Analysis
-
max time kernel
135s -
max time network
153s -
platform
windows10-2004_x64 -
resource
win10v2004-20240611-en -
resource tags
arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system -
submitted
13-06-2024 08:30
Behavioral task
behavioral1
Sample
6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe
Resource
win7-20240508-en
General
-
Target
6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe
-
Size
1005KB
-
MD5
6cfafd47c73c53becb99079b6aaf0da0
-
SHA1
8ba06918d46ad79cecc6db4cbfe871f8e880a509
-
SHA256
95dfa69a3dbfea32817216c020aa4dbfc0bb3dfb09f18164d8736405376e0db7
-
SHA512
1e8e14b3224e4b457a4f8441f6ae1d4406f571553819a367f5ebc4d3d3997dbe0cecca49fb4021207318a7d29350474f1ce3b69a237764a0901140cadc91cdb4
-
SSDEEP
24576:GezaTnG99Q8FcNrpyNdfE0bLBgDOp2iSLz9LbBwlKensPLNmh:GezaTF8FcNkNdfE0pZ9oztFwIhLq
Malware Config
Signatures
-
XMRig Miner payload 33 IoCs
Processes:
resource yara_rule C:\Windows\System\KDIvGdi.exe xmrig C:\Windows\System\FzmUrcG.exe xmrig C:\Windows\System\eQaZkxW.exe xmrig C:\Windows\System\RNLFmYh.exe xmrig C:\Windows\System\CkfzVtC.exe xmrig C:\Windows\System\Tglyotl.exe xmrig C:\Windows\System\ypfXvfu.exe xmrig C:\Windows\System\oUPVMMG.exe xmrig C:\Windows\System\WGvxZHA.exe xmrig C:\Windows\System\BWLwoJL.exe xmrig C:\Windows\System\zopHHhs.exe xmrig C:\Windows\System\KstmyBJ.exe xmrig C:\Windows\System\fKGCGpN.exe xmrig C:\Windows\System\yjsyGeo.exe xmrig C:\Windows\System\BTsagjW.exe xmrig C:\Windows\System\xMDkpzO.exe xmrig C:\Windows\System\hUCsPPJ.exe xmrig C:\Windows\System\fNhnOOM.exe xmrig C:\Windows\System\bNDHYvQ.exe xmrig C:\Windows\System\IwGWvFS.exe xmrig C:\Windows\System\NisRJWJ.exe xmrig C:\Windows\System\oPsGDYh.exe xmrig C:\Windows\System\GoDQJSc.exe xmrig C:\Windows\System\GyagfoU.exe xmrig C:\Windows\System\munsgUI.exe xmrig C:\Windows\System\ixcJLDV.exe xmrig C:\Windows\System\xXrXVrG.exe xmrig C:\Windows\System\nrvAaBa.exe xmrig C:\Windows\System\vQPVJOk.exe xmrig C:\Windows\System\LPxuxgt.exe xmrig C:\Windows\System\iIsZiGs.exe xmrig C:\Windows\System\iTciALX.exe xmrig C:\Windows\System\znADdmx.exe xmrig -
Executes dropped EXE 64 IoCs
Processes:
KDIvGdi.exeFzmUrcG.exeeQaZkxW.exeRNLFmYh.exeznADdmx.exeCkfzVtC.exeTglyotl.exeiTciALX.exeiIsZiGs.exeypfXvfu.exeLPxuxgt.exevQPVJOk.exenrvAaBa.exexXrXVrG.exeoUPVMMG.exeixcJLDV.exeWGvxZHA.exemunsgUI.exeGyagfoU.exeGoDQJSc.exeoPsGDYh.exeNisRJWJ.exeIwGWvFS.exebNDHYvQ.exeBWLwoJL.exefNhnOOM.exehUCsPPJ.exezopHHhs.exexMDkpzO.exeBTsagjW.exefKGCGpN.exeyjsyGeo.exeKstmyBJ.exeCxXHBcQ.exeXVwViPb.exewVollzA.exenHtHVIE.exeejvGUaG.exeagSrwMO.exeysUkdxi.exerICQOfz.exebMooZcy.exekKZCqXR.exenwvkgcS.exeztfUjwZ.exeJCGeZVQ.exeLWXVBiZ.exefZTyYIo.exeKWCidWj.exewjQiKaA.exexjBwWFo.exeVgekFpw.exepezNZsQ.exeWdWfQCt.exeOoLGGPJ.exeItvRFHx.exebtfRxQj.exegGWeMfT.exeDsHrter.exegWHjmzi.exexkfoPQY.exeMKsUTrP.exeSHQckCJ.exepKsmxAK.exepid process 2484 KDIvGdi.exe 4200 FzmUrcG.exe 4300 eQaZkxW.exe 3184 RNLFmYh.exe 1532 znADdmx.exe 1712 CkfzVtC.exe 1364 Tglyotl.exe 1060 iTciALX.exe 1616 iIsZiGs.exe 1580 ypfXvfu.exe 3648 LPxuxgt.exe 2460 vQPVJOk.exe 2988 nrvAaBa.exe 2768 xXrXVrG.exe 4828 oUPVMMG.exe 1004 ixcJLDV.exe 736 WGvxZHA.exe 3032 munsgUI.exe 1908 GyagfoU.exe 3472 GoDQJSc.exe 5068 oPsGDYh.exe 2844 NisRJWJ.exe 3980 IwGWvFS.exe 4940 bNDHYvQ.exe 2552 BWLwoJL.exe 3944 fNhnOOM.exe 3956 hUCsPPJ.exe 3968 zopHHhs.exe 1416 xMDkpzO.exe 3584 BTsagjW.exe 3872 fKGCGpN.exe 4412 yjsyGeo.exe 2352 KstmyBJ.exe 2008 CxXHBcQ.exe 3540 XVwViPb.exe 1112 wVollzA.exe 3280 nHtHVIE.exe 3008 ejvGUaG.exe 3912 agSrwMO.exe 4136 ysUkdxi.exe 3048 rICQOfz.exe 2664 bMooZcy.exe 3964 kKZCqXR.exe 2276 nwvkgcS.exe 4420 ztfUjwZ.exe 2088 JCGeZVQ.exe 4228 LWXVBiZ.exe 3220 fZTyYIo.exe 3772 KWCidWj.exe 2816 wjQiKaA.exe 4264 xjBwWFo.exe 2564 VgekFpw.exe 1556 pezNZsQ.exe 1744 WdWfQCt.exe 620 OoLGGPJ.exe 2752 ItvRFHx.exe 4272 btfRxQj.exe 4752 gGWeMfT.exe 2272 DsHrter.exe 968 gWHjmzi.exe 3460 xkfoPQY.exe 4360 MKsUTrP.exe 4208 SHQckCJ.exe 368 pKsmxAK.exe -
Drops file in Windows directory 64 IoCs
Processes:
6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exedescription ioc process File created C:\Windows\System\LZbNEMm.exe 6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe File created C:\Windows\System\nMyZTYi.exe 6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe File created C:\Windows\System\ZjWNJqq.exe 6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe File created C:\Windows\System\iAcXTTt.exe 6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe File created C:\Windows\System\munsgUI.exe 6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe File created C:\Windows\System\qITFYjR.exe 6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe File created C:\Windows\System\EJAAdRF.exe 6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe File created C:\Windows\System\fNhnOOM.exe 6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe File created C:\Windows\System\xMDkpzO.exe 6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe File created C:\Windows\System\bziXGEG.exe 6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe File created C:\Windows\System\PkRFqDd.exe 6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe File created C:\Windows\System\ThnvIfx.exe 6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe File created C:\Windows\System\kRfxLWw.exe 6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe File created C:\Windows\System\ixcJLDV.exe 6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe File created C:\Windows\System\fyrBeaI.exe 6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe File created C:\Windows\System\yqqVtCj.exe 6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe File created C:\Windows\System\UlOanlQ.exe 6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe File created C:\Windows\System\kKjiLxl.exe 6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe File created C:\Windows\System\ZdoCdyk.exe 6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe File created C:\Windows\System\FzmUrcG.exe 6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe File created C:\Windows\System\nHtHVIE.exe 6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe File created C:\Windows\System\agSrwMO.exe 6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe File created C:\Windows\System\gQsFyQT.exe 6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe File created C:\Windows\System\pKsmxAK.exe 6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe File created C:\Windows\System\LjFxEQV.exe 6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe File created C:\Windows\System\ztfUjwZ.exe 6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe File created C:\Windows\System\QtVLOUJ.exe 6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe File created C:\Windows\System\dTsfcdf.exe 6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe File created C:\Windows\System\WVGXVuH.exe 6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe File created C:\Windows\System\sKHWOMa.exe 6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe File created C:\Windows\System\TBwfiqW.exe 6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe File created C:\Windows\System\gjQhsiV.exe 6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe File created C:\Windows\System\PatgJSY.exe 6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe File created C:\Windows\System\mMgodtd.exe 6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe File created C:\Windows\System\eSAaXsP.exe 6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe File created C:\Windows\System\vtCWAMG.exe 6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe File created C:\Windows\System\UnnChAk.exe 6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe File created C:\Windows\System\RigQTkm.exe 6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe File created C:\Windows\System\GyagfoU.exe 6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe File created C:\Windows\System\pBJaAYi.exe 6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe File created C:\Windows\System\wVollzA.exe 6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe File created C:\Windows\System\YXCyUbE.exe 6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe File created C:\Windows\System\TheiYcc.exe 6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe File created C:\Windows\System\pAUJSAy.exe 6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe File created C:\Windows\System\hEoetDI.exe 6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe File created C:\Windows\System\IHIPsNY.exe 6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe File created C:\Windows\System\kKZCqXR.exe 6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe File created C:\Windows\System\JCGeZVQ.exe 6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe File created C:\Windows\System\trvFkgV.exe 6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe File created C:\Windows\System\ZZHjqVG.exe 6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe File created C:\Windows\System\vQPVJOk.exe 6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe File created C:\Windows\System\fhmlHAf.exe 6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe File created C:\Windows\System\zzvRRKQ.exe 6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe File created C:\Windows\System\wQRQfiO.exe 6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe File created C:\Windows\System\ErAqtYe.exe 6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe File created C:\Windows\System\spBRXSN.exe 6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe File created C:\Windows\System\CoPGBLl.exe 6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe File created C:\Windows\System\lbNyrCY.exe 6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe File created C:\Windows\System\bNDHYvQ.exe 6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe File created C:\Windows\System\vXwdlQe.exe 6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe File created C:\Windows\System\ZtfOPxm.exe 6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe File created C:\Windows\System\nrvAaBa.exe 6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe File created C:\Windows\System\CxXHBcQ.exe 6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe File created C:\Windows\System\IwGWvFS.exe 6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe -
Suspicious use of AdjustPrivilegeToken 2 IoCs
Processes:
