kpot | 1ef2784cbe448feee12f98cda1f466ba7b0cd9f5eab545fb7158943051a78c78

Analysis

max time kernel
125s
max time network
138s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
30-06-2024 22:26

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

1ef2784cbe448feee12f98cda1f466ba7b0cd9f5eab545fb7158943051a78c78_NeikiAnalytics.exe
Size

2.0MB
MD5

18791ffb848a3bffbcac0eb188e33ff0
SHA1

e5bf275449d455369cd83d0194821f02538c52bd
SHA256

1ef2784cbe448feee12f98cda1f466ba7b0cd9f5eab545fb7158943051a78c78
SHA512

2e203062e593dae10880f6b98976d083f484bbb03b14051b60bc5784acf1396acc98171272c41441147ce1119ede38a1a916bd8f95f552646e60a39f3b4fd157
SSDEEP

49152:BezaTF8FcNkNdfE0pZ9ozt4wIC5aIwC+Agr6SqCvKnu:BemTLkNdfE0pZrwa

Score

10^/10

kpot xmrig miner stealer trojan upx

Malware Config

Signatures

KPOT
KPOT is an information stealer that steals user data and account credentials.
trojan stealer kpot

KPOT Core Executable 32 IoCs

resource	yara_rule
behavioral1/files/0x0006000000015642-102.dat	family_kpot
behavioral1/files/0x0006000000015c9c-142.dat	family_kpot
behavioral1/files/0x0006000000015cb9-156.dat	family_kpot
behavioral1/files/0x0006000000015cc1-159.dat	family_kpot
behavioral1/files/0x0006000000015cca-167.dat	family_kpot
behavioral1/files/0x0006000000015cad-152.dat	family_kpot
behavioral1/files/0x0006000000015ca5-146.dat	family_kpot
behavioral1/files/0x0006000000015c7c-132.dat	family_kpot
behavioral1/files/0x0006000000015c86-137.dat	family_kpot
behavioral1/files/0x0006000000015c51-122.dat	family_kpot
behavioral1/files/0x0006000000015c6d-126.dat	family_kpot
behavioral1/files/0x0006000000015bb9-117.dat	family_kpot
behavioral1/files/0x0006000000015b77-112.dat	family_kpot
behavioral1/files/0x0006000000015b13-107.dat	family_kpot
behavioral1/files/0x00060000000155e3-97.dat	family_kpot
behavioral1/files/0x00060000000153cf-92.dat	family_kpot
behavioral1/files/0x0006000000015362-87.dat	family_kpot
behavioral1/files/0x0006000000015136-83.dat	family_kpot
behavioral1/files/0x0006000000014e5a-72.dat	family_kpot
behavioral1/files/0x0006000000015023-76.dat	family_kpot
behavioral1/files/0x0006000000014b12-63.dat	family_kpot
behavioral1/files/0x0006000000014c25-67.dat	family_kpot
behavioral1/files/0x0008000000014983-53.dat	family_kpot
behavioral1/files/0x00060000000149ea-56.dat	family_kpot
behavioral1/files/0x00070000000141b5-43.dat	family_kpot
behavioral1/files/0x0007000000014216-47.dat	family_kpot
behavioral1/files/0x000700000001418d-37.dat	family_kpot
behavioral1/files/0x0007000000014183-36.dat	family_kpot
behavioral1/files/0x0033000000013a7c-26.dat	family_kpot
behavioral1/files/0x000700000001416f-19.dat	family_kpot
behavioral1/files/0x0033000000013a3d-12.dat	family_kpot
behavioral1/files/0x000d00000001231a-4.dat	family_kpot

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/files/0x0006000000015642-102.dat	xmrig
behavioral1/files/0x0006000000015c9c-142.dat	xmrig
behavioral1/files/0x0006000000015cb9-156.dat	xmrig
behavioral1/files/0x0006000000015cc1-159.dat	xmrig
behavioral1/files/0x0006000000015cca-167.dat	xmrig
behavioral1/memory/2996-264-0x000000013F250000-0x000000013F5A4000-memory.dmp	xmrig
behavioral1/memory/2488-268-0x000000013F410000-0x000000013F764000-memory.dmp	xmrig
behavioral1/memory/2576-266-0x000000013F0C0000-0x000000013F414000-memory.dmp	xmrig
behavioral1/files/0x0006000000015cad-152.dat	xmrig
behavioral1/files/0x0006000000015ca5-146.dat	xmrig
behavioral1/files/0x0006000000015c7c-132.dat	xmrig
behavioral1/memory/2624-274-0x000000013F350000-0x000000013F6A4000-memory.dmp	xmrig
behavioral1/files/0x0006000000015c86-137.dat	xmrig
behavioral1/files/0x0006000000015c51-122.dat	xmrig
behavioral1/files/0x0006000000015c6d-126.dat	xmrig
behavioral1/files/0x0006000000015bb9-117.dat	xmrig
behavioral1/memory/2456-278-0x000000013F260000-0x000000013F5B4000-memory.dmp	xmrig
behavioral1/files/0x0006000000015b77-112.dat	xmrig
behavioral1/memory/2524-284-0x000000013F610000-0x000000013F964000-memory.dmp	xmrig
behavioral1/memory/2912-286-0x000000013F260000-0x000000013F5B4000-memory.dmp	xmrig
behavioral1/memory/2704-290-0x000000013F6D0000-0x000000013FA24000-memory.dmp	xmrig
behavioral1/memory/1956-292-0x000000013F8D0000-0x000000013FC24000-memory.dmp	xmrig
behavioral1/memory/2120-293-0x0000000001F30000-0x0000000002284000-memory.dmp	xmrig
behavioral1/memory/2520-294-0x000000013F7A0000-0x000000013FAF4000-memory.dmp	xmrig
behavioral1/files/0x0006000000015b13-107.dat	xmrig
behavioral1/files/0x00060000000155e3-97.dat	xmrig
behavioral1/files/0x00060000000153cf-92.dat	xmrig
behavioral1/files/0x0006000000015362-87.dat	xmrig
behavioral1/files/0x0006000000015136-83.dat	xmrig
behavioral1/files/0x0006000000014e5a-72.dat	xmrig
behavioral1/files/0x0006000000015023-76.dat	xmrig
behavioral1/files/0x0006000000014b12-63.dat	xmrig
behavioral1/files/0x0006000000014c25-67.dat	xmrig
behavioral1/files/0x0008000000014983-53.dat	xmrig
behavioral1/files/0x00060000000149ea-56.dat	xmrig
behavioral1/files/0x00070000000141b5-43.dat	xmrig
behavioral1/files/0x0007000000014216-47.dat	xmrig
behavioral1/files/0x000700000001418d-37.dat	xmrig
behavioral1/files/0x0007000000014183-36.dat	xmrig
behavioral1/memory/3004-28-0x000000013F1B0000-0x000000013F504000-memory.dmp	xmrig
behavioral1/files/0x0033000000013a7c-26.dat	xmrig
behavioral1/memory/2672-22-0x000000013FE90000-0x00000001401E4000-memory.dmp	xmrig
behavioral1/files/0x000700000001416f-19.dat	xmrig
behavioral1/memory/2196-16-0x000000013F560000-0x000000013F8B4000-memory.dmp	xmrig
behavioral1/files/0x0033000000013a3d-12.dat	xmrig
behavioral1/memory/1724-9-0x000000013FED0000-0x0000000140224000-memory.dmp	xmrig
behavioral1/files/0x000d00000001231a-4.dat	xmrig
behavioral1/memory/2120-0-0x000000013F790000-0x000000013FAE4000-memory.dmp	xmrig
behavioral1/memory/2120-1035-0x000000013F790000-0x000000013FAE4000-memory.dmp	xmrig
behavioral1/memory/1724-1069-0x000000013FED0000-0x0000000140224000-memory.dmp	xmrig
behavioral1/memory/2672-1072-0x000000013FE90000-0x00000001401E4000-memory.dmp	xmrig
behavioral1/memory/2196-1071-0x000000013F560000-0x000000013F8B4000-memory.dmp	xmrig
behavioral1/memory/3004-1074-0x000000013F1B0000-0x000000013F504000-memory.dmp	xmrig
behavioral1/memory/2996-1075-0x000000013F250000-0x000000013F5A4000-memory.dmp	xmrig
behavioral1/memory/1724-1078-0x000000013FED0000-0x0000000140224000-memory.dmp	xmrig
behavioral1/memory/2196-1079-0x000000013F560000-0x000000013F8B4000-memory.dmp	xmrig
behavioral1/memory/2672-1080-0x000000013FE90000-0x00000001401E4000-memory.dmp	xmrig
behavioral1/memory/3004-1081-0x000000013F1B0000-0x000000013F504000-memory.dmp	xmrig
behavioral1/memory/2996-1082-0x000000013F250000-0x000000013F5A4000-memory.dmp	xmrig
behavioral1/memory/2576-1083-0x000000013F0C0000-0x000000013F414000-memory.dmp	xmrig
behavioral1/memory/2488-1084-0x000000013F410000-0x000000013F764000-memory.dmp	xmrig
behavioral1/memory/2524-1086-0x000000013F610000-0x000000013F964000-memory.dmp	xmrig
behavioral1/memory/2456-1085-0x000000013F260000-0x000000013F5B4000-memory.dmp	xmrig
behavioral1/memory/2704-1088-0x000000013F6D0000-0x000000013FA24000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
1724	pUZSEHp.exe
2196	qTyvbMl.exe
2672	PdYAmjr.exe
3004	nswEyuC.exe
2996	jNbiFKY.exe
2576	NMLisvD.exe
2488	yUwJZuZ.exe
2624	jvbTDid.exe
2456	FuCfztj.exe
2524	EfUnBVR.exe
2912	nVKyzbl.exe
2704	swpdHDS.exe
1956	BcNQztW.exe
2520	xWnzkyL.exe
2780	VOhNwvX.exe
2548	CLyuZCJ.exe
1760	ksBhChW.exe
2344	pvdvxFp.exe
2024	yprXThG.exe
2172	hFyxzHP.exe
2424	TRWjZiX.exe
1056	ZcWxavy.exe
2220	EBvzUqL.exe
828	ZmNLOva.exe
1644	yegMeuK.exe
1700	dZRzamB.exe
2264	VtyAprQ.exe
2104	CMmAfMU.exe
2080	KtTvGIz.exe
2308	lmVHZCI.exe
2144	HDnsFrt.exe
876	uKRQWtG.exe
596	iZZSVcL.exe
796	xkLnETi.exe
1260	KBNrsrx.exe
580	EtwcflC.exe
1108	IIuzVjg.exe
868	OXSNHHH.exe
1540	TZrKAEp.exe
2428	rIOROWv.exe
2052	WxoNjYE.exe
1908	XBYpYkA.exe
2072	lwIuOmr.exe
2152	AwKpQUn.exe
2988	ioyMwlK.exe
1572	rmGDcPX.exe
1936	eXQpYEU.exe
668	tEYHaiQ.exe
3040	dFlaPGt.exe
2336	gTkNafu.exe
276	DmKCilh.exe
2292	LovQJzG.exe
2388	GHMdXhc.exe
1928	yPhRtGD.exe
1224	SWUtSMD.exe
1976	krnMhNk.exe
2176	Trbdngx.exe
1528	sdkmRaw.exe
916	ppGZCwn.exe
872	XWCQsnT.exe
2232	rcaKQyM.exe
1612	lzuFoLE.exe
1616	VQallEI.exe
2984	DWyfBfj.exe

