xmrig | 46aabe234c9ab856705e1403a13611a198864e0d6e38dfadf0738fe87af674bf

Analysis

max time kernel
138s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
29/05/2024, 21:08

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

46aabe234c9ab856705e1403a13611a198864e0d6e38dfadf0738fe87af674bf.exe
Size

1.4MB
MD5

4191593d205ec4d2b17fb5933b3701d0
SHA1

316cf880207892a848f72a1901b3ee79e8592f1e
SHA256

46aabe234c9ab856705e1403a13611a198864e0d6e38dfadf0738fe87af674bf
SHA512

47c0993254a7df728dc65d73580ed74b92bc89e83e91c71d14897de6166202cdcf34049f19c21de8eca75d9a2bc7ea64507d5ad4845d65b3fd9391b6a11ec514
SSDEEP

24576:GezaTnG99Q8FcNrpyNdfE0bLBgDOp2iSLz9LbBwlKensYKkTT7UudBWkmmo2K:GezaTF8FcNkNdfE0pZ9oztFwI6K72K

Score

10^/10

xmrig miner

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 34 IoCs

miner

resource	yara_rule
behavioral2/files/0x0006000000023286-4.dat	xmrig
behavioral2/files/0x0007000000023403-7.dat	xmrig
behavioral2/files/0x0007000000023404-14.dat	xmrig
behavioral2/files/0x0007000000023405-20.dat	xmrig
behavioral2/files/0x0007000000023406-23.dat	xmrig
behavioral2/files/0x0007000000023407-29.dat	xmrig
behavioral2/files/0x0007000000023408-32.dat	xmrig
behavioral2/files/0x000700000002340d-63.dat	xmrig
behavioral2/files/0x0007000000023410-72.dat	xmrig
behavioral2/files/0x0007000000023411-80.dat	xmrig
behavioral2/files/0x000700000002340f-74.dat	xmrig
behavioral2/files/0x000700000002340e-70.dat	xmrig
behavioral2/files/0x000700000002340b-60.dat	xmrig
behavioral2/files/0x000700000002340a-56.dat	xmrig
behavioral2/files/0x0007000000023409-53.dat	xmrig
behavioral2/files/0x000700000002340c-51.dat	xmrig
behavioral2/files/0x0007000000023412-84.dat	xmrig
behavioral2/files/0x0008000000023400-89.dat	xmrig
behavioral2/files/0x0007000000023413-95.dat	xmrig
behavioral2/files/0x0007000000023414-98.dat	xmrig
behavioral2/files/0x0007000000023416-108.dat	xmrig
behavioral2/files/0x0007000000023417-111.dat	xmrig
behavioral2/files/0x0007000000023419-129.dat	xmrig
behavioral2/files/0x000700000002341c-144.dat	xmrig
behavioral2/files/0x000700000002341f-161.dat	xmrig
behavioral2/files/0x000700000002341e-159.dat	xmrig
behavioral2/files/0x000700000002341d-157.dat	xmrig
behavioral2/files/0x0007000000023422-156.dat	xmrig
behavioral2/files/0x0007000000023421-155.dat	xmrig
behavioral2/files/0x000700000002341b-153.dat	xmrig
behavioral2/files/0x0007000000023420-152.dat	xmrig
behavioral2/files/0x000700000002341a-139.dat	xmrig
behavioral2/files/0x0007000000023418-125.dat	xmrig
behavioral2/files/0x0007000000023415-105.dat	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2404	eqTybNb.exe
3996	btuDotM.exe
1404	ciEhcqS.exe
4632	NEqhZDP.exe
4680	mQaxfsu.exe
4272	RgtaePr.exe
3120	OShaIMv.exe
2176	gJUAupa.exe
1428	exAqhtf.exe
1400	EtyQvBP.exe
4396	yooihbe.exe
4084	hwcIyLm.exe
2028	XhdBIrd.exe
3988	WonBiLv.exe
1864	FsFTtew.exe
1884	BaIafQo.exe
3296	poAJEOs.exe
2108	woIAley.exe
1160	eknvgTs.exe
1512	oiaAbGn.exe
4168	ZcRluNS.exe
2480	AeZQisw.exe
1244	pWDiLLB.exe
3488	pHzfGfY.exe
4704	dwNreuU.exe
3048	DovbyBd.exe
848	JpLsIqC.exe
892	vVZSbJu.exe
516	ZkXWeHA.exe
2276	LxjrsVX.exe
1264	GAvhesA.exe
452	yKVixrA.exe
4376	XhKbTbp.exe
440	UOmlzYg.exe
332	wvWEFRH.exe
4572	sGWtDzT.exe
1328	AuZLCvk.exe
4948	llkEXuL.exe
4876	RgNiKLe.exe
412	BeVrcGN.exe
4608	LRQTgyi.exe
916	vNmKWXV.exe
4760	RFNdKaV.exe
4492	voLGjic.exe
4504	IpsHoax.exe
1280	UAmiBHJ.exe
3300	NholkKX.exe
4640	wjDqhZG.exe
2672	gHdHYQu.exe
704	mcJptKR.exe
1392	rWuLHcJ.exe
3920	ONYijjh.exe
2712	PPMYWaD.exe
4296	qepuTHg.exe
220	PHljBwp.exe
864	hICiEQe.exe
4812	pQwELQH.exe
2792	WoUjqJN.exe
1524	yeXwidC.exe
5076	MEuFxIP.exe
2900	cCkdJLD.exe
4480	wDLkIIZ.exe
1720	ElelcPT.exe
3076	FVvLsaM.exe