6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exedescription pid process Token: SeLockMemoryPrivilege 4920 6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe Token: SeLockMemoryPrivilege 4920 6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exedescription pid process target process PID 4920 wrote to memory of 2484 4920 6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe KDIvGdi.exe PID 4920 wrote to memory of 2484 4920 6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe KDIvGdi.exe PID 4920 wrote to memory of 4200 4920 6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe FzmUrcG.exe PID 4920 wrote to memory of 4200 4920 6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe FzmUrcG.exe PID 4920 wrote to memory of 4300 4920 6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe eQaZkxW.exe PID 4920 wrote to memory of 4300 4920 6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe eQaZkxW.exe PID 4920 wrote to memory of 3184 4920 6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe RNLFmYh.exe PID 4920 wrote to memory of 3184 4920 6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe RNLFmYh.exe PID 4920 wrote to memory of 1532 4920 6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe znADdmx.exe PID 4920 wrote to memory of 1532 4920 6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe znADdmx.exe PID 4920 wrote to memory of 1712 4920 6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe CkfzVtC.exe PID 4920 wrote to memory of 1712 4920 6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe CkfzVtC.exe PID 4920 wrote to memory of 1364 4920 6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe Tglyotl.exe PID 4920 wrote to memory of 1364 4920 6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe Tglyotl.exe PID 4920 wrote to memory of 1060 4920 6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe iTciALX.exe PID 4920 wrote to memory of 1060 4920 6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe iTciALX.exe PID 4920 wrote to memory of 1616 4920 6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe iIsZiGs.exe PID 4920 wrote to memory of 1616 4920 6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe iIsZiGs.exe PID 4920 wrote to memory of 1580 4920 6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe ypfXvfu.exe PID 4920 wrote to memory of 1580 4920 6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe ypfXvfu.exe PID 4920 wrote to memory of 3648 4920 6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe LPxuxgt.exe PID 4920 wrote to memory of 3648 4920 6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe LPxuxgt.exe PID 4920 wrote to memory of 2460 4920 6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe vQPVJOk.exe PID 4920 wrote to memory of 2460 4920 6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe vQPVJOk.exe PID 4920 wrote to memory of 2988 4920 6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe nrvAaBa.exe PID 4920 wrote to memory of 2988 4920 6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe nrvAaBa.exe PID 4920 wrote to memory of 2768 4920 6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe xXrXVrG.exe PID 4920 wrote to memory of 2768 4920 6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe xXrXVrG.exe PID 4920 wrote to memory of 4828 4920 6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe oUPVMMG.exe PID 4920 wrote to memory of 4828 4920 6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe oUPVMMG.exe PID 4920 wrote to memory of 1004 4920 6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe ixcJLDV.exe PID 4920 wrote to memory of 1004 4920 6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe ixcJLDV.exe PID 4920 wrote to memory of 736 4920 6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe WGvxZHA.exe PID 4920 wrote to memory of 736 4920 6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe WGvxZHA.exe PID 4920 wrote to memory of 3032 4920 6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe munsgUI.exe PID 4920 wrote to memory of 3032 4920 6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe munsgUI.exe PID 4920 wrote to memory of 1908 4920 6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe GyagfoU.exe PID 4920 wrote to memory of 1908 4920 6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe GyagfoU.exe PID 4920 wrote to memory of 3472 4920 6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe GoDQJSc.exe PID 4920 wrote to memory of 3472 4920 6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe GoDQJSc.exe PID 4920 wrote to memory of 5068 4920 6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe oPsGDYh.exe PID 4920 wrote to memory of 5068 4920 6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe oPsGDYh.exe PID 4920 wrote to memory of 2844 4920 6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe NisRJWJ.exe PID 4920 wrote to memory of 2844 4920 6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe NisRJWJ.exe PID 4920 wrote to memory of 3980 4920 6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe IwGWvFS.exe PID 4920 wrote to memory of 3980 4920 6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe IwGWvFS.exe PID 4920 wrote to memory of 4940 4920 6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe bNDHYvQ.exe PID 4920 wrote to memory of 4940 4920 6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe bNDHYvQ.exe PID 4920 wrote to memory of 2552 4920 6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe BWLwoJL.exe PID 4920 wrote to memory of 2552 4920 6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe BWLwoJL.exe PID 4920 wrote to memory of 3944 4920 6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe fNhnOOM.exe PID 4920 wrote to memory of 3944 4920 6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe fNhnOOM.exe PID 4920 wrote to memory of 3956 4920 6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe hUCsPPJ.exe PID 4920 wrote to memory of 3956 4920 6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe hUCsPPJ.exe PID 4920 wrote to memory of 3968 4920 6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe zopHHhs.exe PID 4920 wrote to memory of 3968 4920 6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe zopHHhs.exe PID 4920 wrote to memory of 1416 4920 6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe xMDkpzO.exe PID 4920 wrote to memory of 1416 4920 6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe xMDkpzO.exe PID 4920 wrote to memory of 3584 4920 6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe BTsagjW.exe PID 4920 wrote to memory of 3584 4920 6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe BTsagjW.exe PID 4920 wrote to memory of 3872 4920 6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe fKGCGpN.exe PID 4920 wrote to memory of 3872 4920 6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe fKGCGpN.exe PID 4920 wrote to memory of 4412 4920 6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe yjsyGeo.exe PID 4920 wrote to memory of 4412 4920 6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe yjsyGeo.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\6cfafd47c73c53becb99079b6aaf0da0_NeikiAnalytics.exe"1⤵
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\System\KDIvGdi.exeC:\Windows\System\KDIvGdi.exe2⤵
- Executes dropped EXE
-
C:\Windows\System\FzmUrcG.exeC:\Windows\System\FzmUrcG.exe2⤵
- Executes dropped EXE
-
C:\Windows\System\eQaZkxW.exeC:\Windows\System\eQaZkxW.exe2⤵
- Executes dropped EXE
-
C:\Windows\System\RNLFmYh.exeC:\Windows\System\RNLFmYh.exe2⤵
- Executes dropped EXE
-
C:\Windows\System\znADdmx.exeC:\Windows\System\znADdmx.exe2⤵
- Executes dropped EXE
-
C:\Windows\System\CkfzVtC.exeC:\Windows\System\CkfzVtC.exe2⤵
- Executes dropped EXE
-
C:\Windows\System\Tglyotl.exeC:\Windows\System\Tglyotl.exe2⤵
- Executes dropped EXE
-
C:\Windows\System\iTciALX.exeC:\Windows\System\iTciALX.exe2⤵
- Executes dropped EXE
-
C:\Windows\System\iIsZiGs.exeC:\Windows\System\iIsZiGs.exe2⤵
- Executes dropped EXE
-
C:\Windows\System\ypfXvfu.exeC:\Windows\System\ypfXvfu.exe2⤵
- Executes dropped EXE
-
C:\Windows\System\LPxuxgt.exeC:\Windows\System\LPxuxgt.exe2⤵
- Executes dropped EXE
-
C:\Windows\System\vQPVJOk.exeC:\Windows\System\vQPVJOk.exe2⤵
- Executes dropped EXE
-
C:\Windows\System\nrvAaBa.exeC:\Windows\System\nrvAaBa.exe2⤵
- Executes dropped EXE
-
C:\Windows\System\xXrXVrG.exeC:\Windows\System\xXrXVrG.exe2⤵
- Executes dropped EXE
-
C:\Windows\System\oUPVMMG.exeC:\Windows\System\oUPVMMG.exe2⤵
- Executes dropped EXE
-
C:\Windows\System\ixcJLDV.exeC:\Windows\System\ixcJLDV.exe2⤵
- Executes dropped EXE
-
C:\Windows\System\WGvxZHA.exeC:\Windows\System\WGvxZHA.exe2⤵
- Executes dropped EXE
-
C:\Windows\System\munsgUI.exeC:\Windows\System\munsgUI.exe2⤵
- Executes dropped EXE
-
C:\Windows\System\GyagfoU.exeC:\Windows\System\GyagfoU.exe2⤵
- Executes dropped EXE
-
C:\Windows\System\GoDQJSc.exeC:\Windows\System\GoDQJSc.exe2⤵
- Executes dropped EXE
-
C:\Windows\System\oPsGDYh.exeC:\Windows\System\oPsGDYh.exe2⤵
- Executes dropped EXE
-
C:\Windows\System\NisRJWJ.exeC:\Windows\System\NisRJWJ.exe2⤵
- Executes dropped EXE
-
C:\Windows\System\IwGWvFS.exeC:\Windows\System\IwGWvFS.exe2⤵
- Executes dropped EXE
-
C:\Windows\System\bNDHYvQ.exeC:\Windows\System\bNDHYvQ.exe2⤵
- Executes dropped EXE
-
C:\Windows\System\BWLwoJL.exeC:\Windows\System\BWLwoJL.exe2⤵
- Executes dropped EXE
-
C:\Windows\System\fNhnOOM.exeC:\Windows\System\fNhnOOM.exe2⤵
- Executes dropped EXE
-
C:\Windows\System\hUCsPPJ.exeC:\Windows\System\hUCsPPJ.exe2⤵
- Executes dropped EXE
-
C:\Windows\System\zopHHhs.exeC:\Windows\System\zopHHhs.exe2⤵
- Executes dropped EXE
-
C:\Windows\System\xMDkpzO.exeC:\Windows\System\xMDkpzO.exe2⤵
- Executes dropped EXE
-
C:\Windows\System\BTsagjW.exeC:\Windows\System\BTsagjW.exe2⤵
- Executes dropped EXE
-
C:\Windows\System\fKGCGpN.exeC:\Windows\System\fKGCGpN.exe2⤵
- Executes dropped EXE
-
C:\Windows\System\yjsyGeo.exeC:\Windows\System\yjsyGeo.exe2⤵
- Executes dropped EXE
-
C:\Windows\System\KstmyBJ.exeC:\Windows\System\KstmyBJ.exe2⤵
- Executes dropped EXE
-
C:\Windows\System\CxXHBcQ.exeC:\Windows\System\CxXHBcQ.exe2⤵
- Executes dropped EXE
-
C:\Windows\System\XVwViPb.exeC:\Windows\System\XVwViPb.exe2⤵
- Executes dropped EXE
-
C:\Windows\System\wVollzA.exeC:\Windows\System\wVollzA.exe2⤵
- Executes dropped EXE
-
C:\Windows\System\nHtHVIE.exeC:\Windows\System\nHtHVIE.exe2⤵
- Executes dropped EXE
-
C:\Windows\System\ejvGUaG.exeC:\Windows\System\ejvGUaG.exe2⤵
- Executes dropped EXE
-
C:\Windows\System\agSrwMO.exeC:\Windows\System\agSrwMO.exe2⤵
- Executes dropped EXE
-
C:\Windows\System\ysUkdxi.exeC:\Windows\System\ysUkdxi.exe2⤵
- Executes dropped EXE
-
C:\Windows\System\rICQOfz.exeC:\Windows\System\rICQOfz.exe2⤵
- Executes dropped EXE
-
C:\Windows\System\bMooZcy.exeC:\Windows\System\bMooZcy.exe2⤵
- Executes dropped EXE
-
C:\Windows\System\kKZCqXR.exeC:\Windows\System\kKZCqXR.exe2⤵
- Executes dropped EXE
-
C:\Windows\System\nwvkgcS.exeC:\Windows\System\nwvkgcS.exe2⤵
- Executes dropped EXE
-
C:\Windows\System\ztfUjwZ.exeC:\Windows\System\ztfUjwZ.exe2⤵
- Executes dropped EXE
-
C:\Windows\System\JCGeZVQ.exeC:\Windows\System\JCGeZVQ.exe2⤵
- Executes dropped EXE
-
C:\Windows\System\LWXVBiZ.exeC:\Windows\System\LWXVBiZ.exe2⤵
- Executes dropped EXE
-
C:\Windows\System\fZTyYIo.exeC:\Windows\System\fZTyYIo.exe2⤵
- Executes dropped EXE
-
C:\Windows\System\KWCidWj.exeC:\Windows\System\KWCidWj.exe2⤵
- Executes dropped EXE
-
C:\Windows\System\wjQiKaA.exeC:\Windows\System\wjQiKaA.exe2⤵
- Executes dropped EXE
-
C:\Windows\System\xjBwWFo.exeC:\Windows\System\xjBwWFo.exe2⤵
- Executes dropped EXE
-
C:\Windows\System\VgekFpw.exeC:\Windows\System\VgekFpw.exe2⤵
- Executes dropped EXE
-
C:\Windows\System\pezNZsQ.exeC:\Windows\System\pezNZsQ.exe2⤵
- Executes dropped EXE
-
C:\Windows\System\WdWfQCt.exeC:\Windows\System\WdWfQCt.exe2⤵
- Executes dropped EXE
-
C:\Windows\System\OoLGGPJ.exeC:\Windows\System\OoLGGPJ.exe2⤵
- Executes dropped EXE
-
C:\Windows\System\ItvRFHx.exeC:\Windows\System\ItvRFHx.exe2⤵
- Executes dropped EXE
-
C:\Windows\System\btfRxQj.exeC:\Windows\System\btfRxQj.exe2⤵
- Executes dropped EXE
-
C:\Windows\System\gGWeMfT.exeC:\Windows\System\gGWeMfT.exe2⤵
- Executes dropped EXE
-
C:\Windows\System\DsHrter.exeC:\Windows\System\DsHrter.exe2⤵
- Executes dropped EXE
-
C:\Windows\System\gWHjmzi.exeC:\Windows\System\gWHjmzi.exe2⤵
- Executes dropped EXE
-
C:\Windows\System\xkfoPQY.exeC:\Windows\System\xkfoPQY.exe2⤵
- Executes dropped EXE
-
C:\Windows\System\MKsUTrP.exeC:\Windows\System\MKsUTrP.exe2⤵
- Executes dropped EXE
-
C:\Windows\System\SHQckCJ.exeC:\Windows\System\SHQckCJ.exe2⤵
- Executes dropped EXE
-
C:\Windows\System\pKsmxAK.exeC:\Windows\System\pKsmxAK.exe2⤵
- Executes dropped EXE
-
C:\Windows\System\ThnvIfx.exeC:\Windows\System\ThnvIfx.exe2⤵
-
C:\Windows\System\JdlCtZU.exeC:\Windows\System\JdlCtZU.exe2⤵
-
C:\Windows\System\bRnsCxZ.exeC:\Windows\System\bRnsCxZ.exe2⤵
-
C:\Windows\System\QtVLOUJ.exeC:\Windows\System\QtVLOUJ.exe2⤵
-
C:\Windows\System\EWCTXDR.exeC:\Windows\System\EWCTXDR.exe2⤵
-
C:\Windows\System\dTsfcdf.exeC:\Windows\System\dTsfcdf.exe2⤵
-
C:\Windows\System\mnuVEQH.exeC:\Windows\System\mnuVEQH.exe2⤵
-
C:\Windows\System\fyrBeaI.exeC:\Windows\System\fyrBeaI.exe2⤵
-
C:\Windows\System\TheiYcc.exeC:\Windows\System\TheiYcc.exe2⤵
-
C:\Windows\System\WPDHqLQ.exeC:\Windows\System\WPDHqLQ.exe2⤵
-
C:\Windows\System\aGZHBuV.exeC:\Windows\System\aGZHBuV.exe2⤵
-
C:\Windows\System\fjKQLer.exeC:\Windows\System\fjKQLer.exe2⤵
-
C:\Windows\System\ZgXZSnz.exeC:\Windows\System\ZgXZSnz.exe2⤵
-
C:\Windows\System\XVOEEds.exeC:\Windows\System\XVOEEds.exe2⤵
-
C:\Windows\System\VNuYDkD.exeC:\Windows\System\VNuYDkD.exe2⤵
-
C:\Windows\System\XdoYNyq.exeC:\Windows\System\XdoYNyq.exe2⤵
-
C:\Windows\System\mMgodtd.exeC:\Windows\System\mMgodtd.exe2⤵
-
C:\Windows\System\hEoetDI.exeC:\Windows\System\hEoetDI.exe2⤵
-
C:\Windows\System\YQnuCEL.exeC:\Windows\System\YQnuCEL.exe2⤵
-
C:\Windows\System\gykTZcn.exeC:\Windows\System\gykTZcn.exe2⤵
-
C:\Windows\System\akXysGW.exeC:\Windows\System\akXysGW.exe2⤵
-
C:\Windows\System\iqrpMpV.exeC:\Windows\System\iqrpMpV.exe2⤵
-
C:\Windows\System\fhmlHAf.exeC:\Windows\System\fhmlHAf.exe2⤵
-
C:\Windows\System\XEsPNED.exeC:\Windows\System\XEsPNED.exe2⤵
-
C:\Windows\System\eSAaXsP.exeC:\Windows\System\eSAaXsP.exe2⤵
-
C:\Windows\System\vXwdlQe.exeC:\Windows\System\vXwdlQe.exe2⤵
-
C:\Windows\System\sQxAXAE.exeC:\Windows\System\sQxAXAE.exe2⤵
-
C:\Windows\System\vtCWAMG.exeC:\Windows\System\vtCWAMG.exe2⤵
-
C:\Windows\System\VwxuAzN.exeC:\Windows\System\VwxuAzN.exe2⤵
-
C:\Windows\System\KTnXHhg.exeC:\Windows\System\KTnXHhg.exe2⤵
-
C:\Windows\System\fArzwNZ.exeC:\Windows\System\fArzwNZ.exe2⤵
-
C:\Windows\System\MqNFCqa.exeC:\Windows\System\MqNFCqa.exe2⤵
-
C:\Windows\System\pBJaAYi.exeC:\Windows\System\pBJaAYi.exe2⤵
-
C:\Windows\System\qITFYjR.exeC:\Windows\System\qITFYjR.exe2⤵
-
C:\Windows\System\trvFkgV.exeC:\Windows\System\trvFkgV.exe2⤵
-
C:\Windows\System\FUTrpUW.exeC:\Windows\System\FUTrpUW.exe2⤵
-
C:\Windows\System\ZtfOPxm.exeC:\Windows\System\ZtfOPxm.exe2⤵
-
C:\Windows\System\oeByfWG.exeC:\Windows\System\oeByfWG.exe2⤵
-
C:\Windows\System\Scbgixo.exeC:\Windows\System\Scbgixo.exe2⤵
-
C:\Windows\System\wQRQfiO.exeC:\Windows\System\wQRQfiO.exe2⤵
-
C:\Windows\System\dnAMyQU.exeC:\Windows\System\dnAMyQU.exe2⤵
-
C:\Windows\System\RpQLmbV.exeC:\Windows\System\RpQLmbV.exe2⤵
-
C:\Windows\System\tslSFFq.exeC:\Windows\System\tslSFFq.exe2⤵
-
C:\Windows\System\spBRXSN.exeC:\Windows\System\spBRXSN.exe2⤵
-
C:\Windows\System\YGZmrPd.exeC:\Windows\System\YGZmrPd.exe2⤵
-
C:\Windows\System\fSxpmCS.exeC:\Windows\System\fSxpmCS.exe2⤵
-
C:\Windows\System\DzsbMvN.exeC:\Windows\System\DzsbMvN.exe2⤵
-
C:\Windows\System\uMXjoaG.exeC:\Windows\System\uMXjoaG.exe2⤵
-
C:\Windows\System\pAUJSAy.exeC:\Windows\System\pAUJSAy.exe2⤵
-
C:\Windows\System\jFmSFqA.exeC:\Windows\System\jFmSFqA.exe2⤵
-
C:\Windows\System\TBwfiqW.exeC:\Windows\System\TBwfiqW.exe2⤵
-
C:\Windows\System\PKVHJvS.exeC:\Windows\System\PKVHJvS.exe2⤵
-
C:\Windows\System\yqqVtCj.exeC:\Windows\System\yqqVtCj.exe2⤵
-
C:\Windows\System\CUSrTqv.exeC:\Windows\System\CUSrTqv.exe2⤵
-
C:\Windows\System\pyvoMAv.exeC:\Windows\System\pyvoMAv.exe2⤵
-
C:\Windows\System\UlOanlQ.exeC:\Windows\System\UlOanlQ.exe2⤵
-