Loads dropped DLL 64 IoCs

pid	Process
2120	1ef2784cbe448feee12f98cda1f466ba7b0cd9f5eab545fb7158943051a78c78_NeikiAnalytics.exe
2120	1ef2784cbe448feee12f98cda1f466ba7b0cd9f5eab545fb7158943051a78c78_NeikiAnalytics.exe
2120	1ef2784cbe448feee12f98cda1f466ba7b0cd9f5eab545fb7158943051a78c78_NeikiAnalytics.exe
2120	1ef2784cbe448feee12f98cda1f466ba7b0cd9f5eab545fb7158943051a78c78_NeikiAnalytics.exe
2120	1ef2784cbe448feee12f98cda1f466ba7b0cd9f5eab545fb7158943051a78c78_NeikiAnalytics.exe
2120	1ef2784cbe448feee12f98cda1f466ba7b0cd9f5eab545fb7158943051a78c78_NeikiAnalytics.exe
2120	1ef2784cbe448feee12f98cda1f466ba7b0cd9f5eab545fb7158943051a78c78_NeikiAnalytics.exe
2120	1ef2784cbe448feee12f98cda1f466ba7b0cd9f5eab545fb7158943051a78c78_NeikiAnalytics.exe
2120	1ef2784cbe448feee12f98cda1f466ba7b0cd9f5eab545fb7158943051a78c78_NeikiAnalytics.exe
2120	1ef2784cbe448feee12f98cda1f466ba7b0cd9f5eab545fb7158943051a78c78_NeikiAnalytics.exe
2120	1ef2784cbe448feee12f98cda1f466ba7b0cd9f5eab545fb7158943051a78c78_NeikiAnalytics.exe
2120	1ef2784cbe448feee12f98cda1f466ba7b0cd9f5eab545fb7158943051a78c78_NeikiAnalytics.exe
2120	1ef2784cbe448feee12f98cda1f466ba7b0cd9f5eab545fb7158943051a78c78_NeikiAnalytics.exe
2120	1ef2784cbe448feee12f98cda1f466ba7b0cd9f5eab545fb7158943051a78c78_NeikiAnalytics.exe
2120	1ef2784cbe448feee12f98cda1f466ba7b0cd9f5eab545fb7158943051a78c78_NeikiAnalytics.exe
2120	1ef2784cbe448feee12f98cda1f466ba7b0cd9f5eab545fb7158943051a78c78_NeikiAnalytics.exe
2120	1ef2784cbe448feee12f98cda1f466ba7b0cd9f5eab545fb7158943051a78c78_NeikiAnalytics.exe
2120	1ef2784cbe448feee12f98cda1f466ba7b0cd9f5eab545fb7158943051a78c78_NeikiAnalytics.exe
2120	1ef2784cbe448feee12f98cda1f466ba7b0cd9f5eab545fb7158943051a78c78_NeikiAnalytics.exe
2120	1ef2784cbe448feee12f98cda1f466ba7b0cd9f5eab545fb7158943051a78c78_NeikiAnalytics.exe
2120	1ef2784cbe448feee12f98cda1f466ba7b0cd9f5eab545fb7158943051a78c78_NeikiAnalytics.exe
2120	1ef2784cbe448feee12f98cda1f466ba7b0cd9f5eab545fb7158943051a78c78_NeikiAnalytics.exe
2120	1ef2784cbe448feee12f98cda1f466ba7b0cd9f5eab545fb7158943051a78c78_NeikiAnalytics.exe
2120	1ef2784cbe448feee12f98cda1f466ba7b0cd9f5eab545fb7158943051a78c78_NeikiAnalytics.exe
2120	1ef2784cbe448feee12f98cda1f466ba7b0cd9f5eab545fb7158943051a78c78_NeikiAnalytics.exe
2120	1ef2784cbe448feee12f98cda1f466ba7b0cd9f5eab545fb7158943051a78c78_NeikiAnalytics.exe
2120	1ef2784cbe448feee12f98cda1f466ba7b0cd9f5eab545fb7158943051a78c78_NeikiAnalytics.exe
2120	1ef2784cbe448feee12f98cda1f466ba7b0cd9f5eab545fb7158943051a78c78_NeikiAnalytics.exe
2120	1ef2784cbe448feee12f98cda1f466ba7b0cd9f5eab545fb7158943051a78c78_NeikiAnalytics.exe
2120	1ef2784cbe448feee12f98cda1f466ba7b0cd9f5eab545fb7158943051a78c78_NeikiAnalytics.exe
2120	1ef2784cbe448feee12f98cda1f466ba7b0cd9f5eab545fb7158943051a78c78_NeikiAnalytics.exe
2120	1ef2784cbe448feee12f98cda1f466ba7b0cd9f5eab545fb7158943051a78c78_NeikiAnalytics.exe
2120	1ef2784cbe448feee12f98cda1f466ba7b0cd9f5eab545fb7158943051a78c78_NeikiAnalytics.exe
2120	1ef2784cbe448feee12f98cda1f466ba7b0cd9f5eab545fb7158943051a78c78_NeikiAnalytics.exe
2120	1ef2784cbe448feee12f98cda1f466ba7b0cd9f5eab545fb7158943051a78c78_NeikiAnalytics.exe
2120	1ef2784cbe448feee12f98cda1f466ba7b0cd9f5eab545fb7158943051a78c78_NeikiAnalytics.exe
2120	1ef2784cbe448feee12f98cda1f466ba7b0cd9f5eab545fb7158943051a78c78_NeikiAnalytics.exe
2120	1ef2784cbe448feee12f98cda1f466ba7b0cd9f5eab545fb7158943051a78c78_NeikiAnalytics.exe
2120	1ef2784cbe448feee12f98cda1f466ba7b0cd9f5eab545fb7158943051a78c78_NeikiAnalytics.exe
2120	1ef2784cbe448feee12f98cda1f466ba7b0cd9f5eab545fb7158943051a78c78_NeikiAnalytics.exe
2120	1ef2784cbe448feee12f98cda1f466ba7b0cd9f5eab545fb7158943051a78c78_NeikiAnalytics.exe
2120	1ef2784cbe448feee12f98cda1f466ba7b0cd9f5eab545fb7158943051a78c78_NeikiAnalytics.exe
2120	1ef2784cbe448feee12f98cda1f466ba7b0cd9f5eab545fb7158943051a78c78_NeikiAnalytics.exe
2120	1ef2784cbe448feee12f98cda1f466ba7b0cd9f5eab545fb7158943051a78c78_NeikiAnalytics.exe
2120	1ef2784cbe448feee12f98cda1f466ba7b0cd9f5eab545fb7158943051a78c78_NeikiAnalytics.exe
2120	1ef2784cbe448feee12f98cda1f466ba7b0cd9f5eab545fb7158943051a78c78_NeikiAnalytics.exe
2120	1ef2784cbe448feee12f98cda1f466ba7b0cd9f5eab545fb7158943051a78c78_NeikiAnalytics.exe
2120	1ef2784cbe448feee12f98cda1f466ba7b0cd9f5eab545fb7158943051a78c78_NeikiAnalytics.exe
2120	1ef2784cbe448feee12f98cda1f466ba7b0cd9f5eab545fb7158943051a78c78_NeikiAnalytics.exe
2120	1ef2784cbe448feee12f98cda1f466ba7b0cd9f5eab545fb7158943051a78c78_NeikiAnalytics.exe
2120	1ef2784cbe448feee12f98cda1f466ba7b0cd9f5eab545fb7158943051a78c78_NeikiAnalytics.exe
2120	1ef2784cbe448feee12f98cda1f466ba7b0cd9f5eab545fb7158943051a78c78_NeikiAnalytics.exe
2120	1ef2784cbe448feee12f98cda1f466ba7b0cd9f5eab545fb7158943051a78c78_NeikiAnalytics.exe
2120	1ef2784cbe448feee12f98cda1f466ba7b0cd9f5eab545fb7158943051a78c78_NeikiAnalytics.exe
2120	1ef2784cbe448feee12f98cda1f466ba7b0cd9f5eab545fb7158943051a78c78_NeikiAnalytics.exe
2120	1ef2784cbe448feee12f98cda1f466ba7b0cd9f5eab545fb7158943051a78c78_NeikiAnalytics.exe
2120	1ef2784cbe448feee12f98cda1f466ba7b0cd9f5eab545fb7158943051a78c78_NeikiAnalytics.exe
2120	1ef2784cbe448feee12f98cda1f466ba7b0cd9f5eab545fb7158943051a78c78_NeikiAnalytics.exe
2120	1ef2784cbe448feee12f98cda1f466ba7b0cd9f5eab545fb7158943051a78c78_NeikiAnalytics.exe
2120	1ef2784cbe448feee12f98cda1f466ba7b0cd9f5eab545fb7158943051a78c78_NeikiAnalytics.exe
2120	1ef2784cbe448feee12f98cda1f466ba7b0cd9f5eab545fb7158943051a78c78_NeikiAnalytics.exe
2120	1ef2784cbe448feee12f98cda1f466ba7b0cd9f5eab545fb7158943051a78c78_NeikiAnalytics.exe
2120	1ef2784cbe448feee12f98cda1f466ba7b0cd9f5eab545fb7158943051a78c78_NeikiAnalytics.exe
2120	1ef2784cbe448feee12f98cda1f466ba7b0cd9f5eab545fb7158943051a78c78_NeikiAnalytics.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/files/0x0006000000015642-102.dat	upx
behavioral1/files/0x0006000000015c9c-142.dat	upx
behavioral1/files/0x0006000000015cb9-156.dat	upx
behavioral1/files/0x0006000000015cc1-159.dat	upx
behavioral1/files/0x0006000000015cca-167.dat	upx
behavioral1/memory/2996-264-0x000000013F250000-0x000000013F5A4000-memory.dmp	upx
behavioral1/memory/2488-268-0x000000013F410000-0x000000013F764000-memory.dmp	upx
behavioral1/memory/2576-266-0x000000013F0C0000-0x000000013F414000-memory.dmp	upx
behavioral1/files/0x0006000000015cad-152.dat	upx
behavioral1/files/0x0006000000015ca5-146.dat	upx
behavioral1/files/0x0006000000015c7c-132.dat	upx
behavioral1/memory/2624-274-0x000000013F350000-0x000000013F6A4000-memory.dmp	upx
behavioral1/files/0x0006000000015c86-137.dat	upx
behavioral1/files/0x0006000000015c51-122.dat	upx
behavioral1/files/0x0006000000015c6d-126.dat	upx
behavioral1/files/0x0006000000015bb9-117.dat	upx
behavioral1/memory/2456-278-0x000000013F260000-0x000000013F5B4000-memory.dmp	upx
behavioral1/files/0x0006000000015b77-112.dat	upx
behavioral1/memory/2524-284-0x000000013F610000-0x000000013F964000-memory.dmp	upx
behavioral1/memory/2912-286-0x000000013F260000-0x000000013F5B4000-memory.dmp	upx
behavioral1/memory/2704-290-0x000000013F6D0000-0x000000013FA24000-memory.dmp	upx
behavioral1/memory/1956-292-0x000000013F8D0000-0x000000013FC24000-memory.dmp	upx
behavioral1/memory/2520-294-0x000000013F7A0000-0x000000013FAF4000-memory.dmp	upx
behavioral1/files/0x0006000000015b13-107.dat	upx
behavioral1/files/0x00060000000155e3-97.dat	upx
behavioral1/files/0x00060000000153cf-92.dat	upx
behavioral1/files/0x0006000000015362-87.dat	upx
behavioral1/files/0x0006000000015136-83.dat	upx
behavioral1/files/0x0006000000014e5a-72.dat	upx
behavioral1/files/0x0006000000015023-76.dat	upx
behavioral1/files/0x0006000000014b12-63.dat	upx
behavioral1/files/0x0006000000014c25-67.dat	upx
behavioral1/files/0x0008000000014983-53.dat	upx
behavioral1/files/0x00060000000149ea-56.dat	upx
behavioral1/files/0x00070000000141b5-43.dat	upx
behavioral1/files/0x0007000000014216-47.dat	upx
behavioral1/files/0x000700000001418d-37.dat	upx
behavioral1/files/0x0007000000014183-36.dat	upx
behavioral1/memory/3004-28-0x000000013F1B0000-0x000000013F504000-memory.dmp	upx
behavioral1/files/0x0033000000013a7c-26.dat	upx
behavioral1/memory/2672-22-0x000000013FE90000-0x00000001401E4000-memory.dmp	upx
behavioral1/files/0x000700000001416f-19.dat	upx
behavioral1/memory/2196-16-0x000000013F560000-0x000000013F8B4000-memory.dmp	upx
behavioral1/files/0x0033000000013a3d-12.dat	upx
behavioral1/memory/1724-9-0x000000013FED0000-0x0000000140224000-memory.dmp	upx
behavioral1/files/0x000d00000001231a-4.dat	upx
behavioral1/memory/2120-0-0x000000013F790000-0x000000013FAE4000-memory.dmp	upx
behavioral1/memory/2120-1035-0x000000013F790000-0x000000013FAE4000-memory.dmp	upx
behavioral1/memory/1724-1069-0x000000013FED0000-0x0000000140224000-memory.dmp	upx
behavioral1/memory/2672-1072-0x000000013FE90000-0x00000001401E4000-memory.dmp	upx
behavioral1/memory/2196-1071-0x000000013F560000-0x000000013F8B4000-memory.dmp	upx
behavioral1/memory/3004-1074-0x000000013F1B0000-0x000000013F504000-memory.dmp	upx
behavioral1/memory/2996-1075-0x000000013F250000-0x000000013F5A4000-memory.dmp	upx
behavioral1/memory/1724-1078-0x000000013FED0000-0x0000000140224000-memory.dmp	upx
behavioral1/memory/2196-1079-0x000000013F560000-0x000000013F8B4000-memory.dmp	upx
behavioral1/memory/2672-1080-0x000000013FE90000-0x00000001401E4000-memory.dmp	upx
behavioral1/memory/3004-1081-0x000000013F1B0000-0x000000013F504000-memory.dmp	upx
behavioral1/memory/2996-1082-0x000000013F250000-0x000000013F5A4000-memory.dmp	upx
behavioral1/memory/2576-1083-0x000000013F0C0000-0x000000013F414000-memory.dmp	upx
behavioral1/memory/2488-1084-0x000000013F410000-0x000000013F764000-memory.dmp	upx
behavioral1/memory/2524-1086-0x000000013F610000-0x000000013F964000-memory.dmp	upx
behavioral1/memory/2456-1085-0x000000013F260000-0x000000013F5B4000-memory.dmp	upx
behavioral1/memory/2704-1088-0x000000013F6D0000-0x000000013FA24000-memory.dmp	upx
behavioral1/memory/2912-1087-0x000000013F260000-0x000000013F5B4000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\gLcrLBb.exe	1ef2784cbe448feee12f98cda1f466ba7b0cd9f5eab545fb7158943051a78c78_NeikiAnalytics.exe
File created	C:\Windows\System\tEHuNzo.exe	1ef2784cbe448feee12f98cda1f466ba7b0cd9f5eab545fb7158943051a78c78_NeikiAnalytics.exe
File created	C:\Windows\System\bIoimGj.exe	1ef2784cbe448feee12f98cda1f466ba7b0cd9f5eab545fb7158943051a78c78_NeikiAnalytics.exe
File created	C:\Windows\System\gGGZfgW.exe	1ef2784cbe448feee12f98cda1f466ba7b0cd9f5eab545fb7158943051a78c78_NeikiAnalytics.exe
File created	C:\Windows\System\bybZfku.exe	1ef2784cbe448feee12f98cda1f466ba7b0cd9f5eab545fb7158943051a78c78_NeikiAnalytics.exe
File created	C:\Windows\System\DnwaBld.exe	1ef2784cbe448feee12f98cda1f466ba7b0cd9f5eab545fb7158943051a78c78_NeikiAnalytics.exe
File created	C:\Windows\System\GpkLbzl.exe	1ef2784cbe448feee12f98cda1f466ba7b0cd9f5eab545fb7158943051a78c78_NeikiAnalytics.exe
File created	C:\Windows\System\lrOeJxI.exe	1ef2784cbe448feee12f98cda1f466ba7b0cd9f5eab545fb7158943051a78c78_NeikiAnalytics.exe
File created	C:\Windows\System\lzuFoLE.exe	1ef2784cbe448feee12f98cda1f466ba7b0cd9f5eab545fb7158943051a78c78_NeikiAnalytics.exe
File created	C:\Windows\System\MxeJLCJ.exe	1ef2784cbe448feee12f98cda1f466ba7b0cd9f5eab545fb7158943051a78c78_NeikiAnalytics.exe
File created	C:\Windows\System\ALmSwLV.exe	1ef2784cbe448feee12f98cda1f466ba7b0cd9f5eab545fb7158943051a78c78_NeikiAnalytics.exe
File created	C:\Windows\System\Eoctiro.exe	1ef2784cbe448feee12f98cda1f466ba7b0cd9f5eab545fb7158943051a78c78_NeikiAnalytics.exe
File created	C:\Windows\System\yFVNvsJ.exe	1ef2784cbe448feee12f98cda1f466ba7b0cd9f5eab545fb7158943051a78c78_NeikiAnalytics.exe
File created	C:\Windows\System\AXalTxY.exe	1ef2784cbe448feee12f98cda1f466ba7b0cd9f5eab545fb7158943051a78c78_NeikiAnalytics.exe
File created	C:\Windows\System\Trbdngx.exe	1ef2784cbe448feee12f98cda1f466ba7b0cd9f5eab545fb7158943051a78c78_NeikiAnalytics.exe
File created	C:\Windows\System\BfQBMjM.exe	1ef2784cbe448feee12f98cda1f466ba7b0cd9f5eab545fb7158943051a78c78_NeikiAnalytics.exe
File created	C:\Windows\System\jOVgnuJ.exe	1ef2784cbe448feee12f98cda1f466ba7b0cd9f5eab545fb7158943051a78c78_NeikiAnalytics.exe
File created	C:\Windows\System\FqwHAiF.exe	1ef2784cbe448feee12f98cda1f466ba7b0cd9f5eab545fb7158943051a78c78_NeikiAnalytics.exe
File created	C:\Windows\System\oiKZhxe.exe	1ef2784cbe448feee12f98cda1f466ba7b0cd9f5eab545fb7158943051a78c78_NeikiAnalytics.exe
File created	C:\Windows\System\rCryMTU.exe	1ef2784cbe448feee12f98cda1f466ba7b0cd9f5eab545fb7158943051a78c78_NeikiAnalytics.exe
File created	C:\Windows\System\pUZSEHp.exe	1ef2784cbe448feee12f98cda1f466ba7b0cd9f5eab545fb7158943051a78c78_NeikiAnalytics.exe
File created	C:\Windows\System\iZZSVcL.exe	1ef2784cbe448feee12f98cda1f466ba7b0cd9f5eab545fb7158943051a78c78_NeikiAnalytics.exe
File created	C:\Windows\System\EtwcflC.exe	1ef2784cbe448feee12f98cda1f466ba7b0cd9f5eab545fb7158943051a78c78_NeikiAnalytics.exe
File created	C:\Windows\System\BJAnWiT.exe	1ef2784cbe448feee12f98cda1f466ba7b0cd9f5eab545fb7158943051a78c78_NeikiAnalytics.exe
File created	C:\Windows\System\nrlvzXa.exe	1ef2784cbe448feee12f98cda1f466ba7b0cd9f5eab545fb7158943051a78c78_NeikiAnalytics.exe
File created	C:\Windows\System\yAnRAQB.exe	1ef2784cbe448feee12f98cda1f466ba7b0cd9f5eab545fb7158943051a78c78_NeikiAnalytics.exe
