nibxcCL.exe
  C:\Windows\System\nibxcCL.exe
  2⤵
  PID:3872
- C:\Windows\System\QXDvtRG.exe
  C:\Windows\System\QXDvtRG.exe
  2⤵
  PID:3892
- C:\Windows\System\YMcfxkM.exe
  C:\Windows\System\YMcfxkM.exe
  2⤵
  PID:3912
- C:\Windows\System\hOSTJuh.exe
  C:\Windows\System\hOSTJuh.exe
  2⤵
  PID:3932
- C:\Windows\System\widjuwJ.exe
  C:\Windows\System\widjuwJ.exe
  2⤵
  PID:3952
- C:\Windows\System\vQYsZAJ.exe
  C:\Windows\System\vQYsZAJ.exe
  2⤵
  PID:3972
- C:\Windows\System\oTuIkCU.exe
  C:\Windows\System\oTuIkCU.exe
  2⤵
  PID:3992
- C:\Windows\System\InSMkFN.exe
  C:\Windows\System\InSMkFN.exe
  2⤵
  PID:4012
- C:\Windows\System\ynndjSW.exe
  C:\Windows\System\ynndjSW.exe
  2⤵
  PID:4032
- C:\Windows\System\vVVGlwF.exe
  C:\Windows\System\vVVGlwF.exe
  2⤵
  PID:4048
- C:\Windows\System\cfdMkYp.exe
  C:\Windows\System\cfdMkYp.exe
  2⤵
  PID:4072
- C:\Windows\System\dEUAcSK.exe
  C:\Windows\System\dEUAcSK.exe
  2⤵
  PID:4092
- C:\Windows\System\bsSvONF.exe
  C:\Windows\System\bsSvONF.exe
  2⤵
  PID:2776
- C:\Windows\System\cHkpPHz.exe
  C:\Windows\System\cHkpPHz.exe
  2⤵
  PID:444
- C:\Windows\System\xKVgMaE.exe
  C:\Windows\System\xKVgMaE.exe
  2⤵
  PID:1768
- C:\Windows\System\OoGLrmf.exe
  C:\Windows\System\OoGLrmf.exe
  2⤵
  PID:1976
- C:\Windows\System\iykReYe.exe
  C:\Windows\System\iykReYe.exe
  2⤵
  PID:912
- C:\Windows\System\KqlocFx.exe
  C:\Windows\System\KqlocFx.exe
  2⤵
  PID:1032
- C:\Windows\System\gnOqNLK.exe
  C:\Windows\System\gnOqNLK.exe
  2⤵
  PID:3032
- C:\Windows\System\vwnuZFx.exe
  C:\Windows\System\vwnuZFx.exe
  2⤵
  PID:1744
- C:\Windows\System\yHiuooh.exe
  C:\Windows\System\yHiuooh.exe
  2⤵
  PID:2288
- C:\Windows\System\NLDvbLg.exe
  C:\Windows\System\NLDvbLg.exe
  2⤵
  PID:2832
- C:\Windows\System\ipUBjJw.exe
  C:\Windows\System\ipUBjJw.exe
  2⤵
  PID:2752
- C:\Windows\System\ytXWrVL.exe
  C:\Windows\System\ytXWrVL.exe
  2⤵
  PID:2668
- C:\Windows\System\TKDMVNJ.exe
  C:\Windows\System\TKDMVNJ.exe
  2⤵
  PID:2940
- C:\Windows\System\fAqWOML.exe
  C:\Windows\System\fAqWOML.exe
  2⤵
  PID:1192
- C:\Windows\System\AiNumOr.exe
  C:\Windows\System\AiNumOr.exe
  2⤵
  PID:2452
- C:\Windows\System\lpvnKxK.exe
  C:\Windows\System\lpvnKxK.exe
  2⤵
  PID:796
- C:\Windows\System\LlyXPxr.exe
  C:\Windows\System\LlyXPxr.exe
  2⤵
  PID:3080
- C:\Windows\System\isWuBIt.exe
  C:\Windows\System\isWuBIt.exe
  2⤵
  PID:3100
- C:\Windows\System\ynhHqDi.exe
  C:\Windows\System\ynhHqDi.exe
  2⤵
  PID:3160
- C:\Windows\System\WVIKEhi.exe
  C:\Windows\System\WVIKEhi.exe
  2⤵
  PID:3184
- C:\Windows\System\jWrFaPj.exe
  C:\Windows\System\jWrFaPj.exe
  2⤵
  PID:3780
- C:\Windows\System\UKKPtxV.exe
  C:\Windows\System\UKKPtxV.exe
  2⤵
  PID:3216
- C:\Windows\System\MiSRNCW.exe
  C:\Windows\System\MiSRNCW.exe
  2⤵
  PID:3264
- C:\Windows\System\HoQwcRv.exe
  C:\Windows\System\HoQwcRv.exe
  2⤵
  PID:3324
- C:\Windows\System\GmcGYsI.exe
  C:\Windows\System\GmcGYsI.exe
  2⤵
  PID:3336
- C:\Windows\System\PXthFTa.exe
  C:\Windows\System\PXthFTa.exe
  2⤵
  PID:3360
- C:\Windows\System\sMeCVnC.exe
  C:\Windows\System\sMeCVnC.exe
  2⤵
  PID:3400
- C:\Windows\System\mSsHdIq.exe
  C:\Windows\System\mSsHdIq.exe
  2⤵
  PID:3420
- C:\Windows\System\bdBSTxG.exe
  C:\Windows\System\bdBSTxG.exe
  2⤵
  PID:3476
- C:\Windows\System\JAGMCvb.exe
  C:\Windows\System\JAGMCvb.exe
  2⤵
  PID:3504
- C:\Windows\System\JQIsKlD.exe
  C:\Windows\System\JQIsKlD.exe
  2⤵
  PID:3560
- C:\Windows\System\oCDLFan.exe
  C:\Windows\System\oCDLFan.exe
  2⤵
  PID:3576
- C:\Windows\System\UBmzelt.exe
  C:\Windows\System\UBmzelt.exe
  2⤵
  PID:3632
- C:\Windows\System\VPNdJDn.exe
  C:\Windows\System\VPNdJDn.exe
