60e4c77e24a4c565756ad9d919a7b62398588dd960746d97e612fab02f940002

Analysis

max time kernel
175s
max time network
185s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
03/12/2022, 02:10 UTC

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

60e4c77e24a4c565756ad9d919a7b62398588dd960746d97e612fab02f940002.exe
Size

1.3MB
MD5

d6e90a4d38a5b851bf23243877c5abb1
SHA1

fc14b7ee08fe76871a3289d84afb8ad0e8669ba5
SHA256

60e4c77e24a4c565756ad9d919a7b62398588dd960746d97e612fab02f940002
SHA512

ad03f4daac026e2125d80cbb38df5f54672b3917010a87e44d1a1213e41292c22daeefd85a2136a106734b1d2252572d7665b3257cc1a8c75f8d5525d4b412b2
SSDEEP

24576:kdma4y68uYf3E0crD+PhwZ9SmccyHFwDLh4NB:kGqy+XHFwy

Score

10^/10

evasion

Malware Config

Signatures

Modifies firewall policy service 2 TTPs 4 IoCs

evasion

Modify Registry

T1112

Modify Existing Service

T1031

description	ioc	Process
Key created	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile	60e4c77e24a4c565756ad9d919a7b62398588dd960746d97e612fab02f940002.exe
Key created	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications	60e4c77e24a4c565756ad9d919a7b62398588dd960746d97e612fab02f940002.exe
Set value (str)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\C:\Users\Admin\AppData\Local\Temp\60e4c77e24a4c565756ad9d919a7b62398588dd960746d97e612fab02f940002.exe = "C:\\Users\\Admin\\AppData\\Local\\Temp\\60e4c77e24a4c565756ad9d919a7b62398588dd960746d97e612fab02f940002.exe:*:enabled:@shell32.dll,-1"	60e4c77e24a4c565756ad9d919a7b62398588dd960746d97e612fab02f940002.exe
Key created	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List	60e4c77e24a4c565756ad9d919a7b62398588dd960746d97e612fab02f940002.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
540	60e4c77e24a4c565756ad9d919a7b62398588dd960746d97e612fab02f940002.exe
540	60e4c77e24a4c565756ad9d919a7b62398588dd960746d97e612fab02f940002.exe

Suspicious behavior: MapViewOfSection 64 IoCs

pid	Process
540	60e4c77e24a4c565756ad9d919a7b62398588dd960746d97e612fab02f940002.exe
540	60e4c77e24a4c565756ad9d919a7b62398588dd960746d97e612fab02f940002.exe
540	60e4c77e24a4c565756ad9d919a7b62398588dd960746d97e612fab02f940002.exe
540	60e4c77e24a4c565756ad9d919a7b62398588dd960746d97e612fab02f940002.exe
540	60e4c77e24a4c565756ad9d919a7b62398588dd960746d97e612fab02f940002.exe
540	60e4c77e24a4c565756ad9d919a7b62398588dd960746d97e612fab02f940002.exe
540	60e4c77e24a4c565756ad9d919a7b62398588dd960746d97e612fab02f940002.exe
540	60e4c77e24a4c565756ad9d919a7b62398588dd960746d97e612fab02f940002.exe
540	60e4c77e24a4c565756ad9d919a7b62398588dd960746d97e612fab02f940002.exe
540	60e4c77e24a4c565756ad9d919a7b62398588dd960746d97e612fab02f940002.exe
540	60e4c77e24a4c565756ad9d919a7b62398588dd960746d97e612fab02f940002.exe
540	60e4c77e24a4c565756ad9d919a7b62398588dd960746d97e612fab02f940002.exe
540	60e4c77e24a4c565756ad9d919a7b62398588dd960746d97e612fab02f940002.exe
540	60e4c77e24a4c565756ad9d919a7b62398588dd960746d97e612fab02f940002.exe
540	60e4c77e24a4c565756ad9d919a7b62398588dd960746d97e612fab02f940002.exe
540	60e4c77e24a4c565756ad9d919a7b62398588dd960746d97e612fab02f940002.exe
540	60e4c77e24a4c565756ad9d919a7b62398588dd960746d97e612fab02f940002.exe
540	60e4c77e24a4c565756ad9d919a7b62398588dd960746d97e612fab02f940002.exe
540	60e4c77e24a4c565756ad9d919a7b62398588dd960746d97e612fab02f940002.exe
540	60e4c77e24a4c565756ad9d919a7b62398588dd960746d97e612fab02f940002.exe
540	60e4c77e24a4c565756ad9d919a7b62398588dd960746d97e612fab02f940002.exe
540	60e4c77e24a4c565756ad9d919a7b62398588dd960746d97e612fab02f940002.exe
540	60e4c77e24a4c565756ad9d919a7b62398588dd960746d97e612fab02f940002.exe
540	60e4c77e24a4c565756ad9d919a7b62398588dd960746d97e612fab02f940002.exe
540	60e4c77e24a4c565756ad9d919a7b62398588dd960746d97e612fab02f940002.exe
540	60e4c77e24a4c565756ad9d919a7b62398588dd960746d97e612fab02f940002.exe
540	60e4c77e24a4c565756ad9d919a7b62398588dd960746d97e612fab02f940002.exe
540	60e4c77e24a4c565756ad9d919a7b62398588dd960746d97e612fab02f940002.exe
540	60e4c77e24a4c565756ad9d919a7b62398588dd960746d97e612fab02f940002.exe
540	60e4c77e24a4c565756ad9d919a7b62398588dd960746d97e612fab02f940002.exe
540	60e4c77e24a4c565756ad9d919a7b62398588dd960746d97e612fab02f940002.exe
540	60e4c77e24a4c565756ad9d919a7b62398588dd960746d97e612fab02f940002.exe
540	60e4c77e24a4c565756ad9d919a7b62398588dd960746d97e612fab02f940002.exe
540	60e4c77e24a4c565756ad9d919a7b62398588dd960746d97e612fab02f940002.exe
540	60e4c77e24a4c565756ad9d919a7b62398588dd960746d97e612fab02f940002.exe
540	60e4c77e24a4c565756ad9d919a7b62398588dd960746d97e612fab02f940002.exe
540	60e4c77e24a4c565756ad9d919a7b62398588dd960746d97e612fab02f940002.exe
540	60e4c77e24a4c565756ad9d919a7b62398588dd960746d97e612fab02f940002.exe
540	60e4c77e24a4c565756ad9d919a7b62398588dd960746d97e612fab02f940002.exe
540	60e4c77e24a4c565756ad9d919a7b62398588dd960746d97e612fab02f940002.exe
540	60e4c77e24a4c565756ad9d919a7b62398588dd960746d97e612fab02f940002.exe
540	60e4c77e24a4c565756ad9d919a7b62398588dd960746d97e612fab02f940002.exe
540	60e4c77e24a4c565756ad9d919a7b62398588dd960746d97e612fab02f940002.exe
540	60e4c77e24a4c565756ad9d919a7b62398588dd960746d97e612fab02f940002.exe
540	60e4c77e24a4c565756ad9d919a7b62398588dd960746d97e612fab02f940002.exe
540	60e4c77e24a4c565756ad9d919a7b62398588dd960746d97e612fab02f940002.exe
540	60e4c77e24a4c565756ad9d919a7b62398588dd960746d97e612fab02f940002.exe
540	60e4c77e24a4c565756ad9d919a7b62398588dd960746d97e612fab02f940002.exe
540	60e4c77e24a4c565756ad9d919a7b62398588dd960746d97e612fab02f940002.exe
540	60e4c77e24a4c565756ad9d919a7b62398588dd960746d97e612fab02f940002.exe
540	60e4c77e24a4c565756ad9d919a7b62398588dd960746d97e612fab02f940002.exe
540	60e4c77e24a4c565756ad9d919a7b62398588dd960746d97e612fab02f940002.exe
540	60e4c77e24a4c565756ad9d919a7b62398588dd960746d97e612fab02f940002.exe
540	60e4c77e24a4c565756ad9d919a7b62398588dd960746d97e612fab02f940002.exe
540	60e4c77e24a4c565756ad9d919a7b62398588dd960746d97e612fab02f940002.exe
540	60e4c77e24a4c565756ad9d919a7b62398588dd960746d97e612fab02f940002.exe
540	60e4c77e24a4c565756ad9d919a7b62398588dd960746d97e612fab02f940002.exe
540	60e4c77e24a4c565756ad9d919a7b62398588dd960746d97e612fab02f940002.exe
540	60e4c77e24a4c565756ad9d919a7b62398588dd960746d97e612fab02f940002.exe
540	60e4c77e24a4c565756ad9d919a7b62398588dd960746d97e612fab02f940002.exe
540	60e4c77e24a4c565756ad9d919a7b62398588dd960746d97e612fab02f940002.exe
540	60e4c77e24a4c565756ad9d919a7b62398588dd960746d97e612fab02f940002.exe
540	60e4c77e24a4c565756ad9d919a7b62398588dd960746d97e612fab02f940002.exe
540	60e4c77e24a4c565756ad9d919a7b62398588dd960746d97e612fab02f940002.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	540	60e4c77e24a4c565756ad9d919a7b62398588dd960746d97e612fab02f940002.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
540	60e4c77e24a4c565756ad9d919a7b62398588dd960746d97e612fab02f940002.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 540 wrote to memory of 600	540	60e4c77e24a4c565756ad9d919a7b62398588dd960746d97e612fab02f940002.exe	3
PID 540 wrote to memory of 600	540	60e4c77e24a4c565756ad9d919a7b62398588dd960746d97e612fab02f940002.exe	3
PID 540 wrote to memory of 600	540	60e4c77e24a4c565756ad9d919a7b62398588dd960746d97e612fab02f940002.exe	3
PID 540 wrote to memory of 600	540	60e4c77e24a4c565756ad9d919a7b62398588dd960746d97e612fab02f940002.exe	3
PID 540 wrote to memory of 600	540	60e4c77e24a4c565756ad9d919a7b62398588dd960746d97e612fab02f940002.exe	3
PID 540 wrote to memory of 600	540	60e4c77e24a4c565756ad9d919a7b62398588dd960746d97e612fab02f940002.exe	3
PID 540 wrote to memory of 656	540	60e4c77e24a4c565756ad9d919a7b62398588dd960746d97e612fab02f940002.exe	1
PID 540 wrote to memory of 656	540	60e4c77e24a4c565756ad9d919a7b62398588dd960746d97e612fab02f940002.exe	1
PID 540 wrote to memory of 656	540	60e4c77e24a4c565756ad9d919a7b62398588dd960746d97e612fab02f940002.exe	1
PID 540 wrote to memory of 656	540	60e4c77e24a4c565756ad9d919a7b62398588dd960746d97e612fab02f940002.exe	1
PID 540 wrote to memory of 656	540	60e4c77e24a4c565756ad9d919a7b62398588dd960746d97e612fab02f940002.exe	1
PID 540 wrote to memory of 656	540	60e4c77e24a4c565756ad9d919a7b62398588dd960746d97e612fab02f940002.exe	1
PID 540 wrote to memory of 772	540	60e4c77e24a4c565756ad9d919a7b62398588dd960746d97e612fab02f940002.exe	8
PID 540 wrote to memory of 772	540	60e4c77e24a4c565756ad9d919a7b62398588dd960746d97e612fab02f940002.exe	8
PID 540 wrote to memory of 772	540	60e4c77e24a4c565756ad9d919a7b62398588dd960746d97e612fab02f940002.exe	8
PID 540 wrote to memory of 772	540	60e4c77e24a4c565756ad9d919a7b62398588dd960746d97e612fab02f940002.exe	8
PID 540 wrote to memory of 772	540	60e4c77e24a4c565756ad9d919a7b62398588dd960746d97e612fab02f940002.exe	8
PID 540 wrote to memory of 772	540	60e4c77e24a4c565756ad9d919a7b62398588dd960746d97e612fab02f940002.exe	8
PID 540 wrote to memory of 780	540	60e4c77e24a4c565756ad9d919a7b62398588dd960746d97e612fab02f940002.exe	78
PID 540 wrote to memory of 780	540	60e4c77e24a4c565756ad9d919a7b62398588dd960746d97e612fab02f940002.exe	78
PID 540 wrote to memory of 780	540	60e4c77e24a4c565756ad9d919a7b62398588dd960746d97e612fab02f940002.exe	78
PID 540 wrote to memory of 780	540	60e4c77e24a4c565756ad9d919a7b62398588dd960746d97e612fab02f940002.exe	78
PID 540 wrote to memory of 780	540	60e4c77e24a4c565756ad9d919a7b62398588dd960746d97e612fab02f940002.exe	78
PID 540 wrote to memory of 780	540	60e4c77e24a4c565756ad9d919a7b62398588dd960746d97e612fab02f940002.exe	78
PID 540 wrote to memory of 788	540	60e4c77e24a4c565756ad9d919a7b62398588dd960746d97e612fab02f940002.exe	77
PID 540 wrote to memory of 788	540	60e4c77e24a4c565756ad9d919a7b62398588dd960746d97e612fab02f940002.exe	77
PID 540 wrote to memory of 788	540	60e4c77e24a4c565756ad9d919a7b62398588dd960746d97e612fab02f940002.exe	77
PID 540 wrote to memory of 788	540	60e4c77e24a4c565756ad9d919a7b62398588dd960746d97e612fab02f940002.exe	77
PID 540 wrote to memory of 788	540	60e4c77e24a4c565756ad9d919a7b62398588dd960746d97e612fab02f940002.exe	77
PID 540 wrote to memory of 788	540	60e4c77e24a4c565756ad9d919a7b62398588dd960746d97e612fab02f940002.exe	77
PID 540 wrote to memory of 904	540	60e4c77e24a4c565756ad9d919a7b62398588dd960746d97e612fab02f940002.exe	76
PID 540 wrote to memory of 904	540	60e4c77e24a4c565756ad9d919a7b62398588dd960746d97e612fab02f940002.exe	76
PID 540 wrote to memory of 904	540	60e4c77e24a4c565756ad9d919a7b62398588dd960746d97e612fab02f940002.exe	76
PID 540 wrote to memory of 904	540	60e4c77e24a4c565756ad9d919a7b62398588dd960746d97e612fab02f940002.exe	76
PID 540 wrote to memory of 904	540	60e4c77e24a4c565756ad9d919a7b62398588dd960746d97e612fab02f940002.exe	76
PID 540 wrote to memory of 904	540	60e4c77e24a4c565756ad9d919a7b62398588dd960746d97e612fab02f940002.exe	76
PID 540 wrote to memory of 952	540	60e4c77e24a4c565756ad9d919a7b62398588dd960746d97e612fab02f940002.exe	75
PID 540 wrote to memory of 952	540	60e4c77e24a4c565756ad9d919a7b62398588dd960746d97e612fab02f940002.exe	75
PID 540 wrote to memory of 952	540	60e4c77e24a4c565756ad9d919a7b62398588dd960746d97e612fab02f940002.exe	75
PID 540 wrote to memory of 952	540	60e4c77e24a4c565756ad9d919a7b62398588dd960746d97e612fab02f940002.exe	75
PID 540 wrote to memory of 952	540	60e4c77e24a4c565756ad9d919a7b62398588dd960746d97e612fab02f940002.exe	75
PID 540 wrote to memory of 952	540	60e4c77e24a4c565756ad9d919a7b62398588dd960746d97e612fab02f940002.exe	75
PID 540 wrote to memory of 312	540	60e4c77e24a4c565756ad9d919a7b62398588dd960746d97e612fab02f940002.exe	74
PID 540 wrote to memory of 312	540	60e4c77e24a4c565756ad9d919a7b62398588dd960746d97e612fab02f940002.exe	74
PID 540 wrote to memory of 312	540	60e4c77e24a4c565756ad9d919a7b62398588dd960746d97e612fab02f940002.exe	74
PID 540 wrote to memory of 312	540	60e4c77e24a4c565756ad9d919a7b62398588dd960746d97e612fab02f940002.exe	74
PID 540 wrote to memory of 312	540	60e4c77e24a4c565756ad9d919a7b62398588dd960746d97e612fab02f940002.exe	74
PID 540 wrote to memory of 312	540	60e4c77e24a4c565756ad9d919a7b62398588dd960746d97e612fab02f940002.exe	74
PID 540 wrote to memory of 388	540	60e4c77e24a4c565756ad9d919a7b62398588dd960746d97e612fab02f940002.exe	73
PID 540 wrote to memory of 388	540	60e4c77e24a4c565756ad9d919a7b62398588dd960746d97e612fab02f940002.exe	73
PID 540 wrote to memory of 388	540	60e4c77e24a4c565756ad9d919a7b62398588dd960746d97e612fab02f940002.exe	73
PID 540 wrote to memory of 388	540	60e4c77e24a4c565756ad9d919a7b62398588dd960746d97e612fab02f940002.exe	73
PID 540 wrote to memory of 388	540	60e4c77e24a4c565756ad9d919a7b62398588dd960746d97e612fab02f940002.exe	73
PID 540 wrote to memory of 388	540	60e4c77e24a4c565756ad9d919a7b62398588dd960746d97e612fab02f940002.exe	73
PID 540 wrote to memory of 608	540	60e4c77e24a4c565756ad9d919a7b62398588dd960746d97e612fab02f940002.exe	72
PID 540 wrote to memory of 608	540	60e4c77e24a4c565756ad9d919a7b62398588dd960746d97e612fab02f940002.exe	72
PID 540 wrote to memory of 608	540	60e4c77e24a4c565756ad9d919a7b62398588dd960746d97e612fab02f940002.exe	72
PID 540 wrote to memory of 608	540	60e4c77e24a4c565756ad9d919a7b62398588dd960746d97e612fab02f940002.exe	72
PID 540 wrote to memory of 608	540	60e4c77e24a4c565756ad9d919a7b62398588dd960746d97e612fab02f940002.exe	72
PID 540 wrote to memory of 608	540	60e4c77e24a4c565756ad9d919a7b62398588dd960746d97e612fab02f940002.exe	72
PID 540 wrote to memory of 948	540	60e4c77e24a4c565756ad9d919a7b62398588dd960746d97e612fab02f940002.exe	9
PID 540 wrote to memory of 948	540	60e4c77e24a4c565756ad9d919a7b62398588dd960746d97e612fab02f940002.exe	9
PID 540 wrote to memory of 948	540	60e4c77e24a4c565756ad9d919a7b62398588dd960746d97e612fab02f940002.exe	9
PID 540 wrote to memory of 948	540	60e4c77e24a4c565756ad9d919a7b62398588dd960746d97e612fab02f940002.exe	9

