bazarloader | e390ab08f852845fccc07d234a96f51fcb23a95a4fa872a22b48afa0cbb0941e

Resubmissions

27/09/2020, 00:33

200927-n2q2v3n43s 6

10/09/2020, 08:49

200910-c8x1yrxskj 10

Analysis

max time kernel
70s
max time network
113s
platform
windows7_x64
resource
win7
submitted
10/09/2020, 08:49

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

e390ab08f852845fccc07d234a96f51fcb23a95a4fa872a22b48afa0cbb0941e.exe
Size

379KB
MD5

9f00d78f2e8e4523773a264f85be1c02
SHA1

3c542144a7a03134060bd666206a106bcea95e5a
SHA256

e390ab08f852845fccc07d234a96f51fcb23a95a4fa872a22b48afa0cbb0941e
SHA512

5760967703d0702d4c855b75c895a2432c809ca8f945f2a80914f21b3c8129c4bbf155bac4bb5fa6b03e868b3d33cfbe1b3321a7b438741cd62d1c3323d38928

Score

10^/10

persistence loader dropper bazarloader backdoor bazarbackdoor

Malware Config

Signatures

Bazar Loader 14 IoCs

Detected loader normally used to deploy BazarBackdoor malware.

loader dropper bazarloader

description	flow	ioc	Process
HTTP URL	7	https://82.146.37.128/api/v154	Process not Found
HTTP User-Agent header	8	Win	Process not Found
HTTP URL	9	https://82.146.37.128/api/v154	Process not Found
HTTP User-Agent header	11	Win	Process not Found
HTTP User-Agent header	4	Win	Process not Found
HTTP URL	4	https://82.146.37.128/api/v153	Process not Found
HTTP URL	8	https://82.146.37.128/api/v154	Process not Found
HTTP URL	11	https://82.146.37.128/api/v156	Process not Found
HTTP User-Agent header	14	Win	Process not Found
Key created		\REGISTRY\USER\S-1-5-21-1131729243-447456001-3632642222-1000\Software\Microsoft\Windows\CurrentVersion\Run	e390ab08f852845fccc07d234a96f51fcb23a95a4fa872a22b48afa0cbb0941e.exe
HTTP User-Agent header	9	Win	Process not Found
HTTP User-Agent header	12	Win	Process not Found
HTTP User-Agent header	15	Win	Process not Found
HTTP User-Agent header	7	Win	Process not Found

BazarBackdoor
Stealthy backdoor targeting corporate networks, believed to be developed by Trickbot's authors.
backdoor bazarbackdoor

Executes dropped EXE 1 IoCs

pid	Process
1964	shpgmfthgd.exe

Loads dropped DLL 1 IoCs

pid	Process
1500	e390ab08f852845fccc07d234a96f51fcb23a95a4fa872a22b48afa0cbb0941e.exe

Adds Run key to start application 2 TTPs 2 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1131729243-447456001-3632642222-1000\Software\Microsoft\Windows\CurrentVersion\Run	e390ab08f852845fccc07d234a96f51fcb23a95a4fa872a22b48afa0cbb0941e.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1131729243-447456001-3632642222-1000\Software\Microsoft\Windows\CurrentVersion\Run\Skype Remote Control = "C:\\Users\\Admin\\AppData\\Local\\Temp\\e390ab08f852845fccc07d234a96f51fcb23a95a4fa872a22b48afa0cbb0941e.exe"	e390ab08f852845fccc07d234a96f51fcb23a95a4fa872a22b48afa0cbb0941e.exe

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 1964 set thread context of 1148	1964	shpgmfthgd.exe	32

Delays execution with timeout.exe 1 IoCs

evasion

pid	Process
2004	timeout.exe

Suspicious use of WriteProcessMemory 831 IoCs

description	pid	Process	procid_target
PID 1500 wrote to memory of 1732	1500	e390ab08f852845fccc07d234a96f51fcb23a95a4fa872a22b48afa0cbb0941e.exe	28
PID 1500 wrote to memory of 1732	1500	e390ab08f852845fccc07d234a96f51fcb23a95a4fa872a22b48afa0cbb0941e.exe	28
PID 1500 wrote to memory of 1732	1500	e390ab08f852845fccc07d234a96f51fcb23a95a4fa872a22b48afa0cbb0941e.exe	28
PID 1732 wrote to memory of 2004	1732	cmd.exe	30
PID 1732 wrote to memory of 2004	1732	cmd.exe	30
PID 1732 wrote to memory of 2004	1732	cmd.exe	30
PID 1500 wrote to memory of 1964	1500	e390ab08f852845fccc07d234a96f51fcb23a95a4fa872a22b48afa0cbb0941e.exe	31
PID 1500 wrote to memory of 1964	1500	e390ab08f852845fccc07d234a96f51fcb23a95a4fa872a22b48afa0cbb0941e.exe	31
PID 1500 wrote to memory of 1964	1500	e390ab08f852845fccc07d234a96f51fcb23a95a4fa872a22b48afa0cbb0941e.exe	31
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32
PID 1964 wrote to memory of 1148	1964	shpgmfthgd.exe	32

C:\Users\Admin\AppData\Local\Temp\e390ab08f852845fccc07d234a96f51fcb23a95a4fa872a22b48afa0cbb0941e.exe
"C:\Users\Admin\AppData\Local\Temp\e390ab08f852845fccc07d234a96f51fcb23a95a4fa872a22b48afa0cbb0941e.exe"
1⤵
- Bazar Loader
- Loads dropped DLL
- Adds Run key to start application
- Suspicious use of WriteProcessMemory
PID:1500
- C:\Windows\system32\cmd.exe
  cmd /c TIMEOUT /T 50 /NOBREAK && move "C:\Users\Admin\AppData\Local\Temp\lkuttqbctx" "C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Windows Control Panel.lnk"
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:1732
- - C:\Windows\system32\timeout.exe
    TIMEOUT /T 50 /NOBREAK
    3⤵
    - Delays execution with timeout.exe
    PID:2004
- C:\Users\Admin\AppData\Local\Temp\shpgmfthgd.exe
  C:\Users\Admin\AppData\Local\Temp\shpgmfthgd.exe /NO_AUTOSTART 82.146.37.128
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetThreadContext
  - Suspicious use of WriteProcessMemory
  PID:1964
- - C:\Windows\explorer.exe
    explorer.exe
    3⤵
    PID:1148

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/936-13-0x000007FEF65F0000-0x000007FEF686A000-memory.dmp

Filesize
2.5MB

Download
memory/1148-9-0x00000000FF1A0000-0x00000000FF25D000-memory.dmp

Filesize
756KB

Download
memory/1148-11-0x00000000FF1A0000-0x00000000FF25D000-memory.dmp

Filesize
756KB

Download
memory/1500-0-0x0000000001D80000-0x0000000001DB3000-memory.dmp

Filesize
204KB

Download
memory/1500-1-0x0000000001DC0000-0x0000000001DF2000-memory.dmp

Filesize
200KB

Download