  2⤵
  PID:3620
- C:\Windows\System\LsKGqbH.exe
  C:\Windows\System\LsKGqbH.exe
  2⤵
  PID:3680
- C:\Windows\System\tWknUqV.exe
  C:\Windows\System\tWknUqV.exe
  2⤵
  PID:3700
- C:\Windows\System\HeyjPWd.exe
  C:\Windows\System\HeyjPWd.exe
  2⤵
  PID:3744
- C:\Windows\System\gbtEFLe.exe
  C:\Windows\System\gbtEFLe.exe
  2⤵
  PID:3800
- C:\Windows\System\hPxFMFu.exe
  C:\Windows\System\hPxFMFu.exe
  2⤵
  PID:3804
- C:\Windows\System\pnZraXX.exe
  C:\Windows\System\pnZraXX.exe
  2⤵
  PID:3844
- C:\Windows\System\ufhJVuY.exe
  C:\Windows\System\ufhJVuY.exe
  2⤵
  PID:3880
- C:\Windows\System\vHCYXRA.exe
  C:\Windows\System\vHCYXRA.exe
  2⤵
  PID:3924
- C:\Windows\System\ZDdxdZy.exe
  C:\Windows\System\ZDdxdZy.exe
  2⤵
  PID:3968
- C:\Windows\System\yMiwmNB.exe
  C:\Windows\System\yMiwmNB.exe
  2⤵
  PID:3988
- C:\Windows\System\fgIEJid.exe
  C:\Windows\System\fgIEJid.exe
  2⤵
  PID:4004
- C:\Windows\System\zWczIYr.exe
  C:\Windows\System\zWczIYr.exe
  2⤵
  PID:4060
- C:\Windows\System\PYSNXlX.exe
  C:\Windows\System\PYSNXlX.exe
  2⤵
  PID:4068
- C:\Windows\System\QBRrxVC.exe
  C:\Windows\System\QBRrxVC.exe
  2⤵
  PID:404
- C:\Windows\System\wDhmpLy.exe
  C:\Windows\System\wDhmpLy.exe
  2⤵
  PID:1528
- C:\Windows\System\wOByigi.exe
  C:\Windows\System\wOByigi.exe
  2⤵
  PID:2188
- C:\Windows\System\gvZjmyB.exe
  C:\Windows\System\gvZjmyB.exe
  2⤵
  PID:2108
- C:\Windows\System\tKtNEWP.exe
  C:\Windows\System\tKtNEWP.exe
  2⤵
  PID:3040
- C:\Windows\System\lGtxhfj.exe
  C:\Windows\System\lGtxhfj.exe
  2⤵
  PID:1668
- C:\Windows\System\hlUJcnk.exe
  C:\Windows\System\hlUJcnk.exe
  2⤵
  PID:2648
- C:\Windows\System\rmqNdYs.exe
  C:\Windows\System\rmqNdYs.exe
  2⤵
  PID:2864
- C:\Windows\System\cktqelp.exe
  C:\Windows\System\cktqelp.exe
  2⤵
  PID:2112
- C:\Windows\System\KZSDUxX.exe
  C:\Windows\System\KZSDUxX.exe
  2⤵
  PID:3084
- C:\Windows\System\YSEnPQz.exe
  C:\Windows\System\YSEnPQz.exe
  2⤵
  PID:3124
- C:\Windows\System\HpJPASj.exe
  C:\Windows\System\HpJPASj.exe
  2⤵
  PID:3164
- C:\Windows\System\UzjMYAt.exe
  C:\Windows\System\UzjMYAt.exe
  2⤵
  PID:3200
- C:\Windows\System\ECZcznB.exe
  C:\Windows\System\ECZcznB.exe
  2⤵
  PID:3256
- C:\Windows\System\cXeqjoh.exe
  C:\Windows\System\cXeqjoh.exe
  2⤵
  PID:3364
- C:\Windows\System\ZfrbUju.exe
  C:\Windows\System\ZfrbUju.exe
  2⤵
  PID:3440
- C:\Windows\System\ZMUylhu.exe
  C:\Windows\System\ZMUylhu.exe
  2⤵
  PID:3376
- C:\Windows\System\xIzGaFM.exe
  C:\Windows\System\xIzGaFM.exe
  2⤵
  PID:3516
- C:\Windows\System\rpGkuUP.exe
  C:\Windows\System\rpGkuUP.exe
  2⤵
  PID:4112
- C:\Windows\System\bXrEuOL.exe
  C:\Windows\System\bXrEuOL.exe
  2⤵
  PID:4132
- C:\Windows\System\OdzMGWc.exe
  C:\Windows\System\OdzMGWc.exe
  2⤵
  PID:4152
- C:\Windows\System\YBIlAmM.exe
  C:\Windows\System\YBIlAmM.exe
  2⤵
  PID:4172
- C:\Windows\System\aUqKTes.exe
  C:\Windows\System\aUqKTes.exe
  2⤵
  PID:4192
- C:\Windows\System\eAcPcFT.exe
  C:\Windows\System\eAcPcFT.exe
  2⤵
  PID:4212
- C:\Windows\System\qqkLAeb.exe
  C:\Windows\System\qqkLAeb.exe
  2⤵
  PID:4232
- C:\Windows\System\psxAvuF.exe
  C:\Windows\System\psxAvuF.exe
  2⤵
  PID:4252
- C:\Windows\System\MOLwHHe.exe
  C:\Windows\System\MOLwHHe.exe
  2⤵
  PID:4272
- C:\Windows\System\znjVjQe.exe
  C:\Windows\System\znjVjQe.exe
  2⤵
  PID:4292
- C:\Windows\System\WDxDUwM.exe
  C:\Windows\System\WDxDUwM.exe
  2⤵
  PID:4312
- C:\Windows\System\KLRKAXh.exe
  C:\Windows\System\KLRKAXh.exe
  2⤵
  PID:4332
- C:\Windows\System\bfYXEkJ.exe
  C:\Windows\System\bfYXEkJ.exe
  2⤵
  PID:4352
- C:\Windows\System\KNGJrXq.exe
  C:\Windows\System\KNGJrXq.exe
  2⤵
  PID:4372
- C:\Windows\System\xwcxHhQ.exe
  C:\Windows\System\xwcxHhQ.exe
  2⤵
  PID:4392
- C:\Windows\System\oSdsLQq.exe
  C:\Windows\System\oSdsLQq.exe
  2⤵
  PID:4412
- C:\Windows\System\pMZXfWF.exe
  C:\Windows\System\pMZXfWF.exe
  2⤵
  PID:4432
- C:\Windows\System\ApANQOm.exe
  C:\Windows\System\ApANQOm.exe
  2⤵
  PID:4452
- C:\Windows\System\VRdLOUg.exe
  C:\Windows\System\VRdLOUg.exe
  2⤵
  PID:4472
- C:\Windows\System\kumDOap.exe
  C:\Windows\System\kumDOap.exe
  2⤵
  PID:4492
- C:\Windows\System\MORcJTb.exe
  C:\Windows\System\MORcJTb.exe
  2⤵
  PID:4512
- C:\Windows\System\MIyraaC.exe
  C:\Windows\System\MIyraaC.exe
  2⤵
  PID:4532
- C:\Windows\System\moJvOEL.exe
  C:\Windows\System\moJvOEL.exe
  2⤵
  PID:4552
- C:\Windows\System\TzHcuYx.exe
  C:\Windows\System\TzHcuYx.exe
  2⤵
  PID:4572
- C:\Windows\System\KeqCyBK.exe
  C:\Windows\System\KeqCyBK.exe
  2⤵
  PID:4592
- C:\Windows\System\DVHcVir.exe
  C:\Windows\System\DVHcVir.exe
  2⤵
  PID:4616
- C:\Windows\System\PXszMle.exe
  C:\Windows\System\PXszMle.exe
  2⤵
  PID:4632
- C:\Windows\System\SqBFwym.exe
  C:\Windows\System\SqBFwym.exe
  2⤵
  PID:4656
- C:\Windows\System\TiPMODg.exe
  C:\Windows\System\TiPMODg.exe
  2⤵
  PID:4676
- C:\Windows\System\oEfYKuW.exe
  C:\Windows\System\oEfYKuW.exe
  2⤵
  PID:4696
- C:\Windows\System\DGrGGyF.exe
  C:\Windows\System\DGrGGyF.exe
  2⤵
  PID:4716
- C:\Windows\System\qdDvgVA.exe
  C:\Windows\System\qdDvgVA.exe
  2⤵
  PID:4736
- C:\Windows\System\dkawdID.exe
  C:\Windows\System\dkawdID.exe
  2⤵
  PID:4756
- C:\Windows\System\eFUTpQa.exe
  C:\Windows\System\eFUTpQa.exe
  2⤵
  PID:4776
- C:\Windows\System\ElzLnCh.exe
  C:\Windows\System\ElzLnCh.exe
  2⤵
  PID:4796
- C:\Windows\System\xnCBcHp.exe
  C:\Windows\System\xnCBcHp.exe
  2⤵
  PID:4816
- C:\Windows\System\vTzuAPU.exe
  C:\Windows\System\vTzuAPU.exe
  2⤵
  PID:4836
- C:\Windows\System\zwatVWb.exe
  C:\Windows\System\zwatVWb.exe
  2⤵
  PID:4856
- C:\Windows\System\MAdKKgF.exe
  C:\Windows\System\MAdKKgF.exe
  2⤵
  PID:4876
- C:\Windows\System\TyOJhez.exe
  C:\Windows\System\TyOJhez.exe
  2⤵
  PID:4896
- C:\Windows\System\EQTLHTM.exe
  C:\Windows\System\EQTLHTM.exe
  2⤵
  PID:4916
- C:\Windows\System\SIqjcec.exe
  C:\Windows\System\SIqjcec.exe
  2⤵
  PID:4936
- C:\Windows\System\vizmdZj.exe
  C:\Windows\System\vizmdZj.exe
  2⤵
  PID:4956
- C:\Windows\System\CEZelsd.exe
  C:\Windows\System\CEZelsd.exe
  2⤵
  PID:4972
- C:\Windows\System\phihwkl.exe
  C:\Windows\System\phihwkl.exe
  2⤵
  PID:4996
- C:\Windows\System\igbFEMk.exe
  C:\Windows\System\igbFEMk.exe
  2⤵
  PID:5012
- C:\Windows\System\GSXKpTP.exe
  C:\Windows\System\GSXKpTP.exe
  2⤵
  PID:5036
- C:\Windows\System\iogvDoP.exe
  C:\Windows\System\iogvDoP.exe
  2⤵
  PID:5056
- C:\Windows\System\zNmvVaH.exe
  C:\Windows\System\zNmvVaH.exe
  2⤵
  PID:5076
- C:\Windows\System\PtARGaF.exe
  C:\Windows\System\PtARGaF.exe
  2⤵
  PID:5092
- C:\Windows\System\jIwpyoE.exe
  C:\Windows\System\jIwpyoE.exe
  2⤵
  PID:5112
- C:\Windows\System\ZQlVFfe.exe
  C:\Windows\System\ZQlVFfe.exe
  2⤵
  PID:3552
- C:\Windows\System\xbYlEcl.exe
  C:\Windows\System\xbYlEcl.exe
  2⤵
  PID:3584
- C:\Windows\System\jvWyzJE.exe
  C:\Windows\System\jvWyzJE.exe
  2⤵
  PID:3580
- C:\Windows\System\rvClZvs.exe
  C:\Windows\System\rvClZvs.exe
  2⤵
  PID:3760
- C:\Windows\System\KEngHZO.exe
  C:\Windows\System\KEngHZO.exe
  2⤵
  PID:3828
- C:\Windows\System\uqSRjpc.exe
  C:\Windows\System\uqSRjpc.exe
  2⤵
  PID:3840
- C:\Windows\System\gjUUcLm.exe
  C:\Windows\System\gjUUcLm.exe
  2⤵
  PID:3868
- C:\Windows\System\zwHYluG.exe
  C:\Windows\System\zwHYluG.exe
  2⤵
  PID:3980
- C:\Windows\System\UDEudoo.exe
  C:\Windows\System\UDEudoo.exe
  2⤵
  PID:4040
- C:\Windows\System\kxDPxBv.exe
  C:\Windows\System\kxDPxBv.exe
  2⤵
  PID:4008
- C:\Windows\System\fcERjdz.exe
  C:\Windows\System\fcERjdz.exe
  2⤵
  PID:2524
- C:\Windows\System\iutDkHG.exe
  C:\Windows\System\iutDkHG.exe
  2⤵
  PID:1764
- C:\Windows\System\YQIejLM.exe
  C:\Windows\System\YQIejLM.exe
  2⤵
  PID:2180
- C:\Windows\System\AlVpfdO.exe
  C:\Windows\System\AlVpfdO.exe
  2⤵
  PID:2584
- C:\Windows\System\YYBqYUn.exe
  C:\Windows\System\YYBqYUn.exe
  2⤵
  PID:1584
- C:\Windows\System\RqIDpxT.exe
  C:\Windows\System\RqIDpxT.exe
  2⤵
  PID:2228
- C:\Windows\System\IbZAshO.exe
  C:\Windows\System\IbZAshO.exe
  2⤵
  PID:1292
- C:\Windows\System\YOameZh.exe
  C:\Windows\System\YOameZh.exe
  2⤵
  PID:3236
- C:\Windows\System\xbQzWGs.exe
  C:\Windows\System\xbQzWGs.exe
  2⤵
  PID:3244
- C:\Windows\System\XJkmlsu.exe
  C:\Windows\System\XJkmlsu.exe
  2⤵
  PID:3380
- C:\Windows\System\yJgoHSr.exe
  C:\Windows\System\yJgoHSr.exe
  2⤵
  PID:4100
- C:\Windows\System\MgsAmIb.exe
  C:\Windows\System\MgsAmIb.exe
  2⤵
  PID:3460
- C:\Windows\System\sOhOqsf.exe
  C:\Windows\System\sOhOqsf.exe
  2⤵
  PID:4140
- C:\Windows\System\QJWFddD.exe
  C:\Windows\System\QJWFddD.exe
  2⤵
  PID:4164
- C:\Windows\System\gLMMyll.exe
  C:\Windows\System\gLMMyll.exe
  2⤵
  PID:4228
- C:\Windows\System\fmOeOBQ.exe
  C:\Windows\System\fmOeOBQ.exe
  2⤵
  PID:4240
- C:\Windows\System\ALozKwp.exe
  C:\Windows\System\ALozKwp.exe
  2⤵
  PID:4264
- C:\Windows\System\DSaqDly.exe
  C:\Windows\System\DSaqDly.exe
  2⤵
  PID:4288
- C:\Windows\System\TbnWXKo.exe
  C:\Windows\System\TbnWXKo.exe
  2⤵
  PID:4344
- C:\Windows\System\YqdAcoq.exe
  C:\Windows\System\YqdAcoq.exe
  2⤵
  PID:4368
- C:\Windows\System\MHTfGLn.exe
  C:\Windows\System\MHTfGLn.exe
  2⤵
  PID:4428
- C:\Windows\System\eKSGYND.exe
  C:\Windows\System\eKSGYND.exe
  2⤵
  PID:4404
- C:\Windows\System\yxzcZsH.exe
  C:\Windows\System\yxzcZsH.exe
  2⤵
  PID:4448
- C:\Windows\System\HCbWxjb.exe
  C:\Windows\System\HCbWxjb.exe
  2⤵
  PID:4480
- C:\Windows\System\MgwcKnS.exe
  C:\Windows\System\MgwcKnS.exe
  2⤵
  PID:4544
- C:\Windows\System\qnhZneC.exe
  C:\Windows\System\qnhZneC.exe
  2⤵
  PID:4588
- C:\Windows\System\rkmUmOX.exe
  C:\Windows\System\rkmUmOX.exe
  2⤵
  PID:4600
- C:\Windows\System\avlxFHN.exe
  C:\Windows\System\avlxFHN.exe
  2⤵
  PID:4664
- C:\Windows\System\QtfbOfq.exe
  C:\Windows\System\QtfbOfq.exe
  2⤵
  PID:4652
- C:\Windows\System\PUgIDLJ.exe
  C:\Windows\System\PUgIDLJ.exe
  2⤵
  PID:4684
- C:\Windows\System\OKzPrrM.exe
  C:\Windows\System\OKzPrrM.exe
  2⤵
  PID:4724
- C:\Windows\System\wkESXKm.exe
  C:\Windows\System\wkESXKm.exe
  2⤵
  PID:4788
- C:\Windows\System\RTZwwmV.exe
  C:\Windows\System\RTZwwmV.exe
  2⤵
  PID:4828
- C:\Windows\System\OZtFEer.exe
  C:\Windows\System\OZtFEer.exe
  2⤵
  PID:4868
- C:\Windows\System\vFEMXoF.exe
  C:\Windows\System\vFEMXoF.exe
  2⤵
  PID:4912
- C:\Windows\System\xHMtoim.exe
  C:\Windows\System\xHMtoim.exe
  2⤵
  PID:4924
- C:\Windows\System\QeSVFbz.exe
  C:\Windows\System\QeSVFbz.exe
  2⤵
  PID:4980
- C:\Windows\System\ODFEHjX.exe
  C:\Windows\System\ODFEHjX.exe
  2⤵
  PID:4964
- C:\Windows\System\OlhJcIg.exe
  C:\Windows\System\OlhJcIg.exe
  2⤵
  PID:5004
- C:\Windows\System\AXlAcuY.exe
  C:\Windows\System\AXlAcuY.exe
  2⤵
  PID:5072
- C:\Windows\System\iOwpQoj.exe
  C:\Windows\System\iOwpQoj.exe
  2⤵
  PID:5108
- C:\Windows\System\xvLdkib.exe
  C:\Windows\System\xvLdkib.exe
  2⤵
  PID:3644
- C:\Windows\System\LBjvJRw.exe
  C:\Windows\System\LBjvJRw.exe
  2⤵
  PID:3524
- C:\Windows\System\OuqoFqD.exe
  C:\Windows\System\OuqoFqD.exe
  2⤵
  PID:3676

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\BACMUwt.exe

Filesize
2.3MB

MD5
dfe150bbbf99cc4ca1ed6370d3d81d91

SHA1
c862fe79138b5f563b05e39987e2d56a38434937

SHA256
0e5de83b3263217487dbb280e418fd1c773f87238c2726d9c3c81f7d8dce4ff7

SHA512
717ded905f6d2fd39b14abb37dcd9ea67a3547823877aa3d0dea56bc809278206d20629277934627f0de11c12ac4d958ca1bfe110ad5ea7b17cf5b4d219a5d31

Download Submit
C:\Windows\system\DzxCwmY.exe

Filesize
2.3MB

MD5
edfcd48bab3705b1838c351224d3e2f4

SHA1
7d02aa76eb6dd0ab43aad625205e6c04242f584d

SHA256
fbe8876d9f850325681200b8fec6161f1b4a2592bd0d771a580c0100b6b5768a

SHA512
c64edfcee249a4d72751a4c0e18080bec6be9c4b1b2166bf97c297ac011cee9978cbfa798c647274859d8dd78a828db1c577f4fee4d3cde3444503be690c2b67

Download Submit
C:\Windows\system\EwHnUpN.exe

Filesize
2.3MB

MD5
ebd43a7a863ff9e7116e4ededd288be9

SHA1
8c89a71d6c34daeb2d6f72a5a2cc4168e46fbcc1

SHA256
f71a50534205ee9cc5fce22d91f8e252c0cf9e298b6d79996eac971eb8598a3c

SHA512
85f68875380c8cfc8925490ebbf0701926bbe641ee530ed6f1ccb9a2626d323113daff004bc52e4293cf2a70ed2173a68817b6c84b368d02127eb8668aac213c

Download Submit
C:\Windows\system\FBVBirS.exe

Filesize
2.3MB

MD5
8622d06385b4fc40e8a25517f5466c07

SHA1
c7d9e8c0ae90eb93480c78205c39929b0f874315

SHA256
8ab265e7fbf3cc0d3ebdf9c87e3f4d1a5e1b30c98f8a1f5871e75c6947f1e3d0

SHA512
b4b071c68340e8c39673873b22c4b0696edfecbae09232c80fe0f6037c6ddab9a2345578b9e8fe4f094318c03d2ea732f9e648e7b8afd1e6065beb907aa0935b

Download Submit
C:\Windows\system\GQPcfDu.exe

Filesize
2.3MB

MD5
323469be3c9d298cd8ff5545f6ae59ca

SHA1
a1c71158e99f2d38639a0a257624059f9f53264f

SHA256
1e1b3c9785bd64023fd2c11bd99931907d2bb00b86266f688013ef639dc0a673

SHA512
b8c21105fc2eec845c0c786fa7d9967fa61d35266a2b70891b2ed716f9380a2235b595d70d73674d7a318d35de86a4cc5a71f78e1feccac8b3c5ead046a28c09

Download Submit
C:\Windows\system\JvQRWdR.exe

Filesize
2.3MB

MD5
02f0f126a0657d607eebabeb320301bc

SHA1
9541c8165460719326cb5abba202ed69cdeece66

SHA256
2f574b8e3c0285d2c2d612229ee110557b678d574fee8a0432a5bfff65771d39

SHA512
b0ffb7597ddf73364b4ad7db1a150432b45c35a66d14ef8c4e89fd27e5026191b467d6cb81fa64641a11b73a394e5b54be0956c64e2151b754da8f79092b19b3

Download Submit
C:\Windows\system\KDSuazU.exe

Filesize
2.3MB

MD5
cf099e4e6586bfc972ab2432fe64ce42

SHA1
8c81388b34df3b356f4dda63f57a6ef7f8b0464f

SHA256
1e423b1e5354719acba4544981ffc34d0711f86e94626f1a4361f1f5364afeca

SHA512
561162d564bba65416576d247d33697af4ae7b0745a8ce5269e5a4c6c9a28aa6ce0382d49823565e229d9cf91236a0d705adc71af7eaed13863f8995de2f71e0

Download Submit
C:\Windows\system\MaIxJQF.exe

Filesize
2.3MB

MD5
0ed0f62e695deb13f8848502b1dda3c8

SHA1
9848a172934f1769b7578e831e6f386cae35e10d

SHA256
ba8a908979fbf01b808afbb90d9f201dc84aa682859b3468dafd19d12923549e

SHA512
f1a5ce7f72c349246e9d91e7e87949a2389f43ef334214fb81a95d969374a8f3616e25e86883e8a16c3449c706c62b2670ecf470e40ddc3ec9a2b0de1ca74c25

Download Submit
C:\Windows\system\MoQqbZb.exe

Filesize
2.3MB

MD5
63ba648b3e7ca5d42d1e85b398734ea6

SHA1
6e914eec840b28b6f1d99aa7825d0006bcc5801c

SHA256
8ff53f4a51de3c7fae861016fa1c91eaac363002424895cbfe329bcd7423871f

SHA512
4871050d74ac5120e06d5fdc800c063b162255afef73e8ec22910d7a17b62619e6410ccc4945be29c603b174b5550b5cfa07498a7352384724419ae9cc22e58e

Download Submit
C:\Windows\system\NRBjgMS.exe

Filesize
2.3MB

MD5
9c2a617fd325a48276a228cd69604b01

SHA1
c71e35bf763181f4dea347cb723a896da638932b

SHA256
152bc270cdfa76aee70fc3af33f0073a7c32bde8ad4ce80fbaa90ef301c7e188

SHA512
134858f839cea9892a5f51180382b516e828fa5a5e9a24f597dbd215c01f7f1fa3d67263717a1d5a5d47f00d15af2173b318ec296b9b4108804f195b39fecdbd

Download Submit
C:\Windows\system\OfpNSpb.exe

Filesize
2.3MB

MD5
cbefc018ec2bc60446c3f2e7c12dc213

SHA1
ac9ffd48605118c8307141c7e3b07fe27c852fc0

SHA256
7d85af6008fb06fced0b1b210bebe8bf0fcbfaab9b190f132359e0dd58e88ca8

SHA512
9858763b8b1fab5df73386b271609e789e9d89a5c0ce777595759a86c9b92d22c4c2b24805c3c248430ceb71c29737951fea9389192293bd09f6e64ca65dd87a

Download Submit
C:\Windows\system\VLXgkcq.exe

Filesize
2.3MB

MD5
22533164273c00d5ffb3f458938d0123

SHA1
5b3e2b66db2737250c3efa5dad37578cea4bd6e7

SHA256
d2410b29a1b852a827a7e37c14f4f545cd6ed6adfc31350b8f3912043dbc7506

SHA512
7e51fd75d2b7005dde537141f6a20fbf85749b11d69208ec6d69d2f35c95e136283f16a4d77b0a9b4de7cd7f4b1d4dfcdc0c9c451ca541453fa9e9785388a79a

Download Submit
C:\Windows\system\VUXnqdN.exe

Filesize
2.3MB

MD5
34ca34e3268c19a7d09bc082d9556c4e

SHA1
68e6735739cdbeb6adafcd7f3d85a17939cfd43f

SHA256
0b52ec1d18d4f5350e1975d0b6ea1d80b19577d9c0e1ea4557f9f65aa8373c8a

SHA512
ffdde6dececb5c2d849fe71046024bd2e3281c72e231b64eb76e41f16f50e3bd4582086f09fdb7bd0fb354eb0d68339b204be0d059bec17562afcdb4fd02fde5

Download Submit
C:\Windows\system\ewdHsRG.exe

Filesize
2.3MB

MD5
f6723986ed6c629c30612476aea45ed5

SHA1
fdbe9fcf07a5af3e534cf34a439e6ffe18ea5ae4

SHA256
f4a9106be1fc8961b6ea9b787dab0ca96ab9ed8a1e6854789b1bb1c0670f0d0d

SHA512
d886afe90edb9c5daca241fa840cc21868d5d3d8de925ad8dfd8533d2adb7e14a323c90083817d4e1d7a826843d9f58bb20bde520b1b6a9b94c83adeb4e4a4d2

Download Submit
C:\Windows\system\gOUzyQc.exe

Filesize
2.3MB

MD5
c0d31045625e121962f9d2a8720181ed

SHA1
02b0023669d6fbb29cb3b9c76a6601db86558b12

SHA256
89adb74c73c9ae53a0efbf3bfe02868bf4a880100d0c481450ffc2a35bc0ea04

SHA512
e663c878b82981088950d08aa93c76b98c2300d8d865807760d9abd4c6fef7d80d61a4eb50f32f8d669de3f1948b0625ea56fa8eddf40b28920b5e9223f83084

Download Submit
C:\Windows\system\jnbzFdM.exe

Filesize
2.3MB

MD5
aa3209233afdf7a9917ac286e6b35b58

SHA1
59309ae1564903aee0d551a61683b7636406d623

SHA256
c63c8e89e51210c3f0e43e8180f21fed04bc90042e5a3fe2e91ae6aed776c885

SHA512
1f496c0eb509e2efedd24662f53eaa31811430d8fa15d32ac557ac958247ff0e9dbaa221beeb5f86cfced329aff726d420e76df623f3773e58f515803845e66d

Download Submit
C:\Windows\system\juMfjLI.exe

Filesize
2.3MB

MD5
37d6c30f57eaabe307e37ad5e61bc19d

SHA1
05e636d6b453e27837f6420380aa524099d30764

SHA256
7dba1a2ec7cdfc19b766a95f5fce5026fc844b28b058756ffc5a3697ae7304e8

SHA512
f3ab23899043a0c5d4ddbf340d175c98d70747e5cb5a05a74c4080e91756d187045a965ed2133bd1476ecb0526d4d1d2e1e2e2a3eeb5aa589ba434177e029845

Download Submit
C:\Windows\system\kViHrva.exe

Filesize
2.3MB

MD5
41e6ad7141b681562983b690f2f994ea

SHA1
acae89f27f9b693d49a0de24d668f3d04f0cb0ed

SHA256
8b66f9c7a7ea67462aab33085a7e6b5423dd2e52397583a59f3f094afd4a57fd

SHA512
b707d811ebbc0171dc839d407b12138e615f5327bd68c22e37b893f2681098e2f15a4f2877631562e2c10616e1405f2c1340e9aa0a75dd4209de756d5837de16

Download Submit
C:\Windows\system\lryBeGw.exe

Filesize
2.3MB

MD5
5339f80ec29a1fec7f123afa546dd28d

SHA1
3b61824c80b2ffca854b450e65563cbe125b7f06

SHA256
ecd62ad6278f8f9c875a7df25ed88f63ce341c9b83d0867f828d8249fc236e43

SHA512
da9868cf0e8798acacfac42755f65c2cf67b0cf465879f6b7b61b01a8db9de3d0d2783c7ba9f50238591fccd0fdc098eda8d0a96727985a014e3ded3406c7869

Download Submit
C:\Windows\system\mOEavSN.exe

Filesize
2.3MB

MD5
71dc69e64360986e90d10485c5670da0

SHA1
06ca9a0d00ac1ef7fc81416068829a43aa9b58c3

SHA256
0d488e6dc1ac8a42a7ee147e448bbfb8fdc43fe00592cb3185f3fada24546224

SHA512
3060ec4d86437da4ded5b91879a1f0bcb4c2314d42e607b14b7200f6931cb305ebfe8aa2042c3535027da64f9fa537988dda0ac2ffb119f066f357629cdc9aec

Download Submit
C:\Windows\system\npXSOmC.exe

Filesize
2.3MB

MD5
6bd669e741f9cd45a93f87e61991540e

SHA1
c3ab92e7ad50bb221a8cc3279331edaef61c805c

SHA256
8d416392e816ebaec8a1dbdbeb48dbf4ea55f9d1d980576d66c8f00a4655bf56

SHA512
5c4530606d773d96eea8451dbfc8ac1eda2f12a189aef19354825153df09ec43ec1d7d8e8903964cbef0c248ff3d71422b96bdbf5d6b62852eeed1ed273538d9

Download Submit
C:\Windows\system\rVmcaLE.exe

Filesize
2.3MB

MD5
0b19949516563104947ec3e313cbcd8a

SHA1
013d4ff85c18d00d8f3894bfee6625f6613a3671

SHA256
7fa8f27dbafa95ce75422b97d3038df971633b8e20ce4ff878cdaa8c1db82e2e

SHA512
744f2f6c9c8a9487f11c038bcfe1d6d621c753b668090b252a742be0fb77e7cebb309041a0037a8dcc8ab2d2cd1be604ff462bc49aca3e5abcb867128b131a11

Download Submit
C:\Windows\system\uZLGXmj.exe

Filesize
2.3MB

MD5
f4e4474c6bbbc83cd2c12b65994e9e42

SHA1
85b54926f79fd3b8509d69fe4c9c0be7cd7d3cb6

SHA256
39d5c6bba278006a5ed802e824626e063443a8f223af5a7e1368de3d36a73ae2

SHA512
5574f876ada48ffff314d773b9503e7648e146775f532e820dd001b051d70392f2a1672d21f6ac218a7aea2886e0dd5cff8d94583db9a74d7084e5adf2f63987