C:\Windows\system32\lsass.exe
C:\Windows\system32\lsass.exe
1⤵
PID:656

C:\Windows\system32\winlogon.exe
winlogon.exe
1⤵
PID:600
- C:\Windows\system32\dwm.exe
  "dwm.exe"
  2⤵
  PID:312
- C:\Windows\system32\fontdrvhost.exe
  "fontdrvhost.exe"
  2⤵
  PID:788

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k DcomLaunch -p
1⤵
PID:772
- C:\Windows\system32\backgroundTaskHost.exe
  "C:\Windows\system32\backgroundTaskHost.exe" -ServerName:App.AppX53ypgrj20bgndg05hj3tc7z654myszwp.mca
  2⤵
  PID:3508
- C:\Windows\system32\SppExtComObj.exe
  C:\Windows\system32\SppExtComObj.exe -Embedding
  2⤵
  PID:1064
- C:\Windows\system32\wbem\wmiprvse.exe
  C:\Windows\system32\wbem\wmiprvse.exe
  2⤵
  PID:2280
- C:\Windows\System32\RuntimeBroker.exe
  C:\Windows\System32\RuntimeBroker.exe -Embedding
  2⤵
  PID:4620
- C:\Windows\system32\DllHost.exe
  C:\Windows\system32\DllHost.exe /Processid:{3EB3C877-1F16-487C-9050-104DBCD66683}
  2⤵
  PID:4376
- C:\Windows\System32\RuntimeBroker.exe
  C:\Windows\System32\RuntimeBroker.exe -Embedding
  2⤵
  PID:3640
- C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
  "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
  2⤵
  PID:3524
- C:\Windows\System32\RuntimeBroker.exe
  C:\Windows\System32\RuntimeBroker.exe -Embedding
  2⤵
  PID:3424
- C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
  "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
  2⤵
  PID:3360
- C:\Windows\system32\DllHost.exe
  C:\Windows\system32\DllHost.exe /Processid:{3EB3C877-1F16-487C-9050-104DBCD66683}
  2⤵
  PID:3268

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s NcbService
1⤵
PID:948

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork -p
1⤵
PID:1092

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted -p -s EventLog
1⤵
PID:1240

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k netsvcs -p -s UserManager
1⤵
PID:1288
- C:\Windows\system32\sihost.exe
  sihost.exe
  2⤵
  PID:2492

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k netsvcs -p -s ProfSvc
1⤵
PID:1188

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s AudioEndpointBuilder
1⤵
PID:1616

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k appmodel -p -s StateRepository
1⤵
PID:1892

C:\Windows\System32\spoolsv.exe
C:\Windows\System32\spoolsv.exe
1⤵
PID:1692

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetworkFirewall -p
1⤵
PID:1888

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted -p -s PolicyAgent
1⤵
PID:2348

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k UnistackSvcGroup -s CDPUserSvc
1⤵
PID:2504

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k LocalService -p -s LicenseManager
1⤵
PID:2324

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k netsvcs -p -s wlidsvc
1⤵
PID:8

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k netsvcs -p
1⤵
PID:1676

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -s W32Time
1⤵
PID:2996

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s CDPSvc
1⤵
PID:5076

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s StorSvc
1⤵
PID:4800

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted -p -s WinHttpAutoProxySvc
1⤵
PID:4728

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k ClipboardSvcGroup -p -s cbdhsvc
1⤵
PID:3080

C:\Windows\Explorer.EXE
C:\Windows\Explorer.EXE
1⤵
PID:2640
- C:\Users\Admin\AppData\Local\Temp\60e4c77e24a4c565756ad9d919a7b62398588dd960746d97e612fab02f940002.exe
  "C:\Users\Admin\AppData\Local\Temp\60e4c77e24a4c565756ad9d919a7b62398588dd960746d97e612fab02f940002.exe"
  2⤵
  - Modifies firewall policy service
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: MapViewOfSection
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:540

C:\Windows\system32\taskhostw.exe
taskhostw.exe {222A245B-E637-4AE9-A93F-A59CA119A75E}
1⤵
PID:2688

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k netsvcs -p -s WpnService
1⤵
PID:2668

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k netsvcs -p -s Winmgmt
1⤵
PID:2656

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s TrkWks
1⤵
PID:2648

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k netsvcs -p -s LanmanServer
1⤵
PID:2592

C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe
"C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe" /service
1⤵
PID:2564

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k NetworkService -p -s CryptSvc
1⤵
PID:2552

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k netsvcs -p -s IKEEXT
1⤵
PID:2340

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted -s RmSvc
1⤵
PID:2184

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k NetworkService -p -s LanmanWorkstation
1⤵
PID:2064

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k netsvcs -p -s ShellHWDetection
1⤵
PID:2020

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k NetworkService -p -s Dnscache
1⤵
PID:1956

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted -p
1⤵
PID:1948

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k LocalService -p -s netprofm
1⤵
PID:1856

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted -p
1⤵
PID:1768

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k NetworkService -p -s NlaSvc
1⤵
PID:1696

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s FontCache
1⤵
PID:1640

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k netsvcs -p -s SENS
1⤵
PID:1576

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted -p -s Dhcp
1⤵
PID:1460

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k netsvcs -p -s Themes
1⤵
PID:1376

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s DispBrokerDesktopSvc
1⤵
PID:1368

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s nsi
1⤵
PID:1356

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s EventSystem
1⤵
PID:1344

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k netsvcs -p -s Schedule
1⤵
PID:1112

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted -p -s TimeBrokerSvc
1⤵
PID:1036

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted -p -s lmhosts
1⤵
PID:608

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k netsvcs -p -s gpsvc
1⤵
PID:388

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k DcomLaunch -p -s LSM
1⤵
PID:952

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k RPCSS -p
1⤵
PID:904

C:\Windows\system32\fontdrvhost.exe
"fontdrvhost.exe"
1⤵
PID:780

Network

DNS

ilo.brenz.pl

60e4c77e24a4c565756ad9d919a7b62398588dd960746d97e612fab02f940002.exe

Remote address:

8.8.8.8:53

Request

ilo.brenz.pl

IN A

Response

ilo.brenz.pl

IN A

148.81.111.121
DNS

ant.trenz.pl

60e4c77e24a4c565756ad9d919a7b62398588dd960746d97e612fab02f940002.exe

Remote address:

8.8.8.8:53

Request

ant.trenz.pl

IN A

Response

ant.trenz.pl

IN A

148.81.111.121
DNS

14.110.152.52.in-addr.arpa

Dnscache

Remote address:

8.8.8.8:53

Request

14.110.152.52.in-addr.arpa

IN PTR

Response
DNS

zajyta.com

60e4c77e24a4c565756ad9d919a7b62398588dd960746d97e612fab02f940002.exe

Remote address:

8.8.8.8:53

Request

zajyta.com

IN A

Response
DNS

kgueiy.com

60e4c77e24a4c565756ad9d919a7b62398588dd960746d97e612fab02f940002.exe

Remote address:

8.8.8.8:53

Request

kgueiy.com

IN A

Response
DNS

iotpxd.com

60e4c77e24a4c565756ad9d919a7b62398588dd960746d97e612fab02f940002.exe

Remote address:

8.8.8.8:53

Request

iotpxd.com

IN A

Response
DNS

iqdoqf.com

60e4c77e24a4c565756ad9d919a7b62398588dd960746d97e612fab02f940002.exe

Remote address:

8.8.8.8:53

Request

iqdoqf.com

IN A

Response
DNS

ycmral.com

60e4c77e24a4c565756ad9d919a7b62398588dd960746d97e612fab02f940002.exe

Remote address:

8.8.8.8:53

Request

ycmral.com

IN A

Response
DNS

susduy.com

60e4c77e24a4c565756ad9d919a7b62398588dd960746d97e612fab02f940002.exe

Remote address:

8.8.8.8:53

Request

susduy.com

IN A

Response
DNS

apjypl.com

60e4c77e24a4c565756ad9d919a7b62398588dd960746d97e612fab02f940002.exe

Remote address:

8.8.8.8:53

Request

apjypl.com

IN A

Response
DNS

yzoayz.com

60e4c77e24a4c565756ad9d919a7b62398588dd960746d97e612fab02f940002.exe

Remote address:

8.8.8.8:53

Request

yzoayz.com

IN A

Response
DNS

pokqtq.com

60e4c77e24a4c565756ad9d919a7b62398588dd960746d97e612fab02f940002.exe

Remote address:

8.8.8.8:53

Request

pokqtq.com

IN A

Response
DNS

gydeuv.com

60e4c77e24a4c565756ad9d919a7b62398588dd960746d97e612fab02f940002.exe

Remote address:

8.8.8.8:53

Request

gydeuv.com

IN A

Response
DNS

yzebzy.com

60e4c77e24a4c565756ad9d919a7b62398588dd960746d97e612fab02f940002.exe

Remote address:

8.8.8.8:53

Request

yzebzy.com

IN A

Response
DNS

ynilbz.com

60e4c77e24a4c565756ad9d919a7b62398588dd960746d97e612fab02f940002.exe

Remote address:

8.8.8.8:53

Request

ynilbz.com

IN A

Response
DNS

vidzbs.com

60e4c77e24a4c565756ad9d919a7b62398588dd960746d97e612fab02f940002.exe

Remote address:

8.8.8.8:53

Request

vidzbs.com

IN A

Response
DNS

ezabku.com

60e4c77e24a4c565756ad9d919a7b62398588dd960746d97e612fab02f940002.exe

Remote address:

8.8.8.8:53

Request

ezabku.com

IN A

Response
DNS

njxbdo.com

60e4c77e24a4c565756ad9d919a7b62398588dd960746d97e612fab02f940002.exe

Remote address:

8.8.8.8:53

Request

njxbdo.com

IN A

Response
DNS

lpmgoa.com

60e4c77e24a4c565756ad9d919a7b62398588dd960746d97e612fab02f940002.exe

Remote address:

8.8.8.8:53

Request

lpmgoa.com

IN A

Response
DNS

eydqou.com

60e4c77e24a4c565756ad9d919a7b62398588dd960746d97e612fab02f940002.exe

Remote address:

8.8.8.8:53

Request

eydqou.com

IN A

Response
DNS

falhyl.com

60e4c77e24a4c565756ad9d919a7b62398588dd960746d97e612fab02f940002.exe

Remote address:

8.8.8.8:53

Request

falhyl.com

IN A

Response
DNS

mysyza.com

60e4c77e24a4c565756ad9d919a7b62398588dd960746d97e612fab02f940002.exe

Remote address:

8.8.8.8:53

Request

mysyza.com

IN A

Response
DNS

lntypl.com

60e4c77e24a4c565756ad9d919a7b62398588dd960746d97e612fab02f940002.exe

Remote address:

8.8.8.8:53

Request

lntypl.com

IN A

Response
DNS

sjfyjk.com

60e4c77e24a4c565756ad9d919a7b62398588dd960746d97e612fab02f940002.exe

Remote address:

8.8.8.8:53

Request

sjfyjk.com

IN A

Response
DNS

zeirma.com

60e4c77e24a4c565756ad9d919a7b62398588dd960746d97e612fab02f940002.exe

Remote address:

8.8.8.8:53

Request

zeirma.com

IN A

Response
DNS

fvzikq.com

60e4c77e24a4c565756ad9d919a7b62398588dd960746d97e612fab02f940002.exe

Remote address:

8.8.8.8:53

Request

fvzikq.com

IN A

Response
DNS

mkikjx.com

60e4c77e24a4c565756ad9d919a7b62398588dd960746d97e612fab02f940002.exe

Remote address:

8.8.8.8:53

Request

mkikjx.com

IN A

Response
DNS

ypayle.com

60e4c77e24a4c565756ad9d919a7b62398588dd960746d97e612fab02f940002.exe

Remote address:

8.8.8.8:53

Request

ypayle.com

IN A

Response
DNS

rayugj.com

60e4c77e24a4c565756ad9d919a7b62398588dd960746d97e612fab02f940002.exe

Remote address:

8.8.8.8:53

Request

rayugj.com

IN A

Response
DNS

rekeeq.com

60e4c77e24a4c565756ad9d919a7b62398588dd960746d97e612fab02f940002.exe

Remote address:

8.8.8.8:53

Request

rekeeq.com

IN A

Response

rekeeq.com

IN A

195.110.124.148
DNS

6.9.0.0.0.0.0.0.0.0.0.0.0.0.0.0.3.0.0.0.3.0.4.0.0.3.0.1.3.0.6.2.ip6.arpa

Dnscache

Remote address:

8.8.8.8:53

Request

6.9.0.0.0.0.0.0.0.0.0.0.0.0.0.0.3.0.0.0.3.0.4.0.0.3.0.1.3.0.6.2.ip6.arpa

IN PTR

Response
DNS

iybwde.com

60e4c77e24a4c565756ad9d919a7b62398588dd960746d97e612fab02f940002.exe

Remote address:

8.8.8.8:53

Request

iybwde.com

IN A

Response
DNS

neiewa.com

60e4c77e24a4c565756ad9d919a7b62398588dd960746d97e612fab02f940002.exe

Remote address:

8.8.8.8:53

Request

neiewa.com

IN A

Response
DNS

ymmmof.com

60e4c77e24a4c565756ad9d919a7b62398588dd960746d97e612fab02f940002.exe

Remote address:

8.8.8.8:53

Request

ymmmof.com

IN A

Response
DNS

uelesh.com

60e4c77e24a4c565756ad9d919a7b62398588dd960746d97e612fab02f940002.exe

Remote address:

8.8.8.8:53

Request

uelesh.com

IN A

Response
DNS

yoovvz.com

60e4c77e24a4c565756ad9d919a7b62398588dd960746d97e612fab02f940002.exe

Remote address:

8.8.8.8:53

Request

yoovvz.com

IN A

Response
DNS

oacpca.com

60e4c77e24a4c565756ad9d919a7b62398588dd960746d97e612fab02f940002.exe

Remote address:

8.8.8.8:53

Request

oacpca.com

IN A

Response
DNS

emchvc.com

60e4c77e24a4c565756ad9d919a7b62398588dd960746d97e612fab02f940002.exe

Remote address:

8.8.8.8:53

Request

emchvc.com

IN A

Response
DNS

fogixq.com

60e4c77e24a4c565756ad9d919a7b62398588dd960746d97e612fab02f940002.exe

Remote address:

8.8.8.8:53

Request

fogixq.com

IN A

Response
DNS

lopeeb.com

60e4c77e24a4c565756ad9d919a7b62398588dd960746d97e612fab02f940002.exe

Remote address:

8.8.8.8:53

Request

lopeeb.com

IN A

Response
DNS

inqfxp.com

60e4c77e24a4c565756ad9d919a7b62398588dd960746d97e612fab02f940002.exe

Remote address:

8.8.8.8:53

Request

inqfxp.com

IN A

Response
DNS

aqsoli.com

60e4c77e24a4c565756ad9d919a7b62398588dd960746d97e612fab02f940002.exe

Remote address:

8.8.8.8:53

Request

aqsoli.com

IN A

Response
DNS

tmailn.com

60e4c77e24a4c565756ad9d919a7b62398588dd960746d97e612fab02f940002.exe

Remote address:

8.8.8.8:53

Request

tmailn.com

IN A

Response
DNS

ukkdex.com

60e4c77e24a4c565756ad9d919a7b62398588dd960746d97e612fab02f940002.exe

Remote address:

8.8.8.8:53

Request

ukkdex.com

IN A

Response
DNS

iqhiew.com

60e4c77e24a4c565756ad9d919a7b62398588dd960746d97e612fab02f940002.exe

Remote address:

8.8.8.8:53

Request

iqhiew.com

IN A

Response
DNS

iqhiew.com

60e4c77e24a4c565756ad9d919a7b62398588dd960746d97e612fab02f940002.exe

Remote address:

8.8.8.8:53

Request

iqhiew.com

IN A

Response
DNS

ireiem.com

60e4c77e24a4c565756ad9d919a7b62398588dd960746d97e612fab02f940002.exe

Remote address:

8.8.8.8:53

Request

ireiem.com

IN A

Response
DNS

ireiem.com

60e4c77e24a4c565756ad9d919a7b62398588dd960746d97e612fab02f940002.exe

Remote address:

8.8.8.8:53

Request

ireiem.com

IN A

Response
DNS

wexrpa.com

60e4c77e24a4c565756ad9d919a7b62398588dd960746d97e612fab02f940002.exe

Remote address:

8.8.8.8:53

Request

wexrpa.com

IN A

Response
DNS

wexrpa.com

60e4c77e24a4c565756ad9d919a7b62398588dd960746d97e612fab02f940002.exe

Remote address:

8.8.8.8:53

Request

wexrpa.com

IN A

Response
DNS

oosrov.com

60e4c77e24a4c565756ad9d919a7b62398588dd960746d97e612fab02f940002.exe

Remote address:

8.8.8.8:53

Request

oosrov.com

IN A

Response
DNS

oosrov.com

60e4c77e24a4c565756ad9d919a7b62398588dd960746d97e612fab02f940002.exe

Remote address:

8.8.8.8:53

Request

oosrov.com

IN A

Response
DNS

onguhh.com

60e4c77e24a4c565756ad9d919a7b62398588dd960746d97e612fab02f940002.exe

Remote address:

8.8.8.8:53

Request

onguhh.com

IN A

Response
DNS

onguhh.com

60e4c77e24a4c565756ad9d919a7b62398588dd960746d97e612fab02f940002.exe

Remote address:

8.8.8.8:53

Request

onguhh.com

IN A

Response
DNS

tcmily.com

60e4c77e24a4c565756ad9d919a7b62398588dd960746d97e612fab02f940002.exe

Remote address:

8.8.8.8:53

Request

tcmily.com

IN A

Response
DNS

tcmily.com

60e4c77e24a4c565756ad9d919a7b62398588dd960746d97e612fab02f940002.exe

Remote address:

8.8.8.8:53

Request

tcmily.com

IN A

Response
DNS

luarxr.com

60e4c77e24a4c565756ad9d919a7b62398588dd960746d97e612fab02f940002.exe

Remote address:

8.8.8.8:53

Request

luarxr.com

IN A

Response
DNS

luarxr.com

60e4c77e24a4c565756ad9d919a7b62398588dd960746d97e612fab02f940002.exe

Remote address:

8.8.8.8:53

Request

luarxr.com

IN A

Response
DNS

apuous.com

60e4c77e24a4c565756ad9d919a7b62398588dd960746d97e612fab02f940002.exe

Remote address:

8.8.8.8:53

Request

apuous.com

IN A

Response
DNS

apuous.com

60e4c77e24a4c565756ad9d919a7b62398588dd960746d97e612fab02f940002.exe

Remote address:

8.8.8.8:53

Request

apuous.com

IN A

Response
DNS

oiroyh.com

60e4c77e24a4c565756ad9d919a7b62398588dd960746d97e612fab02f940002.exe

Remote address:

8.8.8.8:53

Request

oiroyh.com

IN A

Response
DNS

oiroyh.com

60e4c77e24a4c565756ad9d919a7b62398588dd960746d97e612fab02f940002.exe

Remote address:

8.8.8.8:53

Request

oiroyh.com

IN A

Response
DNS

zndzpy.com

60e4c77e24a4c565756ad9d919a7b62398588dd960746d97e612fab02f940002.exe

Remote address:

8.8.8.8:53

Request

zndzpy.com

IN A

Response
DNS

zndzpy.com

60e4c77e24a4c565756ad9d919a7b62398588dd960746d97e612fab02f940002.exe

Remote address:

8.8.8.8:53

Request

zndzpy.com

IN A

Response
DNS

bsyepp.com

60e4c77e24a4c565756ad9d919a7b62398588dd960746d97e612fab02f940002.exe

Remote address:

8.8.8.8:53

Request

bsyepp.com

IN A

Response
DNS

bsyepp.com

60e4c77e24a4c565756ad9d919a7b62398588dd960746d97e612fab02f940002.exe

Remote address:

8.8.8.8:53

Request

bsyepp.com

IN A

Response
DNS

bhjewj.com

60e4c77e24a4c565756ad9d919a7b62398588dd960746d97e612fab02f940002.exe

Remote address:

8.8.8.8:53

Request

bhjewj.com

IN A

Response
DNS

bhjewj.com

60e4c77e24a4c565756ad9d919a7b62398588dd960746d97e612fab02f940002.exe

Remote address:

8.8.8.8:53

Request

bhjewj.com

IN A

Response
DNS

elgxti.com

60e4c77e24a4c565756ad9d919a7b62398588dd960746d97e612fab02f940002.exe

Remote address:

8.8.8.8:53

Request

elgxti.com

IN A

Response
DNS

elgxti.com

60e4c77e24a4c565756ad9d919a7b62398588dd960746d97e612fab02f940002.exe

Remote address:

8.8.8.8:53

Request

elgxti.com

IN A

Response
DNS

fteluy.com

60e4c77e24a4c565756ad9d919a7b62398588dd960746d97e612fab02f940002.exe

Remote address:

8.8.8.8:53

Request

fteluy.com

IN A

Response
DNS

fteluy.com

60e4c77e24a4c565756ad9d919a7b62398588dd960746d97e612fab02f940002.exe

Remote address:

8.8.8.8:53

Request

fteluy.com

IN A

Response
DNS

yscsuq.com

60e4c77e24a4c565756ad9d919a7b62398588dd960746d97e612fab02f940002.exe

Remote address:

8.8.8.8:53

Request

yscsuq.com

IN A

Response
DNS

yscsuq.com

60e4c77e24a4c565756ad9d919a7b62398588dd960746d97e612fab02f940002.exe

Remote address:

8.8.8.8:53

Request

yscsuq.com

IN A

Response
DNS

agapnf.com

60e4c77e24a4c565756ad9d919a7b62398588dd960746d97e612fab02f940002.exe

Remote address:

8.8.8.8:53

Request

agapnf.com

IN A

Response
DNS

agapnf.com

60e4c77e24a4c565756ad9d919a7b62398588dd960746d97e612fab02f940002.exe

Remote address:

8.8.8.8:53

Request

agapnf.com

IN A

Response
DNS

ploneb.com

60e4c77e24a4c565756ad9d919a7b62398588dd960746d97e612fab02f940002.exe

Remote address:

8.8.8.8:53

Request

ploneb.com

IN A

Response
DNS

ploneb.com

60e4c77e24a4c565756ad9d919a7b62398588dd960746d97e612fab02f940002.exe

Remote address:

8.8.8.8:53

Request

ploneb.com

IN A

Response
DNS

uxaoqo.com

60e4c77e24a4c565756ad9d919a7b62398588dd960746d97e612fab02f940002.exe

Remote address:

8.8.8.8:53

Request

uxaoqo.com

IN A

Response
DNS

uxaoqo.com

60e4c77e24a4c565756ad9d919a7b62398588dd960746d97e612fab02f940002.exe

Remote address:

8.8.8.8:53

Request

uxaoqo.com

IN A

Response
DNS

vizfat.com

60e4c77e24a4c565756ad9d919a7b62398588dd960746d97e612fab02f940002.exe

Remote address:

8.8.8.8:53

Request

vizfat.com

IN A

Response
DNS

vizfat.com

60e4c77e24a4c565756ad9d919a7b62398588dd960746d97e612fab02f940002.exe

Remote address:

8.8.8.8:53

Request

vizfat.com

IN A

Response
DNS

fggcee.com

60e4c77e24a4c565756ad9d919a7b62398588dd960746d97e612fab02f940002.exe

Remote address:

8.8.8.8:53

Request

fggcee.com

IN A

Response
DNS

fggcee.com

60e4c77e24a4c565756ad9d919a7b62398588dd960746d97e612fab02f940002.exe

Remote address:

8.8.8.8:53

Request

fggcee.com

IN A

Response
DNS

igjjld.com

60e4c77e24a4c565756ad9d919a7b62398588dd960746d97e612fab02f940002.exe

Remote address:

8.8.8.8:53

Request

igjjld.com

IN A

Response
DNS

igjjld.com

60e4c77e24a4c565756ad9d919a7b62398588dd960746d97e612fab02f940002.exe

Remote address:

8.8.8.8:53

Request

igjjld.com

IN A

Response
DNS

hcxcmu.com

60e4c77e24a4c565756ad9d919a7b62398588dd960746d97e612fab02f940002.exe

Remote address:

8.8.8.8:53

Request

hcxcmu.com

IN A
DNS

hcxcmu.com

60e4c77e24a4c565756ad9d919a7b62398588dd960746d97e612fab02f940002.exe

Remote address:

8.8.8.8:53

Request

hcxcmu.com

IN A
DNS

hcxcmu.com

60e4c77e24a4c565756ad9d919a7b62398588dd960746d97e612fab02f940002.exe

Remote address:

8.8.8.8:53

Request

hcxcmu.com

IN A
DNS

hcxcmu.com

60e4c77e24a4c565756ad9d919a7b62398588dd960746d97e612fab02f940002.exe

Remote address:

8.8.8.8:53

Request

hcxcmu.com

IN A
DNS

hcxcmu.com

60e4c77e24a4c565756ad9d919a7b62398588dd960746d97e612fab02f940002.exe

Remote address:

8.8.8.8:53

Request

hcxcmu.com

IN A
DNS

cwxqlv.com

60e4c77e24a4c565756ad9d919a7b62398588dd960746d97e612fab02f940002.exe

Remote address:

8.8.8.8:53

Request

cwxqlv.com

IN A

Response
DNS

cwxqlv.com

60e4c77e24a4c565756ad9d919a7b62398588dd960746d97e612fab02f940002.exe

Remote address:

8.8.8.8:53

Request

cwxqlv.com

IN A

Response
DNS

nbodvl.com

60e4c77e24a4c565756ad9d919a7b62398588dd960746d97e612fab02f940002.exe

Remote address:

8.8.8.8:53

Request

nbodvl.com

IN A

Response
DNS

nbodvl.com

60e4c77e24a4c565756ad9d919a7b62398588dd960746d97e612fab02f940002.exe

Remote address:

8.8.8.8:53

Request

nbodvl.com

IN A

Response
DNS

pofyfm.com

60e4c77e24a4c565756ad9d919a7b62398588dd960746d97e612fab02f940002.exe

Remote address:

8.8.8.8:53

Request

pofyfm.com

IN A

Response
DNS

pofyfm.com

60e4c77e24a4c565756ad9d919a7b62398588dd960746d97e612fab02f940002.exe

Remote address:

8.8.8.8:53

Request

pofyfm.com

IN A

Response
DNS

grqiab.com

60e4c77e24a4c565756ad9d919a7b62398588dd960746d97e612fab02f940002.exe

Remote address:

8.8.8.8:53

Request

grqiab.com

IN A

Response
DNS

grqiab.com

60e4c77e24a4c565756ad9d919a7b62398588dd960746d97e612fab02f940002.exe

Remote address:

8.8.8.8:53

Request

grqiab.com

IN A

Response
DNS

aeoeoa.com

60e4c77e24a4c565756ad9d919a7b62398588dd960746d97e612fab02f940002.exe

Remote address:

8.8.8.8:53

Request

aeoeoa.com

IN A

Response
DNS

aeoeoa.com

60e4c77e24a4c565756ad9d919a7b62398588dd960746d97e612fab02f940002.exe

Remote address:

8.8.8.8:53

Request

aeoeoa.com

IN A

Response
DNS

ujhfgn.com

60e4c77e24a4c565756ad9d919a7b62398588dd960746d97e612fab02f940002.exe

Remote address:

8.8.8.8:53

Request

ujhfgn.com

IN A

Response
DNS

ujhfgn.com

60e4c77e24a4c565756ad9d919a7b62398588dd960746d97e612fab02f940002.exe

Remote address:

8.8.8.8:53

Request

ujhfgn.com

IN A

Response
DNS

hfuwqh.com

60e4c77e24a4c565756ad9d919a7b62398588dd960746d97e612fab02f940002.exe

Remote address:

8.8.8.8:53

Request

hfuwqh.com

IN A

Response
DNS

hfuwqh.com

60e4c77e24a4c565756ad9d919a7b62398588dd960746d97e612fab02f940002.exe

Remote address:

8.8.8.8:53

Request

hfuwqh.com

IN A

Response
DNS

ocvapu.com

60e4c77e24a4c565756ad9d919a7b62398588dd960746d97e612fab02f940002.exe

Remote address:

8.8.8.8:53

Request

ocvapu.com

IN A

Response
DNS

ocvapu.com

60e4c77e24a4c565756ad9d919a7b62398588dd960746d97e612fab02f940002.exe

Remote address:

8.8.8.8:53

Request

ocvapu.com

IN A

Response
DNS

epzeeo.com

60e4c77e24a4c565756ad9d919a7b62398588dd960746d97e612fab02f940002.exe

Remote address:

8.8.8.8:53

Request

epzeeo.com

IN A

Response
DNS

epzeeo.com

60e4c77e24a4c565756ad9d919a7b62398588dd960746d97e612fab02f940002.exe

Remote address:

8.8.8.8:53

Request

epzeeo.com

IN A

Response
DNS

cnmbqt.com

60e4c77e24a4c565756ad9d919a7b62398588dd960746d97e612fab02f940002.exe

Remote address:

8.8.8.8:53

Request

cnmbqt.com

IN A

Response
DNS

cnmbqt.com

60e4c77e24a4c565756ad9d919a7b62398588dd960746d97e612fab02f940002.exe

Remote address:

8.8.8.8:53

Request

cnmbqt.com

IN A

Response
DNS

ejrhqa.com

60e4c77e24a4c565756ad9d919a7b62398588dd960746d97e612fab02f940002.exe

Remote address:

8.8.8.8:53

Request

ejrhqa.com

IN A

Response
DNS

ejrhqa.com

60e4c77e24a4c565756ad9d919a7b62398588dd960746d97e612fab02f940002.exe

Remote address:

8.8.8.8:53

Request

ejrhqa.com

IN A

Response
DNS

kbivqg.com

60e4c77e24a4c565756ad9d919a7b62398588dd960746d97e612fab02f940002.exe

Remote address:

8.8.8.8:53

Request

kbivqg.com

IN A

Response
DNS

kbivqg.com

60e4c77e24a4c565756ad9d919a7b62398588dd960746d97e612fab02f940002.exe

Remote address:

8.8.8.8:53

Request

kbivqg.com

IN A

Response
DNS

fvnefy.com

60e4c77e24a4c565756ad9d919a7b62398588dd960746d97e612fab02f940002.exe

Remote address:

8.8.8.8:53

Request

fvnefy.com

IN A

Response
DNS

fvnefy.com

60e4c77e24a4c565756ad9d919a7b62398588dd960746d97e612fab02f940002.exe

Remote address:

8.8.8.8:53

Request

fvnefy.com

IN A

Response
DNS

qxvsju.com

60e4c77e24a4c565756ad9d919a7b62398588dd960746d97e612fab02f940002.exe

Remote address:

8.8.8.8:53

Request

qxvsju.com

IN A

Response
DNS

qxvsju.com

60e4c77e24a4c565756ad9d919a7b62398588dd960746d97e612fab02f940002.exe

Remote address:

8.8.8.8:53

Request

qxvsju.com

IN A

Response
DNS

yiaewq.com

60e4c77e24a4c565756ad9d919a7b62398588dd960746d97e612fab02f940002.exe

Remote address:

8.8.8.8:53

Request

yiaewq.com

IN A

Response
DNS

yiaewq.com

60e4c77e24a4c565756ad9d919a7b62398588dd960746d97e612fab02f940002.exe

Remote address:

8.8.8.8:53

Request

yiaewq.com

IN A

Response
DNS

iwoiuy.com

60e4c77e24a4c565756ad9d919a7b62398588dd960746d97e612fab02f940002.exe

Remote address:

8.8.8.8:53

Request

iwoiuy.com

IN A

Response
DNS

iwoiuy.com

60e4c77e24a4c565756ad9d919a7b62398588dd960746d97e612fab02f940002.exe

Remote address:

8.8.8.8:53

Request

iwoiuy.com

IN A

Response
DNS

xiloia.com

60e4c77e24a4c565756ad9d919a7b62398588dd960746d97e612fab02f940002.exe

Remote address:

8.8.8.8:53

Request

xiloia.com

IN A

Response
DNS

xiloia.com

60e4c77e24a4c565756ad9d919a7b62398588dd960746d97e612fab02f940002.exe

Remote address:

8.8.8.8:53

Request

xiloia.com

IN A

Response
DNS

qetyxa.com

60e4c77e24a4c565756ad9d919a7b62398588dd960746d97e612fab02f940002.exe

Remote address:

8.8.8.8:53

Request

qetyxa.com

IN A

Response
DNS

qetyxa.com

60e4c77e24a4c565756ad9d919a7b62398588dd960746d97e612fab02f940002.exe

Remote address:

8.8.8.8:53

Request

qetyxa.com

IN A

Response
DNS

qyegpc.com

60e4c77e24a4c565756ad9d919a7b62398588dd960746d97e612fab02f940002.exe

Remote address:

8.8.8.8:53

Request

qyegpc.com

IN A

Response
DNS

qyegpc.com

60e4c77e24a4c565756ad9d919a7b62398588dd960746d97e612fab02f940002.exe

Remote address:

8.8.8.8:53

Request

qyegpc.com

IN A

Response
DNS

debwim.com

60e4c77e24a4c565756ad9d919a7b62398588dd960746d97e612fab02f940002.exe

Remote address:

8.8.8.8:53

Request

debwim.com

IN A

Response
DNS

debwim.com

60e4c77e24a4c565756ad9d919a7b62398588dd960746d97e612fab02f940002.exe

Remote address:

8.8.8.8:53

Request

debwim.com

IN A

Response
DNS

etyofq.com

60e4c77e24a4c565756ad9d919a7b62398588dd960746d97e612fab02f940002.exe

Remote address:

8.8.8.8:53

Request

etyofq.com

IN A

Response
DNS

etyofq.com

60e4c77e24a4c565756ad9d919a7b62398588dd960746d97e612fab02f940002.exe

Remote address:

8.8.8.8:53

Request

etyofq.com

IN A

Response
DNS

rvlqve.com

60e4c77e24a4c565756ad9d919a7b62398588dd960746d97e612fab02f940002.exe

Remote address:

8.8.8.8:53

Request

rvlqve.com

IN A

Response
DNS

rvlqve.com

60e4c77e24a4c565756ad9d919a7b62398588dd960746d97e612fab02f940002.exe

Remote address:

8.8.8.8:53

Request

rvlqve.com

IN A

Response
DNS

xkpczv.com

60e4c77e24a4c565756ad9d919a7b62398588dd960746d97e612fab02f940002.exe

Remote address:

8.8.8.8:53

Request

xkpczv.com

IN A

Response
DNS

xkpczv.com

60e4c77e24a4c565756ad9d919a7b62398588dd960746d97e612fab02f940002.exe

Remote address:

8.8.8.8:53

Request

xkpczv.com

IN A

Response
DNS

pytjcg.com

60e4c77e24a4c565756ad9d919a7b62398588dd960746d97e612fab02f940002.exe

Remote address:

8.8.8.8:53

Request

pytjcg.com

IN A

Response
DNS

pytjcg.com

60e4c77e24a4c565756ad9d919a7b62398588dd960746d97e612fab02f940002.exe

Remote address:

8.8.8.8:53

Request

pytjcg.com

IN A

Response
DNS

xeixol.com

60e4c77e24a4c565756ad9d919a7b62398588dd960746d97e612fab02f940002.exe

Remote address:

8.8.8.8:53

Request

xeixol.com

IN A

Response
DNS

xeixol.com

60e4c77e24a4c565756ad9d919a7b62398588dd960746d97e612fab02f940002.exe

Remote address:

8.8.8.8:53

Request

xeixol.com

IN A

Response
DNS

xkeyhz.com

60e4c77e24a4c565756ad9d919a7b62398588dd960746d97e612fab02f940002.exe

Remote address:

8.8.8.8:53

Request

xkeyhz.com

IN A

Response
DNS

xkeyhz.com

60e4c77e24a4c565756ad9d919a7b62398588dd960746d97e612fab02f940002.exe

Remote address:

