05b6a2cb3afc7728ff4b8e6f07b0d795bb4ba6a46a8ffd284956af09d97e1669

General

Target

PRODUCTS.exe
Size

1.6MB
MD5

c602a8370b58252d95cd8a6f6aa8c4fe
SHA1

89fade2a77769925085d8e3053b2cb367c7d6e65
SHA256

6fc9cd411abc81271ab3c8d4ff15a707a9aa9c537bb26199f3a4c65c0abfc066
SHA512

7ee8ef6cf954caa43e5c0961c21e9c222df8d6f83aeeeb18f7471e5a7ec03e9a167351eddeb6b09e8cc415d99d9992cad739e85fa9e4d495cee55819da32add1

Score

1^/10

Malware Config

Signatures

Suspicious behavior: MapViewOfSection 64 IoCs

Processes:

PRODUCTS.exe

pid	process
1656	PRODUCTS.exe
1656	PRODUCTS.exe
1656	PRODUCTS.exe
1656	PRODUCTS.exe
1656	PRODUCTS.exe
1656	PRODUCTS.exe
1656	PRODUCTS.exe
1656	PRODUCTS.exe
1656	PRODUCTS.exe
1656	PRODUCTS.exe
1656	PRODUCTS.exe
1656	PRODUCTS.exe
1656	PRODUCTS.exe
1656	PRODUCTS.exe
1656	PRODUCTS.exe
1656	PRODUCTS.exe
1656	PRODUCTS.exe
1656	PRODUCTS.exe
1656	PRODUCTS.exe
1656	PRODUCTS.exe
1656	PRODUCTS.exe
1656	PRODUCTS.exe
1656	PRODUCTS.exe
1656	PRODUCTS.exe
1656	PRODUCTS.exe
1656	PRODUCTS.exe
1656	PRODUCTS.exe
1656	PRODUCTS.exe
1656	PRODUCTS.exe
1656	PRODUCTS.exe
1656	PRODUCTS.exe
1656	PRODUCTS.exe
1656	PRODUCTS.exe
1656	PRODUCTS.exe
1656	PRODUCTS.exe
1656	PRODUCTS.exe
1656	PRODUCTS.exe
1656	PRODUCTS.exe
1656	PRODUCTS.exe
1656	PRODUCTS.exe
1656	PRODUCTS.exe
1656	PRODUCTS.exe
1656	PRODUCTS.exe
1656	PRODUCTS.exe
1656	PRODUCTS.exe
1656	PRODUCTS.exe
1656	PRODUCTS.exe
1656	PRODUCTS.exe
1656	PRODUCTS.exe
1656	PRODUCTS.exe
1656	PRODUCTS.exe
1656	PRODUCTS.exe
1656	PRODUCTS.exe
1656	PRODUCTS.exe
1656	PRODUCTS.exe
1656	PRODUCTS.exe
1656	PRODUCTS.exe
1656	PRODUCTS.exe
1656	PRODUCTS.exe
1656	PRODUCTS.exe
1656	PRODUCTS.exe
1656	PRODUCTS.exe
1656	PRODUCTS.exe
1656	PRODUCTS.exe

Suspicious use of FindShellTrayWindow 3 IoCs

Processes:

PRODUCTS.exe

pid process

1656 PRODUCTS.exe
1656 PRODUCTS.exe
1656 PRODUCTS.exe
Suspicious use of SendNotifyMessage 3 IoCs

Processes:

PRODUCTS.exe

pid process

1656 PRODUCTS.exe
1656 PRODUCTS.exe
1656 PRODUCTS.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

PRODUCTS.exe

description	pid	process	target process
PID 1656 wrote to memory of 1324	1656	PRODUCTS.exe	PRODUCTS.exe
PID 1656 wrote to memory of 1324	1656	PRODUCTS.exe	PRODUCTS.exe
PID 1656 wrote to memory of 1324	1656	PRODUCTS.exe	PRODUCTS.exe
PID 1656 wrote to memory of 1324	1656	PRODUCTS.exe	PRODUCTS.exe
PID 1656 wrote to memory of 1312	1656	PRODUCTS.exe	PRODUCTS.exe
PID 1656 wrote to memory of 1312	1656	PRODUCTS.exe	PRODUCTS.exe
PID 1656 wrote to memory of 1312	1656	PRODUCTS.exe	PRODUCTS.exe
PID 1656 wrote to memory of 1312	1656	PRODUCTS.exe	PRODUCTS.exe
PID 1656 wrote to memory of 1788	1656	PRODUCTS.exe	PRODUCTS.exe
PID 1656 wrote to memory of 1788	1656	PRODUCTS.exe	PRODUCTS.exe
PID 1656 wrote to memory of 1788	1656	PRODUCTS.exe	PRODUCTS.exe
PID 1656 wrote to memory of 1788	1656	PRODUCTS.exe	PRODUCTS.exe
PID 1656 wrote to memory of 1812	1656	PRODUCTS.exe	PRODUCTS.exe
PID 1656 wrote to memory of 1812	1656	PRODUCTS.exe	PRODUCTS.exe
PID 1656 wrote to memory of 1812	1656	PRODUCTS.exe	PRODUCTS.exe
PID 1656 wrote to memory of 1812	1656	PRODUCTS.exe	PRODUCTS.exe
PID 1656 wrote to memory of 2044	1656	PRODUCTS.exe	PRODUCTS.exe
PID 1656 wrote to memory of 2044	1656	PRODUCTS.exe	PRODUCTS.exe
PID 1656 wrote to memory of 2044	1656	PRODUCTS.exe	PRODUCTS.exe
PID 1656 wrote to memory of 2044	1656	PRODUCTS.exe	PRODUCTS.exe
PID 1656 wrote to memory of 1132	1656	PRODUCTS.exe	PRODUCTS.exe
PID 1656 wrote to memory of 1132	1656	PRODUCTS.exe	PRODUCTS.exe
PID 1656 wrote to memory of 1132	1656	PRODUCTS.exe	PRODUCTS.exe
PID 1656 wrote to memory of 1132	1656	PRODUCTS.exe	PRODUCTS.exe
PID 1656 wrote to memory of 1264	1656	PRODUCTS.exe	PRODUCTS.exe
PID 1656 wrote to memory of 1264	1656	PRODUCTS.exe	PRODUCTS.exe
PID 1656 wrote to memory of 1264	1656	PRODUCTS.exe	PRODUCTS.exe
PID 1656 wrote to memory of 1264	1656	PRODUCTS.exe	PRODUCTS.exe
PID 1656 wrote to memory of 2000	1656	PRODUCTS.exe	PRODUCTS.exe
PID 1656 wrote to memory of 2000	1656	PRODUCTS.exe	PRODUCTS.exe
PID 1656 wrote to memory of 2000	1656	PRODUCTS.exe	PRODUCTS.exe
PID 1656 wrote to memory of 2000	1656	PRODUCTS.exe	PRODUCTS.exe
PID 1656 wrote to memory of 1828	1656	PRODUCTS.exe	PRODUCTS.exe
PID 1656 wrote to memory of 1828	1656	PRODUCTS.exe	PRODUCTS.exe
PID 1656 wrote to memory of 1828	1656	PRODUCTS.exe	PRODUCTS.exe
PID 1656 wrote to memory of 1828	1656	PRODUCTS.exe	PRODUCTS.exe
PID 1656 wrote to memory of 2028	1656	PRODUCTS.exe	PRODUCTS.exe
PID 1656 wrote to memory of 2028	1656	PRODUCTS.exe	PRODUCTS.exe
PID 1656 wrote to memory of 2028	1656	PRODUCTS.exe	PRODUCTS.exe
PID 1656 wrote to memory of 2028	1656	PRODUCTS.exe	PRODUCTS.exe
PID 1656 wrote to memory of 2012	1656	PRODUCTS.exe	PRODUCTS.exe
PID 1656 wrote to memory of 2012	1656	PRODUCTS.exe	PRODUCTS.exe
PID 1656 wrote to memory of 2012	1656	PRODUCTS.exe	PRODUCTS.exe
PID 1656 wrote to memory of 2012	1656	PRODUCTS.exe	PRODUCTS.exe
PID 1656 wrote to memory of 856	1656	PRODUCTS.exe	PRODUCTS.exe
PID 1656 wrote to memory of 856	1656	PRODUCTS.exe	PRODUCTS.exe
PID 1656 wrote to memory of 856	1656	PRODUCTS.exe	PRODUCTS.exe
PID 1656 wrote to memory of 856	1656	PRODUCTS.exe	PRODUCTS.exe
PID 1656 wrote to memory of 988	1656	PRODUCTS.exe	PRODUCTS.exe
PID 1656 wrote to memory of 988	1656	PRODUCTS.exe	PRODUCTS.exe
PID 1656 wrote to memory of 988	1656	PRODUCTS.exe	PRODUCTS.exe
PID 1656 wrote to memory of 988	1656	PRODUCTS.exe	PRODUCTS.exe
PID 1656 wrote to memory of 632	1656	PRODUCTS.exe	PRODUCTS.exe
PID 1656 wrote to memory of 632	1656	PRODUCTS.exe	PRODUCTS.exe
PID 1656 wrote to memory of 632	1656	PRODUCTS.exe	PRODUCTS.exe
PID 1656 wrote to memory of 632	1656	PRODUCTS.exe	PRODUCTS.exe
PID 1656 wrote to memory of 1980	1656	PRODUCTS.exe	PRODUCTS.exe
PID 1656 wrote to memory of 1980	1656	PRODUCTS.exe	PRODUCTS.exe
PID 1656 wrote to memory of 1980	1656	PRODUCTS.exe	PRODUCTS.exe
PID 1656 wrote to memory of 1980	1656	PRODUCTS.exe	PRODUCTS.exe
PID 1656 wrote to memory of 688	1656	PRODUCTS.exe	PRODUCTS.exe
PID 1656 wrote to memory of 688	1656	PRODUCTS.exe	PRODUCTS.exe
PID 1656 wrote to memory of 688	1656	PRODUCTS.exe	PRODUCTS.exe
PID 1656 wrote to memory of 688	1656	PRODUCTS.exe	PRODUCTS.exe

C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe
"C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe"
1⤵
- Suspicious behavior: MapViewOfSection
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1656

C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe
"C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe"
2⤵
PID:1324

C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe
"C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe"
2⤵
PID:1312

C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe
"C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe"
2⤵
PID:1788

C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe
"C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe"
2⤵
PID:1132

C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe
"C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe"
2⤵
PID:2044

C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe
"C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe"
2⤵
PID:1812

C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe
"C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe"
2⤵
PID:1264

C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe
"C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe"
2⤵
PID:2000

C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe
"C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe"
2⤵
PID:1828

C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe
"C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe"
2⤵
PID:2028

C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe
"C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe"
2⤵
PID:2012

C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe
"C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe"
2⤵
PID:988

C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe
"C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe"
2⤵
PID:856

C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe
"C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe"
2⤵
PID:1980

C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe
"C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe"
2⤵
PID:632

C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe
"C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe"
2⤵
PID:1912

C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe
"C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe"
2⤵
PID:1872

C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe
"C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe"
2⤵
PID:688

C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe
"C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe"
2⤵
PID:1168

C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe
"C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe"
2⤵
PID:780

C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe
"C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe"
2⤵
PID:792

C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe
"C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe"
2⤵
PID:584

C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe
"C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe"
2⤵
PID:332

C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe
"C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe"
2⤵
PID:592

C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe
"C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe"
2⤵
PID:1544

C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe
"C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe"
2⤵
PID:1340

C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe
"C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe"
2⤵
PID:1632

C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe
"C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe"
2⤵
PID:2040

C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe
"C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe"
2⤵
PID:860

C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe
"C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe"
2⤵
PID:1696

C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe
"C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe"
2⤵
PID:1012

C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe
"C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe"
2⤵
PID:1392

C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe
"C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe"
2⤵
PID:1692

C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe
"C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe"
2⤵
PID:1624

C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe
"C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe"
2⤵
PID:240

C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe
"C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe"
2⤵
PID:980

C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe
"C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe"
2⤵
PID:816

C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe
"C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe"
2⤵
PID:616

C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe
"C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe"
2⤵
PID:1068

C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe
"C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe"
2⤵
PID:1352

C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe
"C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe"
2⤵
PID:1992

C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe
"C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe"
2⤵
PID:436

C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe
"C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe"
2⤵
PID:1480

C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe
"C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe"
2⤵
PID:1964

C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe
"C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe"
2⤵
PID:1348

C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe
"C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe"
2⤵
PID:1796

C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe
"C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe"
2⤵
PID:1600

C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe
"C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe"
2⤵
PID:1292

C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe
"C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe"
2⤵
PID:840

C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe
"C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe"
2⤵
PID:1932

C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe
"C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe"
2⤵
PID:1104

C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe
"C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe"
2⤵
PID:1536

C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe
"C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe"
2⤵
PID:1048

C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe
"C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe"
2⤵
PID:1676

C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe
"C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe"
2⤵
PID:1040

C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe
"C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe"
2⤵
PID:596

C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe
"C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe"
2⤵
PID:820

C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe
"C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe"
2⤵
PID:1604

C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe
"C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe"
2⤵
PID:1528

C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe
"C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe"
2⤵
PID:1776

C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe
"C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe"
2⤵
PID:1196

C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe
"C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe"
2⤵
PID:304

C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe
"C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe"
2⤵
PID:1288

C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe
"C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe"
2⤵
PID:572

C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe
"C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe"
2⤵
PID:1568

C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe
"C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe"
2⤵
PID:1556

C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe
"C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe"
2⤵
PID:1968

C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe
"C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe"
2⤵
PID:1768

C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe
"C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe"
2⤵
PID:1548

C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe
"C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe"
2⤵
PID:1408

C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe
"C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe"
2⤵
PID:1044

C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe
"C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe"
2⤵
PID:1820

C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe
"C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe"
2⤵
PID:1688

C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe
"C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe"
2⤵
PID:1052

C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe
"C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe"
2⤵
PID:1608

C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe
"C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe"
2⤵
PID:1404

C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe
"C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe"
2⤵
PID:1616

C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe
"C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe"
2⤵
PID:2056

C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe
"C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe"
2⤵
PID:2064

C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe
"C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe"
2⤵
PID:912

C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe
"C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe"
2⤵
PID:1592

C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe
"C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe"
2⤵
PID:1784

C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe
"C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe"
2⤵
PID:2080

C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe
"C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe"
2⤵
PID:2088

C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe
"C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe"
2⤵
PID:2072

C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe
"C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe"
2⤵
PID:2096

C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe
"C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe"
2⤵
PID:2112

C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe
"C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe"
2⤵
PID:2104

C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe
"C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe"
2⤵
PID:2120

C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe
"C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe"
2⤵
PID:2128

C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe
"C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe"
2⤵
PID:2136

C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe
"C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe"
2⤵
PID:2144

C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe
"C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe"
2⤵
PID:2160

C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe
"C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe"
2⤵
PID:2168

C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe
"C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe"
2⤵
PID:2152

C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe
"C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe"
2⤵
PID:2192

C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe
"C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe"
2⤵
PID:2184

C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe
"C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe"
2⤵
PID:2200

C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe
"C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe"
2⤵
PID:2176

C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe
"C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe"
2⤵
PID:2208

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1656-54-0x0000000075A61000-0x0000000075A63000-memory.dmp

Filesize
8KB

Download
memory/1656-55-0x0000000000630000-0x0000000000665000-memory.dmp

Filesize
212KB

Download
memory/1656-56-0x0000000000670000-0x00000000006A5000-memory.dmp

Filesize
212KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads