xmrig | 33354ddbb815bacde695f519bdca8716aa1c5a14460c22abccabc90eda0dabf8

Analysis

max time kernel
138s
max time network
144s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
16/08/2024, 21:02

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

33354ddbb815bacde695f519bdca8716aa1c5a14460c22abccabc90eda0dabf8.exe
Size

1.3MB
MD5

3cce89f44c7ce45cc1d6d5cb94a2ea32
SHA1

f300ff48baf181bf19cc0b86ab2f33fe721920be
SHA256

33354ddbb815bacde695f519bdca8716aa1c5a14460c22abccabc90eda0dabf8
SHA512

65b92def7883f66482c14423866dae0955df7f50600452ae2125bc1ea7cd6c6b024d3ed956c9bc5e1a4a4acf1442f8f94890fc4a1d34f684f9697bfb1c962e9d
SSDEEP

24576:GezaTnG99Q8FcNrpyNdfE0bLBgDOp2iSLz9LbBwlKensYKkTT7UudBW9VFIk9B:GezaTF8FcNkNdfE0pZ9oztFwI6KDFfL

Score

10^/10

xmrig miner

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 33 IoCs

miner

resource	yara_rule
behavioral2/files/0x00080000000234ba-4.dat	xmrig
behavioral2/files/0x00070000000234bf-7.dat	xmrig
behavioral2/files/0x00070000000234be-9.dat	xmrig
behavioral2/files/0x00070000000234c0-20.dat	xmrig
behavioral2/files/0x00070000000234c3-34.dat	xmrig
behavioral2/files/0x00070000000234c8-57.dat	xmrig
behavioral2/files/0x00070000000234ce-95.dat	xmrig
behavioral2/files/0x00070000000234d4-125.dat	xmrig
behavioral2/files/0x00070000000234da-147.dat	xmrig
behavioral2/files/0x00070000000234dd-162.dat	xmrig
behavioral2/files/0x00070000000234db-160.dat	xmrig
behavioral2/files/0x00070000000234dc-157.dat	xmrig
behavioral2/files/0x00070000000234d9-150.dat	xmrig
behavioral2/files/0x00070000000234d8-145.dat	xmrig
behavioral2/files/0x00070000000234d7-140.dat	xmrig
behavioral2/files/0x00070000000234d6-135.dat	xmrig
behavioral2/files/0x00070000000234d5-130.dat	xmrig
behavioral2/files/0x00070000000234d3-120.dat	xmrig
behavioral2/files/0x00070000000234d2-115.dat	xmrig
behavioral2/files/0x00070000000234d1-110.dat	xmrig
behavioral2/files/0x00070000000234d0-105.dat	xmrig
behavioral2/files/0x00070000000234cf-100.dat	xmrig
behavioral2/files/0x00070000000234cd-90.dat	xmrig
behavioral2/files/0x00070000000234cc-85.dat	xmrig
behavioral2/files/0x00070000000234cb-80.dat	xmrig
behavioral2/files/0x00070000000234ca-75.dat	xmrig
behavioral2/files/0x00070000000234c9-70.dat	xmrig
behavioral2/files/0x00070000000234c7-60.dat	xmrig
behavioral2/files/0x00070000000234c6-52.dat	xmrig
behavioral2/files/0x00070000000234c5-48.dat	xmrig
behavioral2/files/0x00070000000234c4-43.dat	xmrig
behavioral2/files/0x00070000000234c2-30.dat	xmrig
behavioral2/files/0x00070000000234c1-24.dat	xmrig

Executes dropped EXE 64 IoCs

pid	Process
572	xsrDMyZ.exe
3392	AqRSBeN.exe
2488	umuXqjr.exe
2688	GjacjtA.exe
392	DMASfcX.exe
4600	AKMPGnC.exe
1608	ZAwFdIB.exe
4400	ojCRMEL.exe
3044	pKhmsFo.exe
3076	LZNJrPa.exe
3104	YvNNPZu.exe
828	dAedAYc.exe
3512	KoeLHgj.exe
4140	KGgpRBY.exe
2812	nycgQWK.exe
4664	surQwXW.exe
5060	kJoCYat.exe
4956	xrUIeIK.exe
3644	ayZPsMa.exe
2544	gxeeRSe.exe
1004	YepjXWn.exe
328	IwGukmN.exe
1092	xFpCgEi.exe
224	iAUpIjt.exe
4380	RPzPsSc.exe
3592	tLFNvtH.exe
1080	MIMooZg.exe
3836	QQSGdmS.exe
3960	HpBqWSS.exe
1620	ogPdmao.exe
4212	LoVMMVv.exe
4252	OEKfGgT.exe
1752	DIIbexQ.exe
316	NDWEgYV.exe
740	QLPQtaH.exe
3996	RYwHhVv.exe
3424	lEBWLrc.exe
1600	mjaOBjM.exe
3956	zUjAuAB.exe
3304	FDWqVjD.exe
4532	zMSNLgN.exe
2868	JqRbGrV.exe
1604	YqLlkcY.exe
4908	IsIwIOM.exe
2732	ZbwrvXQ.exe
2336	PqeVlTM.exe
1912	fKNtrdS.exe
2652	jhCSjPN.exe
4780	SnPKMxb.exe
1072	cQsbvBO.exe
3704	AcfqmHt.exe
3448	nRUPuzR.exe
4360	oTyWgpV.exe
1176	FaHZKfA.exe
1412	munIXbC.exe
556	xNkvmgb.exe
3804	djxostE.exe
5108	jBCsnAW.exe
1228	hkpaJjO.exe
1948	xmEWapU.exe
4960	hcWnQYY.exe
1900	BMzhBzB.exe
1268	SWgOeom.exe
4508	bFsjjnv.exe

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\nRUPuzR.exe	33354ddbb815bacde695f519bdca8716aa1c5a14460c22abccabc90eda0dabf8.exe
File created	C:\Windows\System\LhHRvOo.exe	33354ddbb815bacde695f519bdca8716aa1c5a14460c22abccabc90eda0dabf8.exe
File created	C:\Windows\System\hPAbULJ.exe	33354ddbb815bacde695f519bdca8716aa1c5a14460c22abccabc90eda0dabf8.exe
File created	C:\Windows\System\BAAEEkf.exe	33354ddbb815bacde695f519bdca8716aa1c5a14460c22abccabc90eda0dabf8.exe
File created	C:\Windows\System\KRwtvQD.exe	33354ddbb815bacde695f519bdca8716aa1c5a14460c22abccabc90eda0dabf8.exe
File created	C:\Windows\System\ulDjHBF.exe	33354ddbb815bacde695f519bdca8716aa1c5a14460c22abccabc90eda0dabf8.exe
File created	C:\Windows\System\bFsjjnv.exe	33354ddbb815bacde695f519bdca8716aa1c5a14460c22abccabc90eda0dabf8.exe
File created	C:\Windows\System\XyDnXpx.exe	33354ddbb815bacde695f519bdca8716aa1c5a14460c22abccabc90eda0dabf8.exe
File created	C:\Windows\System\iLRSFRr.exe	33354ddbb815bacde695f519bdca8716aa1c5a14460c22abccabc90eda0dabf8.exe
File created	C:\Windows\System\zUjAuAB.exe	33354ddbb815bacde695f519bdca8716aa1c5a14460c22abccabc90eda0dabf8.exe
File created	C:\Windows\System\yimsMmw.exe	33354ddbb815bacde695f519bdca8716aa1c5a14460c22abccabc90eda0dabf8.exe
File created	C:\Windows\System\qbyFaEV.exe	33354ddbb815bacde695f519bdca8716aa1c5a14460c22abccabc90eda0dabf8.exe
File created	C:\Windows\System\ENKyrYP.exe	33354ddbb815bacde695f519bdca8716aa1c5a14460c22abccabc90eda0dabf8.exe
File created	C:\Windows\System\munIXbC.exe	33354ddbb815bacde695f519bdca8716aa1c5a14460c22abccabc90eda0dabf8.exe
File created	C:\Windows\System\uGtrxPn.exe	33354ddbb815bacde695f519bdca8716aa1c5a14460c22abccabc90eda0dabf8.exe
File created	C:\Windows\System\hXyEbpw.exe	33354ddbb815bacde695f519bdca8716aa1c5a14460c22abccabc90eda0dabf8.exe
File created	C:\Windows\System\LZNJrPa.exe	33354ddbb815bacde695f519bdca8716aa1c5a14460c22abccabc90eda0dabf8.exe
File created	C:\Windows\System\kwvsPkI.exe	33354ddbb815bacde695f519bdca8716aa1c5a14460c22abccabc90eda0dabf8.exe
File created	C:\Windows\System\KGgpRBY.exe	33354ddbb815bacde695f519bdca8716aa1c5a14460c22abccabc90eda0dabf8.exe
File created	C:\Windows\System\AGiplTj.exe	33354ddbb815bacde695f519bdca8716aa1c5a14460c22abccabc90eda0dabf8.exe
File created	C:\Windows\System\nIXMDSv.exe	33354ddbb815bacde695f519bdca8716aa1c5a14460c22abccabc90eda0dabf8.exe
File created	C:\Windows\System\cBGCFPU.exe	33354ddbb815bacde695f519bdca8716aa1c5a14460c22abccabc90eda0dabf8.exe
File created	C:\Windows\System\oTyWgpV.exe	33354ddbb815bacde695f519bdca8716aa1c5a14460c22abccabc90eda0dabf8.exe
File created	C:\Windows\System\BMzhBzB.exe	33354ddbb815bacde695f519bdca8716aa1c5a14460c22abccabc90eda0dabf8.exe
File created	C:\Windows\System\YVHNdHy.exe	33354ddbb815bacde695f519bdca8716aa1c5a14460c22abccabc90eda0dabf8.exe
File created	C:\Windows\System\fWQIhbE.exe	33354ddbb815bacde695f519bdca8716aa1c5a14460c22abccabc90eda0dabf8.exe
File created	C:\Windows\System\GjacjtA.exe	33354ddbb815bacde695f519bdca8716aa1c5a14460c22abccabc90eda0dabf8.exe
File created	C:\Windows\System\RYwHhVv.exe	33354ddbb815bacde695f519bdca8716aa1c5a14460c22abccabc90eda0dabf8.exe
File created	C:\Windows\System\SPeuZbW.exe	33354ddbb815bacde695f519bdca8716aa1c5a14460c22abccabc90eda0dabf8.exe
File created	C:\Windows\System\ZAwFdIB.exe	33354ddbb815bacde695f519bdca8716aa1c5a14460c22abccabc90eda0dabf8.exe
File created	C:\Windows\System\YvNNPZu.exe	33354ddbb815bacde695f519bdca8716aa1c5a14460c22abccabc90eda0dabf8.exe
File created	C:\Windows\System\XfHYkdE.exe	33354ddbb815bacde695f519bdca8716aa1c5a14460c22abccabc90eda0dabf8.exe
File created	C:\Windows\System\gmIOSgX.exe	33354ddbb815bacde695f519bdca8716aa1c5a14460c22abccabc90eda0dabf8.exe
File created	C:\Windows\System\OaXvMHA.exe	33354ddbb815bacde695f519bdca8716aa1c5a14460c22abccabc90eda0dabf8.exe
File created	C:\Windows\System\NdwQuEh.exe	33354ddbb815bacde695f519bdca8716aa1c5a14460c22abccabc90eda0dabf8.exe
File created	C:\Windows\System\umuXqjr.exe	33354ddbb815bacde695f519bdca8716aa1c5a14460c22abccabc90eda0dabf8.exe
File created	C:\Windows\System\surQwXW.exe	33354ddbb815bacde695f519bdca8716aa1c5a14460c22abccabc90eda0dabf8.exe
File created	C:\Windows\System\ownJOQb.exe	33354ddbb815bacde695f519bdca8716aa1c5a14460c22abccabc90eda0dabf8.exe
File created	C:\Windows\System\ZbwrvXQ.exe	33354ddbb815bacde695f519bdca8716aa1c5a14460c22abccabc90eda0dabf8.exe
File created	C:\Windows\System\FraPQad.exe	33354ddbb815bacde695f519bdca8716aa1c5a14460c22abccabc90eda0dabf8.exe
File created	C:\Windows\System\FNhvOst.exe	33354ddbb815bacde695f519bdca8716aa1c5a14460c22abccabc90eda0dabf8.exe
File created	C:\Windows\System\dCWFaFZ.exe	33354ddbb815bacde695f519bdca8716aa1c5a14460c22abccabc90eda0dabf8.exe
File created	C:\Windows\System\bcatcFy.exe	33354ddbb815bacde695f519bdca8716aa1c5a14460c22abccabc90eda0dabf8.exe
File created	C:\Windows\System\VqZpafD.exe	33354ddbb815bacde695f519bdca8716aa1c5a14460c22abccabc90eda0dabf8.exe
File created	C:\Windows\System\zxmBpdz.exe	33354ddbb815bacde695f519bdca8716aa1c5a14460c22abccabc90eda0dabf8.exe
File created	C:\Windows\System\kJoCYat.exe	33354ddbb815bacde695f519bdca8716aa1c5a14460c22abccabc90eda0dabf8.exe
File created	C:\Windows\System\NDWEgYV.exe	33354ddbb815bacde695f519bdca8716aa1c5a14460c22abccabc90eda0dabf8.exe
File created	C:\Windows\System\FDWqVjD.exe	33354ddbb815bacde695f519bdca8716aa1c5a14460c22abccabc90eda0dabf8.exe
File created	C:\Windows\System\Hoqerfh.exe	33354ddbb815bacde695f519bdca8716aa1c5a14460c22abccabc90eda0dabf8.exe
File created	C:\Windows\System\iOXtWwH.exe	33354ddbb815bacde695f519bdca8716aa1c5a14460c22abccabc90eda0dabf8.exe
File created	C:\Windows\System\bhZIIPU.exe	33354ddbb815bacde695f519bdca8716aa1c5a14460c22abccabc90eda0dabf8.exe
File created	C:\Windows\System\mjaOBjM.exe	33354ddbb815bacde695f519bdca8716aa1c5a14460c22abccabc90eda0dabf8.exe
File created	C:\Windows\System\vPVPXpB.exe	33354ddbb815bacde695f519bdca8716aa1c5a14460c22abccabc90eda0dabf8.exe
File created	C:\Windows\System\YIWsPBb.exe	33354ddbb815bacde695f519bdca8716aa1c5a14460c22abccabc90eda0dabf8.exe
File created	C:\Windows\System\tLooehm.exe	33354ddbb815bacde695f519bdca8716aa1c5a14460c22abccabc90eda0dabf8.exe
File created	C:\Windows\System\OjzIMVz.exe	33354ddbb815bacde695f519bdca8716aa1c5a14460c22abccabc90eda0dabf8.exe
File created	C:\Windows\System\tCiUXrx.exe	33354ddbb815bacde695f519bdca8716aa1c5a14460c22abccabc90eda0dabf8.exe
File created	C:\Windows\System\GsqddPp.exe	33354ddbb815bacde695f519bdca8716aa1c5a14460c22abccabc90eda0dabf8.exe
File created	C:\Windows\System\DMASfcX.exe	33354ddbb815bacde695f519bdca8716aa1c5a14460c22abccabc90eda0dabf8.exe
File created	C:\Windows\System\KoeLHgj.exe	33354ddbb815bacde695f519bdca8716aa1c5a14460c22abccabc90eda0dabf8.exe
File created	C:\Windows\System\hcWnQYY.exe	33354ddbb815bacde695f519bdca8716aa1c5a14460c22abccabc90eda0dabf8.exe
File created	C:\Windows\System\yTepEkd.exe	33354ddbb815bacde695f519bdca8716aa1c5a14460c22abccabc90eda0dabf8.exe
File created	C:\Windows\System\YZxLndI.exe	33354ddbb815bacde695f519bdca8716aa1c5a14460c22abccabc90eda0dabf8.exe
File created	C:\Windows\System\jMenPxu.exe	33354ddbb815bacde695f519bdca8716aa1c5a14460c22abccabc90eda0dabf8.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeLockMemoryPrivilege	1596	33354ddbb815bacde695f519bdca8716aa1c5a14460c22abccabc90eda0dabf8.exe
Token: SeLockMemoryPrivilege	1596	33354ddbb815bacde695f519bdca8716aa1c5a14460c22abccabc90eda0dabf8.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1596 wrote to memory of 572	1596	33354ddbb815bacde695f519bdca8716aa1c5a14460c22abccabc90eda0dabf8.exe	85
PID 1596 wrote to memory of 572	1596	33354ddbb815bacde695f519bdca8716aa1c5a14460c22abccabc90eda0dabf8.exe	85
PID 1596 wrote to memory of 3392	1596	33354ddbb815bacde695f519bdca8716aa1c5a14460c22abccabc90eda0dabf8.exe	86
PID 1596 wrote to memory of 3392	1596	33354ddbb815bacde695f519bdca8716aa1c5a14460c22abccabc90eda0dabf8.exe	86
PID 1596 wrote to memory of 2488	1596	33354ddbb815bacde695f519bdca8716aa1c5a14460c22abccabc90eda0dabf8.exe	87
PID 1596 wrote to memory of 2488	1596	33354ddbb815bacde695f519bdca8716aa1c5a14460c22abccabc90eda0dabf8.exe	87
PID 1596 wrote to memory of 2688	1596	33354ddbb815bacde695f519bdca8716aa1c5a14460c22abccabc90eda0dabf8.exe	88
PID 1596 wrote to memory of 2688	1596	33354ddbb815bacde695f519bdca8716aa1c5a14460c22abccabc90eda0dabf8.exe	88
PID 1596 wrote to memory of 392	1596	33354ddbb815bacde695f519bdca8716aa1c5a14460c22abccabc90eda0dabf8.exe	89
PID 1596 wrote to memory of 392	1596	33354ddbb815bacde695f519bdca8716aa1c5a14460c22abccabc90eda0dabf8.exe	89
PID 1596 wrote to memory of 4600	1596	33354ddbb815bacde695f519bdca8716aa1c5a14460c22abccabc90eda0dabf8.exe	90
PID 1596 wrote to memory of 4600	1596	33354ddbb815bacde695f519bdca8716aa1c5a14460c22abccabc90eda0dabf8.exe	90
PID 1596 wrote to memory of 1608	1596	33354ddbb815bacde695f519bdca8716aa1c5a14460c22abccabc90eda0dabf8.exe	91
PID 1596 wrote to memory of 1608	1596	33354ddbb815bacde695f519bdca8716aa1c5a14460c22abccabc90eda0dabf8.exe	91
PID 1596 wrote to memory of 4400	1596	33354ddbb815bacde695f519bdca8716aa1c5a14460c22abccabc90eda0dabf8.exe	92
PID 1596 wrote to memory of 4400	1596	33354ddbb815bacde695f519bdca8716aa1c5a14460c22abccabc90eda0dabf8.exe	92
PID 1596 wrote to memory of 3044	1596	33354ddbb815bacde695f519bdca8716aa1c5a14460c22abccabc90eda0dabf8.exe	93
PID 1596 wrote to memory of 3044	1596	33354ddbb815bacde695f519bdca8716aa1c5a14460c22abccabc90eda0dabf8.exe	93
PID 1596 wrote to memory of 3076	1596	33354ddbb815bacde695f519bdca8716aa1c5a14460c22abccabc90eda0dabf8.exe	94
PID 1596 wrote to memory of 3076	1596	33354ddbb815bacde695f519bdca8716aa1c5a14460c22abccabc90eda0dabf8.exe	94
PID 1596 wrote to memory of 3104	1596	33354ddbb815bacde695f519bdca8716aa1c5a14460c22abccabc90eda0dabf8.exe	95
PID 1596 wrote to memory of 3104	1596	33354ddbb815bacde695f519bdca8716aa1c5a14460c22abccabc90eda0dabf8.exe	95
PID 1596 wrote to memory of 828	1596	33354ddbb815bacde695f519bdca8716aa1c5a14460c22abccabc90eda0dabf8.exe	96
PID 1596 wrote to memory of 828	1596	33354ddbb815bacde695f519bdca8716aa1c5a14460c22abccabc90eda0dabf8.exe	96
PID 1596 wrote to memory of 3512	1596	33354ddbb815bacde695f519bdca8716aa1c5a14460c22abccabc90eda0dabf8.exe	97
PID 1596 wrote to memory of 3512	1596	33354ddbb815bacde695f519bdca8716aa1c5a14460c22abccabc90eda0dabf8.exe	97
PID 1596 wrote to memory of 4140	1596	33354ddbb815bacde695f519bdca8716aa1c5a14460c22abccabc90eda0dabf8.exe	98
PID 1596 wrote to memory of 4140	1596	33354ddbb815bacde695f519bdca8716aa1c5a14460c22abccabc90eda0dabf8.exe	98
PID 1596 wrote to memory of 2812	1596	33354ddbb815bacde695f519bdca8716aa1c5a14460c22abccabc90eda0dabf8.exe	99
PID 1596 wrote to memory of 2812	1596	33354ddbb815bacde695f519bdca8716aa1c5a14460c22abccabc90eda0dabf8.exe	99
PID 1596 wrote to memory of 4664	1596	33354ddbb815bacde695f519bdca8716aa1c5a14460c22abccabc90eda0dabf8.exe	100
PID 1596 wrote to memory of 4664	1596	33354ddbb815bacde695f519bdca8716aa1c5a14460c22abccabc90eda0dabf8.exe	100
PID 1596 wrote to memory of 5060	1596	33354ddbb815bacde695f519bdca8716aa1c5a14460c22abccabc90eda0dabf8.exe	101
PID 1596 wrote to memory of 5060	1596	33354ddbb815bacde695f519bdca8716aa1c5a14460c22abccabc90eda0dabf8.exe	101
PID 1596 wrote to memory of 4956	1596	33354ddbb815bacde695f519bdca8716aa1c5a14460c22abccabc90eda0dabf8.exe	102
PID 1596 wrote to memory of 4956	1596	33354ddbb815bacde695f519bdca8716aa1c5a14460c22abccabc90eda0dabf8.exe	102
PID 1596 wrote to memory of 3644	1596	33354ddbb815bacde695f519bdca8716aa1c5a14460c22abccabc90eda0dabf8.exe	103
PID 1596 wrote to memory of 3644	1596	33354ddbb815bacde695f519bdca8716aa1c5a14460c22abccabc90eda0dabf8.exe	103
PID 1596 wrote to memory of 2544	1596	33354ddbb815bacde695f519bdca8716aa1c5a14460c22abccabc90eda0dabf8.exe	104
PID 1596 wrote to memory of 2544	1596	33354ddbb815bacde695f519bdca8716aa1c5a14460c22abccabc90eda0dabf8.exe	104
PID 1596 wrote to memory of 1004	1596	33354ddbb815bacde695f519bdca8716aa1c5a14460c22abccabc90eda0dabf8.exe	105
PID 1596 wrote to memory of 1004	1596	33354ddbb815bacde695f519bdca8716aa1c5a14460c22abccabc90eda0dabf8.exe	105
PID 1596 wrote to memory of 328	1596	33354ddbb815bacde695f519bdca8716aa1c5a14460c22abccabc90eda0dabf8.exe	106
PID 1596 wrote to memory of 328	1596	33354ddbb815bacde695f519bdca8716aa1c5a14460c22abccabc90eda0dabf8.exe	106
PID 1596 wrote to memory of 1092	1596	33354ddbb815bacde695f519bdca8716aa1c5a14460c22abccabc90eda0dabf8.exe	107
PID 1596 wrote to memory of 1092	1596	33354ddbb815bacde695f519bdca8716aa1c5a14460c22abccabc90eda0dabf8.exe	107
PID 1596 wrote to memory of 224	1596	33354ddbb815bacde695f519bdca8716aa1c5a14460c22abccabc90eda0dabf8.exe	108
PID 1596 wrote to memory of 224	1596	33354ddbb815bacde695f519bdca8716aa1c5a14460c22abccabc90eda0dabf8.exe	108
PID 1596 wrote to memory of 4380	1596	33354ddbb815bacde695f519bdca8716aa1c5a14460c22abccabc90eda0dabf8.exe	109
PID 1596 wrote to memory of 4380	1596	33354ddbb815bacde695f519bdca8716aa1c5a14460c22abccabc90eda0dabf8.exe	109
PID 1596 wrote to memory of 3592	1596	33354ddbb815bacde695f519bdca8716aa1c5a14460c22abccabc90eda0dabf8.exe	110
PID 1596 wrote to memory of 3592	1596	33354ddbb815bacde695f519bdca8716aa1c5a14460c22abccabc90eda0dabf8.exe	110
PID 1596 wrote to memory of 1080	1596	33354ddbb815bacde695f519bdca8716aa1c5a14460c22abccabc90eda0dabf8.exe	111
PID 1596 wrote to memory of 1080	1596	33354ddbb815bacde695f519bdca8716aa1c5a14460c22abccabc90eda0dabf8.exe	111
PID 1596 wrote to memory of 3836	1596	33354ddbb815bacde695f519bdca8716aa1c5a14460c22abccabc90eda0dabf8.exe	112
PID 1596 wrote to memory of 3836	1596	33354ddbb815bacde695f519bdca8716aa1c5a14460c22abccabc90eda0dabf8.exe	112
PID 1596 wrote to memory of 3960	1596	33354ddbb815bacde695f519bdca8716aa1c5a14460c22abccabc90eda0dabf8.exe	113
PID 1596 wrote to memory of 3960	1596	33354ddbb815bacde695f519bdca8716aa1c5a14460c22abccabc90eda0dabf8.exe	113
PID 1596 wrote to memory of 1620	1596	33354ddbb815bacde695f519bdca8716aa1c5a14460c22abccabc90eda0dabf8.exe	114
PID 1596 wrote to memory of 1620	1596	33354ddbb815bacde695f519bdca8716aa1c5a14460c22abccabc90eda0dabf8.exe	114
PID 1596 wrote to memory of 4212	1596	33354ddbb815bacde695f519bdca8716aa1c5a14460c22abccabc90eda0dabf8.exe	115
PID 1596 wrote to memory of 4212	1596	33354ddbb815bacde695f519bdca8716aa1c5a14460c22abccabc90eda0dabf8.exe	115
PID 1596 wrote to memory of 4252	1596	33354ddbb815bacde695f519bdca8716aa1c5a14460c22abccabc90eda0dabf8.exe	116
PID 1596 wrote to memory of 4252	1596	33354ddbb815bacde695f519bdca8716aa1c5a14460c22abccabc90eda0dabf8.exe	116

C:\Users\Admin\AppData\Local\Temp\33354ddbb815bacde695f519bdca8716aa1c5a14460c22abccabc90eda0dabf8.exe
"C:\Users\Admin\AppData\Local\Temp\33354ddbb815bacde695f519bdca8716aa1c5a14460c22abccabc90eda0dabf8.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1596
- C:\Windows\System\xsrDMyZ.exe
  C:\Windows\System\xsrDMyZ.exe
  2⤵
  - Executes dropped EXE
  PID:572
- C:\Windows\System\AqRSBeN.exe
  C:\Windows\System\AqRSBeN.exe
  2⤵
  - Executes dropped EXE
  PID:3392
- C:\Windows\System\umuXqjr.exe
  C:\Windows\System\umuXqjr.exe
  2⤵
  - Executes dropped EXE
  PID:2488
- C:\Windows\System\GjacjtA.exe
  C:\Windows\System\GjacjtA.exe
  2⤵
  - Executes dropped EXE
  PID:2688
- C:\Windows\System\DMASfcX.exe
  C:\Windows\System\DMASfcX.exe
  2⤵
  - Executes dropped EXE
  PID:392
- C:\Windows\System\AKMPGnC.exe
  C:\Windows\System\AKMPGnC.exe
  2⤵
  - Executes dropped EXE
  PID:4600
- C:\Windows\System\ZAwFdIB.exe
  C:\Windows\System\ZAwFdIB.exe
  2⤵
  - Executes dropped EXE
  PID:1608
- C:\Windows\System\ojCRMEL.exe
  C:\Windows\System\ojCRMEL.exe
  2⤵
  - Executes dropped EXE
  PID:4400
- C:\Windows\System\pKhmsFo.exe
  C:\Windows\System\pKhmsFo.exe
  2⤵
  - Executes dropped EXE
  PID:3044
- C:\Windows\System\LZNJrPa.exe
  C:\Windows\System\LZNJrPa.exe
  2⤵
  - Executes dropped EXE
  PID:3076
- C:\Windows\System\YvNNPZu.exe
  C:\Windows\System\YvNNPZu.exe
  2⤵
  - Executes dropped EXE
  PID:3104
- C:\Windows\System\dAedAYc.exe
  C:\Windows\System\dAedAYc.exe
  2⤵
  - Executes dropped EXE
  PID:828
- C:\Windows\System\KoeLHgj.exe
  C:\Windows\System\KoeLHgj.exe
  2⤵
  - Executes dropped EXE
  PID:3512
- C:\Windows\System\KGgpRBY.exe
  C:\Windows\System\KGgpRBY.exe
  2⤵
  - Executes dropped EXE
  PID:4140
- C:\Windows\System\nycgQWK.exe
  C:\Windows\System\nycgQWK.exe
  2⤵
  - Executes dropped EXE
  PID:2812
- C:\Windows\System\surQwXW.exe
  C:\Windows\System\surQwXW.exe
  2⤵
  - Executes dropped EXE
  PID:4664
- C:\Windows\System\kJoCYat.exe
  C:\Windows\System\kJoCYat.exe
  2⤵
  - Executes dropped EXE
  PID:5060
- C:\Windows\System\xrUIeIK.exe
  C:\Windows\System\xrUIeIK.exe
  2⤵
  - Executes dropped EXE
  PID:4956
- C:\Windows\System\ayZPsMa.exe
  C:\Windows\System\ayZPsMa.exe
  2⤵
  - Executes dropped EXE
  PID:3644
- C:\Windows\System\gxeeRSe.exe
  C:\Windows\System\gxeeRSe.exe
  2⤵
  - Executes dropped EXE
  PID:2544
- C:\Windows\System\YepjXWn.exe
  C:\Windows\System\YepjXWn.exe
  2⤵
  - Executes dropped EXE
  PID:1004
- C:\Windows\System\IwGukmN.exe
  C:\Windows\System\IwGukmN.exe
  2⤵
  - Executes dropped EXE
  PID:328
- C:\Windows\System\xFpCgEi.exe
  C:\Windows\System\xFpCgEi.exe
  2⤵
  - Executes dropped EXE
  PID:1092
- C:\Windows\System\iAUpIjt.exe
  C:\Windows\System\iAUpIjt.exe
  2⤵
  - Executes dropped EXE
  PID:224
- C:\Windows\System\RPzPsSc.exe
  C:\Windows\System\RPzPsSc.exe
  2⤵
  - Executes dropped EXE
  PID:4380
- C:\Windows\System\tLFNvtH.exe
  C:\Windows\System\tLFNvtH.exe
  2⤵
  - Executes dropped EXE
  PID:3592
- C:\Windows\System\MIMooZg.exe
  C:\Windows\System\MIMooZg.exe
  2⤵
  - Executes dropped EXE
  PID:1080
- C:\Windows\System\QQSGdmS.exe
  C:\Windows\System\QQSGdmS.exe
  2⤵
  - Executes dropped EXE
  PID:3836
- C:\Windows\System\HpBqWSS.exe
  C:\Windows\System\HpBqWSS.exe
  2⤵
  - Executes dropped EXE
  PID:3960
- C:\Windows\System\ogPdmao.exe
  C:\Windows\System\ogPdmao.exe
  2⤵
  - Executes dropped EXE
  PID:1620
- C:\Windows\System\LoVMMVv.exe
  C:\Windows\System\LoVMMVv.exe
  2⤵
  - Executes dropped EXE
  PID:4212
- C:\Windows\System\OEKfGgT.exe
  C:\Windows\System\OEKfGgT.exe
  2⤵
  - Executes dropped EXE
  PID:4252
- C:\Windows\System\DIIbexQ.exe
  C:\Windows\System\DIIbexQ.exe
  2⤵
  - Executes dropped EXE
  PID:1752
- C:\Windows\System\NDWEgYV.exe
  C:\Windows\System\NDWEgYV.exe
  2⤵
  - Executes dropped EXE
  PID:316
- C:\Windows\System\QLPQtaH.exe
  C:\Windows\System\QLPQtaH.exe
  2⤵
  - Executes dropped EXE
  PID:740
- C:\Windows\System\RYwHhVv.exe
  C:\Windows\System\RYwHhVv.exe
  2⤵
  - Executes dropped EXE
  PID:3996
- C:\Windows\System\lEBWLrc.exe
  C:\Windows\System\lEBWLrc.exe
  2⤵
  - Executes dropped EXE
  PID:3424
- C:\Windows\System\mjaOBjM.exe
  C:\Windows\System\mjaOBjM.exe
  2⤵
  - Executes dropped EXE
  PID:1600
- C:\Windows\System\zUjAuAB.exe
  C:\Windows\System\zUjAuAB.exe
  2⤵
  - Executes dropped EXE
  PID:3956
- C:\Windows\System\FDWqVjD.exe
  C:\Windows\System\FDWqVjD.exe
  2⤵
  - Executes dropped EXE
  PID:3304
- C:\Windows\System\zMSNLgN.exe
  C:\Windows\System\zMSNLgN.exe
  2⤵
  - Executes dropped EXE
  PID:4532
- C:\Windows\System\JqRbGrV.exe
  C:\Windows\System\JqRbGrV.exe
  2⤵
  - Executes dropped EXE
  PID:2868
- C:\Windows\System\YqLlkcY.exe
  C:\Windows\System\YqLlkcY.exe
  2⤵
  - Executes dropped EXE
  PID:1604
- C:\Windows\System\IsIwIOM.exe
  C:\Windows\System\IsIwIOM.exe
  2⤵
  - Executes dropped EXE
  PID:4908
- C:\Windows\System\ZbwrvXQ.exe
  C:\Windows\System\ZbwrvXQ.exe
  2⤵
  - Executes dropped EXE
  PID:2732
- C:\Windows\System\PqeVlTM.exe
  C:\Windows\System\PqeVlTM.exe
  2⤵
  - Executes dropped EXE
  PID:2336
- C:\Windows\System\fKNtrdS.exe
  C:\Windows\System\fKNtrdS.exe
  2⤵
  - Executes dropped EXE
  PID:1912
- C:\Windows\System\jhCSjPN.exe
  C:\Windows\System\jhCSjPN.exe
  2⤵
  - Executes dropped EXE
  PID:2652
- C:\Windows\System\SnPKMxb.exe
  C:\Windows\System\SnPKMxb.exe
  2⤵
  - Executes dropped EXE
  PID:4780
- C:\Windows\System\cQsbvBO.exe
  C:\Windows\System\cQsbvBO.exe
  2⤵
  - Executes dropped EXE
  PID:1072
- C:\Windows\System\AcfqmHt.exe
  C:\Windows\System\AcfqmHt.exe
  2⤵
  - Executes dropped EXE
  PID:3704
- C:\Windows\System\nRUPuzR.exe
  C:\Windows\System\nRUPuzR.exe
  2⤵
  - Executes dropped EXE
  PID:3448
- C:\Windows\System\oTyWgpV.exe
  C:\Windows\System\oTyWgpV.exe
  2⤵
  - Executes dropped EXE
  PID:4360
- C:\Windows\System\FaHZKfA.exe
  C:\Windows\System\FaHZKfA.exe
  2⤵
  - Executes dropped EXE
  PID:1176
- C:\Windows\System\munIXbC.exe
  C:\Windows\System\munIXbC.exe
  2⤵
  - Executes dropped EXE
  PID:1412
- C:\Windows\System\xNkvmgb.exe
  C:\Windows\System\xNkvmgb.exe
  2⤵
  - Executes dropped EXE
  PID:556
- C:\Windows\System\djxostE.exe
  C:\Windows\System\djxostE.exe
  2⤵
  - Executes dropped EXE
  PID:3804
- C:\Windows\System\jBCsnAW.exe
  C:\Windows\System\jBCsnAW.exe
  2⤵
  - Executes dropped EXE
  PID:5108
- C:\Windows\System\hkpaJjO.exe
  C:\Windows\System\hkpaJjO.exe
  2⤵
  - Executes dropped EXE
  PID:1228
- C:\Windows\System\xmEWapU.exe
  C:\Windows\System\xmEWapU.exe
  2⤵
  - Executes dropped EXE
  PID:1948
- C:\Windows\System\hcWnQYY.exe
  C:\Windows\System\hcWnQYY.exe
  2⤵
  - Executes dropped EXE
  PID:4960
- C:\Windows\System\BMzhBzB.exe
  C:\Windows\System\BMzhBzB.exe
  2⤵
  - Executes dropped EXE
  PID:1900
- C:\Windows\System\SWgOeom.exe
  C:\Windows\System\SWgOeom.exe
  2⤵
  - Executes dropped EXE
  PID:1268
- C:\Windows\System\bFsjjnv.exe
  C:\Windows\System\bFsjjnv.exe
  2⤵
  - Executes dropped EXE
  PID:4508
- C:\Windows\System\lVLUqkc.exe
  C:\Windows\System\lVLUqkc.exe
  2⤵
  PID:1152
- C:\Windows\System\odDpDpv.exe
  C:\Windows\System\odDpDpv.exe
  2⤵
  PID:4944
- C:\Windows\System\NlMHVkj.exe
  C:\Windows\System\NlMHVkj.exe
  2⤵
  PID:1940
- C:\Windows\System\fJBYRai.exe
  C:\Windows\System\fJBYRai.exe
  2⤵
  PID:1936
- C:\Windows\System\FIPfzrj.exe
  C:\Windows\System\FIPfzrj.exe
  2⤵
  PID:3308
- C:\Windows\System\YIWsPBb.exe
  C:\Windows\System\YIWsPBb.exe
  2⤵
  PID:3192
- C:\Windows\System\PwecTBX.exe
  C:\Windows\System\PwecTBX.exe
  2⤵
  PID:2008
- C:\Windows\System\FraPQad.exe
  C:\Windows\System\FraPQad.exe
  2⤵
  PID:2408
- C:\Windows\System\qDaDxxR.exe
  C:\Windows\System\qDaDxxR.exe
  2⤵
  PID:4848
- C:\Windows\System\yimsMmw.exe
  C:\Windows\System\yimsMmw.exe
  2⤵
  PID:2004
- C:\Windows\System\OCFbYEB.exe
  C:\Windows\System\OCFbYEB.exe
  2⤵
  PID:4428
- C:\Windows\System\WwKfsov.exe
  C:\Windows\System\WwKfsov.exe
  2⤵
  PID:3508
- C:\Windows\System\yTepEkd.exe
  C:\Windows\System\yTepEkd.exe
  2⤵
  PID:920
- C:\Windows\System\FnuJcwX.exe
  C:\Windows\System\FnuJcwX.exe
  2⤵
  PID:4512
- C:\Windows\System\Hoqerfh.exe
  C:\Windows\System\Hoqerfh.exe
  2⤵
  PID:4788
- C:\Windows\System\inbToNF.exe
  C:\Windows\System\inbToNF.exe
  2⤵
  PID:4500
- C:\Windows\System\VsOaIGF.exe
  C:\Windows\System\VsOaIGF.exe
  2⤵
  PID:4936
- C:\Windows\System\oVLPyms.exe
  C:\Windows\System\oVLPyms.exe
  2⤵
  PID:5048
- C:\Windows\System\LhHRvOo.exe
  C:\Windows\System\LhHRvOo.exe
  2⤵
  PID:3648
- C:\Windows\System\obuIcTb.exe
  C:\Windows\System\obuIcTb.exe
  2⤵
  PID:5148
- C:\Windows\System\EjxLrfS.exe
  C:\Windows\System\EjxLrfS.exe
  2⤵
  PID:5168
- C:\Windows\System\ccTZFjo.exe
  C:\Windows\System\ccTZFjo.exe
  2⤵
  PID:5196
- C:\Windows\System\ownJOQb.exe
  C:\Windows\System\ownJOQb.exe
  2⤵
  PID:5224
- C:\Windows\System\uGtrxPn.exe
  C:\Windows\System\uGtrxPn.exe
  2⤵
  PID:5252
- C:\Windows\System\Djcdexo.exe
  C:\Windows\System\Djcdexo.exe
  2⤵
  PID:5280
- C:\Windows\System\AnkZOfi.exe
  C:\Windows\System\AnkZOfi.exe
  2⤵
  PID:5304
- C:\Windows\System\OaXvMHA.exe
  C:\Windows\System\OaXvMHA.exe
  2⤵
  PID:5336
- C:\Windows\System\yiONmBQ.exe
  C:\Windows\System\yiONmBQ.exe
  2⤵
  PID:5364
- C:\Windows\System\KWiIJZk.exe
  C:\Windows\System\KWiIJZk.exe
  2⤵
  PID:5392
- C:\Windows\System\cTtVNgJ.exe
  C:\Windows\System\cTtVNgJ.exe
  2⤵
  PID:5420
- C:\Windows\System\IMWFfAf.exe
  C:\Windows\System\IMWFfAf.exe
  2⤵
  PID:5444
- C:\Windows\System\tCiUXrx.exe
  C:\Windows\System\tCiUXrx.exe
  2⤵
  PID:5488
- C:\Windows\System\XfHYkdE.exe
  C:\Windows\System\XfHYkdE.exe
  2⤵
  PID:5512
- C:\Windows\System\hhdAIrd.exe
  C:\Windows\System\hhdAIrd.exe
  2⤵
  PID:5540
- C:\Windows\System\IliJCjl.exe
  C:\Windows\System\IliJCjl.exe
  2⤵
  PID:5560
- C:\Windows\System\NQLIHsZ.exe
  C:\Windows\System\NQLIHsZ.exe
  2⤵
  PID:5584
- C:\Windows\System\iJwqvcs.exe
  C:\Windows\System\iJwqvcs.exe
  2⤵
  PID:5616
- C:\Windows\System\hesPTIG.exe
  C:\Windows\System\hesPTIG.exe
  2⤵
  PID:5644
- C:\Windows\System\KIPKuZa.exe
  C:\Windows\System\KIPKuZa.exe
  2⤵
  PID:5668
- C:\Windows\System\iOXtWwH.exe
  C:\Windows\System\iOXtWwH.exe
  2⤵
  PID:5700
- C:\Windows\System\NdwQuEh.exe
  C:\Windows\System\NdwQuEh.exe
  2⤵
  PID:5728
- C:\Windows\System\WrhBTDr.exe
  C:\Windows\System\WrhBTDr.exe
  2⤵
  PID:5752
- C:\Windows\System\BCiWIJQ.exe
  C:\Windows\System\BCiWIJQ.exe
  2⤵
  PID:5784
- C:\Windows\System\WzywXeb.exe
  C:\Windows\System\WzywXeb.exe
  2⤵
  PID:5812
- C:\Windows\System\xEpCueh.exe
  C:\Windows\System\xEpCueh.exe
  2⤵
  PID:5840
- C:\Windows\System\kumbzTa.exe
  C:\Windows\System\kumbzTa.exe
  2⤵
  PID:5868
- C:\Windows\System\uiySjgK.exe
  C:\Windows\System\uiySjgK.exe
  2⤵
  PID:5896
- C:\Windows\System\vPVPXpB.exe
  C:\Windows\System\vPVPXpB.exe
  2⤵
  PID:5924
- C:\Windows\System\GsqddPp.exe
  C:\Windows\System\GsqddPp.exe
  2⤵
  PID:5952
- C:\Windows\System\LYJrkOv.exe
  C:\Windows\System\LYJrkOv.exe
  2⤵
  PID:5976
- C:\Windows\System\auJYytd.exe
  C:\Windows\System\auJYytd.exe
  2⤵
  PID:6008
- C:\Windows\System\ndclqSP.exe
  C:\Windows\System\ndclqSP.exe
  2⤵
  PID:6032
- C:\Windows\System\bhZIIPU.exe
  C:\Windows\System\bhZIIPU.exe
  2⤵
  PID:6064
- C:\Windows\System\dfTxTdH.exe
  C:\Windows\System\dfTxTdH.exe
  2⤵
  PID:6092
- C:\Windows\System\LIDJcHV.exe
  C:\Windows\System\LIDJcHV.exe
  2⤵
  PID:6116
- C:\Windows\System\ddKGRsX.exe
  C:\Windows\System\ddKGRsX.exe
  2⤵
  PID:3488
- C:\Windows\System\QPcCEVL.exe
  C:\Windows\System\QPcCEVL.exe
  2⤵
  PID:2144
- C:\Windows\System\FNhvOst.exe
  C:\Windows\System\FNhvOst.exe
  2⤵
  PID:1168
- C:\Windows\System\byKfhXe.exe
  C:\Windows\System\byKfhXe.exe
  2⤵
  PID:1064
- C:\Windows\System\cEKatse.exe
  C:\Windows\System\cEKatse.exe
  2⤵
  PID:2612
- C:\Windows\System\QENRkBF.exe
  C:\Windows\System\QENRkBF.exe
  2⤵
  PID:1252
- C:\Windows\System\XyDnXpx.exe
  C:\Windows\System\XyDnXpx.exe
  2⤵
  PID:5124
- C:\Windows\System\iLRSFRr.exe
  C:\Windows\System\iLRSFRr.exe
  2⤵
  PID:5180
- C:\Windows\System\lcznHrB.exe
  C:\Windows\System\lcznHrB.exe
  2⤵
  PID:5244
- C:\Windows\System\QmqBwjs.exe
  C:\Windows\System\QmqBwjs.exe
  2⤵
  PID:5300
- C:\Windows\System\YVHNdHy.exe
  C:\Windows\System\YVHNdHy.exe
  2⤵
  PID:5356
- C:\Windows\System\KRwtvQD.exe
  C:\Windows\System\KRwtvQD.exe
  2⤵
  PID:5412
- C:\Windows\System\bPwhorF.exe
  C:\Windows\System\bPwhorF.exe
  2⤵
  PID:5480
- C:\Windows\System\QSkWexn.exe
  C:\Windows\System\QSkWexn.exe
  2⤵
  PID:5536
- C:\Windows\System\HJccNwy.exe
  C:\Windows\System\HJccNwy.exe
  2⤵
  PID:5604
- C:\Windows\System\AopcWSv.exe
  C:\Windows\System\AopcWSv.exe
  2⤵
  PID:5664
- C:\Windows\System\nIXMDSv.exe
  C:\Windows\System\nIXMDSv.exe
  2⤵
  PID:5740
- C:\Windows\System\hXyEbpw.exe
  C:\Windows\System\hXyEbpw.exe
  2⤵
  PID:5800
- C:\Windows\System\yThWYsa.exe
  C:\Windows\System\yThWYsa.exe
  2⤵
  PID:5860
- C:\Windows\System\epnzQGA.exe
  C:\Windows\System\epnzQGA.exe
  2⤵
  PID:1464
- C:\Windows\System\dCWFaFZ.exe
  C:\Windows\System\dCWFaFZ.exe
  2⤵
  PID:5992
- C:\Windows\System\LuAxoer.exe
  C:\Windows\System\LuAxoer.exe
  2⤵
  PID:6028
- C:\Windows\System\fWQIhbE.exe
  C:\Windows\System\fWQIhbE.exe
  2⤵
  PID:6084
- C:\Windows\System\LVnXvsF.exe
  C:\Windows\System\LVnXvsF.exe
  2⤵
  PID:4472
- C:\Windows\System\YZxLndI.exe
  C:\Windows\System\YZxLndI.exe
  2⤵
  PID:4744
- C:\Windows\System\VqZpafD.exe
  C:\Windows\System\VqZpafD.exe
  2⤵
  PID:2608
- C:\Windows\System\nelnRKG.exe
  C:\Windows\System\nelnRKG.exe
  2⤵
  PID:5144
- C:\Windows\System\hGCENva.exe
  C:\Windows\System\hGCENva.exe
  2⤵
  PID:5272
- C:\Windows\System\bcatcFy.exe
  C:\Windows\System\bcatcFy.exe
  2⤵
  PID:5352
- C:\Windows\System\qinxnqZ.exe
  C:\Windows\System\qinxnqZ.exe
  2⤵
  PID:5464
- C:\Windows\System\AeQtqbV.exe
  C:\Windows\System\AeQtqbV.exe
  2⤵
  PID:5600
- C:\Windows\System\fCuYxBx.exe
  C:\Windows\System\fCuYxBx.exe
  2⤵
  PID:5720
- C:\Windows\System\rtQvaPZ.exe
  C:\Windows\System\rtQvaPZ.exe
  2⤵
  PID:5944
- C:\Windows\System\IaMlAdt.exe
  C:\Windows\System\IaMlAdt.exe
  2⤵
  PID:2972
- C:\Windows\System\YMRPFlu.exe
  C:\Windows\System\YMRPFlu.exe
  2⤵
  PID:1896
- C:\Windows\System\ulDjHBF.exe
  C:\Windows\System\ulDjHBF.exe
  2⤵
  PID:5164
- C:\Windows\System\YMBuMtp.exe
  C:\Windows\System\YMBuMtp.exe
  2⤵
  PID:5348
- C:\Windows\System\jMenPxu.exe
  C:\Windows\System\jMenPxu.exe
  2⤵
  PID:5460
- C:\Windows\System\YdfBGWw.exe
  C:\Windows\System\YdfBGWw.exe
  2⤵
  PID:4640
- C:\Windows\System\MLCpmId.exe
  C:\Windows\System\MLCpmId.exe
  2⤵
  PID:3636
- C:\Windows\System\uZgbDBb.exe
  C:\Windows\System\uZgbDBb.exe
  2⤵
  PID:2316
- C:\Windows\System\Clbcved.exe
  C:\Windows\System\Clbcved.exe
  2⤵
  PID:2084
- C:\Windows\System\qbyFaEV.exe
  C:\Windows\System\qbyFaEV.exe
  2⤵
  PID:3144
- C:\Windows\System\aznkCDD.exe
  C:\Windows\System\aznkCDD.exe
  2⤵
  PID:4836
- C:\Windows\System\VvrQXQe.exe
  C:\Windows\System\VvrQXQe.exe
  2⤵
  PID:5916
- C:\Windows\System\TOUARqZ.exe
  C:\Windows\System\TOUARqZ.exe
  2⤵
  PID:6136
- C:\Windows\System\sEGvyNv.exe
  C:\Windows\System\sEGvyNv.exe
  2⤵
  PID:4300
- C:\Windows\System\hPAbULJ.exe
  C:\Windows\System\hPAbULJ.exe
  2⤵
  PID:2244
- C:\Windows\System\ENKyrYP.exe
  C:\Windows\System\ENKyrYP.exe
  2⤵
  PID:3276
- C:\Windows\System\CcTmLtU.exe
  C:\Windows\System\CcTmLtU.exe
  2⤵
  PID:3716
- C:\Windows\System\dxGtWCZ.exe
  C:\Windows\System\dxGtWCZ.exe
  2⤵
  PID:2344
- C:\Windows\System\UlHtgcH.exe
  C:\Windows\System\UlHtgcH.exe
  2⤵
  PID:6080
- C:\Windows\System\TFAnPDT.exe
  C:\Windows\System\TFAnPDT.exe
  2⤵
  PID:4540
- C:\Windows\System\baULTzV.exe
  C:\Windows\System\baULTzV.exe
  2⤵
  PID:5576
- C:\Windows\System\YUWsuGe.exe
  C:\Windows\System\YUWsuGe.exe
  2⤵
  PID:6148
- C:\Windows\System\BAAEEkf.exe
  C:\Windows\System\BAAEEkf.exe
  2⤵
  PID:6208
- C:\Windows\System\cBGCFPU.exe
  C:\Windows\System\cBGCFPU.exe
  2⤵
  PID:6228
- C:\Windows\System\avUBgWo.exe
  C:\Windows\System\avUBgWo.exe
  2⤵
  PID:6256
- C:\Windows\System\wwYQdWj.exe
  C:\Windows\System\wwYQdWj.exe
  2⤵
  PID:6288
- C:\Windows\System\EUGFeBx.exe
  C:\Windows\System\EUGFeBx.exe
  2⤵
  PID:6316
- C:\Windows\System\lHoGvCQ.exe
  C:\Windows\System\lHoGvCQ.exe
  2⤵
  PID:6340
- C:\Windows\System\XQiZcDj.exe
  C:\Windows\System\XQiZcDj.exe
  2⤵
  PID:6372
- C:\Windows\System\tLooehm.exe
  C:\Windows\System\tLooehm.exe
  2⤵
  PID:6400
- C:\Windows\System\gmIOSgX.exe
  C:\Windows\System\gmIOSgX.exe
  2⤵
  PID:6428
- C:\Windows\System\LCvmMvv.exe
  C:\Windows\System\LCvmMvv.exe
  2⤵
  PID:6452
- C:\Windows\System\zxmBpdz.exe
  C:\Windows\System\zxmBpdz.exe
  2⤵
  PID:6484
- C:\Windows\System\sWxIATU.exe
  C:\Windows\System\sWxIATU.exe
  2⤵
  PID:6516
- C:\Windows\System\ZVmLPpT.exe
  C:\Windows\System\ZVmLPpT.exe
  2⤵
  PID:6548
- C:\Windows\System\DBIWywx.exe
  C:\Windows\System\DBIWywx.exe
  2⤵
  PID:6576
- C:\Windows\System\NIqeMJV.exe
  C:\Windows\System\NIqeMJV.exe
  2⤵
  PID:6596
- C:\Windows\System\kwvsPkI.exe
  C:\Windows\System\kwvsPkI.exe
  2⤵
  PID:6620
- C:\Windows\System\SPeuZbW.exe
  C:\Windows\System\SPeuZbW.exe
  2⤵
  PID:6648
- C:\Windows\System\IfEQvOE.exe
  C:\Windows\System\IfEQvOE.exe
  2⤵
  PID:6680
- C:\Windows\System\ntZxYeH.exe
  C:\Windows\System\ntZxYeH.exe
  2⤵
  PID:6712
- C:\Windows\System\GBScFvg.exe
  C:\Windows\System\GBScFvg.exe
  2⤵
  PID:6740
- C:\Windows\System\AGiplTj.exe
  C:\Windows\System\AGiplTj.exe
  2⤵
  PID:6784
- C:\Windows\System\OjzIMVz.exe
  C:\Windows\System\OjzIMVz.exe
  2⤵
  PID:6800
- C:\Windows\System\UjPXAJA.exe
  C:\Windows\System\UjPXAJA.exe
  2⤵
  PID:6820
- C:\Windows\System\BkSEdDE.exe
  C:\Windows\System\BkSEdDE.exe
  2⤵
  PID:6852

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System\AKMPGnC.exe

Filesize
1.3MB

MD5
eaabb4f98653486f14f3abe36d9f9927

SHA1
bfa3bf174a767652714adc1f5efc0ca377960e24

SHA256
1a8d91770f4b1fab7bd2e18f3ddc41027a86d6e2301d80225a70179e97d237e7

SHA512
f105d7474ab0697490e573e778e727e47ba8f4a02a24d641953f934e4221cfeae1190069f471af527d7e251cb0c24677700cfd40c99c9e1d7c2c9d312b6521aa

Download Submit
C:\Windows\System\AqRSBeN.exe

Filesize
1.3MB

MD5
af17f2b6a05775b24029477aeab40335

SHA1
4f4128b357d41d5636e304aaaf7238c39b7638a3

SHA256
2dc227ab431d3cb207fe206e900647828d8f2aaa1fbaa5e81c97827e261a33f6

SHA512
9e4b6bcc9ec75666b19293955c7ebaea7f38d3a4c1bd8d1afd2ad69509e123b84e14cd88309bd952c39aac1f683877d787b595e93d3c303691a7f21961541b98

Download Submit
C:\Windows\System\DIIbexQ.exe

Filesize
1.3MB

MD5
f68129f606d578c7ada0517a53862558

SHA1
60722cc8b87be8a16561a25dcab1241e732f2fea

SHA256
c83ac14214673414ceee799f5d70beb7ba96b4dee296c82b6097a6d48d675173

SHA512
f0b59f56162ef7b72959bf361ba41dddadc458b6794241d27d7482f1630d6d4358ae8ee565d4172191f1e44998228d2b73f6d383449edc1cc0736242eb499b9a

Download Submit
C:\Windows\System\DMASfcX.exe

Filesize
1.3MB

MD5
8424b37703da6ea14264119621476fe9

SHA1
0f64ed97732a724ef5c559448e9e8d636961ce41

SHA256
8438287f5563f558e9834eb7b8ec477c9f1ca04923999af0cd5a96596a4e2f60

SHA512
cb93373b7442cac25da526d6a9041df53c902d017e7f1a992ce62c280a951f01192200cb9f256680ab63876806a9d92760584e6eec4ba6ddfbcd78f78dff66c2

Download Submit
C:\Windows\System\GjacjtA.exe

Filesize
1.3MB

MD5
189f203642ad72083e4dca672c7354bf

SHA1
f21ff78b8d2e20e2d3820b3e92fe152f4b1e4811

SHA256
c2954e943beb956b06e632fc277a6b1033dad986f8a38d0202338d25ec8ce09d

SHA512
871f32c2e45a070a65ee3076e0146702849fa4ec9475d781a4d4305747f33a34c6a504889fdd14d466c7518799bba03a6cdf4b837754b509873fc9f25a80c855

Download Submit
C:\Windows\System\HpBqWSS.exe

Filesize
1.3MB

MD5
4a2107bb41f9a6a7248b6c7449040c03

SHA1
909c171deb8f79792caeee390b5b52648b1db4f8

SHA256
fc3632b62b850b92dd16b4d4e8d61a749f9e16aa5fbe254a5f65d915752f3f65

SHA512
2207ffbd97347c45b683c478c072c9c7272a7fb66af31e40a5e52eacd66b93a48ad16bca4885627c181d5e046a9e27fb324e702f898e5f5cbbae34003abf42b0

Download Submit
C:\Windows\System\IwGukmN.exe

Filesize
1.3MB

MD5
e98905cd2966c27f91f0820a20926f91

SHA1
d9a65de25e9f97360574eacd553fe78850ff5dcc

SHA256
8b8a22c944c3a67721312c6bdea6a3cebf3d852cb1812a8b10b67cbf41c57d50

SHA512
ccac485acb223640c16bad9eb43ea02e7562ecc1875a5c45877ed3ba2371c940f7d129452472c501a588166bfb576ca0a27cf83cafc7aeb915f722849713572d

Download Submit
C:\Windows\System\KGgpRBY.exe

Filesize
1.3MB

MD5
e77af1c41c7bbaf09344ec9d8914495a

SHA1
0c4d52fd823e9a7e20cab2042b1243a18ec1444d

SHA256
05caf96a0ecd0af5caccf8de48d2fcb0654e0d4ee950c23a9c6dcd1983b735c9

SHA512
cdff7582f6ef22c5733d0725b6f0a0fdd842cb6c8b606597947e56813efd0a46135727242015ae66a5b793ec77ea40b15f624797757adb28cea27806d5921ed5

Download Submit
C:\Windows\System\KoeLHgj.exe

Filesize
1.3MB

MD5
4bb9425d833e295e290f5ab1a4a1068c

SHA1
304905abd443144f728f3772ffd1e0abe35c2871

SHA256
4ada89dd9f02c8cdd91748784aaed465a68921c0e2eb73a4da8f778df2f6cf2c

SHA512
52fb929d2ca0b71603efccd515fb588a0136cfaf0c315619da89c3001ace1542f8cd68fde0b2c274aaf0e3b3b0a385c8f385c5ebe86eb039aa7b2178c87532e8

Download Submit
C:\Windows\System\LZNJrPa.exe

Filesize
1.3MB

MD5
d86842d57dafa0e04229cc70270d3990

SHA1
ba18fd5fb0e7d005f1ab8cfa44b69063b5ed733c

SHA256
964ef1d4df96cd721f1a91cbc170df030a8d16bd3d6c512c9053f97104e0c553

SHA512
427826224fb8d67f595f1a8ad92ddd579afc9c0b52ea1717c40cf86ca44aa69224646fd897f6d3c23c3afbc70f8390a151fc45449a0ad46e97bdbefa517d54e3

Download Submit
C:\Windows\System\LoVMMVv.exe

Filesize
1.3MB

MD5
f449926a5a197e8a5a2afd71c5c64bbb

SHA1
6cd4369bcd09d276ae981f39ef7692644060a574

SHA256
6771fc3110cfaf9e8075d8036c9617a113b1f2e204c10648a1c76eeda795fcf8

SHA512
f2e91f9dcc363754e7718b1312d735a436d7f72803521e8928e0e972ce552529a98c3afe604d077f509e236d8604ae8aabc81d29ea780bd68c8393c6dd34b109

Download Submit
C:\Windows\System\MIMooZg.exe

Filesize
1.3MB

MD5
f21fdee9f25947e5e144a0f15360e6fa

SHA1
42c462e611cc94fba35df583bbfb18be9f7421e3

SHA256
d671042a90b170f21ef4c2e193f5bb75c4657f2b50d6ec65e85e5064e95ca9b7

SHA512
bfcf6da6fe0d2f6d83a07276f037063d50cee87e8902ed5128372a5934b6d5c074bddf0c44657a92909845bc6e488b7663bb5c5b3ef478510c0661721f75250d

Download Submit
C:\Windows\System\OEKfGgT.exe

Filesize
1.3MB

MD5
4545d9b06da3ef8a2cff4d7babdf13de

SHA1
534ba411dcf2b4ba25fa045e60d57ab8e434ae27

SHA256
a8b570a9bb52ca533ca26b757e4e0a50f52d6b11f8777c678d067ce28cf110f7

SHA512
284caa427efae8a403682ab3f7d28e0496042741ee351b7b9174c0608788bb2dc546a617e5fe5c4a1d71e8898ee8c4ea52f84cd28382e5b8629d7c7176938d73

Download Submit
C:\Windows\System\QQSGdmS.exe

Filesize
1.3MB

MD5
cf5fe71de4e585db7c04eb8de5da70fd

SHA1
e4a911e797ad759e8e8bf26361fbd820bacb196f

SHA256
4d406841711d49d9a8ba06c652a950edc072cc68ecfede0e7ffc3758f98b1b18

SHA512
cb9adec092d94d475dcb473b1a284f56e868bcdffff8deaf38083ce702c613309042b9142ffd98f1a7b6664e20052ec5a7afd319f20a307308def15c0b6bb0a1

Download Submit
C:\Windows\System\RPzPsSc.exe

Filesize
1.3MB

MD5
ab003b91b0a4741800a87731fb2fd279

SHA1
808a0a74304e56d23dd8abf5b776742b4394851b

SHA256
72b391c587191529de79f5f73365f5761a33687c5d6af363decd9ae71a816086

SHA512
ed1caaeb34e7cec8b4e24b6791ad70d77e7df9461e0b08af08645f497c4805cee64af1e92ae266221bd625588a0ae03520e8f006589ae28f6948dc19149fe7f3

Download Submit
C:\Windows\System\YepjXWn.exe

Filesize
1.3MB

MD5
48ef8a30fa2dc24fb5256d6b958d6890

SHA1
4dec99c62be02366a0cc1b541e84a05def50ba14

SHA256
8b110c13bf1e736f1876cd725308ffb7faa7d9b4d766fda3e88f7edd6c29a965

SHA512
ae9f8e836c18d5574189e580dacb821a5eadf96b46395b9781453998ee2de040515345a95fef2da2c39422c8bb4db57dec293dec8dc54e27224a87fc4df86939

Download Submit
C:\Windows\System\YvNNPZu.exe

Filesize
1.3MB

MD5
1ce08b66f0f81fa9361fb2916bb783c4

SHA1
f3f80baa2a904695c2ac1fa1ff9cb86f3ff46a59

SHA256
8cc2fd78d8c5a94676fe5fbe012c63e83c49acd54a45b1add22fca6e0fd9aeae

SHA512
d8c8c311f1776b07d4f03d6e65b0393dfa48680b365ed8349e13d9c6081a6ca9af0fe2ddeb29df35e951c4a3a7b7683f525761dbd2f3f4e70f061814c61da712

Download Submit
C:\Windows\System\ZAwFdIB.exe

Filesize
1.3MB

MD5
2c1ff8bdfe767a8ee2269ecba20582c3

SHA1
015f452929ed9dad0d10223d00c7811b57d663ed

SHA256
9dcc09f17d017eb902fc36e6893d0cb18b55c058eb19935e1ff6fed6fe9db2f3

SHA512
44255c832fd3ed157a8318be0942e4b6059619f5aa3531f2c94c17acb35c08e284390c56aedab11eaf0f37c43cbd9e9b530005cf62f6feba702d52018d600ed4

Download Submit
C:\Windows\System\ayZPsMa.exe

Filesize
1.3MB

MD5
10eddc923057c0f9ff74f45c69b34568

SHA1
a392f8e08aee92d0520c4749279727437c1bed07

SHA256
98c67c265c01197b848306ec4303cbb22a3b149dd4d75a89a0fa2f74ce02d83a

SHA512
2d7e469806b2c41c1c38125303fa1c026b0b6967ad67d1b1b2d848ff956c6451f53e1dba353f6574e8ee532538686896c0675530bcb70375f8f89b4da1b0e364

Download Submit
C:\Windows\System\dAedAYc.exe

Filesize
1.3MB

MD5
6b4a82267fd4562f7503f134bce50f14

SHA1
17a7b3343d6f714686e977e483d0bda959e7ba5d

SHA256
27da8d04d47f29b0f56b7541afedcdf2953f05a2a2d5b7a13ef046ec60905f23

SHA512
838c8535d95c9bfc8a714ee4273b918850b4c1e3f501f375eeb11915bd9e184323cd0e891c2447411c9bcd3b5bc7c510258bb7bbaeb65a991b446b15b00c40b0

Download Submit
C:\Windows\System\gxeeRSe.exe

Filesize
1.3MB

MD5
c0a32f5ee0653a9674a304e56030417e

SHA1
501c410ecbcc7cfd19f422eeefe7e21eca35cff7

SHA256
1dbdaacc072a56fac888f88e2c80d399de291324b2d4930bf02f215e040ec235

SHA512
7685d5776df01195ece013c8019fb9f903e94305a499cf78c81e6e7baf152a46424c2b90949c733dffba4e4fdd75f252fe50e0700ffab0230e1477d611ff0699

Download Submit
C:\Windows\System\iAUpIjt.exe

Filesize
1.3MB

MD5
3948013bdbe1433f9645409ed7389ec1

SHA1
3671050cfdec64d1e4e5e2692f95998bf1f9bce2

SHA256
05bace77471e64251db4f990b7efd8eba1d2fd6bab7223711d61ac8db40d8b6a

SHA512
19a357e51e79462cc115c5be06b3af4829b720c3581a64cb7c68938dafd06f664c16c1387ede4f5ee401252e9b356052debc5f975f8afaeba1a1430f438314c4

Download Submit
C:\Windows\System\kJoCYat.exe

Filesize
1.3MB

MD5
3185aaa6216648872e55cb9ebb49d8ed

SHA1
8f807eb21ca996bf193a67091d98d5b252db43f6

SHA256
1c59a0d72068b2e3c8c2cea03819c1d266047c689acb748afa1731c94849f7bb

SHA512
867afa74a0ae818608d62244bf2ddcbb08aa13827e14c46ce28df1dae44225f0d68b3e2d690894a934c34fa63501ac1f179885c745e1389bf82ceeb9a70fb0ae

Download Submit
C:\Windows\System\nycgQWK.exe

Filesize
1.3MB

MD5
2dcd24610881894606a77a66eb44139c

SHA1
5788e15ca6b070f4745d06c695121f9eea861020

SHA256
f0297f815b34a4aafc35fe8e7b31df56e750d91ac24a0bd58c7933b651b5a7ab

SHA512
e37529823ba2ea7ab7e02727eb5b43194b98ee1c4af77a560728ab0a5a86f017307ab080f8f4dd85f41602e694eb430e903ee147862470bcdd4c5cd5da38db82

Download Submit
C:\Windows\System\ogPdmao.exe

Filesize
1.3MB

MD5
435148080ac4c1605da69a6b2a85510d

SHA1
2ae462e5ee4899e5f807be0747b42772d3593e56

SHA256
22bebaa27cbd966d7f1e112988d1edc0dd753b0840ec72989e6bf988e392102a

SHA512
23f9ebd850e8ae621a82c14cfedf34af4be0cf72cf94e5fe3670371aaa0053cfca1364f4ec13333956c5c8c82fdf0222a35e8d5ad49021138d6c8614e3db8beb

Download Submit
C:\Windows\System\ojCRMEL.exe

Filesize
1.3MB

MD5
03729379861c8b259bb6ba4d9a47ed43

SHA1
f5f02d77d52858c94c8137da31ec0e7b799b695b

SHA256
440a35876cd4ef9735721a75eefb065e79bb3610c90d40fc2492ff0666622ec9

SHA512
540b6767d38948d0b1df7a3f3604eb7f4a4989d8d1309c4d7fc3d1d10bfc22cc200946fc7e5dc06983b537764601172d87cf0d4da7eef69a93f342f4ed0b4222

Download Submit
C:\Windows\System\pKhmsFo.exe

Filesize
1.3MB

MD5
4f271ecebd4ff483a7ec929863a4b930

SHA1
74011ebe621dc336ca9f1c65b68b003cbd0cf2df

SHA256
439f3491b4f17e791c20e13ebf29fdf2d05a806e6bd1572ec7bf219b96ef9e8d

SHA512
6a0aadf86ddf4aa5cd4625bc6f2382180125873f357b6f9c46061c4bab069de4c9da7dcc6a58a4ed46479a7efff4ecc4653518db3b9a733042462889b8f51b6c

Download Submit
C:\Windows\System\surQwXW.exe

Filesize
1.3MB

MD5
a555934da9d153eb553d25e7824eee93

SHA1
7dcc78d35b758e3df70bd402d0e9ae0b677861c9

SHA256
15263c748baddbe77e7bb0cd24b82c0a918390739af8a8e02cd203e9027d79f8

SHA512
3c5cdfed1412c64e2014c3684423b10054d9d0c4a9ebdbe8bc811092c979779131d1fcb0475d07ba9339c88b81bbe02ca5bc50656170554dbc1107aa830674e9

Download Submit
C:\Windows\System\tLFNvtH.exe

Filesize
1.3MB

MD5
cfd03aad51b489a095d06b8f681d706a

SHA1
02546cec2aaa8e57d2bbea29d26700393838871d

SHA256
634e33a4206137036521ec4a5476b1f49aa85d8a20593a094a89563d3cbf845a

SHA512
d39f4068e528c902f038751c4a693fb2df788e6a99b20b51dbd8be53b8619e303c625637b94cb102b2fef8468cf8994dbb629dce87f413b9e52c3bb6832d834d

Download Submit
C:\Windows\System\umuXqjr.exe

Filesize
1.3MB

MD5
14ba08336f293ca9781de799d1fabfb7

SHA1
c8368b6f3b4862d00e39f0401a475456560527c5

SHA256
d544f8946c761359c316d784abdc8d0309772630f327fa1f5bb600964a844acf

SHA512
46d9bae3ea0f3b6e345aebdd67ffe6c8b894c4b4e47fb7f6dda6fd06a90eda285ea9e1a6711ee0b15dc376e483624f27c9bf2df704edcc38d65ae082bcc636a8

Download Submit
C:\Windows\System\xFpCgEi.exe

Filesize
1.3MB

MD5
b2af29abd6fbfcf94b433f48216e8b7d

SHA1
af12793ea64aef068e64ed2c28a082660553881b

SHA256
56adba9bdab2105eb56f3cda75d318e24d50d05a37cba89f58e2d04b22fbdaeb

SHA512
324c4a35109afe4753614604fbbe7e88e749f70e831df4ec1447dfd9992576a159b8e92e97119f85c2980b88a00302b823f915989d939b4b40ff196d204fb5f5

Download Submit
C:\Windows\System\xrUIeIK.exe

Filesize
1.3MB

MD5
59d150018c6153fed86d05a84d9641b2

SHA1
372a979049c97e417a1ff121f7c988073c136034

SHA256
6f08ef37711b5eba46c7b9cc969104c9f62e98af17ea355eb4a6b43d00f61ee2

SHA512
d61add2c2cf051a0e292a09ecbe58c589e3057101d96d63a7f5c325b76de8b9c4cc3b57c9602ece46510698c727eaf71f54345a0676a420ffa3e3f131adc6464

Download Submit
C:\Windows\System\xsrDMyZ.exe

Filesize
1.3MB

MD5
557e36bf20a36761660be577e719abb7

SHA1
11544ed6ba7cd5ea1d77062d0aeefdbf8a94647b

SHA256
e9f96f3dd363e0ab4cc0391c7eb04fc392c40f07e0c79ebaa263db1b5b49ece1

SHA512
7263db6c8f8f9e094db4e30276083a9120450581f706d10ff28891714e486cb045cd8e7c6f893291074e0c455109e7b9561cfadc844ca482ce8da874a5d2dd55

Download Submit
memory/1596-0-0x00000238A31F0000-0x00000238A3200000-memory.dmp

Filesize
64KB

Download