xmrig | 28667541257ce2267bb5fb15fa79c2c1accb853de3215fdf203c6cab31ec2231

Analysis

max time kernel
136s
max time network
144s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
07-08-2024 20:03

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

28667541257ce2267bb5fb15fa79c2c1accb853de3215fdf203c6cab31ec2231.exe
Size

1.4MB
MD5

099abc59379687c8421325a4fa3e9800
SHA1

1c0c4892edbb2492b0fa70578c20b532ad0e6906
SHA256

28667541257ce2267bb5fb15fa79c2c1accb853de3215fdf203c6cab31ec2231
SHA512

8c855ca52de51de89d1a2e3cb760387fd2e746c5aa8afc2d6792f8d685b4105ad711a33ceecb1fee666ca01b6be932ddc0bc68f99dadd7a4831ba46b6144c82f
SSDEEP

24576:GezaTnG99Q8FcNrpyNdfE0bLBgDOp2iSLz9LbBwlKensYKkzGUfiI7pXu3ajGEw3:GezaTF8FcNkNdfE0pZ9oztFwI6KQGyXW

Score

10^/10

xmrig miner

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 32 IoCs

miner

resource	yara_rule
behavioral2/files/0x000800000002340a-4.dat	xmrig
behavioral2/files/0x000700000002340e-6.dat	xmrig
behavioral2/files/0x000700000002340f-20.dat	xmrig
behavioral2/files/0x0007000000023410-22.dat	xmrig
behavioral2/files/0x000800000002340d-8.dat	xmrig
behavioral2/files/0x0007000000023411-29.dat	xmrig
behavioral2/files/0x0007000000023412-32.dat	xmrig
behavioral2/files/0x0007000000023414-42.dat	xmrig
behavioral2/files/0x0007000000023413-43.dat	xmrig
behavioral2/files/0x0007000000023415-49.dat	xmrig
behavioral2/files/0x000800000002340b-57.dat	xmrig
behavioral2/files/0x0007000000023416-69.dat	xmrig
behavioral2/files/0x000700000002341b-80.dat	xmrig
behavioral2/files/0x000700000002341e-93.dat	xmrig
behavioral2/files/0x0007000000023422-101.dat	xmrig
behavioral2/files/0x0007000000023418-117.dat	xmrig
behavioral2/files/0x0007000000023424-128.dat	xmrig
behavioral2/files/0x0007000000023427-145.dat	xmrig
behavioral2/files/0x0007000000023426-143.dat	xmrig
behavioral2/files/0x0007000000023425-141.dat	xmrig
behavioral2/files/0x0007000000023421-135.dat	xmrig
behavioral2/files/0x0007000000023419-127.dat	xmrig
behavioral2/files/0x0007000000023420-124.dat	xmrig
behavioral2/files/0x000700000002341f-111.dat	xmrig
behavioral2/files/0x000700000002341a-108.dat	xmrig
behavioral2/files/0x0007000000023423-107.dat	xmrig
behavioral2/files/0x000700000002341d-105.dat	xmrig
behavioral2/files/0x000700000002341c-103.dat	xmrig
behavioral2/files/0x0007000000023428-149.dat	xmrig
behavioral2/files/0x0007000000023429-152.dat	xmrig
behavioral2/files/0x000700000002342a-161.dat	xmrig
behavioral2/files/0x0007000000023417-73.dat	xmrig

Executes dropped EXE 64 IoCs

pid	Process
3992	KivyigC.exe
4272	UTFOXwb.exe
4796	xZIwnQy.exe
2988	JReAzxu.exe
5012	SzmVicz.exe
908	ydtPZIh.exe
1112	ClNVeLH.exe
1236	YXeXAjv.exe
3736	umjJnNN.exe
4972	XbVwcfk.exe
1072	LhtzQbB.exe
1540	SYCoEIG.exe
2468	VOyOKMo.exe
1744	mtuxYyA.exe
948	PJDIoLK.exe
3216	PTJwCck.exe
2472	TtXEZEv.exe
4296	UiSAoDx.exe
1984	PcaUevP.exe
3316	UOuJxWG.exe
3612	DWbEAFG.exe
2796	TjYKQOz.exe
5088	vvoBiZO.exe
3628	yoYGTAF.exe
4432	DIygTbD.exe
1852	bukHIEQ.exe
1928	UWCxwjG.exe
3252	xQfyOSL.exe
1508	IBMmLNR.exe
1940	OstcFpC.exe
4784	KiwiNvD.exe
2224	hgJLupu.exe
2852	cVePQEs.exe
3984	NKLvJXi.exe
3148	TRHLMkL.exe
2972	CrmOoBC.exe
3208	OaydMqq.exe
4128	UnOiIsv.exe
2260	plUcNwT.exe
4408	vSKQPwQ.exe
3544	owTTvMH.exe
876	UZkoWFT.exe
4036	mdpoVer.exe
3812	BQdHsen.exe
4340	dSogvNt.exe
4584	jrWajUJ.exe
4708	RdQsWtI.exe
4240	GOUVBhz.exe
3496	kYDaAsj.exe
2980	EvXDYvC.exe
2820	GkwgAmR.exe
4792	SazKloc.exe
3492	aUmrPoa.exe
2648	GVKSfuJ.exe
2532	MqPdnkT.exe
2916	oyYapkB.exe
2196	NIPiZSD.exe
4244	rfNyXKJ.exe
2764	Oxvatzp.exe
4484	pmHZJXS.exe
2420	lRXNxED.exe
1924	iZVbZNP.exe
5092	rMHUJXI.exe
2948	IOCpSRt.exe

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\iKyFhvm.exe	28667541257ce2267bb5fb15fa79c2c1accb853de3215fdf203c6cab31ec2231.exe
File created	C:\Windows\System\drABZvp.exe	28667541257ce2267bb5fb15fa79c2c1accb853de3215fdf203c6cab31ec2231.exe
File created	C:\Windows\System\TRHLMkL.exe	28667541257ce2267bb5fb15fa79c2c1accb853de3215fdf203c6cab31ec2231.exe
File created	C:\Windows\System\kYDaAsj.exe	28667541257ce2267bb5fb15fa79c2c1accb853de3215fdf203c6cab31ec2231.exe
File created	C:\Windows\System\GkwgAmR.exe	28667541257ce2267bb5fb15fa79c2c1accb853de3215fdf203c6cab31ec2231.exe
File created	C:\Windows\System\EPbYKuf.exe	28667541257ce2267bb5fb15fa79c2c1accb853de3215fdf203c6cab31ec2231.exe
File created	C:\Windows\System\UZkoWFT.exe	28667541257ce2267bb5fb15fa79c2c1accb853de3215fdf203c6cab31ec2231.exe
File created	C:\Windows\System\pmHZJXS.exe	28667541257ce2267bb5fb15fa79c2c1accb853de3215fdf203c6cab31ec2231.exe
File created	C:\Windows\System\cbJgLas.exe	28667541257ce2267bb5fb15fa79c2c1accb853de3215fdf203c6cab31ec2231.exe
File created	C:\Windows\System\dhibpZc.exe	28667541257ce2267bb5fb15fa79c2c1accb853de3215fdf203c6cab31ec2231.exe
File created	C:\Windows\System\ovjcDyT.exe	28667541257ce2267bb5fb15fa79c2c1accb853de3215fdf203c6cab31ec2231.exe
File created	C:\Windows\System\GVZVfkW.exe	28667541257ce2267bb5fb15fa79c2c1accb853de3215fdf203c6cab31ec2231.exe
File created	C:\Windows\System\UkjyMiu.exe	28667541257ce2267bb5fb15fa79c2c1accb853de3215fdf203c6cab31ec2231.exe
File created	C:\Windows\System\pyJZpnK.exe	28667541257ce2267bb5fb15fa79c2c1accb853de3215fdf203c6cab31ec2231.exe
File created	C:\Windows\System\SzmVicz.exe	28667541257ce2267bb5fb15fa79c2c1accb853de3215fdf203c6cab31ec2231.exe
File created	C:\Windows\System\GOUVBhz.exe	28667541257ce2267bb5fb15fa79c2c1accb853de3215fdf203c6cab31ec2231.exe
File created	C:\Windows\System\SazKloc.exe	28667541257ce2267bb5fb15fa79c2c1accb853de3215fdf203c6cab31ec2231.exe
File created	C:\Windows\System\dbWhVye.exe	28667541257ce2267bb5fb15fa79c2c1accb853de3215fdf203c6cab31ec2231.exe
File created	C:\Windows\System\towiCcv.exe	28667541257ce2267bb5fb15fa79c2c1accb853de3215fdf203c6cab31ec2231.exe
File created	C:\Windows\System\lRXNxED.exe	28667541257ce2267bb5fb15fa79c2c1accb853de3215fdf203c6cab31ec2231.exe
File created	C:\Windows\System\zgUBpuZ.exe	28667541257ce2267bb5fb15fa79c2c1accb853de3215fdf203c6cab31ec2231.exe
File created	C:\Windows\System\DDNSyJx.exe	28667541257ce2267bb5fb15fa79c2c1accb853de3215fdf203c6cab31ec2231.exe
File created	C:\Windows\System\ZLvAoBc.exe	28667541257ce2267bb5fb15fa79c2c1accb853de3215fdf203c6cab31ec2231.exe
File created	C:\Windows\System\plUcNwT.exe	28667541257ce2267bb5fb15fa79c2c1accb853de3215fdf203c6cab31ec2231.exe
File created	C:\Windows\System\PMJSKrw.exe	28667541257ce2267bb5fb15fa79c2c1accb853de3215fdf203c6cab31ec2231.exe
File created	C:\Windows\System\hrgOLSS.exe	28667541257ce2267bb5fb15fa79c2c1accb853de3215fdf203c6cab31ec2231.exe
File created	C:\Windows\System\vvoBiZO.exe	28667541257ce2267bb5fb15fa79c2c1accb853de3215fdf203c6cab31ec2231.exe
File created	C:\Windows\System\jrWajUJ.exe	28667541257ce2267bb5fb15fa79c2c1accb853de3215fdf203c6cab31ec2231.exe
File created	C:\Windows\System\UOuJxWG.exe	28667541257ce2267bb5fb15fa79c2c1accb853de3215fdf203c6cab31ec2231.exe
File created	C:\Windows\System\NEVokDi.exe	28667541257ce2267bb5fb15fa79c2c1accb853de3215fdf203c6cab31ec2231.exe
File created	C:\Windows\System\nrMIqHI.exe	28667541257ce2267bb5fb15fa79c2c1accb853de3215fdf203c6cab31ec2231.exe
File created	C:\Windows\System\DLbtjWT.exe	28667541257ce2267bb5fb15fa79c2c1accb853de3215fdf203c6cab31ec2231.exe
File created	C:\Windows\System\nGCmBHG.exe	28667541257ce2267bb5fb15fa79c2c1accb853de3215fdf203c6cab31ec2231.exe
File created	C:\Windows\System\xKrcCaW.exe	28667541257ce2267bb5fb15fa79c2c1accb853de3215fdf203c6cab31ec2231.exe
File created	C:\Windows\System\rzYQrsD.exe	28667541257ce2267bb5fb15fa79c2c1accb853de3215fdf203c6cab31ec2231.exe
File created	C:\Windows\System\dkUIRCW.exe	28667541257ce2267bb5fb15fa79c2c1accb853de3215fdf203c6cab31ec2231.exe
File created	C:\Windows\System\fMgiKVf.exe	28667541257ce2267bb5fb15fa79c2c1accb853de3215fdf203c6cab31ec2231.exe
File created	C:\Windows\System\AyfbvdN.exe	28667541257ce2267bb5fb15fa79c2c1accb853de3215fdf203c6cab31ec2231.exe
File created	C:\Windows\System\EifkrEl.exe	28667541257ce2267bb5fb15fa79c2c1accb853de3215fdf203c6cab31ec2231.exe
File created	C:\Windows\System\sWtrTDW.exe	28667541257ce2267bb5fb15fa79c2c1accb853de3215fdf203c6cab31ec2231.exe
File created	C:\Windows\System\COCUOpY.exe	28667541257ce2267bb5fb15fa79c2c1accb853de3215fdf203c6cab31ec2231.exe
File created	C:\Windows\System\wVKiHvI.exe	28667541257ce2267bb5fb15fa79c2c1accb853de3215fdf203c6cab31ec2231.exe
File created	C:\Windows\System\DIygTbD.exe	28667541257ce2267bb5fb15fa79c2c1accb853de3215fdf203c6cab31ec2231.exe
File created	C:\Windows\System\NIPiZSD.exe	28667541257ce2267bb5fb15fa79c2c1accb853de3215fdf203c6cab31ec2231.exe
File created	C:\Windows\System\StBbmKU.exe	28667541257ce2267bb5fb15fa79c2c1accb853de3215fdf203c6cab31ec2231.exe
File created	C:\Windows\System\RWozvVP.exe	28667541257ce2267bb5fb15fa79c2c1accb853de3215fdf203c6cab31ec2231.exe
File created	C:\Windows\System\OvbsyGK.exe	28667541257ce2267bb5fb15fa79c2c1accb853de3215fdf203c6cab31ec2231.exe
File created	C:\Windows\System\wYhSyxA.exe	28667541257ce2267bb5fb15fa79c2c1accb853de3215fdf203c6cab31ec2231.exe
File created	C:\Windows\System\RQTkvfY.exe	28667541257ce2267bb5fb15fa79c2c1accb853de3215fdf203c6cab31ec2231.exe
File created	C:\Windows\System\BRQSzwJ.exe	28667541257ce2267bb5fb15fa79c2c1accb853de3215fdf203c6cab31ec2231.exe
File created	C:\Windows\System\Oxvatzp.exe	28667541257ce2267bb5fb15fa79c2c1accb853de3215fdf203c6cab31ec2231.exe
File created	C:\Windows\System\NAcqzpw.exe	28667541257ce2267bb5fb15fa79c2c1accb853de3215fdf203c6cab31ec2231.exe
File created	C:\Windows\System\VhZQJzt.exe	28667541257ce2267bb5fb15fa79c2c1accb853de3215fdf203c6cab31ec2231.exe
File created	C:\Windows\System\jyLpvpC.exe	28667541257ce2267bb5fb15fa79c2c1accb853de3215fdf203c6cab31ec2231.exe
File created	C:\Windows\System\EhTmXRO.exe	28667541257ce2267bb5fb15fa79c2c1accb853de3215fdf203c6cab31ec2231.exe
File created	C:\Windows\System\jxeBfnb.exe	28667541257ce2267bb5fb15fa79c2c1accb853de3215fdf203c6cab31ec2231.exe
File created	C:\Windows\System\IBMmLNR.exe	28667541257ce2267bb5fb15fa79c2c1accb853de3215fdf203c6cab31ec2231.exe
File created	C:\Windows\System\AGnARPB.exe	28667541257ce2267bb5fb15fa79c2c1accb853de3215fdf203c6cab31ec2231.exe
File created	C:\Windows\System\iZVbZNP.exe	28667541257ce2267bb5fb15fa79c2c1accb853de3215fdf203c6cab31ec2231.exe
File created	C:\Windows\System\BzBvSHF.exe	28667541257ce2267bb5fb15fa79c2c1accb853de3215fdf203c6cab31ec2231.exe
File created	C:\Windows\System\YFWvSUJ.exe	28667541257ce2267bb5fb15fa79c2c1accb853de3215fdf203c6cab31ec2231.exe
File created	C:\Windows\System\UTFOXwb.exe	28667541257ce2267bb5fb15fa79c2c1accb853de3215fdf203c6cab31ec2231.exe
File created	C:\Windows\System\qzERJTx.exe	28667541257ce2267bb5fb15fa79c2c1accb853de3215fdf203c6cab31ec2231.exe
File created	C:\Windows\System\mLIaIJw.exe	28667541257ce2267bb5fb15fa79c2c1accb853de3215fdf203c6cab31ec2231.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeLockMemoryPrivilege	1332	28667541257ce2267bb5fb15fa79c2c1accb853de3215fdf203c6cab31ec2231.exe
Token: SeLockMemoryPrivilege	1332	28667541257ce2267bb5fb15fa79c2c1accb853de3215fdf203c6cab31ec2231.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1332 wrote to memory of 3992	1332	28667541257ce2267bb5fb15fa79c2c1accb853de3215fdf203c6cab31ec2231.exe	84
PID 1332 wrote to memory of 3992	1332	28667541257ce2267bb5fb15fa79c2c1accb853de3215fdf203c6cab31ec2231.exe	84
PID 1332 wrote to memory of 4272	1332	28667541257ce2267bb5fb15fa79c2c1accb853de3215fdf203c6cab31ec2231.exe	85
PID 1332 wrote to memory of 4272	1332	28667541257ce2267bb5fb15fa79c2c1accb853de3215fdf203c6cab31ec2231.exe	85
PID 1332 wrote to memory of 4796	1332	28667541257ce2267bb5fb15fa79c2c1accb853de3215fdf203c6cab31ec2231.exe	86
PID 1332 wrote to memory of 4796	1332	28667541257ce2267bb5fb15fa79c2c1accb853de3215fdf203c6cab31ec2231.exe	86
PID 1332 wrote to memory of 2988	1332	28667541257ce2267bb5fb15fa79c2c1accb853de3215fdf203c6cab31ec2231.exe	87
PID 1332 wrote to memory of 2988	1332	28667541257ce2267bb5fb15fa79c2c1accb853de3215fdf203c6cab31ec2231.exe	87
PID 1332 wrote to memory of 5012	1332	28667541257ce2267bb5fb15fa79c2c1accb853de3215fdf203c6cab31ec2231.exe	88
PID 1332 wrote to memory of 5012	1332	28667541257ce2267bb5fb15fa79c2c1accb853de3215fdf203c6cab31ec2231.exe	88
PID 1332 wrote to memory of 908	1332	28667541257ce2267bb5fb15fa79c2c1accb853de3215fdf203c6cab31ec2231.exe	89
PID 1332 wrote to memory of 908	1332	28667541257ce2267bb5fb15fa79c2c1accb853de3215fdf203c6cab31ec2231.exe	89
PID 1332 wrote to memory of 1112	1332	28667541257ce2267bb5fb15fa79c2c1accb853de3215fdf203c6cab31ec2231.exe	90
PID 1332 wrote to memory of 1112	1332	28667541257ce2267bb5fb15fa79c2c1accb853de3215fdf203c6cab31ec2231.exe	90
PID 1332 wrote to memory of 1236	1332	28667541257ce2267bb5fb15fa79c2c1accb853de3215fdf203c6cab31ec2231.exe	91
PID 1332 wrote to memory of 1236	1332	28667541257ce2267bb5fb15fa79c2c1accb853de3215fdf203c6cab31ec2231.exe	91
PID 1332 wrote to memory of 3736	1332	28667541257ce2267bb5fb15fa79c2c1accb853de3215fdf203c6cab31ec2231.exe	92
PID 1332 wrote to memory of 3736	1332	28667541257ce2267bb5fb15fa79c2c1accb853de3215fdf203c6cab31ec2231.exe	92
PID 1332 wrote to memory of 4972	1332	28667541257ce2267bb5fb15fa79c2c1accb853de3215fdf203c6cab31ec2231.exe	93
PID 1332 wrote to memory of 4972	1332	28667541257ce2267bb5fb15fa79c2c1accb853de3215fdf203c6cab31ec2231.exe	93
PID 1332 wrote to memory of 1072	1332	28667541257ce2267bb5fb15fa79c2c1accb853de3215fdf203c6cab31ec2231.exe	94
PID 1332 wrote to memory of 1072	1332	28667541257ce2267bb5fb15fa79c2c1accb853de3215fdf203c6cab31ec2231.exe	94
PID 1332 wrote to memory of 1540	1332	28667541257ce2267bb5fb15fa79c2c1accb853de3215fdf203c6cab31ec2231.exe	95
PID 1332 wrote to memory of 1540	1332	28667541257ce2267bb5fb15fa79c2c1accb853de3215fdf203c6cab31ec2231.exe	95
PID 1332 wrote to memory of 2468	1332	28667541257ce2267bb5fb15fa79c2c1accb853de3215fdf203c6cab31ec2231.exe	97
PID 1332 wrote to memory of 2468	1332	28667541257ce2267bb5fb15fa79c2c1accb853de3215fdf203c6cab31ec2231.exe	97
PID 1332 wrote to memory of 1744	1332	28667541257ce2267bb5fb15fa79c2c1accb853de3215fdf203c6cab31ec2231.exe	98
PID 1332 wrote to memory of 1744	1332	28667541257ce2267bb5fb15fa79c2c1accb853de3215fdf203c6cab31ec2231.exe	98
PID 1332 wrote to memory of 4296	1332	28667541257ce2267bb5fb15fa79c2c1accb853de3215fdf203c6cab31ec2231.exe	99
PID 1332 wrote to memory of 4296	1332	28667541257ce2267bb5fb15fa79c2c1accb853de3215fdf203c6cab31ec2231.exe	99
PID 1332 wrote to memory of 1984	1332	28667541257ce2267bb5fb15fa79c2c1accb853de3215fdf203c6cab31ec2231.exe	100
PID 1332 wrote to memory of 1984	1332	28667541257ce2267bb5fb15fa79c2c1accb853de3215fdf203c6cab31ec2231.exe	100
PID 1332 wrote to memory of 948	1332	28667541257ce2267bb5fb15fa79c2c1accb853de3215fdf203c6cab31ec2231.exe	101
PID 1332 wrote to memory of 948	1332	28667541257ce2267bb5fb15fa79c2c1accb853de3215fdf203c6cab31ec2231.exe	101
PID 1332 wrote to memory of 3216	1332	28667541257ce2267bb5fb15fa79c2c1accb853de3215fdf203c6cab31ec2231.exe	102
PID 1332 wrote to memory of 3216	1332	28667541257ce2267bb5fb15fa79c2c1accb853de3215fdf203c6cab31ec2231.exe	102
PID 1332 wrote to memory of 2472	1332	28667541257ce2267bb5fb15fa79c2c1accb853de3215fdf203c6cab31ec2231.exe	103
PID 1332 wrote to memory of 2472	1332	28667541257ce2267bb5fb15fa79c2c1accb853de3215fdf203c6cab31ec2231.exe	103
PID 1332 wrote to memory of 3316	1332	28667541257ce2267bb5fb15fa79c2c1accb853de3215fdf203c6cab31ec2231.exe	104
PID 1332 wrote to memory of 3316	1332	28667541257ce2267bb5fb15fa79c2c1accb853de3215fdf203c6cab31ec2231.exe	104
PID 1332 wrote to memory of 3628	1332	28667541257ce2267bb5fb15fa79c2c1accb853de3215fdf203c6cab31ec2231.exe	105
PID 1332 wrote to memory of 3628	1332	28667541257ce2267bb5fb15fa79c2c1accb853de3215fdf203c6cab31ec2231.exe	105
PID 1332 wrote to memory of 3612	1332	28667541257ce2267bb5fb15fa79c2c1accb853de3215fdf203c6cab31ec2231.exe	106
PID 1332 wrote to memory of 3612	1332	28667541257ce2267bb5fb15fa79c2c1accb853de3215fdf203c6cab31ec2231.exe	106
PID 1332 wrote to memory of 2796	1332	28667541257ce2267bb5fb15fa79c2c1accb853de3215fdf203c6cab31ec2231.exe	107
PID 1332 wrote to memory of 2796	1332	28667541257ce2267bb5fb15fa79c2c1accb853de3215fdf203c6cab31ec2231.exe	107
PID 1332 wrote to memory of 5088	1332	28667541257ce2267bb5fb15fa79c2c1accb853de3215fdf203c6cab31ec2231.exe	108
PID 1332 wrote to memory of 5088	1332	28667541257ce2267bb5fb15fa79c2c1accb853de3215fdf203c6cab31ec2231.exe	108
PID 1332 wrote to memory of 4432	1332	28667541257ce2267bb5fb15fa79c2c1accb853de3215fdf203c6cab31ec2231.exe	109
PID 1332 wrote to memory of 4432	1332	28667541257ce2267bb5fb15fa79c2c1accb853de3215fdf203c6cab31ec2231.exe	109
PID 1332 wrote to memory of 1852	1332	28667541257ce2267bb5fb15fa79c2c1accb853de3215fdf203c6cab31ec2231.exe	110
PID 1332 wrote to memory of 1852	1332	28667541257ce2267bb5fb15fa79c2c1accb853de3215fdf203c6cab31ec2231.exe	110
PID 1332 wrote to memory of 1928	1332	28667541257ce2267bb5fb15fa79c2c1accb853de3215fdf203c6cab31ec2231.exe	111
PID 1332 wrote to memory of 1928	1332	28667541257ce2267bb5fb15fa79c2c1accb853de3215fdf203c6cab31ec2231.exe	111
PID 1332 wrote to memory of 3252	1332	28667541257ce2267bb5fb15fa79c2c1accb853de3215fdf203c6cab31ec2231.exe	112
PID 1332 wrote to memory of 3252	1332	28667541257ce2267bb5fb15fa79c2c1accb853de3215fdf203c6cab31ec2231.exe	112
PID 1332 wrote to memory of 1508	1332	28667541257ce2267bb5fb15fa79c2c1accb853de3215fdf203c6cab31ec2231.exe	113
PID 1332 wrote to memory of 1508	1332	28667541257ce2267bb5fb15fa79c2c1accb853de3215fdf203c6cab31ec2231.exe	113
PID 1332 wrote to memory of 1940	1332	28667541257ce2267bb5fb15fa79c2c1accb853de3215fdf203c6cab31ec2231.exe	114
PID 1332 wrote to memory of 1940	1332	28667541257ce2267bb5fb15fa79c2c1accb853de3215fdf203c6cab31ec2231.exe	114
PID 1332 wrote to memory of 4784	1332	28667541257ce2267bb5fb15fa79c2c1accb853de3215fdf203c6cab31ec2231.exe	115
PID 1332 wrote to memory of 4784	1332	28667541257ce2267bb5fb15fa79c2c1accb853de3215fdf203c6cab31ec2231.exe	115
PID 1332 wrote to memory of 2224	1332	28667541257ce2267bb5fb15fa79c2c1accb853de3215fdf203c6cab31ec2231.exe	116
PID 1332 wrote to memory of 2224	1332	28667541257ce2267bb5fb15fa79c2c1accb853de3215fdf203c6cab31ec2231.exe	116