File created	C:\Windows\System\CHiVecd.exe	1ef2784cbe448feee12f98cda1f466ba7b0cd9f5eab545fb7158943051a78c78_NeikiAnalytics.exe
File created	C:\Windows\System\gTkNafu.exe	1ef2784cbe448feee12f98cda1f466ba7b0cd9f5eab545fb7158943051a78c78_NeikiAnalytics.exe
File created	C:\Windows\System\eUtIqYP.exe	1ef2784cbe448feee12f98cda1f466ba7b0cd9f5eab545fb7158943051a78c78_NeikiAnalytics.exe
File created	C:\Windows\System\cxBvGEh.exe	1ef2784cbe448feee12f98cda1f466ba7b0cd9f5eab545fb7158943051a78c78_NeikiAnalytics.exe
File created	C:\Windows\System\zMdAnKq.exe	1ef2784cbe448feee12f98cda1f466ba7b0cd9f5eab545fb7158943051a78c78_NeikiAnalytics.exe
File created	C:\Windows\System\CWPHeVM.exe	1ef2784cbe448feee12f98cda1f466ba7b0cd9f5eab545fb7158943051a78c78_NeikiAnalytics.exe
File created	C:\Windows\System\eEXrmZf.exe	1ef2784cbe448feee12f98cda1f466ba7b0cd9f5eab545fb7158943051a78c78_NeikiAnalytics.exe
File created	C:\Windows\System\VOhNwvX.exe	1ef2784cbe448feee12f98cda1f466ba7b0cd9f5eab545fb7158943051a78c78_NeikiAnalytics.exe
File created	C:\Windows\System\RHxSMKX.exe	1ef2784cbe448feee12f98cda1f466ba7b0cd9f5eab545fb7158943051a78c78_NeikiAnalytics.exe
File created	C:\Windows\System\WxoNjYE.exe	1ef2784cbe448feee12f98cda1f466ba7b0cd9f5eab545fb7158943051a78c78_NeikiAnalytics.exe
File created	C:\Windows\System\ZSgGlxU.exe	1ef2784cbe448feee12f98cda1f466ba7b0cd9f5eab545fb7158943051a78c78_NeikiAnalytics.exe
File created	C:\Windows\System\qOwfhcK.exe	1ef2784cbe448feee12f98cda1f466ba7b0cd9f5eab545fb7158943051a78c78_NeikiAnalytics.exe
File created	C:\Windows\System\yFvtpCU.exe	1ef2784cbe448feee12f98cda1f466ba7b0cd9f5eab545fb7158943051a78c78_NeikiAnalytics.exe
File created	C:\Windows\System\LovQJzG.exe	1ef2784cbe448feee12f98cda1f466ba7b0cd9f5eab545fb7158943051a78c78_NeikiAnalytics.exe
File created	C:\Windows\System\uLTNRcP.exe	1ef2784cbe448feee12f98cda1f466ba7b0cd9f5eab545fb7158943051a78c78_NeikiAnalytics.exe
File created	C:\Windows\System\gXOjWjL.exe	1ef2784cbe448feee12f98cda1f466ba7b0cd9f5eab545fb7158943051a78c78_NeikiAnalytics.exe
File created	C:\Windows\System\tEYHaiQ.exe	1ef2784cbe448feee12f98cda1f466ba7b0cd9f5eab545fb7158943051a78c78_NeikiAnalytics.exe
File created	C:\Windows\System\juGexcF.exe	1ef2784cbe448feee12f98cda1f466ba7b0cd9f5eab545fb7158943051a78c78_NeikiAnalytics.exe
File created	C:\Windows\System\YuMSVwU.exe	1ef2784cbe448feee12f98cda1f466ba7b0cd9f5eab545fb7158943051a78c78_NeikiAnalytics.exe
File created	C:\Windows\System\ABZRIAg.exe	1ef2784cbe448feee12f98cda1f466ba7b0cd9f5eab545fb7158943051a78c78_NeikiAnalytics.exe
File created	C:\Windows\System\zTgDEhn.exe	1ef2784cbe448feee12f98cda1f466ba7b0cd9f5eab545fb7158943051a78c78_NeikiAnalytics.exe
File created	C:\Windows\System\gRbmBds.exe	1ef2784cbe448feee12f98cda1f466ba7b0cd9f5eab545fb7158943051a78c78_NeikiAnalytics.exe
File created	C:\Windows\System\VdABvKj.exe	1ef2784cbe448feee12f98cda1f466ba7b0cd9f5eab545fb7158943051a78c78_NeikiAnalytics.exe
File created	C:\Windows\System\osKAyOB.exe	1ef2784cbe448feee12f98cda1f466ba7b0cd9f5eab545fb7158943051a78c78_NeikiAnalytics.exe
File created	C:\Windows\System\XlMgcVo.exe	1ef2784cbe448feee12f98cda1f466ba7b0cd9f5eab545fb7158943051a78c78_NeikiAnalytics.exe
File created	C:\Windows\System\KMFfeLb.exe	1ef2784cbe448feee12f98cda1f466ba7b0cd9f5eab545fb7158943051a78c78_NeikiAnalytics.exe
File created	C:\Windows\System\KnFPWwk.exe	1ef2784cbe448feee12f98cda1f466ba7b0cd9f5eab545fb7158943051a78c78_NeikiAnalytics.exe
File created	C:\Windows\System\EfUnBVR.exe	1ef2784cbe448feee12f98cda1f466ba7b0cd9f5eab545fb7158943051a78c78_NeikiAnalytics.exe
File created	C:\Windows\System\rcaKQyM.exe	1ef2784cbe448feee12f98cda1f466ba7b0cd9f5eab545fb7158943051a78c78_NeikiAnalytics.exe
File created	C:\Windows\System\RdBlKTM.exe	1ef2784cbe448feee12f98cda1f466ba7b0cd9f5eab545fb7158943051a78c78_NeikiAnalytics.exe
File created	C:\Windows\System\kNHPwRp.exe	1ef2784cbe448feee12f98cda1f466ba7b0cd9f5eab545fb7158943051a78c78_NeikiAnalytics.exe
File created	C:\Windows\System\axgDLQw.exe	1ef2784cbe448feee12f98cda1f466ba7b0cd9f5eab545fb7158943051a78c78_NeikiAnalytics.exe
File created	C:\Windows\System\ZkwEKNV.exe	1ef2784cbe448feee12f98cda1f466ba7b0cd9f5eab545fb7158943051a78c78_NeikiAnalytics.exe
File created	C:\Windows\System\PIJIRpO.exe	1ef2784cbe448feee12f98cda1f466ba7b0cd9f5eab545fb7158943051a78c78_NeikiAnalytics.exe
File created	C:\Windows\System\SczvTEi.exe	1ef2784cbe448feee12f98cda1f466ba7b0cd9f5eab545fb7158943051a78c78_NeikiAnalytics.exe
File created	C:\Windows\System\vpYUUqi.exe	1ef2784cbe448feee12f98cda1f466ba7b0cd9f5eab545fb7158943051a78c78_NeikiAnalytics.exe
File created	C:\Windows\System\qEhvsZB.exe	1ef2784cbe448feee12f98cda1f466ba7b0cd9f5eab545fb7158943051a78c78_NeikiAnalytics.exe
File created	C:\Windows\System\rIOROWv.exe	1ef2784cbe448feee12f98cda1f466ba7b0cd9f5eab545fb7158943051a78c78_NeikiAnalytics.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeLockMemoryPrivilege	2120	1ef2784cbe448feee12f98cda1f466ba7b0cd9f5eab545fb7158943051a78c78_NeikiAnalytics.exe
Token: SeLockMemoryPrivilege	2120	1ef2784cbe448feee12f98cda1f466ba7b0cd9f5eab545fb7158943051a78c78_NeikiAnalytics.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2120 wrote to memory of 1724	2120	1ef2784cbe448feee12f98cda1f466ba7b0cd9f5eab545fb7158943051a78c78_NeikiAnalytics.exe	29
PID 2120 wrote to memory of 1724	2120	1ef2784cbe448feee12f98cda1f466ba7b0cd9f5eab545fb7158943051a78c78_NeikiAnalytics.exe	29
PID 2120 wrote to memory of 1724	2120	1ef2784cbe448feee12f98cda1f466ba7b0cd9f5eab545fb7158943051a78c78_NeikiAnalytics.exe	29
PID 2120 wrote to memory of 2196	2120	1ef2784cbe448feee12f98cda1f466ba7b0cd9f5eab545fb7158943051a78c78_NeikiAnalytics.exe	30
PID 2120 wrote to memory of 2196	2120	1ef2784cbe448feee12f98cda1f466ba7b0cd9f5eab545fb7158943051a78c78_NeikiAnalytics.exe	30
PID 2120 wrote to memory of 2196	2120	1ef2784cbe448feee12f98cda1f466ba7b0cd9f5eab545fb7158943051a78c78_NeikiAnalytics.exe	30
PID 2120 wrote to memory of 2672	2120	1ef2784cbe448feee12f98cda1f466ba7b0cd9f5eab545fb7158943051a78c78_NeikiAnalytics.exe	31
PID 2120 wrote to memory of 2672	2120	1ef2784cbe448feee12f98cda1f466ba7b0cd9f5eab545fb7158943051a78c78_NeikiAnalytics.exe	31
PID 2120 wrote to memory of 2672	2120	1ef2784cbe448feee12f98cda1f466ba7b0cd9f5eab545fb7158943051a78c78_NeikiAnalytics.exe	31
PID 2120 wrote to memory of 3004	2120	1ef2784cbe448feee12f98cda1f466ba7b0cd9f5eab545fb7158943051a78c78_NeikiAnalytics.exe	32
PID 2120 wrote to memory of 3004	2120	1ef2784cbe448feee12f98cda1f466ba7b0cd9f5eab545fb7158943051a78c78_NeikiAnalytics.exe	32
PID 2120 wrote to memory of 3004	2120	1ef2784cbe448feee12f98cda1f466ba7b0cd9f5eab545fb7158943051a78c78_NeikiAnalytics.exe	32
PID 2120 wrote to memory of 2996	2120	1ef2784cbe448feee12f98cda1f466ba7b0cd9f5eab545fb7158943051a78c78_NeikiAnalytics.exe	33
PID 2120 wrote to memory of 2996	2120	1ef2784cbe448feee12f98cda1f466ba7b0cd9f5eab545fb7158943051a78c78_NeikiAnalytics.exe	33
PID 2120 wrote to memory of 2996	2120	1ef2784cbe448feee12f98cda1f466ba7b0cd9f5eab545fb7158943051a78c78_NeikiAnalytics.exe	33
PID 2120 wrote to memory of 2576	2120	1ef2784cbe448feee12f98cda1f466ba7b0cd9f5eab545fb7158943051a78c78_NeikiAnalytics.exe	34
PID 2120 wrote to memory of 2576	2120	1ef2784cbe448feee12f98cda1f466ba7b0cd9f5eab545fb7158943051a78c78_NeikiAnalytics.exe	34
PID 2120 wrote to memory of 2576	2120	1ef2784cbe448feee12f98cda1f466ba7b0cd9f5eab545fb7158943051a78c78_NeikiAnalytics.exe	34
PID 2120 wrote to memory of 2488	2120	1ef2784cbe448feee12f98cda1f466ba7b0cd9f5eab545fb7158943051a78c78_NeikiAnalytics.exe	35
PID 2120 wrote to memory of 2488	2120	1ef2784cbe448feee12f98cda1f466ba7b0cd9f5eab545fb7158943051a78c78_NeikiAnalytics.exe	35
PID 2120 wrote to memory of 2488	2120	1ef2784cbe448feee12f98cda1f466ba7b0cd9f5eab545fb7158943051a78c78_NeikiAnalytics.exe	35
PID 2120 wrote to memory of 2624	2120	1ef2784cbe448feee12f98cda1f466ba7b0cd9f5eab545fb7158943051a78c78_NeikiAnalytics.exe	36
PID 2120 wrote to memory of 2624	2120	1ef2784cbe448feee12f98cda1f466ba7b0cd9f5eab545fb7158943051a78c78_NeikiAnalytics.exe	36
PID 2120 wrote to memory of 2624	2120	1ef2784cbe448feee12f98cda1f466ba7b0cd9f5eab545fb7158943051a78c78_NeikiAnalytics.exe	36
PID 2120 wrote to memory of 2456	2120	1ef2784cbe448feee12f98cda1f466ba7b0cd9f5eab545fb7158943051a78c78_NeikiAnalytics.exe	37
PID 2120 wrote to memory of 2456	2120	1ef2784cbe448feee12f98cda1f466ba7b0cd9f5eab545fb7158943051a78c78_NeikiAnalytics.exe	37
PID 2120 wrote to memory of 2456	2120	1ef2784cbe448feee12f98cda1f466ba7b0cd9f5eab545fb7158943051a78c78_NeikiAnalytics.exe	37
PID 2120 wrote to memory of 2524	2120	1ef2784cbe448feee12f98cda1f466ba7b0cd9f5eab545fb7158943051a78c78_NeikiAnalytics.exe	38
PID 2120 wrote to memory of 2524	2120	1ef2784cbe448feee12f98cda1f466ba7b0cd9f5eab545fb7158943051a78c78_NeikiAnalytics.exe	38
PID 2120 wrote to memory of 2524	2120	1ef2784cbe448feee12f98cda1f466ba7b0cd9f5eab545fb7158943051a78c78_NeikiAnalytics.exe	38
PID 2120 wrote to memory of 2912	2120	1ef2784cbe448feee12f98cda1f466ba7b0cd9f5eab545fb7158943051a78c78_NeikiAnalytics.exe	39
PID 2120 wrote to memory of 2912	2120	1ef2784cbe448feee12f98cda1f466ba7b0cd9f5eab545fb7158943051a78c78_NeikiAnalytics.exe	39
PID 2120 wrote to memory of 2912	2120	1ef2784cbe448feee12f98cda1f466ba7b0cd9f5eab545fb7158943051a78c78_NeikiAnalytics.exe	39
PID 2120 wrote to memory of 2704	2120	1ef2784cbe448feee12f98cda1f466ba7b0cd9f5eab545fb7158943051a78c78_NeikiAnalytics.exe	40
PID 2120 wrote to memory of 2704	2120	1ef2784cbe448feee12f98cda1f466ba7b0cd9f5eab545fb7158943051a78c78_NeikiAnalytics.exe	40
PID 2120 wrote to memory of 2704	2120	1ef2784cbe448feee12f98cda1f466ba7b0cd9f5eab545fb7158943051a78c78_NeikiAnalytics.exe	40
PID 2120 wrote to memory of 1956	2120	1ef2784cbe448feee12f98cda1f466ba7b0cd9f5eab545fb7158943051a78c78_NeikiAnalytics.exe	41
PID 2120 wrote to memory of 1956	2120	1ef2784cbe448feee12f98cda1f466ba7b0cd9f5eab545fb7158943051a78c78_NeikiAnalytics.exe	41
PID 2120 wrote to memory of 1956	2120	1ef2784cbe448feee12f98cda1f466ba7b0cd9f5eab545fb7158943051a78c78_NeikiAnalytics.exe	41
PID 2120 wrote to memory of 2520	2120	1ef2784cbe448feee12f98cda1f466ba7b0cd9f5eab545fb7158943051a78c78_NeikiAnalytics.exe	42
PID 2120 wrote to memory of 2520	2120	1ef2784cbe448feee12f98cda1f466ba7b0cd9f5eab545fb7158943051a78c78_NeikiAnalytics.exe	42
PID 2120 wrote to memory of 2520	2120	1ef2784cbe448feee12f98cda1f466ba7b0cd9f5eab545fb7158943051a78c78_NeikiAnalytics.exe	42
PID 2120 wrote to memory of 2780	2120	1ef2784cbe448feee12f98cda1f466ba7b0cd9f5eab545fb7158943051a78c78_NeikiAnalytics.exe	43
PID 2120 wrote to memory of 2780	2120	1ef2784cbe448feee12f98cda1f466ba7b0cd9f5eab545fb7158943051a78c78_NeikiAnalytics.exe	43
PID 2120 wrote to memory of 2780	2120	1ef2784cbe448feee12f98cda1f466ba7b0cd9f5eab545fb7158943051a78c78_NeikiAnalytics.exe	43
PID 2120 wrote to memory of 2548	2120	1ef2784cbe448feee12f98cda1f466ba7b0cd9f5eab545fb7158943051a78c78_NeikiAnalytics.exe	44
PID 2120 wrote to memory of 2548	2120	1ef2784cbe448feee12f98cda1f466ba7b0cd9f5eab545fb7158943051a78c78_NeikiAnalytics.exe	44
PID 2120 wrote to memory of 2548	2120	1ef2784cbe448feee12f98cda1f466ba7b0cd9f5eab545fb7158943051a78c78_NeikiAnalytics.exe	44
PID 2120 wrote to memory of 1760	2120	1ef2784cbe448feee12f98cda1f466ba7b0cd9f5eab545fb7158943051a78c78_NeikiAnalytics.exe	45
PID 2120 wrote to memory of 1760	2120	1ef2784cbe448feee12f98cda1f466ba7b0cd9f5eab545fb7158943051a78c78_NeikiAnalytics.exe	45
PID 2120 wrote to memory of 1760	2120	1ef2784cbe448feee12f98cda1f466ba7b0cd9f5eab545fb7158943051a78c78_NeikiAnalytics.exe	45
PID 2120 wrote to memory of 2344	2120	1ef2784cbe448feee12f98cda1f466ba7b0cd9f5eab545fb7158943051a78c78_NeikiAnalytics.exe	46
PID 2120 wrote to memory of 2344	2120	1ef2784cbe448feee12f98cda1f466ba7b0cd9f5eab545fb7158943051a78c78_NeikiAnalytics.exe	46
PID 2120 wrote to memory of 2344	2120	1ef2784cbe448feee12f98cda1f466ba7b0cd9f5eab545fb7158943051a78c78_NeikiAnalytics.exe	46
PID 2120 wrote to memory of 2024	2120	1ef2784cbe448feee12f98cda1f466ba7b0cd9f5eab545fb7158943051a78c78_NeikiAnalytics.exe	47
PID 2120 wrote to memory of 2024	2120	1ef2784cbe448feee12f98cda1f466ba7b0cd9f5eab545fb7158943051a78c78_NeikiAnalytics.exe	47
PID 2120 wrote to memory of 2024	2120	1ef2784cbe448feee12f98cda1f466ba7b0cd9f5eab545fb7158943051a78c78_NeikiAnalytics.exe	47
PID 2120 wrote to memory of 2172	2120	1ef2784cbe448feee12f98cda1f466ba7b0cd9f5eab545fb7158943051a78c78_NeikiAnalytics.exe	48
PID 2120 wrote to memory of 2172	2120	1ef2784cbe448feee12f98cda1f466ba7b0cd9f5eab545fb7158943051a78c78_NeikiAnalytics.exe	48
PID 2120 wrote to memory of 2172	2120	1ef2784cbe448feee12f98cda1f466ba7b0cd9f5eab545fb7158943051a78c78_NeikiAnalytics.exe	48
PID 2120 wrote to memory of 2424	2120	1ef2784cbe448feee12f98cda1f466ba7b0cd9f5eab545fb7158943051a78c78_NeikiAnalytics.exe	49
PID 2120 wrote to memory of 2424	2120	1ef2784cbe448feee12f98cda1f466ba7b0cd9f5eab545fb7158943051a78c78_NeikiAnalytics.exe	49
PID 2120 wrote to memory of 2424	2120	1ef2784cbe448feee12f98cda1f466ba7b0cd9f5eab545fb7158943051a78c78_NeikiAnalytics.exe	49
PID 2120 wrote to memory of 1056	2120	1ef2784cbe448feee12f98cda1f466ba7b0cd9f5eab545fb7158943051a78c78_NeikiAnalytics.exe	50

C:\Users\Admin\AppData\Local\Temp\1ef2784cbe448feee12f98cda1f466ba7b0cd9f5eab545fb7158943051a78c78_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\1ef2784cbe448feee12f98cda1f466ba7b0cd9f5eab545fb7158943051a78c78_NeikiAnalytics.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2120
- C:\Windows\System\pUZSEHp.exe
  C:\Windows\System\pUZSEHp.exe
  2⤵
  - Executes dropped EXE
  PID:1724
- C:\Windows\System\qTyvbMl.exe
  C:\Windows\System\qTyvbMl.exe
  2⤵
  - Executes dropped EXE
  PID:2196
- C:\Windows\System\PdYAmjr.exe
  C:\Windows\System\PdYAmjr.exe
  2⤵
  - Executes dropped EXE
  PID:2672
- C:\Windows\System\nswEyuC.exe
  C:\Windows\System\nswEyuC.exe
  2⤵
  - Executes dropped EXE
  PID:3004
- C:\Windows\System\jNbiFKY.exe
  C:\Windows\System\jNbiFKY.exe
  2⤵
  - Executes dropped EXE
  PID:2996
- C:\Windows\System\NMLisvD.exe
  C:\Windows\System\NMLisvD.exe
  2⤵
  - Executes dropped EXE
  PID:2576
- C:\Windows\System\yUwJZuZ.exe
  C:\Windows\System\yUwJZuZ.exe
  2⤵
  - Executes dropped EXE
  PID:2488
- C:\Windows\System\jvbTDid.exe
  C:\Windows\System\jvbTDid.exe
  2⤵
  - Executes dropped EXE
  PID:2624
- C:\Windows\System\FuCfztj.exe
  C:\Windows\System\FuCfztj.exe
  2⤵
  - Executes dropped EXE
  PID:2456
- C:\Windows\System\EfUnBVR.exe
  C:\Windows\System\EfUnBVR.exe
  2⤵
  - Executes dropped EXE
  PID:2524
- C:\Windows\System\nVKyzbl.exe
  C:\Windows\System\nVKyzbl.exe
  2⤵
  - Executes dropped EXE
  PID:2912
- C:\Windows\System\swpdHDS.exe
  C:\Windows\System\swpdHDS.exe
  2⤵
  - Executes dropped EXE
  PID:2704
- C:\Windows\System\BcNQztW.exe
  C:\Windows\System\BcNQztW.exe
  2⤵
  - Executes dropped EXE
  PID:1956
- C:\Windows\System\xWnzkyL.exe
  C:\Windows\System\xWnzkyL.exe
  2⤵
  - Executes dropped EXE
  PID:2520
- C:\Windows\System\VOhNwvX.exe
  C:\Windows\System\VOhNwvX.exe
  2⤵
  - Executes dropped EXE
  PID:2780
- C:\Windows\System\CLyuZCJ.exe
  C:\Windows\System\CLyuZCJ.exe
  2⤵
  - Executes dropped EXE
  PID:2548
- C:\Windows\System\ksBhChW.exe
  C:\Windows\System\ksBhChW.exe
  2⤵
  - Executes dropped EXE
  PID:1760
- C:\Windows\System\pvdvxFp.exe
  C:\Windows\System\pvdvxFp.exe
  2⤵
  - Executes dropped EXE
  PID:2344
- C:\Windows\System\yprXThG.exe
  C:\Windows\System\yprXThG.exe
  2⤵
  - Executes dropped EXE
  PID:2024
- C:\Windows\System\hFyxzHP.exe
  C:\Windows\System\hFyxzHP.exe
  2⤵
  - Executes dropped EXE
  PID:2172
- C:\Windows\System\TRWjZiX.exe
  C:\Windows\System\TRWjZiX.exe
  2⤵
  - Executes dropped EXE
  PID:2424
- C:\Windows\System\ZcWxavy.exe
  C:\Windows\System\ZcWxavy.exe
  2⤵
  - Executes dropped EXE
  PID:1056
- C:\Windows\System\EBvzUqL.exe
  C:\Windows\System\EBvzUqL.exe
  2⤵
  - Executes dropped EXE
  PID:2220
- C:\Windows\System\ZmNLOva.exe
  C:\Windows\System\ZmNLOva.exe
  2⤵
  - Executes dropped EXE
  PID:828
- C:\Windows\System\yegMeuK.exe
  C:\Windows\System\yegMeuK.exe
  2⤵
  - Executes dropped EXE
  PID:1644
- C:\Windows\System\dZRzamB.exe
  C:\Windows\System\dZRzamB.exe
  2⤵
  - Executes dropped EXE
  PID:1700
- C:\Windows\System\VtyAprQ.exe
  C:\Windows\System\VtyAprQ.exe
  2⤵
  - Executes dropped EXE
  PID:2264
- C:\Windows\System\CMmAfMU.exe
  C:\Windows\System\CMmAfMU.exe
  2⤵
  - Executes dropped EXE
  PID:2104
- C:\Windows\System\KtTvGIz.exe
  C:\Windows\System\KtTvGIz.exe
  2⤵
  - Executes dropped EXE
  PID:2080
- C:\Windows\System\lmVHZCI.exe
  C:\Windows\System\lmVHZCI.exe
  2⤵
  - Executes dropped EXE
  PID:2308
- C:\Windows\System\HDnsFrt.exe
  C:\Windows\System\HDnsFrt.exe
  2⤵
  - Executes dropped EXE
  PID:2144
- C:\Windows\System\uKRQWtG.exe
  C:\Windows\System\uKRQWtG.exe
  2⤵
  - Executes dropped EXE
  PID:876
- C:\Windows\System\iZZSVcL.exe
  C:\Windows\System\iZZSVcL.exe
  2⤵
  - Executes dropped EXE
  PID:596
- C:\Windows\System\xkLnETi.exe
  C:\Windows\System\xkLnETi.exe
  2⤵
  - Executes dropped EXE
  PID:796
- C:\Windows\System\KBNrsrx.exe
  C:\Windows\System\KBNrsrx.exe
  2⤵
  - Executes dropped EXE
  PID:1260
- C:\Windows\System\EtwcflC.exe
  C:\Windows\System\EtwcflC.exe
  2⤵
  - Executes dropped EXE
  PID:580
- C:\Windows\System\IIuzVjg.exe
  C:\Windows\System\IIuzVjg.exe
  2⤵
  - Executes dropped EXE
  PID:1108
- C:\Windows\System\OXSNHHH.exe
  C:\Windows\System\OXSNHHH.exe
  2⤵
  - Executes dropped EXE
  PID:868
- C:\Windows\System\TZrKAEp.exe
  C:\Windows\System\TZrKAEp.exe
  2⤵
  - Executes dropped EXE
  PID:1540
- C:\Windows\System\rIOROWv.exe
  C:\Windows\System\rIOROWv.exe
  2⤵
  - Executes dropped EXE
  PID:2428
- C:\Windows\System\WxoNjYE.exe
  C:\Windows\System\WxoNjYE.exe
  2⤵
  - Executes dropped EXE
  PID:2052
- C:\Windows\System\XBYpYkA.exe
  C:\Windows\System\XBYpYkA.exe
  2⤵
  - Executes dropped EXE
  PID:1908
- C:\Windows\System\lwIuOmr.exe
  C:\Windows\System\lwIuOmr.exe
  2⤵
  - Executes dropped EXE
  PID:2072
- C:\Windows\System\AwKpQUn.exe
  C:\Windows\System\AwKpQUn.exe
  2⤵
  - Executes dropped EXE
  PID:2152
- C:\Windows\System\ioyMwlK.exe
  C:\Windows\System\ioyMwlK.exe
  2⤵
  - Executes dropped EXE
  PID:2988
- C:\Windows\System\rmGDcPX.exe
  C:\Windows\System\rmGDcPX.exe
  2⤵
  - Executes dropped EXE
  PID:1572
- C:\Windows\System\eXQpYEU.exe
  C:\Windows\System\eXQpYEU.exe
  2⤵
  - Executes dropped EXE
  PID:1936
- C:\Windows\System\tEYHaiQ.exe
  C:\Windows\System\tEYHaiQ.exe
  2⤵
  - Executes dropped EXE
  PID:668
- C:\Windows\System\dFlaPGt.exe
  C:\Windows\System\dFlaPGt.exe
  2⤵
  - Executes dropped EXE
  PID:3040
- C:\Windows\System\gTkNafu.exe
  C:\Windows\System\gTkNafu.exe
  2⤵
  - Executes dropped EXE
  PID:2336
- C:\Windows\System\DmKCilh.exe
  C:\Windows\System\DmKCilh.exe
  2⤵
  - Executes dropped EXE
  PID:276
- C:\Windows\System\LovQJzG.exe
  C:\Windows\System\LovQJzG.exe
  2⤵
  - Executes dropped EXE
  PID:2292
- C:\Windows\System\GHMdXhc.exe
  C:\Windows\System\GHMdXhc.exe
  2⤵
  - Executes dropped EXE
  PID:2388
- C:\Windows\System\yPhRtGD.exe
  C:\Windows\System\yPhRtGD.exe
  2⤵
  - Executes dropped EXE
  PID:1928
- C:\Windows\System\SWUtSMD.exe
  C:\Windows\System\SWUtSMD.exe
  2⤵
  - Executes dropped EXE
  PID:1224
- C:\Windows\System\krnMhNk.exe
  C:\Windows\System\krnMhNk.exe
  2⤵
  - Executes dropped EXE
  PID:1976
- C:\Windows\System\Trbdngx.exe
  C:\Windows\System\Trbdngx.exe
  2⤵
  - Executes dropped EXE
  PID:2176
- C:\Windows\System\sdkmRaw.exe
  C:\Windows\System\sdkmRaw.exe
  2⤵
  - Executes dropped EXE
  PID:1528
- C:\Windows\System\ppGZCwn.exe
  C:\Windows\System\ppGZCwn.exe
  2⤵
  - Executes dropped EXE
  PID:916
- C:\Windows\System\XWCQsnT.exe
  C:\Windows\System\XWCQsnT.exe
  2⤵
  - Executes dropped EXE
  PID:872
- C:\Windows\System\rcaKQyM.exe
  C:\Windows\System\rcaKQyM.exe
  2⤵
  - Executes dropped EXE
  PID:2232
- C:\Windows\System\lzuFoLE.exe
  C:\Windows\System\lzuFoLE.exe
  2⤵
  - Executes dropped EXE
  PID:1612
- C:\Windows\System\VQallEI.exe
  C:\Windows\System\VQallEI.exe
  2⤵
  - Executes dropped EXE
  PID:1616
- C:\Windows\System\DWyfBfj.exe
  C:\Windows\System\DWyfBfj.exe
  2⤵
  - Executes dropped EXE
  PID:2984
- C:\Windows\System\gjSNjGJ.exe
  C:\Windows\System\gjSNjGJ.exe
  2⤵
  PID:904
- C:\Windows\System\SktpaVo.exe
  C:\Windows\System\SktpaVo.exe
  2⤵
  PID:2732
- C:\Windows\System\jZCokiz.exe
  C:\Windows\System\jZCokiz.exe
  2⤵
  PID:2680
- C:\Windows\System\eUtIqYP.exe
  C:\Windows\System\eUtIqYP.exe
  2⤵
  PID:2492
- C:\Windows\System\JJpoiis.exe
  C:\Windows\System\JJpoiis.exe
  2⤵
  PID:2772
- C:\Windows\System\ILdgIDK.exe
  C:\Windows\System\ILdgIDK.exe
  2⤵
  PID:2608
- C:\Windows\System\jWNkzsV.exe
  C:\Windows\System\jWNkzsV.exe
  2⤵
  PID:1952
- C:\Windows\System\xcNIMVp.exe
  C:\Windows\System\xcNIMVp.exe
  2⤵
  PID:2920
- C:\Windows\System\wKpXRVS.exe
  C:\Windows\System\wKpXRVS.exe
  2⤵
  PID:404
- C:\Windows\System\YLKKVGp.exe
  C:\Windows\System\YLKKVGp.exe
  2⤵
  PID:2676
- C:\Windows\System\cxBvGEh.exe
  C:\Windows\System\cxBvGEh.exe
  2⤵
  PID:2740
- C:\Windows\System\ElxgNoo.exe
  C:\Windows\System\ElxgNoo.exe
  2⤵
  PID:2228
- C:\Windows\System\HrLOIuY.exe
  C:\Windows\System\HrLOIuY.exe
  2⤵
  PID:312
- C:\Windows\System\rwxjzEl.exe
  C:\Windows\System\rwxjzEl.exe
  2⤵
  PID:2068
- C:\Windows\System\bDRGArY.exe
  C:\Windows\System\bDRGArY.exe
  2⤵
  PID:2180
- C:\Windows\System\jFLSuqW.exe
  C:\Windows\System\jFLSuqW.exe
  2⤵
  PID:2804
- C:\Windows\System\tKDBoBz.exe
  C:\Windows\System\tKDBoBz.exe
  2⤵
  PID:3000
- C:\Windows\System\zMdAnKq.exe
  C:\Windows\System\zMdAnKq.exe
  2⤵
  PID:692
- C:\Windows\System\XUMoapD.exe
  C:\Windows\System\XUMoapD.exe
  2⤵
  PID:2620
- C:\Windows\System\vGnMswA.exe
  C:\Windows\System\vGnMswA.exe
  2⤵
  PID:1492
- C:\Windows\System\axgDLQw.exe
  C:\Windows\System\axgDLQw.exe
  2⤵
  PID:2824
- C:\Windows\System\hhdDUXS.exe
  C:\Windows\System\hhdDUXS.exe
  2⤵
  PID:1796
- C:\Windows\System\bWagWWR.exe
  C:\Windows\System\bWagWWR.exe
  2⤵
  PID:1128
- C:\Windows\System\dINrCJg.exe
  C:\Windows\System\dINrCJg.exe
  2⤵
  PID:2148
- C:\Windows\System\ABZRIAg.exe
  C:\Windows\System\ABZRIAg.exe
  2⤵
  PID:1548
- C:\Windows\System\cUqWRfA.exe
  C:\Windows\System\cUqWRfA.exe
  2⤵
  PID:1556
- C:\Windows\System\uLTNRcP.exe
  C:\Windows\System\uLTNRcP.exe
  2⤵
  PID:1340
- C:\Windows\System\BfQBMjM.exe
  C:\Windows\System\BfQBMjM.exe
  2⤵
  PID:2864
- C:\Windows\System\LYTAqkA.exe
  C:\Windows\System\LYTAqkA.exe
