Analysis
-
max time kernel
135s -
max time network
145s -
platform
windows7_x64 -
resource
win7-20240508-en -
resource tags
arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system -
submitted
13-06-2024 08:30
Behavioral task
behavioral1
Sample
6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe
Resource
win7-20240508-en
General
-
Target
6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe
-
Size
1005KB
-
MD5
6cfafd47c73c53becb99079b6aaf0da0
-
SHA1
8ba06918d46ad79cecc6db4cbfe871f8e880a509
-
SHA256
95dfa69a3dbfea32817216c020aa4dbfc0bb3dfb09f18164d8736405376e0db7
-
SHA512
1e8e14b3224e4b457a4f8441f6ae1d4406f571553819a367f5ebc4d3d3997dbe0cecca49fb4021207318a7d29350474f1ce3b69a237764a0901140cadc91cdb4
-
SSDEEP
24576:GezaTnG99Q8FcNrpyNdfE0bLBgDOp2iSLz9LbBwlKensPLNmh:GezaTF8FcNkNdfE0pZ9oztFwIhLq
Malware Config
Signatures
-
XMRig Miner payload 32 IoCs
Processes:
resource yara_rule C:\Windows\system\AGrxKAF.exe xmrig \Windows\system\DqGMlin.exe xmrig C:\Windows\system\lpgktKN.exe xmrig C:\Windows\system\jFSRcsQ.exe xmrig C:\Windows\system\DCJSZxF.exe xmrig C:\Windows\system\nzrjXwS.exe xmrig C:\Windows\system\epUmBpD.exe xmrig C:\Windows\system\USzQKkA.exe xmrig C:\Windows\system\GWSphBV.exe xmrig C:\Windows\system\Fidxoza.exe xmrig C:\Windows\system\GZihKWQ.exe xmrig C:\Windows\system\ZywDJEc.exe xmrig C:\Windows\system\LFrcovt.exe xmrig C:\Windows\system\gBGMflY.exe xmrig C:\Windows\system\mevljXk.exe xmrig C:\Windows\system\BuvNwsq.exe xmrig C:\Windows\system\gLrUhwO.exe xmrig C:\Windows\system\OZCMhGB.exe xmrig C:\Windows\system\ZqmWrwB.exe xmrig C:\Windows\system\CpYrhTK.exe xmrig C:\Windows\system\rRrAXco.exe xmrig C:\Windows\system\UbFfbdV.exe xmrig C:\Windows\system\yRauzkN.exe xmrig C:\Windows\system\uFHkzFj.exe xmrig C:\Windows\system\gwWnDnC.exe xmrig C:\Windows\system\rsRlKcK.exe xmrig C:\Windows\system\QzajDKz.exe xmrig C:\Windows\system\DykGJYd.exe xmrig C:\Windows\system\oXxfkDI.exe xmrig C:\Windows\system\yFnxcSM.exe xmrig C:\Windows\system\kLRfqwu.exe xmrig C:\Windows\system\pptBMgR.exe xmrig -
Executes dropped EXE 64 IoCs
Processes:
AGrxKAF.exeDqGMlin.exelpgktKN.exejFSRcsQ.exeDCJSZxF.exenzrjXwS.exepptBMgR.exeepUmBpD.exekLRfqwu.exeyFnxcSM.exeoXxfkDI.exeDykGJYd.exeUSzQKkA.exeQzajDKz.exersRlKcK.exeGWSphBV.exegwWnDnC.exeuFHkzFj.exeyRauzkN.exeUbFfbdV.exeFidxoza.exerRrAXco.exeCpYrhTK.exeGZihKWQ.exeZqmWrwB.exeOZCMhGB.exegLrUhwO.exeBuvNwsq.exemevljXk.exegBGMflY.exeLFrcovt.exeZywDJEc.exeoXiIKDU.exesCIDhQx.exeFFKVItB.exeoQBVgZh.exelguEcRy.exeunvfYgO.exeMlTAbdX.exeVGtqsWc.exenfsYohU.exeyaMxqCw.exeOtWmkwg.exeSkpIgeh.exeLHZyIWf.exeJQadnth.exeuOWXbtw.exeRNTEula.execxXpjLb.exewyfbpEV.exeUrBMRtv.exeWDMxKcI.exekXGlhuk.exeCddWpJS.exeJUwLSot.exeiHvZYEy.exemkeaqSf.exelYHlQjs.exeZarAlqV.exeSxoKesx.exeinWHUWs.exeGxFzVMY.exeiMyZdek.exeEMpPAOR.exepid process 1936 AGrxKAF.exe 2028 DqGMlin.exe 2252 lpgktKN.exe 2280 jFSRcsQ.exe 2348 DCJSZxF.exe 2644 nzrjXwS.exe 2712 pptBMgR.exe 2696 epUmBpD.exe 2500 kLRfqwu.exe 2808 yFnxcSM.exe 2788 oXxfkDI.exe 2516 DykGJYd.exe 2660 USzQKkA.exe 2720 QzajDKz.exe 2508 rsRlKcK.exe 2560 GWSphBV.exe 3032 gwWnDnC.exe 2260 uFHkzFj.exe 1824 yRauzkN.exe 2836 UbFfbdV.exe 2848 Fidxoza.exe 2868 rRrAXco.exe 2912 CpYrhTK.exe 2468 GZihKWQ.exe 2752 ZqmWrwB.exe 1200 OZCMhGB.exe 2768 gLrUhwO.exe 2760 BuvNwsq.exe 3056 mevljXk.exe 3004 gBGMflY.exe 820 LFrcovt.exe 2592 ZywDJEc.exe 3064 oXiIKDU.exe 1680 sCIDhQx.exe 1248 FFKVItB.exe 1296 oQBVgZh.exe 2956 lguEcRy.exe 2024 unvfYgO.exe 2088 MlTAbdX.exe 536 VGtqsWc.exe 484 nfsYohU.exe 1160 yaMxqCw.exe 1500 OtWmkwg.exe 2940 SkpIgeh.exe 1488 LHZyIWf.exe 628 JQadnth.exe 1860 uOWXbtw.exe 2464 RNTEula.exe 1692 cxXpjLb.exe 408 wyfbpEV.exe 2228 UrBMRtv.exe 2268 WDMxKcI.exe 2344 kXGlhuk.exe 1352 CddWpJS.exe 1664 JUwLSot.exe 1960 iHvZYEy.exe 952 mkeaqSf.exe 1868 lYHlQjs.exe 1256 ZarAlqV.exe 2432 SxoKesx.exe 1848 inWHUWs.exe 904 GxFzVMY.exe 1116 iMyZdek.exe 1556 EMpPAOR.exe -
Loads dropped DLL 64 IoCs
Processes:
6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exepid process 2424 6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe 2424 6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe 2424 6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe 2424 6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe 2424 6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe 2424 6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe 2424 6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe 2424 6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe 2424 6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe 2424 6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe 2424 6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe 2424 6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe 2424 6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe 2424 6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe 2424 6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe 2424 6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe 2424 6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe 2424 6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe 2424 6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe 2424 6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe 2424 6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe 2424 6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe 2424 6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe 2424 6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe 2424 6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe 2424 6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe 2424 6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe 2424 6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe 2424 6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe 2424 6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe 2424 6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe 2424 6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe 2424 6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe 2424 6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe 2424 6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe 2424 6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe 2424 6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe 2424 6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe 2424 6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe 2424 6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe 2424 6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe 2424 6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe 2424 6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe 2424 6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe 2424 6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe 2424 6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe 2424 6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe 2424 6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe 2424 6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe 2424 6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe 2424 6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe 2424 6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe 2424 6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe 2424 6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe 2424 6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe 2424 6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe 2424 6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe 2424 6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe 2424 6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe 2424 6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe 2424 6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe 2424 6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe 2424 6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe 2424 6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe -
Drops file in Windows directory 64 IoCs
Processes:
6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exedescription ioc process File created C:\Windows\System\rsRlKcK.exe 6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe File created C:\Windows\System\gwWnDnC.exe 6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe File created C:\Windows\System\zWzhIuT.exe 6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe File created C:\Windows\System\cHSBuVm.exe 6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe File created C:\Windows\System\wphiAUQ.exe 6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe File created C:\Windows\System\CddWpJS.exe 6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe File created C:\Windows\System\diYDWGZ.exe 6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe File created C:\Windows\System\WRtSsko.exe 6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe File created C:\Windows\System\bVfRMkA.exe 6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe File created C:\Windows\System\uVpOMGp.exe 6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe File created C:\Windows\System\PkPhfsK.exe 6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe File created C:\Windows\System\wyfbpEV.exe 6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe File created C:\Windows\System\OmrwUzT.exe 6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe File created C:\Windows\System\SEtqtfq.exe 6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe File created C:\Windows\System\qLiTJbq.exe 6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe File created C:\Windows\System\OtWmkwg.exe 6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe File created C:\Windows\System\oOtXRUM.exe 6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe File created C:\Windows\System\oXiIKDU.exe 6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe File created C:\Windows\System\PbxKfXx.exe 6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe File created C:\Windows\System\QzajDKz.exe 6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe File created C:\Windows\System\CoGHCZD.exe 6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe File created C:\Windows\System\mvpBaQK.exe 6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe File created C:\Windows\System\jfQDcre.exe 6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe File created C:\Windows\System\BBSrFii.exe 6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe File created C:\Windows\System\HrSfVUt.exe 6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe File created C:\Windows\System\EGQjfbg.exe 6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe File created C:\Windows\System\vRhRzDR.exe 6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe File created C:\Windows\System\LnhEswV.exe 6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe File created C:\Windows\System\lpgktKN.exe 6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe File created C:\Windows\System\kLRfqwu.exe 6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe File created C:\Windows\System\pWLAepk.exe 6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe File created C:\Windows\System\TzNcwns.exe 6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe File created C:\Windows\System\jSRNutR.exe 6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe File created C:\Windows\System\ToiMqgZ.exe 6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe File created C:\Windows\System\UZUEHpc.exe 6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe File created C:\Windows\System\pfWJfNz.exe 6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe File created C:\Windows\System\USzQKkA.exe 6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe File created C:\Windows\System\gBGMflY.exe 6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe File created C:\Windows\System\lguEcRy.exe 6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe File created C:\Windows\System\cxXpjLb.exe 6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe File created C:\Windows\System\ZFJnAwu.exe 6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe File created C:\Windows\System\wCoJnvw.exe 6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe File created C:\Windows\System\UIeNojp.exe 6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe File created C:\Windows\System\UbFfbdV.exe 6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe File created C:\Windows\System\HbYpBHU.exe 6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe File created C:\Windows\System\TczgonU.exe 6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe File created C:\Windows\System\ZrrqftB.exe 6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe File created C:\Windows\System\oQBVgZh.exe 6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe File created C:\Windows\System\CaoLsCM.exe 6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe File created C:\Windows\System\lYHlQjs.exe 6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe File created C:\Windows\System\zZmqHqE.exe 6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe File created C:\Windows\System\mWkzdYm.exe 6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe File created C:\Windows\System\BuvNwsq.exe 6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe File created C:\Windows\System\hkTGzIF.exe 6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe File created C:\Windows\System\utCatPA.exe 6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe File created C:\Windows\System\kXGlhuk.exe 6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe File created C:\Windows\System\NuiXQln.exe 6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe File created C:\Windows\System\DqGMlin.exe 6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe File created C:\Windows\System\ZqmWrwB.exe 6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe File created C:\Windows\System\faIJVjF.exe 6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe File created C:\Windows\System\QIPzVGy.exe 6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe File created C:\Windows\System\NolspCr.exe 6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe File created C:\Windows\System\LFrcovt.exe 6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe File created C:\Windows\System\RNTEula.exe 6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe -
Suspicious use of AdjustPrivilegeToken 2 IoCs
Processes:
6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exedescription pid process Token: SeLockMemoryPrivilege 2424 6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe Token: SeLockMemoryPrivilege 2424 6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exedescription pid process target process PID 2424 wrote to memory of 1936 2424 6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe AGrxKAF.exe PID 2424 wrote to memory of 1936 2424 6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe AGrxKAF.exe PID 2424 wrote to memory of 1936 2424 6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe AGrxKAF.exe PID 2424 wrote to memory of 2028 2424 6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe DqGMlin.exe PID 2424 wrote to memory of 2028 2424 6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe DqGMlin.exe PID 2424 wrote to memory of 2028 2424 6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe DqGMlin.exe PID 2424 wrote to memory of 2252 2424 6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe lpgktKN.exe PID 2424 wrote to memory of 2252 2424 6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe lpgktKN.exe PID 2424 wrote to memory of 2252 2424 6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe lpgktKN.exe PID 2424 wrote to memory of 2280 2424 6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe jFSRcsQ.exe PID 2424 wrote to memory of 2280 2424 6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe jFSRcsQ.exe PID 2424 wrote to memory of 2280 2424 6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe jFSRcsQ.exe PID 2424 wrote to memory of 2348 2424 6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe DCJSZxF.exe PID 2424 wrote to memory of 2348 2424 6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe DCJSZxF.exe PID 2424 wrote to memory of 2348 2424 6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe DCJSZxF.exe PID 2424 wrote to memory of 2644 2424 6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe nzrjXwS.exe PID 2424 wrote to memory of 2644 2424 6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe nzrjXwS.exe PID 2424 wrote to memory of 2644 2424 6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe nzrjXwS.exe PID 2424 wrote to memory of 2712 2424 6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe pptBMgR.exe PID 2424 wrote to memory of 2712 2424 6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe pptBMgR.exe PID 2424 wrote to memory of 2712 2424 6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe pptBMgR.exe PID 2424 wrote to memory of 2696 2424 6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe epUmBpD.exe PID 2424 wrote to memory of 2696 2424 6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe epUmBpD.exe PID 2424 wrote to memory of 2696 2424 6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe epUmBpD.exe PID 2424 wrote to memory of 2500 2424 6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe kLRfqwu.exe PID 2424 