xmrig | 422461f0658ac12e987b6f8fa8664361a704a43176efbe1712946bac9ff1cd6b

Analysis

max time kernel
139s
max time network
144s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
23-05-2024 02:30

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

786cdcbca8c9e85063a21714c4ce3520_NeikiAnalytics.exe
Size

1.4MB
MD5

786cdcbca8c9e85063a21714c4ce3520
SHA1

b2f25ef5e8c0a2877abcd2f6844165989c7e36ae
SHA256

422461f0658ac12e987b6f8fa8664361a704a43176efbe1712946bac9ff1cd6b
SHA512

63ca5168ccbc96bc460a3bcbe8bb992d7c450ab4373ff45a7105cbcb2eca2ac23be4550ecc93b1efc4f7391468db165c0cb00c7b8a493c604cff9e12f073f9ba
SSDEEP

24576:GezaTnG99Q8FcNrpyNdfE0bLBgDOp2iSLz9LbBwlKensYKkzGUfiI7pXu3ajGEwQ:GezaTF8FcNkNdfE0pZ9oztFwI6KQGyXF

Score

10^/10

xmrig miner

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 33 IoCs

miner

Processes:

resource	yara_rule
C:\Windows\System\mccVVPc.exe	xmrig
C:\Windows\System\kmvEDbp.exe	xmrig
C:\Windows\System\IlGQzhj.exe	xmrig
C:\Windows\System\UdoyzXX.exe	xmrig
C:\Windows\System\HQdEbnZ.exe	xmrig
C:\Windows\System\MkEyEoW.exe	xmrig
C:\Windows\System\acATpHD.exe	xmrig
C:\Windows\System\uWeZWtn.exe	xmrig
C:\Windows\System\yWLPkaF.exe	xmrig
C:\Windows\System\KakXobj.exe	xmrig
C:\Windows\System\uDBShXM.exe	xmrig
C:\Windows\System\RlxzbRW.exe	xmrig
C:\Windows\System\yqErcIC.exe	xmrig
C:\Windows\System\lOEWVKX.exe	xmrig
C:\Windows\System\FRciFgk.exe	xmrig
C:\Windows\System\xgLGrTi.exe	xmrig
C:\Windows\System\tdfVyGR.exe	xmrig
C:\Windows\System\XSbFgFy.exe	xmrig
C:\Windows\System\vbgkDCS.exe	xmrig
C:\Windows\System\ExPDXUS.exe	xmrig
C:\Windows\System\bJEmkVQ.exe	xmrig
C:\Windows\System\nrGAFvJ.exe	xmrig
C:\Windows\System\VRtEvYS.exe	xmrig
C:\Windows\System\nMhvctC.exe	xmrig
C:\Windows\System\tSAlyFO.exe	xmrig
C:\Windows\System\hLAQVTJ.exe	xmrig
C:\Windows\System\qksYcDC.exe	xmrig
C:\Windows\System\PGfzdHz.exe	xmrig
C:\Windows\System\rMAZIGE.exe	xmrig
C:\Windows\System\fDuVcsT.exe	xmrig
C:\Windows\System\WNgsugY.exe	xmrig
C:\Windows\System\HcoovET.exe	xmrig
C:\Windows\System\HmJmJHA.exe	xmrig

Executes dropped EXE 64 IoCs

Processes:

mccVVPc.exeIlGQzhj.exekmvEDbp.exeHQdEbnZ.exeUdoyzXX.exeHmJmJHA.exeMkEyEoW.exeacATpHD.exeHcoovET.exeuWeZWtn.exeWNgsugY.exefDuVcsT.exerMAZIGE.exePGfzdHz.exeqksYcDC.exehLAQVTJ.exetSAlyFO.exenMhvctC.exeVRtEvYS.exenrGAFvJ.exebJEmkVQ.exeExPDXUS.exeyWLPkaF.exevbgkDCS.exeXSbFgFy.exetdfVyGR.exexgLGrTi.exeFRciFgk.exelOEWVKX.exeyqErcIC.exeuDBShXM.exeRlxzbRW.exeKakXobj.exeHcxSTdr.exeSGqPaLp.exescJFIKw.exeIKOSIlH.exeSGwsBAk.exelIGcmFl.exeTOFocpG.exeVdsNWNt.exeMCpyVkr.exeshBhNIj.exevglNYnE.exemdyAWpp.exeqqGdkPm.exejMwOPEG.exeIgsdVij.exedoLrFrx.exeJupAuWv.exeahdvKld.exeudedWCG.exeyqJCKhx.exemlybWAH.exeHpQhSpk.exenvmsMWC.exesYBCRaS.exekEIeqKp.exehjimvJB.exeQuZVHSg.execqbcmWW.exeaBfGEBB.exeGQgjkfA.exeWTRxxjM.exe

pid	process
4664	mccVVPc.exe
400	IlGQzhj.exe
3412	kmvEDbp.exe
3348	HQdEbnZ.exe
3992	UdoyzXX.exe
408	HmJmJHA.exe
1484	MkEyEoW.exe
2620	acATpHD.exe
4732	HcoovET.exe
5056	uWeZWtn.exe
5024	WNgsugY.exe
3928	fDuVcsT.exe
2912	rMAZIGE.exe
2028	PGfzdHz.exe
884	qksYcDC.exe
456	hLAQVTJ.exe
4996	tSAlyFO.exe
2920	nMhvctC.exe
4372	VRtEvYS.exe
2648	nrGAFvJ.exe
4520	bJEmkVQ.exe
1368	ExPDXUS.exe
2384	yWLPkaF.exe
4500	vbgkDCS.exe
4792	XSbFgFy.exe
3608	tdfVyGR.exe
1520	xgLGrTi.exe
4812	FRciFgk.exe
1272	lOEWVKX.exe
4604	yqErcIC.exe
3968	uDBShXM.exe
2328	RlxzbRW.exe
1460	KakXobj.exe
1932	HcxSTdr.exe
2248	SGqPaLp.exe
2508	scJFIKw.exe
3940	IKOSIlH.exe
1508	SGwsBAk.exe
684	lIGcmFl.exe
1524	TOFocpG.exe
3364	VdsNWNt.exe
2208	MCpyVkr.exe
2796	shBhNIj.exe
4840	vglNYnE.exe
1376	mdyAWpp.exe
1084	qqGdkPm.exe
2604	jMwOPEG.exe
4368	IgsdVij.exe
1176	doLrFrx.exe
4328	JupAuWv.exe
4308	ahdvKld.exe
212	udedWCG.exe
1592	yqJCKhx.exe
4708	mlybWAH.exe
3588	HpQhSpk.exe
4008	nvmsMWC.exe
2064	sYBCRaS.exe
4252	kEIeqKp.exe
5108	hjimvJB.exe
3140	QuZVHSg.exe
5092	cqbcmWW.exe
3424	aBfGEBB.exe
5116	GQgjkfA.exe
2200	WTRxxjM.exe

Drops file in Windows directory 64 IoCs

Processes:

786cdcbca8c9e85063a21714c4ce3520_NeikiAnalytics.exe

description	ioc	process
File created	C:\Windows\System\OvFcvFD.exe	786cdcbca8c9e85063a21714c4ce3520_NeikiAnalytics.exe
File created	C:\Windows\System\kEIeqKp.exe	786cdcbca8c9e85063a21714c4ce3520_NeikiAnalytics.exe
File created	C:\Windows\System\REQvhcV.exe	786cdcbca8c9e85063a21714c4ce3520_NeikiAnalytics.exe
File created	C:\Windows\System\mdyAWpp.exe	786cdcbca8c9e85063a21714c4ce3520_NeikiAnalytics.exe
File created	C:\Windows\System\aBfGEBB.exe	786cdcbca8c9e85063a21714c4ce3520_NeikiAnalytics.exe
File created	C:\Windows\System\BfwHjQJ.exe	786cdcbca8c9e85063a21714c4ce3520_NeikiAnalytics.exe
File created	C:\Windows\System\IPQyOrR.exe	786cdcbca8c9e85063a21714c4ce3520_NeikiAnalytics.exe
File created	C:\Windows\System\WNgsugY.exe	786cdcbca8c9e85063a21714c4ce3520_NeikiAnalytics.exe
File created	C:\Windows\System\yEYuFmK.exe	786cdcbca8c9e85063a21714c4ce3520_NeikiAnalytics.exe
File created	C:\Windows\System\Ywafmkf.exe	786cdcbca8c9e85063a21714c4ce3520_NeikiAnalytics.exe
File created	C:\Windows\System\RlxzbRW.exe	786cdcbca8c9e85063a21714c4ce3520_NeikiAnalytics.exe
File created	C:\Windows\System\cDVnITb.exe	786cdcbca8c9e85063a21714c4ce3520_NeikiAnalytics.exe
File created	C:\Windows\System\PGJidzF.exe	786cdcbca8c9e85063a21714c4ce3520_NeikiAnalytics.exe
File created	C:\Windows\System\fsnuFPc.exe	786cdcbca8c9e85063a21714c4ce3520_NeikiAnalytics.exe
File created	C:\Windows\System\XDDPCIY.exe	786cdcbca8c9e85063a21714c4ce3520_NeikiAnalytics.exe
File created	C:\Windows\System\yWLPkaF.exe	786cdcbca8c9e85063a21714c4ce3520_NeikiAnalytics.exe
File created	C:\Windows\System\udHMdYv.exe	786cdcbca8c9e85063a21714c4ce3520_NeikiAnalytics.exe
File created	C:\Windows\System\QddbPQz.exe	786cdcbca8c9e85063a21714c4ce3520_NeikiAnalytics.exe
File created	C:\Windows\System\HmzDwyk.exe	786cdcbca8c9e85063a21714c4ce3520_NeikiAnalytics.exe
File created	C:\Windows\System\jwRRQoM.exe	786cdcbca8c9e85063a21714c4ce3520_NeikiAnalytics.exe
File created	C:\Windows\System\tooEsNQ.exe	786cdcbca8c9e85063a21714c4ce3520_NeikiAnalytics.exe
File created	C:\Windows\System\PGfzdHz.exe	786cdcbca8c9e85063a21714c4ce3520_NeikiAnalytics.exe
File created	C:\Windows\System\qBrXwam.exe	786cdcbca8c9e85063a21714c4ce3520_NeikiAnalytics.exe
File created	C:\Windows\System\dfMktiQ.exe	786cdcbca8c9e85063a21714c4ce3520_NeikiAnalytics.exe
File created	C:\Windows\System\MkEyEoW.exe	786cdcbca8c9e85063a21714c4ce3520_NeikiAnalytics.exe
File created	C:\Windows\System\tRUrDsF.exe	786cdcbca8c9e85063a21714c4ce3520_NeikiAnalytics.exe
File created	C:\Windows\System\xgLGrTi.exe	786cdcbca8c9e85063a21714c4ce3520_NeikiAnalytics.exe
File created	C:\Windows\System\HmJmJHA.exe	786cdcbca8c9e85063a21714c4ce3520_NeikiAnalytics.exe
File created	C:\Windows\System\yqJCKhx.exe	786cdcbca8c9e85063a21714c4ce3520_NeikiAnalytics.exe
File created	C:\Windows\System\sYBCRaS.exe	786cdcbca8c9e85063a21714c4ce3520_NeikiAnalytics.exe
File created	C:\Windows\System\dYqvbkU.exe	786cdcbca8c9e85063a21714c4ce3520_NeikiAnalytics.exe
File created	C:\Windows\System\ufEVCAd.exe	786cdcbca8c9e85063a21714c4ce3520_NeikiAnalytics.exe
File created	C:\Windows\System\cqbcmWW.exe	786cdcbca8c9e85063a21714c4ce3520_NeikiAnalytics.exe
File created	C:\Windows\System\wxhgLYj.exe	786cdcbca8c9e85063a21714c4ce3520_NeikiAnalytics.exe
File created	C:\Windows\System\uRnHrUv.exe	786cdcbca8c9e85063a21714c4ce3520_NeikiAnalytics.exe
File created	C:\Windows\System\VdsNWNt.exe	786cdcbca8c9e85063a21714c4ce3520_NeikiAnalytics.exe
File created	C:\Windows\System\jqDsoFX.exe	786cdcbca8c9e85063a21714c4ce3520_NeikiAnalytics.exe
File created	C:\Windows\System\PJmJDNm.exe	786cdcbca8c9e85063a21714c4ce3520_NeikiAnalytics.exe
File created	C:\Windows\System\lOEWVKX.exe	786cdcbca8c9e85063a21714c4ce3520_NeikiAnalytics.exe
File created	C:\Windows\System\HpQhSpk.exe	786cdcbca8c9e85063a21714c4ce3520_NeikiAnalytics.exe
File created	C:\Windows\System\YtRnjbu.exe	786cdcbca8c9e85063a21714c4ce3520_NeikiAnalytics.exe
File created	C:\Windows\System\EpsrRxV.exe	786cdcbca8c9e85063a21714c4ce3520_NeikiAnalytics.exe
File created	C:\Windows\System\aTqADgR.exe	786cdcbca8c9e85063a21714c4ce3520_NeikiAnalytics.exe
File created	C:\Windows\System\qksYcDC.exe	786cdcbca8c9e85063a21714c4ce3520_NeikiAnalytics.exe
File created	C:\Windows\System\afbeCwW.exe	786cdcbca8c9e85063a21714c4ce3520_NeikiAnalytics.exe
File created	C:\Windows\System\bjswLeo.exe	786cdcbca8c9e85063a21714c4ce3520_NeikiAnalytics.exe
File created	C:\Windows\System\qqGdkPm.exe	786cdcbca8c9e85063a21714c4ce3520_NeikiAnalytics.exe
File created	C:\Windows\System\SilAcSD.exe	786cdcbca8c9e85063a21714c4ce3520_NeikiAnalytics.exe
File created	C:\Windows\System\jbvraCj.exe	786cdcbca8c9e85063a21714c4ce3520_NeikiAnalytics.exe
File created	C:\Windows\System\innTeeZ.exe	786cdcbca8c9e85063a21714c4ce3520_NeikiAnalytics.exe
File created	C:\Windows\System\vglNYnE.exe	786cdcbca8c9e85063a21714c4ce3520_NeikiAnalytics.exe
File created	C:\Windows\System\ahdvKld.exe	786cdcbca8c9e85063a21714c4ce3520_NeikiAnalytics.exe
File created	C:\Windows\System\jjHNTYe.exe	786cdcbca8c9e85063a21714c4ce3520_NeikiAnalytics.exe
File created	C:\Windows\System\wBuKuuq.exe	786cdcbca8c9e85063a21714c4ce3520_NeikiAnalytics.exe
File created	C:\Windows\System\QgEUIUg.exe	786cdcbca8c9e85063a21714c4ce3520_NeikiAnalytics.exe
File created	C:\Windows\System\JupAuWv.exe	786cdcbca8c9e85063a21714c4ce3520_NeikiAnalytics.exe
File created	C:\Windows\System\uLrzEAO.exe	786cdcbca8c9e85063a21714c4ce3520_NeikiAnalytics.exe
File created	C:\Windows\System\nBgaQGi.exe	786cdcbca8c9e85063a21714c4ce3520_NeikiAnalytics.exe
File created	C:\Windows\System\dJYPiJr.exe	786cdcbca8c9e85063a21714c4ce3520_NeikiAnalytics.exe
File created	C:\Windows\System\shBhNIj.exe	786cdcbca8c9e85063a21714c4ce3520_NeikiAnalytics.exe
File created	C:\Windows\System\bhqruUG.exe	786cdcbca8c9e85063a21714c4ce3520_NeikiAnalytics.exe
File created	C:\Windows\System\YQVhqaU.exe	786cdcbca8c9e85063a21714c4ce3520_NeikiAnalytics.exe
File created	C:\Windows\System\WYVNhGe.exe	786cdcbca8c9e85063a21714c4ce3520_NeikiAnalytics.exe
File created	C:\Windows\System\KzjhJsg.exe	786cdcbca8c9e85063a21714c4ce3520_NeikiAnalytics.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

Processes:

786cdcbca8c9e85063a21714c4ce3520_NeikiAnalytics.exe

description	pid	process
Token: SeLockMemoryPrivilege	3416	786cdcbca8c9e85063a21714c4ce3520_NeikiAnalytics.exe
Token: SeLockMemoryPrivilege	3416	786cdcbca8c9e85063a21714c4ce3520_NeikiAnalytics.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

786cdcbca8c9e85063a21714c4ce3520_NeikiAnalytics.exe

description	pid	process	target process
PID 3416 wrote to memory of 4664	3416	786cdcbca8c9e85063a21714c4ce3520_NeikiAnalytics.exe	mccVVPc.exe
PID 3416 wrote to memory of 4664	3416	786cdcbca8c9e85063a21714c4ce3520_NeikiAnalytics.exe	mccVVPc.exe
PID 3416 wrote to memory of 400	3416	786cdcbca8c9e85063a21714c4ce3520_NeikiAnalytics.exe	IlGQzhj.exe
PID 3416 wrote to memory of 400	3416	786cdcbca8c9e85063a21714c4ce3520_NeikiAnalytics.exe	IlGQzhj.exe
PID 3416 wrote to memory of 3412	3416	786cdcbca8c9e85063a21714c4ce3520_NeikiAnalytics.exe	kmvEDbp.exe
PID 3416 wrote to memory of 3412	3416	786cdcbca8c9e85063a21714c4ce3520_NeikiAnalytics.exe	kmvEDbp.exe
PID 3416 wrote to memory of 3348	3416	786cdcbca8c9e85063a21714c4ce3520_NeikiAnalytics.exe	HQdEbnZ.exe
PID 3416 wrote to memory of 3348	3416	786cdcbca8c9e85063a21714c4ce3520_NeikiAnalytics.exe	HQdEbnZ.exe
PID 3416 wrote to memory of 3992	3416	786cdcbca8c9e85063a21714c4ce3520_NeikiAnalytics.exe	UdoyzXX.exe
PID 3416 wrote to memory of 3992	3416	786cdcbca8c9e85063a21714c4ce3520_NeikiAnalytics.exe	UdoyzXX.exe
PID 3416 wrote to memory of 408	3416	786cdcbca8c9e85063a21714c4ce3520_NeikiAnalytics.exe	HmJmJHA.exe
PID 3416 wrote to memory of 408	3416	786cdcbca8c9e85063a21714c4ce3520_NeikiAnalytics.exe	HmJmJHA.exe
PID 3416 wrote to memory of 1484	3416	786cdcbca8c9e85063a21714c4ce3520_NeikiAnalytics.exe	MkEyEoW.exe
PID 3416 wrote to memory of 1484	3416	786cdcbca8c9e85063a21714c4ce3520_NeikiAnalytics.exe	MkEyEoW.exe
PID 3416 wrote to memory of 2620	3416	786cdcbca8c9e85063a21714c4ce3520_NeikiAnalytics.exe	acATpHD.exe
PID 3416 wrote to memory of 2620	3416	786cdcbca8c9e85063a21714c4ce3520_NeikiAnalytics.exe	acATpHD.exe
PID 3416 wrote to memory of 4732	3416	786cdcbca8c9e85063a21714c4ce3520_NeikiAnalytics.exe	HcoovET.exe
PID 3416 wrote to memory of 4732	3416	786cdcbca8c9e85063a21714c4ce3520_NeikiAnalytics.exe	HcoovET.exe
PID 3416 wrote to memory of 5056	3416	786cdcbca8c9e85063a21714c4ce3520_NeikiAnalytics.exe	uWeZWtn.exe
PID 3416 wrote to memory of 5056	3416	786cdcbca8c9e85063a21714c4ce3520_NeikiAnalytics.exe	uWeZWtn.exe
PID 3416 wrote to memory of 5024	3416	786cdcbca8c9e85063a21714c4ce3520_NeikiAnalytics.exe	WNgsugY.exe
PID 3416 wrote to memory of 5024	3416	786cdcbca8c9e85063a21714c4ce3520_NeikiAnalytics.exe	WNgsugY.exe
PID 3416 wrote to memory of 3928	3416	786cdcbca8c9e85063a21714c4ce3520_NeikiAnalytics.exe	fDuVcsT.exe
PID 3416 wrote to memory of 3928	3416	786cdcbca8c9e85063a21714c4ce3520_NeikiAnalytics.exe	fDuVcsT.exe
PID 3416 wrote to memory of 2912	3416	786cdcbca8c9e85063a21714c4ce3520_NeikiAnalytics.exe	rMAZIGE.exe
PID 3416 wrote to memory of 2912	3416	786cdcbca8c9e85063a21714c4ce3520_NeikiAnalytics.exe	rMAZIGE.exe
PID 3416 wrote to memory of 2028	3416	786cdcbca8c9e85063a21714c4ce3520_NeikiAnalytics.exe	PGfzdHz.exe
PID 3416 wrote to memory of 2028	3416	786cdcbca8c9e85063a21714c4ce3520_NeikiAnalytics.exe	PGfzdHz.exe
PID 3416 wrote to memory of 884	3416	786cdcbca8c9e85063a21714c4ce3520_NeikiAnalytics.exe	qksYcDC.exe
PID 3416 wrote to memory of 884	3416	786cdcbca8c9e85063a21714c4ce3520_NeikiAnalytics.exe	qksYcDC.exe
PID 3416 wrote to memory of 456	3416	786cdcbca8c9e85063a21714c4ce3520_NeikiAnalytics.exe	hLAQVTJ.exe
PID 3416 wrote to memory of 456	3416	786cdcbca8c9e85063a21714c4ce3520_NeikiAnalytics.exe	hLAQVTJ.exe
PID 3416 wrote to memory of 4996	3416	786cdcbca8c9e85063a21714c4ce3520_NeikiAnalytics.exe	tSAlyFO.exe
PID 3416 wrote to memory of 4996	3416	786cdcbca8c9e85063a21714c4ce3520_NeikiAnalytics.exe	tSAlyFO.exe
PID 3416 wrote to memory of 2920	3416	786cdcbca8c9e85063a21714c4ce3520_NeikiAnalytics.exe	nMhvctC.exe
PID 3416 wrote to memory of 2920	3416	786cdcbca8c9e85063a21714c4ce3520_NeikiAnalytics.exe	nMhvctC.exe
PID 3416 wrote to memory of 4372	3416	786cdcbca8c9e85063a21714c4ce3520_NeikiAnalytics.exe	VRtEvYS.exe
PID 3416 wrote to memory of 4372	3416	786cdcbca8c9e85063a21714c4ce3520_NeikiAnalytics.exe	VRtEvYS.exe
PID 3416 wrote to memory of 2648	3416	786cdcbca8c9e85063a21714c4ce3520_NeikiAnalytics.exe	nrGAFvJ.exe
PID 3416 wrote to memory of 2648	3416	786cdcbca8c9e85063a21714c4ce3520_NeikiAnalytics.exe	nrGAFvJ.exe
PID 3416 wrote to memory of 4520	3416	786cdcbca8c9e85063a21714c4ce3520_NeikiAnalytics.exe	bJEmkVQ.exe
PID 3416 wrote to memory of 4520	3416	786cdcbca8c9e85063a21714c4ce3520_NeikiAnalytics.exe	bJEmkVQ.exe
PID 3416 wrote to memory of 1368	3416	786cdcbca8c9e85063a21714c4ce3520_NeikiAnalytics.exe	ExPDXUS.exe
PID 3416 wrote to memory of 1368	3416	786cdcbca8c9e85063a21714c4ce3520_NeikiAnalytics.exe	ExPDXUS.exe
PID 3416 wrote to memory of 2384	3416	786cdcbca8c9e85063a21714c4ce3520_NeikiAnalytics.exe	yWLPkaF.exe
PID 3416 wrote to memory of 2384	3416	786cdcbca8c9e85063a21714c4ce3520_NeikiAnalytics.exe	yWLPkaF.exe
PID 3416 wrote to memory of 4500	3416	786cdcbca8c9e85063a21714c4ce3520_NeikiAnalytics.exe	vbgkDCS.exe
PID 3416 wrote to memory of 4500	3416	786cdcbca8c9e85063a21714c4ce3520_NeikiAnalytics.exe	vbgkDCS.exe
PID 3416 wrote to memory of 4792	3416	786cdcbca8c9e85063a21714c4ce3520_NeikiAnalytics.exe	XSbFgFy.exe
PID 3416 wrote to memory of 4792	3416	786cdcbca8c9e85063a21714c4ce3520_NeikiAnalytics.exe	XSbFgFy.exe
PID 3416 wrote to memory of 3608	3416	786cdcbca8c9e85063a21714c4ce3520_NeikiAnalytics.exe	tdfVyGR.exe
PID 3416 wrote to memory of 3608	3416	786cdcbca8c9e85063a21714c4ce3520_NeikiAnalytics.exe	tdfVyGR.exe
PID 3416 wrote to memory of 1520	3416	786cdcbca8c9e85063a21714c4ce3520_NeikiAnalytics.exe	xgLGrTi.exe
PID 3416 wrote to memory of 1520	3416	786cdcbca8c9e85063a21714c4ce3520_NeikiAnalytics.exe	xgLGrTi.exe
PID 3416 wrote to memory of 4812	3416	786cdcbca8c9e85063a21714c4ce3520_NeikiAnalytics.exe	FRciFgk.exe
PID 3416 wrote to memory of 4812	3416	786cdcbca8c9e85063a21714c4ce3520_NeikiAnalytics.exe	FRciFgk.exe
PID 3416 wrote to memory of 1272	3416	786cdcbca8c9e85063a21714c4ce3520_NeikiAnalytics.exe	lOEWVKX.exe
PID 3416 wrote to memory of 1272	3416	786cdcbca8c9e85063a21714c4ce3520_NeikiAnalytics.exe	lOEWVKX.exe
PID 3416 wrote to memory of 4604	3416	786cdcbca8c9e85063a21714c4ce3520_NeikiAnalytics.exe	yqErcIC.exe
PID 3416 wrote to memory of 4604	3416	786cdcbca8c9e85063a21714c4ce3520_NeikiAnalytics.exe	yqErcIC.exe
PID 3416 wrote to memory of 3968	3416	786cdcbca8c9e85063a21714c4ce3520_NeikiAnalytics.exe	uDBShXM.exe
PID 3416 wrote to memory of 3968	3416	786cdcbca8c9e85063a21714c4ce3520_NeikiAnalytics.exe	uDBShXM.exe
PID 3416 wrote to memory of 2328	3416	786cdcbca8c9e85063a21714c4ce3520_NeikiAnalytics.exe	RlxzbRW.exe
PID 3416 wrote to memory of 2328	3416	786cdcbca8c9e85063a21714c4ce3520_NeikiAnalytics.exe	RlxzbRW.exe

C:\Users\Admin\AppData\Local\Temp\786cdcbca8c9e85063a21714c4ce3520_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\786cdcbca8c9e85063a21714c4ce3520_NeikiAnalytics.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:3416

C:\Windows\System\mccVVPc.exe
C:\Windows\System\mccVVPc.exe
2⤵
- Executes dropped EXE
PID:4664

C:\Windows\System\IlGQzhj.exe
C:\Windows\System\IlGQzhj.exe
2⤵
- Executes dropped EXE
PID:400

C:\Windows\System\kmvEDbp.exe
C:\Windows\System\kmvEDbp.exe
2⤵
- Executes dropped EXE
PID:3412

C:\Windows\System\HQdEbnZ.exe
C:\Windows\System\HQdEbnZ.exe
2⤵
- Executes dropped EXE
PID:3348

C:\Windows\System\UdoyzXX.exe
C:\Windows\System\UdoyzXX.exe
2⤵
- Executes dropped EXE
PID:3992

C:\Windows\System\HmJmJHA.exe
C:\Windows\System\HmJmJHA.exe
2⤵
- Executes dropped EXE
PID:408

C:\Windows\System\MkEyEoW.exe
C:\Windows\System\MkEyEoW.exe
2⤵
- Executes dropped EXE
PID:1484

C:\Windows\System\acATpHD.exe
C:\Windows\System\acATpHD.exe
2⤵
- Executes dropped EXE
PID:2620

C:\Windows\System\HcoovET.exe
C:\Windows\System\HcoovET.exe
2⤵
- Executes dropped EXE
PID:4732

C:\Windows\System\uWeZWtn.exe
C:\Windows\System\uWeZWtn.exe
2⤵
- Executes dropped EXE
PID:5056

C:\Windows\System\WNgsugY.exe
C:\Windows\System\WNgsugY.exe
2⤵
- Executes dropped EXE
PID:5024

C:\Windows\System\fDuVcsT.exe
C:\Windows\System\fDuVcsT.exe
2⤵
- Executes dropped EXE
PID:3928

C:\Windows\System\rMAZIGE.exe
C:\Windows\System\rMAZIGE.exe
2⤵
- Executes dropped EXE
PID:2912

C:\Windows\System\PGfzdHz.exe
C:\Windows\System\PGfzdHz.exe
2⤵
- Executes dropped EXE
PID:2028

C:\Windows\System\qksYcDC.exe
C:\Windows\System\qksYcDC.exe
2⤵
- Executes dropped EXE
PID:884

C:\Windows\System\hLAQVTJ.exe
C:\Windows\System\hLAQVTJ.exe
2⤵
- Executes dropped EXE
PID:456

C:\Windows\System\tSAlyFO.exe
C:\Windows\System\tSAlyFO.exe
2⤵
- Executes dropped EXE
PID:4996

C:\Windows\System\nMhvctC.exe
C:\Windows\System\nMhvctC.exe
2⤵
- Executes dropped EXE
PID:2920

C:\Windows\System\VRtEvYS.exe
C:\Windows\System\VRtEvYS.exe
2⤵
- Executes dropped EXE
PID:4372

C:\Windows\System\nrGAFvJ.exe
C:\Windows\System\nrGAFvJ.exe
2⤵
- Executes dropped EXE
PID:2648

C:\Windows\System\bJEmkVQ.exe
C:\Windows\System\bJEmkVQ.exe
2⤵
- Executes dropped EXE
PID:4520

C:\Windows\System\ExPDXUS.exe
C:\Windows\System\ExPDXUS.exe
2⤵
- Executes dropped EXE
PID:1368

C:\Windows\System\yWLPkaF.exe
C:\Windows\System\yWLPkaF.exe
2⤵
- Executes dropped EXE
PID:2384

C:\Windows\System\vbgkDCS.exe
C:\Windows\System\vbgkDCS.exe
2⤵
- Executes dropped EXE
PID:4500

C:\Windows\System\XSbFgFy.exe
C:\Windows\System\XSbFgFy.exe
2⤵
- Executes dropped EXE
PID:4792

C:\Windows\System\tdfVyGR.exe
C:\Windows\System\tdfVyGR.exe
2⤵
- Executes dropped EXE
PID:3608

C:\Windows\System\xgLGrTi.exe
C:\Windows\System\xgLGrTi.exe
2⤵
- Executes dropped EXE
PID:1520

C:\Windows\System\FRciFgk.exe
C:\Windows\System\FRciFgk.exe
2⤵
- Executes dropped EXE
PID:4812

C:\Windows\System\lOEWVKX.exe
C:\Windows\System\lOEWVKX.exe
2⤵
- Executes dropped EXE
PID:1272

C:\Windows\System\yqErcIC.exe
C:\Windows\System\yqErcIC.exe
2⤵
- Executes dropped EXE
PID:4604

C:\Windows\System\uDBShXM.exe
C:\Windows\System\uDBShXM.exe
2⤵
- Executes dropped EXE
PID:3968

C:\Windows\System\RlxzbRW.exe
C:\Windows\System\RlxzbRW.exe
2⤵
- Executes dropped EXE
PID:2328

C:\Windows\System\KakXobj.exe
C:\Windows\System\KakXobj.exe
2⤵
- Executes dropped EXE
PID:1460

C:\Windows\System\HcxSTdr.exe
C:\Windows\System\HcxSTdr.exe
2⤵
- Executes dropped EXE
PID:1932

C:\Windows\System\SGqPaLp.exe
C:\Windows\System\SGqPaLp.exe
2⤵
- Executes dropped EXE
PID:2248

C:\Windows\System\scJFIKw.exe
C:\Windows\System\scJFIKw.exe
2⤵
- Executes dropped EXE
PID:2508

C:\Windows\System\IKOSIlH.exe
C:\Windows\System\IKOSIlH.exe
2⤵
- Executes dropped EXE
PID:3940

C:\Windows\System\SGwsBAk.exe
C:\Windows\System\SGwsBAk.exe
2⤵
- Executes dropped EXE
PID:1508

C:\Windows\System\lIGcmFl.exe
C:\Windows\System\lIGcmFl.exe
2⤵
- Executes dropped EXE
PID:684

C:\Windows\System\TOFocpG.exe
C:\Windows\System\TOFocpG.exe
2⤵
- Executes dropped EXE
PID:1524

C:\Windows\System\VdsNWNt.exe
C:\Windows\System\VdsNWNt.exe
2⤵
- Executes dropped EXE
PID:3364

C:\Windows\System\MCpyVkr.exe
C:\Windows\System\MCpyVkr.exe
2⤵
- Executes dropped EXE
PID:2208

C:\Windows\System\shBhNIj.exe
C:\Windows\System\shBhNIj.exe
2⤵
- Executes dropped EXE
PID:2796

C:\Windows\System\vglNYnE.exe
C:\Windows\System\vglNYnE.exe
2⤵
- Executes dropped EXE
PID:4840

C:\Windows\System\mdyAWpp.exe
C:\Windows\System\mdyAWpp.exe
2⤵
- Executes dropped EXE
PID:1376

C:\Windows\System\qqGdkPm.exe
C:\Windows\System\qqGdkPm.exe
2⤵
- Executes dropped EXE
PID:1084

C:\Windows\System\jMwOPEG.exe
C:\Windows\System\jMwOPEG.exe
2⤵
- Executes dropped EXE
PID:2604

C:\Windows\System\IgsdVij.exe
C:\Windows\System\IgsdVij.exe
2⤵
- Executes dropped EXE
PID:4368

C:\Windows\System\doLrFrx.exe
C:\Windows\System\doLrFrx.exe
2⤵
- Executes dropped EXE
PID:1176

C:\Windows\System\JupAuWv.exe
C:\Windows\System\JupAuWv.exe
2⤵
- Executes dropped EXE
PID:4328

C:\Windows\System\ahdvKld.exe
C:\Windows\System\ahdvKld.exe
2⤵
- Executes dropped EXE
PID:4308

C:\Windows\System\udedWCG.exe
C:\Windows\System\udedWCG.exe
2⤵
- Executes dropped EXE
PID:212

C:\Windows\System\yqJCKhx.exe
C:\Windows\System\yqJCKhx.exe
2⤵
- Executes dropped EXE
PID:1592

C:\Windows\System\mlybWAH.exe
C:\Windows\System\mlybWAH.exe
2⤵
- Executes dropped EXE
PID:4708

C:\Windows\System\HpQhSpk.exe
C:\Windows\System\HpQhSpk.exe
2⤵
- Executes dropped EXE
PID:3588

C:\Windows\System\nvmsMWC.exe
C:\Windows\System\nvmsMWC.exe
2⤵
- Executes dropped EXE
PID:4008

C:\Windows\System\sYBCRaS.exe
C:\Windows\System\sYBCRaS.exe
2⤵
- Executes dropped EXE
PID:2064

C:\Windows\System\kEIeqKp.exe
C:\Windows\System\kEIeqKp.exe
2⤵
- Executes dropped EXE
PID:4252

C:\Windows\System\hjimvJB.exe
C:\Windows\System\hjimvJB.exe
2⤵
- Executes dropped EXE
PID:5108

C:\Windows\System\QuZVHSg.exe
C:\Windows\System\QuZVHSg.exe
2⤵
- Executes dropped EXE
PID:3140

C:\Windows\System\cqbcmWW.exe
C:\Windows\System\cqbcmWW.exe
2⤵
- Executes dropped EXE
PID:5092

C:\Windows\System\aBfGEBB.exe
C:\Windows\System\aBfGEBB.exe
2⤵
- Executes dropped EXE
PID:3424

C:\Windows\System\GQgjkfA.exe
C:\Windows\System\GQgjkfA.exe
2⤵
- Executes dropped EXE
PID:5116

C:\Windows\System\WTRxxjM.exe
C:\Windows\System\WTRxxjM.exe
2⤵
- Executes dropped EXE
PID:2200

C:\Windows\System\PaChIVI.exe
C:\Windows\System\PaChIVI.exe
2⤵
PID:4600

C:\Windows\System\NpucsDP.exe
C:\Windows\System\NpucsDP.exe
2⤵
PID:3148

C:\Windows\System\PJmJDNm.exe
C:\Windows\System\PJmJDNm.exe
2⤵
PID:4572

C:\Windows\System\DWFVTwJ.exe
C:\Windows\System\DWFVTwJ.exe
2⤵
PID:4552

C:\Windows\System\fxMwhMG.exe
C:\Windows\System\fxMwhMG.exe
2⤵
PID:2764

C:\Windows\System\hAfVdcu.exe
C:\Windows\System\hAfVdcu.exe
2⤵
PID:2720

C:\Windows\System\dYqvbkU.exe
C:\Windows\System\dYqvbkU.exe
2⤵
PID:4020

C:\Windows\System\uLrzEAO.exe
C:\Windows\System\uLrzEAO.exe
2⤵
PID:2888

C:\Windows\System\JkknyNi.exe
C:\Windows\System\JkknyNi.exe
2⤵
PID:1256

C:\Windows\System\aVmYemM.exe
C:\Windows\System\aVmYemM.exe
2⤵
PID:2092

C:\Windows\System\AKyEhGh.exe
C:\Windows\System\AKyEhGh.exe
2⤵
PID:5032

C:\Windows\System\nRjfXbW.exe
C:\Windows\System\nRjfXbW.exe
2⤵
PID:4896

C:\Windows\System\YtRnjbu.exe
C:\Windows\System\YtRnjbu.exe
2⤵
PID:2512

C:\Windows\System\ntSzsCj.exe
C:\Windows\System\ntSzsCj.exe
2⤵
PID:4216

C:\Windows\System\GLmtVaV.exe
C:\Windows\System\GLmtVaV.exe
2⤵
PID:2952

C:\Windows\System\qBrXwam.exe
C:\Windows\System\qBrXwam.exe
2⤵
PID:4844

C:\Windows\System\kLXlpmQ.exe
C:\Windows\System\kLXlpmQ.exe
2⤵
PID:3448

C:\Windows\System\cDVnITb.exe
C:\Windows\System\cDVnITb.exe
2⤵
PID:2452

C:\Windows\System\BRZmEYf.exe
C:\Windows\System\BRZmEYf.exe
2⤵
PID:4892

C:\Windows\System\PGIvEJi.exe
C:\Windows\System\PGIvEJi.exe
2⤵
PID:5124

C:\Windows\System\OvFcvFD.exe
C:\Windows\System\OvFcvFD.exe
2⤵
PID:5148

C:\Windows\System\zJihnIb.exe
C:\Windows\System\zJihnIb.exe
2⤵
PID:5176

C:\Windows\System\RmqIVfu.exe
C:\Windows\System\RmqIVfu.exe
2⤵
PID:5204

C:\Windows\System\bRBcYjS.exe
C:\Windows\System\bRBcYjS.exe
2⤵
PID:5236

C:\Windows\System\ouYFcDE.exe
C:\Windows\System\ouYFcDE.exe
2⤵
PID:5264

C:\Windows\System\GtyJOzg.exe
C:\Windows\System\GtyJOzg.exe
2⤵
PID:5288

C:\Windows\System\NJgYeCh.exe
C:\Windows\System\NJgYeCh.exe
2⤵
PID:5316

C:\Windows\System\YmOotvb.exe
C:\Windows\System\YmOotvb.exe
2⤵
PID:5348

C:\Windows\System\TqtgzGO.exe
C:\Windows\System\TqtgzGO.exe
2⤵
PID:5372

C:\Windows\System\CUUgdkp.exe
C:\Windows\System\CUUgdkp.exe
2⤵
PID:5404

C:\Windows\System\ziWHORC.exe
C:\Windows\System\ziWHORC.exe
2⤵
PID:5432

C:\Windows\System\ZyGNUrW.exe
C:\Windows\System\ZyGNUrW.exe
2⤵
PID:5460

C:\Windows\System\tscueRy.exe
C:\Windows\System\tscueRy.exe
2⤵
PID:5488

C:\Windows\System\iItFwsE.exe
C:\Windows\System\iItFwsE.exe
2⤵
PID:5516

C:\Windows\System\fikiWqL.exe
C:\Windows\System\fikiWqL.exe
2⤵
PID:5540

C:\Windows\System\qybMKHA.exe
C:\Windows\System\qybMKHA.exe
2⤵
PID:5572

C:\Windows\System\wFvxPiY.exe
C:\Windows\System\wFvxPiY.exe
2⤵
PID:5596

C:\Windows\System\Fndooph.exe
C:\Windows\System\Fndooph.exe
2⤵
PID:5628

C:\Windows\System\BFswiBI.exe
C:\Windows\System\BFswiBI.exe
2⤵
PID:5652

C:\Windows\System\tRUrDsF.exe
C:\Windows\System\tRUrDsF.exe
2⤵
PID:5684

C:\Windows\System\aubMmtJ.exe
C:\Windows\System\aubMmtJ.exe
2⤵
PID:5712

C:\Windows\System\xgFZCsW.exe
C:\Windows\System\xgFZCsW.exe
2⤵
PID:5740

C:\Windows\System\yEYuFmK.exe
C:\Windows\System\yEYuFmK.exe
2⤵
PID:5768

C:\Windows\System\ubTWAgt.exe
C:\Windows\System\ubTWAgt.exe
2⤵
PID:5796

C:\Windows\System\KzjhJsg.exe
C:\Windows\System\KzjhJsg.exe
2⤵
PID:5824

C:\Windows\System\jOpdgZD.exe
C:\Windows\System\jOpdgZD.exe
2⤵
PID:5852

C:\Windows\System\YmktbMM.exe
C:\Windows\System\YmktbMM.exe
2⤵
PID:5896

C:\Windows\System\pdFJqpi.exe
C:\Windows\System\pdFJqpi.exe
2⤵
PID:5996

C:\Windows\System\awnFToC.exe
C:\Windows\System\awnFToC.exe
2⤵
PID:6032

C:\Windows\System\EpsrRxV.exe
C:\Windows\System\EpsrRxV.exe
2⤵
PID:6060

C:\Windows\System\aJkkKnG.exe
C:\Windows\System\aJkkKnG.exe
2⤵
PID:6080

C:\Windows\System\jjHNTYe.exe
C:\Windows\System\jjHNTYe.exe
2⤵
PID:6108

C:\Windows\System\NnctjdO.exe
C:\Windows\System\NnctjdO.exe
2⤵
PID:6136

C:\Windows\System\bhqruUG.exe
C:\Windows\System\bhqruUG.exe
2⤵
PID:1676

C:\Windows\System\uRnHrUv.exe
C:\Windows\System\uRnHrUv.exe
2⤵
PID:960

C:\Windows\System\udHMdYv.exe
C:\Windows\System\udHMdYv.exe
2⤵
PID:2776

C:\Windows\System\wBuKuuq.exe
C:\Windows\System\wBuKuuq.exe
2⤵
PID:5168

C:\Windows\System\fGofLei.exe
C:\Windows\System\fGofLei.exe
2⤵
PID:5228

C:\Windows\System\JKxtnzX.exe
C:\Windows\System\JKxtnzX.exe
2⤵
PID:5304

C:\Windows\System\KVkfQzQ.exe
C:\Windows\System\KVkfQzQ.exe
2⤵
PID:5336

C:\Windows\System\wjipUQF.exe
C:\Windows\System\wjipUQF.exe
2⤵
PID:5416

C:\Windows\System\dAoTFnW.exe
C:\Windows\System\dAoTFnW.exe
2⤵
PID:5452

C:\Windows\System\xBMJIqx.exe
C:\Windows\System\xBMJIqx.exe
2⤵
PID:5528

C:\Windows\System\jqDsoFX.exe
C:\Windows\System\jqDsoFX.exe
2⤵
PID:4920

C:\Windows\System\gXhFwjt.exe
C:\Windows\System\gXhFwjt.exe
2⤵
PID:5644

C:\Windows\System\nNxhNAc.exe
C:\Windows\System\nNxhNAc.exe
2⤵
PID:5704

C:\Windows\System\yVcuqWA.exe
C:\Windows\System\yVcuqWA.exe
2⤵
PID:5752

C:\Windows\System\FTlxNdw.exe
C:\Windows\System\FTlxNdw.exe
2⤵
PID:5892

C:\Windows\System\ouOcGhl.exe
C:\Windows\System\ouOcGhl.exe
2⤵
PID:5812

C:\Windows\System\NYBHeRi.exe
C:\Windows\System\NYBHeRi.exe
2⤵
PID:5864

C:\Windows\System\BigzLqM.exe
C:\Windows\System\BigzLqM.exe
2⤵
PID:5936

C:\Windows\System\ufEVCAd.exe
C:\Windows\System\ufEVCAd.exe
2⤵
PID:4464

C:\Windows\System\afbeCwW.exe
C:\Windows\System\afbeCwW.exe
2⤵
PID:2368

C:\Windows\System\AeIUtpR.exe
C:\Windows\System\AeIUtpR.exe
2⤵
PID:6040

C:\Windows\System\HkLCGHS.exe
C:\Windows\System\HkLCGHS.exe
2⤵
PID:6076

C:\Windows\System\SilAcSD.exe
C:\Windows\System\SilAcSD.exe
2⤵
PID:6124

C:\Windows\System\PGJidzF.exe
C:\Windows\System\PGJidzF.exe
2⤵
PID:3508

C:\Windows\System\smprBnx.exe
C:\Windows\System\smprBnx.exe
2⤵
PID:8

C:\Windows\System\lFDuXaq.exe
C:\Windows\System\lFDuXaq.exe
2⤵
PID:3380

C:\Windows\System\QddbPQz.exe
C:\Windows\System\QddbPQz.exe
2⤵
PID:5140

C:\Windows\System\jetZJXw.exe
C:\Windows\System\jetZJXw.exe
2⤵
PID:5220

C:\Windows\System\aTqADgR.exe
C:\Windows\System\aTqADgR.exe
2⤵
PID:2168

C:\Windows\System\HmzDwyk.exe
C:\Windows\System\HmzDwyk.exe
2⤵
PID:2624

C:\Windows\System\JAetfER.exe
C:\Windows\System\JAetfER.exe
2⤵
PID:5340

C:\Windows\System\WqlrNJj.exe
C:\Windows\System\WqlrNJj.exe
2⤵
PID:5536

C:\Windows\System\REQvhcV.exe
C:\Windows\System\REQvhcV.exe
2⤵
PID:5672

C:\Windows\System\YXpxKxi.exe
C:\Windows\System\YXpxKxi.exe
2⤵
PID:5052

C:\Windows\System\QkpDZfb.exe
C:\Windows\System\QkpDZfb.exe
2⤵
PID:3648

C:\Windows\System\YQVhqaU.exe
C:\Windows\System\YQVhqaU.exe
2⤵
PID:6104

C:\Windows\System\RpbHBXL.exe
C:\Windows\System\RpbHBXL.exe
2⤵
PID:5164

C:\Windows\System\BfwHjQJ.exe
C:\Windows\System\BfwHjQJ.exe
2⤵
PID:1840

C:\Windows\System\yvBObWD.exe
C:\Windows\System\yvBObWD.exe
2⤵
PID:4048

C:\Windows\System\TbLocxh.exe
C:\Windows\System\TbLocxh.exe
2⤵
PID:4028

C:\Windows\System\wxhgLYj.exe
C:\Windows\System\wxhgLYj.exe
2⤵
PID:2040

C:\Windows\System\YusrxIR.exe
C:\Windows\System\YusrxIR.exe
2⤵
PID:6072

C:\Windows\System\jwRRQoM.exe
C:\Windows\System\jwRRQoM.exe
2⤵
PID:3592

C:\Windows\System\vkgIlXS.exe
C:\Windows\System\vkgIlXS.exe
2⤵
PID:5500

C:\Windows\System\PYXYPbE.exe
C:\Windows\System\PYXYPbE.exe
2⤵
PID:3896

C:\Windows\System\VGlOkht.exe
C:\Windows\System\VGlOkht.exe
2⤵
PID:220

C:\Windows\System\qjiGuhG.exe
C:\Windows\System\qjiGuhG.exe
2⤵
PID:6160

C:\Windows\System\lEuqpFJ.exe
C:\Windows\System\lEuqpFJ.exe
2⤵
PID:6196

C:\Windows\System\ertMcDA.exe
C:\Windows\System\ertMcDA.exe
2⤵
PID:6232

C:\Windows\System\pAiMHkB.exe
C:\Windows\System\pAiMHkB.exe
2⤵
PID:6256

C:\Windows\System\tooEsNQ.exe
C:\Windows\System\tooEsNQ.exe
2⤵
PID:6284

C:\Windows\System\jbvraCj.exe
C:\Windows\System\jbvraCj.exe
2⤵
PID:6316

C:\Windows\System\XbACbDB.exe
C:\Windows\System\XbACbDB.exe
2⤵
PID:6344

C:\Windows\System\WYVNhGe.exe
C:\Windows\System\WYVNhGe.exe
2⤵
PID:6376

C:\Windows\System\dJYPiJr.exe
C:\Windows\System\dJYPiJr.exe
2⤵
PID:6408

C:\Windows\System\wJRXnYG.exe
C:\Windows\System\wJRXnYG.exe
2⤵
PID:6436

C:\Windows\System\CJNRdYS.exe
C:\Windows\System\CJNRdYS.exe
2⤵
PID:6464

C:\Windows\System\QgEUIUg.exe
C:\Windows\System\QgEUIUg.exe
2⤵
PID:6480

C:\Windows\System\IPQyOrR.exe
C:\Windows\System\IPQyOrR.exe
2⤵
PID:6508

C:\Windows\System\innTeeZ.exe
C:\Windows\System\innTeeZ.exe
2⤵
PID:6536

C:\Windows\System\FocbgbH.exe
C:\Windows\System\FocbgbH.exe
2⤵
PID:6564

C:\Windows\System\OWFnSzL.exe
C:\Windows\System\OWFnSzL.exe
2⤵
PID:6592

C:\Windows\System\fsnuFPc.exe
C:\Windows\System\fsnuFPc.exe
2⤵
PID:6632

C:\Windows\System\ucBZXMQ.exe
C:\Windows\System\ucBZXMQ.exe
2⤵
PID:6660

C:\Windows\System\XDDPCIY.exe
C:\Windows\System\XDDPCIY.exe
2⤵
PID:6692

C:\Windows\System\Ywafmkf.exe
C:\Windows\System\Ywafmkf.exe
2⤵
PID:6716

C:\Windows\System\ZwNRaJb.exe
C:\Windows\System\ZwNRaJb.exe
2⤵
PID:6744

C:\Windows\System\URvGcrr.exe
C:\Windows\System\URvGcrr.exe
2⤵
PID:6772

C:\Windows\System\yxntEuL.exe
C:\Windows\System\yxntEuL.exe
2⤵
PID:6800

C:\Windows\System\VyueSYE.exe
C:\Windows\System\VyueSYE.exe
2⤵
PID:6828

C:\Windows\System\bjSVnFa.exe
C:\Windows\System\bjSVnFa.exe
2⤵
PID:6848

C:\Windows\System\CATMsYE.exe
C:\Windows\System\CATMsYE.exe
2⤵
PID:6888

C:\Windows\System\bjswLeo.exe
C:\Windows\System\bjswLeo.exe
2⤵
PID:6916

C:\Windows\System\HhUopFj.exe
C:\Windows\System\HhUopFj.exe
2⤵
PID:6944

C:\Windows\System\tirRZRr.exe
C:\Windows\System\tirRZRr.exe
2⤵
PID:6972

C:\Windows\System\DCvxJmN.exe
C:\Windows\System\DCvxJmN.exe
2⤵
PID:7000

C:\Windows\System\WCCkAMV.exe
C:\Windows\System\WCCkAMV.exe
2⤵
PID:7028

C:\Windows\System\nBgaQGi.exe
C:\Windows\System\nBgaQGi.exe
2⤵
PID:7056

C:\Windows\System\fbVSLkF.exe
C:\Windows\System\fbVSLkF.exe
2⤵
PID:7084

C:\Windows\System\dXjGFQp.exe
C:\Windows\System\dXjGFQp.exe
2⤵
PID:7112

C:\Windows\System\dfMktiQ.exe
C:\Windows\System\dfMktiQ.exe
2⤵
PID:7136

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System\ExPDXUS.exe
Filesize
1.4MB

MD5
ef0e4945014a67225189a43cff63338b

SHA1
82ea958df8db0b0a5c84df891abfa873d9adcbf2

SHA256
7838bdcb3a33eb1a1f647c7218d6c7bc181ea20769a37c50b343fe3dee10ec46

SHA512
e4461404a20d54401f31d9ca6368f68d35e6fc8e20aa9d25f1be51a199d0b6f1e24a12715c69bc963f656d3c871fac8ee7286ee3b3a2154b4fcefe7535fcf026

Download Submit
C:\Windows\System\FRciFgk.exe
Filesize
1.4MB

MD5
7746c26547fd4d182a14b81b1ae55be9

SHA1
c598976367fcd342e81c68ddc8366cbd3019c201

SHA256
84a102b90a4ce9e8813daf5c2c28b941dfbd67511e5fed4371457d7761f7c971

SHA512
a4455156e53c301e830ad94e8cbdb56b9a0ff46de33657e47ab7e5995e1ea396d902950404e090a7cfea4fb3cd161374887bac6ecb723557fbbb4767caa6d588

Download Submit
C:\Windows\System\HQdEbnZ.exe
Filesize
1.4MB

MD5
b5f505abf48598047d27ada4e8b5f06d

SHA1
e82faf7f8cc36adf101a73895e83ff45cebb74ea

SHA256
1c6efe1e465f60052e88934204800f720a1ed126aa7c060c1bf7a5e4e9d53176

SHA512
9e88831788c18d6a122ecaf2366f7261bdda1669296d65df60368cd0f947e87b5c1cb2fd45db740a14d01d5b7c307d74272c3d29ec39614ca393407509c18a48

Download Submit
C:\Windows\System\HcoovET.exe
Filesize
1.4MB

MD5
796d510fc648f520fefdaa30fc582264

SHA1
b495b59b0c5768ddb19d18b01a99d09937c1e02f

SHA256
11ca9716ab8f1a2f750bad8aada63af7e0a76bcfa230277e380396dc8ff0685a

SHA512
71283409aa4f53e8ffe5b25d6c5379fd0bd102e13ea246877e8fc316232805988e6ec1a65dcb6a1ee9fe012f4cf9b602d8adce05c999b6abdaae77850860747c

Download Submit
C:\Windows\System\HmJmJHA.exe
Filesize
1.4MB

MD5
f4f659d85df0a1769aad0b5bf2f8bbe4

SHA1
9e7234fa8a2ab2e72faf30d406368ab5d9267795

SHA256
78b7f0a3ec580b70ef4066b54c0b442749033af007086e0f0ba36bc7421ee44c

SHA512
e44d388bac28551bb76e7030963d97c28ade6d01cb4d43739ae90a182789eb2c8d9784e0b842d00e637b1e446ee9bcbb90debc38ee16790461983638935a56dc

Download Submit
C:\Windows\System\IlGQzhj.exe
Filesize
1.4MB

MD5
9f592845920b56f6ef98ee40d58db57c

SHA1
fd13bce569e5273defa244f4d2ac08d644b8c441

SHA256
08dbdf05738afec2552abb7c0f606847f7a0abcca8457d6c20bbd258aa481006

SHA512
2890a96458ed20b6b8aeea83ce7b8470ff941cc5841830d98751213581cfe0fa1e518d2895d939f7b74626f93cb7610d8abfd8514f352cf34ec298ed2ed1967f

Download Submit
C:\Windows\System\KakXobj.exe
Filesize
1.4MB

MD5
0dbebbcf08116260e2618eef9710614a

SHA1
ecaf84064711d087a4fe64519515fb1d9d8959a1

SHA256
2dd5ddb19555092972da4d690ab3622b686eae7c595f88af6d900a92df1b635e

SHA512
69795f00fe83ac3b19576496530b4bcbbdc8d04b2402b662576f05bb1be4c4d19b11290f9decb34ea860b77991453d61fae3d90cd666ed4022f6c4733ecd3640

Download Submit
C:\Windows\System\MkEyEoW.exe
Filesize
1.4MB

MD5
57fa68a4e7b54082bdfaab26a04631b6

SHA1
693e4364deb8fbce26177b2016ef8c8351bc0994

SHA256
4e28f881c9a3274c8ab1b9af7a877cb85f71054b44ef43cbc737ba7f4bd64912

SHA512
54cf7219e50196a669cf27b335c71f682ba5beac9830fee75ef44ac34e491d9a5181e3a216ad6d841375d9ecefd7a6b87b0719cea208bc866a0977023c609cac

Download Submit
C:\Windows\System\PGfzdHz.exe
Filesize
1.4MB

MD5
fd79659db208a2241e9c2ff9a42cdfea

SHA1
5d543545425896035300327093d6a3d544dcb1ca

SHA256
f21294b9ad9e5761c917c0e7bed079cadfe792ea9fd98b096efdac05bfe91a92

SHA512
94fb82d10c9a23ac36f3dbee0e706303f8c16d412d3859f6d6d197fd68180b0221631a95060c00e9a2e6abb24d12d86b9b23965fca038afdb317de3bf2234920

Download Submit
C:\Windows\System\RlxzbRW.exe
Filesize
1.4MB

MD5
bd06d3e799b39232e937f161d8cdfd48

SHA1
bce69f4f25827395c661a8d496c402baea44bdd5

SHA256
002f8307b494bf5ec98fa20b7742827c4b7854ca7956026ee3c56fc6e1331043

SHA512
becdb23372ee4c2edecbd44cda7915e09d1647b3c6596e973a4eb9741a8564f42e5d50b2221ce7a9afa7c08c89107716ff63cbebccc67e17a11ab90d103677ff

Download Submit
C:\Windows\System\UdoyzXX.exe
Filesize
1.4MB

MD5
11774be8e521f02f2e535888bf200920

SHA1
797386f1bb70418e46220a4afc3374439de84730

SHA256
7172c3af53364aad348edca9673c6dd24871f05203fcf56f074dfed812939b34

SHA512
44cfc4734979554745c70a0c1f945691ff038433ce12671cf06b16a18215dae5849d720ef9f8ff997aeef9af37a0be3f1aee8d5bf8ba39ba87d480143103684f

Download Submit
C:\Windows\System\VRtEvYS.exe
Filesize
1.4MB

MD5
4b6cb990775d51357e05868983e16c47

SHA1
61caf462c8e10c6ae761187f2b2a55f6ac1715b6

SHA256
42d7309585fc9100f9f55e2c48442fce30ba3bedb8274a3dc4eced2dc3c08780

SHA512
30ee6a1f419ef9ecb523dec0ddbddb04a12ab3a5a2fc4f091e3c394bc7d4bdad0d98b47cc2899ead068e7c1778fc4d88169b52be93ebf6a59a79f96504d9819f

Download Submit
C:\Windows\System\WNgsugY.exe
Filesize
1.4MB

MD5
67e3bbf03c2a26b82b398aaef0646820

SHA1
f4b773c01b227dfe6205b03e6ed59ca59ae96355

SHA256
735c65ad0d58d64721a7aa669c697ee72988f39f47a53791bcd3fabe73590be5

SHA512
b639833c0e38d7d470a09251b5da4b421796c104fd2fd9f0b144a6229a541186e60aaf3925de741041d9ab0e9fe8a3f861fbdc4104985333e9f1ad9a65466d7c

Download Submit
C:\Windows\System\XSbFgFy.exe
Filesize
1.4MB

MD5
a698ca73bdb0fe0a620f5c2e4da7855b

SHA1
3b0e6afa283977628c42ae7e2f5abdfbc6ca8f3a

SHA256
2eb041dc62876ca3fb8139a965b0ef8b9ad8e67c0da34d145df2c1dd63482b5c

SHA512
b2f75df43ea2e79b37d270ef834b3cade4a03c25995e835772c14fa941c7c94f9d5a931c4a7c6e256ee08ff83f2b11b15cdcab30c3baedf94827659de9858807

Download Submit
C:\Windows\System\acATpHD.exe
Filesize
1.4MB

MD5
974b6c2e03be61150b6670872c655f57

SHA1
3f484a3e129bd2379ae87167ddad6d196e6ed5fd

SHA256
5e5bc8e76fb735aae1eadab6a9a5ddc7b0337f036240563559f0cacf98f782a7

SHA512
827fa815aeec27ee16ae538afd03e2852b9250beb61e97b3826fb50129003f583c65cf1b8c63a0e18c9b2cb6e66436307f3ab0db1526f8fa408f7d16caef4e0c

Download Submit
C:\Windows\System\bJEmkVQ.exe
Filesize
1.4MB

MD5
83df40d495429f3b82bcc4f045f9a122

SHA1
1264b48784701166fadbba33519bb25d719d4a45

SHA256
3f9395b5405d597bd2ee0fe66a26de04d48872d2689a5cbfa59ddb092cf0ff50

SHA512
8869a44571fecb52a09e8ced6625841b727bc5d8538af56796cd10d223895ee4bc18d328ddb6745452c06a5b50820acc2ce2e47d40ce397b9d870a988d5bb19c

Download Submit
C:\Windows\System\fDuVcsT.exe
Filesize
1.4MB

MD5
49bd43bcb222f5a6508594b290a1ad66

SHA1
5d85b1fb65441b29f3a31663e221784ca43fe9ad

SHA256
0bd3ebb2c8be84528ab0e18cfa46dacb08608290b4f5c1eda177f5b41c80abeb

SHA512
35d620466277af060989d098aecd9430e8a4a2ff672196f665eb8722912bd849c861b0fc82b1e79c636e996374f3dcf6a7bc5fbc37a503d0d21cf2750bcad2cf

Download Submit
C:\Windows\System\hLAQVTJ.exe
Filesize
1.4MB

MD5
01232b8711748ecb95689080a66b5553

SHA1
edf365feb75a1ab91c2a4839b6c6c15b93b6b1bb

SHA256
1d6db8b157043807e4a4a2d5183e55783d0448bac415d6573394b476c1737ee1

SHA512
92faab0cce66e1b7e853e35e7f209fe4c22d2c632ab04dc52d1704adb0bae7106bdd8c0603f1b0c3d7119f142088c614f215515d0a892a1b2caf59a6c5482814

Download Submit
C:\Windows\System\kmvEDbp.exe
Filesize
1.4MB

MD5
152fb9aafe50fc4c9e21b9a8d44f484c

SHA1
8894fa8a1ad32f68b954a06793d982a3aac8e0a0

SHA256
696e682803a73ef8867cc9011900308e103decc3efebb55f8162090f247af496

SHA512
6d23185287d44577e7b33a8723fbb18402834233e980ff802291347e7ac0c8fc23876bc471e1822b06d50adba1cc41e4fe0244fe736638845935acd5ed1dca91

Download Submit
C:\Windows\System\lOEWVKX.exe
Filesize
1.4MB

MD5
03e619ec63ce4abcbba3a4eaac44dfa7

SHA1
c35245fd4ec8e8dfed9cc8c640b03df785a28fc4

SHA256
901ca0f0eed8b83d9d20b847c26f731aa73a1f1901b82fa9171cd068da24702f

SHA512
c1505ad68a5a6805bd1d61c08a0f176c019face16fc47a645674dd69d71b018e48469d9f1057ee261222ad34b84a58a77a018a2b72d223ea857fb32ad482825b

Download Submit
C:\Windows\System\mccVVPc.exe
Filesize
1.4MB

MD5
feea3ddb2e3bf5b80a4fec7efef16341

SHA1
b198c2f117a4b7c5e42b75b8b82dd16d8a003122

SHA256
f340bd401f06553a8f6c333a94cd025a371ffeb3699678002f826c6ff9875b39

SHA512
a650e514c0fc2e060abf18d4d162c5fdfbb2ac17c2d3ae42da09580dc4e45a3e266b217d08da4bb11f76c1ad85ac4a89799ecd7a9f78afbd80868c770f074007

Download Submit
C:\Windows\System\nMhvctC.exe
Filesize
1.4MB

MD5
c1e3f8b9400303998c0b7b90e74f08ed

SHA1
b5253586d7669755dc609af35d62986b65a018c9

SHA256
54307d83e62c996ec5aee5f3b7daa6fbf4b4ebb2b6f9678c6de4b281450bef2f

SHA512
6f482522b8eb97fa316263b17df5f3411242d6d9cab87f284b9dbaae61cebcf265b651b635311bfb70fc477b66b087ffff0492c67024a20ac4c3f31e55a747a8

Download Submit
C:\Windows\System\nrGAFvJ.exe
Filesize
1.4MB

MD5
076b8310cf6e67844895327fad86161f

SHA1
3230b7cc9e8c9a34c282c90bd909bfbf24651654

SHA256
a96e2601a432f6d534c44ff552d998afb5ce0d49416f6352633c5251e29296c9

SHA512
419df12a8b5f644d0c971f3e7faa6e027745c43f479d5be1857c439c7047baa6e3a57555155476e3bb4fa7578cdd5e866dfaf5ab069ad4ec3878cc036bb9e327

Download Submit
C:\Windows\System\qksYcDC.exe
Filesize
1.4MB

MD5
4e7daf5e020867afdbddf481d096cb16

SHA1
437e13b3580a8a16c3277d6945d862bc8be466a2

SHA256
cebe27a58d32b17c355ccb99c4d714109ee97494422cbd0912110b97983d1445

SHA512
d085895e6b7d665f9ff3bff5f77da850759fa01406bf3014bc5e2c88be3ed7bf28df49f0bc38bce43899721128392d9c37bfbd991390293eaa4ed19e81082588

Download Submit
C:\Windows\System\rMAZIGE.exe
Filesize
1.4MB

MD5
e1d5bef09154ac7f9ebe031f00c85264

SHA1
c767afa5fb5d984ad695d84e005fc5a7c54ad35b

SHA256
bc3351f44ebf3b786d2a9a349699c27b699756383e9f8613656aafb8ae48f55c

SHA512
f62962a0be3e12d9a1e34375f9f09d6cac279c4fa5e8d7f54e30173a759a416bd3c43b0efd8b162af9b86659fdcb14f892fc8aabcb058b78fa1985ec9b11dbd0

Download Submit
C:\Windows\System\tSAlyFO.exe
Filesize
1.4MB

MD5
663e864de954acccb95c180be3fc3c8f

SHA1
09fc6d81ce7df6ab219c4de85a23710f37cbc475

SHA256
ddad2f80bfa383c3cff5c2e6ed3ba17ce9cdd3d18d6386bd1790f586c0da3a62

SHA512
f993a633a697d347fdcf209a18242c650a8bf89bb301ccf8af895a8beaf93fb610ecd9bf29b0c2efd9be6da37f6e6cd5402d2fe894fd159e0238a74380c2b1e7

Download Submit
C:\Windows\System\tdfVyGR.exe
Filesize
1.4MB

MD5
052e17c1d1c102605d7bc409dfdb54d1

SHA1
3400d9587dfbdabe7cd1d261d5559fbc6538fbf4

SHA256
4f859fc64044095f9af0d7a338345ef695d5a9127d75d85d92cb8bf66c651098

SHA512
c9c76a27955931c7823c42d54898ae01589d0f39bac2a8cff2b092bac66859c3daaf30b9d078a4886556ce33ee74d2d2a01932992be059339327bc7f7680c6fb

Download Submit
C:\Windows\System\uDBShXM.exe
Filesize
1.4MB

MD5
b9dd8a9858128d6dcf3c7de23eb569bd

SHA1
a3db4f121ea15a3b973a6924482d100e7c315950

SHA256
ae5d10a5fb6099a8fbb587c3c130650693df140a3128718fe8ac2ac3df9f186c

SHA512
23408c2a7a52082b5d18beb381514a9d3006b1a869fe041b40aa2c202487aa12452cfbe2a21e1f35dec99f6caec8d16ea3d247b948302126e6950bee3114e8d9

Download Submit
C:\Windows\System\uWeZWtn.exe
Filesize
1.4MB

MD5
4f03d290ec669cb733add303a3091a9f

SHA1
214a201790143beed75527cc9840f0b610e0beaf

SHA256
59d8664c12f92288f22deb5eaa8c6b46220d074c9d9d1defff75ac436c25b70a

SHA512
4f42fb0314b20d4f9aafc34c9ba8ad20c992ef4df4de16534569670f1202609abaa97a98569fc05bb8e96924ec56eac72cd88c10645a230132535f9b8ec0da10

Download Submit
C:\Windows\System\vbgkDCS.exe
Filesize
1.4MB

MD5
f78011e60ff632e29a2873d524e0f949

SHA1
d05273644ca096284eb9585f08c6c4f55342fe82

SHA256
553b91da46509c5aab50b082db93bd956d98a45e5959cd73fb18886b322e51ea

SHA512
08d264d9b06012c3abe3a3f8ca4c8d6181a3152a1b877db28d0798296b2ccb29d4ca6727c612fb43bf73df467895bdd63dcc2447d4086cfd58d1cfb1063be425

Download Submit
C:\Windows\System\xgLGrTi.exe
Filesize
1.4MB

MD5
818a929681337795b8eeefe2ee4925a9

SHA1
279ee3ff8d14fb75f40597f05ee548dd75c5b59a

SHA256
335fd615f66cf3ceb85c0c2f1b3dd583e2563bafd2cae0e9bf3c2e701fddeec7

SHA512
7badf22eb076afb74f1b6abc2bdd19a0b97997e93c09b29c87e64477d4ebfd62e118a4c69f1a1f48aa41be848ccf415371b4e4703059db537a4fcbcbd19fe86a

Download Submit
C:\Windows\System\yWLPkaF.exe
Filesize
1.4MB

MD5
664d7ed4a850dd77c518f7da901206a9

SHA1
acf27bdeea299a3f6a1a8f06ab2610f91e5ad4de

SHA256
0aa7e78d803214029789f37f135a2776eaa1a98fe30da75a575a938b547f634e

SHA512
971bad3ddc9e5e1b67d9e23d08a8d2b9374f7243b15351cf0558cf43e37835e0e37835ea133325808ef7e1b704e984c19cce6778147301247f1c93623e92c99a

Download Submit
C:\Windows\System\yqErcIC.exe
Filesize
1.4MB

MD5
03bc28dc8964db30b4760d9f2e7d7e82

SHA1
dd5fd486b0a18f592931ac5d3c5c3618f4ccc93a

SHA256
462600d44f63193e7952a4e19123d2fc9ea5df6d1f1befba69eaa5f97af784f1

SHA512
96dc8ebb0467047000eb6dd0d974ca527d830e8c3ebff158f4fdb9ebe6a65647509aa5920a45e6fb7cff69a906d7d1d7cc8205e34822e5426e4f0ded2282f4cb

Download Submit
memory/3416-0-0x000002022D5F0000-0x000002022D600000-memory.dmp

Filesize
64KB

Download