xmrig | eb1a65f5713c27718b8e767e5136d7c9d2661be4d3775b37790e404c17668ca7

Analysis

max time kernel
144s
max time network
148s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
19-08-2024 02:54

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

eb1a65f5713c27718b8e767e5136d7c9d2661be4d3775b37790e404c17668ca7.exe
Size

1.4MB
MD5

c672e0ed77a08836427883523f58939b
SHA1

37230ae1be6a0843ff6d1eff20e742d9bb5af297
SHA256

eb1a65f5713c27718b8e767e5136d7c9d2661be4d3775b37790e404c17668ca7
SHA512

a17dbf13815324088cd61e145863bf3a90ca09ff2d4994d727e85a274920dfd7c4fe73ffaf8bfbea5328af0319699b9bea79276cd08c4c51f1946096ad2bfc0f
SSDEEP

24576:GezaTnG99Q8FcNrpyNdfE0bLBgDOp2iSLz9LbBwlKensYKkzGUfiI7pXu3ajGEwM:GezaTF8FcNkNdfE0pZ9oztFwI6KQGyXL

Score

10^/10

xmrig miner

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 33 IoCs

miner

resource	yara_rule
behavioral2/files/0x00090000000233f6-4.dat	xmrig
behavioral2/files/0x0008000000023453-8.dat	xmrig
behavioral2/files/0x0007000000023459-37.dat	xmrig
behavioral2/files/0x000700000002345a-44.dat	xmrig
behavioral2/files/0x000700000002345b-55.dat	xmrig
behavioral2/files/0x000700000002345d-65.dat	xmrig
behavioral2/files/0x0007000000023466-104.dat	xmrig
behavioral2/files/0x0007000000023472-162.dat	xmrig
behavioral2/files/0x0007000000023470-160.dat	xmrig
behavioral2/files/0x0007000000023471-157.dat	xmrig
behavioral2/files/0x000700000002346f-155.dat	xmrig
behavioral2/files/0x000700000002346e-150.dat	xmrig
behavioral2/files/0x000700000002346d-145.dat	xmrig
behavioral2/files/0x000700000002346c-140.dat	xmrig
behavioral2/files/0x000700000002346b-135.dat	xmrig
behavioral2/files/0x000700000002346a-130.dat	xmrig
behavioral2/files/0x0007000000023469-125.dat	xmrig
behavioral2/files/0x0007000000023468-120.dat	xmrig
behavioral2/files/0x0007000000023467-115.dat	xmrig
behavioral2/files/0x0007000000023465-102.dat	xmrig
behavioral2/files/0x0007000000023464-98.dat	xmrig
behavioral2/files/0x0007000000023463-92.dat	xmrig
behavioral2/files/0x0007000000023462-88.dat	xmrig
behavioral2/files/0x0007000000023461-83.dat	xmrig
behavioral2/files/0x0007000000023460-78.dat	xmrig
behavioral2/files/0x000700000002345f-73.dat	xmrig
behavioral2/files/0x000700000002345e-68.dat	xmrig
behavioral2/files/0x000700000002345c-60.dat	xmrig
behavioral2/files/0x0007000000023458-38.dat	xmrig
behavioral2/files/0x0007000000023457-32.dat	xmrig
behavioral2/files/0x0007000000023456-28.dat	xmrig
behavioral2/files/0x0007000000023455-20.dat	xmrig
behavioral2/files/0x0007000000023454-17.dat	xmrig

Executes dropped EXE 64 IoCs

pid	Process
592	OHpGKSE.exe
396	wfejWRF.exe
404	MiOWNBQ.exe
1248	HtofuHp.exe
972	LzrQUCI.exe
3692	HEPGKXY.exe
744	AYctRIY.exe
3468	kYDbtJS.exe
1204	QTcqUJw.exe
440	gvNJpbI.exe
60	aSuNMPp.exe
2788	mpAPvOy.exe
5000	kCUrxUa.exe
4932	gAOuzka.exe
1400	NwKVdtF.exe
368	tWSvfFJ.exe
2328	XloUWsL.exe
1680	hBpSiEq.exe
628	WMHNols.exe
1936	aZmsQUF.exe
5092	KLBUpAl.exe
1548	kluEANN.exe
1712	sZkGeMC.exe
2700	gatoysG.exe
4688	HxASIqT.exe
1816	kOQRYfU.exe
3988	hqgLJqA.exe
4576	asSVler.exe
4648	apBniFo.exe
1512	dFSMWFb.exe
4628	qCQudDr.exe
3908	mKSbmoc.exe
5072	fkJXPRp.exe
4616	uGVJjuV.exe
1780	vTcHLyS.exe
1192	iZwpRrJ.exe
760	BbSSDcm.exe
3736	qoeRlZG.exe
2628	VzIPyeS.exe
1508	pEkaPDw.exe
2740	AqEYtPi.exe
1732	djuTjcM.exe
2140	gyflLFk.exe
3604	ZpaZReg.exe
3152	VMuTyla.exe
4964	UqSlfML.exe
184	XYPNLDp.exe
4944	iObivxC.exe
4044	gkzYolS.exe
2344	jNuIOup.exe
4728	OPWPzEK.exe
516	KEaCMbP.exe
696	MYDRORM.exe
3896	zeoibxh.exe
456	iDdEJoT.exe
3632	VXAnMXg.exe
1036	bEQotLT.exe
3616	iOaaeyM.exe
2760	PiWaorL.exe
4936	NfXsENv.exe
1008	fsNTDqY.exe
1536	PizjtbU.exe
4124	fbVZzrN.exe
4880	QaJGnjm.exe

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\gGhgsnk.exe	eb1a65f5713c27718b8e767e5136d7c9d2661be4d3775b37790e404c17668ca7.exe
File created	C:\Windows\System\VzIPyeS.exe	eb1a65f5713c27718b8e767e5136d7c9d2661be4d3775b37790e404c17668ca7.exe
File created	C:\Windows\System\NfXsENv.exe	eb1a65f5713c27718b8e767e5136d7c9d2661be4d3775b37790e404c17668ca7.exe
File created	C:\Windows\System\GtTllzj.exe	eb1a65f5713c27718b8e767e5136d7c9d2661be4d3775b37790e404c17668ca7.exe
File created	C:\Windows\System\nJMNUHZ.exe	eb1a65f5713c27718b8e767e5136d7c9d2661be4d3775b37790e404c17668ca7.exe
File created	C:\Windows\System\AYctRIY.exe	eb1a65f5713c27718b8e767e5136d7c9d2661be4d3775b37790e404c17668ca7.exe
File created	C:\Windows\System\hqgLJqA.exe	eb1a65f5713c27718b8e767e5136d7c9d2661be4d3775b37790e404c17668ca7.exe
File created	C:\Windows\System\PiWaorL.exe	eb1a65f5713c27718b8e767e5136d7c9d2661be4d3775b37790e404c17668ca7.exe
File created	C:\Windows\System\mjVjgUU.exe	eb1a65f5713c27718b8e767e5136d7c9d2661be4d3775b37790e404c17668ca7.exe
File created	C:\Windows\System\yBCZYDE.exe	eb1a65f5713c27718b8e767e5136d7c9d2661be4d3775b37790e404c17668ca7.exe
File created	C:\Windows\System\PYpTaUw.exe	eb1a65f5713c27718b8e767e5136d7c9d2661be4d3775b37790e404c17668ca7.exe
File created	C:\Windows\System\OHpGKSE.exe	eb1a65f5713c27718b8e767e5136d7c9d2661be4d3775b37790e404c17668ca7.exe
File created	C:\Windows\System\HtofuHp.exe	eb1a65f5713c27718b8e767e5136d7c9d2661be4d3775b37790e404c17668ca7.exe
File created	C:\Windows\System\hBpSiEq.exe	eb1a65f5713c27718b8e767e5136d7c9d2661be4d3775b37790e404c17668ca7.exe
File created	C:\Windows\System\uGVJjuV.exe	eb1a65f5713c27718b8e767e5136d7c9d2661be4d3775b37790e404c17668ca7.exe
File created	C:\Windows\System\BbSSDcm.exe	eb1a65f5713c27718b8e767e5136d7c9d2661be4d3775b37790e404c17668ca7.exe
File created	C:\Windows\System\cIafEWQ.exe	eb1a65f5713c27718b8e767e5136d7c9d2661be4d3775b37790e404c17668ca7.exe
File created	C:\Windows\System\pfppMfb.exe	eb1a65f5713c27718b8e767e5136d7c9d2661be4d3775b37790e404c17668ca7.exe
File created	C:\Windows\System\kYDbtJS.exe	eb1a65f5713c27718b8e767e5136d7c9d2661be4d3775b37790e404c17668ca7.exe
File created	C:\Windows\System\SbqZSaC.exe	eb1a65f5713c27718b8e767e5136d7c9d2661be4d3775b37790e404c17668ca7.exe
File created	C:\Windows\System\VosqyNy.exe	eb1a65f5713c27718b8e767e5136d7c9d2661be4d3775b37790e404c17668ca7.exe
File created	C:\Windows\System\XKzkxSW.exe	eb1a65f5713c27718b8e767e5136d7c9d2661be4d3775b37790e404c17668ca7.exe
File created	C:\Windows\System\jNthfCw.exe	eb1a65f5713c27718b8e767e5136d7c9d2661be4d3775b37790e404c17668ca7.exe
File created	C:\Windows\System\YGebZcd.exe	eb1a65f5713c27718b8e767e5136d7c9d2661be4d3775b37790e404c17668ca7.exe
File created	C:\Windows\System\RISLMSC.exe	eb1a65f5713c27718b8e767e5136d7c9d2661be4d3775b37790e404c17668ca7.exe
File created	C:\Windows\System\BvHxcou.exe	eb1a65f5713c27718b8e767e5136d7c9d2661be4d3775b37790e404c17668ca7.exe
File created	C:\Windows\System\FNqxVFx.exe	eb1a65f5713c27718b8e767e5136d7c9d2661be4d3775b37790e404c17668ca7.exe
File created	C:\Windows\System\rBBRkiL.exe	eb1a65f5713c27718b8e767e5136d7c9d2661be4d3775b37790e404c17668ca7.exe
File created	C:\Windows\System\JyEIRjs.exe	eb1a65f5713c27718b8e767e5136d7c9d2661be4d3775b37790e404c17668ca7.exe
File created	C:\Windows\System\pNroirr.exe	eb1a65f5713c27718b8e767e5136d7c9d2661be4d3775b37790e404c17668ca7.exe
File created	C:\Windows\System\MKRuQzJ.exe	eb1a65f5713c27718b8e767e5136d7c9d2661be4d3775b37790e404c17668ca7.exe
File created	C:\Windows\System\YcZCWyy.exe	eb1a65f5713c27718b8e767e5136d7c9d2661be4d3775b37790e404c17668ca7.exe
File created	C:\Windows\System\LpSHaop.exe	eb1a65f5713c27718b8e767e5136d7c9d2661be4d3775b37790e404c17668ca7.exe
File created	C:\Windows\System\CcqZOwb.exe	eb1a65f5713c27718b8e767e5136d7c9d2661be4d3775b37790e404c17668ca7.exe
File created	C:\Windows\System\VMuTyla.exe	eb1a65f5713c27718b8e767e5136d7c9d2661be4d3775b37790e404c17668ca7.exe
File created	C:\Windows\System\XzVjHFh.exe	eb1a65f5713c27718b8e767e5136d7c9d2661be4d3775b37790e404c17668ca7.exe
File created	C:\Windows\System\BEhhjhg.exe	eb1a65f5713c27718b8e767e5136d7c9d2661be4d3775b37790e404c17668ca7.exe
File created	C:\Windows\System\gkzYolS.exe	eb1a65f5713c27718b8e767e5136d7c9d2661be4d3775b37790e404c17668ca7.exe
File created	C:\Windows\System\aNRzlJf.exe	eb1a65f5713c27718b8e767e5136d7c9d2661be4d3775b37790e404c17668ca7.exe
File created	C:\Windows\System\GVhaDQG.exe	eb1a65f5713c27718b8e767e5136d7c9d2661be4d3775b37790e404c17668ca7.exe
File created	C:\Windows\System\gyflLFk.exe	eb1a65f5713c27718b8e767e5136d7c9d2661be4d3775b37790e404c17668ca7.exe
File created	C:\Windows\System\KSFeagb.exe	eb1a65f5713c27718b8e767e5136d7c9d2661be4d3775b37790e404c17668ca7.exe
File created	C:\Windows\System\uKnBPoR.exe	eb1a65f5713c27718b8e767e5136d7c9d2661be4d3775b37790e404c17668ca7.exe
File created	C:\Windows\System\OPWPzEK.exe	eb1a65f5713c27718b8e767e5136d7c9d2661be4d3775b37790e404c17668ca7.exe
File created	C:\Windows\System\pALvefx.exe	eb1a65f5713c27718b8e767e5136d7c9d2661be4d3775b37790e404c17668ca7.exe
File created	C:\Windows\System\dwVcntZ.exe	eb1a65f5713c27718b8e767e5136d7c9d2661be4d3775b37790e404c17668ca7.exe
File created	C:\Windows\System\fwpSdxR.exe	eb1a65f5713c27718b8e767e5136d7c9d2661be4d3775b37790e404c17668ca7.exe
File created	C:\Windows\System\NwKVdtF.exe	eb1a65f5713c27718b8e767e5136d7c9d2661be4d3775b37790e404c17668ca7.exe
File created	C:\Windows\System\jNuIOup.exe	eb1a65f5713c27718b8e767e5136d7c9d2661be4d3775b37790e404c17668ca7.exe
File created	C:\Windows\System\KEaCMbP.exe	eb1a65f5713c27718b8e767e5136d7c9d2661be4d3775b37790e404c17668ca7.exe
File created	C:\Windows\System\dgQZWER.exe	eb1a65f5713c27718b8e767e5136d7c9d2661be4d3775b37790e404c17668ca7.exe
File created	C:\Windows\System\GcpFfbH.exe	eb1a65f5713c27718b8e767e5136d7c9d2661be4d3775b37790e404c17668ca7.exe
File created	C:\Windows\System\MiOWNBQ.exe	eb1a65f5713c27718b8e767e5136d7c9d2661be4d3775b37790e404c17668ca7.exe
File created	C:\Windows\System\AUBKeLi.exe	eb1a65f5713c27718b8e767e5136d7c9d2661be4d3775b37790e404c17668ca7.exe
File created	C:\Windows\System\KBDWVSX.exe	eb1a65f5713c27718b8e767e5136d7c9d2661be4d3775b37790e404c17668ca7.exe
File created	C:\Windows\System\xANQKCi.exe	eb1a65f5713c27718b8e767e5136d7c9d2661be4d3775b37790e404c17668ca7.exe
File created	C:\Windows\System\dFSMWFb.exe	eb1a65f5713c27718b8e767e5136d7c9d2661be4d3775b37790e404c17668ca7.exe
File created	C:\Windows\System\dpNPWeT.exe	eb1a65f5713c27718b8e767e5136d7c9d2661be4d3775b37790e404c17668ca7.exe
File created	C:\Windows\System\KmgYLCt.exe	eb1a65f5713c27718b8e767e5136d7c9d2661be4d3775b37790e404c17668ca7.exe
File created	C:\Windows\System\djuTjcM.exe	eb1a65f5713c27718b8e767e5136d7c9d2661be4d3775b37790e404c17668ca7.exe
File created	C:\Windows\System\UqSlfML.exe	eb1a65f5713c27718b8e767e5136d7c9d2661be4d3775b37790e404c17668ca7.exe
File created	C:\Windows\System\iObivxC.exe	eb1a65f5713c27718b8e767e5136d7c9d2661be4d3775b37790e404c17668ca7.exe
File created	C:\Windows\System\GhfoeMJ.exe	eb1a65f5713c27718b8e767e5136d7c9d2661be4d3775b37790e404c17668ca7.exe
File created	C:\Windows\System\tUNCYgI.exe	eb1a65f5713c27718b8e767e5136d7c9d2661be4d3775b37790e404c17668ca7.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeLockMemoryPrivilege	2800	eb1a65f5713c27718b8e767e5136d7c9d2661be4d3775b37790e404c17668ca7.exe
Token: SeLockMemoryPrivilege	2800	eb1a65f5713c27718b8e767e5136d7c9d2661be4d3775b37790e404c17668ca7.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2800 wrote to memory of 592	2800	eb1a65f5713c27718b8e767e5136d7c9d2661be4d3775b37790e404c17668ca7.exe	85
PID 2800 wrote to memory of 592	2800	eb1a65f5713c27718b8e767e5136d7c9d2661be4d3775b37790e404c17668ca7.exe	85
PID 2800 wrote to memory of 396	2800	eb1a65f5713c27718b8e767e5136d7c9d2661be4d3775b37790e404c17668ca7.exe	86
PID 2800 wrote to memory of 396	2800	eb1a65f5713c27718b8e767e5136d7c9d2661be4d3775b37790e404c17668ca7.exe	86
PID 2800 wrote to memory of 404	2800	eb1a65f5713c27718b8e767e5136d7c9d2661be4d3775b37790e404c17668ca7.exe	87
PID 2800 wrote to memory of 404	2800	eb1a65f5713c27718b8e767e5136d7c9d2661be4d3775b37790e404c17668ca7.exe	87
PID 2800 wrote to memory of 1248	2800	eb1a65f5713c27718b8e767e5136d7c9d2661be4d3775b37790e404c17668ca7.exe	88
PID 2800 wrote to memory of 1248	2800	eb1a65f5713c27718b8e767e5136d7c9d2661be4d3775b37790e404c17668ca7.exe	88
PID 2800 wrote to memory of 972	2800	eb1a65f5713c27718b8e767e5136d7c9d2661be4d3775b37790e404c17668ca7.exe	89
PID 2800 wrote to memory of 972	2800	eb1a65f5713c27718b8e767e5136d7c9d2661be4d3775b37790e404c17668ca7.exe	89
PID 2800 wrote to memory of 3692	2800	eb1a65f5713c27718b8e767e5136d7c9d2661be4d3775b37790e404c17668ca7.exe	90
PID 2800 wrote to memory of 3692	2800	eb1a65f5713c27718b8e767e5136d7c9d2661be4d3775b37790e404c17668ca7.exe	90
PID 2800 wrote to memory of 744	2800	eb1a65f5713c27718b8e767e5136d7c9d2661be4d3775b37790e404c17668ca7.exe	91
PID 2800 wrote to memory of 744	2800	eb1a65f5713c27718b8e767e5136d7c9d2661be4d3775b37790e404c17668ca7.exe	91
PID 2800 wrote to memory of 3468	2800	eb1a65f5713c27718b8e767e5136d7c9d2661be4d3775b37790e404c17668ca7.exe	92
PID 2800 wrote to memory of 3468	2800	eb1a65f5713c27718b8e767e5136d7c9d2661be4d3775b37790e404c17668ca7.exe	92
PID 2800 wrote to memory of 1204	2800	eb1a65f5713c27718b8e767e5136d7c9d2661be4d3775b37790e404c17668ca7.exe	93
PID 2800 wrote to memory of 1204	2800	eb1a65f5713c27718b8e767e5136d7c9d2661be4d3775b37790e404c17668ca7.exe	93
PID 2800 wrote to memory of 440	2800	eb1a65f5713c27718b8e767e5136d7c9d2661be4d3775b37790e404c17668ca7.exe	94
PID 2800 wrote to memory of 440	2800	eb1a65f5713c27718b8e767e5136d7c9d2661be4d3775b37790e404c17668ca7.exe	94
PID 2800 wrote to memory of 60	2800	eb1a65f5713c27718b8e767e5136d7c9d2661be4d3775b37790e404c17668ca7.exe	95
PID 2800 wrote to memory of 60	2800	eb1a65f5713c27718b8e767e5136d7c9d2661be4d3775b37790e404c17668ca7.exe	95
PID 2800 wrote to memory of 2788	2800	eb1a65f5713c27718b8e767e5136d7c9d2661be4d3775b37790e404c17668ca7.exe	96
PID 2800 wrote to memory of 2788	2800	eb1a65f5713c27718b8e767e5136d7c9d2661be4d3775b37790e404c17668ca7.exe	96
PID 2800 wrote to memory of 5000	2800	eb1a65f5713c27718b8e767e5136d7c9d2661be4d3775b37790e404c17668ca7.exe	97
PID 2800 wrote to memory of 5000	2800	eb1a65f5713c27718b8e767e5136d7c9d2661be4d3775b37790e404c17668ca7.exe	97
PID 2800 wrote to memory of 4932	2800	eb1a65f5713c27718b8e767e5136d7c9d2661be4d3775b37790e404c17668ca7.exe	98
PID 2800 wrote to memory of 4932	2800	eb1a65f5713c27718b8e767e5136d7c9d2661be4d3775b37790e404c17668ca7.exe	98
PID 2800 wrote to memory of 1400	2800	eb1a65f5713c27718b8e767e5136d7c9d2661be4d3775b37790e404c17668ca7.exe	99
PID 2800 wrote to memory of 1400	2800	eb1a65f5713c27718b8e767e5136d7c9d2661be4d3775b37790e404c17668ca7.exe	99
PID 2800 wrote to memory of 368	2800	eb1a65f5713c27718b8e767e5136d7c9d2661be4d3775b37790e404c17668ca7.exe	100
PID 2800 wrote to memory of 368	2800	eb1a65f5713c27718b8e767e5136d7c9d2661be4d3775b37790e404c17668ca7.exe	100
PID 2800 wrote to memory of 2328	2800	eb1a65f5713c27718b8e767e5136d7c9d2661be4d3775b37790e404c17668ca7.exe	101
PID 2800 wrote to memory of 2328	2800	eb1a65f5713c27718b8e767e5136d7c9d2661be4d3775b37790e404c17668ca7.exe	101
PID 2800 wrote to memory of 1680	2800	eb1a65f5713c27718b8e767e5136d7c9d2661be4d3775b37790e404c17668ca7.exe	102
PID 2800 wrote to memory of 1680	2800	eb1a65f5713c27718b8e767e5136d7c9d2661be4d3775b37790e404c17668ca7.exe	102
PID 2800 wrote to memory of 628	2800	eb1a65f5713c27718b8e767e5136d7c9d2661be4d3775b37790e404c17668ca7.exe	103
PID 2800 wrote to memory of 628	2800	eb1a65f5713c27718b8e767e5136d7c9d2661be4d3775b37790e404c17668ca7.exe	103
PID 2800 wrote to memory of 1936	2800	eb1a65f5713c27718b8e767e5136d7c9d2661be4d3775b37790e404c17668ca7.exe	104
PID 2800 wrote to memory of 1936	2800	eb1a65f5713c27718b8e767e5136d7c9d2661be4d3775b37790e404c17668ca7.exe	104
PID 2800 wrote to memory of 5092	2800	eb1a65f5713c27718b8e767e5136d7c9d2661be4d3775b37790e404c17668ca7.exe	105
PID 2800 wrote to memory of 5092	2800	eb1a65f5713c27718b8e767e5136d7c9d2661be4d3775b37790e404c17668ca7.exe	105
PID 2800 wrote to memory of 1548	2800	eb1a65f5713c27718b8e767e5136d7c9d2661be4d3775b37790e404c17668ca7.exe	106
PID 2800 wrote to memory of 1548	2800	eb1a65f5713c27718b8e767e5136d7c9d2661be4d3775b37790e404c17668ca7.exe	106
PID 2800 wrote to memory of 1712	2800	eb1a65f5713c27718b8e767e5136d7c9d2661be4d3775b37790e404c17668ca7.exe	107
PID 2800 wrote to memory of 1712	2800	eb1a65f5713c27718b8e767e5136d7c9d2661be4d3775b37790e404c17668ca7.exe	107
PID 2800 wrote to memory of 2700	2800	eb1a65f5713c27718b8e767e5136d7c9d2661be4d3775b37790e404c17668ca7.exe	108
PID 2800 wrote to memory of 2700	2800	eb1a65f5713c27718b8e767e5136d7c9d2661be4d3775b37790e404c17668ca7.exe	108
PID 2800 wrote to memory of 4688	2800	eb1a65f5713c27718b8e767e5136d7c9d2661be4d3775b37790e404c17668ca7.exe	109
PID 2800 wrote to memory of 4688	2800	eb1a65f5713c27718b8e767e5136d7c9d2661be4d3775b37790e404c17668ca7.exe	109
PID 2800 wrote to memory of 1816	2800	eb1a65f5713c27718b8e767e5136d7c9d2661be4d3775b37790e404c17668ca7.exe	110
PID 2800 wrote to memory of 1816	2800	eb1a65f5713c27718b8e767e5136d7c9d2661be4d3775b37790e404c17668ca7.exe	110
PID 2800 wrote to memory of 3988	2800	eb1a65f5713c27718b8e767e5136d7c9d2661be4d3775b37790e404c17668ca7.exe	111
PID 2800 wrote to memory of 3988	2800	eb1a65f5713c27718b8e767e5136d7c9d2661be4d3775b37790e404c17668ca7.exe	111
PID 2800 wrote to memory of 4576	2800	eb1a65f5713c27718b8e767e5136d7c9d2661be4d3775b37790e404c17668ca7.exe	112
PID 2800 wrote to memory of 4576	2800	eb1a65f5713c27718b8e767e5136d7c9d2661be4d3775b37790e404c17668ca7.exe	112
PID 2800 wrote to memory of 4648	2800	eb1a65f5713c27718b8e767e5136d7c9d2661be4d3775b37790e404c17668ca7.exe	113
PID 2800 wrote to memory of 4648	2800	eb1a65f5713c27718b8e767e5136d7c9d2661be4d3775b37790e404c17668ca7.exe	113
PID 2800 wrote to memory of 1512	2800	eb1a65f5713c27718b8e767e5136d7c9d2661be4d3775b37790e404c17668ca7.exe	114
PID 2800 wrote to memory of 1512	2800	eb1a65f5713c27718b8e767e5136d7c9d2661be4d3775b37790e404c17668ca7.exe	114
PID 2800 wrote to memory of 4628	2800	eb1a65f5713c27718b8e767e5136d7c9d2661be4d3775b37790e404c17668ca7.exe	115
PID 2800 wrote to memory of 4628	2800	eb1a65f5713c27718b8e767e5136d7c9d2661be4d3775b37790e404c17668ca7.exe	115
PID 2800 wrote to memory of 3908	2800	eb1a65f5713c27718b8e767e5136d7c9d2661be4d3775b37790e404c17668ca7.exe	116
PID 2800 wrote to memory of 3908	2800	eb1a65f5713c27718b8e767e5136d7c9d2661be4d3775b37790e404c17668ca7.exe	116

C:\Users\Admin\AppData\Local\Temp\eb1a65f5713c27718b8e767e5136d7c9d2661be4d3775b37790e404c17668ca7.exe
"C:\Users\Admin\AppData\Local\Temp\eb1a65f5713c27718b8e767e5136d7c9d2661be4d3775b37790e404c17668ca7.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2800
- C:\Windows\System\OHpGKSE.exe
  C:\Windows\System\OHpGKSE.exe
  2⤵
  - Executes dropped EXE
  PID:592
- C:\Windows\System\wfejWRF.exe
  C:\Windows\System\wfejWRF.exe
  2⤵
  - Executes dropped EXE
  PID:396
- C:\Windows\System\MiOWNBQ.exe
  C:\Windows\System\MiOWNBQ.exe
  2⤵
  - Executes dropped EXE
  PID:404
- C:\Windows\System\HtofuHp.exe
  C:\Windows\System\HtofuHp.exe
  2⤵
  - Executes dropped EXE
  PID:1248
- C:\Windows\System\LzrQUCI.exe
  C:\Windows\System\LzrQUCI.exe
  2⤵
  - Executes dropped EXE
  PID:972
- C:\Windows\System\HEPGKXY.exe
  C:\Windows\System\HEPGKXY.exe
  2⤵
  - Executes dropped EXE
  PID:3692
- C:\Windows\System\AYctRIY.exe
  C:\Windows\System\AYctRIY.exe
  2⤵
  - Executes dropped EXE
  PID:744
- C:\Windows\System\kYDbtJS.exe
  C:\Windows\System\kYDbtJS.exe
  2⤵
  - Executes dropped EXE
  PID:3468
- C:\Windows\System\QTcqUJw.exe
  C:\Windows\System\QTcqUJw.exe
  2⤵
  - Executes dropped EXE
  PID:1204
- C:\Windows\System\gvNJpbI.exe
  C:\Windows\System\gvNJpbI.exe
  2⤵
  - Executes dropped EXE
  PID:440
- C:\Windows\System\aSuNMPp.exe
  C:\Windows\System\aSuNMPp.exe
  2⤵
  - Executes dropped EXE
  PID:60
- C:\Windows\System\mpAPvOy.exe
  C:\Windows\System\mpAPvOy.exe
  2⤵
  - Executes dropped EXE
  PID:2788
- C:\Windows\System\kCUrxUa.exe
  C:\Windows\System\kCUrxUa.exe
  2⤵
  - Executes dropped EXE
  PID:5000
- C:\Windows\System\gAOuzka.exe
  C:\Windows\System\gAOuzka.exe
  2⤵
  - Executes dropped EXE
  PID:4932
- C:\Windows\System\NwKVdtF.exe
  C:\Windows\System\NwKVdtF.exe
  2⤵
  - Executes dropped EXE
  PID:1400
- C:\Windows\System\tWSvfFJ.exe
  C:\Windows\System\tWSvfFJ.exe
  2⤵
  - Executes dropped EXE
  PID:368
- C:\Windows\System\XloUWsL.exe
  C:\Windows\System\XloUWsL.exe
  2⤵
  - Executes dropped EXE
  PID:2328
- C:\Windows\System\hBpSiEq.exe
  C:\Windows\System\hBpSiEq.exe
  2⤵
  - Executes dropped EXE
  PID:1680
- C:\Windows\System\WMHNols.exe
  C:\Windows\System\WMHNols.exe
  2⤵
  - Executes dropped EXE
  PID:628
- C:\Windows\System\aZmsQUF.exe
  C:\Windows\System\aZmsQUF.exe
  2⤵
  - Executes dropped EXE
  PID:1936
- C:\Windows\System\KLBUpAl.exe
  C:\Windows\System\KLBUpAl.exe
  2⤵
  - Executes dropped EXE
  PID:5092
- C:\Windows\System\kluEANN.exe
  C:\Windows\System\kluEANN.exe
  2⤵
  - Executes dropped EXE
  PID:1548
- C:\Windows\System\sZkGeMC.exe
  C:\Windows\System\sZkGeMC.exe
  2⤵
  - Executes dropped EXE
  PID:1712
- C:\Windows\System\gatoysG.exe
  C:\Windows\System\gatoysG.exe
  2⤵
  - Executes dropped EXE
  PID:2700
- C:\Windows\System\HxASIqT.exe
  C:\Windows\System\HxASIqT.exe
  2⤵
  - Executes dropped EXE
  PID:4688
- C:\Windows\System\kOQRYfU.exe
  C:\Windows\System\kOQRYfU.exe
  2⤵
  - Executes dropped EXE
  PID:1816
- C:\Windows\System\hqgLJqA.exe
  C:\Windows\System\hqgLJqA.exe
  2⤵
  - Executes dropped EXE
  PID:3988
- C:\Windows\System\asSVler.exe
  C:\Windows\System\asSVler.exe
  2⤵
  - Executes dropped EXE
  PID:4576
- C:\Windows\System\apBniFo.exe
  C:\Windows\System\apBniFo.exe
  2⤵
  - Executes dropped EXE
  PID:4648
- C:\Windows\System\dFSMWFb.exe
  C:\Windows\System\dFSMWFb.exe
  2⤵
  - Executes dropped EXE
  PID:1512
- C:\Windows\System\qCQudDr.exe
  C:\Windows\System\qCQudDr.exe
  2⤵
  - Executes dropped EXE
  PID:4628
- C:\Windows\System\mKSbmoc.exe
  C:\Windows\System\mKSbmoc.exe
  2⤵
  - Executes dropped EXE
  PID:3908
- C:\Windows\System\fkJXPRp.exe
  C:\Windows\System\fkJXPRp.exe
  2⤵
  - Executes dropped EXE
  PID:5072
- C:\Windows\System\uGVJjuV.exe
  C:\Windows\System\uGVJjuV.exe
  2⤵
  - Executes dropped EXE
  PID:4616
- C:\Windows\System\vTcHLyS.exe
  C:\Windows\System\vTcHLyS.exe
  2⤵
  - Executes dropped EXE
  PID:1780
- C:\Windows\System\iZwpRrJ.exe
  C:\Windows\System\iZwpRrJ.exe
  2⤵
  - Executes dropped EXE
  PID:1192
- C:\Windows\System\BbSSDcm.exe
  C:\Windows\System\BbSSDcm.exe
  2⤵
  - Executes dropped EXE
  PID:760
- C:\Windows\System\qoeRlZG.exe
  C:\Windows\System\qoeRlZG.exe
  2⤵
  - Executes dropped EXE
  PID:3736
- C:\Windows\System\VzIPyeS.exe
  C:\Windows\System\VzIPyeS.exe
  2⤵
  - Executes dropped EXE
  PID:2628
- C:\Windows\System\pEkaPDw.exe
  C:\Windows\System\pEkaPDw.exe
  2⤵
  - Executes dropped EXE
  PID:1508
- C:\Windows\System\AqEYtPi.exe
  C:\Windows\System\AqEYtPi.exe
  2⤵
  - Executes dropped EXE
  PID:2740
- C:\Windows\System\djuTjcM.exe
  C:\Windows\System\djuTjcM.exe
  2⤵
  - Executes dropped EXE
  PID:1732
- C:\Windows\System\gyflLFk.exe
  C:\Windows\System\gyflLFk.exe
  2⤵
  - Executes dropped EXE
  PID:2140
- C:\Windows\System\ZpaZReg.exe
  C:\Windows\System\ZpaZReg.exe
  2⤵
  - Executes dropped EXE
  PID:3604
- C:\Windows\System\VMuTyla.exe
  C:\Windows\System\VMuTyla.exe
  2⤵
  - Executes dropped EXE
  PID:3152
- C:\Windows\System\UqSlfML.exe
  C:\Windows\System\UqSlfML.exe
  2⤵
  - Executes dropped EXE
  PID:4964
- C:\Windows\System\XYPNLDp.exe
  C:\Windows\System\XYPNLDp.exe
  2⤵
  - Executes dropped EXE
  PID:184
- C:\Windows\System\iObivxC.exe
  C:\Windows\System\iObivxC.exe
  2⤵
  - Executes dropped EXE
  PID:4944
- C:\Windows\System\gkzYolS.exe
  C:\Windows\System\gkzYolS.exe
  2⤵
  - Executes dropped EXE
  PID:4044
- C:\Windows\System\jNuIOup.exe
  C:\Windows\System\jNuIOup.exe
  2⤵
  - Executes dropped EXE
  PID:2344
- C:\Windows\System\OPWPzEK.exe
  C:\Windows\System\OPWPzEK.exe
  2⤵
  - Executes dropped EXE
  PID:4728
- C:\Windows\System\KEaCMbP.exe
  C:\Windows\System\KEaCMbP.exe
  2⤵
  - Executes dropped EXE
  PID:516
- C:\Windows\System\MYDRORM.exe
  C:\Windows\System\MYDRORM.exe
  2⤵
  - Executes dropped EXE
  PID:696
- C:\Windows\System\zeoibxh.exe
  C:\Windows\System\zeoibxh.exe
  2⤵
  - Executes dropped EXE
  PID:3896
- C:\Windows\System\iDdEJoT.exe
  C:\Windows\System\iDdEJoT.exe
  2⤵
  - Executes dropped EXE
  PID:456
- C:\Windows\System\VXAnMXg.exe
  C:\Windows\System\VXAnMXg.exe
  2⤵
  - Executes dropped EXE
  PID:3632
- C:\Windows\System\bEQotLT.exe
  C:\Windows\System\bEQotLT.exe
  2⤵
  - Executes dropped EXE
  PID:1036
- C:\Windows\System\iOaaeyM.exe
  C:\Windows\System\iOaaeyM.exe
  2⤵
  - Executes dropped EXE
  PID:3616
- C:\Windows\System\PiWaorL.exe
  C:\Windows\System\PiWaorL.exe
  2⤵
  - Executes dropped EXE
  PID:2760
- C:\Windows\System\NfXsENv.exe
  C:\Windows\System\NfXsENv.exe
  2⤵
  - Executes dropped EXE
  PID:4936
- C:\Windows\System\fsNTDqY.exe
  C:\Windows\System\fsNTDqY.exe
  2⤵
  - Executes dropped EXE
  PID:1008
- C:\Windows\System\PizjtbU.exe
  C:\Windows\System\PizjtbU.exe
  2⤵
  - Executes dropped EXE
  PID:1536
- C:\Windows\System\fbVZzrN.exe
  C:\Windows\System\fbVZzrN.exe
  2⤵
  - Executes dropped EXE
  PID:4124
- C:\Windows\System\QaJGnjm.exe
  C:\Windows\System\QaJGnjm.exe
  2⤵
  - Executes dropped EXE
  PID:4880
- C:\Windows\System\QtpDNHR.exe
  C:\Windows\System\QtpDNHR.exe
  2⤵
  PID:4900
- C:\Windows\System\prdrsIh.exe
  C:\Windows\System\prdrsIh.exe
  2⤵
  PID:1524
- C:\Windows\System\njsAlNv.exe
  C:\Windows\System\njsAlNv.exe
  2⤵
  PID:1528
- C:\Windows\System\iufWiys.exe
  C:\Windows\System\iufWiys.exe
  2⤵
  PID:3064
- C:\Windows\System\dhkgTqX.exe
  C:\Windows\System\dhkgTqX.exe
  2⤵
  PID:3756
- C:\Windows\System\ZlYDVHg.exe
  C:\Windows\System\ZlYDVHg.exe
  2⤵
  PID:780
- C:\Windows\System\BqVWvrW.exe
  C:\Windows\System\BqVWvrW.exe
  2⤵
  PID:2248
- C:\Windows\System\tsbEHhg.exe
  C:\Windows\System\tsbEHhg.exe
  2⤵
  PID:3012
- C:\Windows\System\VbJFLxV.exe
  C:\Windows\System\VbJFLxV.exe
  2⤵
  PID:1208
- C:\Windows\System\pALvefx.exe
  C:\Windows\System\pALvefx.exe
  2⤵
  PID:4140
- C:\Windows\System\OwBFOPC.exe
  C:\Windows\System\OwBFOPC.exe
  2⤵
  PID:2476
- C:\Windows\System\DgNrIDJ.exe
  C:\Windows\System\DgNrIDJ.exe
  2⤵
  PID:2664
- C:\Windows\System\iwrIkUu.exe
  C:\Windows\System\iwrIkUu.exe
  2⤵
  PID:3484
- C:\Windows\System\dyCHVdV.exe
  C:\Windows\System\dyCHVdV.exe
  2⤵
  PID:2888
- C:\Windows\System\DSlWknj.exe
  C:\Windows\System\DSlWknj.exe
  2⤵
  PID:2012
- C:\Windows\System\JyEIRjs.exe
  C:\Windows\System\JyEIRjs.exe
  2⤵
  PID:3488
- C:\Windows\System\qBoUDam.exe
  C:\Windows\System\qBoUDam.exe
  2⤵
  PID:4956
- C:\Windows\System\fJQsdyf.exe
  C:\Windows\System\fJQsdyf.exe
  2⤵
  PID:3096
- C:\Windows\System\IvUDAZS.exe
  C:\Windows\System\IvUDAZS.exe
  2⤵
  PID:3296
- C:\Windows\System\ERvxfeK.exe
  C:\Windows\System\ERvxfeK.exe
  2⤵
  PID:4264
- C:\Windows\System\gAhdRtr.exe
  C:\Windows\System\gAhdRtr.exe
  2⤵
  PID:976
- C:\Windows\System\XKzkxSW.exe
  C:\Windows\System\XKzkxSW.exe
  2⤵
  PID:3464
- C:\Windows\System\GhfoeMJ.exe
  C:\Windows\System\GhfoeMJ.exe
  2⤵
  PID:4708
- C:\Windows\System\rGNPuOt.exe
  C:\Windows\System\rGNPuOt.exe
  2⤵
  PID:5140
- C:\Windows\System\SbqZSaC.exe
  C:\Windows\System\SbqZSaC.exe
  2⤵
  PID:5168
- C:\Windows\System\vkvrEmH.exe
  C:\Windows\System\vkvrEmH.exe
  2⤵
  PID:5200
- C:\Windows\System\aNRzlJf.exe
  C:\Windows\System\aNRzlJf.exe
  2⤵
  PID:5228
- C:\Windows\System\YxJGVPk.exe
  C:\Windows\System\YxJGVPk.exe
  2⤵
  PID:5256
- C:\Windows\System\FjSWHrB.exe
  C:\Windows\System\FjSWHrB.exe
  2⤵
  PID:5280
- C:\Windows\System\kNomnPr.exe
  C:\Windows\System\kNomnPr.exe
  2⤵
  PID:5312
- C:\Windows\System\NtkLiZD.exe
  C:\Windows\System\NtkLiZD.exe
  2⤵
  PID:5344
- C:\Windows\System\GtTllzj.exe
  C:\Windows\System\GtTllzj.exe
  2⤵
  PID:5368
- C:\Windows\System\BvHxcou.exe
  C:\Windows\System\BvHxcou.exe
  2⤵
  PID:5400
- C:\Windows\System\UnDPuEx.exe
  C:\Windows\System\UnDPuEx.exe
  2⤵
  PID:5424
- C:\Windows\System\WixnNpZ.exe
  C:\Windows\System\WixnNpZ.exe
  2⤵
  PID:5452
- C:\Windows\System\KSFeagb.exe
  C:\Windows\System\KSFeagb.exe
  2⤵
  PID:5480
- C:\Windows\System\VosqyNy.exe
  C:\Windows\System\VosqyNy.exe
  2⤵
  PID:5508
- C:\Windows\System\YBhTyDW.exe
  C:\Windows\System\YBhTyDW.exe
  2⤵
  PID:5536
- C:\Windows\System\XzVjHFh.exe
  C:\Windows\System\XzVjHFh.exe
  2⤵
  PID:5564
- C:\Windows\System\nmTdnay.exe
  C:\Windows\System\nmTdnay.exe
  2⤵
  PID:5592
- C:\Windows\System\jNthfCw.exe
  C:\Windows\System\jNthfCw.exe
  2⤵
  PID:5620
- C:\Windows\System\tUNCYgI.exe
  C:\Windows\System\tUNCYgI.exe
  2⤵
  PID:5648
- C:\Windows\System\bkjdoic.exe
  C:\Windows\System\bkjdoic.exe
  2⤵
  PID:5684
- C:\Windows\System\jGbsRiR.exe
  C:\Windows\System\jGbsRiR.exe
  2⤵
  PID:5716
- C:\Windows\System\AUBKeLi.exe
  C:\Windows\System\AUBKeLi.exe
  2⤵
  PID:5744
- C:\Windows\System\DnntwxD.exe
  C:\Windows\System\DnntwxD.exe
  2⤵
  PID:5760
- C:\Windows\System\piBTDcn.exe
  C:\Windows\System\piBTDcn.exe
  2⤵
  PID:5788
- C:\Windows\System\NZqMpAD.exe
  C:\Windows\System\NZqMpAD.exe
  2⤵
  PID:5816
- C:\Windows\System\CcqZOwb.exe
  C:\Windows\System\CcqZOwb.exe
  2⤵
  PID:5844
- C:\Windows\System\aGwgLWy.exe
  C:\Windows\System\aGwgLWy.exe
  2⤵
  PID:5872
- C:\Windows\System\cIafEWQ.exe
  C:\Windows\System\cIafEWQ.exe
  2⤵
  PID:5900
- C:\Windows\System\AVlEIFj.exe
  C:\Windows\System\AVlEIFj.exe
  2⤵
  PID:5928
- C:\Windows\System\agIiWfU.exe
  C:\Windows\System\agIiWfU.exe
  2⤵
  PID:5956
- C:\Windows\System\GMTPlrR.exe
  C:\Windows\System\GMTPlrR.exe
  2⤵
  PID:5984
- C:\Windows\System\rlQxAzg.exe
  C:\Windows\System\rlQxAzg.exe
  2⤵
  PID:6012
- C:\Windows\System\pNroirr.exe
  C:\Windows\System\pNroirr.exe
  2⤵
  PID:6040
- C:\Windows\System\ESevqaD.exe
  C:\Windows\System\ESevqaD.exe
  2⤵
  PID:6068
- C:\Windows\System\EgmUdyi.exe
  C:\Windows\System\EgmUdyi.exe
  2⤵
  PID:6096
- C:\Windows\System\nJMNUHZ.exe
  C:\Windows\System\nJMNUHZ.exe
  2⤵
  PID:6124
- C:\Windows\System\ZbqAbCZ.exe
  C:\Windows\System\ZbqAbCZ.exe
  2⤵
  PID:4912
- C:\Windows\System\PUpsinp.exe
  C:\Windows\System\PUpsinp.exe
  2⤵
  PID:4244
- C:\Windows\System\HkGDExh.exe
  C:\Windows\System\HkGDExh.exe
  2⤵
  PID:2008
- C:\Windows\System\uvXDRvw.exe
  C:\Windows\System\uvXDRvw.exe
  2⤵
  PID:1160
- C:\Windows\System\rBYNCTD.exe
  C:\Windows\System\rBYNCTD.exe
  2⤵
  PID:1940
- C:\Windows\System\GVhaDQG.exe
  C:\Windows\System\GVhaDQG.exe
  2⤵
  PID:3588
- C:\Windows\System\YGebZcd.exe
  C:\Windows\System\YGebZcd.exe
  2⤵
  PID:5124
- C:\Windows\System\rElHlqX.exe
  C:\Windows\System\rElHlqX.exe
  2⤵
  PID:5188
- C:\Windows\System\ZgLrvpd.exe
  C:\Windows\System\ZgLrvpd.exe
  2⤵
  PID:5248
- C:\Windows\System\BaiUhfd.exe
  C:\Windows\System\BaiUhfd.exe
  2⤵
  PID:5304
- C:\Windows\System\HueKbOb.exe
  C:\Windows\System\HueKbOb.exe
  2⤵
  PID:5380
- C:\Windows\System\hInKKZa.exe
  C:\Windows\System\hInKKZa.exe
  2⤵
  PID:3744
- C:\Windows\System\rEpxCqe.exe
  C:\Windows\System\rEpxCqe.exe
  2⤵
  PID:5496
- C:\Windows\System\yBCZYDE.exe
  C:\Windows\System\yBCZYDE.exe
  2⤵
  PID:5556
- C:\Windows\System\zMzuDgn.exe
  C:\Windows\System\zMzuDgn.exe
  2⤵
  PID:5632
- C:\Windows\System\jOziTIw.exe
  C:\Windows\System\jOziTIw.exe
  2⤵
  PID:5700
- C:\Windows\System\fMLyCvX.exe
  C:\Windows\System\fMLyCvX.exe
  2⤵
  PID:5752
- C:\Windows\System\KqiCmwv.exe
  C:\Windows\System\KqiCmwv.exe
  2⤵
  PID:5828
- C:\Windows\System\xNoPNpK.exe
  C:\Windows\System\xNoPNpK.exe
  2⤵
  PID:5888
- C:\Windows\System\FNqxVFx.exe
  C:\Windows\System\FNqxVFx.exe
  2⤵
  PID:2120
- C:\Windows\System\GcpFfbH.exe
  C:\Windows\System\GcpFfbH.exe
  2⤵
  PID:6000
- C:\Windows\System\dpNPWeT.exe
  C:\Windows\System\dpNPWeT.exe
  2⤵
  PID:6060
- C:\Windows\System\EzOSkFo.exe
  C:\Windows\System\EzOSkFo.exe
  2⤵
  PID:6136
- C:\Windows\System\nlPmgHB.exe
  C:\Windows\System\nlPmgHB.exe
  2⤵
  PID:2636
- C:\Windows\System\GvIYYyC.exe
  C:\Windows\System\GvIYYyC.exe
  2⤵
  PID:3456
- C:\Windows\System\gonKIMW.exe
  C:\Windows\System\gonKIMW.exe
  2⤵
  PID:5160
- C:\Windows\System\qNZKMZG.exe
  C:\Windows\System\qNZKMZG.exe
  2⤵
  PID:5296
- C:\Windows\System\pfppMfb.exe
  C:\Windows\System\pfppMfb.exe
  2⤵
  PID:5420
- C:\Windows\System\HuIqOKZ.exe
  C:\Windows\System\HuIqOKZ.exe
  2⤵
  PID:5528
- C:\Windows\System\xLYmhRD.exe
  C:\Windows\System\xLYmhRD.exe
  2⤵
  PID:5668
- C:\Windows\System\oyhxDuj.exe
  C:\Windows\System\oyhxDuj.exe
  2⤵
  PID:5856
- C:\Windows\System\qokGlOg.exe
  C:\Windows\System\qokGlOg.exe
  2⤵
  PID:5972
- C:\Windows\System\OvchCIk.exe
  C:\Windows\System\OvchCIk.exe
  2⤵
  PID:6168
- C:\Windows\System\rBBRkiL.exe
  C:\Windows\System\rBBRkiL.exe
  2⤵
  PID:6196
- C:\Windows\System\iOSiNIm.exe
  C:\Windows\System\iOSiNIm.exe
  2⤵
  PID:6224
- C:\Windows\System\MKRuQzJ.exe
  C:\Windows\System\MKRuQzJ.exe
  2⤵
  PID:6252
- C:\Windows\System\EeMIvwT.exe
  C:\Windows\System\EeMIvwT.exe
  2⤵
  PID:6276
- C:\Windows\System\qHaVCrt.exe
  C:\Windows\System\qHaVCrt.exe
  2⤵
  PID:6304
- C:\Windows\System\UPshNnO.exe
  C:\Windows\System\UPshNnO.exe
  2⤵
  PID:6332
- C:\Windows\System\PYpTaUw.exe
  C:\Windows\System\PYpTaUw.exe
  2⤵
  PID:6364
- C:\Windows\System\RlHExcI.exe
  C:\Windows\System\RlHExcI.exe
  2⤵
  PID:6392
- C:\Windows\System\QZIqYeI.exe
  C:\Windows\System\QZIqYeI.exe
  2⤵
  PID:6420
- C:\Windows\System\mjVjgUU.exe
  C:\Windows\System\mjVjgUU.exe
  2⤵
  PID:6448
- C:\Windows\System\KBDWVSX.exe
  C:\Windows\System\KBDWVSX.exe
  2⤵
  PID:6476
- C:\Windows\System\KbkQfhF.exe
  C:\Windows\System\KbkQfhF.exe
  2⤵
  PID:6504
- C:\Windows\System\uKnBPoR.exe
  C:\Windows\System\uKnBPoR.exe
  2⤵
  PID:6532
- C:\Windows\System\yselAyk.exe
  C:\Windows\System\yselAyk.exe
  2⤵
  PID:6556
- C:\Windows\System\SSBylUI.exe
  C:\Windows\System\SSBylUI.exe
  2⤵
  PID:6584
- C:\Windows\System\BEhhjhg.exe
  C:\Windows\System\BEhhjhg.exe
  2⤵
  PID:6616
- C:\Windows\System\JfKWbGr.exe
  C:\Windows\System\JfKWbGr.exe
  2⤵
  PID:6644
- C:\Windows\System\dwVcntZ.exe
  C:\Windows\System\dwVcntZ.exe
  2⤵
  PID:6676
- C:\Windows\System\ueAPhvw.exe
  C:\Windows\System\ueAPhvw.exe
  2⤵
  PID:6704
- C:\Windows\System\dgQZWER.exe
  C:\Windows\System\dgQZWER.exe
  2⤵
  PID:6732
- C:\Windows\System\plRRtKE.exe
  C:\Windows\System\plRRtKE.exe
  2⤵
  PID:6760
- C:\Windows\System\gGhgsnk.exe
  C:\Windows\System\gGhgsnk.exe
  2⤵
  PID:6788
- C:\Windows\System\QsljOCb.exe
  C:\Windows\System\QsljOCb.exe
  2⤵
  PID:7080
- C:\Windows\System\ebBkGHL.exe
  C:\Windows\System\ebBkGHL.exe
  2⤵
  PID:7096
- C:\Windows\System\pIcXheK.exe
  C:\Windows\System\pIcXheK.exe
  2⤵
  PID:7112
- C:\Windows\System\MvTaxwQ.exe
  C:\Windows\System\MvTaxwQ.exe
  2⤵
  PID:7128
- C:\Windows\System\jtjgRGn.exe
  C:\Windows\System\jtjgRGn.exe
  2⤵
  PID:7160
- C:\Windows\System\tWNlUdj.exe
  C:\Windows\System\tWNlUdj.exe
  2⤵
  PID:6032
- C:\Windows\System\EcFfMlF.exe
  C:\Windows\System\EcFfMlF.exe
  2⤵
  PID:536
- C:\Windows\System\IlOCBjs.exe
  C:\Windows\System\IlOCBjs.exe
  2⤵
  PID:2612
- C:\Windows\System\KDIREQE.exe
  C:\Windows\System\KDIREQE.exe
  2⤵
  PID:1476
- C:\Windows\System\YcZCWyy.exe
  C:\Windows\System\YcZCWyy.exe
  2⤵
  PID:5408
- C:\Windows\System\BKnFoQb.exe
  C:\Windows\System\BKnFoQb.exe
  2⤵
  PID:1216
- C:\Windows\System\fwpSdxR.exe
  C:\Windows\System\fwpSdxR.exe
  2⤵
  PID:6184
- C:\Windows\System\RISLMSC.exe
  C:\Windows\System\RISLMSC.exe
  2⤵
  PID:6324
- C:\Windows\System\EmKjIZx.exe
  C:\Windows\System\EmKjIZx.exe
  2⤵
  PID:6356
- C:\Windows\System\LpSHaop.exe
  C:\Windows\System\LpSHaop.exe
  2⤵
  PID:3048
- C:\Windows\System\xANQKCi.exe
  C:\Windows\System\xANQKCi.exe
  2⤵
  PID:6460
- C:\Windows\System\gzpJwAj.exe
  C:\Windows\System\gzpJwAj.exe
  2⤵
  PID:6496
- C:\Windows\System\UTjfKba.exe
  C:\Windows\System\UTjfKba.exe
  2⤵
  PID:6600
- C:\Windows\System\KmgYLCt.exe
  C:\Windows\System\KmgYLCt.exe
  2⤵
  PID:3928
- C:\Windows\System\ZkYbSxZ.exe
  C:\Windows\System\ZkYbSxZ.exe
  2⤵
  PID:6664

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System\AYctRIY.exe

Filesize
1.4MB

MD5
863ac41daf8f9f058c631e8062bdae2e

SHA1
997abcaf925c3c3889cd812e42a4391d712f72d9

SHA256
c99fb95554499c8f75abd895cd8c0e196244a2bbe8cc35dcde73af10cae11fb6

SHA512
cff148aebfe786e22361f655a65baf49b7115c4b80e2b7782132ff5b40c9bce830b3286ecb3b09804558908b0cd4dee5372eec108cc9ce1f6e5c22a108a0ff7a

Download Submit
C:\Windows\System\HEPGKXY.exe

Filesize
1.4MB

MD5
d0d40cddcb648ce84aa787c90b31a049

SHA1
d2bddd1fda4477d7b89f8710796e9dc79355f18d

SHA256
bd1f565f5510a368bea09756596ab974f984b94f480b97a913fb7cbe1a8acd4e

SHA512
228a69fb1179f50e1d5fd910de754da219d5a2ed5906bcce1124914ce3e79322ab8b2a1bd2bc3500de554abf5530b132967b53a74e22a5dce42ee21af6efb600

Download Submit
C:\Windows\System\HtofuHp.exe

Filesize
1.4MB

MD5
9c593e3eaf906e488856662b4e6286a5

SHA1
08c12da258a6ad60ecf5bce1a376477be69d1435

SHA256
b3bda69a05b74333053c45b6a4892bc9bfc14ec8e63ada1f1906b444abbcf9fa

SHA512
785801ebd329a175ed66a9923ff3afd38118051bfde70618effe7c3c8e73612168d7fce32e5a09014271bf4129c7390dac5e5ca14f517d4cd9602d7d92e9b25d

Download Submit
C:\Windows\System\HxASIqT.exe

Filesize
1.4MB

MD5
a4f92839c8ea61b18907a6a6c1f5d427

SHA1
7e423a0970c47b480f365967d15107333a33bb4c

SHA256
e408784787ba5ef506fe95067469135d690b276fea82e36c30aa76adaa540927

SHA512
e329d4cf4c063499daf758f7a36ca2a0b151e390042397e0f848b871cc86eea81b010b4e142e4163bc9b0ea7f20975882489cb7ddf5a84161c682b59b0cc8daa

Download Submit
C:\Windows\System\KLBUpAl.exe

Filesize
1.4MB

MD5
1bc702aa142018efef493c7a2cfd65ea

SHA1
9ebb35614691f52e8552bc5737cc73b7eba9846a

SHA256
ac91f31e22b858c09fc6eb2f3cb91792aae3c9c252c964e1abc333684f193959

SHA512
18a20a9ae57dc5e2460fbf06cbc5ccfc72ef3d8472284e1bb62c673c3432b3d41d83fb6fff5ecffc17ad2259820213d27b49709c884b6cf59a97a99f88469e5f

Download Submit
C:\Windows\System\LzrQUCI.exe

Filesize
1.4MB

MD5
8ed04ed9a9a2ba4f91a6626e1b3e0c4b

SHA1
647dd7935b0b4467363bf84d567d8075e20e67ac

SHA256
c973cfd7074d5c3949394944b41ba89c69384636614f310e3ab54340f3a00d8a

SHA512
177d16d70ad28cf2df31f621865898ac116ccd9fece07076259c2b4c0999468bfad84277f5f8f6bc51c8bdf8326e05500c5df6aab6850e6c55b1238caeff15ef

Download Submit
C:\Windows\System\MiOWNBQ.exe

Filesize
1.4MB

MD5
cabaef81d5bf78f12c28e8c1f72a78ac

SHA1
532f758626766fcdf89b66bc9618bd519b687d6a

SHA256
c1c64737c9958b61ff656430c832e0bed0ef78af13a3475c34f968571183bf39

SHA512
f26e856bed1cc0ede36f127b8c1f2c0cef67293aa3dae3b6e1cd381188266014c98438e97afeb5fb6ed63a1f88f5436546adafca4a3fa5d8c2c27d98e3814e42

Download Submit
C:\Windows\System\NwKVdtF.exe

Filesize
1.4MB

MD5
0fe4690cce2066d920170c2dc666cff5

SHA1
12add2ef3cadba0bde38c56b640cbc5007c4c0ee

SHA256
fdec5b9de1e9de69a2c6c204ede03bc0b61ebc60014e4e8a99cd1a58f24c47e1

SHA512
a6b101adf85d3a5b7b54a7809836e847fd72e4943604e865c227eb494d9171373875755c3e08cfd66d695934976f1fd317a80695cde5031791061e95de336551

Download Submit
C:\Windows\System\OHpGKSE.exe

Filesize
1.4MB

MD5
26ad4396c052112f2eb11c625d8b0b92

SHA1
b3616cf12407fb300327a265c30c27494bb31ebe

SHA256
c232950614c5ba44d6461a02942575d39e0a33740027490727769ff9f6bc90aa

SHA512
b964d8cb960aab5d77cdf651dac97765b4f5081c1a1376d056ce3ec8c5fe838644d19b826784b3265141c15d7c28f71a680ec77d236d9c8355e816e6f5184ad6

Download Submit
C:\Windows\System\QTcqUJw.exe

Filesize
1.4MB

MD5
955917dfbfa200b828cccdcea8e7d4f8

SHA1
c34a2085c7cdc3bf9a40eda11da16bbadda59f55

SHA256
db804a4f360f7403190bbf2097c478767017e0cfbbb69c662596afbbf30794f5

SHA512
2aba8015ee41242d663a48c8853c593ed39e8ad2f318e476f7e78e51e4ca9659c4389e7b61db7c28175686e50cfeee6360b21ab93aea6607756d13143750b168

Download Submit
C:\Windows\System\WMHNols.exe

Filesize
1.4MB

MD5
71160c40417d8480a2da2a7dd54fb750

SHA1
5ae245210a1700e096b5ad7c7d1fe87458a73795

SHA256
494dcd1404f4afdf12c6c4b59492aa3faa266f41b13babd0989666b3ff2aba97

SHA512
1e9eb3a665b77d466a019d629099ce1f0ccc1a024500c830ee85d621157fc45e155ee5a4cc7e2db10ff07bc382b4b9e31f47688c8ddbb668b8f47edcdc960a18

Download Submit
C:\Windows\System\XloUWsL.exe

Filesize
1.4MB

MD5
12a3393c2d700def33167488945f9efb

SHA1
709916ea3dc6b2b71130319036d59f8b817219f8

SHA256
56c59f0734a4b79ad316a4f55588f0c49f77158e4485ff1e7a99041bfe9ccb40

SHA512
c09d25b8f31c59121e180427fb7557a6962aed1b0ab30918efd09480d5ffc20e8d7ec9213aa19ce5178cb8ec66a73b1c56563d49d219a0a41b00b20bf8c29f15

Download Submit
C:\Windows\System\aSuNMPp.exe

Filesize
1.4MB

MD5
f2256f8d84dfec0b36e794d1438f1b12

SHA1
1a9a00be1278590d69fe3098ae7df45ead9dbfda

SHA256
408b44ecfe1a8bfdf689277578775f14d1aa2f2d055bf214bb2a7f641b9f45bd

SHA512
911398e7ccc623a90e711f10dac14a2574505d2ad355ba9587d26a5d14971010289b320a267a2107079e2328905d7d9e36703a60d01f01d375dc19aad81f9ec1

Download Submit
C:\Windows\System\aZmsQUF.exe

Filesize
1.4MB

MD5
a1d6c0183bc2585d959e78b84aaa362b

SHA1
5f3607384613e5c5a16a7b11d028e7618859a8ae

SHA256
852f4137bbf035b28f8ab0eb2e5295c54f84bff20c63c1d376be6ba8b1adf860

SHA512
90ee9a80a7a5fa472fe20b620a0109cf59d11928511f3c823d2b3b371c186550b8d60440099e0005b82f729a675cc62b878f0d3e98c574c79b19b4d2ce747b18

Download Submit
C:\Windows\System\apBniFo.exe

Filesize
1.4MB

MD5
a3d9954fc621c7c501f6640abb03bf60

SHA1
1bceb0afe75586b5656f60ca4a41657afe7ff9ad

SHA256
9b6bdd628313f9d2e5684b4231308d24fd8c6a57facaaabb7dd3f85dcd270f6b

SHA512
742b947ac4f7e2ec7eb5e6f128ba7e14737882b1559aa908f0baeea69c0db8642c0f7556d232a0a644cda920fe62c23bce74eb6c6be71e1235353c9e3245cc19

Download Submit
C:\Windows\System\asSVler.exe

Filesize
1.4MB

MD5
2326ab4616ea4edbe3b1fecb0e1421e7

SHA1
9ae4ad1d3ae0df04ffac8cba7455bcd4306a401c

SHA256
00dd2c685d3f1506a9cffddf690a3e1df36427a751f5f65cb62316eff6a8ce7f

SHA512
4e4b9ad3370e7bfb954273e6730ab332d4cb71457b2dc752e02219db0503203a383204758cb9ed9d61d15b42e4a4d0c13ec5118a9b754249607a5bad809f760e

Download Submit
C:\Windows\System\dFSMWFb.exe

Filesize
1.4MB

MD5
2c5b292923fd84214156061d8d1a8f0b

SHA1
5b3e78954d9ee4b70fbb63192ddc79acd3cfd5e1

SHA256
240648d2a2fdc5fed1f4c9bf72b78056e408779c682b62b98966fc6c2262718c

SHA512
08e0928427109c1435cf76a5863027df614082179da9a5a16901187f95596bd16f8d7c434b1ff8a22487eecb1f278be41863d043d31b761ebbbd4df7abdf48f0

Download Submit
C:\Windows\System\fkJXPRp.exe

Filesize
1.4MB

MD5
9f3a52e061388b08fc643351b07d86c3

SHA1
51a74be66c437a580d33c5448e95b8c481bf2740

SHA256
f4597c5ca2d1d5bce5c55ae098f70c6591795e3ce875a46b14b2810010509995

SHA512
35ab6e7505ac3b4bb7f341c192eedd5c17e9a51b6d273f6cef228934383ce132b9376a387d16fd20e39e650b2097adc960d0a87e3a75e91ed45e08ee1443f03b

Download Submit
C:\Windows\System\gAOuzka.exe

Filesize
1.4MB

MD5
92bfad6e29dff21f7b4f6a510a2499f0

SHA1
8e8cbd5562040360b2aec5acf03204225370a6de

SHA256
d0e92c8fc8539f7db4d374040e76266cb29495c0af3df176e1445a31fe5e89dd

SHA512
2845ccb56405b168f1aa523dfcbb454de35f3ef0fc99a1b167ec3f9a430bba550b56745dcc63fb0cd561bb276f7dea411ef6c3ce74fddf8435196ce0da5e3dfd

Download Submit
C:\Windows\System\gatoysG.exe

Filesize
1.4MB

MD5
a0be04daae03f51845f73720e46005a4

SHA1
39f9c77673f25275be366e1c3dc734fa61a68ec2

SHA256
93f6d96fdbfe1e12f7eabdb3519b6ce341e729a28d35bd2887b127e25adc8786

SHA512
8bc7f92ae74c853c094b421527126ae82a8fdfddb255f306481bb2e5eb21b04a55f3fde014443247405f831ef8b59203a78558a945a6ffc385a3e2fc2364416a

Download Submit
C:\Windows\System\gvNJpbI.exe

Filesize
1.4MB

MD5
07ebb9e21a476bd6ea136ddc1a531baf

SHA1
f3a488568123fd00a3c52d1573b69b2c479740b4

SHA256
c04f6bb0e143c53f7e1b3c0d3e92c6d7217524852fb22c7dc3bda6fcc8cae204

SHA512
2ac93c34c3be7fee39a2a329135a1cb80ba073d6c93a6fdfb98fe3b6d344b801070a8f60cd1ea5c6df85c8f6f6ad943acac10b63e051dec5fed622a5f8dbfe42

Download Submit
C:\Windows\System\hBpSiEq.exe

Filesize
1.4MB

MD5
b10fd959b177aa2a69632ecaa1d731cf

SHA1
59f544768b55ec38ab219ee90fcad553087854ec

SHA256
4079c1eb9cf5ec9586c973230e48ea34b1027348b1fdf9323742700f3f5fea58

SHA512
bfc7537bc71fe38b5fb3adbe4feac6b9e17e64bcedb5b1b1a690ec89ba09f8506ef2961c35d1f2645bea307e29b3431f03d5c3f66a53c6bd557485009d251d81

Download Submit
C:\Windows\System\hqgLJqA.exe

Filesize
1.4MB

MD5
744fb1cdd9940c025c3001989c44be59

SHA1
2a64edecdb532075f7564304820d9ba6f2a3ee00

SHA256
7fa3ec4624b3c4c801bef9969e370dce8b8a2e3d9e26f5c44a9f6e6b7ab01cde

SHA512
e6dc20688b69b014cd201e391e7d2ea4ebaa14f4988345111b43f205a70217638e274411efdd599e6a5487c12d7ffba7f0e0fc8cbeec0325682b81a3953c5e62

Download Submit
C:\Windows\System\kCUrxUa.exe

Filesize
1.4MB

MD5
81aebe312ddf93c46e08cdd6085e7d8a

SHA1
f639fcdec0fb546705c1cc3b410a05842a4c01fd

SHA256
35a11f0fb9bc455ff60413228aa0dfa2d5cc93ca77e9789f19a034fde13c0152

SHA512
3206a3eb05160a2eeafa81d4531ff85f488bead62df0d3d37d35bc5742fd6c65a0a2058e7225110325ebd4191669b4aedb3611a593d26d38799b38debb01a452

Download Submit
C:\Windows\System\kOQRYfU.exe

Filesize
1.4MB

MD5
9dc21670b2a9a29c91db57bacbebadad

SHA1
7b699e57484d703a6547e71cb542400c85e8cd9d

SHA256
e61ef9409d7548cac084aa00c7402704b7d4e3fa58824643ea7ba4c7c3464a6b

SHA512
86c3dd8721d652ce728a75e3aa8bf54955742dc1c0e7408514f86db3a85912bb88958756795d7f139347ce803304e8a75593bd5baadccc5433b4d3e845178435

Download Submit
C:\Windows\System\kYDbtJS.exe

Filesize
1.4MB

MD5
1bf2ef493462bfd2abed54c01ac09d00

SHA1
7b0b75dc3c1a9553993e39025898ce428ebd08d9

SHA256
c78c1e7db54fe1d2443b11c75c856b7e824e5553dd631f956aeae29d4cddc62d

SHA512
7a5df42660276593610d3703e73c55903934eb3f21b49151e3cf3da4201f310af3f4f624e5a2a4e1ab4f1856bd822cea8481ee2300378fd3960ace16cf062ef7

Download Submit
C:\Windows\System\kluEANN.exe

Filesize
1.4MB

MD5
03b052c57b00c620fc1243784cfc585a

SHA1
2a72568bf7f6a89a10ef5c338d6e412b8b4a19f7

SHA256
a614d1d0221dd973b019d6eb449839fe88b45881e81bcfd158569e6c321e5871

SHA512
101a5338d40ec5cd4be547f74df05ad78735986e5d18fd6549ca9952fdb94a4e6a34d6c3f550ac835c0d19b7ef25940a65770b3130e4e42cacbe2fe0550042ff

Download Submit
C:\Windows\System\mKSbmoc.exe

Filesize
1.4MB

MD5
8947254c6ec8b4441e85d96c8d841f75

SHA1
b2292bfb062edcb79eb6bc6c88d3a4407df32ab9

SHA256
1a9cc83708fb1d06fbe8c45aa0e10734555973247d2a1fa6120a66be22759b1a

SHA512
63a13f4e66b6cbbf4e130af134394e1537cd56425885978f62a21ba6c241a3004d9d669f4a2ab0d545533e6be2d5893af0d0649d51903132cddcd2ad635cb711

Download Submit
C:\Windows\System\mpAPvOy.exe

Filesize
1.4MB

MD5
ed13157165d31f17a4821a579af86103

SHA1
17da044a00d65dd2a058f555925a702e08560546

SHA256
4c1a5d7ede2622f371a3adec8d33c552343a6a56db7b8fc1e4939a71f798d7e1

SHA512
3566ab4a8feb9b5a7e2e2db7c4b5fa587e8c226661a9e44ac6758b1914b7833aebb59e0a1c1fa6608bcb19d59a1910ae3fe32cd4e4474365f960a75a030ee609

Download Submit
C:\Windows\System\qCQudDr.exe

Filesize
1.4MB

MD5
9336294a00aeb088c0d52d95a1cd80ad

SHA1
65ec8dd9398210f60f1bc98514992749f8d87c25

SHA256
f0f741255e936987024a86dd983369bc8ee544bcb57317cef6e1269c95eb453c

SHA512
d5eb067cbe4c0a1ba57850655a2424846d5d85bf7d05d37221cee1fb5efd0e471564b2ed0df0cdf7aeae012260adff39b2ccc10e341bb4f199221da4174e55b2

Download Submit
C:\Windows\System\sZkGeMC.exe

Filesize
1.4MB

MD5
43769181e906578c4dcfa95f78e475aa

SHA1
e5ea305ce47f8d4caf333c5fe31f7e4195888054

SHA256
30b674312ad480cff83f736aa7c9931fb362eb5e2a871336a1845f878b433c50

SHA512
3f9cbf0a8bb712c1c0ac8bd12e7da1a3755a15b84513970981bd288e4fbc615cf190859950bce96968c2cb2bb9af6e847ff621f7f9a3b6067af11d8ec232a8c6

Download Submit
C:\Windows\System\tWSvfFJ.exe

Filesize
1.4MB

MD5
a8accaf77137725eb8aca507375da09a

SHA1
142c93e1a4340bbc9b5e753ca8d2a94be71bf17b

SHA256
9e46b45b53e02b656cff95e736c2bd05454de27323b649ce4d427d1ccee37efb

SHA512
0f25c5a2360074de35f28cf9472162bdbcc41da3bb48b1f04045f03a2c3ff43ea09445914d42aed03bc233d349c6525b3d4824855b435ff830ff1895496c5e59

Download Submit
C:\Windows\System\wfejWRF.exe

Filesize
1.4MB

MD5
dcf207151da97a415382b94367fefbd3

SHA1
6d21a7ed453f837a22a21cc3dc0965dfe0cd016a

SHA256
e681cc8d8d5db4b9dec4b85be69f52a4fc4e23378d61276d018d0819e751e4fc

SHA512
4a40ff7eef53df51097f69aa946d5b8a83e147a2fbf78faa7359fb684caae207c23ad2a1c01a55b12893ce255d330803d777a576999b643145cd737edc3c9e3d

Download Submit
memory/2800-0-0x00000218F3440000-0x00000218F3450000-memory.dmp

Filesize
64KB

Download