wrote to memory of 2500 2424 6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe kLRfqwu.exe PID 2424 wrote to memory of 2500 2424 6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe kLRfqwu.exe PID 2424 wrote to memory of 2808 2424 6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe yFnxcSM.exe PID 2424 wrote to memory of 2808 2424 6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe yFnxcSM.exe PID 2424 wrote to memory of 2808 2424 6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe yFnxcSM.exe PID 2424 wrote to memory of 2788 2424 6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe oXxfkDI.exe PID 2424 wrote to memory of 2788 2424 6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe oXxfkDI.exe PID 2424 wrote to memory of 2788 2424 6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe oXxfkDI.exe PID 2424 wrote to memory of 2516 2424 6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe DykGJYd.exe PID 2424 wrote to memory of 2516 2424 6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe DykGJYd.exe PID 2424 wrote to memory of 2516 2424 6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe DykGJYd.exe PID 2424 wrote to memory of 2660 2424 6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe USzQKkA.exe PID 2424 wrote to memory of 2660 2424 6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe USzQKkA.exe PID 2424 wrote to memory of 2660 2424 6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe USzQKkA.exe PID 2424 wrote to memory of 2720 2424 6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe QzajDKz.exe PID 2424 wrote to memory of 2720 2424 6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe QzajDKz.exe PID 2424 wrote to memory of 2720 2424 6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe QzajDKz.exe PID 2424 wrote to memory of 2508 2424 6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe rsRlKcK.exe PID 2424 wrote to memory of 2508 2424 6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe rsRlKcK.exe PID 2424 wrote to memory of 2508 2424 6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe rsRlKcK.exe PID 2424 wrote to memory of 2560 2424 6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe GWSphBV.exe PID 2424 wrote to memory of 2560 2424 6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe GWSphBV.exe PID 2424 wrote to memory of 2560 2424 6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe GWSphBV.exe PID 2424 wrote to memory of 3032 2424 6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe gwWnDnC.exe PID 2424 wrote to memory of 3032 2424 6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe gwWnDnC.exe PID 2424 wrote to memory of 3032 2424 6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe gwWnDnC.exe PID 2424 wrote to memory of 2260 2424 6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe uFHkzFj.exe PID 2424 wrote to memory of 2260 2424 6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe uFHkzFj.exe PID 2424 wrote to memory of 2260 2424 6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe uFHkzFj.exe PID 2424 wrote to memory of 1824 2424 6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe yRauzkN.exe PID 2424 wrote to memory of 1824 2424 6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe yRauzkN.exe PID 2424 wrote to memory of 1824 2424 6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe yRauzkN.exe PID 2424 wrote to memory of 2836 2424 6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe UbFfbdV.exe PID 2424 wrote to memory of 2836 2424 6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe UbFfbdV.exe PID 2424 wrote to memory of 2836 2424 6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe UbFfbdV.exe PID 2424 wrote to memory of 2848 2424 6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe Fidxoza.exe PID 2424 wrote to memory of 2848 2424 6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe Fidxoza.exe PID 2424 wrote to memory of 2848 2424 6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe Fidxoza.exe PID 2424 wrote to memory of 2868 2424 6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe rRrAXco.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe"1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\System\AGrxKAF.exeC:\Windows\System\AGrxKAF.exe2⤵
- Executes dropped EXE
-
C:\Windows\System\DqGMlin.exeC:\Windows\System\DqGMlin.exe2⤵
- Executes dropped EXE
-
C:\Windows\System\lpgktKN.exeC:\Windows\System\lpgktKN.exe2⤵
- Executes dropped EXE
-
C:\Windows\System\jFSRcsQ.exeC:\Windows\System\jFSRcsQ.exe2⤵
- Executes dropped EXE
-
C:\Windows\System\DCJSZxF.exeC:\Windows\System\DCJSZxF.exe2⤵
- Executes dropped EXE
-
C:\Windows\System\nzrjXwS.exeC:\Windows\System\nzrjXwS.exe2⤵
- Executes dropped EXE
-
C:\Windows\System\pptBMgR.exeC:\Windows\System\pptBMgR.exe2⤵
- Executes dropped EXE
-
C:\Windows\System\epUmBpD.exeC:\Windows\System\epUmBpD.exe2⤵
- Executes dropped EXE
-
C:\Windows\System\kLRfqwu.exeC:\Windows\System\kLRfqwu.exe2⤵
- Executes dropped EXE
-
C:\Windows\System\yFnxcSM.exeC:\Windows\System\yFnxcSM.exe2⤵
- Executes dropped EXE
-
C:\Windows\System\oXxfkDI.exeC:\Windows\System\oXxfkDI.exe2⤵
- Executes dropped EXE
-
C:\Windows\System\DykGJYd.exeC:\Windows\System\DykGJYd.exe2⤵
- Executes dropped EXE
-
C:\Windows\System\USzQKkA.exeC:\Windows\System\USzQKkA.exe2⤵
- Executes dropped EXE
-
C:\Windows\System\QzajDKz.exeC:\Windows\System\QzajDKz.exe2⤵
- Executes dropped EXE
-
C:\Windows\System\rsRlKcK.exeC:\Windows\System\rsRlKcK.exe2⤵
- Executes dropped EXE
-
C:\Windows\System\GWSphBV.exeC:\Windows\System\GWSphBV.exe2⤵
- Executes dropped EXE
-
C:\Windows\System\gwWnDnC.exeC:\Windows\System\gwWnDnC.exe2⤵
- Executes dropped EXE
-
C:\Windows\System\uFHkzFj.exeC:\Windows\System\uFHkzFj.exe2⤵
- Executes dropped EXE
-
