426a548249bc3cafcf347ab32636f999c4dcd84598d7add7f3cce5816e978e79

Analysis

max time kernel
150s
max time network
148s
platform
windows10-2004_x64
resource
win10v2004-20220901-en
resource tags

arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
submitted
06/11/2022, 06:28 UTC

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

426a548249bc3cafcf347ab32636f999c4dcd84598d7add7f3cce5816e978e79.exe
Size

500KB
MD5

3347552aa09c4c82643bb8208f10dfe0
SHA1

455c324106cce3ea37fc3620bcacd96311f4d1ab
SHA256

426a548249bc3cafcf347ab32636f999c4dcd84598d7add7f3cce5816e978e79
SHA512

6c98c94e39dc9b6672dee53298cd32bd2af79df4dd93258c693514a311560a6bf04e2efed4d26d431eceb8ee30c11694cbfd361471752e8370ede694de91a789
SSDEEP

12288:e+vMwQh85td43o3XD9b3wgGY8QKqRWFn5:e+EwFtdXD1ggGY8F15

Score

10^/10

evasion

Malware Config

Signatures

Modifies firewall policy service 2 TTPs 4 IoCs

evasion

Modify Registry

T1112

Modify Existing Service

T1031

description	ioc	Process
Key created	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List	426a548249bc3cafcf347ab32636f999c4dcd84598d7add7f3cce5816e978e79.exe
Key created	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile	426a548249bc3cafcf347ab32636f999c4dcd84598d7add7f3cce5816e978e79.exe
Key created	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications	426a548249bc3cafcf347ab32636f999c4dcd84598d7add7f3cce5816e978e79.exe
Set value (str)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\C:\Users\Admin\AppData\Local\Temp\426a548249bc3cafcf347ab32636f999c4dcd84598d7add7f3cce5816e978e79.exe = "C:\\Users\\Admin\\AppData\\Local\\Temp\\426a548249bc3cafcf347ab32636f999c4dcd84598d7add7f3cce5816e978e79.exe:*:enabled:@shell32.dll,-1"	426a548249bc3cafcf347ab32636f999c4dcd84598d7add7f3cce5816e978e79.exe

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\Control Panel\International\Geo\Nation	426a548249bc3cafcf347ab32636f999c4dcd84598d7add7f3cce5816e978e79.exe

Enumerates connected drives 3 TTPs 22 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\W:	426a548249bc3cafcf347ab32636f999c4dcd84598d7add7f3cce5816e978e79.exe
File opened (read-only)	\??\H:	426a548249bc3cafcf347ab32636f999c4dcd84598d7add7f3cce5816e978e79.exe
File opened (read-only)	\??\K:	426a548249bc3cafcf347ab32636f999c4dcd84598d7add7f3cce5816e978e79.exe
File opened (read-only)	\??\L:	426a548249bc3cafcf347ab32636f999c4dcd84598d7add7f3cce5816e978e79.exe
File opened (read-only)	\??\M:	426a548249bc3cafcf347ab32636f999c4dcd84598d7add7f3cce5816e978e79.exe
File opened (read-only)	\??\Q:	426a548249bc3cafcf347ab32636f999c4dcd84598d7add7f3cce5816e978e79.exe
File opened (read-only)	\??\Y:	426a548249bc3cafcf347ab32636f999c4dcd84598d7add7f3cce5816e978e79.exe
File opened (read-only)	\??\F:	426a548249bc3cafcf347ab32636f999c4dcd84598d7add7f3cce5816e978e79.exe
File opened (read-only)	\??\J:	426a548249bc3cafcf347ab32636f999c4dcd84598d7add7f3cce5816e978e79.exe
File opened (read-only)	\??\R:	426a548249bc3cafcf347ab32636f999c4dcd84598d7add7f3cce5816e978e79.exe
File opened (read-only)	\??\T:	426a548249bc3cafcf347ab32636f999c4dcd84598d7add7f3cce5816e978e79.exe
File opened (read-only)	\??\U:	426a548249bc3cafcf347ab32636f999c4dcd84598d7add7f3cce5816e978e79.exe
File opened (read-only)	\??\G:	426a548249bc3cafcf347ab32636f999c4dcd84598d7add7f3cce5816e978e79.exe
File opened (read-only)	\??\I:	426a548249bc3cafcf347ab32636f999c4dcd84598d7add7f3cce5816e978e79.exe
File opened (read-only)	\??\N:	426a548249bc3cafcf347ab32636f999c4dcd84598d7add7f3cce5816e978e79.exe
File opened (read-only)	\??\S:	426a548249bc3cafcf347ab32636f999c4dcd84598d7add7f3cce5816e978e79.exe
File opened (read-only)	\??\Z:	426a548249bc3cafcf347ab32636f999c4dcd84598d7add7f3cce5816e978e79.exe
File opened (read-only)	\??\E:	426a548249bc3cafcf347ab32636f999c4dcd84598d7add7f3cce5816e978e79.exe
File opened (read-only)	\??\O:	426a548249bc3cafcf347ab32636f999c4dcd84598d7add7f3cce5816e978e79.exe
File opened (read-only)	\??\P:	426a548249bc3cafcf347ab32636f999c4dcd84598d7add7f3cce5816e978e79.exe
File opened (read-only)	\??\V:	426a548249bc3cafcf347ab32636f999c4dcd84598d7add7f3cce5816e978e79.exe
File opened (read-only)	\??\X:	426a548249bc3cafcf347ab32636f999c4dcd84598d7add7f3cce5816e978e79.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
2836	426a548249bc3cafcf347ab32636f999c4dcd84598d7add7f3cce5816e978e79.exe
2836	426a548249bc3cafcf347ab32636f999c4dcd84598d7add7f3cce5816e978e79.exe
2836	426a548249bc3cafcf347ab32636f999c4dcd84598d7add7f3cce5816e978e79.exe
2836	426a548249bc3cafcf347ab32636f999c4dcd84598d7add7f3cce5816e978e79.exe
2836	426a548249bc3cafcf347ab32636f999c4dcd84598d7add7f3cce5816e978e79.exe
2836	426a548249bc3cafcf347ab32636f999c4dcd84598d7add7f3cce5816e978e79.exe
2836	426a548249bc3cafcf347ab32636f999c4dcd84598d7add7f3cce5816e978e79.exe
2836	426a548249bc3cafcf347ab32636f999c4dcd84598d7add7f3cce5816e978e79.exe
2836	426a548249bc3cafcf347ab32636f999c4dcd84598d7add7f3cce5816e978e79.exe
2836	426a548249bc3cafcf347ab32636f999c4dcd84598d7add7f3cce5816e978e79.exe
2836	426a548249bc3cafcf347ab32636f999c4dcd84598d7add7f3cce5816e978e79.exe
2836	426a548249bc3cafcf347ab32636f999c4dcd84598d7add7f3cce5816e978e79.exe

