xmrig | c1501d5dafc05acbeedab052ed9e62bd8f9e8bfdbe5e3fe18df3310a79d03b2d

Analysis

max time kernel
147s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
13-06-2024 22:22

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

8bc422c14a97d0f8ab8d3845e08f3720_NeikiAnalytics.exe
Size

1.0MB
MD5

8bc422c14a97d0f8ab8d3845e08f3720
SHA1

21b288afc566eb39b92eeb3a99b4ede431a59766
SHA256

c1501d5dafc05acbeedab052ed9e62bd8f9e8bfdbe5e3fe18df3310a79d03b2d
SHA512

764c0b4161afdef294b5c09e840e6a6d9c82e2183f870af6faeac2add1109de212f4977de4c1210ec69b69810eed348917bdcd7b8bb27e4406c9ee69de969e7e
SSDEEP

24576:GezaTnG99Q8FcNrpyNdfE0bLBgDOp2iSLz9LbBwlKensPLI6va:GezaTF8FcNkNdfE0pZ9oztFwIhLI6y

Score

10^/10

xmrig miner

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 33 IoCs

miner

Processes:

resource	yara_rule
C:\Windows\System\lFIJGmJ.exe	xmrig
C:\Windows\System\AdFqSqI.exe	xmrig
C:\Windows\System\GfWUYtY.exe	xmrig
C:\Windows\System\OtUDSZX.exe	xmrig
C:\Windows\System\gZYkhkE.exe	xmrig
C:\Windows\System\fmNHENs.exe	xmrig
C:\Windows\System\trOGgqU.exe	xmrig
C:\Windows\System\QehaBJK.exe	xmrig
C:\Windows\System\edOOEil.exe	xmrig
C:\Windows\System\jElCMDQ.exe	xmrig
C:\Windows\System\uUaqaLZ.exe	xmrig
C:\Windows\System\ZKncBpJ.exe	xmrig
C:\Windows\System\YYozxhy.exe	xmrig
C:\Windows\System\zLeyWgE.exe	xmrig
C:\Windows\System\oPwQSIs.exe	xmrig
C:\Windows\System\hYeqxbP.exe	xmrig
C:\Windows\System\tekcxCP.exe	xmrig
C:\Windows\System\YQILsgQ.exe	xmrig
C:\Windows\System\nUzKnQH.exe	xmrig
C:\Windows\System\UslVPWt.exe	xmrig
C:\Windows\System\HoSgUMG.exe	xmrig
C:\Windows\System\AirhRBE.exe	xmrig
C:\Windows\System\lpSxuau.exe	xmrig
C:\Windows\System\bHlmfWU.exe	xmrig
C:\Windows\System\bCcgZUE.exe	xmrig
C:\Windows\System\bAKioUo.exe	xmrig
C:\Windows\System\izxeDlO.exe	xmrig
C:\Windows\System\XaOQvlJ.exe	xmrig
C:\Windows\System\EppKHxS.exe	xmrig
C:\Windows\System\bIDJHwF.exe	xmrig
C:\Windows\System\nCkXflL.exe	xmrig
C:\Windows\System\QhhYeCK.exe	xmrig
C:\Windows\System\kbqXHXL.exe	xmrig

Executes dropped EXE 64 IoCs

Processes:

trOGgqU.exefmNHENs.exegZYkhkE.exeOtUDSZX.exelFIJGmJ.exeGfWUYtY.exeAdFqSqI.exeQehaBJK.exeedOOEil.exejElCMDQ.exeuUaqaLZ.exeZKncBpJ.exeYYozxhy.exezLeyWgE.exenUzKnQH.exeoPwQSIs.exehYeqxbP.exetekcxCP.exeYQILsgQ.exekbqXHXL.exeUslVPWt.exeQhhYeCK.exenCkXflL.exebIDJHwF.exeEppKHxS.exeXaOQvlJ.exeizxeDlO.exebAKioUo.exeHoSgUMG.exebCcgZUE.exelpSxuau.exebHlmfWU.exeAirhRBE.exeDDsKIWe.exeGGOZTgI.exeolwmXRs.exeuBNkOZg.exeVcnJrWQ.exetAbsqFM.exeAeWAyIw.exeHSftZjb.exejMbPYKB.exeEUZlwTT.exeqRMGjoI.exetVzuWOb.exeedBSXMA.exeobDSVFP.exeBgjwIzs.exeaGTHLoM.exeTiJrHkw.exeYgBZVap.exelXixIOs.exeTVFzDGJ.exedZtKXpD.exesdfoTbK.exeRaqCBEG.exegoupqfT.exeCfOIfYD.exeLoqHwFB.exeWwrwkQx.exeFPjWQau.exeKrJOauY.exeIPlzqxj.exewVLqVdN.exe

pid	process
4684	trOGgqU.exe
3948	fmNHENs.exe
3184	gZYkhkE.exe
3664	OtUDSZX.exe
1052	lFIJGmJ.exe
2144	GfWUYtY.exe
1632	AdFqSqI.exe
3964	QehaBJK.exe
1924	edOOEil.exe
4484	jElCMDQ.exe
3424	uUaqaLZ.exe
1648	ZKncBpJ.exe
2148	YYozxhy.exe
4516	zLeyWgE.exe
1008	nUzKnQH.exe
4608	oPwQSIs.exe
4612	hYeqxbP.exe
3536	tekcxCP.exe
220	YQILsgQ.exe
2072	kbqXHXL.exe
5044	UslVPWt.exe
1640	QhhYeCK.exe
4476	nCkXflL.exe
4072	bIDJHwF.exe
3220	EppKHxS.exe
4984	XaOQvlJ.exe
4720	izxeDlO.exe
1200	bAKioUo.exe
2676	HoSgUMG.exe
3304	bCcgZUE.exe
2648	lpSxuau.exe
3672	bHlmfWU.exe
5076	AirhRBE.exe
4936	DDsKIWe.exe
4040	GGOZTgI.exe
4688	olwmXRs.exe
4144	uBNkOZg.exe
2176	VcnJrWQ.exe
468	tAbsqFM.exe
4492	AeWAyIw.exe
4024	HSftZjb.exe
4124	jMbPYKB.exe
2592	EUZlwTT.exe
1644	qRMGjoI.exe
4932	tVzuWOb.exe
2552	edBSXMA.exe
4888	obDSVFP.exe
3676	BgjwIzs.exe
1016	aGTHLoM.exe
4420	TiJrHkw.exe
3644	YgBZVap.exe
3436	lXixIOs.exe
2800	TVFzDGJ.exe
5072	dZtKXpD.exe
2844	sdfoTbK.exe
3864	RaqCBEG.exe
1612	goupqfT.exe
1908	CfOIfYD.exe
652	LoqHwFB.exe
2400	WwrwkQx.exe
2744	FPjWQau.exe
4928	KrJOauY.exe
3160	IPlzqxj.exe
4764	wVLqVdN.exe

Drops file in Windows directory 64 IoCs

Processes:

8bc422c14a97d0f8ab8d3845e08f3720_NeikiAnalytics.exe

description	ioc	process
File created	C:\Windows\System\tekcxCP.exe	8bc422c14a97d0f8ab8d3845e08f3720_NeikiAnalytics.exe
File created	C:\Windows\System\NzuTOau.exe	8bc422c14a97d0f8ab8d3845e08f3720_NeikiAnalytics.exe
File created	C:\Windows\System\qyADOie.exe	8bc422c14a97d0f8ab8d3845e08f3720_NeikiAnalytics.exe
File created	C:\Windows\System\edOOEil.exe	8bc422c14a97d0f8ab8d3845e08f3720_NeikiAnalytics.exe
File created	C:\Windows\System\vKRWnKK.exe	8bc422c14a97d0f8ab8d3845e08f3720_NeikiAnalytics.exe
File created	C:\Windows\System\RbIEuzy.exe	8bc422c14a97d0f8ab8d3845e08f3720_NeikiAnalytics.exe
File created	C:\Windows\System\OlFFHwy.exe	8bc422c14a97d0f8ab8d3845e08f3720_NeikiAnalytics.exe
File created	C:\Windows\System\tVzuWOb.exe	8bc422c14a97d0f8ab8d3845e08f3720_NeikiAnalytics.exe
File created	C:\Windows\System\BgjwIzs.exe	8bc422c14a97d0f8ab8d3845e08f3720_NeikiAnalytics.exe
File created	C:\Windows\System\nULmayy.exe	8bc422c14a97d0f8ab8d3845e08f3720_NeikiAnalytics.exe
File created	C:\Windows\System\YwfShUQ.exe	8bc422c14a97d0f8ab8d3845e08f3720_NeikiAnalytics.exe
File created	C:\Windows\System\NOEdthr.exe	8bc422c14a97d0f8ab8d3845e08f3720_NeikiAnalytics.exe
File created	C:\Windows\System\dZiQLRO.exe	8bc422c14a97d0f8ab8d3845e08f3720_NeikiAnalytics.exe
File created	C:\Windows\System\AdFqSqI.exe	8bc422c14a97d0f8ab8d3845e08f3720_NeikiAnalytics.exe
File created	C:\Windows\System\PDHnekw.exe	8bc422c14a97d0f8ab8d3845e08f3720_NeikiAnalytics.exe
File created	C:\Windows\System\DDsKIWe.exe	8bc422c14a97d0f8ab8d3845e08f3720_NeikiAnalytics.exe
File created	C:\Windows\System\pMEIEhJ.exe	8bc422c14a97d0f8ab8d3845e08f3720_NeikiAnalytics.exe
File created	C:\Windows\System\CggOlLH.exe	8bc422c14a97d0f8ab8d3845e08f3720_NeikiAnalytics.exe
File created	C:\Windows\System\YYozxhy.exe	8bc422c14a97d0f8ab8d3845e08f3720_NeikiAnalytics.exe
File created	C:\Windows\System\lltaLtB.exe	8bc422c14a97d0f8ab8d3845e08f3720_NeikiAnalytics.exe
File created	C:\Windows\System\aqWYISA.exe	8bc422c14a97d0f8ab8d3845e08f3720_NeikiAnalytics.exe
File created	C:\Windows\System\olwmXRs.exe	8bc422c14a97d0f8ab8d3845e08f3720_NeikiAnalytics.exe
File created	C:\Windows\System\TVFzDGJ.exe	8bc422c14a97d0f8ab8d3845e08f3720_NeikiAnalytics.exe
File created	C:\Windows\System\wVLqVdN.exe	8bc422c14a97d0f8ab8d3845e08f3720_NeikiAnalytics.exe
File created	C:\Windows\System\eTnrihC.exe	8bc422c14a97d0f8ab8d3845e08f3720_NeikiAnalytics.exe
File created	C:\Windows\System\OhDuuas.exe	8bc422c14a97d0f8ab8d3845e08f3720_NeikiAnalytics.exe
File created	C:\Windows\System\TiJrHkw.exe	8bc422c14a97d0f8ab8d3845e08f3720_NeikiAnalytics.exe
File created	C:\Windows\System\RaqCBEG.exe	8bc422c14a97d0f8ab8d3845e08f3720_NeikiAnalytics.exe
File created	C:\Windows\System\FoAHzQa.exe	8bc422c14a97d0f8ab8d3845e08f3720_NeikiAnalytics.exe
File created	C:\Windows\System\CojchTp.exe	8bc422c14a97d0f8ab8d3845e08f3720_NeikiAnalytics.exe
File created	C:\Windows\System\HoSgUMG.exe	8bc422c14a97d0f8ab8d3845e08f3720_NeikiAnalytics.exe
File created	C:\Windows\System\YQILsgQ.exe	8bc422c14a97d0f8ab8d3845e08f3720_NeikiAnalytics.exe
File created	C:\Windows\System\VcnJrWQ.exe	8bc422c14a97d0f8ab8d3845e08f3720_NeikiAnalytics.exe
File created	C:\Windows\System\fvwrGPn.exe	8bc422c14a97d0f8ab8d3845e08f3720_NeikiAnalytics.exe
File created	C:\Windows\System\lORAnUx.exe	8bc422c14a97d0f8ab8d3845e08f3720_NeikiAnalytics.exe
File created	C:\Windows\System\uUaqaLZ.exe	8bc422c14a97d0f8ab8d3845e08f3720_NeikiAnalytics.exe
File created	C:\Windows\System\HSftZjb.exe	8bc422c14a97d0f8ab8d3845e08f3720_NeikiAnalytics.exe
File created	C:\Windows\System\DlYaliz.exe	8bc422c14a97d0f8ab8d3845e08f3720_NeikiAnalytics.exe
File created	C:\Windows\System\jamXVwF.exe	8bc422c14a97d0f8ab8d3845e08f3720_NeikiAnalytics.exe
File created	C:\Windows\System\AkYxJNF.exe	8bc422c14a97d0f8ab8d3845e08f3720_NeikiAnalytics.exe
File created	C:\Windows\System\cIFdKKQ.exe	8bc422c14a97d0f8ab8d3845e08f3720_NeikiAnalytics.exe
File created	C:\Windows\System\XaOQvlJ.exe	8bc422c14a97d0f8ab8d3845e08f3720_NeikiAnalytics.exe
File created	C:\Windows\System\GNprERM.exe	8bc422c14a97d0f8ab8d3845e08f3720_NeikiAnalytics.exe
File created	C:\Windows\System\jMbPYKB.exe	8bc422c14a97d0f8ab8d3845e08f3720_NeikiAnalytics.exe
File created	C:\Windows\System\KkgrRnK.exe	8bc422c14a97d0f8ab8d3845e08f3720_NeikiAnalytics.exe
File created	C:\Windows\System\WQklEEX.exe	8bc422c14a97d0f8ab8d3845e08f3720_NeikiAnalytics.exe
File created	C:\Windows\System\uCliaFP.exe	8bc422c14a97d0f8ab8d3845e08f3720_NeikiAnalytics.exe
File created	C:\Windows\System\trOGgqU.exe	8bc422c14a97d0f8ab8d3845e08f3720_NeikiAnalytics.exe
File created	C:\Windows\System\FwpKjzm.exe	8bc422c14a97d0f8ab8d3845e08f3720_NeikiAnalytics.exe
File created	C:\Windows\System\TTzmggj.exe	8bc422c14a97d0f8ab8d3845e08f3720_NeikiAnalytics.exe
File created	C:\Windows\System\yGiImqO.exe	8bc422c14a97d0f8ab8d3845e08f3720_NeikiAnalytics.exe
File created	C:\Windows\System\CfOIfYD.exe	8bc422c14a97d0f8ab8d3845e08f3720_NeikiAnalytics.exe
File created	C:\Windows\System\abwlNkn.exe	8bc422c14a97d0f8ab8d3845e08f3720_NeikiAnalytics.exe
File created	C:\Windows\System\HgyGdVA.exe	8bc422c14a97d0f8ab8d3845e08f3720_NeikiAnalytics.exe
File created	C:\Windows\System\jElCMDQ.exe	8bc422c14a97d0f8ab8d3845e08f3720_NeikiAnalytics.exe
File created	C:\Windows\System\gZYkhkE.exe	8bc422c14a97d0f8ab8d3845e08f3720_NeikiAnalytics.exe
File created	C:\Windows\System\zLeyWgE.exe	8bc422c14a97d0f8ab8d3845e08f3720_NeikiAnalytics.exe
File created	C:\Windows\System\bCcgZUE.exe	8bc422c14a97d0f8ab8d3845e08f3720_NeikiAnalytics.exe
File created	C:\Windows\System\aGTHLoM.exe	8bc422c14a97d0f8ab8d3845e08f3720_NeikiAnalytics.exe
File created	C:\Windows\System\JFXnZpn.exe	8bc422c14a97d0f8ab8d3845e08f3720_NeikiAnalytics.exe
File created	C:\Windows\System\fmNHENs.exe	8bc422c14a97d0f8ab8d3845e08f3720_NeikiAnalytics.exe
File created	C:\Windows\System\obDSVFP.exe	8bc422c14a97d0f8ab8d3845e08f3720_NeikiAnalytics.exe
File created	C:\Windows\System\oPwQSIs.exe	8bc422c14a97d0f8ab8d3845e08f3720_NeikiAnalytics.exe
File created	C:\Windows\System\GqWBwyl.exe	8bc422c14a97d0f8ab8d3845e08f3720_NeikiAnalytics.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

Processes:

8bc422c14a97d0f8ab8d3845e08f3720_NeikiAnalytics.exe

description	pid	process
Token: SeLockMemoryPrivilege	812	8bc422c14a97d0f8ab8d3845e08f3720_NeikiAnalytics.exe
Token: SeLockMemoryPrivilege	812	8bc422c14a97d0f8ab8d3845e08f3720_NeikiAnalytics.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

8bc422c14a97d0f8ab8d3845e08f3720_NeikiAnalytics.exe

description	pid	process	target process
PID 812 wrote to memory of 4684	812	8bc422c14a97d0f8ab8d3845e08f3720_NeikiAnalytics.exe	trOGgqU.exe
PID 812 wrote to memory of 4684	812	8bc422c14a97d0f8ab8d3845e08f3720_NeikiAnalytics.exe	trOGgqU.exe
PID 812 wrote to memory of 3948	812	8bc422c14a97d0f8ab8d3845e08f3720_NeikiAnalytics.exe	fmNHENs.exe
PID 812 wrote to memory of 3948	812	8bc422c14a97d0f8ab8d3845e08f3720_NeikiAnalytics.exe	fmNHENs.exe
PID 812 wrote to memory of 3184	812	8bc422c14a97d0f8ab8d3845e08f3720_NeikiAnalytics.exe	gZYkhkE.exe
PID 812 wrote to memory of 3184	812	8bc422c14a97d0f8ab8d3845e08f3720_NeikiAnalytics.exe	gZYkhkE.exe
PID 812 wrote to memory of 3664	812	8bc422c14a97d0f8ab8d3845e08f3720_NeikiAnalytics.exe	OtUDSZX.exe
PID 812 wrote to memory of 3664	812	8bc422c14a97d0f8ab8d3845e08f3720_NeikiAnalytics.exe	OtUDSZX.exe
PID 812 wrote to memory of 1052	812	8bc422c14a97d0f8ab8d3845e08f3720_NeikiAnalytics.exe	lFIJGmJ.exe
PID 812 wrote to memory of 1052	812	8bc422c14a97d0f8ab8d3845e08f3720_NeikiAnalytics.exe	lFIJGmJ.exe
PID 812 wrote to memory of 2144	812	8bc422c14a97d0f8ab8d3845e08f3720_NeikiAnalytics.exe	GfWUYtY.exe
PID 812 wrote to memory of 2144	812	8bc422c14a97d0f8ab8d3845e08f3720_NeikiAnalytics.exe	GfWUYtY.exe
PID 812 wrote to memory of 1632	812	8bc422c14a97d0f8ab8d3845e08f3720_NeikiAnalytics.exe	AdFqSqI.exe
PID 812 wrote to memory of 1632	812	8bc422c14a97d0f8ab8d3845e08f3720_NeikiAnalytics.exe	AdFqSqI.exe
PID 812 wrote to memory of 3964	812	8bc422c14a97d0f8ab8d3845e08f3720_NeikiAnalytics.exe	QehaBJK.exe
PID 812 wrote to memory of 3964	812	8bc422c14a97d0f8ab8d3845e08f3720_NeikiAnalytics.exe	QehaBJK.exe
PID 812 wrote to memory of 1924	812	8bc422c14a97d0f8ab8d3845e08f3720_NeikiAnalytics.exe	edOOEil.exe
PID 812 wrote to memory of 1924	812	8bc422c14a97d0f8ab8d3845e08f3720_NeikiAnalytics.exe	edOOEil.exe
PID 812 wrote to memory of 4484	812	8bc422c14a97d0f8ab8d3845e08f3720_NeikiAnalytics.exe	jElCMDQ.exe
PID 812 wrote to memory of 4484	812	8bc422c14a97d0f8ab8d3845e08f3720_NeikiAnalytics.exe	jElCMDQ.exe
PID 812 wrote to memory of 3424	812	8bc422c14a97d0f8ab8d3845e08f3720_NeikiAnalytics.exe	uUaqaLZ.exe
PID 812 wrote to memory of 3424	812	8bc422c14a97d0f8ab8d3845e08f3720_NeikiAnalytics.exe	uUaqaLZ.exe
PID 812 wrote to memory of 1648	812	8bc422c14a97d0f8ab8d3845e08f3720_NeikiAnalytics.exe	ZKncBpJ.exe
PID 812 wrote to memory of 1648	812	8bc422c14a97d0f8ab8d3845e08f3720_NeikiAnalytics.exe	ZKncBpJ.exe
PID 812 wrote to memory of 2148	812	8bc422c14a97d0f8ab8d3845e08f3720_NeikiAnalytics.exe	YYozxhy.exe
PID 812 wrote to memory of 2148	812	8bc422c14a97d0f8ab8d3845e08f3720_NeikiAnalytics.exe	YYozxhy.exe
PID 812 wrote to memory of 4516	812	8bc422c14a97d0f8ab8d3845e08f3720_NeikiAnalytics.exe	zLeyWgE.exe
PID 812 wrote to memory of 4516	812	8bc422c14a97d0f8ab8d3845e08f3720_NeikiAnalytics.exe	zLeyWgE.exe
PID 812 wrote to memory of 1008	812	8bc422c14a97d0f8ab8d3845e08f3720_NeikiAnalytics.exe	nUzKnQH.exe
PID 812 wrote to memory of 1008	812	8bc422c14a97d0f8ab8d3845e08f3720_NeikiAnalytics.exe	nUzKnQH.exe
PID 812 wrote to memory of 4608	812	8bc422c14a97d0f8ab8d3845e08f3720_NeikiAnalytics.exe	oPwQSIs.exe
PID 812 wrote to memory of 4608	812	8bc422c14a97d0f8ab8d3845e08f3720_NeikiAnalytics.exe	oPwQSIs.exe
PID 812 wrote to memory of 4612	812	8bc422c14a97d0f8ab8d3845e08f3720_NeikiAnalytics.exe	hYeqxbP.exe
PID 812 wrote to memory of 4612	812	8bc422c14a97d0f8ab8d3845e08f3720_NeikiAnalytics.exe	hYeqxbP.exe
PID 812 wrote to memory of 3536	812	8bc422c14a97d0f8ab8d3845e08f3720_NeikiAnalytics.exe	tekcxCP.exe
PID 812 wrote to memory of 3536	812	8bc422c14a97d0f8ab8d3845e08f3720_NeikiAnalytics.exe	tekcxCP.exe
PID 812 wrote to memory of 220	812	8bc422c14a97d0f8ab8d3845e08f3720_NeikiAnalytics.exe	YQILsgQ.exe
PID 812 wrote to memory of 220	812	8bc422c14a97d0f8ab8d3845e08f3720_NeikiAnalytics.exe	YQILsgQ.exe
PID 812 wrote to memory of 2072	812	8bc422c14a97d0f8ab8d3845e08f3720_NeikiAnalytics.exe	kbqXHXL.exe
PID 812 wrote to memory of 2072	812	8bc422c14a97d0f8ab8d3845e08f3720_NeikiAnalytics.exe	kbqXHXL.exe
PID 812 wrote to memory of 5044	812	8bc422c14a97d0f8ab8d3845e08f3720_NeikiAnalytics.exe	UslVPWt.exe
PID 812 wrote to memory of 5044	812	8bc422c14a97d0f8ab8d3845e08f3720_NeikiAnalytics.exe	UslVPWt.exe
PID 812 wrote to memory of 1640	812	8bc422c14a97d0f8ab8d3845e08f3720_NeikiAnalytics.exe	QhhYeCK.exe
PID 812 wrote to memory of 1640	812	8bc422c14a97d0f8ab8d3845e08f3720_NeikiAnalytics.exe	QhhYeCK.exe
PID 812 wrote to memory of 4476	812	8bc422c14a97d0f8ab8d3845e08f3720_NeikiAnalytics.exe	nCkXflL.exe
PID 812 wrote to memory of 4476	812	8bc422c14a97d0f8ab8d3845e08f3720_NeikiAnalytics.exe	nCkXflL.exe
PID 812 wrote to memory of 4072	812	8bc422c14a97d0f8ab8d3845e08f3720_NeikiAnalytics.exe	bIDJHwF.exe
PID 812 wrote to memory of 4072	812	8bc422c14a97d0f8ab8d3845e08f3720_NeikiAnalytics.exe	bIDJHwF.exe
PID 812 wrote to memory of 3220	812	8bc422c14a97d0f8ab8d3845e08f3720_NeikiAnalytics.exe	EppKHxS.exe
PID 812 wrote to memory of 3220	812	8bc422c14a97d0f8ab8d3845e08f3720_NeikiAnalytics.exe	EppKHxS.exe
PID 812 wrote to memory of 4984	812	8bc422c14a97d0f8ab8d3845e08f3720_NeikiAnalytics.exe	XaOQvlJ.exe
PID 812 wrote to memory of 4984	812	8bc422c14a97d0f8ab8d3845e08f3720_NeikiAnalytics.exe	XaOQvlJ.exe
PID 812 wrote to memory of 4720	812	8bc422c14a97d0f8ab8d3845e08f3720_NeikiAnalytics.exe	izxeDlO.exe
PID 812 wrote to memory of 4720	812	8bc422c14a97d0f8ab8d3845e08f3720_NeikiAnalytics.exe	izxeDlO.exe
PID 812 wrote to memory of 1200	812	8bc422c14a97d0f8ab8d3845e08f3720_NeikiAnalytics.exe	bAKioUo.exe
PID 812 wrote to memory of 1200	812	8bc422c14a97d0f8ab8d3845e08f3720_NeikiAnalytics.exe	bAKioUo.exe
PID 812 wrote to memory of 2676	812	8bc422c14a97d0f8ab8d3845e08f3720_NeikiAnalytics.exe	HoSgUMG.exe
PID 812 wrote to memory of 2676	812	8bc422c14a97d0f8ab8d3845e08f3720_NeikiAnalytics.exe	HoSgUMG.exe
PID 812 wrote to memory of 3304	812	8bc422c14a97d0f8ab8d3845e08f3720_NeikiAnalytics.exe	bCcgZUE.exe
PID 812 wrote to memory of 3304	812	8bc422c14a97d0f8ab8d3845e08f3720_NeikiAnalytics.exe	bCcgZUE.exe
PID 812 wrote to memory of 2648	812	8bc422c14a97d0f8ab8d3845e08f3720_NeikiAnalytics.exe	lpSxuau.exe
PID 812 wrote to memory of 2648	812	8bc422c14a97d0f8ab8d3845e08f3720_NeikiAnalytics.exe	lpSxuau.exe
PID 812 wrote to memory of 3672	812	8bc422c14a97d0f8ab8d3845e08f3720_NeikiAnalytics.exe	bHlmfWU.exe
PID 812 wrote to memory of 3672	812	8bc422c14a97d0f8ab8d3845e08f3720_NeikiAnalytics.exe	bHlmfWU.exe

C:\Users\Admin\AppData\Local\Temp\8bc422c14a97d0f8ab8d3845e08f3720_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\8bc422c14a97d0f8ab8d3845e08f3720_NeikiAnalytics.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:812

C:\Windows\System\trOGgqU.exe
C:\Windows\System\trOGgqU.exe
2⤵
- Executes dropped EXE
PID:4684

C:\Windows\System\fmNHENs.exe
C:\Windows\System\fmNHENs.exe
2⤵
- Executes dropped EXE
PID:3948

C:\Windows\System\gZYkhkE.exe
C:\Windows\System\gZYkhkE.exe
2⤵
- Executes dropped EXE
PID:3184

C:\Windows\System\OtUDSZX.exe
C:\Windows\System\OtUDSZX.exe
2⤵
- Executes dropped EXE
PID:3664

C:\Windows\System\lFIJGmJ.exe
C:\Windows\System\lFIJGmJ.exe
2⤵
- Executes dropped EXE
PID:1052

C:\Windows\System\GfWUYtY.exe
C:\Windows\System\GfWUYtY.exe
2⤵
- Executes dropped EXE
PID:2144

C:\Windows\System\AdFqSqI.exe
C:\Windows\System\AdFqSqI.exe
2⤵
- Executes dropped EXE
PID:1632

C:\Windows\System\QehaBJK.exe
C:\Windows\System\QehaBJK.exe
2⤵
- Executes dropped EXE
PID:3964

C:\Windows\System\edOOEil.exe
C:\Windows\System\edOOEil.exe
2⤵
- Executes dropped EXE
PID:1924

C:\Windows\System\jElCMDQ.exe
C:\Windows\System\jElCMDQ.exe
2⤵
- Executes dropped EXE
PID:4484

C:\Windows\System\uUaqaLZ.exe
C:\Windows\System\uUaqaLZ.exe
2⤵
- Executes dropped EXE
PID:3424

C:\Windows\System\ZKncBpJ.exe
C:\Windows\System\ZKncBpJ.exe
2⤵
- Executes dropped EXE
PID:1648

C:\Windows\System\YYozxhy.exe
C:\Windows\System\YYozxhy.exe
2⤵
- Executes dropped EXE
PID:2148

C:\Windows\System\zLeyWgE.exe
C:\Windows\System\zLeyWgE.exe
2⤵
- Executes dropped EXE
PID:4516

C:\Windows\System\nUzKnQH.exe
C:\Windows\System\nUzKnQH.exe
2⤵
- Executes dropped EXE
PID:1008

C:\Windows\System\oPwQSIs.exe
C:\Windows\System\oPwQSIs.exe
2⤵
- Executes dropped EXE
PID:4608

C:\Windows\System\hYeqxbP.exe
C:\Windows\System\hYeqxbP.exe
2⤵
- Executes dropped EXE
PID:4612

C:\Windows\System\tekcxCP.exe
C:\Windows\System\tekcxCP.exe
2⤵
- Executes dropped EXE
PID:3536

C:\Windows\System\YQILsgQ.exe
C:\Windows\System\YQILsgQ.exe
2⤵
- Executes dropped EXE
PID:220

C:\Windows\System\kbqXHXL.exe
C:\Windows\System\kbqXHXL.exe
2⤵
- Executes dropped EXE
PID:2072

C:\Windows\System\UslVPWt.exe
C:\Windows\System\UslVPWt.exe
2⤵
- Executes dropped EXE
PID:5044

C:\Windows\System\QhhYeCK.exe
C:\Windows\System\QhhYeCK.exe
2⤵
- Executes dropped EXE
PID:1640

C:\Windows\System\nCkXflL.exe
C:\Windows\System\nCkXflL.exe
2⤵
- Executes dropped EXE
PID:4476

C:\Windows\System\bIDJHwF.exe
C:\Windows\System\bIDJHwF.exe
2⤵
- Executes dropped EXE
PID:4072

C:\Windows\System\EppKHxS.exe
C:\Windows\System\EppKHxS.exe
2⤵
- Executes dropped EXE
PID:3220

C:\Windows\System\XaOQvlJ.exe
C:\Windows\System\XaOQvlJ.exe
2⤵
- Executes dropped EXE
PID:4984

C:\Windows\System\izxeDlO.exe
C:\Windows\System\izxeDlO.exe
2⤵
- Executes dropped EXE
PID:4720

C:\Windows\System\bAKioUo.exe
C:\Windows\System\bAKioUo.exe
2⤵
- Executes dropped EXE
PID:1200

C:\Windows\System\HoSgUMG.exe
C:\Windows\System\HoSgUMG.exe
2⤵
- Executes dropped EXE
PID:2676

C:\Windows\System\bCcgZUE.exe
C:\Windows\System\bCcgZUE.exe
2⤵
- Executes dropped EXE
PID:3304

C:\Windows\System\lpSxuau.exe
C:\Windows\System\lpSxuau.exe
2⤵
- Executes dropped EXE
PID:2648

C:\Windows\System\bHlmfWU.exe
C:\Windows\System\bHlmfWU.exe
2⤵
- Executes dropped EXE
PID:3672

C:\Windows\System\AirhRBE.exe
C:\Windows\System\AirhRBE.exe
2⤵
- Executes dropped EXE
PID:5076

C:\Windows\System\DDsKIWe.exe
C:\Windows\System\DDsKIWe.exe
2⤵
- Executes dropped EXE
PID:4936

C:\Windows\System\GGOZTgI.exe
C:\Windows\System\GGOZTgI.exe
2⤵
- Executes dropped EXE
PID:4040

C:\Windows\System\olwmXRs.exe
C:\Windows\System\olwmXRs.exe
2⤵
- Executes dropped EXE
PID:4688

C:\Windows\System\uBNkOZg.exe
C:\Windows\System\uBNkOZg.exe
2⤵
- Executes dropped EXE
PID:4144

C:\Windows\System\VcnJrWQ.exe
C:\Windows\System\VcnJrWQ.exe
2⤵
- Executes dropped EXE
PID:2176

C:\Windows\System\tAbsqFM.exe
C:\Windows\System\tAbsqFM.exe
2⤵
- Executes dropped EXE
PID:468

C:\Windows\System\AeWAyIw.exe
C:\Windows\System\AeWAyIw.exe
2⤵
- Executes dropped EXE
PID:4492

C:\Windows\System\HSftZjb.exe
C:\Windows\System\HSftZjb.exe
2⤵
- Executes dropped EXE
PID:4024

C:\Windows\System\jMbPYKB.exe
C:\Windows\System\jMbPYKB.exe
2⤵
- Executes dropped EXE
PID:4124

C:\Windows\System\EUZlwTT.exe
C:\Windows\System\EUZlwTT.exe
2⤵
- Executes dropped EXE
PID:2592

C:\Windows\System\qRMGjoI.exe
C:\Windows\System\qRMGjoI.exe
2⤵
- Executes dropped EXE
PID:1644

C:\Windows\System\tVzuWOb.exe
C:\Windows\System\tVzuWOb.exe
2⤵
- Executes dropped EXE
PID:4932

C:\Windows\System\edBSXMA.exe
C:\Windows\System\edBSXMA.exe
2⤵
- Executes dropped EXE
PID:2552

C:\Windows\System\obDSVFP.exe
C:\Windows\System\obDSVFP.exe
2⤵
- Executes dropped EXE
PID:4888

C:\Windows\System\BgjwIzs.exe
C:\Windows\System\BgjwIzs.exe
2⤵
- Executes dropped EXE
PID:3676

C:\Windows\System\aGTHLoM.exe
C:\Windows\System\aGTHLoM.exe
2⤵
- Executes dropped EXE
PID:1016

C:\Windows\System\TiJrHkw.exe
C:\Windows\System\TiJrHkw.exe
2⤵
- Executes dropped EXE
PID:4420

C:\Windows\System\YgBZVap.exe
C:\Windows\System\YgBZVap.exe
2⤵
- Executes dropped EXE
PID:3644

C:\Windows\System\lXixIOs.exe
C:\Windows\System\lXixIOs.exe
2⤵
- Executes dropped EXE
PID:3436

C:\Windows\System\TVFzDGJ.exe
C:\Windows\System\TVFzDGJ.exe
2⤵
- Executes dropped EXE
PID:2800

C:\Windows\System\dZtKXpD.exe
C:\Windows\System\dZtKXpD.exe
2⤵
- Executes dropped EXE
PID:5072

C:\Windows\System\sdfoTbK.exe
C:\Windows\System\sdfoTbK.exe
2⤵
- Executes dropped EXE
PID:2844

C:\Windows\System\RaqCBEG.exe
C:\Windows\System\RaqCBEG.exe
2⤵
- Executes dropped EXE
PID:3864

C:\Windows\System\goupqfT.exe
C:\Windows\System\goupqfT.exe
2⤵
- Executes dropped EXE
PID:1612

C:\Windows\System\CfOIfYD.exe
C:\Windows\System\CfOIfYD.exe
2⤵
- Executes dropped EXE
PID:1908

C:\Windows\System\LoqHwFB.exe
C:\Windows\System\LoqHwFB.exe
2⤵
- Executes dropped EXE
PID:652

C:\Windows\System\WwrwkQx.exe
C:\Windows\System\WwrwkQx.exe
2⤵
- Executes dropped EXE
PID:2400

C:\Windows\System\FPjWQau.exe
C:\Windows\System\FPjWQau.exe
2⤵
- Executes dropped EXE
PID:2744

C:\Windows\System\KrJOauY.exe
C:\Windows\System\KrJOauY.exe
2⤵
- Executes dropped EXE
PID:4928

C:\Windows\System\IPlzqxj.exe
C:\Windows\System\IPlzqxj.exe
2⤵
- Executes dropped EXE
PID:3160

C:\Windows\System\wVLqVdN.exe
C:\Windows\System\wVLqVdN.exe
2⤵
- Executes dropped EXE
PID:4764

C:\Windows\System\ogAFKRn.exe
C:\Windows\System\ogAFKRn.exe
2⤵
PID:2244

C:\Windows\System\ESbIyWk.exe
C:\Windows\System\ESbIyWk.exe
2⤵
PID:1984

C:\Windows\System\lQELvgZ.exe
C:\Windows\System\lQELvgZ.exe
2⤵
PID:1260

C:\Windows\System\nULmayy.exe
C:\Windows\System\nULmayy.exe
2⤵
PID:4372

C:\Windows\System\uwpRHzK.exe
C:\Windows\System\uwpRHzK.exe
2⤵
PID:1384

C:\Windows\System\ZroijVk.exe
C:\Windows\System\ZroijVk.exe
2⤵
PID:4600

C:\Windows\System\ReADiZa.exe
C:\Windows\System\ReADiZa.exe
2⤵
PID:1308

C:\Windows\System\bJeQRIE.exe
C:\Windows\System\bJeQRIE.exe
2⤵
PID:3064

C:\Windows\System\pSVOsvj.exe
C:\Windows\System\pSVOsvj.exe
2⤵
PID:1916

C:\Windows\System\GqWBwyl.exe
C:\Windows\System\GqWBwyl.exe
2⤵
PID:2168

C:\Windows\System\VVzTLpF.exe
C:\Windows\System\VVzTLpF.exe
2⤵
PID:1544

C:\Windows\System\FREEgAC.exe
C:\Windows\System\FREEgAC.exe
2⤵
PID:2480

C:\Windows\System\PYOkVyN.exe
C:\Windows\System\PYOkVyN.exe
2⤵
PID:2104

C:\Windows\System\COUweiB.exe
C:\Windows\System\COUweiB.exe
2⤵
PID:4404

C:\Windows\System\XzgmSUK.exe
C:\Windows\System\XzgmSUK.exe
2⤵
PID:3456

C:\Windows\System\cHkVgOj.exe
C:\Windows\System\cHkVgOj.exe
2⤵
PID:840

C:\Windows\System\RdpLlYD.exe
C:\Windows\System\RdpLlYD.exe
2⤵
PID:3176

C:\Windows\System\YwfShUQ.exe
C:\Windows\System\YwfShUQ.exe
2⤵
PID:1460

C:\Windows\System\cTgZejR.exe
C:\Windows\System\cTgZejR.exe
2⤵
PID:1336

C:\Windows\System\FoAHzQa.exe
C:\Windows\System\FoAHzQa.exe
2⤵
PID:1928

C:\Windows\System\xFCRiDm.exe
C:\Windows\System\xFCRiDm.exe
2⤵
PID:4760

C:\Windows\System\YVrkDrW.exe
C:\Windows\System\YVrkDrW.exe
2⤵
PID:1716

C:\Windows\System\KkgrRnK.exe
C:\Windows\System\KkgrRnK.exe
2⤵
PID:3928

C:\Windows\System\gORXZok.exe
C:\Windows\System\gORXZok.exe
2⤵
PID:5024

C:\Windows\System\uTpUFhW.exe
C:\Windows\System\uTpUFhW.exe
2⤵
PID:4908

C:\Windows\System\RAitzSV.exe
C:\Windows\System\RAitzSV.exe
2⤵
PID:3888

C:\Windows\System\pMEIEhJ.exe
C:\Windows\System\pMEIEhJ.exe
2⤵
PID:1768

C:\Windows\System\CcxFJyP.exe
C:\Windows\System\CcxFJyP.exe
2⤵
PID:2756

C:\Windows\System\vKRWnKK.exe
C:\Windows\System\vKRWnKK.exe
2⤵
PID:4204

C:\Windows\System\MNQlPhb.exe
C:\Windows\System\MNQlPhb.exe
2⤵
PID:3952

C:\Windows\System\TYYjKBN.exe
C:\Windows\System\TYYjKBN.exe
2⤵
PID:4968

C:\Windows\System\IrFzaAv.exe
C:\Windows\System\IrFzaAv.exe
2⤵
PID:3292

C:\Windows\System\DlYaliz.exe
C:\Windows\System\DlYaliz.exe
2⤵
PID:1772

C:\Windows\System\WmbaRyG.exe
C:\Windows\System\WmbaRyG.exe
2⤵
PID:3212

C:\Windows\System\wsbPfcP.exe
C:\Windows\System\wsbPfcP.exe
2⤵
PID:4512

C:\Windows\System\jamXVwF.exe
C:\Windows\System\jamXVwF.exe
2⤵
PID:4556

C:\Windows\System\WQklEEX.exe
C:\Windows\System\WQklEEX.exe
2⤵
PID:3996

C:\Windows\System\FtQBTof.exe
C:\Windows\System\FtQBTof.exe
2⤵
PID:2140

C:\Windows\System\oJLFZYL.exe
C:\Windows\System\oJLFZYL.exe
2⤵
PID:2696

C:\Windows\System\dzjhBGD.exe
C:\Windows\System\dzjhBGD.exe
2⤵
PID:212

C:\Windows\System\BnPxJxM.exe
C:\Windows\System\BnPxJxM.exe
2⤵
PID:5124

C:\Windows\System\qrfQJaS.exe
C:\Windows\System\qrfQJaS.exe
2⤵
PID:5188

C:\Windows\System\fvwrGPn.exe
C:\Windows\System\fvwrGPn.exe
2⤵
PID:5212

C:\Windows\System\RDXaZEn.exe
C:\Windows\System\RDXaZEn.exe
2⤵
PID:5244

C:\Windows\System\CggOlLH.exe
C:\Windows\System\CggOlLH.exe
2⤵
PID:5272

C:\Windows\System\ojIUCGX.exe
C:\Windows\System\ojIUCGX.exe
2⤵
PID:5292

C:\Windows\System\RbIEuzy.exe
C:\Windows\System\RbIEuzy.exe
2⤵
PID:5324

C:\Windows\System\FwpKjzm.exe
C:\Windows\System\FwpKjzm.exe
2⤵
PID:5352

C:\Windows\System\SJBqJTR.exe
C:\Windows\System\SJBqJTR.exe
2⤵
PID:5388

C:\Windows\System\seIrftu.exe
C:\Windows\System\seIrftu.exe
2⤵
PID:5412

C:\Windows\System\uCliaFP.exe
C:\Windows\System\uCliaFP.exe
2⤵
PID:5440

C:\Windows\System\rCjfhVz.exe
C:\Windows\System\rCjfhVz.exe
2⤵
PID:5468

C:\Windows\System\lORAnUx.exe
C:\Windows\System\lORAnUx.exe
2⤵
PID:5492

C:\Windows\System\eGzdJlg.exe
C:\Windows\System\eGzdJlg.exe
2⤵
PID:5520

C:\Windows\System\CHlMVWU.exe
C:\Windows\System\CHlMVWU.exe
2⤵
PID:5552

C:\Windows\System\vKwbfDz.exe
C:\Windows\System\vKwbfDz.exe
2⤵
PID:5580

C:\Windows\System\VVUstMZ.exe
C:\Windows\System\VVUstMZ.exe
2⤵
PID:5604

C:\Windows\System\AJMBTym.exe
C:\Windows\System\AJMBTym.exe
2⤵
PID:5628

C:\Windows\System\tagitSf.exe
C:\Windows\System\tagitSf.exe
2⤵
PID:5652

C:\Windows\System\vjALNym.exe
C:\Windows\System\vjALNym.exe
2⤵
PID:5692

C:\Windows\System\YtdLxPs.exe
C:\Windows\System\YtdLxPs.exe
2⤵
PID:5720

C:\Windows\System\GSiXgba.exe
C:\Windows\System\GSiXgba.exe
2⤵
PID:5748

C:\Windows\System\CXLHcaY.exe
C:\Windows\System\CXLHcaY.exe
2⤵
PID:5776

C:\Windows\System\BCJHNtw.exe
C:\Windows\System\BCJHNtw.exe
2⤵
PID:5800

C:\Windows\System\EBMYUQL.exe
C:\Windows\System\EBMYUQL.exe
2⤵
PID:5824

C:\Windows\System\NzuTOau.exe
C:\Windows\System\NzuTOau.exe
2⤵
PID:5852

C:\Windows\System\JRBUKgl.exe
C:\Windows\System\JRBUKgl.exe
2⤵
PID:5876

C:\Windows\System\abwlNkn.exe
C:\Windows\System\abwlNkn.exe
2⤵
PID:5900

C:\Windows\System\eRfUqjF.exe
C:\Windows\System\eRfUqjF.exe
2⤵
PID:5944

C:\Windows\System\NOEdthr.exe
C:\Windows\System\NOEdthr.exe
2⤵
PID:5968

C:\Windows\System\TvZogFk.exe
C:\Windows\System\TvZogFk.exe
2⤵
PID:5996

C:\Windows\System\iJrIDdA.exe
C:\Windows\System\iJrIDdA.exe
2⤵
PID:6020

C:\Windows\System\jTutPiW.exe
C:\Windows\System\jTutPiW.exe
2⤵
PID:6044

C:\Windows\System\MmIaqwQ.exe
C:\Windows\System\MmIaqwQ.exe
2⤵
PID:6072

C:\Windows\System\FcdJdGo.exe
C:\Windows\System\FcdJdGo.exe
2⤵
PID:6100

C:\Windows\System\nfQEbYf.exe
C:\Windows\System\nfQEbYf.exe
2⤵
PID:6120

C:\Windows\System\FKbnKbq.exe
C:\Windows\System\FKbnKbq.exe
2⤵
PID:4748

C:\Windows\System\DwNGFMj.exe
C:\Windows\System\DwNGFMj.exe
2⤵
PID:5152

C:\Windows\System\ahxOxZd.exe
C:\Windows\System\ahxOxZd.exe
2⤵
PID:5180

C:\Windows\System\YPggAgs.exe
C:\Windows\System\YPggAgs.exe
2⤵
PID:5228

C:\Windows\System\aqWYISA.exe
C:\Windows\System\aqWYISA.exe
2⤵
PID:548

C:\Windows\System\TTzmggj.exe
C:\Windows\System\TTzmggj.exe
2⤵
PID:5288

C:\Windows\System\AkYxJNF.exe
C:\Windows\System\AkYxJNF.exe
2⤵
PID:5372

C:\Windows\System\vJEauai.exe
C:\Windows\System\vJEauai.exe
2⤵
PID:5460

C:\Windows\System\qyADOie.exe
C:\Windows\System\qyADOie.exe
2⤵
PID:5508

C:\Windows\System\WoswTaz.exe
C:\Windows\System\WoswTaz.exe
2⤵
PID:5596

C:\Windows\System\wSKvLvC.exe
C:\Windows\System\wSKvLvC.exe
2⤵
PID:5676

C:\Windows\System\EADTCCS.exe
C:\Windows\System\EADTCCS.exe
2⤵
PID:5744

C:\Windows\System\acpzMTj.exe
C:\Windows\System\acpzMTj.exe
2⤵
PID:5812

C:\Windows\System\qfawoiz.exe
C:\Windows\System\qfawoiz.exe
2⤵
PID:5872

C:\Windows\System\TeUkiML.exe
C:\Windows\System\TeUkiML.exe
2⤵
PID:5936

C:\Windows\System\WKnzDpr.exe
C:\Windows\System\WKnzDpr.exe
2⤵
PID:5988

C:\Windows\System\rWclCbZ.exe
C:\Windows\System\rWclCbZ.exe
2⤵
PID:6036

C:\Windows\System\DIyeNyg.exe
C:\Windows\System\DIyeNyg.exe
2⤵
PID:6116

C:\Windows\System\OlFFHwy.exe
C:\Windows\System\OlFFHwy.exe
2⤵
PID:1584

C:\Windows\System\lltaLtB.exe
C:\Windows\System\lltaLtB.exe
2⤵
PID:5240

C:\Windows\System\cYcfIoL.exe
C:\Windows\System\cYcfIoL.exe
2⤵
PID:5344

C:\Windows\System\kZakoxO.exe
C:\Windows\System\kZakoxO.exe
2⤵
PID:5500

C:\Windows\System\CTogdTY.exe
C:\Windows\System\CTogdTY.exe
2⤵
PID:5672

C:\Windows\System\OvboKUt.exe
C:\Windows\System\OvboKUt.exe
2⤵
PID:5820

C:\Windows\System\eVlBYlC.exe
C:\Windows\System\eVlBYlC.exe
2⤵
PID:5960

C:\Windows\System\xKgiAPj.exe
C:\Windows\System\xKgiAPj.exe
2⤵
PID:6140

C:\Windows\System\GNprERM.exe
C:\Windows\System\GNprERM.exe
2⤵
PID:5220

C:\Windows\System\xqdARbg.exe
C:\Windows\System\xqdARbg.exe
2⤵
PID:5376

C:\Windows\System\iDuwwpl.exe
C:\Windows\System\iDuwwpl.exe
2⤵
PID:6136

C:\Windows\System\MrDesqs.exe
C:\Windows\System\MrDesqs.exe
2⤵
PID:5256

C:\Windows\System\CuIqdVV.exe
C:\Windows\System\CuIqdVV.exe
2⤵
PID:5172

C:\Windows\System\tcQpkRO.exe
C:\Windows\System\tcQpkRO.exe
2⤵
PID:6172

C:\Windows\System\CojchTp.exe
C:\Windows\System\CojchTp.exe
2⤵
PID:6200

C:\Windows\System\HgyGdVA.exe
C:\Windows\System\HgyGdVA.exe
2⤵
PID:6228

C:\Windows\System\QPPemXe.exe
C:\Windows\System\QPPemXe.exe
2⤵
PID:6256

C:\Windows\System\QBMXPmL.exe
C:\Windows\System\QBMXPmL.exe
2⤵
PID:6280

C:\Windows\System\AHlxOou.exe
C:\Windows\System\AHlxOou.exe
2⤵
PID:6312

C:\Windows\System\kYYiohj.exe
C:\Windows\System\kYYiohj.exe
2⤵
PID:6340

C:\Windows\System\Exetcjw.exe
C:\Windows\System\Exetcjw.exe
2⤵
PID:6368

C:\Windows\System\asOQyiL.exe
C:\Windows\System\asOQyiL.exe
2⤵
PID:6396

C:\Windows\System\hwpDMpg.exe
C:\Windows\System\hwpDMpg.exe
2⤵
PID:6424

C:\Windows\System\AGjbXTp.exe
C:\Windows\System\AGjbXTp.exe
2⤵
PID:6452

C:\Windows\System\KsFMmKa.exe
C:\Windows\System\KsFMmKa.exe
2⤵
PID:6480

C:\Windows\System\eTnrihC.exe
C:\Windows\System\eTnrihC.exe
2⤵
PID:6508

C:\Windows\System\vqwmXvt.exe
C:\Windows\System\vqwmXvt.exe
2⤵
PID:6536

C:\Windows\System\ZprNlYz.exe
C:\Windows\System\ZprNlYz.exe
2⤵
PID:6564

C:\Windows\System\fMCzMWU.exe
C:\Windows\System\fMCzMWU.exe
2⤵
PID:6592

C:\Windows\System\OhDuuas.exe
C:\Windows\System\OhDuuas.exe
2⤵
PID:6620

C:\Windows\System\mPNhHos.exe
C:\Windows\System\mPNhHos.exe
2⤵
PID:6648

C:\Windows\System\cIFdKKQ.exe
C:\Windows\System\cIFdKKQ.exe
2⤵
PID:6676

C:\Windows\System\PDHnekw.exe
C:\Windows\System\PDHnekw.exe
2⤵
PID:6704

C:\Windows\System\VwcPqUa.exe
C:\Windows\System\VwcPqUa.exe
2⤵
PID:6732

C:\Windows\System\JFXnZpn.exe
C:\Windows\System\JFXnZpn.exe
2⤵
PID:6760

C:\Windows\System\dZiQLRO.exe
C:\Windows\System\dZiQLRO.exe
2⤵
PID:6788

C:\Windows\System\QajveHn.exe
C:\Windows\System\QajveHn.exe
2⤵
PID:6816

C:\Windows\System\HtIFYKs.exe
C:\Windows\System\HtIFYKs.exe
2⤵
PID:6844

C:\Windows\System\yGiImqO.exe
C:\Windows\System\yGiImqO.exe
2⤵
PID:6872

C:\Windows\System\PwbnnLY.exe
C:\Windows\System\PwbnnLY.exe
2⤵
PID:6888

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System\AdFqSqI.exe
Filesize
1.0MB

MD5
b50cf413601a28e378398f8940c74d80

SHA1
20ae46dbae102c59e832ab31b0f541200873881e

SHA256
8c4904508731518cb36019bd2c7bf9d38f070f2cfeb83717c413f765cb92ce18

SHA512
21e3a4022db2be199427c42fdee256ab0f2ac8869415061a0e462bf87e54052fc9233d3d4ebc6c0531bdafe8ff1e2341957cce25e6e70cc88a9d066b9cea5b90

Download Submit
C:\Windows\System\AirhRBE.exe
Filesize
1.0MB

MD5
9e0e107d12d1245e9422bc3c0eceb61f

SHA1
f3c24ee0d78af3d08a32732c021a062065751f4c

SHA256
6872f86361cd8d05dd8435f60903426e7d081fa0fc0e55c3f7d76098f035f455

SHA512
45959860efb2b5939d85f572830bc57049bc3af91724e6019ca0aff88b3528757e3d12dc2e1978137c9adea4e764a6647b9efac600de160968768be2101ecd8f

Download Submit
C:\Windows\System\EppKHxS.exe
Filesize
1.0MB

MD5
512deae8cddcf023318ede40d9dc8dc8

SHA1
af57459b5cb27bc843d2b24e001f15abdc401e95

SHA256
85660ceb5d48e17efb2c4ec002647d4d73655d61df0672be488646eb9f2f1450

SHA512
cbe6079eaeae431e78c94b994df62e89488729d53e46b9a6bc1a0eb0f61cd1a60cc6ad3e8c68c16b61792d324bbe99e2780bc3cbd7ac8967a10f8fe709fce8a9

Download Submit
C:\Windows\System\GfWUYtY.exe
Filesize
1.0MB

MD5
7590227577eac796187b03a8ba76583d

SHA1
b13cd4f19c11d5494cdb67c31b548ae221bc21a5

SHA256
f99f4d0c63f99d953e114e682bb61230be9c9bbb1f8370ab77c0b54f714f3313

SHA512
e770dbc6284e46e75655cc71998bb0d02e8a4ed57ee4bf78150b8ebf41c6c257809670612f07edda176e6cc683791f0e7dd7bc395618a673f72bdc280ea09f86

Download Submit
C:\Windows\System\HoSgUMG.exe
Filesize
1.0MB

MD5
5f9ade64a6eb09825d500e574c31f975

SHA1
a414cda5f6de3cd32d3f01f07123b91e2643bae4

SHA256
6b865c014465c183a6f3f3e22f3569548d0325ea3b6a49a938914b639e718f06

SHA512
9b836f11767aeed5e8e86e4b4972194dc166d0f393bc7552b8409fff0c6654a1ee204240918a33ac7c45cdff0972caaf5b3033e744526f8a19dcea2adf078b4f

Download Submit
C:\Windows\System\OtUDSZX.exe
Filesize
1.0MB

MD5
5563731788f5f2f56c5fd014594b2dab

SHA1
11c1d5f52770340c66216808f8690ffc7147fad6

SHA256
9ec0291bbdcd83df6f703dc2fbcaf0da4891297c198baf9ec20b0a90e0b91881

SHA512
1a0a9303d80c9cc7b8ba352e458c941fc0ca070602b76de6c92812bc5c82b736defbe220cd5b69b744369628230f319b352a8d412bdf9094c63eb57d8ae923e3

Download Submit
C:\Windows\System\QehaBJK.exe
Filesize
1.0MB

MD5
03c7d092122501e634c293254e55e9ec

SHA1
960437d12ac90705845d6fe0a7a16a755d85349e

SHA256
bbdff047baee6e0217c28fdb6048961d79d6c5eb738faa82be1cec34f6437896

SHA512
e2323ca68be31bc3ab237b3b6be8d57c2ca394597b1fa0e5f84a2eb438aba1e1495af0c5338eba8f367f50aef2f3434753faa24b43a0dd06154685ce03034ea0

Download Submit
C:\Windows\System\QhhYeCK.exe
Filesize
1.0MB

MD5
6abdafc35d8701f0ce3b2656fdd06844

SHA1
12cb5e9e0c4e4122cd3a365bb94755edb566af44

SHA256
cfcdb9490c3151ccde252a44a05ae837fe3292495a3f4861e8685106c05472aa

SHA512
dc5b2ed2ca693898279666a70a8af47ed01321b3e4a98edb8e74c71d9a2e2a77e797f18f169899ccca8ee17976c8663bf0b5de11881c09c155a9f0e38733571a

Download Submit
C:\Windows\System\UslVPWt.exe
Filesize
1.0MB

MD5
ae4385cf013021750d1e5265e256fa81

SHA1
1e327d6724a689acae86c62ccf25583a41ea43a8

SHA256
54dd758b3e5bfa4392d758859b1dac9e449743dcde084c48a82450464b7829c5

SHA512
6440df292b9bf0c18dc278bf8f9753d6a85bdedb0b7db6654e63b7a6029436f7458824bc96485be3096d11e2c6719b5e1fcb72fbdcacf348c4a019597618d0ba

Download Submit
C:\Windows\System\XaOQvlJ.exe
Filesize
1.0MB

MD5
0447fab86b84d7bb4b9840ca47306e74

SHA1
742fae05f72305644b418cba72e9795cd5c16760

SHA256
3e7571df476c4fbea77793d38c8753b418d25ed51a902843fb38b7b16a6067b5

SHA512
f0f62af0fa1b07b0d44f5518b6bb224bf81eac9632779888d5c1a4d83c41e1d0e4bcbaa7be66b1105d01a2831523cffcc0d5716862eff6d96b1d82f066a36a24

Download Submit
C:\Windows\System\YQILsgQ.exe
Filesize
1.0MB

MD5
9d3830de2ee87f4ffc3a5fd80e68d0e4

SHA1
44b62f7da06cc204b8c79602e9497e9c9ddf214a

SHA256
401eb867013cc8dbfab9fb4ff40a499a64abb7e0a4bf1bee7bc4d21938c4fbef

SHA512
147fac550ded93b5bad195738e515bc0aacebc1c7ea422f8b19e0ad68b036fef40a943259a5ab162c4061b899f551abf7849ba5aaf36bfea94c301d6abc2d01c

Download Submit
C:\Windows\System\YYozxhy.exe
Filesize
1.0MB

MD5
792c6f1f3ba6af5bc4bf4c5f0d67d488

SHA1
32bb193d103f3b2a47bbfa5f698c9eb2d5a899b1

SHA256
cde9a169e61e82d46452cd66e080d681a641b030402640d2b949da447adc4a5e

SHA512
e9e0ad1a9ad3b79a3650d3d58d4993af8f0f37464659a82b88f8467fd493ee09253d5f46e9a3ae50a120d8b3bfbc68e17d479b8c26f3e5e9d51fac905218da61

Download Submit
C:\Windows\System\ZKncBpJ.exe
Filesize
1.0MB

MD5
5641c845cca7cb902850e71f7f0ffca4

SHA1
d298dbe081c89bc013c7a9c33bdbe9cc8dc73d69

SHA256
988d039a068fa2f636f7fd925ecc6c36133490b7c882a13b45323e7903d73e6f

SHA512
093cd0fc804d8fc5008f06806d356ebc4fade32ba6a75b941f55ba2a464fe09633e0a25fe8b2b1e2faa7d80c98be2c847ff5ccff66a06f901bcc61c26ead426a

Download Submit
C:\Windows\System\bAKioUo.exe
Filesize
1.0MB

MD5
3be3751d16ca3592e14d99fc9bca22b5

SHA1
e154c28a46ebf6beffe6d82bc49060d2e99224cb

SHA256
4fafa87ca3d70529581bf558c5d5689f9e2f9784fa00997ee1bf9c8ecb283263

SHA512
95892cf0c3a078f33ca24d941edcc8347a105f738e0a5b534d18f166a791e7192571306f9ea0b6e779e859e87fabc3a023c23138b95df00b9fb9ad09ded08c67

Download Submit
C:\Windows\System\bCcgZUE.exe
Filesize
1.0MB

MD5
150995a01c47098b5ae835a7e2a3371e

SHA1
71a3e46faeebfcad9d4c8c0afd6571214ac8e32b

SHA256
15cfe563d5884cdd0a4a9c2ef7a8fb8e91b7cbc71a55e036f9999206bbac3df0

SHA512
c25fde299af63ac2269a20f32a0c38ff055f0e65a3beacbcc7f16a2ece844dd82b3a0f93c73f22311ebbb3613cfa6bcb32eeb44ebef4f8fe819e529d58beb150

Download Submit
C:\Windows\System\bHlmfWU.exe
Filesize
1.0MB

MD5
a0ce7f115300534068f1daa60fa74d27

SHA1
8debebb0b595d97046a6a3ddff4b315a3ff59445

SHA256
232361ed2c5cf00e2644fb030a68cb40408f9f9c39d182c93f95e2aabd1c1c05

SHA512
8da7a9a3385a59062a5df154b071eb4655545b79c40fdc4db3127a63b47959a222762057451a4ec02dd466612b4b2661482c21ce7812f4e7af1765456853d5b5

Download Submit
C:\Windows\System\bIDJHwF.exe
Filesize
1.0MB

MD5
fc4b00a563789d9ce386cb1430fe0d87

SHA1
89072abc6dd03dac887a8c515816d6a99b28734e

SHA256
c65d6b947d7e788085e8908e49d1a50c3a1e753cee0a532bee056af0cb1a05c1

SHA512
788c1309c3a41970ef50fa6793fbdbd03a02de75cefb4eab38484fbf6e59ea971ef0758eb2b955cccdc8c36e2799b7b1f369b3d6437396ef3ddacc99cca695a4

Download Submit
C:\Windows\System\edOOEil.exe
Filesize
1.0MB

MD5
43d859837c140df1284cc26d4d4be407

SHA1
9ba09bd09832572307e5978e45a55f963cd33919

SHA256
9f05f612eac82f945c03585e1760a869c47000accce6d882336d2e3258f4d416

SHA512
e9bb5cf4b4650a775ca12eb1f7a6f558dbb04581e65ff4aeda310b9cb85922129aa50f7c6d31719db477419d162b58bc8b926e7ddac236c815deeefe9989d319

Download Submit
C:\Windows\System\fmNHENs.exe
Filesize
1.0MB

MD5
e4c8bc3b6fed033986e08b312a317bae

SHA1
8c60058059d3bab4fa510731a75b04999f18667e

SHA256
9dd65a79d093615e3c4fa39902f494a08e2bd6e6333287b520f1212f446eaae5

SHA512
f27615bbf2a8f645c526fd1ca4f0fd04b370063cdb08a0b98f5e8b9f1742fc1f9c7cda24c82e1828a70536d8b5eedaa7195a3e12f41b710d020eaa0c77d58caf

Download Submit
C:\Windows\System\gZYkhkE.exe
Filesize
1.0MB

MD5
86290511b21a54f5133317fce612ff0a

SHA1
b28553c9dfc6ef4208984c85bcf05602007070af

SHA256
a3625d0c2a9944b926e308f41a00e7301b7dff31cada529b5af9d60d1b82e59a

SHA512
34b663f39d1b710f1820094c8b2c383cf3f75f6c0e2286da0ee9a8849ed57fd1750e3979edbc45e08e1f7ba72ba04c1f77a069e02908d773deb8ba02ed36504a

Download Submit
C:\Windows\System\hYeqxbP.exe
Filesize
1.0MB

MD5
16a333d4b77cf30113f085a0b121e38e

SHA1
b53be8c29cb1c86a6aab73edeeb94e5c6f1dd806

SHA256
4fce4a2d4d345b703a691a48b4f2dff641ab010d9146ad3a94859f9ddfd0e6bb

SHA512
73b6bc2d6bbd3813c982745ccdf29858d07446600c1c28ceb2ebd12d31069bca9464d00345df6ef1fd03928c95e3ee33ca1e7f6597632eab6e372ff4f48c256e

Download Submit
C:\Windows\System\izxeDlO.exe
Filesize
1.0MB

MD5
bab7aaf7fbc80fc2fa99bbb52f6d85c2

SHA1
fe90388d3ad8188453d28ee4ede2944a156b5439

SHA256
7771dc18c9359827d9cc36fd8ff73ac93c508691ab6429f149e5a91f467dd841

SHA512
fb43a04f669d6cd29c1c0ca53076cb6909daf0f40c591791d14ec3b6e80441a6ea2d522e02105fba127a388a9afdab272c9b9d575d901dd32c851a43711b601b

Download Submit
C:\Windows\System\jElCMDQ.exe
Filesize
1.0MB

MD5
21d6be6d0756c880b08a40402e7915b2

SHA1
997da09f5a8b16aaff52213c6ad11247597c4c04

SHA256
94d651d39e05a7b4d23f692b7973c35b951abefaca725ea56d88b803d4426222

SHA512
5f46c3d06e23643db8c3f75b69e1379f9cede9bb07c03fc1dfd84d0cd06bcb93c82c61cb61190d46a85ab73910b8e498a2a49fec080ad5e93d0163a44dac1337

Download Submit
C:\Windows\System\kbqXHXL.exe
Filesize
1.0MB

MD5
7077ef66981c0360fc8e4614a2ce43cb

SHA1
2daf9d45a093ec74a20fb782a9561737ac5f94ab

SHA256
5dfb947f0fd64b52c1b3628d75145910c475fa765d25a759aab99713cc8f41ac

SHA512
cd62743fa0c2d1eb2e5e46da2281e4c3ba8e78427a7c30d48fc74433fb694ce0ebd736cf6c63271819208e3c41aa0b3f0f4ef848855a0ab163de799842295eb1

Download Submit
C:\Windows\System\lFIJGmJ.exe
Filesize
1.0MB

MD5
2f87fde6dd98dfcc847e8a9d4d45b1d5

SHA1
23b595afac61f0c40b2e029c2a48956d640d3d3d

SHA256
472533fafa4d4d51e54802250b3444224b56e36272a3787f235553a3fe4f73db

SHA512
e59af24b105641843dadef249e2cb2eaa0c385ef7d3ae49542b25ca53eae4e2a29c875abf9ad050af26e01aa19efc47d61fce7dfc990f125fd43c48e6aebc572

Download Submit
C:\Windows\System\lpSxuau.exe
Filesize
1.0MB

MD5
61416f609f53117bd3d30f81d0f29717

SHA1
06a9ba0909b4217cf8fdcd5b9241cd9fe3210bce

SHA256
5bbc223966368e9146e8a9dc1a09ffc078e0ec3a3da800e30172e3d28c2b67d5

SHA512
17ff00b80e87024266a14e5dda21543e3ae08c38bfc95650b073e01c267afd6defd25481a24f55394815e01ca1ae199784e696cf5daaead2fd1d30fee26cb272

Download Submit
C:\Windows\System\nCkXflL.exe
Filesize
1.0MB

MD5
f0eafd0caf0a6edc9172939321146854

SHA1
6f234b9df19cb28060b167b47727a519afc6b994

SHA256
27dbb8b82d6c5e74240c297d160e8ab2720b1ba47ad36b7f178c816dc0a540a3

SHA512
762403dd35f71a84aab012b7aa29db43fa04e08704a17fee6f687187ea85e24f4e79337252ec83b3a5b085efebd2e2d37d83b473244a71e1e42a199f629cb23a

Download Submit
C:\Windows\System\nUzKnQH.exe
Filesize
1.0MB

MD5
93efc9c005899dfff03648a7b1a76e81

SHA1
201f88dcf07764e2e89af962a8262efb32ca4982

SHA256
272df166163b4c85c3c076e5c6b108847c7d9ca9450227e812e365bdd70fc1ff

SHA512
7a941244b39be526a9e70eb915b05aba52ca3e68680dea67b05e45485e5a7161b8bfca4c7c9e1289909f558503ec919e0287af81a46b9da3af1ac5ea27b8d130

Download Submit
C:\Windows\System\oPwQSIs.exe
Filesize
1.0MB

MD5
ae69e133e2ea1b1ead882acab803f65c

SHA1
84b68363678c04bc964d7bd6b7642806dcbded43

SHA256
ef327df54f44dc8c85182c8147fc094ce5679c6e5ed7a9ee0af20df79d7ce47d

SHA512
73726d7f2c81282004836e9358d2cbdf7532d8766b18b88db9fff22adfcfd0807b7c6aabcd68ec06b480044693696b478e375719f2396c8c36e53c9ddb0c3055

Download Submit
C:\Windows\System\tekcxCP.exe
Filesize
1.0MB

MD5
eda4a535aa5074b8254b69378da50910

SHA1
f5dda2fad31f0283921ae0948674b546313a1506

SHA256
5e2f9978b9c265f3c2100a1722094519835e9c9f65bd4cf6765d6ba211c0a432

SHA512
7416646f9fbd5b15d77ca4723a619dd4a70b060e9bf66197a4bc7542d0e7b5d8989c9e1d1eff85d93b4ef5542e840ecf281ffb8353247137ab281f24e44e133d

Download Submit
C:\Windows\System\trOGgqU.exe
Filesize
1.0MB

MD5
4727ecd45370c9638968c3453cfc2016

SHA1
f6500733d7969e4e489d8db59fd9503bad50f798

SHA256
74599b1431e9645f965c1eb1a7e08a4da157ed10e0f15ea7ea8fd3ecbb44742f

SHA512
b8af8139490d9a7a2d1533600ea7b39eeb091f74e79c7f6db68e0ef7a272aab9357ca9785d605449462f73d98f2023599d301528ca0f3cc0e0ca6cb909f466e1

Download Submit
C:\Windows\System\uUaqaLZ.exe
Filesize
1.0MB

MD5
993585fe06df80bd0da3e8f053ca9790

SHA1
f15f3b3eb733bd965e131585d4854d908a456938

SHA256
4c2cca69a1373dbf99baee0fa6508258d2d3907d51faad49a0e31e3118467f8e

SHA512
05471a85434d4e62ae53599c0749a37da913f7733d5f54a8bf461254128619091d3234c0cd6b826f16978ecaa40ab693d131d9d79d2a7bef510b2fbb8bddf8d5

Download Submit
C:\Windows\System\zLeyWgE.exe
Filesize
1.0MB

MD5
7f57f4334464b03ae6a9ff53c228f74a

SHA1
602d132319c2b2334d915c6665c67e121f3e5496

SHA256
37bb06ff4b1bf061453359ab758f085418c522a68902e53d2817283984a7958e

SHA512
409a21c51af3d1b87dc2bfa53f8243ffec306dadb218d5ca4fb5b5aa65f533fd05dd1c996f070592a241b1622a821b2bacabf5793d1fe799e546ae6a46ab1758

Download Submit
memory/812-0-0x0000025261FC0000-0x0000025261FD0000-memory.dmp

Filesize
64KB

Download