C:\Windows\System\yRauzkN.exeC:\Windows\System\yRauzkN.exe2⤵
- Executes dropped EXE
-
C:\Windows\System\UbFfbdV.exeC:\Windows\System\UbFfbdV.exe2⤵
- Executes dropped EXE
-
C:\Windows\System\Fidxoza.exeC:\Windows\System\Fidxoza.exe2⤵
- Executes dropped EXE
-
C:\Windows\System\rRrAXco.exeC:\Windows\System\rRrAXco.exe2⤵
- Executes dropped EXE
-
C:\Windows\System\CpYrhTK.exeC:\Windows\System\CpYrhTK.exe2⤵
- Executes dropped EXE
-
C:\Windows\System\GZihKWQ.exeC:\Windows\System\GZihKWQ.exe2⤵
- Executes dropped EXE
-
C:\Windows\System\ZqmWrwB.exeC:\Windows\System\ZqmWrwB.exe2⤵
- Executes dropped EXE
-
C:\Windows\System\OZCMhGB.exeC:\Windows\System\OZCMhGB.exe2⤵
- Executes dropped EXE
-
C:\Windows\System\gLrUhwO.exeC:\Windows\System\gLrUhwO.exe2⤵
- Executes dropped EXE
-
C:\Windows\System\BuvNwsq.exeC:\Windows\System\BuvNwsq.exe2⤵
- Executes dropped EXE
-
C:\Windows\System\mevljXk.exeC:\Windows\System\mevljXk.exe2⤵
- Executes dropped EXE
-
C:\Windows\System\gBGMflY.exeC:\Windows\System\gBGMflY.exe2⤵
- Executes dropped EXE
-
C:\Windows\System\LFrcovt.exeC:\Windows\System\LFrcovt.exe2⤵
- Executes dropped EXE
-
C:\Windows\System\ZywDJEc.exeC:\Windows\System\ZywDJEc.exe2⤵
- Executes dropped EXE
-
C:\Windows\System\oXiIKDU.exeC:\Windows\System\oXiIKDU.exe2⤵
- Executes dropped EXE
-
C:\Windows\System\sCIDhQx.exeC:\Windows\System\sCIDhQx.exe2⤵
- Executes dropped EXE
-
C:\Windows\System\FFKVItB.exeC:\Windows\System\FFKVItB.exe2⤵
- Executes dropped EXE
-
C:\Windows\System\oQBVgZh.exeC:\Windows\System\oQBVgZh.exe2⤵
- Executes dropped EXE
-
C:\Windows\System\lguEcRy.exeC:\Windows\System\lguEcRy.exe2⤵
- Executes dropped EXE
-
C:\Windows\System\unvfYgO.exeC:\Windows\System\unvfYgO.exe2⤵
- Executes dropped EXE
-
C:\Windows\System\MlTAbdX.exeC:\Windows\System\MlTAbdX.exe2⤵
- Executes dropped EXE
-
C:\Windows\System\VGtqsWc.exeC:\Windows\System\VGtqsWc.exe2⤵
- Executes dropped EXE
-
C:\Windows\System\nfsYohU.exeC:\Windows\System\nfsYohU.exe2⤵
- Executes dropped EXE
-
C:\Windows\System\yaMxqCw.exeC:\Windows\System\yaMxqCw.exe2⤵
- Executes dropped EXE
-
C:\Windows\System\OtWmkwg.exeC:\Windows\System\OtWmkwg.exe2⤵
- Executes dropped EXE
-
C:\Windows\System\SkpIgeh.exeC:\Windows\System\SkpIgeh.exe2⤵
- Executes dropped EXE
-
C:\Windows\System\LHZyIWf.exeC:\Windows\System\LHZyIWf.exe2⤵
- Executes dropped EXE
-
C:\Windows\System\JQadnth.exeC:\Windows\System\JQadnth.exe2⤵
- Executes dropped EXE
-
C:\Windows\System\uOWXbtw.exeC:\Windows\System\uOWXbtw.exe2⤵
- Executes dropped EXE
-
C:\Windows\System\RNTEula.exeC:\Windows\System\RNTEula.exe2⤵
- Executes dropped EXE
-
C:\Windows\System\cxXpjLb.exeC:\Windows\System\cxXpjLb.exe2⤵
- Executes dropped EXE
-
C:\Windows\System\wyfbpEV.exeC:\Windows\System\wyfbpEV.exe2⤵
- Executes dropped EXE
-
C:\Windows\System\UrBMRtv.exeC:\Windows\System\UrBMRtv.exe2⤵
- Executes dropped EXE
-
C:\Windows\System\WDMxKcI.exeC:\Windows\System\WDMxKcI.exe2⤵
- Executes dropped EXE
-
C:\Windows\System\kXGlhuk.exeC:\Windows\System\kXGlhuk.exe2⤵
- Executes dropped EXE
-
C:\Windows\System\CddWpJS.exeC:\Windows\System\CddWpJS.exe2⤵
- Executes dropped EXE
-
C:\Windows\System\JUwLSot.exeC:\Windows\System\JUwLSot.exe2⤵
- Executes dropped EXE
-
C:\Windows\System\iHvZYEy.exeC:\Windows\System\iHvZYEy.exe2⤵
- Executes dropped EXE
-
C:\Windows\System\mkeaqSf.exeC:\Windows\System\mkeaqSf.exe2⤵
- Executes dropped EXE
-
C:\Windows\System\lYHlQjs.exeC:\Windows\System\lYHlQjs.exe2⤵
- Executes dropped EXE
-
C:\Windows\System\ZarAlqV.exeC:\Windows\System\ZarAlqV.exe2⤵
- Executes dropped EXE
-
C:\Windows\System\SxoKesx.exeC:\Windows\System\SxoKesx.exe2⤵
- Executes dropped EXE
-
C:\Windows\System\inWHUWs.exeC:\Windows\System\inWHUWs.exe2⤵
- Executes dropped EXE
-
C:\Windows\System\GxFzVMY.exeC:\Windows\System\GxFzVMY.exe2⤵
- Executes dropped EXE
-
C:\Windows\System\iMyZdek.exeC:\Windows\System\iMyZdek.exe2⤵
- Executes dropped EXE
-
C:\Windows\System\EMpPAOR.exeC:\Windows\System\EMpPAOR.exe2⤵
- Executes dropped EXE
-
C:\Windows\System\VWhFctr.exeC:\Windows\System\VWhFctr.exe2⤵
-
C:\Windows\System\ToiMqgZ.exeC:\Windows\System\ToiMqgZ.exe2⤵
-
C:\Windows\System\TczgonU.exeC:\Windows\System\TczgonU.exe2⤵
-
C:\Windows\System\aZNRwFB.exeC:\Windows\System\aZNRwFB.exe2⤵
-
C:\Windows\System\hVwUQvl.exeC:\Windows\System\hVwUQvl.exe2⤵
-
C:\Windows\System\RsnskHa.exeC:\Windows\System\RsnskHa.exe2⤵
-
C:\Windows\System\yuFsEhH.exeC:\Windows\System\yuFsEhH.exe2⤵
-
C:\Windows\System\hkTGzIF.exeC:\Windows\System\hkTGzIF.exe2⤵
-
C:\Windows\System\TDxczdW.exeC:\Windows\System\TDxczdW.exe2⤵
-
C:\Windows\System\CoGHCZD.exeC:\Windows\System\CoGHCZD.exe2⤵
-
C:\Windows\System\WRtSsko.exeC:\Windows\System\WRtSsko.exe2⤵
-
C:\Windows\System\lYJjZDj.exeC:\Windows\System\lYJjZDj.exe2⤵
-
C:\Windows\System\tnCBUPc.exeC:\Windows\System\tnCBUPc.exe2⤵
-
C:\Windows\System\gocKMpA.exeC:\Windows\System\gocKMpA.exe2⤵
-
C:\Windows\System\oIpNpsj.exeC:\Windows\System\oIpNpsj.exe2⤵
-
C:\Windows\System\TJsCKJm.exeC:\Windows\System\TJsCKJm.exe2⤵
-
C:\Windows\System\HrSfVUt.exeC:\Windows\System\HrSfVUt.exe2⤵
-
C:\Windows\System\GjcHnLY.exeC:\Windows\System\GjcHnLY.exe2⤵
-
C:\Windows\System\nuuyLwU.exeC:\Windows\System\nuuyLwU.exe2⤵
-
C:\Windows\System\jIwzFYc.exeC:\Windows\System\jIwzFYc.exe2⤵
-
C:\Windows\System\bVfRMkA.exeC:\Windows\System\bVfRMkA.exe2⤵
-
C:\Windows\System\LWVENrJ.exeC:\Windows\System\LWVENrJ.exe2⤵
-
C:\Windows\System\ZrrqftB.exeC:\Windows\System\ZrrqftB.exe2⤵
-
C:\Windows\System\pEMnHJd.exeC:\Windows\System\pEMnHJd.exe2⤵
-
C:\Windows\System\rveuGiP.exeC:\Windows\System\rveuGiP.exe2⤵
-
C:\Windows\System\zZmqHqE.exeC:\Windows\System\zZmqHqE.exe2⤵
-
C:\Windows\System\meUHwJi.exeC:\Windows\System\meUHwJi.exe2⤵
-
C:\Windows\System\FALCAsp.exeC:\Windows\System\FALCAsp.exe2⤵
-
C:\Windows\System\zWzhIuT.exeC:\Windows\System\zWzhIuT.exe2⤵
-
C:\Windows\System\nijrNZv.exeC:\Windows\System\nijrNZv.exe2⤵
-
C:\Windows\System\xtNAuDy.exeC:\Windows\System\xtNAuDy.exe2⤵
-
C:\Windows\System\BYVabfD.exeC:\Windows\System\BYVabfD.exe2⤵
-
C:\Windows\System\OjBUWmB.exeC:\Windows\System\OjBUWmB.exe2⤵
-
C:\Windows\System\mWkzdYm.exeC:\Windows\System\mWkzdYm.exe2⤵
-
C:\Windows\System\pWLAepk.exeC:\Windows\System\pWLAepk.exe2⤵
-
C:\Windows\System\YZiUCQs.exeC:\Windows\System\YZiUCQs.exe2⤵
-
C:\Windows\System\TzNcwns.exeC:\Windows\System\TzNcwns.exe2⤵
-
C:\Windows\System\uVpOMGp.exeC:\Windows\System\uVpOMGp.exe2⤵
-
C:\Windows\System\XhLsHmF.exeC:\Windows\System\XhLsHmF.exe2⤵
-
C:\Windows\System\TnyhhwC.exeC:\Windows\System\TnyhhwC.exe2⤵
-
C:\Windows\System\diYDWGZ.exeC:\Windows\System\diYDWGZ.exe2⤵
-
C:\Windows\System\tljBRVF.exeC:\Windows\System\tljBRVF.exe2⤵
-
C:\Windows\System\LayEINt.exeC:\Windows\System\LayEINt.exe2⤵
-
C:\Windows\System\GtmDsxr.exeC:\Windows\System\GtmDsxr.exe2⤵
-
C:\Windows\System\eVfTWEK.exeC:\Windows\System\eVfTWEK.exe2⤵
-
C:\Windows\System\NzQWcED.exeC:\Windows\System\NzQWcED.exe2⤵
-
C:\Windows\System\EGQjfbg.exeC:\Windows\System\EGQjfbg.exe2⤵
-
C:\Windows\System\aBFLARJ.exeC:\Windows\System\aBFLARJ.exe2⤵
-
C:\Windows\System\UZUEHpc.exeC:\Windows\System\UZUEHpc.exe2⤵
-
C:\Windows\System\yKmigJq.exeC:\Windows\System\yKmigJq.exe2⤵
-
C:\Windows\System\WSFEssa.exeC:\Windows\System\WSFEssa.exe2⤵
-
C:\Windows\System\KewxOkt.exeC:\Windows\System\KewxOkt.exe2⤵
-
C:\Windows\System\SddTqnX.exeC:\Windows\System\SddTqnX.exe2⤵
-
C:\Windows\System\faIJVjF.exeC:\Windows\System\faIJVjF.exe2⤵
-
C:\Windows\System\fVrvDJA.exeC:\Windows\System\fVrvDJA.exe2⤵
-
C:\Windows\System\jwsUseu.exeC:\Windows\System\jwsUseu.exe2⤵
-
C:\Windows\System\LnhEswV.exeC:\Windows\System\LnhEswV.exe2⤵
-
C:\Windows\System\ycrROkl.exeC:\Windows\System\ycrROkl.exe2⤵
-
C:\Windows\System\ktZpdBm.exeC:\Windows\System\ktZpdBm.exe2⤵
-
C:\Windows\System\xbEATcp.exeC:\Windows\System\xbEATcp.exe2⤵
-
C:\Windows\System\ZFJnAwu.exeC:\Windows\System\ZFJnAwu.exe2⤵
-
C:\Windows\System\wlxIDYU.exeC:\Windows\System\wlxIDYU.exe2⤵
-
C:\Windows\System\hwWEiXU.exeC:\Windows\System\hwWEiXU.exe2⤵
-
C:\Windows\System\ISLlDyJ.exeC:\Windows\System\ISLlDyJ.exe2⤵
-
C:\Windows\System\cHSBuVm.exeC:\Windows\System\cHSBuVm.exe2⤵
-
C:\Windows\System\fqgAZYC.exeC:\Windows\System\fqgAZYC.exe2⤵
-
C:\Windows\System\qLiTJbq.exeC:\Windows\System\qLiTJbq.exe2⤵
-
C:\Windows\System\nzrQsWf.exeC:\Windows\System\nzrQsWf.exe2⤵
-
C:\Windows\System\YgwWFOQ.exeC:\Windows\System\YgwWFOQ.exe2⤵
-
C:\Windows\System\eXfrnjE.exeC:\Windows\System\eXfrnjE.exe2⤵
-
C:\Windows\System\wawpleh.exeC:\Windows\System\wawpleh.exe2⤵
-
C:\Windows\System\pfWJfNz.exeC:\Windows\System\pfWJfNz.exe2⤵
-
C:\Windows\System\NolspCr.exeC:\Windows\System\NolspCr.exe2⤵
-
C:\Windows\System\RGdBvuB.exeC:\Windows\System\RGdBvuB.exe2⤵
-
C:\Windows\System\XmaydxP.exeC:\Windows\System\XmaydxP.exe2⤵
-
C:\Windows\System\QzqnomC.exeC:\Windows\System\QzqnomC.exe2⤵
-
C:\Windows\System\KTvGVQb.exeC:\Windows\System\KTvGVQb.exe2⤵
-
C:\Windows\System\DSFYdkH.exeC:\Windows\System\DSFYdkH.exe2⤵
-
C:\Windows\System\vRhRzDR.exeC:\Windows\System\vRhRzDR.exe2⤵
-
C:\Windows\System\QIPzVGy.exeC:\Windows\System\QIPzVGy.exe2⤵
-
C:\Windows\System\bTddzEZ.exeC:\Windows\System\bTddzEZ.exe2⤵
-
C:\Windows\System\utCatPA.exeC:\Windows\System\utCatPA.exe2⤵
-
C:\Windows\System\zDsTcKr.exeC:\Windows\System\zDsTcKr.exe2⤵
-
C:\Windows\System\kbfSAuw.exeC:\Windows\System\kbfSAuw.exe2⤵
-
C:\Windows\System\sCSdXLB.exeC:\Windows\System\sCSdXLB.exe2⤵
-
C:\Windows\System\awShvvH.exeC:\Windows\System\awShvvH.exe2⤵
-
C:\Windows\System\CaoLsCM.exeC:\Windows\System\CaoLsCM.exe2⤵
-
C:\Windows\System\tTcuOad.exeC:\Windows\System\tTcuOad.exe2⤵
-
C:\Windows\System\fNwKRsl.exeC:\Windows\System\fNwKRsl.exe2⤵
-
C:\Windows\System\PkPhfsK.exeC:\Windows\System\PkPhfsK.exe2⤵
-
C:\Windows\System\BourZtw.exeC:\Windows\System\BourZtw.exe2⤵
-
C:\Windows\System\DAXtFQR.exeC:\Windows\System\DAXtFQR.exe2⤵
-
C:\Windows\System\wCoJnvw.exeC:\Windows\System\wCoJnvw.exe2⤵
-
C:\Windows\System\EdntrxL.exeC:\Windows\System\EdntrxL.exe2⤵
-
C:\Windows\System\OCrKMml.exeC:\Windows\System\OCrKMml.exe2⤵
-
C:\Windows\System\RKvtDER.exeC:\Windows\System\RKvtDER.exe2⤵
-
C:\Windows\System\KpsTyoT.exeC:\Windows\System\KpsTyoT.exe2⤵
-
C:\Windows\System\nxUDXyv.exeC:\Windows\System\nxUDXyv.exe2⤵
-
C:\Windows\System\mvpBaQK.exeC:\Windows\System\mvpBaQK.exe2⤵
-
C:\Windows\System\bYiJdLJ.exeC:\Windows\System\bYiJdLJ.exe2⤵
-
C:\Windows\System\yKapybh.exeC:\Windows\System\yKapybh.exe2⤵
-
C:\Windows\System\UIeNojp.exeC:\Windows\System\UIeNojp.exe2⤵
-
C:\Windows\System\tPhLAjj.exeC:\Windows\System\tPhLAjj.exe2⤵
-
C:\Windows\System\UALlVfD.exeC:\Windows\System\UALlVfD.exe2⤵
-
C:\Windows\System\OmrwUzT.exeC:\Windows\System\OmrwUzT.exe2⤵
-
C:\Windows\System\BEQZXed.exeC:\Windows\System\BEQZXed.exe2⤵
-
C:\Windows\System\hLsGPsp.exeC:\Windows\System\hLsGPsp.exe2⤵
-
C:\Windows\System\RDWgbML.exeC:\Windows\System\RDWgbML.exe2⤵
-
C:\Windows\System\hrKYafZ.exeC:\Windows\System\hrKYafZ.exe2⤵
-
C:\Windows\System\SEtqtfq.exeC:\Windows\System\SEtqtfq.exe2⤵
-
C:\Windows\System\wphiAUQ.exeC:\Windows\System\wphiAUQ.exe2⤵
-
C:\Windows\System\jfQDcre.exeC:\Windows\System\jfQDcre.exe2⤵
-
C:\Windows\System\CSgGocG.exeC:\Windows\System\CSgGocG.exe2⤵
-
C:\Windows\System\sdHyNDl.exeC:\Windows\System\sdHyNDl.exe2⤵
-
C:\Windows\System\FNxOkpp.exeC:\Windows\System\FNxOkpp.exe2⤵
-
C:\Windows\System\sVQnLlA.exeC:\Windows\System\sVQnLlA.exe2⤵
-
C:\Windows\System\fXQaCDO.exeC:\Windows\System\fXQaCDO.exe2⤵
-
C:\Windows\System\vRTiNUG.exeC:\Windows\System\vRTiNUG.exe2⤵
-
C:\Windows\System\HbYpBHU.exeC:\Windows\System\HbYpBHU.exe2⤵
-
C:\Windows\System\BBSrFii.exeC:\Windows\System\BBSrFii.exe2⤵
-
C:\Windows\System\GILkfyA.exeC:\Windows\System\GILkfyA.exe2⤵
-
C:\Windows\System\PbxKfXx.exeC:\Windows\System\PbxKfXx.exe2⤵