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\oAaSPXB.exe	46aabe234c9ab856705e1403a13611a198864e0d6e38dfadf0738fe87af674bf.exe
File created	C:\Windows\System\mcJptKR.exe	46aabe234c9ab856705e1403a13611a198864e0d6e38dfadf0738fe87af674bf.exe
File created	C:\Windows\System\MEuFxIP.exe	46aabe234c9ab856705e1403a13611a198864e0d6e38dfadf0738fe87af674bf.exe
File created	C:\Windows\System\pcRroQq.exe	46aabe234c9ab856705e1403a13611a198864e0d6e38dfadf0738fe87af674bf.exe
File created	C:\Windows\System\tvxKPVL.exe	46aabe234c9ab856705e1403a13611a198864e0d6e38dfadf0738fe87af674bf.exe
File created	C:\Windows\System\yKVixrA.exe	46aabe234c9ab856705e1403a13611a198864e0d6e38dfadf0738fe87af674bf.exe
File created	C:\Windows\System\brxtGqQ.exe	46aabe234c9ab856705e1403a13611a198864e0d6e38dfadf0738fe87af674bf.exe
File created	C:\Windows\System\EKULyIC.exe	46aabe234c9ab856705e1403a13611a198864e0d6e38dfadf0738fe87af674bf.exe
File created	C:\Windows\System\riNXmdr.exe	46aabe234c9ab856705e1403a13611a198864e0d6e38dfadf0738fe87af674bf.exe
File created	C:\Windows\System\yfaCgqN.exe	46aabe234c9ab856705e1403a13611a198864e0d6e38dfadf0738fe87af674bf.exe
File created	C:\Windows\System\gJUAupa.exe	46aabe234c9ab856705e1403a13611a198864e0d6e38dfadf0738fe87af674bf.exe
File created	C:\Windows\System\voLGjic.exe	46aabe234c9ab856705e1403a13611a198864e0d6e38dfadf0738fe87af674bf.exe
File created	C:\Windows\System\dXrXTED.exe	46aabe234c9ab856705e1403a13611a198864e0d6e38dfadf0738fe87af674bf.exe
File created	C:\Windows\System\SEZtrBc.exe	46aabe234c9ab856705e1403a13611a198864e0d6e38dfadf0738fe87af674bf.exe
File created	C:\Windows\System\jQcQstE.exe	46aabe234c9ab856705e1403a13611a198864e0d6e38dfadf0738fe87af674bf.exe
File created	C:\Windows\System\FVvLsaM.exe	46aabe234c9ab856705e1403a13611a198864e0d6e38dfadf0738fe87af674bf.exe
File created	C:\Windows\System\KADeCmb.exe	46aabe234c9ab856705e1403a13611a198864e0d6e38dfadf0738fe87af674bf.exe
File created	C:\Windows\System\btuDotM.exe	46aabe234c9ab856705e1403a13611a198864e0d6e38dfadf0738fe87af674bf.exe
File created	C:\Windows\System\RgtaePr.exe	46aabe234c9ab856705e1403a13611a198864e0d6e38dfadf0738fe87af674bf.exe
File created	C:\Windows\System\PHljBwp.exe	46aabe234c9ab856705e1403a13611a198864e0d6e38dfadf0738fe87af674bf.exe
File created	C:\Windows\System\clNnWQy.exe	46aabe234c9ab856705e1403a13611a198864e0d6e38dfadf0738fe87af674bf.exe
File created	C:\Windows\System\vVZSbJu.exe	46aabe234c9ab856705e1403a13611a198864e0d6e38dfadf0738fe87af674bf.exe
File created	C:\Windows\System\ZbUAByE.exe	46aabe234c9ab856705e1403a13611a198864e0d6e38dfadf0738fe87af674bf.exe
File created	C:\Windows\System\kSEDskA.exe	46aabe234c9ab856705e1403a13611a198864e0d6e38dfadf0738fe87af674bf.exe
File created	C:\Windows\System\AzqJrYe.exe	46aabe234c9ab856705e1403a13611a198864e0d6e38dfadf0738fe87af674bf.exe
File created	C:\Windows\System\XtzDwlC.exe	46aabe234c9ab856705e1403a13611a198864e0d6e38dfadf0738fe87af674bf.exe
File created	C:\Windows\System\hICiEQe.exe	46aabe234c9ab856705e1403a13611a198864e0d6e38dfadf0738fe87af674bf.exe
File created	C:\Windows\System\JgSZZRP.exe	46aabe234c9ab856705e1403a13611a198864e0d6e38dfadf0738fe87af674bf.exe
File created	C:\Windows\System\VDhpGib.exe	46aabe234c9ab856705e1403a13611a198864e0d6e38dfadf0738fe87af674bf.exe
File created	C:\Windows\System\XhKbTbp.exe	46aabe234c9ab856705e1403a13611a198864e0d6e38dfadf0738fe87af674bf.exe
File created	C:\Windows\System\rWuLHcJ.exe	46aabe234c9ab856705e1403a13611a198864e0d6e38dfadf0738fe87af674bf.exe
File created	C:\Windows\System\KygWGPh.exe	46aabe234c9ab856705e1403a13611a198864e0d6e38dfadf0738fe87af674bf.exe
File created	C:\Windows\System\doazLhe.exe	46aabe234c9ab856705e1403a13611a198864e0d6e38dfadf0738fe87af674bf.exe
File created	C:\Windows\System\NNMGMao.exe	46aabe234c9ab856705e1403a13611a198864e0d6e38dfadf0738fe87af674bf.exe
File created	C:\Windows\System\YQVXxdd.exe	46aabe234c9ab856705e1403a13611a198864e0d6e38dfadf0738fe87af674bf.exe
File created	C:\Windows\System\cRDNPtw.exe	46aabe234c9ab856705e1403a13611a198864e0d6e38dfadf0738fe87af674bf.exe
File created	C:\Windows\System\BFsGqeL.exe	46aabe234c9ab856705e1403a13611a198864e0d6e38dfadf0738fe87af674bf.exe
File created	C:\Windows\System\sRLZZbL.exe	46aabe234c9ab856705e1403a13611a198864e0d6e38dfadf0738fe87af674bf.exe
File created	C:\Windows\System\IzqBXJD.exe	46aabe234c9ab856705e1403a13611a198864e0d6e38dfadf0738fe87af674bf.exe
File created	C:\Windows\System\JJCEOqj.exe	46aabe234c9ab856705e1403a13611a198864e0d6e38dfadf0738fe87af674bf.exe
File created	C:\Windows\System\tqBHyRp.exe	46aabe234c9ab856705e1403a13611a198864e0d6e38dfadf0738fe87af674bf.exe
File created	C:\Windows\System\BaIafQo.exe	46aabe234c9ab856705e1403a13611a198864e0d6e38dfadf0738fe87af674bf.exe
File created	C:\Windows\System\ZkXWeHA.exe	46aabe234c9ab856705e1403a13611a198864e0d6e38dfadf0738fe87af674bf.exe
File created	C:\Windows\System\wvWEFRH.exe	46aabe234c9ab856705e1403a13611a198864e0d6e38dfadf0738fe87af674bf.exe
File created	C:\Windows\System\WnqAJUY.exe	46aabe234c9ab856705e1403a13611a198864e0d6e38dfadf0738fe87af674bf.exe
File created	C:\Windows\System\yAhsDsh.exe	46aabe234c9ab856705e1403a13611a198864e0d6e38dfadf0738fe87af674bf.exe
File created	C:\Windows\System\iEEzPCo.exe	46aabe234c9ab856705e1403a13611a198864e0d6e38dfadf0738fe87af674bf.exe
File created	C:\Windows\System\JHwTrgE.exe	46aabe234c9ab856705e1403a13611a198864e0d6e38dfadf0738fe87af674bf.exe
File created	C:\Windows\System\pQwELQH.exe	46aabe234c9ab856705e1403a13611a198864e0d6e38dfadf0738fe87af674bf.exe
File created	C:\Windows\System\erIGqVY.exe	46aabe234c9ab856705e1403a13611a198864e0d6e38dfadf0738fe87af674bf.exe
File created	C:\Windows\System\meFgqKr.exe	46aabe234c9ab856705e1403a13611a198864e0d6e38dfadf0738fe87af674bf.exe
File created	C:\Windows\System\wUzxIoT.exe	46aabe234c9ab856705e1403a13611a198864e0d6e38dfadf0738fe87af674bf.exe
File created	C:\Windows\System\OShaIMv.exe	46aabe234c9ab856705e1403a13611a198864e0d6e38dfadf0738fe87af674bf.exe
File created	C:\Windows\System\FsFTtew.exe	46aabe234c9ab856705e1403a13611a198864e0d6e38dfadf0738fe87af674bf.exe
File created	C:\Windows\System\FzTcNOD.exe	46aabe234c9ab856705e1403a13611a198864e0d6e38dfadf0738fe87af674bf.exe
File created	C:\Windows\System\IpsHoax.exe	46aabe234c9ab856705e1403a13611a198864e0d6e38dfadf0738fe87af674bf.exe
File created	C:\Windows\System\WoUjqJN.exe	46aabe234c9ab856705e1403a13611a198864e0d6e38dfadf0738fe87af674bf.exe
File created	C:\Windows\System\BZBUvQT.exe	46aabe234c9ab856705e1403a13611a198864e0d6e38dfadf0738fe87af674bf.exe
File created	C:\Windows\System\WonBiLv.exe	46aabe234c9ab856705e1403a13611a198864e0d6e38dfadf0738fe87af674bf.exe
File created	C:\Windows\System\LRQTgyi.exe	46aabe234c9ab856705e1403a13611a198864e0d6e38dfadf0738fe87af674bf.exe
File created	C:\Windows\System\SUiYvCY.exe	46aabe234c9ab856705e1403a13611a198864e0d6e38dfadf0738fe87af674bf.exe
File created	C:\Windows\System\NWNoqQN.exe	46aabe234c9ab856705e1403a13611a198864e0d6e38dfadf0738fe87af674bf.exe
File created	C:\Windows\System\acujDoi.exe	46aabe234c9ab856705e1403a13611a198864e0d6e38dfadf0738fe87af674bf.exe
File created	C:\Windows\System\fjdJXzD.exe	46aabe234c9ab856705e1403a13611a198864e0d6e38dfadf0738fe87af674bf.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeLockMemoryPrivilege	1808	46aabe234c9ab856705e1403a13611a198864e0d6e38dfadf0738fe87af674bf.exe
Token: SeLockMemoryPrivilege	1808	46aabe234c9ab856705e1403a13611a198864e0d6e38dfadf0738fe87af674bf.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1808 wrote to memory of 2404	1808	46aabe234c9ab856705e1403a13611a198864e0d6e38dfadf0738fe87af674bf.exe	83
PID 1808 wrote to memory of 2404	1808	46aabe234c9ab856705e1403a13611a198864e0d6e38dfadf0738fe87af674bf.exe	83
PID 1808 wrote to memory of 3996	1808	46aabe234c9ab856705e1403a13611a198864e0d6e38dfadf0738fe87af674bf.exe	84
PID 1808 wrote to memory of 3996	1808	46aabe234c9ab856705e1403a13611a198864e0d6e38dfadf0738fe87af674bf.exe	84
PID 1808 wrote to memory of 1404	1808	46aabe234c9ab856705e1403a13611a198864e0d6e38dfadf0738fe87af674bf.exe	85
PID 1808 wrote to memory of 1404	1808	46aabe234c9ab856705e1403a13611a198864e0d6e38dfadf0738fe87af674bf.exe	85
PID 1808 wrote to memory of 4632	1808	46aabe234c9ab856705e1403a13611a198864e0d6e38dfadf0738fe87af674bf.exe	86
PID 1808 wrote to memory of 4632	1808	46aabe234c9ab856705e1403a13611a198864e0d6e38dfadf0738fe87af674bf.exe	86
PID 1808 wrote to memory of 4680	1808	46aabe234c9ab856705e1403a13611a198864e0d6e38dfadf0738fe87af674bf.exe	87
PID 1808 wrote to memory of 4680	1808	46aabe234c9ab856705e1403a13611a198864e0d6e38dfadf0738fe87af674bf.exe	87
PID 1808 wrote to memory of 4272	1808	46aabe234c9ab856705e1403a13611a198864e0d6e38dfadf0738fe87af674bf.exe	88
PID 1808 wrote to memory of 4272	1808	46aabe234c9ab856705e1403a13611a198864e0d6e38dfadf0738fe87af674bf.exe	88
PID 1808 wrote to memory of 3120	1808	46aabe234c9ab856705e1403a13611a198864e0d6e38dfadf0738fe87af674bf.exe	89
PID 1808 wrote to memory of 3120	1808	46aabe234c9ab856705e1403a13611a198864e0d6e38dfadf0738fe87af674bf.exe	89
PID 1808 wrote to memory of 1400	1808	46aabe234c9ab856705e1403a13611a198864e0d6e38dfadf0738fe87af674bf.exe	90
PID 1808 wrote to memory of 1400	1808	46aabe234c9ab856705e1403a13611a198864e0d6e38dfadf0738fe87af674bf.exe	90
PID 1808 wrote to memory of 2176	1808	46aabe234c9ab856705e1403a13611a198864e0d6e38dfadf0738fe87af674bf.exe	91
PID 1808 wrote to memory of 2176	1808	46aabe234c9ab856705e1403a13611a198864e0d6e38dfadf0738fe87af674bf.exe	91
PID 1808 wrote to memory of 1428	1808	46aabe234c9ab856705e1403a13611a198864e0d6e38dfadf0738fe87af674bf.exe	92
PID 1808 wrote to memory of 1428	1808	46aabe234c9ab856705e1403a13611a198864e0d6e38dfadf0738fe87af674bf.exe	92
PID 1808 wrote to memory of 4396	1808	46aabe234c9ab856705e1403a13611a198864e0d6e38dfadf0738fe87af674bf.exe	93
PID 1808 wrote to memory of 4396	1808	46aabe234c9ab856705e1403a13611a198864e0d6e38dfadf0738fe87af674bf.exe	93
PID 1808 wrote to memory of 2028	1808	46aabe234c9ab856705e1403a13611a198864e0d6e38dfadf0738fe87af674bf.exe	94
PID 1808 wrote to memory of 2028	1808	46aabe234c9ab856705e1403a13611a198864e0d6e38dfadf0738fe87af674bf.exe	94
PID 1808 wrote to memory of 4084	1808	46aabe234c9ab856705e1403a13611a198864e0d6e38dfadf0738fe87af674bf.exe	95
PID 1808 wrote to memory of 4084	1808	46aabe234c9ab856705e1403a13611a198864e0d6e38dfadf0738fe87af674bf.exe	95
PID 1808 wrote to memory of 3988	1808	46aabe234c9ab856705e1403a13611a198864e0d6e38dfadf0738fe87af674bf.exe	96
PID 1808 wrote to memory of 3988	1808	46aabe234c9ab856705e1403a13611a198864e0d6e38dfadf0738fe87af674bf.exe	96
PID 1808 wrote to memory of 1864	1808	46aabe234c9ab856705e1403a13611a198864e0d6e38dfadf0738fe87af674bf.exe	97
PID 1808 wrote to memory of 1864	1808	46aabe234c9ab856705e1403a13611a198864e0d6e38dfadf0738fe87af674bf.exe	97
PID 1808 wrote to memory of 1884	1808	46aabe234c9ab856705e1403a13611a198864e0d6e38dfadf0738fe87af674bf.exe	98
PID 1808 wrote to memory of 1884	1808	46aabe234c9ab856705e1403a13611a198864e0d6e38dfadf0738fe87af674bf.exe	98
PID 1808 wrote to memory of 3296	1808	46aabe234c9ab856705e1403a13611a198864e0d6e38dfadf0738fe87af674bf.exe	99
PID 1808 wrote to memory of 3296	1808	46aabe234c9ab856705e1403a13611a198864e0d6e38dfadf0738fe87af674bf.exe	99
PID 1808 wrote to memory of 2108	1808	46aabe234c9ab856705e1403a13611a198864e0d6e38dfadf0738fe87af674bf.exe	100
PID 1808 wrote to memory of 2108	1808	46aabe234c9ab856705e1403a13611a198864e0d6e38dfadf0738fe87af674bf.exe	100
PID 1808 wrote to memory of 1160	1808	46aabe234c9ab856705e1403a13611a198864e0d6e38dfadf0738fe87af674bf.exe	101
PID 1808 wrote to memory of 1160	1808	46aabe234c9ab856705e1403a13611a198864e0d6e38dfadf0738fe87af674bf.exe	101
PID 1808 wrote to memory of 1512	1808	46aabe234c9ab856705e1403a13611a198864e0d6e38dfadf0738fe87af674bf.exe	102
PID 1808 wrote to memory of 1512	1808	46aabe234c9ab856705e1403a13611a198864e0d6e38dfadf0738fe87af674bf.exe	102
PID 1808 wrote to memory of 4168	1808	46aabe234c9ab856705e1403a13611a198864e0d6e38dfadf0738fe87af674bf.exe	104
PID 1808 wrote to memory of 4168	1808	46aabe234c9ab856705e1403a13611a198864e0d6e38dfadf0738fe87af674bf.exe	104
PID 1808 wrote to memory of 2480	1808	46aabe234c9ab856705e1403a13611a198864e0d6e38dfadf0738fe87af674bf.exe	105
PID 1808 wrote to memory of 2480	1808	46aabe234c9ab856705e1403a13611a198864e0d6e38dfadf0738fe87af674bf.exe	105
PID 1808 wrote to memory of 1244	1808	46aabe234c9ab856705e1403a13611a198864e0d6e38dfadf0738fe87af674bf.exe	106
PID 1808 wrote to memory of 1244	1808	46aabe234c9ab856705e1403a13611a198864e0d6e38dfadf0738fe87af674bf.exe	106
PID 1808 wrote to memory of 3488	1808	46aabe234c9ab856705e1403a13611a198864e0d6e38dfadf0738fe87af674bf.exe	107
PID 1808 wrote to memory of 3488	1808	46aabe234c9ab856705e1403a13611a198864e0d6e38dfadf0738fe87af674bf.exe	107
PID 1808 wrote to memory of 4704	1808	46aabe234c9ab856705e1403a13611a198864e0d6e38dfadf0738fe87af674bf.exe	108
PID 1808 wrote to memory of 4704	1808	46aabe234c9ab856705e1403a13611a198864e0d6e38dfadf0738fe87af674bf.exe	108
PID 1808 wrote to memory of 3048	1808	46aabe234c9ab856705e1403a13611a198864e0d6e38dfadf0738fe87af674bf.exe	109
PID 1808 wrote to memory of 3048	1808	46aabe234c9ab856705e1403a13611a198864e0d6e38dfadf0738fe87af674bf.exe	109
PID 1808 wrote to memory of 848	1808	46aabe234c9ab856705e1403a13611a198864e0d6e38dfadf0738fe87af674bf.exe	110
PID 1808 wrote to memory of 848	1808	46aabe234c9ab856705e1403a13611a198864e0d6e38dfadf0738fe87af674bf.exe	110
PID 1808 wrote to memory of 892	1808	46aabe234c9ab856705e1403a13611a198864e0d6e38dfadf0738fe87af674bf.exe	111
PID 1808 wrote to memory of 892	1808	46aabe234c9ab856705e1403a13611a198864e0d6e38dfadf0738fe87af674bf.exe	111
PID 1808 wrote to memory of 516	1808	46aabe234c9ab856705e1403a13611a198864e0d6e38dfadf0738fe87af674bf.exe	112
PID 1808 wrote to memory of 516	1808	46aabe234c9ab856705e1403a13611a198864e0d6e38dfadf0738fe87af674bf.exe	112
PID 1808 wrote to memory of 2276	1808	46aabe234c9ab856705e1403a13611a198864e0d6e38dfadf0738fe87af674bf.exe	113
PID 1808 wrote to memory of 2276	1808	46aabe234c9ab856705e1403a13611a198864e0d6e38dfadf0738fe87af674bf.exe	113
PID 1808 wrote to memory of 1264	1808	46aabe234c9ab856705e1403a13611a198864e0d6e38dfadf0738fe87af674bf.exe	114
PID 1808 wrote to memory of 1264	1808	46aabe234c9ab856705e1403a13611a198864e0d6e38dfadf0738fe87af674bf.exe	114
PID 1808 wrote to memory of 452	1808	46aabe234c9ab856705e1403a13611a198864e0d6e38dfadf0738fe87af674bf.exe	115
PID 1808 wrote to memory of 452	1808	46aabe234c9ab856705e1403a13611a198864e0d6e38dfadf0738fe87af674bf.exe	115

C:\Users\Admin\AppData\Local\Temp\46aabe234c9ab856705e1403a13611a198864e0d6e38dfadf0738fe87af674bf.exe
"C:\Users\Admin\AppData\Local\Temp\46aabe234c9ab856705e1403a13611a198864e0d6e38dfadf0738fe87af674bf.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1808
- C:\Windows\System\eqTybNb.exe
  C:\Windows\System\eqTybNb.exe
  2⤵
  - Executes dropped EXE
  PID:2404
- C:\Windows\System\btuDotM.exe
  C:\Windows\System\btuDotM.exe
  2⤵
  - Executes dropped EXE
  PID:3996
- C:\Windows\System\ciEhcqS.exe
  C:\Windows\System\ciEhcqS.exe
  2⤵
  - Executes dropped EXE
  PID:1404
- C:\Windows\System\NEqhZDP.exe
  C:\Windows\System\NEqhZDP.exe
  2⤵
  - Executes dropped EXE
  PID:4632
- C:\Windows\System\mQaxfsu.exe
  C:\Windows\System\mQaxfsu.exe
  2⤵
  - Executes dropped EXE
  PID:4680
- C:\Windows\System\RgtaePr.exe
  C:\Windows\System\RgtaePr.exe
  2⤵
  - Executes dropped EXE
  PID:4272
- C:\Windows\System\OShaIMv.exe
  C:\Windows\System\OShaIMv.exe
  2⤵
  - Executes dropped EXE
  PID:3120
- C:\Windows\System\EtyQvBP.exe
  C:\Windows\System\EtyQvBP.exe
  2⤵
  - Executes dropped EXE
  PID:1400
- C:\Windows\System\gJUAupa.exe
  C:\Windows\System\gJUAupa.exe
  2⤵
  - Executes dropped EXE
  PID:2176
- C:\Windows\System\exAqhtf.exe
  C:\Windows\System\exAqhtf.exe
  2⤵
  - Executes dropped EXE
  PID:1428
- C:\Windows\System\yooihbe.exe
  C:\Windows\System\yooihbe.exe
  2⤵
  - Executes dropped EXE
  PID:4396
- C:\Windows\System\XhdBIrd.exe
  C:\Windows\System\XhdBIrd.exe
  2⤵
  - Executes dropped EXE
  PID:2028
- C:\Windows\System\hwcIyLm.exe
  C:\Windows\System\hwcIyLm.exe
  2⤵
  - Executes dropped EXE
  PID:4084
- C:\Windows\System\WonBiLv.exe
  C:\Windows\System\WonBiLv.exe
  2⤵
  - Executes dropped EXE
  PID:3988
- C:\Windows\System\FsFTtew.exe
  C:\Windows\System\FsFTtew.exe
  2⤵
  - Executes dropped EXE
  PID:1864
- C:\Windows\System\BaIafQo.exe
  C:\Windows\System\BaIafQo.exe
  2⤵
  - Executes dropped EXE
  PID:1884
- C:\Windows\System\poAJEOs.exe
  C:\Windows\System\poAJEOs.exe
  2⤵
  - Executes dropped EXE
  PID:3296
- C:\Windows\System\woIAley.exe
  C:\Windows\System\woIAley.exe
  2⤵
  - Executes dropped EXE
  PID:2108
- C:\Windows\System\eknvgTs.exe
  C:\Windows\System\eknvgTs.exe
  2⤵
  - Executes dropped EXE
  PID:1160
- C:\Windows\System\oiaAbGn.exe
  C:\Windows\System\oiaAbGn.exe
  2⤵
  - Executes dropped EXE
  PID:1512
- C:\Windows\System\ZcRluNS.exe
  C:\Windows\System\ZcRluNS.exe
  2⤵
  - Executes dropped EXE
  PID:4168
- C:\Windows\System\AeZQisw.exe
  C:\Windows\System\AeZQisw.exe
  2⤵
  - Executes dropped EXE
  PID:2480
- C:\Windows\System\pWDiLLB.exe
  C:\Windows\System\pWDiLLB.exe
  2⤵
  - Executes dropped EXE
  PID:1244
- C:\Windows\System\pHzfGfY.exe
  C:\Windows\System\pHzfGfY.exe
  2⤵
  - Executes dropped EXE
  PID:3488
- C:\Windows\System\dwNreuU.exe
  C:\Windows\System\dwNreuU.exe
  2⤵
  - Executes dropped EXE
  PID:4704
- C:\Windows\System\DovbyBd.exe
  C:\Windows\System\DovbyBd.exe
  2⤵
  - Executes dropped EXE
  PID:3048
- C:\Windows\System\JpLsIqC.exe
  C:\Windows\System\JpLsIqC.exe
  2⤵
  - Executes dropped EXE
  PID:848
- C:\Windows\System\vVZSbJu.exe
  C:\Windows\System\vVZSbJu.exe
  2⤵
  - Executes dropped EXE
  PID:892
- C:\Windows\System\ZkXWeHA.exe
  C:\Windows\System\ZkXWeHA.exe
  2⤵
  - Executes dropped EXE
  PID:516
- C:\Windows\System\LxjrsVX.exe
  C:\Windows\System\LxjrsVX.exe
  2⤵
  - Executes dropped EXE
  PID:2276
- C:\Windows\System\GAvhesA.exe
  C:\Windows\System\GAvhesA.exe
  2⤵
  - Executes dropped EXE
  PID:1264
- C:\Windows\System\yKVixrA.exe
  C:\Windows\System\yKVixrA.exe
  2⤵
  - Executes dropped EXE
  PID:452
- C:\Windows\System\XhKbTbp.exe
  C:\Windows\System\XhKbTbp.exe
  2⤵
  - Executes dropped EXE
  PID:4376
- C:\Windows\System\UOmlzYg.exe
  C:\Windows\System\UOmlzYg.exe
  2⤵
  - Executes dropped EXE
  PID:440
- C:\Windows\System\wvWEFRH.exe
  C:\Windows\System\wvWEFRH.exe
  2⤵
  - Executes dropped EXE
  PID:332
- C:\Windows\System\sGWtDzT.exe
  C:\Windows\System\sGWtDzT.exe
  2⤵
  - Executes dropped EXE
  PID:4572
- C:\Windows\System\AuZLCvk.exe
  C:\Windows\System\AuZLCvk.exe
  2⤵
  - Executes dropped EXE
  PID:1328
- C:\Windows\System\llkEXuL.exe
  C:\Windows\System\llkEXuL.exe
  2⤵
  - Executes dropped EXE
  PID:4948
- C:\Windows\System\RgNiKLe.exe
  C:\Windows\System\RgNiKLe.exe
  2⤵
  - Executes dropped EXE
  PID:4876
- C:\Windows\System\BeVrcGN.exe
  C:\Windows\System\BeVrcGN.exe
  2⤵
  - Executes dropped EXE
  PID:412
- C:\Windows\System\LRQTgyi.exe
  C:\Windows\System\LRQTgyi.exe
  2⤵
  - Executes dropped EXE
  PID:4608
- C:\Windows\System\vNmKWXV.exe
  C:\Windows\System\vNmKWXV.exe
  2⤵
  - Executes dropped EXE
  PID:916
- C:\Windows\System\RFNdKaV.exe
  C:\Windows\System\RFNdKaV.exe
  2⤵
  - Executes dropped EXE
  PID:4760
- C:\Windows\System\voLGjic.exe
  C:\Windows\System\voLGjic.exe
  2⤵
  - Executes dropped EXE
  PID:4492
- C:\Windows\System\IpsHoax.exe
  C:\Windows\System\IpsHoax.exe
  2⤵
  - Executes dropped EXE
  PID:4504
- C:\Windows\System\UAmiBHJ.exe
  C:\Windows\System\UAmiBHJ.exe
  2⤵
  - Executes dropped EXE
  PID:1280
- C:\Windows\System\NholkKX.exe
  C:\Windows\System\NholkKX.exe
  2⤵
  - Executes dropped EXE
  PID:3300
- C:\Windows\System\wjDqhZG.exe
  C:\Windows\System\wjDqhZG.exe
  2⤵
  - Executes dropped EXE
  PID:4640
- C:\Windows\System\gHdHYQu.exe
  C:\Windows\System\gHdHYQu.exe
  2⤵
  - Executes dropped EXE
  PID:2672
- C:\Windows\System\mcJptKR.exe
  C:\Windows\System\mcJptKR.exe
  2⤵
  - Executes dropped EXE
  PID:704
- C:\Windows\System\rWuLHcJ.exe
  C:\Windows\System\rWuLHcJ.exe
  2⤵
  - Executes dropped EXE
  PID:1392
- C:\Windows\System\ONYijjh.exe
  C:\Windows\System\ONYijjh.exe
  2⤵
  - Executes dropped EXE
  PID:3920
- C:\Windows\System\PPMYWaD.exe
  C:\Windows\System\PPMYWaD.exe
  2⤵
  - Executes dropped EXE
  PID:2712
- C:\Windows\System\qepuTHg.exe
  C:\Windows\System\qepuTHg.exe
  2⤵
  - Executes dropped EXE
  PID:4296
- C:\Windows\System\PHljBwp.exe
  C:\Windows\System\PHljBwp.exe
  2⤵
  - Executes dropped EXE
  PID:220
- C:\Windows\System\hICiEQe.exe
  C:\Windows\System\hICiEQe.exe
  2⤵
  - Executes dropped EXE
  PID:864
- C:\Windows\System\pQwELQH.exe
  C:\Windows\System\pQwELQH.exe
  2⤵
  - Executes dropped EXE
  PID:4812
- C:\Windows\System\WoUjqJN.exe
  C:\Windows\System\WoUjqJN.exe
  2⤵
  - Executes dropped EXE
  PID:2792
- C:\Windows\System\yeXwidC.exe
  C:\Windows\System\yeXwidC.exe
  2⤵
  - Executes dropped EXE
  PID:1524
- C:\Windows\System\MEuFxIP.exe
  C:\Windows\System\MEuFxIP.exe
  2⤵
  - Executes dropped EXE
  PID:5076
- C:\Windows\System\cCkdJLD.exe
  C:\Windows\System\cCkdJLD.exe
  2⤵
  - Executes dropped EXE
  PID:2900
- C:\Windows\System\wDLkIIZ.exe
  C:\Windows\System\wDLkIIZ.exe
  2⤵
  - Executes dropped EXE
  PID:4480
- C:\Windows\System\ElelcPT.exe
  C:\Windows\System\ElelcPT.exe
  2⤵
  - Executes dropped EXE
  PID:1720
- C:\Windows\System\FVvLsaM.exe
  C:\Windows\System\FVvLsaM.exe
  2⤵
  - Executes dropped EXE
  PID:3076
- C:\Windows\System\iEEzPCo.exe
  C:\Windows\System\iEEzPCo.exe
  2⤵
  PID:4576
- C:\Windows\System\erIGqVY.exe
  C:\Windows\System\erIGqVY.exe
  2⤵
  PID:1576
- C:\Windows\System\meFgqKr.exe
  C:\Windows\System\meFgqKr.exe
  2⤵
  PID:5072
- C:\Windows\System\BFtBmwA.exe
  C:\Windows\System\BFtBmwA.exe
  2⤵
  PID:468
- C:\Windows\System\XMwlAHl.exe
  C:\Windows\System\XMwlAHl.exe
  2⤵
  PID:4612
- C:\Windows\System\reCwYrJ.exe
  C:\Windows\System\reCwYrJ.exe
  2⤵
  PID:1488
- C:\Windows\System\yurODVO.exe
  C:\Windows\System\yurODVO.exe
  2⤵
  PID:4444
- C:\Windows\System\MXAYyWt.exe
  C:\Windows\System\MXAYyWt.exe
  2⤵
  PID:4740
- C:\Windows\System\ZbUAByE.exe
  C:\Windows\System\ZbUAByE.exe
  2⤵
  PID:3556
- C:\Windows\System\dXrXTED.exe
  C:\Windows\System\dXrXTED.exe
  2⤵
  PID:5064
- C:\Windows\System\vFFMixG.exe
  C:\Windows\System\vFFMixG.exe
  2⤵
  PID:5040
- C:\Windows\System\IzqBXJD.exe
  C:\Windows\System\IzqBXJD.exe
  2⤵
  PID:4596
- C:\Windows\System\brxtGqQ.exe
  C:\Windows\System\brxtGqQ.exe
  2⤵
  PID:2360
- C:\Windows\System\ZptBqlF.exe
  C:\Windows\System\ZptBqlF.exe
  2⤵
  PID:3116
- C:\Windows\System\tYLUxMy.exe
  C:\Windows\System\tYLUxMy.exe
  2⤵
  PID:532
- C:\Windows\System\JHwTrgE.exe
  C:\Windows\System\JHwTrgE.exe
  2⤵
  PID:1348
- C:\Windows\System\UUWnixE.exe
  C:\Windows\System\UUWnixE.exe
  2⤵
  PID:3000
- C:\Windows\System\yoscPQS.exe
  C:\Windows\System\yoscPQS.exe
  2⤵
  PID:3788
- C:\Windows\System\EjNFZgg.exe
  C:\Windows\System\EjNFZgg.exe
  2⤵
  PID:880
- C:\Windows\System\JDnGFHp.exe
  C:\Windows\System\JDnGFHp.exe
  2⤵
  PID:4012
- C:\Windows\System\fERFWKh.exe
  C:\Windows\System\fERFWKh.exe
  2⤵
  PID:2808
- C:\Windows\System\mlaqaFQ.exe
  C:\Windows\System\mlaqaFQ.exe
  2⤵
  PID:3712
- C:\Windows\System\pICEuKX.exe
  C:\Windows\System\pICEuKX.exe
  2⤵
  PID:396
- C:\Windows\System\bKbldqo.exe
  C:\Windows\System\bKbldqo.exe
  2⤵
  PID:348
- C:\Windows\System\vgltwKa.exe
  C:\Windows\System\vgltwKa.exe
  2⤵
  PID:2368
- C:\Windows\System\JgSZZRP.exe
  C:\Windows\System\JgSZZRP.exe
  2⤵
  PID:1344
- C:\Windows\System\ExcYUyk.exe
  C:\Windows\System\ExcYUyk.exe
  2⤵
  PID:4776
- C:\Windows\System\JJCEOqj.exe
  C:\Windows\System\JJCEOqj.exe
  2⤵
  PID:3204
- C:\Windows\System\xiLNyND.exe
  C:\Windows\System\xiLNyND.exe
  2⤵
  PID:4316
- C:\Windows\System\SUiYvCY.exe
  C:\Windows\System\SUiYvCY.exe
  2⤵
  PID:3636
- C:\Windows\System\kSEDskA.exe
  C:\Windows\System\kSEDskA.exe
  2⤵
  PID:4980
- C:\Windows\System\fQaPVgX.exe
  C:\Windows\System\fQaPVgX.exe
  2⤵
  PID:4148
- C:\Windows\System\YQVXxdd.exe
  C:\Windows\System\YQVXxdd.exe
  2⤵
  PID:2204
- C:\Windows\System\CVvgkDs.exe
  C:\Windows\System\CVvgkDs.exe
  2⤵
  PID:4100
- C:\Windows\System\BZBUvQT.exe
  C:\Windows\System\BZBUvQT.exe
  2⤵
  PID:2736
- C:\Windows\System\ZQncDur.exe
  C:\Windows\System\ZQncDur.exe
  2⤵
  PID:5140
- C:\Windows\System\VJkZcPV.exe
  C:\Windows\System\VJkZcPV.exe
  2⤵
  PID:5172
- C:\Windows\System\Mkjdvvj.exe
  C:\Windows\System\Mkjdvvj.exe
  2⤵
  PID:5200
- C:\Windows\System\sKTglTN.exe
  C:\Windows\System\sKTglTN.exe
  2⤵
  PID:5228
- C:\Windows\System\riNXmdr.exe
  C:\Windows\System\riNXmdr.exe
  2⤵
  PID:5252
- C:\Windows\System\XOHlQrd.exe
  C:\Windows\System\XOHlQrd.exe
  2⤵
  PID:5272
- C:\Windows\System\hmONNwa.exe
  C:\Windows\System\hmONNwa.exe
  2⤵
  PID:5300
- C:\Windows\System\xGLmFIP.exe
  C:\Windows\System\xGLmFIP.exe
  2⤵
  PID:5328
- C:\Windows\System\zpvnHQi.exe
  C:\Windows\System\zpvnHQi.exe
  2⤵
  PID:5360
- C:\Windows\System\MKQxPgK.exe
  C:\Windows\System\MKQxPgK.exe
  2⤵
  PID:5396
- C:\Windows\System\mrgEJQr.exe
  C:\Windows\System\mrgEJQr.exe
  2⤵
  PID:5424
- C:\Windows\System\NfjKmGM.exe
  C:\Windows\System\NfjKmGM.exe
  2⤵
  PID:5440
- C:\Windows\System\QUnWuWH.exe
  C:\Windows\System\QUnWuWH.exe
  2⤵
  PID:5468
- C:\Windows\System\VvAwktB.exe
  C:\Windows\System\VvAwktB.exe
  2⤵
  PID:5508
- C:\Windows\System\KygWGPh.exe
  C:\Windows\System\KygWGPh.exe
  2⤵
  PID:5536
- C:\Windows\System\oAaSPXB.exe
  C:\Windows\System\oAaSPXB.exe
  2⤵
  PID:5564
- C:\Windows\System\VvLMamN.exe
  C:\Windows\System\VvLMamN.exe
  2⤵
  PID:5588
- C:\Windows\System\tnQjLcP.exe
  C:\Windows\System\tnQjLcP.exe
  2⤵
  PID:5612
- C:\Windows\System\FzTcNOD.exe
  C:\Windows\System\FzTcNOD.exe
  2⤵
  PID:5648
- C:\Windows\System\bDHOcTb.exe
  C:\Windows\System\bDHOcTb.exe
  2⤵
  PID:5684
- C:\Windows\System\tqBHyRp.exe
  C:\Windows\System\tqBHyRp.exe
  2⤵
  PID:5712
- C:\Windows\System\uLkcxLG.exe
  C:\Windows\System\uLkcxLG.exe
  2⤵
  PID:5740
- C:\Windows\System\PczAaNM.exe
  C:\Windows\System\PczAaNM.exe
  2⤵
  PID:5768
- C:\Windows\System\BFsGqeL.exe
  C:\Windows\System\BFsGqeL.exe
  2⤵
  PID:5796
- C:\Windows\System\lorUwVx.exe
  C:\Windows\System\lorUwVx.exe
  2⤵
  PID:5824
- C:\Windows\System\aFCkAIE.exe
  C:\Windows\System\aFCkAIE.exe
  2⤵
  PID:5852
- C:\Windows\System\acujDoi.exe
  C:\Windows\System\acujDoi.exe
  2⤵
  PID:5880
- C:\Windows\System\YoZOFRO.exe
  C:\Windows\System\YoZOFRO.exe
  2⤵
  PID:5896
- C:\Windows\System\ivpCZga.exe
  C:\Windows\System\ivpCZga.exe
  2⤵
  PID:5924
- C:\Windows\System\goJrQWD.exe
  C:\Windows\System\goJrQWD.exe
  2⤵
  PID:5948
- C:\Windows\System\KADeCmb.exe
  C:\Windows\System\KADeCmb.exe
  2⤵
  PID:5976
- C:\Windows\System\MxfoybL.exe
  C:\Windows\System\MxfoybL.exe
  2⤵
  PID:6004
- C:\Windows\System\AwsXUon.exe
  C:\Windows\System\AwsXUon.exe
  2⤵
  PID:6036
- C:\Windows\System\QHgFXwD.exe
  C:\Windows\System\QHgFXwD.exe
  2⤵
  PID:6068
- C:\Windows\System\camNjts.exe
  C:\Windows\System\camNjts.exe
  2⤵
  PID:6096
- C:\Windows\System\XLkFnlO.exe
  C:\Windows\System\XLkFnlO.exe
  2⤵
  PID:6132
- C:\Windows\System\wUzxIoT.exe
  C:\Windows\System\wUzxIoT.exe
  2⤵
  PID:5156
- C:\Windows\System\NGSrYuI.exe
  C:\Windows\System\NGSrYuI.exe
  2⤵
  PID:5220
- C:\Windows\System\QofUfOi.exe
  C:\Windows\System\QofUfOi.exe
  2⤵
  PID:5280
- C:\Windows\System\EKULyIC.exe
  C:\Windows\System\EKULyIC.exe
  2⤵
  PID:5340
- C:\Windows\System\bTiAPSW.exe
  C:\Windows\System\bTiAPSW.exe
  2⤵
  PID:5380
- C:\Windows\System\WHQgkAA.exe
  C:\Windows\System\WHQgkAA.exe
  2⤵
  PID:5420
- C:\Windows\System\enifKmA.exe
  C:\Windows\System\enifKmA.exe
  2⤵
  PID:5488
- C:\Windows\System\yrIMiCh.exe
  C:\Windows\System\yrIMiCh.exe
  2⤵
  PID:5556
- C:\Windows\System\VDhpGib.exe
  C:\Windows\System\VDhpGib.exe
  2⤵
  PID:5624
- C:\Windows\System\yNCPVsd.exe
  C:\Windows\System\yNCPVsd.exe
  2⤵
  PID:5780
- C:\Windows\System\AzqJrYe.exe
  C:\Windows\System\AzqJrYe.exe
  2⤵
  PID:5808
- C:\Windows\System\STHZzFb.exe
  C:\Windows\System\STHZzFb.exe
  2⤵
  PID:5844
- C:\Windows\System\ZtcznrE.exe
  C:\Windows\System\ZtcznrE.exe
  2⤵
  PID:5912
- C:\Windows\System\FQBhNMf.exe
  C:\Windows\System\FQBhNMf.exe
  2⤵
  PID:5892
- C:\Windows\System\uGanTmZ.exe
  C:\Windows\System\uGanTmZ.exe
  2⤵
  PID:5944
- C:\Windows\System\oQcxwie.exe
  C:\Windows\System\oQcxwie.exe
  2⤵
  PID:6000
- C:\Windows\System\tmkXHeu.exe
  C:\Windows\System\tmkXHeu.exe
  2⤵
  PID:6056
- C:\Windows\System\npYluJZ.exe
  C:\Windows\System\npYluJZ.exe
  2⤵
  PID:6088
- C:\Windows\System\SEZtrBc.exe
  C:\Windows\System\SEZtrBc.exe
  2⤵
  PID:6124
- C:\Windows\System\AsqxdpC.exe
  C:\Windows\System\AsqxdpC.exe
  2⤵
  PID:5184
- C:\Windows\System\NEnMROZ.exe
  C:\Windows\System\NEnMROZ.exe
  2⤵
  PID:5288
- C:\Windows\System\OTAVcBY.exe
  C:\Windows\System\OTAVcBY.exe
  2⤵
  PID:5548
- C:\Windows\System\cIjcaOq.exe
  C:\Windows\System\cIjcaOq.exe
  2⤵
  PID:5680
- C:\Windows\System\NWNoqQN.exe
  C:\Windows\System\NWNoqQN.exe
  2⤵
  PID:5812
- C:\Windows\System\RmlpvXa.exe
  C:\Windows\System\RmlpvXa.exe
  2⤵
  PID:5996
- C:\Windows\System\jNETokv.exe
  C:\Windows\System\jNETokv.exe
  2⤵
  PID:5964
- C:\Windows\System\gspEnPj.exe
  C:\Windows\System\gspEnPj.exe
  2⤵
  PID:6116
- C:\Windows\System\ZOCYqgH.exe
  C:\Windows\System\ZOCYqgH.exe
  2⤵
  PID:5492
- C:\Windows\System\YYXpGsk.exe
  C:\Windows\System\YYXpGsk.exe
  2⤵
  PID:6148
- C:\Windows\System\jQcQstE.exe
  C:\Windows\System\jQcQstE.exe
  2⤵
  PID:6176
- C:\Windows\System\yAhsDsh.exe
  C:\Windows\System\yAhsDsh.exe
  2⤵
  PID:6204
- C:\Windows\System\tWIQtLC.exe
  C:\Windows\System\tWIQtLC.exe
  2⤵
  PID:6244
- C:\Windows\System\pRHMeyE.exe
  C:\Windows\System\pRHMeyE.exe
  2⤵
  PID:6268
- C:\Windows\System\SgVNXvh.exe
  C:\Windows\System\SgVNXvh.exe
  2⤵
  PID:6292
- C:\Windows\System\YneICuf.exe
  C:\Windows\System\YneICuf.exe
  2⤵
  PID:6324
- C:\Windows\System\qGeriIc.exe
  C:\Windows\System\qGeriIc.exe
  2⤵
  PID:6352
- C:\Windows\System\doazLhe.exe
  C:\Windows\System\doazLhe.exe
  2⤵
  PID:6392
- C:\Windows\System\pcRroQq.exe
  C:\Windows\System\pcRroQq.exe
  2⤵
  PID:6412
- C:\Windows\System\aMgXROX.exe
  C:\Windows\System\aMgXROX.exe
  2⤵
  PID:6440
- C:\Windows\System\HeFRgpt.exe
  C:\Windows\System\HeFRgpt.exe
  2⤵
  PID:6472
- C:\Windows\System\lpdaagk.exe
  C:\Windows\System\lpdaagk.exe
  2⤵
  PID:6504
- C:\Windows\System\EFGchFU.exe
  C:\Windows\System\EFGchFU.exe
  2⤵
  PID:6528
- C:\Windows\System\KjkviFJ.exe
  C:\Windows\System\KjkviFJ.exe
  2⤵
  PID:6560
- C:\Windows\System\sRLZZbL.exe
  C:\Windows\System\sRLZZbL.exe
  2⤵
  PID:6588
- C:\Windows\System\CydHCUu.exe
  C:\Windows\System\CydHCUu.exe
  2⤵
  PID:6616
- C:\Windows\System\fjdJXzD.exe
  C:\Windows\System\fjdJXzD.exe
  2⤵
  PID:6660
- C:\Windows\System\XItwbpe.exe
  C:\Windows\System\XItwbpe.exe
  2⤵
  PID:6692
- C:\Windows\System\UGJsymj.exe
  C:\Windows\System\UGJsymj.exe
  2⤵
  PID:6720
- C:\Windows\System\tvxKPVL.exe
  C:\Windows\System\tvxKPVL.exe
  2⤵
  PID:6752
- C:\Windows\System\yfaCgqN.exe
  C:\Windows\System\yfaCgqN.exe
  2⤵
  PID:6788
- C:\Windows\System\pwzRVaj.exe
  C:\Windows\System\pwzRVaj.exe
  2⤵
  PID:6812
- C:\Windows\System\RFKSxle.exe
  C:\Windows\System\RFKSxle.exe
  2⤵
  PID:6836
- C:\Windows\System\cRDNPtw.exe
  C:\Windows\System\cRDNPtw.exe
  2⤵
  PID:6872
- C:\Windows\System\hEeYJuJ.exe
  C:\Windows\System\hEeYJuJ.exe
  2⤵
  PID:6904
- C:\Windows\System\jYPhqRR.exe
  C:\Windows\System\jYPhqRR.exe
  2⤵
  PID:6936
- C:\Windows\System\GBDiJTp.exe
  C:\Windows\System\GBDiJTp.exe
  2⤵
  PID:6956
- C:\Windows\System\XQsvYnG.exe
  C:\Windows\System\XQsvYnG.exe
  2⤵
  PID:6976
- C:\Windows\System\BexeBmX.exe
  C:\Windows\System\BexeBmX.exe
  2⤵
  PID:7008
- C:\Windows\System\XtzDwlC.exe
  C:\Windows\System\XtzDwlC.exe
  2⤵
  PID:7036
- C:\Windows\System\bQiRZuL.exe
  C:\Windows\System\bQiRZuL.exe
  2⤵
  PID:7060
- C:\Windows\System\clNnWQy.exe
  C:\Windows\System\clNnWQy.exe
  2⤵
  PID:7080
- C:\Windows\System\NNMGMao.exe
  C:\Windows\System\NNMGMao.exe
  2⤵
  PID:7112
- C:\Windows\System\WnqAJUY.exe
  C:\Windows\System\WnqAJUY.exe
  2⤵
  PID:7128

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System\AeZQisw.exe

Filesize
1.4MB

MD5
c9eab507206814468b2288090fb21c2e

SHA1
051c46b2ee0c6e07bca120bfd31e30ab4fea7514

SHA256
6504c3408424e13686927e41a81ee1e710c18ba09adbe4718a21c23c0c1543e8

SHA512
a21bc0ed6937338d10d10ff9d6432ff1eba9861a3ce52c467f4280692fc5c3d9cf43fa155228edee881ba4f3a976bf01b7a019ef7d9a9bfde641486d9cd30f39

Download Submit
C:\Windows\System\BaIafQo.exe

Filesize
1.4MB

MD5
a5956987209e9cf36f57d61a90bd6a46

SHA1
7d8887fa64ea73a8df1af120fe1eeb9f3d2455c1

SHA256
a5380c142d179c15783f95b3d8fbd7c31ee7999d29879eb3b7760f7dfc62d0e8

SHA512
9bf3ce118f10966c5efd37abda963b3575c3e2fd7f2ef4ef11d1278df9f387c51bef82cee826680e7b1fc33b0b302b0b846d00897348f4898c498ef5ab43168a

Download Submit
C:\Windows\System\DovbyBd.exe

Filesize
1.4MB

MD5
9258adef1c5c94af5c78839f947f1a9f

SHA1
ff2163f450b501f450c4d78019aae288cf057ade

SHA256
149b555cf59c003ee55cc1da4a8261d3777b50415cc6e7dcd1d231158ebde982

SHA512
9aa71c5aa81ef03d0ce52b44470e8fe3f46720f0b1d4b0b495091a9cdbdca121fc8f6c2d3fcc063d2a0c52aeb522bf6dffd9672ae759a0f7d8c08835c3647d1b

Download Submit
C:\Windows\System\EtyQvBP.exe

Filesize
1.4MB

MD5
5501743a0c7ce3d6a63828843abff8c5

SHA1
c148fd8c495ae5b9f4e5f6b04afb40d979b99899

SHA256
4f695c85f9ba88f577a938e08073aa8a2225ad9405b15a460a958e92732924b4

SHA512
a1282ced074ab57ad9caabd53aa9d1c26c5c2ffe1792f61ba62f5eef44da00f0642ff6960a0bb243e868a8895ce2e9eaf74c3b871b66b5920bacbbe73589cb2d

Download Submit
C:\Windows\System\FsFTtew.exe

Filesize
1.4MB

MD5
4b62dd8935532559659d4caa1fefc6cb

SHA1
c17d63d402b213428a76b91573d5c3475d553664

SHA256
c97cc364da1dcdb42bda4ef075a1f6140ae1919c9ec65763dd844bc4bc986005

SHA512
30e3730ff2625aecc8cf87ee31a0feb9d93bc3c2c417a33a468eeca157f646d931ad0dab7d1f75f229d777d9f0d9690bea7a9a071bda8248c847023a940cf969

Download Submit
C:\Windows\System\GAvhesA.exe

Filesize
1.4MB

MD5
80ed74c00f6ed7da7414aa00ba137cba

SHA1
0bde9c88134cded30c012001bacb585173b3a13f

SHA256
f030070c3f3f461ad2b58783c468397ee958d99e04c29a2395cd839adceaa017

SHA512
67ddc3ddf4d2c307061458934faa95ce0939f6e946d5e6e102b45ff28b977638b382e6e650240fbe57f25d34180222f57f3c259c4a374b5626b21be0fac004ff

Download Submit
C:\Windows\System\JpLsIqC.exe

Filesize
1.4MB

MD5
0bba8f2e8428b5282448246bdf4a2f4d

SHA1
36c51a94bc117df91b0048cf2b3f919d3c650689

SHA256
2ef3e2479723ebb273f95ddfb56590e683446f8a73687aad40bbe0d5c4e0bac0

SHA512
7970d21ecfcab6fa1e7361834189a8c8a1414688c9b9b96f1ae7df1ce2270286bd11875c385970b84764a301dfbd2772023692dfc25d8ee151c94a6419cdea72

Download Submit
C:\Windows\System\LxjrsVX.exe

Filesize
1.4MB

MD5
6d084ddff5f8808fffa52cd2d0dd1bf8

SHA1
677f8ba759bf84aece70e7d8800e6ded28783f0f

SHA256
3a4eaa5b814b196bd5f12b4995017ebcf0b686b97e007bd3915f4ba321422bdc

SHA512
bc37398f1529498d954830412fba49ae13ae0dc7697809da60051f47c0f001084330672c9cef5fccddda8707b6ea6a7969d6f9a7d59185eb6b83f38634a040e7

Download Submit
C:\Windows\System\NEqhZDP.exe

Filesize
1.4MB

MD5
6e57d633cdc6fc895ff3f675bb82796a

SHA1
e2181488e7b89a0aefbf2909eb8a69c5b103cdc3

SHA256
17e9705f8b9092519c8d30786b57aa619bd0fc8dcf0be9a7f4211712e17dd485

SHA512
2afbcd433e150959c5230f4d1d40d20b0bcce49e1737535eaf43b7fbbf0e46ef9e1110749cb245f691c13b7b835ecb3697f076e3f392cb81c71feda04e57050b

Download Submit
C:\Windows\System\OShaIMv.exe

Filesize
1.4MB

MD5
d66707fb42471ec80e23ccaa932489c8

SHA1
ece33463fb4536bb85cdc432ccac0409a5474e87

SHA256
8553a91aab27df4390cecb8fc8bf3cd499da62f95303371e289983ffe81d2bc6

SHA512
21885bad98d084d3adc36aa482f0f2c8dc6c1a32aa68033b7e09f1d72148238b0fbdf6ec94a53e3ee2f95ddc0fca8a510f239098d8abeae35c52240cb628ff08

Download Submit
C:\Windows\System\RgtaePr.exe

Filesize
1.4MB

MD5
743615361f523bad513c0f7fcd6fc6db

SHA1
9cd6d6f885312845798f3da0c032e2d06b7114c9

SHA256
b39c95f17b4c0d2c84dc7a54f26e104e82f22601040ed9e601b7773549b97f28

SHA512
7e2f73e088db9ae049b047e361cba429d83acdeee11ce8e7a16b8b2f69b0db05a6fc82815f52a52a3b75ddb574273259f7fb2457077e2e4d0f6eb9e206a84458

Download Submit
C:\Windows\System\UOmlzYg.exe

Filesize
1.4MB

MD5
983c698ae5cf7328558594a727434d4f

SHA1
2e9467bae32ad625a31cc0e63dd5943d79bcc62a

SHA256
4520c53dd4c1e9551ad2fca12ff15df81c6eff1f232e5bcebca26e11fec745ad

SHA512
426753a1baa299b439938ceba87ef5fbc5b3108b04f69a14e60ca2454d7b97878b97983a9700e176f65e62673201ea35e8c8f8e5a0737a9910289224b3cdf35a

Download Submit
C:\Windows\System\WonBiLv.exe

Filesize
1.4MB

MD5
5caa60e26e7df12816f1696a34632adb

SHA1
d71fa15133c9bcf63ecf617aaa31e71a4afb30e8

SHA256
b07d9f6236b4e548138178dd30b0ff2804a4ec1fd9d3aaaea4bcd9a4fa33ea77

SHA512
02ec91012d640691b64dad6aea14a781c59a7ea5348bdcf5c332509e94b3652acc6c3e9ba8c86ff2713e34bfbe2966ade1ad1c0c07477df359e349a7e4c35c45

Download Submit
C:\Windows\System\XhKbTbp.exe

Filesize
1.4MB

MD5
d128f66b394c08cf1dabb2877aa58b16

SHA1
33b3eb73acc3f9df605ea04a4737d5d1126da652

SHA256
72a5b7ede4456091fb3d9d8ae8814426024970ba784ff2836d9a524e8ea7db6a

SHA512
59b059d74b68175d30b4aaf994dec6930055b8dde420888ddc8309bcde50e6bea1ae5f56e00f6a98d43d465cab38db4e5308575998cffe23c718128f5d1678cf

Download Submit
C:\Windows\System\XhdBIrd.exe

Filesize
1.4MB

MD5
6607110c61d6a11ed68b1afd00ab9446

SHA1
01316e77ea5b1147329a12bbfd59a06fdc1b2969

SHA256
fbb03f4cadd12b45136bf6be478e56c00bc44c56f6617acbb047c6770aed0dde

SHA512
63afc45ca9b97fb92f78e20a2151518d80e9184c02c98020ba20234b8368f8f3b5bd8908c92f9b87e3f1d94111a7ce43c35f67c76450d878b6549a18262458c5

Download Submit
C:\Windows\System\ZcRluNS.exe

Filesize
1.4MB

MD5
fcd928ba64d2686e746126c78a82f71f

SHA1
34925ac03a620c4e96bd0fc034247c6d2e7bb79f

SHA256
9c432b0ecded305ee865df834f5f4ceeb38d0b092f67fb5f21bd3a93457f1803

SHA512
c58e97242cfd307f3951a658eaeffea13e43e1f7b0262eaccef323ca6d06157012b362e15cc364ef3c84b24d22096d89a4337e2db03baa05cb0a7e1fa347ddb9

Download Submit
C:\Windows\System\ZkXWeHA.exe

Filesize
1.4MB

MD5
c707520b998356507272625f62beee22

SHA1
add5435cf9fbf162f6e748567f9db240c9e32b2a

SHA256
e3e3b5a7a34aa487cc53cbc3b9270f24887e2b27f262777f719af270fdeda2ca

SHA512
680ca32f65bb48e6bbd43e3b0bf8deb57bfaa10a20364b9f99b977badac4defd551a987711b84a38855ad4db06a244d06bc0b61602acbdd7195605ed2beaaccf

Download Submit
C:\Windows\System\btuDotM.exe

Filesize
1.4MB

MD5
fa9773fbf6adf4f67c297f4bee9a345e

SHA1
0f692f217d83b30a71c72ed26e404903e98f7aa0

SHA256
049ddbf622aa4f1c27426d28cc020a5d0e21df76857fe8523d49cea3ac852472

SHA512
d4a1cc03d44f388ff5c301128b084bf81d0f2da92c0b56f23f8f1d9e2704d6bf942f7aa8cd61a14fe8a84f17c9bf389d26e9046f4e9af2c157e5ae5f8b447aa1

Download Submit
C:\Windows\System\ciEhcqS.exe

Filesize
1.4MB

MD5
9f5474dec23e258444cad50326e720de

SHA1
78c7f6b4abfba19b5c1d2c0943de3dac8071b348

SHA256
cf157fa13866dd8f9ff8fb6a91edca9276164e827e2c645634e1562f66efd0eb

SHA512
374c218ce16fcf9062d50d698b9c6c5370b015a86871ba3f5806c801aa4e219a119288ab6157863cb7c72cba05fb4e59ec44662e64d9a2a4bf1cd6a85b9a4dd6

Download Submit
C:\Windows\System\dwNreuU.exe

Filesize
1.4MB

MD5
090396ba7a91e3876a00e221c6bda8c8

SHA1
63f265192b75e535710607e0becccf82b7b46087

SHA256
75ba7e8063b7687993c2542f8793088cc700ca63e73f63c934546f46c59175ce

SHA512
eb74034a6f5d4315a2250118e3991e6b564fc87947fdb2689142ab9a4f6ee49fea6d25c3eb2297776a6370700532d5e7e889e626c825ee7b3b9ac58bae0fc6fc

Download Submit
C:\Windows\System\eknvgTs.exe

Filesize
1.4MB

MD5
516743f10dc826bd9caa34ca49e9d2a2

SHA1
8fad9b423019477835892347c046a46155fd08ec

SHA256
58acf8f656f22a42ce796ec12d04cf29b8b15644eb9281a2796a63a82539a9c4

SHA512
4d310e43cd51b2e9bebe73bafb7e2006be871a00cf460eb7da02805f6e356ef125a36efd6a0987290b3d2432f4e742d854e5ee7eb4c22aac97494df3f8cc2045

Download Submit
C:\Windows\System\eqTybNb.exe

Filesize
1.4MB

MD5
6002f002456b4536c7dc7f1eb3803504

SHA1
1641182afb782fa488e5099803a6b3dddcccd657

SHA256
5d2ef0db784d3e918bfea2dae4df946c559c8ce8cb714a95fea6cff4e35f9771

SHA512
f14c82513152a68955bc1664ee67b3a27a9473a985f1c8dc8b32332656996073a518af6ea548a2e28f2d7e6f729262668cc0f8e349609c23292dd5167634febc

Download Submit
C:\Windows\System\exAqhtf.exe

Filesize
1.4MB

MD5
9b10142d4e638b3aed51010f69ffcbd4

SHA1
22bb7587134ab444b47c6e731c8ffb97ba231cd6

SHA256
50de9510100db3fdcdb1b3b258af76b6aded13a5b7f15eff6b2f652280336116

SHA512
b1793031a61616cccad4b09216256034893155a3afd972804c58918bfd48447b77e9e3d2656635cee308a82b9246b2a1cd181cf21d4947b18a2dfc18c7008d84

Download Submit
C:\Windows\System\gJUAupa.exe

Filesize
1.4MB

MD5
633a1ed8da00644b66e8627947b9eba6

SHA1
1cc52e82cf8e6e032d5743973b6ab192abcb81f7

SHA256
3abff52cf9544438a907c685738e3ef693ae71f555cb05910fceae930c5b4893

SHA512
37028996b147a6bd4871846c407a4177c7af7de006069ccb83754f1b9148eb8ba86ec20c7b7839eba23edde5c9a66f19f7adf5eb688eff4accf55817ecf36e2b

Download Submit
C:\Windows\System\hwcIyLm.exe

Filesize
1.4MB

MD5
425dff40d63d48c3f152609600bacab5

SHA1
145d63a1603f2dd66b2b12f6a93566287cb825cf

SHA256
0a8ab1be3c589da7d29c8d8afca124d2c86553bc487bddbe3089c49cea858d77

SHA512
eac959f41d85a4cac509b3783b38accd683d51ed226e14d8dbea603905e071ce4ef0eeee32706d6c4b0e0432a0539cf02541137538bf03f594803c1192dd5e79

Download Submit
C:\Windows\System\mQaxfsu.exe

Filesize
1.4MB

MD5
3d6584837de0e02e609abfc643422ef8

SHA1
8fbc6c44b3c92688823a6cc7d33fcbd7ae4d487b

SHA256
954239d3f35fce64ec021f7579c4283ebd5417b383ef0fed8b6216b3eb970224

SHA512
ef190ffafdceaff1785bfe46d641b314920540e4f61e77ab756dc0c7cd62946e01272595f76c0905610463e7933b6d5b243c5f5a1a43d19a2a6897c8ed57cdd4

Download Submit
C:\Windows\System\oiaAbGn.exe

Filesize
1.4MB

MD5
f134163f9cc239c09874b228d9e5fbef

SHA1
fadd6bdc2499edba7d147f53d0b70dafa4d52ef6

SHA256
b664fbccaab752420e3921f272a8e1d781c46f8b5819e3b78f4cbe61868ff42a

SHA512
5fe47707a98e0d551b8db4a18b7003de991dae347c239290f07be87f91c6fc4a342fc06f30c93d4a4ea34106b90a7b380425df4a1d128c036de818afb61e117b

Download Submit
C:\Windows\System\pHzfGfY.exe

Filesize
1.4MB

MD5
7e4f45bb779b54180d95568f009eb05c

SHA1
cb7b2afa82eec065c399e92ce0a795c5c73862b8

SHA256
371f4f87fb735604cafdc40fb2a936e61eef5e11deb7627eaa84e8326624204b

SHA512
b58d4af919d47e69295315758c2443518849ea0a3349cbdf9670a4b5c553ea386adddd70216dd49b565107e5dc4106d88385e46ac3a22eae0eb5637c39abf90f

Download Submit
C:\Windows\System\pWDiLLB.exe

Filesize
1.4MB

MD5
eff0a4559f56b71130f8d5ec6e9b8c8b

SHA1
13f4836b11f5366ddcc6204a7ada65a51374530a

SHA256
e98eecdcfd800c14ce497c4b89c1dd364134d083d0382581bf14ad1a85c0b861

SHA512
c2465c6daec922a03c7851e9022c703aa6186606395bbd3584b8089bac9c9af3bb9f024f17002053b1dc007cbe0a5d21b8cb9c8216110fdc286244b80b76e7de

Download Submit
C:\Windows\System\poAJEOs.exe

Filesize
1.4MB

MD5
6bc9dcfab58406f583672a9255d258c7

SHA1
1c3f245e42a4f7bfecd5b77d1a312292d921b8a5

SHA256
8586828968f7eb5a794b1a5c0b7c987be23d52f146f01fb437fc9f8371a301cc

SHA512
02fb4978d21ec53731ec3fffab8b13f50e3f4b6617e142cc259159de5420e1a24e026160bcb54f155445054192703e1017f63c2da7b95953c67097ede4926611

Download Submit
C:\Windows\System\vVZSbJu.exe

Filesize
1.4MB

MD5
94e159e9de3ffd6c1a6ea0d5cd4f599c

SHA1
6d39a5244a32608c4703b086e39a40f937ad7206

SHA256
d07bf7172c709a727ac2aa6d6bba1297b0b32d3c8705ec9043127dde72a03e41

SHA512
3df6dcadf5c635fb760e174c63358b1dae94e4bbd026ca8fc5ba881b2cd0d6f352e0263b7d2b51a8334368f4f5cdffe9de12df0749a1a55aeffe53e0f8372547

Download Submit
C:\Windows\System\woIAley.exe

Filesize
1.4MB

MD5
befc43372a839bc2fd02fdebeed66f3f

SHA1
bb8eefddca666037598b209634566e01287ff838

SHA256
7de980a9f2090d6b12511a12ef6879dd2aeabe80086ad9ccab59a41108253f74

SHA512
2067ebb745de6d087873255b9254aece761619270c68b67802d452c13c37c985b338500250001ecd1fdfa4b1794576475385495e9887c8bfb0cc22564439daf7

Download Submit
C:\Windows\System\yKVixrA.exe

Filesize
1.4MB

MD5
ea47f9b996a57b3270f759251c5953de

SHA1
5a11c8541dfafb3cdbaa8f36d2343736a3f4ced6

SHA256
8e188f7d94fe26be3e4c26ab6692d48fae0950e111b573e7cbb9c3fb979984be

SHA512
b105fdb77745b1c42c57d7da40b7d3c2dbe61eebca13241878f3092d39950c6465fc728761fed8e86cfa53d43effc31a93337ac41bd6ca15d47974a50d24f7a5

Download Submit
C:\Windows\System\yooihbe.exe

Filesize
1.4MB

MD5
89fc0bf520f5d88abf0630e2d2f895e0

SHA1
3da4d38e3e17faf941b848908b038662b8500521

SHA256
7dc94c67bb43a61b2f2c39730460b403e42303c270a37e008da74697ff188dd6

SHA512
bf54ca7a988fe1766828c898ece518c6b82262396b80ffec392eff4e66defdb339c07f306de229a5bfa168b4ab6f8d26c6b8f1361e7aa7b46e5be3598b2f2c47

Download Submit
memory/1808-0-0x0000021EE65D0000-0x0000021EE65E0000-memory.dmp

Filesize
64KB

Download