Analysis
-
max time kernel
39s -
max time network
119s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
-
submitted
20-09-2024 20:01
General
-
Target
75b9d7a1cb7be0b867b5689bf9737812948669dc2d2ae65e6f78b899b13e5e13N.exe
-
Size
127KB
-
MD5
e673826d4aab0000086152f00d9e3940
-
SHA1
3b2b6fb5f069fa763ffdf03832d4fb06d6ea4f43
-
SHA256
75b9d7a1cb7be0b867b5689bf9737812948669dc2d2ae65e6f78b899b13e5e13
-
SHA512
c87b78964e5eca75b4beeedfd51cb3275c01443d33a66c3f44cb9d4d67b48247563fb36d18fe495462da88a86b7b6c2e567863b1b2cbabf1bcdc3bb9d66927f2
-
SSDEEP
1536:Xamlu3hbBGy3G8nhMpD7MUYU6U5jUdPQc+n35KZg8/nouy8Iu:XreMPd/MYjUtQl78vout
Score
10/10
Malware Config
Signatures
-
Modifies WinLogon for persistence 2 TTPs 21 IoCs
-
Modifies visibility of file extensions in Explorer 2 TTPs 23 IoCs
-
Modifies visiblity of hidden/system files in Explorer 2 TTPs 21 IoCs
-
UAC bypass 3 TTPs 21 IoCs
-
Disables RegEdit via registry modification 21 IoCs
-
Disables use of System Restore points 1 TTPs
-
Event Triggered Execution: Image File Execution Options Injection 1 TTPs 64 IoCs
-
Executes dropped EXE 64 IoCs
-
Loads dropped DLL 64 IoCs
-
Modifies system executable filetype association 2 TTPs 23 IoCs
-
Adds Run key to start application 2 TTPs 64 IoCs
-
Checks whether UAC is enabled 1 TTPs 21 IoCs
-
Enumerates connected drives 3 TTPs 22 IoCs
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops file in System32 directory 64 IoCs
-
Drops file in Program Files directory 27 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
System Network Configuration Discovery: Internet Connection Discovery 1 TTPs 64 IoCs
Adversaries may check for Internet connectivity on compromised systems.
-
Modifies Internet Explorer settings 1 TTPs 42 IoCs
-
Modifies registry class 64 IoCs
-
Runs ping.exe 1 TTPs 64 IoCs
-
Suspicious behavior: EnumeratesProcesses 64 IoCs
-
Suspicious use of FindShellTrayWindow 19 IoCs
-
Suspicious use of SetWindowsHookEx 64 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
-
System policy modification 1 TTPs 42 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\75b9d7a1cb7be0b867b5689bf9737812948669dc2d2ae65e6f78b899b13e5e13N.exe"C:\Users\Admin\AppData\Local\Temp\75b9d7a1cb7be0b867b5689bf9737812948669dc2d2ae65e6f78b899b13e5e13N.exe"1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\75b9d7a1cb7be0b867b5689bf9737812948669dc2d2ae65e6f78b899b13e5e13N.exeC:\Users\Admin\AppData\Local\Temp\75b9d7a1cb7be0b867b5689bf9737812948669dc2d2ae65e6f78b899b13e5e13N.exe2⤵
- Modifies WinLogon for persistence
- Modifies visibility of file extensions in Explorer
- Modifies visiblity of hidden/system files in Explorer
- UAC bypass
- Disables RegEdit via registry modification
- Event Triggered Execution: Image File Execution Options Injection
- Executes dropped EXE
- Modifies system executable filetype association
- Adds Run key to start application
- Checks whether UAC is enabled
- Drops file in System32 directory
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
- System policy modification
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\csrss.exeC:\Windows\System32\~A~m~B~u~R~a~D~u~L~\csrss.exe3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\csrss.exeC:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\csrss.exe4⤵
- Modifies WinLogon for persistence
- Modifies visibility of file extensions in Explorer
- Modifies visiblity of hidden/system files in Explorer
- UAC bypass
- Disables RegEdit via registry modification
- Event Triggered Execution: Image File Execution Options Injection
- Executes dropped EXE
- Loads dropped DLL
- Modifies system executable filetype association
- Adds Run key to start application
- Checks whether UAC is enabled
- Drops file in System32 directory
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
- System policy modification
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\csrss.exeC:\Windows\System32\~A~m~B~u~R~a~D~u~L~\csrss.exe5⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Loads dropped DLL
- Modifies system executable filetype association
- System Location Discovery: System Language Discovery
- Modifies registry class
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\csrss.exeC:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\csrss.exe6⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
-
-
\??\c:\Documents and Settings\Admin\Application Data\Microsoft\scag.exe"c:\Documents and Settings\Admin\Application Data\Microsoft\scag.exe" csrss6⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Modifies system executable filetype association
- Enumerates connected drives
- Drops file in Program Files directory
- Modifies registry class
- Suspicious use of SetWindowsHookEx
-
-
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\smss.exeC:\Windows\System32\~A~m~B~u~R~a~D~u~L~\smss.exe5⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\smss.exeC:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\smss.exe6⤵
- Modifies WinLogon for persistence
- Modifies visibility of file extensions in Explorer
- Modifies visiblity of hidden/system files in Explorer
- UAC bypass
- Disables RegEdit via registry modification
- Event Triggered Execution: Image File Execution Options Injection
- Executes dropped EXE
- Loads dropped DLL
- Modifies system executable filetype association
- Adds Run key to start application
- Checks whether UAC is enabled
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
- System policy modification
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\csrss.exeC:\Windows\System32\~A~m~B~u~R~a~D~u~L~\csrss.exe7⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\csrss.exeC:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\csrss.exe8⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
-
-
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\smss.exeC:\Windows\System32\~A~m~B~u~R~a~D~u~L~\smss.exe7⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\smss.exeC:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\smss.exe8⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
-
-
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\lsass.exeC:\Windows\System32\~A~m~B~u~R~a~D~u~L~\lsass.exe7⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\lsass.exeC:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\lsass.exe8⤵
- Modifies WinLogon for persistence
- Modifies visibility of file extensions in Explorer
- Modifies visiblity of hidden/system files in Explorer
- UAC bypass
- Disables RegEdit via registry modification
- Event Triggered Execution: Image File Execution Options Injection
- Executes dropped EXE
- Loads dropped DLL
- Modifies system executable filetype association
- Checks whether UAC is enabled
- Drops file in System32 directory
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
- System policy modification
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\csrss.exeC:\Windows\System32\~A~m~B~u~R~a~D~u~L~\csrss.exe9⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\csrss.exeC:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\csrss.exe10⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
-
-
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\smss.exeC:\Windows\System32\~A~m~B~u~R~a~D~u~L~\smss.exe9⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\smss.exeC:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\smss.exe10⤵
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
-
-
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\lsass.exeC:\Windows\System32\~A~m~B~u~R~a~D~u~L~\lsass.exe9⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\lsass.exeC:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\lsass.exe10⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
-
-
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\services.exeC:\Windows\System32\~A~m~B~u~R~a~D~u~L~\services.exe9⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\services.exeC:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\services.exe10⤵
- Modifies WinLogon for persistence
- Modifies visibility of file extensions in Explorer
- Modifies visiblity of hidden/system files in Explorer
- UAC bypass
- Disables RegEdit via registry modification
- Event Triggered Execution: Image File Execution Options Injection
- Executes dropped EXE
- Loads dropped DLL
- Modifies system executable filetype association
- Adds Run key to start application
- Checks whether UAC is enabled
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious use of SetWindowsHookEx
- System policy modification
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\csrss.exeC:\Windows\System32\~A~m~B~u~R~a~D~u~L~\csrss.exe11⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\csrss.exeC:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\csrss.exe12⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
-
-
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\smss.exeC:\Windows\System32\~A~m~B~u~R~a~D~u~L~\smss.exe11⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\smss.exeC:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\smss.exe12⤵
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
-
-
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\lsass.exeC:\Windows\System32\~A~m~B~u~R~a~D~u~L~\lsass.exe11⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\lsass.exeC:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\lsass.exe12⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
-
-
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\services.exeC:\Windows\System32\~A~m~B~u~R~a~D~u~L~\services.exe11⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\services.exeC:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\services.exe12⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
-
-
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\winlogon.exeC:\Windows\System32\~A~m~B~u~R~a~D~u~L~\winlogon.exe11⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\winlogon.exeC:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\winlogon.exe12⤵
- Modifies WinLogon for persistence
- Modifies visibility of file extensions in Explorer
- Modifies visiblity of hidden/system files in Explorer
- UAC bypass
- Disables RegEdit via registry modification
- Event Triggered Execution: Image File Execution Options Injection
- Executes dropped EXE
- Loads dropped DLL
- Modifies system executable filetype association
- Adds Run key to start application
- Checks whether UAC is enabled
- Drops file in System32 directory
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious use of SetWindowsHookEx
- System policy modification
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\csrss.exeC:\Windows\System32\~A~m~B~u~R~a~D~u~L~\csrss.exe13⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\csrss.exeC:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\csrss.exe14⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
-
-
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\smss.exeC:\Windows\System32\~A~m~B~u~R~a~D~u~L~\smss.exe13⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
- Suspicious use of SetWindowsHookEx
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\smss.exeC:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\smss.exe14⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
-
-
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\lsass.exeC:\Windows\System32\~A~m~B~u~R~a~D~u~L~\lsass.exe13⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
- Suspicious use of SetWindowsHookEx
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\lsass.exeC:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\lsass.exe14⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
-
-
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\services.exeC:\Windows\System32\~A~m~B~u~R~a~D~u~L~\services.exe13⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\services.exeC:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\services.exe14⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
-
-
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\winlogon.exeC:\Windows\System32\~A~m~B~u~R~a~D~u~L~\winlogon.exe13⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\winlogon.exeC:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\winlogon.exe14⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
-
-
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\Paraysutki_VM_CommunityC:\Windows\System32\~A~m~B~u~R~a~D~u~L~\Paraysutki_VM_Community13⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
-
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Windows\System32\shimgvw.dll, ImageView_Fullscreen13⤵
- System Location Discovery: System Language Discovery
- Suspicious use of FindShellTrayWindow
-
-
C:\Windows\SysWOW64\ping.exeping www.duniasex.com -n 65500 -l 134013⤵
-
-
C:\Windows\SysWOW64\ping.exeping www.data0.net -n 65500 -l 134013⤵
- Runs ping.exe
-
-
C:\Windows\SysWOW64\ping.exeping www.rasasayang.com.my -n 65500 -l 134013⤵
- System Location Discovery: System Language Discovery
- System Network Configuration Discovery: Internet Connection Discovery
- Runs ping.exe
-
-
-
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\Paraysutki_VM_CommunityC:\Windows\System32\~A~m~B~u~R~a~D~u~L~\Paraysutki_VM_Community11⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
-
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Windows\System32\shimgvw.dll, ImageView_Fullscreen11⤵
- Suspicious use of FindShellTrayWindow
-
-
C:\Windows\SysWOW64\ping.exeping www.duniasex.com -n 65500 -l 134011⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\ping.exeping www.data0.net -n 65500 -l 134011⤵
- Runs ping.exe
-
-
C:\Windows\SysWOW64\ping.exeping www.rasasayang.com.my -n 65500 -l 134011⤵
- System Network Configuration Discovery: Internet Connection Discovery
- Runs ping.exe
-
-
-
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\winlogon.exeC:\Windows\System32\~A~m~B~u~R~a~D~u~L~\winlogon.exe9⤵
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\winlogon.exeC:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\winlogon.exe10⤵
- Modifies WinLogon for persistence
- Modifies visibility of file extensions in Explorer
- Modifies visiblity of hidden/system files in Explorer
- UAC bypass
- Disables RegEdit via registry modification
- Event Triggered Execution: Image File Execution Options Injection
- Executes dropped EXE
- Loads dropped DLL
- Modifies system executable filetype association
- Adds Run key to start application
- Checks whether UAC is enabled
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious use of SetWindowsHookEx
- System policy modification
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\csrss.exeC:\Windows\System32\~A~m~B~u~R~a~D~u~L~\csrss.exe11⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\csrss.exeC:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\csrss.exe12⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
-
-
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\smss.exeC:\Windows\System32\~A~m~B~u~R~a~D~u~L~\smss.exe11⤵
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\smss.exeC:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\smss.exe12⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
-
-
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\lsass.exeC:\Windows\System32\~A~m~B~u~R~a~D~u~L~\lsass.exe11⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\lsass.exeC:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\lsass.exe12⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
-
-
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\services.exeC:\Windows\System32\~A~m~B~u~R~a~D~u~L~\services.exe11⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\services.exeC:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\services.exe12⤵
- Modifies WinLogon for persistence
- Modifies visibility of file extensions in Explorer
- Modifies visiblity of hidden/system files in Explorer
- UAC bypass
- Disables RegEdit via registry modification
- Event Triggered Execution: Image File Execution Options Injection
- Executes dropped EXE
- Loads dropped DLL
- Modifies system executable filetype association
- Adds Run key to start application
- Checks whether UAC is enabled
- Drops file in System32 directory
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious use of SetWindowsHookEx
- System policy modification
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\csrss.exeC:\Windows\System32\~A~m~B~u~R~a~D~u~L~\csrss.exe13⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
- Suspicious use of SetWindowsHookEx
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\csrss.exeC:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\csrss.exe14⤵
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
-
-
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\smss.exeC:\Windows\System32\~A~m~B~u~R~a~D~u~L~\smss.exe13⤵
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\smss.exeC:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\smss.exe14⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
-
-
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\lsass.exeC:\Windows\System32\~A~m~B~u~R~a~D~u~L~\lsass.exe13⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\lsass.exeC:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\lsass.exe14⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
-
-
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\services.exeC:\Windows\System32\~A~m~B~u~R~a~D~u~L~\services.exe13⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\services.exeC:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\services.exe14⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
-
-
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\winlogon.exeC:\Windows\System32\~A~m~B~u~R~a~D~u~L~\winlogon.exe13⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
- Suspicious use of SetWindowsHookEx
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\winlogon.exeC:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\winlogon.exe14⤵
- Loads dropped DLL
-
-
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\Paraysutki_VM_CommunityC:\Windows\System32\~A~m~B~u~R~a~D~u~L~\Paraysutki_VM_Community13⤵
-
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Windows\System32\shimgvw.dll, ImageView_Fullscreen13⤵
- Suspicious use of FindShellTrayWindow
-
-
C:\Windows\SysWOW64\ping.exeping www.duniasex.com -n 65500 -l 134013⤵
- System Location Discovery: System Language Discovery
- Runs ping.exe
-
-
C:\Windows\SysWOW64\ping.exeping www.data0.net -n 65500 -l 134013⤵
- System Network Configuration Discovery: Internet Connection Discovery
-
-
C:\Windows\SysWOW64\ping.exeping www.rasasayang.com.my -n 65500 -l 134013⤵
- System Network Configuration Discovery: Internet Connection Discovery
-
-
-
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\winlogon.exeC:\Windows\System32\~A~m~B~u~R~a~D~u~L~\winlogon.exe11⤵
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\winlogon.exeC:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\winlogon.exe12⤵
-
-
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\Paraysutki_VM_CommunityC:\Windows\System32\~A~m~B~u~R~a~D~u~L~\Paraysutki_VM_Community11⤵
-
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Windows\System32\shimgvw.dll, ImageView_Fullscreen11⤵
- Suspicious use of FindShellTrayWindow
-
-
C:\Windows\SysWOW64\ping.exeping www.duniasex.com -n 65500 -l 134011⤵
- System Location Discovery: System Language Discovery
- System Network Configuration Discovery: Internet Connection Discovery
-
-
C:\Windows\SysWOW64\ping.exeping www.data0.net -n 65500 -l 134011⤵
- System Network Configuration Discovery: Internet Connection Discovery
-
-
C:\Windows\SysWOW64\ping.exeping www.rasasayang.com.my -n 65500 -l 134011⤵
- System Network Configuration Discovery: Internet Connection Discovery
- Runs ping.exe
-
-
-
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\Paraysutki_VM_CommunityC:\Windows\System32\~A~m~B~u~R~a~D~u~L~\Paraysutki_VM_Community9⤵
-
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Windows\System32\shimgvw.dll, ImageView_Fullscreen9⤵
- Suspicious use of FindShellTrayWindow
-
-
C:\Windows\SysWOW64\ping.exeping www.duniasex.com -n 65500 -l 13409⤵
- System Network Configuration Discovery: Internet Connection Discovery
- Runs ping.exe
-
-
C:\Windows\SysWOW64\ping.exeping www.data0.net -n 65500 -l 13409⤵
- System Network Configuration Discovery: Internet Connection Discovery
-
-
C:\Windows\SysWOW64\ping.exeping www.rasasayang.com.my -n 65500 -l 13409⤵
- Runs ping.exe
-
-
-
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\services.exeC:\Windows\System32\~A~m~B~u~R~a~D~u~L~\services.exe7⤵
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\services.exeC:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\services.exe8⤵
-
-
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\winlogon.exeC:\Windows\System32\~A~m~B~u~R~a~D~u~L~\winlogon.exe7⤵
- Drops file in System32 directory
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\winlogon.exeC:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\winlogon.exe8⤵
- Modifies WinLogon for persistence
- Modifies visibility of file extensions in Explorer
- Modifies visiblity of hidden/system files in Explorer
- UAC bypass
- Disables RegEdit via registry modification
- Event Triggered Execution: Image File Execution Options Injection
- Modifies system executable filetype association
- Adds Run key to start application
- Checks whether UAC is enabled
- Drops file in System32 directory
- Modifies Internet Explorer settings
- Modifies registry class
- System policy modification
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\csrss.exeC:\Windows\System32\~A~m~B~u~R~a~D~u~L~\csrss.exe9⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\csrss.exeC:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\csrss.exe10⤵
-
-
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\smss.exeC:\Windows\System32\~A~m~B~u~R~a~D~u~L~\smss.exe9⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\smss.exeC:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\smss.exe10⤵
- System Location Discovery: System Language Discovery
-
-
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\lsass.exeC:\Windows\System32\~A~m~B~u~R~a~D~u~L~\lsass.exe9⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\lsass.exeC:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\lsass.exe10⤵
- Modifies WinLogon for persistence
- Modifies visibility of file extensions in Explorer
- Modifies visiblity of hidden/system files in Explorer
- UAC bypass
- Disables RegEdit via registry modification
- Event Triggered Execution: Image File Execution Options Injection
- Modifies system executable filetype association
- Adds Run key to start application
- Checks whether UAC is enabled
- Drops file in System32 directory
- Modifies Internet Explorer settings
- Modifies registry class
- System policy modification
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\csrss.exeC:\Windows\System32\~A~m~B~u~R~a~D~u~L~\csrss.exe11⤵
- Drops file in System32 directory
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\csrss.exeC:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\csrss.exe12⤵
-
-
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\smss.exeC:\Windows\System32\~A~m~B~u~R~a~D~u~L~\smss.exe11⤵
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\smss.exeC:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\smss.exe12⤵
-
-
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\lsass.exeC:\Windows\System32\~A~m~B~u~R~a~D~u~L~\lsass.exe11⤵
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\lsass.exeC:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\lsass.exe12⤵
- System Location Discovery: System Language Discovery
-
-
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\services.exeC:\Windows\System32\~A~m~B~u~R~a~D~u~L~\services.exe11⤵
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\services.exeC:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\services.exe12⤵
- Modifies WinLogon for persistence
- Modifies visibility of file extensions in Explorer
- Modifies visiblity of hidden/system files in Explorer
- UAC bypass
- Disables RegEdit via registry modification
- Event Triggered Execution: Image File Execution Options Injection
- Modifies system executable filetype association
- Adds Run key to start application
- Checks whether UAC is enabled
- Drops file in System32 directory
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
- Modifies registry class
- System policy modification
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\csrss.exeC:\Windows\System32\~A~m~B~u~R~a~D~u~L~\csrss.exe13⤵
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\csrss.exeC:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\csrss.exe14⤵
- System Location Discovery: System Language Discovery
-
-
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\smss.exeC:\Windows\System32\~A~m~B~u~R~a~D~u~L~\smss.exe13⤵
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\smss.exeC:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\smss.exe14⤵
-
-
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\lsass.exeC:\Windows\System32\~A~m~B~u~R~a~D~u~L~\lsass.exe13⤵
- Drops file in System32 directory
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\lsass.exeC:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\lsass.exe14⤵
- System Location Discovery: System Language Discovery
-
-
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\services.exeC:\Windows\System32\~A~m~B~u~R~a~D~u~L~\services.exe13⤵
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\services.exeC:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\services.exe14⤵
-
-
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\winlogon.exeC:\Windows\System32\~A~m~B~u~R~a~D~u~L~\winlogon.exe13⤵
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\winlogon.exeC:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\winlogon.exe14⤵
-
-
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\Paraysutki_VM_CommunityC:\Windows\System32\~A~m~B~u~R~a~D~u~L~\Paraysutki_VM_Community13⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Windows\System32\shimgvw.dll, ImageView_Fullscreen13⤵
- System Location Discovery: System Language Discovery
- Suspicious use of FindShellTrayWindow
-
-
C:\Windows\SysWOW64\ping.exeping www.duniasex.com -n 65500 -l 134013⤵
- System Network Configuration Discovery: Internet Connection Discovery
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV114⤵
-
-
-
C:\Windows\SysWOW64\ping.exeping www.data0.net -n 65500 -l 134013⤵
- System Network Configuration Discovery: Internet Connection Discovery
-
-
C:\Windows\SysWOW64\ping.exeping www.rasasayang.com.my -n 65500 -l 134013⤵
- Runs ping.exe
-
-
-
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\winlogon.exeC:\Windows\System32\~A~m~B~u~R~a~D~u~L~\winlogon.exe11⤵
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\winlogon.exeC:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\winlogon.exe12⤵
-
-
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\Paraysutki_VM_CommunityC:\Windows\System32\~A~m~B~u~R~a~D~u~L~\Paraysutki_VM_Community11⤵
-
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Windows\System32\shimgvw.dll, ImageView_Fullscreen11⤵
- Suspicious use of FindShellTrayWindow
-
-
C:\Windows\SysWOW64\ping.exeping www.duniasex.com -n 65500 -l 134011⤵
- Runs ping.exe
-
-
C:\Windows\SysWOW64\ping.exeping www.data0.net -n 65500 -l 134011⤵
-
-
C:\Windows\SysWOW64\ping.exeping www.rasasayang.com.my -n 65500 -l 134011⤵
- System Network Configuration Discovery: Internet Connection Discovery
- Runs ping.exe
-
-
-
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\services.exeC:\Windows\System32\~A~m~B~u~R~a~D~u~L~\services.exe9⤵
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\services.exeC:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\services.exe10⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\csrss.exeC:\Windows\System32\~A~m~B~u~R~a~D~u~L~\csrss.exe11⤵
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\csrss.exeC:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\csrss.exe12⤵
- Modifies WinLogon for persistence
- Modifies visibility of file extensions in Explorer
- Modifies visiblity of hidden/system files in Explorer
- UAC bypass
- Disables RegEdit via registry modification
- Event Triggered Execution: Image File Execution Options Injection
- Modifies system executable filetype association
- Adds Run key to start application
- Checks whether UAC is enabled
- Drops file in System32 directory
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
- Modifies registry class
- System policy modification
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\csrss.exeC:\Windows\System32\~A~m~B~u~R~a~D~u~L~\csrss.exe13⤵
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\csrss.exeC:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\csrss.exe14⤵
-
-
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\smss.exeC:\Windows\System32\~A~m~B~u~R~a~D~u~L~\smss.exe13⤵
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\smss.exeC:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\smss.exe14⤵
- System Location Discovery: System Language Discovery
-
-
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\lsass.exeC:\Windows\System32\~A~m~B~u~R~a~D~u~L~\lsass.exe13⤵
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\lsass.exeC:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\lsass.exe14⤵
- Modifies WinLogon for persistence
- Modifies visibility of file extensions in Explorer
- Modifies visiblity of hidden/system files in Explorer
- UAC bypass
- Disables RegEdit via registry modification
- Modifies system executable filetype association
- Adds Run key to start application
- Checks whether UAC is enabled
- Drops file in System32 directory
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
- Modifies registry class
- System policy modification
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\csrss.exeC:\Windows\System32\~A~m~B~u~R~a~D~u~L~\csrss.exe15⤵
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\csrss.exeC:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\csrss.exe16⤵
-
-
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\smss.exeC:\Windows\System32\~A~m~B~u~R~a~D~u~L~\smss.exe15⤵
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\smss.exeC:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\smss.exe16⤵
-
-
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\lsass.exeC:\Windows\System32\~A~m~B~u~R~a~D~u~L~\lsass.exe15⤵
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\lsass.exeC:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\lsass.exe16⤵
-
-
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\services.exeC:\Windows\System32\~A~m~B~u~R~a~D~u~L~\services.exe15⤵
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\services.exeC:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\services.exe16⤵
- System Location Discovery: System Language Discovery
-
-
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\winlogon.exeC:\Windows\System32\~A~m~B~u~R~a~D~u~L~\winlogon.exe15⤵
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\winlogon.exeC:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\winlogon.exe16⤵
-
-