C:\Windows\System\cBoQRVP.exeC:\Windows\System\cBoQRVP.exe2⤵
-
C:\Windows\System\zySAOlm.exeC:\Windows\System\zySAOlm.exe2⤵
-
C:\Windows\System\YXCyUbE.exeC:\Windows\System\YXCyUbE.exe2⤵
-
C:\Windows\System\EJAAdRF.exeC:\Windows\System\EJAAdRF.exe2⤵
-
C:\Windows\System\ZZHjqVG.exeC:\Windows\System\ZZHjqVG.exe2⤵
-
C:\Windows\System\CTlTrxg.exeC:\Windows\System\CTlTrxg.exe2⤵
-
C:\Windows\System\kMOVKWf.exeC:\Windows\System\kMOVKWf.exe2⤵
-
C:\Windows\System\tLGEIcq.exeC:\Windows\System\tLGEIcq.exe2⤵
-
C:\Windows\System\OpkTKrJ.exeC:\Windows\System\OpkTKrJ.exe2⤵
-
C:\Windows\System\xtPxdRM.exeC:\Windows\System\xtPxdRM.exe2⤵
-
C:\Windows\System\ErAqtYe.exeC:\Windows\System\ErAqtYe.exe2⤵
-
C:\Windows\System\EAFNBep.exeC:\Windows\System\EAFNBep.exe2⤵
-
C:\Windows\System\IiQRsjH.exeC:\Windows\System\IiQRsjH.exe2⤵
-
C:\Windows\System\JIDcsiB.exeC:\Windows\System\JIDcsiB.exe2⤵
-
C:\Windows\System\LZbNEMm.exeC:\Windows\System\LZbNEMm.exe2⤵
-
C:\Windows\System\UnnChAk.exeC:\Windows\System\UnnChAk.exe2⤵
-
C:\Windows\System\OmXUKnS.exeC:\Windows\System\OmXUKnS.exe2⤵
-
C:\Windows\System\OSPAeqx.exeC:\Windows\System\OSPAeqx.exe2⤵
-
C:\Windows\System\IjqCKEI.exeC:\Windows\System\IjqCKEI.exe2⤵
-
C:\Windows\System\dmkjsnP.exeC:\Windows\System\dmkjsnP.exe2⤵
-
C:\Windows\System\RigQTkm.exeC:\Windows\System\RigQTkm.exe2⤵
-
C:\Windows\System\WnVpPha.exeC:\Windows\System\WnVpPha.exe2⤵
-
C:\Windows\System\YyAbVVm.exeC:\Windows\System\YyAbVVm.exe2⤵
-
C:\Windows\System\LjFxEQV.exeC:\Windows\System\LjFxEQV.exe2⤵
-
C:\Windows\System\fhPnGwf.exeC:\Windows\System\fhPnGwf.exe2⤵
-
C:\Windows\System\IHIPsNY.exeC:\Windows\System\IHIPsNY.exe2⤵
-
C:\Windows\System\iDkXeLB.exeC:\Windows\System\iDkXeLB.exe2⤵
-
C:\Windows\System\VghulLQ.exeC:\Windows\System\VghulLQ.exe2⤵
-
C:\Windows\System\UjyNiHy.exeC:\Windows\System\UjyNiHy.exe2⤵
-
C:\Windows\System\dBMNySQ.exeC:\Windows\System\dBMNySQ.exe2⤵
-
C:\Windows\System\PxxxfEV.exeC:\Windows\System\PxxxfEV.exe2⤵
-
C:\Windows\System\nMyZTYi.exeC:\Windows\System\nMyZTYi.exe2⤵
-
C:\Windows\System\MQfDYXb.exeC:\Windows\System\MQfDYXb.exe2⤵
-
C:\Windows\System\jboOZuK.exeC:\Windows\System\jboOZuK.exe2⤵
-
C:\Windows\System\rFpSUsD.exeC:\Windows\System\rFpSUsD.exe2⤵
-
C:\Windows\System\sVjZRRJ.exeC:\Windows\System\sVjZRRJ.exe2⤵
-
C:\Windows\System\hmgbtCH.exeC:\Windows\System\hmgbtCH.exe2⤵
-
C:\Windows\System\xKHclZh.exeC:\Windows\System\xKHclZh.exe2⤵
-
C:\Windows\System\QtyFdGi.exeC:\Windows\System\QtyFdGi.exe2⤵
-
C:\Windows\System\vlzeTNz.exeC:\Windows\System\vlzeTNz.exe2⤵
-
C:\Windows\System\zRwCBoU.exeC:\Windows\System\zRwCBoU.exe2⤵
-
C:\Windows\System\yoQdVFl.exeC:\Windows\System\yoQdVFl.exe2⤵
-
C:\Windows\System\VpSXAVx.exeC:\Windows\System\VpSXAVx.exe2⤵
-
C:\Windows\System\gjQhsiV.exeC:\Windows\System\gjQhsiV.exe2⤵
-
C:\Windows\System\TgZrCUt.exeC:\Windows\System\TgZrCUt.exe2⤵
-
C:\Windows\System\bziXGEG.exeC:\Windows\System\bziXGEG.exe2⤵
-
C:\Windows\System\YEeakkb.exeC:\Windows\System\YEeakkb.exe2⤵
-
C:\Windows\System\kKjiLxl.exeC:\Windows\System\kKjiLxl.exe2⤵
-
C:\Windows\System\RZEnGxC.exeC:\Windows\System\RZEnGxC.exe2⤵
-
C:\Windows\System\PatgJSY.exeC:\Windows\System\PatgJSY.exe2⤵
-
C:\Windows\System\ZjWNJqq.exeC:\Windows\System\ZjWNJqq.exe2⤵
-
C:\Windows\System\CCaCFxR.exeC:\Windows\System\CCaCFxR.exe2⤵
-
C:\Windows\System\ZdoCdyk.exeC:\Windows\System\ZdoCdyk.exe2⤵
-
C:\Windows\System\XgaofQN.exeC:\Windows\System\XgaofQN.exe2⤵
-
C:\Windows\System\sKHWOMa.exeC:\Windows\System\sKHWOMa.exe2⤵
-
C:\Windows\System\IktbCEW.exeC:\Windows\System\IktbCEW.exe2⤵
-
C:\Windows\System\gQsFyQT.exeC:\Windows\System\gQsFyQT.exe2⤵
-
C:\Windows\System\WVGXVuH.exeC:\Windows\System\WVGXVuH.exe2⤵
-
C:\Windows\System\kRfxLWw.exeC:\Windows\System\kRfxLWw.exe2⤵
-
C:\Windows\System\CoPGBLl.exeC:\Windows\System\CoPGBLl.exe2⤵
-
C:\Windows\System\lbNyrCY.exeC:\Windows\System\lbNyrCY.exe2⤵
-
C:\Windows\System\IDhSVPx.exeC:\Windows\System\IDhSVPx.exe2⤵
-
C:\Windows\System\PkRFqDd.exeC:\Windows\System\PkRFqDd.exe2⤵
-
C:\Windows\System\AZSFODh.exeC:\Windows\System\AZSFODh.exe2⤵
-
C:\Windows\System\DpbwtSc.exeC:\Windows\System\DpbwtSc.exe2⤵
-
C:\Windows\System\EUKbeGs.exeC:\Windows\System\EUKbeGs.exe2⤵
-
C:\Windows\System\EOKzkyE.exeC:\Windows\System\EOKzkyE.exe2⤵
-
C:\Windows\System\iXnNftY.exeC:\Windows\System\iXnNftY.exe2⤵
-
C:\Windows\System\RLshkCn.exeC:\Windows\System\RLshkCn.exe2⤵
-
C:\Windows\System\tYJygjS.exeC:\Windows\System\tYJygjS.exe2⤵
-
C:\Windows\System\ApXLzXS.exeC:\Windows\System\ApXLzXS.exe2⤵
-
C:\Windows\System\qlJwwGc.exeC:\Windows\System\qlJwwGc.exe2⤵
-
C:\Windows\System\iAcXTTt.exeC:\Windows\System\iAcXTTt.exe2⤵
-
C:\Windows\System\ttLSTlk.exeC:\Windows\System\ttLSTlk.exe2⤵
-
C:\Windows\System\VyVBSuW.exeC:\Windows\System\VyVBSuW.exe2⤵
-
C:\Windows\System\SuAjstS.exeC:\Windows\System\SuAjstS.exe2⤵
-
C:\Windows\System\zzvRRKQ.exeC:\Windows\System\zzvRRKQ.exe2⤵
-
C:\Windows\System\TGdlbAb.exeC:\Windows\System\TGdlbAb.exe2⤵
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Windows\System\BTsagjW.exeFilesize
1013KB
MD5fc6f5edead7d9c31283f5746194ab48b
SHA1e3bd76be9a6eba5097859ea4da7a6579418c282a
SHA2560be5973b06e2aad2b34a209c80947bf5e3a783aa77827dea63e852bcb57dbd69
SHA5120bbb5cb9389ad6d07e66be413698f5a1f9d930e332ed73cacdb088b032093295646686aa401d2369bb2d18a9e70f5a5dc77dab97ae34fb878a2016057094c142
-
C:\Windows\System\BWLwoJL.exeFilesize
1011KB
MD5decc1e5b3c628897541f4676331991a2
SHA1e3e9a2e9fba82f03633a85a447a2937ce9947116
SHA256cb573608ecfca7a5f5b552b6fe7d97dbd9f9e180f7156dca4dc0976499f73a0c
SHA5121ae21f4906636812443aec45724db4a1e99c864f75dd4a287767705a2640834ebcb54d1379a7cf9fec8578b58b5720b5da8a65a2f93725e1e8e7b62c7dee5ed5
-
C:\Windows\System\CkfzVtC.exeFilesize
1007KB
MD565d109b8fcd60f3bb2f0a83d17b6b02a
SHA18a7d0d87e5a11f6069cdc941f1be61ca723c89d3
SHA25640a71a86d02ed99e5b6fcb3d79bb1f0b5a87e2f28ac6b7f982bc02ea5e8e3929
SHA51218ce6c9be7ff090590153766173f84e8d49a4243ec0eaec392132af2e150b89a3d2f2b1b5848ac102f1d968c3036d180a423384f44cd69bd5021b5765f321c79
-
C:\Windows\System\FzmUrcG.exeFilesize
1006KB
MD50e74beb6dd2f83bea4d016e25823eef3
SHA1e4527c9c1b2af0f9630346efb2a11a37b11d9c05
SHA2569da7595cfb7d78ea5c81184e6bc46c2115723060c22294008dcc4033ba070c64
SHA512c9bab88cb4b3b32186c0c4705c2170572a18935cae24bc710b9d8bb797c9f698900bef0fc39de2ff192c2075e8aa7b30ec7425d99c4103cd14c9536584fcb14b
-
C:\Windows\System\GoDQJSc.exeFilesize
1010KB
MD5c3b3fcbe81b4c48a47d828578aedabe9
SHA14dcf8047f5e4d33538979894180f66e4811a236c
SHA256b01e75f599d55f8601f681b50e19d9ec56cf17fe56bdc33d3327ba5121a8494e
SHA512de3bbb288aee998dc0769cc5a9d48ffc48c9c1cd0600067b07e9025ba7c8791ca6ae393e03cd1f4185ecf6526beb9ac7bddd08a2cea27a40eaac624045afb589
-
C:\Windows\System\GyagfoU.exeFilesize
1010KB
MD5ec414ed18d3feacd1a042f52d15c621c
SHA1585c8fb5b7a198bdd8b530392c2e0edcd10b2cfe
SHA2565b68d4bdee7863eeb7420eedc004948b308c7cc026a274e318c3c93b9487feee
SHA51290ef3aba1abeb3e55bcbf337142d0456e35f54ee26fd758dad5930567d66635c8e524d1d35fb7fe096cfa96dc007448b63f0566b36ad5922fb8ad6a49af2edae
-
C:\Windows\System\IwGWvFS.exeFilesize
1011KB
MD56d1604aee6f91f2ee65881ef07d048d4
SHA1c51132001629f29cb1078f8f76f3c49d12981b8f
SHA256a5ed92a20493946f7dae22d5c10f7d0cec596097c754680c2ac682be10716c35
SHA512c0df4ce222a44bd7b0660427c42be559541f12a01034cb3071d3e1422fd1dff6805cc4e6dd941122be4c607b74d1ee9b8c3f1fbd3e38819b125d51488fa6072d
-
C:\Windows\System\KDIvGdi.exeFilesize
1005KB
MD54fa34aa3533ce8b768c8686bcb7c2cda
SHA17e6d2151e58b8ed6f4d2be65e37dc37f2bc851f7
SHA2569f356df73f6e1631748eefccbcaa0f426fb98d04b2b0e48baca7ec69e561aa62
SHA5124c603d6a4a44443b3ea7d0b8a1649caedd98ff34cb8593f80ddd32e310673de5af45af9cc1fd78fd01b8aadc2c2071bebd89fda453916fba91acf091948af957
-
C:\Windows\System\KstmyBJ.exeFilesize
1013KB
MD56d71955f7ed41087d3e45f7650f4880f
SHA114aad72a682fcd19446accbe3a92997bc2a50c1f
SHA25637c6d71d94e651dfe1870b51a8fb2ff40ed0b98225ce15e75f07de74fb0cd482
SHA512dae4818ad3a6f739ff1e7336e17fecd49fdff7a0ef6d7b7a58fcf70c4ac85f9dcfe79c9d57f1c38a75e8009b21a6cc3a567f8448d57d63035d655017cf0f6e2c
-
C:\Windows\System\LPxuxgt.exeFilesize
1008KB
MD529d9f3caa158b1fc2fd3849230e14257
SHA12ff6471b7eb874a76cf081ad1e09a81c22719bb9
SHA2568a16b001194b4fc08e7729a46b7b961625f5ee6899e57f8228bdec823723664d
SHA512ea87116896740cd9b251ab2a4a373d4768c2bb355d093ab4622e5360bdc8d2dc42352bbb2f0adc18c353aaa6f70d8ac27411f26491d080654ba5361d495b778f
-
C:\Windows\System\NisRJWJ.exeFilesize
1011KB
MD591a09c1d4f5ea00fdd5f79b594c36d94
SHA1d630e5066813c9480d14734d4b732895a8410e8d
SHA256c0e28020f9f6f2149a77dedac50d17507d5413e02b59991ccf903ad6f32144ec
SHA5121d12441b9adfc3f58362ea53191fae3ad67bcc3cebecce0b2c30fc1ca2fdba0b40ff66630e71f088a51a7a7a964a6aedd1929ee5331d999a71e3c75a73545461
-
C:\Windows\System\RNLFmYh.exeFilesize
1006KB
MD556c7cb6c6759f20aea98317c3dbb440a
SHA1d9355003d0cef2f09b213856fc9b1d827d8b004f
SHA256f49e48ab4c7311dcfd825e87421b5604cda261e1540c414ac2d30f45fdc9b020
SHA5124a98f74d6e4ae27ae90db5910e3f096f3bfbfee035ca248af857de636fb3ce4f93d82fe73833bbbe473f5b6b01da554fc2531268b0c102d4bf4316463e674078
-
C:\Windows\System\Tglyotl.exeFilesize
1007KB
MD5aa1fd98498beea675cf008e76878f042
SHA154e4db08b1248fade658824d12e9f020b0973c5c
SHA2562bf51b8563e7fd57245a1523c56f7df8871ead6a87a902cf82fcf858d110220e
SHA51277be1084e6424d1f73c50cda03ac284bf2c7943da8f397c9a0100b1daa432d8069ff8b681d448cbdce8fc95b01cb9da0d9de5461cfb206374c2c58a0e703cd0a
-
C:\Windows\System\WGvxZHA.exeFilesize
1009KB
MD5fe47260f7e48cbda7c06ff376dea8574
SHA1b910742b2bb92d46261e828c8b68ead27e4d54f8
SHA25663d51bb49edd2f3d68620573d522c2d07a9accafcee5defa075101e17b83a43e
SHA51228a436c59d8cb6faea38907e1a683c0672a602b6b46c5cfc082e106206658ad06e35c1d905039e37a6bf5d4d8cabf72ce17156af254637753d1a9af26437e57a
-
C:\Windows\System\bNDHYvQ.exeFilesize
1011KB
MD5dffa6bbdf9153a8196ba06110a3c641b
SHA14cfe04aa03967c77ae84e1b175edf16623fb284c
SHA256635da2e84d5e5deb77be81349d8fd511d08818d99227aebdd6cf29b8f6ef431b
SHA5122a74094c63dab3d17e8ef826f0697494114678a8938c3a51c627dbfa4f5da068a5b54d57f7db12e79213257f45f2048aa8e78983c8782617ad1040c46ff25a73
-
C:\Windows\System\eQaZkxW.exeFilesize
1006KB
MD500ddad9a5e0b2d7828618fabf94c2785
SHA16948ea6392f99ae05d5f415e1f948a1ab3428cfa
SHA256278c95d0573328def5463dd9ea163a24916625d0336de19a7ef4e2bf007b197b
SHA51242a1469146c868b8effafccdef287af8633286b8f732c70f0d04bf0636450ae0a8f4a5d7c9da2a4f76ae8bf036cfc7cb7b95400504bb029bc5440ad864fe0b8d
-
C:\Windows\System\fKGCGpN.exeFilesize
1013KB
MD51bf6faa6b1f0cc1b8416753978e09bc0
SHA19dfbe09a13c11c5023d30e04896567dd508456c1
SHA2565692f32d7d08509dea4c4b38fecbd2629c822e717458774366ab5cddb509c2fe
SHA512111e25145707cc2ecfcb1a4238013c0875685131c9d801ec1e72f911a011412d7176e3a0daa7b0abab2c45e82315ba7f86ef8ecf1db68f0a37ff7041bd8273e6
-
C:\Windows\System\fNhnOOM.exeFilesize
1012KB
MD5b0469acdd55b947d8e774669e1f10692
SHA1ec2e03b8a3c56ee59cce4113c10787b459664717
SHA256ad0027aaab6cecbabbc82dcd9a624933e2f21c98fabbbdf07a3c0d39cd63745c
SHA5126a09aef67f23739d799559320140ec3575ca1b47c484db9a79a25dacdcf476e750897865682b31574e3593ee48e014933488237553ddaabc4746bb15ef5caef0
-
C:\Windows\System\hUCsPPJ.exeFilesize
1012KB
MD5697529c9ed250aee886c9882e420c554
SHA18b0ae5cefdc48a6a7dc68e31d5c1503152206c3f
SHA2566d7fced12a9765d5fc7e41e0c0eb14ddf00d08477590dbcfb5f59ae8544e163c
SHA5125cac250177140b339b6d2684619a365fc5295e5fa9b004c11900b5dcdc8ac2779cb2b7f95a7712ffbf3b64912dec56ff1d198126cc8473d62015352301016387
-
C:\Windows\System\iIsZiGs.exeFilesize
1007KB
MD5baed8842933f7cf9aff6b72dea9e5f84
SHA1b6b14d23e8e1004d8f95300e68d11b77c531f5ca
SHA256f628f09d5d226dddea9651c1ca73e8f4513476811d288d4c85f8c9735a2f8b60
SHA51224d93c52333bcd6cec386f8c7ceb9b26e04724a8eef4b220ad0d4e5b7791c2d60b199b706c041a73366fde79a4941809013857f9969c302cf15f4e6b9366392c
-
C:\Windows\System\iTciALX.exeFilesize
1007KB
MD5b08fb71c0b208994e52d9df3cdbffcf5
SHA1be14eb2c344de57f3b108aadc9c6e381ca6d2efb
SHA2563b19a57d375109326adc23cef0003d4fb9b327c6210c7f4eee3efd7b842e1bf2
SHA51277ca3ef2e85ec3143d9e8239e210a5065463e6b3446d4281f26a60a0dc75166388bcb38dcbf678843b87c8341bf71a9825beb79b6f1daf3b12754472af6510df
-
C:\Windows\System\ixcJLDV.exeFilesize
1009KB
MD510127c15638f5ee61c635db509effeb0
SHA1885b0535ee4d8c04eec7118ecaa21f843e2c8459
SHA25682be081a5dc5efdcd41ae5fc28b7d3db195db66a98a8480167843567dc0c5930
SHA512beb8b044f595c9448c573a622a7edf26c9dc0a7c98be931195484c077765d717b979b23eb4262dafdef6c8c91014112c89012f673ff367bd43807d8e11e27ed6
-
C:\Windows\System\munsgUI.exeFilesize
1010KB
MD5dd1d90d977a421419254bf55853bf60e
SHA1d9d8259ebbf62e16846f26f302deee9cee91cb01
SHA2562b73eb67a7a875a83cf35460980175ab45c3fa47fef5207e55fd84e58ad30b17
SHA51274d41fce75d9103f6a032d858c7c80d838256645e1a5454ee5d0251dc335f5baf3c8b4e531cb53213e9ccbc106495de699d7b9e32103652c8f3a35070cc9b176
-
C:\Windows\System\nrvAaBa.exeFilesize
1008KB
MD523afe46e9ec97f18cf7732994e41f692
SHA130d8c13b768da12cbfcc2adc4d6d823462c4b079
SHA2567a22430478d42fc3a9905ede869f3d748ee35486f8aa109b4387ac02a534f5a4
SHA512f75c8d4dd2d10b434cff2ac33633748c11fb2590f30571cb399e13ead68d6d0fd5c977fe5976b758d7cf83dbc0e24d0478067fc62fc16fb73377a225bff6e416
-
C:\Windows\System\oPsGDYh.exeFilesize
1010KB
MD55dccd6a39277592c94c2dd8fffeaeccf
SHA1878824b7a9e49d357f7ff01c0db4758f35df3e9f
SHA256461c31eb2a1b50094d61634cee95caf81b05a437d673689be6ec73ae093da2fc
SHA512dab32f529efb6beaca02f00bbc5aaa629bb513e551bdadf3f0705e0d3c681cb805166f4c6002437cb77bb1b25056dc83f02fd815028809c5bf826bbc8ce107d0
-
C:\Windows\System\oUPVMMG.exeFilesize
1009KB
MD57ededf97a129c612f85a95558a4ce480
SHA1d79ad5892e59bb779ec4153a26bf40c36a869d54
SHA25656063783e486167f5cd9b9d26b5da9035f31b5c61c520053805949d107a94eb8
SHA5127dfb26402f9ffdfd8047e3f2b7c70f06de9b6fbe2b377fdc3af6ecceeff66e311a049a8b2fab6da21f48fc91e634791de9c4f0a018567562a57efd646ff19ce2
-
C:\Windows\System\vQPVJOk.exeFilesize
1008KB
MD5b13a362f7b9ae2e5affee24c1bcc4362
SHA18c87b37797d2a5da03ec2f111db62d7b2b13426a
SHA25687c9615bcd1a2c1df62a0850621bf66c93e4fbdbc4db1e8c8bd12967cedbf3b0
SHA512736f60823bafa6097ee5ef0a7d22afc1d4fdeb70aab74936ce4e6bb33ee6ecbe5b61688d73e8a321015fd07a377f18d03380f17461e29745ef44d0825e77849c
-
C:\Windows\System\xMDkpzO.exeFilesize
1012KB
MD56d7289de4f1b9ded779e23daf1016aa8
SHA17c3e9fcaf1023603f7eefdcd15ec2a246f9d8181
SHA256a6c83b8ae8fdf67f66f3c0a52e866edbc857490dab23afa389d6c5755440538f
SHA5127d30dc55313f74b77be3b935b0e3a575bcaf1a9c6046e40153122e4a46014b9e712dc872aa884d416439f09c4fea9d746590961ebb2a43ace339770ff164f718
-
C:\Windows\System\xXrXVrG.exeFilesize
1009KB
MD54d45e257a867f7bffa98c8938567421d
SHA166b8583dff5533acd38ec15f317aabfdf880dc75
SHA256cfad0037c3b4084c63c9e0859ff164399e3999e49ef03e7b1c2e7bb464a90319
SHA5123476ff8da1aa4fec10a37c80414ebe960e92bd962b7b926e523b4621bbdecdbd1c20b79ba02d85aaaa7fa016432875148524dda66593197c725a177147478b70
-
C:\Windows\System\yjsyGeo.exeFilesize
1013KB
MD505c35e2568730a1606bc64d15b87d881
SHA1d9fc442195b05a58f7bbd440df96b19866696a59
SHA2567ebdad7d701dbab29c6aa342cfc31ca8e7ebb25fd68905b8884590e1ccd01f34
SHA51244e62b14f7dbb4f2c59a0d674a51c99ad4bbc63c694db8aa31c02c176ad6552d555cf013e56998cacacc7e5c9c9a8c72cb296867d4d0dd777147c62d408dfba8
-
C:\Windows\System\ypfXvfu.exeFilesize
1008KB
MD52e3b5592302dc3fa2665c9f2e4bb3244
SHA156cb9b4d2f279fa49bdecb7ad87151572aae8814
SHA25604b29a1e1b796f0b53a369f8005b7dee93524ff6285602d3d7f1f40329180c47
SHA5124ab1886a175bdd74184f603f66309cf7eec0770257fb95c8ac71a3b3cea63eb6cd7cd4968bb509721249d01dedda723956110dc15957be05960abea3b8e9e8f6
-
C:\Windows\System\znADdmx.exeFilesize
1006KB
MD582f2e027c399fd82040d34bde2e42e7c
SHA1293acdc717d9b7b2eebfcb5ffb78ab6ecab074f3
SHA256b9ffbb1caa1c3e751c6ad0625d2b54e4a60496241a07e63847abb0f2824c5254
SHA512ffaf0f6af45c0198f63fb8dc3a86e1a64c5b12bcfaab4dc8c2dc0c82d190cbd03a25dea72ac21f8eac272f02213735faa75b3c223fc3721e299845cc54345215
-
C:\Windows\System\zopHHhs.exeFilesize
1012KB
MD5a7ed996887c0fc0aea304f1e5d565584
SHA15430a7d6a335d3d967006fd37b8e22b1d4836f7b
SHA256f74a25586b62627f2fd130014417629cdca9500d70956bfbd90b34012d5f0719
SHA512ffc60f9374464535fca286facccfc51d874b084c6d7344a394f8b58ba91df57220eb56a64108940934d163c69e56ab7642b6f296dea7966a63c86f90de023d8d
-
memory/4920-0-0x0000013B320C0000-0x0000013B320D0000-memory.dmpFilesize
64KB