xmrig | e44119e0ca3ed5d923b3db9ca3454f19e59bebcd05bba7ed2b0ff9da44fd09c8

Analysis

max time kernel
143s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
13-06-2024 13:45

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

813be4ec38a695a2058343e26fb6c040_NeikiAnalytics.exe
Size

1010KB
MD5

813be4ec38a695a2058343e26fb6c040
SHA1

8514db714f99055fb7622c58602c11c482f58e93
SHA256

e44119e0ca3ed5d923b3db9ca3454f19e59bebcd05bba7ed2b0ff9da44fd09c8
SHA512

e4355ace498d8dfc177df0fdb00501ac459c640afad8e7a78e850d9bafb5f7708f681c6da6600abacb8cfbe3c69d3fa040e9ef505b09ea20a2d2869fb299d509
SSDEEP

24576:GezaTnG99Q8FcNrpyNdfE0bLBgDOp2iSLz9LbBwlKensPLNx:GezaTF8FcNkNdfE0pZ9oztFwIhL3

Score

10^/10

xmrig miner

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 32 IoCs

miner

Processes:

resource	yara_rule
C:\Windows\System\zSKIpnK.exe	xmrig
C:\Windows\System\jAMSXpD.exe	xmrig
C:\Windows\System\karhspJ.exe	xmrig
C:\Windows\System\phDeYZn.exe	xmrig
C:\Windows\System\JviNbMg.exe	xmrig
C:\Windows\System\nduDFHY.exe	xmrig
C:\Windows\System\KlkyZOA.exe	xmrig
C:\Windows\System\UylNDSx.exe	xmrig
C:\Windows\System\nxdTonp.exe	xmrig
C:\Windows\System\JYPieLi.exe	xmrig
C:\Windows\System\rNWXLdA.exe	xmrig
C:\Windows\System\KVYfRBJ.exe	xmrig
C:\Windows\System\nrErUGy.exe	xmrig
C:\Windows\System\ZsTsTRW.exe	xmrig
C:\Windows\System\OzbiDZp.exe	xmrig
C:\Windows\System\JqHvDaq.exe	xmrig
C:\Windows\System\TvUbRYk.exe	xmrig
C:\Windows\System\XykhEgo.exe	xmrig
C:\Windows\System\mfdOkIw.exe	xmrig
C:\Windows\System\HDDFBJg.exe	xmrig
C:\Windows\System\FEsyJig.exe	xmrig
C:\Windows\System\daKOBHR.exe	xmrig
C:\Windows\System\LAoEVVf.exe	xmrig
C:\Windows\System\CgzWwZS.exe	xmrig
C:\Windows\System\aWLOejk.exe	xmrig
C:\Windows\System\oxjeBXu.exe	xmrig
C:\Windows\System\GmHeUVV.exe	xmrig
C:\Windows\System\xExfEMs.exe	xmrig
C:\Windows\System\eslIzlg.exe	xmrig
C:\Windows\System\CrfkMxs.exe	xmrig
C:\Windows\System\AvHNfFH.exe	xmrig
C:\Windows\System\YmkQDLN.exe	xmrig

Executes dropped EXE 64 IoCs

Processes:

zSKIpnK.exekarhspJ.exejAMSXpD.exephDeYZn.exeJviNbMg.exenduDFHY.exeUylNDSx.exeKlkyZOA.exenxdTonp.exeJYPieLi.exerNWXLdA.exeKVYfRBJ.exenrErUGy.exeZsTsTRW.exeTvUbRYk.exeOzbiDZp.exeJqHvDaq.exeXykhEgo.exemfdOkIw.exeHDDFBJg.exeFEsyJig.exedaKOBHR.exeLAoEVVf.exeCgzWwZS.exeaWLOejk.exeoxjeBXu.exexExfEMs.exeGmHeUVV.exeeslIzlg.exeCrfkMxs.exeAvHNfFH.exeYmkQDLN.exezrWdhIl.exeAcUrewJ.exehjEymQK.exeOhpKRJA.exeHlgEiyI.exeQrbrlqE.exefKYRrOu.exekZjEbwY.exegidUsrD.exespLBuiR.exepUTGRSB.exetbxoqyE.exeXUCrxiC.exeTovBacH.exeZhYoSRq.exegEUJmqP.exejzNCtFo.exeGeMiuTU.exejNpQqcp.exeYPUMVAG.exeQeYQFFc.exeWUMLHHj.exeNaCnYYY.exeSaBmXmv.exekHvuTlA.exeAowYxWs.exeHGcWeZM.exemwEpKsl.exekKOOBZl.execcyGVsJ.exeNlagPsY.exeMLcueZc.exe

pid	process
5028	zSKIpnK.exe
4004	karhspJ.exe
5000	jAMSXpD.exe
4312	phDeYZn.exe
1832	JviNbMg.exe
1752	nduDFHY.exe
3492	UylNDSx.exe
4672	KlkyZOA.exe
3416	nxdTonp.exe
4552	JYPieLi.exe
2044	rNWXLdA.exe
4352	KVYfRBJ.exe
3960	nrErUGy.exe
4924	ZsTsTRW.exe
1936	TvUbRYk.exe
2948	OzbiDZp.exe
4584	JqHvDaq.exe
4948	XykhEgo.exe
2684	mfdOkIw.exe
3108	HDDFBJg.exe
1504	FEsyJig.exe
876	daKOBHR.exe
3716	LAoEVVf.exe
5060	CgzWwZS.exe
1548	aWLOejk.exe
4668	oxjeBXu.exe
1680	xExfEMs.exe
4264	GmHeUVV.exe
4712	eslIzlg.exe
3112	CrfkMxs.exe
4816	AvHNfFH.exe
4496	YmkQDLN.exe
4000	zrWdhIl.exe
436	AcUrewJ.exe
1336	hjEymQK.exe
1332	OhpKRJA.exe
1568	HlgEiyI.exe
1420	QrbrlqE.exe
1324	fKYRrOu.exe
3028	kZjEbwY.exe
3484	gidUsrD.exe
3264	spLBuiR.exe
3604	pUTGRSB.exe
4516	tbxoqyE.exe
1728	XUCrxiC.exe
3684	TovBacH.exe
1684	ZhYoSRq.exe
716	gEUJmqP.exe
2248	jzNCtFo.exe
3280	GeMiuTU.exe
4832	jNpQqcp.exe
4968	YPUMVAG.exe
1056	QeYQFFc.exe
4592	WUMLHHj.exe
1992	NaCnYYY.exe
2644	SaBmXmv.exe
1404	kHvuTlA.exe
2416	AowYxWs.exe
3648	HGcWeZM.exe
4360	mwEpKsl.exe
1948	kKOOBZl.exe
3520	ccyGVsJ.exe
368	NlagPsY.exe
2108	MLcueZc.exe

Drops file in Windows directory 64 IoCs

Processes:

813be4ec38a695a2058343e26fb6c040_NeikiAnalytics.exe

description	ioc	process
File created	C:\Windows\System\vnfnvyE.exe	813be4ec38a695a2058343e26fb6c040_NeikiAnalytics.exe
File created	C:\Windows\System\TvUbRYk.exe	813be4ec38a695a2058343e26fb6c040_NeikiAnalytics.exe
File created	C:\Windows\System\dMFiHap.exe	813be4ec38a695a2058343e26fb6c040_NeikiAnalytics.exe
File created	C:\Windows\System\IdFBUyT.exe	813be4ec38a695a2058343e26fb6c040_NeikiAnalytics.exe
File created	C:\Windows\System\hhUhBLC.exe	813be4ec38a695a2058343e26fb6c040_NeikiAnalytics.exe
File created	C:\Windows\System\ZhYoSRq.exe	813be4ec38a695a2058343e26fb6c040_NeikiAnalytics.exe
File created	C:\Windows\System\govoSHF.exe	813be4ec38a695a2058343e26fb6c040_NeikiAnalytics.exe
File created	C:\Windows\System\vqKRCXw.exe	813be4ec38a695a2058343e26fb6c040_NeikiAnalytics.exe
File created	C:\Windows\System\kZjEbwY.exe	813be4ec38a695a2058343e26fb6c040_NeikiAnalytics.exe
File created	C:\Windows\System\ZuUeqFy.exe	813be4ec38a695a2058343e26fb6c040_NeikiAnalytics.exe
File created	C:\Windows\System\GsEJIvu.exe	813be4ec38a695a2058343e26fb6c040_NeikiAnalytics.exe
File created	C:\Windows\System\QxYviEU.exe	813be4ec38a695a2058343e26fb6c040_NeikiAnalytics.exe
File created	C:\Windows\System\OzZijQs.exe	813be4ec38a695a2058343e26fb6c040_NeikiAnalytics.exe
File created	C:\Windows\System\mcJlnWz.exe	813be4ec38a695a2058343e26fb6c040_NeikiAnalytics.exe
File created	C:\Windows\System\AWbLqrM.exe	813be4ec38a695a2058343e26fb6c040_NeikiAnalytics.exe
File created	C:\Windows\System\oxjeBXu.exe	813be4ec38a695a2058343e26fb6c040_NeikiAnalytics.exe
File created	C:\Windows\System\YmkQDLN.exe	813be4ec38a695a2058343e26fb6c040_NeikiAnalytics.exe
File created	C:\Windows\System\dcaMTXp.exe	813be4ec38a695a2058343e26fb6c040_NeikiAnalytics.exe
File created	C:\Windows\System\eCBsoQt.exe	813be4ec38a695a2058343e26fb6c040_NeikiAnalytics.exe
File created	C:\Windows\System\dBqwCfH.exe	813be4ec38a695a2058343e26fb6c040_NeikiAnalytics.exe
File created	C:\Windows\System\hvxlgmh.exe	813be4ec38a695a2058343e26fb6c040_NeikiAnalytics.exe
File created	C:\Windows\System\WUMLHHj.exe	813be4ec38a695a2058343e26fb6c040_NeikiAnalytics.exe
File created	C:\Windows\System\sYEmhRx.exe	813be4ec38a695a2058343e26fb6c040_NeikiAnalytics.exe
File created	C:\Windows\System\HFdleqp.exe	813be4ec38a695a2058343e26fb6c040_NeikiAnalytics.exe
File created	C:\Windows\System\bNMyMrs.exe	813be4ec38a695a2058343e26fb6c040_NeikiAnalytics.exe
File created	C:\Windows\System\UPozkot.exe	813be4ec38a695a2058343e26fb6c040_NeikiAnalytics.exe
File created	C:\Windows\System\RyZLyRG.exe	813be4ec38a695a2058343e26fb6c040_NeikiAnalytics.exe
File created	C:\Windows\System\QDQrZJe.exe	813be4ec38a695a2058343e26fb6c040_NeikiAnalytics.exe
File created	C:\Windows\System\rDtBceN.exe	813be4ec38a695a2058343e26fb6c040_NeikiAnalytics.exe
File created	C:\Windows\System\JviNbMg.exe	813be4ec38a695a2058343e26fb6c040_NeikiAnalytics.exe
File created	C:\Windows\System\ccyGVsJ.exe	813be4ec38a695a2058343e26fb6c040_NeikiAnalytics.exe
File created	C:\Windows\System\hEBkqFt.exe	813be4ec38a695a2058343e26fb6c040_NeikiAnalytics.exe
File created	C:\Windows\System\WyfAieF.exe	813be4ec38a695a2058343e26fb6c040_NeikiAnalytics.exe
File created	C:\Windows\System\DzqfIhv.exe	813be4ec38a695a2058343e26fb6c040_NeikiAnalytics.exe
File created	C:\Windows\System\UKDhbni.exe	813be4ec38a695a2058343e26fb6c040_NeikiAnalytics.exe
File created	C:\Windows\System\BOtntox.exe	813be4ec38a695a2058343e26fb6c040_NeikiAnalytics.exe
File created	C:\Windows\System\GEJsIop.exe	813be4ec38a695a2058343e26fb6c040_NeikiAnalytics.exe
File created	C:\Windows\System\hkrbAZE.exe	813be4ec38a695a2058343e26fb6c040_NeikiAnalytics.exe
File created	C:\Windows\System\csrMEMs.exe	813be4ec38a695a2058343e26fb6c040_NeikiAnalytics.exe
File created	C:\Windows\System\bzKrmhr.exe	813be4ec38a695a2058343e26fb6c040_NeikiAnalytics.exe
File created	C:\Windows\System\eslIzlg.exe	813be4ec38a695a2058343e26fb6c040_NeikiAnalytics.exe
File created	C:\Windows\System\CrfkMxs.exe	813be4ec38a695a2058343e26fb6c040_NeikiAnalytics.exe
File created	C:\Windows\System\dihatjk.exe	813be4ec38a695a2058343e26fb6c040_NeikiAnalytics.exe
File created	C:\Windows\System\eUErKRF.exe	813be4ec38a695a2058343e26fb6c040_NeikiAnalytics.exe
File created	C:\Windows\System\RWnREyB.exe	813be4ec38a695a2058343e26fb6c040_NeikiAnalytics.exe
File created	C:\Windows\System\rniYhhg.exe	813be4ec38a695a2058343e26fb6c040_NeikiAnalytics.exe
File created	C:\Windows\System\BVGNtQn.exe	813be4ec38a695a2058343e26fb6c040_NeikiAnalytics.exe
File created	C:\Windows\System\eQufdDf.exe	813be4ec38a695a2058343e26fb6c040_NeikiAnalytics.exe
File created	C:\Windows\System\UtsONkt.exe	813be4ec38a695a2058343e26fb6c040_NeikiAnalytics.exe
File created	C:\Windows\System\yNkldsN.exe	813be4ec38a695a2058343e26fb6c040_NeikiAnalytics.exe
File created	C:\Windows\System\JBhTIGr.exe	813be4ec38a695a2058343e26fb6c040_NeikiAnalytics.exe
File created	C:\Windows\System\jAMSXpD.exe	813be4ec38a695a2058343e26fb6c040_NeikiAnalytics.exe
File created	C:\Windows\System\zxxBOJV.exe	813be4ec38a695a2058343e26fb6c040_NeikiAnalytics.exe
File created	C:\Windows\System\IdvIBcP.exe	813be4ec38a695a2058343e26fb6c040_NeikiAnalytics.exe
File created	C:\Windows\System\FwFuIBA.exe	813be4ec38a695a2058343e26fb6c040_NeikiAnalytics.exe
File created	C:\Windows\System\VELDfOC.exe	813be4ec38a695a2058343e26fb6c040_NeikiAnalytics.exe
File created	C:\Windows\System\ghuVyiM.exe	813be4ec38a695a2058343e26fb6c040_NeikiAnalytics.exe
File created	C:\Windows\System\MGPBXrQ.exe	813be4ec38a695a2058343e26fb6c040_NeikiAnalytics.exe
File created	C:\Windows\System\QrbrlqE.exe	813be4ec38a695a2058343e26fb6c040_NeikiAnalytics.exe
File created	C:\Windows\System\BNgJHNV.exe	813be4ec38a695a2058343e26fb6c040_NeikiAnalytics.exe
File created	C:\Windows\System\SaBmXmv.exe	813be4ec38a695a2058343e26fb6c040_NeikiAnalytics.exe
File created	C:\Windows\System\VrCzBVl.exe	813be4ec38a695a2058343e26fb6c040_NeikiAnalytics.exe
File created	C:\Windows\System\nKWuhlE.exe	813be4ec38a695a2058343e26fb6c040_NeikiAnalytics.exe
File created	C:\Windows\System\mfdOkIw.exe	813be4ec38a695a2058343e26fb6c040_NeikiAnalytics.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

Processes:

813be4ec38a695a2058343e26fb6c040_NeikiAnalytics.exe

description	pid	process
Token: SeLockMemoryPrivilege	2616	813be4ec38a695a2058343e26fb6c040_NeikiAnalytics.exe
Token: SeLockMemoryPrivilege	2616	813be4ec38a695a2058343e26fb6c040_NeikiAnalytics.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

813be4ec38a695a2058343e26fb6c040_NeikiAnalytics.exe

description	pid	process	target process
PID 2616 wrote to memory of 5028	2616	813be4ec38a695a2058343e26fb6c040_NeikiAnalytics.exe	zSKIpnK.exe
PID 2616 wrote to memory of 5028	2616	813be4ec38a695a2058343e26fb6c040_NeikiAnalytics.exe	zSKIpnK.exe
PID 2616 wrote to memory of 4004	2616	813be4ec38a695a2058343e26fb6c040_NeikiAnalytics.exe	karhspJ.exe
PID 2616 wrote to memory of 4004	2616	813be4ec38a695a2058343e26fb6c040_NeikiAnalytics.exe	karhspJ.exe
PID 2616 wrote to memory of 5000	2616	813be4ec38a695a2058343e26fb6c040_NeikiAnalytics.exe	jAMSXpD.exe
PID 2616 wrote to memory of 5000	2616	813be4ec38a695a2058343e26fb6c040_NeikiAnalytics.exe	jAMSXpD.exe
PID 2616 wrote to memory of 4312	2616	813be4ec38a695a2058343e26fb6c040_NeikiAnalytics.exe	phDeYZn.exe
PID 2616 wrote to memory of 4312	2616	813be4ec38a695a2058343e26fb6c040_NeikiAnalytics.exe	phDeYZn.exe
PID 2616 wrote to memory of 1832	2616	813be4ec38a695a2058343e26fb6c040_NeikiAnalytics.exe	JviNbMg.exe
PID 2616 wrote to memory of 1832	2616	813be4ec38a695a2058343e26fb6c040_NeikiAnalytics.exe	JviNbMg.exe
PID 2616 wrote to memory of 1752	2616	813be4ec38a695a2058343e26fb6c040_NeikiAnalytics.exe	nduDFHY.exe
PID 2616 wrote to memory of 1752	2616	813be4ec38a695a2058343e26fb6c040_NeikiAnalytics.exe	nduDFHY.exe
PID 2616 wrote to memory of 3492	2616	813be4ec38a695a2058343e26fb6c040_NeikiAnalytics.exe	UylNDSx.exe
PID 2616 wrote to memory of 3492	2616	813be4ec38a695a2058343e26fb6c040_NeikiAnalytics.exe	UylNDSx.exe
PID 2616 wrote to memory of 4672	2616	813be4ec38a695a2058343e26fb6c040_NeikiAnalytics.exe	KlkyZOA.exe
PID 2616 wrote to memory of 4672	2616	813be4ec38a695a2058343e26fb6c040_NeikiAnalytics.exe	KlkyZOA.exe
PID 2616 wrote to memory of 3416	2616	813be4ec38a695a2058343e26fb6c040_NeikiAnalytics.exe	nxdTonp.exe
PID 2616 wrote to memory of 3416	2616	813be4ec38a695a2058343e26fb6c040_NeikiAnalytics.exe	nxdTonp.exe
PID 2616 wrote to memory of 4552	2616	813be4ec38a695a2058343e26fb6c040_NeikiAnalytics.exe	JYPieLi.exe
PID 2616 wrote to memory of 4552	2616	813be4ec38a695a2058343e26fb6c040_NeikiAnalytics.exe	JYPieLi.exe
PID 2616 wrote to memory of 2044	2616	813be4ec38a695a2058343e26fb6c040_NeikiAnalytics.exe	rNWXLdA.exe
PID 2616 wrote to memory of 2044	2616	813be4ec38a695a2058343e26fb6c040_NeikiAnalytics.exe	rNWXLdA.exe
PID 2616 wrote to memory of 4352	2616	813be4ec38a695a2058343e26fb6c040_NeikiAnalytics.exe	KVYfRBJ.exe
PID 2616 wrote to memory of 4352	2616	813be4ec38a695a2058343e26fb6c040_NeikiAnalytics.exe	KVYfRBJ.exe
PID 2616 wrote to memory of 3960	2616	813be4ec38a695a2058343e26fb6c040_NeikiAnalytics.exe	nrErUGy.exe
PID 2616 wrote to memory of 3960	2616	813be4ec38a695a2058343e26fb6c040_NeikiAnalytics.exe	nrErUGy.exe
PID 2616 wrote to memory of 4924	2616	813be4ec38a695a2058343e26fb6c040_NeikiAnalytics.exe	ZsTsTRW.exe
PID 2616 wrote to memory of 4924	2616	813be4ec38a695a2058343e26fb6c040_NeikiAnalytics.exe	ZsTsTRW.exe
PID 2616 wrote to memory of 1936	2616	813be4ec38a695a2058343e26fb6c040_NeikiAnalytics.exe	TvUbRYk.exe
PID 2616 wrote to memory of 1936	2616	813be4ec38a695a2058343e26fb6c040_NeikiAnalytics.exe	TvUbRYk.exe
PID 2616 wrote to memory of 2948	2616	813be4ec38a695a2058343e26fb6c040_NeikiAnalytics.exe	OzbiDZp.exe
PID 2616 wrote to memory of 2948	2616	813be4ec38a695a2058343e26fb6c040_NeikiAnalytics.exe	OzbiDZp.exe
PID 2616 wrote to memory of 4584	2616	813be4ec38a695a2058343e26fb6c040_NeikiAnalytics.exe	JqHvDaq.exe
PID 2616 wrote to memory of 4584	2616	813be4ec38a695a2058343e26fb6c040_NeikiAnalytics.exe	JqHvDaq.exe
PID 2616 wrote to memory of 4948	2616	813be4ec38a695a2058343e26fb6c040_NeikiAnalytics.exe	XykhEgo.exe
PID 2616 wrote to memory of 4948	2616	813be4ec38a695a2058343e26fb6c040_NeikiAnalytics.exe	XykhEgo.exe
PID 2616 wrote to memory of 2684	2616	813be4ec38a695a2058343e26fb6c040_NeikiAnalytics.exe	mfdOkIw.exe
PID 2616 wrote to memory of 2684	2616	813be4ec38a695a2058343e26fb6c040_NeikiAnalytics.exe	mfdOkIw.exe
PID 2616 wrote to memory of 3108	2616	813be4ec38a695a2058343e26fb6c040_NeikiAnalytics.exe	HDDFBJg.exe
PID 2616 wrote to memory of 3108	2616	813be4ec38a695a2058343e26fb6c040_NeikiAnalytics.exe	HDDFBJg.exe
PID 2616 wrote to memory of 1504	2616	813be4ec38a695a2058343e26fb6c040_NeikiAnalytics.exe	FEsyJig.exe
PID 2616 wrote to memory of 1504	2616	813be4ec38a695a2058343e26fb6c040_NeikiAnalytics.exe	FEsyJig.exe
PID 2616 wrote to memory of 876	2616	813be4ec38a695a2058343e26fb6c040_NeikiAnalytics.exe	daKOBHR.exe
PID 2616 wrote to memory of 876	2616	813be4ec38a695a2058343e26fb6c040_NeikiAnalytics.exe	daKOBHR.exe
PID 2616 wrote to memory of 3716	2616	813be4ec38a695a2058343e26fb6c040_NeikiAnalytics.exe	LAoEVVf.exe
PID 2616 wrote to memory of 3716	2616	813be4ec38a695a2058343e26fb6c040_NeikiAnalytics.exe	LAoEVVf.exe
PID 2616 wrote to memory of 5060	2616	813be4ec38a695a2058343e26fb6c040_NeikiAnalytics.exe	CgzWwZS.exe
PID 2616 wrote to memory of 5060	2616	813be4ec38a695a2058343e26fb6c040_NeikiAnalytics.exe	CgzWwZS.exe
PID 2616 wrote to memory of 1548	2616	813be4ec38a695a2058343e26fb6c040_NeikiAnalytics.exe	aWLOejk.exe
PID 2616 wrote to memory of 1548	2616	813be4ec38a695a2058343e26fb6c040_NeikiAnalytics.exe	aWLOejk.exe
PID 2616 wrote to memory of 4668	2616	813be4ec38a695a2058343e26fb6c040_NeikiAnalytics.exe	oxjeBXu.exe
PID 2616 wrote to memory of 4668	2616	813be4ec38a695a2058343e26fb6c040_NeikiAnalytics.exe	oxjeBXu.exe
PID 2616 wrote to memory of 1680	2616	813be4ec38a695a2058343e26fb6c040_NeikiAnalytics.exe	xExfEMs.exe
PID 2616 wrote to memory of 1680	2616	813be4ec38a695a2058343e26fb6c040_NeikiAnalytics.exe	xExfEMs.exe
PID 2616 wrote to memory of 4264	2616	813be4ec38a695a2058343e26fb6c040_NeikiAnalytics.exe	GmHeUVV.exe
PID 2616 wrote to memory of 4264	2616	813be4ec38a695a2058343e26fb6c040_NeikiAnalytics.exe	GmHeUVV.exe
PID 2616 wrote to memory of 4712	2616	813be4ec38a695a2058343e26fb6c040_NeikiAnalytics.exe	eslIzlg.exe
PID 2616 wrote to memory of 4712	2616	813be4ec38a695a2058343e26fb6c040_NeikiAnalytics.exe	eslIzlg.exe
PID 2616 wrote to memory of 3112	2616	813be4ec38a695a2058343e26fb6c040_NeikiAnalytics.exe	CrfkMxs.exe
PID 2616 wrote to memory of 3112	2616	813be4ec38a695a2058343e26fb6c040_NeikiAnalytics.exe	CrfkMxs.exe
PID 2616 wrote to memory of 4816	2616	813be4ec38a695a2058343e26fb6c040_NeikiAnalytics.exe	AvHNfFH.exe
PID 2616 wrote to memory of 4816	2616	813be4ec38a695a2058343e26fb6c040_NeikiAnalytics.exe	AvHNfFH.exe
PID 2616 wrote to memory of 4496	2616	813be4ec38a695a2058343e26fb6c040_NeikiAnalytics.exe	YmkQDLN.exe
PID 2616 wrote to memory of 4496	2616	813be4ec38a695a2058343e26fb6c040_NeikiAnalytics.exe	YmkQDLN.exe

C:\Users\Admin\AppData\Local\Temp\813be4ec38a695a2058343e26fb6c040_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\813be4ec38a695a2058343e26fb6c040_NeikiAnalytics.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2616

C:\Windows\System\zSKIpnK.exe
C:\Windows\System\zSKIpnK.exe
2⤵
- Executes dropped EXE
PID:5028

C:\Windows\System\karhspJ.exe
C:\Windows\System\karhspJ.exe
2⤵
- Executes dropped EXE
PID:4004

C:\Windows\System\jAMSXpD.exe
C:\Windows\System\jAMSXpD.exe
2⤵
- Executes dropped EXE
PID:5000

C:\Windows\System\phDeYZn.exe
C:\Windows\System\phDeYZn.exe
2⤵
- Executes dropped EXE
PID:4312

C:\Windows\System\JviNbMg.exe
C:\Windows\System\JviNbMg.exe
2⤵
- Executes dropped EXE
PID:1832

C:\Windows\System\nduDFHY.exe
C:\Windows\System\nduDFHY.exe
2⤵
- Executes dropped EXE
PID:1752

C:\Windows\System\UylNDSx.exe
C:\Windows\System\UylNDSx.exe
2⤵
- Executes dropped EXE
PID:3492

C:\Windows\System\KlkyZOA.exe
C:\Windows\System\KlkyZOA.exe
2⤵
- Executes dropped EXE
PID:4672

C:\Windows\System\nxdTonp.exe
C:\Windows\System\nxdTonp.exe
2⤵
- Executes dropped EXE
PID:3416

C:\Windows\System\JYPieLi.exe
C:\Windows\System\JYPieLi.exe
2⤵
- Executes dropped EXE
PID:4552

C:\Windows\System\rNWXLdA.exe
C:\Windows\System\rNWXLdA.exe
2⤵
- Executes dropped EXE
PID:2044

C:\Windows\System\KVYfRBJ.exe
C:\Windows\System\KVYfRBJ.exe
2⤵
- Executes dropped EXE
PID:4352

C:\Windows\System\nrErUGy.exe
C:\Windows\System\nrErUGy.exe
2⤵
- Executes dropped EXE
PID:3960

C:\Windows\System\ZsTsTRW.exe
C:\Windows\System\ZsTsTRW.exe
2⤵
- Executes dropped EXE
PID:4924

C:\Windows\System\TvUbRYk.exe
C:\Windows\System\TvUbRYk.exe
2⤵
- Executes dropped EXE
PID:1936

C:\Windows\System\OzbiDZp.exe
C:\Windows\System\OzbiDZp.exe
2⤵
- Executes dropped EXE
PID:2948

C:\Windows\System\JqHvDaq.exe
C:\Windows\System\JqHvDaq.exe
2⤵
- Executes dropped EXE
PID:4584

C:\Windows\System\XykhEgo.exe
C:\Windows\System\XykhEgo.exe
2⤵
- Executes dropped EXE
PID:4948

C:\Windows\System\mfdOkIw.exe
C:\Windows\System\mfdOkIw.exe
2⤵
- Executes dropped EXE
PID:2684

C:\Windows\System\HDDFBJg.exe
C:\Windows\System\HDDFBJg.exe
2⤵
- Executes dropped EXE
PID:3108

C:\Windows\System\FEsyJig.exe
C:\Windows\System\FEsyJig.exe
2⤵
- Executes dropped EXE
PID:1504

C:\Windows\System\daKOBHR.exe
C:\Windows\System\daKOBHR.exe
2⤵
- Executes dropped EXE
PID:876

C:\Windows\System\LAoEVVf.exe
C:\Windows\System\LAoEVVf.exe
2⤵
- Executes dropped EXE
PID:3716

C:\Windows\System\CgzWwZS.exe
C:\Windows\System\CgzWwZS.exe
2⤵
- Executes dropped EXE
PID:5060

C:\Windows\System\aWLOejk.exe
C:\Windows\System\aWLOejk.exe
2⤵
- Executes dropped EXE
PID:1548

C:\Windows\System\oxjeBXu.exe
C:\Windows\System\oxjeBXu.exe
2⤵
- Executes dropped EXE
PID:4668

C:\Windows\System\xExfEMs.exe
C:\Windows\System\xExfEMs.exe
2⤵
- Executes dropped EXE
PID:1680

C:\Windows\System\GmHeUVV.exe
C:\Windows\System\GmHeUVV.exe
2⤵
- Executes dropped EXE
PID:4264

C:\Windows\System\eslIzlg.exe
C:\Windows\System\eslIzlg.exe
2⤵
- Executes dropped EXE
PID:4712

C:\Windows\System\CrfkMxs.exe
C:\Windows\System\CrfkMxs.exe
2⤵
- Executes dropped EXE
PID:3112

C:\Windows\System\AvHNfFH.exe
C:\Windows\System\AvHNfFH.exe
2⤵
- Executes dropped EXE
PID:4816

C:\Windows\System\YmkQDLN.exe
C:\Windows\System\YmkQDLN.exe
2⤵
- Executes dropped EXE
PID:4496

C:\Windows\System\zrWdhIl.exe
C:\Windows\System\zrWdhIl.exe
2⤵
- Executes dropped EXE
PID:4000

C:\Windows\System\AcUrewJ.exe
C:\Windows\System\AcUrewJ.exe
2⤵
- Executes dropped EXE
PID:436

C:\Windows\System\hjEymQK.exe
C:\Windows\System\hjEymQK.exe
2⤵
- Executes dropped EXE
PID:1336

C:\Windows\System\OhpKRJA.exe
C:\Windows\System\OhpKRJA.exe
2⤵
- Executes dropped EXE
PID:1332

C:\Windows\System\HlgEiyI.exe
C:\Windows\System\HlgEiyI.exe
2⤵
- Executes dropped EXE
PID:1568

C:\Windows\System\QrbrlqE.exe
C:\Windows\System\QrbrlqE.exe
2⤵
- Executes dropped EXE
PID:1420

C:\Windows\System\fKYRrOu.exe
C:\Windows\System\fKYRrOu.exe
2⤵
- Executes dropped EXE
PID:1324

C:\Windows\System\kZjEbwY.exe
C:\Windows\System\kZjEbwY.exe
2⤵
- Executes dropped EXE
PID:3028

C:\Windows\System\gidUsrD.exe
C:\Windows\System\gidUsrD.exe
2⤵
- Executes dropped EXE
PID:3484

C:\Windows\System\spLBuiR.exe
C:\Windows\System\spLBuiR.exe
2⤵
- Executes dropped EXE
PID:3264

C:\Windows\System\pUTGRSB.exe
C:\Windows\System\pUTGRSB.exe
2⤵
- Executes dropped EXE
PID:3604

C:\Windows\System\tbxoqyE.exe
C:\Windows\System\tbxoqyE.exe
2⤵
- Executes dropped EXE
PID:4516

C:\Windows\System\XUCrxiC.exe
C:\Windows\System\XUCrxiC.exe
2⤵
- Executes dropped EXE
PID:1728

C:\Windows\System\TovBacH.exe
C:\Windows\System\TovBacH.exe
2⤵
- Executes dropped EXE
PID:3684

C:\Windows\System\ZhYoSRq.exe
C:\Windows\System\ZhYoSRq.exe
2⤵
- Executes dropped EXE
PID:1684

C:\Windows\System\gEUJmqP.exe
C:\Windows\System\gEUJmqP.exe
2⤵
- Executes dropped EXE
PID:716

C:\Windows\System\jzNCtFo.exe
C:\Windows\System\jzNCtFo.exe
2⤵
- Executes dropped EXE
PID:2248

C:\Windows\System\GeMiuTU.exe
C:\Windows\System\GeMiuTU.exe
2⤵
- Executes dropped EXE
PID:3280

C:\Windows\System\jNpQqcp.exe
C:\Windows\System\jNpQqcp.exe
2⤵
- Executes dropped EXE
PID:4832

C:\Windows\System\YPUMVAG.exe
C:\Windows\System\YPUMVAG.exe
2⤵
- Executes dropped EXE
PID:4968

C:\Windows\System\QeYQFFc.exe
C:\Windows\System\QeYQFFc.exe
2⤵
- Executes dropped EXE
PID:1056

C:\Windows\System\WUMLHHj.exe
C:\Windows\System\WUMLHHj.exe
2⤵
- Executes dropped EXE
PID:4592

C:\Windows\System\NaCnYYY.exe
C:\Windows\System\NaCnYYY.exe
2⤵
- Executes dropped EXE
PID:1992

C:\Windows\System\SaBmXmv.exe
C:\Windows\System\SaBmXmv.exe
2⤵
- Executes dropped EXE
PID:2644

C:\Windows\System\kHvuTlA.exe
C:\Windows\System\kHvuTlA.exe
2⤵
- Executes dropped EXE
PID:1404

C:\Windows\System\AowYxWs.exe
C:\Windows\System\AowYxWs.exe
2⤵
- Executes dropped EXE
PID:2416

C:\Windows\System\HGcWeZM.exe
C:\Windows\System\HGcWeZM.exe
2⤵
- Executes dropped EXE
PID:3648

C:\Windows\System\mwEpKsl.exe
C:\Windows\System\mwEpKsl.exe
2⤵
- Executes dropped EXE
PID:4360

C:\Windows\System\kKOOBZl.exe
C:\Windows\System\kKOOBZl.exe
2⤵
- Executes dropped EXE
PID:1948

C:\Windows\System\ccyGVsJ.exe
C:\Windows\System\ccyGVsJ.exe
2⤵
- Executes dropped EXE
PID:3520

C:\Windows\System\NlagPsY.exe
C:\Windows\System\NlagPsY.exe
2⤵
- Executes dropped EXE
PID:368

C:\Windows\System\MLcueZc.exe
C:\Windows\System\MLcueZc.exe
2⤵
- Executes dropped EXE
PID:2108

C:\Windows\System\ZbgLrxE.exe
C:\Windows\System\ZbgLrxE.exe
2⤵
PID:2236

C:\Windows\System\xjcMTzP.exe
C:\Windows\System\xjcMTzP.exe
2⤵
PID:3628

C:\Windows\System\AWbLqrM.exe
C:\Windows\System\AWbLqrM.exe
2⤵
PID:3284

C:\Windows\System\FwsMUud.exe
C:\Windows\System\FwsMUud.exe
2⤵
PID:3456

C:\Windows\System\UPozkot.exe
C:\Windows\System\UPozkot.exe
2⤵
PID:3288

C:\Windows\System\khkfChK.exe
C:\Windows\System\khkfChK.exe
2⤵
PID:2796

C:\Windows\System\XSnAkhZ.exe
C:\Windows\System\XSnAkhZ.exe
2⤵
PID:2164

C:\Windows\System\tmnVjUc.exe
C:\Windows\System\tmnVjUc.exe
2⤵
PID:3776

C:\Windows\System\pQKgWsC.exe
C:\Windows\System\pQKgWsC.exe
2⤵
PID:5156

C:\Windows\System\BwyDjWn.exe
C:\Windows\System\BwyDjWn.exe
2⤵
PID:5184

C:\Windows\System\vnfnvyE.exe
C:\Windows\System\vnfnvyE.exe
2⤵
PID:5208

C:\Windows\System\pjelLmd.exe
C:\Windows\System\pjelLmd.exe
2⤵
PID:5240

C:\Windows\System\govoSHF.exe
C:\Windows\System\govoSHF.exe
2⤵
PID:5260

C:\Windows\System\hEBkqFt.exe
C:\Windows\System\hEBkqFt.exe
2⤵
PID:5276

C:\Windows\System\QSIVDUd.exe
C:\Windows\System\QSIVDUd.exe
2⤵
PID:5308

C:\Windows\System\VrCzBVl.exe
C:\Windows\System\VrCzBVl.exe
2⤵
PID:5336

C:\Windows\System\uYCsAmw.exe
C:\Windows\System\uYCsAmw.exe
2⤵
PID:5364

C:\Windows\System\zoVeTEs.exe
C:\Windows\System\zoVeTEs.exe
2⤵
PID:5392

C:\Windows\System\UAafFrC.exe
C:\Windows\System\UAafFrC.exe
2⤵
PID:5432

C:\Windows\System\UpsbloJ.exe
C:\Windows\System\UpsbloJ.exe
2⤵
PID:5456

C:\Windows\System\KtmReOn.exe
C:\Windows\System\KtmReOn.exe
2⤵
PID:5484

C:\Windows\System\DzqfIhv.exe
C:\Windows\System\DzqfIhv.exe
2⤵
PID:5512

C:\Windows\System\zxxBOJV.exe
C:\Windows\System\zxxBOJV.exe
2⤵
PID:5556

C:\Windows\System\bPXcDlR.exe
C:\Windows\System\bPXcDlR.exe
2⤵
PID:5576

C:\Windows\System\UKDhbni.exe
C:\Windows\System\UKDhbni.exe
2⤵
PID:5620

C:\Windows\System\IrzLwtL.exe
C:\Windows\System\IrzLwtL.exe
2⤵
PID:5648

C:\Windows\System\QxYviEU.exe
C:\Windows\System\QxYviEU.exe
2⤵
PID:5672

C:\Windows\System\ZuUeqFy.exe
C:\Windows\System\ZuUeqFy.exe
2⤵
PID:5700

C:\Windows\System\RyZLyRG.exe
C:\Windows\System\RyZLyRG.exe
2⤵
PID:5724

C:\Windows\System\XVQvnXV.exe
C:\Windows\System\XVQvnXV.exe
2⤵
PID:5748

C:\Windows\System\hvxlgmh.exe
C:\Windows\System\hvxlgmh.exe
2⤵
PID:5788

C:\Windows\System\sHbuEXc.exe
C:\Windows\System\sHbuEXc.exe
2⤵
PID:5808

C:\Windows\System\azaWHGu.exe
C:\Windows\System\azaWHGu.exe
2⤵
PID:5832

C:\Windows\System\UNURoLS.exe
C:\Windows\System\UNURoLS.exe
2⤵
PID:5856

C:\Windows\System\BVGNtQn.exe
C:\Windows\System\BVGNtQn.exe
2⤵
PID:5884

C:\Windows\System\TrsDQCl.exe
C:\Windows\System\TrsDQCl.exe
2⤵
PID:5904

C:\Windows\System\aADntBT.exe
C:\Windows\System\aADntBT.exe
2⤵
PID:5924

C:\Windows\System\jTvsIYF.exe
C:\Windows\System\jTvsIYF.exe
2⤵
PID:5964

C:\Windows\System\eQufdDf.exe
C:\Windows\System\eQufdDf.exe
2⤵
PID:6008

C:\Windows\System\dihatjk.exe
C:\Windows\System\dihatjk.exe
2⤵
PID:6032

C:\Windows\System\teytefM.exe
C:\Windows\System\teytefM.exe
2⤵
PID:6064

C:\Windows\System\hkrbAZE.exe
C:\Windows\System\hkrbAZE.exe
2⤵
PID:6084

C:\Windows\System\KRtPvPL.exe
C:\Windows\System\KRtPvPL.exe
2⤵
PID:6112

C:\Windows\System\nKWuhlE.exe
C:\Windows\System\nKWuhlE.exe
2⤵
PID:2336

C:\Windows\System\eUErKRF.exe
C:\Windows\System\eUErKRF.exe
2⤵
PID:5132

C:\Windows\System\DKZhlvP.exe
C:\Windows\System\DKZhlvP.exe
2⤵
PID:4984

C:\Windows\System\UnngrxN.exe
C:\Windows\System\UnngrxN.exe
2⤵
PID:2376

C:\Windows\System\QDQrZJe.exe
C:\Windows\System\QDQrZJe.exe
2⤵
PID:5272

C:\Windows\System\KUuZdFC.exe
C:\Windows\System\KUuZdFC.exe
2⤵
PID:5332

C:\Windows\System\UtsONkt.exe
C:\Windows\System\UtsONkt.exe
2⤵
PID:5376

C:\Windows\System\oKOIXkz.exe
C:\Windows\System\oKOIXkz.exe
2⤵
PID:5464

C:\Windows\System\yNkldsN.exe
C:\Windows\System\yNkldsN.exe
2⤵
PID:5508

C:\Windows\System\BNgJHNV.exe
C:\Windows\System\BNgJHNV.exe
2⤵
PID:5592

C:\Windows\System\VwaiVGB.exe
C:\Windows\System\VwaiVGB.exe
2⤵
PID:5692

C:\Windows\System\hlKUJQf.exe
C:\Windows\System\hlKUJQf.exe
2⤵
PID:5736

C:\Windows\System\dcQTiYa.exe
C:\Windows\System\dcQTiYa.exe
2⤵
PID:5844

C:\Windows\System\GsEJIvu.exe
C:\Windows\System\GsEJIvu.exe
2⤵
PID:5868

C:\Windows\System\MZVVZAu.exe
C:\Windows\System\MZVVZAu.exe
2⤵
PID:5936

C:\Windows\System\zZAySYK.exe
C:\Windows\System\zZAySYK.exe
2⤵
PID:5984

C:\Windows\System\IdFBUyT.exe
C:\Windows\System\IdFBUyT.exe
2⤵
PID:6072

C:\Windows\System\CAJovOA.exe
C:\Windows\System\CAJovOA.exe
2⤵
PID:6136

C:\Windows\System\UkDcgBv.exe
C:\Windows\System\UkDcgBv.exe
2⤵
PID:5180

C:\Windows\System\fUaeyRx.exe
C:\Windows\System\fUaeyRx.exe
2⤵
PID:4412

C:\Windows\System\JSIppZx.exe
C:\Windows\System\JSIppZx.exe
2⤵
PID:5400

C:\Windows\System\OzZijQs.exe
C:\Windows\System\OzZijQs.exe
2⤵
PID:5520

C:\Windows\System\csrMEMs.exe
C:\Windows\System\csrMEMs.exe
2⤵
PID:5656

C:\Windows\System\zEtFvdZ.exe
C:\Windows\System\zEtFvdZ.exe
2⤵
PID:5816

C:\Windows\System\jKtquXx.exe
C:\Windows\System\jKtquXx.exe
2⤵
PID:5916

C:\Windows\System\JBhTIGr.exe
C:\Windows\System\JBhTIGr.exe
2⤵
PID:5232

C:\Windows\System\NAnGcMD.exe
C:\Windows\System\NAnGcMD.exe
2⤵
PID:5328

C:\Windows\System\CQEuPoQ.exe
C:\Windows\System\CQEuPoQ.exe
2⤵
PID:5732

C:\Windows\System\FwFuIBA.exe
C:\Windows\System\FwFuIBA.exe
2⤵
PID:1292

C:\Windows\System\xgsoVbA.exe
C:\Windows\System\xgsoVbA.exe
2⤵
PID:5128

C:\Windows\System\nRrVLdA.exe
C:\Windows\System\nRrVLdA.exe
2⤵
PID:6164

C:\Windows\System\EausuTU.exe
C:\Windows\System\EausuTU.exe
2⤵
PID:6200

C:\Windows\System\mkruLIy.exe
C:\Windows\System\mkruLIy.exe
2⤵
PID:6224

C:\Windows\System\GBxTroo.exe
C:\Windows\System\GBxTroo.exe
2⤵
PID:6252

C:\Windows\System\VELDfOC.exe
C:\Windows\System\VELDfOC.exe
2⤵
PID:6272

C:\Windows\System\hDweuxU.exe
C:\Windows\System\hDweuxU.exe
2⤵
PID:6300

C:\Windows\System\NADtGvq.exe
C:\Windows\System\NADtGvq.exe
2⤵
PID:6324

C:\Windows\System\HFdleqp.exe
C:\Windows\System\HFdleqp.exe
2⤵
PID:6372

C:\Windows\System\wnpddSd.exe
C:\Windows\System\wnpddSd.exe
2⤵
PID:6404

C:\Windows\System\vqKRCXw.exe
C:\Windows\System\vqKRCXw.exe
2⤵
PID:6420

C:\Windows\System\xWelbVL.exe
C:\Windows\System\xWelbVL.exe
2⤵
PID:6440

C:\Windows\System\bzKrmhr.exe
C:\Windows\System\bzKrmhr.exe
2⤵
PID:6480

C:\Windows\System\rniYhhg.exe
C:\Windows\System\rniYhhg.exe
2⤵
PID:6504

C:\Windows\System\TJBSXrp.exe
C:\Windows\System\TJBSXrp.exe
2⤵
PID:6536

C:\Windows\System\BOtntox.exe
C:\Windows\System\BOtntox.exe
2⤵
PID:6576

C:\Windows\System\hhUhBLC.exe
C:\Windows\System\hhUhBLC.exe
2⤵
PID:6604

C:\Windows\System\JmKVlGn.exe
C:\Windows\System\JmKVlGn.exe
2⤵
PID:6636

C:\Windows\System\EDMQnLb.exe
C:\Windows\System\EDMQnLb.exe
2⤵
PID:6656

C:\Windows\System\sYEmhRx.exe
C:\Windows\System\sYEmhRx.exe
2⤵
PID:6684

C:\Windows\System\dcaMTXp.exe
C:\Windows\System\dcaMTXp.exe
2⤵
PID:6712

C:\Windows\System\XOJOuOL.exe
C:\Windows\System\XOJOuOL.exe
2⤵
PID:6748

C:\Windows\System\dRcERgQ.exe
C:\Windows\System\dRcERgQ.exe
2⤵
PID:6776

C:\Windows\System\CUMBlqb.exe
C:\Windows\System\CUMBlqb.exe
2⤵
PID:6804

C:\Windows\System\FDFTFli.exe
C:\Windows\System\FDFTFli.exe
2⤵
PID:6824

C:\Windows\System\BfChxRE.exe
C:\Windows\System\BfChxRE.exe
2⤵
PID:6848

C:\Windows\System\ysbeSiM.exe
C:\Windows\System\ysbeSiM.exe
2⤵
PID:6888

C:\Windows\System\bNMyMrs.exe
C:\Windows\System\bNMyMrs.exe
2⤵
PID:6916

C:\Windows\System\LURcKzb.exe
C:\Windows\System\LURcKzb.exe
2⤵
PID:6944

C:\Windows\System\qhDZtvk.exe
C:\Windows\System\qhDZtvk.exe
2⤵
PID:6972

C:\Windows\System\gvvtUYL.exe
C:\Windows\System\gvvtUYL.exe
2⤵
PID:6996

C:\Windows\System\ghuVyiM.exe
C:\Windows\System\ghuVyiM.exe
2⤵
PID:7028

C:\Windows\System\ZkVRGXI.exe
C:\Windows\System\ZkVRGXI.exe
2⤵
PID:7056

C:\Windows\System\vHxOSOC.exe
C:\Windows\System\vHxOSOC.exe
2⤵
PID:7084

C:\Windows\System\bbtaACR.exe
C:\Windows\System\bbtaACR.exe
2⤵
PID:7112

C:\Windows\System\EsQXuCb.exe
C:\Windows\System\EsQXuCb.exe
2⤵
PID:7144

C:\Windows\System\PeNYrnl.exe
C:\Windows\System\PeNYrnl.exe
2⤵
PID:5632

C:\Windows\System\WyfAieF.exe
C:\Windows\System\WyfAieF.exe
2⤵
PID:6148

C:\Windows\System\yAVYVWv.exe
C:\Windows\System\yAVYVWv.exe
2⤵
PID:6212

C:\Windows\System\RWnREyB.exe
C:\Windows\System\RWnREyB.exe
2⤵
PID:6260

C:\Windows\System\UDYjehm.exe
C:\Windows\System\UDYjehm.exe
2⤵
PID:6316

C:\Windows\System\QrvoXkV.exe
C:\Windows\System\QrvoXkV.exe
2⤵
PID:6352

C:\Windows\System\dMFiHap.exe
C:\Windows\System\dMFiHap.exe
2⤵
PID:6392

C:\Windows\System\IdvIBcP.exe
C:\Windows\System\IdvIBcP.exe
2⤵
PID:6432

C:\Windows\System\sNxLRXD.exe
C:\Windows\System\sNxLRXD.exe
2⤵
PID:6492

C:\Windows\System\rDtBceN.exe
C:\Windows\System\rDtBceN.exe
2⤵
PID:6516

C:\Windows\System\MGPBXrQ.exe
C:\Windows\System\MGPBXrQ.exe
2⤵
PID:6628

C:\Windows\System\GEJsIop.exe
C:\Windows\System\GEJsIop.exe
2⤵
PID:6672

C:\Windows\System\mcJlnWz.exe
C:\Windows\System\mcJlnWz.exe
2⤵
PID:6732

C:\Windows\System\eCBsoQt.exe
C:\Windows\System\eCBsoQt.exe
2⤵
PID:6800

C:\Windows\System\YRJgNXU.exe
C:\Windows\System\YRJgNXU.exe
2⤵
PID:6864

C:\Windows\System\qxxxcMo.exe
C:\Windows\System\qxxxcMo.exe
2⤵
PID:6936

C:\Windows\System\YKmcUiq.exe
C:\Windows\System\YKmcUiq.exe
2⤵
PID:7012

C:\Windows\System\AusXwmT.exe
C:\Windows\System\AusXwmT.exe
2⤵
PID:7104

C:\Windows\System\dBqwCfH.exe
C:\Windows\System\dBqwCfH.exe
2⤵
PID:6240

C:\Windows\System\PxaRsTq.exe
C:\Windows\System\PxaRsTq.exe
2⤵
PID:6704

C:\Windows\System\KeWVkfO.exe
C:\Windows\System\KeWVkfO.exe
2⤵
PID:6788

C:\Windows\System\MOQyZXd.exe
C:\Windows\System\MOQyZXd.exe
2⤵
PID:7080

C:\Windows\System\bXkJwkK.exe
C:\Windows\System\bXkJwkK.exe
2⤵
PID:6292

C:\Windows\System\FjfkcAX.exe
C:\Windows\System\FjfkcAX.exe
2⤵
PID:6772

C:\Windows\System\OuINjfc.exe
C:\Windows\System\OuINjfc.exe
2⤵
PID:7096

C:\Windows\System\JuhdQrJ.exe
C:\Windows\System\JuhdQrJ.exe
2⤵
PID:6524

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=3940,i,15142778360084620907,1763097090506261076,262144 --variations-seed-version --mojo-platform-channel-handle=1036 /prefetch:8
1⤵
PID:6176

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System\AvHNfFH.exe
Filesize
1018KB

MD5
e95376ba4fc094e830d27e1d33683247

SHA1
cee7dc1e5077fba4fe5e21f43234116dc0ccd71e

SHA256
0251d65f6f7945ef922c77697ae3b3f41edb8e487fae2f0b4a74a05e7e9ad146

SHA512
175ed318574735e50d3a7ff92fa44809315dcf786083c5eca62dcb9dfeb9e1dd9d9547f84ed1db9c12b6763a41f2612a204d9418709b06a390a9e63885132704

Download Submit
C:\Windows\System\CgzWwZS.exe
Filesize
1016KB

MD5
1da14e13fbb9e8d3d6b30f780112ca3d

SHA1
3cdea2d30bba9a111be50574eaa9e438b0164be0

SHA256
e7e0b0b6ce384c93b9c49f2ebfd9ee77fdbdbe1b831ca1228fea093a0f52f9fd

SHA512
ebe84ea1f822475a2fd39935aae81bcf7adeb4899db363d98b7a1aa020efbadf9e885632530437ab2fcae2965f8e3e57378fd0dcc8575b8b299ecab8b2077ad4

Download Submit
C:\Windows\System\CrfkMxs.exe
Filesize
1017KB

MD5
ad37b05b29fb51e3642eb52e06f53a5b

SHA1
4f5ff8aa7b34fbd7427661bae44391718965a396

SHA256
c40598e19247d523d673b2fdd7500faeffb8e6d45adbc76c2272c5aa3d3cd022

SHA512
813e05b2b96b4e5834ab8c3efd62113af5e59035d975a23167781a1a785e749276401b2992a4a76312fa2bee7b7400ee5267486fb920a2acb8bd9ea498c855d0

Download Submit
C:\Windows\System\FEsyJig.exe
Filesize
1015KB

MD5
65687af9457770330ea4c46f2be1d1c8

SHA1
ecb608f911748338f759026c8b741f0075130488

SHA256
b239be92e854f418b9d4352cd558da878b5766db9e7221c14f6527d1b2fc3d6a

SHA512
8a9cf7ce51bbd4a9a058f5b224ceddd708b8f50a571f3bbdb8b80237217261c7ea8b9e60dc145130c69df7690ac2f8c3cc18f6e6fb40388a328c22e29c7f0883

Download Submit
C:\Windows\System\GmHeUVV.exe
Filesize
1017KB

MD5
278a23735cfead7a63d57f9648b31c31

SHA1
85d98af938f24e66f3daa3b3358b7d8b496bbd4a

SHA256
c7f9fec94cecee3cc1bb13c71eccb8d8977c781bf8575e50d7a6037327fc40d5

SHA512
496be61be5ee58c228602ee961f26ae0a13f357c86b75e4ebe58c0e3cc1f93d1f80ee68bbc2a0dbcf51804a8c57083201eb235dd75ce4ffb15dff9fa9ca34d91

Download Submit
C:\Windows\System\HDDFBJg.exe
Filesize
1015KB

MD5
2d1d45c37dd0900b71e0814f17c81066

SHA1
c199840c3c2a5e14fcd87dae7430ab6dcc634f71

SHA256
3e38011334eb609c83a1583a729013e9538ad01bfe9bf99fba35f5b575b4455b

SHA512
7a801cb8c03d74237154674ad39991e486e3583b8d8c196543be616c56aaab8517012bb89f47b526286812f5b327fbbb120302c532460bb8e65a854534829cbd

Download Submit
C:\Windows\System\JYPieLi.exe
Filesize
1012KB

MD5
792775de15c7ed6de457ec3439190f16

SHA1
941682be20ffe67cd6689b19c97511918fefcc51

SHA256
62e57b08724693fbcb0883da171b8f7e22c3fe740c96ccb40b0732dd7c68b240

SHA512
fc8ac38047af5a2bb94c63aa8693accb293e03fb2a35476a73bf940c4c4c4ef20fb4846ee7147eefcd50cbf6f82b0cf85db907ad1d5190377c1befc2a0df4503

Download Submit
C:\Windows\System\JqHvDaq.exe
Filesize
1014KB

MD5
74817d665b436d620907b0c747a6dab7

SHA1
0a73480e4be34e3ca1deed356cd0b9a09f27b241

SHA256
4f9a1fdbbbd37167fe7e38836e3be279eae0bd9b2772804781fcc0f79e422cc1

SHA512
7b6684c58870fe18082156327c52cfab1c57915536c4c3b333c6688cf2ead94e667ee90524ded6a330f59976fa4ddbdf8f7e877ae912ed1e49089e67fd91bf7b

Download Submit
C:\Windows\System\JviNbMg.exe
Filesize
1011KB

MD5
a25611ff652d2d9cb3578aff5edd34e2

SHA1
9bba9e03b1c6ccc30c96070918518c70bbd6ddfa

SHA256
fbd52899d6510ac290012328a33c69e3672a8be92db6ae7d4946f7a680f15341

SHA512
aef405b500910be582bfcabf8feab068f19062c34da00a536073da917fc8766f07f3e0d71e598b0a2169cc89aa4875d5dbd3373082a0ddb37a728617cb061bcd

Download Submit
C:\Windows\System\KVYfRBJ.exe
Filesize
1013KB

MD5
bc99191e93177534d81784a885239c4c

SHA1
262f1c4284c5e8183dd6f64d883901b3af61ca88

SHA256
4fbc01993fae85fcf9eb6e03be71a82469719bfd842f95db4314529a8efe10e6

SHA512
8409afe4242c4879f76e47c9d66d50f231b5d9080584e37f6c0d1e8401d0e4ec7248764fc16f37b07493d270b2346fc8fc31eac582b72af2dc8cd4e6d278bb18

Download Submit
C:\Windows\System\KlkyZOA.exe
Filesize
1012KB

MD5
ced360cf4f8b162729b867367e3a794d

SHA1
4de4a5e3eeef19876100684d05b0567dc6b5f36e

SHA256
aaffbd34c01305e5fbc27170a0b30bd21f268e0b44f8c877e64bd0f076900e51

SHA512
1aff1fbfc2e77e73ad5c5721c4acef490d98f3fda4f3acbee518cf2195413b6d055a4630bfce5b56c9e08d6c33f4c692024898b6bc9afbbfba2eccb13ae13992

Download Submit
C:\Windows\System\LAoEVVf.exe
Filesize
1016KB

MD5
af5f6adf23b36ce17300052c88d22cb0

SHA1
64103fb7213a1838d7accfb0646cbdb6148501f8

SHA256
313402458bac48293da60ea9a62711a0ad2738fce5a2d7790402e2e890ec31c3

SHA512
6643f6987f26c109dc88ffb015447d5846bf429b71b25537d190ea9bad648af5901b294476cc18bd90c9eb8ee4a91753ca1f6d656c84bbf1a490ab9f7d188978

Download Submit
C:\Windows\System\OzbiDZp.exe
Filesize
1014KB

MD5
d64d2bed3a03138b6ec076f121df4dff

SHA1
c42df023ae8e16f67a9b16df86f0d746528b9822

SHA256
33e791a0eb81a91996606a5a51afab7e1d116cb488ef99c0ab5290e463763130

SHA512
d4123f35323d3bb0d3babc14581e1a96e99983e3bf37dfe109b6850d6d62cac165a754139c9fbd2f2a9d04c1a92cd876857c780029be9f7f01d44b709b4e3d6b

Download Submit
C:\Windows\System\TvUbRYk.exe
Filesize
1014KB

MD5
1590ab98946713d3698dd25dc4dd579c

SHA1
365b6bff66fbcdf2025107f510ba1d19e668731c

SHA256
0946b83af556ea7af55107f60863145ff1759bf5c6fa73f7dfe1e1a1d58ca701

SHA512
2eaebae4199d8f92c763ab79f4d4a1363e06595e6cb204f07b9e7ee75db1eb2c944e33b00237f057888def5a2a1ddbc7bc3f8dc7c024e0e23acd543ca1222d6f

Download Submit
C:\Windows\System\UylNDSx.exe
Filesize
1012KB

MD5
2e66b7679f9df30b8b738ec3ae2f96e1

SHA1
dc37fb64968976fe59f9cd6a9abe4dd2c0276f27

SHA256
aa0a8b5aa52e2224acfc20016d55c279853183abd283b01f544a4b5e7edd1c65

SHA512
ca53dbde5e4a9715661142380c329c3ec7a7ed2eead8a86bb961b167abacba07ff1f8a7d3fcc901bdbb4b63acb958a8975640f1468b6e643950dab21203558eb

Download Submit
C:\Windows\System\XykhEgo.exe
Filesize
1014KB

MD5
97402516c22382dd51177f0e8b7b01f0

SHA1
93b10da0cda80d8697cf999053d09b24f4e69af9

SHA256
b4e96e814da5b5bcff33a2c75f21c4bff86ce6dcdb230020ad66b429b35105f1

SHA512
4693a7b54d619fa9f0e23eb211e48adc67d4a3fbfe5796a782cfd52d7a22f37bd6e908b47a87361743c1812db17bada0ee03b1a021ccfcc49a08b1c9bccb924d

Download Submit
C:\Windows\System\YmkQDLN.exe
Filesize
1018KB

MD5
d2ee5b5234a17ccca7843eaed99b34e4

SHA1
2d015ee3450a0d710835cc5f1c20c8ccbfeed6f5

SHA256
3e764df2a9154206af7c358f950e5c0696cf921cdb49348e709fa4defa94e681

SHA512
9c98183e4ac091d3a1cff77157fa00059897f8202eb5e5e9cc762bc6d64d8737cdac653f65440b13388c63567f609a6768bc29987e2d66cdbd2dc26aa8610343

Download Submit
C:\Windows\System\ZsTsTRW.exe
Filesize
1013KB

MD5
575ca83adc7d4540ceae9169f0fae85b

SHA1
36594eae29ed19feec374c1a4d6194c8c0956acb

SHA256
8bc22396eb3587d6344bdb0425cbb089af5291f4e7c2d8dd116118938ec9151d

SHA512
2bf47a958c71659942853a16a6e75374cf3415af90ecc584ecc4a0fbc32548c5f7fa6529aa066ffe89f8d54a845d70059b53678c6d28a8c539cba81269403ce8

Download Submit
C:\Windows\System\aWLOejk.exe
Filesize
1016KB

MD5
096f5d5e97d00016da3fe70e9dbd436f

SHA1
64b713f3d689cdf45160846eff5a3412ccd1ae79

SHA256
91925d0e2cb93e9a883a6d0f67a9c6f163db5ed4851c0e285c2295b8999393f0

SHA512
41e8979d284076f3e1afdba008f186d13fd2ac7f9582fba54526a651733f4929d704eb23fb1d554ec0e4abfa2db474291bee2a7e4559878165d8b8b42a2adbf8

Download Submit
C:\Windows\System\daKOBHR.exe
Filesize
1015KB

MD5
d18366294e3fa1c71904988b3d104009

SHA1
ac41bc20b17549e6364e65c25df50006437d3ab9

SHA256
d25d970216b2cde6fec3cdca75a3d89e269456f93120833e81666517006824fa

SHA512
56edba3ea6e721c3d209b29fa14454d97430770193ced602cfba9dfe3ddf20735aece79f1d996adb5b84cde1f4e400520dc256f6d7424636b4546b92e62094e3

Download Submit
C:\Windows\System\eslIzlg.exe
Filesize
1017KB

MD5
1b8e1cbc4545c7857f996e30ea75ce08

SHA1
6c2a01162556b84efc1ac914e6df158bba649062

SHA256
f273b58b6946d412300a659fe14da37a0facb7db7fb35d7d62adff23e445b6b8

SHA512
c428387a1153301894fd37011684f02b8de5583a233f0f0e11ba3a0e62805d712d3701afe243433acbc28afa9be7eaff9b5d1f083a818b100e347f6491ef0e43

Download Submit
C:\Windows\System\jAMSXpD.exe
Filesize
1011KB

MD5
7554f628b9c6142194dc7768433eb2ed

SHA1
20e6b01ab7652d40e467d22c73ea298e9c242f5d

SHA256
0005b3e1fde9cce44e82da0eb8e70958c5e9442db9daf13ad9d15d9fb8772432

SHA512
b9944ced1098137b0f8c825dabbde24d7ff9f1f5a471060804555abd3d4c30bdc2803915f7b8a4f1738bb714acacf6149df354117aa933213a67ef8776c32b5e

Download Submit
C:\Windows\System\karhspJ.exe
Filesize
1010KB

MD5
00c55a9093809f062d276a02556d15fc

SHA1
d3bcbbc00da25eae6be9a23a6b16b4eb55e68759

SHA256
9b5b7943c4a1f1c8538dd35e6a65d8f740d6fb1a24fae0bbd904471245296855

SHA512
4827c92cadb06e29e9d290ff57314f912780b591a9d085871c5f1992e8264c6a239851e2d8438f668e1f473297d3731fb30e115e234329654e4dec94d2b0b605

Download Submit
C:\Windows\System\mfdOkIw.exe
Filesize
1015KB

MD5
cd816a3ae4dc939686495f2ea5272cdb

SHA1
4f6f8ea35318851a7fb7dc1eccbf6ad89f0ac6d4

SHA256
335b51fbd957383be09d1b915315acc8927c1b44d5cdac5752082adb05a00114

SHA512
3c908a520f503be098c363ee755c5d27e46c4f0436fd9ae2d77a5762be1e0f5f9338828d7215c3ff377413e01beb28f1f6af049b7d4cdcc9fd4d763f1f06095e

Download Submit
C:\Windows\System\nduDFHY.exe
Filesize
1011KB

MD5
65178241a1994b5451c9a069c1a10a3c

SHA1
df1f68460fcf2b438429dfc201e0bdcf4e52eec6

SHA256
6c10f72ac9a78139bada5cb2f96242a545237c468f7cf3872fb1ca466804e637

SHA512
3cec426645ababf7f9ae2a59eeec94bec2315ed3f31fc0f6f594410083965c9695129bd39c541bc44008c30c5a1738a5ac6c013291087bb42f8133175fbc23c1

Download Submit
C:\Windows\System\nrErUGy.exe
Filesize
1013KB

MD5
a71a3e95e5103694654680548ac90e0e

SHA1
a552be0274229fc66f7dc2912faefb0c5400b8a3

SHA256
989ba19e4de561a52d6195911c7af01c8834aaef9ad47347b5e7d16558f7a378

SHA512
e4f943a3a511c14b77cde35b9178f2fb5dea134526ff3aa62c5459bbbe1b527ad1f545ffdb8c7a5c9113baf87f128dc98b6cd0405cf96b38544c34f609ca5602

Download Submit
C:\Windows\System\nxdTonp.exe
Filesize
1012KB

MD5
560567076fad2f4dbaa4d1e977a63724

SHA1
2fe8973103cc37bcb909946e495542af76ffbf28

SHA256
ae4425c9e342521925bdf866c60fa408be31aa69634be1d88e413b805aae58bf

SHA512
335ec95a85e246b22364eab5651ecc86fbcc95180903cd04d1e624482be10c3350c31694eb1c970593f8cf6cdaa5ef89069514457efec69c1d993e031be292b8

Download Submit
C:\Windows\System\oxjeBXu.exe
Filesize
1016KB

MD5
162d14dd020d85fd4c1866f462a8cde2

SHA1
892e17ec3eddf3324da3d6facdfa81ca18ea6876

SHA256
5af53049d34bc2284a08760e7a56b2028a2f17599c92ca5463def3e7a37e5b92

SHA512
0730e639f4c95d6c3011e004b75a37c6f05df5e5fb84387e0a7bd668931317ce90bf0be0ecfafdc27cfd01f4ced0d3cdf6348d93d1bc493d40d59a19ec9e69b4

Download Submit
C:\Windows\System\phDeYZn.exe
Filesize
1011KB

MD5
ad5e9abbc345f9cb1a2e7db98383cf1c

SHA1
516ab752d6c138ba6eb21c1bcfcc6882b87c2e79

SHA256
d4edaacf1059c7c8e257264c84c1fa69797837a744414709d7391da8e0fc0542

SHA512
e4ace612c14fd7fed64757befea238d418cfc29f90e45b264462877ffcc3144afd5df7e72740c306a557f83747b074bffb82209b08b1bdd329bafc5812dc4cff

Download Submit
C:\Windows\System\rNWXLdA.exe
Filesize
1013KB

MD5
1666d651cbdc6251b6302a9ee3b53c6e

SHA1
e3f4e89f70587099907d86d4579465aef944e6e2

SHA256
5f30f108faa261f0e8a643271f4999619476dfd3a2f4d0904e033a24acad3681

SHA512
595e57b8694fd94948064795898e3ab11102252a85dd9e24116f34cf326c1ef185ee2f8e6508dc743e9f946edf3724114203a7a851bf4c82b5329cc8ca3dd4ce

Download Submit
C:\Windows\System\xExfEMs.exe
Filesize
1017KB

MD5
430a94002c3f916517639be1c81b249d

SHA1
99f3462a974ac94677f6c47870e2519cd0234a13

SHA256
9d56abd2811835508a9d98a704e12fe4e62cea0a9b75cea2f914583bfafe63d6

SHA512
36ff6f602a945f3ae9459666a71caf1d29c8311416533536f44f30a01e9a1f5a149719a51d00d84bf6a9d09d848f5bbbe910a5aa98e30c3aaeeb7c7035b8d15b

Download Submit
C:\Windows\System\zSKIpnK.exe
Filesize
1010KB

MD5
9ffbf8276ca720a20c379feb9cc04c80

SHA1
7ae3e4098d7189766e8f07c766376d94216177fb

SHA256
b3f689f94f361ff91783b0681b0b268fb68dd10940c761bc32b9e1870e05f05e

SHA512
9750cebcf6fb615eb03043f2bd58bcfb0df7a97c42b25ec495cf9e873d368769e237b32a612fe4428d77ece3bfa2237df10db80064c3d590b798235f4c269f03

Download Submit
memory/2616-0-0x000001F2C7F40000-0x000001F2C7F50000-memory.dmp

Filesize
64KB

Download