Download Submit
C:\Windows\system\voZbCNB.exe

Filesize
2.3MB

MD5
16883c4c6745c0cde5f5ff984b83ae17

SHA1
0f1a2f94392297a49ba69612a0776a1a2587d99c

SHA256
dd66e62237132c85e0f53f4a24e4273d99d0a4a5c904fe16b32d261274a83f55

SHA512
771035296ad76472b7fcdf5fb7e36469f005911bbc96d850533de19086756596ac7e90612eaf1001714d41dd6982d053a9b52cd97e44444af62251174d358612

Download Submit
C:\Windows\system\wRphpjC.exe

Filesize
2.3MB

MD5
9109f868df6b0e855ca2681c04f2bc4f

SHA1
0a3c542231360adfcbfda7e760615b4eb09163fc

SHA256
f4e8bfa28883130a2fcbe36e7814205816a934554fd7a6c9e556038c765a70af

SHA512
e7f8d2e0295bb1ab57a1a964c3b01814c65c4492d2033da9ca1b849e70f1f7e07139276ac15a9c169a9c711967b4a20c54bd6ef019fec08ceba04c206cc25744

Download Submit
C:\Windows\system\wrhDxlY.exe

Filesize
2.3MB

MD5
151bd5f288d3f15404d5f41ddd2b1d70

SHA1
bf55274ceb760a2003e45cb80b8a699b603676fe

SHA256
f2784c08575b66efd25689b1e68dc617f65dfbbb22c0b23a3d0c0b51b5901843

SHA512
27712a99f3448dc1f6331bc9f8d05963ccec12a91fb4a8b518b8cd68490e9f4897a092c28be722a551686df94f68fcd71f9ece8793ef4b8212532bfa74f19ab4

Download Submit
C:\Windows\system\xWZMLAe.exe

Filesize
2.3MB

MD5
16dc9557c81894b5883894d0dbd070a3

SHA1
0ec972a8de8185cd36803545eda16987e58f2460

SHA256
9608eda59ef2ad7368b51b4c3b88402a44f82cf86686375dc8ea2dc99e4a341b

SHA512
fbf918940d858d924251811b4e13ffa39347be16063a46bf4cfed7c4be69e6c4fbb986c46e8c6e50a7514da5bcda25a6798c2fd6cc27f8e29db8385cb1d66580

Download Submit
C:\Windows\system\ziGolDf.exe

Filesize
2.3MB

MD5
4bc7b6dff4260975860a7141c201651c

SHA1
0a1ef25bc64f59ac4877da0641414ae582f3f304

SHA256
eede9fdf19a1e00d59845b3b88968411273f342faf59c191b42071e987eb12b3

SHA512
f9e5b0fbdf652005be26c92eec0d838efb7c69b99e89939c11290be41cf59f9a7aae90866052f41c793271c1ca63066d6a7b500b8aa2adac303b97e7fbfbe4b9

Download Submit
\Windows\system\BzwmiUM.exe

Filesize
2.3MB

MD5
2e13818b1a74fec6acdd1479a78a5dc5

SHA1
eb4ae180f16845ae3acb5cf9f1a94b1785834e0e

SHA256
797d18593adba0a3f356a47fd1c25794c709036206f322f3e00ad4cd4bc83937

SHA512
1c7974271d77734e37ee31593d8f713d04f07f7d19c7f6b77f17bc5ec44835025278c00bce2a057aac8dc2e69b3c23a7880153bd0665b15fa52e9a8e9b9cf329

Download Submit
\Windows\system\COxevDt.exe

Filesize
2.3MB

MD5
9459345553efd9fdcd2a48dd357586ab

SHA1
aac4c7b81671e171f1cca704ce8f3108cb9c6911

SHA256
6f62a1fd66369ab272461e9b037ea28726e8763f9e1972d93271040a62aa8818

SHA512
114f055f19aa806e15f394c27ee32b18f257cc1c7152c236e10b3c9d97b17d318974585dbce422727bc7fb6a6c96a30a35a8feac757e02c572d55c284c67272a

Download Submit
\Windows\system\XmhwHuh.exe

Filesize
2.3MB

MD5
d93271eb26e2cf58619a3378197b6906

SHA1
cc10b9e0a254b2e0cc9af4e6d1dce83dda04785e

SHA256
5a449f0296c2057ae5404ec1074ccbd0a846a90f3b3277a5b9e4a5ace8c19a1c

SHA512
3516923db43bbbe8c47b6964c5623de8145ecb19adf0958f6718136dc2676fea1bbfe41f956753a0cb70ef6c187c845ca88a97c1560f7bade5ce2cc64ebc5173

Download Submit
\Windows\system\vUnzBwp.exe

Filesize
2.3MB

MD5
89e16a6a076d93c0ec7704dd1744885d

SHA1
f3c19c1a72225c99fc3f2fe1d07755690aec6464

SHA256
fb7b650838747f223a65171a5100ab6ba7b40d2334454dfe7f73c081946bb298

SHA512
ddbbe8c2bd322d0b2bb0965e3e92480c2becd665234e3c501ec102b6402d51c0128375314086bc536ce8f7686857b25591ab9e9c1fe4a4e9d7f2e42529aae024

