xmrig | 0fca4a892d0f8830a8aba0355753f4a819bc03f8affed1add6aeea62ec8466a5

Analysis

max time kernel
147s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
12/06/2024, 12:44

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3b56454689b757b2d56ba1afc5e4edb0_NeikiAnalytics.exe
Size

1.0MB
MD5

3b56454689b757b2d56ba1afc5e4edb0
SHA1

39c6753d019aa1ed2b63a3f78129d3cad3377671
SHA256

0fca4a892d0f8830a8aba0355753f4a819bc03f8affed1add6aeea62ec8466a5
SHA512

814a4586c5bb1fb2e571be5d9490104a374f7c1811af4eecb4e426697ba2c774990fe41b266186d09ebad5e94fd5318ecc0365afc1ef62df17cf008c73332857
SSDEEP

24576:GezaTnG99Q8FcNrpyNdfE0bLBgDOp2iSLz9LbBwlKensPLNF:GezaTF8FcNkNdfE0pZ9oztFwIhLz

Score

10^/10

xmrig miner

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 36 IoCs

miner

resource	yara_rule
behavioral2/files/0x0007000000023276-3.dat	xmrig
behavioral2/files/0x000700000002341b-7.dat	xmrig
behavioral2/files/0x000700000002341a-12.dat	xmrig
behavioral2/files/0x0007000000023420-32.dat	xmrig
behavioral2/files/0x000700000002341f-31.dat	xmrig
behavioral2/files/0x0007000000023422-59.dat	xmrig
behavioral2/files/0x0007000000023425-65.dat	xmrig
behavioral2/files/0x0007000000023424-63.dat	xmrig
behavioral2/files/0x0007000000023423-61.dat	xmrig
behavioral2/files/0x0007000000023421-57.dat	xmrig
behavioral2/files/0x000700000002341e-40.dat	xmrig
behavioral2/files/0x000700000002341d-37.dat	xmrig
behavioral2/files/0x000700000002341c-19.dat	xmrig
behavioral2/files/0x0007000000023426-71.dat	xmrig
behavioral2/files/0x000b000000023374-81.dat	xmrig
behavioral2/files/0x000a00000002337a-80.dat	xmrig
behavioral2/files/0x000b00000002337d-77.dat	xmrig
behavioral2/files/0x000c00000002337f-83.dat	xmrig
behavioral2/files/0x000700000002342b-110.dat	xmrig
behavioral2/files/0x000700000002342d-124.dat	xmrig
behavioral2/files/0x0007000000023430-138.dat	xmrig
behavioral2/files/0x0007000000023433-155.dat	xmrig
behavioral2/files/0x0007000000023437-168.dat	xmrig
behavioral2/files/0x000700000002342f-166.dat	xmrig
behavioral2/files/0x0007000000023436-165.dat	xmrig
behavioral2/files/0x0007000000023435-164.dat	xmrig
behavioral2/files/0x0007000000023434-163.dat	xmrig
behavioral2/files/0x000700000002342e-159.dat	xmrig
behavioral2/files/0x000700000002342a-153.dat	xmrig
behavioral2/files/0x0007000000023432-151.dat	xmrig
behavioral2/files/0x000700000002342c-147.dat	xmrig
behavioral2/files/0x0007000000023431-139.dat	xmrig
behavioral2/files/0x0007000000023428-128.dat	xmrig
behavioral2/files/0x0007000000023429-115.dat	xmrig
behavioral2/files/0x0008000000023417-120.dat	xmrig
behavioral2/files/0x0007000000023427-103.dat	xmrig

Executes dropped EXE 64 IoCs

pid	Process
3212	xcgMPdk.exe
4076	pyYjFGe.exe
4112	xESclIu.exe
3760	aBpSVbt.exe
1812	dSFYQlX.exe
3652	RxrlBrc.exe
5084	xhWDcas.exe
4936	PHLcUhq.exe
4280	sDrFfok.exe
3512	AWzRDpW.exe
5040	bKvzWCv.exe
4752	LEIToVb.exe
3624	TDIFMdI.exe
1796	dtsjPVe.exe
4744	XsFsiYr.exe
4372	hsAssoq.exe
2124	pLQzrfd.exe
3264	aufjaBW.exe
4212	NvCfQFd.exe
3972	MmRgIEN.exe
4872	PhCSmUw.exe
3756	kEVyhnN.exe
452	DOrPSlD.exe
4808	sTFvTpA.exe
1876	CeACSrQ.exe
912	wdcbwWb.exe
4424	UFaxtgx.exe
748	tSdIdNO.exe
3916	SjVkJpX.exe
1828	xyjrHGR.exe
1272	rowZvjD.exe
872	MRxGMwD.exe
4632	bbxHyAW.exe
4892	piPEGKq.exe
1896	uyDmJcu.exe
4116	tZzPHpr.exe
5020	kCJnlDd.exe
3528	ZbOeEoN.exe
4616	ZOtFsHk.exe
4940	GQMudnn.exe
3720	WjzBYBx.exe
3328	uzBuWCe.exe
4412	zqMLBYa.exe
1312	FMRYMOO.exe
4900	owlQfHU.exe
3028	zygQlqY.exe
812	KbmNWBx.exe
4584	mwLAPIF.exe
1540	QAYisfS.exe
4572	HevaQol.exe
3784	fYVaVkB.exe
4136	SMFBYUm.exe
4592	NrUFVfI.exe
4408	GMSUYkX.exe
3432	LvXCmHv.exe
2276	kwwdxtc.exe
1944	akgttCD.exe
3940	zNsjpsL.exe
2660	RnldKLH.exe
4792	NhtTbsm.exe
2524	BQPUKqX.exe
2712	ioEMyAi.exe
2792	LfUSYER.exe
228	YVyvPrr.exe

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\sTFvTpA.exe	3b56454689b757b2d56ba1afc5e4edb0_NeikiAnalytics.exe
File created	C:\Windows\System\aufjaBW.exe	3b56454689b757b2d56ba1afc5e4edb0_NeikiAnalytics.exe
File created	C:\Windows\System\sJnkFHH.exe	3b56454689b757b2d56ba1afc5e4edb0_NeikiAnalytics.exe
File created	C:\Windows\System\wdcbwWb.exe	3b56454689b757b2d56ba1afc5e4edb0_NeikiAnalytics.exe
File created	C:\Windows\System\syuxYsZ.exe	3b56454689b757b2d56ba1afc5e4edb0_NeikiAnalytics.exe
File created	C:\Windows\System\OrdYgnY.exe	3b56454689b757b2d56ba1afc5e4edb0_NeikiAnalytics.exe
File created	C:\Windows\System\NhtTbsm.exe	3b56454689b757b2d56ba1afc5e4edb0_NeikiAnalytics.exe
File created	C:\Windows\System\wIkxPzD.exe	3b56454689b757b2d56ba1afc5e4edb0_NeikiAnalytics.exe
File created	C:\Windows\System\cHBsIyk.exe	3b56454689b757b2d56ba1afc5e4edb0_NeikiAnalytics.exe
File created	C:\Windows\System\JiVIveS.exe	3b56454689b757b2d56ba1afc5e4edb0_NeikiAnalytics.exe
File created	C:\Windows\System\wxMOpjv.exe	3b56454689b757b2d56ba1afc5e4edb0_NeikiAnalytics.exe
File created	C:\Windows\System\QvCKIEH.exe	3b56454689b757b2d56ba1afc5e4edb0_NeikiAnalytics.exe
File created	C:\Windows\System\iiYzLMc.exe	3b56454689b757b2d56ba1afc5e4edb0_NeikiAnalytics.exe
File created	C:\Windows\System\wRCyAGe.exe	3b56454689b757b2d56ba1afc5e4edb0_NeikiAnalytics.exe
File created	C:\Windows\System\rowZvjD.exe	3b56454689b757b2d56ba1afc5e4edb0_NeikiAnalytics.exe
File created	C:\Windows\System\kwwdxtc.exe	3b56454689b757b2d56ba1afc5e4edb0_NeikiAnalytics.exe
File created	C:\Windows\System\sjEHbEm.exe	3b56454689b757b2d56ba1afc5e4edb0_NeikiAnalytics.exe
File created	C:\Windows\System\MoMVPuz.exe	3b56454689b757b2d56ba1afc5e4edb0_NeikiAnalytics.exe
File created	C:\Windows\System\hxVyMFT.exe	3b56454689b757b2d56ba1afc5e4edb0_NeikiAnalytics.exe
File created	C:\Windows\System\KBlPegA.exe	3b56454689b757b2d56ba1afc5e4edb0_NeikiAnalytics.exe
File created	C:\Windows\System\jZOCYFe.exe	3b56454689b757b2d56ba1afc5e4edb0_NeikiAnalytics.exe
File created	C:\Windows\System\TmMvREG.exe	3b56454689b757b2d56ba1afc5e4edb0_NeikiAnalytics.exe
File created	C:\Windows\System\AdTQDKS.exe	3b56454689b757b2d56ba1afc5e4edb0_NeikiAnalytics.exe
File created	C:\Windows\System\XsFsiYr.exe	3b56454689b757b2d56ba1afc5e4edb0_NeikiAnalytics.exe
File created	C:\Windows\System\zqMLBYa.exe	3b56454689b757b2d56ba1afc5e4edb0_NeikiAnalytics.exe
File created	C:\Windows\System\ioEMyAi.exe	3b56454689b757b2d56ba1afc5e4edb0_NeikiAnalytics.exe
File created	C:\Windows\System\ZQlKzJY.exe	3b56454689b757b2d56ba1afc5e4edb0_NeikiAnalytics.exe
File created	C:\Windows\System\jfNJPce.exe	3b56454689b757b2d56ba1afc5e4edb0_NeikiAnalytics.exe
File created	C:\Windows\System\pyYjFGe.exe	3b56454689b757b2d56ba1afc5e4edb0_NeikiAnalytics.exe
File created	C:\Windows\System\zNsjpsL.exe	3b56454689b757b2d56ba1afc5e4edb0_NeikiAnalytics.exe
File created	C:\Windows\System\JBffdDp.exe	3b56454689b757b2d56ba1afc5e4edb0_NeikiAnalytics.exe
File created	C:\Windows\System\QeUyPbK.exe	3b56454689b757b2d56ba1afc5e4edb0_NeikiAnalytics.exe
File created	C:\Windows\System\TyqeDuL.exe	3b56454689b757b2d56ba1afc5e4edb0_NeikiAnalytics.exe
File created	C:\Windows\System\eBfxOwV.exe	3b56454689b757b2d56ba1afc5e4edb0_NeikiAnalytics.exe
File created	C:\Windows\System\kCJnlDd.exe	3b56454689b757b2d56ba1afc5e4edb0_NeikiAnalytics.exe
File created	C:\Windows\System\KaYwlWT.exe	3b56454689b757b2d56ba1afc5e4edb0_NeikiAnalytics.exe
File created	C:\Windows\System\eHKqrvP.exe	3b56454689b757b2d56ba1afc5e4edb0_NeikiAnalytics.exe
File created	C:\Windows\System\akgttCD.exe	3b56454689b757b2d56ba1afc5e4edb0_NeikiAnalytics.exe
File created	C:\Windows\System\BsRGqcy.exe	3b56454689b757b2d56ba1afc5e4edb0_NeikiAnalytics.exe
File created	C:\Windows\System\EKygHUy.exe	3b56454689b757b2d56ba1afc5e4edb0_NeikiAnalytics.exe
File created	C:\Windows\System\kKTCDZd.exe	3b56454689b757b2d56ba1afc5e4edb0_NeikiAnalytics.exe
File created	C:\Windows\System\LfUSYER.exe	3b56454689b757b2d56ba1afc5e4edb0_NeikiAnalytics.exe
File created	C:\Windows\System\RnldKLH.exe	3b56454689b757b2d56ba1afc5e4edb0_NeikiAnalytics.exe
File created	C:\Windows\System\MGcGafb.exe	3b56454689b757b2d56ba1afc5e4edb0_NeikiAnalytics.exe
File created	C:\Windows\System\PYLOsiW.exe	3b56454689b757b2d56ba1afc5e4edb0_NeikiAnalytics.exe
File created	C:\Windows\System\ZbOeEoN.exe	3b56454689b757b2d56ba1afc5e4edb0_NeikiAnalytics.exe
File created	C:\Windows\System\JEZYQce.exe	3b56454689b757b2d56ba1afc5e4edb0_NeikiAnalytics.exe
File created	C:\Windows\System\WjzBYBx.exe	3b56454689b757b2d56ba1afc5e4edb0_NeikiAnalytics.exe
File created	C:\Windows\System\HDqqDIM.exe	3b56454689b757b2d56ba1afc5e4edb0_NeikiAnalytics.exe
File created	C:\Windows\System\IuVmRgs.exe	3b56454689b757b2d56ba1afc5e4edb0_NeikiAnalytics.exe
File created	C:\Windows\System\MkgjFSE.exe	3b56454689b757b2d56ba1afc5e4edb0_NeikiAnalytics.exe
File created	C:\Windows\System\bKvzWCv.exe	3b56454689b757b2d56ba1afc5e4edb0_NeikiAnalytics.exe
File created	C:\Windows\System\zydVcsA.exe	3b56454689b757b2d56ba1afc5e4edb0_NeikiAnalytics.exe
File created	C:\Windows\System\CEHZUxp.exe	3b56454689b757b2d56ba1afc5e4edb0_NeikiAnalytics.exe
File created	C:\Windows\System\lJNWzws.exe	3b56454689b757b2d56ba1afc5e4edb0_NeikiAnalytics.exe
File created	C:\Windows\System\VCZHeCT.exe	3b56454689b757b2d56ba1afc5e4edb0_NeikiAnalytics.exe
File created	C:\Windows\System\uAaZsfp.exe	3b56454689b757b2d56ba1afc5e4edb0_NeikiAnalytics.exe
File created	C:\Windows\System\zygQlqY.exe	3b56454689b757b2d56ba1afc5e4edb0_NeikiAnalytics.exe
File created	C:\Windows\System\xlIoyAN.exe	3b56454689b757b2d56ba1afc5e4edb0_NeikiAnalytics.exe
File created	C:\Windows\System\RZsDCAJ.exe	3b56454689b757b2d56ba1afc5e4edb0_NeikiAnalytics.exe
File created	C:\Windows\System\mgHQvGp.exe	3b56454689b757b2d56ba1afc5e4edb0_NeikiAnalytics.exe
File created	C:\Windows\System\pLQzrfd.exe	3b56454689b757b2d56ba1afc5e4edb0_NeikiAnalytics.exe
File created	C:\Windows\System\WBCorCO.exe	3b56454689b757b2d56ba1afc5e4edb0_NeikiAnalytics.exe
File created	C:\Windows\System\oLNCgWf.exe	3b56454689b757b2d56ba1afc5e4edb0_NeikiAnalytics.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeLockMemoryPrivilege	3340	3b56454689b757b2d56ba1afc5e4edb0_NeikiAnalytics.exe
Token: SeLockMemoryPrivilege	3340	3b56454689b757b2d56ba1afc5e4edb0_NeikiAnalytics.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3340 wrote to memory of 3212	3340	3b56454689b757b2d56ba1afc5e4edb0_NeikiAnalytics.exe	82
PID 3340 wrote to memory of 3212	3340	3b56454689b757b2d56ba1afc5e4edb0_NeikiAnalytics.exe	82
PID 3340 wrote to memory of 4076	3340	3b56454689b757b2d56ba1afc5e4edb0_NeikiAnalytics.exe	84
PID 3340 wrote to memory of 4076	3340	3b56454689b757b2d56ba1afc5e4edb0_NeikiAnalytics.exe	84
PID 3340 wrote to memory of 4112	3340	3b56454689b757b2d56ba1afc5e4edb0_NeikiAnalytics.exe	85
PID 3340 wrote to memory of 4112	3340	3b56454689b757b2d56ba1afc5e4edb0_NeikiAnalytics.exe	85
PID 3340 wrote to memory of 3760	3340	3b56454689b757b2d56ba1afc5e4edb0_NeikiAnalytics.exe	86
PID 3340 wrote to memory of 3760	3340	3b56454689b757b2d56ba1afc5e4edb0_NeikiAnalytics.exe	86
PID 3340 wrote to memory of 1812	3340	3b56454689b757b2d56ba1afc5e4edb0_NeikiAnalytics.exe	87
PID 3340 wrote to memory of 1812	3340	3b56454689b757b2d56ba1afc5e4edb0_NeikiAnalytics.exe	87
PID 3340 wrote to memory of 3652	3340	3b56454689b757b2d56ba1afc5e4edb0_NeikiAnalytics.exe	88
PID 3340 wrote to memory of 3652	3340	3b56454689b757b2d56ba1afc5e4edb0_NeikiAnalytics.exe	88
PID 3340 wrote to memory of 5084	3340	3b56454689b757b2d56ba1afc5e4edb0_NeikiAnalytics.exe	89
PID 3340 wrote to memory of 5084	3340	3b56454689b757b2d56ba1afc5e4edb0_NeikiAnalytics.exe	89
PID 3340 wrote to memory of 4936	3340	3b56454689b757b2d56ba1afc5e4edb0_NeikiAnalytics.exe	90
PID 3340 wrote to memory of 4936	3340	3b56454689b757b2d56ba1afc5e4edb0_NeikiAnalytics.exe	90
PID 3340 wrote to memory of 4280	3340	3b56454689b757b2d56ba1afc5e4edb0_NeikiAnalytics.exe	91
PID 3340 wrote to memory of 4280	3340	3b56454689b757b2d56ba1afc5e4edb0_NeikiAnalytics.exe	91
PID 3340 wrote to memory of 3512	3340	3b56454689b757b2d56ba1afc5e4edb0_NeikiAnalytics.exe	92
PID 3340 wrote to memory of 3512	3340	3b56454689b757b2d56ba1afc5e4edb0_NeikiAnalytics.exe	92
PID 3340 wrote to memory of 5040	3340	3b56454689b757b2d56ba1afc5e4edb0_NeikiAnalytics.exe	93
PID 3340 wrote to memory of 5040	3340	3b56454689b757b2d56ba1afc5e4edb0_NeikiAnalytics.exe	93
PID 3340 wrote to memory of 4752	3340	3b56454689b757b2d56ba1afc5e4edb0_NeikiAnalytics.exe	94
PID 3340 wrote to memory of 4752	3340	3b56454689b757b2d56ba1afc5e4edb0_NeikiAnalytics.exe	94
PID 3340 wrote to memory of 3624	3340	3b56454689b757b2d56ba1afc5e4edb0_NeikiAnalytics.exe	95
PID 3340 wrote to memory of 3624	3340	3b56454689b757b2d56ba1afc5e4edb0_NeikiAnalytics.exe	95
PID 3340 wrote to memory of 1796	3340	3b56454689b757b2d56ba1afc5e4edb0_NeikiAnalytics.exe	96
PID 3340 wrote to memory of 1796	3340	3b56454689b757b2d56ba1afc5e4edb0_NeikiAnalytics.exe	96
PID 3340 wrote to memory of 4744	3340	3b56454689b757b2d56ba1afc5e4edb0_NeikiAnalytics.exe	99
PID 3340 wrote to memory of 4744	3340	3b56454689b757b2d56ba1afc5e4edb0_NeikiAnalytics.exe	99
PID 3340 wrote to memory of 2124	3340	3b56454689b757b2d56ba1afc5e4edb0_NeikiAnalytics.exe	100
PID 3340 wrote to memory of 2124	3340	3b56454689b757b2d56ba1afc5e4edb0_NeikiAnalytics.exe	100
PID 3340 wrote to memory of 4372	3340	3b56454689b757b2d56ba1afc5e4edb0_NeikiAnalytics.exe	101
PID 3340 wrote to memory of 4372	3340	3b56454689b757b2d56ba1afc5e4edb0_NeikiAnalytics.exe	101
PID 3340 wrote to memory of 3264	3340	3b56454689b757b2d56ba1afc5e4edb0_NeikiAnalytics.exe	102
PID 3340 wrote to memory of 3264	3340	3b56454689b757b2d56ba1afc5e4edb0_NeikiAnalytics.exe	102
PID 3340 wrote to memory of 4872	3340	3b56454689b757b2d56ba1afc5e4edb0_NeikiAnalytics.exe	103
PID 3340 wrote to memory of 4872	3340	3b56454689b757b2d56ba1afc5e4edb0_NeikiAnalytics.exe	103
PID 3340 wrote to memory of 4212	3340	3b56454689b757b2d56ba1afc5e4edb0_NeikiAnalytics.exe	104
PID 3340 wrote to memory of 4212	3340	3b56454689b757b2d56ba1afc5e4edb0_NeikiAnalytics.exe	104
PID 3340 wrote to memory of 3756	3340	3b56454689b757b2d56ba1afc5e4edb0_NeikiAnalytics.exe	105
PID 3340 wrote to memory of 3756	3340	3b56454689b757b2d56ba1afc5e4edb0_NeikiAnalytics.exe	105
PID 3340 wrote to memory of 3972	3340	3b56454689b757b2d56ba1afc5e4edb0_NeikiAnalytics.exe	106
PID 3340 wrote to memory of 3972	3340	3b56454689b757b2d56ba1afc5e4edb0_NeikiAnalytics.exe	106
PID 3340 wrote to memory of 452	3340	3b56454689b757b2d56ba1afc5e4edb0_NeikiAnalytics.exe	107
PID 3340 wrote to memory of 452	3340	3b56454689b757b2d56ba1afc5e4edb0_NeikiAnalytics.exe	107
PID 3340 wrote to memory of 4808	3340	3b56454689b757b2d56ba1afc5e4edb0_NeikiAnalytics.exe	108
PID 3340 wrote to memory of 4808	3340	3b56454689b757b2d56ba1afc5e4edb0_NeikiAnalytics.exe	108
PID 3340 wrote to memory of 1876	3340	3b56454689b757b2d56ba1afc5e4edb0_NeikiAnalytics.exe	109
PID 3340 wrote to memory of 1876	3340	3b56454689b757b2d56ba1afc5e4edb0_NeikiAnalytics.exe	109
PID 3340 wrote to memory of 912	3340	3b56454689b757b2d56ba1afc5e4edb0_NeikiAnalytics.exe	110
PID 3340 wrote to memory of 912	3340	3b56454689b757b2d56ba1afc5e4edb0_NeikiAnalytics.exe	110
PID 3340 wrote to memory of 4424	3340	3b56454689b757b2d56ba1afc5e4edb0_NeikiAnalytics.exe	111
PID 3340 wrote to memory of 4424	3340	3b56454689b757b2d56ba1afc5e4edb0_NeikiAnalytics.exe	111
PID 3340 wrote to memory of 748	3340	3b56454689b757b2d56ba1afc5e4edb0_NeikiAnalytics.exe	112
PID 3340 wrote to memory of 748	3340	3b56454689b757b2d56ba1afc5e4edb0_NeikiAnalytics.exe	112
PID 3340 wrote to memory of 3916	3340	3b56454689b757b2d56ba1afc5e4edb0_NeikiAnalytics.exe	113
PID 3340 wrote to memory of 3916	3340	3b56454689b757b2d56ba1afc5e4edb0_NeikiAnalytics.exe	113
PID 3340 wrote to memory of 1828	3340	3b56454689b757b2d56ba1afc5e4edb0_NeikiAnalytics.exe	114
PID 3340 wrote to memory of 1828	3340	3b56454689b757b2d56ba1afc5e4edb0_NeikiAnalytics.exe	114
PID 3340 wrote to memory of 1272	3340	3b56454689b757b2d56ba1afc5e4edb0_NeikiAnalytics.exe	115
PID 3340 wrote to memory of 1272	3340	3b56454689b757b2d56ba1afc5e4edb0_NeikiAnalytics.exe	115
PID 3340 wrote to memory of 872	3340	3b56454689b757b2d56ba1afc5e4edb0_NeikiAnalytics.exe	116
PID 3340 wrote to memory of 872	3340	3b56454689b757b2d56ba1afc5e4edb0_NeikiAnalytics.exe	116

C:\Users\Admin\AppData\Local\Temp\3b56454689b757b2d56ba1afc5e4edb0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\3b56454689b757b2d56ba1afc5e4edb0_NeikiAnalytics.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:3340
- C:\Windows\System\xcgMPdk.exe
  C:\Windows\System\xcgMPdk.exe
  2⤵
  - Executes dropped EXE
  PID:3212
- C:\Windows\System\pyYjFGe.exe
  C:\Windows\System\pyYjFGe.exe
  2⤵
  - Executes dropped EXE
  PID:4076
- C:\Windows\System\xESclIu.exe
  C:\Windows\System\xESclIu.exe
  2⤵
  - Executes dropped EXE
  PID:4112
- C:\Windows\System\aBpSVbt.exe
  C:\Windows\System\aBpSVbt.exe
  2⤵
  - Executes dropped EXE
  PID:3760
- C:\Windows\System\dSFYQlX.exe
  C:\Windows\System\dSFYQlX.exe
  2⤵
  - Executes dropped EXE
  PID:1812
- C:\Windows\System\RxrlBrc.exe
  C:\Windows\System\RxrlBrc.exe
  2⤵
  - Executes dropped EXE
  PID:3652
- C:\Windows\System\xhWDcas.exe
  C:\Windows\System\xhWDcas.exe
  2⤵
  - Executes dropped EXE
  PID:5084
- C:\Windows\System\PHLcUhq.exe
  C:\Windows\System\PHLcUhq.exe
  2⤵
  - Executes dropped EXE
  PID:4936
- C:\Windows\System\sDrFfok.exe
  C:\Windows\System\sDrFfok.exe
  2⤵
  - Executes dropped EXE
  PID:4280
- C:\Windows\System\AWzRDpW.exe
  C:\Windows\System\AWzRDpW.exe
  2⤵
  - Executes dropped EXE
  PID:3512
- C:\Windows\System\bKvzWCv.exe
  C:\Windows\System\bKvzWCv.exe
  2⤵
  - Executes dropped EXE
  PID:5040
- C:\Windows\System\LEIToVb.exe
  C:\Windows\System\LEIToVb.exe
  2⤵
  - Executes dropped EXE
  PID:4752
- C:\Windows\System\TDIFMdI.exe
  C:\Windows\System\TDIFMdI.exe
  2⤵
  - Executes dropped EXE
  PID:3624
- C:\Windows\System\dtsjPVe.exe
  C:\Windows\System\dtsjPVe.exe
  2⤵
  - Executes dropped EXE
  PID:1796
- C:\Windows\System\XsFsiYr.exe
  C:\Windows\System\XsFsiYr.exe
  2⤵
  - Executes dropped EXE
  PID:4744
- C:\Windows\System\pLQzrfd.exe
  C:\Windows\System\pLQzrfd.exe
  2⤵
  - Executes dropped EXE
  PID:2124
- C:\Windows\System\hsAssoq.exe
  C:\Windows\System\hsAssoq.exe
  2⤵
  - Executes dropped EXE
  PID:4372
- C:\Windows\System\aufjaBW.exe
  C:\Windows\System\aufjaBW.exe
  2⤵
  - Executes dropped EXE
  PID:3264
- C:\Windows\System\PhCSmUw.exe
  C:\Windows\System\PhCSmUw.exe
  2⤵
  - Executes dropped EXE
  PID:4872
- C:\Windows\System\NvCfQFd.exe
  C:\Windows\System\NvCfQFd.exe
  2⤵
  - Executes dropped EXE
  PID:4212
- C:\Windows\System\kEVyhnN.exe
  C:\Windows\System\kEVyhnN.exe
  2⤵
  - Executes dropped EXE
  PID:3756
- C:\Windows\System\MmRgIEN.exe
  C:\Windows\System\MmRgIEN.exe
  2⤵
  - Executes dropped EXE
  PID:3972
- C:\Windows\System\DOrPSlD.exe
  C:\Windows\System\DOrPSlD.exe
  2⤵
  - Executes dropped EXE
  PID:452
- C:\Windows\System\sTFvTpA.exe
  C:\Windows\System\sTFvTpA.exe
  2⤵
  - Executes dropped EXE
  PID:4808
- C:\Windows\System\CeACSrQ.exe
  C:\Windows\System\CeACSrQ.exe
  2⤵
  - Executes dropped EXE
  PID:1876
- C:\Windows\System\wdcbwWb.exe
  C:\Windows\System\wdcbwWb.exe
  2⤵
  - Executes dropped EXE
  PID:912
- C:\Windows\System\UFaxtgx.exe
  C:\Windows\System\UFaxtgx.exe
  2⤵
  - Executes dropped EXE
  PID:4424
- C:\Windows\System\tSdIdNO.exe
  C:\Windows\System\tSdIdNO.exe
  2⤵
  - Executes dropped EXE
  PID:748
- C:\Windows\System\SjVkJpX.exe
  C:\Windows\System\SjVkJpX.exe
  2⤵
  - Executes dropped EXE
  PID:3916
- C:\Windows\System\xyjrHGR.exe
  C:\Windows\System\xyjrHGR.exe
  2⤵
  - Executes dropped EXE
  PID:1828
- C:\Windows\System\rowZvjD.exe
  C:\Windows\System\rowZvjD.exe
  2⤵
  - Executes dropped EXE
  PID:1272
- C:\Windows\System\MRxGMwD.exe
  C:\Windows\System\MRxGMwD.exe
  2⤵
  - Executes dropped EXE
  PID:872
- C:\Windows\System\bbxHyAW.exe
  C:\Windows\System\bbxHyAW.exe
  2⤵
  - Executes dropped EXE
  PID:4632
- C:\Windows\System\piPEGKq.exe
  C:\Windows\System\piPEGKq.exe
  2⤵
  - Executes dropped EXE
  PID:4892
- C:\Windows\System\uyDmJcu.exe
  C:\Windows\System\uyDmJcu.exe
  2⤵
  - Executes dropped EXE
  PID:1896
- C:\Windows\System\tZzPHpr.exe
  C:\Windows\System\tZzPHpr.exe
  2⤵
  - Executes dropped EXE
  PID:4116
- C:\Windows\System\kCJnlDd.exe
  C:\Windows\System\kCJnlDd.exe
  2⤵
  - Executes dropped EXE
  PID:5020
- C:\Windows\System\ZbOeEoN.exe
  C:\Windows\System\ZbOeEoN.exe
  2⤵
  - Executes dropped EXE
  PID:3528
- C:\Windows\System\ZOtFsHk.exe
  C:\Windows\System\ZOtFsHk.exe
  2⤵
  - Executes dropped EXE
  PID:4616
- C:\Windows\System\GQMudnn.exe
  C:\Windows\System\GQMudnn.exe
  2⤵
  - Executes dropped EXE
  PID:4940
- C:\Windows\System\WjzBYBx.exe
  C:\Windows\System\WjzBYBx.exe
  2⤵
  - Executes dropped EXE
  PID:3720
- C:\Windows\System\uzBuWCe.exe
  C:\Windows\System\uzBuWCe.exe
  2⤵
  - Executes dropped EXE
  PID:3328
- C:\Windows\System\zqMLBYa.exe
  C:\Windows\System\zqMLBYa.exe
  2⤵
  - Executes dropped EXE
  PID:4412
- C:\Windows\System\FMRYMOO.exe
  C:\Windows\System\FMRYMOO.exe
  2⤵
  - Executes dropped EXE
  PID:1312
- C:\Windows\System\owlQfHU.exe
  C:\Windows\System\owlQfHU.exe
  2⤵
  - Executes dropped EXE
  PID:4900
- C:\Windows\System\zygQlqY.exe
  C:\Windows\System\zygQlqY.exe
  2⤵
  - Executes dropped EXE
  PID:3028
- C:\Windows\System\KbmNWBx.exe
  C:\Windows\System\KbmNWBx.exe
  2⤵
  - Executes dropped EXE
  PID:812
- C:\Windows\System\mwLAPIF.exe
  C:\Windows\System\mwLAPIF.exe
  2⤵
  - Executes dropped EXE
  PID:4584
- C:\Windows\System\QAYisfS.exe
  C:\Windows\System\QAYisfS.exe
  2⤵
  - Executes dropped EXE
  PID:1540
- C:\Windows\System\HevaQol.exe
  C:\Windows\System\HevaQol.exe
  2⤵
  - Executes dropped EXE
  PID:4572
- C:\Windows\System\fYVaVkB.exe
  C:\Windows\System\fYVaVkB.exe
  2⤵
  - Executes dropped EXE
  PID:3784
- C:\Windows\System\SMFBYUm.exe
  C:\Windows\System\SMFBYUm.exe
  2⤵
  - Executes dropped EXE
  PID:4136
- C:\Windows\System\NrUFVfI.exe
  C:\Windows\System\NrUFVfI.exe
  2⤵
  - Executes dropped EXE
  PID:4592
- C:\Windows\System\GMSUYkX.exe
  C:\Windows\System\GMSUYkX.exe
  2⤵
  - Executes dropped EXE
  PID:4408
- C:\Windows\System\LvXCmHv.exe
  C:\Windows\System\LvXCmHv.exe
  2⤵
  - Executes dropped EXE
  PID:3432
- C:\Windows\System\kwwdxtc.exe
  C:\Windows\System\kwwdxtc.exe
  2⤵
  - Executes dropped EXE
  PID:2276
- C:\Windows\System\akgttCD.exe
  C:\Windows\System\akgttCD.exe
  2⤵
  - Executes dropped EXE
  PID:1944
- C:\Windows\System\zNsjpsL.exe
  C:\Windows\System\zNsjpsL.exe
  2⤵
  - Executes dropped EXE
  PID:3940
- C:\Windows\System\RnldKLH.exe
  C:\Windows\System\RnldKLH.exe
  2⤵
  - Executes dropped EXE
  PID:2660
- C:\Windows\System\NhtTbsm.exe
  C:\Windows\System\NhtTbsm.exe
  2⤵
  - Executes dropped EXE
  PID:4792
- C:\Windows\System\BQPUKqX.exe
  C:\Windows\System\BQPUKqX.exe
  2⤵
  - Executes dropped EXE
  PID:2524
- C:\Windows\System\ioEMyAi.exe
  C:\Windows\System\ioEMyAi.exe
  2⤵
  - Executes dropped EXE
  PID:2712
- C:\Windows\System\LfUSYER.exe
  C:\Windows\System\LfUSYER.exe
  2⤵
  - Executes dropped EXE
  PID:2792
- C:\Windows\System\YVyvPrr.exe
  C:\Windows\System\YVyvPrr.exe
  2⤵
  - Executes dropped EXE
  PID:228
- C:\Windows\System\wxMOpjv.exe
  C:\Windows\System\wxMOpjv.exe
  2⤵
  PID:1096
- C:\Windows\System\EKygHUy.exe
  C:\Windows\System\EKygHUy.exe
  2⤵
  PID:4988
- C:\Windows\System\sTGDvPz.exe
  C:\Windows\System\sTGDvPz.exe
  2⤵
  PID:976
- C:\Windows\System\zydVcsA.exe
  C:\Windows\System\zydVcsA.exe
  2⤵
  PID:3112
- C:\Windows\System\JBffdDp.exe
  C:\Windows\System\JBffdDp.exe
  2⤵
  PID:4676
- C:\Windows\System\kKTCDZd.exe
  C:\Windows\System\kKTCDZd.exe
  2⤵
  PID:2772
- C:\Windows\System\QvCKIEH.exe
  C:\Windows\System\QvCKIEH.exe
  2⤵
  PID:3808
- C:\Windows\System\CEHZUxp.exe
  C:\Windows\System\CEHZUxp.exe
  2⤵
  PID:3996
- C:\Windows\System\MVgqWbG.exe
  C:\Windows\System\MVgqWbG.exe
  2⤵
  PID:2452
- C:\Windows\System\MGcGafb.exe
  C:\Windows\System\MGcGafb.exe
  2⤵
  PID:4456
- C:\Windows\System\hxApfMX.exe
  C:\Windows\System\hxApfMX.exe
  2⤵
  PID:1632
- C:\Windows\System\WBCorCO.exe
  C:\Windows\System\WBCorCO.exe
  2⤵
  PID:3416
- C:\Windows\System\lJNWzws.exe
  C:\Windows\System\lJNWzws.exe
  2⤵
  PID:4968
- C:\Windows\System\VyjelVx.exe
  C:\Windows\System\VyjelVx.exe
  2⤵
  PID:4440
- C:\Windows\System\CtwAlAD.exe
  C:\Windows\System\CtwAlAD.exe
  2⤵
  PID:64
- C:\Windows\System\syuxYsZ.exe
  C:\Windows\System\syuxYsZ.exe
  2⤵
  PID:4596
- C:\Windows\System\sjEHbEm.exe
  C:\Windows\System\sjEHbEm.exe
  2⤵
  PID:1516
- C:\Windows\System\GnJEVva.exe
  C:\Windows\System\GnJEVva.exe
  2⤵
  PID:3500
- C:\Windows\System\ZQlKzJY.exe
  C:\Windows\System\ZQlKzJY.exe
  2⤵
  PID:3588
- C:\Windows\System\ZloOSBH.exe
  C:\Windows\System\ZloOSBH.exe
  2⤵
  PID:468
- C:\Windows\System\MbiHyjL.exe
  C:\Windows\System\MbiHyjL.exe
  2⤵
  PID:3636
- C:\Windows\System\QeUyPbK.exe
  C:\Windows\System\QeUyPbK.exe
  2⤵
  PID:1648
- C:\Windows\System\MoMVPuz.exe
  C:\Windows\System\MoMVPuz.exe
  2⤵
  PID:3092
- C:\Windows\System\zxNbQIk.exe
  C:\Windows\System\zxNbQIk.exe
  2⤵
  PID:1568
- C:\Windows\System\HDqqDIM.exe
  C:\Windows\System\HDqqDIM.exe
  2⤵
  PID:1760
- C:\Windows\System\qwKsuoF.exe
  C:\Windows\System\qwKsuoF.exe
  2⤵
  PID:1504
- C:\Windows\System\TDUAxjO.exe
  C:\Windows\System\TDUAxjO.exe
  2⤵
  PID:1904
- C:\Windows\System\GekDxAD.exe
  C:\Windows\System\GekDxAD.exe
  2⤵
  PID:644
- C:\Windows\System\diHtiwE.exe
  C:\Windows\System\diHtiwE.exe
  2⤵
  PID:1076
- C:\Windows\System\KmOAThJ.exe
  C:\Windows\System\KmOAThJ.exe
  2⤵
  PID:4500
- C:\Windows\System\KATOiBr.exe
  C:\Windows\System\KATOiBr.exe
  2⤵
  PID:4692
- C:\Windows\System\jwyySoq.exe
  C:\Windows\System\jwyySoq.exe
  2⤵
  PID:4712
- C:\Windows\System\koTOYbE.exe
  C:\Windows\System\koTOYbE.exe
  2⤵
  PID:332
- C:\Windows\System\ryAaBhB.exe
  C:\Windows\System\ryAaBhB.exe
  2⤵
  PID:3048
- C:\Windows\System\hxVyMFT.exe
  C:\Windows\System\hxVyMFT.exe
  2⤵
  PID:4004
- C:\Windows\System\JNdfmTE.exe
  C:\Windows\System\JNdfmTE.exe
  2⤵
  PID:4184
- C:\Windows\System\WoTlJIR.exe
  C:\Windows\System\WoTlJIR.exe
  2⤵
  PID:968
- C:\Windows\System\XvGHhap.exe
  C:\Windows\System\XvGHhap.exe
  2⤵
  PID:556
- C:\Windows\System\KBlPegA.exe
  C:\Windows\System\KBlPegA.exe
  2⤵
  PID:1452
- C:\Windows\System\oBCMdEp.exe
  C:\Windows\System\oBCMdEp.exe
  2⤵
  PID:2564
- C:\Windows\System\KaYwlWT.exe
  C:\Windows\System\KaYwlWT.exe
  2⤵
  PID:1168
- C:\Windows\System\DeLZQrE.exe
  C:\Windows\System\DeLZQrE.exe
  2⤵
  PID:5000
- C:\Windows\System\ScpksaT.exe
  C:\Windows\System\ScpksaT.exe
  2⤵
  PID:3640
- C:\Windows\System\ePGTkdG.exe
  C:\Windows\System\ePGTkdG.exe
  2⤵
  PID:4196
- C:\Windows\System\iiYzLMc.exe
  C:\Windows\System\iiYzLMc.exe
  2⤵
  PID:4160
- C:\Windows\System\vgmFBiD.exe
  C:\Windows\System\vgmFBiD.exe
  2⤵
  PID:5140
- C:\Windows\System\vISZBGr.exe
  C:\Windows\System\vISZBGr.exe
  2⤵
  PID:5164
- C:\Windows\System\nVlVzEK.exe
  C:\Windows\System\nVlVzEK.exe
  2⤵
  PID:5180
- C:\Windows\System\eHKqrvP.exe
  C:\Windows\System\eHKqrvP.exe
  2⤵
  PID:5204
- C:\Windows\System\ePkjkHJ.exe
  C:\Windows\System\ePkjkHJ.exe
  2⤵
  PID:5224
- C:\Windows\System\pjazbSw.exe
  C:\Windows\System\pjazbSw.exe
  2⤵
  PID:5248
- C:\Windows\System\xlIoyAN.exe
  C:\Windows\System\xlIoyAN.exe
  2⤵
  PID:5280
- C:\Windows\System\IRZVdLP.exe
  C:\Windows\System\IRZVdLP.exe
  2⤵
  PID:5312
- C:\Windows\System\hfeiDMe.exe
  C:\Windows\System\hfeiDMe.exe
  2⤵
  PID:5360
- C:\Windows\System\FzsthiE.exe
  C:\Windows\System\FzsthiE.exe
  2⤵
  PID:5380
- C:\Windows\System\TyqeDuL.exe
  C:\Windows\System\TyqeDuL.exe
  2⤵
  PID:5432
- C:\Windows\System\oLNCgWf.exe
  C:\Windows\System\oLNCgWf.exe
  2⤵
  PID:5460
- C:\Windows\System\HernqCy.exe
  C:\Windows\System\HernqCy.exe
  2⤵
  PID:5496
- C:\Windows\System\PYLOsiW.exe
  C:\Windows\System\PYLOsiW.exe
  2⤵
  PID:5532
- C:\Windows\System\ffHMVdo.exe
  C:\Windows\System\ffHMVdo.exe
  2⤵
  PID:5560
- C:\Windows\System\YXLaMjb.exe
  C:\Windows\System\YXLaMjb.exe
  2⤵
  PID:5584
- C:\Windows\System\wGjvEGD.exe
  C:\Windows\System\wGjvEGD.exe
  2⤵
  PID:5616
- C:\Windows\System\crQLEWz.exe
  C:\Windows\System\crQLEWz.exe
  2⤵
  PID:5640
- C:\Windows\System\lOoyQaE.exe
  C:\Windows\System\lOoyQaE.exe
  2⤵
  PID:5672
- C:\Windows\System\wIkxPzD.exe
  C:\Windows\System\wIkxPzD.exe
  2⤵
  PID:5696
- C:\Windows\System\GPQzbBM.exe
  C:\Windows\System\GPQzbBM.exe
  2⤵
  PID:5724
- C:\Windows\System\ucQUWZC.exe
  C:\Windows\System\ucQUWZC.exe
  2⤵
  PID:5748
- C:\Windows\System\mlXYoik.exe
  C:\Windows\System\mlXYoik.exe
  2⤵
  PID:5780
- C:\Windows\System\GdRwcjX.exe
  C:\Windows\System\GdRwcjX.exe
  2⤵
  PID:5816
- C:\Windows\System\ZKBXIzL.exe
  C:\Windows\System\ZKBXIzL.exe
  2⤵
  PID:5840
- C:\Windows\System\BsRGqcy.exe
  C:\Windows\System\BsRGqcy.exe
  2⤵
  PID:5856
- C:\Windows\System\sJnkFHH.exe
  C:\Windows\System\sJnkFHH.exe
  2⤵
  PID:5892
- C:\Windows\System\hWMDtjt.exe
  C:\Windows\System\hWMDtjt.exe
  2⤵
  PID:5916
- C:\Windows\System\jfNJPce.exe
  C:\Windows\System\jfNJPce.exe
  2⤵
  PID:5940
- C:\Windows\System\ayplBOh.exe
  C:\Windows\System\ayplBOh.exe
  2⤵
  PID:5976
- C:\Windows\System\niTpYbn.exe
  C:\Windows\System\niTpYbn.exe
  2⤵
  PID:5996
- C:\Windows\System\fUjecvj.exe
  C:\Windows\System\fUjecvj.exe
  2⤵
  PID:6016
- C:\Windows\System\KWFUjHV.exe
  C:\Windows\System\KWFUjHV.exe
  2⤵
  PID:6052
- C:\Windows\System\qCdwfew.exe
  C:\Windows\System\qCdwfew.exe
  2⤵
  PID:6072
- C:\Windows\System\rqFwDHf.exe
  C:\Windows\System\rqFwDHf.exe
  2⤵
  PID:6108
- C:\Windows\System\RSrjVVG.exe
  C:\Windows\System\RSrjVVG.exe
  2⤵
  PID:740
- C:\Windows\System\RZsDCAJ.exe
  C:\Windows\System\RZsDCAJ.exe
  2⤵
  PID:5132
- C:\Windows\System\rYUZehO.exe
  C:\Windows\System\rYUZehO.exe
  2⤵
  PID:5216
- C:\Windows\System\mZIEEKV.exe
  C:\Windows\System\mZIEEKV.exe
  2⤵
  PID:5288
- C:\Windows\System\MkgjFSE.exe
  C:\Windows\System\MkgjFSE.exe
  2⤵
  PID:5304
- C:\Windows\System\Sxyxlrg.exe
  C:\Windows\System\Sxyxlrg.exe
  2⤵
  PID:5396
- C:\Windows\System\ydDvkjg.exe
  C:\Windows\System\ydDvkjg.exe
  2⤵
  PID:5480
- C:\Windows\System\mkKhfum.exe
  C:\Windows\System\mkKhfum.exe
  2⤵
  PID:5576
- C:\Windows\System\asqJEmg.exe
  C:\Windows\System\asqJEmg.exe
  2⤵
  PID:5604
- C:\Windows\System\fHpbhyG.exe
  C:\Windows\System\fHpbhyG.exe
  2⤵
  PID:5656
- C:\Windows\System\zdKMtBi.exe
  C:\Windows\System\zdKMtBi.exe
  2⤵
  PID:5720
- C:\Windows\System\IuVmRgs.exe
  C:\Windows\System\IuVmRgs.exe
  2⤵
  PID:5768
- C:\Windows\System\cHBsIyk.exe
  C:\Windows\System\cHBsIyk.exe
  2⤵
  PID:5828
- C:\Windows\System\JiVIveS.exe
  C:\Windows\System\JiVIveS.exe
  2⤵
  PID:5876
- C:\Windows\System\GzUkhcT.exe
  C:\Windows\System\GzUkhcT.exe
  2⤵
  PID:5952
- C:\Windows\System\RAoMVOw.exe
  C:\Windows\System\RAoMVOw.exe
  2⤵
  PID:6040
- C:\Windows\System\nTLtlrG.exe
  C:\Windows\System\nTLtlrG.exe
  2⤵
  PID:6068
- C:\Windows\System\NENDFAX.exe
  C:\Windows\System\NENDFAX.exe
  2⤵
  PID:5124
- C:\Windows\System\kSZhcRm.exe
  C:\Windows\System\kSZhcRm.exe
  2⤵
  PID:5244
- C:\Windows\System\OYtyVZf.exe
  C:\Windows\System\OYtyVZf.exe
  2⤵
  PID:5376
- C:\Windows\System\QSqpSoH.exe
  C:\Windows\System\QSqpSoH.exe
  2⤵
  PID:5508
- C:\Windows\System\HCCcTNN.exe
  C:\Windows\System\HCCcTNN.exe
  2⤵
  PID:5592
- C:\Windows\System\TUHBuvz.exe
  C:\Windows\System\TUHBuvz.exe
  2⤵
  PID:5760
- C:\Windows\System\JEZYQce.exe
  C:\Windows\System\JEZYQce.exe
  2⤵
  PID:5868
- C:\Windows\System\UNrjWRO.exe
  C:\Windows\System\UNrjWRO.exe
  2⤵
  PID:6008
- C:\Windows\System\sKoXUQl.exe
  C:\Windows\System\sKoXUQl.exe
  2⤵
  PID:5128
- C:\Windows\System\lzHPKna.exe
  C:\Windows\System\lzHPKna.exe
  2⤵
  PID:5660
- C:\Windows\System\jZOCYFe.exe
  C:\Windows\System\jZOCYFe.exe
  2⤵
  PID:6124
- C:\Windows\System\TmMvREG.exe
  C:\Windows\System\TmMvREG.exe
  2⤵
  PID:6164
- C:\Windows\System\pefRpSb.exe
  C:\Windows\System\pefRpSb.exe
  2⤵
  PID:6200
- C:\Windows\System\mwtKLRK.exe
  C:\Windows\System\mwtKLRK.exe
  2⤵
  PID:6220
- C:\Windows\System\vDUDUvu.exe
  C:\Windows\System\vDUDUvu.exe
  2⤵
  PID:6248
- C:\Windows\System\dRCCOhS.exe
  C:\Windows\System\dRCCOhS.exe
  2⤵
  PID:6272
- C:\Windows\System\VCZHeCT.exe
  C:\Windows\System\VCZHeCT.exe
  2⤵
  PID:6292
- C:\Windows\System\KXXXXka.exe
  C:\Windows\System\KXXXXka.exe
  2⤵
  PID:6316
- C:\Windows\System\wRCyAGe.exe
  C:\Windows\System\wRCyAGe.exe
  2⤵
  PID:6340
- C:\Windows\System\mgHQvGp.exe
  C:\Windows\System\mgHQvGp.exe
  2⤵
  PID:6368
- C:\Windows\System\tGVFNEu.exe
  C:\Windows\System\tGVFNEu.exe
  2⤵
  PID:6392
- C:\Windows\System\QFDlgOR.exe
  C:\Windows\System\QFDlgOR.exe
  2⤵
  PID:6412
- C:\Windows\System\dCFifOt.exe
  C:\Windows\System\dCFifOt.exe
  2⤵
  PID:6436
- C:\Windows\System\zJtvriz.exe
  C:\Windows\System\zJtvriz.exe
  2⤵
  PID:6460
- C:\Windows\System\uAaZsfp.exe
  C:\Windows\System\uAaZsfp.exe
  2⤵
  PID:6488
- C:\Windows\System\spyCsoD.exe
  C:\Windows\System\spyCsoD.exe
  2⤵
  PID:6508
- C:\Windows\System\eBfxOwV.exe
  C:\Windows\System\eBfxOwV.exe
  2⤵
  PID:6532
- C:\Windows\System\SQTGnaO.exe
  C:\Windows\System\SQTGnaO.exe
  2⤵
  PID:6560
- C:\Windows\System\kbMNFBw.exe
  C:\Windows\System\kbMNFBw.exe
  2⤵
  PID:6588
- C:\Windows\System\AdTQDKS.exe
  C:\Windows\System\AdTQDKS.exe
  2⤵
  PID:6616
- C:\Windows\System\xNGPxcv.exe
  C:\Windows\System\xNGPxcv.exe
  2⤵
  PID:6644
- C:\Windows\System\OrdYgnY.exe
  C:\Windows\System\OrdYgnY.exe
  2⤵
  PID:6668
- C:\Windows\System\cVAFcyZ.exe
  C:\Windows\System\cVAFcyZ.exe
  2⤵
  PID:6700
- C:\Windows\System\FFFjfrV.exe
  C:\Windows\System\FFFjfrV.exe
  2⤵
  PID:6720
- C:\Windows\System\eMVobJc.exe
  C:\Windows\System\eMVobJc.exe
  2⤵
  PID:6748
- C:\Windows\System\hikgMCz.exe
  C:\Windows\System\hikgMCz.exe
  2⤵
  PID:6768
- C:\Windows\System\cZdhNvt.exe
  C:\Windows\System\cZdhNvt.exe
  2⤵
  PID:6796

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System\AWzRDpW.exe

Filesize
1.0MB

MD5
d7e79e2d3127f32def0c0d43defc007b

SHA1
87da2268140b81bc8d48100c54f1339aa09919de

SHA256
2dbbf2f81d1330f2444700f93a05558a0bc619cc2138c7b0bbac3d5c96649216

SHA512
4f3c29d2a29f4c22042b3cb44760439d2748ee6e609e7c3446704d6293e3bbe1173ff1717a6956d374545f1a21ec04cf686e22a7a6da6f6c2668eab79ec8c508

Download Submit
C:\Windows\System\CeACSrQ.exe

Filesize
1.0MB

MD5
a31a81af3d334b2569eb817a3afb51cf

SHA1
91d3b7d32578e8ea828333fb7096fdd97e0095a6

SHA256
5e16e0f1616b2be19979a0fa4dd490ff61e28eaf8b244020180fc49dd7794b8c

SHA512
13328dda01a2a1226627a7599a6cd0108cd2d524a1682574405ce6f6297ab9f0f9bc54a7c2cfd84d92326888cb88f68d024b06c9d1214e1d191a6e4f7e5528b2

Download Submit
C:\Windows\System\DOrPSlD.exe

Filesize
1.0MB

MD5
1b585a7813510580106afd95415c7584

SHA1
ff57afa21e987046142cdaa953bd3216dcbf72b2

SHA256
c48b1080b9f4c9320f419c575a31efe383ef3e6639a83921dce9fb81c6da2c11

SHA512
d33925b4d0c079241c4fef06aa12849789570900bafe25ee82b3b02940c392865c8cb095cf1a3d1e7d3142a9e39f894bbb0864318ea4e973347aa6f07fb6146e

Download Submit
C:\Windows\System\LEIToVb.exe

Filesize
1.0MB

MD5
2eee8b2b9a38606c3faa657e61a2efa4

SHA1
cd62c8f75e5d6613f1004326e27ebde56c595c2b

SHA256
b39bd934dc2c458f1581fb29e4e8a8b908116fc72b07dec838138a3e96607139

SHA512
2231e495776f2204aa55d81a740880625ab1261c8182fb3836678411fa5abe598b61e0c10daabb3fc2b2ddfcd663ca3c6ced0f996a7cdaa1d4720dfd88cfd17f

Download Submit
C:\Windows\System\MRxGMwD.exe

Filesize
1.0MB

MD5
26e84edf9bdfa2024a5504724a36a516

SHA1
5920830d5ce533c6093fe261207aa1a145ff2bef

SHA256
41c318587191d24209b3846d03e7c4b748f71878c81dd3695ef9bfd50c640a74

SHA512
61a4ad38571016e910ae8fdf13cb70eb3f19d25a1dc84aeab2cb089db5ba04e2981b540f7681a469fac05c0fbda33c6b1385ebbb6ca174927a7cbbcafac9906e

Download Submit
C:\Windows\System\MmRgIEN.exe

Filesize
1.0MB

MD5
fb597617ee6a67ba6f52b91479622a57

SHA1
2c8313ed378684588a96a1fd56143a41635a5167

SHA256
32b676d065de9a5b68dd09428d23580575001366997db5e56ec7781f53f95564

SHA512
6419de92216ab9dbd0981030ddf9b25ea0677000b6ec43c1a767a9ce915ce9c167022ef47344c41ff6ca0c4da8e855fce00c83efd47fd9d46bfb51496a5750bf

Download Submit
C:\Windows\System\NvCfQFd.exe

Filesize
1.0MB

MD5
5721b64834d1fbdf99fca7fef7b454b1

SHA1
cb0a620ece8cb6b84d3f8db3a39f4a984a1a32d8

SHA256
7d81febb63bbaa38ea205ef3f325fd3312405a3ddd699571b79c592a33dba9db

SHA512
94be9f919db756731245f3ebc3a23e83dd01d23be845582bd75e1da90a70afc39c5b80aa1f4d48bf83036de3f460aed11e81bfdf0d8e253a74ca0c749c754625

Download Submit
C:\Windows\System\PHLcUhq.exe

Filesize
1.0MB

MD5
e52a03fc37b653589bf88ac951316bdb

SHA1
a6bc76b79a18e612bad2dad44dfd01375277cf26

SHA256
4470151ec8dcf2f09b1029b838b7d62a125993bc1870c8e56b1f195f4374da41

SHA512
eec55e6622b6884f639a18cece48eac700f4ec5c1d85248fd4953dea102fb2a89aa74d3f28a6936c8f0998469eec1e35873247a4e28aa9a5e3054e78dc4943a1

Download Submit
C:\Windows\System\PhCSmUw.exe

Filesize
1.0MB

MD5
c17c6e5cdfc68fd4bc550f0c95c06faa

SHA1
6354583c651405ab58e75d18dd148f5a411cb8af

SHA256
2fb17a5914c95f3457491c6805373cbf311a48f977147daf6a552f59ecaf386c

SHA512
d5894fea4b4ab5992abd4a7e3bc18346801f985bd84c1b12ba439bb07d8ec5859d701335610e76c32970a8c60de85483a6390ec37c2b29284e0f9848c171eb45

Download Submit
C:\Windows\System\RxrlBrc.exe

Filesize
1.0MB

MD5
ea3b44bc8e559239cb9a8606323eb432

SHA1
935f877ef44487586e5a60c51d57260f90e444c0

SHA256
7f263602ab84542e07acd9f7fc4c6ae5b0d3cb1e45fb5643d95528c5500f5ab4

SHA512
64236b73938d1d003a974e84a16a2382879dba5e923a327c5166daa051b9b1d657241e60069f837cad73e3330acee37288353362c00f2a64429af402411c3894

Download Submit
C:\Windows\System\SjVkJpX.exe

Filesize
1.0MB

MD5
f982dab22bf920b8fe3fcbf825a1be6f

SHA1
0aeae0b4d7feb44eb66133635a11b36113b5b405

SHA256
695802c81758dfa24109fe096d730d49b3f60fab1d205258bb4cc245eadc349f

SHA512
4db021a40ce1cf9d301fc47a670608844d1d48c79953b3f9480241e9c1b703d01d6971cf6eb9936dc0e6a4f5946bc66cc580923aca9ee2c832cf85e712114a95

Download Submit
C:\Windows\System\TDIFMdI.exe

Filesize
1.0MB

MD5
e392518f11a958fbab3f44fe7d321d9d

SHA1
d4645a5196abfcaf2af979cfade32d13a30c4d8d

SHA256
7a8087b5dcc26ad40c2c513a4dbd402dbc986bf0c2127ecb39fd1e245cf9e4e1

SHA512
39fe2aaa4cb61a45ccbd798801b51d320245444af1e1ed25a52666983eaf0a43fb0dcf09b3efdbd9d25c53b30a0cf5b7032cd784e17a16d4c1d89cc87c50a4f3

Download Submit
C:\Windows\System\UFaxtgx.exe

Filesize
1.0MB

MD5
15a7144e4486ea78d93b4a58da2e6283

SHA1
9c7db46bf0b6bb4c0409145c66135cb8d5eff113

SHA256
7298683c760aee8a7668367778a3375060195987cf7e8a1a56e1d51cc951f276

SHA512
4e4e7c8dc653490cc45dec21d25a7b057ce53405ba37dda9ef3350758a067a0edfd5fa327117a260fec0505735d34c73ed08dbe977a2758936aa2786cee30e24

Download Submit
C:\Windows\System\XsFsiYr.exe

Filesize
1.0MB

MD5
3ffeaf7e12a1c6d6fcc644f489028516

SHA1
0d65a4f0fbd56c010f86d0ad25d27665476481b8

SHA256
d72566f72fb387725fb5c19c4a8ca3f95011ea6ff00fb3d502473ebaddec11a6

SHA512
440b216f49be9e9a2b20ce997bb0c6134500443dccf41f79d45b4eca4677b3903c3da3538cc7e401ca31bbe6e042769928c122e8f604b43286dc6f36125625a9

Download Submit
C:\Windows\System\aBpSVbt.exe

Filesize
1.0MB

MD5
da44327ad8ece278128a760dad1026d7

SHA1
beaf79e2fd4a23f2acf5d3ba0b2b35eae8cf5d01

SHA256
cc49af8c344b9cda3814ec40ca1a9cc1ffad623445fae8a385f625ebc1a25c2f

SHA512
7b2a5bd136e55cfccd4b13468b288a1efb0cb7015e36d6589cbf27d8f81be03944104d345bf7f78c152c6652fea692eee6315763277beb423047450dfb1693af

Download Submit
C:\Windows\System\aufjaBW.exe

Filesize
1.0MB

MD5
80ce5432d2421db7d593d5663ef4cbdd

SHA1
58822805c495e7a576f3cb5b88894f0f103082e3

SHA256
deebb209376840839d274dc27bb6c8f39931fdfb26f3d8c3ec8c215cc9ecdbd6

SHA512
49dc515d44dff41f75653df4518334604b0e7bba8bc2f9f06028e5f1f3c3b9b053ea9e0375e08bfd9cc17419ba313eaa7d1b2823421726a739484521ba916363

Download Submit
C:\Windows\System\bKvzWCv.exe

Filesize
1.0MB

MD5
bfadd37072d7f8f10e6927ce03da29c9

SHA1
aaafa34c153e23f0136af6cda569de94a661ef74

SHA256
9ca312b655f8cd8c03a2105212d9c2086c6f8cb28f2e65edcc2802a7de46e0f1

SHA512
ee7a61cdfd73aae15eb91aeb8c3ebb03788cd75df51c378048e5bffb725eaf0f6b938f42abaf84ce2d782ef1d2afb68f413232fccfe3e54ec88c24ec4ac2b660

Download Submit
C:\Windows\System\bbxHyAW.exe

Filesize
1.0MB

MD5
5bae8f02d0296f557936e8e5f68198c6

SHA1
2e94bfb4130b56ec4dd5c7ae4103b14e314c6785

SHA256
444166e6710159f1f3f88bf9d03bca2b7ca53d06fa9ed92a944b52a2040db82a

SHA512
e6c9eac4423b0f039ef40c64e24a90cd27c56d5ed3b159f72c062b46332467c7eb940aefa1d79c3cc1db7f9fc676cef043f94476a3f6586d5d9192f54f29e5a9

Download Submit
C:\Windows\System\dSFYQlX.exe

Filesize
1.0MB

MD5
b332ac522a1cb189c26082240c4f1c5c

SHA1
53f78f16479ea557b82534e89e771f9bf54f0c8b

SHA256
831a693203025ac0a3a56c56f25afbd25db0f458b95f5fc8ed6ad8609e235930

SHA512
cc45f23fe3b1164099febd3e7b7fc9bbdbede8855a3ed2becf018de50b6b20c3a233a3fcf21457a4c60ba4269d51e412a880884ebc0e866aae21b793f2af255d

Download Submit
C:\Windows\System\dtsjPVe.exe

Filesize
1.0MB

MD5
0d46a01c4b6b6f67136cdca18fbb352e

SHA1
99a5450a346ffba62136375463766848e4ed2ee4

SHA256
9b9ba5cc9abc1c83be3bd5792ce118e0dffe89e1d59afc05d9503865a978a52f

SHA512
ff6cdccc58cf4e168d4eace1597af5c03fc2320b4114cefbaf9107052e914b54dfc5ac61eb0186904fd68b2778d2eafd887eaeea55d1dfae8a7310ea53d80eae

Download Submit
C:\Windows\System\hsAssoq.exe

Filesize
1.0MB

MD5
5c470588360268b8310f4135bbb5a71b

SHA1
ae8f48f2bb2956c8ca7a40c1f447c610d9cd04f9

SHA256
fb512bddefa92f06a3a876420e391f247f07bb1b0f2b508a0acc20d7b3e1168e

SHA512
ccaba5519f5011e3143bc9452d0729f7f0bc7eab100debcd987a02b5a1312ea9781e59fa2ad7adf49f14f5094d5f3748b6bb6f4827901b4dec0120c17e56feef

Download Submit
C:\Windows\System\kEVyhnN.exe

Filesize
1.0MB

MD5
4c62f59702232f8d2ec237d0791c1ae1

SHA1
c668958ebc2da037fe8650c160eca20fbc11aa4f

SHA256
f8c4278f22649402c1a0d722cc004263b9b13ce1a0ef9202deda19dd7639113a

SHA512
449e248ce4d7778733fd9769e9ddb72b33b3c529c7261515811bca470b5b193be170d0af1dcdc1ec6cac142b3012d7fad5216203137d1b60a9eb4562e00ab9b3

Download Submit
C:\Windows\System\pLQzrfd.exe

Filesize
1.0MB

MD5
6fd42e0c3cb16084717cfbcecf631d83

SHA1
d28785217057302a1adc87f1aea611a0e0959f32

SHA256
06c2b3cbb5c00c954d0720da711122ec1ea4e39c5dc3330ac0fe4eba000e34c3

SHA512
42ba662f0dd9b9b0620464759a22faaa1adee63f1c631660bd77f961f8f768c040e68383f1c5ecbbb34440592aa543b020f441e3c68d02d550e0964132e4bd5d

Download Submit
C:\Windows\System\piPEGKq.exe

Filesize
1.0MB

MD5
b5ffe98043298d6087cb91d20afffd28

SHA1
2919d75381092eeebc0575ad8271cc9bff5716f7

SHA256
7f4b50b54d8a905c4319d4eceed3ffd4623d9d288c1d83e4aaf6124c83f40d4e

SHA512
b47917a45c8126d84f032e7999d3b945d37bb6e01fd737c2564436ea7ea03da773c64d18e119460a5a2b7c7fd4d79eb011827061f42b672c7bb2f515a55bd671

Download Submit
C:\Windows\System\pyYjFGe.exe

Filesize
1.0MB

MD5
03252e5b82a678ede153e918e7c41eee

SHA1
176aec2c51f8f9fbb4f30dc3628c7165ebf1e2b0

SHA256
99bca9e4272547eb11a2750a89138e34df8fadced3fd01426b8873074a76c56e

SHA512
10de36e6e9a8cdffcf112fc683c2da5d52dd17447065b684b4ae5525fa44f5883f3b14fea7375ffa5724018efacd06268f89ca58a1b159028b9fd651ff6bea49

Download Submit
C:\Windows\System\rowZvjD.exe

Filesize
1.0MB

MD5
b13221c933285729e643e7bb1aa65853

SHA1
b4ceec6c8bbe2f11929f8ab12d2bfed3a905dfac

SHA256
5d028a68263d177e5b6303ee4606eb48ef3f8813ed9eb083cc3b98bf17aeaf66

SHA512
2916626ecabdbbf368703e8de1acd2a9ca3d3f3f16a266f6577ba5f67a14ee525f93041db558d2a5e85bc49911c72fc5b893923e855b9da6c5fb39aa52dadcab

Download Submit
C:\Windows\System\sDrFfok.exe

Filesize
1.0MB

MD5
7d720ab44eb87e398023e3b252aec70b

SHA1
6adbbf4bb545eb3b839a634749bf9a28e2c2133d

SHA256
1d4a7b67474501a008848facacf3d2124d5613c030b5b4e7b1f2644f90c1cb83

SHA512
cb0bf1db52f988ea64f9073d2e06ebb3b21f2914086567ac829d75a54a8905a69631222375a75eee9b6278c8d8dc793c723548a4fefdda07ec8b163d389226de

Download Submit
C:\Windows\System\sTFvTpA.exe

Filesize
1.0MB

MD5
c2c5282e6000697c968e8145e23384d5

SHA1
47aa9120012127ed18b6637a91f7191ff9f31eb2

SHA256
481d602f93f08ed878a950bba234db0c57fe2c26d33f21524f674d57d9c3470c

SHA512
2d1d7c105f95c8e12648c0de692565a45ec4853d71bbabed9bb83c70f5ca1ca6296f498053b74d49c8eb3f7a2411cc9784434bacf5b12603de8906ec320cf4a2

Download Submit
C:\Windows\System\tSdIdNO.exe

Filesize
1.0MB

MD5
946ec5db12655d25dd8639b429567ed6

SHA1
24d77fed987c9490463cf1d391a45e9a4f75b419

SHA256
75f416d315e051aa2bb5bd585b9caf811743829f4e382af67d60507c9d95e462

SHA512
0d99618e19ce0ee5c5454a6ec4d0cd8583cd96b29627457929a2bb2f9aa125e9aab7fa6b72f0632dc5cd91cf2b9b61c4f54c4e942dd5e9e47a5c7e3449883539

Download Submit
C:\Windows\System\tZzPHpr.exe

Filesize
1.0MB

MD5
43ff2abae0b24f34ff151c95e905e6cf

SHA1
4f44eab93c64fcfb5d64bc3f0086f49bb1b21bab

SHA256
693d7fa34ac877b06c93db48b6eb19fb021bd97a00115c79d84f681ebd2d2ab8

SHA512
6ff2a9f8049543fc3c14054e260179aa4cd627a6f68fc57a1ee41f22287b7a185a6e147ed1512ddc8f48e52cbcd8bc7830a860a54dee331107092a8679121ee7

Download Submit
C:\Windows\System\uyDmJcu.exe

Filesize
1.0MB

MD5
fa4c7b751e7e4faaf759de2c42b6becf

SHA1
7c41b683f1237839cf49c05672a2744f616276c2

SHA256
cde9587ad21f260bcc000fd87409ae4881583d8ae49369d64feb000fc50524cf

SHA512
80cd5a8d4a9f02b7d9f528c8781ffe3a6f8eb2fe634dc944c0239e022bdd1d00325c08bc68cc4642a3e3cd7b226e18cd44883c96bd7a5ccb4debf029541da25d

Download Submit
C:\Windows\System\wdcbwWb.exe

Filesize
1.0MB

MD5
a3eeb7c5829d6245d25c9736a6caa6e1

SHA1
6999ec7db3dff19d04f8bb88b3b206a4decb3909

SHA256
ee758c2621785f5225ba491fd145569e17dfb141ce7a1fdf4c79c607876ce757

SHA512
c860f0eeb2266724b6c5e4d5bcbef04f5d83f036aba2303e87b9212578942be366afe2e9a028f61667e5f3dc4179f69e26cb4a33ceedc564a8053198582563ae

Download Submit
C:\Windows\System\xESclIu.exe

Filesize
1.0MB

MD5
cb41acf9d069518ec6014df58ff980f7

SHA1
35ae9c71f8a6da7318e79cf41923e1c198dd0647

SHA256
438c528c939bc5b30fcb56edf92f2e1d00e2c79064df3402a4fa608f5d507cc2

SHA512
a3c67ad153e1595814faa9559f4bb0d7c8817d5d669100b142ead035cea9efaa3454652ccbb3e09f5fea7fe9ff9f3a4a6fad3f671c5f49c34b2ccca835723304

Download Submit
C:\Windows\System\xcgMPdk.exe

Filesize
1.0MB

MD5
f9c7883d7d35e940bcf023067779b0ec

SHA1
31dec584f5b3d5362f84dde277e2247c19999cfa

SHA256
775f6fe6e09d533346c53addaca925ece01f93b17462714991f8f271a96c2f3c

SHA512
2fb673e1bc4ef978193fdeff704ab87429531fa0473451b4be770a112f60b26ba4037e0b79e21ee71eddb4488cc66dc6a91dc79c19edbb8bafb9b43006278692

Download Submit
C:\Windows\System\xhWDcas.exe

Filesize
1.0MB

MD5
9002a47d2a42b33f3e1c1269bc8e8d1d

SHA1
e94ff5d216514f52ec0e0580036b257b03124a37

SHA256
f31f742d79e7c51526f89bd3df9dccf85863c4a372ca941afb6b1b94d9b6e88f

SHA512
32a12b123a7e25bf07bd5d2090c29978defaad298ea77a3bf84777038619de62d6e644a9f8ac5fee979e9650b5415644adf80d6da4c8a9c90d37fcc60b783106

Download Submit
C:\Windows\System\xyjrHGR.exe

Filesize
1.0MB

MD5
0a87bcff00ac6bc7009b98ddeaf029e6

SHA1
81b8efac3dd9590aa0670e6b672e6bd24bb1fffb

SHA256
0a3864a8df954890d95238df71901a01fa619604a6b52acc44ec6eeb356aa131

SHA512
1475c8b8c129d3980f972f7ceb9aa7ce9e0db0136b643c4ac64024d99956b45b9e314f0a2a34c4e09a7ac35573e68a018af9b17e9045972bcc6cf71cb666b465

Download Submit
memory/3340-0-0x000001F73E3B0000-0x000001F73E3C0000-memory.dmp

Filesize
64KB

Download