  2⤵
  PID:2376
- C:\Windows\System\tAhNoeM.exe
  C:\Windows\System\tAhNoeM.exe
  2⤵
  PID:2844
- C:\Windows\System\cCRJvkk.exe
  C:\Windows\System\cCRJvkk.exe
  2⤵
  PID:984
- C:\Windows\System\tEHuNzo.exe
  C:\Windows\System\tEHuNzo.exe
  2⤵
  PID:2756
- C:\Windows\System\TefRros.exe
  C:\Windows\System\TefRros.exe
  2⤵
  PID:2876
- C:\Windows\System\fQMJTVX.exe
  C:\Windows\System\fQMJTVX.exe
  2⤵
  PID:2860
- C:\Windows\System\BJAnWiT.exe
  C:\Windows\System\BJAnWiT.exe
  2⤵
  PID:2872
- C:\Windows\System\JgGcvKV.exe
  C:\Windows\System\JgGcvKV.exe
  2⤵
  PID:2384
- C:\Windows\System\qtvjjZt.exe
  C:\Windows\System\qtvjjZt.exe
  2⤵
  PID:1516
- C:\Windows\System\bIoimGj.exe
  C:\Windows\System\bIoimGj.exe
  2⤵
  PID:1520
- C:\Windows\System\LbihusI.exe
  C:\Windows\System\LbihusI.exe
  2⤵
  PID:2564
- C:\Windows\System\PBCDrRa.exe
  C:\Windows\System\PBCDrRa.exe
  2⤵
  PID:1624
- C:\Windows\System\ldWyPqy.exe
  C:\Windows\System\ldWyPqy.exe
  2⤵
  PID:784
- C:\Windows\System\XXSSJvU.exe
  C:\Windows\System\XXSSJvU.exe
  2⤵
  PID:1460
- C:\Windows\System\ANqxAyP.exe
  C:\Windows\System\ANqxAyP.exe
  2⤵
  PID:380
- C:\Windows\System\HZgOjnh.exe
  C:\Windows\System\HZgOjnh.exe
  2⤵
  PID:1672
- C:\Windows\System\KGCChOf.exe
  C:\Windows\System\KGCChOf.exe
  2⤵
  PID:2256
- C:\Windows\System\BdmJwTc.exe
  C:\Windows\System\BdmJwTc.exe
  2⤵
  PID:2992
- C:\Windows\System\HaQsrEj.exe
  C:\Windows\System\HaQsrEj.exe
  2⤵
  PID:2096
- C:\Windows\System\bsdJhFK.exe
  C:\Windows\System\bsdJhFK.exe
  2⤵
  PID:1820
- C:\Windows\System\ENwlXuc.exe
  C:\Windows\System\ENwlXuc.exe
  2⤵
  PID:2184
- C:\Windows\System\FcqeQkN.exe
  C:\Windows\System\FcqeQkN.exe
  2⤵
  PID:2440
- C:\Windows\System\KcRLVJk.exe
  C:\Windows\System\KcRLVJk.exe
  2⤵
  PID:2444
- C:\Windows\System\DvIqFek.exe
  C:\Windows\System\DvIqFek.exe
  2⤵
  PID:2828
- C:\Windows\System\pgOvPxa.exe
  C:\Windows\System\pgOvPxa.exe
  2⤵
  PID:2652
- C:\Windows\System\EuEGbKJ.exe
  C:\Windows\System\EuEGbKJ.exe
  2⤵
  PID:2204
- C:\Windows\System\qEhvsZB.exe
  C:\Windows\System\qEhvsZB.exe
  2⤵
  PID:2776
- C:\Windows\System\YZgMlAF.exe
  C:\Windows\System\YZgMlAF.exe
  2⤵
  PID:2536
- C:\Windows\System\VDKYGXf.exe
  C:\Windows\System\VDKYGXf.exe
  2⤵
  PID:1980
- C:\Windows\System\EFozTBc.exe
  C:\Windows\System\EFozTBc.exe
  2⤵
  PID:2188
- C:\Windows\System\etGcXAy.exe
  C:\Windows\System\etGcXAy.exe
  2⤵
  PID:1828
- C:\Windows\System\dfzHbnb.exe
  C:\Windows\System\dfzHbnb.exe
  2⤵
  PID:2480
- C:\Windows\System\eXffwjn.exe
  C:\Windows\System\eXffwjn.exe
  2⤵
  PID:1052
- C:\Windows\System\xJkgLVM.exe
  C:\Windows\System\xJkgLVM.exe
  2⤵
  PID:1960
- C:\Windows\System\vCHJLUQ.exe
  C:\Windows\System\vCHJLUQ.exe
  2⤵
  PID:1972
- C:\Windows\System\LGbvyYm.exe
  C:\Windows\System\LGbvyYm.exe
  2⤵
  PID:2132
- C:\Windows\System\zTgDEhn.exe
  C:\Windows\System\zTgDEhn.exe
  2⤵
  PID:2856
- C:\Windows\System\zcLXVfT.exe
  C:\Windows\System\zcLXVfT.exe
  2⤵
  PID:536
- C:\Windows\System\QJKgeRI.exe
  C:\Windows\System\QJKgeRI.exe
  2⤵
  PID:1664
- C:\Windows\System\IhvbZMj.exe
  C:\Windows\System\IhvbZMj.exe
  2⤵
  PID:1864
- C:\Windows\System\EYOaqeR.exe
  C:\Windows\System\EYOaqeR.exe
  2⤵
  PID:1016
- C:\Windows\System\CWPHeVM.exe
  C:\Windows\System\CWPHeVM.exe
  2⤵
  PID:2168
- C:\Windows\System\DpqNmaD.exe
  C:\Windows\System\DpqNmaD.exe
  2⤵
  PID:2380
- C:\Windows\System\tsddZKx.exe
  C:\Windows\System\tsddZKx.exe
  2⤵
  PID:928
- C:\Windows\System\nXQpOMQ.exe
  C:\Windows\System\nXQpOMQ.exe
  2⤵
  PID:1660
- C:\Windows\System\NvQWcvt.exe
  C:\Windows\System\NvQWcvt.exe
  2⤵
  PID:2280
- C:\Windows\System\osKAyOB.exe
  C:\Windows\System\osKAyOB.exe
  2⤵
  PID:2960
- C:\Windows\System\juGexcF.exe
  C:\Windows\System\juGexcF.exe
  2⤵
  PID:2836
- C:\Windows\System\XlMgcVo.exe
  C:\Windows\System\XlMgcVo.exe
  2⤵
  PID:2004
- C:\Windows\System\ccYSnup.exe
  C:\Windows\System\ccYSnup.exe
  2⤵
  PID:1408
- C:\Windows\System\RdBlKTM.exe
  C:\Windows\System\RdBlKTM.exe
  2⤵
  PID:644
- C:\Windows\System\CXjjzjg.exe
  C:\Windows\System\CXjjzjg.exe
  2⤵
  PID:1732
- C:\Windows\System\CUXDTNT.exe
  C:\Windows\System\CUXDTNT.exe
  2⤵
  PID:1564
- C:\Windows\System\XBhBZLP.exe
  C:\Windows\System\XBhBZLP.exe
  2⤵
  PID:1276
- C:\Windows\System\ZSgGlxU.exe
  C:\Windows\System\ZSgGlxU.exe
  2⤵
  PID:2744
- C:\Windows\System\xrXtubX.exe
  C:\Windows\System\xrXtubX.exe
  2⤵
  PID:3068
- C:\Windows\System\HwCPFSS.exe
  C:\Windows\System\HwCPFSS.exe
  2⤵
  PID:2000
- C:\Windows\System\yPlnoSe.exe
  C:\Windows\System\yPlnoSe.exe
  2⤵
  PID:2832
- C:\Windows\System\LUhyNtq.exe
  C:\Windows\System\LUhyNtq.exe
  2⤵
  PID:2140
- C:\Windows\System\zRPQqhj.exe
  C:\Windows\System\zRPQqhj.exe
  2⤵
  PID:2248
- C:\Windows\System\RFqdUdd.exe
  C:\Windows\System\RFqdUdd.exe
  2⤵
  PID:1452
- C:\Windows\System\USGSBNA.exe
  C:\Windows\System\USGSBNA.exe
  2⤵
  PID:1804
- C:\Windows\System\FfHmxLr.exe
  C:\Windows\System\FfHmxLr.exe
  2⤵
  PID:1064
- C:\Windows\System\TgLxoxk.exe
  C:\Windows\System\TgLxoxk.exe
  2⤵
  PID:1840
- C:\Windows\System\pXClqeF.exe
  C:\Windows\System\pXClqeF.exe
  2⤵
  PID:2216
- C:\Windows\System\djaCMWX.exe
  C:\Windows\System\djaCMWX.exe
  2⤵
  PID:2688
- C:\Windows\System\gGGZfgW.exe
  C:\Windows\System\gGGZfgW.exe
  2⤵
  PID:1372
- C:\Windows\System\FCXlgOQ.exe
  C:\Windows\System\FCXlgOQ.exe
  2⤵
  PID:1940
- C:\Windows\System\YJqqKGf.exe
  C:\Windows\System\YJqqKGf.exe
  2⤵
  PID:1996
- C:\Windows\System\nEjUOcg.exe
  C:\Windows\System\nEjUOcg.exe
  2⤵
  PID:2200
- C:\Windows\System\xIFrHCz.exe
  C:\Windows\System\xIFrHCz.exe
  2⤵
  PID:344
- C:\Windows\System\kYMBMme.exe
  C:\Windows\System\kYMBMme.exe
  2⤵
  PID:1440
- C:\Windows\System\qOwfhcK.exe
  C:\Windows\System\qOwfhcK.exe
  2⤵
  PID:2884
- C:\Windows\System\bybZfku.exe
  C:\Windows\System\bybZfku.exe
  2⤵
  PID:308
- C:\Windows\System\nrlvzXa.exe
  C:\Windows\System\nrlvzXa.exe
  2⤵
  PID:1764
- C:\Windows\System\CpowMiF.exe
  C:\Windows\System\CpowMiF.exe
  2⤵
  PID:2416
- C:\Windows\System\rLktQKn.exe
  C:\Windows\System\rLktQKn.exe
  2⤵
  PID:452
- C:\Windows\System\pBDYmvx.exe
  C:\Windows\System\pBDYmvx.exe
  2⤵
  PID:1696
- C:\Windows\System\kWSIRno.exe
  C:\Windows\System\kWSIRno.exe
  2⤵
  PID:2528
- C:\Windows\System\yAnRAQB.exe
  C:\Windows\System\yAnRAQB.exe
  2⤵
  PID:2368
- C:\Windows\System\ZkwEKNV.exe
  C:\Windows\System\ZkwEKNV.exe
  2⤵
  PID:2108
- C:\Windows\System\yFvtpCU.exe
  C:\Windows\System\yFvtpCU.exe
  2⤵
  PID:1252
- C:\Windows\System\XzBzobk.exe
  C:\Windows\System\XzBzobk.exe
  2⤵
  PID:1576
- C:\Windows\System\vnkjMUI.exe
  C:\Windows\System\vnkjMUI.exe
  2⤵
  PID:2784
- C:\Windows\System\facTJBB.exe
  C:\Windows\System\facTJBB.exe
  2⤵
  PID:2944
- C:\Windows\System\sEbEeqw.exe
  C:\Windows\System\sEbEeqw.exe
  2⤵
  PID:268
- C:\Windows\System\PGCYIqD.exe
  C:\Windows\System\PGCYIqD.exe
  2⤵
  PID:2556
- C:\Windows\System\vXFeTJh.exe
  C:\Windows\System\vXFeTJh.exe
  2⤵
  PID:1036
- C:\Windows\System\jJbCGvh.exe
  C:\Windows\System\jJbCGvh.exe
  2⤵
  PID:1352
- C:\Windows\System\DnwaBld.exe
  C:\Windows\System\DnwaBld.exe
  2⤵
  PID:1744
- C:\Windows\System\lXaiwKx.exe
  C:\Windows\System\lXaiwKx.exe
  2⤵
  PID:1932
- C:\Windows\System\htjtBUO.exe
  C:\Windows\System\htjtBUO.exe
  2⤵
  PID:2560
- C:\Windows\System\eEGEbZS.exe
  C:\Windows\System\eEGEbZS.exe
  2⤵
  PID:3088
- C:\Windows\System\JJgNAeY.exe
  C:\Windows\System\JJgNAeY.exe
  2⤵
  PID:3104
- C:\Windows\System\ujlnNRu.exe
  C:\Windows\System\ujlnNRu.exe
  2⤵
  PID:3136
- C:\Windows\System\LIsXPna.exe
  C:\Windows\System\LIsXPna.exe
  2⤵
  PID:3160
- C:\Windows\System\LpDIolH.exe
  C:\Windows\System\LpDIolH.exe
  2⤵
  PID:3180
- C:\Windows\System\dQQWUei.exe
  C:\Windows\System\dQQWUei.exe
  2⤵
  PID:3196
- C:\Windows\System\pMREWkv.exe
  C:\Windows\System\pMREWkv.exe
  2⤵
  PID:3212
- C:\Windows\System\EVjjamt.exe
  C:\Windows\System\EVjjamt.exe
  2⤵
  PID:3228
- C:\Windows\System\ForMSXM.exe
  C:\Windows\System\ForMSXM.exe
  2⤵
  PID:3244
- C:\Windows\System\CnTOIPi.exe
  C:\Windows\System\CnTOIPi.exe
  2⤵
  PID:3264
- C:\Windows\System\gblcnVu.exe
  C:\Windows\System\gblcnVu.exe
  2⤵
  PID:3280
- C:\Windows\System\OsBfRIF.exe
  C:\Windows\System\OsBfRIF.exe
  2⤵
  PID:3300
- C:\Windows\System\JLhVhkH.exe
  C:\Windows\System\JLhVhkH.exe
  2⤵
  PID:3324
- C:\Windows\System\hfWWZPg.exe
  C:\Windows\System\hfWWZPg.exe
  2⤵
  PID:3348
- C:\Windows\System\bBIcsuU.exe
  C:\Windows\System\bBIcsuU.exe
  2⤵
  PID:3372
- C:\Windows\System\KMFfeLb.exe
  C:\Windows\System\KMFfeLb.exe
  2⤵
  PID:3404
- C:\Windows\System\JJIFEOU.exe
  C:\Windows\System\JJIFEOU.exe
  2⤵
  PID:3428
- C:\Windows\System\wLYFHyD.exe
  C:\Windows\System\wLYFHyD.exe
  2⤵
  PID:3444
- C:\Windows\System\oiKZhxe.exe
  C:\Windows\System\oiKZhxe.exe
  2⤵
  PID:3468
- C:\Windows\System\GZPGibc.exe
  C:\Windows\System\GZPGibc.exe
  2⤵
  PID:3484
- C:\Windows\System\YuMSVwU.exe
  C:\Windows\System\YuMSVwU.exe
  2⤵
  PID:3504
- C:\Windows\System\FowDuDg.exe
  C:\Windows\System\FowDuDg.exe
  2⤵
  PID:3524
- C:\Windows\System\LUvadhL.exe
  C:\Windows\System\LUvadhL.exe
  2⤵
  PID:3540
- C:\Windows\System\zQGXjlb.exe
  C:\Windows\System\zQGXjlb.exe
  2⤵
  PID:3560
- C:\Windows\System\CjLgTra.exe
  C:\Windows\System\CjLgTra.exe
  2⤵