Suspicious behavior: MapViewOfSection 64 IoCs

pid	Process
2836	426a548249bc3cafcf347ab32636f999c4dcd84598d7add7f3cce5816e978e79.exe
2836	426a548249bc3cafcf347ab32636f999c4dcd84598d7add7f3cce5816e978e79.exe
2836	426a548249bc3cafcf347ab32636f999c4dcd84598d7add7f3cce5816e978e79.exe
2836	426a548249bc3cafcf347ab32636f999c4dcd84598d7add7f3cce5816e978e79.exe
2836	426a548249bc3cafcf347ab32636f999c4dcd84598d7add7f3cce5816e978e79.exe
2836	426a548249bc3cafcf347ab32636f999c4dcd84598d7add7f3cce5816e978e79.exe
2836	426a548249bc3cafcf347ab32636f999c4dcd84598d7add7f3cce5816e978e79.exe
2836	426a548249bc3cafcf347ab32636f999c4dcd84598d7add7f3cce5816e978e79.exe
2836	426a548249bc3cafcf347ab32636f999c4dcd84598d7add7f3cce5816e978e79.exe
2836	426a548249bc3cafcf347ab32636f999c4dcd84598d7add7f3cce5816e978e79.exe
2836	426a548249bc3cafcf347ab32636f999c4dcd84598d7add7f3cce5816e978e79.exe
2836	426a548249bc3cafcf347ab32636f999c4dcd84598d7add7f3cce5816e978e79.exe
2836	426a548249bc3cafcf347ab32636f999c4dcd84598d7add7f3cce5816e978e79.exe
2836	426a548249bc3cafcf347ab32636f999c4dcd84598d7add7f3cce5816e978e79.exe
2836	426a548249bc3cafcf347ab32636f999c4dcd84598d7add7f3cce5816e978e79.exe
2836	426a548249bc3cafcf347ab32636f999c4dcd84598d7add7f3cce5816e978e79.exe
2836	426a548249bc3cafcf347ab32636f999c4dcd84598d7add7f3cce5816e978e79.exe
2836	426a548249bc3cafcf347ab32636f999c4dcd84598d7add7f3cce5816e978e79.exe
2836	426a548249bc3cafcf347ab32636f999c4dcd84598d7add7f3cce5816e978e79.exe
2836	426a548249bc3cafcf347ab32636f999c4dcd84598d7add7f3cce5816e978e79.exe
2836	426a548249bc3cafcf347ab32636f999c4dcd84598d7add7f3cce5816e978e79.exe
2836	426a548249bc3cafcf347ab32636f999c4dcd84598d7add7f3cce5816e978e79.exe
2836	426a548249bc3cafcf347ab32636f999c4dcd84598d7add7f3cce5816e978e79.exe
2836	426a548249bc3cafcf347ab32636f999c4dcd84598d7add7f3cce5816e978e79.exe
2836	426a548249bc3cafcf347ab32636f999c4dcd84598d7add7f3cce5816e978e79.exe
2836	426a548249bc3cafcf347ab32636f999c4dcd84598d7add7f3cce5816e978e79.exe
2836	426a548249bc3cafcf347ab32636f999c4dcd84598d7add7f3cce5816e978e79.exe
2836	426a548249bc3cafcf347ab32636f999c4dcd84598d7add7f3cce5816e978e79.exe
2836	426a548249bc3cafcf347ab32636f999c4dcd84598d7add7f3cce5816e978e79.exe
2836	426a548249bc3cafcf347ab32636f999c4dcd84598d7add7f3cce5816e978e79.exe
2836	426a548249bc3cafcf347ab32636f999c4dcd84598d7add7f3cce5816e978e79.exe
2836	426a548249bc3cafcf347ab32636f999c4dcd84598d7add7f3cce5816e978e79.exe
2836	426a548249bc3cafcf347ab32636f999c4dcd84598d7add7f3cce5816e978e79.exe
2836	426a548249bc3cafcf347ab32636f999c4dcd84598d7add7f3cce5816e978e79.exe
2836	426a548249bc3cafcf347ab32636f999c4dcd84598d7add7f3cce5816e978e79.exe
2836	426a548249bc3cafcf347ab32636f999c4dcd84598d7add7f3cce5816e978e79.exe
2836	426a548249bc3cafcf347ab32636f999c4dcd84598d7add7f3cce5816e978e79.exe
2836	426a548249bc3cafcf347ab32636f999c4dcd84598d7add7f3cce5816e978e79.exe
2836	426a548249bc3cafcf347ab32636f999c4dcd84598d7add7f3cce5816e978e79.exe
2836	426a548249bc3cafcf347ab32636f999c4dcd84598d7add7f3cce5816e978e79.exe
2836	426a548249bc3cafcf347ab32636f999c4dcd84598d7add7f3cce5816e978e79.exe
2836	426a548249bc3cafcf347ab32636f999c4dcd84598d7add7f3cce5816e978e79.exe
2836	426a548249bc3cafcf347ab32636f999c4dcd84598d7add7f3cce5816e978e79.exe
2836	426a548249bc3cafcf347ab32636f999c4dcd84598d7add7f3cce5816e978e79.exe
2836	426a548249bc3cafcf347ab32636f999c4dcd84598d7add7f3cce5816e978e79.exe
2836	426a548249bc3cafcf347ab32636f999c4dcd84598d7add7f3cce5816e978e79.exe
2836	426a548249bc3cafcf347ab32636f999c4dcd84598d7add7f3cce5816e978e79.exe
2836	426a548249bc3cafcf347ab32636f999c4dcd84598d7add7f3cce5816e978e79.exe
2836	426a548249bc3cafcf347ab32636f999c4dcd84598d7add7f3cce5816e978e79.exe
2836	426a548249bc3cafcf347ab32636f999c4dcd84598d7add7f3cce5816e978e79.exe
2836	426a548249bc3cafcf347ab32636f999c4dcd84598d7add7f3cce5816e978e79.exe
2836	426a548249bc3cafcf347ab32636f999c4dcd84598d7add7f3cce5816e978e79.exe
2836	426a548249bc3cafcf347ab32636f999c4dcd84598d7add7f3cce5816e978e79.exe
2836	426a548249bc3cafcf347ab32636f999c4dcd84598d7add7f3cce5816e978e79.exe
2836	426a548249bc3cafcf347ab32636f999c4dcd84598d7add7f3cce5816e978e79.exe
2836	426a548249bc3cafcf347ab32636f999c4dcd84598d7add7f3cce5816e978e79.exe
2836	426a548249bc3cafcf347ab32636f999c4dcd84598d7add7f3cce5816e978e79.exe
2836	426a548249bc3cafcf347ab32636f999c4dcd84598d7add7f3cce5816e978e79.exe
2836	426a548249bc3cafcf347ab32636f999c4dcd84598d7add7f3cce5816e978e79.exe
2836	426a548249bc3cafcf347ab32636f999c4dcd84598d7add7f3cce5816e978e79.exe
2836	426a548249bc3cafcf347ab32636f999c4dcd84598d7add7f3cce5816e978e79.exe
2836	426a548249bc3cafcf347ab32636f999c4dcd84598d7add7f3cce5816e978e79.exe
2836	426a548249bc3cafcf347ab32636f999c4dcd84598d7add7f3cce5816e978e79.exe
2836	426a548249bc3cafcf347ab32636f999c4dcd84598d7add7f3cce5816e978e79.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	2836	426a548249bc3cafcf347ab32636f999c4dcd84598d7add7f3cce5816e978e79.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2836 wrote to memory of 628	2836	426a548249bc3cafcf347ab32636f999c4dcd84598d7add7f3cce5816e978e79.exe	2
PID 2836 wrote to memory of 628	2836	426a548249bc3cafcf347ab32636f999c4dcd84598d7add7f3cce5816e978e79.exe	2
PID 2836 wrote to memory of 628	2836	426a548249bc3cafcf347ab32636f999c4dcd84598d7add7f3cce5816e978e79.exe	2
PID 2836 wrote to memory of 628	2836	426a548249bc3cafcf347ab32636f999c4dcd84598d7add7f3cce5816e978e79.exe	2
PID 2836 wrote to memory of 628	2836	426a548249bc3cafcf347ab32636f999c4dcd84598d7add7f3cce5816e978e79.exe	2
PID 2836 wrote to memory of 628	2836	426a548249bc3cafcf347ab32636f999c4dcd84598d7add7f3cce5816e978e79.exe	2
PID 2836 wrote to memory of 676	2836	426a548249bc3cafcf347ab32636f999c4dcd84598d7add7f3cce5816e978e79.exe	3
PID 2836 wrote to memory of 676	2836	426a548249bc3cafcf347ab32636f999c4dcd84598d7add7f3cce5816e978e79.exe	3
PID 2836 wrote to memory of 676	2836	426a548249bc3cafcf347ab32636f999c4dcd84598d7add7f3cce5816e978e79.exe	3
PID 2836 wrote to memory of 676	2836	426a548249bc3cafcf347ab32636f999c4dcd84598d7add7f3cce5816e978e79.exe	3
PID 2836 wrote to memory of 676	2836	426a548249bc3cafcf347ab32636f999c4dcd84598d7add7f3cce5816e978e79.exe	3
PID 2836 wrote to memory of 676	2836	426a548249bc3cafcf347ab32636f999c4dcd84598d7add7f3cce5816e978e79.exe	3
PID 2836 wrote to memory of 788	2836	426a548249bc3cafcf347ab32636f999c4dcd84598d7add7f3cce5816e978e79.exe	8
PID 2836 wrote to memory of 788	2836	426a548249bc3cafcf347ab32636f999c4dcd84598d7add7f3cce5816e978e79.exe	8
PID 2836 wrote to memory of 788	2836	426a548249bc3cafcf347ab32636f999c4dcd84598d7add7f3cce5816e978e79.exe	8
PID 2836 wrote to memory of 788	2836	426a548249bc3cafcf347ab32636f999c4dcd84598d7add7f3cce5816e978e79.exe	8
PID 2836 wrote to memory of 788	2836	426a548249bc3cafcf347ab32636f999c4dcd84598d7add7f3cce5816e978e79.exe	8
PID 2836 wrote to memory of 788	2836	426a548249bc3cafcf347ab32636f999c4dcd84598d7add7f3cce5816e978e79.exe	8
PID 2836 wrote to memory of 796	2836	426a548249bc3cafcf347ab32636f999c4dcd84598d7add7f3cce5816e978e79.exe	9
PID 2836 wrote to memory of 796	2836	426a548249bc3cafcf347ab32636f999c4dcd84598d7add7f3cce5816e978e79.exe	9
PID 2836 wrote to memory of 796	2836	426a548249bc3cafcf347ab32636f999c4dcd84598d7add7f3cce5816e978e79.exe	9
PID 2836 wrote to memory of 796	2836	426a548249bc3cafcf347ab32636f999c4dcd84598d7add7f3cce5816e978e79.exe	9
PID 2836 wrote to memory of 796	2836	426a548249bc3cafcf347ab32636f999c4dcd84598d7add7f3cce5816e978e79.exe	9
PID 2836 wrote to memory of 796	2836	426a548249bc3cafcf347ab32636f999c4dcd84598d7add7f3cce5816e978e79.exe	9
PID 2836 wrote to memory of 800	2836	426a548249bc3cafcf347ab32636f999c4dcd84598d7add7f3cce5816e978e79.exe	15
PID 2836 wrote to memory of 800	2836	426a548249bc3cafcf347ab32636f999c4dcd84598d7add7f3cce5816e978e79.exe	15
PID 2836 wrote to memory of 800	2836	426a548249bc3cafcf347ab32636f999c4dcd84598d7add7f3cce5816e978e79.exe	15
PID 2836 wrote to memory of 800	2836	426a548249bc3cafcf347ab32636f999c4dcd84598d7add7f3cce5816e978e79.exe	15
PID 2836 wrote to memory of 800	2836	426a548249bc3cafcf347ab32636f999c4dcd84598d7add7f3cce5816e978e79.exe	15
PID 2836 wrote to memory of 800	2836	426a548249bc3cafcf347ab32636f999c4dcd84598d7add7f3cce5816e978e79.exe	15
PID 2836 wrote to memory of 908	2836	426a548249bc3cafcf347ab32636f999c4dcd84598d7add7f3cce5816e978e79.exe	14
PID 2836 wrote to memory of 908	2836	426a548249bc3cafcf347ab32636f999c4dcd84598d7add7f3cce5816e978e79.exe	14
PID 2836 wrote to memory of 908	2836	426a548249bc3cafcf347ab32636f999c4dcd84598d7add7f3cce5816e978e79.exe	14
PID 2836 wrote to memory of 908	2836	426a548249bc3cafcf347ab32636f999c4dcd84598d7add7f3cce5816e978e79.exe	14
PID 2836 wrote to memory of 908	2836	426a548249bc3cafcf347ab32636f999c4dcd84598d7add7f3cce5816e978e79.exe	14
PID 2836 wrote to memory of 908	2836	426a548249bc3cafcf347ab32636f999c4dcd84598d7add7f3cce5816e978e79.exe	14
PID 2836 wrote to memory of 956	2836	426a548249bc3cafcf347ab32636f999c4dcd84598d7add7f3cce5816e978e79.exe	11
PID 2836 wrote to memory of 956	2836	426a548249bc3cafcf347ab32636f999c4dcd84598d7add7f3cce5816e978e79.exe	11
PID 2836 wrote to memory of 956	2836	426a548249bc3cafcf347ab32636f999c4dcd84598d7add7f3cce5816e978e79.exe	11
PID 2836 wrote to memory of 956	2836	426a548249bc3cafcf347ab32636f999c4dcd84598d7add7f3cce5816e978e79.exe	11
PID 2836 wrote to memory of 956	2836	426a548249bc3cafcf347ab32636f999c4dcd84598d7add7f3cce5816e978e79.exe	11
PID 2836 wrote to memory of 956	2836	426a548249bc3cafcf347ab32636f999c4dcd84598d7add7f3cce5816e978e79.exe	11
PID 2836 wrote to memory of 340	2836	426a548249bc3cafcf347ab32636f999c4dcd84598d7add7f3cce5816e978e79.exe	10
PID 2836 wrote to memory of 340	2836	426a548249bc3cafcf347ab32636f999c4dcd84598d7add7f3cce5816e978e79.exe	10
PID 2836 wrote to memory of 340	2836	426a548249bc3cafcf347ab32636f999c4dcd84598d7add7f3cce5816e978e79.exe	10
PID 2836 wrote to memory of 340	2836	426a548249bc3cafcf347ab32636f999c4dcd84598d7add7f3cce5816e978e79.exe	10
PID 2836 wrote to memory of 340	2836	426a548249bc3cafcf347ab32636f999c4dcd84598d7add7f3cce5816e978e79.exe	10
PID 2836 wrote to memory of 340	2836	426a548249bc3cafcf347ab32636f999c4dcd84598d7add7f3cce5816e978e79.exe	10
PID 2836 wrote to memory of 524	2836	426a548249bc3cafcf347ab32636f999c4dcd84598d7add7f3cce5816e978e79.exe	12
PID 2836 wrote to memory of 524	2836	426a548249bc3cafcf347ab32636f999c4dcd84598d7add7f3cce5816e978e79.exe	12
PID 2836 wrote to memory of 524	2836	426a548249bc3cafcf347ab32636f999c4dcd84598d7add7f3cce5816e978e79.exe	12
PID 2836 wrote to memory of 524	2836	426a548249bc3cafcf347ab32636f999c4dcd84598d7add7f3cce5816e978e79.exe	12
PID 2836 wrote to memory of 524	2836	426a548249bc3cafcf347ab32636f999c4dcd84598d7add7f3cce5816e978e79.exe	12
PID 2836 wrote to memory of 524	2836	426a548249bc3cafcf347ab32636f999c4dcd84598d7add7f3cce5816e978e79.exe	12
PID 2836 wrote to memory of 872	2836	426a548249bc3cafcf347ab32636f999c4dcd84598d7add7f3cce5816e978e79.exe	13
PID 2836 wrote to memory of 872	2836	426a548249bc3cafcf347ab32636f999c4dcd84598d7add7f3cce5816e978e79.exe	13
PID 2836 wrote to memory of 872	2836	426a548249bc3cafcf347ab32636f999c4dcd84598d7add7f3cce5816e978e79.exe	13
PID 2836 wrote to memory of 872	2836	426a548249bc3cafcf347ab32636f999c4dcd84598d7add7f3cce5816e978e79.exe	13
PID 2836 wrote to memory of 872	2836	426a548249bc3cafcf347ab32636f999c4dcd84598d7add7f3cce5816e978e79.exe	13
PID 2836 wrote to memory of 872	2836	426a548249bc3cafcf347ab32636f999c4dcd84598d7add7f3cce5816e978e79.exe	13
PID 2836 wrote to memory of 900	2836	426a548249bc3cafcf347ab32636f999c4dcd84598d7add7f3cce5816e978e79.exe	16
PID 2836 wrote to memory of 900	2836	426a548249bc3cafcf347ab32636f999c4dcd84598d7add7f3cce5816e978e79.exe	16
PID 2836 wrote to memory of 900	2836	426a548249bc3cafcf347ab32636f999c4dcd84598d7add7f3cce5816e978e79.exe	16
PID 2836 wrote to memory of 900	2836	426a548249bc3cafcf347ab32636f999c4dcd84598d7add7f3cce5816e978e79.exe	16

C:\Windows\system32\winlogon.exe
winlogon.exe
1⤵
PID:628
- C:\Windows\system32\dwm.exe
  "dwm.exe"
  2⤵
  PID:340
- C:\Windows\system32\fontdrvhost.exe
  "fontdrvhost.exe"
  2⤵
  PID:800

C:\Windows\system32\lsass.exe
C:\Windows\system32\lsass.exe
1⤵
PID:676

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k DcomLaunch -p
1⤵
PID:788
- C:\Windows\System32\RuntimeBroker.exe
  C:\Windows\System32\RuntimeBroker.exe -Embedding
  2⤵
  PID:3416
- C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
  "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
  2⤵
  PID:3504
- C:\Windows\System32\RuntimeBroker.exe
  C:\Windows\System32\RuntimeBroker.exe -Embedding
  2⤵
  PID:4740
- C:\Windows\system32\wbem\wmiprvse.exe
  C:\Windows\system32\wbem\wmiprvse.exe
  2⤵
  PID:2012
- C:\Windows\system32\SppExtComObj.exe
  C:\Windows\system32\SppExtComObj.exe -Embedding
  2⤵
  PID:752
- C:\Windows\system32\DllHost.exe
  C:\Windows\system32\DllHost.exe /Processid:{3EB3C877-1F16-487C-9050-104DBCD66683}
  2⤵
  PID:4420
- C:\Windows\System32\RuntimeBroker.exe
  C:\Windows\System32\RuntimeBroker.exe -Embedding
  2⤵
  PID:3804
- C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
  "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
  2⤵
  PID:3352
- C:\Windows\system32\DllHost.exe
  C:\Windows\system32\DllHost.exe /Processid:{3EB3C877-1F16-487C-9050-104DBCD66683}
  2⤵
  PID:3260

C:\Windows\system32\fontdrvhost.exe
"fontdrvhost.exe"
1⤵
PID:796

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k DcomLaunch -p -s LSM
1⤵
PID:956

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k netsvcs -p -s gpsvc
1⤵
PID:524

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork -p
1⤵
PID:872

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k RPCSS -p
1⤵
PID:908

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted -p -s lmhosts
1⤵
PID:900

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k netsvcs -p -s Schedule
1⤵
PID:1172
- C:\Windows\system32\taskhostw.exe
  taskhostw.exe {222A245B-E637-4AE9-A93F-A59CA119A75E}
  2⤵
  PID:2588

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted -p -s TimeBrokerSvc
1⤵
PID:1052

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k netsvcs -p -s ProfSvc
1⤵
PID:1224

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s NcbService
1⤵
PID:1044

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted -p -s EventLog
1⤵
PID:1272

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k NetworkService -p -s Dnscache
1⤵
PID:1924

C:\Windows\system32\sihost.exe
sihost.exe
1⤵
PID:2372

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k NetworkService -p -s LanmanWorkstation
1⤵
PID:2172

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetworkFirewall -p
1⤵
PID:2152

C:\Windows\System32\spoolsv.exe
C:\Windows\System32\spoolsv.exe
1⤵
PID:2096

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted -s RmSvc
1⤵
PID:2052

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k netsvcs -p -s ShellHWDetection
1⤵
PID:2040

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k appmodel -p -s StateRepository
1⤵
PID:2024

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted -p
1⤵
PID:1932

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k UnistackSvcGroup -s CDPUserSvc
1⤵
PID:2388

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted -p
1⤵
PID:1876

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k LocalService -p -s netprofm
1⤵
PID:1804

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s FontCache
1⤵
PID:1720

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k netsvcs -p -s IKEEXT
1⤵
PID:2428

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k NetworkService -p -s CryptSvc
1⤵
PID:2576

C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe
"C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe" /service
1⤵
PID:2564

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted -p -s PolicyAgent
1⤵
PID:2412

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k netsvcs -p -s LanmanServer
1⤵
PID:2624

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k netsvcs -p -s Winmgmt
1⤵
PID:2684

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -s W32Time
1⤵
PID:4532

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
1⤵
PID:460

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k netsvcs -p -s wlidsvc
1⤵
PID:2476

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k netsvcs -p
1⤵
PID:2268

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k LocalService -p -s LicenseManager
1⤵
PID:4704

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted -p -s WinHttpAutoProxySvc
1⤵
PID:4264

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation -p -s SSDPSRV
1⤵
PID:4928

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s StorSvc
1⤵
PID:2184

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s CDPSvc
1⤵
PID:920

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k ClipboardSvcGroup -p -s cbdhsvc
1⤵
PID:2972

C:\Windows\Explorer.EXE
C:\Windows\Explorer.EXE
1⤵
PID:2548
- C:\Users\Admin\AppData\Local\Temp\426a548249bc3cafcf347ab32636f999c4dcd84598d7add7f3cce5816e978e79.exe
  "C:\Users\Admin\AppData\Local\Temp\426a548249bc3cafcf347ab32636f999c4dcd84598d7add7f3cce5816e978e79.exe"
  2⤵
  - Modifies firewall policy service
  - Checks computer location settings
  - Enumerates connected drives
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: MapViewOfSection
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of WriteProcessMemory
  PID:2836

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k netsvcs -p -s WpnService
1⤵
PID:2696

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s TrkWks
1⤵
PID:2676

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s AudioEndpointBuilder
1⤵
PID:1692

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k NetworkService -p -s NlaSvc
1⤵
PID:1644

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k netsvcs -p -s SENS
1⤵
PID:1628

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted -p -s Dhcp
1⤵
PID:1568

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k netsvcs -p -s Themes
1⤵
PID:1456

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s EventSystem
1⤵
PID:1432

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s nsi
1⤵
PID:1412

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k netsvcs -p -s UserManager
1⤵
PID:1352

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s DispBrokerDesktopSvc
1⤵
PID:1252

Network

DNS

ilo.brenz.pl

426a548249bc3cafcf347ab32636f999c4dcd84598d7add7f3cce5816e978e79.exe

Remote address:

8.8.8.8:53

Request

ilo.brenz.pl

IN A

Response

ilo.brenz.pl

IN A

148.81.111.121
DNS

ant.trenz.pl

426a548249bc3cafcf347ab32636f999c4dcd84598d7add7f3cce5816e978e79.exe

Remote address:

8.8.8.8:53

Request

ant.trenz.pl

IN A

Response

ant.trenz.pl

IN A

148.81.111.121
DNS

zekikg.com

426a548249bc3cafcf347ab32636f999c4dcd84598d7add7f3cce5816e978e79.exe

Remote address:

8.8.8.8:53

Request

zekikg.com

IN A

Response
DNS

wrrllx.com

426a548249bc3cafcf347ab32636f999c4dcd84598d7add7f3cce5816e978e79.exe

Remote address:

8.8.8.8:53

Request

wrrllx.com

IN A

Response
DNS

gdzdto.com

426a548249bc3cafcf347ab32636f999c4dcd84598d7add7f3cce5816e978e79.exe

Remote address:

8.8.8.8:53

Request

gdzdto.com

IN A

Response
DNS

szditu.com

426a548249bc3cafcf347ab32636f999c4dcd84598d7add7f3cce5816e978e79.exe

Remote address:

8.8.8.8:53

Request

szditu.com

IN A

Response
DNS

wgqwan.com

426a548249bc3cafcf347ab32636f999c4dcd84598d7add7f3cce5816e978e79.exe

Remote address:

8.8.8.8:53

Request

wgqwan.com

IN A

Response
DNS

kdulny.com

426a548249bc3cafcf347ab32636f999c4dcd84598d7add7f3cce5816e978e79.exe

Remote address:

8.8.8.8:53

Request

kdulny.com

IN A

Response
DNS

yazooo.com

426a548249bc3cafcf347ab32636f999c4dcd84598d7add7f3cce5816e978e79.exe

Remote address:

8.8.8.8:53

Request

yazooo.com

IN A

Response

yazooo.com

IN CNAME

traff-4.hugedomains.com

traff-4.hugedomains.com

IN CNAME

hdr-nlb8-39c51fa8696874ee.elb.us-east-1.amazonaws.com

hdr-nlb8-39c51fa8696874ee.elb.us-east-1.amazonaws.com

IN A

52.86.6.113

hdr-nlb8-39c51fa8696874ee.elb.us-east-1.amazonaws.com

IN A

3.94.41.167
DNS

bokame.com

426a548249bc3cafcf347ab32636f999c4dcd84598d7add7f3cce5816e978e79.exe

Remote address:

8.8.8.8:53

Request

bokame.com

IN A

Response

bokame.com

IN A

38.48.232.74
DNS

yjbulv.com

426a548249bc3cafcf347ab32636f999c4dcd84598d7add7f3cce5816e978e79.exe

Remote address:

8.8.8.8:53

Request

yjbulv.com

IN A

Response
DNS

yeslpa.com

426a548249bc3cafcf347ab32636f999c4dcd84598d7add7f3cce5816e978e79.exe

Remote address:

8.8.8.8:53

Request

yeslpa.com

IN A

Response
DNS

lwennz.com

426a548249bc3cafcf347ab32636f999c4dcd84598d7add7f3cce5816e978e79.exe

Remote address:

8.8.8.8:53

Request

lwennz.com

IN A

Response
DNS

anqyxx.com

426a548249bc3cafcf347ab32636f999c4dcd84598d7add7f3cce5816e978e79.exe

Remote address:

8.8.8.8:53

Request

anqyxx.com

IN A

Response
DNS

igltje.com

426a548249bc3cafcf347ab32636f999c4dcd84598d7add7f3cce5816e978e79.exe

Remote address:

8.8.8.8:53

Request

igltje.com

IN A

Response
DNS

debyqb.com

426a548249bc3cafcf347ab32636f999c4dcd84598d7add7f3cce5816e978e79.exe

Remote address:

8.8.8.8:53

Request

debyqb.com

IN A

Response
DNS

qiyyys.com

426a548249bc3cafcf347ab32636f999c4dcd84598d7add7f3cce5816e978e79.exe

Remote address:

8.8.8.8:53

Request

qiyyys.com

IN A

Response
DNS

hmopgy.com

426a548249bc3cafcf347ab32636f999c4dcd84598d7add7f3cce5816e978e79.exe

Remote address:

8.8.8.8:53

Request

hmopgy.com

IN A

Response
DNS

xymsuv.com

426a548249bc3cafcf347ab32636f999c4dcd84598d7add7f3cce5816e978e79.exe

Remote address:

8.8.8.8:53

Request

xymsuv.com

IN A

Response
DNS

rbakdq.com

426a548249bc3cafcf347ab32636f999c4dcd84598d7add7f3cce5816e978e79.exe

Remote address:

8.8.8.8:53

Request

rbakdq.com

IN A

Response
DNS

ceaooa.com

426a548249bc3cafcf347ab32636f999c4dcd84598d7add7f3cce5816e978e79.exe

Remote address:

8.8.8.8:53

Request

ceaooa.com

IN A

Response
DNS

ptjpzp.com

426a548249bc3cafcf347ab32636f999c4dcd84598d7add7f3cce5816e978e79.exe

Remote address:

8.8.8.8:53

Request

ptjpzp.com

IN A

Response
DNS

loeuhr.com

426a548249bc3cafcf347ab32636f999c4dcd84598d7add7f3cce5816e978e79.exe

Remote address:

8.8.8.8:53

Request

loeuhr.com

IN A

Response
DNS

lwaqvg.com

426a548249bc3cafcf347ab32636f999c4dcd84598d7add7f3cce5816e978e79.exe

Remote address:

8.8.8.8:53

Request

lwaqvg.com

IN A

Response
DNS

sbuple.com

426a548249bc3cafcf347ab32636f999c4dcd84598d7add7f3cce5816e978e79.exe

Remote address:

8.8.8.8:53

Request

sbuple.com

IN A

Response
DNS

fdzfrd.com

426a548249bc3cafcf347ab32636f999c4dcd84598d7add7f3cce5816e978e79.exe

Remote address:

8.8.8.8:53

Request

fdzfrd.com

IN A

Response
DNS

fsgeeb.com

426a548249bc3cafcf347ab32636f999c4dcd84598d7add7f3cce5816e978e79.exe

Remote address:

8.8.8.8:53

Request

fsgeeb.com

IN A

Response
DNS

fsgeeb.com

426a548249bc3cafcf347ab32636f999c4dcd84598d7add7f3cce5816e978e79.exe

Remote address:

8.8.8.8:53

Request

fsgeeb.com

IN A

Response
DNS

slykys.com

426a548249bc3cafcf347ab32636f999c4dcd84598d7add7f3cce5816e978e79.exe

Remote address:

8.8.8.8:53

Request

slykys.com

IN A

Response
DNS

slykys.com

426a548249bc3cafcf347ab32636f999c4dcd84598d7add7f3cce5816e978e79.exe

Remote address:

8.8.8.8:53

Request

slykys.com

IN A

Response
DNS

ebekqf.com

426a548249bc3cafcf347ab32636f999c4dcd84598d7add7f3cce5816e978e79.exe

Remote address:

8.8.8.8:53

Request

ebekqf.com

IN A

Response
DNS

bcuuif.com

426a548249bc3cafcf347ab32636f999c4dcd84598d7add7f3cce5816e978e79.exe

Remote address:

8.8.8.8:53

Request

bcuuif.com

IN A

Response
DNS

euioys.com

426a548249bc3cafcf347ab32636f999c4dcd84598d7add7f3cce5816e978e79.exe

Remote address:

8.8.8.8:53

Request

euioys.com

IN A

Response
DNS

exiqoq.com

426a548249bc3cafcf347ab32636f999c4dcd84598d7add7f3cce5816e978e79.exe

Remote address:

8.8.8.8:53

Request

exiqoq.com

IN A

Response
DNS

blznum.com

426a548249bc3cafcf347ab32636f999c4dcd84598d7add7f3cce5816e978e79.exe

Remote address:

8.8.8.8:53

Request

blznum.com

IN A

Response
DNS

ghleip.com

426a548249bc3cafcf347ab32636f999c4dcd84598d7add7f3cce5816e978e79.exe

Remote address:

8.8.8.8:53

Request

ghleip.com

IN A

Response
DNS

elybfz.com

426a548249bc3cafcf347ab32636f999c4dcd84598d7add7f3cce5816e978e79.exe

Remote address:

8.8.8.8:53

Request

elybfz.com

IN A

Response
DNS

ukotyo.com

426a548249bc3cafcf347ab32636f999c4dcd84598d7add7f3cce5816e978e79.exe

Remote address:

8.8.8.8:53

Request

ukotyo.com

IN A

Response
DNS

mteviy.com

426a548249bc3cafcf347ab32636f999c4dcd84598d7add7f3cce5816e978e79.exe

Remote address:

8.8.8.8:53

Request

mteviy.com

IN A

Response
DNS

spdyhu.com

426a548249bc3cafcf347ab32636f999c4dcd84598d7add7f3cce5816e978e79.exe

Remote address:

8.8.8.8:53

Request

spdyhu.com

IN A

Response
DNS

laolre.com

426a548249bc3cafcf347ab32636f999c4dcd84598d7add7f3cce5816e978e79.exe

Remote address:

8.8.8.8:53

Request

laolre.com

IN A

Response
DNS

iidipu.com

426a548249bc3cafcf347ab32636f999c4dcd84598d7add7f3cce5816e978e79.exe

Remote address:

8.8.8.8:53

Request

iidipu.com

IN A

Response
DNS

ahtaru.com

426a548249bc3cafcf347ab32636f999c4dcd84598d7add7f3cce5816e978e79.exe

Remote address:

8.8.8.8:53

Request

ahtaru.com

IN A

Response
DNS

tpovfb.com

426a548249bc3cafcf347ab32636f999c4dcd84598d7add7f3cce5816e978e79.exe

Remote address:

8.8.8.8:53

Request

tpovfb.com

IN A

Response
DNS

gexxis.com

426a548249bc3cafcf347ab32636f999c4dcd84598d7add7f3cce5816e978e79.exe

Remote address:

8.8.8.8:53

Request

gexxis.com

IN A

Response
DNS

aeliej.com

426a548249bc3cafcf347ab32636f999c4dcd84598d7add7f3cce5816e978e79.exe

Remote address:

8.8.8.8:53

Request

aeliej.com

IN A

Response
DNS

fuuzon.com

426a548249bc3cafcf347ab32636f999c4dcd84598d7add7f3cce5816e978e79.exe

Remote address:

8.8.8.8:53

Request

fuuzon.com

IN A

Response
DNS

uheoqv.com

426a548249bc3cafcf347ab32636f999c4dcd84598d7add7f3cce5816e978e79.exe

Remote address:

8.8.8.8:53

Request

uheoqv.com

IN A

Response
DNS

tiukux.com

426a548249bc3cafcf347ab32636f999c4dcd84598d7add7f3cce5816e978e79.exe

Remote address:

8.8.8.8:53

Request

tiukux.com

IN A

Response
DNS

rmygrb.com

426a548249bc3cafcf347ab32636f999c4dcd84598d7add7f3cce5816e978e79.exe

Remote address:

8.8.8.8:53

Request

rmygrb.com

IN A

Response
DNS

oztrvy.com

426a548249bc3cafcf347ab32636f999c4dcd84598d7add7f3cce5816e978e79.exe

Remote address:

8.8.8.8:53

Request

oztrvy.com

IN A

Response
DNS

gcpsuo.com

426a548249bc3cafcf347ab32636f999c4dcd84598d7add7f3cce5816e978e79.exe

Remote address:

8.8.8.8:53

Request

gcpsuo.com

IN A

Response
DNS

gcpsuo.com

426a548249bc3cafcf347ab32636f999c4dcd84598d7add7f3cce5816e978e79.exe

Remote address:

8.8.8.8:53

Request

gcpsuo.com

IN A

Response
DNS

yhiisr.com

426a548249bc3cafcf347ab32636f999c4dcd84598d7add7f3cce5816e978e79.exe

Remote address:

8.8.8.8:53

Request

yhiisr.com

IN A

Response
DNS

upsfcs.com

426a548249bc3cafcf347ab32636f999c4dcd84598d7add7f3cce5816e978e79.exe

Remote address:

8.8.8.8:53

Request

upsfcs.com

IN A

Response
DNS

xlgusc.com

426a548249bc3cafcf347ab32636f999c4dcd84598d7add7f3cce5816e978e79.exe

Remote address:

8.8.8.8:53

Request

xlgusc.com

IN A

Response
DNS

dsmjyr.com

426a548249bc3cafcf347ab32636f999c4dcd84598d7add7f3cce5816e978e79.exe

Remote address:

8.8.8.8:53

Request

dsmjyr.com

IN A

Response
DNS

leeuqq.com

426a548249bc3cafcf347ab32636f999c4dcd84598d7add7f3cce5816e978e79.exe

Remote address:

8.8.8.8:53

Request

leeuqq.com

IN A

Response
DNS

amgcie.com

426a548249bc3cafcf347ab32636f999c4dcd84598d7add7f3cce5816e978e79.exe

Remote address:

8.8.8.8:53

Request

amgcie.com

IN A

Response

amgcie.com

IN A

213.186.33.5
DNS

amgcie.com

426a548249bc3cafcf347ab32636f999c4dcd84598d7add7f3cce5816e978e79.exe

Remote address:

8.8.8.8:53

Request

amgcie.com

IN A

Response

amgcie.com

IN A

213.186.33.5
DNS

xwmumu.com

426a548249bc3cafcf347ab32636f999c4dcd84598d7add7f3cce5816e978e79.exe

Remote address:

8.8.8.8:53

Request

xwmumu.com

IN A

Response
DNS

boaioo.com

426a548249bc3cafcf347ab32636f999c4dcd84598d7add7f3cce5816e978e79.exe

Remote address:

8.8.8.8:53

Request

boaioo.com

IN A

Response
DNS

oeqcqv.com

426a548249bc3cafcf347ab32636f999c4dcd84598d7add7f3cce5816e978e79.exe

Remote address:

8.8.8.8:53

Request

oeqcqv.com

IN A

Response
DNS

gcxlum.com

426a548249bc3cafcf347ab32636f999c4dcd84598d7add7f3cce5816e978e79.exe

Remote address:

8.8.8.8:53

Request

gcxlum.com

IN A

Response
DNS

osbhie.com

426a548249bc3cafcf347ab32636f999c4dcd84598d7add7f3cce5816e978e79.exe

Remote address:

8.8.8.8:53

Request

osbhie.com

IN A

Response
DNS

aycbzv.com

426a548249bc3cafcf347ab32636f999c4dcd84598d7add7f3cce5816e978e79.exe

Remote address:

8.8.8.8:53

Request

aycbzv.com

IN A

Response
DNS

suvxia.com

426a548249bc3cafcf347ab32636f999c4dcd84598d7add7f3cce5816e978e79.exe

Remote address:

8.8.8.8:53

Request

suvxia.com

IN A

Response
DNS

aqkgqz.com

426a548249bc3cafcf347ab32636f999c4dcd84598d7add7f3cce5816e978e79.exe

Remote address:

8.8.8.8:53

Request

aqkgqz.com

IN A

Response
DNS

xenkac.com

426a548249bc3cafcf347ab32636f999c4dcd84598d7add7f3cce5816e978e79.exe

Remote address:

8.8.8.8:53

Request

xenkac.com

IN A

Response
DNS

eazucw.com

426a548249bc3cafcf347ab32636f999c4dcd84598d7add7f3cce5816e978e79.exe

Remote address:

8.8.8.8:53

Request

eazucw.com

IN A

Response
DNS

xojgzo.com

426a548249bc3cafcf347ab32636f999c4dcd84598d7add7f3cce5816e978e79.exe

Remote address:

8.8.8.8:53

Request

xojgzo.com

IN A

Response
DNS

yewoay.com

426a548249bc3cafcf347ab32636f999c4dcd84598d7add7f3cce5816e978e79.exe

Remote address:

8.8.8.8:53

Request

yewoay.com

IN A

Response
DNS

pwteva.com

426a548249bc3cafcf347ab32636f999c4dcd84598d7add7f3cce5816e978e79.exe

Remote address:

8.8.8.8:53

Request

pwteva.com

IN A

Response
DNS

zyokeo.com

426a548249bc3cafcf347ab32636f999c4dcd84598d7add7f3cce5816e978e79.exe

Remote address:

8.8.8.8:53

Request

zyokeo.com

IN A

Response
DNS

ehdxdt.com

426a548249bc3cafcf347ab32636f999c4dcd84598d7add7f3cce5816e978e79.exe

Remote address:

8.8.8.8:53

Request

ehdxdt.com

IN A

Response
DNS

aoodox.com

426a548249bc3cafcf347ab32636f999c4dcd84598d7add7f3cce5816e978e79.exe

Remote address:

8.8.8.8:53

Request

aoodox.com

IN A

Response
DNS

oyiaze.com

426a548249bc3cafcf347ab32636f999c4dcd84598d7add7f3cce5816e978e79.exe

Remote address:

8.8.8.8:53

Request

oyiaze.com

IN A

Response
DNS

ituomx.com

426a548249bc3cafcf347ab32636f999c4dcd84598d7add7f3cce5816e978e79.exe

Remote address:

8.8.8.8:53

Request

ituomx.com

IN A

Response
DNS

apusiy.com

426a548249bc3cafcf347ab32636f999c4dcd84598d7add7f3cce5816e978e79.exe

Remote address:

8.8.8.8:53

Request

apusiy.com

IN A

Response
DNS

vebene.com

426a548249bc3cafcf347ab32636f999c4dcd84598d7add7f3cce5816e978e79.exe

Remote address:

8.8.8.8:53

Request

vebene.com

IN A

Response

vebene.com

IN A

198.54.117.242
DNS

vebene.com

426a548249bc3cafcf347ab32636f999c4dcd84598d7add7f3cce5816e978e79.exe

Remote address:

8.8.8.8:53

Request

vebene.com

IN A

Response

vebene.com

IN A

198.54.117.242
DNS

gzbutu.com

426a548249bc3cafcf347ab32636f999c4dcd84598d7add7f3cce5816e978e79.exe

Remote address:

8.8.8.8:53

Request

gzbutu.com

IN A

Response
DNS

oymiys.com

426a548249bc3cafcf347ab32636f999c4dcd84598d7add7f3cce5816e978e79.exe

Remote address:

8.8.8.8:53

Request

oymiys.com

IN A

Response
DNS

yoiygu.com

426a548249bc3cafcf347ab32636f999c4dcd84598d7add7f3cce5816e978e79.exe

Remote address:

8.8.8.8:53

Request

yoiygu.com

IN A

Response
DNS

nyjmca.com

426a548249bc3cafcf347ab32636f999c4dcd84598d7add7f3cce5816e978e79.exe

Remote address:

8.8.8.8:53

Request

nyjmca.com

IN A

Response
DNS

eadwla.com

426a548249bc3cafcf347ab32636f999c4dcd84598d7add7f3cce5816e978e79.exe

Remote address:

8.8.8.8:53

Request

eadwla.com

IN A

Response
DNS

rxuegi.com

426a548249bc3cafcf347ab32636f999c4dcd84598d7add7f3cce5816e978e79.exe

Remote address:

8.8.8.8:53

Request

rxuegi.com

IN A

Response
DNS

ftxwoz.com

426a548249bc3cafcf347ab32636f999c4dcd84598d7add7f3cce5816e978e79.exe

Remote address:

8.8.8.8:53

Request

ftxwoz.com

IN A

Response
DNS

bckjuf.com

426a548249bc3cafcf347ab32636f999c4dcd84598d7add7f3cce5816e978e79.exe

Remote address:

8.8.8.8:53

Request

bckjuf.com

IN A

Response
DNS

uyztke.com

426a548249bc3cafcf347ab32636f999c4dcd84598d7add7f3cce5816e978e79.exe

Remote address:

8.8.8.8:53

Request

uyztke.com

IN A

Response
DNS

uyztke.com

426a548249bc3cafcf347ab32636f999c4dcd84598d7add7f3cce5816e978e79.exe

Remote address:

8.8.8.8:53

Request

uyztke.com

IN A

Response
DNS

ioijfn.com

426a548249bc3cafcf347ab32636f999c4dcd84598d7add7f3cce5816e978e79.exe

Remote address:

8.8.8.8:53

Request

ioijfn.com

IN A

Response
DNS

uzlbfa.com

426a548249bc3cafcf347ab32636f999c4dcd84598d7add7f3cce5816e978e79.exe

Remote address:

8.8.8.8:53

Request

uzlbfa.com

IN A

Response
DNS

puaiyr.com

426a548249bc3cafcf347ab32636f999c4dcd84598d7add7f3cce5816e978e79.exe

Remote address:

8.8.8.8:53

Request

puaiyr.com

IN A

Response
DNS

lixkes.com

426a548249bc3cafcf347ab32636f999c4dcd84598d7add7f3cce5816e978e79.exe

Remote address:

8.8.8.8:53

Request

lixkes.com

IN A

Response
DNS

ceqwkx.com

426a548249bc3cafcf347ab32636f999c4dcd84598d7add7f3cce5816e978e79.exe

Remote address:

8.8.8.8:53

Request

ceqwkx.com

IN A

Response
DNS

mjfoie.com

426a548249bc3cafcf347ab32636f999c4dcd84598d7add7f3cce5816e978e79.exe

Remote address:

8.8.8.8:53

Request

mjfoie.com

IN A

Response
DNS

shiucv.com

426a548249bc3cafcf347ab32636f999c4dcd84598d7add7f3cce5816e978e79.exe

Remote address:

8.8.8.8:53

Request

shiucv.com

IN A

Response
DNS

eahmff.com

426a548249bc3cafcf347ab32636f999c4dcd84598d7add7f3cce5816e978e79.exe

Remote address:

8.8.8.8:53

Request

eahmff.com

IN A

Response
DNS

bmawdl.com

426a548249bc3cafcf347ab32636f999c4dcd84598d7add7f3cce5816e978e79.exe

Remote address:

8.8.8.8:53

Request

bmawdl.com

IN A

Response
DNS

kgmcsq.com

426a548249bc3cafcf347ab32636f999c4dcd84598d7add7f3cce5816e978e79.exe

Remote address:

8.8.8.8:53

Request

kgmcsq.com

IN A

Response
DNS

hcyuuf.com

426a548249bc3cafcf347ab32636f999c4dcd84598d7add7f3cce5816e978e79.exe

Remote address:

8.8.8.8:53

Request

hcyuuf.com

IN A

Response
DNS

wlitfy.com

426a548249bc3cafcf347ab32636f999c4dcd84598d7add7f3cce5816e978e79.exe

Remote address:

8.8.8.8:53

Request

wlitfy.com

IN A

Response
DNS

hsxhtt.com

426a548249bc3cafcf347ab32636f999c4dcd84598d7add7f3cce5816e978e79.exe

Remote address:

8.8.8.8:53

Request

hsxhtt.com

IN A

Response
DNS

iemlgv.com

426a548249bc3cafcf347ab32636f999c4dcd84598d7add7f3cce5816e978e79.exe

Remote address:

8.8.8.8:53

Request

iemlgv.com

IN A

Response
DNS

kyidnl.com

426a548249bc3cafcf347ab32636f999c4dcd84598d7add7f3cce5816e978e79.exe

Remote address:

8.8.8.8:53

Request

kyidnl.com

IN A

Response
DNS

rmkcoa.com

426a548249bc3cafcf347ab32636f999c4dcd84598d7add7f3cce5816e978e79.exe

Remote address:

8.8.8.8:53

Request

rmkcoa.com

IN A

Response
DNS

zmpzic.com

426a548249bc3cafcf347ab32636f999c4dcd84598d7add7f3cce5816e978e79.exe

Remote address:

8.8.8.8:53

Request

zmpzic.com

IN A

Response

148.81.111.121:80

ilo.brenz.pl

426a548249bc3cafcf347ab32636f999c4dcd84598d7add7f3cce5816e978e79.exe

260 B
200 B
5
5
104.80.229.204:443

RuntimeBroker.exe

322 B
7
51.104.15.252:443

OfficeClickToRun.exe

322 B
7
148.81.111.121:80

ant.trenz.pl

426a548249bc3cafcf347ab32636f999c4dcd84598d7add7f3cce5816e978e79.exe

260 B
200 B
5
5
87.248.202.1:80

CryptSvc

322 B
7
87.248.202.1:80

CryptSvc

322 B
7
67.24.33.254:80

CryptSvc

322 B
7
20.73.194.208:443

40 B
1
52.86.6.113:443

yazooo.com

426a548249bc3cafcf347ab32636f999c4dcd84598d7add7f3cce5816e978e79.exe

260 B
5
38.48.232.74:443

bokame.com

426a548249bc3cafcf347ab32636f999c4dcd84598d7add7f3cce5816e978e79.exe

260 B
200 B
5
5
148.81.111.121:80

ant.trenz.pl

426a548249bc3cafcf347ab32636f999c4dcd84598d7add7f3cce5816e978e79.exe

260 B
200 B
5
5
213.186.33.5:443

amgcie.com

426a548249bc3cafcf347ab32636f999c4dcd84598d7add7f3cce5816e978e79.exe

420 B
44 B
9
1
198.54.117.242:443

vebene.com

426a548249bc3cafcf347ab32636f999c4dcd84598d7add7f3cce5816e978e79.exe

190 B
132 B
4
3
148.81.111.121:80

ant.trenz.pl

426a548249bc3cafcf347ab32636f999c4dcd84598d7add7f3cce5816e978e79.exe

260 B
200 B
5
5

8.8.8.8:53

ilo.brenz.pl

dns

426a548249bc3cafcf347ab32636f999c4dcd84598d7add7f3cce5816e978e79.exe

58 B
74 B
1
1

DNS Request

ilo.brenz.pl

DNS Response

148.81.111.121
8.8.8.8:53

ant.trenz.pl

dns

426a548249bc3cafcf347ab32636f999c4dcd84598d7add7f3cce5816e978e79.exe

58 B
74 B
1
1

DNS Request

ant.trenz.pl

DNS Response

148.81.111.121
8.8.8.8:53

zekikg.com

dns

426a548249bc3cafcf347ab32636f999c4dcd84598d7add7f3cce5816e978e79.exe

56 B
129 B
1
1

DNS Request

zekikg.com
8.8.8.8:53

wrrllx.com

dns

426a548249bc3cafcf347ab32636f999c4dcd84598d7add7f3cce5816e978e79.exe

56 B
129 B
1
1

DNS Request

wrrllx.com
8.8.8.8:53

gdzdto.com

dns

426a548249bc3cafcf347ab32636f999c4dcd84598d7add7f3cce5816e978e79.exe

56 B
129 B
1
1

DNS Request

gdzdto.com
8.8.8.8:53

szditu.com

dns

426a548249bc3cafcf347ab32636f999c4dcd84598d7add7f3cce5816e978e79.exe

56 B
129 B
1
1

DNS Request

szditu.com
8.8.8.8:53

wgqwan.com

dns

426a548249bc3cafcf347ab32636f999c4dcd84598d7add7f3cce5816e978e79.exe

56 B
129 B
1
1

DNS Request

wgqwan.com
8.8.8.8:53

kdulny.com

dns

426a548249bc3cafcf347ab32636f999c4dcd84598d7add7f3cce5816e978e79.exe

56 B
129 B
1
1

DNS Request

kdulny.com
8.8.8.8:53

yazooo.com

dns

426a548249bc3cafcf347ab32636f999c4dcd84598d7add7f3cce5816e978e79.exe

56 B
186 B
1
1

DNS Request

yazooo.com

DNS Response

52.86.6.113

3.94.41.167
8.8.8.8:53

bokame.com

dns

426a548249bc3cafcf347ab32636f999c4dcd84598d7add7f3cce5816e978e79.exe

56 B
72 B
1
1

DNS Request

bokame.com

DNS Response

38.48.232.74
8.8.8.8:53

yjbulv.com

dns

426a548249bc3cafcf347ab32636f999c4dcd84598d7add7f3cce5816e978e79.exe

56 B
129 B
1
1

DNS Request

yjbulv.com
8.8.8.8:53

yeslpa.com

dns

426a548249bc3cafcf347ab32636f999c4dcd84598d7add7f3cce5816e978e79.exe

56 B
129 B
1
1

DNS Request

yeslpa.com
8.8.8.8:53

lwennz.com

dns

426a548249bc3cafcf347ab32636f999c4dcd84598d7add7f3cce5816e978e79.exe

56 B
129 B
1
1

DNS Request

lwennz.com
8.8.8.8:53

anqyxx.com

dns

426a548249bc3cafcf347ab32636f999c4dcd84598d7add7f3cce5816e978e79.exe

56 B
129 B
1
1

DNS Request

anqyxx.com
8.8.8.8:53

igltje.com

dns

426a548249bc3cafcf347ab32636f999c4dcd84598d7add7f3cce5816e978e79.exe

56 B
129 B
1
1

DNS Request

igltje.com
8.8.8.8:53

debyqb.com

dns

426a548249bc3cafcf347ab32636f999c4dcd84598d7add7f3cce5816e978e79.exe

56 B
129 B
1
1

DNS Request

debyqb.com
8.8.8.8:53

qiyyys.com

dns

426a548249bc3cafcf347ab32636f999c4dcd84598d7add7f3cce5816e978e79.exe

56 B
129 B
1
1

DNS Request

qiyyys.com
8.8.8.8:53

hmopgy.com

dns

426a548249bc3cafcf347ab32636f999c4dcd84598d7add7f3cce5816e978e79.exe

56 B
129 B
1
1

DNS Request

hmopgy.com
8.8.8.8:53

xymsuv.com

dns

426a548249bc3cafcf347ab32636f999c4dcd84598d7add7f3cce5816e978e79.exe

56 B
129 B
1
1

DNS Request

xymsuv.com
8.8.8.8:53

rbakdq.com

dns

426a548249bc3cafcf347ab32636f999c4dcd84598d7add7f3cce5816e978e79.exe

56 B
129 B
1
1

DNS Request

rbakdq.com
8.8.8.8:53

ceaooa.com

dns

426a548249bc3cafcf347ab32636f999c4dcd84598d7add7f3cce5816e978e79.exe

56 B
129 B
1
1

DNS Request

ceaooa.com
8.8.8.8:53

ptjpzp.com

dns

426a548249bc3cafcf347ab32636f999c4dcd84598d7add7f3cce5816e978e79.exe

56 B
129 B
1
1

DNS Request

ptjpzp.com
8.8.8.8:53

loeuhr.com

dns

426a548249bc3cafcf347ab32636f999c4dcd84598d7add7f3cce5816e978e79.exe

56 B
129 B
1
1

DNS Request

loeuhr.com
8.8.8.8:53

lwaqvg.com

dns

426a548249bc3cafcf347ab32636f999c4dcd84598d7add7f3cce5816e978e79.exe

56 B
129 B
1
1

DNS Request

lwaqvg.com
8.8.8.8:53

sbuple.com

dns

426a548249bc3cafcf347ab32636f999c4dcd84598d7add7f3cce5816e978e79.exe

56 B
129 B
1
1

DNS Request

sbuple.com
8.8.8.8:53

fdzfrd.com

dns

426a548249bc3cafcf347ab32636f999c4dcd84598d7add7f3cce5816e978e79.exe

56 B
129 B
1
1

DNS Request

fdzfrd.com
8.8.8.8:53

fsgeeb.com

dns

426a548249bc3cafcf347ab32636f999c4dcd84598d7add7f3cce5816e978e79.exe

112 B
258 B
2
2

DNS Request

fsgeeb.com

DNS Request

fsgeeb.com
8.8.8.8:53

slykys.com

dns

426a548249bc3cafcf347ab32636f999c4dcd84598d7add7f3cce5816e978e79.exe

112 B
112 B
2
2

DNS Request

slykys.com

DNS Request

slykys.com
8.8.8.8:53

ebekqf.com

dns

426a548249bc3cafcf347ab32636f999c4dcd84598d7add7f3cce5816e978e79.exe

56 B
129 B
1
1

DNS Request

ebekqf.com
8.8.8.8:53

bcuuif.com

dns

426a548249bc3cafcf347ab32636f999c4dcd84598d7add7f3cce5816e978e79.exe

56 B
129 B
1
1

DNS Request

bcuuif.com
8.8.8.8:53

euioys.com

dns

426a548249bc3cafcf347ab32636f999c4dcd84598d7add7f3cce5816e978e79.exe

56 B
129 B
1
1

DNS Request

euioys.com
8.8.8.8:53

exiqoq.com

dns

426a548249bc3cafcf347ab32636f999c4dcd84598d7add7f3cce5816e978e79.exe

56 B
129 B
1
1

DNS Request

exiqoq.com
8.8.8.8:53

blznum.com

dns

426a548249bc3cafcf347ab32636f999c4dcd84598d7add7f3cce5816e978e79.exe

56 B
129 B
1
1

DNS Request

blznum.com
8.8.8.8:53

ghleip.com

dns

426a548249bc3cafcf347ab32636f999c4dcd84598d7add7f3cce5816e978e79.exe

56 B
129 B
1
1

DNS Request

ghleip.com
8.8.8.8:53

elybfz.com

dns

426a548249bc3cafcf347ab32636f999c4dcd84598d7add7f3cce5816e978e79.exe

56 B
129 B
1
1

DNS Request

elybfz.com
8.8.8.8:53

ukotyo.com

dns

426a548249bc3cafcf347ab32636f999c4dcd84598d7add7f3cce5816e978e79.exe

56 B
129 B
1
1

DNS Request

ukotyo.com
8.8.8.8:53

mteviy.com

dns

426a548249bc3cafcf347ab32636f999c4dcd84598d7add7f3cce5816e978e79.exe

56 B
129 B
1
1

DNS Request

mteviy.com
8.8.8.8:53

spdyhu.com

dns

426a548249bc3cafcf347ab32636f999c4dcd84598d7add7f3cce5816e978e79.exe

56 B
129 B
1
1

DNS Request

spdyhu.com
8.8.8.8:53

laolre.com

dns

426a548249bc3cafcf347ab32636f999c4dcd84598d7add7f3cce5816e978e79.exe

56 B
129 B
1
1

DNS Request

laolre.com
8.8.8.8:53

iidipu.com

dns

426a548249bc3cafcf347ab32636f999c4dcd84598d7add7f3cce5816e978e79.exe

56 B
129 B
1
1

DNS Request

iidipu.com
8.8.8.8:53

ahtaru.com

dns

426a548249bc3cafcf347ab32636f999c4dcd84598d7add7f3cce5816e978e79.exe

56 B
129 B
1
1

DNS Request

ahtaru.com
8.8.8.8:53

tpovfb.com

dns

426a548249bc3cafcf347ab32636f999c4dcd84598d7add7f3cce5816e978e79.exe

56 B
129 B
1
1

DNS Request

tpovfb.com
8.8.8.8:53

gexxis.com

dns

426a548249bc3cafcf347ab32636f999c4dcd84598d7add7f3cce5816e978e79.exe

56 B
129 B
1
1

DNS Request

gexxis.com
8.8.8.8:53

aeliej.com

dns

426a548249bc3cafcf347ab32636f999c4dcd84598d7add7f3cce5816e978e79.exe

56 B
129 B
1
1

DNS Request

aeliej.com
8.8.8.8:53

fuuzon.com

dns

426a548249bc3cafcf347ab32636f999c4dcd84598d7add7f3cce5816e978e79.exe

56 B
129 B
1
1

DNS Request

fuuzon.com
8.8.8.8:53

uheoqv.com

dns

426a548249bc3cafcf347ab32636f999c4dcd84598d7add7f3cce5816e978e79.exe

56 B
129 B
1
1

DNS Request

uheoqv.com
8.8.8.8:53

tiukux.com

dns

426a548249bc3cafcf347ab32636f999c4dcd84598d7add7f3cce5816e978e79.exe

56 B
129 B
1
1

DNS Request

tiukux.com
8.8.8.8:53

rmygrb.com

dns

426a548249bc3cafcf347ab32636f999c4dcd84598d7add7f3cce5816e978e79.exe

56 B
129 B
1
1

DNS Request

rmygrb.com
8.8.8.8:53

oztrvy.com

dns