Download Submit
memory/852-51-0x000000013FED0000-0x0000000140224000-memory.dmp

Filesize
3.3MB

Download
memory/852-1094-0x000000013FED0000-0x0000000140224000-memory.dmp

Filesize
3.3MB

Download
memory/1712-1082-0x000000013FEC0000-0x0000000140214000-memory.dmp

Filesize
3.3MB

Download
memory/1712-1099-0x000000013FEC0000-0x0000000140214000-memory.dmp

Filesize
3.3MB

Download
memory/1712-88-0x000000013FEC0000-0x0000000140214000-memory.dmp

Filesize
3.3MB

Download
memory/1936-1088-0x000000013F1F0000-0x000000013F544000-memory.dmp

Filesize
3.3MB

Download
memory/1936-15-0x000000013F1F0000-0x000000013F544000-memory.dmp

Filesize
3.3MB

Download
memory/2124-79-0x000000013F1C0000-0x000000013F514000-memory.dmp

Filesize
3.3MB

Download
memory/2124-1080-0x000000013F1C0000-0x000000013F514000-memory.dmp

Filesize
3.3MB

Download
memory/2124-1098-0x000000013F1C0000-0x000000013F514000-memory.dmp

Filesize
3.3MB

Download
memory/2236-1086-0x000000013F6B0000-0x000000013FA04000-memory.dmp

Filesize
3.3MB

Download
memory/2236-1101-0x000000013F6B0000-0x000000013FA04000-memory.dmp

Filesize
3.3MB

Download
memory/2236-103-0x000000013F6B0000-0x000000013FA04000-memory.dmp

Filesize
3.3MB

Download
memory/2384-42-0x000000013FE60000-0x00000001401B4000-memory.dmp

Filesize
3.3MB

Download
memory/2384-50-0x000000013FED0000-0x0000000140224000-memory.dmp

Filesize
3.3MB

Download
memory/2384-1-0x00000000003F0000-0x0000000000400000-memory.dmp

Filesize
64KB

Download
memory/2384-99-0x0000000001FD0000-0x0000000002324000-memory.dmp

Filesize
3.3MB

Download
memory/2384-91-0x000000013F7F0000-0x000000013FB44000-memory.dmp

Filesize
3.3MB

Download
memory/2384-13-0x0000000001FD0000-0x0000000002324000-memory.dmp

Filesize
3.3MB

Download
memory/2384-87-0x000000013FEC0000-0x0000000140214000-memory.dmp

Filesize
3.3MB

Download
memory/2384-24-0x000000013FFC0000-0x0000000140314000-memory.dmp

Filesize
3.3MB

Download
memory/2384-109-0x0000000001FD0000-0x0000000002324000-memory.dmp

Filesize
3.3MB

Download
memory/2384-1083-0x000000013F7F0000-0x000000013FB44000-memory.dmp

Filesize
3.3MB

Download
memory/2384-78-0x0000000001FD0000-0x0000000002324000-memory.dmp

Filesize
3.3MB

Download
memory/2384-36-0x000000013F030000-0x000000013F384000-memory.dmp

Filesize
3.3MB

Download
memory/2384-9-0x0000000001FD0000-0x0000000002324000-memory.dmp

Filesize
3.3MB

Download
memory/2384-72-0x0000000001FD0000-0x0000000002324000-memory.dmp

Filesize
3.3MB

Download
memory/2384-1081-0x000000013FEC0000-0x0000000140214000-memory.dmp

Filesize
3.3MB

Download
memory/2384-1085-0x0000000001FD0000-0x0000000002324000-memory.dmp

Filesize
3.3MB

Download
memory/2384-55-0x0000000001FD0000-0x0000000002324000-memory.dmp

Filesize
3.3MB

Download
memory/2384-64-0x0000000001FD0000-0x0000000002324000-memory.dmp

Filesize
3.3MB

Download
memory/2384-63-0x000000013F430000-0x000000013F784000-memory.dmp

Filesize
3.3MB

Download
memory/2384-1087-0x0000000001FD0000-0x0000000002324000-memory.dmp

Filesize
3.3MB

Download
memory/2384-1079-0x0000000001FD0000-0x0000000002324000-memory.dmp

Filesize
3.3MB

Download
memory/2384-1041-0x0000000001FD0000-0x0000000002324000-memory.dmp

Filesize
3.3MB

Download
memory/2384-21-0x000000013F940000-0x000000013FC94000-memory.dmp

Filesize
3.3MB

Download
memory/2384-0-0x000000013F430000-0x000000013F784000-memory.dmp

Filesize
3.3MB

Download
memory/2548-66-0x000000013F870000-0x000000013FBC4000-memory.dmp

Filesize
3.3MB

Download
memory/2548-684-0x000000013F870000-0x000000013FBC4000-memory.dmp

Filesize
3.3MB

Download
memory/2548-1096-0x000000013F870000-0x000000013FBC4000-memory.dmp

Filesize
3.3MB

Download
memory/2660-1090-0x000000013F940000-0x000000013FC94000-memory.dmp

Filesize
3.3MB

Download
memory/2660-86-0x000000013F940000-0x000000013FC94000-memory.dmp

Filesize
3.3MB

Download
memory/2660-22-0x000000013F940000-0x000000013FC94000-memory.dmp

Filesize
3.3MB

Download
memory/2696-37-0x000000013F030000-0x000000013F384000-memory.dmp

Filesize
3.3MB

Download
memory/2696-1092-0x000000013F030000-0x000000013F384000-memory.dmp

Filesize
3.3MB

Download
memory/2728-1095-0x000000013F130000-0x000000013F484000-memory.dmp

Filesize
3.3MB

Download
memory/2728-368-0x000000013F130000-0x000000013F484000-memory.dmp

Filesize
3.3MB

Download
memory/2728-56-0x000000013F130000-0x000000013F484000-memory.dmp

Filesize
3.3MB

Download
memory/2824-1091-0x000000013FFC0000-0x0000000140314000-memory.dmp

Filesize
3.3MB

Download
memory/2824-29-0x000000013FFC0000-0x0000000140314000-memory.dmp

Filesize
3.3MB

Download
memory/2824-95-0x000000013FFC0000-0x0000000140314000-memory.dmp

Filesize
3.3MB

Download
memory/2868-1097-0x000000013F710000-0x000000013FA64000-memory.dmp

Filesize
3.3MB

Download
memory/2868-1042-0x000000013F710000-0x000000013FA64000-memory.dmp

Filesize
3.3MB

Download
memory/2868-73-0x000000013F710000-0x000000013FA64000-memory.dmp

Filesize
3.3MB

Download
memory/2872-96-0x000000013F7F0000-0x000000013FB44000-memory.dmp

Filesize
3.3MB

Download
memory/2872-1100-0x000000013F7F0000-0x000000013FB44000-memory.dmp

Filesize
3.3MB

Download
memory/2872-1084-0x000000013F7F0000-0x000000013FB44000-memory.dmp

Filesize
3.3MB

Download
memory/2964-65-0x000000013F5E0000-0x000000013F934000-memory.dmp

Filesize
3.3MB

Download
memory/2964-1089-0x000000013F5E0000-0x000000013F934000-memory.dmp

Filesize
3.3MB

Download
memory/2964-11-0x000000013F5E0000-0x000000013F934000-memory.dmp

Filesize
3.3MB

Download
memory/2976-43-0x000000013FE60000-0x00000001401B4000-memory.dmp

Filesize
3.3MB

Download
memory/2976-1093-0x000000013FE60000-0x00000001401B4000-memory.dmp

Filesize
3.3MB

Download
memory/2976-102-0x000000013FE60000-0x00000001401B4000-memory.dmp

Filesize
3.3MB

Download