asyncrat | 28d86a07879646a56eb6540184ba97968909b23bcfd85e902ae868521c311e81

Analysis

max time kernel
1s
max time network
39s
platform
windows10-ltsc 2021_x64
resource
win10ltsc2021-20241211-en
resource tags

arch:x64arch:x86image:win10ltsc2021-20241211-enlocale:en-usos:windows10-ltsc 2021-x64system
submitted
04/01/2025, 12:57 UTC

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Hackus.exe
Size

3.0MB
MD5

9c663208365a83ec2b477cccb6467b48
SHA1

e7b1ade7745edb3728819e91e63cbc8150bef850
SHA256

28d86a07879646a56eb6540184ba97968909b23bcfd85e902ae868521c311e81
SHA512

a61c99646df0b701d1674534e7258e4714f7930f6220f93bdb15ea0c8351b8ea288c033cf388932d18986a0a5005c694933a94abb4f591b76a90867600302379
SSDEEP

24576:Fl66l+Tg33ypYcJ52Ymx35h0s5zQ+6fe05bdgBJrGrdqDwEHK2oJ8BoZecPKeNlb:FLlP3G5KT6W0/KJQdqsF5JcJ+l2VbbU

Score

10^/10

asyncrat stormkitty default discovery rat stealer

Malware Config

Extracted

Family

asyncrat

Botnet

Default

127.0.0.1:6606

127.0.0.1:7707

127.0.0.1:8808

https://api.telegram.org/bot7044437613:AAEXeS1SKGTrEjQ8F-7vSegWo8OLABeJY5k/sendMessage?chat_id=6052812018

Mutex

AsyncMutex_6SI8OkPnk

Attributes

delay
3
install
false
install_folder
%AppData%

aes.plain

1
rtBtiRHLviHgVJQPAQ5YBneh0xjgwhHo

Signatures

AsyncRat
AsyncRAT is designed to remotely monitor and control other computers written in C#.
rat asyncrat
Asyncrat family
asyncrat
StormKitty
StormKitty is an open source info stealer written in C#.
stealer stormkitty

StormKitty payload 2 IoCs

resource	yara_rule
behavioral1/files/0x0005000000045858-4.dat	family_stormkitty
behavioral1/memory/2912-15-0x0000000000260000-0x0000000000292000-memory.dmp	family_stormkitty

Stormkitty family
stormkitty

Async RAT payload 1 IoCs

rat

resource	yara_rule
behavioral1/files/0x0005000000045858-4.dat	family_asyncrat

Checks computer location settings 2 TTPs 3 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-2366345620-3342093254-3461191856-1000\Control Panel\International\Geo\Nation	Hackus.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2366345620-3342093254-3461191856-1000\Control Panel\International\Geo\Nation	HACKUS.EXE
Key value queried	\REGISTRY\USER\S-1-5-21-2366345620-3342093254-3461191856-1000\Control Panel\International\Geo\Nation	HACKUS.EXE

Executes dropped EXE 3 IoCs

pid	Process
2912	LET.EXE
3784	LET.EXE
1884	LET.EXE

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 7 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	HACKUS.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	LET.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	HACKUS.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	LET.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	HACKUS.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	LET.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Hackus.exe

System Network Configuration Discovery: Wi-Fi Discovery 1 TTPs 8 IoCs

Adversaries may search for information about Wi-Fi networks, such as network names and passwords, on compromised systems.

discovery

Wi-Fi Discovery

T1016.002

pid	Process
4772	cmd.exe
5292	netsh.exe
2012	netsh.exe
5364	cmd.exe
5016	cmd.exe
5604	netsh.exe
4884	netsh.exe
5784	cmd.exe

Suspicious use of WriteProcessMemory 18 IoCs

description	pid	Process	procid_target
PID 2116 wrote to memory of 4756	2116	Hackus.exe	81
PID 2116 wrote to memory of 4756	2116	Hackus.exe	81
PID 2116 wrote to memory of 4756	2116	Hackus.exe	81
PID 2116 wrote to memory of 2912	2116	Hackus.exe	82
PID 2116 wrote to memory of 2912	2116	Hackus.exe	82
PID 2116 wrote to memory of 2912	2116	Hackus.exe	82
PID 4756 wrote to memory of 2108	4756	HACKUS.EXE	83
PID 4756 wrote to memory of 2108	4756	HACKUS.EXE	83
PID 4756 wrote to memory of 2108	4756	HACKUS.EXE	83
PID 4756 wrote to memory of 3784	4756	HACKUS.EXE	84
PID 4756 wrote to memory of 3784	4756	HACKUS.EXE	84
PID 4756 wrote to memory of 3784	4756	HACKUS.EXE	84
PID 2108 wrote to memory of 2004	2108	HACKUS.EXE	85
PID 2108 wrote to memory of 2004	2108	HACKUS.EXE	85
PID 2108 wrote to memory of 2004	2108	HACKUS.EXE	85
PID 2108 wrote to memory of 1884	2108	HACKUS.EXE	86
PID 2108 wrote to memory of 1884	2108	HACKUS.EXE	86
PID 2108 wrote to memory of 1884	2108	HACKUS.EXE	86

