Malware Analysis Report

2024-11-13 18:37

Sample ID 240227-y8b4jaag9y
Target aa148aaca301b7273bdbdb6c1f2d581e
SHA256 69eb268d4de61fc838aa1e15b67025486e375f7a63e969bf16205021d3bc4526
Tags
xtremerat persistence rat spyware upx
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

69eb268d4de61fc838aa1e15b67025486e375f7a63e969bf16205021d3bc4526

Threat Level: Known bad

The file aa148aaca301b7273bdbdb6c1f2d581e was found to be: Known bad.

Malicious Activity Summary

xtremerat persistence rat spyware upx

XtremeRAT

Detect XtremeRAT payload

Modifies Installed Components in the registry

Executes dropped EXE

UPX packed file

Loads dropped DLL

Checks computer location settings

Adds Run key to start application

Suspicious use of SetThreadContext

Drops file in Windows directory

Unsigned PE

Enumerates physical storage devices

Suspicious use of WriteProcessMemory

Suspicious use of SetWindowsHookEx

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-02-27 20:26

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-02-27 20:26

Reported

2024-02-27 20:29

Platform

win7-20240221-en

Max time kernel

151s

Max time network

125s

Command Line

"C:\Users\Admin\AppData\Local\Temp\aa148aaca301b7273bdbdb6c1f2d581e.exe"

Signatures

Detect XtremeRAT payload

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

XtremeRAT

persistence spyware rat xtremerat

Modifies Installed Components in the registry

persistence
Description Indicator Process Target
Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} C:\Windows\InstallDir\sonds.exe N/A
Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} C:\Windows\InstallDir\sonds.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Windows\\InstallDir\\sonds.exe restart" C:\Windows\InstallDir\sonds.exe N/A
Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} C:\Windows\InstallDir\sonds.exe N/A
Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} C:\Windows\InstallDir\sonds.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Windows\\InstallDir\\sonds.exe restart" C:\Windows\InstallDir\sonds.exe N/A
Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} C:\Windows\InstallDir\sonds.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Windows\\InstallDir\\sonds.exe restart" C:\Windows\InstallDir\sonds.exe N/A
Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} C:\Windows\InstallDir\sonds.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Windows\\InstallDir\\sonds.exe restart" C:\Windows\InstallDir\sonds.exe N/A
Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} C:\Windows\InstallDir\sonds.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Windows\\InstallDir\\sonds.exe restart" C:\Windows\InstallDir\sonds.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Windows\\InstallDir\\sonds.exe restart" C:\Windows\InstallDir\sonds.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Windows\\InstallDir\\sonds.exe restart" C:\Windows\InstallDir\sonds.exe N/A
Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} C:\Windows\InstallDir\sonds.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Windows\\InstallDir\\sonds.exe restart" C:\Windows\InstallDir\sonds.exe N/A
Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} C:\Windows\InstallDir\sonds.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Windows\\InstallDir\\sonds.exe restart" C:\Windows\InstallDir\sonds.exe N/A
Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} C:\Users\Admin\AppData\Local\Temp\aa148aaca301b7273bdbdb6c1f2d581e.exe N/A
Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} C:\Windows\InstallDir\sonds.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Windows\\InstallDir\\sonds.exe restart" C:\Users\Admin\AppData\Local\Temp\aa148aaca301b7273bdbdb6c1f2d581e.exe N/A
Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} C:\Windows\InstallDir\sonds.exe N/A
Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} C:\Windows\InstallDir\sonds.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Windows\\InstallDir\\sonds.exe restart" C:\Windows\InstallDir\sonds.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Windows\\InstallDir\\sonds.exe restart" C:\Windows\InstallDir\sonds.exe N/A
Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} C:\Windows\InstallDir\sonds.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Windows\\InstallDir\\sonds.exe restart" C:\Windows\InstallDir\sonds.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Windows\\InstallDir\\sonds.exe restart" C:\Windows\InstallDir\sonds.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Windows\\InstallDir\\sonds.exe restart" C:\Windows\InstallDir\sonds.exe N/A
Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} C:\Windows\InstallDir\sonds.exe N/A
Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} C:\Windows\InstallDir\sonds.exe N/A
Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} C:\Windows\InstallDir\sonds.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Windows\\InstallDir\\sonds.exe restart" C:\Windows\InstallDir\sonds.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Windows\\InstallDir\\sonds.exe restart" C:\Windows\InstallDir\sonds.exe N/A
Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} C:\Windows\InstallDir\sonds.exe N/A
Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} C:\Windows\InstallDir\sonds.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Windows\\InstallDir\\sonds.exe restart" C:\Windows\InstallDir\sonds.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Windows\\InstallDir\\sonds.exe restart" C:\Windows\InstallDir\sonds.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Windows\\InstallDir\\sonds.exe restart" C:\Windows\InstallDir\sonds.exe N/A
Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} C:\Windows\InstallDir\sonds.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Windows\\InstallDir\\sonds.exe restart" C:\Windows\InstallDir\sonds.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Windows\\InstallDir\\sonds.exe restart" C:\Windows\InstallDir\sonds.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Windows\\InstallDir\\sonds.exe restart" C:\Windows\InstallDir\sonds.exe N/A
Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} C:\Windows\InstallDir\sonds.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Windows\\InstallDir\\sonds.exe restart" C:\Windows\InstallDir\sonds.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Windows\\InstallDir\\sonds.exe restart" C:\Windows\InstallDir\sonds.exe N/A
Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} C:\Windows\InstallDir\sonds.exe N/A
Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} C:\Windows\InstallDir\sonds.exe N/A
Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} C:\Windows\InstallDir\sonds.exe N/A
Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} C:\Windows\InstallDir\sonds.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Windows\\InstallDir\\sonds.exe restart" C:\Windows\InstallDir\sonds.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Windows\\InstallDir\\sonds.exe restart" C:\Windows\InstallDir\sonds.exe N/A
Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} C:\Windows\InstallDir\sonds.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Windows\\InstallDir\\sonds.exe restart" C:\Windows\InstallDir\sonds.exe N/A
Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} C:\Windows\InstallDir\sonds.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Windows\\InstallDir\\sonds.exe restart" C:\Windows\InstallDir\sonds.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Windows\\InstallDir\\sonds.exe restart" C:\Windows\InstallDir\sonds.exe N/A
Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} C:\Windows\InstallDir\sonds.exe N/A
Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} C:\Windows\InstallDir\sonds.exe N/A
Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} C:\Windows\InstallDir\sonds.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Windows\InstallDir\sonds.exe N/A
N/A N/A C:\Windows\InstallDir\sonds.exe N/A
N/A N/A C:\Windows\InstallDir\sonds.exe N/A
N/A N/A C:\Windows\InstallDir\sonds.exe N/A
N/A N/A C:\Windows\InstallDir\sonds.exe N/A
N/A N/A C:\Windows\InstallDir\sonds.exe N/A
N/A N/A C:\Windows\InstallDir\sonds.exe N/A
N/A N/A C:\Windows\InstallDir\sonds.exe N/A
N/A N/A C:\Windows\InstallDir\sonds.exe N/A
N/A N/A C:\Windows\InstallDir\sonds.exe N/A
N/A N/A C:\Windows\InstallDir\sonds.exe N/A
N/A N/A C:\Windows\InstallDir\sonds.exe N/A
N/A N/A C:\Windows\InstallDir\sonds.exe N/A
N/A N/A C:\Windows\InstallDir\sonds.exe N/A
N/A N/A C:\Windows\InstallDir\sonds.exe N/A
N/A N/A C:\Windows\InstallDir\sonds.exe N/A
N/A N/A C:\Windows\InstallDir\sonds.exe N/A
N/A N/A C:\Windows\InstallDir\sonds.exe N/A
N/A N/A C:\Windows\InstallDir\sonds.exe N/A
N/A N/A C:\Windows\InstallDir\sonds.exe N/A
N/A N/A C:\Windows\InstallDir\sonds.exe N/A
N/A N/A C:\Windows\InstallDir\sonds.exe N/A
N/A N/A C:\Windows\InstallDir\sonds.exe N/A
N/A N/A C:\Windows\InstallDir\sonds.exe N/A
N/A N/A C:\Windows\InstallDir\sonds.exe N/A
N/A N/A C:\Windows\InstallDir\sonds.exe N/A
N/A N/A C:\Windows\InstallDir\sonds.exe N/A
N/A N/A C:\Windows\InstallDir\sonds.exe N/A
N/A N/A C:\Windows\InstallDir\sonds.exe N/A
N/A N/A C:\Windows\InstallDir\sonds.exe N/A
N/A N/A C:\Windows\InstallDir\sonds.exe N/A
N/A N/A C:\Windows\InstallDir\sonds.exe N/A
N/A N/A C:\Windows\InstallDir\sonds.exe N/A
N/A N/A C:\Windows\InstallDir\sonds.exe N/A
N/A N/A C:\Windows\InstallDir\sonds.exe N/A
N/A N/A C:\Windows\InstallDir\sonds.exe N/A
N/A N/A C:\Windows\InstallDir\sonds.exe N/A
N/A N/A C:\Windows\InstallDir\sonds.exe N/A
N/A N/A C:\Windows\InstallDir\sonds.exe N/A
N/A N/A C:\Windows\InstallDir\sonds.exe N/A
N/A N/A C:\Windows\InstallDir\sonds.exe N/A
N/A N/A C:\Windows\InstallDir\sonds.exe N/A
N/A N/A C:\Windows\InstallDir\sonds.exe N/A
N/A N/A C:\Windows\InstallDir\sonds.exe N/A
N/A N/A C:\Windows\InstallDir\sonds.exe N/A
N/A N/A C:\Windows\InstallDir\sonds.exe N/A
N/A N/A C:\Windows\InstallDir\sonds.exe N/A
N/A N/A C:\Windows\InstallDir\sonds.exe N/A
N/A N/A C:\Windows\InstallDir\sonds.exe N/A
N/A N/A C:\Windows\InstallDir\sonds.exe N/A
N/A N/A C:\Windows\InstallDir\sonds.exe N/A
N/A N/A C:\Windows\InstallDir\sonds.exe N/A
N/A N/A C:\Windows\InstallDir\sonds.exe N/A
N/A N/A C:\Windows\InstallDir\sonds.exe N/A
N/A N/A C:\Windows\InstallDir\sonds.exe N/A
N/A N/A C:\Windows\InstallDir\sonds.exe N/A
N/A N/A C:\Windows\InstallDir\sonds.exe N/A
N/A N/A C:\Windows\InstallDir\sonds.exe N/A
N/A N/A C:\Windows\InstallDir\sonds.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\sonds.exe" C:\Windows\InstallDir\sonds.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3787592910-3720486031-2929222812-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\sonds.exe" C:\Windows\InstallDir\sonds.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3787592910-3720486031-2929222812-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\sonds.exe" C:\Windows\InstallDir\sonds.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\sonds.exe" C:\Windows\InstallDir\sonds.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3787592910-3720486031-2929222812-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\sonds.exe" C:\Windows\InstallDir\sonds.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\sonds.exe" C:\Windows\InstallDir\sonds.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3787592910-3720486031-2929222812-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\sonds.exe" C:\Windows\InstallDir\sonds.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\sonds.exe" C:\Windows\InstallDir\sonds.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\sonds.exe" C:\Windows\InstallDir\sonds.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\sonds.exe" C:\Windows\InstallDir\sonds.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3787592910-3720486031-2929222812-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\sonds.exe" C:\Windows\InstallDir\sonds.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\sonds.exe" C:\Windows\InstallDir\sonds.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3787592910-3720486031-2929222812-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\sonds.exe" C:\Windows\InstallDir\sonds.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\sonds.exe" C:\Windows\InstallDir\sonds.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\sonds.exe" C:\Windows\InstallDir\sonds.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3787592910-3720486031-2929222812-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\sonds.exe" C:\Windows\InstallDir\sonds.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3787592910-3720486031-2929222812-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\sonds.exe" C:\Windows\InstallDir\sonds.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\sonds.exe" C:\Windows\InstallDir\sonds.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3787592910-3720486031-2929222812-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\sonds.exe" C:\Windows\InstallDir\sonds.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3787592910-3720486031-2929222812-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\sonds.exe" C:\Windows\InstallDir\sonds.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3787592910-3720486031-2929222812-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\sonds.exe" C:\Windows\InstallDir\sonds.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\sonds.exe" C:\Windows\InstallDir\sonds.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3787592910-3720486031-2929222812-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\sonds.exe" C:\Windows\InstallDir\sonds.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3787592910-3720486031-2929222812-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\sonds.exe" C:\Windows\InstallDir\sonds.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\sonds.exe" C:\Windows\InstallDir\sonds.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\sonds.exe" C:\Windows\InstallDir\sonds.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\sonds.exe" C:\Windows\InstallDir\sonds.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3787592910-3720486031-2929222812-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\sonds.exe" C:\Windows\InstallDir\sonds.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\sonds.exe" C:\Windows\InstallDir\sonds.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\sonds.exe" C:\Windows\InstallDir\sonds.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\sonds.exe" C:\Windows\InstallDir\sonds.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\sonds.exe" C:\Windows\InstallDir\sonds.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\sonds.exe" C:\Windows\InstallDir\sonds.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3787592910-3720486031-2929222812-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\sonds.exe" C:\Windows\InstallDir\sonds.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3787592910-3720486031-2929222812-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\sonds.exe" C:\Windows\InstallDir\sonds.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3787592910-3720486031-2929222812-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\sonds.exe" C:\Windows\InstallDir\sonds.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\sonds.exe" C:\Windows\InstallDir\sonds.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\sonds.exe" C:\Windows\InstallDir\sonds.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\sonds.exe" C:\Windows\InstallDir\sonds.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3787592910-3720486031-2929222812-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\sonds.exe" C:\Windows\InstallDir\sonds.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3787592910-3720486031-2929222812-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\sonds.exe" C:\Windows\InstallDir\sonds.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\sonds.exe" C:\Users\Admin\AppData\Local\Temp\aa148aaca301b7273bdbdb6c1f2d581e.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3787592910-3720486031-2929222812-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\sonds.exe" C:\Users\Admin\AppData\Local\Temp\aa148aaca301b7273bdbdb6c1f2d581e.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\sonds.exe" C:\Windows\InstallDir\sonds.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\sonds.exe" C:\Windows\InstallDir\sonds.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3787592910-3720486031-2929222812-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\sonds.exe" C:\Windows\InstallDir\sonds.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\sonds.exe" C:\Windows\InstallDir\sonds.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3787592910-3720486031-2929222812-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\sonds.exe" C:\Windows\InstallDir\sonds.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3787592910-3720486031-2929222812-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\sonds.exe" C:\Windows\InstallDir\sonds.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\sonds.exe" C:\Windows\InstallDir\sonds.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\sonds.exe" C:\Windows\InstallDir\sonds.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3787592910-3720486031-2929222812-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\sonds.exe" C:\Windows\InstallDir\sonds.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3787592910-3720486031-2929222812-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\sonds.exe" C:\Windows\InstallDir\sonds.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\sonds.exe" C:\Windows\InstallDir\sonds.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3787592910-3720486031-2929222812-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\sonds.exe" C:\Windows\InstallDir\sonds.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3787592910-3720486031-2929222812-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\sonds.exe" C:\Windows\InstallDir\sonds.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3787592910-3720486031-2929222812-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\sonds.exe" C:\Windows\InstallDir\sonds.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\sonds.exe" C:\Windows\InstallDir\sonds.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3787592910-3720486031-2929222812-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\sonds.exe" C:\Windows\InstallDir\sonds.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3787592910-3720486031-2929222812-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\sonds.exe" C:\Windows\InstallDir\sonds.exe N/A

Suspicious use of SetThreadContext

Description Indicator Process Target
PID 2020 set thread context of 1676 N/A C:\Users\Admin\AppData\Local\Temp\aa148aaca301b7273bdbdb6c1f2d581e.exe C:\Users\Admin\AppData\Local\Temp\aa148aaca301b7273bdbdb6c1f2d581e.exe
PID 2684 set thread context of 2540 N/A C:\Windows\InstallDir\sonds.exe C:\Windows\InstallDir\sonds.exe
PID 2448 set thread context of 2860 N/A C:\Windows\InstallDir\sonds.exe C:\Windows\InstallDir\sonds.exe
PID 2720 set thread context of 2744 N/A C:\Windows\InstallDir\sonds.exe C:\Windows\InstallDir\sonds.exe
PID 1956 set thread context of 340 N/A C:\Windows\InstallDir\sonds.exe C:\Windows\InstallDir\sonds.exe
PID 620 set thread context of 1636 N/A C:\Windows\InstallDir\sonds.exe C:\Windows\InstallDir\sonds.exe
PID 2012 set thread context of 2280 N/A C:\Windows\InstallDir\sonds.exe C:\Windows\InstallDir\sonds.exe
PID 844 set thread context of 3032 N/A C:\Windows\InstallDir\sonds.exe C:\Windows\InstallDir\sonds.exe
PID 916 set thread context of 1524 N/A C:\Windows\InstallDir\sonds.exe C:\Windows\InstallDir\sonds.exe
PID 876 set thread context of 2028 N/A C:\Windows\InstallDir\sonds.exe C:\Windows\InstallDir\sonds.exe
PID 1808 set thread context of 2652 N/A C:\Windows\InstallDir\sonds.exe C:\Windows\InstallDir\sonds.exe
PID 2352 set thread context of 2260 N/A C:\Windows\InstallDir\sonds.exe C:\Windows\InstallDir\sonds.exe
PID 2380 set thread context of 2196 N/A C:\Windows\InstallDir\sonds.exe C:\Windows\InstallDir\sonds.exe
PID 1688 set thread context of 2100 N/A C:\Windows\InstallDir\sonds.exe C:\Windows\InstallDir\sonds.exe
PID 592 set thread context of 2092 N/A C:\Windows\InstallDir\sonds.exe C:\Windows\InstallDir\sonds.exe
PID 2224 set thread context of 2896 N/A C:\Windows\InstallDir\sonds.exe C:\Windows\InstallDir\sonds.exe
PID 2620 set thread context of 656 N/A C:\Windows\InstallDir\sonds.exe C:\Windows\InstallDir\sonds.exe
PID 1536 set thread context of 1992 N/A C:\Windows\InstallDir\sonds.exe C:\Windows\InstallDir\sonds.exe
PID 2932 set thread context of 1348 N/A C:\Windows\InstallDir\sonds.exe C:\Windows\InstallDir\sonds.exe
PID 1184 set thread context of 1496 N/A C:\Windows\InstallDir\sonds.exe C:\Windows\InstallDir\sonds.exe
PID 2360 set thread context of 2128 N/A C:\Windows\InstallDir\sonds.exe C:\Windows\InstallDir\sonds.exe
PID 3108 set thread context of 3132 N/A C:\Windows\InstallDir\sonds.exe C:\Windows\InstallDir\sonds.exe
PID 3256 set thread context of 3284 N/A C:\Windows\InstallDir\sonds.exe C:\Windows\InstallDir\sonds.exe
PID 3416 set thread context of 3444 N/A C:\Windows\InstallDir\sonds.exe C:\Windows\InstallDir\sonds.exe
PID 3568 set thread context of 3596 N/A C:\Windows\InstallDir\sonds.exe C:\Windows\InstallDir\sonds.exe
PID 3724 set thread context of 3748 N/A C:\Windows\InstallDir\sonds.exe C:\Windows\InstallDir\sonds.exe
PID 3868 set thread context of 3892 N/A C:\Windows\InstallDir\sonds.exe C:\Windows\InstallDir\sonds.exe
PID 4020 set thread context of 4044 N/A C:\Windows\InstallDir\sonds.exe C:\Windows\InstallDir\sonds.exe
PID 3164 set thread context of 3272 N/A C:\Windows\InstallDir\sonds.exe C:\Windows\InstallDir\sonds.exe
PID 3504 set thread context of 3564 N/A C:\Windows\InstallDir\sonds.exe C:\Windows\InstallDir\sonds.exe

Drops file in Windows directory

Description Indicator Process Target
File opened for modification C:\Windows\InstallDir\sonds.exe C:\Users\Admin\AppData\Local\Temp\aa148aaca301b7273bdbdb6c1f2d581e.exe N/A
File created C:\Windows\InstallDir\sonds.exe C:\Users\Admin\AppData\Local\Temp\aa148aaca301b7273bdbdb6c1f2d581e.exe N/A

Enumerates physical storage devices

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2020 wrote to memory of 1676 N/A C:\Users\Admin\AppData\Local\Temp\aa148aaca301b7273bdbdb6c1f2d581e.exe C:\Users\Admin\AppData\Local\Temp\aa148aaca301b7273bdbdb6c1f2d581e.exe
PID 2020 wrote to memory of 1676 N/A C:\Users\Admin\AppData\Local\Temp\aa148aaca301b7273bdbdb6c1f2d581e.exe C:\Users\Admin\AppData\Local\Temp\aa148aaca301b7273bdbdb6c1f2d581e.exe
PID 2020 wrote to memory of 1676 N/A C:\Users\Admin\AppData\Local\Temp\aa148aaca301b7273bdbdb6c1f2d581e.exe C:\Users\Admin\AppData\Local\Temp\aa148aaca301b7273bdbdb6c1f2d581e.exe
PID 2020 wrote to memory of 1676 N/A C:\Users\Admin\AppData\Local\Temp\aa148aaca301b7273bdbdb6c1f2d581e.exe C:\Users\Admin\AppData\Local\Temp\aa148aaca301b7273bdbdb6c1f2d581e.exe
PID 2020 wrote to memory of 1676 N/A C:\Users\Admin\AppData\Local\Temp\aa148aaca301b7273bdbdb6c1f2d581e.exe C:\Users\Admin\AppData\Local\Temp\aa148aaca301b7273bdbdb6c1f2d581e.exe
PID 2020 wrote to memory of 1676 N/A C:\Users\Admin\AppData\Local\Temp\aa148aaca301b7273bdbdb6c1f2d581e.exe C:\Users\Admin\AppData\Local\Temp\aa148aaca301b7273bdbdb6c1f2d581e.exe
PID 2020 wrote to memory of 1676 N/A C:\Users\Admin\AppData\Local\Temp\aa148aaca301b7273bdbdb6c1f2d581e.exe C:\Users\Admin\AppData\Local\Temp\aa148aaca301b7273bdbdb6c1f2d581e.exe
PID 2020 wrote to memory of 1676 N/A C:\Users\Admin\AppData\Local\Temp\aa148aaca301b7273bdbdb6c1f2d581e.exe C:\Users\Admin\AppData\Local\Temp\aa148aaca301b7273bdbdb6c1f2d581e.exe
PID 2020 wrote to memory of 1676 N/A C:\Users\Admin\AppData\Local\Temp\aa148aaca301b7273bdbdb6c1f2d581e.exe C:\Users\Admin\AppData\Local\Temp\aa148aaca301b7273bdbdb6c1f2d581e.exe
PID 1676 wrote to memory of 2912 N/A C:\Users\Admin\AppData\Local\Temp\aa148aaca301b7273bdbdb6c1f2d581e.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1676 wrote to memory of 2912 N/A C:\Users\Admin\AppData\Local\Temp\aa148aaca301b7273bdbdb6c1f2d581e.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1676 wrote to memory of 2912 N/A C:\Users\Admin\AppData\Local\Temp\aa148aaca301b7273bdbdb6c1f2d581e.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1676 wrote to memory of 2912 N/A C:\Users\Admin\AppData\Local\Temp\aa148aaca301b7273bdbdb6c1f2d581e.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1676 wrote to memory of 2912 N/A C:\Users\Admin\AppData\Local\Temp\aa148aaca301b7273bdbdb6c1f2d581e.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1676 wrote to memory of 2496 N/A C:\Users\Admin\AppData\Local\Temp\aa148aaca301b7273bdbdb6c1f2d581e.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1676 wrote to memory of 2496 N/A C:\Users\Admin\AppData\Local\Temp\aa148aaca301b7273bdbdb6c1f2d581e.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1676 wrote to memory of 2496 N/A C:\Users\Admin\AppData\Local\Temp\aa148aaca301b7273bdbdb6c1f2d581e.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1676 wrote to memory of 2496 N/A C:\Users\Admin\AppData\Local\Temp\aa148aaca301b7273bdbdb6c1f2d581e.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1676 wrote to memory of 2496 N/A C:\Users\Admin\AppData\Local\Temp\aa148aaca301b7273bdbdb6c1f2d581e.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1676 wrote to memory of 3004 N/A C:\Users\Admin\AppData\Local\Temp\aa148aaca301b7273bdbdb6c1f2d581e.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1676 wrote to memory of 3004 N/A C:\Users\Admin\AppData\Local\Temp\aa148aaca301b7273bdbdb6c1f2d581e.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1676 wrote to memory of 3004 N/A C:\Users\Admin\AppData\Local\Temp\aa148aaca301b7273bdbdb6c1f2d581e.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1676 wrote to memory of 3004 N/A C:\Users\Admin\AppData\Local\Temp\aa148aaca301b7273bdbdb6c1f2d581e.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1676 wrote to memory of 3004 N/A C:\Users\Admin\AppData\Local\Temp\aa148aaca301b7273bdbdb6c1f2d581e.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1676 wrote to memory of 2268 N/A C:\Users\Admin\AppData\Local\Temp\aa148aaca301b7273bdbdb6c1f2d581e.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1676 wrote to memory of 2268 N/A C:\Users\Admin\AppData\Local\Temp\aa148aaca301b7273bdbdb6c1f2d581e.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1676 wrote to memory of 2268 N/A C:\Users\Admin\AppData\Local\Temp\aa148aaca301b7273bdbdb6c1f2d581e.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1676 wrote to memory of 2268 N/A C:\Users\Admin\AppData\Local\Temp\aa148aaca301b7273bdbdb6c1f2d581e.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1676 wrote to memory of 2268 N/A C:\Users\Admin\AppData\Local\Temp\aa148aaca301b7273bdbdb6c1f2d581e.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1676 wrote to memory of 1320 N/A C:\Users\Admin\AppData\Local\Temp\aa148aaca301b7273bdbdb6c1f2d581e.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1676 wrote to memory of 1320 N/A C:\Users\Admin\AppData\Local\Temp\aa148aaca301b7273bdbdb6c1f2d581e.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1676 wrote to memory of 1320 N/A C:\Users\Admin\AppData\Local\Temp\aa148aaca301b7273bdbdb6c1f2d581e.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1676 wrote to memory of 1320 N/A C:\Users\Admin\AppData\Local\Temp\aa148aaca301b7273bdbdb6c1f2d581e.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1676 wrote to memory of 1320 N/A C:\Users\Admin\AppData\Local\Temp\aa148aaca301b7273bdbdb6c1f2d581e.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1676 wrote to memory of 2536 N/A C:\Users\Admin\AppData\Local\Temp\aa148aaca301b7273bdbdb6c1f2d581e.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1676 wrote to memory of 2536 N/A C:\Users\Admin\AppData\Local\Temp\aa148aaca301b7273bdbdb6c1f2d581e.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1676 wrote to memory of 2536 N/A C:\Users\Admin\AppData\Local\Temp\aa148aaca301b7273bdbdb6c1f2d581e.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1676 wrote to memory of 2536 N/A C:\Users\Admin\AppData\Local\Temp\aa148aaca301b7273bdbdb6c1f2d581e.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1676 wrote to memory of 2536 N/A C:\Users\Admin\AppData\Local\Temp\aa148aaca301b7273bdbdb6c1f2d581e.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1676 wrote to memory of 2556 N/A C:\Users\Admin\AppData\Local\Temp\aa148aaca301b7273bdbdb6c1f2d581e.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1676 wrote to memory of 2556 N/A C:\Users\Admin\AppData\Local\Temp\aa148aaca301b7273bdbdb6c1f2d581e.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1676 wrote to memory of 2556 N/A C:\Users\Admin\AppData\Local\Temp\aa148aaca301b7273bdbdb6c1f2d581e.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1676 wrote to memory of 2556 N/A C:\Users\Admin\AppData\Local\Temp\aa148aaca301b7273bdbdb6c1f2d581e.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1676 wrote to memory of 2556 N/A C:\Users\Admin\AppData\Local\Temp\aa148aaca301b7273bdbdb6c1f2d581e.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1676 wrote to memory of 2660 N/A C:\Users\Admin\AppData\Local\Temp\aa148aaca301b7273bdbdb6c1f2d581e.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1676 wrote to memory of 2660 N/A C:\Users\Admin\AppData\Local\Temp\aa148aaca301b7273bdbdb6c1f2d581e.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1676 wrote to memory of 2660 N/A C:\Users\Admin\AppData\Local\Temp\aa148aaca301b7273bdbdb6c1f2d581e.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1676 wrote to memory of 2660 N/A C:\Users\Admin\AppData\Local\Temp\aa148aaca301b7273bdbdb6c1f2d581e.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1676 wrote to memory of 2684 N/A C:\Users\Admin\AppData\Local\Temp\aa148aaca301b7273bdbdb6c1f2d581e.exe C:\Windows\InstallDir\sonds.exe
PID 1676 wrote to memory of 2684 N/A C:\Users\Admin\AppData\Local\Temp\aa148aaca301b7273bdbdb6c1f2d581e.exe C:\Windows\InstallDir\sonds.exe
PID 1676 wrote to memory of 2684 N/A C:\Users\Admin\AppData\Local\Temp\aa148aaca301b7273bdbdb6c1f2d581e.exe C:\Windows\InstallDir\sonds.exe
PID 1676 wrote to memory of 2684 N/A C:\Users\Admin\AppData\Local\Temp\aa148aaca301b7273bdbdb6c1f2d581e.exe C:\Windows\InstallDir\sonds.exe
PID 2684 wrote to memory of 2540 N/A C:\Windows\InstallDir\sonds.exe C:\Windows\InstallDir\sonds.exe
PID 2684 wrote to memory of 2540 N/A C:\Windows\InstallDir\sonds.exe C:\Windows\InstallDir\sonds.exe
PID 2684 wrote to memory of 2540 N/A C:\Windows\InstallDir\sonds.exe C:\Windows\InstallDir\sonds.exe
PID 2684 wrote to memory of 2540 N/A C:\Windows\InstallDir\sonds.exe C:\Windows\InstallDir\sonds.exe
PID 2684 wrote to memory of 2540 N/A C:\Windows\InstallDir\sonds.exe C:\Windows\InstallDir\sonds.exe
PID 2684 wrote to memory of 2540 N/A C:\Windows\InstallDir\sonds.exe C:\Windows\InstallDir\sonds.exe
PID 2684 wrote to memory of 2540 N/A C:\Windows\InstallDir\sonds.exe C:\Windows\InstallDir\sonds.exe
PID 2684 wrote to memory of 2540 N/A C:\Windows\InstallDir\sonds.exe C:\Windows\InstallDir\sonds.exe
PID 2684 wrote to memory of 2540 N/A C:\Windows\InstallDir\sonds.exe C:\Windows\InstallDir\sonds.exe
PID 2540 wrote to memory of 2584 N/A C:\Windows\InstallDir\sonds.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2540 wrote to memory of 2584 N/A C:\Windows\InstallDir\sonds.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2540 wrote to memory of 2584 N/A C:\Windows\InstallDir\sonds.exe C:\Program Files\Internet Explorer\iexplore.exe

Processes

C:\Users\Admin\AppData\Local\Temp\aa148aaca301b7273bdbdb6c1f2d581e.exe

"C:\Users\Admin\AppData\Local\Temp\aa148aaca301b7273bdbdb6c1f2d581e.exe"

C:\Users\Admin\AppData\Local\Temp\aa148aaca301b7273bdbdb6c1f2d581e.exe

"C:\Users\Admin\AppData\Local\Temp\aa148aaca301b7273bdbdb6c1f2d581e.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\InstallDir\sonds.exe

"C:\Windows\InstallDir\sonds.exe"

C:\Windows\InstallDir\sonds.exe

"C:\Windows\InstallDir\sonds.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\InstallDir\sonds.exe

"C:\Windows\InstallDir\sonds.exe"

C:\Windows\InstallDir\sonds.exe

"C:\Windows\InstallDir\sonds.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\InstallDir\sonds.exe

"C:\Windows\InstallDir\sonds.exe"

C:\Windows\InstallDir\sonds.exe

"C:\Windows\InstallDir\sonds.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\InstallDir\sonds.exe

"C:\Windows\InstallDir\sonds.exe"

C:\Windows\InstallDir\sonds.exe

"C:\Windows\InstallDir\sonds.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\InstallDir\sonds.exe

"C:\Windows\InstallDir\sonds.exe"

C:\Windows\InstallDir\sonds.exe

"C:\Windows\InstallDir\sonds.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\InstallDir\sonds.exe

"C:\Windows\InstallDir\sonds.exe"

C:\Windows\InstallDir\sonds.exe

"C:\Windows\InstallDir\sonds.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\InstallDir\sonds.exe

"C:\Windows\InstallDir\sonds.exe"

C:\Windows\InstallDir\sonds.exe

"C:\Windows\InstallDir\sonds.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\InstallDir\sonds.exe

"C:\Windows\InstallDir\sonds.exe"

C:\Windows\InstallDir\sonds.exe

"C:\Windows\InstallDir\sonds.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\InstallDir\sonds.exe

"C:\Windows\InstallDir\sonds.exe"

C:\Windows\InstallDir\sonds.exe

"C:\Windows\InstallDir\sonds.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\InstallDir\sonds.exe

"C:\Windows\InstallDir\sonds.exe"

C:\Windows\InstallDir\sonds.exe

"C:\Windows\InstallDir\sonds.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\InstallDir\sonds.exe

"C:\Windows\InstallDir\sonds.exe"

C:\Windows\InstallDir\sonds.exe

"C:\Windows\InstallDir\sonds.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\InstallDir\sonds.exe

"C:\Windows\InstallDir\sonds.exe"

C:\Windows\InstallDir\sonds.exe

"C:\Windows\InstallDir\sonds.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\InstallDir\sonds.exe

"C:\Windows\InstallDir\sonds.exe"

C:\Windows\InstallDir\sonds.exe

"C:\Windows\InstallDir\sonds.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\InstallDir\sonds.exe

"C:\Windows\InstallDir\sonds.exe"

C:\Windows\InstallDir\sonds.exe

"C:\Windows\InstallDir\sonds.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\InstallDir\sonds.exe

"C:\Windows\InstallDir\sonds.exe"

C:\Windows\InstallDir\sonds.exe

"C:\Windows\InstallDir\sonds.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\InstallDir\sonds.exe

"C:\Windows\InstallDir\sonds.exe"

C:\Windows\InstallDir\sonds.exe

"C:\Windows\InstallDir\sonds.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\InstallDir\sonds.exe

"C:\Windows\InstallDir\sonds.exe"

C:\Windows\InstallDir\sonds.exe

"C:\Windows\InstallDir\sonds.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\InstallDir\sonds.exe

"C:\Windows\InstallDir\sonds.exe"

C:\Windows\InstallDir\sonds.exe

"C:\Windows\InstallDir\sonds.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\InstallDir\sonds.exe

"C:\Windows\InstallDir\sonds.exe"

C:\Windows\InstallDir\sonds.exe

"C:\Windows\InstallDir\sonds.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\InstallDir\sonds.exe

"C:\Windows\InstallDir\sonds.exe"

C:\Windows\InstallDir\sonds.exe

"C:\Windows\InstallDir\sonds.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\InstallDir\sonds.exe

"C:\Windows\InstallDir\sonds.exe"

C:\Windows\InstallDir\sonds.exe

"C:\Windows\InstallDir\sonds.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\InstallDir\sonds.exe

"C:\Windows\InstallDir\sonds.exe"

C:\Windows\InstallDir\sonds.exe

"C:\Windows\InstallDir\sonds.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\InstallDir\sonds.exe

"C:\Windows\InstallDir\sonds.exe"

C:\Windows\InstallDir\sonds.exe

"C:\Windows\InstallDir\sonds.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\InstallDir\sonds.exe

"C:\Windows\InstallDir\sonds.exe"

C:\Windows\InstallDir\sonds.exe

"C:\Windows\InstallDir\sonds.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\InstallDir\sonds.exe

"C:\Windows\InstallDir\sonds.exe"

C:\Windows\InstallDir\sonds.exe

"C:\Windows\InstallDir\sonds.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\InstallDir\sonds.exe

"C:\Windows\InstallDir\sonds.exe"

C:\Windows\InstallDir\sonds.exe

"C:\Windows\InstallDir\sonds.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\InstallDir\sonds.exe

"C:\Windows\InstallDir\sonds.exe"

C:\Windows\InstallDir\sonds.exe

"C:\Windows\InstallDir\sonds.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\InstallDir\sonds.exe

"C:\Windows\InstallDir\sonds.exe"

C:\Windows\InstallDir\sonds.exe

"C:\Windows\InstallDir\sonds.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\InstallDir\sonds.exe

"C:\Windows\InstallDir\sonds.exe"

C:\Windows\InstallDir\sonds.exe

"C:\Windows\InstallDir\sonds.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\InstallDir\sonds.exe

"C:\Windows\InstallDir\sonds.exe"

C:\Windows\InstallDir\sonds.exe

"C:\Windows\InstallDir\sonds.exe"

Network

N/A

Files

memory/1676-2-0x0000000000C80000-0x0000000000C95000-memory.dmp

memory/1676-4-0x0000000000C80000-0x0000000000C95000-memory.dmp

memory/1676-5-0x0000000000C80000-0x0000000000C95000-memory.dmp

memory/1676-6-0x0000000000C80000-0x0000000000C95000-memory.dmp

\Windows\InstallDir\sonds.exe

MD5 aa148aaca301b7273bdbdb6c1f2d581e
SHA1 7c000c6d06806d6aaeaeab56e34e8eda52b3ac13
SHA256 69eb268d4de61fc838aa1e15b67025486e375f7a63e969bf16205021d3bc4526
SHA512 3a15f03815c71cdfbd984d464002eebf323f0b904a7303e2636f23b11ce73c926d057a6ab16423f975cee6f030fc574259a85c40c88d444692f3ea4cef3f6913

memory/1676-18-0x0000000000C80000-0x0000000000C95000-memory.dmp

memory/2540-28-0x0000000000C80000-0x0000000000C95000-memory.dmp

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\((Mutex)).cfg

MD5 d1a921131bfeffbfffb631b7d29bd461
SHA1 bd555f1030aea183b5fe8cb004a10869c02797ef
SHA256 5c5d67713455743a876d4fd9f61df70b7bcaed374e90a8d5f96f737b6ab3d4f3
SHA512 84f7bbd4c38dcaeaae6e36957b939c6d83c9dbc4a39c93647a1d978e21a559637bf4b7fa1deb91cc85d1707f04203a8e417576e9da7dad836d8b66d37221bf3b

memory/2540-31-0x0000000000C80000-0x0000000000C95000-memory.dmp

memory/2860-39-0x0000000000C80000-0x0000000000C95000-memory.dmp

memory/2860-43-0x0000000000C80000-0x0000000000C95000-memory.dmp

memory/2744-51-0x0000000000C80000-0x0000000000C95000-memory.dmp

memory/2744-54-0x0000000000C80000-0x0000000000C95000-memory.dmp

memory/340-62-0x0000000000C80000-0x0000000000C95000-memory.dmp

memory/340-66-0x0000000000C80000-0x0000000000C95000-memory.dmp

memory/1636-74-0x0000000000C80000-0x0000000000C95000-memory.dmp

memory/1636-77-0x0000000000C80000-0x0000000000C95000-memory.dmp

memory/2280-85-0x0000000000C80000-0x0000000000C95000-memory.dmp

memory/2280-89-0x0000000000C80000-0x0000000000C95000-memory.dmp

memory/3032-97-0x0000000000C80000-0x0000000000C95000-memory.dmp

memory/3032-100-0x0000000000C80000-0x0000000000C95000-memory.dmp

memory/1524-108-0x0000000000C80000-0x0000000000C95000-memory.dmp

memory/1524-112-0x0000000000C80000-0x0000000000C95000-memory.dmp

memory/2028-122-0x0000000000C80000-0x0000000000C95000-memory.dmp

memory/2652-130-0x0000000000C80000-0x0000000000C95000-memory.dmp

memory/2652-134-0x0000000000C80000-0x0000000000C95000-memory.dmp

memory/2260-142-0x0000000000C80000-0x0000000000C95000-memory.dmp

memory/2260-145-0x0000000000C80000-0x0000000000C95000-memory.dmp

memory/2196-153-0x0000000000C80000-0x0000000000C95000-memory.dmp

memory/2196-157-0x0000000000C80000-0x0000000000C95000-memory.dmp

memory/2100-165-0x0000000000C80000-0x0000000000C95000-memory.dmp

memory/2100-168-0x0000000000C80000-0x0000000000C95000-memory.dmp

memory/2092-176-0x0000000000C80000-0x0000000000C95000-memory.dmp

memory/2092-180-0x0000000000C80000-0x0000000000C95000-memory.dmp

memory/2896-188-0x0000000000C80000-0x0000000000C95000-memory.dmp

memory/2896-190-0x0000000000C80000-0x0000000000C95000-memory.dmp

memory/656-199-0x0000000000C80000-0x0000000000C95000-memory.dmp

memory/656-203-0x0000000000C80000-0x0000000000C95000-memory.dmp

memory/1992-211-0x0000000000C80000-0x0000000000C95000-memory.dmp

memory/1992-214-0x0000000000C80000-0x0000000000C95000-memory.dmp

memory/1348-222-0x0000000000C80000-0x0000000000C95000-memory.dmp

memory/1348-225-0x0000000000C80000-0x0000000000C95000-memory.dmp

memory/1496-236-0x0000000000C80000-0x0000000000C95000-memory.dmp

memory/2128-244-0x0000000000C80000-0x0000000000C95000-memory.dmp

memory/2128-247-0x0000000000C80000-0x0000000000C95000-memory.dmp

C:\Windows\InstallDir\sonds.exe

MD5 d96da31dc60b5ab8b68e345db4e9b4dd
SHA1 b0993a3e08e9b9436c2c4ee2ba115a3e01247fc7
SHA256 2981cdef41416b51adeb6759a0fbc7045f5c12fa686f437587c325a1435a3c96
SHA512 60e71087cc5fb9a21b2a43325eb9e8527115dc692ed3899f02c2d11e4ff0a9f98047f129bf0e2de850b427ea2a2febc327efa8443854b1757728d5538cf44bca

memory/3132-258-0x0000000000C80000-0x0000000000C95000-memory.dmp

memory/3284-266-0x0000000000C80000-0x0000000000C95000-memory.dmp

memory/3284-270-0x0000000000C80000-0x0000000000C95000-memory.dmp

memory/3444-278-0x0000000000C80000-0x0000000000C95000-memory.dmp

memory/3444-280-0x0000000000C80000-0x0000000000C95000-memory.dmp

memory/3596-289-0x0000000000C80000-0x0000000000C95000-memory.dmp

memory/3596-293-0x0000000000C80000-0x0000000000C95000-memory.dmp

memory/3748-301-0x0000000000C80000-0x0000000000C95000-memory.dmp

memory/3892-308-0x0000000000C80000-0x0000000000C95000-memory.dmp

memory/3892-312-0x0000000000C80000-0x0000000000C95000-memory.dmp

memory/4044-318-0x0000000000C80000-0x0000000000C95000-memory.dmp

memory/4044-321-0x0000000000C80000-0x0000000000C95000-memory.dmp

memory/3272-330-0x0000000000C80000-0x0000000000C95000-memory.dmp

memory/3564-337-0x0000000000C80000-0x0000000000C95000-memory.dmp

memory/3564-340-0x0000000000C80000-0x0000000000C95000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-02-27 20:26

Reported

2024-02-27 20:29

Platform

win10v2004-20240226-en

Max time kernel

151s

Max time network

157s

Command Line

"C:\Users\Admin\AppData\Local\Temp\aa148aaca301b7273bdbdb6c1f2d581e.exe"

Signatures

Detect XtremeRAT payload

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

XtremeRAT

persistence spyware rat xtremerat

Modifies Installed Components in the registry

persistence
Description Indicator Process Target
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} C:\Windows\InstallDir\sonds.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Windows\\InstallDir\\sonds.exe restart" C:\Windows\InstallDir\sonds.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Windows\\InstallDir\\sonds.exe restart" C:\Windows\InstallDir\sonds.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} C:\Windows\InstallDir\sonds.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} C:\Windows\InstallDir\sonds.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} C:\Windows\InstallDir\sonds.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} C:\Windows\InstallDir\sonds.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Windows\\InstallDir\\sonds.exe restart" C:\Windows\InstallDir\sonds.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Windows\\InstallDir\\sonds.exe restart" C:\Windows\InstallDir\sonds.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Windows\\InstallDir\\sonds.exe restart" C:\Windows\InstallDir\sonds.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} C:\Windows\InstallDir\sonds.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} C:\Windows\InstallDir\sonds.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} C:\Windows\InstallDir\sonds.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Windows\\InstallDir\\sonds.exe restart" C:\Windows\InstallDir\sonds.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} C:\Windows\InstallDir\sonds.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Windows\\InstallDir\\sonds.exe restart" C:\Windows\InstallDir\sonds.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Windows\\InstallDir\\sonds.exe restart" C:\Windows\InstallDir\sonds.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Windows\\InstallDir\\sonds.exe restart" C:\Windows\InstallDir\sonds.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Windows\\InstallDir\\sonds.exe restart" C:\Windows\InstallDir\sonds.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} C:\Users\Admin\AppData\Local\Temp\aa148aaca301b7273bdbdb6c1f2d581e.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Windows\\InstallDir\\sonds.exe restart" C:\Windows\InstallDir\sonds.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Windows\\InstallDir\\sonds.exe restart" C:\Windows\InstallDir\sonds.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} C:\Windows\InstallDir\sonds.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} C:\Windows\InstallDir\sonds.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} C:\Windows\InstallDir\sonds.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Windows\\InstallDir\\sonds.exe restart" C:\Windows\InstallDir\sonds.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} C:\Windows\InstallDir\sonds.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} C:\Windows\InstallDir\sonds.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Windows\\InstallDir\\sonds.exe restart" C:\Windows\InstallDir\sonds.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} C:\Windows\InstallDir\sonds.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} C:\Windows\InstallDir\sonds.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Windows\\InstallDir\\sonds.exe restart" C:\Windows\InstallDir\sonds.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} C:\Windows\InstallDir\sonds.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Windows\\InstallDir\\sonds.exe restart" C:\Windows\InstallDir\sonds.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Windows\\InstallDir\\sonds.exe restart" C:\Windows\InstallDir\sonds.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Windows\\InstallDir\\sonds.exe restart" C:\Windows\InstallDir\sonds.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Windows\\InstallDir\\sonds.exe restart" C:\Windows\InstallDir\sonds.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Windows\\InstallDir\\sonds.exe restart" C:\Windows\InstallDir\sonds.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Windows\\InstallDir\\sonds.exe restart" C:\Windows\InstallDir\sonds.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Windows\\InstallDir\\sonds.exe restart" C:\Windows\InstallDir\sonds.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Windows\\InstallDir\\sonds.exe restart" C:\Windows\InstallDir\sonds.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} C:\Windows\InstallDir\sonds.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Windows\\InstallDir\\sonds.exe restart" C:\Windows\InstallDir\sonds.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} C:\Windows\InstallDir\sonds.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} C:\Windows\InstallDir\sonds.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} C:\Windows\InstallDir\sonds.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} C:\Windows\InstallDir\sonds.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Windows\\InstallDir\\sonds.exe restart" C:\Windows\InstallDir\sonds.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Windows\\InstallDir\\sonds.exe restart" C:\Windows\InstallDir\sonds.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} C:\Windows\InstallDir\sonds.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Windows\\InstallDir\\sonds.exe restart" C:\Users\Admin\AppData\Local\Temp\aa148aaca301b7273bdbdb6c1f2d581e.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} C:\Windows\InstallDir\sonds.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} C:\Windows\InstallDir\sonds.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} C:\Windows\InstallDir\sonds.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Windows\\InstallDir\\sonds.exe restart" C:\Windows\InstallDir\sonds.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} C:\Windows\InstallDir\sonds.exe N/A

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-513485977-2495024337-1260977654-1000\Control Panel\International\Geo\Nation C:\Windows\InstallDir\sonds.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-513485977-2495024337-1260977654-1000\Control Panel\International\Geo\Nation C:\Windows\InstallDir\sonds.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-513485977-2495024337-1260977654-1000\Control Panel\International\Geo\Nation C:\Windows\InstallDir\sonds.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-513485977-2495024337-1260977654-1000\Control Panel\International\Geo\Nation C:\Windows\InstallDir\sonds.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-513485977-2495024337-1260977654-1000\Control Panel\International\Geo\Nation C:\Windows\InstallDir\sonds.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-513485977-2495024337-1260977654-1000\Control Panel\International\Geo\Nation C:\Windows\InstallDir\sonds.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-513485977-2495024337-1260977654-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\aa148aaca301b7273bdbdb6c1f2d581e.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-513485977-2495024337-1260977654-1000\Control Panel\International\Geo\Nation C:\Windows\InstallDir\sonds.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-513485977-2495024337-1260977654-1000\Control Panel\International\Geo\Nation C:\Windows\InstallDir\sonds.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-513485977-2495024337-1260977654-1000\Control Panel\International\Geo\Nation C:\Windows\InstallDir\sonds.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-513485977-2495024337-1260977654-1000\Control Panel\International\Geo\Nation C:\Windows\InstallDir\sonds.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-513485977-2495024337-1260977654-1000\Control Panel\International\Geo\Nation C:\Windows\InstallDir\sonds.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-513485977-2495024337-1260977654-1000\Control Panel\International\Geo\Nation C:\Windows\InstallDir\sonds.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-513485977-2495024337-1260977654-1000\Control Panel\International\Geo\Nation C:\Windows\InstallDir\sonds.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-513485977-2495024337-1260977654-1000\Control Panel\International\Geo\Nation C:\Windows\InstallDir\sonds.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-513485977-2495024337-1260977654-1000\Control Panel\International\Geo\Nation C:\Windows\InstallDir\sonds.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-513485977-2495024337-1260977654-1000\Control Panel\International\Geo\Nation C:\Windows\InstallDir\sonds.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-513485977-2495024337-1260977654-1000\Control Panel\International\Geo\Nation C:\Windows\InstallDir\sonds.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-513485977-2495024337-1260977654-1000\Control Panel\International\Geo\Nation C:\Windows\InstallDir\sonds.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-513485977-2495024337-1260977654-1000\Control Panel\International\Geo\Nation C:\Windows\InstallDir\sonds.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-513485977-2495024337-1260977654-1000\Control Panel\International\Geo\Nation C:\Windows\InstallDir\sonds.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-513485977-2495024337-1260977654-1000\Control Panel\International\Geo\Nation C:\Windows\InstallDir\sonds.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-513485977-2495024337-1260977654-1000\Control Panel\International\Geo\Nation C:\Windows\InstallDir\sonds.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-513485977-2495024337-1260977654-1000\Control Panel\International\Geo\Nation C:\Windows\InstallDir\sonds.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-513485977-2495024337-1260977654-1000\Control Panel\International\Geo\Nation C:\Windows\InstallDir\sonds.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-513485977-2495024337-1260977654-1000\Control Panel\International\Geo\Nation C:\Windows\InstallDir\sonds.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-513485977-2495024337-1260977654-1000\Control Panel\International\Geo\Nation C:\Windows\InstallDir\sonds.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Windows\InstallDir\sonds.exe N/A
N/A N/A C:\Windows\InstallDir\sonds.exe N/A
N/A N/A C:\Windows\InstallDir\sonds.exe N/A
N/A N/A C:\Windows\InstallDir\sonds.exe N/A
N/A N/A C:\Windows\InstallDir\sonds.exe N/A
N/A N/A C:\Windows\InstallDir\sonds.exe N/A
N/A N/A C:\Windows\InstallDir\sonds.exe N/A
N/A N/A C:\Windows\InstallDir\sonds.exe N/A
N/A N/A C:\Windows\InstallDir\sonds.exe N/A
N/A N/A C:\Windows\InstallDir\sonds.exe N/A
N/A N/A C:\Windows\InstallDir\sonds.exe N/A
N/A N/A C:\Windows\InstallDir\sonds.exe N/A
N/A N/A C:\Windows\InstallDir\sonds.exe N/A
N/A N/A C:\Windows\InstallDir\sonds.exe N/A
N/A N/A C:\Windows\InstallDir\sonds.exe N/A
N/A N/A C:\Windows\InstallDir\sonds.exe N/A
N/A N/A C:\Windows\InstallDir\sonds.exe N/A
N/A N/A C:\Windows\InstallDir\sonds.exe N/A
N/A N/A C:\Windows\InstallDir\sonds.exe N/A
N/A N/A C:\Windows\InstallDir\sonds.exe N/A
N/A N/A C:\Windows\InstallDir\sonds.exe N/A
N/A N/A C:\Windows\InstallDir\sonds.exe N/A
N/A N/A C:\Windows\InstallDir\sonds.exe N/A
N/A N/A C:\Windows\InstallDir\sonds.exe N/A
N/A N/A C:\Windows\InstallDir\sonds.exe N/A
N/A N/A C:\Windows\InstallDir\sonds.exe N/A
N/A N/A C:\Windows\InstallDir\sonds.exe N/A
N/A N/A C:\Windows\InstallDir\sonds.exe N/A
N/A N/A C:\Windows\InstallDir\sonds.exe N/A
N/A N/A C:\Windows\InstallDir\sonds.exe N/A
N/A N/A C:\Windows\InstallDir\sonds.exe N/A
N/A N/A C:\Windows\InstallDir\sonds.exe N/A
N/A N/A C:\Windows\InstallDir\sonds.exe N/A
N/A N/A C:\Windows\InstallDir\sonds.exe N/A
N/A N/A C:\Windows\InstallDir\sonds.exe N/A
N/A N/A C:\Windows\InstallDir\sonds.exe N/A
N/A N/A C:\Windows\InstallDir\sonds.exe N/A
N/A N/A C:\Windows\InstallDir\sonds.exe N/A
N/A N/A C:\Windows\InstallDir\sonds.exe N/A
N/A N/A C:\Windows\InstallDir\sonds.exe N/A
N/A N/A C:\Windows\InstallDir\sonds.exe N/A
N/A N/A C:\Windows\InstallDir\sonds.exe N/A
N/A N/A C:\Windows\InstallDir\sonds.exe N/A
N/A N/A C:\Windows\InstallDir\sonds.exe N/A
N/A N/A C:\Windows\InstallDir\sonds.exe N/A
N/A N/A C:\Windows\InstallDir\sonds.exe N/A
N/A N/A C:\Windows\InstallDir\sonds.exe N/A
N/A N/A C:\Windows\InstallDir\sonds.exe N/A
N/A N/A C:\Windows\InstallDir\sonds.exe N/A
N/A N/A C:\Windows\InstallDir\sonds.exe N/A
N/A N/A C:\Windows\InstallDir\sonds.exe N/A
N/A N/A C:\Windows\InstallDir\sonds.exe N/A
N/A N/A C:\Windows\InstallDir\sonds.exe N/A
N/A N/A C:\Windows\InstallDir\sonds.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\sonds.exe" C:\Windows\InstallDir\sonds.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-513485977-2495024337-1260977654-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\sonds.exe" C:\Windows\InstallDir\sonds.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-513485977-2495024337-1260977654-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\sonds.exe" C:\Windows\InstallDir\sonds.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-513485977-2495024337-1260977654-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\sonds.exe" C:\Windows\InstallDir\sonds.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-513485977-2495024337-1260977654-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\sonds.exe" C:\Windows\InstallDir\sonds.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\sonds.exe" C:\Windows\InstallDir\sonds.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\sonds.exe" C:\Windows\InstallDir\sonds.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-513485977-2495024337-1260977654-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\sonds.exe" C:\Windows\InstallDir\sonds.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-513485977-2495024337-1260977654-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\sonds.exe" C:\Windows\InstallDir\sonds.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\sonds.exe" C:\Windows\InstallDir\sonds.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-513485977-2495024337-1260977654-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\sonds.exe" C:\Users\Admin\AppData\Local\Temp\aa148aaca301b7273bdbdb6c1f2d581e.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-513485977-2495024337-1260977654-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\sonds.exe" C:\Windows\InstallDir\sonds.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-513485977-2495024337-1260977654-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\sonds.exe" C:\Windows\InstallDir\sonds.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-513485977-2495024337-1260977654-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\sonds.exe" C:\Windows\InstallDir\sonds.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\sonds.exe" C:\Windows\InstallDir\sonds.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\sonds.exe" C:\Windows\InstallDir\sonds.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\sonds.exe" C:\Windows\InstallDir\sonds.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\sonds.exe" C:\Windows\InstallDir\sonds.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-513485977-2495024337-1260977654-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\sonds.exe" C:\Windows\InstallDir\sonds.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-513485977-2495024337-1260977654-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\sonds.exe" C:\Windows\InstallDir\sonds.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-513485977-2495024337-1260977654-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\sonds.exe" C:\Windows\InstallDir\sonds.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\sonds.exe" C:\Windows\InstallDir\sonds.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-513485977-2495024337-1260977654-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\sonds.exe" C:\Windows\InstallDir\sonds.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\sonds.exe" C:\Windows\InstallDir\sonds.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-513485977-2495024337-1260977654-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\sonds.exe" C:\Windows\InstallDir\sonds.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\sonds.exe" C:\Windows\InstallDir\sonds.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-513485977-2495024337-1260977654-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\sonds.exe" C:\Windows\InstallDir\sonds.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\sonds.exe" C:\Windows\InstallDir\sonds.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\sonds.exe" C:\Windows\InstallDir\sonds.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\sonds.exe" C:\Windows\InstallDir\sonds.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-513485977-2495024337-1260977654-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\sonds.exe" C:\Windows\InstallDir\sonds.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\sonds.exe" C:\Windows\InstallDir\sonds.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-513485977-2495024337-1260977654-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\sonds.exe" C:\Windows\InstallDir\sonds.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\sonds.exe" C:\Windows\InstallDir\sonds.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-513485977-2495024337-1260977654-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\sonds.exe" C:\Windows\InstallDir\sonds.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\sonds.exe" C:\Windows\InstallDir\sonds.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-513485977-2495024337-1260977654-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\sonds.exe" C:\Windows\InstallDir\sonds.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-513485977-2495024337-1260977654-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\sonds.exe" C:\Windows\InstallDir\sonds.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\sonds.exe" C:\Windows\InstallDir\sonds.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-513485977-2495024337-1260977654-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\sonds.exe" C:\Windows\InstallDir\sonds.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-513485977-2495024337-1260977654-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\sonds.exe" C:\Windows\InstallDir\sonds.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\sonds.exe" C:\Windows\InstallDir\sonds.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\sonds.exe" C:\Windows\InstallDir\sonds.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\sonds.exe" C:\Windows\InstallDir\sonds.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-513485977-2495024337-1260977654-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\sonds.exe" C:\Windows\InstallDir\sonds.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-513485977-2495024337-1260977654-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\sonds.exe" C:\Windows\InstallDir\sonds.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\sonds.exe" C:\Windows\InstallDir\sonds.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-513485977-2495024337-1260977654-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\sonds.exe" C:\Windows\InstallDir\sonds.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\sonds.exe" C:\Windows\InstallDir\sonds.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-513485977-2495024337-1260977654-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\sonds.exe" C:\Windows\InstallDir\sonds.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\sonds.exe" C:\Windows\InstallDir\sonds.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\sonds.exe" C:\Users\Admin\AppData\Local\Temp\aa148aaca301b7273bdbdb6c1f2d581e.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\sonds.exe" C:\Windows\InstallDir\sonds.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\sonds.exe" C:\Windows\InstallDir\sonds.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\sonds.exe" C:\Windows\InstallDir\sonds.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-513485977-2495024337-1260977654-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\sonds.exe" C:\Windows\InstallDir\sonds.exe N/A

Suspicious use of SetThreadContext

Description Indicator Process Target
PID 2676 set thread context of 4936 N/A C:\Users\Admin\AppData\Local\Temp\aa148aaca301b7273bdbdb6c1f2d581e.exe C:\Users\Admin\AppData\Local\Temp\aa148aaca301b7273bdbdb6c1f2d581e.exe
PID 960 set thread context of 1436 N/A C:\Windows\InstallDir\sonds.exe C:\Windows\InstallDir\sonds.exe
PID 3984 set thread context of 3024 N/A C:\Windows\InstallDir\sonds.exe C:\Windows\InstallDir\sonds.exe
PID 1992 set thread context of 5056 N/A C:\Windows\InstallDir\sonds.exe C:\Windows\InstallDir\sonds.exe
PID 2988 set thread context of 1676 N/A C:\Windows\InstallDir\sonds.exe C:\Windows\InstallDir\sonds.exe
PID 4588 set thread context of 628 N/A C:\Windows\InstallDir\sonds.exe C:\Windows\InstallDir\sonds.exe
PID 4404 set thread context of 2192 N/A C:\Windows\InstallDir\sonds.exe C:\Windows\InstallDir\sonds.exe
PID 2128 set thread context of 2084 N/A C:\Windows\InstallDir\sonds.exe C:\Windows\InstallDir\sonds.exe
PID 740 set thread context of 3128 N/A C:\Windows\InstallDir\sonds.exe C:\Windows\InstallDir\sonds.exe
PID 4704 set thread context of 4032 N/A C:\Windows\InstallDir\sonds.exe C:\Windows\InstallDir\sonds.exe
PID 1136 set thread context of 3964 N/A C:\Windows\InstallDir\sonds.exe C:\Windows\InstallDir\sonds.exe
PID 2528 set thread context of 2972 N/A C:\Windows\InstallDir\sonds.exe C:\Windows\InstallDir\sonds.exe
PID 1564 set thread context of 4944 N/A C:\Windows\InstallDir\sonds.exe C:\Windows\InstallDir\sonds.exe
PID 3924 set thread context of 316 N/A C:\Windows\InstallDir\sonds.exe C:\Windows\InstallDir\sonds.exe
PID 4528 set thread context of 4388 N/A C:\Windows\InstallDir\sonds.exe C:\Windows\InstallDir\sonds.exe
PID 1332 set thread context of 4808 N/A C:\Windows\InstallDir\sonds.exe C:\Windows\InstallDir\sonds.exe
PID 1304 set thread context of 1480 N/A C:\Windows\InstallDir\sonds.exe C:\Windows\InstallDir\sonds.exe
PID 3016 set thread context of 4028 N/A C:\Windows\InstallDir\sonds.exe C:\Windows\InstallDir\sonds.exe
PID 1960 set thread context of 1820 N/A C:\Windows\InstallDir\sonds.exe C:\Windows\InstallDir\sonds.exe
PID 2292 set thread context of 4228 N/A C:\Windows\InstallDir\sonds.exe C:\Windows\InstallDir\sonds.exe
PID 2484 set thread context of 816 N/A C:\Windows\InstallDir\sonds.exe C:\Windows\InstallDir\sonds.exe
PID 5124 set thread context of 5156 N/A C:\Windows\InstallDir\sonds.exe C:\Windows\InstallDir\sonds.exe
PID 5348 set thread context of 5376 N/A C:\Windows\InstallDir\sonds.exe C:\Windows\InstallDir\sonds.exe
PID 5544 set thread context of 5572 N/A C:\Windows\InstallDir\sonds.exe C:\Windows\InstallDir\sonds.exe
PID 5728 set thread context of 5760 N/A C:\Windows\InstallDir\sonds.exe C:\Windows\InstallDir\sonds.exe
PID 6068 set thread context of 6096 N/A C:\Windows\InstallDir\sonds.exe C:\Windows\InstallDir\sonds.exe
PID 5340 set thread context of 5384 N/A C:\Windows\InstallDir\sonds.exe C:\Windows\InstallDir\sonds.exe
PID 5748 set thread context of 5792 N/A C:\Windows\InstallDir\sonds.exe C:\Windows\InstallDir\sonds.exe

Drops file in Windows directory

Description Indicator Process Target
File opened for modification C:\Windows\InstallDir\sonds.exe C:\Users\Admin\AppData\Local\Temp\aa148aaca301b7273bdbdb6c1f2d581e.exe N/A
File created C:\Windows\InstallDir\sonds.exe C:\Users\Admin\AppData\Local\Temp\aa148aaca301b7273bdbdb6c1f2d581e.exe N/A

Enumerates physical storage devices

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2676 wrote to memory of 4936 N/A C:\Users\Admin\AppData\Local\Temp\aa148aaca301b7273bdbdb6c1f2d581e.exe C:\Users\Admin\AppData\Local\Temp\aa148aaca301b7273bdbdb6c1f2d581e.exe
PID 2676 wrote to memory of 4936 N/A C:\Users\Admin\AppData\Local\Temp\aa148aaca301b7273bdbdb6c1f2d581e.exe C:\Users\Admin\AppData\Local\Temp\aa148aaca301b7273bdbdb6c1f2d581e.exe
PID 2676 wrote to memory of 4936 N/A C:\Users\Admin\AppData\Local\Temp\aa148aaca301b7273bdbdb6c1f2d581e.exe C:\Users\Admin\AppData\Local\Temp\aa148aaca301b7273bdbdb6c1f2d581e.exe
PID 2676 wrote to memory of 4936 N/A C:\Users\Admin\AppData\Local\Temp\aa148aaca301b7273bdbdb6c1f2d581e.exe C:\Users\Admin\AppData\Local\Temp\aa148aaca301b7273bdbdb6c1f2d581e.exe
PID 2676 wrote to memory of 4936 N/A C:\Users\Admin\AppData\Local\Temp\aa148aaca301b7273bdbdb6c1f2d581e.exe C:\Users\Admin\AppData\Local\Temp\aa148aaca301b7273bdbdb6c1f2d581e.exe
PID 2676 wrote to memory of 4936 N/A C:\Users\Admin\AppData\Local\Temp\aa148aaca301b7273bdbdb6c1f2d581e.exe C:\Users\Admin\AppData\Local\Temp\aa148aaca301b7273bdbdb6c1f2d581e.exe
PID 2676 wrote to memory of 4936 N/A C:\Users\Admin\AppData\Local\Temp\aa148aaca301b7273bdbdb6c1f2d581e.exe C:\Users\Admin\AppData\Local\Temp\aa148aaca301b7273bdbdb6c1f2d581e.exe
PID 2676 wrote to memory of 4936 N/A C:\Users\Admin\AppData\Local\Temp\aa148aaca301b7273bdbdb6c1f2d581e.exe C:\Users\Admin\AppData\Local\Temp\aa148aaca301b7273bdbdb6c1f2d581e.exe
PID 4936 wrote to memory of 4140 N/A C:\Users\Admin\AppData\Local\Temp\aa148aaca301b7273bdbdb6c1f2d581e.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4936 wrote to memory of 4140 N/A C:\Users\Admin\AppData\Local\Temp\aa148aaca301b7273bdbdb6c1f2d581e.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4936 wrote to memory of 4140 N/A C:\Users\Admin\AppData\Local\Temp\aa148aaca301b7273bdbdb6c1f2d581e.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4936 wrote to memory of 2556 N/A C:\Users\Admin\AppData\Local\Temp\aa148aaca301b7273bdbdb6c1f2d581e.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4936 wrote to memory of 2556 N/A C:\Users\Admin\AppData\Local\Temp\aa148aaca301b7273bdbdb6c1f2d581e.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4936 wrote to memory of 2556 N/A C:\Users\Admin\AppData\Local\Temp\aa148aaca301b7273bdbdb6c1f2d581e.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4936 wrote to memory of 2220 N/A C:\Users\Admin\AppData\Local\Temp\aa148aaca301b7273bdbdb6c1f2d581e.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4936 wrote to memory of 2220 N/A C:\Users\Admin\AppData\Local\Temp\aa148aaca301b7273bdbdb6c1f2d581e.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4936 wrote to memory of 2220 N/A C:\Users\Admin\AppData\Local\Temp\aa148aaca301b7273bdbdb6c1f2d581e.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4936 wrote to memory of 1984 N/A C:\Users\Admin\AppData\Local\Temp\aa148aaca301b7273bdbdb6c1f2d581e.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4936 wrote to memory of 1984 N/A C:\Users\Admin\AppData\Local\Temp\aa148aaca301b7273bdbdb6c1f2d581e.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4936 wrote to memory of 1984 N/A C:\Users\Admin\AppData\Local\Temp\aa148aaca301b7273bdbdb6c1f2d581e.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4936 wrote to memory of 5096 N/A C:\Users\Admin\AppData\Local\Temp\aa148aaca301b7273bdbdb6c1f2d581e.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4936 wrote to memory of 5096 N/A C:\Users\Admin\AppData\Local\Temp\aa148aaca301b7273bdbdb6c1f2d581e.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4936 wrote to memory of 5096 N/A C:\Users\Admin\AppData\Local\Temp\aa148aaca301b7273bdbdb6c1f2d581e.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4936 wrote to memory of 1080 N/A C:\Users\Admin\AppData\Local\Temp\aa148aaca301b7273bdbdb6c1f2d581e.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4936 wrote to memory of 1080 N/A C:\Users\Admin\AppData\Local\Temp\aa148aaca301b7273bdbdb6c1f2d581e.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4936 wrote to memory of 1080 N/A C:\Users\Admin\AppData\Local\Temp\aa148aaca301b7273bdbdb6c1f2d581e.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4936 wrote to memory of 2108 N/A C:\Users\Admin\AppData\Local\Temp\aa148aaca301b7273bdbdb6c1f2d581e.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4936 wrote to memory of 2108 N/A C:\Users\Admin\AppData\Local\Temp\aa148aaca301b7273bdbdb6c1f2d581e.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4936 wrote to memory of 2108 N/A C:\Users\Admin\AppData\Local\Temp\aa148aaca301b7273bdbdb6c1f2d581e.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4936 wrote to memory of 920 N/A C:\Users\Admin\AppData\Local\Temp\aa148aaca301b7273bdbdb6c1f2d581e.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4936 wrote to memory of 920 N/A C:\Users\Admin\AppData\Local\Temp\aa148aaca301b7273bdbdb6c1f2d581e.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4936 wrote to memory of 960 N/A C:\Users\Admin\AppData\Local\Temp\aa148aaca301b7273bdbdb6c1f2d581e.exe C:\Windows\InstallDir\sonds.exe
PID 4936 wrote to memory of 960 N/A C:\Users\Admin\AppData\Local\Temp\aa148aaca301b7273bdbdb6c1f2d581e.exe C:\Windows\InstallDir\sonds.exe
PID 4936 wrote to memory of 960 N/A C:\Users\Admin\AppData\Local\Temp\aa148aaca301b7273bdbdb6c1f2d581e.exe C:\Windows\InstallDir\sonds.exe
PID 960 wrote to memory of 1436 N/A C:\Windows\InstallDir\sonds.exe C:\Windows\InstallDir\sonds.exe
PID 960 wrote to memory of 1436 N/A C:\Windows\InstallDir\sonds.exe C:\Windows\InstallDir\sonds.exe
PID 960 wrote to memory of 1436 N/A C:\Windows\InstallDir\sonds.exe C:\Windows\InstallDir\sonds.exe
PID 960 wrote to memory of 1436 N/A C:\Windows\InstallDir\sonds.exe C:\Windows\InstallDir\sonds.exe
PID 960 wrote to memory of 1436 N/A C:\Windows\InstallDir\sonds.exe C:\Windows\InstallDir\sonds.exe
PID 960 wrote to memory of 1436 N/A C:\Windows\InstallDir\sonds.exe C:\Windows\InstallDir\sonds.exe
PID 960 wrote to memory of 1436 N/A C:\Windows\InstallDir\sonds.exe C:\Windows\InstallDir\sonds.exe
PID 960 wrote to memory of 1436 N/A C:\Windows\InstallDir\sonds.exe C:\Windows\InstallDir\sonds.exe
PID 1436 wrote to memory of 2432 N/A C:\Windows\InstallDir\sonds.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1436 wrote to memory of 2432 N/A C:\Windows\InstallDir\sonds.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1436 wrote to memory of 2432 N/A C:\Windows\InstallDir\sonds.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1436 wrote to memory of 1616 N/A C:\Windows\InstallDir\sonds.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1436 wrote to memory of 1616 N/A C:\Windows\InstallDir\sonds.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1436 wrote to memory of 1616 N/A C:\Windows\InstallDir\sonds.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1436 wrote to memory of 3576 N/A C:\Windows\InstallDir\sonds.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1436 wrote to memory of 3576 N/A C:\Windows\InstallDir\sonds.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1436 wrote to memory of 3576 N/A C:\Windows\InstallDir\sonds.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1436 wrote to memory of 1440 N/A C:\Windows\InstallDir\sonds.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1436 wrote to memory of 1440 N/A C:\Windows\InstallDir\sonds.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1436 wrote to memory of 1440 N/A C:\Windows\InstallDir\sonds.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1436 wrote to memory of 5104 N/A C:\Windows\InstallDir\sonds.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1436 wrote to memory of 5104 N/A C:\Windows\InstallDir\sonds.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1436 wrote to memory of 5104 N/A C:\Windows\InstallDir\sonds.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1436 wrote to memory of 4516 N/A C:\Windows\InstallDir\sonds.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1436 wrote to memory of 4516 N/A C:\Windows\InstallDir\sonds.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1436 wrote to memory of 4516 N/A C:\Windows\InstallDir\sonds.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1436 wrote to memory of 4612 N/A C:\Windows\InstallDir\sonds.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1436 wrote to memory of 4612 N/A C:\Windows\InstallDir\sonds.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1436 wrote to memory of 4612 N/A C:\Windows\InstallDir\sonds.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1436 wrote to memory of 1508 N/A C:\Windows\InstallDir\sonds.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Users\Admin\AppData\Local\Temp\aa148aaca301b7273bdbdb6c1f2d581e.exe

"C:\Users\Admin\AppData\Local\Temp\aa148aaca301b7273bdbdb6c1f2d581e.exe"

C:\Users\Admin\AppData\Local\Temp\aa148aaca301b7273bdbdb6c1f2d581e.exe

"C:\Users\Admin\AppData\Local\Temp\aa148aaca301b7273bdbdb6c1f2d581e.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Windows\InstallDir\sonds.exe

"C:\Windows\InstallDir\sonds.exe"

C:\Windows\InstallDir\sonds.exe

"C:\Windows\InstallDir\sonds.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Windows\InstallDir\sonds.exe

"C:\Windows\InstallDir\sonds.exe"

C:\Windows\InstallDir\sonds.exe

"C:\Windows\InstallDir\sonds.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Windows\InstallDir\sonds.exe

"C:\Windows\InstallDir\sonds.exe"

C:\Windows\InstallDir\sonds.exe

"C:\Windows\InstallDir\sonds.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Windows\InstallDir\sonds.exe

"C:\Windows\InstallDir\sonds.exe"

C:\Windows\InstallDir\sonds.exe

"C:\Windows\InstallDir\sonds.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Windows\InstallDir\sonds.exe

"C:\Windows\InstallDir\sonds.exe"

C:\Windows\InstallDir\sonds.exe

"C:\Windows\InstallDir\sonds.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Windows\InstallDir\sonds.exe

"C:\Windows\InstallDir\sonds.exe"

C:\Windows\InstallDir\sonds.exe

"C:\Windows\InstallDir\sonds.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Windows\InstallDir\sonds.exe

"C:\Windows\InstallDir\sonds.exe"

C:\Windows\InstallDir\sonds.exe

"C:\Windows\InstallDir\sonds.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Windows\InstallDir\sonds.exe

"C:\Windows\InstallDir\sonds.exe"

C:\Windows\InstallDir\sonds.exe

"C:\Windows\InstallDir\sonds.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Windows\InstallDir\sonds.exe

"C:\Windows\InstallDir\sonds.exe"

C:\Windows\InstallDir\sonds.exe

"C:\Windows\InstallDir\sonds.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Windows\InstallDir\sonds.exe

"C:\Windows\InstallDir\sonds.exe"

C:\Windows\InstallDir\sonds.exe

"C:\Windows\InstallDir\sonds.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Windows\InstallDir\sonds.exe

"C:\Windows\InstallDir\sonds.exe"

C:\Windows\InstallDir\sonds.exe

"C:\Windows\InstallDir\sonds.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Windows\InstallDir\sonds.exe

"C:\Windows\InstallDir\sonds.exe"

C:\Windows\InstallDir\sonds.exe

"C:\Windows\InstallDir\sonds.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Windows\InstallDir\sonds.exe

"C:\Windows\InstallDir\sonds.exe"

C:\Windows\InstallDir\sonds.exe

"C:\Windows\InstallDir\sonds.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Windows\InstallDir\sonds.exe

"C:\Windows\InstallDir\sonds.exe"

C:\Windows\InstallDir\sonds.exe

"C:\Windows\InstallDir\sonds.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Windows\InstallDir\sonds.exe

"C:\Windows\InstallDir\sonds.exe"

C:\Windows\InstallDir\sonds.exe

"C:\Windows\InstallDir\sonds.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Windows\InstallDir\sonds.exe

"C:\Windows\InstallDir\sonds.exe"

C:\Windows\InstallDir\sonds.exe

"C:\Windows\InstallDir\sonds.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Windows\InstallDir\sonds.exe

"C:\Windows\InstallDir\sonds.exe"

C:\Windows\InstallDir\sonds.exe

"C:\Windows\InstallDir\sonds.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Windows\InstallDir\sonds.exe

"C:\Windows\InstallDir\sonds.exe"

C:\Windows\InstallDir\sonds.exe

"C:\Windows\InstallDir\sonds.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Windows\InstallDir\sonds.exe

"C:\Windows\InstallDir\sonds.exe"

C:\Windows\InstallDir\sonds.exe

"C:\Windows\InstallDir\sonds.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Windows\InstallDir\sonds.exe

"C:\Windows\InstallDir\sonds.exe"

C:\Windows\InstallDir\sonds.exe

"C:\Windows\InstallDir\sonds.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Windows\InstallDir\sonds.exe

"C:\Windows\InstallDir\sonds.exe"

C:\Windows\InstallDir\sonds.exe

"C:\Windows\InstallDir\sonds.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Windows\InstallDir\sonds.exe

"C:\Windows\InstallDir\sonds.exe"

C:\Windows\InstallDir\sonds.exe

"C:\Windows\InstallDir\sonds.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Windows\InstallDir\sonds.exe

"C:\Windows\InstallDir\sonds.exe"

C:\Windows\InstallDir\sonds.exe

"C:\Windows\InstallDir\sonds.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Windows\InstallDir\sonds.exe

"C:\Windows\InstallDir\sonds.exe"

C:\Windows\InstallDir\sonds.exe

"C:\Windows\InstallDir\sonds.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Windows\InstallDir\sonds.exe

"C:\Windows\InstallDir\sonds.exe"

C:\Windows\InstallDir\sonds.exe

"C:\Windows\InstallDir\sonds.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Windows\InstallDir\sonds.exe

"C:\Windows\InstallDir\sonds.exe"

C:\Windows\InstallDir\sonds.exe

"C:\Windows\InstallDir\sonds.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Windows\InstallDir\sonds.exe

"C:\Windows\InstallDir\sonds.exe"

C:\Windows\InstallDir\sonds.exe

"C:\Windows\InstallDir\sonds.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 140.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 65.179.17.96.in-addr.arpa udp
US 20.231.121.79:80 tcp
US 8.8.8.8:53 103.169.127.40.in-addr.arpa udp
US 8.8.8.8:53 18.31.95.13.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 67.179.17.96.in-addr.arpa udp
US 8.8.8.8:53 14.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 61.179.17.96.in-addr.arpa udp
US 8.8.8.8:53 85.65.42.20.in-addr.arpa udp

Files

memory/4936-2-0x0000000000C80000-0x0000000000C95000-memory.dmp

memory/4936-4-0x0000000000C80000-0x0000000000C95000-memory.dmp

memory/4936-6-0x0000000000C80000-0x0000000000C95000-memory.dmp

C:\Windows\InstallDir\sonds.exe

MD5 aa148aaca301b7273bdbdb6c1f2d581e
SHA1 7c000c6d06806d6aaeaeab56e34e8eda52b3ac13
SHA256 69eb268d4de61fc838aa1e15b67025486e375f7a63e969bf16205021d3bc4526
SHA512 3a15f03815c71cdfbd984d464002eebf323f0b904a7303e2636f23b11ce73c926d057a6ab16423f975cee6f030fc574259a85c40c88d444692f3ea4cef3f6913

memory/4936-20-0x0000000000C80000-0x0000000000C95000-memory.dmp

memory/1436-28-0x0000000000C80000-0x0000000000C95000-memory.dmp

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\((Mutex)).cfg

MD5 d1a921131bfeffbfffb631b7d29bd461
SHA1 bd555f1030aea183b5fe8cb004a10869c02797ef
SHA256 5c5d67713455743a876d4fd9f61df70b7bcaed374e90a8d5f96f737b6ab3d4f3
SHA512 84f7bbd4c38dcaeaae6e36957b939c6d83c9dbc4a39c93647a1d978e21a559637bf4b7fa1deb91cc85d1707f04203a8e417576e9da7dad836d8b66d37221bf3b

memory/1436-33-0x0000000000C80000-0x0000000000C95000-memory.dmp

memory/3024-41-0x0000000000C80000-0x0000000000C95000-memory.dmp

memory/3024-46-0x0000000000C80000-0x0000000000C95000-memory.dmp

memory/5056-54-0x0000000000C80000-0x0000000000C95000-memory.dmp

memory/5056-59-0x0000000000C80000-0x0000000000C95000-memory.dmp

memory/1676-67-0x0000000000C80000-0x0000000000C95000-memory.dmp

memory/1676-72-0x0000000000C80000-0x0000000000C95000-memory.dmp

memory/628-80-0x0000000000C80000-0x0000000000C95000-memory.dmp

memory/628-85-0x0000000000C80000-0x0000000000C95000-memory.dmp

memory/2192-97-0x0000000000C80000-0x0000000000C95000-memory.dmp

memory/2084-105-0x0000000000C80000-0x0000000000C95000-memory.dmp

memory/2084-110-0x0000000000C80000-0x0000000000C95000-memory.dmp

memory/3128-118-0x0000000000C80000-0x0000000000C95000-memory.dmp

memory/3128-123-0x0000000000C80000-0x0000000000C95000-memory.dmp

memory/4032-135-0x0000000000C80000-0x0000000000C95000-memory.dmp

memory/3964-143-0x0000000000C80000-0x0000000000C95000-memory.dmp

memory/3964-148-0x0000000000C80000-0x0000000000C95000-memory.dmp

memory/2972-156-0x0000000000C80000-0x0000000000C95000-memory.dmp

C:\Windows\InstallDir\sonds.exe

MD5 5d4edad79a844f13431ac4ad9322212c
SHA1 afcb3bde419232dbcba6bbd48313b11c438c62cc
SHA256 9e6e82d4919907d58723e2582cb62d83aa7f5a406abee69826dc3498731e6445
SHA512 fc3ecb904f4c8d606d8bb6b446d530c4e9c41defb8ea0cba3a2d6ec0dbe7e013932dbf2af5f2e120bd55dcfceb7e24d61ef9f5c97d5e0db616c1a8a035d61c20

memory/2972-161-0x0000000000C80000-0x0000000000C95000-memory.dmp

memory/4944-173-0x0000000000C80000-0x0000000000C95000-memory.dmp

memory/316-181-0x0000000000C80000-0x0000000000C95000-memory.dmp

memory/316-186-0x0000000000C80000-0x0000000000C95000-memory.dmp

memory/4388-198-0x0000000000C80000-0x0000000000C95000-memory.dmp

memory/4808-206-0x0000000000C80000-0x0000000000C95000-memory.dmp

memory/4808-211-0x0000000000C80000-0x0000000000C95000-memory.dmp

memory/1480-223-0x0000000000C80000-0x0000000000C95000-memory.dmp

memory/4028-231-0x0000000000C80000-0x0000000000C95000-memory.dmp

memory/4028-236-0x0000000000C80000-0x0000000000C95000-memory.dmp

memory/1820-248-0x0000000000C80000-0x0000000000C95000-memory.dmp

memory/4228-256-0x0000000000C80000-0x0000000000C95000-memory.dmp

memory/4228-261-0x0000000000C80000-0x0000000000C95000-memory.dmp

memory/816-273-0x0000000000C80000-0x0000000000C95000-memory.dmp

memory/5156-281-0x0000000000C80000-0x0000000000C95000-memory.dmp

memory/5156-285-0x0000000000C80000-0x0000000000C95000-memory.dmp

memory/5376-292-0x0000000000C80000-0x0000000000C95000-memory.dmp

memory/5376-295-0x0000000000C80000-0x0000000000C95000-memory.dmp

memory/5572-304-0x0000000000C80000-0x0000000000C95000-memory.dmp

memory/5760-311-0x0000000000C80000-0x0000000000C95000-memory.dmp

memory/5760-314-0x0000000000C80000-0x0000000000C95000-memory.dmp

memory/6096-323-0x0000000000C80000-0x0000000000C95000-memory.dmp

memory/5384-330-0x0000000000C80000-0x0000000000C95000-memory.dmp

memory/5384-333-0x0000000000C80000-0x0000000000C95000-memory.dmp

memory/5792-340-0x0000000000C80000-0x0000000000C95000-memory.dmp