da8e6103e836aee7b8d59d08f95c6507a16477664137c520ff928715d5f4a04c

Analysis

max time kernel
150s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20231222-en
resource tags

arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
submitted
27/01/2024, 07:53

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

79afbe3577e6a76a0c7357e1f2ac467e.exe
Size

24KB
MD5

79afbe3577e6a76a0c7357e1f2ac467e
SHA1

fa2da1d323e19ce0816e87148e43aa248931cb01
SHA256

da8e6103e836aee7b8d59d08f95c6507a16477664137c520ff928715d5f4a04c
SHA512

329ece39b28dc524958a863259f8f4e041b2e3f4cebfad7b18f060fe2360098b6db9a1e5105ca3a7f312f6f348d8d28e6469acc8fba5c13fa4d848cf446caed4
SSDEEP

192:HKrWAstBvJnEdCGeNdvsSJ0dRSrQXF8IWFmZBdZDqeFgIVBw+yny9viQhEyyYeBI:fBB8MbdRNmlIeNRMyyRBL+rhdo

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2376 wrote to memory of 2916	2376	79afbe3577e6a76a0c7357e1f2ac467e.exe	88
PID 2376 wrote to memory of 2916	2376	79afbe3577e6a76a0c7357e1f2ac467e.exe	88
PID 2376 wrote to memory of 2916	2376	79afbe3577e6a76a0c7357e1f2ac467e.exe	88
PID 2376 wrote to memory of 3236	2376	79afbe3577e6a76a0c7357e1f2ac467e.exe	90
PID 2376 wrote to memory of 3236	2376	79afbe3577e6a76a0c7357e1f2ac467e.exe	90
PID 2376 wrote to memory of 3236	2376	79afbe3577e6a76a0c7357e1f2ac467e.exe	90
PID 2376 wrote to memory of 4860	2376	79afbe3577e6a76a0c7357e1f2ac467e.exe	93
PID 2376 wrote to memory of 4860	2376	79afbe3577e6a76a0c7357e1f2ac467e.exe	93
PID 2376 wrote to memory of 4860	2376	79afbe3577e6a76a0c7357e1f2ac467e.exe	93
PID 2376 wrote to memory of 5136	2376	79afbe3577e6a76a0c7357e1f2ac467e.exe	95
PID 2376 wrote to memory of 5136	2376	79afbe3577e6a76a0c7357e1f2ac467e.exe	95
PID 2376 wrote to memory of 5136	2376	79afbe3577e6a76a0c7357e1f2ac467e.exe	95
PID 2376 wrote to memory of 5256	2376	79afbe3577e6a76a0c7357e1f2ac467e.exe	99
PID 2376 wrote to memory of 5256	2376	79afbe3577e6a76a0c7357e1f2ac467e.exe	99
PID 2376 wrote to memory of 5256	2376	79afbe3577e6a76a0c7357e1f2ac467e.exe	99
PID 2376 wrote to memory of 3712	2376	79afbe3577e6a76a0c7357e1f2ac467e.exe	101
PID 2376 wrote to memory of 3712	2376	79afbe3577e6a76a0c7357e1f2ac467e.exe	101
PID 2376 wrote to memory of 3712	2376	79afbe3577e6a76a0c7357e1f2ac467e.exe	101
PID 2376 wrote to memory of 3208	2376	79afbe3577e6a76a0c7357e1f2ac467e.exe	106
PID 2376 wrote to memory of 3208	2376	79afbe3577e6a76a0c7357e1f2ac467e.exe	106
PID 2376 wrote to memory of 3208	2376	79afbe3577e6a76a0c7357e1f2ac467e.exe	106
PID 2376 wrote to memory of 3420	2376	79afbe3577e6a76a0c7357e1f2ac467e.exe	108
PID 2376 wrote to memory of 3420	2376	79afbe3577e6a76a0c7357e1f2ac467e.exe	108
PID 2376 wrote to memory of 3420	2376	79afbe3577e6a76a0c7357e1f2ac467e.exe	108
PID 2376 wrote to memory of 2720	2376	79afbe3577e6a76a0c7357e1f2ac467e.exe	109
PID 2376 wrote to memory of 2720	2376	79afbe3577e6a76a0c7357e1f2ac467e.exe	109
PID 2376 wrote to memory of 2720	2376	79afbe3577e6a76a0c7357e1f2ac467e.exe	109
PID 2376 wrote to memory of 3804	2376	79afbe3577e6a76a0c7357e1f2ac467e.exe	111
PID 2376 wrote to memory of 3804	2376	79afbe3577e6a76a0c7357e1f2ac467e.exe	111
PID 2376 wrote to memory of 3804	2376	79afbe3577e6a76a0c7357e1f2ac467e.exe	111
PID 2376 wrote to memory of 4932	2376	79afbe3577e6a76a0c7357e1f2ac467e.exe	113
PID 2376 wrote to memory of 4932	2376	79afbe3577e6a76a0c7357e1f2ac467e.exe	113
PID 2376 wrote to memory of 4932	2376	79afbe3577e6a76a0c7357e1f2ac467e.exe	113
PID 2376 wrote to memory of 4780	2376	79afbe3577e6a76a0c7357e1f2ac467e.exe	115
PID 2376 wrote to memory of 4780	2376	79afbe3577e6a76a0c7357e1f2ac467e.exe	115
PID 2376 wrote to memory of 4780	2376	79afbe3577e6a76a0c7357e1f2ac467e.exe	115
PID 2376 wrote to memory of 2276	2376	79afbe3577e6a76a0c7357e1f2ac467e.exe	118
PID 2376 wrote to memory of 2276	2376	79afbe3577e6a76a0c7357e1f2ac467e.exe	118
PID 2376 wrote to memory of 2276	2376	79afbe3577e6a76a0c7357e1f2ac467e.exe	118
PID 2376 wrote to memory of 436	2376	79afbe3577e6a76a0c7357e1f2ac467e.exe	120
PID 2376 wrote to memory of 436	2376	79afbe3577e6a76a0c7357e1f2ac467e.exe	120
PID 2376 wrote to memory of 436	2376	79afbe3577e6a76a0c7357e1f2ac467e.exe	120
PID 2376 wrote to memory of 3988	2376	79afbe3577e6a76a0c7357e1f2ac467e.exe	122
PID 2376 wrote to memory of 3988	2376	79afbe3577e6a76a0c7357e1f2ac467e.exe	122
PID 2376 wrote to memory of 3988	2376	79afbe3577e6a76a0c7357e1f2ac467e.exe	122
PID 2376 wrote to memory of 3996	2376	79afbe3577e6a76a0c7357e1f2ac467e.exe	124
PID 2376 wrote to memory of 3996	2376	79afbe3577e6a76a0c7357e1f2ac467e.exe	124
PID 2376 wrote to memory of 3996	2376	79afbe3577e6a76a0c7357e1f2ac467e.exe	124
PID 2376 wrote to memory of 4024	2376	79afbe3577e6a76a0c7357e1f2ac467e.exe	126
PID 2376 wrote to memory of 4024	2376	79afbe3577e6a76a0c7357e1f2ac467e.exe	126
PID 2376 wrote to memory of 4024	2376	79afbe3577e6a76a0c7357e1f2ac467e.exe	126
PID 2376 wrote to memory of 2284	2376	79afbe3577e6a76a0c7357e1f2ac467e.exe	128
PID 2376 wrote to memory of 2284	2376	79afbe3577e6a76a0c7357e1f2ac467e.exe	128
PID 2376 wrote to memory of 2284	2376	79afbe3577e6a76a0c7357e1f2ac467e.exe	128
PID 2376 wrote to memory of 2364	2376	79afbe3577e6a76a0c7357e1f2ac467e.exe	132
PID 2376 wrote to memory of 2364	2376	79afbe3577e6a76a0c7357e1f2ac467e.exe	132
PID 2376 wrote to memory of 2364	2376	79afbe3577e6a76a0c7357e1f2ac467e.exe	132
PID 2376 wrote to memory of 4496	2376	79afbe3577e6a76a0c7357e1f2ac467e.exe	134
PID 2376 wrote to memory of 4496	2376	79afbe3577e6a76a0c7357e1f2ac467e.exe	134
PID 2376 wrote to memory of 4496	2376	79afbe3577e6a76a0c7357e1f2ac467e.exe	134
PID 2376 wrote to memory of 3384	2376	79afbe3577e6a76a0c7357e1f2ac467e.exe	136
PID 2376 wrote to memory of 3384	2376	79afbe3577e6a76a0c7357e1f2ac467e.exe	136
PID 2376 wrote to memory of 3384	2376	79afbe3577e6a76a0c7357e1f2ac467e.exe	136
PID 2376 wrote to memory of 5848	2376	79afbe3577e6a76a0c7357e1f2ac467e.exe	138

C:\Users\Admin\AppData\Local\Temp\79afbe3577e6a76a0c7357e1f2ac467e.exe
"C:\Users\Admin\AppData\Local\Temp\79afbe3577e6a76a0c7357e1f2ac467e.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2376
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:2916
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:3236
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:4860
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:5136
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:5256
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:3712
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:3208
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:3420
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:2720
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:3804
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:4932
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:4780
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:2276
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:436
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:3988
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:3996
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:4024
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:2284
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:2364
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:4496
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:3384
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:5848
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:4632
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:4004
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:2840
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:1708
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:5012
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:5324
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:3704
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:5524
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:5140
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:2016
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:1344
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:3188
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:3936
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:3004
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:4368
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:3736
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:4000
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:448
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:212
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:5560
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:6132
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:4792
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:5624
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:3712
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:2980
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:4424
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:2828
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:4280
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:1684
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:636
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:228
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:544
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:2432
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:3992
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:4568
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:4024
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:5788
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:6068
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:2852
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:4116
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:3548
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:5312
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:4556
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:5712
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:2028
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:5968
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:5476
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:4412
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:5324
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:2076
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:1364
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:1456
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:3352
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:1768
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:5340
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:756
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:4376
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:2540
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:5376
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:2644
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:4872
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:5128
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:5812
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:5292
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:1660
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:5372
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:4284
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:5152
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:1144
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:6012
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:3064
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:860
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:1232
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:5180
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:3224
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:3924
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:2880
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:4588
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:3140
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:5736
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:1632
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:2020
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:3164
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:412
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:5272
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:5076
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:6140
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:5536
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:5724
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:4764
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:3068
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:5748
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:5032
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:4984
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:6136
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:5524
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:5684
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:1068
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:2236
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:3564
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:3984
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:5840
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:3004
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:3556
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:4000
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:2956
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:2416
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:4464
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:1656
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:4864
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:1424
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:1660
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:5372
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:3572
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:5152
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:2304
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:6088
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:5716
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:4932
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:3016
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:4408
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:1384
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:5972
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:3976
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:5484
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:4560
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:2504
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:5352
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:3148
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:4692
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:4020
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:3228
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:5412
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:5204
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:5232
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:4756
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:5020
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:5332
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:5028
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:2356
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:2164
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:4848
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:4412
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:2008
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:2268
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:5096
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:2440
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:1252
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:4028
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:5840
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:2908
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:1876
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:2916
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:3468
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:5060
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:3792
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:3632
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:5940
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:4792
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:1660
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:456
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:924
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:628
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:5700
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:6036
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:3064
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:1272
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:3204
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:3972
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:5192
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:1736
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:2432
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:1548
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:4240
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:3160
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:5640
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:4720
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:2292
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:3096
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:220
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:5848
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:5308
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:4760
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:4572
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:5396
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:6140
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:5596
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:2752
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:2040
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:4268
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:4384
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:5480
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:5064
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:4224
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:5584
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:5460
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:3108
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:2024
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:6032
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:5096
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:3960
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:3652
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:1428
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:2596
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:3696
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:5248
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:2644
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:5044
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:1188
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:1796
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:5136
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:5124
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:5360
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:1308
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:1400
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:1260
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:2716
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:5692
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:2696
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:860
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:4932
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:4624
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:3044
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:2196
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:2756
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:5108
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:4112
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:4508
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:4240
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:3976
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:4560
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:5788
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:2020
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:3164
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:4692
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:5224
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:5664
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:1412
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:2284
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:5148
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:2672
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:4940
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:5516
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:4004
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:640
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:1976
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:464
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:3612
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:5000
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:3800
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:4412
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:5216
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:1068
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:5144
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:756
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:1252
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:4292
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:2540
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:2892
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:4000
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:1944
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:4480
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:3896
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:4972
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:2984
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:5104
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:5608
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:924
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:5740
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:3572
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:5068
- C:\Windows\SysWOW64\Route.exe
  Route.exe
  2⤵
  PID:4280

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads