da8e6103e836aee7b8d59d08f95c6507a16477664137c520ff928715d5f4a04c

Analysis

max time kernel
150s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20231222-en
resource tags

arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
submitted
27/01/2024, 07:53 UTC

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

79afbe3577e6a76a0c7357e1f2ac467e.exe
Size

24KB
MD5

79afbe3577e6a76a0c7357e1f2ac467e
SHA1

fa2da1d323e19ce0816e87148e43aa248931cb01
SHA256

da8e6103e836aee7b8d59d08f95c6507a16477664137c520ff928715d5f4a04c
SHA512

329ece39b28dc524958a863259f8f4e041b2e3f4cebfad7b18f060fe2360098b6db9a1e5105ca3a7f312f6f348d8d28e6469acc8fba5c13fa4d848cf446caed4
SSDEEP

192:HKrWAstBvJnEdCGeNdvsSJ0dRSrQXF8IWFmZBdZDqeFgIVBw+yny9viQhEyyYeBI:fBB8MbdRNmlIeNRMyyRBL+rhdo

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2376 wrote to memory of 2916	2376	79afbe3577e6a76a0c7357e1f2ac467e.exe	88
PID 2376 wrote to memory of 2916	2376	79afbe3577e6a76a0c7357e1f2ac467e.exe	88
PID 2376 wrote to memory of 2916	2376	79afbe3577e6a76a0c7357e1f2ac467e.exe	88
PID 2376 wrote to memory of 3236	2376	79afbe3577e6a76a0c7357e1f2ac467e.exe	90
PID 2376 wrote to memory of 3236	2376	79afbe3577e6a76a0c7357e1f2ac467e.exe	90
PID 2376 wrote to memory of 3236	2376	79afbe3577e6a76a0c7357e1f2ac467e.exe	90
PID 2376 wrote to memory of 4860	2376	79afbe3577e6a76a0c7357e1f2ac467e.exe	93
PID 2376 wrote to memory of 4860	2376	79afbe3577e6a76a0c7357e1f2ac467e.exe	93
PID 2376 wrote to memory of 4860	2376	79afbe3577e6a76a0c7357e1f2ac467e.exe	93
PID 2376 wrote to memory of 5136	2376	79afbe3577e6a76a0c7357e1f2ac467e.exe	95
PID 2376 wrote to memory of 5136	2376	79afbe3577e6a76a0c7357e1f2ac467e.exe	95
PID 2376 wrote to memory of 5136	2376	79afbe3577e6a76a0c7357e1f2ac467e.exe	95
PID 2376 wrote to memory of 5256	2376	79afbe3577e6a76a0c7357e1f2ac467e.exe	99
PID 2376 wrote to memory of 5256	2376	79afbe3577e6a76a0c7357e1f2ac467e.exe	99
PID 2376 wrote to memory of 5256	2376	79afbe3577e6a76a0c7357e1f2ac467e.exe	99
PID 2376 wrote to memory of 3712	2376	79afbe3577e6a76a0c7357e1f2ac467e.exe	101
PID 2376 wrote to memory of 3712	2376	79afbe3577e6a76a0c7357e1f2ac467e.exe	101
PID 2376 wrote to memory of 3712	2376	79afbe3577e6a76a0c7357e1f2ac467e.exe	101
PID 2376 wrote to memory of 3208	2376	79afbe3577e6a76a0c7357e1f2ac467e.exe	106
PID 2376 wrote to memory of 3208	2376	79afbe3577e6a76a0c7357e1f2ac467e.exe	106
PID 2376 wrote to memory of 3208	2376	79afbe3577e6a76a0c7357e1f2ac467e.exe	106
PID 2376 wrote to memory of 3420	2376	79afbe3577e6a76a0c7357e1f2ac467e.exe	108
PID 2376 wrote to memory of 3420	2376	79afbe3577e6a76a0c7357e1f2ac467e.exe	108
PID 2376 wrote to memory of 3420	2376	79afbe3577e6a76a0c7357e1f2ac467e.exe	108
PID 2376 wrote to memory of 2720	2376	79afbe3577e6a76a0c7357e1f2ac467e.exe	109
PID 2376 wrote to memory of 2720	2376	79afbe3577e6a76a0c7357e1f2ac467e.exe	109
PID 2376 wrote to memory of 2720	2376	79afbe3577e6a76a0c7357e1f2ac467e.exe	109
PID 2376 wrote to memory of 3804	2376	79afbe3577e6a76a0c7357e1f2ac467e.exe	111
PID 2376 wrote to memory of 3804	2376	79afbe3577e6a76a0c7357e1f2ac467e.exe	111
PID 2376 wrote to memory of 3804	2376	79afbe3577e6a76a0c7357e1f2ac467e.exe	111
PID 2376 wrote to memory of 4932	2376	79afbe3577e6a76a0c7357e1f2ac467e.exe	113
PID 2376 wrote to memory of 4932	2376	79afbe3577e6a76a0c7357e1f2ac467e.exe	113
PID 2376 wrote to memory of 4932	2376	79afbe3577e6a76a0c7357e1f2ac467e.exe	113
PID 2376 wrote to memory of 4780	2376	79afbe3577e6a76a0c7357e1f2ac467e.exe	115
PID 2376 wrote to memory of 4780	2376	79afbe3577e6a76a0c7357e1f2ac467e.exe	115
PID 2376 wrote to memory of 4780	2376	79afbe3577e6a76a0c7357e1f2ac467e.exe	115
PID 2376 wrote to memory of 2276	2376	79afbe3577e6a76a0c7357e1f2ac467e.exe	118
PID 2376 wrote to memory of 2276	2376	79afbe3577e6a76a0c7357e1f2ac467e.exe	118
PID 2376 wrote to memory of 2276	2376	79afbe3577e6a76a0c7357e1f2ac467e.exe	118
PID 2376 wrote to memory of 436	2376	79afbe3577e6a76a0c7357e1f2ac467e.exe	120
PID 2376 wrote to memory of 436	2376	79afbe3577e6a76a0c7357e1f2ac467e.exe	120
PID 2376 wrote to memory of 436	2376	79afbe3577e6a76a0c7357e1f2ac467e.exe	120
PID 2376 wrote to memory of 3988	2376	79afbe3577e6a76a0c7357e1f2ac467e.exe	122
PID 2376 wrote to memory of 3988	2376	79afbe3577e6a76a0c7357e1f2ac467e.exe	122
PID 2376 wrote to memory of 3988	2376	79afbe3577e6a76a0c7357e1f2ac467e.exe	122
PID 2376 wrote to memory of 3996	2376	79afbe3577e6a76a0c7357e1f2ac467e.exe	124
PID 2376 wrote to memory of 3996	2376	79afbe3577e6a76a0c7357e1f2ac467e.exe	124
PID 2376 wrote to memory of 3996	2376	79afbe3577e6a76a0c7357e1f2ac467e.exe	124
PID 2376 wrote to memory of 4024	2376	79afbe3577e6a76a0c7357e1f2ac467e.exe	126
PID 2376 wrote to memory of 4024	2376	79afbe3577e6a76a0c7357e1f2ac467e.exe	126
PID 2376 wrote to memory of 4024	2376	79afbe3577e6a76a0c7357e1f2ac467e.exe	126
PID 2376 wrote to memory of 2284	2376	79afbe3577e6a76a0c7357e1f2ac467e.exe	128
PID 2376 wrote to memory of 2284	2376	79afbe3577e6a76a0c7357e1f2ac467e.exe	128
PID 2376 wrote to memory of 2284	2376	79afbe3577e6a76a0c7357e1f2ac467e.exe	128
PID 2376 wrote to memory of 2364	2376	79afbe3577e6a76a0c7357e1f2ac467e.exe	132
PID 2376 wrote to memory of 2364	2376	79afbe3577e6a76a0c7357e1f2ac467e.exe	132
PID 2376 wrote to memory of 2364	2376	79afbe3577e6a76a0c7357e1f2ac467e.exe	132
PID 2376 wrote to memory of 4496	2376	79afbe3577e6a76a0c7357e1f2ac467e.exe	134
PID 2376 wrote to memory of 4496	2376	79afbe3577e6a76a0c7357e1f2ac467e.exe	134
PID 2376 wrote to memory of 4496	2376	79afbe3577e6a76a0c7357e1f2ac467e.exe	134
PID 2376 wrote to memory of 3384	2376	79afbe3577e6a76a0c7357e1f2ac467e.exe	136
PID 2376 wrote to memory of 3384	2376	79afbe3577e6a76a0c7357e1f2ac467e.exe	136
PID 2376 wrote to memory of 3384	2376	79afbe3577e6a76a0c7357e1f2ac467e.exe	136
PID 2376 wrote to memory of 5848	2376	79afbe3577e6a76a0c7357e1f2ac467e.exe	138

C:\Users\Admin\AppData\Local\Temp\79afbe3577e6a76a0c7357e1f2ac467e.exe
"C:\Users\Admin\AppData\Local\Temp\79afbe3577e6a76a0c7357e1f2ac467e.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2376
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:2916
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:3236
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:4860
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:5136
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:5256
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:3712
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:3208
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:3420
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:2720
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:3804
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:4932
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:4780
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:2276
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:436
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:3988
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:3996
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:4024
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:2284
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:2364
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:4496
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:3384
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:5848
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:4632
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:4004
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:2840
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:1708
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:5012
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:5324
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:3704
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:5524
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:5140
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:2016
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:1344
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:3188
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:3936
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:3004
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:4368
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:3736
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:4000
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:448
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:212
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:5560
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:6132
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:4792
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:5624
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:3712
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:2980
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:4424
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:2828
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:4280
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:1684
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:636
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:228
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:544
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:2432
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:3992
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:4568
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:4024
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:5788
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:6068
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:2852
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:4116
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:3548
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:5312
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:4556
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:5712
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:2028
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:5968
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:5476
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:4412
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:5324
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:2076
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:1364
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:1456
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:3352
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:1768
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:5340
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:756
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:4376
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:2540
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:5376
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:2644
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:4872
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:5128
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:5812
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:5292
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:1660
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:5372
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:4284
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:5152
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:1144
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:6012
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:3064
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:860
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:1232
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:5180
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:3224
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:3924
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:2880
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:4588
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:3140
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:5736
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:1632
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:2020
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:3164
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:412
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:5272
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:5076
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:6140
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:5536
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:5724
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:4764
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:3068
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:5748
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:5032
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:4984
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:6136
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:5524
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:5684
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:1068
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:2236
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:3564
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:3984
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:5840
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:3004
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:3556
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:4000
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:2956
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:2416
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:4464
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:1656
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:4864
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:1424
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:1660
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:5372
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:3572
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:5152
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:2304
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:6088
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:5716
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:4932
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:3016
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:4408
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:1384
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:5972
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:3976
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:5484
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:4560
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:2504
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:5352
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:3148
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:4692
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:4020
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:3228
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:5412
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:5204
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:5232
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:4756
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:5020
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:5332
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:5028
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:2356
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:2164
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:4848
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:4412
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:2008
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:2268
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:5096
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:2440
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:1252
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:4028
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:5840
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:2908
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:1876
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:2916
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:3468
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:5060
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:3792
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:3632
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:5940
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:4792
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:1660
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:456
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:924
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:628
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:5700
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:6036
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:3064
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:1272
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:3204
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:3972
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:5192
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:1736
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:2432
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:1548
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:4240
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:3160
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:5640
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:4720
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:2292
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:3096
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:220
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:5848
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:5308
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:4760
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:4572
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:5396
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:6140
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:5596
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:2752
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:2040
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:4268
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:4384
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:5480
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:5064
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:4224
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:5584
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:5460
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:3108
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:2024
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:6032
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:5096
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:3960
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:3652
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:1428
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:2596
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:3696
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:5248
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:2644
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:5044
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:1188
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:1796
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:5136
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:5124
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:5360
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:1308
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:1400
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:1260
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:2716
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:5692
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:2696
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:860
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:4932
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:4624
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:3044
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:2196
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:2756
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:5108
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:4112
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:4508
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:4240
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:3976
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:4560
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:5788
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:2020
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:3164
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:4692
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:5224
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:5664
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:1412
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:2284
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:5148
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:2672
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:4940
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:5516
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:4004
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:640
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:1976
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:464
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:3612
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:5000
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:3800
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:4412
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:5216
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:1068
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:5144
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:756
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:1252
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:4292
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:2540
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:2892
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:4000
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:1944
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:4480
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:3896
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:4972
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:2984
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:5104
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:5608
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:924
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:5740
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:3572
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:5068
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:4280

Network

DNS

133.211.185.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

133.211.185.52.in-addr.arpa

IN PTR

Response
DNS

180.178.17.96.in-addr.arpa

Remote address:

8.8.8.8:53

Request

180.178.17.96.in-addr.arpa

IN PTR

Response

180.178.17.96.in-addr.arpa

IN PTR

a96-17-178-180deploystaticakamaitechnologiescom
DNS

76.32.126.40.in-addr.arpa

Remote address:

8.8.8.8:53

Request

76.32.126.40.in-addr.arpa

IN PTR

Response
DNS

95.221.229.192.in-addr.arpa

Remote address:

8.8.8.8:53

Request

95.221.229.192.in-addr.arpa

IN PTR

Response
DNS

149.220.183.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

149.220.183.52.in-addr.arpa

IN PTR

Response
DNS

103.169.127.40.in-addr.arpa

Remote address:

8.8.8.8:53

Request

103.169.127.40.in-addr.arpa

IN PTR

Response
DNS

171.39.242.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

171.39.242.20.in-addr.arpa

IN PTR

Response
DNS

18.134.221.88.in-addr.arpa

Remote address:

8.8.8.8:53

Request

18.134.221.88.in-addr.arpa

IN PTR

Response

18.134.221.88.in-addr.arpa

IN PTR

a88-221-134-18deploystaticakamaitechnologiescom
DNS

173.178.17.96.in-addr.arpa

Remote address:

8.8.8.8:53

Request

173.178.17.96.in-addr.arpa

IN PTR

Response

173.178.17.96.in-addr.arpa

IN PTR

a96-17-178-173deploystaticakamaitechnologiescom
DNS

9.179.89.13.in-addr.arpa

Remote address:

8.8.8.8:53

Request

9.179.89.13.in-addr.arpa

IN PTR

Response

No results found

8.8.8.8:53

133.211.185.52.in-addr.arpa

dns

73 B
147 B
1
1

DNS Request

133.211.185.52.in-addr.arpa
8.8.8.8:53

180.178.17.96.in-addr.arpa

dns

72 B
137 B
1
1

DNS Request

180.178.17.96.in-addr.arpa
8.8.8.8:53

76.32.126.40.in-addr.arpa

dns

71 B
157 B
1
1

DNS Request

76.32.126.40.in-addr.arpa
8.8.8.8:53

95.221.229.192.in-addr.arpa

dns

73 B
144 B
1
1

DNS Request

95.221.229.192.in-addr.arpa
8.8.8.8:53

149.220.183.52.in-addr.arpa

dns

73 B
147 B
1
1

DNS Request

149.220.183.52.in-addr.arpa
8.8.8.8:53

103.169.127.40.in-addr.arpa

dns

73 B
147 B
1
1

DNS Request

103.169.127.40.in-addr.arpa
8.8.8.8:53

171.39.242.20.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

171.39.242.20.in-addr.arpa
8.8.8.8:53

18.134.221.88.in-addr.arpa

dns

72 B
137 B
1
1

DNS Request

18.134.221.88.in-addr.arpa
8.8.8.8:53

173.178.17.96.in-addr.arpa

dns

72 B
137 B
1
1

DNS Request

173.178.17.96.in-addr.arpa
8.8.8.8:53

9.179.89.13.in-addr.arpa

dns

70 B
144 B
1
1

DNS Request

9.179.89.13.in-addr.arpa

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

We care about your privacy.