  PID:3580
- C:\Windows\System\ohHmLew.exe
  C:\Windows\System\ohHmLew.exe
  2⤵
  PID:3596
- C:\Windows\System\ZgSTzrF.exe
  C:\Windows\System\ZgSTzrF.exe
  2⤵
  PID:3616
- C:\Windows\System\jOVgnuJ.exe
  C:\Windows\System\jOVgnuJ.exe
  2⤵
  PID:3632
- C:\Windows\System\xSevLiZ.exe
  C:\Windows\System\xSevLiZ.exe
  2⤵
  PID:3656
- C:\Windows\System\CylueFU.exe
  C:\Windows\System\CylueFU.exe
  2⤵
  PID:3672
- C:\Windows\System\mkZPGcu.exe
  C:\Windows\System\mkZPGcu.exe
  2⤵
  PID:3696
- C:\Windows\System\rxEImdW.exe
  C:\Windows\System\rxEImdW.exe
  2⤵
  PID:3720
- C:\Windows\System\KnFPWwk.exe
  C:\Windows\System\KnFPWwk.exe
  2⤵
  PID:3740
- C:\Windows\System\SDJdrcE.exe
  C:\Windows\System\SDJdrcE.exe
  2⤵
  PID:3756
- C:\Windows\System\JPdXwCn.exe
  C:\Windows\System\JPdXwCn.exe
  2⤵
  PID:3772
- C:\Windows\System\ZSSKoye.exe
  C:\Windows\System\ZSSKoye.exe
  2⤵
  PID:3788
- C:\Windows\System\gRbmBds.exe
  C:\Windows\System\gRbmBds.exe
  2⤵
  PID:3824
- C:\Windows\System\lbkkJkt.exe
  C:\Windows\System\lbkkJkt.exe
  2⤵
  PID:3840
- C:\Windows\System\wMQWNYS.exe
  C:\Windows\System\wMQWNYS.exe
  2⤵
  PID:3856
- C:\Windows\System\gXOjWjL.exe
  C:\Windows\System\gXOjWjL.exe
  2⤵
  PID:3872
- C:\Windows\System\wdZJPHd.exe
  C:\Windows\System\wdZJPHd.exe
  2⤵
  PID:3888
- C:\Windows\System\dScKgIC.exe
  C:\Windows\System\dScKgIC.exe
  2⤵
  PID:3904
- C:\Windows\System\MyxYlrP.exe
  C:\Windows\System\MyxYlrP.exe
  2⤵
  PID:3928
- C:\Windows\System\MxeJLCJ.exe
  C:\Windows\System\MxeJLCJ.exe
  2⤵
  PID:3968
- C:\Windows\System\UaOvDZg.exe
  C:\Windows\System\UaOvDZg.exe
  2⤵
  PID:3984
- C:\Windows\System\XBOWldA.exe
  C:\Windows\System\XBOWldA.exe
  2⤵
  PID:4004
- C:\Windows\System\PIJIRpO.exe
  C:\Windows\System\PIJIRpO.exe
  2⤵
  PID:4024
- C:\Windows\System\CYcyEkI.exe
  C:\Windows\System\CYcyEkI.exe
  2⤵
  PID:4044
- C:\Windows\System\NKCeHmj.exe
  C:\Windows\System\NKCeHmj.exe
  2⤵
  PID:4064
- C:\Windows\System\BJKpbsL.exe
  C:\Windows\System\BJKpbsL.exe
  2⤵
  PID:4084
- C:\Windows\System\peNESwJ.exe
  C:\Windows\System\peNESwJ.exe
  2⤵
  PID:2192
- C:\Windows\System\pjyWiFH.exe
  C:\Windows\System\pjyWiFH.exe
  2⤵
  PID:1012
- C:\Windows\System\xghiydL.exe
  C:\Windows\System\xghiydL.exe
  2⤵
  PID:1448
- C:\Windows\System\WGBXAJG.exe
  C:\Windows\System\WGBXAJG.exe
  2⤵
  PID:3084
- C:\Windows\System\upqzWRk.exe
  C:\Windows\System\upqzWRk.exe
  2⤵
  PID:1596
- C:\Windows\System\lOpSOdf.exe
  C:\Windows\System\lOpSOdf.exe
  2⤵
  PID:3124
- C:\Windows\System\VMYDBPp.exe
  C:\Windows\System\VMYDBPp.exe
  2⤵
  PID:3176
- C:\Windows\System\AXalTxY.exe
  C:\Windows\System\AXalTxY.exe
  2⤵
  PID:3240
- C:\Windows\System\qLiWagn.exe
  C:\Windows\System\qLiWagn.exe
  2⤵
  PID:3148
- C:\Windows\System\GwTgWgM.exe
  C:\Windows\System\GwTgWgM.exe
  2⤵
  PID:3256
- C:\Windows\System\eNekOxk.exe
  C:\Windows\System\eNekOxk.exe
  2⤵
  PID:3224
- C:\Windows\System\ZoBkOLB.exe
  C:\Windows\System\ZoBkOLB.exe
  2⤵
  PID:3252
- C:\Windows\System\ILZQqCw.exe
  C:\Windows\System\ILZQqCw.exe
  2⤵
  PID:3360
- C:\Windows\System\bdxSNFA.exe
  C:\Windows\System\bdxSNFA.exe
  2⤵
  PID:3384
- C:\Windows\System\bezHtqt.exe
  C:\Windows\System\bezHtqt.exe
  2⤵
  PID:3416
- C:\Windows\System\ALmSwLV.exe
  C:\Windows\System\ALmSwLV.exe
  2⤵
  PID:3456
- C:\Windows\System\nVbGxrW.exe
  C:\Windows\System\nVbGxrW.exe
  2⤵
  PID:3480
- C:\Windows\System\RHxSMKX.exe
  C:\Windows\System\RHxSMKX.exe
  2⤵
  PID:3532
- C:\Windows\System\JOxVvVX.exe
  C:\Windows\System\JOxVvVX.exe
  2⤵
  PID:3536
- C:\Windows\System\VdABvKj.exe
  C:\Windows\System\VdABvKj.exe
  2⤵
  PID:3604
- C:\Windows\System\fQgYiLd.exe
  C:\Windows\System\fQgYiLd.exe
  2⤵
  PID:3648
- C:\Windows\System\HnVwHFy.exe
  C:\Windows\System\HnVwHFy.exe
  2⤵
  PID:3688
- C:\Windows\System\XuTqGIo.exe
  C:\Windows\System\XuTqGIo.exe
  2⤵
  PID:3728
- C:\Windows\System\SVOQufq.exe
  C:\Windows\System\SVOQufq.exe
  2⤵
  PID:3668
- C:\Windows\System\hFuJkic.exe
  C:\Windows\System\hFuJkic.exe
  2⤵
  PID:3800
- C:\Windows\System\TDMaaze.exe
  C:\Windows\System\TDMaaze.exe
  2⤵
  PID:3816
- C:\Windows\System\HETjtbR.exe
  C:\Windows\System\HETjtbR.exe
  2⤵
  PID:3752
- C:\Windows\System\DZeGGoj.exe
  C:\Windows\System\DZeGGoj.exe
  2⤵
  PID:3852
- C:\Windows\System\XjeZvOj.exe
  C:\Windows\System\XjeZvOj.exe
  2⤵
  PID:3916
- C:\Windows\System\BmHFiZR.exe
  C:\Windows\System\BmHFiZR.exe
  2⤵
  PID:3900
- C:\Windows\System\TwlfYHH.exe
  C:\Windows\System\TwlfYHH.exe
  2⤵
  PID:3868
- C:\Windows\System\YZepOGF.exe
  C:\Windows\System\YZepOGF.exe
  2⤵
  PID:3940
- C:\Windows\System\LkkLoZI.exe
  C:\Windows\System\LkkLoZI.exe
  2⤵
  PID:3996
- C:\Windows\System\UJFINCi.exe
  C:\Windows\System\UJFINCi.exe
  2⤵
  PID:4032
- C:\Windows\System\vaOYVxo.exe
  C:\Windows\System\vaOYVxo.exe
  2⤵
  PID:4060
- C:\Windows\System\aGYXZDK.exe
  C:\Windows\System\aGYXZDK.exe
  2⤵
  PID:320
- C:\Windows\System\Eoctiro.exe
  C:\Windows\System\Eoctiro.exe
  2⤵
  PID:2208
- C:\Windows\System\SczvTEi.exe
  C:\Windows\System\SczvTEi.exe
  2⤵
  PID:3112
- C:\Windows\System\eEXrmZf.exe
  C:\Windows\System\eEXrmZf.exe
  2⤵
  PID:3096
- C:\Windows\System\rEckYJr.exe
  C:\Windows\System\rEckYJr.exe
  2⤵
  PID:3204
- C:\Windows\System\GQHNdtw.exe
  C:\Windows\System\GQHNdtw.exe
  2⤵
  PID:3312
- C:\Windows\System\wyrdxXl.exe
  C:\Windows\System\wyrdxXl.exe
  2⤵
  PID:3296
- C:\Windows\System\pMdYUzl.exe
  C:\Windows\System\pMdYUzl.exe
  2⤵
  PID:3340
- C:\Windows\System\KmiLJfI.exe
  C:\Windows\System\KmiLJfI.exe
  2⤵
  PID:3392
- C:\Windows\System\MMOqkNs.exe
  C:\Windows\System\MMOqkNs.exe
  2⤵
  PID:3460
- C:\Windows\System\AJMZpbK.exe
  C:\Windows\System\AJMZpbK.exe
  2⤵
  PID:3496
- C:\Windows\System\LNoixTp.exe
  C:\Windows\System\LNoixTp.exe
  2⤵
  PID:3644
- C:\Windows\System\CHiVecd.exe
  C:\Windows\System\CHiVecd.exe
  2⤵
  PID:3684
- C:\Windows\System\LffUKHf.exe
  C:\Windows\System\LffUKHf.exe
  2⤵
  PID:3796
- C:\Windows\System\SmWSzKu.exe
  C:\Windows\System\SmWSzKu.exe
  2⤵
  PID:3732
- C:\Windows\System\mGDfAZi.exe
  C:\Windows\System\mGDfAZi.exe
  2⤵
  PID:3784
- C:\Windows\System\dwitFaJ.exe
  C:\Windows\System\dwitFaJ.exe
  2⤵
  PID:3832
- C:\Windows\System\rCryMTU.exe
  C:\Windows\System\rCryMTU.exe
  2⤵
  PID:3948
- C:\Windows\System\zPgmMJA.exe
  C:\Windows\System\zPgmMJA.exe
  2⤵
  PID:3992
- C:\Windows\System\AmgSWkG.exe
  C:\Windows\System\AmgSWkG.exe
  2⤵
  PID:3076
- C:\Windows\System\wgdcvlk.exe
  C:\Windows\System\wgdcvlk.exe
  2⤵
  PID:4076
- C:\Windows\System\HQwgJtr.exe
  C:\Windows\System\HQwgJtr.exe
  2⤵
  PID:3944
- C:\Windows\System\rHSGHor.exe
  C:\Windows\System\rHSGHor.exe
  2⤵
  PID:3120
- C:\Windows\System\vpYUUqi.exe
  C:\Windows\System\vpYUUqi.exe
  2⤵
  PID:2300
- C:\Windows\System\zGCBMeI.exe
  C:\Windows\System\zGCBMeI.exe
  2⤵
  PID:4092
- C:\Windows\System\HOiKlWB.exe
  C:\Windows\System\HOiKlWB.exe
  2⤵
  PID:1788
- C:\Windows\System\YGYcIHM.exe
  C:\Windows\System\YGYcIHM.exe
  2⤵
  PID:3548
- C:\Windows\System\yFVNvsJ.exe
  C:\Windows\System\yFVNvsJ.exe
  2⤵
  PID:3364
- C:\Windows\System\GpkLbzl.exe
  C:\Windows\System\GpkLbzl.exe
  2⤵
  PID:3568
- C:\Windows\System\UxLjSPz.exe
  C:\Windows\System\UxLjSPz.exe
  2⤵
  PID:3592
- C:\Windows\System\QIihWVB.exe
  C:\Windows\System\QIihWVB.exe
  2⤵
  PID:3804
- C:\Windows\System\iccoGbS.exe
  C:\Windows\System\iccoGbS.exe
  2⤵
  PID:3764
- C:\Windows\System\bAMzlKj.exe
  C:\Windows\System\bAMzlKj.exe
  2⤵
  PID:3100
- C:\Windows\System\yPAFpLC.exe
  C:\Windows\System\yPAFpLC.exe
  2⤵
  PID:3152
- C:\Windows\System\EgeQUnr.exe
  C:\Windows\System\EgeQUnr.exe
  2⤵
  PID:3192
- C:\Windows\System\yPNoGBA.exe
  C:\Windows\System\yPNoGBA.exe
  2⤵
  PID:3436
- C:\Windows\System\FqwHAiF.exe
  C:\Windows\System\FqwHAiF.exe
  2⤵
  PID:3520
- C:\Windows\System\GbgjAPg.exe
  C:\Windows\System\GbgjAPg.exe
  2⤵
  PID:3640
- C:\Windows\System\hvtsTVm.exe
  C:\Windows\System\hvtsTVm.exe
  2⤵
  PID:3576
- C:\Windows\System\yLYKhRX.exe
  C:\Windows\System\yLYKhRX.exe
  2⤵
  PID:3896
- C:\Windows\System\iDiXUsT.exe
  C:\Windows\System\iDiXUsT.exe
  2⤵
  PID:3880
- C:\Windows\System\ikMUBBh.exe
  C:\Windows\System\ikMUBBh.exe
  2⤵
  PID:3424
- C:\Windows\System\HYOCAvG.exe
  C:\Windows\System\HYOCAvG.exe
  2⤵
  PID:2664
- C:\Windows\System\jpgMZre.exe
  C:\Windows\System\jpgMZre.exe
  2⤵
  PID:3412
- C:\Windows\System\ZpuwRCu.exe
  C:\Windows\System\ZpuwRCu.exe
  2⤵
  PID:3884
- C:\Windows\System\VxIGCGD.exe
  C:\Windows\System\VxIGCGD.exe
  2⤵
  PID:4052
- C:\Windows\System\uLEjkjb.exe
  C:\Windows\System\uLEjkjb.exe
  2⤵
  PID:3692
- C:\Windows\System\lrOeJxI.exe
  C:\Windows\System\lrOeJxI.exe
  2⤵
  PID:3820
- C:\Windows\System\gLcrLBb.exe
  C:\Windows\System\gLcrLBb.exe
  2⤵
  PID:1780
- C:\Windows\System\kNHPwRp.exe
  C:\Windows\System\kNHPwRp.exe
  2⤵
  PID:4108
- C:\Windows\System\AlOIOVS.exe
  C:\Windows\System\AlOIOVS.exe
  2⤵
  PID:4124
- C:\Windows\System\BuLGLEG.exe
  C:\Windows\System\BuLGLEG.exe
  2⤵
  PID:4148
- C:\Windows\System\cqUPcpj.exe
  C:\Windows\System\cqUPcpj.exe
  2⤵
  PID:4164
- C:\Windows\System\vGSWhVL.exe
  C:\Windows\System\vGSWhVL.exe
  2⤵
  PID:4184
- C:\Windows\System\skfSlRx.exe
  C:\Windows\System\skfSlRx.exe
  2⤵
  PID:4200
- C:\Windows\System\jdECgmo.exe
  C:\Windows\System\jdECgmo.exe
  2⤵
  PID:4232

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\BcNQztW.exe

Filesize
2.0MB

MD5
96f9eb19dd8a08954b5de46ac67d3524

SHA1
c26052f080192d83ceb61fe5b8486fb530b88e73

SHA256
9dfc4a7ccc8f47db0a54655db8b3ef3a217242d82dafca2b4decabfb9e9f48e8

SHA512
2720d88647781b8844c28cc6e1da4a18a565ee5bb8f296c9d26127411542d3dfc8817acdb2291c07d4318abc46a514717bf05a2d80367bfe6b99e8ef6a8dfd1a

Download Submit
C:\Windows\system\CLyuZCJ.exe

Filesize
2.0MB

MD5
5a67278d5c71d2578dffc6d1d0eaf65e

SHA1
8bab7857093c154988e01c8d4b4fcdd65901b2af

SHA256
e4e40163631bc4761cf1558e2aaf2826275c5d65719b86569e3214e84e2235ad

SHA512
a9c148e632c736f65769b5add00c5e473c90f4f0c91c0ba66f631ce54ab8206d6b148518d5583c7374523ec0ccb6f58ceb787182a756bafdfbc050d5d277036c

Download Submit
C:\Windows\system\CMmAfMU.exe

Filesize
2.0MB

MD5
7044462266d1e20715febe4a01ebb910

SHA1
e5a21b6f5f4ea0e3cf5217e3b8198716485b0077

SHA256
e9299f8cc50c6f944cb983768e2db2d92f9d6561365f594afc688ba018fffd86

SHA512
82018802b91f9586ec09f3c1ac689a8c3f67e1cd6db270a65958736181009ea30a629cb4c4a5580a85288e5800f80999dbc62de30597e9ba1ae3211b7f1bc055

Download Submit
C:\Windows\system\EBvzUqL.exe

Filesize
2.0MB

MD5
c2a019c091f96fb40b719ecaf144c925

SHA1
a2d0ef70805d6d6ae8b3c7b31be1a8aa8ee2e5ef

SHA256
63dd154191fa26b1acdc990ac67673f0ed8b06b62308666b0fd8a0291775f5c6

SHA512
57b122c10efe76d73d942e5005e917af7af2bbdad1797b6cfcc363568eacd558215f04b43e1a4fd5674ada03b3f3ec9f864f3bf93bd71ad02209fab2e00e9693

Download Submit
C:\Windows\system\EfUnBVR.exe

Filesize
2.0MB

MD5
7ce3d4af65885df58f01f1e6a192d872

SHA1
ccbf8c999967ddd608f11ea50f159b6616eface2

SHA256
e0b9bd0d6279a219b1bd97e4c809cb336aeef53a4520ee027386c7e42656dd60

SHA512
4efab65eeddc5c518360141415c3ed1d724701cf253fe7bb0ae6f520c9514aa71987d865fb8eff3610ca7345eef1a07956f970ba73ffc537aa03e24cdd34bb27

Download Submit
C:\Windows\system\FuCfztj.exe

Filesize
2.0MB

MD5
e3251018f7c269063b0b750e9e954a7c

SHA1
33d5907c7ba672b096c44d3c79b422dc25d8736a

SHA256
4682f52655836073039b97a095bfa0162d9641bf11c5f5299a21e7d2a7998dd4

SHA512
2af7bfd5c6bc34afe3073a4e87129ec82adacc71c939c88645de0c192a3b12195894a739fd78fb9b5be897c8ccfb73d0a8af66a6e6106889dfc5d4135349a56c

Download Submit
C:\Windows\system\KtTvGIz.exe

Filesize
2.0MB

MD5
f08416a72ec7e4ac9147fb6a8fadfd53

SHA1
f34dbd9d019890372a40606bf551c9dc1941f9c3

SHA256
af328e59b3e95768c47d8f29f566bc20e73feef21f80df6aa2a21fc97fae936a

SHA512
6e206007affdf65412e41cae73279b3d6fc4c11bc0fcbf34de7a4f33f21546dbd11e8c680cb78f2328bc03f9daa08db00a0551f6e3efc3195f18f5d65c63666d

Download Submit
C:\Windows\system\NMLisvD.exe

Filesize
2.0MB

MD5
68d9eac60e74e7ae6d49a3759174fc11

SHA1
5beedf30681e210f5260c9b2bc4e8092edb95a3b

SHA256
20164226a9ab991e5a270b74e818c43ded3922a4b47f05b42d39ccbc69e0d900

SHA512
3561766e2728894f96b3278f566764f35bb8189b0b02b469057a4e6324d15fe1cf570284b5686ee624e1235932b656aa5e04b502483abdf9820569873239e244

Download Submit
C:\Windows\system\PdYAmjr.exe

Filesize
2.0MB

MD5
b831ae9a91060a195dcc02658a4aca86

SHA1
bd2e14d425dc9f5dd175e472a00057375c68edf5

SHA256
904fa5caef864e291567e212dc79ed46310e748a8f0b5b2f6498d209bd4ee558

SHA512
54da2423ba219fc30ab456e14dc2afa87f7b1b1df6487461df586837c7ae28db4af812ec78c5866d3a191e3d2b3aa8d81597b8795389ccb043ba862db615cfe7

Download Submit
C:\Windows\system\TRWjZiX.exe

Filesize
2.0MB

MD5
4076b523b117d05932f95647e07710bd

SHA1
5a66fae3e3ae8ea36e634d2aa427e9813db2ef0b

SHA256
6abc806fe0df5c46b3f0e24725e198cd984c47a77fb474e4de74d03be473e666

SHA512
a7192e16c38f8ba5c06676c4aad649bf6473c5b81d0d85da632619b723f5fe407f733038c0cbc40a26adac9406cc032e99cae2359b1994cb70e4df333b2f77bc

Download Submit
C:\Windows\system\VOhNwvX.exe

Filesize
2.0MB

MD5
86a804ba09e4eb6df66d90cec1067731

SHA1
dc81a70ab56251f62943b60006497230c1197daa

SHA256
9b2f6fcf0a262bba751896774fb1f34bcbb792d0ecb6bf0edf11e4f68f000517

SHA512
f3cd35e54070f6adc6c470d141e3fbd3b436b30a4db44ba15db27577a0b491a127855f1817af1aeb72f5f413a8247928f32f1b93b4c30505f54cba6c6317bf2f

Download Submit
C:\Windows\system\VtyAprQ.exe

Filesize
2.0MB

MD5
051cb40f187b675d992de81241aae08b

SHA1
01636cd98c515ee0b7a782df700179e9fbd16842

SHA256
a804a8980bf5ad2aa5a6dcd513e625e3a14f39d816db5ba6937848bcf0bb674b

SHA512
aea475b419d87efcd15bf3ade331834cefd92fc4f825bc8547979a14b7c5c82b9ac369c1b68ebb3332d8cf94ddbf933fa6621200e5f85262577e6a2b77e66893

Download Submit
C:\Windows\system\ZcWxavy.exe

Filesize
2.0MB

MD5
0c3cf06bfe0579131a33fd3f0486cc89

SHA1
349cbb5150c5f6447832ff0260a3143c55ad07af

SHA256
1b6cee06d36573f553ce97241aa458debef5f970cd155e48fc871e2ef1ade02c

SHA512
229dc6d42285a53ef888d1687ed0901fded10badafd0bd63f7096efb617754f4ab3cb4aff7de305e18de2d9ab6aac6f00501e743603ad6d3456ce74cb78be2a0

Download Submit
C:\Windows\system\ZmNLOva.exe

Filesize
2.0MB

MD5
aa5740c253c582495e7b90b80f0d3835

SHA1
bd490a8ae91a3afae0857d780b57ad618fc36d77

SHA256
9301e2da361ab9892bbdd21a314bc006187e1170b7ebf303ce7ac9480d3b0282

SHA512
f01a9c703d9b25817dfb2e2cbee1e3260776861ef37ab4bceead2123d6cd2f41100cd13d7af9cf0bd27ba805d4ff19e94e84d591e9ddae7a1e0315d0c28819c4

Download Submit
C:\Windows\system\dZRzamB.exe

Filesize
2.0MB

MD5
754ad24c607ea63db6c7d491765ecc64

SHA1
dea25c984de995c88dbc70ab2c5711bbddafc333

SHA256
c7356cf8d3d098edd96a656a9c06ac361cb75b9064949897fb165764413a5948

SHA512
800eb2e930b55b3365a15e8540ec278e72756051145467b9f1b0070e0b502fa7c3a0a2fad5ea7aa7e0f522396124ed0d75bf7539c0a8b7807cc9bf12de1a0226

Download Submit
C:\Windows\system\hFyxzHP.exe

Filesize
2.0MB

MD5
8e8bb81863b74e21e993a8859e40cd73

SHA1
c73c28f9c54e8234640a9544f2fab5ed8f8dddee

SHA256
15eabe6b202867ecb60af640e9e3d2fc65e78c37178f331726036520db0f9b66

SHA512
4f0300e397e35e4d07df8aef66e0de627c1d0aa2d830474b407567b412106eb7be998fb8dca694028fd8d90a2a9dc1694ed1f3b254c95c0f4d887a4819b6bfe2

Download Submit
C:\Windows\system\jNbiFKY.exe

Filesize
2.0MB

MD5
02c08bb54353a7e42a66583e7f952013

SHA1
517fd6900bde3348ffbf4bdc7360cdefd9f07131

SHA256
101c8388c5fb4f8715d93779b0e091208c58eadea23c3ec7956261468cea4555

SHA512
af2d8c79c5bd3413af1d8a29c016879e3ed4ab06de968f58754fc1a23fb6d1a1c3d53305a7fb478067925ba46dfb29c740c868d925f30180c0a326c7bed32ced

Download Submit
C:\Windows\system\jvbTDid.exe

Filesize
2.0MB

MD5
a9855cb2b6dd72d618a7d5bd0a02aecf

SHA1
d6d317abc7a5e16e2ac0ea212c66503e01cc2278

SHA256
104517b544e95be776c137b393992790f0d9111464effdf6cbb17146fb03bff0

SHA512
b00c34f713b24acbe2da39874ece2474f1c9aa2642120a8eb586d7f171734c6f70deea08dd04d9a4c52a63c619ffee5b9e5b4004d191fbdda193a8c1aba70017

Download Submit
C:\Windows\system\ksBhChW.exe

Filesize
2.0MB

MD5
44c7b6a98a25fdc9625647dcf910471d

SHA1
a111a96077818ec2b856e23f78717a1bad086916

SHA256
0450281d8db34078667f0d27d20e408c09c1642d0d7c989101fd4ce3ea47a5da

SHA512
dae80f919a5991c6475346048ebff3e5cdec9c66788a0011bf8bdb6749c4276a76071e8a100cd55e3d12c6627abcdecf7f2cb5c6cdfa2a5a75dc98a5ba185d6d

Download Submit
C:\Windows\system\lmVHZCI.exe

Filesize
2.0MB

MD5
0cabacc62a8add491b95be79787ba05b

SHA1
96e89dd1fe311064b954ecd9adbc536a2c03bb62

SHA256
5874222c13f8742239a5feced2b855c777f78470cae8a3b514af59be84aaaeda

SHA512
7fd5f7538cc09cf867bf6ca2d59dddd29bac334ff1a21841260512ecb471c257a8e0c80da08f3c4578d2865f1df6fe889f3214575a505b2d146a9a0fc730fa02

Download Submit
C:\Windows\system\nVKyzbl.exe

Filesize
2.0MB

MD5
8bfc7c105480121ed08b092af4353327

SHA1
8732cf23040ec80a8f13d6fabfa6bb6ce9ee85ef

SHA256
62da4a733f98ef67967345fd7850c43749dddb9215b6bc57f3478852fbc0f3c2

SHA512
7051dcd3245291ffb0988b3380cb68e571523706c331d87554e388bf7bbd1232ed364ee96995c9fe68bfdd1dbe983756429300a05fff64785f5778784bb1da72

Download Submit
C:\Windows\system\nswEyuC.exe

Filesize
2.0MB

MD5
47aaf2d8d6c6c28796c215750b8dfbfa

SHA1
c7b006eeb332a34d7f4017a998710b8902a38304

SHA256
01f479d88b97d62aa98e94b5c2cf7e1f067eac6b978e746e30e4611b50bc6207

SHA512
4a68bcbdfc06cd1bcd586ff9118e7e4a312040b110e8f9eb644eec9b25baf5e9792fcec2824f4977d9330fe3dd2b999795f2575a3c6dfedff909d4ab1b25f67f

Download Submit
C:\Windows\system\pUZSEHp.exe

Filesize
2.0MB

MD5
f93014c8e1af4aec74a33822bffc051a

SHA1
d4a7325d5862fde6a9a0da4c662c79c92658b0c1

SHA256
80e265afc1f27067d6b383f36cbe852529a039b60f9c428a494a19a12ab87daf

SHA512
a820c0d006fd08d7befc3a5fdc428332994697872ba3ef67110be8bf3483e3e8dce7c0622641b4ba98b886eae8ae55da212fe3986b4b3e0ab02b8b419ca96ade

Download Submit
C:\Windows\system\pvdvxFp.exe

Filesize
2.0MB

MD5
91430cf1dce378a1e92449ca9c2d7a23

SHA1
a5cc2a7076c0b9171de42ca52eea3f29570172fb

SHA256
a1f8b85c913d7f835abb78458f6ebf805f84587be5b8e2f2d416474ece241150

SHA512
6a09e2b86f63b5d2291aa0f1be504ade698dcb6dfa4b129d46e2595344f5c59d7b04f2808e29e0db9051225127e8e3f44eff73683358054e7a35a8a0d6e0cdcb

Download Submit
C:\Windows\system\qTyvbMl.exe

Filesize
2.0MB

MD5
5515e9aed2d6eb97c6efde081ca42a45

SHA1
d1d9c6bc5d4a967cb06dd564bf874f1f3853e076

SHA256
cfd61d8fa474729954946fcd2347bf5e564e697f04d29adb0f02a9595e66bf8a

SHA512
5703f1c1b6ae179bc0ee1db484335b6f5304c997cf1e55f5ba16ee8193e65c5af68b3a42a5781d8a3b4c8787a60b903b1dfa625ecf9b0fa76102ba42540e717b

Download Submit
C:\Windows\system\swpdHDS.exe

Filesize
2.0MB

MD5
1767c23635c9fa0b1926e3bb42e4c56f

SHA1
05a6b1317ca1c4a52ff05f75b9e8853968c71892

SHA256
78136c532f1f22397ba077672837bf2ea0aa7a7cef412a291a4375346a2b0b87

SHA512
bff1fe148e0d5b80d667046305dfdf28babbfb2fbbd3267b1fdbdff256d48eb2b6ea79ff5df344c7d78c71024bd2d11dea79e8b22387169b89268ac0aba8fbb1

Download Submit
C:\Windows\system\uKRQWtG.exe

Filesize
2.0MB

MD5
f348b0bc069b55452c3b965ddb4f8d41

SHA1
913a666582029819c7f7ad66579b88f9d126d22d

SHA256
4a449867dcda66c5baa1eded35bf629e71e9872b9c5dcd10ee900840de6f87b4

SHA512
0678f7c161756fd794a894055abe51d70db2235fcebeb59f84131baced9a11095caf4f2866782443e7ad465634aae5b5410f0f2b1756224107c3d662eacc95a8

Download Submit
C:\Windows\system\xWnzkyL.exe

Filesize
2.0MB

MD5
eb98749737a3d4267682967f46a2f617

SHA1
c911412cbfbf4bd5f8b2efab2f7703c33e2f74aa

SHA256
5dc07ebf65242e0f2ee5043c22fa0ea37c258afed377d6a35f24b013246a44f4

SHA512
fbce74c37e7c4cf443846dae65da86059fd75667ba25aec1996a1b019f942fc0dd48d018b7abc896c4fc342f54009632cfdfdc213a6a503c082e992a6c7bfd72

Download Submit
C:\Windows\system\yUwJZuZ.exe

Filesize
2.0MB

MD5
db694e9cf5cc5cd1324b44f4d3162091

SHA1
ae71d68e695ab72ee2f152edd77d2f7eacb6d997

SHA256
216d773a30ccf4e63d111a1befa320548b9f370c57fa94fbcda6e87ff2d251b0

SHA512
5af23815ba06814393683eaf921de2d8c2fe6b7c61e471d8b46dc697d7d613da3ffa1505e9df64c4be43603683bad1fceea50f6f5d2be1ea7d79ccac8cdfb258

Download Submit
C:\Windows\system\yegMeuK.exe

Filesize
2.0MB

MD5
a439aad368fd0a27fe10716f1dc918c7

SHA1
80a8e293bef481aa5324d35baad1890234ded62b

SHA256
6330a85c7ea78ade91d2a135873408490e3b59d4b5f471e8d19acc2effa21716

SHA512
8445c4b66814c550885788f70bb960b9d8cfa9ef871bba5e9a321bfb84b5c50803d7e04fd6efc1ac08703f988e5f78c5191b408a0b461da4e4f4db4b25ad543b

Download Submit
C:\Windows\system\yprXThG.exe

Filesize
2.0MB

MD5
883248926e2482d117263d1768e26f20

SHA1
7e1c19a192b0dbdd0d6e303bcfbc1bf10106d034

SHA256
c8612ba5ef292606b6695e6d09f7b577b17e37e5519f35d0ea1bf9c65fee5774

SHA512
2e0e4d5d868f1d7bdf59aadcf626a09fe025e9c4cb11065d45d365f1683f9a15ce6774346776d9e017bf9b939f816fd2f2c4b11a7b9786d7b9cf6d8353293c85

Download Submit
\Windows\system\HDnsFrt.exe

Filesize
2.0MB

MD5
2afb1c3ec21b5c20aac8406e7e61401f

SHA1
b823e2832af57a79d718fef7821f4298b1694084

SHA256
ea4dc550b9f22619b06635198069f11057ba17aa2b74cce3155041d845e290bd

SHA512
674ae07fb5c984319b37ca21d45d5377f34c85385d12d4fcc51da45b5a4475ce372f2fa8172cd1f17de8c16a8f90375beb97305174f4d1f7480a3eea6ce7ea9d

Download Submit
memory/1724-9-0x000000013FED0000-0x0000000140224000-memory.dmp

Filesize
3.3MB

Download
memory/1724-1069-0x000000013FED0000-0x0000000140224000-memory.dmp

Filesize
3.3MB

Download
memory/1724-1078-0x000000013FED0000-0x0000000140224000-memory.dmp

Filesize
3.3MB

Download
memory/1956-292-0x000000013F8D0000-0x000000013FC24000-memory.dmp

Filesize
3.3MB

Download
memory/1956-1090-0x000000013F8D0000-0x000000013FC24000-memory.dmp

Filesize
3.3MB

Download
memory/2120-285-0x000000013F260000-0x000000013F5B4000-memory.dmp

Filesize
3.3MB

Download
memory/2120-0-0x000000013F790000-0x000000013FAE4000-memory.dmp

Filesize
3.3MB

Download
memory/2120-300-0x000000013F410000-0x000000013F764000-memory.dmp

Filesize
3.3MB

Download
memory/2120-287-0x0000000001F30000-0x0000000002284000-memory.dmp

Filesize
3.3MB

Download
memory/2120-291-0x0000000001F30000-0x0000000002284000-memory.dmp

Filesize
3.3MB

Download
memory/2120-1076-0x000000013F0C0000-0x000000013F414000-memory.dmp

Filesize
3.3MB

Download
memory/2120-293-0x0000000001F30000-0x0000000002284000-memory.dmp

Filesize
3.3MB

Download
memory/2120-1077-0x000000013F410000-0x000000013F764000-memory.dmp

Filesize
3.3MB

Download
memory/2120-38-0x000000013F250000-0x000000013F5A4000-memory.dmp

Filesize
3.3MB

Download
memory/2120-1073-0x000000013FE90000-0x00000001401E4000-memory.dmp

Filesize
3.3MB

Download
memory/2120-1070-0x0000000001F30000-0x0000000002284000-memory.dmp

Filesize
3.3MB

Download
memory/2120-1035-0x000000013F790000-0x000000013FAE4000-memory.dmp

Filesize
3.3MB

Download
memory/2120-27-0x000000013F1B0000-0x000000013F504000-memory.dmp

Filesize
3.3MB

Download
memory/2120-283-0x0000000001F30000-0x0000000002284000-memory.dmp

Filesize
3.3MB

Download
memory/2120-298-0x000000013F0C0000-0x000000013F414000-memory.dmp

Filesize
3.3MB

Download
memory/2120-1-0x0000000000170000-0x0000000000180000-memory.dmp

Filesize
64KB

Download
memory/2120-272-0x000000013F350000-0x000000013F6A4000-memory.dmp

Filesize
3.3MB

Download
memory/2120-14-0x0000000001F30000-0x0000000002284000-memory.dmp

Filesize
3.3MB

Download
memory/2120-277-0x000000013F260000-0x000000013F5B4000-memory.dmp

Filesize
3.3MB

Download
memory/2120-7-0x000000013FED0000-0x0000000140224000-memory.dmp

Filesize
3.3MB

Download
memory/2196-16-0x000000013F560000-0x000000013F8B4000-memory.dmp

Filesize
3.3MB

Download
memory/2196-1079-0x000000013F560000-0x000000013F8B4000-memory.dmp

Filesize
3.3MB

Download
memory/2196-1071-0x000000013F560000-0x000000013F8B4000-memory.dmp

Filesize
3.3MB

Download
memory/2456-278-0x000000013F260000-0x000000013F5B4000-memory.dmp

Filesize
3.3MB

Download
memory/2456-1085-0x000000013F260000-0x000000013F5B4000-memory.dmp

Filesize
3.3MB

Download
memory/2488-1084-0x000000013F410000-0x000000013F764000-memory.dmp

Filesize
3.3MB

Download
memory/2488-268-0x000000013F410000-0x000000013F764000-memory.dmp

Filesize
3.3MB

Download
memory/2520-294-0x000000013F7A0000-0x000000013FAF4000-memory.dmp

Filesize
3.3MB

Download
memory/2520-1089-0x000000013F7A0000-0x000000013FAF4000-memory.dmp

Filesize
3.3MB

Download
memory/2524-1086-0x000000013F610000-0x000000013F964000-memory.dmp

Filesize
3.3MB

Download
memory/2524-284-0x000000013F610000-0x000000013F964000-memory.dmp

Filesize
3.3MB

Download
memory/2576-1083-0x000000013F0C0000-0x000000013F414000-memory.dmp

Filesize
3.3MB

Download
memory/2576-266-0x000000013F0C0000-0x000000013F414000-memory.dmp

Filesize
3.3MB

Download
memory/2624-1091-0x000000013F350000-0x000000013F6A4000-memory.dmp

Filesize
3.3MB

Download
memory/2624-274-0x000000013F350000-0x000000013F6A4000-memory.dmp

Filesize
3.3MB

Download
memory/2672-1072-0x000000013FE90000-0x00000001401E4000-memory.dmp

Filesize
3.3MB

Download
memory/2672-1080-0x000000013FE90000-0x00000001401E4000-memory.dmp

Filesize
3.3MB

Download
memory/2672-22-0x000000013FE90000-0x00000001401E4000-memory.dmp

Filesize
3.3MB

Download
memory/2704-1088-0x000000013F6D0000-0x000000013FA24000-memory.dmp

Filesize
3.3MB

Download
memory/2704-290-0x000000013F6D0000-0x000000013FA24000-memory.dmp

Filesize
3.3MB

Download
memory/2912-286-0x000000013F260000-0x000000013F5B4000-memory.dmp

Filesize
3.3MB

Download
memory/2912-1087-0x000000013F260000-0x000000013F5B4000-memory.dmp

Filesize
3.3MB

Download
memory/2996-1082-0x000000013F250000-0x000000013F5A4000-memory.dmp

Filesize
3.3MB

Download
memory/2996-264-0x000000013F250000-0x000000013F5A4000-memory.dmp

Filesize
3.3MB

Download
memory/2996-1075-0x000000013F250000-0x000000013F5A4000-memory.dmp

Filesize
3.3MB

Download
memory/3004-28-0x000000013F1B0000-0x000000013F504000-memory.dmp

Filesize
3.3MB

Download
memory/3004-1074-0x000000013F1B0000-0x000000013F504000-memory.dmp

Filesize
3.3MB

Download
memory/3004-1081-0x000000013F1B0000-0x000000013F504000-memory.dmp

Filesize
3.3MB

Download