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\Paraysutki_VM_CommunityC:\Windows\System32\~A~m~B~u~R~a~D~u~L~\Paraysutki_VM_Community15⤵
-
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Windows\System32\shimgvw.dll, ImageView_Fullscreen15⤵
- Suspicious use of FindShellTrayWindow
-
-
C:\Windows\SysWOW64\ping.exeping www.duniasex.com -n 65500 -l 134015⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV116⤵
-
-
-
C:\Windows\SysWOW64\ping.exeping www.data0.net -n 65500 -l 134015⤵
-
-
C:\Windows\SysWOW64\ping.exeping www.rasasayang.com.my -n 65500 -l 134015⤵
- System Network Configuration Discovery: Internet Connection Discovery
- Runs ping.exe
-
-
-
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\services.exeC:\Windows\System32\~A~m~B~u~R~a~D~u~L~\services.exe13⤵
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\services.exeC:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\services.exe14⤵
-
-
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\winlogon.exeC:\Windows\System32\~A~m~B~u~R~a~D~u~L~\winlogon.exe13⤵
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\winlogon.exeC:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\winlogon.exe14⤵
-
-
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\Paraysutki_VM_CommunityC:\Windows\System32\~A~m~B~u~R~a~D~u~L~\Paraysutki_VM_Community13⤵
-
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Windows\System32\shimgvw.dll, ImageView_Fullscreen13⤵
- Suspicious use of FindShellTrayWindow
-
-
C:\Windows\SysWOW64\ping.exeping www.duniasex.com -n 65500 -l 134013⤵
-
-
C:\Windows\SysWOW64\ping.exeping www.data0.net -n 65500 -l 134013⤵
- System Network Configuration Discovery: Internet Connection Discovery
-
-
C:\Windows\SysWOW64\ping.exeping www.rasasayang.com.my -n 65500 -l 134013⤵
- Runs ping.exe
-
-
-
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\smss.exeC:\Windows\System32\~A~m~B~u~R~a~D~u~L~\smss.exe11⤵
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\smss.exeC:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\smss.exe12⤵
-
-
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\lsass.exeC:\Windows\System32\~A~m~B~u~R~a~D~u~L~\lsass.exe11⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\lsass.exeC:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\lsass.exe12⤵
- Modifies WinLogon for persistence
- Modifies visibility of file extensions in Explorer
- Modifies visiblity of hidden/system files in Explorer
- UAC bypass
- Disables RegEdit via registry modification
- Event Triggered Execution: Image File Execution Options Injection
- Modifies system executable filetype association
- Adds Run key to start application
- Checks whether UAC is enabled
- Drops file in System32 directory
- Modifies Internet Explorer settings
- Modifies registry class
- System policy modification
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\csrss.exeC:\Windows\System32\~A~m~B~u~R~a~D~u~L~\csrss.exe13⤵
- Drops file in System32 directory
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\csrss.exeC:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\csrss.exe14⤵
- Modifies WinLogon for persistence
- Modifies visibility of file extensions in Explorer
- Modifies visiblity of hidden/system files in Explorer
- UAC bypass
- Disables RegEdit via registry modification
- Event Triggered Execution: Image File Execution Options Injection
- Modifies system executable filetype association
- Adds Run key to start application
- Checks whether UAC is enabled
- Drops file in System32 directory
- Modifies Internet Explorer settings
- Modifies registry class
- System policy modification
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\csrss.exeC:\Windows\System32\~A~m~B~u~R~a~D~u~L~\csrss.exe15⤵
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\csrss.exeC:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\csrss.exe16⤵
-
-
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\smss.exeC:\Windows\System32\~A~m~B~u~R~a~D~u~L~\smss.exe15⤵
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\smss.exeC:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\smss.exe16⤵
- Modifies WinLogon for persistence
- Modifies visibility of file extensions in Explorer
- Modifies visiblity of hidden/system files in Explorer
- UAC bypass
- Disables RegEdit via registry modification
- Event Triggered Execution: Image File Execution Options Injection
- Modifies system executable filetype association
- Adds Run key to start application
- Checks whether UAC is enabled
- Drops file in System32 directory
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
- Modifies registry class
- System policy modification
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\csrss.exeC:\Windows\System32\~A~m~B~u~R~a~D~u~L~\csrss.exe17⤵
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\csrss.exeC:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\csrss.exe18⤵
-
-
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\smss.exeC:\Windows\System32\~A~m~B~u~R~a~D~u~L~\smss.exe17⤵
- Drops file in System32 directory
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\smss.exeC:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\smss.exe18⤵
-
-
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\lsass.exeC:\Windows\System32\~A~m~B~u~R~a~D~u~L~\lsass.exe17⤵
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\lsass.exeC:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\lsass.exe18⤵
- System Location Discovery: System Language Discovery
-
-
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\services.exeC:\Windows\System32\~A~m~B~u~R~a~D~u~L~\services.exe17⤵
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\services.exeC:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\services.exe18⤵
-
-
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\winlogon.exeC:\Windows\System32\~A~m~B~u~R~a~D~u~L~\winlogon.exe17⤵
- Drops file in System32 directory
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\winlogon.exeC:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\winlogon.exe18⤵
- System Location Discovery: System Language Discovery
-
-
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\Paraysutki_VM_CommunityC:\Windows\System32\~A~m~B~u~R~a~D~u~L~\Paraysutki_VM_Community17⤵
-
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Windows\System32\shimgvw.dll, ImageView_Fullscreen17⤵
- Suspicious use of FindShellTrayWindow
-
-
C:\Windows\SysWOW64\ping.exeping www.duniasex.com -n 65500 -l 134017⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\ping.exeping www.data0.net -n 65500 -l 134017⤵
- Runs ping.exe
-
-
C:\Windows\SysWOW64\ping.exeping www.rasasayang.com.my -n 65500 -l 134017⤵
-
-
-
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\lsass.exeC:\Windows\System32\~A~m~B~u~R~a~D~u~L~\lsass.exe15⤵
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\lsass.exeC:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\lsass.exe16⤵
- System Location Discovery: System Language Discovery
-
-
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\services.exeC:\Windows\System32\~A~m~B~u~R~a~D~u~L~\services.exe15⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\services.exeC:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\services.exe16⤵
-
-
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\winlogon.exeC:\Windows\System32\~A~m~B~u~R~a~D~u~L~\winlogon.exe15⤵
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\winlogon.exeC:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\winlogon.exe16⤵
-
-
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\Paraysutki_VM_CommunityC:\Windows\System32\~A~m~B~u~R~a~D~u~L~\Paraysutki_VM_Community15⤵
-
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Windows\System32\shimgvw.dll, ImageView_Fullscreen15⤵
- Suspicious use of FindShellTrayWindow
-
-
C:\Windows\SysWOW64\ping.exeping www.duniasex.com -n 65500 -l 134015⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV116⤵
-
-
-
C:\Windows\SysWOW64\ping.exeping www.data0.net -n 65500 -l 134015⤵
- System Location Discovery: System Language Discovery
- Runs ping.exe
-
-
C:\Windows\SysWOW64\ping.exeping www.rasasayang.com.my -n 65500 -l 134015⤵
-
-
-
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\smss.exeC:\Windows\System32\~A~m~B~u~R~a~D~u~L~\smss.exe13⤵
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\smss.exeC:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\smss.exe14⤵
- Modifies WinLogon for persistence
- Modifies visibility of file extensions in Explorer
- Modifies visiblity of hidden/system files in Explorer
- UAC bypass
- Disables RegEdit via registry modification
- Event Triggered Execution: Image File Execution Options Injection
- Modifies system executable filetype association
- Adds Run key to start application
- Checks whether UAC is enabled
- Drops file in System32 directory
- Modifies Internet Explorer settings
- Modifies registry class
- System policy modification
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\csrss.exeC:\Windows\System32\~A~m~B~u~R~a~D~u~L~\csrss.exe15⤵
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\csrss.exeC:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\csrss.exe16⤵
- Modifies WinLogon for persistence
- Modifies visibility of file extensions in Explorer
- Modifies visiblity of hidden/system files in Explorer
- UAC bypass
- Disables RegEdit via registry modification
- Event Triggered Execution: Image File Execution Options Injection
- Modifies system executable filetype association
- Adds Run key to start application
- Checks whether UAC is enabled
- Drops file in System32 directory
- Modifies Internet Explorer settings
- System policy modification
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\csrss.exeC:\Windows\System32\~A~m~B~u~R~a~D~u~L~\csrss.exe17⤵
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\csrss.exeC:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\csrss.exe18⤵
-
-
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\smss.exeC:\Windows\System32\~A~m~B~u~R~a~D~u~L~\smss.exe17⤵
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\smss.exeC:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\smss.exe18⤵
-
-
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\lsass.exeC:\Windows\System32\~A~m~B~u~R~a~D~u~L~\lsass.exe17⤵
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\lsass.exeC:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\lsass.exe18⤵
-
-
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\services.exeC:\Windows\System32\~A~m~B~u~R~a~D~u~L~\services.exe17⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\services.exeC:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\services.exe18⤵
-
-
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\winlogon.exeC:\Windows\System32\~A~m~B~u~R~a~D~u~L~\winlogon.exe17⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\winlogon.exeC:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\winlogon.exe18⤵
- Modifies WinLogon for persistence
- Modifies visibility of file extensions in Explorer
- Modifies visiblity of hidden/system files in Explorer
- UAC bypass
- Disables RegEdit via registry modification
- Event Triggered Execution: Image File Execution Options Injection
- Modifies system executable filetype association
- Adds Run key to start application
- Checks whether UAC is enabled
- Drops file in System32 directory
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
- Modifies registry class
- System policy modification
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\csrss.exeC:\Windows\System32\~A~m~B~u~R~a~D~u~L~\csrss.exe19⤵
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\csrss.exeC:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\csrss.exe20⤵
-
-
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\smss.exeC:\Windows\System32\~A~m~B~u~R~a~D~u~L~\smss.exe19⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\smss.exeC:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\smss.exe20⤵
- System Location Discovery: System Language Discovery
-
-
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\lsass.exeC:\Windows\System32\~A~m~B~u~R~a~D~u~L~\lsass.exe19⤵
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\lsass.exeC:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\lsass.exe20⤵
-
-
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\services.exeC:\Windows\System32\~A~m~B~u~R~a~D~u~L~\services.exe19⤵
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\services.exeC:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\services.exe20⤵
- System Location Discovery: System Language Discovery
-
-
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\winlogon.exeC:\Windows\System32\~A~m~B~u~R~a~D~u~L~\winlogon.exe19⤵
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\winlogon.exeC:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\winlogon.exe20⤵
-
-
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\Paraysutki_VM_CommunityC:\Windows\System32\~A~m~B~u~R~a~D~u~L~\Paraysutki_VM_Community19⤵
-
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Windows\System32\shimgvw.dll, ImageView_Fullscreen19⤵
- Suspicious use of FindShellTrayWindow
-
-
C:\Windows\SysWOW64\ping.exeping www.duniasex.com -n 65500 -l 134019⤵
-
-
C:\Windows\SysWOW64\ping.exeping www.data0.net -n 65500 -l 134019⤵
-
-
C:\Windows\SysWOW64\ping.exeping www.rasasayang.com.my -n 65500 -l 134019⤵
-
-
-
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\Paraysutki_VM_CommunityC:\Windows\System32\~A~m~B~u~R~a~D~u~L~\Paraysutki_VM_Community17⤵
-
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Windows\System32\shimgvw.dll, ImageView_Fullscreen17⤵
- System Location Discovery: System Language Discovery
- Suspicious use of FindShellTrayWindow
-
-
C:\Windows\SysWOW64\ping.exeping www.duniasex.com -n 65500 -l 134017⤵
- System Location Discovery: System Language Discovery
- System Network Configuration Discovery: Internet Connection Discovery
- Runs ping.exe
-
-
C:\Windows\SysWOW64\ping.exeping www.data0.net -n 65500 -l 134017⤵
-
-
C:\Windows\SysWOW64\ping.exeping www.rasasayang.com.my -n 65500 -l 134017⤵
-
-
-
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\smss.exeC:\Windows\System32\~A~m~B~u~R~a~D~u~L~\smss.exe15⤵
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\smss.exeC:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\smss.exe16⤵
- System Location Discovery: System Language Discovery
-
-
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\lsass.exeC:\Windows\System32\~A~m~B~u~R~a~D~u~L~\lsass.exe15⤵
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\lsass.exeC:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\lsass.exe16⤵
-
-
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\services.exeC:\Windows\System32\~A~m~B~u~R~a~D~u~L~\services.exe15⤵
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\services.exeC:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\services.exe16⤵
-
-
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\winlogon.exeC:\Windows\System32\~A~m~B~u~R~a~D~u~L~\winlogon.exe15⤵
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\winlogon.exeC:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\winlogon.exe16⤵
-
-
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\Paraysutki_VM_CommunityC:\Windows\System32\~A~m~B~u~R~a~D~u~L~\Paraysutki_VM_Community15⤵
-
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Windows\System32\shimgvw.dll, ImageView_Fullscreen15⤵
- Suspicious use of FindShellTrayWindow
-
-
C:\Windows\SysWOW64\ping.exeping www.duniasex.com -n 65500 -l 134015⤵
-
-
C:\Windows\SysWOW64\ping.exeping www.data0.net -n 65500 -l 134015⤵
-
-
C:\Windows\SysWOW64\ping.exeping www.rasasayang.com.my -n 65500 -l 134015⤵
- System Network Configuration Discovery: Internet Connection Discovery
- Runs ping.exe
-
-
-
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\lsass.exeC:\Windows\System32\~A~m~B~u~R~a~D~u~L~\lsass.exe13⤵
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\lsass.exeC:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\lsass.exe14⤵
-
-
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\services.exeC:\Windows\System32\~A~m~B~u~R~a~D~u~L~\services.exe13⤵
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\services.exeC:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\services.exe14⤵
-
-
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\winlogon.exeC:\Windows\System32\~A~m~B~u~R~a~D~u~L~\winlogon.exe13⤵
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\winlogon.exeC:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\winlogon.exe14⤵
-
-
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\Paraysutki_VM_CommunityC:\Windows\System32\~A~m~B~u~R~a~D~u~L~\Paraysutki_VM_Community13⤵
-
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Windows\System32\shimgvw.dll, ImageView_Fullscreen13⤵
-
-
C:\Windows\SysWOW64\ping.exeping www.duniasex.com -n 65500 -l 134013⤵
-
-
C:\Windows\SysWOW64\ping.exeping www.data0.net -n 65500 -l 134013⤵
- System Network Configuration Discovery: Internet Connection Discovery
- Runs ping.exe
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV114⤵
-
-
-
C:\Windows\SysWOW64\ping.exeping www.rasasayang.com.my -n 65500 -l 134013⤵
- Runs ping.exe
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV114⤵
-
-
-
-
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\services.exeC:\Windows\System32\~A~m~B~u~R~a~D~u~L~\services.exe11⤵
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\services.exeC:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\services.exe12⤵
-
-
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\winlogon.exeC:\Windows\System32\~A~m~B~u~R~a~D~u~L~\winlogon.exe11⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\winlogon.exeC:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\winlogon.exe12⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\csrss.exeC:\Windows\System32\~A~m~B~u~R~a~D~u~L~\csrss.exe13⤵
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\csrss.exeC:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\csrss.exe14⤵
- Modifies WinLogon for persistence
- Modifies visibility of file extensions in Explorer
- Modifies visiblity of hidden/system files in Explorer
- UAC bypass
- Disables RegEdit via registry modification
- Event Triggered Execution: Image File Execution Options Injection
- Modifies system executable filetype association
- Adds Run key to start application
- Checks whether UAC is enabled
- Drops file in System32 directory
- Modifies Internet Explorer settings
- Modifies registry class
- System policy modification
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\csrss.exeC:\Windows\System32\~A~m~B~u~R~a~D~u~L~\csrss.exe15⤵
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\csrss.exeC:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\csrss.exe16⤵
-
-
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\smss.exeC:\Windows\System32\~A~m~B~u~R~a~D~u~L~\smss.exe15⤵
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\smss.exeC:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\smss.exe16⤵
-
-
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\lsass.exeC:\Windows\System32\~A~m~B~u~R~a~D~u~L~\lsass.exe15⤵
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\lsass.exeC:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\lsass.exe16⤵
-
-
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\services.exeC:\Windows\System32\~A~m~B~u~R~a~D~u~L~\services.exe15⤵
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\services.exeC:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\services.exe16⤵
- System Location Discovery: System Language Discovery
-
-
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\winlogon.exeC:\Windows\System32\~A~m~B~u~R~a~D~u~L~\winlogon.exe15⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\winlogon.exeC:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\winlogon.exe16⤵
-
-
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\Paraysutki_VM_CommunityC:\Windows\System32\~A~m~B~u~R~a~D~u~L~\Paraysutki_VM_Community15⤵
-
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Windows\System32\shimgvw.dll, ImageView_Fullscreen15⤵
-
-
C:\Windows\SysWOW64\ping.exeping www.duniasex.com -n 65500 -l 134015⤵
- Runs ping.exe
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV116⤵
-
-
-
C:\Windows\SysWOW64\ping.exeping www.data0.net -n 65500 -l 134015⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV116⤵
-
-
-
C:\Windows\SysWOW64\ping.exeping www.rasasayang.com.my -n 65500 -l 134015⤵
- System Network Configuration Discovery: Internet Connection Discovery
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV116⤵
-
-
-
-
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\smss.exeC:\Windows\System32\~A~m~B~u~R~a~D~u~L~\smss.exe13⤵
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\smss.exeC:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\smss.exe14⤵
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\csrss.exeC:\Windows\System32\~A~m~B~u~R~a~D~u~L~\csrss.exe15⤵
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\csrss.exeC:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\csrss.exe16⤵
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\csrss.exeC:\Windows\System32\~A~m~B~u~R~a~D~u~L~\csrss.exe17⤵
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\csrss.exeC:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\csrss.exe18⤵
-
-
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\smss.exeC:\Windows\System32\~A~m~B~u~R~a~D~u~L~\smss.exe17⤵
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\smss.exeC:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\smss.exe18⤵
-
-
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\lsass.exeC:\Windows\System32\~A~m~B~u~R~a~D~u~L~\lsass.exe17⤵
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\lsass.exeC:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\lsass.exe18⤵
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\csrss.exeC:\Windows\System32\~A~m~B~u~R~a~D~u~L~\csrss.exe19⤵
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\csrss.exeC:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\csrss.exe20⤵
-
-
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\smss.exeC:\Windows\System32\~A~m~B~u~R~a~D~u~L~\smss.exe19⤵
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\smss.exeC:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\smss.exe20⤵
-
-
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\lsass.exeC:\Windows\System32\~A~m~B~u~R~a~D~u~L~\lsass.exe19⤵
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\lsass.exeC:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\lsass.exe20⤵
-
-
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\services.exeC:\Windows\System32\~A~m~B~u~R~a~D~u~L~\services.exe19⤵
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\services.exeC:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\services.exe20⤵
-
-
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\winlogon.exeC:\Windows\System32\~A~m~B~u~R~a~D~u~L~\winlogon.exe19⤵
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\winlogon.exeC:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\winlogon.exe20⤵
-
-
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\Paraysutki_VM_CommunityC:\Windows\System32\~A~m~B~u~R~a~D~u~L~\Paraysutki_VM_Community19⤵
-
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Windows\System32\shimgvw.dll, ImageView_Fullscreen19⤵
-
-
C:\Windows\SysWOW64\ping.exeping www.duniasex.com -n 65500 -l 134019⤵
-
-
C:\Windows\SysWOW64\ping.exeping www.data0.net -n 65500 -l 134019⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV120⤵
-
-
-
C:\Windows\SysWOW64\ping.exeping www.rasasayang.com.my -n 65500 -l 134019⤵
-
-
-
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\services.exeC:\Windows\System32\~A~m~B~u~R~a~D~u~L~\services.exe17⤵
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\services.exeC:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\services.exe18⤵
-
-
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\winlogon.exeC:\Windows\System32\~A~m~B~u~R~a~D~u~L~\winlogon.exe17⤵
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\winlogon.exeC:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\winlogon.exe18⤵
-
-
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\Paraysutki_VM_CommunityC:\Windows\System32\~A~m~B~u~R~a~D~u~L~\Paraysutki_VM_Community17⤵
-
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Windows\System32\shimgvw.dll, ImageView_Fullscreen17⤵
-
-
C:\Windows\SysWOW64\ping.exeping www.duniasex.com -n 65500 -l 134017⤵
- Runs ping.exe
-
-
C:\Windows\SysWOW64\ping.exeping www.data0.net -n 65500 -l 134017⤵
- System Network Configuration Discovery: Internet Connection Discovery
- Runs ping.exe
-
-
C:\Windows\SysWOW64\ping.exeping www.rasasayang.com.my -n 65500 -l 134017⤵
-
-
-
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\smss.exeC:\Windows\System32\~A~m~B~u~R~a~D~u~L~\smss.exe15⤵
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\smss.exeC:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\smss.exe16⤵
-
-
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\lsass.exeC:\Windows\System32\~A~m~B~u~R~a~D~u~L~\lsass.exe15⤵
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\lsass.exeC:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\lsass.exe16⤵
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\csrss.exeC:\Windows\System32\~A~m~B~u~R~a~D~u~L~\csrss.exe17⤵
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\csrss.exeC:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\csrss.exe18⤵
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\csrss.exeC:\Windows\System32\~A~m~B~u~R~a~D~u~L~\csrss.exe19⤵
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\csrss.exeC:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\csrss.exe20⤵
-
-
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\smss.exeC:\Windows\System32\~A~m~B~u~R~a~D~u~L~\smss.exe19⤵
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\smss.exeC:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\smss.exe20⤵
-
-
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\lsass.exeC:\Windows\System32\~A~m~B~u~R~a~D~u~L~\lsass.exe19⤵
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\lsass.exeC:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\lsass.exe20⤵
-
-
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\services.exeC:\Windows\System32\~A~m~B~u~R~a~D~u~L~\services.exe19⤵
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\services.exeC:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\services.exe20⤵
-
-
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\winlogon.exeC:\Windows\System32\~A~m~B~u~R~a~D~u~L~\winlogon.exe19⤵
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\winlogon.exeC:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\winlogon.exe20⤵
-
-
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\Paraysutki_VM_CommunityC:\Windows\System32\~A~m~B~u~R~a~D~u~L~\Paraysutki_VM_Community19⤵
-
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Windows\System32\shimgvw.dll, ImageView_Fullscreen19⤵
-
-
C:\Windows\SysWOW64\ping.exeping www.duniasex.com -n 65500 -l 134019⤵
-
-
C:\Windows\SysWOW64\ping.exeping www.data0.net -n 65500 -l 134019⤵
-
-
C:\Windows\SysWOW64\ping.exeping www.rasasayang.com.my -n 65500 -l 134019⤵
- System Network Configuration Discovery: Internet Connection Discovery
-
-
-
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\smss.exeC:\Windows\System32\~A~m~B~u~R~a~D~u~L~\smss.exe17⤵
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\smss.exeC:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\smss.exe18⤵
-
-
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\lsass.exeC:\Windows\System32\~A~m~B~u~R~a~D~u~L~\lsass.exe17⤵
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\lsass.exeC:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\lsass.exe18⤵
-
-
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\services.exeC:\Windows\System32\~A~m~B~u~R~a~D~u~L~\services.exe17⤵
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\services.exeC:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\services.exe18⤵
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\csrss.exeC:\Windows\System32\~A~m~B~u~R~a~D~u~L~\csrss.exe19⤵
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\csrss.exeC:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\csrss.exe20⤵
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\csrss.exeC:\Windows\System32\~A~m~B~u~R~a~D~u~L~\csrss.exe21⤵
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\csrss.exeC:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\csrss.exe22⤵
-
-
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\smss.exeC:\Windows\System32\~A~m~B~u~R~a~D~u~L~\smss.exe21⤵
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\smss.exeC:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\smss.exe22⤵
-
-
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\lsass.exeC:\Windows\System32\~A~m~B~u~R~a~D~u~L~\lsass.exe21⤵
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\lsass.exeC:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\lsass.exe22⤵
-
-
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\services.exeC:\Windows\System32\~A~m~B~u~R~a~D~u~L~\services.exe21⤵
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\services.exeC:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\services.exe22⤵
-
-
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\winlogon.exeC:\Windows\System32\~A~m~B~u~R~a~D~u~L~\winlogon.exe21⤵
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\winlogon.exeC:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\winlogon.exe22⤵
-
-
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\Paraysutki_VM_CommunityC:\Windows\System32\~A~m~B~u~R~a~D~u~L~\Paraysutki_VM_Community21⤵
-
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Windows\System32\shimgvw.dll, ImageView_Fullscreen21⤵
-
-
C:\Windows\SysWOW64\ping.exeping www.duniasex.com -n 65500 -l 134021⤵
- System Network Configuration Discovery: Internet Connection Discovery
-
-
C:\Windows\SysWOW64\ping.exeping www.data0.net -n 65500 -l 134021⤵
- System Network Configuration Discovery: Internet Connection Discovery
-
-
C:\Windows\SysWOW64\ping.exeping www.rasasayang.com.my -n 65500 -l 134021⤵
- System Network Configuration Discovery: Internet Connection Discovery
-
-
-
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\smss.exeC:\Windows\System32\~A~m~B~u~R~a~D~u~L~\smss.exe19⤵
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\smss.exeC:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\smss.exe20⤵
-
-
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\lsass.exeC:\Windows\System32\~A~m~B~u~R~a~D~u~L~\lsass.exe19⤵
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\lsass.exeC:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\lsass.exe20⤵
-
-
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\services.exeC:\Windows\System32\~A~m~B~u~R~a~D~u~L~\services.exe19⤵
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\services.exeC:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\services.exe20⤵
-
-
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\winlogon.exeC:\Windows\System32\~A~m~B~u~R~a~D~u~L~\winlogon.exe19⤵
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\winlogon.exeC:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\winlogon.exe20⤵
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\csrss.exeC:\Windows\System32\~A~m~B~u~R~a~D~u~L~\csrss.exe21⤵
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\csrss.exeC:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\csrss.exe22⤵
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\csrss.exeC:\Windows\System32\~A~m~B~u~R~a~D~u~L~\csrss.exe23⤵
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\csrss.exeC:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\csrss.exe24⤵
-
-
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\smss.exeC:\Windows\System32\~A~m~B~u~R~a~D~u~L~\smss.exe23⤵
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\smss.exeC:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\smss.exe24⤵
-
-
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\lsass.exeC:\Windows\System32\~A~m~B~u~R~a~D~u~L~\lsass.exe23⤵
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\lsass.exeC:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\lsass.exe24⤵
-
-
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\services.exeC:\Windows\System32\~A~m~B~u~R~a~D~u~L~\services.exe23⤵
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\services.exeC:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\services.exe24⤵
-
-
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\winlogon.exeC:\Windows\System32\~A~m~B~u~R~a~D~u~L~\winlogon.exe23⤵
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\winlogon.exeC:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\winlogon.exe24⤵
-
-
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\Paraysutki_VM_CommunityC:\Windows\System32\~A~m~B~u~R~a~D~u~L~\Paraysutki_VM_Community23⤵
-
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Windows\System32\shimgvw.dll, ImageView_Fullscreen23⤵
-
-
C:\Windows\SysWOW64\ping.exeping www.duniasex.com -n 65500 -l 134023⤵
- Runs ping.exe
-
-
C:\Windows\SysWOW64\ping.exeping www.data0.net -n 65500 -l 134023⤵
-
-
C:\Windows\SysWOW64\ping.exeping www.rasasayang.com.my -n 65500 -l 134023⤵
- Runs ping.exe
-
-
-
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\smss.exeC:\Windows\System32\~A~m~B~u~R~a~D~u~L~\smss.exe21⤵
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\smss.exeC:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\smss.exe22⤵
-
-
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\lsass.exeC:\Windows\System32\~A~m~B~u~R~a~D~u~L~\lsass.exe21⤵
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\lsass.exeC:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\lsass.exe22⤵
-
-
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\services.exeC:\Windows\System32\~A~m~B~u~R~a~D~u~L~\services.exe21⤵
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\services.exeC:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\services.exe22⤵
-
-
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\winlogon.exeC:\Windows\System32\~A~m~B~u~R~a~D~u~L~\winlogon.exe21⤵
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\winlogon.exeC:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\winlogon.exe22⤵
-
-
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\Paraysutki_VM_CommunityC:\Windows\System32\~A~m~B~u~R~a~D~u~L~\Paraysutki_VM_Community21⤵
-
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Windows\System32\shimgvw.dll, ImageView_Fullscreen21⤵
-
-
C:\Windows\SysWOW64\ping.exeping www.duniasex.com -n 65500 -l 134021⤵
-
-
C:\Windows\SysWOW64\ping.exeping www.data0.net -n 65500 -l 134021⤵
-
-
C:\Windows\SysWOW64\ping.exeping www.rasasayang.com.my -n 65500 -l 134021⤵
- System Network Configuration Discovery: Internet Connection Discovery
-
-
-
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\Paraysutki_VM_CommunityC:\Windows\System32\~A~m~B~u~R~a~D~u~L~\Paraysutki_VM_Community19⤵
-
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Windows\System32\shimgvw.dll, ImageView_Fullscreen19⤵
-
-
C:\Windows\SysWOW64\ping.exeping www.duniasex.com -n 65500 -l 134019⤵
- System Network Configuration Discovery: Internet Connection Discovery
-
-
C:\Windows\SysWOW64\ping.exeping www.data0.net -n 65500 -l 134019⤵
- Runs ping.exe
-
-
C:\Windows\SysWOW64\ping.exeping www.rasasayang.com.my -n 65500 -l 134019⤵
-
-
-
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\winlogon.exeC:\Windows\System32\~A~m~B~u~R~a~D~u~L~\winlogon.exe17⤵
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\winlogon.exeC:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\winlogon.exe18⤵
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\csrss.exeC:\Windows\System32\~A~m~B~u~R~a~D~u~L~\csrss.exe19⤵
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\csrss.exeC:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\csrss.exe20⤵
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\csrss.exeC:\Windows\System32\~A~m~B~u~R~a~D~u~L~\csrss.exe21⤵
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\csrss.exeC:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\csrss.exe22⤵
-
-
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\smss.exeC:\Windows\System32\~A~m~B~u~R~a~D~u~L~\smss.exe21⤵
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\smss.exeC:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\smss.exe22⤵
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\csrss.exeC:\Windows\System32\~A~m~B~u~R~a~D~u~L~\csrss.exe23⤵
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\csrss.exeC:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\csrss.exe24⤵
-
-
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\smss.exeC:\Windows\System32\~A~m~B~u~R~a~D~u~L~\smss.exe23⤵
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\smss.exeC:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\smss.exe24⤵
-
-
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\lsass.exeC:\Windows\System32\~A~m~B~u~R~a~D~u~L~\lsass.exe23⤵
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\lsass.exeC:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\lsass.exe24⤵
-
-
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\services.exeC:\Windows\System32\~A~m~B~u~R~a~D~u~L~\services.exe23⤵
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\services.exeC:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\services.exe24⤵
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\csrss.exeC:\Windows\System32\~A~m~B~u~R~a~D~u~L~\csrss.exe25⤵
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\csrss.exeC:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\csrss.exe26⤵
-
-
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\smss.exeC:\Windows\System32\~A~m~B~u~R~a~D~u~L~\smss.exe25⤵
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\smss.exeC:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\smss.exe26⤵
-
-
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\lsass.exeC:\Windows\System32\~A~m~B~u~R~a~D~u~L~\lsass.exe25⤵
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\lsass.exeC:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\lsass.exe26⤵
-
-
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\services.exeC:\Windows\System32\~A~m~B~u~R~a~D~u~L~\services.exe25⤵
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\services.exeC:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\services.exe26⤵
-
-
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\winlogon.exeC:\Windows\System32\~A~m~B~u~R~a~D~u~L~\winlogon.exe25⤵
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\winlogon.exeC:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\winlogon.exe26⤵
-
-
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\Paraysutki_VM_CommunityC:\Windows\System32\~A~m~B~u~R~a~D~u~L~\Paraysutki_VM_Community25⤵
-
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Windows\System32\shimgvw.dll, ImageView_Fullscreen25⤵
-
-
C:\Windows\SysWOW64\ping.exeping www.duniasex.com -n 65500 -l 134025⤵
- Runs ping.exe
-
-
C:\Windows\SysWOW64\ping.exeping www.data0.net -n 65500 -l 134025⤵
- System Network Configuration Discovery: Internet Connection Discovery
-
-
C:\Windows\SysWOW64\ping.exeping www.rasasayang.com.my -n 65500 -l 134025⤵
- Runs ping.exe
-
-
-
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\winlogon.exeC:\Windows\System32\~A~m~B~u~R~a~D~u~L~\winlogon.exe23⤵
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\winlogon.exeC:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\winlogon.exe24⤵
-
-
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\Paraysutki_VM_CommunityC:\Windows\System32\~A~m~B~u~R~a~D~u~L~\Paraysutki_VM_Community23⤵
-
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Windows\System32\shimgvw.dll, ImageView_Fullscreen23⤵
-
-
C:\Windows\SysWOW64\ping.exeping www.duniasex.com -n 65500 -l 134023⤵
- System Network Configuration Discovery: Internet Connection Discovery
- Runs ping.exe
-
-
C:\Windows\SysWOW64\ping.exeping www.data0.net -n 65500 -l 134023⤵
-
-
C:\Windows\SysWOW64\ping.exeping www.rasasayang.com.my -n 65500 -l 134023⤵
-
-
-
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\lsass.exeC:\Windows\System32\~A~m~B~u~R~a~D~u~L~\lsass.exe21⤵
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\lsass.exeC:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\lsass.exe22⤵
-
-
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\services.exeC:\Windows\System32\~A~m~B~u~R~a~D~u~L~\services.exe21⤵
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\services.exeC:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\services.exe22⤵
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\csrss.exeC:\Windows\System32\~A~m~B~u~R~a~D~u~L~\csrss.exe23⤵
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\csrss.exeC:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\csrss.exe24⤵
-
-
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\smss.exeC:\Windows\System32\~A~m~B~u~R~a~D~u~L~\smss.exe23⤵
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\smss.exeC:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\smss.exe24⤵
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\csrss.exeC:\Windows\System32\~A~m~B~u~R~a~D~u~L~\csrss.exe25⤵
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\csrss.exeC:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\csrss.exe26⤵
-
-
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\smss.exeC:\Windows\System32\~A~m~B~u~R~a~D~u~L~\smss.exe25⤵
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\smss.exeC:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\smss.exe26⤵
-
-
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\lsass.exeC:\Windows\System32\~A~m~B~u~R~a~D~u~L~\lsass.exe25⤵
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\lsass.exeC:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\lsass.exe26⤵
-
-
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\services.exeC:\Windows\System32\~A~m~B~u~R~a~D~u~L~\services.exe25⤵
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\services.exeC:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\services.exe26⤵
-
-
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\winlogon.exeC:\Windows\System32\~A~m~B~u~R~a~D~u~L~\winlogon.exe25⤵
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\winlogon.exeC:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\winlogon.exe26⤵
-
-
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\Paraysutki_VM_CommunityC:\Windows\System32\~A~m~B~u~R~a~D~u~L~\Paraysutki_VM_Community25⤵
-
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Windows\System32\shimgvw.dll, ImageView_Fullscreen25⤵
-
-
C:\Windows\SysWOW64\ping.exeping www.duniasex.com -n 65500 -l 134025⤵
-
-
C:\Windows\SysWOW64\ping.exeping www.data0.net -n 65500 -l 134025⤵
-
-
C:\Windows\SysWOW64\ping.exeping www.rasasayang.com.my -n 65500 -l 134025⤵
- System Network Configuration Discovery: Internet Connection Discovery
- Runs ping.exe
-
-
-
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\lsass.exeC:\Windows\System32\~A~m~B~u~R~a~D~u~L~\lsass.exe23⤵
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\lsass.exeC:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\lsass.exe24⤵
-
-
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\services.exeC:\Windows\System32\~A~m~B~u~R~a~D~u~L~\services.exe23⤵
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\services.exeC:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\services.exe24⤵
-
-
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\winlogon.exeC:\Windows\System32\~A~m~B~u~R~a~D~u~L~\winlogon.exe23⤵
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\winlogon.exeC:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\winlogon.exe24⤵
-
-
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\Paraysutki_VM_CommunityC:\Windows\System32\~A~m~B~u~R~a~D~u~L~\Paraysutki_VM_Community23⤵
-
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Windows\System32\shimgvw.dll, ImageView_Fullscreen23⤵
-
-
C:\Windows\SysWOW64\ping.exeping www.duniasex.com -n 65500 -l 134023⤵
- System Network Configuration Discovery: Internet Connection Discovery
- Runs ping.exe
-
-
C:\Windows\SysWOW64\ping.exeping www.data0.net -n 65500 -l 134023⤵
- System Network Configuration Discovery: Internet Connection Discovery
- Runs ping.exe
-
-
C:\Windows\SysWOW64\ping.exeping www.rasasayang.com.my -n 65500 -l 134023⤵
- System Network Configuration Discovery: Internet Connection Discovery
- Runs ping.exe
-
-
-
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\winlogon.exeC:\Windows\System32\~A~m~B~u~R~a~D~u~L~\winlogon.exe21⤵
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\winlogon.exeC:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\winlogon.exe22⤵
-
-
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\Paraysutki_VM_CommunityC:\Windows\System32\~A~m~B~u~R~a~D~u~L~\Paraysutki_VM_Community21⤵
-
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Windows\System32\shimgvw.dll, ImageView_Fullscreen21⤵
-
-
C:\Windows\SysWOW64\ping.exeping www.duniasex.com -n 65500 -l 134021⤵
- Runs ping.exe
-
-
C:\Windows\SysWOW64\ping.exeping www.data0.net -n 65500 -l 134021⤵
-
-
C:\Windows\SysWOW64\ping.exeping www.rasasayang.com.my -n 65500 -l 134021⤵
- Runs ping.exe
-
-
-
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\smss.exeC:\Windows\System32\~A~m~B~u~R~a~D~u~L~\smss.exe19⤵
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\smss.exeC:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\smss.exe20⤵
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\csrss.exeC:\Windows\System32\~A~m~B~u~R~a~D~u~L~\csrss.exe21⤵
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\csrss.exeC:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\csrss.exe22⤵
-
-
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\smss.exeC:\Windows\System32\~A~m~B~u~R~a~D~u~L~\smss.exe21⤵
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\smss.exeC:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\smss.exe22⤵
-
-
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\lsass.exeC:\Windows\System32\~A~m~B~u~R~a~D~u~L~\lsass.exe21⤵
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\lsass.exeC:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\lsass.exe22⤵
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\csrss.exeC:\Windows\System32\~A~m~B~u~R~a~D~u~L~\csrss.exe23⤵
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\csrss.exeC:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\csrss.exe24⤵
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\csrss.exeC:\Windows\System32\~A~m~B~u~R~a~D~u~L~\csrss.exe25⤵
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\csrss.exeC:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\csrss.exe26⤵
-
-
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\smss.exeC:\Windows\System32\~A~m~B~u~R~a~D~u~L~\smss.exe25⤵
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\smss.exeC:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\smss.exe26⤵
-
-
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\lsass.exeC:\Windows\System32\~A~m~B~u~R~a~D~u~L~\lsass.exe25⤵
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\lsass.exeC:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\lsass.exe26⤵
-
-
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\services.exeC:\Windows\System32\~A~m~B~u~R~a~D~u~L~\services.exe25⤵
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\services.exeC:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\services.exe26⤵
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\csrss.exeC:\Windows\System32\~A~m~B~u~R~a~D~u~L~\csrss.exe27⤵
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\csrss.exeC:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\csrss.exe28⤵
-
-
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\smss.exeC:\Windows\System32\~A~m~B~u~R~a~D~u~L~\smss.exe27⤵
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\smss.exeC:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\smss.exe28⤵
-
-
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\lsass.exeC:\Windows\System32\~A~m~B~u~R~a~D~u~L~\lsass.exe27⤵
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\lsass.exeC:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\lsass.exe28⤵
-
-
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\services.exeC:\Windows\System32\~A~m~B~u~R~a~D~u~L~\services.exe27⤵
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\services.exeC:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\services.exe28⤵
-
-
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\winlogon.exeC:\Windows\System32\~A~m~B~u~R~a~D~u~L~\winlogon.exe27⤵
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\winlogon.exeC:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\winlogon.exe28⤵
-
-
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\Paraysutki_VM_CommunityC:\Windows\System32\~A~m~B~u~R~a~D~u~L~\Paraysutki_VM_Community27⤵
-
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Windows\System32\shimgvw.dll, ImageView_Fullscreen27⤵
-
-
C:\Windows\SysWOW64\ping.exeping www.duniasex.com -n 65500 -l 134027⤵
- System Network Configuration Discovery: Internet Connection Discovery
-
-
C:\Windows\SysWOW64\ping.exeping www.data0.net -n 65500 -l 134027⤵
- Runs ping.exe
-
-
C:\Windows\SysWOW64\ping.exeping www.rasasayang.com.my -n 65500 -l 134027⤵
- Runs ping.exe
-
-
-
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\winlogon.exeC:\Windows\System32\~A~m~B~u~R~a~D~u~L~\winlogon.exe25⤵
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\winlogon.exeC:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\winlogon.exe26⤵
-
-
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\Paraysutki_VM_CommunityC:\Windows\System32\~A~m~B~u~R~a~D~u~L~\Paraysutki_VM_Community25⤵
-
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Windows\System32\shimgvw.dll, ImageView_Fullscreen25⤵
-
-
C:\Windows\SysWOW64\ping.exeping www.duniasex.com -n 65500 -l 134025⤵
- Runs ping.exe
-
-
C:\Windows\SysWOW64\ping.exeping www.data0.net -n 65500 -l 134025⤵
- System Network Configuration Discovery: Internet Connection Discovery
-
-
C:\Windows\SysWOW64\ping.exeping www.rasasayang.com.my -n 65500 -l 134025⤵
- Runs ping.exe
-
-
-
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\smss.exeC:\Windows\System32\~A~m~B~u~R~a~D~u~L~\smss.exe23⤵
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\smss.exeC:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\smss.exe24⤵
-
-
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\lsass.exeC:\Windows\System32\~A~m~B~u~R~a~D~u~L~\lsass.exe23⤵
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\lsass.exeC:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\lsass.exe24⤵
-
-
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\services.exeC:\Windows\System32\~A~m~B~u~R~a~D~u~L~\services.exe23⤵
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\services.exeC:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\services.exe24⤵
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\csrss.exeC:\Windows\System32\~A~m~B~u~R~a~D~u~L~\csrss.exe25⤵
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\csrss.exeC:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\csrss.exe26⤵
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\csrss.exeC:\Windows\System32\~A~m~B~u~R~a~D~u~L~\csrss.exe27⤵
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\csrss.exeC:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\csrss.exe28⤵
-
-
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\smss.exeC:\Windows\System32\~A~m~B~u~R~a~D~u~L~\smss.exe27⤵
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\smss.exeC:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\smss.exe28⤵
-
-
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\lsass.exeC:\Windows\System32\~A~m~B~u~R~a~D~u~L~\lsass.exe27⤵
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\lsass.exeC:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\lsass.exe28⤵
-
-
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\services.exeC:\Windows\System32\~A~m~B~u~R~a~D~u~L~\services.exe27⤵
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\services.exeC:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\services.exe28⤵
-
-
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\winlogon.exeC:\Windows\System32\~A~m~B~u~R~a~D~u~L~\winlogon.exe27⤵
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\winlogon.exeC:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\winlogon.exe28⤵
-
-
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\Paraysutki_VM_CommunityC:\Windows\System32\~A~m~B~u~R~a~D~u~L~\Paraysutki_VM_Community27⤵
-
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Windows\System32\shimgvw.dll, ImageView_Fullscreen27⤵
-
-
C:\Windows\SysWOW64\ping.exeping www.duniasex.com -n 65500 -l 134027⤵
- System Network Configuration Discovery: Internet Connection Discovery
-
-
C:\Windows\SysWOW64\ping.exeping www.data0.net -n 65500 -l 134027⤵
- System Network Configuration Discovery: Internet Connection Discovery
- Runs ping.exe
-
-
C:\Windows\SysWOW64\ping.exeping www.rasasayang.com.my -n 65500 -l 134027⤵
- System Network Configuration Discovery: Internet Connection Discovery
-
-
-
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\smss.exeC:\Windows\System32\~A~m~B~u~R~a~D~u~L~\smss.exe25⤵
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\smss.exeC:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\smss.exe26⤵
-
-
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\lsass.exeC:\Windows\System32\~A~m~B~u~R~a~D~u~L~\lsass.exe25⤵
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\lsass.exeC:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\lsass.exe26⤵
-
-
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\services.exeC:\Windows\System32\~A~m~B~u~R~a~D~u~L~\services.exe25⤵
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\services.exeC:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\services.exe26⤵
-
-
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\winlogon.exeC:\Windows\System32\~A~m~B~u~R~a~D~u~L~\winlogon.exe25⤵
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\winlogon.exeC:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\winlogon.exe26⤵
-
-
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\Paraysutki_VM_CommunityC:\Windows\System32\~A~m~B~u~R~a~D~u~L~\Paraysutki_VM_Community25⤵
-
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Windows\System32\shimgvw.dll, ImageView_Fullscreen25⤵
-
-
C:\Windows\SysWOW64\ping.exeping www.duniasex.com -n 65500 -l 134025⤵
- System Network Configuration Discovery: Internet Connection Discovery
- Runs ping.exe
-
-
C:\Windows\SysWOW64\ping.exeping www.data0.net -n 65500 -l 134025⤵
- Runs ping.exe
-
-
C:\Windows\SysWOW64\ping.exeping www.rasasayang.com.my -n 65500 -l 134025⤵
-
-
-
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\winlogon.exeC:\Windows\System32\~A~m~B~u~R~a~D~u~L~\winlogon.exe23⤵
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\winlogon.exeC:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\winlogon.exe24⤵
-
-
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\Paraysutki_VM_CommunityC:\Windows\System32\~A~m~B~u~R~a~D~u~L~\Paraysutki_VM_Community23⤵
-
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Windows\System32\shimgvw.dll, ImageView_Fullscreen23⤵
-
-
C:\Windows\SysWOW64\ping.exeping www.duniasex.com -n 65500 -l 134023⤵
-
-
C:\Windows\SysWOW64\ping.exeping www.data0.net -n 65500 -l 134023⤵
- Runs ping.exe
-
-
C:\Windows\SysWOW64\ping.exeping www.rasasayang.com.my -n 65500 -l 134023⤵
- System Network Configuration Discovery: Internet Connection Discovery
-
-
-
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\services.exeC:\Windows\System32\~A~m~B~u~R~a~D~u~L~\services.exe21⤵
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\services.exeC:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\services.exe22⤵
-
-
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\winlogon.exeC:\Windows\System32\~A~m~B~u~R~a~D~u~L~\winlogon.exe21⤵
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\winlogon.exeC:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\winlogon.exe22⤵
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\csrss.exeC:\Windows\System32\~A~m~B~u~R~a~D~u~L~\csrss.exe23⤵
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\csrss.exeC:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\csrss.exe24⤵
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\csrss.exeC:\Windows\System32\~A~m~B~u~R~a~D~u~L~\csrss.exe25⤵
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\csrss.exeC:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\csrss.exe26⤵
-
-
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\smss.exeC:\Windows\System32\~A~m~B~u~R~a~D~u~L~\smss.exe25⤵
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\smss.exeC:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\smss.exe26⤵
-
-
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\lsass.exeC:\Windows\System32\~A~m~B~u~R~a~D~u~L~\lsass.exe25⤵
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\lsass.exeC:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\lsass.exe26⤵
-
-
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\services.exeC:\Windows\System32\~A~m~B~u~R~a~D~u~L~\services.exe25⤵
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\services.exeC:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\services.exe26⤵
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\csrss.exeC:\Windows\System32\~A~m~B~u~R~a~D~u~L~\csrss.exe27⤵
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\csrss.exeC:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\csrss.exe28⤵
-
-
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\smss.exeC:\Windows\System32\~A~m~B~u~R~a~D~u~L~\smss.exe27⤵
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\smss.exeC:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\smss.exe28⤵
-
-
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\lsass.exeC:\Windows\System32\~A~m~B~u~R~a~D~u~L~\lsass.exe27⤵
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\lsass.exeC:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\lsass.exe28⤵
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\csrss.exeC:\Windows\System32\~A~m~B~u~R~a~D~u~L~\csrss.exe29⤵
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\csrss.exeC:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\csrss.exe30⤵
-
-
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\smss.exeC:\Windows\System32\~A~m~B~u~R~a~D~u~L~\smss.exe29⤵
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\smss.exeC:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\smss.exe30⤵
-
-
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\lsass.exeC:\Windows\System32\~A~m~B~u~R~a~D~u~L~\lsass.exe29⤵
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\lsass.exeC:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\lsass.exe30⤵
-
-
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\services.exeC:\Windows\System32\~A~m~B~u~R~a~D~u~L~\services.exe29⤵
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\services.exeC:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\services.exe30⤵
-
-
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\winlogon.exeC:\Windows\System32\~A~m~B~u~R~a~D~u~L~\winlogon.exe29⤵
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\winlogon.exeC:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\winlogon.exe30⤵
-
-
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\Paraysutki_VM_CommunityC:\Windows\System32\~A~m~B~u~R~a~D~u~L~\Paraysutki_VM_Community29⤵
-
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Windows\System32\shimgvw.dll, ImageView_Fullscreen29⤵
-
-
C:\Windows\SysWOW64\ping.exeping www.duniasex.com -n 65500 -l 134029⤵
-
-
C:\Windows\SysWOW64\ping.exeping www.data0.net -n 65500 -l 134029⤵
- System Network Configuration Discovery: Internet Connection Discovery
-
-
C:\Windows\SysWOW64\ping.exeping www.rasasayang.com.my -n 65500 -l 134029⤵
-
-
-
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\services.exeC:\Windows\System32\~A~m~B~u~R~a~D~u~L~\services.exe27⤵
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\services.exeC:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\services.exe28⤵
-
-
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\winlogon.exeC:\Windows\System32\~A~m~B~u~R~a~D~u~L~\winlogon.exe27⤵
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\winlogon.exeC:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\winlogon.exe28⤵
-
-
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\Paraysutki_VM_CommunityC:\Windows\System32\~A~m~B~u~R~a~D~u~L~\Paraysutki_VM_Community27⤵
-
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Windows\System32\shimgvw.dll, ImageView_Fullscreen27⤵
-
-
C:\Windows\SysWOW64\ping.exeping www.duniasex.com -n 65500 -l 134027⤵
- Runs ping.exe
-
-
C:\Windows\SysWOW64\ping.exeping www.data0.net -n 65500 -l 134027⤵
- Runs ping.exe
-
-
C:\Windows\SysWOW64\ping.exeping www.rasasayang.com.my -n 65500 -l 134027⤵
- System Network Configuration Discovery: Internet Connection Discovery
-
-
-
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\winlogon.exeC:\Windows\System32\~A~m~B~u~R~a~D~u~L~\winlogon.exe25⤵
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\winlogon.exeC:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\winlogon.exe26⤵
-
-
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\Paraysutki_VM_CommunityC:\Windows\System32\~A~m~B~u~R~a~D~u~L~\Paraysutki_VM_Community25⤵
-
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Windows\System32\shimgvw.dll, ImageView_Fullscreen25⤵
-
-
C:\Windows\SysWOW64\ping.exeping www.duniasex.com -n 65500 -l 134025⤵
- Runs ping.exe
-
-
C:\Windows\SysWOW64\ping.exeping www.data0.net -n 65500 -l 134025⤵
- Runs ping.exe
-
-
C:\Windows\SysWOW64\ping.exeping www.rasasayang.com.my -n 65500 -l 134025⤵
- Runs ping.exe
-
-
-
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\smss.exeC:\Windows\System32\~A~m~B~u~R~a~D~u~L~\smss.exe23⤵
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\smss.exeC:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\smss.exe24⤵
-
-
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\lsass.exeC:\Windows\System32\~A~m~B~u~R~a~D~u~L~\lsass.exe23⤵
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\lsass.exeC:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\lsass.exe24⤵
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\csrss.exeC:\Windows\System32\~A~m~B~u~R~a~D~u~L~\csrss.exe25⤵
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\csrss.exeC:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\csrss.exe26⤵
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\csrss.exeC:\Windows\System32\~A~m~B~u~R~a~D~u~L~\csrss.exe27⤵
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\csrss.exeC:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\csrss.exe28⤵
-
-
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\smss.exeC:\Windows\System32\~A~m~B~u~R~a~D~u~L~\smss.exe27⤵
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\smss.exeC:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\smss.exe28⤵
-
-
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\lsass.exeC:\Windows\System32\~A~m~B~u~R~a~D~u~L~\lsass.exe27⤵
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\lsass.exeC:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\lsass.exe28⤵
-
-
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\services.exeC:\Windows\System32\~A~m~B~u~R~a~D~u~L~\services.exe27⤵
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\services.exeC:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\services.exe28⤵
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\csrss.exeC:\Windows\System32\~A~m~B~u~R~a~D~u~L~\csrss.exe29⤵
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\csrss.exeC:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\csrss.exe30⤵
-
-
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\smss.exeC:\Windows\System32\~A~m~B~u~R~a~D~u~L~\smss.exe29⤵
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\smss.exeC:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\smss.exe30⤵
-
-
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\lsass.exeC:\Windows\System32\~A~m~B~u~R~a~D~u~L~\lsass.exe29⤵
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\lsass.exeC:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\lsass.exe30⤵
-
-
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\services.exeC:\Windows\System32\~A~m~B~u~R~a~D~u~L~\services.exe29⤵
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\services.exeC:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\services.exe30⤵
-
-
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\winlogon.exeC:\Windows\System32\~A~m~B~u~R~a~D~u~L~\winlogon.exe29⤵
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\winlogon.exeC:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\winlogon.exe30⤵
-
-
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\Paraysutki_VM_CommunityC:\Windows\System32\~A~m~B~u~R~a~D~u~L~\Paraysutki_VM_Community29⤵
-
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Windows\System32\shimgvw.dll, ImageView_Fullscreen29⤵
-
-
C:\Windows\SysWOW64\ping.exeping www.duniasex.com -n 65500 -l 134029⤵
-
-
C:\Windows\SysWOW64\ping.exeping www.data0.net -n 65500 -l 134029⤵
-
-
C:\Windows\SysWOW64\ping.exeping www.rasasayang.com.my -n 65500 -l 134029⤵
- Runs ping.exe
-
-
-
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\winlogon.exeC:\Windows\System32\~A~m~B~u~R~a~D~u~L~\winlogon.exe27⤵
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\winlogon.exeC:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\winlogon.exe28⤵
-
-
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\Paraysutki_VM_CommunityC:\Windows\System32\~A~m~B~u~R~a~D~u~L~\Paraysutki_VM_Community27⤵
-
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Windows\System32\shimgvw.dll, ImageView_Fullscreen27⤵
-
-
C:\Windows\SysWOW64\ping.exeping www.duniasex.com -n 65500 -l 134027⤵
- Runs ping.exe
-
-
C:\Windows\SysWOW64\ping.exeping www.data0.net -n 65500 -l 134027⤵
-
-
C:\Windows\SysWOW64\ping.exeping www.rasasayang.com.my -n 65500 -l 134027⤵
- Runs ping.exe
-
-
-
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\smss.exeC:\Windows\System32\~A~m~B~u~R~a~D~u~L~\smss.exe25⤵
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\smss.exeC:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\smss.exe26⤵
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\csrss.exeC:\Windows\System32\~A~m~B~u~R~a~D~u~L~\csrss.exe27⤵
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\csrss.exeC:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\csrss.exe28⤵
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\csrss.exeC:\Windows\System32\~A~m~B~u~R~a~D~u~L~\csrss.exe29⤵
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\csrss.exeC:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\csrss.exe30⤵
-
-
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\smss.exeC:\Windows\System32\~A~m~B~u~R~a~D~u~L~\smss.exe29⤵
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\smss.exeC:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\smss.exe30⤵
-
-
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\lsass.exeC:\Windows\System32\~A~m~B~u~R~a~D~u~L~\lsass.exe29⤵
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\lsass.exeC:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\lsass.exe30⤵
-
-
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\services.exeC:\Windows\System32\~A~m~B~u~R~a~D~u~L~\services.exe29⤵
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\services.exeC:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\services.exe30⤵
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\csrss.exeC:\Windows\System32\~A~m~B~u~R~a~D~u~L~\csrss.exe31⤵
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\csrss.exeC:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\csrss.exe32⤵
-
-
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\smss.exeC:\Windows\System32\~A~m~B~u~R~a~D~u~L~\smss.exe31⤵
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\smss.exeC:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\smss.exe32⤵
-
-
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\lsass.exeC:\Windows\System32\~A~m~B~u~R~a~D~u~L~\lsass.exe31⤵
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\lsass.exeC:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\lsass.exe32⤵
-
-
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\services.exeC:\Windows\System32\~A~m~B~u~R~a~D~u~L~\services.exe31⤵
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\services.exeC:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\services.exe32⤵
-
-
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\winlogon.exeC:\Windows\System32\~A~m~B~u~R~a~D~u~L~\winlogon.exe31⤵
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\winlogon.exeC:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\winlogon.exe32⤵
-
-
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\Paraysutki_VM_CommunityC:\Windows\System32\~A~m~B~u~R~a~D~u~L~\Paraysutki_VM_Community31⤵
-
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Windows\System32\shimgvw.dll, ImageView_Fullscreen31⤵
-
-
C:\Windows\SysWOW64\ping.exeping www.duniasex.com -n 65500 -l 134031⤵
-
-
C:\Windows\SysWOW64\ping.exeping www.data0.net -n 65500 -l 134031⤵
- System Network Configuration Discovery: Internet Connection Discovery
-
-
C:\Windows\SysWOW64\ping.exeping www.rasasayang.com.my -n 65500 -l 134031⤵
-
-
-
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\winlogon.exeC:\Windows\System32\~A~m~B~u~R~a~D~u~L~\winlogon.exe29⤵
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\winlogon.exeC:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\winlogon.exe30⤵
-
-
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\Paraysutki_VM_CommunityC:\Windows\System32\~A~m~B~u~R~a~D~u~L~\Paraysutki_VM_Community29⤵
-
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Windows\System32\shimgvw.dll, ImageView_Fullscreen29⤵
-
-
C:\Windows\SysWOW64\ping.exeping www.duniasex.com -n 65500 -l 134029⤵
-
-
C:\Windows\SysWOW64\ping.exeping www.data0.net -n 65500 -l 134029⤵
-
-
C:\Windows\SysWOW64\ping.exeping www.rasasayang.com.my -n 65500 -l 134029⤵
-
-
-
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\smss.exeC:\Windows\System32\~A~m~B~u~R~a~D~u~L~\smss.exe27⤵
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\smss.exeC:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\smss.exe28⤵
-
-
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\lsass.exeC:\Windows\System32\~A~m~B~u~R~a~D~u~L~\lsass.exe27⤵
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\lsass.exeC:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\lsass.exe28⤵
-
-
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\services.exeC:\Windows\System32\~A~m~B~u~R~a~D~u~L~\services.exe27⤵
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\services.exeC:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\services.exe28⤵
-
-
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\winlogon.exeC:\Windows\System32\~A~m~B~u~R~a~D~u~L~\winlogon.exe27⤵
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\winlogon.exeC:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\winlogon.exe28⤵
-
-
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\Paraysutki_VM_CommunityC:\Windows\System32\~A~m~B~u~R~a~D~u~L~\Paraysutki_VM_Community27⤵
-
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Windows\System32\shimgvw.dll, ImageView_Fullscreen27⤵
-
-
C:\Windows\SysWOW64\ping.exeping www.duniasex.com -n 65500 -l 134027⤵
- System Network Configuration Discovery: Internet Connection Discovery
-
-
C:\Windows\SysWOW64\ping.exeping www.data0.net -n 65500 -l 134027⤵
- System Network Configuration Discovery: Internet Connection Discovery
-
-
C:\Windows\SysWOW64\ping.exeping www.rasasayang.com.my -n 65500 -l 134027⤵
-
-
-
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\lsass.exeC:\Windows\System32\~A~m~B~u~R~a~D~u~L~\lsass.exe25⤵
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\lsass.exeC:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\lsass.exe26⤵
-
-
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\services.exeC:\Windows\System32\~A~m~B~u~R~a~D~u~L~\services.exe25⤵
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\services.exeC:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\services.exe26⤵
-
-
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\winlogon.exeC:\Windows\System32\~A~m~B~u~R~a~D~u~L~\winlogon.exe25⤵
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\winlogon.exeC:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\winlogon.exe26⤵
-
-
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\Paraysutki_VM_CommunityC:\Windows\System32\~A~m~B~u~R~a~D~u~L~\Paraysutki_VM_Community25⤵
-
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Windows\System32\shimgvw.dll, ImageView_Fullscreen25⤵
-
-
C:\Windows\SysWOW64\ping.exeping www.duniasex.com -n 65500 -l 134025⤵
- System Network Configuration Discovery: Internet Connection Discovery
-
-
C:\Windows\SysWOW64\ping.exeping www.data0.net -n 65500 -l 134025⤵
- Runs ping.exe
-
-
C:\Windows\SysWOW64\ping.exeping www.rasasayang.com.my -n 65500 -l 134025⤵
- System Network Configuration Discovery: Internet Connection Discovery
-
-
-
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\services.exeC:\Windows\System32\~A~m~B~u~R~a~D~u~L~\services.exe23⤵
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\services.exeC:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\services.exe24⤵
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\csrss.exeC:\Windows\System32\~A~m~B~u~R~a~D~u~L~\csrss.exe25⤵
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\csrss.exeC:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\csrss.exe26⤵
-
-
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\smss.exeC:\Windows\System32\~A~m~B~u~R~a~D~u~L~\smss.exe25⤵
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\smss.exeC:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\smss.exe26⤵
-
-
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\lsass.exeC:\Windows\System32\~A~m~B~u~R~a~D~u~L~\lsass.exe25⤵
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\lsass.exeC:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\lsass.exe26⤵
-
-
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\services.exeC:\Windows\System32\~A~m~B~u~R~a~D~u~L~\services.exe25⤵
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\services.exeC:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\services.exe26⤵
-
-
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\winlogon.exeC:\Windows\System32\~A~m~B~u~R~a~D~u~L~\winlogon.exe25⤵
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\winlogon.exeC:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\winlogon.exe26⤵
-
-
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\Paraysutki_VM_CommunityC:\Windows\System32\~A~m~B~u~R~a~D~u~L~\Paraysutki_VM_Community25⤵
-
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Windows\System32\shimgvw.dll, ImageView_Fullscreen25⤵
-
-
C:\Windows\SysWOW64\ping.exeping www.duniasex.com -n 65500 -l 134025⤵
-
-
C:\Windows\SysWOW64\ping.exeping www.data0.net -n 65500 -l 134025⤵
- System Network Configuration Discovery: Internet Connection Discovery
-
-
C:\Windows\SysWOW64\ping.exeping www.rasasayang.com.my -n 65500 -l 134025⤵
- System Network Configuration Discovery: Internet Connection Discovery
-
-
-
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\winlogon.exeC:\Windows\System32\~A~m~B~u~R~a~D~u~L~\winlogon.exe23⤵
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\winlogon.exeC:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\winlogon.exe24⤵
-
-
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\Paraysutki_VM_CommunityC:\Windows\System32\~A~m~B~u~R~a~D~u~L~\Paraysutki_VM_Community23⤵
-
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Windows\System32\shimgvw.dll, ImageView_Fullscreen23⤵
-
-
C:\Windows\SysWOW64\ping.exeping www.duniasex.com -n 65500 -l 134023⤵
-
-
C:\Windows\SysWOW64\ping.exeping www.data0.net -n 65500 -l 134023⤵
- System Network Configuration Discovery: Internet Connection Discovery
- Runs ping.exe
-
-
C:\Windows\SysWOW64\ping.exeping www.rasasayang.com.my -n 65500 -l 134023⤵
- Runs ping.exe
-
-
-
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\Paraysutki_VM_CommunityC:\Windows\System32\~A~m~B~u~R~a~D~u~L~\Paraysutki_VM_Community21⤵
-
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Windows\System32\shimgvw.dll, ImageView_Fullscreen21⤵
-
-
C:\Windows\SysWOW64\ping.exeping www.duniasex.com -n 65500 -l 134021⤵
- Runs ping.exe
-
-
C:\Windows\SysWOW64\ping.exeping www.data0.net -n 65500 -l 134021⤵
- Runs ping.exe
-
-
C:\Windows\SysWOW64\ping.exeping www.rasasayang.com.my -n 65500 -l 134021⤵
- System Network Configuration Discovery: Internet Connection Discovery
- Runs ping.exe
-
-
-
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\lsass.exeC:\Windows\System32\~A~m~B~u~R~a~D~u~L~\lsass.exe19⤵
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\lsass.exeC:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\lsass.exe20⤵
-
-
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\services.exeC:\Windows\System32\~A~m~B~u~R~a~D~u~L~\services.exe19⤵
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\services.exeC:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\services.exe20⤵
-
-
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\winlogon.exeC:\Windows\System32\~A~m~B~u~R~a~D~u~L~\winlogon.exe19⤵
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\winlogon.exeC:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\winlogon.exe20⤵
-
-
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\Paraysutki_VM_CommunityC:\Windows\System32\~A~m~B~u~R~a~D~u~L~\Paraysutki_VM_Community19⤵
-
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Windows\System32\shimgvw.dll, ImageView_Fullscreen19⤵
-
-
C:\Windows\SysWOW64\ping.exeping www.duniasex.com -n 65500 -l 134019⤵
-
-
C:\Windows\SysWOW64\ping.exeping www.data0.net -n 65500 -l 134019⤵
- System Network Configuration Discovery: Internet Connection Discovery
-
-
C:\Windows\SysWOW64\ping.exeping www.rasasayang.com.my -n 65500 -l 134019⤵
- System Network Configuration Discovery: Internet Connection Discovery
-
-
-
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\Paraysutki_VM_CommunityC:\Windows\System32\~A~m~B~u~R~a~D~u~L~\Paraysutki_VM_Community17⤵
-
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Windows\System32\shimgvw.dll, ImageView_Fullscreen17⤵
-
-
C:\Windows\SysWOW64\ping.exeping www.duniasex.com -n 65500 -l 134017⤵
-
-
C:\Windows\SysWOW64\ping.exeping www.data0.net -n 65500 -l 134017⤵
- Runs ping.exe
-
-
C:\Windows\SysWOW64\ping.exeping www.rasasayang.com.my -n 65500 -l 134017⤵
- Runs ping.exe
-
-
-
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\services.exeC:\Windows\System32\~A~m~B~u~R~a~D~u~L~\services.exe15⤵
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\services.exeC:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\services.exe16⤵
-
-
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\winlogon.exeC:\Windows\System32\~A~m~B~u~R~a~D~u~L~\winlogon.exe15⤵
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\winlogon.exeC:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\winlogon.exe16⤵
-
-
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\Paraysutki_VM_CommunityC:\Windows\System32\~A~m~B~u~R~a~D~u~L~\Paraysutki_VM_Community15⤵
-
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Windows\System32\shimgvw.dll, ImageView_Fullscreen15⤵
-
-
C:\Windows\SysWOW64\ping.exeping www.duniasex.com -n 65500 -l 134015⤵
- System Network Configuration Discovery: Internet Connection Discovery
-
-
C:\Windows\SysWOW64\ping.exeping www.data0.net -n 65500 -l 134015⤵
- Runs ping.exe
-
-
C:\Windows\SysWOW64\ping.exeping www.rasasayang.com.my -n 65500 -l 134015⤵
- System Network Configuration Discovery: Internet Connection Discovery
-
-
-
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\lsass.exeC:\Windows\System32\~A~m~B~u~R~a~D~u~L~\lsass.exe13⤵
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\lsass.exeC:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\lsass.exe14⤵
-
-
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\services.exeC:\Windows\System32\~A~m~B~u~R~a~D~u~L~\services.exe13⤵
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\services.exeC:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\services.exe14⤵
-
-
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\winlogon.exeC:\Windows\System32\~A~m~B~u~R~a~D~u~L~\winlogon.exe13⤵
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\winlogon.exeC:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\winlogon.exe14⤵
-
-
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\Paraysutki_VM_CommunityC:\Windows\System32\~A~m~B~u~R~a~D~u~L~\Paraysutki_VM_Community13⤵
-
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Windows\System32\shimgvw.dll, ImageView_Fullscreen13⤵
-
-
C:\Windows\SysWOW64\ping.exeping www.duniasex.com -n 65500 -l 134013⤵
- System Network Configuration Discovery: Internet Connection Discovery
-
-
C:\Windows\SysWOW64\ping.exeping www.data0.net -n 65500 -l 134013⤵
- System Network Configuration Discovery: Internet Connection Discovery
-
-
C:\Windows\SysWOW64\ping.exeping www.rasasayang.com.my -n 65500 -l 134013⤵
-
-
-
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\Paraysutki_VM_CommunityC:\Windows\System32\~A~m~B~u~R~a~D~u~L~\Paraysutki_VM_Community11⤵
-
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Windows\System32\shimgvw.dll, ImageView_Fullscreen11⤵
-
-
C:\Windows\SysWOW64\ping.exeping www.duniasex.com -n 65500 -l 134011⤵
-
-
C:\Windows\SysWOW64\ping.exeping www.data0.net -n 65500 -l 134011⤵
-
-
C:\Windows\SysWOW64\ping.exeping www.rasasayang.com.my -n 65500 -l 134011⤵
-
-
-
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\winlogon.exeC:\Windows\System32\~A~m~B~u~R~a~D~u~L~\winlogon.exe9⤵
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\winlogon.exeC:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\winlogon.exe10⤵
-
-
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\Paraysutki_VM_CommunityC:\Windows\System32\~A~m~B~u~R~a~D~u~L~\Paraysutki_VM_Community9⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Windows\System32\shimgvw.dll, ImageView_Fullscreen9⤵
- Suspicious use of FindShellTrayWindow
-
-
C:\Windows\SysWOW64\ping.exeping www.duniasex.com -n 65500 -l 13409⤵
- Runs ping.exe
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV110⤵
-
-
-
C:\Windows\SysWOW64\ping.exeping www.data0.net -n 65500 -l 13409⤵
- System Network Configuration Discovery: Internet Connection Discovery
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV110⤵
-
-
-
C:\Windows\SysWOW64\ping.exeping www.rasasayang.com.my -n 65500 -l 13409⤵
- System Network Configuration Discovery: Internet Connection Discovery
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV110⤵
-
-
-
-
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\Paraysutki_VM_CommunityC:\Windows\System32\~A~m~B~u~R~a~D~u~L~\Paraysutki_VM_Community7⤵
-
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Windows\System32\shimgvw.dll, ImageView_Fullscreen7⤵
- Suspicious use of FindShellTrayWindow
-
-
C:\Windows\SysWOW64\ping.exeping www.duniasex.com -n 65500 -l 13407⤵
- System Location Discovery: System Language Discovery
- System Network Configuration Discovery: Internet Connection Discovery
-
-
C:\Windows\SysWOW64\ping.exeping www.data0.net -n 65500 -l 13407⤵
- System Network Configuration Discovery: Internet Connection Discovery
- Runs ping.exe
-
-
C:\Windows\SysWOW64\ping.exeping www.rasasayang.com.my -n 65500 -l 13407⤵
- Runs ping.exe
-
-
-
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\lsass.exeC:\Windows\System32\~A~m~B~u~R~a~D~u~L~\lsass.exe5⤵
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\lsass.exeC:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\lsass.exe6⤵
-
-
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\services.exeC:\Windows\System32\~A~m~B~u~R~a~D~u~L~\services.exe5⤵
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\services.exeC:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\services.exe6⤵
- Modifies WinLogon for persistence
- Modifies visibility of file extensions in Explorer
- Modifies visiblity of hidden/system files in Explorer
- UAC bypass
- Disables RegEdit via registry modification
- Event Triggered Execution: Image File Execution Options Injection
- Modifies system executable filetype association
- Adds Run key to start application
- Checks whether UAC is enabled
- Modifies Internet Explorer settings
- Modifies registry class
- System policy modification
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\csrss.exeC:\Windows\System32\~A~m~B~u~R~a~D~u~L~\csrss.exe7⤵
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\csrss.exeC:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\csrss.exe8⤵
-
-
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\smss.exeC:\Windows\System32\~A~m~B~u~R~a~D~u~L~\smss.exe7⤵
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\smss.exeC:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\smss.exe8⤵
-
-
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\lsass.exeC:\Windows\System32\~A~m~B~u~R~a~D~u~L~\lsass.exe7⤵
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\lsass.exeC:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\lsass.exe8⤵
-
-
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\services.exeC:\Windows\System32\~A~m~B~u~R~a~D~u~L~\services.exe7⤵
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\services.exeC:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\services.exe8⤵
-
-
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\winlogon.exeC:\Windows\System32\~A~m~B~u~R~a~D~u~L~\winlogon.exe7⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\winlogon.exeC:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\winlogon.exe8⤵
-
-
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\Paraysutki_VM_CommunityC:\Windows\System32\~A~m~B~u~R~a~D~u~L~\Paraysutki_VM_Community7⤵
- Drops file in System32 directory
-
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Windows\System32\shimgvw.dll, ImageView_Fullscreen7⤵
- Suspicious use of FindShellTrayWindow
-
-
C:\Windows\SysWOW64\ping.exeping www.duniasex.com -n 65500 -l 13407⤵
-
-
C:\Windows\SysWOW64\ping.exeping www.data0.net -n 65500 -l 13407⤵
- System Network Configuration Discovery: Internet Connection Discovery
-
-
C:\Windows\SysWOW64\ping.exeping www.rasasayang.com.my -n 65500 -l 13407⤵
-
-
-
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\winlogon.exeC:\Windows\System32\~A~m~B~u~R~a~D~u~L~\winlogon.exe5⤵
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\winlogon.exeC:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\winlogon.exe6⤵
- System Location Discovery: System Language Discovery
-
-
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\Paraysutki_VM_CommunityC:\Windows\System32\~A~m~B~u~R~a~D~u~L~\Paraysutki_VM_Community5⤵
-
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Windows\System32\shimgvw.dll, ImageView_Fullscreen5⤵
- Suspicious use of FindShellTrayWindow
-
-
C:\Windows\SysWOW64\ping.exeping www.duniasex.com -n 65500 -l 13405⤵
-
-
C:\Windows\SysWOW64\ping.exeping www.data0.net -n 65500 -l 13405⤵
-
-
C:\Windows\SysWOW64\ping.exeping www.rasasayang.com.my -n 65500 -l 13405⤵
- System Network Configuration Discovery: Internet Connection Discovery
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV16⤵
-
-
-
-
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\smss.exeC:\Windows\System32\~A~m~B~u~R~a~D~u~L~\smss.exe3⤵
- Executes dropped EXE
- Loads dropped DLL
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\smss.exeC:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\smss.exe4⤵
- Loads dropped DLL
-
-
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\lsass.exeC:\Windows\System32\~A~m~B~u~R~a~D~u~L~\lsass.exe3⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\lsass.exeC:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\lsass.exe4⤵
-
-
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\services.exeC:\Windows\System32\~A~m~B~u~R~a~D~u~L~\services.exe3⤵
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\services.exeC:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\services.exe4⤵
-
-
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\winlogon.exeC:\Windows\System32\~A~m~B~u~R~a~D~u~L~\winlogon.exe3⤵
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\winlogon.exeC:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\winlogon.exe4⤵
- System Location Discovery: System Language Discovery
-
-
-
C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\Paraysutki_VM_CommunityC:\Windows\System32\~A~m~B~u~R~a~D~u~L~\Paraysutki_VM_Community3⤵
-
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Windows\System32\shimgvw.dll, ImageView_Fullscreen3⤵
- Suspicious use of FindShellTrayWindow
-
-
C:\Windows\SysWOW64\ping.exeping www.duniasex.com -n 65500 -l 13403⤵
- System Network Configuration Discovery: Internet Connection Discovery
-
-
C:\Windows\SysWOW64\ping.exeping www.data0.net -n 65500 -l 13403⤵
- System Network Configuration Discovery: Internet Connection Discovery
- Runs ping.exe
-
-
C:\Windows\SysWOW64\ping.exeping www.rasasayang.com.my -n 65500 -l 13403⤵
- System Network Configuration Discovery: Internet Connection Discovery
- Runs ping.exe
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=4768,i,2904906934812054273,11716976550456127484,262144 --variations-seed-version --mojo-platform-channel-handle=1284 /prefetch:81⤵
Network
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Event Triggered Execution
2Change Default File Association
1Image File Execution Options Injection
1Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Event Triggered Execution
2Change Default File Association
1Image File Execution Options Injection
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Hide Artifacts
2Hidden Files and Directories
2Impair Defenses
1Disable or Modify Tools
1Modify Registry
8Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
50KB
MD569beac0954c38e170a6db8c50fe6a055
SHA12b16d43fa9c5d042a030b9267846cf254d47da75
SHA2562f850319eb8dcefbd7d7c2f405c9b5a9e76ca7ebda34751017e2f23c01a00e8e
SHA512c219d6d014898394116b1b19ac330143396af470198334f01b2944049b5bb9fe2c5febfcb040ff6ed2e75416908b7089ff0261b7c7c2029a60c3cae8a01666a1
-
Filesize
76KB
MD5cee60045accb273d4fa45747fea23930
SHA162e698eb0488f94ed067e70fc3300ebb0e4fc1bc
SHA256552f803d34e9f3f4db353cff4b4b659efd949e305ded2aebe3c5e17994427aac
SHA5123e2fbf32446b3276ce9284cfc6c09095dfcb921ed6ef2c34a1653e51453f34fcbcd13aaeebf4f0757aac7630d26385b031f72d9c4dea33fa421f1899dad8729f
-
Filesize
1.4MB
MD525f62c02619174b35851b0e0455b3d94
SHA14e8ee85157f1769f6e3f61c0acbe59072209da71
SHA256898288bd3b21d0e7d5f406df2e0b69a5bbfa4f241baf29a2cdf8a3cf4d4619f2
SHA512f4529fd9eca4e4696f7f06874866ff98a1447a9b0d3a20ef0de54d4d694e2497fd39c452f73fab9b8a02962a7b2b88d1e85f6e35c7cbcb9555003c6828bebc3a
-
Filesize
127KB
MD57567a5ca96034d203483ec9d22652a01
SHA16bb6b3c1449d4399d89148ce98e20439c19222a9
SHA256e6d8c62b5ae188fabf5f535c2a514670feebf2811af13d7bde43b1aef6de042c
SHA512b4bba57ba9b7b2219fbed2de39ddfd9909a58bcb212eb1e50e259c864abacc9ecfc4d73f81500f2b5a8dcdcc3c21a29a4e1ea018d20958e331a6474548441310
-
Filesize
76KB
MD5ec9500e36a58d82e112c439183c3476b
SHA1ac945390a007ca9918774c5ab55c30ff8fbc1712
SHA25626cb03207727837b5c15048afd21c06dfcf30e1cec12e3397e910837271a7147
SHA512f8e69e57028eb00affac277d216ec4422dc1f3bbd636bb6315b47289aa4e4bf8835a4e13149b9ed759579cf475d19f918b44b1b47b8f7c7af9f979f8a0ef0a13
-
Filesize
8B
MD524865ca220aa1936cbac0a57685217c5
SHA137f687cafe79e91eae6cbdffbf2f7ad3975f5e83
SHA256841e95fa333ed89085bfbab19bb658d96ed0c837d25721411233fa55c860c743
SHA512c8d3f514c72f48fed5de9582c4252cf5466a9d32866d8df3631ba9274ed734bb95139e4909e8116a10947fc1afa1dbeb33809da6ec050e6e4eb83d5241aeb062
-
Filesize
128KB
-
Filesize
128KB
-
Filesize
128KB
-
Filesize
128KB
-
Filesize
128KB
-
Filesize
128KB
-
Filesize
128KB
-
Filesize
128KB
-
Filesize
128KB
-
Filesize
128KB
-
Filesize
128KB
-
Filesize
128KB
-
Filesize
128KB
-
Filesize
128KB
-
Filesize
128KB
-
Filesize
128KB
-
Filesize
128KB
-
Filesize
128KB
-
Filesize
128KB
-
Filesize
128KB
-
Filesize
128KB
-
Filesize
128KB
-
Filesize
128KB
-
Filesize
128KB
-
Filesize
128KB
-
Filesize
128KB
-
Filesize
128KB
-
Filesize
128KB
-
Filesize
128KB
-
Filesize
128KB
-
Filesize
128KB
-
Filesize
128KB
-
Filesize
128KB
-
Filesize
128KB
-
Filesize
128KB
-
Filesize
128KB
-
Filesize
128KB
-
Filesize
128KB
-
Filesize
128KB
-
Filesize
128KB
-
Filesize
128KB
-
Filesize
128KB
-
Filesize
128KB
-
Filesize
128KB
-
Filesize
128KB
-
Filesize
128KB
-
Filesize
128KB
-
Filesize
128KB
-
Filesize
128KB
-
Filesize
128KB
-
Filesize
128KB
-
Filesize
128KB
-
Filesize
128KB
-
Filesize
128KB
-
Filesize
128KB
-
Filesize
128KB
-
Filesize
128KB
-
Filesize
128KB
-
Filesize
128KB
-
Filesize
128KB
-
Filesize
128KB
-
Filesize
128KB
-
Filesize
128KB
-
Filesize
128KB
-
Filesize
128KB
-
Filesize
128KB
-
Filesize
128KB
-
Filesize
128KB
-
Filesize
128KB
-
Filesize
128KB
-
Filesize
128KB
-
Filesize
128KB
-
Filesize
128KB
-
Filesize
128KB
-
Filesize
128KB
-
Filesize
128KB
-
Filesize
128KB
-
Filesize
128KB
-
Filesize
128KB
-
Filesize
128KB
-
Filesize
128KB
-
Filesize
128KB
-
Filesize
128KB
-
Filesize
128KB
-
Filesize
128KB
-
Filesize
128KB
-
Filesize
128KB
-
Filesize
128KB
-
Filesize
128KB
-
Filesize
128KB
-
Filesize
128KB
-
Filesize
128KB
-
Filesize
128KB
-
Filesize
128KB
-
Filesize
128KB
-
Filesize
128KB