426a548249bc3cafcf347ab32636f999c4dcd84598d7add7f3cce5816e978e79.exe

56 B
129 B
1
1

DNS Request

oztrvy.com
8.8.8.8:53

gcpsuo.com

dns

426a548249bc3cafcf347ab32636f999c4dcd84598d7add7f3cce5816e978e79.exe

112 B
258 B
2
2

DNS Request

gcpsuo.com

DNS Request

gcpsuo.com
8.8.8.8:53

yhiisr.com

dns

426a548249bc3cafcf347ab32636f999c4dcd84598d7add7f3cce5816e978e79.exe

56 B
129 B
1
1

DNS Request

yhiisr.com
8.8.8.8:53

upsfcs.com

dns

426a548249bc3cafcf347ab32636f999c4dcd84598d7add7f3cce5816e978e79.exe

56 B
129 B
1
1

DNS Request

upsfcs.com
8.8.8.8:53

xlgusc.com

dns

426a548249bc3cafcf347ab32636f999c4dcd84598d7add7f3cce5816e978e79.exe

56 B
129 B
1
1

DNS Request

xlgusc.com
8.8.8.8:53

dsmjyr.com

dns

426a548249bc3cafcf347ab32636f999c4dcd84598d7add7f3cce5816e978e79.exe

56 B
129 B
1
1

DNS Request

dsmjyr.com
8.8.8.8:53

leeuqq.com

dns

426a548249bc3cafcf347ab32636f999c4dcd84598d7add7f3cce5816e978e79.exe

56 B
129 B
1
1

DNS Request

leeuqq.com
8.8.8.8:53

amgcie.com

dns

426a548249bc3cafcf347ab32636f999c4dcd84598d7add7f3cce5816e978e79.exe

112 B
144 B
2
2

DNS Request

amgcie.com

DNS Request

amgcie.com

DNS Response

213.186.33.5

DNS Response

213.186.33.5
8.8.8.8:53

xwmumu.com

dns

426a548249bc3cafcf347ab32636f999c4dcd84598d7add7f3cce5816e978e79.exe

56 B
129 B
1
1

DNS Request

xwmumu.com
8.8.8.8:53

boaioo.com

dns

426a548249bc3cafcf347ab32636f999c4dcd84598d7add7f3cce5816e978e79.exe

56 B
129 B
1
1

DNS Request

boaioo.com
8.8.8.8:53

oeqcqv.com

dns

426a548249bc3cafcf347ab32636f999c4dcd84598d7add7f3cce5816e978e79.exe

56 B
129 B
1
1

DNS Request

oeqcqv.com
8.8.8.8:53

gcxlum.com

dns

426a548249bc3cafcf347ab32636f999c4dcd84598d7add7f3cce5816e978e79.exe

56 B
129 B
1
1

DNS Request

gcxlum.com
8.8.8.8:53

osbhie.com

dns

426a548249bc3cafcf347ab32636f999c4dcd84598d7add7f3cce5816e978e79.exe

56 B
129 B
1
1

DNS Request

osbhie.com
8.8.8.8:53

aycbzv.com

dns

426a548249bc3cafcf347ab32636f999c4dcd84598d7add7f3cce5816e978e79.exe

56 B
129 B
1
1

DNS Request

aycbzv.com
8.8.8.8:53

suvxia.com

dns

426a548249bc3cafcf347ab32636f999c4dcd84598d7add7f3cce5816e978e79.exe

56 B
129 B
1
1

DNS Request

suvxia.com
8.8.8.8:53

aqkgqz.com

dns

426a548249bc3cafcf347ab32636f999c4dcd84598d7add7f3cce5816e978e79.exe

56 B
129 B
1
1

DNS Request

aqkgqz.com
8.8.8.8:53

xenkac.com

dns

426a548249bc3cafcf347ab32636f999c4dcd84598d7add7f3cce5816e978e79.exe

56 B
129 B
1
1

DNS Request

xenkac.com
8.8.8.8:53

eazucw.com

dns

426a548249bc3cafcf347ab32636f999c4dcd84598d7add7f3cce5816e978e79.exe

56 B
129 B
1
1

DNS Request

eazucw.com
8.8.8.8:53

xojgzo.com

dns

426a548249bc3cafcf347ab32636f999c4dcd84598d7add7f3cce5816e978e79.exe

56 B
129 B
1
1

DNS Request

xojgzo.com
8.8.8.8:53

yewoay.com

dns

426a548249bc3cafcf347ab32636f999c4dcd84598d7add7f3cce5816e978e79.exe

56 B
129 B
1
1

DNS Request

yewoay.com
8.8.8.8:53

pwteva.com

dns

426a548249bc3cafcf347ab32636f999c4dcd84598d7add7f3cce5816e978e79.exe

56 B
129 B
1
1

DNS Request

pwteva.com
8.8.8.8:53

zyokeo.com

dns

426a548249bc3cafcf347ab32636f999c4dcd84598d7add7f3cce5816e978e79.exe

56 B
129 B
1
1

DNS Request

zyokeo.com
8.8.8.8:53

ehdxdt.com

dns

426a548249bc3cafcf347ab32636f999c4dcd84598d7add7f3cce5816e978e79.exe

56 B
129 B
1
1

DNS Request

ehdxdt.com
8.8.8.8:53

aoodox.com

dns

426a548249bc3cafcf347ab32636f999c4dcd84598d7add7f3cce5816e978e79.exe

56 B
129 B
1
1

DNS Request

aoodox.com
8.8.8.8:53

oyiaze.com

dns

426a548249bc3cafcf347ab32636f999c4dcd84598d7add7f3cce5816e978e79.exe

56 B
129 B
1
1

DNS Request

oyiaze.com
8.8.8.8:53

ituomx.com

dns

426a548249bc3cafcf347ab32636f999c4dcd84598d7add7f3cce5816e978e79.exe

56 B
129 B
1
1

DNS Request

ituomx.com
8.8.8.8:53

apusiy.com

dns

426a548249bc3cafcf347ab32636f999c4dcd84598d7add7f3cce5816e978e79.exe

56 B
129 B
1
1

DNS Request

apusiy.com
8.8.8.8:53

vebene.com

dns

426a548249bc3cafcf347ab32636f999c4dcd84598d7add7f3cce5816e978e79.exe

112 B
144 B
2
2

DNS Request

vebene.com

DNS Request

vebene.com

DNS Response

198.54.117.242

DNS Response

198.54.117.242
8.8.8.8:53

gzbutu.com

dns

426a548249bc3cafcf347ab32636f999c4dcd84598d7add7f3cce5816e978e79.exe

56 B
129 B
1
1

DNS Request

gzbutu.com
8.8.8.8:53

oymiys.com

dns

426a548249bc3cafcf347ab32636f999c4dcd84598d7add7f3cce5816e978e79.exe

56 B
129 B
1
1

DNS Request

oymiys.com
8.8.8.8:53

yoiygu.com

dns

426a548249bc3cafcf347ab32636f999c4dcd84598d7add7f3cce5816e978e79.exe

56 B
129 B
1
1

DNS Request

yoiygu.com
8.8.8.8:53

nyjmca.com

dns

426a548249bc3cafcf347ab32636f999c4dcd84598d7add7f3cce5816e978e79.exe

56 B
129 B
1
1

DNS Request

nyjmca.com
8.8.8.8:53

eadwla.com

dns

426a548249bc3cafcf347ab32636f999c4dcd84598d7add7f3cce5816e978e79.exe

56 B
129 B
1
1

DNS Request

eadwla.com
8.8.8.8:53

rxuegi.com

dns

426a548249bc3cafcf347ab32636f999c4dcd84598d7add7f3cce5816e978e79.exe

56 B
129 B
1
1

DNS Request

rxuegi.com
8.8.8.8:53

ftxwoz.com

dns

426a548249bc3cafcf347ab32636f999c4dcd84598d7add7f3cce5816e978e79.exe

56 B
129 B
1
1

DNS Request

ftxwoz.com
8.8.8.8:53

bckjuf.com

dns

426a548249bc3cafcf347ab32636f999c4dcd84598d7add7f3cce5816e978e79.exe

56 B
129 B
1
1

DNS Request

bckjuf.com
8.8.8.8:53

uyztke.com

dns

426a548249bc3cafcf347ab32636f999c4dcd84598d7add7f3cce5816e978e79.exe

112 B
258 B
2
2

DNS Request

uyztke.com

DNS Request

uyztke.com
8.8.8.8:53

ioijfn.com

dns

426a548249bc3cafcf347ab32636f999c4dcd84598d7add7f3cce5816e978e79.exe

56 B
129 B
1
1

DNS Request

ioijfn.com
8.8.8.8:53

uzlbfa.com

dns

426a548249bc3cafcf347ab32636f999c4dcd84598d7add7f3cce5816e978e79.exe

56 B
129 B
1
1

DNS Request

uzlbfa.com
8.8.8.8:53

puaiyr.com

dns

426a548249bc3cafcf347ab32636f999c4dcd84598d7add7f3cce5816e978e79.exe

56 B
129 B
1
1

DNS Request

puaiyr.com
8.8.8.8:53

lixkes.com

dns

426a548249bc3cafcf347ab32636f999c4dcd84598d7add7f3cce5816e978e79.exe

56 B
129 B
1
1

DNS Request

lixkes.com
8.8.8.8:53

ceqwkx.com

dns

426a548249bc3cafcf347ab32636f999c4dcd84598d7add7f3cce5816e978e79.exe

56 B
129 B
1
1

DNS Request

ceqwkx.com
8.8.8.8:53

mjfoie.com

dns

426a548249bc3cafcf347ab32636f999c4dcd84598d7add7f3cce5816e978e79.exe

56 B
129 B
1
1

DNS Request

mjfoie.com
8.8.8.8:53

shiucv.com

dns

426a548249bc3cafcf347ab32636f999c4dcd84598d7add7f3cce5816e978e79.exe

56 B
129 B
1
1

DNS Request

shiucv.com
8.8.8.8:53

eahmff.com

dns

426a548249bc3cafcf347ab32636f999c4dcd84598d7add7f3cce5816e978e79.exe

56 B
129 B
1
1

DNS Request

eahmff.com
8.8.8.8:53

bmawdl.com

dns

426a548249bc3cafcf347ab32636f999c4dcd84598d7add7f3cce5816e978e79.exe

56 B
129 B
1
1

DNS Request

bmawdl.com
8.8.8.8:53

kgmcsq.com

dns

426a548249bc3cafcf347ab32636f999c4dcd84598d7add7f3cce5816e978e79.exe

56 B
129 B
1
1

DNS Request

kgmcsq.com
8.8.8.8:53

hcyuuf.com

dns

426a548249bc3cafcf347ab32636f999c4dcd84598d7add7f3cce5816e978e79.exe

56 B
129 B
1
1

DNS Request

hcyuuf.com
8.8.8.8:53

wlitfy.com

dns

426a548249bc3cafcf347ab32636f999c4dcd84598d7add7f3cce5816e978e79.exe

56 B
129 B
1
1

DNS Request

wlitfy.com
8.8.8.8:53

hsxhtt.com

dns

426a548249bc3cafcf347ab32636f999c4dcd84598d7add7f3cce5816e978e79.exe

56 B
129 B
1
1

DNS Request

hsxhtt.com
8.8.8.8:53

iemlgv.com

dns

426a548249bc3cafcf347ab32636f999c4dcd84598d7add7f3cce5816e978e79.exe

56 B
129 B
1
1

DNS Request

iemlgv.com
8.8.8.8:53

kyidnl.com

dns

426a548249bc3cafcf347ab32636f999c4dcd84598d7add7f3cce5816e978e79.exe

56 B
129 B
1
1

DNS Request

kyidnl.com
8.8.8.8:53

rmkcoa.com

dns

426a548249bc3cafcf347ab32636f999c4dcd84598d7add7f3cce5816e978e79.exe

56 B
129 B
1
1

DNS Request

rmkcoa.com
8.8.8.8:53

zmpzic.com

dns

426a548249bc3cafcf347ab32636f999c4dcd84598d7add7f3cce5816e978e79.exe

56 B
129 B
1
1

DNS Request

zmpzic.com

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

T1031

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2836-132-0x0000000000400000-0x0000000000483000-memory.dmp

Filesize
524KB

Download
memory/2836-133-0x0000000000400000-0x0000000000483000-memory.dmp

Filesize
524KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Response

DNS Response

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request