-
C:\Windows\System\PrPMvVK.exeC:\Windows\System\PrPMvVK.exe2⤵
-
C:\Windows\System\SBfhbXO.exeC:\Windows\System\SBfhbXO.exe2⤵
-
C:\Windows\System\oHwYWQP.exeC:\Windows\System\oHwYWQP.exe2⤵
-
C:\Windows\System\oOtXRUM.exeC:\Windows\System\oOtXRUM.exe2⤵
-
C:\Windows\System\jSRNutR.exeC:\Windows\System\jSRNutR.exe2⤵
-
C:\Windows\System\IABbsbN.exeC:\Windows\System\IABbsbN.exe2⤵
-
C:\Windows\System\NuiXQln.exeC:\Windows\System\NuiXQln.exe2⤵
-
C:\Windows\System\rEfBrxW.exeC:\Windows\System\rEfBrxW.exe2⤵
-
C:\Windows\System\tebMUwj.exeC:\Windows\System\tebMUwj.exe2⤵
-
C:\Windows\System\vyNdtuq.exeC:\Windows\System\vyNdtuq.exe2⤵
-
C:\Windows\System\WKpBsri.exeC:\Windows\System\WKpBsri.exe2⤵
-
C:\Windows\System\tXNtNmK.exeC:\Windows\System\tXNtNmK.exe2⤵
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Windows\system\AGrxKAF.exeFilesize
1005KB
MD5bc9f3909b5699636fba43e534a6c2205
SHA1a58a6f07e67fe21581112cebdd7f536282995432
SHA25681494af3ff0a7ce103e454142fe12cdb6daf6f41fb07403a2f32a5a1e0d24d47
SHA5120e6853d5d06966e7d2a22123c0104cd191f1a7bb290c734d26df43772621bf56c28853948a773bae545b155bf849a510d202d5218a94ca4ddd79ed69062e303f
-
C:\Windows\system\BuvNwsq.exeFilesize
1012KB
MD567750794214af21d86c11c32e2052ccf
SHA19e52f5aedd408d757a2c2610ef839f5d18b48abf
SHA2561e96b557c4234ced4d294d2019b446957b014fb05d56326752dbad21c9ef5ccf
SHA512e57e416191589d9b1549b7711ff4874c8bf2fc4615d671c81ae30e077604d1764e23aa1136ea60768a9ae2eb672694ed740ddc752b699a0c8ef6ffab3db4912a
-
C:\Windows\system\CpYrhTK.exeFilesize
1011KB
MD5f5208c0280c6b122b24c7968fe9cdc9c
SHA1390a1aa8e4b93f6d81e81c7e94e7b89c3084625a
SHA2560efd60778ecc45b7bb3dfdb239935f983feefb9b24229edf78463044a27d3d81
SHA5127cec71da3138cd225984421a83908b55656ec705ed95cea82487391b02c4d9e55cc2c8e67b510b903e0f459266c6fdf19ae3e8f6f1ed610f59fac83be7ba769f
-
C:\Windows\system\DCJSZxF.exeFilesize
1006KB
MD5017d3cbad2f5a3db91966ea78da6da81
SHA10e9da1fa2b54ed3e4e947b2b857e5928c4703fc3
SHA256f55eef0b25789f20a89413bd3f69d741ebae31e1e1f2813fef2c3f629794b328
SHA512bd79dddcd45320fee0ee3f3e16ab9c18dd7141dbd071f42ab23d302c0e9692b8efa562f1f7a95acaf01f6f1629cce37b8312e49277562757c5dd91dee7a443c2
-
C:\Windows\system\DykGJYd.exeFilesize
1008KB
MD55bd40e194d5ff0b1127881c2b06f4a49
SHA187d76498685d4f4f2a063b5c52157f314e8e2f4d
SHA25671dcc072f71a6d9ec38fbe92ef1b1ab54364d435663a13f4b89b7386026af584
SHA512c299c089794fd0316c912ab7ea1c3179a75d3bf8660ac82960334a9a8cdddf4253a8fcc102210c10907e73b009ca88db16fe203c69c48cddabdba2c1707901bb
-
C:\Windows\system\Fidxoza.exeFilesize
1010KB
MD512b73af519469725cc3b0f064a05eb5d
SHA12f48fe1ecbddac6d92354089d165aafc2398acf5
SHA256fba738ddfb2e3b0bb46dea8bc4bd419ec072b685fbc1d01ccf32fb7a9a8e466b
SHA512a25362b1df1a744d972db4500154e8ad0ad119f693b3d9af6fd26b9ef08437f8004171a5a9b65e2b0a5a34ff3a5d99c4bcc15e76e01c35a6d98a6a19048219bd
-
C:\Windows\system\GWSphBV.exeFilesize
1009KB
MD58e8802c00997229379d606946edc60e2
SHA154bd84f222f7431b668534af20ebeb5f65304704
SHA2566a3a3bf47fe9baa2cd05411e48d09e24f5fe3428a9ce8bee61fed764ee818246
SHA5126cc64d3a763b7875ca1c7cc511dd58fed199deb51f9a3faab53ad331547eab0ea75586fe1bc29931e666851d4c1f50d188cf929647ed065dc1f74226583060c1
-
C:\Windows\system\GZihKWQ.exeFilesize
1011KB
MD5b934b2c1264182a18c00527146334ba0
SHA1343c66bf5676a715af602bf8a7cbad5f387d17cd
SHA256401bb18ed1d14326ed6e26ba23682ef74d2d9f0590dec5a81cb169f0e470d333
SHA512a17ca9d9222d9294ea73b21dfacb00c3634ded056b639b913ad1fc5611d1dfb0002a2f2926704233fa5a22dfc21ed9e95b83ca6678834f8781833006df3bc58a
-
C:\Windows\system\LFrcovt.exeFilesize
1013KB
MD541edc9c2a7d57cc7849e6fbaf517b1b8
SHA1644e428ffeb3fd9c11bb856f6de5f901a308dbfa
SHA2562ef61ea5816ee03b58d8f3558b2ddb818f783948cdddf94f1c15db43710b9d8e
SHA512350abd5b5026a938ecdefba8625382393ce585164ea3b9a2c3e2455d3933580741f04fdf948ff8392680c6b5fe9776030c57601e831af256c8ba237581310034
-
C:\Windows\system\OZCMhGB.exeFilesize
1012KB
MD59d2692302bba3c53c22b25eae67d724b
SHA19a17d2ad86eb78864b5f3442b89826b99831bc06
SHA256e6edbb36561e1dacfb2458873465c8fdac4e6142ff07979a249211826102706a
SHA51250beb7dce50a773cf2d4729314df58fc549970f1ea97ea6311bfafd8694816530335363efcd9f78ce0300adf2cb51364bb6468a074868ef6c93c753da5273105
-
C:\Windows\system\QzajDKz.exeFilesize
1009KB
MD5ee0c11d1be1089bbc37f4dbe3747432f
SHA1f47cda54424a5cbb8ca0ffc46b8e999112cc7eb4
SHA256496970e8d54586693b5a923c8a4c35002c84da7687d103270fa00a9e591e7922
SHA512fd7589cf39abf56b6cd9cf15870930e5f1084234535874a77f80131cb111449c7a61919a82fb02b6c84a483de1a932fe414ae0677584e144fb0612a3550c4343
-
C:\Windows\system\USzQKkA.exeFilesize
1008KB
MD5602bb416c3361866866d825e3fba9d81
SHA1750f17b56d22406b2f56f2b6d585e9f1518eb807
SHA25628e5d79156211f1cb94b3f06dd72e1714787e063819c13abb14a54f065ad0e21
SHA512678228bd3e465b4a489a779ba4279057c4fa8d5f6e391661caaad98a12acfc4a08aaae9524164ffc08ae5ffc230821a4524512473af16db58c8d1aaebd3a538b
-
C:\Windows\system\UbFfbdV.exeFilesize
1010KB
MD54ee7e2baadff97b43acaa66e9fceb0dc
SHA1b59c8b52bc1a3a1c16f34d08d2c3c88d580d8f52
SHA256bb13d9e19347606e2c9370a6944221ed507495f1eda837c166bad24a04eaa229
SHA512ac611be298d25e0b116d9756c810ac9668720e44113dcf145273f1e9517f94e0e70f85178e4776fe9595663304a75b64b8db1de456ba382671c440a7a833e46a
-
C:\Windows\system\ZqmWrwB.exeFilesize
1011KB
MD5d4f4c6e75a8946f192b19c301f0b6683
SHA18af896854d737b1e3a9739ecdd0a581828e5e236
SHA2568538c5d5d7e81ec5ae837b1f2afd6f5180db0142a2114f5f4756ed5f496631aa
SHA512608ad8029665a08ab393d75f52dc5dfab6b22e41e4098f4ac5795aeba61079529514f4b5e70394596c2f7394046e588df8349c8137ca39c84ca4f2eaf718f2c9
-
C:\Windows\system\ZywDJEc.exeFilesize
1013KB
MD5abb4026721bc00044a28843d1d139280
SHA19a35281aa9dd7cada5a1af71bb84b0565ffe1272
SHA256afc86f98b1cce4ec835d37115e31f5602a1e96d9d552049b5d7ea65373e6d395
SHA512e2e5361b13e314212e5be671a5d164a0807d45195b3801b5cb50aaf20dad306d0b43a48901565bab384b0c46894688bb5f5042d44fff036041a48575c54db230
-
C:\Windows\system\epUmBpD.exeFilesize
1007KB
MD50e0e05507b167f8a3cc77e1c24fc42fe
SHA1cd7d10eea3b1eb4be8f81e08a081dd12ac3daacc
SHA256b2a49d4724b83744343578a484599b3f12fa738d34395d8570ed9e1964b3ddeb
SHA5124eaa752a777b7571085f3284e858c85ab03f5291b16ee6e4874974ab850db7a45216853e351d9da4388fb46c112c8613677e9153ddfe6f6dde04dc68fd98e49b
-
C:\Windows\system\gBGMflY.exeFilesize
1013KB
MD5261385f4a61377b0091a905a4de429f4
SHA1b83614c58a176c42c640125d0b8e9d80628946e8
SHA25689dc9cc5ea33d9094e67493d0272bbdd016838a3867c033f2bb9f202f390df7a
SHA51231306d779c999150b385e1686b1d972f42b49a5567109a36e8c96c83f8aa483c99b519946db580dcecd731f76fa1346a620171b2bdeb8bac8c44d85142c0ff70
-
C:\Windows\system\gLrUhwO.exeFilesize
1012KB
MD52a7930195bc39e654536a63ad2d356f3
SHA1002faf17352f1ffca2ec45c476a5a36ceb9e74a3
SHA2563eb83aad071bd5fc4e6e36577521ada8a972c3ad18bcdc295662fb87b25b5e5c
SHA51204bc8f1cbc8a4e9d12f6f44cb21986a91bbd2c90083283421040601755ba8ea8bd7a45bcc999d632bcc593e2689dab28b7a2858585dd34ebb27f2ba0cb97af84
-
C:\Windows\system\gwWnDnC.exeFilesize
1009KB
MD55fe381152f1740147cec78cbaaafc5c8
SHA1ada4df8775e25305e4bc58fe9cb736ccf074932f
SHA25683b7fc5f89e4cf721bcf59389395e78d791ff85ab9d5ce88c4b3cd29619d3a4a
SHA512a53d9a24f164e57725aad973e031ff62c2942e83e411c08c1d53b75da89e069cc9e50249d0261302b6915cadea52bdffdf0ed3adaadd1160be88fd146c72e1b7
-
C:\Windows\system\jFSRcsQ.exeFilesize
1006KB
MD5ec690a7d6f52bac53f8484b09d1a200e
SHA1628dd1c29d78b2f4e6d9b94fe6ad98f59be5a5a9
SHA2568b420cd5c2b193e16cd385f875e3de1e3f1c574bef29a4315c0111f73fe40e66
SHA51215f820079f1a51584d77eb86513c0f33bb6d20e16cd3dc51fc3626fb5f0589b3fb309291d833984df5e6daa685901a56806cab610f13702d73aec32cfe015709
-
C:\Windows\system\kLRfqwu.exeFilesize
1007KB
MD5d1dd98b277c966c374425fd99b942ca9
SHA19ae0defbe364b435155d8726cfe2c1001a4fd24d
SHA256abec622ece634fa68f5526d42a9e1ef9911d99a3a2b59bae79e8ffa42e543c7a
SHA5123d4533ae637156561e7bd7d7783011bd830d7026d03413013f1c12ab3a7249505dc52125047bbdfc53b3f9d50bd94731a5e2812b08cade9100aba9b5d410c7d4
-
C:\Windows\system\lpgktKN.exeFilesize
1006KB
MD5a05ac1a3a4599609a1c5d50bc2988df7
SHA1b30f012a0d1186f3241613a1222184180e762056
SHA2569ca0a8a86ebac2c0190a1e7892f0b30170d478c5c94c6db4477ad076ec945a02
SHA512911460ba7aa7174f35cb17668a57f28d8497797e8edaf91173c78b7b8240a677e767270308923955233a8c0ab26d37d868b6b57feb937476e67124b544996d0e
-
C:\Windows\system\mevljXk.exeFilesize
1012KB
MD50ba9583b7fc4623aa27070d739484722
SHA129b6377dd0ee9e20fe60386ec014cda49667ff8d
SHA256982b6069b8a92c545247c2502502b5d9107f31a8c01005ee14716d574774315a
SHA512799e19d4b286f2ea8fc7ee7b855278a8197c7fc8f7cd734ab78712b450763faf13a84b5e0ba75943818e184723ef69de0964873457388ea86445019ef16a910d
-
C:\Windows\system\nzrjXwS.exeFilesize
1007KB
MD515206ccc87076a32637282deb08a4e3e
SHA16c3c2a3a26e04e72bbaa9a4f5dc9fd302aeae878
SHA25668c7861e9858bda6181a10a69816fff46dd06e8749cea82651af82aa079e0e0d
SHA51297344f99e8ce9b2bcee53da565994f579ee610e4db3c07178d34c9be97d272e82e64a4d42b9d387561ca6dfe0c312021fcc57a41f0494c24352de816fd2ec563
-
C:\Windows\system\oXxfkDI.exeFilesize
1008KB
MD50768ffb0e1c7202430e1778e65aff598
SHA1dffbb02451db0986b621d7f92c79efc19d8c33aa
SHA2562c1bb738c134dc4b2c234da5377adc58caec8ca05b9e125e3b30dd5e78ae64a4
SHA512a93466b345650832a6cd4767fddfaa38da67306b21dd95bcd104c5af6c5b1c5776e2681f490f00f34130af45900e679f54bf9d6403f4735f40851cc656f834c8
-
C:\Windows\system\pptBMgR.exeFilesize
1007KB
MD51e41a9a0aed4d56a655b8ce41dcfa288
SHA18057e4224dce760e95ec8edfe8ffcd87cf0d606d
SHA256d17c8096441078c78d82c2884410dc85f8bf745cc2c33bd60725d3347e9cbf6d
SHA512b4b1b55da0d9f97f36af5c3d81b456243a6ffd26e21287cc78de6cf29c1ad4f05dfe62b69b36f354bbe3271939d1e176e7893b01d16a3abae95518518cd2d45f
-
C:\Windows\system\rRrAXco.exeFilesize
1011KB
MD5b9aa1d2c82cb8ef1bf2ac878bd5bc388
SHA131c2dc6ba9fdb199ea49b9fa1301df3fc0312e33
SHA25642bf5d8d382bd2c48413c18e1ac507cfd8f955b861bfe86c9eefd1ec93543bfc
SHA5121c0240768d10ab6523637ee7183a8e393631ff9b7f73102bef7efa06871edc504464eb7fc654f27920f9aefe81c0cd3260e4aa16e753735f73081fd068bc93ec
-
C:\Windows\system\rsRlKcK.exeFilesize
1009KB
MD53663eae031146efb3ff8fc05ea70758c
SHA1a5fca2ffa7bd40439edd221341a67e1fbb777a9a
SHA256a6b512142667240d23c12686878b322cf1c4a6bef3f41a6293bfd3a5bb3e7843
SHA5120a75921a38199c92267a9b90b6f9b8343b0fdd221f846026c7aea381c87d9898eb676efcf01454de99de38a9b104b928be7d03b2dda98ed104feca88f2ff1956
-
C:\Windows\system\uFHkzFj.exeFilesize
1010KB
MD5ea38c1445823deb646908c26cd4f74b3
SHA15dc9a33df4ce9acc6f486f5d048e7561d857450e
SHA256d868474f0b0d576128226642ff7758635302ea94f30d235b7801d243d16a21e4
SHA512e345b3d52df3453275a766a56da2498cf3ff423dfe39d81062f771367bb8f814076825f0120ff2ca22b25a5e984ba990b77557e770e8831a6285fc32589b17af
-
C:\Windows\system\yFnxcSM.exeFilesize
1008KB
MD52e415ceed7ab484bdb160a25dc3476ec
SHA18efa11804e27a779649b03bc2780d4c0e296af6f
SHA256d131f749bc4b1bf0d1a49edfe142766eae444ce83fe022f5566d1cedc6ea564d
SHA51229f742dc7caa03128640bf7bfb64ce0d79933f50c703eac146d1bb7dfa4f3dfb33f8af9bd20e73a823be4a346710f000dcdaad8deb461b5fb34a652605a5e8b2
-
C:\Windows\system\yRauzkN.exeFilesize
1010KB
MD59b75460a5b304ecad3dc4f429a10b23a
SHA1e7af3a4d74e3686390201dbe1518167f578602e8
SHA25663ea270717518a78761f4edf59922cbd60b7462922d49f9ae59f6d2c346078e7
SHA5123c1627c539e7e732ecb5ea6db546f3fb1ac74a319e986786e1edc2503dedbdaddad78b290483c5d32cf2715d50d3a9786bc91cb5fba3e46531fff599c856fdeb
-
\Windows\system\DqGMlin.exeFilesize
1006KB
MD50a3bbd37f851732194f4e90b94ec43ff
SHA18f6a0dbf9d1daad73b69cbda1054ea0e87fe1811
SHA256b3dec7c910af8cfa43f85c6124aa9826cdbbbfe4f3b93fc7c244b43414703da9
SHA512c6a3ba98109b22d700e1005a2b2755ddcd03cd6d57cf43872e3c62aec94a1cfb5e512216c1a20786d50a83edbfcf2700361cfee3e4c5685c6ac497d041117684
-
memory/2424-0-0x0000000000080000-0x0000000000090000-memory.dmpFilesize
64KB