C:\Users\Admin\AppData\Local\Temp\Hackus.exe
"C:\Users\Admin\AppData\Local\Temp\Hackus.exe"
1⤵
- Checks computer location settings
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:2116
- C:\Users\Admin\AppData\Local\Temp\HACKUS.EXE
  "C:\Users\Admin\AppData\Local\Temp\HACKUS.EXE"
  2⤵
  - Checks computer location settings
  - System Location Discovery: System Language Discovery
  - Suspicious use of WriteProcessMemory
  PID:4756
- - C:\Users\Admin\AppData\Local\Temp\HACKUS.EXE
    "C:\Users\Admin\AppData\Local\Temp\HACKUS.EXE"
    3⤵
    - Checks computer location settings
    - System Location Discovery: System Language Discovery
    - Suspicious use of WriteProcessMemory
    PID:2108
  - - C:\Users\Admin\AppData\Local\Temp\HACKUS.EXE
      "C:\Users\Admin\AppData\Local\Temp\HACKUS.EXE"
      4⤵
      System Location Discovery: System Language Discovery
      PID:2004
    - - C:\Users\Admin\AppData\Local\Temp\HACKUS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\HACKUS.EXE"
        5⤵
        
        PID:3652
      - C:\Users\Admin\AppData\Local\Temp\HACKUS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\HACKUS.EXE"
        6⤵
        
        PID:1548
        
        C:\Users\Admin\AppData\Local\Temp\HACKUS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\HACKUS.EXE"
        7⤵
        
        PID:4056
        
        C:\Users\Admin\AppData\Local\Temp\HACKUS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\HACKUS.EXE"
        8⤵
        
        PID:2252
        
        C:\Users\Admin\AppData\Local\Temp\HACKUS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\HACKUS.EXE"
        9⤵
        
        PID:2908
        
        C:\Users\Admin\AppData\Local\Temp\HACKUS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\HACKUS.EXE"
        10⤵
        
        PID:3656
        
        C:\Users\Admin\AppData\Local\Temp\HACKUS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\HACKUS.EXE"
        11⤵
        
        PID:5068
        
        C:\Users\Admin\AppData\Local\Temp\HACKUS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\HACKUS.EXE"
        12⤵
        
        PID:60
        
        C:\Users\Admin\AppData\Local\Temp\HACKUS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\HACKUS.EXE"
        13⤵
        
        PID:4912
        
        C:\Users\Admin\AppData\Local\Temp\HACKUS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\HACKUS.EXE"
        14⤵
        
        PID:2012
        
        C:\Users\Admin\AppData\Local\Temp\HACKUS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\HACKUS.EXE"
        15⤵
        
        PID:116
        
        C:\Users\Admin\AppData\Local\Temp\HACKUS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\HACKUS.EXE"
        16⤵
        
        PID:4612
        
        C:\Users\Admin\AppData\Local\Temp\HACKUS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\HACKUS.EXE"
        17⤵
        
        PID:3448
        
        C:\Users\Admin\AppData\Local\Temp\HACKUS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\HACKUS.EXE"
        18⤵
        
        PID:760
        
        C:\Users\Admin\AppData\Local\Temp\HACKUS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\HACKUS.EXE"
        19⤵
        
        PID:1872
        
        C:\Users\Admin\AppData\Local\Temp\HACKUS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\HACKUS.EXE"
        20⤵
        
        PID:1244
        
        C:\Users\Admin\AppData\Local\Temp\HACKUS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\HACKUS.EXE"
        21⤵
        
        PID:5068
        
        C:\Users\Admin\AppData\Local\Temp\HACKUS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\HACKUS.EXE"
        22⤵
        
        PID:4712
        
        C:\Users\Admin\AppData\Local\Temp\HACKUS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\HACKUS.EXE"
        23⤵
        
        PID:5032
        
        C:\Users\Admin\AppData\Local\Temp\HACKUS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\HACKUS.EXE"
        24⤵
        
        PID:1056
        
        C:\Users\Admin\AppData\Local\Temp\HACKUS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\HACKUS.EXE"
        25⤵
        
        PID:2328
        
        C:\Users\Admin\AppData\Local\Temp\HACKUS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\HACKUS.EXE"
        26⤵
        
        PID:4584
        
        C:\Users\Admin\AppData\Local\Temp\HACKUS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\HACKUS.EXE"
        27⤵
        
        PID:5308
        
        C:\Users\Admin\AppData\Local\Temp\HACKUS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\HACKUS.EXE"
        28⤵
        
        PID:5428
        
        C:\Users\Admin\AppData\Local\Temp\HACKUS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\HACKUS.EXE"
        29⤵
        
        PID:5152
        
        C:\Users\Admin\AppData\Local\Temp\HACKUS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\HACKUS.EXE"
        30⤵
        
        PID:6120
        
        C:\Users\Admin\AppData\Local\Temp\HACKUS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\HACKUS.EXE"
        31⤵
        
        PID:6060
        
        C:\Users\Admin\AppData\Local\Temp\HACKUS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\HACKUS.EXE"
        32⤵
        
        PID:1308
        
        C:\Users\Admin\AppData\Local\Temp\HACKUS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\HACKUS.EXE"
        33⤵
        
        PID:5636
        
        C:\Users\Admin\AppData\Local\Temp\HACKUS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\HACKUS.EXE"
        34⤵
        
        PID:5776
        
        C:\Users\Admin\AppData\Local\Temp\HACKUS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\HACKUS.EXE"
        35⤵
        
        PID:5392
        
        C:\Users\Admin\AppData\Local\Temp\HACKUS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\HACKUS.EXE"
        36⤵
        
        PID:5148
        
        C:\Users\Admin\AppData\Local\Temp\HACKUS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\HACKUS.EXE"
        37⤵
        
        PID:3992
        
        C:\Users\Admin\AppData\Local\Temp\HACKUS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\HACKUS.EXE"
        38⤵
        
        PID:2676
        
        C:\Users\Admin\AppData\Local\Temp\HACKUS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\HACKUS.EXE"
        39⤵
        
        PID:4780
        
        C:\Users\Admin\AppData\Local\Temp\HACKUS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\HACKUS.EXE"
        40⤵
        
        PID:1416
        
        C:\Users\Admin\AppData\Local\Temp\HACKUS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\HACKUS.EXE"
        41⤵
        
        PID:5752
        
        C:\Users\Admin\AppData\Local\Temp\HACKUS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\HACKUS.EXE"
        42⤵
        
        PID:5988
        
        C:\Users\Admin\AppData\Local\Temp\HACKUS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\HACKUS.EXE"
        43⤵
        
        PID:4476
        
        C:\Users\Admin\AppData\Local\Temp\HACKUS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\HACKUS.EXE"
        44⤵
        
        PID:6028
        
        C:\Users\Admin\AppData\Local\Temp\HACKUS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\HACKUS.EXE"
        45⤵
        
        PID:5888
        
        C:\Users\Admin\AppData\Local\Temp\HACKUS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\HACKUS.EXE"
        46⤵
        
        PID:5780
        
        C:\Users\Admin\AppData\Local\Temp\HACKUS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\HACKUS.EXE"
        47⤵
        
        PID:6296
        
        C:\Users\Admin\AppData\Local\Temp\HACKUS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\HACKUS.EXE"
        48⤵
        
        PID:6500
        
        C:\Users\Admin\AppData\Local\Temp\HACKUS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\HACKUS.EXE"
        49⤵
        
        PID:6788
        
        C:\Users\Admin\AppData\Local\Temp\HACKUS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\HACKUS.EXE"
        50⤵
        
        PID:7076
        
        C:\Users\Admin\AppData\Local\Temp\HACKUS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\HACKUS.EXE"
        51⤵
        
        PID:6188
        
        C:\Users\Admin\AppData\Local\Temp\HACKUS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\HACKUS.EXE"
        52⤵
        
        PID:5256
        
        C:\Users\Admin\AppData\Local\Temp\HACKUS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\HACKUS.EXE"
        53⤵
        
        PID:4408
        
        C:\Users\Admin\AppData\Local\Temp\HACKUS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\HACKUS.EXE"
        54⤵
        
        PID:6580
        
        C:\Users\Admin\AppData\Local\Temp\HACKUS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\HACKUS.EXE"
        55⤵
        
        PID:6792
        
        C:\Users\Admin\AppData\Local\Temp\HACKUS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\HACKUS.EXE"
        56⤵
        
        PID:6384
        
        C:\Users\Admin\AppData\Local\Temp\HACKUS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\HACKUS.EXE"
        57⤵
        
        PID:5620
        
        C:\Users\Admin\AppData\Local\Temp\HACKUS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\HACKUS.EXE"
        58⤵
        
        PID:6292
        
        C:\Users\Admin\AppData\Local\Temp\HACKUS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\HACKUS.EXE"
        59⤵
        
        PID:5152
        
        C:\Users\Admin\AppData\Local\Temp\HACKUS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\HACKUS.EXE"
        60⤵
        
        PID:5620
        
        C:\Users\Admin\AppData\Local\Temp\HACKUS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\HACKUS.EXE"
        61⤵
        
        PID:1072
        
        C:\Users\Admin\AppData\Local\Temp\HACKUS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\HACKUS.EXE"
        62⤵
        
        PID:5328
        
        C:\Users\Admin\AppData\Local\Temp\HACKUS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\HACKUS.EXE"
        63⤵
        
        PID:7200
        
        C:\Users\Admin\AppData\Local\Temp\HACKUS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\HACKUS.EXE"
        64⤵
        
        PID:7428
        
        C:\Users\Admin\AppData\Local\Temp\HACKUS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\HACKUS.EXE"
        65⤵
        
        PID:7712
        
        C:\Users\Admin\AppData\Local\Temp\HACKUS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\HACKUS.EXE"
        66⤵
        
        PID:7860
        
        C:\Users\Admin\AppData\Local\Temp\HACKUS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\HACKUS.EXE"
        67⤵
        
        PID:8036
        
        C:\Users\Admin\AppData\Local\Temp\HACKUS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\HACKUS.EXE"
        68⤵
        
        PID:5344
        
        C:\Users\Admin\AppData\Local\Temp\LET.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\LET.EXE"
        68⤵
        
        PID:5100
        
        C:\Users\Admin\AppData\Local\Temp\LET.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\LET.EXE"
        67⤵
        
        PID:8044
        
        C:\Users\Admin\AppData\Local\Temp\LET.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\LET.EXE"
        66⤵
        
        PID:7876
        
        C:\Users\Admin\AppData\Local\Temp\LET.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\LET.EXE"
        65⤵
        
        PID:7728
        
        C:\Users\Admin\AppData\Local\Temp\LET.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\LET.EXE"
        64⤵
        
        PID:7472
        
        C:\Users\Admin\AppData\Local\Temp\LET.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\LET.EXE"
        63⤵
        
        PID:7248
        
        C:\Users\Admin\AppData\Local\Temp\LET.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\LET.EXE"
        62⤵
        
        PID:5496
        
        C:\Users\Admin\AppData\Local\Temp\LET.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\LET.EXE"
        61⤵
        
        PID:4028
        
        C:\Users\Admin\AppData\Local\Temp\LET.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\LET.EXE"
        60⤵
        
        PID:5732
        
        C:\Users\Admin\AppData\Local\Temp\LET.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\LET.EXE"
        59⤵
        
        PID:3008
        
        C:\Users\Admin\AppData\Local\Temp\LET.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\LET.EXE"
        58⤵
        
        PID:4008
        
        C:\Users\Admin\AppData\Local\Temp\LET.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\LET.EXE"
        57⤵
        
        PID:1232
        
        C:\Users\Admin\AppData\Local\Temp\LET.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\LET.EXE"
        56⤵
        
        PID:6216
        
        C:\Users\Admin\AppData\Local\Temp\LET.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\LET.EXE"
        55⤵
        
        PID:6068
        
        C:\Users\Admin\AppData\Local\Temp\LET.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\LET.EXE"
        54⤵
        
        PID:6480
        
        C:\Users\Admin\AppData\Local\Temp\LET.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\LET.EXE"
        53⤵
        
        PID:5624
        
        C:\Users\Admin\AppData\Local\Temp\LET.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\LET.EXE"
        52⤵
        
        PID:6404
        
        C:\Users\Admin\AppData\Local\Temp\LET.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\LET.EXE"
        51⤵
        
        PID:5220
        
        C:\Users\Admin\AppData\Local\Temp\LET.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\LET.EXE"
        50⤵
        
        PID:7084
        
        C:\Users\Admin\AppData\Local\Temp\LET.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\LET.EXE"
        49⤵
        
        PID:6828
        
        C:\Users\Admin\AppData\Local\Temp\LET.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\LET.EXE"
        48⤵
        
        PID:6516
        
        C:\Users\Admin\AppData\Local\Temp\LET.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\LET.EXE"
        47⤵
        
        PID:6332
        
        C:\Users\Admin\AppData\Local\Temp\LET.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\LET.EXE"
        46⤵
        
        PID:6148
        
        C:\Users\Admin\AppData\Local\Temp\LET.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\LET.EXE"
        45⤵
        
        PID:5568
        
        C:\Users\Admin\AppData\Local\Temp\LET.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\LET.EXE"
        44⤵
        
        PID:1308
        
        C:\Users\Admin\AppData\Local\Temp\LET.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\LET.EXE"
        43⤵
        
        PID:3512
        
        C:\Users\Admin\AppData\Local\Temp\LET.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\LET.EXE"
        42⤵
        
        PID:2804
        
        C:\Users\Admin\AppData\Local\Temp\LET.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\LET.EXE"
        41⤵
        
        PID:5516
        
        C:\Users\Admin\AppData\Local\Temp\LET.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\LET.EXE"
        40⤵
        
        PID:5768
        
        C:\Users\Admin\AppData\Local\Temp\LET.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\LET.EXE"
        39⤵
        
        PID:5584
        
        C:\Users\Admin\AppData\Local\Temp\LET.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\LET.EXE"
        38⤵
        
        PID:3920
        
        C:\Users\Admin\AppData\Local\Temp\LET.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\LET.EXE"
        37⤵
        
        PID:6136
        
        C:\Users\Admin\AppData\Local\Temp\LET.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\LET.EXE"
        36⤵
        
        PID:4688
        
        C:\Users\Admin\AppData\Local\Temp\LET.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\LET.EXE"
        35⤵
        
        PID:5816
        
        C:\Users\Admin\AppData\Local\Temp\LET.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\LET.EXE"
        34⤵
        
        PID:5332
        
        C:\Users\Admin\AppData\Local\Temp\LET.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\LET.EXE"
        33⤵
        
        PID:812
        
        C:\Users\Admin\AppData\Local\Temp\LET.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\LET.EXE"
        32⤵
        
        PID:5216
        
        C:\Users\Admin\AppData\Local\Temp\LET.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\LET.EXE"
        31⤵
        
        PID:6088
        
        C:\Windows\SysWOW64\cmd.exe
        
        "cmd.exe" /C chcp 65001 && netsh wlan show profile | findstr All
        32⤵
        System Network Configuration Discovery: Wi-Fi Discovery
        
        PID:5016
        
        C:\Windows\SysWOW64\chcp.com
        
        chcp 65001
        33⤵
        
        PID:1428
        
        C:\Windows\SysWOW64\netsh.exe
        
        netsh wlan show profile
        33⤵
        System Network Configuration Discovery: Wi-Fi Discovery
        
        PID:4884
        
        C:\Windows\SysWOW64\findstr.exe
        
        findstr All
        33⤵
        
        PID:5468
        
        C:\Windows\SysWOW64\cmd.exe
        
        "cmd.exe" /C chcp 65001 && netsh wlan show networks mode=bssid
        32⤵
        
        PID:7816
        
        C:\Windows\SysWOW64\chcp.com
        
        chcp 65001
        33⤵
        
        PID:8180
        
        C:\Users\Admin\AppData\Local\Temp\LET.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\LET.EXE"
        30⤵
        
        PID:5972
        
        C:\Users\Admin\AppData\Local\Temp\LET.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\LET.EXE"
        29⤵
        
        PID:5188
        
        C:\Windows\SysWOW64\cmd.exe
        
        "cmd.exe" /C chcp 65001 && netsh wlan show profile | findstr All
        30⤵
        System Network Configuration Discovery: Wi-Fi Discovery
        
        PID:5364
        
        C:\Windows\SysWOW64\chcp.com
        
        chcp 65001
        31⤵
        
        PID:7048
        
        C:\Windows\SysWOW64\netsh.exe
        
        netsh wlan show profile
        31⤵
        System Network Configuration Discovery: Wi-Fi Discovery
        
        PID:5604
        
        C:\Windows\SysWOW64\findstr.exe
        
        findstr All
        31⤵
        
        PID:6580
        
        C:\Windows\SysWOW64\cmd.exe
        
        "cmd.exe" /C chcp 65001 && netsh wlan show networks mode=bssid
        30⤵
        
        PID:7572
        
        C:\Windows\SysWOW64\chcp.com
        
        chcp 65001
        31⤵
        
        PID:7952
        
        C:\Users\Admin\AppData\Local\Temp\LET.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\LET.EXE"
        28⤵
        
        PID:5436
        
        C:\Users\Admin\AppData\Local\Temp\LET.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\LET.EXE"
        27⤵
        
        PID:5336
        
        C:\Users\Admin\AppData\Local\Temp\LET.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\LET.EXE"
        26⤵
        
        PID:1784
        
        C:\Users\Admin\AppData\Local\Temp\LET.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\LET.EXE"
        25⤵
        
        PID:864
        
        C:\Users\Admin\AppData\Local\Temp\LET.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\LET.EXE"
        24⤵
        
        PID:2020
        
        C:\Users\Admin\AppData\Local\Temp\LET.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\LET.EXE"
        23⤵
        
        PID:760
        
        C:\Users\Admin\AppData\Local\Temp\LET.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\LET.EXE"
        22⤵
        
        PID:1400
        
        C:\Users\Admin\AppData\Local\Temp\LET.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\LET.EXE"
        21⤵
        
        PID:2684
        
        C:\Users\Admin\AppData\Local\Temp\LET.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\LET.EXE"
        20⤵
        
        PID:2252
        
        C:\Users\Admin\AppData\Local\Temp\LET.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\LET.EXE"
        19⤵
        
        PID:2740
        
        C:\Users\Admin\AppData\Local\Temp\LET.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\LET.EXE"
        18⤵
        
        PID:1440
        
        C:\Users\Admin\AppData\Local\Temp\LET.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\LET.EXE"
        17⤵
        
        PID:2680
        
        C:\Users\Admin\AppData\Local\Temp\LET.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\LET.EXE"
        16⤵
        
        PID:1528
        
        C:\Users\Admin\AppData\Local\Temp\LET.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\LET.EXE"
        15⤵
        
        PID:4404
        
        C:\Users\Admin\AppData\Local\Temp\LET.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\LET.EXE"
        14⤵
        
        PID:4312
        
        C:\Users\Admin\AppData\Local\Temp\LET.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\LET.EXE"
        13⤵
        
        PID:560
        
        C:\Users\Admin\AppData\Local\Temp\LET.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\LET.EXE"
        12⤵
        
        PID:3028
        
        C:\Users\Admin\AppData\Local\Temp\LET.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\LET.EXE"
        11⤵
        
        PID:4872
        
        C:\Users\Admin\AppData\Local\Temp\LET.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\LET.EXE"
        10⤵
        
        PID:2228
        
        C:\Users\Admin\AppData\Local\Temp\LET.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\LET.EXE"
        9⤵
        
        PID:1120
        
        C:\Users\Admin\AppData\Local\Temp\LET.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\LET.EXE"
        8⤵
        
        PID:4868
        
        C:\Users\Admin\AppData\Local\Temp\LET.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\LET.EXE"
        7⤵
        
        PID:232
      - C:\Users\Admin\AppData\Local\Temp\LET.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\LET.EXE"
        6⤵
        
        PID:1792
        
        C:\Windows\SysWOW64\cmd.exe
        
        "cmd.exe" /C chcp 65001 && netsh wlan show profile | findstr All
        7⤵
        System Network Configuration Discovery: Wi-Fi Discovery
        
        PID:5784
        
        C:\Windows\SysWOW64\chcp.com
        
        chcp 65001
        8⤵
        
        PID:5424
        
        C:\Windows\SysWOW64\netsh.exe
        
        netsh wlan show profile
        8⤵
        System Network Configuration Discovery: Wi-Fi Discovery
        
        PID:5292
        
        C:\Windows\SysWOW64\findstr.exe
        
        findstr All
        8⤵
        
        PID:1020
        
        C:\Windows\SysWOW64\cmd.exe
        
        "cmd.exe" /C chcp 65001 && netsh wlan show networks mode=bssid
        7⤵
        
        PID:3992
        
        C:\Windows\SysWOW64\chcp.com
        
        chcp 65001
        8⤵
        
        PID:5224
        
        C:\Windows\SysWOW64\netsh.exe
        
        netsh wlan show networks mode=bssid
        8⤵
        
        PID:5328
    - - C:\Users\Admin\AppData\Local\Temp\LET.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\LET.EXE"
        5⤵
        
        PID:3768
      - C:\Windows\SysWOW64\cmd.exe
        
        "cmd.exe" /C chcp 65001 && netsh wlan show profile | findstr All
        6⤵
        System Network Configuration Discovery: Wi-Fi Discovery
        
        PID:4772
        
        C:\Windows\SysWOW64\chcp.com
        
        chcp 65001
        7⤵
        
        PID:5296
        
        C:\Windows\SysWOW64\netsh.exe
        
        netsh wlan show profile
        7⤵
        System Network Configuration Discovery: Wi-Fi Discovery
        
        PID:2012
        
        C:\Windows\SysWOW64\findstr.exe
        
        findstr All
        7⤵
        
        PID:6104
      - C:\Windows\SysWOW64\cmd.exe
        
        "cmd.exe" /C chcp 65001 && netsh wlan show networks mode=bssid
        6⤵
        
        PID:5860
        
        C:\Windows\SysWOW64\chcp.com
        
        chcp 65001
        7⤵
        
        PID:5716
        
        C:\Windows\SysWOW64\netsh.exe
        
        netsh wlan show networks mode=bssid
        7⤵
        
        PID:6616
  - - C:\Users\Admin\AppData\Local\Temp\LET.EXE
      "C:\Users\Admin\AppData\Local\Temp\LET.EXE"
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      PID:1884
- - C:\Users\Admin\AppData\Local\Temp\LET.EXE
    "C:\Users\Admin\AppData\Local\Temp\LET.EXE"
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    PID:3784
- C:\Users\Admin\AppData\Local\Temp\LET.EXE
  "C:\Users\Admin\AppData\Local\Temp\LET.EXE"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:2912

Network

DNS

149.220.183.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

149.220.183.52.in-addr.arpa

IN PTR

Response
DNS

172.210.232.199.in-addr.arpa

Remote address:

8.8.8.8:53

Request

172.210.232.199.in-addr.arpa

IN PTR

Response
DNS

140.32.126.40.in-addr.arpa

Remote address:

8.8.8.8:53

Request

140.32.126.40.in-addr.arpa

IN PTR

Response
DNS

28.118.140.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

28.118.140.52.in-addr.arpa

IN PTR

Response
DNS

50.23.12.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

50.23.12.20.in-addr.arpa

IN PTR

Response

No results found

8.8.8.8:53

149.220.183.52.in-addr.arpa

dns

73 B
147 B
1
1

DNS Request

149.220.183.52.in-addr.arpa
8.8.8.8:53

172.210.232.199.in-addr.arpa

dns

74 B
128 B
1
1

DNS Request

172.210.232.199.in-addr.arpa
8.8.8.8:53

140.32.126.40.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

140.32.126.40.in-addr.arpa
8.8.8.8:53

28.118.140.52.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

28.118.140.52.in-addr.arpa
8.8.8.8:53

50.23.12.20.in-addr.arpa

dns

70 B
156 B
1
1

DNS Request

50.23.12.20.in-addr.arpa

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

System Network Configuration Discovery

T1016

Wi-Fi Discovery

T1016.002

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\27efc20595349ac9e576f92208d7e02c\Admin@OQSYMNMI_en-US\System\Process.txt

Filesize
133B

MD5
86916d34725809b48940497ca76904ea

SHA1
2be592dd9305fc0e9bb70e34e62e8d1878a003c7

SHA256
308432bd159660a3dd0b0c7329c1a97e694dfd12d34e1bbba1466808992c03ef

SHA512
5a8c681135c08a367684f355b61625332d8ca362bd30c6594f9c3927059e03211a2d59b62a34c027a391f316a767bb0ba627f9eb22bbc805ba7e040caee1db73

Download Submit
C:\Users\Admin\AppData\Local\55e9c959a2fa8ab9434b2c4bc2d6856c\Admin@OQSYMNMI_en-US\Browsers\Firefox\Bookmarks.txt

Filesize
210B

MD5
1267f4be35fbe5510886cf08ddee9fdd

SHA1
04e714a1c8a9d76e860c7cbbe7ebf62c71dea6b9

SHA256
ab038447adbfd1faf46f0d3bf6dc387621dc8435ab552696ec8d9bbe7a6a9ab3

SHA512
6f1bc0ad9eb850f37cddc2422e738f0cbbfe8a7a7e064c0c989cafbf0f7d5ae5bdfced4b3f93952688de3bfa338ff5a8c7258aff8397cdaccb36b23b5d16686b

Download Submit
C:\Users\Admin\AppData\Local\55e9c959a2fa8ab9434b2c4bc2d6856c\Admin@OQSYMNMI_en-US\Browsers\Firefox\Bookmarks.txt

Filesize
315B

MD5
71227f862899452aa270d580a8b090c8

SHA1
13a6dc9506be2066777ec34acbe5ab62684c4929

SHA256
22e5316f3216208507c8ae67cbb2a90cfcf4389dae87f8f71c3388593eca57c1

SHA512
126c549e82d679bb9d3e229b09c3dded86b72aa5a98cb956a0d2a740ca43a4da14049134c3836c49ef50e76bb0a69fe158bb776a4c86a7e7b04893ced8ba5b5a

Download Submit
C:\Users\Admin\AppData\Local\55e9c959a2fa8ab9434b2c4bc2d6856c\Admin@OQSYMNMI_en-US\Browsers\Firefox\Bookmarks.txt

Filesize
525B

MD5
74d90dd5a73f1679bd73fdce50983c50

SHA1
6f374995ce4842a9f07fc1a935833003066820bb

SHA256
da34d9a479cfcc31980c9be0a13eb90defa37ec3438f114f03f12649a415cfb9

SHA512
ad173b782022b72727c9a1d66aa7509ac316450d18561b018ddf563fe921636ea32d9615019ee0fb3be7a8b781154c5e09f6916547bbb7ab4484d3fea509b95f

Download Submit
C:\Users\Admin\AppData\Local\55e9c959a2fa8ab9434b2c4bc2d6856c\Admin@OQSYMNMI_en-US\Directories\Temp.txt

Filesize
4KB

MD5
06f61df217f0e774b1c7206110e50ca3

SHA1
e31b713c82caf8e5f9a723c50a75cea017f76f32

SHA256
0162b6e1e48a4216d1a0d2fde373a929b05582242ea159467efb735a39234025

SHA512
1878953ce8e671d91c21d35d19c81ab81ec384ea18343f442e1fd1eff193975d5c5d576f991b2db43a348e326f5dda5c1caa678abde74fce095f93a93c9c05cb

Download Submit
C:\Users\Admin\AppData\Local\55e9c959a2fa8ab9434b2c4bc2d6856c\Admin@OQSYMNMI_en-US\Directories\Temp.txt

Filesize
3KB

MD5
642011a8dd296e8ffa243e7bea3af241

SHA1
df38a6ffdbe35988f837a0d0ec1e0df54be76d81

SHA256
25ff50d64b6f74016b023d6b3e13446ddb56e8e846e216a48ba69757780f7b96

SHA512
d0f3eb064239615f1c477799587e75669e1fcabe94e6f13335c7c3e554117a5de17caf264bb513571bf226214dc3774ec7a9fa26f7be815e82832351c0523b61

Download Submit
C:\Users\Admin\AppData\Local\67e5a350f59000b99848cec0697168c6\Admin@OQSYMNMI_en-US\Browsers\Firefox\Bookmarks.txt

Filesize
105B

MD5
2e9d094dda5cdc3ce6519f75943a4ff4

SHA1
5d989b4ac8b699781681fe75ed9ef98191a5096c

SHA256
c84c98bbf5e0ef9c8d0708b5d60c5bb656b7d6be5135d7f7a8d25557e08cf142

SHA512
d1f7eed00959e902bdb2125b91721460d3ff99f3bdfc1f2a343d4f58e8d4e5e5a06c0c6cdc0379211c94510f7c00d7a8b34fa7d0ca0c3d54cbbe878f1e9812b7

Download Submit
C:\Users\Admin\AppData\Local\82e5461c130b1afd59be4b6063c7c5ef\Admin@OQSYMNMI_en-US\Directories\Desktop.txt

Filesize
414B

MD5
ae131c70249dd6bd099dca8bae5d5ae7

SHA1
1df8505204b7f0dcc73e60b8c7a53099cda673db

SHA256
1efe44845a3d4f3edebafffd99bb1128c2edeabd0f38726e2d9c76f317d0af89

SHA512
824cfc2dac128c025ce16b6ac7dbcb8731dfc7142d2dabec5f480bf9abe7f40f8fb0090a5c808388311845c6db2043412f93ae3e174b131f24dee1a93bbd71b0

Download Submit
C:\Users\Admin\AppData\Local\82e5461c130b1afd59be4b6063c7c5ef\Admin@OQSYMNMI_en-US\Directories\Documents.txt

Filesize
549B

MD5
bf3fdfa935d90377bab1f326099795a8

SHA1
324b6897dfcabe5992ae38e873172a8340501a8e

SHA256
7e02e6d9e9977c9c8de4f6f6d5d57c075615029ceb1940a5e02e3df922f9d6e9

SHA512
ad59d34c09aa529eac6ea9890df0222d6b486c039e6d361511eb645feffb54a5c83e7b059f2bcf4d2397ab12c4def522762e48ff270041b3b76bce557e0f85c9

Download Submit
C:\Users\Admin\AppData\Local\82e5461c130b1afd59be4b6063c7c5ef\Admin@OQSYMNMI_en-US\Directories\Downloads.txt

Filesize
671B

MD5
be200fe7f39387bfa880d86b883b2c53

SHA1
31c24361f142cdfa17260623f3b0ef4442b4b67a

SHA256
1b55a56ab3e6e11419c1427af67d2c9a401469108d8f2298f3d66329ed3e3e6e

SHA512
27800004c0e3a0f11dbea226c4449ed5e4014cd97476449699fa21933683e1c3610afa031fcd3c9ae02873d9ccd46f8a5de6d003616605734b41b97ceec907a4

Download Submit
C:\Users\Admin\AppData\Local\82e5461c130b1afd59be4b6063c7c5ef\Admin@OQSYMNMI_en-US\Directories\OneDrive.txt

Filesize
25B

MD5
966247eb3ee749e21597d73c4176bd52

SHA1
1e9e63c2872cef8f015d4b888eb9f81b00a35c79

SHA256
8ddfc481b1b6ae30815ecce8a73755862f24b3bb7fdebdbf099e037d53eb082e

SHA512
bd30aec68c070e86e3dec787ed26dd3d6b7d33d83e43cb2d50f9e2cff779fee4c96afbbe170443bd62874073a844beb29a69b10c72c54d7d444a8d86cfd7b5aa

Download Submit
C:\Users\Admin\AppData\Local\82e5461c130b1afd59be4b6063c7c5ef\Admin@OQSYMNMI_en-US\Directories\Pictures.txt

Filesize
479B

MD5
0db8aced970a93d07b963a4f613aff3c

SHA1
73d5bd7ee4d37db1013fd2721f7253a738e3ea98

SHA256
e2ecee71d91a3eba9af2eaf31a095a3ce2d7976b83f2d5180c06ae5b6a3b5cac

SHA512
2cc46edd3500a3ec9884559b4d32ab3bde830c3682a5174b095f5dd67877efbd085a8e0e6ce512b74e4107f5a1510217bd40781b05cae9bb0d4d02164e7fa2d9

Download Submit
C:\Users\Admin\AppData\Local\82e5461c130b1afd59be4b6063c7c5ef\Admin@OQSYMNMI_en-US\Directories\Startup.txt

Filesize
24B

MD5
68c93da4981d591704cea7b71cebfb97

SHA1
fd0f8d97463cd33892cc828b4ad04e03fc014fa6

SHA256
889ed51f9c16a4b989bda57957d3e132b1a9c117ee84e208207f2fa208a59483

SHA512
63455c726b55f2d4de87147a75ff04f2daa35278183969ccf185d23707840dd84363bec20d4e8c56252196ce555001ca0e61b3f4887d27577081fdef9e946402

Download Submit
C:\Users\Admin\AppData\Local\82e5461c130b1afd59be4b6063c7c5ef\Admin@OQSYMNMI_en-US\Directories\Videos.txt

Filesize
23B

MD5
1fddbf1169b6c75898b86e7e24bc7c1f

SHA1
d2091060cb5191ff70eb99c0088c182e80c20f8c

SHA256
a67aa329b7d878de61671e18cd2f4b011d11cbac67ea779818c6dafad2d70733

SHA512
20bfeafde7fec1753fef59de467bd4a3dd7fe627e8c44e95fe62b065a5768c4508e886ec5d898e911a28cf6365f455c9ab1ebe2386d17a76f53037f99061fd4d

Download Submit
C:\Users\Admin\AppData\Local\82e5461c130b1afd59be4b6063c7c5ef\Admin@OQSYMNMI_en-US\System\Process.txt

Filesize
69B

MD5
10dea86f9fbfa18073cb91d7df93a4e9

SHA1
7f48610b3d0cf8b79898ed87664a298be6fd311d

SHA256
da0231d7679f98df880894866d003c144359b7c5969888b2b249ac9a80cf7452

SHA512
31a61a8d2dabf85fa3050ebfc23dacb3f952d175d8f3d2ab18fc8ffe68c6e50af2a62bca2d6b3418da24f7a6f9f07ba0620a57ee747e9bf5b2f7f68382e8d39a

Download Submit
C:\Users\Admin\AppData\Local\82e5461c130b1afd59be4b6063c7c5ef\Admin@OQSYMNMI_en-US\System\Process.txt

Filesize
197B

MD5
ef8e06c9fdf7e0e19e4f6dcf8ea8ebc6

SHA1
0f79787a7e06dff6919eb98295cc6ad39759a5f1

SHA256
4a1ca60ee5d48a8aea467ca511bccc711a5486a52a707175e31008edae9d37fc

SHA512
55de247d87dda0ceefc478a3c86d40893cbbcfc0d2ea574e19fffbf2a4451272295fbf4576b0d0ee84d2eec098ab98ae2d837e457ac0194a7774a1a96a12257c

Download Submit
C:\Users\Admin\AppData\Local\Temp\LET.EXE

Filesize
175KB

MD5
c7235b3be7873e0743aba6235cd3d677

SHA1
2481321813caff4ded19135c86301f899fb19f66

SHA256
4902c56dfa5b513df7c00f8fe5df90dcc46a03f194dca424ebbf6f03e7904486

SHA512
7310beb111ca489fd6348d40cea921d8854d99858cb2b9dc7d8211009a8c958374832f585f2cb25962e7ed3a453ca11102b7fb47be0eff8d2a7bc2b564928860

Download Submit
C:\Users\Admin\AppData\Local\cb15474576638d2867e51e5d89994f99\Admin@OQSYMNMI_en-US\Directories\Temp.txt

Filesize
3KB

MD5
8676585a04207f5fb358f9f7f6492e4d

SHA1
860f3cff0fc0e05d289d018d209cf6718e4a3614

SHA256
299a65b974651e1ac5c4766984669f291f3e9dc3ec40994c37cbb0d14cc0030f

SHA512
76ea42ccd394f0fc07c09f240a0e34d078195e2a9b32c30a6bae050bd81340b825ec30d20865d2bd51ccf05d4a12a62be5c0a0b8aa38ef213ebd414c14282f02

Download Submit
memory/232-39-0x0000000005690000-0x0000000005722000-memory.dmp

Filesize
584KB

Download
memory/1792-492-0x00000000057B0000-0x00000000057BA000-memory.dmp

Filesize
40KB

Download
memory/1884-38-0x0000000006440000-0x00000000069E6000-memory.dmp

Filesize
5.6MB

Download
memory/2912-15-0x0000000000260000-0x0000000000292000-memory.dmp

Filesize
200KB

Download
memory/2912-99-0x000000007422E000-0x000000007422F000-memory.dmp

Filesize
4KB

Download
memory/2912-14-0x000000007422E000-0x000000007422F000-memory.dmp

Filesize
4KB

Download
memory/3784-17-0x00000000050E0000-0x0000000005146000-memory.dmp

Filesize
408KB

Download

Analysis

Sharing

General

Malware Config

Extracted

Signatures

Processes

Network

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

We care about your privacy.