8.8.8.8:53

Request

xkeyhz.com

IN A

Response
DNS

xuuxua.com

60e4c77e24a4c565756ad9d919a7b62398588dd960746d97e612fab02f940002.exe

Remote address:

8.8.8.8:53

Request

xuuxua.com

IN A

Response
DNS

xuuxua.com

60e4c77e24a4c565756ad9d919a7b62398588dd960746d97e612fab02f940002.exe

Remote address:

8.8.8.8:53

Request

xuuxua.com

IN A

Response
DNS

lfgiid.com

60e4c77e24a4c565756ad9d919a7b62398588dd960746d97e612fab02f940002.exe

Remote address:

8.8.8.8:53

Request

lfgiid.com

IN A

Response
DNS

lfgiid.com

60e4c77e24a4c565756ad9d919a7b62398588dd960746d97e612fab02f940002.exe

Remote address:

8.8.8.8:53

Request

lfgiid.com

IN A

Response
DNS

zjziuh.com

60e4c77e24a4c565756ad9d919a7b62398588dd960746d97e612fab02f940002.exe

Remote address:

8.8.8.8:53

Request

zjziuh.com

IN A
DNS

zjziuh.com

60e4c77e24a4c565756ad9d919a7b62398588dd960746d97e612fab02f940002.exe

Remote address:

8.8.8.8:53

Request

zjziuh.com

IN A
DNS

zjziuh.com

60e4c77e24a4c565756ad9d919a7b62398588dd960746d97e612fab02f940002.exe

Remote address:

8.8.8.8:53

Request

zjziuh.com

IN A
DNS

zjziuh.com

60e4c77e24a4c565756ad9d919a7b62398588dd960746d97e612fab02f940002.exe

Remote address:

8.8.8.8:53

Request

zjziuh.com

IN A
DNS

zjziuh.com

60e4c77e24a4c565756ad9d919a7b62398588dd960746d97e612fab02f940002.exe

Remote address:

8.8.8.8:53

Request

zjziuh.com

IN A
DNS

eynecu.com

60e4c77e24a4c565756ad9d919a7b62398588dd960746d97e612fab02f940002.exe

Remote address:

8.8.8.8:53

Request

eynecu.com

IN A

Response
DNS

eynecu.com

60e4c77e24a4c565756ad9d919a7b62398588dd960746d97e612fab02f940002.exe

Remote address:

8.8.8.8:53

Request

eynecu.com

IN A

Response
DNS

umbooj.com

60e4c77e24a4c565756ad9d919a7b62398588dd960746d97e612fab02f940002.exe

Remote address:

8.8.8.8:53

Request

umbooj.com

IN A

Response
DNS

umbooj.com

60e4c77e24a4c565756ad9d919a7b62398588dd960746d97e612fab02f940002.exe

Remote address:

8.8.8.8:53

Request

umbooj.com

IN A

Response
DNS

jsdrnc.com

60e4c77e24a4c565756ad9d919a7b62398588dd960746d97e612fab02f940002.exe

Remote address:

8.8.8.8:53

Request

jsdrnc.com

IN A

Response
DNS

jsdrnc.com

60e4c77e24a4c565756ad9d919a7b62398588dd960746d97e612fab02f940002.exe

Remote address:

8.8.8.8:53

Request

jsdrnc.com

IN A

Response
DNS

eaynoi.com

60e4c77e24a4c565756ad9d919a7b62398588dd960746d97e612fab02f940002.exe

Remote address:

8.8.8.8:53

Request

eaynoi.com

IN A

Response
DNS

eaynoi.com

60e4c77e24a4c565756ad9d919a7b62398588dd960746d97e612fab02f940002.exe

Remote address:

8.8.8.8:53

Request

eaynoi.com

IN A

Response
DNS

zyubhb.com

60e4c77e24a4c565756ad9d919a7b62398588dd960746d97e612fab02f940002.exe

Remote address:

8.8.8.8:53

Request

zyubhb.com

IN A

Response
DNS

zyubhb.com

60e4c77e24a4c565756ad9d919a7b62398588dd960746d97e612fab02f940002.exe

Remote address:

8.8.8.8:53

Request

zyubhb.com

IN A

Response
DNS

suueii.com

60e4c77e24a4c565756ad9d919a7b62398588dd960746d97e612fab02f940002.exe

Remote address:

8.8.8.8:53

Request

suueii.com

IN A

Response
DNS

suueii.com

60e4c77e24a4c565756ad9d919a7b62398588dd960746d97e612fab02f940002.exe

Remote address:

8.8.8.8:53

Request

suueii.com

IN A

Response
DNS

yavkla.com

60e4c77e24a4c565756ad9d919a7b62398588dd960746d97e612fab02f940002.exe

Remote address:

8.8.8.8:53

Request

yavkla.com

IN A

Response
DNS

yavkla.com

60e4c77e24a4c565756ad9d919a7b62398588dd960746d97e612fab02f940002.exe

Remote address:

8.8.8.8:53

Request

yavkla.com

IN A

Response
DNS

pzekqe.com

60e4c77e24a4c565756ad9d919a7b62398588dd960746d97e612fab02f940002.exe

Remote address:

8.8.8.8:53

Request

pzekqe.com

IN A

Response
DNS

pzekqe.com

60e4c77e24a4c565756ad9d919a7b62398588dd960746d97e612fab02f940002.exe

Remote address:

8.8.8.8:53

Request

pzekqe.com

IN A

Response
DNS

waeygo.com

60e4c77e24a4c565756ad9d919a7b62398588dd960746d97e612fab02f940002.exe

Remote address:

8.8.8.8:53

Request

waeygo.com

IN A

Response
DNS

waeygo.com

60e4c77e24a4c565756ad9d919a7b62398588dd960746d97e612fab02f940002.exe

Remote address:

8.8.8.8:53

Request

waeygo.com

IN A

Response
DNS

ilo.brenz.pl

60e4c77e24a4c565756ad9d919a7b62398588dd960746d97e612fab02f940002.exe

Remote address:

8.8.8.8:53

Request

ilo.brenz.pl

IN A

Response

ilo.brenz.pl

IN A

148.81.111.121
DNS

ilo.brenz.pl

60e4c77e24a4c565756ad9d919a7b62398588dd960746d97e612fab02f940002.exe

Remote address:

8.8.8.8:53

Request

ilo.brenz.pl

IN A

Response

ilo.brenz.pl

IN A

148.81.111.121

93.184.220.29:80

wlidsvc

322 B
7
95.101.78.106:80

wlidsvc

322 B
7
148.81.111.121:80

ilo.brenz.pl

60e4c77e24a4c565756ad9d919a7b62398588dd960746d97e612fab02f940002.exe

260 B
200 B
5
5
20.44.10.122:443

OfficeClickToRun.exe

322 B
7
104.110.191.133:80

CryptSvc

322 B
7
104.110.191.133:80

CryptSvc

322 B
7
148.81.111.121:80

ant.trenz.pl

60e4c77e24a4c565756ad9d919a7b62398588dd960746d97e612fab02f940002.exe

260 B
5
104.110.191.133:80

CryptSvc

322 B
7
195.110.124.148:443

rekeeq.com

60e4c77e24a4c565756ad9d919a7b62398588dd960746d97e612fab02f940002.exe

260 B
5
83.133.119.197:80

60e4c77e24a4c565756ad9d919a7b62398588dd960746d97e612fab02f940002.exe

260 B
5
148.81.111.121:80

ilo.brenz.pl

60e4c77e24a4c565756ad9d919a7b62398588dd960746d97e612fab02f940002.exe

208 B
4

8.8.8.8:53

ilo.brenz.pl

dns

60e4c77e24a4c565756ad9d919a7b62398588dd960746d97e612fab02f940002.exe

58 B
74 B
1
1

DNS Request

ilo.brenz.pl

DNS Response

148.81.111.121
8.8.8.8:53

ant.trenz.pl

dns

60e4c77e24a4c565756ad9d919a7b62398588dd960746d97e612fab02f940002.exe

58 B
74 B
1
1

DNS Request

ant.trenz.pl

DNS Response

148.81.111.121
8.8.8.8:53

14.110.152.52.in-addr.arpa

dns

Dnscache

72 B
146 B
1
1

DNS Request

14.110.152.52.in-addr.arpa
8.8.8.8:53

zajyta.com

dns

60e4c77e24a4c565756ad9d919a7b62398588dd960746d97e612fab02f940002.exe

56 B
129 B
1
1

DNS Request

zajyta.com
8.8.8.8:53

kgueiy.com

dns

60e4c77e24a4c565756ad9d919a7b62398588dd960746d97e612fab02f940002.exe

56 B
129 B
1
1

DNS Request

kgueiy.com
8.8.8.8:53

iotpxd.com

dns

60e4c77e24a4c565756ad9d919a7b62398588dd960746d97e612fab02f940002.exe

56 B
129 B
1
1

DNS Request

iotpxd.com
8.8.8.8:53

iqdoqf.com

dns

60e4c77e24a4c565756ad9d919a7b62398588dd960746d97e612fab02f940002.exe

56 B
129 B
1
1

DNS Request

iqdoqf.com
8.8.8.8:53

ycmral.com

dns

60e4c77e24a4c565756ad9d919a7b62398588dd960746d97e612fab02f940002.exe

56 B
129 B
1
1

DNS Request

ycmral.com
8.8.8.8:53

susduy.com

dns

60e4c77e24a4c565756ad9d919a7b62398588dd960746d97e612fab02f940002.exe

56 B
129 B
1
1

DNS Request

susduy.com
8.8.8.8:53

apjypl.com

dns

60e4c77e24a4c565756ad9d919a7b62398588dd960746d97e612fab02f940002.exe

56 B
129 B
1
1

DNS Request

apjypl.com
8.8.8.8:53

yzoayz.com

dns

60e4c77e24a4c565756ad9d919a7b62398588dd960746d97e612fab02f940002.exe

56 B
129 B
1
1

DNS Request

yzoayz.com
8.8.8.8:53

pokqtq.com

dns

60e4c77e24a4c565756ad9d919a7b62398588dd960746d97e612fab02f940002.exe

56 B
129 B
1
1

DNS Request

pokqtq.com
8.8.8.8:53

gydeuv.com

dns

60e4c77e24a4c565756ad9d919a7b62398588dd960746d97e612fab02f940002.exe

56 B
129 B
1
1

DNS Request

gydeuv.com
8.8.8.8:53

yzebzy.com

dns

60e4c77e24a4c565756ad9d919a7b62398588dd960746d97e612fab02f940002.exe

56 B
129 B
1
1

DNS Request

yzebzy.com
8.8.8.8:53

ynilbz.com

dns

60e4c77e24a4c565756ad9d919a7b62398588dd960746d97e612fab02f940002.exe

56 B
129 B
1
1

DNS Request

ynilbz.com
8.8.8.8:53

vidzbs.com

dns

60e4c77e24a4c565756ad9d919a7b62398588dd960746d97e612fab02f940002.exe

56 B
129 B
1
1

DNS Request

vidzbs.com
8.8.8.8:53

ezabku.com

dns

60e4c77e24a4c565756ad9d919a7b62398588dd960746d97e612fab02f940002.exe

56 B
129 B
1
1

DNS Request

ezabku.com
8.8.8.8:53

njxbdo.com

dns

60e4c77e24a4c565756ad9d919a7b62398588dd960746d97e612fab02f940002.exe

56 B
129 B
1
1

DNS Request

njxbdo.com
8.8.8.8:53

lpmgoa.com

dns

60e4c77e24a4c565756ad9d919a7b62398588dd960746d97e612fab02f940002.exe

56 B
129 B
1
1

DNS Request

lpmgoa.com
8.8.8.8:53

eydqou.com

dns

60e4c77e24a4c565756ad9d919a7b62398588dd960746d97e612fab02f940002.exe

56 B
129 B
1
1

DNS Request

eydqou.com
8.8.8.8:53

falhyl.com

dns

60e4c77e24a4c565756ad9d919a7b62398588dd960746d97e612fab02f940002.exe

56 B
129 B
1
1

DNS Request

falhyl.com
8.8.8.8:53

mysyza.com

dns

60e4c77e24a4c565756ad9d919a7b62398588dd960746d97e612fab02f940002.exe

56 B
129 B
1
1

DNS Request

mysyza.com
8.8.8.8:53

lntypl.com

dns

60e4c77e24a4c565756ad9d919a7b62398588dd960746d97e612fab02f940002.exe

56 B
129 B
1
1

DNS Request

lntypl.com
8.8.8.8:53

sjfyjk.com

dns

60e4c77e24a4c565756ad9d919a7b62398588dd960746d97e612fab02f940002.exe

56 B
129 B
1
1

DNS Request

sjfyjk.com
8.8.8.8:53

zeirma.com

dns

60e4c77e24a4c565756ad9d919a7b62398588dd960746d97e612fab02f940002.exe

56 B
129 B
1
1

DNS Request

zeirma.com
8.8.8.8:53

fvzikq.com

dns

60e4c77e24a4c565756ad9d919a7b62398588dd960746d97e612fab02f940002.exe

56 B
129 B
1
1

DNS Request

fvzikq.com
8.8.8.8:53

mkikjx.com

dns

60e4c77e24a4c565756ad9d919a7b62398588dd960746d97e612fab02f940002.exe

56 B
129 B
1
1

DNS Request

mkikjx.com
8.8.8.8:53

ypayle.com

dns

60e4c77e24a4c565756ad9d919a7b62398588dd960746d97e612fab02f940002.exe

56 B
129 B
1
1

DNS Request

ypayle.com
8.8.8.8:53

rayugj.com

dns

60e4c77e24a4c565756ad9d919a7b62398588dd960746d97e612fab02f940002.exe

56 B
129 B
1
1

DNS Request

rayugj.com
8.8.8.8:53

rekeeq.com

dns

60e4c77e24a4c565756ad9d919a7b62398588dd960746d97e612fab02f940002.exe

56 B
72 B
1
1

DNS Request

rekeeq.com

DNS Response

195.110.124.148
8.8.8.8:53

6.9.0.0.0.0.0.0.0.0.0.0.0.0.0.0.3.0.0.0.3.0.4.0.0.3.0.1.3.0.6.2.ip6.arpa

dns

Dnscache

118 B
204 B
1
1

DNS Request

6.9.0.0.0.0.0.0.0.0.0.0.0.0.0.0.3.0.0.0.3.0.4.0.0.3.0.1.3.0.6.2.ip6.arpa
8.8.8.8:53

iybwde.com

dns

60e4c77e24a4c565756ad9d919a7b62398588dd960746d97e612fab02f940002.exe

56 B
129 B
1
1

DNS Request

iybwde.com
8.8.8.8:53

neiewa.com

dns

60e4c77e24a4c565756ad9d919a7b62398588dd960746d97e612fab02f940002.exe

56 B
129 B
1
1

DNS Request

neiewa.com
8.8.8.8:53

ymmmof.com

dns

60e4c77e24a4c565756ad9d919a7b62398588dd960746d97e612fab02f940002.exe

56 B
129 B
1
1

DNS Request

ymmmof.com
8.8.8.8:53

uelesh.com

dns

60e4c77e24a4c565756ad9d919a7b62398588dd960746d97e612fab02f940002.exe

56 B
129 B
1
1

DNS Request

uelesh.com
8.8.8.8:53

yoovvz.com

dns

60e4c77e24a4c565756ad9d919a7b62398588dd960746d97e612fab02f940002.exe

56 B
129 B
1
1

DNS Request

yoovvz.com
8.8.8.8:53

oacpca.com

dns

60e4c77e24a4c565756ad9d919a7b62398588dd960746d97e612fab02f940002.exe

56 B
129 B
1
1

DNS Request

oacpca.com
8.8.8.8:53

emchvc.com

dns

60e4c77e24a4c565756ad9d919a7b62398588dd960746d97e612fab02f940002.exe

56 B
129 B
1
1

DNS Request

emchvc.com
8.8.8.8:53

fogixq.com

dns

60e4c77e24a4c565756ad9d919a7b62398588dd960746d97e612fab02f940002.exe

56 B
129 B
1
1

DNS Request

fogixq.com
8.8.8.8:53

lopeeb.com

dns

60e4c77e24a4c565756ad9d919a7b62398588dd960746d97e612fab02f940002.exe

56 B
129 B
1
1

DNS Request

lopeeb.com
8.8.8.8:53

inqfxp.com

dns

60e4c77e24a4c565756ad9d919a7b62398588dd960746d97e612fab02f940002.exe

56 B
129 B
1
1

DNS Request

inqfxp.com
8.8.8.8:53

aqsoli.com

dns

60e4c77e24a4c565756ad9d919a7b62398588dd960746d97e612fab02f940002.exe

56 B
129 B
1
1

DNS Request

aqsoli.com
8.8.8.8:53

tmailn.com

dns

60e4c77e24a4c565756ad9d919a7b62398588dd960746d97e612fab02f940002.exe

56 B
129 B
1
1

DNS Request

tmailn.com
8.8.8.8:53

ukkdex.com

dns

60e4c77e24a4c565756ad9d919a7b62398588dd960746d97e612fab02f940002.exe

56 B
129 B
1
1

DNS Request

ukkdex.com
8.8.8.8:53

iqhiew.com

dns

60e4c77e24a4c565756ad9d919a7b62398588dd960746d97e612fab02f940002.exe

112 B
258 B
2
2

DNS Request

iqhiew.com

DNS Request

iqhiew.com
8.8.8.8:53

ireiem.com

dns

60e4c77e24a4c565756ad9d919a7b62398588dd960746d97e612fab02f940002.exe

112 B
258 B
2
2

DNS Request

ireiem.com

DNS Request

ireiem.com
8.8.8.8:53

wexrpa.com

dns

60e4c77e24a4c565756ad9d919a7b62398588dd960746d97e612fab02f940002.exe

112 B
258 B
2
2

DNS Request

wexrpa.com

DNS Request

wexrpa.com
8.8.8.8:53

oosrov.com

dns

60e4c77e24a4c565756ad9d919a7b62398588dd960746d97e612fab02f940002.exe

112 B
258 B
2
2

DNS Request

oosrov.com

DNS Request

oosrov.com
8.8.8.8:53

onguhh.com

dns

60e4c77e24a4c565756ad9d919a7b62398588dd960746d97e612fab02f940002.exe

112 B
258 B
2
2

DNS Request

onguhh.com

DNS Request

onguhh.com
8.8.8.8:53

tcmily.com

dns

60e4c77e24a4c565756ad9d919a7b62398588dd960746d97e612fab02f940002.exe

112 B
258 B
2
2

DNS Request

tcmily.com

DNS Request

tcmily.com
8.8.8.8:53

luarxr.com

dns

60e4c77e24a4c565756ad9d919a7b62398588dd960746d97e612fab02f940002.exe

112 B
258 B
2
2

DNS Request

luarxr.com

DNS Request

luarxr.com
8.8.8.8:53

apuous.com

dns

60e4c77e24a4c565756ad9d919a7b62398588dd960746d97e612fab02f940002.exe

112 B
258 B
2
2

DNS Request

apuous.com

DNS Request

apuous.com
8.8.8.8:53

oiroyh.com

dns

60e4c77e24a4c565756ad9d919a7b62398588dd960746d97e612fab02f940002.exe

112 B
258 B
2
2

DNS Request

oiroyh.com

DNS Request

oiroyh.com
8.8.8.8:53

zndzpy.com

dns

60e4c77e24a4c565756ad9d919a7b62398588dd960746d97e612fab02f940002.exe

112 B
258 B
2
2

DNS Request

zndzpy.com

DNS Request

zndzpy.com
8.8.8.8:53

bsyepp.com

dns

60e4c77e24a4c565756ad9d919a7b62398588dd960746d97e612fab02f940002.exe

112 B
258 B
2
2

DNS Request

bsyepp.com

DNS Request

bsyepp.com
8.8.8.8:53

bhjewj.com

dns

60e4c77e24a4c565756ad9d919a7b62398588dd960746d97e612fab02f940002.exe

112 B
258 B
2
2

DNS Request

bhjewj.com

DNS Request

bhjewj.com
8.8.8.8:53

elgxti.com

dns

60e4c77e24a4c565756ad9d919a7b62398588dd960746d97e612fab02f940002.exe

112 B
258 B
2
2

DNS Request

elgxti.com

DNS Request

elgxti.com
8.8.8.8:53

fteluy.com

dns

60e4c77e24a4c565756ad9d919a7b62398588dd960746d97e612fab02f940002.exe

112 B
258 B
2
2

DNS Request

fteluy.com

DNS Request

fteluy.com
8.8.8.8:53

yscsuq.com

dns

60e4c77e24a4c565756ad9d919a7b62398588dd960746d97e612fab02f940002.exe

112 B
258 B
2
2

DNS Request

yscsuq.com

DNS Request

yscsuq.com
8.8.8.8:53

agapnf.com

dns

60e4c77e24a4c565756ad9d919a7b62398588dd960746d97e612fab02f940002.exe

112 B
258 B
2
2

DNS Request

agapnf.com

DNS Request

agapnf.com
8.8.8.8:53

ploneb.com

dns

60e4c77e24a4c565756ad9d919a7b62398588dd960746d97e612fab02f940002.exe

112 B
258 B
2
2

DNS Request

ploneb.com

DNS Request

ploneb.com
8.8.8.8:53

uxaoqo.com

dns

60e4c77e24a4c565756ad9d919a7b62398588dd960746d97e612fab02f940002.exe

112 B
258 B
2
2

DNS Request

uxaoqo.com

DNS Request

uxaoqo.com
8.8.8.8:53

vizfat.com

dns

60e4c77e24a4c565756ad9d919a7b62398588dd960746d97e612fab02f940002.exe

112 B
258 B
2
2

DNS Request

vizfat.com

DNS Request

vizfat.com
8.8.8.8:53

fggcee.com

dns

60e4c77e24a4c565756ad9d919a7b62398588dd960746d97e612fab02f940002.exe

112 B
258 B
2
2

DNS Request

fggcee.com

DNS Request

fggcee.com
8.8.8.8:53

igjjld.com

dns

60e4c77e24a4c565756ad9d919a7b62398588dd960746d97e612fab02f940002.exe

112 B
258 B
2
2

DNS Request

igjjld.com

DNS Request

igjjld.com
8.8.8.8:53

hcxcmu.com

dns

60e4c77e24a4c565756ad9d919a7b62398588dd960746d97e612fab02f940002.exe

280 B
5

DNS Request

hcxcmu.com

DNS Request

hcxcmu.com

DNS Request

hcxcmu.com

DNS Request

hcxcmu.com

DNS Request

hcxcmu.com
8.8.8.8:53

cwxqlv.com

dns

60e4c77e24a4c565756ad9d919a7b62398588dd960746d97e612fab02f940002.exe

112 B
258 B
2
2

DNS Request

cwxqlv.com

DNS Request

cwxqlv.com
8.8.8.8:53

nbodvl.com

dns

60e4c77e24a4c565756ad9d919a7b62398588dd960746d97e612fab02f940002.exe

112 B
258 B
2
2

DNS Request

nbodvl.com

DNS Request

nbodvl.com
8.8.8.8:53

pofyfm.com

dns

60e4c77e24a4c565756ad9d919a7b62398588dd960746d97e612fab02f940002.exe

112 B
258 B
2
2

DNS Request

pofyfm.com

DNS Request

pofyfm.com
8.8.8.8:53

grqiab.com

dns

60e4c77e24a4c565756ad9d919a7b62398588dd960746d97e612fab02f940002.exe

112 B
258 B
2
2

DNS Request

grqiab.com

DNS Request

grqiab.com
8.8.8.8:53

aeoeoa.com

dns

60e4c77e24a4c565756ad9d919a7b62398588dd960746d97e612fab02f940002.exe

112 B
258 B
2
2

DNS Request

aeoeoa.com

DNS Request

aeoeoa.com
8.8.8.8:53

ujhfgn.com

dns

60e4c77e24a4c565756ad9d919a7b62398588dd960746d97e612fab02f940002.exe

112 B
258 B
2
2

DNS Request

ujhfgn.com

DNS Request

ujhfgn.com
8.8.8.8:53

hfuwqh.com

dns

60e4c77e24a4c565756ad9d919a7b62398588dd960746d97e612fab02f940002.exe

112 B
258 B
2
2

DNS Request

hfuwqh.com

DNS Request

hfuwqh.com
8.8.8.8:53

ocvapu.com

dns

60e4c77e24a4c565756ad9d919a7b62398588dd960746d97e612fab02f940002.exe

112 B
258 B
2
2

DNS Request

ocvapu.com

DNS Request

ocvapu.com
8.8.8.8:53

epzeeo.com

dns

60e4c77e24a4c565756ad9d919a7b62398588dd960746d97e612fab02f940002.exe

112 B
258 B
2
2

DNS Request

epzeeo.com

DNS Request

epzeeo.com
8.8.8.8:53

cnmbqt.com

dns

60e4c77e24a4c565756ad9d919a7b62398588dd960746d97e612fab02f940002.exe

112 B
258 B
2
2

DNS Request

cnmbqt.com

DNS Request

cnmbqt.com
8.8.8.8:53

ejrhqa.com

dns

60e4c77e24a4c565756ad9d919a7b62398588dd960746d97e612fab02f940002.exe

112 B
258 B
2
2

DNS Request

ejrhqa.com

DNS Request

ejrhqa.com
8.8.8.8:53

kbivqg.com

dns

60e4c77e24a4c565756ad9d919a7b62398588dd960746d97e612fab02f940002.exe

112 B
258 B
2
2

DNS Request

kbivqg.com

DNS Request

kbivqg.com
8.8.8.8:53

fvnefy.com

dns

60e4c77e24a4c565756ad9d919a7b62398588dd960746d97e612fab02f940002.exe

112 B
258 B
2
2

DNS Request

fvnefy.com

DNS Request

fvnefy.com
8.8.8.8:53

qxvsju.com

dns

60e4c77e24a4c565756ad9d919a7b62398588dd960746d97e612fab02f940002.exe

112 B
258 B
2
2

DNS Request

qxvsju.com

DNS Request

qxvsju.com
8.8.8.8:53

yiaewq.com

dns

60e4c77e24a4c565756ad9d919a7b62398588dd960746d97e612fab02f940002.exe

112 B
258 B
2
2

DNS Request

yiaewq.com

DNS Request

yiaewq.com
8.8.8.8:53

iwoiuy.com

dns

60e4c77e24a4c565756ad9d919a7b62398588dd960746d97e612fab02f940002.exe

112 B
258 B
2
2

DNS Request

iwoiuy.com

DNS Request

iwoiuy.com
8.8.8.8:53

xiloia.com

dns

60e4c77e24a4c565756ad9d919a7b62398588dd960746d97e612fab02f940002.exe

112 B
258 B
2
2

DNS Request

xiloia.com

DNS Request

xiloia.com
8.8.8.8:53

qetyxa.com

dns

60e4c77e24a4c565756ad9d919a7b62398588dd960746d97e612fab02f940002.exe

112 B
258 B
2
2

DNS Request

qetyxa.com

DNS Request

qetyxa.com
8.8.8.8:53

qyegpc.com

dns

60e4c77e24a4c565756ad9d919a7b62398588dd960746d97e612fab02f940002.exe

112 B
258 B
2
2

DNS Request

qyegpc.com

DNS Request

qyegpc.com
8.8.8.8:53

debwim.com

dns

60e4c77e24a4c565756ad9d919a7b62398588dd960746d97e612fab02f940002.exe

112 B
258 B
2
2

DNS Request

debwim.com

DNS Request

debwim.com
8.8.8.8:53

etyofq.com

dns

60e4c77e24a4c565756ad9d919a7b62398588dd960746d97e612fab02f940002.exe

112 B
258 B
2
2

DNS Request

etyofq.com

DNS Request

etyofq.com
8.8.8.8:53

rvlqve.com

dns

60e4c77e24a4c565756ad9d919a7b62398588dd960746d97e612fab02f940002.exe

112 B
258 B
2
2

DNS Request

rvlqve.com

DNS Request

rvlqve.com
8.8.8.8:53

xkpczv.com

dns

60e4c77e24a4c565756ad9d919a7b62398588dd960746d97e612fab02f940002.exe

112 B
258 B
2
2

DNS Request

xkpczv.com

DNS Request

xkpczv.com
8.8.8.8:53

pytjcg.com

dns

60e4c77e24a4c565756ad9d919a7b62398588dd960746d97e612fab02f940002.exe

112 B
258 B
2
2

DNS Request

pytjcg.com

DNS Request

pytjcg.com
8.8.8.8:53

xeixol.com

dns

60e4c77e24a4c565756ad9d919a7b62398588dd960746d97e612fab02f940002.exe

112 B
258 B
2
2

DNS Request

xeixol.com

DNS Request

xeixol.com
8.8.8.8:53

xkeyhz.com

dns

60e4c77e24a4c565756ad9d919a7b62398588dd960746d97e612fab02f940002.exe

112 B
258 B
2
2

DNS Request

xkeyhz.com

DNS Request

xkeyhz.com
8.8.8.8:53

xuuxua.com

dns

60e4c77e24a4c565756ad9d919a7b62398588dd960746d97e612fab02f940002.exe

112 B
258 B
2
2

DNS Request

xuuxua.com

DNS Request

xuuxua.com
8.8.8.8:53

lfgiid.com

dns

60e4c77e24a4c565756ad9d919a7b62398588dd960746d97e612fab02f940002.exe

112 B
258 B
2
2

DNS Request

lfgiid.com

DNS Request

lfgiid.com
8.8.8.8:53

zjziuh.com

dns

60e4c77e24a4c565756ad9d919a7b62398588dd960746d97e612fab02f940002.exe

280 B
5

DNS Request

zjziuh.com

DNS Request

zjziuh.com

DNS Request

zjziuh.com

DNS Request

zjziuh.com

DNS Request

zjziuh.com
8.8.8.8:53

eynecu.com

dns

60e4c77e24a4c565756ad9d919a7b62398588dd960746d97e612fab02f940002.exe

112 B
258 B
2
2

DNS Request

eynecu.com

DNS Request

eynecu.com
8.8.8.8:53

umbooj.com

dns

60e4c77e24a4c565756ad9d919a7b62398588dd960746d97e612fab02f940002.exe

112 B
258 B
2
2

DNS Request

umbooj.com

DNS Request

umbooj.com
8.8.8.8:53

jsdrnc.com

dns

60e4c77e24a4c565756ad9d919a7b62398588dd960746d97e612fab02f940002.exe

112 B
258 B
2
2

DNS Request

jsdrnc.com

DNS Request

jsdrnc.com
8.8.8.8:53

eaynoi.com

dns

60e4c77e24a4c565756ad9d919a7b62398588dd960746d97e612fab02f940002.exe

112 B
258 B
2
2

DNS Request

eaynoi.com

DNS Request

eaynoi.com
8.8.8.8:53

zyubhb.com

dns

60e4c77e24a4c565756ad9d919a7b62398588dd960746d97e612fab02f940002.exe

112 B
258 B
2
2

DNS Request

zyubhb.com

DNS Request

zyubhb.com
8.8.8.8:53

suueii.com

dns

60e4c77e24a4c565756ad9d919a7b62398588dd960746d97e612fab02f940002.exe

112 B
258 B
2
2

DNS Request

suueii.com

DNS Request

suueii.com
8.8.8.8:53

yavkla.com

dns

60e4c77e24a4c565756ad9d919a7b62398588dd960746d97e612fab02f940002.exe

112 B
258 B
2
2

DNS Request

yavkla.com

DNS Request

yavkla.com
8.8.8.8:53

pzekqe.com

dns

60e4c77e24a4c565756ad9d919a7b62398588dd960746d97e612fab02f940002.exe

112 B
258 B
2
2

DNS Request

pzekqe.com

DNS Request

pzekqe.com
8.8.8.8:53

waeygo.com

dns

60e4c77e24a4c565756ad9d919a7b62398588dd960746d97e612fab02f940002.exe

112 B
258 B
2
2

DNS Request

waeygo.com

DNS Request

waeygo.com
8.8.8.8:53

ilo.brenz.pl

dns

60e4c77e24a4c565756ad9d919a7b62398588dd960746d97e612fab02f940002.exe

116 B
148 B
2
2

DNS Request

ilo.brenz.pl

DNS Request

ilo.brenz.pl

DNS Response

148.81.111.121

DNS Response

148.81.111.121

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

T1031

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/540-132-0x0000000000400000-0x0000000000563000-memory.dmp

Filesize
1.4MB

Download
memory/540-133-0x0000000000400000-0x0000000000563000-memory.dmp

Filesize
1.4MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Response

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request