xmrig | 655ac6e7d42779e9efa7de0da3994c74066183e4300c85e89a3ba523528af944

Analysis

max time kernel
148s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
16/08/2024, 23:52

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

655ac6e7d42779e9efa7de0da3994c74066183e4300c85e89a3ba523528af944.exe
Size

1.6MB
MD5

26dd4af17800866a224a90251d6fb8f2
SHA1

605570e9715c8dd290c8389a45b198040dcc0d8b
SHA256

655ac6e7d42779e9efa7de0da3994c74066183e4300c85e89a3ba523528af944
SHA512

6a3a46a3b2d7c5b73427a71c4180fe182e35c093dda6abbaa522a4fd323bd3879da9805bf64cd464b6a98d570640d7e8a0d3b2b15889e446cfe940d226e85f6d
SSDEEP

49152:GezaTF8FcNkNdfE0pZ9oztFwI6KQGyXVxZVMbhGtD:GemTLkNdfE0pZaS

Score

10^/10

xmrig miner

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 33 IoCs

miner

resource	yara_rule
behavioral2/files/0x0008000000023471-4.dat	xmrig
behavioral2/files/0x0007000000023475-11.dat	xmrig
behavioral2/files/0x0007000000023477-23.dat	xmrig
behavioral2/files/0x0007000000023476-13.dat	xmrig
behavioral2/files/0x000700000002347c-47.dat	xmrig
behavioral2/files/0x000700000002347f-60.dat	xmrig
behavioral2/files/0x000700000002347e-58.dat	xmrig
behavioral2/files/0x000700000002347d-54.dat	xmrig
behavioral2/files/0x000700000002347b-45.dat	xmrig
behavioral2/files/0x000700000002347a-43.dat	xmrig
behavioral2/files/0x0007000000023479-29.dat	xmrig
behavioral2/files/0x0007000000023478-28.dat	xmrig
behavioral2/files/0x0007000000023483-78.dat	xmrig
behavioral2/files/0x0007000000023484-86.dat	xmrig
behavioral2/files/0x0007000000023486-95.dat	xmrig
behavioral2/files/0x0007000000023485-92.dat	xmrig
behavioral2/files/0x0007000000023487-111.dat	xmrig
behavioral2/files/0x000700000002348a-127.dat	xmrig
behavioral2/files/0x000700000002348e-138.dat	xmrig
behavioral2/files/0x000700000002348f-140.dat	xmrig
behavioral2/files/0x000700000002348d-136.dat	xmrig
behavioral2/files/0x000700000002348c-134.dat	xmrig
behavioral2/files/0x000700000002348b-132.dat	xmrig
behavioral2/files/0x0007000000023489-124.dat	xmrig
behavioral2/files/0x0007000000023488-121.dat	xmrig
behavioral2/files/0x0007000000023480-72.dat	xmrig
behavioral2/files/0x0008000000023472-73.dat	xmrig
behavioral2/files/0x0007000000023490-144.dat	xmrig
behavioral2/files/0x0007000000023491-147.dat	xmrig
behavioral2/files/0x0007000000023492-157.dat	xmrig
behavioral2/files/0x0007000000023494-161.dat	xmrig
behavioral2/files/0x0007000000023493-156.dat	xmrig
behavioral2/files/0x0007000000023482-71.dat	xmrig

Executes dropped EXE 64 IoCs

pid	Process
3752	UIDNIrf.exe
1568	TGIcjJc.exe
3588	YaoSctk.exe
60	YxstMNh.exe
2444	KiRTREh.exe
2036	GfBwDkC.exe
4856	xihWzko.exe
2976	iNYpdEG.exe
1596	PQppnXV.exe
4432	azOurxK.exe
4004	sKakhFR.exe
2396	idodRct.exe
3216	VerlgAs.exe
1072	ZUBsmRS.exe
624	BJaYmRw.exe
4616	YuMnepd.exe
3364	GNsPVGo.exe
2880	nUPTYAL.exe
1412	PjpCLHZ.exe
2764	KcbwCCY.exe
3568	tfMGywM.exe
2340	sitXMlF.exe
3288	goBidcE.exe
2024	PjbWGwW.exe
984	pJAEBZz.exe
2888	tAiUATL.exe
2328	gchPTGl.exe
4804	jIiVqqq.exe
4144	qwSRVkF.exe
4920	eXLqmmT.exe
1016	STeeQoK.exe
2244	dVdBUhU.exe
4720	vwyaaaX.exe
4524	ytFsUXA.exe
668	yNMfRfV.exe
3712	PRaCLHS.exe
2944	IXnwqMT.exe
4332	OyCMIXz.exe
4460	mEISiyP.exe
2440	cBdSyii.exe
1940	BLKDUHh.exe
440	xGnXUnE.exe
1160	hVlRtcq.exe
4512	IAoFJfo.exe
5016	NpvrPsR.exe
748	NJUwCEh.exe
4008	MfUzoBQ.exe
3232	RsJzwMY.exe
3144	IScobRD.exe
2384	xgcaQCG.exe
3128	vvqDTKE.exe
3628	hezGSdK.exe
4716	JYfAZvN.exe
5040	sGMPhdO.exe
1832	YHISiDU.exe
1228	NHxMTdf.exe
2020	vCyQKDz.exe
592	FmvxuuH.exe
2884	hqPsMzM.exe
3800	QOUFzwl.exe
5088	uQdtIbk.exe
2124	BuGjIqE.exe
972	oihhOxC.exe
3704	HaTKlTj.exe

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\azOurxK.exe	655ac6e7d42779e9efa7de0da3994c74066183e4300c85e89a3ba523528af944.exe
File created	C:\Windows\System\goBidcE.exe	655ac6e7d42779e9efa7de0da3994c74066183e4300c85e89a3ba523528af944.exe
File created	C:\Windows\System\MfUzoBQ.exe	655ac6e7d42779e9efa7de0da3994c74066183e4300c85e89a3ba523528af944.exe
File created	C:\Windows\System\HaTKlTj.exe	655ac6e7d42779e9efa7de0da3994c74066183e4300c85e89a3ba523528af944.exe
File created	C:\Windows\System\NtwXIDS.exe	655ac6e7d42779e9efa7de0da3994c74066183e4300c85e89a3ba523528af944.exe
File created	C:\Windows\System\VerlgAs.exe	655ac6e7d42779e9efa7de0da3994c74066183e4300c85e89a3ba523528af944.exe
File created	C:\Windows\System\tAiUATL.exe	655ac6e7d42779e9efa7de0da3994c74066183e4300c85e89a3ba523528af944.exe
File created	C:\Windows\System\qxXuvGH.exe	655ac6e7d42779e9efa7de0da3994c74066183e4300c85e89a3ba523528af944.exe
File created	C:\Windows\System\hnRrGku.exe	655ac6e7d42779e9efa7de0da3994c74066183e4300c85e89a3ba523528af944.exe
File created	C:\Windows\System\PRaCLHS.exe	655ac6e7d42779e9efa7de0da3994c74066183e4300c85e89a3ba523528af944.exe
File created	C:\Windows\System\EZSvWFC.exe	655ac6e7d42779e9efa7de0da3994c74066183e4300c85e89a3ba523528af944.exe
File created	C:\Windows\System\WSepels.exe	655ac6e7d42779e9efa7de0da3994c74066183e4300c85e89a3ba523528af944.exe
File created	C:\Windows\System\RsJzwMY.exe	655ac6e7d42779e9efa7de0da3994c74066183e4300c85e89a3ba523528af944.exe
File created	C:\Windows\System\SdEzEqC.exe	655ac6e7d42779e9efa7de0da3994c74066183e4300c85e89a3ba523528af944.exe
File created	C:\Windows\System\TAKAoYA.exe	655ac6e7d42779e9efa7de0da3994c74066183e4300c85e89a3ba523528af944.exe
File created	C:\Windows\System\PuvEPeM.exe	655ac6e7d42779e9efa7de0da3994c74066183e4300c85e89a3ba523528af944.exe
File created	C:\Windows\System\hqPsMzM.exe	655ac6e7d42779e9efa7de0da3994c74066183e4300c85e89a3ba523528af944.exe
File created	C:\Windows\System\HtpCHRc.exe	655ac6e7d42779e9efa7de0da3994c74066183e4300c85e89a3ba523528af944.exe
File created	C:\Windows\System\vwyaaaX.exe	655ac6e7d42779e9efa7de0da3994c74066183e4300c85e89a3ba523528af944.exe
File created	C:\Windows\System\RdAwyOD.exe	655ac6e7d42779e9efa7de0da3994c74066183e4300c85e89a3ba523528af944.exe
File created	C:\Windows\System\kFESRKl.exe	655ac6e7d42779e9efa7de0da3994c74066183e4300c85e89a3ba523528af944.exe
File created	C:\Windows\System\DqtyjdB.exe	655ac6e7d42779e9efa7de0da3994c74066183e4300c85e89a3ba523528af944.exe
File created	C:\Windows\System\vJgLTzb.exe	655ac6e7d42779e9efa7de0da3994c74066183e4300c85e89a3ba523528af944.exe
File created	C:\Windows\System\KiRTREh.exe	655ac6e7d42779e9efa7de0da3994c74066183e4300c85e89a3ba523528af944.exe
File created	C:\Windows\System\SGSrHEe.exe	655ac6e7d42779e9efa7de0da3994c74066183e4300c85e89a3ba523528af944.exe
File created	C:\Windows\System\mJQtxRz.exe	655ac6e7d42779e9efa7de0da3994c74066183e4300c85e89a3ba523528af944.exe
File created	C:\Windows\System\SHKtzJq.exe	655ac6e7d42779e9efa7de0da3994c74066183e4300c85e89a3ba523528af944.exe
File created	C:\Windows\System\nUPTYAL.exe	655ac6e7d42779e9efa7de0da3994c74066183e4300c85e89a3ba523528af944.exe
File created	C:\Windows\System\IAoFJfo.exe	655ac6e7d42779e9efa7de0da3994c74066183e4300c85e89a3ba523528af944.exe
File created	C:\Windows\System\xgcaQCG.exe	655ac6e7d42779e9efa7de0da3994c74066183e4300c85e89a3ba523528af944.exe
File created	C:\Windows\System\LPLsrms.exe	655ac6e7d42779e9efa7de0da3994c74066183e4300c85e89a3ba523528af944.exe
File created	C:\Windows\System\iBjKpCy.exe	655ac6e7d42779e9efa7de0da3994c74066183e4300c85e89a3ba523528af944.exe
File created	C:\Windows\System\OyCMIXz.exe	655ac6e7d42779e9efa7de0da3994c74066183e4300c85e89a3ba523528af944.exe
File created	C:\Windows\System\tMYNifR.exe	655ac6e7d42779e9efa7de0da3994c74066183e4300c85e89a3ba523528af944.exe
File created	C:\Windows\System\YaoSctk.exe	655ac6e7d42779e9efa7de0da3994c74066183e4300c85e89a3ba523528af944.exe
File created	C:\Windows\System\hVlRtcq.exe	655ac6e7d42779e9efa7de0da3994c74066183e4300c85e89a3ba523528af944.exe
File created	C:\Windows\System\BmyFBli.exe	655ac6e7d42779e9efa7de0da3994c74066183e4300c85e89a3ba523528af944.exe
File created	C:\Windows\System\gchPTGl.exe	655ac6e7d42779e9efa7de0da3994c74066183e4300c85e89a3ba523528af944.exe
File created	C:\Windows\System\jKbQtyy.exe	655ac6e7d42779e9efa7de0da3994c74066183e4300c85e89a3ba523528af944.exe
File created	C:\Windows\System\zCanMoj.exe	655ac6e7d42779e9efa7de0da3994c74066183e4300c85e89a3ba523528af944.exe
File created	C:\Windows\System\ytFsUXA.exe	655ac6e7d42779e9efa7de0da3994c74066183e4300c85e89a3ba523528af944.exe
File created	C:\Windows\System\FEVVyly.exe	655ac6e7d42779e9efa7de0da3994c74066183e4300c85e89a3ba523528af944.exe
File created	C:\Windows\System\msjJeok.exe	655ac6e7d42779e9efa7de0da3994c74066183e4300c85e89a3ba523528af944.exe
File created	C:\Windows\System\vIXIsFj.exe	655ac6e7d42779e9efa7de0da3994c74066183e4300c85e89a3ba523528af944.exe
File created	C:\Windows\System\pMraMiz.exe	655ac6e7d42779e9efa7de0da3994c74066183e4300c85e89a3ba523528af944.exe
File created	C:\Windows\System\uQdtIbk.exe	655ac6e7d42779e9efa7de0da3994c74066183e4300c85e89a3ba523528af944.exe
File created	C:\Windows\System\ybBLxGE.exe	655ac6e7d42779e9efa7de0da3994c74066183e4300c85e89a3ba523528af944.exe
File created	C:\Windows\System\GhvuMug.exe	655ac6e7d42779e9efa7de0da3994c74066183e4300c85e89a3ba523528af944.exe
File created	C:\Windows\System\JQNAnTg.exe	655ac6e7d42779e9efa7de0da3994c74066183e4300c85e89a3ba523528af944.exe
File created	C:\Windows\System\KNjuZjc.exe	655ac6e7d42779e9efa7de0da3994c74066183e4300c85e89a3ba523528af944.exe
File created	C:\Windows\System\ZUBsmRS.exe	655ac6e7d42779e9efa7de0da3994c74066183e4300c85e89a3ba523528af944.exe
File created	C:\Windows\System\NpvrPsR.exe	655ac6e7d42779e9efa7de0da3994c74066183e4300c85e89a3ba523528af944.exe
File created	C:\Windows\System\dmSkWqy.exe	655ac6e7d42779e9efa7de0da3994c74066183e4300c85e89a3ba523528af944.exe
File created	C:\Windows\System\nxhrUjE.exe	655ac6e7d42779e9efa7de0da3994c74066183e4300c85e89a3ba523528af944.exe
File created	C:\Windows\System\TghDYJo.exe	655ac6e7d42779e9efa7de0da3994c74066183e4300c85e89a3ba523528af944.exe
File created	C:\Windows\System\PjpCLHZ.exe	655ac6e7d42779e9efa7de0da3994c74066183e4300c85e89a3ba523528af944.exe
File created	C:\Windows\System\UaLdblw.exe	655ac6e7d42779e9efa7de0da3994c74066183e4300c85e89a3ba523528af944.exe
File created	C:\Windows\System\ItlCPyG.exe	655ac6e7d42779e9efa7de0da3994c74066183e4300c85e89a3ba523528af944.exe
File created	C:\Windows\System\gHJpZya.exe	655ac6e7d42779e9efa7de0da3994c74066183e4300c85e89a3ba523528af944.exe
File created	C:\Windows\System\pBfSvdT.exe	655ac6e7d42779e9efa7de0da3994c74066183e4300c85e89a3ba523528af944.exe
File created	C:\Windows\System\qhwfADb.exe	655ac6e7d42779e9efa7de0da3994c74066183e4300c85e89a3ba523528af944.exe
File created	C:\Windows\System\pJAEBZz.exe	655ac6e7d42779e9efa7de0da3994c74066183e4300c85e89a3ba523528af944.exe
File created	C:\Windows\System\kSyPWjd.exe	655ac6e7d42779e9efa7de0da3994c74066183e4300c85e89a3ba523528af944.exe
File created	C:\Windows\System\mCirURb.exe	655ac6e7d42779e9efa7de0da3994c74066183e4300c85e89a3ba523528af944.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeLockMemoryPrivilege	3176	655ac6e7d42779e9efa7de0da3994c74066183e4300c85e89a3ba523528af944.exe
Token: SeLockMemoryPrivilege	3176	655ac6e7d42779e9efa7de0da3994c74066183e4300c85e89a3ba523528af944.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3176 wrote to memory of 3752	3176	655ac6e7d42779e9efa7de0da3994c74066183e4300c85e89a3ba523528af944.exe	85
PID 3176 wrote to memory of 3752	3176	655ac6e7d42779e9efa7de0da3994c74066183e4300c85e89a3ba523528af944.exe	85
PID 3176 wrote to memory of 3588	3176	655ac6e7d42779e9efa7de0da3994c74066183e4300c85e89a3ba523528af944.exe	86
PID 3176 wrote to memory of 3588	3176	655ac6e7d42779e9efa7de0da3994c74066183e4300c85e89a3ba523528af944.exe	86
PID 3176 wrote to memory of 1568	3176	655ac6e7d42779e9efa7de0da3994c74066183e4300c85e89a3ba523528af944.exe	87
PID 3176 wrote to memory of 1568	3176	655ac6e7d42779e9efa7de0da3994c74066183e4300c85e89a3ba523528af944.exe	87
PID 3176 wrote to memory of 60	3176	655ac6e7d42779e9efa7de0da3994c74066183e4300c85e89a3ba523528af944.exe	88
PID 3176 wrote to memory of 60	3176	655ac6e7d42779e9efa7de0da3994c74066183e4300c85e89a3ba523528af944.exe	88
PID 3176 wrote to memory of 2444	3176	655ac6e7d42779e9efa7de0da3994c74066183e4300c85e89a3ba523528af944.exe	89
PID 3176 wrote to memory of 2444	3176	655ac6e7d42779e9efa7de0da3994c74066183e4300c85e89a3ba523528af944.exe	89
PID 3176 wrote to memory of 2036	3176	655ac6e7d42779e9efa7de0da3994c74066183e4300c85e89a3ba523528af944.exe	90
PID 3176 wrote to memory of 2036	3176	655ac6e7d42779e9efa7de0da3994c74066183e4300c85e89a3ba523528af944.exe	90
PID 3176 wrote to memory of 4856	3176	655ac6e7d42779e9efa7de0da3994c74066183e4300c85e89a3ba523528af944.exe	91
PID 3176 wrote to memory of 4856	3176	655ac6e7d42779e9efa7de0da3994c74066183e4300c85e89a3ba523528af944.exe	91
PID 3176 wrote to memory of 2976	3176	655ac6e7d42779e9efa7de0da3994c74066183e4300c85e89a3ba523528af944.exe	92
PID 3176 wrote to memory of 2976	3176	655ac6e7d42779e9efa7de0da3994c74066183e4300c85e89a3ba523528af944.exe	92
PID 3176 wrote to memory of 1596	3176	655ac6e7d42779e9efa7de0da3994c74066183e4300c85e89a3ba523528af944.exe	93
PID 3176 wrote to memory of 1596	3176	655ac6e7d42779e9efa7de0da3994c74066183e4300c85e89a3ba523528af944.exe	93
PID 3176 wrote to memory of 4432	3176	655ac6e7d42779e9efa7de0da3994c74066183e4300c85e89a3ba523528af944.exe	94
PID 3176 wrote to memory of 4432	3176	655ac6e7d42779e9efa7de0da3994c74066183e4300c85e89a3ba523528af944.exe	94
PID 3176 wrote to memory of 4004	3176	655ac6e7d42779e9efa7de0da3994c74066183e4300c85e89a3ba523528af944.exe	95
PID 3176 wrote to memory of 4004	3176	655ac6e7d42779e9efa7de0da3994c74066183e4300c85e89a3ba523528af944.exe	95
PID 3176 wrote to memory of 2396	3176	655ac6e7d42779e9efa7de0da3994c74066183e4300c85e89a3ba523528af944.exe	96
PID 3176 wrote to memory of 2396	3176	655ac6e7d42779e9efa7de0da3994c74066183e4300c85e89a3ba523528af944.exe	96
PID 3176 wrote to memory of 3216	3176	655ac6e7d42779e9efa7de0da3994c74066183e4300c85e89a3ba523528af944.exe	97
PID 3176 wrote to memory of 3216	3176	655ac6e7d42779e9efa7de0da3994c74066183e4300c85e89a3ba523528af944.exe	97
PID 3176 wrote to memory of 1072	3176	655ac6e7d42779e9efa7de0da3994c74066183e4300c85e89a3ba523528af944.exe	98
PID 3176 wrote to memory of 1072	3176	655ac6e7d42779e9efa7de0da3994c74066183e4300c85e89a3ba523528af944.exe	98
PID 3176 wrote to memory of 624	3176	655ac6e7d42779e9efa7de0da3994c74066183e4300c85e89a3ba523528af944.exe	99
PID 3176 wrote to memory of 624	3176	655ac6e7d42779e9efa7de0da3994c74066183e4300c85e89a3ba523528af944.exe	99
PID 3176 wrote to memory of 4616	3176	655ac6e7d42779e9efa7de0da3994c74066183e4300c85e89a3ba523528af944.exe	100
PID 3176 wrote to memory of 4616	3176	655ac6e7d42779e9efa7de0da3994c74066183e4300c85e89a3ba523528af944.exe	100
PID 3176 wrote to memory of 3364	3176	655ac6e7d42779e9efa7de0da3994c74066183e4300c85e89a3ba523528af944.exe	101
PID 3176 wrote to memory of 3364	3176	655ac6e7d42779e9efa7de0da3994c74066183e4300c85e89a3ba523528af944.exe	101
PID 3176 wrote to memory of 2880	3176	655ac6e7d42779e9efa7de0da3994c74066183e4300c85e89a3ba523528af944.exe	103
PID 3176 wrote to memory of 2880	3176	655ac6e7d42779e9efa7de0da3994c74066183e4300c85e89a3ba523528af944.exe	103
PID 3176 wrote to memory of 1412	3176	655ac6e7d42779e9efa7de0da3994c74066183e4300c85e89a3ba523528af944.exe	104
PID 3176 wrote to memory of 1412	3176	655ac6e7d42779e9efa7de0da3994c74066183e4300c85e89a3ba523528af944.exe	104
PID 3176 wrote to memory of 2764	3176	655ac6e7d42779e9efa7de0da3994c74066183e4300c85e89a3ba523528af944.exe	105
PID 3176 wrote to memory of 2764	3176	655ac6e7d42779e9efa7de0da3994c74066183e4300c85e89a3ba523528af944.exe	105
PID 3176 wrote to memory of 3568	3176	655ac6e7d42779e9efa7de0da3994c74066183e4300c85e89a3ba523528af944.exe	106
PID 3176 wrote to memory of 3568	3176	655ac6e7d42779e9efa7de0da3994c74066183e4300c85e89a3ba523528af944.exe	106
PID 3176 wrote to memory of 2340	3176	655ac6e7d42779e9efa7de0da3994c74066183e4300c85e89a3ba523528af944.exe	107
PID 3176 wrote to memory of 2340	3176	655ac6e7d42779e9efa7de0da3994c74066183e4300c85e89a3ba523528af944.exe	107
PID 3176 wrote to memory of 3288	3176	655ac6e7d42779e9efa7de0da3994c74066183e4300c85e89a3ba523528af944.exe	108
PID 3176 wrote to memory of 3288	3176	655ac6e7d42779e9efa7de0da3994c74066183e4300c85e89a3ba523528af944.exe	108
PID 3176 wrote to memory of 2024	3176	655ac6e7d42779e9efa7de0da3994c74066183e4300c85e89a3ba523528af944.exe	109
PID 3176 wrote to memory of 2024	3176	655ac6e7d42779e9efa7de0da3994c74066183e4300c85e89a3ba523528af944.exe	109
PID 3176 wrote to memory of 984	3176	655ac6e7d42779e9efa7de0da3994c74066183e4300c85e89a3ba523528af944.exe	110
PID 3176 wrote to memory of 984	3176	655ac6e7d42779e9efa7de0da3994c74066183e4300c85e89a3ba523528af944.exe	110
PID 3176 wrote to memory of 2888	3176	655ac6e7d42779e9efa7de0da3994c74066183e4300c85e89a3ba523528af944.exe	111
PID 3176 wrote to memory of 2888	3176	655ac6e7d42779e9efa7de0da3994c74066183e4300c85e89a3ba523528af944.exe	111
PID 3176 wrote to memory of 2328	3176	655ac6e7d42779e9efa7de0da3994c74066183e4300c85e89a3ba523528af944.exe	112
PID 3176 wrote to memory of 2328	3176	655ac6e7d42779e9efa7de0da3994c74066183e4300c85e89a3ba523528af944.exe	112
PID 3176 wrote to memory of 4804	3176	655ac6e7d42779e9efa7de0da3994c74066183e4300c85e89a3ba523528af944.exe	113
PID 3176 wrote to memory of 4804	3176	655ac6e7d42779e9efa7de0da3994c74066183e4300c85e89a3ba523528af944.exe	113
PID 3176 wrote to memory of 4144	3176	655ac6e7d42779e9efa7de0da3994c74066183e4300c85e89a3ba523528af944.exe	114
PID 3176 wrote to memory of 4144	3176	655ac6e7d42779e9efa7de0da3994c74066183e4300c85e89a3ba523528af944.exe	114
PID 3176 wrote to memory of 4920	3176	655ac6e7d42779e9efa7de0da3994c74066183e4300c85e89a3ba523528af944.exe	116
PID 3176 wrote to memory of 4920	3176	655ac6e7d42779e9efa7de0da3994c74066183e4300c85e89a3ba523528af944.exe	116
PID 3176 wrote to memory of 1016	3176	655ac6e7d42779e9efa7de0da3994c74066183e4300c85e89a3ba523528af944.exe	117
PID 3176 wrote to memory of 1016	3176	655ac6e7d42779e9efa7de0da3994c74066183e4300c85e89a3ba523528af944.exe	117
PID 3176 wrote to memory of 2244	3176	655ac6e7d42779e9efa7de0da3994c74066183e4300c85e89a3ba523528af944.exe	118
PID 3176 wrote to memory of 2244	3176	655ac6e7d42779e9efa7de0da3994c74066183e4300c85e89a3ba523528af944.exe	118

C:\Users\Admin\AppData\Local\Temp\655ac6e7d42779e9efa7de0da3994c74066183e4300c85e89a3ba523528af944.exe
"C:\Users\Admin\AppData\Local\Temp\655ac6e7d42779e9efa7de0da3994c74066183e4300c85e89a3ba523528af944.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:3176
- C:\Windows\System\UIDNIrf.exe
  C:\Windows\System\UIDNIrf.exe
  2⤵
  - Executes dropped EXE
  PID:3752
- C:\Windows\System\YaoSctk.exe
  C:\Windows\System\YaoSctk.exe
  2⤵
  - Executes dropped EXE
  PID:3588
- C:\Windows\System\TGIcjJc.exe
  C:\Windows\System\TGIcjJc.exe
  2⤵
  - Executes dropped EXE
  PID:1568
- C:\Windows\System\YxstMNh.exe
  C:\Windows\System\YxstMNh.exe
  2⤵
  - Executes dropped EXE
  PID:60
- C:\Windows\System\KiRTREh.exe
  C:\Windows\System\KiRTREh.exe
  2⤵
  - Executes dropped EXE
  PID:2444
- C:\Windows\System\GfBwDkC.exe
  C:\Windows\System\GfBwDkC.exe
  2⤵
  - Executes dropped EXE
  PID:2036
- C:\Windows\System\xihWzko.exe
  C:\Windows\System\xihWzko.exe
  2⤵
  - Executes dropped EXE
  PID:4856
- C:\Windows\System\iNYpdEG.exe
  C:\Windows\System\iNYpdEG.exe
  2⤵
  - Executes dropped EXE
  PID:2976
- C:\Windows\System\PQppnXV.exe
  C:\Windows\System\PQppnXV.exe
  2⤵
  - Executes dropped EXE
  PID:1596
- C:\Windows\System\azOurxK.exe
  C:\Windows\System\azOurxK.exe
  2⤵
  - Executes dropped EXE
  PID:4432
- C:\Windows\System\sKakhFR.exe
  C:\Windows\System\sKakhFR.exe
  2⤵
  - Executes dropped EXE
  PID:4004
- C:\Windows\System\idodRct.exe
  C:\Windows\System\idodRct.exe
  2⤵
  - Executes dropped EXE
  PID:2396
- C:\Windows\System\VerlgAs.exe
  C:\Windows\System\VerlgAs.exe
  2⤵
  - Executes dropped EXE
  PID:3216
- C:\Windows\System\ZUBsmRS.exe
  C:\Windows\System\ZUBsmRS.exe
  2⤵
  - Executes dropped EXE
  PID:1072
- C:\Windows\System\BJaYmRw.exe
  C:\Windows\System\BJaYmRw.exe
  2⤵
  - Executes dropped EXE
  PID:624
- C:\Windows\System\YuMnepd.exe
  C:\Windows\System\YuMnepd.exe
  2⤵
  - Executes dropped EXE
  PID:4616
- C:\Windows\System\GNsPVGo.exe
  C:\Windows\System\GNsPVGo.exe
  2⤵
  - Executes dropped EXE
  PID:3364
- C:\Windows\System\nUPTYAL.exe
  C:\Windows\System\nUPTYAL.exe
  2⤵
  - Executes dropped EXE
  PID:2880
- C:\Windows\System\PjpCLHZ.exe
  C:\Windows\System\PjpCLHZ.exe
  2⤵
  - Executes dropped EXE
  PID:1412
- C:\Windows\System\KcbwCCY.exe
  C:\Windows\System\KcbwCCY.exe
  2⤵
  - Executes dropped EXE
  PID:2764
- C:\Windows\System\tfMGywM.exe
  C:\Windows\System\tfMGywM.exe
  2⤵
  - Executes dropped EXE
  PID:3568
- C:\Windows\System\sitXMlF.exe
  C:\Windows\System\sitXMlF.exe
  2⤵
  - Executes dropped EXE
  PID:2340
- C:\Windows\System\goBidcE.exe
  C:\Windows\System\goBidcE.exe
  2⤵
  - Executes dropped EXE
  PID:3288
- C:\Windows\System\PjbWGwW.exe
  C:\Windows\System\PjbWGwW.exe
  2⤵
  - Executes dropped EXE
  PID:2024
- C:\Windows\System\pJAEBZz.exe
  C:\Windows\System\pJAEBZz.exe
  2⤵
  - Executes dropped EXE
  PID:984
- C:\Windows\System\tAiUATL.exe
  C:\Windows\System\tAiUATL.exe
  2⤵
  - Executes dropped EXE
  PID:2888
- C:\Windows\System\gchPTGl.exe
  C:\Windows\System\gchPTGl.exe
  2⤵
  - Executes dropped EXE
  PID:2328
- C:\Windows\System\jIiVqqq.exe
  C:\Windows\System\jIiVqqq.exe
  2⤵
  - Executes dropped EXE
  PID:4804
- C:\Windows\System\qwSRVkF.exe
  C:\Windows\System\qwSRVkF.exe
  2⤵
  - Executes dropped EXE
  PID:4144
- C:\Windows\System\eXLqmmT.exe
  C:\Windows\System\eXLqmmT.exe
  2⤵
  - Executes dropped EXE
  PID:4920
- C:\Windows\System\STeeQoK.exe
  C:\Windows\System\STeeQoK.exe
  2⤵
  - Executes dropped EXE
  PID:1016
- C:\Windows\System\dVdBUhU.exe
  C:\Windows\System\dVdBUhU.exe
  2⤵
  - Executes dropped EXE
  PID:2244
- C:\Windows\System\vwyaaaX.exe
  C:\Windows\System\vwyaaaX.exe
  2⤵
  - Executes dropped EXE
  PID:4720
- C:\Windows\System\ytFsUXA.exe
  C:\Windows\System\ytFsUXA.exe
  2⤵
  - Executes dropped EXE
  PID:4524
- C:\Windows\System\yNMfRfV.exe
  C:\Windows\System\yNMfRfV.exe
  2⤵
  - Executes dropped EXE
  PID:668
- C:\Windows\System\PRaCLHS.exe
  C:\Windows\System\PRaCLHS.exe
  2⤵
  - Executes dropped EXE
  PID:3712
- C:\Windows\System\IXnwqMT.exe
  C:\Windows\System\IXnwqMT.exe
  2⤵
  - Executes dropped EXE
  PID:2944
- C:\Windows\System\OyCMIXz.exe
  C:\Windows\System\OyCMIXz.exe
  2⤵
  - Executes dropped EXE
  PID:4332
- C:\Windows\System\mEISiyP.exe
  C:\Windows\System\mEISiyP.exe
  2⤵
  - Executes dropped EXE
  PID:4460
- C:\Windows\System\cBdSyii.exe
  C:\Windows\System\cBdSyii.exe
  2⤵
  - Executes dropped EXE
  PID:2440
- C:\Windows\System\BLKDUHh.exe
  C:\Windows\System\BLKDUHh.exe
  2⤵
  - Executes dropped EXE
  PID:1940
- C:\Windows\System\xGnXUnE.exe
  C:\Windows\System\xGnXUnE.exe
  2⤵
  - Executes dropped EXE
  PID:440
- C:\Windows\System\hVlRtcq.exe
  C:\Windows\System\hVlRtcq.exe
  2⤵
  - Executes dropped EXE
  PID:1160
- C:\Windows\System\IAoFJfo.exe
  C:\Windows\System\IAoFJfo.exe
  2⤵
  - Executes dropped EXE
  PID:4512
- C:\Windows\System\NpvrPsR.exe
  C:\Windows\System\NpvrPsR.exe
  2⤵
  - Executes dropped EXE
  PID:5016
- C:\Windows\System\NJUwCEh.exe
  C:\Windows\System\NJUwCEh.exe
  2⤵
  - Executes dropped EXE
  PID:748
- C:\Windows\System\MfUzoBQ.exe
  C:\Windows\System\MfUzoBQ.exe
  2⤵
  - Executes dropped EXE
  PID:4008
- C:\Windows\System\RsJzwMY.exe
  C:\Windows\System\RsJzwMY.exe
  2⤵
  - Executes dropped EXE
  PID:3232
- C:\Windows\System\IScobRD.exe
  C:\Windows\System\IScobRD.exe
  2⤵
  - Executes dropped EXE
  PID:3144
- C:\Windows\System\xgcaQCG.exe
  C:\Windows\System\xgcaQCG.exe
  2⤵
  - Executes dropped EXE
  PID:2384
- C:\Windows\System\vvqDTKE.exe
  C:\Windows\System\vvqDTKE.exe
  2⤵
  - Executes dropped EXE
  PID:3128
- C:\Windows\System\hezGSdK.exe
  C:\Windows\System\hezGSdK.exe
  2⤵
  - Executes dropped EXE
  PID:3628
- C:\Windows\System\JYfAZvN.exe
  C:\Windows\System\JYfAZvN.exe
  2⤵
  - Executes dropped EXE
  PID:4716
- C:\Windows\System\sGMPhdO.exe
  C:\Windows\System\sGMPhdO.exe
  2⤵
  - Executes dropped EXE
  PID:5040
- C:\Windows\System\YHISiDU.exe
  C:\Windows\System\YHISiDU.exe
  2⤵
  - Executes dropped EXE
  PID:1832
- C:\Windows\System\NHxMTdf.exe
  C:\Windows\System\NHxMTdf.exe
  2⤵
  - Executes dropped EXE
  PID:1228
- C:\Windows\System\vCyQKDz.exe
  C:\Windows\System\vCyQKDz.exe
  2⤵
  - Executes dropped EXE
  PID:2020
- C:\Windows\System\FmvxuuH.exe
  C:\Windows\System\FmvxuuH.exe
  2⤵
  - Executes dropped EXE
  PID:592
- C:\Windows\System\hqPsMzM.exe
  C:\Windows\System\hqPsMzM.exe
  2⤵
  - Executes dropped EXE
  PID:2884
- C:\Windows\System\QOUFzwl.exe
  C:\Windows\System\QOUFzwl.exe
  2⤵
  - Executes dropped EXE
  PID:3800
- C:\Windows\System\uQdtIbk.exe
  C:\Windows\System\uQdtIbk.exe
  2⤵
  - Executes dropped EXE
  PID:5088
- C:\Windows\System\BuGjIqE.exe
  C:\Windows\System\BuGjIqE.exe
  2⤵
  - Executes dropped EXE
  PID:2124
- C:\Windows\System\oihhOxC.exe
  C:\Windows\System\oihhOxC.exe
  2⤵
  - Executes dropped EXE
  PID:972
- C:\Windows\System\HaTKlTj.exe
  C:\Windows\System\HaTKlTj.exe
  2⤵
  - Executes dropped EXE
  PID:3704
- C:\Windows\System\ebtraXf.exe
  C:\Windows\System\ebtraXf.exe
  2⤵
  PID:4032
- C:\Windows\System\BmyFBli.exe
  C:\Windows\System\BmyFBli.exe
  2⤵
  PID:3560
- C:\Windows\System\LdFNhmj.exe
  C:\Windows\System\LdFNhmj.exe
  2⤵
  PID:2676
- C:\Windows\System\WTnIHLf.exe
  C:\Windows\System\WTnIHLf.exe
  2⤵
  PID:2252
- C:\Windows\System\LkQIMcc.exe
  C:\Windows\System\LkQIMcc.exe
  2⤵
  PID:4892
- C:\Windows\System\msjJeok.exe
  C:\Windows\System\msjJeok.exe
  2⤵
  PID:2612
- C:\Windows\System\TghDYJo.exe
  C:\Windows\System\TghDYJo.exe
  2⤵
  PID:4448
- C:\Windows\System\eEtsuRw.exe
  C:\Windows\System\eEtsuRw.exe
  2⤵
  PID:1828
- C:\Windows\System\EZSvWFC.exe
  C:\Windows\System\EZSvWFC.exe
  2⤵
  PID:4476
- C:\Windows\System\TnlZoJM.exe
  C:\Windows\System\TnlZoJM.exe
  2⤵
  PID:4760
- C:\Windows\System\WxSRJKV.exe
  C:\Windows\System\WxSRJKV.exe
  2⤵
  PID:3484
- C:\Windows\System\NArmRDz.exe
  C:\Windows\System\NArmRDz.exe
  2⤵
  PID:4320
- C:\Windows\System\ayshLbr.exe
  C:\Windows\System\ayshLbr.exe
  2⤵
  PID:864
- C:\Windows\System\DBVPYJZ.exe
  C:\Windows\System\DBVPYJZ.exe
  2⤵
  PID:1944
- C:\Windows\System\NSjdxVn.exe
  C:\Windows\System\NSjdxVn.exe
  2⤵
  PID:3456
- C:\Windows\System\PXDbCse.exe
  C:\Windows\System\PXDbCse.exe
  2⤵
  PID:2300
- C:\Windows\System\dMigxJB.exe
  C:\Windows\System\dMigxJB.exe
  2⤵
  PID:3276
- C:\Windows\System\WLuyIdH.exe
  C:\Windows\System\WLuyIdH.exe
  2⤵
  PID:2108
- C:\Windows\System\TqdGWvn.exe
  C:\Windows\System\TqdGWvn.exe
  2⤵
  PID:1852
- C:\Windows\System\zgoTVgS.exe
  C:\Windows\System\zgoTVgS.exe
  2⤵
  PID:1040
- C:\Windows\System\HKniCgL.exe
  C:\Windows\System\HKniCgL.exe
  2⤵
  PID:4644
- C:\Windows\System\RnUSkjB.exe
  C:\Windows\System\RnUSkjB.exe
  2⤵
  PID:5072
- C:\Windows\System\gLrNVIS.exe
  C:\Windows\System\gLrNVIS.exe
  2⤵
  PID:1612
- C:\Windows\System\BEiuVOJ.exe
  C:\Windows\System\BEiuVOJ.exe
  2⤵
  PID:3012
- C:\Windows\System\dmSkWqy.exe
  C:\Windows\System\dmSkWqy.exe
  2⤵
  PID:1800
- C:\Windows\System\BAzEYdz.exe
  C:\Windows\System\BAzEYdz.exe
  2⤵
  PID:4508
- C:\Windows\System\UaLdblw.exe
  C:\Windows\System\UaLdblw.exe
  2⤵
  PID:3888
- C:\Windows\System\ckXWCMO.exe
  C:\Windows\System\ckXWCMO.exe
  2⤵
  PID:4992
- C:\Windows\System\JHPSbjy.exe
  C:\Windows\System\JHPSbjy.exe
  2⤵
  PID:2916
- C:\Windows\System\fSZbyxk.exe
  C:\Windows\System\fSZbyxk.exe
  2⤵
  PID:776
- C:\Windows\System\bBzVlSe.exe
  C:\Windows\System\bBzVlSe.exe
  2⤵
  PID:4132
- C:\Windows\System\tMYNifR.exe
  C:\Windows\System\tMYNifR.exe
  2⤵
  PID:5008
- C:\Windows\System\qxXuvGH.exe
  C:\Windows\System\qxXuvGH.exe
  2⤵
  PID:2388
- C:\Windows\System\pMraMiz.exe
  C:\Windows\System\pMraMiz.exe
  2⤵
  PID:812
- C:\Windows\System\hnRrGku.exe
  C:\Windows\System\hnRrGku.exe
  2⤵
  PID:5124
- C:\Windows\System\pVYTksx.exe
  C:\Windows\System\pVYTksx.exe
  2⤵
  PID:5148
- C:\Windows\System\RdoqOip.exe
  C:\Windows\System\RdoqOip.exe
  2⤵
  PID:5176
- C:\Windows\System\SdEzEqC.exe
  C:\Windows\System\SdEzEqC.exe
  2⤵
  PID:5204
- C:\Windows\System\fRVHXDl.exe
  C:\Windows\System\fRVHXDl.exe
  2⤵
  PID:5228
- C:\Windows\System\KKfAdqh.exe
  C:\Windows\System\KKfAdqh.exe
  2⤵
  PID:5264
- C:\Windows\System\ZrIwitZ.exe
  C:\Windows\System\ZrIwitZ.exe
  2⤵
  PID:5296
- C:\Windows\System\iPgDCBx.exe
  C:\Windows\System\iPgDCBx.exe
  2⤵
  PID:5332
- C:\Windows\System\ONbTmTd.exe
  C:\Windows\System\ONbTmTd.exe
  2⤵
  PID:5360
- C:\Windows\System\ybBLxGE.exe
  C:\Windows\System\ybBLxGE.exe
  2⤵
  PID:5392
- C:\Windows\System\kFESRKl.exe
  C:\Windows\System\kFESRKl.exe
  2⤵
  PID:5420
- C:\Windows\System\SGSrHEe.exe
  C:\Windows\System\SGSrHEe.exe
  2⤵
  PID:5444
- C:\Windows\System\EXcLFMs.exe
  C:\Windows\System\EXcLFMs.exe
  2⤵
  PID:5460
- C:\Windows\System\kpxYdhA.exe
  C:\Windows\System\kpxYdhA.exe
  2⤵
  PID:5492
- C:\Windows\System\kSyPWjd.exe
  C:\Windows\System\kSyPWjd.exe
  2⤵
  PID:5528
- C:\Windows\System\qJPwXuO.exe
  C:\Windows\System\qJPwXuO.exe
  2⤵
  PID:5564
- C:\Windows\System\GhvuMug.exe
  C:\Windows\System\GhvuMug.exe
  2⤵
  PID:5592
- C:\Windows\System\LPLsrms.exe
  C:\Windows\System\LPLsrms.exe
  2⤵
  PID:5616
- C:\Windows\System\bXUCmVU.exe
  C:\Windows\System\bXUCmVU.exe
  2⤵
  PID:5652
- C:\Windows\System\dIqETRK.exe
  C:\Windows\System\dIqETRK.exe
  2⤵
  PID:5676
- C:\Windows\System\zSnmGQV.exe
  C:\Windows\System\zSnmGQV.exe
  2⤵
  PID:5704
- C:\Windows\System\dGArlfw.exe
  C:\Windows\System\dGArlfw.exe
  2⤵
  PID:5720
- C:\Windows\System\ivqoLJs.exe
  C:\Windows\System\ivqoLJs.exe
  2⤵
  PID:5752
- C:\Windows\System\FKTeDGz.exe
  C:\Windows\System\FKTeDGz.exe
  2⤵
  PID:5788
- C:\Windows\System\NtwXIDS.exe
  C:\Windows\System\NtwXIDS.exe
  2⤵
  PID:5804
- C:\Windows\System\QGeRCeL.exe
  C:\Windows\System\QGeRCeL.exe
  2⤵
  PID:5832
- C:\Windows\System\jKbQtyy.exe
  C:\Windows\System\jKbQtyy.exe
  2⤵
  PID:5868
- C:\Windows\System\kMZYEBc.exe
  C:\Windows\System\kMZYEBc.exe
  2⤵
  PID:5904
- C:\Windows\System\mCirURb.exe
  C:\Windows\System\mCirURb.exe
  2⤵
  PID:5928
- C:\Windows\System\vJgLTzb.exe
  C:\Windows\System\vJgLTzb.exe
  2⤵
  PID:5968
- C:\Windows\System\OJeiQFY.exe
  C:\Windows\System\OJeiQFY.exe
  2⤵
  PID:5996
- C:\Windows\System\ejoikEW.exe
  C:\Windows\System\ejoikEW.exe
  2⤵
  PID:6024
- C:\Windows\System\bhatBql.exe
  C:\Windows\System\bhatBql.exe
  2⤵
  PID:6052
- C:\Windows\System\RdAwyOD.exe
  C:\Windows\System\RdAwyOD.exe
  2⤵
  PID:6080
- C:\Windows\System\nuvjkPJ.exe
  C:\Windows\System\nuvjkPJ.exe
  2⤵
  PID:6108
- C:\Windows\System\DAYqQhb.exe
  C:\Windows\System\DAYqQhb.exe
  2⤵
  PID:6136
- C:\Windows\System\PZALpjx.exe
  C:\Windows\System\PZALpjx.exe
  2⤵
  PID:5140
- C:\Windows\System\ObDxApw.exe
  C:\Windows\System\ObDxApw.exe
  2⤵
  PID:5252
- C:\Windows\System\TAKAoYA.exe
  C:\Windows\System\TAKAoYA.exe
  2⤵
  PID:5328
- C:\Windows\System\HtpCHRc.exe
  C:\Windows\System\HtpCHRc.exe
  2⤵
  PID:5288
- C:\Windows\System\PuvEPeM.exe
  C:\Windows\System\PuvEPeM.exe
  2⤵
  PID:5412
- C:\Windows\System\efZEdaJ.exe
  C:\Windows\System\efZEdaJ.exe
  2⤵
  PID:5500
- C:\Windows\System\HcIDIBc.exe
  C:\Windows\System\HcIDIBc.exe
  2⤵
  PID:5520
- C:\Windows\System\mqcKISx.exe
  C:\Windows\System\mqcKISx.exe
  2⤵
  PID:5612
- C:\Windows\System\yfjTXWL.exe
  C:\Windows\System\yfjTXWL.exe
  2⤵
  PID:5584
- C:\Windows\System\qtpiYaB.exe
  C:\Windows\System\qtpiYaB.exe
  2⤵
  PID:5664
- C:\Windows\System\mJQtxRz.exe
  C:\Windows\System\mJQtxRz.exe
  2⤵
  PID:5732
- C:\Windows\System\hKFUthp.exe
  C:\Windows\System\hKFUthp.exe
  2⤵
  PID:5796
- C:\Windows\System\nTCwOWU.exe
  C:\Windows\System\nTCwOWU.exe
  2⤵
  PID:5884
- C:\Windows\System\yvgnHcF.exe
  C:\Windows\System\yvgnHcF.exe
  2⤵
  PID:5960
- C:\Windows\System\UGWZEHB.exe
  C:\Windows\System\UGWZEHB.exe
  2⤵
  PID:6036
- C:\Windows\System\wDGJAWh.exe
  C:\Windows\System\wDGJAWh.exe
  2⤵
  PID:6100
- C:\Windows\System\fFPhVVF.exe
  C:\Windows\System\fFPhVVF.exe
  2⤵
  PID:5144
- C:\Windows\System\fShjyXX.exe
  C:\Windows\System\fShjyXX.exe
  2⤵
  PID:5372
- C:\Windows\System\ueshfAa.exe
  C:\Windows\System\ueshfAa.exe
  2⤵
  PID:5516
- C:\Windows\System\ItlCPyG.exe
  C:\Windows\System\ItlCPyG.exe
  2⤵
  PID:5688
- C:\Windows\System\ImVqvyJ.exe
  C:\Windows\System\ImVqvyJ.exe
  2⤵
  PID:5736
- C:\Windows\System\eUmrQHO.exe
  C:\Windows\System\eUmrQHO.exe
  2⤵
  PID:5940
- C:\Windows\System\IDhIeKY.exe
  C:\Windows\System\IDhIeKY.exe
  2⤵
  PID:640
- C:\Windows\System\FEVVyly.exe
  C:\Windows\System\FEVVyly.exe
  2⤵
  PID:5452
- C:\Windows\System\dRsBxWn.exe
  C:\Windows\System\dRsBxWn.exe
  2⤵
  PID:5780
- C:\Windows\System\FrXTNVx.exe
  C:\Windows\System\FrXTNVx.exe
  2⤵
  PID:6076
- C:\Windows\System\qsvLHGg.exe
  C:\Windows\System\qsvLHGg.exe
  2⤵
  PID:6008
- C:\Windows\System\wnNOJll.exe
  C:\Windows\System\wnNOJll.exe
  2⤵
  PID:5636
- C:\Windows\System\nxfSVEI.exe
  C:\Windows\System\nxfSVEI.exe
  2⤵
  PID:6164
- C:\Windows\System\azlRdCo.exe
  C:\Windows\System\azlRdCo.exe
  2⤵
  PID:6192
- C:\Windows\System\mQJzrvt.exe
  C:\Windows\System\mQJzrvt.exe
  2⤵
  PID:6212
- C:\Windows\System\cfcqZRZ.exe
  C:\Windows\System\cfcqZRZ.exe
  2⤵
  PID:6236
- C:\Windows\System\yeBcouI.exe
  C:\Windows\System\yeBcouI.exe
  2⤵
  PID:6264
- C:\Windows\System\IYWgXSf.exe
  C:\Windows\System\IYWgXSf.exe
  2⤵
  PID:6292
- C:\Windows\System\DqtyjdB.exe
  C:\Windows\System\DqtyjdB.exe
  2⤵
  PID:6328
- C:\Windows\System\WSepels.exe
  C:\Windows\System\WSepels.exe
  2⤵
  PID:6348
- C:\Windows\System\zCanMoj.exe
  C:\Windows\System\zCanMoj.exe
  2⤵
  PID:6376
- C:\Windows\System\hZUBBPh.exe
  C:\Windows\System\hZUBBPh.exe
  2⤵
  PID:6416
- C:\Windows\System\nxhrUjE.exe
  C:\Windows\System\nxhrUjE.exe
  2⤵
  PID:6432
- C:\Windows\System\IeOmQNc.exe
  C:\Windows\System\IeOmQNc.exe
  2⤵
  PID:6468
- C:\Windows\System\KNjuZjc.exe
  C:\Windows\System\KNjuZjc.exe
  2⤵
  PID:6500
- C:\Windows\System\vIXIsFj.exe
  C:\Windows\System\vIXIsFj.exe
  2⤵
  PID:6524
- C:\Windows\System\uZbGIyf.exe
  C:\Windows\System\uZbGIyf.exe
  2⤵
  PID:6568
- C:\Windows\System\SHKtzJq.exe
  C:\Windows\System\SHKtzJq.exe
  2⤵
  PID:6596
- C:\Windows\System\vowzXkn.exe
  C:\Windows\System\vowzXkn.exe
  2⤵
  PID:6612
- C:\Windows\System\LELdbRv.exe
  C:\Windows\System\LELdbRv.exe
  2⤵
  PID:6632
- C:\Windows\System\YrRVxhZ.exe
  C:\Windows\System\YrRVxhZ.exe
  2⤵
  PID:6664
- C:\Windows\System\ZyDxpHz.exe
  C:\Windows\System\ZyDxpHz.exe
  2⤵
  PID:6700
- C:\Windows\System\gHJpZya.exe
  C:\Windows\System\gHJpZya.exe
  2⤵
  PID:6728
- C:\Windows\System\JzPXVEn.exe
  C:\Windows\System\JzPXVEn.exe
  2⤵
  PID:6768
- C:\Windows\System\CbYVnPn.exe
  C:\Windows\System\CbYVnPn.exe
  2⤵
  PID:6792
- C:\Windows\System\soPdyYh.exe
  C:\Windows\System\soPdyYh.exe
  2⤵
  PID:6808
- C:\Windows\System\hqlRSja.exe
  C:\Windows\System\hqlRSja.exe
  2⤵
  PID:6828
- C:\Windows\System\iBjKpCy.exe
  C:\Windows\System\iBjKpCy.exe
  2⤵
  PID:6856
- C:\Windows\System\UktajMu.exe
  C:\Windows\System\UktajMu.exe
  2⤵
  PID:6884
- C:\Windows\System\pBfSvdT.exe
  C:\Windows\System\pBfSvdT.exe
  2⤵
  PID:6916
- C:\Windows\System\JQNAnTg.exe
  C:\Windows\System\JQNAnTg.exe
  2⤵
  PID:6952
- C:\Windows\System\rpNicOz.exe
  C:\Windows\System\rpNicOz.exe
  2⤵
  PID:6972
- C:\Windows\System\jyFdeVR.exe
  C:\Windows\System\jyFdeVR.exe
  2⤵
  PID:7008
- C:\Windows\System\eFDRwqd.exe
  C:\Windows\System\eFDRwqd.exe
  2⤵
  PID:7028
- C:\Windows\System\XfpOTWZ.exe
  C:\Windows\System\XfpOTWZ.exe
  2⤵
  PID:7056
- C:\Windows\System\qhwfADb.exe
  C:\Windows\System\qhwfADb.exe
  2⤵
  PID:7080
- C:\Windows\System\oOqZOld.exe
  C:\Windows\System\oOqZOld.exe
  2⤵
  PID:7112
- C:\Windows\System\CoHnmDz.exe
  C:\Windows\System\CoHnmDz.exe
  2⤵
  PID:7160

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System\BJaYmRw.exe

Filesize
1.6MB

MD5
9a6134152a933ea0215dcd45b6a98f0f

SHA1
b682d36f4874ec8f5f9ac35b8caad7d9323c1314

SHA256
c2f3c817d231ad219cb72fc4cdfe64eb5c97721c28034e12f2fef4c8471314fe

SHA512
6ccf10319c0e59af47cf046c1795f83767d6f6d51cf02b1d62f972fdf5e5ecb795c2357c54f7d1ffc1b67b2ce8fa57e0ac549905bca2696a4be4f7bd1fc3416d

Download Submit
C:\Windows\System\GNsPVGo.exe

Filesize
1.6MB

MD5
be4fe97262ad1c3f15862438a9c3d8a4

SHA1
9274f4e0307fce3bc90ddb92ed729b3ff50b1fd3

SHA256
f8227cc352bf2b99a6efbd6c65a56bb56e3ea69391b5396720f83777d6aa0631

SHA512
4933dafeead494912340a662e77c5e25fce929ac0eb4b40f41707995dc5aa16b091af8e3a1b73730026d6ef1c6ef649d76d324fdb3c0a921974cd7fa3335007d

Download Submit
C:\Windows\System\GfBwDkC.exe

Filesize
1.6MB

MD5
ddbc888a087382244d9e04459c62925e

SHA1
26c98c6f66560f0366ea79d1323a82a492328923

SHA256
6d0dc4934fc5284febe98cc487b55eb69dd855c3322293f03aa412d2f7f18c0a

SHA512
a929282ccf66c44cb18806ac63dae9de0a9af11700462f81b61a9956a951ec4e16f23a12b1bdae68e2eb309aea78bb62f19da0aefc9025a1cfabb4352d23e1d7

Download Submit
C:\Windows\System\KcbwCCY.exe

Filesize
1.6MB

MD5
4bcd7e859088b23a947e748c624ae2cc

SHA1
fff471553c6de7addbed9a13964fc1b00eab8b84

SHA256
39b9375554868fd80b3aa75fe67f8dce8ff4561c559a1d2e1f7c2a77714e8192

SHA512
52de7890c044260ae99ba50a096bda37c4a73d946c328ece49442664bb3d8f6db7dc88db9d8564a8415a372229dc2277241ce8fc5bf4500583b9e78d29bd50e5

Download Submit
C:\Windows\System\KiRTREh.exe

Filesize
1.6MB

MD5
502e02b8c4cb6d66dcf8e51a64a51dab

SHA1
b7e45bf1869cf296bd998b01f778e78ba534cb37

SHA256
a829643abdcf7ae5408dd44ad8373c2917d4a6b50939c53478e36c15446c8612

SHA512
e5f397b16e1d2c9124e1a245781297b2b1a9c5cf94eed2bd0cf306ac149b54928abe8abdb5da9bcae070848870cf16732c1e8075136fac533c9d5a6f9f9f59e0

Download Submit
C:\Windows\System\PQppnXV.exe

Filesize
1.6MB

MD5
48c8dd9882c55ea5bd0d7689537ed5e8

SHA1
678c8e8ebc4780eaac6c2a983abf319d056bbde7

SHA256
bff9486c99d9998e75d6424beeb2a81a43fde9c88127289cbe24a248ba76d89c

SHA512
da63d627a7f922471661152cd2718be68d2ffef04e6791bcf11c308de57116dfdba3c56d8fcd1c0c7bb30189d2d7c6727490d3be2159d58366862c4a38031397

Download Submit
C:\Windows\System\PjbWGwW.exe

Filesize
1.6MB

MD5
76ddee8675cb0a6682fad58ee205ab45

SHA1
7a87a56a90a395a92d4523d8b5cab785124cbd16

SHA256
2b5971c6869bac076fc8cf7c96d401bca8963620527c875abb2bb89c0d9d7d13

SHA512
e72491e0e3cd41ea005cfebfa03590e0589fbd0740031faaab759e30f3be57c09054c17c97069b66a45bb46609512a83de3ad95a8cd8b01af634d4067b4d1bd7

Download Submit
C:\Windows\System\PjpCLHZ.exe

Filesize
1.6MB

MD5
c716150d41e44ad1d4f0c00da6faf038

SHA1
b6970195894e43db33a2670224b6ce1377a546d2

SHA256
3c202a5afbf5443588e58c214b1f58dc45a98d0ade71c7584aa4e78979f94993

SHA512
7b88c6e5f31dec9bda561743213f44f421013aae193997f4b49eda83f991f23ea3a51145680c09458c93a2ab27347f07edfd5f167d042319497c997df30cda92

Download Submit
C:\Windows\System\STeeQoK.exe

Filesize
1.6MB

MD5
b52b04e19140c437f5d6866b1b04b243

SHA1
1973d9536bb503a44def54bf05310759c6de44f7

SHA256
894ff19210ee873e7077978bf54bba0da58e82a29c63340b68f3f52baa23648e

SHA512
b4b33faa5c599dd123e40ee44ae682199f5ea3c040b1f4a6c579b34b974ffae7f0f8c530f9fe97eb668d72535f645162f67911b6cc664d70c942983e2e95278f

Download Submit
C:\Windows\System\TGIcjJc.exe

Filesize
1.6MB

MD5
c197486225638320cfb68ba0b3581671

SHA1
51246937f2207d8fd8c3e22d2021a20e18ac2cd6

SHA256
05d77ad45764d2c690a462edbf9d6b65bde7691c0da70a568705d6c1a9d447c2

SHA512
b6525bbf8f446de6e84e4fe8cd62acbed0a1d575f23358a0a4e6e8d6cb406088c3f0c59ed6c722b3f01dd30215caeeacffce8d25fb2864e7d7f08c7b2f7327e2

Download Submit
C:\Windows\System\UIDNIrf.exe

Filesize
1.6MB

MD5
0c4b7fb8c997b42337ec0310a28688d0

SHA1
a5520f2133dcdfcc4f3b3456991e92708d21b9ef

SHA256
7c9348a0ca0c368c2fb23695a7250e8444d097958adc1cf6d92df041b8b11095

SHA512
6bcc3c1bbed0033eaa433a0690d643d523132fd42806057dc97dc722d4ac8614611130558deff39644916360e4a198b1c65e254b5730f77d25d60c99650768f4

Download Submit
C:\Windows\System\VerlgAs.exe

Filesize
1.6MB

MD5
06359054ca5934ff735c66effdcc5abc

SHA1
06b1df1640d09b859d3802f56add66c27d67709d

SHA256
cfb6e33b6006a557b7f98fcbbc7e5873697b1f0cbdb24669f2ccefaab5160a1b

SHA512
cc37eaa34997bc8b70b5d1bce3d47218204384f43e0df905cce2efb7d7da8e1b1b9e824b8d2fcdcaf9fc06d586d2726604fab05a8e9fbbabdc03c395d0676ce4

Download Submit
C:\Windows\System\YaoSctk.exe

Filesize
1.6MB

MD5
37b08d55d7c6c81d58871532e76290f7

SHA1
3ec637c98a4fff8cec5e6373214d50592de28924

SHA256
7d1cc78c5435365e5633c0ec26fa4caa115367cf8780eebc75fa60aac94043fa

SHA512
37e1d3b344a0cbcc94d0f643183760753375c027e7a99ddd2fbc8ca751c07511891eefd0fa3e42fff9f0ef308b53238b7b060bf239f448f93a4d91b6a838b8b9

Download Submit
C:\Windows\System\YuMnepd.exe

Filesize
1.6MB

MD5
6eb4b2f7ef87878ff33434a63d840ed4

SHA1
b1da99edf912e7e39a1ffe29d3d335e8aaf5de37

SHA256
d942202fd22da83c197b09dc5c74f75b7bce8c15db7d5a8b4ec9a5d92fb6d07e

SHA512
44c7bfd3e468a919b04f9078fc2999c4624663ce38cc8c2cde86a681e3795b7ff2993c911a9b340576cc58d1cc38c34b79e2a218097e790a2898d040db720fbd

Download Submit
C:\Windows\System\YxstMNh.exe

Filesize
1.6MB

MD5
b43b9755ce10426c69da9a4ad0ee6ba7

SHA1
4cd135230382abde55f67f59509b0a3d5c610734

SHA256
8f6e1e6c9d3f6569746dfd496e239b72d7e897ca921558c9371a71dd5354d198

SHA512
a98257299958f9207c50dc7e6c3f99985d71f682f1c0992dbef41a9db5a09edce26c860c0568ecef9a3116813a78047aebb0cb3105e859985f4c20a18752a309

Download Submit
C:\Windows\System\ZUBsmRS.exe

Filesize
1.6MB

MD5
b945c2e5d8bab8dc138788ae017702b4

SHA1
82b0132fcdfefe825ef0e84c56960701ff23c31b

SHA256
421048f9cdd899bcc7b90639f7f90a53c7b169155a78936d484d5bf18b748cb8

SHA512
75a981aa8600d25be25e2b6b7080fbb28196dcb5a5df3c504950935aa95982959f5e70c50f7f6e9488bc3eecd27d37a5e350080a08c9c4e2ec9833dc4f9ad0c7

Download Submit
C:\Windows\System\azOurxK.exe

Filesize
1.6MB

MD5
a18f4b8b133fb3fcb46113436bab7992

SHA1
ae2c600276f2cd4df3455af31c0e9fd385b68d4f

SHA256
7d09238942664f426df9545e853440f36d57f249f402d9bf33e13693d513b396

SHA512
d87fbf9ea01fbf2595008a95545c978fbbc57b1ff1584f76bd160b8e518cbd10648cb194e299d1c64c427de41b04dbed666f610913b74e6d7b06fe97d8148702

Download Submit
C:\Windows\System\dVdBUhU.exe

Filesize
1.6MB

MD5
f9a541ef70cd804b5985fd0174884124

SHA1
6bbfcc50165b347d29ab59797cbe94f6ac863352

SHA256
4cd336615878b9186638c359dfa933c9eab2501edf1224653cece08d8ff1a0b0

SHA512
c710f5ad22d7555e014f9de7b1ee1c97e5b31cd8dee0f1575c01035b7cfd639c2660c5cfcdb812a05c2657acc903bbee7804febc94326d90fcca3d27c02a3f1f

Download Submit
C:\Windows\System\eXLqmmT.exe

Filesize
1.6MB

MD5
74838e668ebade6d388e5578ef7626d5

SHA1
291eaa6d3e334e64226ed4289d19a2c04a54374f

SHA256
7059c682545361f88cab2b6f257bfb80c19ac1bbb238ae636cfdc0691e1cb1fd

SHA512
6e2c1c53c6887552e730bbd63ab741d69b859af529f36091a704e2b78feac0803ef6c9416c032f8cd1b00de3c35d14ef31ab25dd3548f18574d60c8ce47e07c2

Download Submit
C:\Windows\System\gchPTGl.exe

Filesize
1.6MB

MD5
79677f501a4798e7275d0dfeda0d3bdf

SHA1
57ef2bfa5ae977ee03e62c71e60a7c829cebbc83

SHA256
0c0f42ac5835af17e56887541cbb2520e1faf1470e10b7a8656909e4123ef477

SHA512
6c44e03cf19ede108ffbe536ce2ea1509c7af772bb118c2efbb1e4845764255381cbfedd041c5a244bb932f758006533a670ec184bcceaad40eaf008a25dc4e9

Download Submit
C:\Windows\System\goBidcE.exe

Filesize
1.6MB

MD5
cd6fdd998432bdb110447cb9d03bb331

SHA1
5ddd3611c3dd8af15b7d1331881b2e63813484f0

SHA256
6e0f3104d3f8668dadac6973cda6ed215f00fc1e4a8c25e0437b5eff9c1ecc87

SHA512
bb4b6fe376d538b05f451deb2afaf3000a19920f2b2f39be47269a56007388d4e0a255de7fc03ebe93d33e254699313a2b1cce4157b716e58a04a6bf3f8c0942

Download Submit
C:\Windows\System\iNYpdEG.exe

Filesize
1.6MB

MD5
b3ad143832382e1032b9ee9bd3f67b6a

SHA1
da56f0f0620c5ae30ed3be0732065455d3f14971

SHA256
0b0e712319b0982cf428b055f4e7babc6b609f87db354b02f01e8ba8954ccb49

SHA512
9cb34e94c0c76dd5e19b9f552aa0afc11106ece2c6d7eaeff1032b8d44fa5e4999303c6e570dd2157c6a09750238fe9277ebe9fd73625579acda511fdf0cbac0

Download Submit
C:\Windows\System\idodRct.exe

Filesize
1.6MB

MD5
974929d85963694bcb24523e35cdef2b

SHA1
0b3946426ff28d7fd1af8b2c9be9f929e4b8650b

SHA256
a15158873abda5d07abf6c912bf4a7b467ad2fa2e1af74d4b8cc9093a7c2fbaf

SHA512
5579210f77e9307ee5542a835dbc99b0923793b985c9046f5078299e8c7f3d7637c6ce757877256d3d187d62891945b18b9837fb89120f3deac8ca17cc1b0820

Download Submit
C:\Windows\System\jIiVqqq.exe

Filesize
1.6MB

MD5
9cb391cf9a19cb5cd35f13d340d65cb5

SHA1
48ce39399feaca57f680c36a254e77bf03f78ea8

SHA256
c2b9f981c561f54a940de05068c58e21d14c095d087cfab4f3fa0a916bd87d4d

SHA512
059d89a27ddf7960319c6bc90c3f020ebab6d272447471e66db28048efd7d90109540682f7dd271f75205a72b70ec6a945b3cc75ee1064519e8486f874627c97

Download Submit
C:\Windows\System\nUPTYAL.exe

Filesize
1.6MB

MD5
01685e69bb445e27aabc87a46df01640

SHA1
42b55965cf9b265a35cbffa44cfd94fcd05bc0f5

SHA256
367b365c9659d842da6bee9b618b6bb5a3a4a631837f797dfc0ed7304f137db2

SHA512
918f37ed939aff306d95ee66745f00feb4a1002cb0da40b01bc38ab62c1166ae75933217501a11368db1f713c3c39f40714451babcfc079d9faca27d94b8863d

Download Submit
C:\Windows\System\pJAEBZz.exe

Filesize
1.6MB

MD5
19b03b274cd86bf9fe50569aeb37fc8f

SHA1
8c8f76e9a053d4166a6b46b9b897fda0d4fa6989

SHA256
45bdad292d3380d9c613634b27de8224edec1c7f63c50ef916417a5bcf233889

SHA512
cad1ad91633682ee82fa96b43552f63bce87348d0cc7def379628dbbf1b13bf8cf72dce5ceb9533581e408c63139ee7ff3f4fd63df449c48c5c16ec993f58f93

Download Submit
C:\Windows\System\qwSRVkF.exe

Filesize
1.6MB

MD5
c2b47a552807d9541cb42a2e00b54070

SHA1
61998a3300dea46f14fe892bc29eebc93e6b359e

SHA256
397fd9c6f07a88f57eb14a6e08ebff893c5aef2f043ff2c8e99f6a667a760949

SHA512
ecdacb4211bc8d8f7bb834046fb70eaa1790f04951be40f3e5d7dd386c599c8311e464304c99f88619f1acd3c221505574033b0c00af3fbf31a9eda760d73444

Download Submit
C:\Windows\System\sKakhFR.exe

Filesize
1.6MB

MD5
881ddb80e23fbbd9f9e4c3a033e40b58

SHA1
44e69fd5cf2d2ea63224081721c5775dc7e19b9e

SHA256
68644f09bddf522ffaa4c37ebcdce75d28e8aaf6b1c46baae9dc95926570b8d9

SHA512
0f30ae23ef95e2a536fc43785c81e529997481329193dbd44b9e2999c0a979b7c0da2a1ac75f0dfde0cd53a9e873e21189b5fcda6533233a47e0d638c99b1e99

Download Submit
C:\Windows\System\sitXMlF.exe

Filesize
1.6MB

MD5
dd0093f6650f123548b0350ef8b3cddf

SHA1
3e364446da97a918fd29c5b65b514ea7bf0794ff

SHA256
54019341b4b10e49724c4760338ad3463d9c666b0c0cad33d4db946295501e17

SHA512
4689b05df93d176f6cf3ec965a39a8f4b2fb2ea8722d55e194a089f724d7e5a63c15689638ae158cd377b7dd64f2337817a9d36089b29b3ce98c6f803efd5180

Download Submit
C:\Windows\System\tAiUATL.exe

Filesize
1.6MB

MD5
4d4692f579a363df34768d598cbee7d8

SHA1
9436e2e1987e2422e04d785d524446da6854fd24

SHA256
45a384f915a59056b4f98f772436a7e3c2cb17ce479836d2fc3766d0c068ad94

SHA512
877f3704ab27baccb4be9fdfd66a90e1bc32bf3ce3d4237585d8586c530146d21cf1ac993058241598a9d11bbee24378f18a17219eaa096f9b0d99a110f071a4

Download Submit
C:\Windows\System\tfMGywM.exe

Filesize
1.6MB

MD5
15ee1b30f3374750e8221b2cc9b5dfa2

SHA1
6bde10700542490ca31aa6274757689ec54e7833

SHA256
b4a1d3dd69f13c14db3664e9d53c1b4aa5c72becd47fb7d60126d10734e8647d

SHA512
ca7becccff7735ad0affcd6ab1c38b08ed3c69576e0cda99385d0b713852d54758c32ec987ab90ad9b9ec19176d1527c89bcea25ec0327ef4b478001d6a5ec22

Download Submit
C:\Windows\System\vwyaaaX.exe

Filesize
1.6MB

MD5
a4cb6583c0b71722d7167dc01050b902

SHA1
c5e0ac791466ded5accefeb9d220fce03f63b406

SHA256
f9c8e5b0443192a1c9899195aa936f7be674580ee2962214a5b7833c2a5c22a0

SHA512
e65297dc2b3468d1fe3d7f9a6f167218250fc1f42e9e428f23fec93e346ffd6b18d7167975fdd401620284950eb795a509d1bd413bba0ab3c85f32c2970311a8

Download Submit
C:\Windows\System\xihWzko.exe

Filesize
1.6MB

MD5
e53a7461dc4deaf76dac78c43e8ebd21

SHA1
f2efa5c5fd556a4b22019428b7664067d2fbd03a

SHA256
afed71f238571b7e5e99d04590ae19726a7bc33aa37fde95f5d70d4c09704ff3

SHA512
e2b65e5b281366bbdb697953b9f1b890556457a75f4f206b5c73c9b8fe6b6c8f4d6c55b95a61bb0514ef1a3447d91775864868fd5b2881e1f0ee9abe7e6decaf

Download Submit
memory/3176-0-0x0000019A8A4C0000-0x0000019A8A4D0000-memory.dmp

Filesize
64KB

Download