C:\Users\Admin\AppData\Local\Temp\28667541257ce2267bb5fb15fa79c2c1accb853de3215fdf203c6cab31ec2231.exe
"C:\Users\Admin\AppData\Local\Temp\28667541257ce2267bb5fb15fa79c2c1accb853de3215fdf203c6cab31ec2231.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1332
- C:\Windows\System\KivyigC.exe
  C:\Windows\System\KivyigC.exe
  2⤵
  - Executes dropped EXE
  PID:3992
- C:\Windows\System\UTFOXwb.exe
  C:\Windows\System\UTFOXwb.exe
  2⤵
  - Executes dropped EXE
  PID:4272
- C:\Windows\System\xZIwnQy.exe
  C:\Windows\System\xZIwnQy.exe
  2⤵
  - Executes dropped EXE
  PID:4796
- C:\Windows\System\JReAzxu.exe
  C:\Windows\System\JReAzxu.exe
  2⤵
  - Executes dropped EXE
  PID:2988
- C:\Windows\System\SzmVicz.exe
  C:\Windows\System\SzmVicz.exe
  2⤵
  - Executes dropped EXE
  PID:5012
- C:\Windows\System\ydtPZIh.exe
  C:\Windows\System\ydtPZIh.exe
  2⤵
  - Executes dropped EXE
  PID:908
- C:\Windows\System\ClNVeLH.exe
  C:\Windows\System\ClNVeLH.exe
  2⤵
  - Executes dropped EXE
  PID:1112
- C:\Windows\System\YXeXAjv.exe
  C:\Windows\System\YXeXAjv.exe
  2⤵
  - Executes dropped EXE
  PID:1236
- C:\Windows\System\umjJnNN.exe
  C:\Windows\System\umjJnNN.exe
  2⤵
  - Executes dropped EXE
  PID:3736
- C:\Windows\System\XbVwcfk.exe
  C:\Windows\System\XbVwcfk.exe
  2⤵
  - Executes dropped EXE
  PID:4972
- C:\Windows\System\LhtzQbB.exe
  C:\Windows\System\LhtzQbB.exe
  2⤵
  - Executes dropped EXE
  PID:1072
- C:\Windows\System\SYCoEIG.exe
  C:\Windows\System\SYCoEIG.exe
  2⤵
  - Executes dropped EXE
  PID:1540
- C:\Windows\System\VOyOKMo.exe
  C:\Windows\System\VOyOKMo.exe
  2⤵
  - Executes dropped EXE
  PID:2468
- C:\Windows\System\mtuxYyA.exe
  C:\Windows\System\mtuxYyA.exe
  2⤵
  - Executes dropped EXE
  PID:1744
- C:\Windows\System\UiSAoDx.exe
  C:\Windows\System\UiSAoDx.exe
  2⤵
  - Executes dropped EXE
  PID:4296
- C:\Windows\System\PcaUevP.exe
  C:\Windows\System\PcaUevP.exe
  2⤵
  - Executes dropped EXE
  PID:1984
- C:\Windows\System\PJDIoLK.exe
  C:\Windows\System\PJDIoLK.exe
  2⤵
  - Executes dropped EXE
  PID:948
- C:\Windows\System\PTJwCck.exe
  C:\Windows\System\PTJwCck.exe
  2⤵
  - Executes dropped EXE
  PID:3216
- C:\Windows\System\TtXEZEv.exe
  C:\Windows\System\TtXEZEv.exe
  2⤵
  - Executes dropped EXE
  PID:2472
- C:\Windows\System\UOuJxWG.exe
  C:\Windows\System\UOuJxWG.exe
  2⤵
  - Executes dropped EXE
  PID:3316
- C:\Windows\System\yoYGTAF.exe
  C:\Windows\System\yoYGTAF.exe
  2⤵
  - Executes dropped EXE
  PID:3628
- C:\Windows\System\DWbEAFG.exe
  C:\Windows\System\DWbEAFG.exe
  2⤵
  - Executes dropped EXE
  PID:3612
- C:\Windows\System\TjYKQOz.exe
  C:\Windows\System\TjYKQOz.exe
  2⤵
  - Executes dropped EXE
  PID:2796
- C:\Windows\System\vvoBiZO.exe
  C:\Windows\System\vvoBiZO.exe
  2⤵
  - Executes dropped EXE
  PID:5088
- C:\Windows\System\DIygTbD.exe
  C:\Windows\System\DIygTbD.exe
  2⤵
  - Executes dropped EXE
  PID:4432
- C:\Windows\System\bukHIEQ.exe
  C:\Windows\System\bukHIEQ.exe
  2⤵
  - Executes dropped EXE
  PID:1852
- C:\Windows\System\UWCxwjG.exe
  C:\Windows\System\UWCxwjG.exe
  2⤵
  - Executes dropped EXE
  PID:1928
- C:\Windows\System\xQfyOSL.exe
  C:\Windows\System\xQfyOSL.exe
  2⤵
  - Executes dropped EXE
  PID:3252
- C:\Windows\System\IBMmLNR.exe
  C:\Windows\System\IBMmLNR.exe
  2⤵
  - Executes dropped EXE
  PID:1508
- C:\Windows\System\OstcFpC.exe
  C:\Windows\System\OstcFpC.exe
  2⤵
  - Executes dropped EXE
  PID:1940
- C:\Windows\System\KiwiNvD.exe
  C:\Windows\System\KiwiNvD.exe
  2⤵
  - Executes dropped EXE
  PID:4784
- C:\Windows\System\hgJLupu.exe
  C:\Windows\System\hgJLupu.exe
  2⤵
  - Executes dropped EXE
  PID:2224
- C:\Windows\System\TRHLMkL.exe
  C:\Windows\System\TRHLMkL.exe
  2⤵
  - Executes dropped EXE
  PID:3148
- C:\Windows\System\cVePQEs.exe
  C:\Windows\System\cVePQEs.exe
  2⤵
  - Executes dropped EXE
  PID:2852
- C:\Windows\System\NKLvJXi.exe
  C:\Windows\System\NKLvJXi.exe
  2⤵
  - Executes dropped EXE
  PID:3984
- C:\Windows\System\CrmOoBC.exe
  C:\Windows\System\CrmOoBC.exe
  2⤵
  - Executes dropped EXE
  PID:2972
- C:\Windows\System\OaydMqq.exe
  C:\Windows\System\OaydMqq.exe
  2⤵
  - Executes dropped EXE
  PID:3208
- C:\Windows\System\plUcNwT.exe
  C:\Windows\System\plUcNwT.exe
  2⤵
  - Executes dropped EXE
  PID:2260
- C:\Windows\System\UnOiIsv.exe
  C:\Windows\System\UnOiIsv.exe
  2⤵
  - Executes dropped EXE
  PID:4128
- C:\Windows\System\vSKQPwQ.exe
  C:\Windows\System\vSKQPwQ.exe
  2⤵
  - Executes dropped EXE
  PID:4408
- C:\Windows\System\owTTvMH.exe
  C:\Windows\System\owTTvMH.exe
  2⤵
  - Executes dropped EXE
  PID:3544
- C:\Windows\System\UZkoWFT.exe
  C:\Windows\System\UZkoWFT.exe
  2⤵
  - Executes dropped EXE
  PID:876
- C:\Windows\System\mdpoVer.exe
  C:\Windows\System\mdpoVer.exe
  2⤵
  - Executes dropped EXE
  PID:4036
- C:\Windows\System\BQdHsen.exe
  C:\Windows\System\BQdHsen.exe
  2⤵
  - Executes dropped EXE
  PID:3812
- C:\Windows\System\dSogvNt.exe
  C:\Windows\System\dSogvNt.exe
  2⤵
  - Executes dropped EXE
  PID:4340
- C:\Windows\System\jrWajUJ.exe
  C:\Windows\System\jrWajUJ.exe
  2⤵
  - Executes dropped EXE
  PID:4584
- C:\Windows\System\RdQsWtI.exe
  C:\Windows\System\RdQsWtI.exe
  2⤵
  - Executes dropped EXE
  PID:4708
- C:\Windows\System\GOUVBhz.exe
  C:\Windows\System\GOUVBhz.exe
  2⤵
  - Executes dropped EXE
  PID:4240
- C:\Windows\System\kYDaAsj.exe
  C:\Windows\System\kYDaAsj.exe
  2⤵
  - Executes dropped EXE
  PID:3496
- C:\Windows\System\EvXDYvC.exe
  C:\Windows\System\EvXDYvC.exe
  2⤵
  - Executes dropped EXE
  PID:2980
- C:\Windows\System\GkwgAmR.exe
  C:\Windows\System\GkwgAmR.exe
  2⤵
  - Executes dropped EXE
  PID:2820
- C:\Windows\System\SazKloc.exe
  C:\Windows\System\SazKloc.exe
  2⤵
  - Executes dropped EXE
  PID:4792
- C:\Windows\System\aUmrPoa.exe
  C:\Windows\System\aUmrPoa.exe
  2⤵
  - Executes dropped EXE
  PID:3492
- C:\Windows\System\GVKSfuJ.exe
  C:\Windows\System\GVKSfuJ.exe
  2⤵
  - Executes dropped EXE
  PID:2648
- C:\Windows\System\MqPdnkT.exe
  C:\Windows\System\MqPdnkT.exe
  2⤵
  - Executes dropped EXE
  PID:2532
- C:\Windows\System\oyYapkB.exe
  C:\Windows\System\oyYapkB.exe
  2⤵
  - Executes dropped EXE
  PID:2916
- C:\Windows\System\NIPiZSD.exe
  C:\Windows\System\NIPiZSD.exe
  2⤵
  - Executes dropped EXE
  PID:2196
- C:\Windows\System\rfNyXKJ.exe
  C:\Windows\System\rfNyXKJ.exe
  2⤵
  - Executes dropped EXE
  PID:4244
- C:\Windows\System\Oxvatzp.exe
  C:\Windows\System\Oxvatzp.exe
  2⤵
  - Executes dropped EXE
  PID:2764
- C:\Windows\System\pmHZJXS.exe
  C:\Windows\System\pmHZJXS.exe
  2⤵
  - Executes dropped EXE
  PID:4484
- C:\Windows\System\lRXNxED.exe
  C:\Windows\System\lRXNxED.exe
  2⤵
  - Executes dropped EXE
  PID:2420
- C:\Windows\System\iZVbZNP.exe
  C:\Windows\System\iZVbZNP.exe
  2⤵
  - Executes dropped EXE
  PID:1924
- C:\Windows\System\rMHUJXI.exe
  C:\Windows\System\rMHUJXI.exe
  2⤵
  - Executes dropped EXE
  PID:5092
- C:\Windows\System\IOCpSRt.exe
  C:\Windows\System\IOCpSRt.exe
  2⤵
  - Executes dropped EXE
  PID:2948
- C:\Windows\System\NEVokDi.exe
  C:\Windows\System\NEVokDi.exe
  2⤵
  PID:4360
- C:\Windows\System\gbjRPVQ.exe
  C:\Windows\System\gbjRPVQ.exe
  2⤵
  PID:2388
- C:\Windows\System\qzERJTx.exe
  C:\Windows\System\qzERJTx.exe
  2⤵
  PID:392
- C:\Windows\System\wCIESvR.exe
  C:\Windows\System\wCIESvR.exe
  2⤵
  PID:1720
- C:\Windows\System\bDcrwUD.exe
  C:\Windows\System\bDcrwUD.exe
  2⤵
  PID:1792
- C:\Windows\System\dUSGqGY.exe
  C:\Windows\System\dUSGqGY.exe
  2⤵
  PID:3244
- C:\Windows\System\KhUzfzB.exe
  C:\Windows\System\KhUzfzB.exe
  2⤵
  PID:4544
- C:\Windows\System\BhzeCkT.exe
  C:\Windows\System\BhzeCkT.exe
  2⤵
  PID:2504
- C:\Windows\System\APqalAd.exe
  C:\Windows\System\APqalAd.exe
  2⤵
  PID:3124
- C:\Windows\System\jyLpvpC.exe
  C:\Windows\System\jyLpvpC.exe
  2⤵
  PID:3240
- C:\Windows\System\OvbsyGK.exe
  C:\Windows\System\OvbsyGK.exe
  2⤵
  PID:2680
- C:\Windows\System\dbWhVye.exe
  C:\Windows\System\dbWhVye.exe
  2⤵
  PID:4348
- C:\Windows\System\GVZVfkW.exe
  C:\Windows\System\GVZVfkW.exe
  2⤵
  PID:3120
- C:\Windows\System\iKyFhvm.exe
  C:\Windows\System\iKyFhvm.exe
  2⤵
  PID:2268
- C:\Windows\System\AyfbvdN.exe
  C:\Windows\System\AyfbvdN.exe
  2⤵
  PID:1584
- C:\Windows\System\jLHSaWc.exe
  C:\Windows\System\jLHSaWc.exe
  2⤵
  PID:3696
- C:\Windows\System\UmMXUqN.exe
  C:\Windows\System\UmMXUqN.exe
  2⤵
  PID:5068
- C:\Windows\System\yLjkeMx.exe
  C:\Windows\System\yLjkeMx.exe
  2⤵
  PID:3548
- C:\Windows\System\AlBCEcQ.exe
  C:\Windows\System\AlBCEcQ.exe
  2⤵
  PID:3420
- C:\Windows\System\IbNJhTW.exe
  C:\Windows\System\IbNJhTW.exe
  2⤵
  PID:2584
- C:\Windows\System\cbJgLas.exe
  C:\Windows\System\cbJgLas.exe
  2⤵
  PID:3856
- C:\Windows\System\AGnARPB.exe
  C:\Windows\System\AGnARPB.exe
  2⤵
  PID:1440
- C:\Windows\System\nGCmBHG.exe
  C:\Windows\System\nGCmBHG.exe
  2⤵
  PID:2580
- C:\Windows\System\qwEzbgD.exe
  C:\Windows\System\qwEzbgD.exe
  2⤵
  PID:2524
- C:\Windows\System\DYBjUTc.exe
  C:\Windows\System\DYBjUTc.exe
  2⤵
  PID:332
- C:\Windows\System\DLbtjWT.exe
  C:\Windows\System\DLbtjWT.exe
  2⤵
  PID:2484
- C:\Windows\System\StBbmKU.exe
  C:\Windows\System\StBbmKU.exe
  2⤵
  PID:4144
- C:\Windows\System\HaWuWlJ.exe
  C:\Windows\System\HaWuWlJ.exe
  2⤵
  PID:4640
- C:\Windows\System\jDrxTnH.exe
  C:\Windows\System\jDrxTnH.exe
  2⤵
  PID:3972
- C:\Windows\System\BzBvSHF.exe
  C:\Windows\System\BzBvSHF.exe
  2⤵
  PID:1328
- C:\Windows\System\NAcqzpw.exe
  C:\Windows\System\NAcqzpw.exe
  2⤵
  PID:1752
- C:\Windows\System\HmhtsNq.exe
  C:\Windows\System\HmhtsNq.exe
  2⤵
  PID:4916
- C:\Windows\System\AUOStOQ.exe
  C:\Windows\System\AUOStOQ.exe
  2⤵
  PID:5140
- C:\Windows\System\jPiVJAk.exe
  C:\Windows\System\jPiVJAk.exe
  2⤵
  PID:5168
- C:\Windows\System\BWxGbAH.exe
  C:\Windows\System\BWxGbAH.exe
  2⤵
  PID:5204
- C:\Windows\System\HBwDGhS.exe
  C:\Windows\System\HBwDGhS.exe
  2⤵
  PID:5232
- C:\Windows\System\UCIQJIn.exe
  C:\Windows\System\UCIQJIn.exe
  2⤵
  PID:5252
- C:\Windows\System\eFBkScQ.exe
  C:\Windows\System\eFBkScQ.exe
  2⤵
  PID:5284
- C:\Windows\System\EifkrEl.exe
  C:\Windows\System\EifkrEl.exe
  2⤵
  PID:5308
- C:\Windows\System\jigRRXz.exe
  C:\Windows\System\jigRRXz.exe
  2⤵
  PID:5360
- C:\Windows\System\towiCcv.exe
  C:\Windows\System\towiCcv.exe
  2⤵
  PID:5388
- C:\Windows\System\lsaKfwG.exe
  C:\Windows\System\lsaKfwG.exe
  2⤵
  PID:5420
- C:\Windows\System\WTTrRHd.exe
  C:\Windows\System\WTTrRHd.exe
  2⤵
  PID:5440
- C:\Windows\System\wybUicP.exe
  C:\Windows\System\wybUicP.exe
  2⤵
  PID:5460
- C:\Windows\System\tzRtZdi.exe
  C:\Windows\System\tzRtZdi.exe
  2⤵
  PID:5488
- C:\Windows\System\vKpWtRA.exe
  C:\Windows\System\vKpWtRA.exe
  2⤵
  PID:5524
- C:\Windows\System\Xiewgtn.exe
  C:\Windows\System\Xiewgtn.exe
  2⤵
  PID:5556
- C:\Windows\System\bFhnvRB.exe
  C:\Windows\System\bFhnvRB.exe
  2⤵
  PID:5572
- C:\Windows\System\cuOjMOU.exe
  C:\Windows\System\cuOjMOU.exe
  2⤵
  PID:5592
- C:\Windows\System\qBLlUWi.exe
  C:\Windows\System\qBLlUWi.exe
  2⤵
  PID:5620
- C:\Windows\System\mLIaIJw.exe
  C:\Windows\System\mLIaIJw.exe
  2⤵
  PID:5652
- C:\Windows\System\UkjyMiu.exe
  C:\Windows\System\UkjyMiu.exe
  2⤵
  PID:5684
- C:\Windows\System\hbLqWbr.exe
  C:\Windows\System\hbLqWbr.exe
  2⤵
  PID:5716
- C:\Windows\System\xKrcCaW.exe
  C:\Windows\System\xKrcCaW.exe
  2⤵
  PID:5752
- C:\Windows\System\PPJlpZF.exe
  C:\Windows\System\PPJlpZF.exe
  2⤵
  PID:5772
- C:\Windows\System\CCKIjOk.exe
  C:\Windows\System\CCKIjOk.exe
  2⤵
  PID:5800
- C:\Windows\System\hrRUsyY.exe
  C:\Windows\System\hrRUsyY.exe
  2⤵
  PID:5824
- C:\Windows\System\zgUBpuZ.exe
  C:\Windows\System\zgUBpuZ.exe
  2⤵
  PID:5852
- C:\Windows\System\dYeVlfU.exe
  C:\Windows\System\dYeVlfU.exe
  2⤵
  PID:5868
- C:\Windows\System\vrlhGij.exe
  C:\Windows\System\vrlhGij.exe
  2⤵
  PID:5896
- C:\Windows\System\QOwHOSM.exe
  C:\Windows\System\QOwHOSM.exe
  2⤵
  PID:5928
- C:\Windows\System\FQAyHTa.exe
  C:\Windows\System\FQAyHTa.exe
  2⤵
  PID:5960
- C:\Windows\System\nEIBTTa.exe
  C:\Windows\System\nEIBTTa.exe
  2⤵
  PID:5988
- C:\Windows\System\zcVyHaO.exe
  C:\Windows\System\zcVyHaO.exe
  2⤵
  PID:6020
- C:\Windows\System\tRxYoXB.exe
  C:\Windows\System\tRxYoXB.exe
  2⤵
  PID:6052
- C:\Windows\System\fTkxZBv.exe
  C:\Windows\System\fTkxZBv.exe
  2⤵
  PID:6092
- C:\Windows\System\BRQSzwJ.exe
  C:\Windows\System\BRQSzwJ.exe
  2⤵
  PID:6112
- C:\Windows\System\cxXrQaK.exe
  C:\Windows\System\cxXrQaK.exe
  2⤵
  PID:688
- C:\Windows\System\FcOzjHZ.exe
  C:\Windows\System\FcOzjHZ.exe
  2⤵
  PID:3196
- C:\Windows\System\RWozvVP.exe
  C:\Windows\System\RWozvVP.exe
  2⤵
  PID:5176
- C:\Windows\System\rzYQrsD.exe
  C:\Windows\System\rzYQrsD.exe
  2⤵
  PID:5244
- C:\Windows\System\MzrNdal.exe
  C:\Windows\System\MzrNdal.exe
  2⤵
  PID:5292
- C:\Windows\System\RqaNZsR.exe
  C:\Windows\System\RqaNZsR.exe
  2⤵
  PID:5324
- C:\Windows\System\pOBjKmi.exe
  C:\Windows\System\pOBjKmi.exe
  2⤵
  PID:5400
- C:\Windows\System\LsxLxTh.exe
  C:\Windows\System\LsxLxTh.exe
  2⤵
  PID:5508
- C:\Windows\System\MBWqYMa.exe
  C:\Windows\System\MBWqYMa.exe
  2⤵
  PID:5500
- C:\Windows\System\drABZvp.exe
  C:\Windows\System\drABZvp.exe
  2⤵
  PID:5584
- C:\Windows\System\OhfREkJ.exe
  C:\Windows\System\OhfREkJ.exe
  2⤵
  PID:5696
- C:\Windows\System\VhZQJzt.exe
  C:\Windows\System\VhZQJzt.exe
  2⤵
  PID:5732
- C:\Windows\System\aivRHfu.exe
  C:\Windows\System\aivRHfu.exe
  2⤵
  PID:5844
- C:\Windows\System\ycMSjCA.exe
  C:\Windows\System\ycMSjCA.exe
  2⤵
  PID:5908
- C:\Windows\System\nrMIqHI.exe
  C:\Windows\System\nrMIqHI.exe
  2⤵
  PID:5968
- C:\Windows\System\EhTmXRO.exe
  C:\Windows\System\EhTmXRO.exe
  2⤵
  PID:6000
- C:\Windows\System\sWtrTDW.exe
  C:\Windows\System\sWtrTDW.exe
  2⤵
  PID:6108
- C:\Windows\System\ZfBbNDa.exe
  C:\Windows\System\ZfBbNDa.exe
  2⤵
  PID:4440
- C:\Windows\System\OhgHUGr.exe
  C:\Windows\System\OhgHUGr.exe
  2⤵
  PID:5380
- C:\Windows\System\CmnqFUI.exe
  C:\Windows\System\CmnqFUI.exe
  2⤵
  PID:5516
- C:\Windows\System\gKUvtlV.exe
  C:\Windows\System\gKUvtlV.exe
  2⤵
  PID:5580
- C:\Windows\System\gOWJwoB.exe
  C:\Windows\System\gOWJwoB.exe
  2⤵
  PID:5736
- C:\Windows\System\FgWUDWA.exe
  C:\Windows\System\FgWUDWA.exe
  2⤵
  PID:5884
- C:\Windows\System\TXAbcvZ.exe
  C:\Windows\System\TXAbcvZ.exe
  2⤵
  PID:6064
- C:\Windows\System\NmcmpEW.exe
  C:\Windows\System\NmcmpEW.exe
  2⤵
  PID:6136
- C:\Windows\System\RaOyMsO.exe
  C:\Windows\System\RaOyMsO.exe
  2⤵
  PID:5428
- C:\Windows\System\RUTdlJd.exe
  C:\Windows\System\RUTdlJd.exe
  2⤵
  PID:5760
- C:\Windows\System\rAaxork.exe
  C:\Windows\System\rAaxork.exe
  2⤵
  PID:6012
- C:\Windows\System\ABwbHcs.exe
  C:\Windows\System\ABwbHcs.exe
  2⤵
  PID:6156
- C:\Windows\System\mWbUJcp.exe
  C:\Windows\System\mWbUJcp.exe
  2⤵
  PID:6172
- C:\Windows\System\BudILLN.exe
  C:\Windows\System\BudILLN.exe
  2⤵
  PID:6204
- C:\Windows\System\ETmlSYa.exe
  C:\Windows\System\ETmlSYa.exe
  2⤵
  PID:6232
- C:\Windows\System\eKMfHqa.exe
  C:\Windows\System\eKMfHqa.exe
  2⤵
  PID:6260
- C:\Windows\System\MPuAbcN.exe
  C:\Windows\System\MPuAbcN.exe
  2⤵
  PID:6292
- C:\Windows\System\wHgrFoY.exe
  C:\Windows\System\wHgrFoY.exe
  2⤵
  PID:6320
- C:\Windows\System\inisodm.exe
  C:\Windows\System\inisodm.exe
  2⤵
  PID:6344
- C:\Windows\System\dhibpZc.exe
  C:\Windows\System\dhibpZc.exe
  2⤵
  PID:6372
- C:\Windows\System\fmrhbDG.exe
  C:\Windows\System\fmrhbDG.exe
  2⤵
  PID:6396
- C:\Windows\System\dkUIRCW.exe
  C:\Windows\System\dkUIRCW.exe
  2⤵
  PID:6428
- C:\Windows\System\wYhSyxA.exe
  C:\Windows\System\wYhSyxA.exe
  2⤵
  PID:6464
- C:\Windows\System\ovjcDyT.exe
  C:\Windows\System\ovjcDyT.exe
  2⤵
  PID:6484
- C:\Windows\System\DTewHaE.exe
  C:\Windows\System\DTewHaE.exe
  2⤵
  PID:6516
- C:\Windows\System\QEhVWaG.exe
  C:\Windows\System\QEhVWaG.exe
  2⤵
  PID:6552
- C:\Windows\System\CeNDmlh.exe
  C:\Windows\System\CeNDmlh.exe
  2⤵
  PID:6568
- C:\Windows\System\PMJSKrw.exe
  C:\Windows\System\PMJSKrw.exe
  2⤵
  PID:6596
- C:\Windows\System\YFWvSUJ.exe
  C:\Windows\System\YFWvSUJ.exe
  2⤵
  PID:6624
- C:\Windows\System\LjKcdDk.exe
  C:\Windows\System\LjKcdDk.exe
  2⤵
  PID:6652
- C:\Windows\System\GZHcYte.exe
  C:\Windows\System\GZHcYte.exe
  2⤵
  PID:6692
- C:\Windows\System\fMgiKVf.exe
  C:\Windows\System\fMgiKVf.exe
  2⤵
  PID:6708
- C:\Windows\System\DGXdOFx.exe
  C:\Windows\System\DGXdOFx.exe
  2⤵
  PID:6728
- C:\Windows\System\pyJZpnK.exe
  C:\Windows\System\pyJZpnK.exe
  2⤵
  PID:6756
- C:\Windows\System\AjAEaHr.exe
  C:\Windows\System\AjAEaHr.exe
  2⤵
  PID:6788
- C:\Windows\System\IiEyOuK.exe
  C:\Windows\System\IiEyOuK.exe
  2⤵
  PID:6820
- C:\Windows\System\ugFudrY.exe
  C:\Windows\System\ugFudrY.exe
  2⤵
  PID:6848
- C:\Windows\System\jxeBfnb.exe
  C:\Windows\System\jxeBfnb.exe
  2⤵
  PID:6876
- C:\Windows\System\DDNSyJx.exe
  C:\Windows\System\DDNSyJx.exe
  2⤵
  PID:6904
- C:\Windows\System\COCUOpY.exe
  C:\Windows\System\COCUOpY.exe
  2⤵
  PID:6932
- C:\Windows\System\hrgOLSS.exe
  C:\Windows\System\hrgOLSS.exe
  2⤵
  PID:6948
- C:\Windows\System\scEkLZd.exe
  C:\Windows\System\scEkLZd.exe
  2⤵
  PID:6980
- C:\Windows\System\wVKiHvI.exe
  C:\Windows\System\wVKiHvI.exe
  2⤵
  PID:7004
- C:\Windows\System\BjoNUWV.exe
  C:\Windows\System\BjoNUWV.exe
  2⤵
  PID:7020
- C:\Windows\System\RQTkvfY.exe
  C:\Windows\System\RQTkvfY.exe
  2⤵
  PID:7052
- C:\Windows\System\cLxiLvz.exe
  C:\Windows\System\cLxiLvz.exe
  2⤵
  PID:7076
- C:\Windows\System\EPbYKuf.exe
  C:\Windows\System\EPbYKuf.exe
  2⤵
  PID:7108
- C:\Windows\System\ZLvAoBc.exe
  C:\Windows\System\ZLvAoBc.exe
  2⤵
  PID:7144
- C:\Windows\System\jcbkLAg.exe
  C:\Windows\System\jcbkLAg.exe
  2⤵
  PID:6104
- C:\Windows\System\xFnMmXd.exe
  C:\Windows\System\xFnMmXd.exe
  2⤵
  PID:6216

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System\ClNVeLH.exe

Filesize
1.4MB

MD5
7507c635fbbbbb733f395aafff0159cd

SHA1
b7d12f57596190f18c9d13b3b07cf7a9c3ce82db

SHA256
3d1ff61fc612accecc74e4e6668a703bb9e6c60f9c081423e2ce4c4d8e2a9335

SHA512
7a43c38d29f7c1c4b350a5f8a8d19193150e1125f2927ae38c359f8524cb55bfd6857b46694945fee9e10c0d511a92d0884c6eeda7a97969b312e3c11d873465

Download Submit
C:\Windows\System\DIygTbD.exe

Filesize
1.4MB

MD5
2425371e995eca3f1a523614c3d48c0a

SHA1
97d7c9846918f2654aaaa69e04a0d9f631c84625

SHA256
dd11c8e972f83462d23572687903aabf8f78cae849bbffba924ef10539579829

SHA512
0b4732037d8c73915a141f859dc9f7f4ec3567271ad57d4bc16e6bbc7fed8b95c8e2f8a93e41fefe0daa36188f4ed0140908fcfb5b8ea3d3c486e55c9c0b93f5

Download Submit
C:\Windows\System\DWbEAFG.exe

Filesize
1.4MB

MD5
b531538d62f8d67987642f30783e03c1

SHA1
a4b1b5c5b8ec86854439d814058365300ac07cac

SHA256
f6345bef0db20c0c6cb4279d42c9aa0f52043818fda6fada5c6d55e2e154e634

SHA512
dd0ba6cbf731a558348ae9a9811e90fb46866ab0db2c6d7a909c0586991d3c0d2700a8bfc6a49f4532bba4ea530527bac5bfb894b9b29f304008497da56e616a

Download Submit
C:\Windows\System\IBMmLNR.exe

Filesize
1.4MB

MD5
bad3f91cd68339dfade591f04fe86cc2

SHA1
fa2564519ee7725126d6005e431fa1d231a2279d

SHA256
7526dcc02075b884721525b44d8352dc6eeddbe08357b8f8a80adaefa89b89b4

SHA512
7fd32be839936ca1b5002bc3329f4b63abcad680fc7e042dc51b9d9fb8402274681f4e46a2dc1df203dd71b31d4e20672e94e29f973d7b439fc3f48ea09c25f5

Download Submit
C:\Windows\System\JReAzxu.exe

Filesize
1.4MB

MD5
219ea13f5f8caa7f7ceea445f2f94013

SHA1
0f6ca22bfb9a6d0464692d8a1bb59704bc0d29f7

SHA256
bb95f3c95b91e58704337014401992abfccf32cfb5a867e4b93eda3998b2a638

SHA512
a05e0d768851b0100b7897006344a6364b886be9d83c2f5258b9e81788542ff2915463a84bee6ec61bca692f86417e448209f22070ea2bd2e9fa8ed8fad0aec7

Download Submit
C:\Windows\System\KivyigC.exe

Filesize
1.4MB

MD5
358e2c15ba9a89edfe58fb1ba21f4d06

SHA1
e253a34c4dd0e1002338af8f12604f5b8679b5ef

SHA256
5c5491324f1a09e66a2bf8d75e5cb6e82ef26977b521ef2d9705fcef12574f3d

SHA512
118a0047fd13499458efea73e6a8cb43f89334ef4e205613959866ddfe85422f654091e562f9f6e67d8216f87f9002bf79970b859ba959099a18e58b05a313ba

Download Submit
C:\Windows\System\KiwiNvD.exe

Filesize
1.4MB

MD5
6dda3af447faa52a9dad3e476e5ad341

SHA1
f65a69a72aa3146134f2edfac69eebfeb6c4c07d

SHA256
1657ad6695dda432f7a8133e124abc2baf2c12bba43e8c4d36ae9ee123250c7b

SHA512
e552c6f73ec57061b23b5eca3d09e2315fdab5ef11d0d1e4c7e18995737e027b7e9519664fe61ff947c7ca56f5ef054328dd5796e880412cc892e530077b2c85

Download Submit
C:\Windows\System\LhtzQbB.exe

Filesize
1.4MB

MD5
63249677f862e95feafe3979c424f949

SHA1
b8ea66264e53903eea9811d5e92c6b0e3c150146

SHA256
f877bca17399df5f579f65e062a52e79109a288287c16dc8cc12becdaf8746b2

SHA512
4b690913c4b796eb0f46efd3a55ffdb11b7c191f4a7fa524f8ab9262fb046d76baf5783f0cae7f6bd1dd76388516dab2c1ad93ac5fb3870627ece377cb3c8da4

Download Submit
C:\Windows\System\OstcFpC.exe

Filesize
1.4MB

MD5
9d8211d41d0b341183014e97360ce67a

SHA1
bccfcae72e8bf0d6d424558fc55f3bfa45ab6530

SHA256
1d278d0eebf0e57e119ddc8a9bfea1ee14687c5c115849e1bda5e291f4f0c18e

SHA512
a060592435b092741b647de469e03f123fc68b9b252404a20b7c85e59a397d20464fa8df70e0973a12c72cc0cc30881ee04dc5fd444d58e4942daac1d4ea60f4

Download Submit
C:\Windows\System\PJDIoLK.exe

Filesize
1.4MB

MD5
678ccb56b91ec3654fc7930e0ac6db0a

SHA1
69f5d87af73c1e9e3e6af475ca914826fd811903

SHA256
02db3451e9821ef7992140e46af488444c6df575f5949411680f11842ad22bef

SHA512
813701efa610550cf7973396479c473a41542e2efda2320efc787842ca8ebd5a90bd53afdfb82c4893e16ed027815d6ba519569101329fa66f799f3aa741fc22

Download Submit
C:\Windows\System\PTJwCck.exe

Filesize
1.4MB

MD5
f8d23dbfb05cea946e569eb882df2059

SHA1
9585dc7e73676bc742ff732f60ae02c88d31e4d4

SHA256
17b845f2064a3485ab39294089d43845c426c1ba0f8b164e17c3194aa95f8709

SHA512
ae5c24e48c8154f9badf27eadf3b12d670508621869e5c13696258300ec9ede8e232fd05db4e40caa13e77b8d923fdb2b7b3a677c41bbc30e5d448d92628b7fa

Download Submit
C:\Windows\System\PcaUevP.exe

Filesize
1.4MB

MD5
363f37b3161b778d020f48a466f7f9f5

SHA1
3bc2963b40f2b7a726609566aea98eacbf80428f

SHA256
fe0f16b6819da6576630de1b4a82137918a583b637398831b69ed37bc8e33025

SHA512
8b1a538a3f1299381a0db9d5c59a1c7aedd38d0d7bc49976f805d0c0f22551333a434d1e5685f5568da1357488a6a923052e8c4c4b3250974d768921d78be5b4

Download Submit
C:\Windows\System\SYCoEIG.exe

Filesize
1.4MB

MD5
b07ddd7192bcedf4edbfcb7629c013a2

SHA1
87802a4efbbd7529f2a9010e6e97f05c4a4d2929

SHA256
9508c307068f62518c549f7496ec48e6438b420f62db006362e3693be56b8775

SHA512
a025ed3b5f40abe27dcf286b645c838507c2c62ba00d9ec2d05ff6eae9905aa78b40481793514d90ffa9768e38b911cae57128ad2e8d8df6c6c6d15268e19ee0

Download Submit
C:\Windows\System\SzmVicz.exe

Filesize
1.4MB

MD5
6a40a36e5ca6df4ec4ee1ca866943950

SHA1
a4b646645e05a6b0dc51bc3b4694d48ad0f85dfd

SHA256
596869f05f74821d8400a6aa2cf92a1f496a02e3dafce8094dd91fc0981d8e4c

SHA512
0acae5ff881168ca2f07293da662788f4b3f75e2d2a3aaf12102c5c3b4933d6f83d7d253ca9513a144527632d55e607a73e8831bbb04e3847d16dc75aa8d24d0

Download Submit
C:\Windows\System\TjYKQOz.exe

Filesize
1.4MB

MD5
fa81c96c5cf604852c22a0799310bb5e

SHA1
37640d72deff7d669aa50dddd83a56cd6b741ebe

SHA256
45878c4300f9ff29be92deaa1ddeae7bea26f5de1284d0c33513c20bbdc1fe6a

SHA512
ca84dddd0f2f374b15592f957e8c7f6097faf6675ee69c88bb9cd2c696afb80f22ba5d6904baa1800fdc6ada2d443138ae2f58dc8737e700defa0dc9613654b5

Download Submit
C:\Windows\System\TtXEZEv.exe

Filesize
1.4MB

MD5
289c552dfd7229f1802fff8d313e19e0

SHA1
920089b0ad224c58a19e1c1bd088a7ce86081b64

SHA256
2644c2a3a2a36b8352db44b3a02c3efd183ae79953fd29bd8fb397800fe69647

SHA512
ca882af5c1db7a08bd66731dc31a84198f6f8cbb38f56790a6bea8131187ced554d795598cc81233711ab6920b82627f8e8860293e5fedcf7168a5be2472b14e

Download Submit
C:\Windows\System\UOuJxWG.exe

Filesize
1.4MB

MD5
913cd0213b01238f3c75ae1740e49d0c

SHA1
92fa7ea16f7fa8df94014874113c22352b47164e

SHA256
101ab368d25d914cc96f2224dbe9b3ec311e0f798f22af7dc5d1580057ed32e8

SHA512
8e72c736fc8c464542af74d02b2e80e527e3f21a9440efc3a01f7c99a02b0fa6549782d18fb5f50ae7961bbe1562695f9c49b58e85b9a8f3abddeb48dbd0b1aa

Download Submit
C:\Windows\System\UTFOXwb.exe

Filesize
1.4MB

MD5
3133baa9624382619860e0ee5a905804

SHA1
874249c7b4647504107ef7f2fe3d0b3c41f7ba19

SHA256
79a47345c406b5b68b14b928e38598701df7b49bea7baaec0324d8e3c10485c7

SHA512
de878429d4c254b9ac1c8045d3d19e255eebaec9b1f3d92fd7350789bc20b297ae7c70e1cb897d5cd9daf6ceec8cf7db075f70b071e6e8b46e6425337b6c61a9

Download Submit
C:\Windows\System\UWCxwjG.exe

Filesize
1.4MB

MD5
e3e813471ae12868bbc06169b7999d21

SHA1
cd1d7820a084f7b2fb2e319bf159f8bf54e636bc

SHA256
4ffbf01277160f719a977180271d5119016502f65f445a995793fe3dacc20039

SHA512
d44145ea30e75e15a115c0098cad685ff757f9e7b1f3e7fd8b57ad8685543390fb275b988a599ad38618ecc0b3ab1cd50e497cf73628ab4fdf78578cae399f3c

Download Submit
C:\Windows\System\UiSAoDx.exe

Filesize
1.4MB

MD5
7bfa9bb527ac9e5eb7b2dd6131fdd767

SHA1
9dcafd8fa1b82bc46b5c8913117898284b7a97f9

SHA256
a262aba64b5c63269f23772107fc327935bde743a4c15351830ae9a5bac83313

SHA512
cf2465c3e044608236ef3dc7f5a929f57624213eba824dbd2dee4df0bfd3e1ef49dada95b1e72b0040323adb5826d1f459ae9430cea4d6937104e2001ef0f501

Download Submit
C:\Windows\System\VOyOKMo.exe

Filesize
1.4MB

MD5
a2e07832c69266ff527fc20bcb69b79a

SHA1
ad44483b723553c47a9ec7fc91c46aeb4429e795

SHA256
598c5635bbc14b6420c98c7efdba83254375dd8afc86eebf1f8f85517f6a1dfb

SHA512
3562cd2e740dbd7e71902179b1819bb0cdfc783baa2525503b89ebf6052f4ce0571b80f4444d4233871e9657ed4751b1e693f12173687f610143ff05a803c021

Download Submit
C:\Windows\System\XbVwcfk.exe

Filesize
1.4MB

MD5
9c955d5b1917a91b40ab676122f3e24f

SHA1
fcda1d82c21b60fbdf4a1bc324655bb29ecc54a9

SHA256
a63f7e9c48bd220607ea657a69a163977ad55d3208e4b7c150cf6aa23af9f67f

SHA512
0eb0e90a0d8e5a59d4f7285a643bbec4186e4e92c0eb72cc001d5cd2287cae2057295d4c049e3d78f4535583fdc8ef79638e469c917a471075de2d1d9831e1bf

Download Submit
C:\Windows\System\YXeXAjv.exe

Filesize
1.4MB

MD5
fe736aa548ea75ebc5612fb8d4de836b

SHA1
24d42c09c84abd5571a2716941e4ad0d470f1fec

SHA256
a9d1c8c2aec5bf7ff265535925ab201956ce6a8319b6cef06316ff9e9b201e89

SHA512
0c3652c1fdbdf5d565ca9a633d10f6459d6eac57d89e7e950cdea2be58e98b153a1949c04a02102fdac9237b9600521b9e54002c134a3311a4928e12ecdb88ef

Download Submit
C:\Windows\System\bukHIEQ.exe

Filesize
1.4MB

MD5
566ae55f232ca70ded6f5c5465c28dbf

SHA1
4912d68bf5ef2ed7baaed249778a9b76a0ff487f

SHA256
0089c337176b9623eeec8f96797b194b1580cf1bcbe5af06aa175b873eec2825

SHA512
d8ca8ae47aa107dd0de1bbaabf1776171b5e729dea064efb9cd76877cf9b3071e895e4ca8e5cd3416eb9366e1364b284e34b8ebd4c9a9e3216d2906fb4de36e0

Download Submit
C:\Windows\System\hgJLupu.exe

Filesize
1.4MB

MD5
4ef2943e675e3fa005278086e90c88e5

SHA1
e855621d4bbbf05fbb0c7b68c8d2216f3ad87e83

SHA256
98a0c72aae931ecb2672824a3e7d16146ad1457adb0d07260e5b85c5712f6461

SHA512
a7b3c6e6b1bfa8bc8f48721f6884d74029c2a1fe190070d52c833d0ebeee65486c8978e32767455567659b4d1944ade05635eebf7eb8ead43bd1d4e85a57ccb8

Download Submit
C:\Windows\System\mtuxYyA.exe

Filesize
1.4MB

MD5
39075173ffd4dea23d1e5fb57f6d7615

SHA1
93fe983706ef1c8532d0b0d39dca809620be9e0c

SHA256
22137f07468e405e708d9a5413b2d1cfcc701cf38932db703ecc90d5c021e71f

SHA512
e3aad49518f5ec1ee83603c654456c2b92c40b321a9e6b2b023dc107c713ffaa92254050dc87e23f213dcbf503e9a4e85162ed1a92ab1a5a892c467e9e24ab19

Download Submit
C:\Windows\System\umjJnNN.exe

Filesize
1.4MB

MD5
a5caaccfac9841973cc1863d539a5b0d

SHA1
3e3e798c1d9b37de59c75b1d07b09025881986c5

SHA256
591971531fdc5774ae85c3b8ce681f5fe61a8a8d75f871f390f8caacb1baa712

SHA512
eb808df86bf5aee07ac236bbc5ccb74e0fc377d4de18ae93247b68b6feaf68ea115429995f065edc2b1d6ff4c75d98415ef96616b7c9013315cbb6dbcac635c7

Download Submit
C:\Windows\System\vvoBiZO.exe

Filesize
1.4MB

MD5
6409bb4dbc8e6f5f41890cc1ff3b1c2e

SHA1
04b4629db6802f88db101152f69b8c16ed0a54af

SHA256
2635b0989f3c5f8c7ed241c1e136afcd55497eb01de6e5ad48144195defe214c

SHA512
5a9b25d80df6a5ed3595ef48b89573b298dc027b8e339bce8428af8e3e5933a8ede425e3475ce5f76f66f176a231c6f0ac184909f4523f215e68a9eba5515e77

Download Submit
C:\Windows\System\xQfyOSL.exe

Filesize
1.4MB

MD5
7949407a94019613659f4cbea47b2345

SHA1
69070205c67e31b96d918f1fbd15324de3e1e0b7

SHA256
fd4500f1b20f56ff548f89fc4da4d49c3c63155221b0e083e1d3cd508a3f1df9

SHA512
c883f3584746963659efe48655fc79c6fe685aff2de7f4972272b2d022c396756676a557ed7129ed91bd9ff5d4d6ba8ab2fb3e7f89073122e209974115f07ab3

Download Submit
C:\Windows\System\xZIwnQy.exe

Filesize
1.4MB

MD5
87b282f6425f831c7377fda380f7bbb9

SHA1
c0b0c868f4a87d0bdccc76874af7b7e8b394dfee

SHA256
84f3b759c3c619105fcc7dd89fb44a99ae9072fff8f1737f68d577f5a4bf427b

SHA512
09d70671cd85ed7a8e367632f72310f8147024bad5b9a8dab4cd625d26b04709932b01bc22a76ff1d502dd9159ecdacda3c83f73b5ebf3d9553607f18787274f

Download Submit
C:\Windows\System\ydtPZIh.exe

Filesize
1.4MB

MD5
42578d8119d4e0ad238673455267ee09

SHA1
5d38f4ffdd8f383f9d06d5e3e57ec92fef7486f0

SHA256
06567a5e89086c5918ea51503b75067888c141e4793002b7f24e0e1e12086edd

SHA512
0368032bbae5b71a0e0b0fc9ee12ff39ce8d2ec3ac3d032ec3b1a1f2dc4361730b658386c626342b36a54d2f0aa4b9dd0bde1fa9290f37c9db7de0e03aa220d4

Download Submit
C:\Windows\System\yoYGTAF.exe

Filesize
1.4MB

MD5
659cbd9508e813bc64a4bd1335525256

SHA1
4cb269a339124c2ecd7080e08809edde322ca23e

SHA256
3141d20ef11c379f4b04291db1f260f6ebd5f6ec5e57050a8125e9b6a7912912

SHA512
532511ec1b72088ab14be8707b3cd08ab0132311dec0cc2c5c64ee36f171164b7d89cb23d82e442553b08832a17259c13374dfda2d127a903da10620347d58aa

Download Submit
memory/1332-0-0x000001756DFD0000-0x000001756DFE0000-memory.dmp

Filesize
64KB

Download