Malware Analysis Report

2025-03-14 23:05

Sample ID 240406-3xp88sfd47
Target a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c
SHA256 a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c
Tags
persistence upx
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c

Threat Level: Shows suspicious behavior

The file a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c was found to be: Shows suspicious behavior.

Malicious Activity Summary

persistence upx

Loads dropped DLL

UPX packed file

Executes dropped EXE

Adds Run key to start application

Unsigned PE

Modifies registry class

Suspicious use of WriteProcessMemory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-04-06 23:53

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-04-06 23:53

Reported

2024-04-06 23:56

Platform

win7-20240221-en

Max time kernel

117s

Max time network

118s

Command Line

"C:\Users\Admin\AppData\Local\Temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c.exe"

Signatures

Executes dropped EXE

Description Indicator Process Target
N/A N/A \??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202.exe N/A
N/A N/A \??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202a.exe N/A
N/A N/A \??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202b.exe N/A
N/A N/A \??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202c.exe N/A
N/A N/A \??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202d.exe N/A
N/A N/A \??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202e.exe N/A
N/A N/A \??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202f.exe N/A
N/A N/A \??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202g.exe N/A
N/A N/A \??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202h.exe N/A
N/A N/A \??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202i.exe N/A
N/A N/A \??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202j.exe N/A
N/A N/A \??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202k.exe N/A
N/A N/A \??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202l.exe N/A
N/A N/A \??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202m.exe N/A
N/A N/A \??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202n.exe N/A
N/A N/A \??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202o.exe N/A
N/A N/A \??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202p.exe N/A
N/A N/A \??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202q.exe N/A
N/A N/A \??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202r.exe N/A
N/A N/A \??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202s.exe N/A
N/A N/A \??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202t.exe N/A
N/A N/A \??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202u.exe N/A
N/A N/A \??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202v.exe N/A
N/A N/A \??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202w.exe N/A
N/A N/A \??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202x.exe N/A
N/A N/A \??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202y.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c.exe N/A
N/A N/A \??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202.exe N/A
N/A N/A \??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202.exe N/A
N/A N/A \??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202a.exe N/A
N/A N/A \??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202a.exe N/A
N/A N/A \??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202b.exe N/A
N/A N/A \??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202b.exe N/A
N/A N/A \??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202c.exe N/A
N/A N/A \??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202c.exe N/A
N/A N/A \??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202d.exe N/A
N/A N/A \??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202d.exe N/A
N/A N/A \??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202e.exe N/A
N/A N/A \??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202e.exe N/A
N/A N/A \??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202f.exe N/A
N/A N/A \??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202f.exe N/A
N/A N/A \??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202g.exe N/A
N/A N/A \??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202g.exe N/A
N/A N/A \??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202h.exe N/A
N/A N/A \??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202h.exe N/A
N/A N/A \??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202i.exe N/A
N/A N/A \??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202i.exe N/A
N/A N/A \??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202j.exe N/A
N/A N/A \??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202j.exe N/A
N/A N/A \??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202k.exe N/A
N/A N/A \??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202k.exe N/A
N/A N/A \??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202l.exe N/A
N/A N/A \??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202l.exe N/A
N/A N/A \??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202m.exe N/A
N/A N/A \??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202m.exe N/A
N/A N/A \??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202n.exe N/A
N/A N/A \??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202n.exe N/A
N/A N/A \??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202o.exe N/A
N/A N/A \??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202o.exe N/A
N/A N/A \??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202p.exe N/A
N/A N/A \??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202p.exe N/A
N/A N/A \??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202q.exe N/A
N/A N/A \??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202q.exe N/A
N/A N/A \??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202r.exe N/A
N/A N/A \??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202r.exe N/A
N/A N/A \??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202s.exe N/A
N/A N/A \??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202s.exe N/A
N/A N/A \??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202t.exe N/A
N/A N/A \??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202t.exe N/A
N/A N/A \??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202u.exe N/A
N/A N/A \??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202u.exe N/A
N/A N/A \??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202v.exe N/A
N/A N/A \??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202v.exe N/A
N/A N/A \??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202w.exe N/A
N/A N/A \??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202w.exe N/A
N/A N/A \??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202x.exe N/A
N/A N/A \??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202x.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202.exe\"" C:\Users\Admin\AppData\Local\Temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202c.exe\"" \??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202b.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202g.exe\"" \??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202f.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202y.exe\"" \??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202x.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202f.exe\"" \??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202e.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202i.exe\"" \??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202h.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202k.exe\"" \??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202j.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202m.exe\"" \??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202l.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202s.exe\"" \??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202r.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202v.exe\"" \??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202u.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202x.exe\"" \??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202w.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202l.exe\"" \??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202k.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202q.exe\"" \??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202p.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202t.exe\"" \??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202s.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202a.exe\"" \??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202j.exe\"" \??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202i.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202b.exe\"" \??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202a.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202n.exe\"" \??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202m.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202h.exe\"" \??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202g.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202p.exe\"" \??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202o.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202r.exe\"" \??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202q.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202d.exe\"" \??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202c.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202e.exe\"" \??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202d.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202o.exe\"" \??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202n.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202u.exe\"" \??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202t.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202w.exe\"" \??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202v.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C} \??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202r.exe N/A
Key created \REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C} \??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202x.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 93f47f741fc42648 \??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202f.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 93f47f741fc42648 \??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202n.exe N/A
Key created \REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C} \??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202k.exe N/A
Key created \REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C} \??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202n.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 93f47f741fc42648 \??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202t.exe N/A
Key created \REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C} \??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202e.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 93f47f741fc42648 \??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202e.exe N/A
Key created \REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C} \??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202f.exe N/A
Key created \REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C} \??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202h.exe N/A
Key created \REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C} \??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202.exe N/A
Key created \REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C} \??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202d.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 93f47f741fc42648 \??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202x.exe N/A
Key created \REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C} C:\Users\Admin\AppData\Local\Temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c.exe N/A
Key created \REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C} \??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202c.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 93f47f741fc42648 \??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202y.exe N/A
Key created \REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C} \??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202o.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 93f47f741fc42648 \??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202p.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 93f47f741fc42648 \??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202q.exe N/A
Key created \REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C} \??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202i.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 93f47f741fc42648 \??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202m.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 93f47f741fc42648 \??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202r.exe N/A
Key created \REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C} \??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202v.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 93f47f741fc42648 \??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202w.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 93f47f741fc42648 \??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202b.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 93f47f741fc42648 \??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202c.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 93f47f741fc42648 \??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202h.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 93f47f741fc42648 \??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202j.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 93f47f741fc42648 \??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202a.exe N/A
Key created \REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C} \??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202b.exe N/A
Key created \REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C} \??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202g.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 93f47f741fc42648 \??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202v.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 93f47f741fc42648 \??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202o.exe N/A
Key created \REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C} \??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202u.exe N/A
Key created \REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C} \??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202w.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 93f47f741fc42648 \??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202.exe N/A
Key created \REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C} \??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202a.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 93f47f741fc42648 \??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202i.exe N/A
Key created \REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C} \??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202l.exe N/A
Key created \REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C} \??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202j.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 93f47f741fc42648 \??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202k.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 93f47f741fc42648 \??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202u.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 93f47f741fc42648 C:\Users\Admin\AppData\Local\Temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c.exe N/A
Key created \REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C} \??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202p.exe N/A
Key created \REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C} \??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202t.exe N/A
Key created \REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C} \??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202q.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 93f47f741fc42648 \??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202s.exe N/A
Key created \REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C} \??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202y.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 93f47f741fc42648 \??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202d.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 93f47f741fc42648 \??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202g.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 93f47f741fc42648 \??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202l.exe N/A
Key created \REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C} \??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202m.exe N/A
Key created \REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C} \??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202s.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2156 wrote to memory of 1200 N/A C:\Users\Admin\AppData\Local\Temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c.exe \??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202.exe
PID 2156 wrote to memory of 1200 N/A C:\Users\Admin\AppData\Local\Temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c.exe \??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202.exe
PID 2156 wrote to memory of 1200 N/A C:\Users\Admin\AppData\Local\Temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c.exe \??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202.exe
PID 2156 wrote to memory of 1200 N/A C:\Users\Admin\AppData\Local\Temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c.exe \??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202.exe
PID 1200 wrote to memory of 2684 N/A \??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202.exe \??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202a.exe
PID 1200 wrote to memory of 2684 N/A \??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202.exe \??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202a.exe
PID 1200 wrote to memory of 2684 N/A \??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202.exe \??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202a.exe
PID 1200 wrote to memory of 2684 N/A \??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202.exe \??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202a.exe
PID 2684 wrote to memory of 2392 N/A \??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202a.exe \??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202b.exe
PID 2684 wrote to memory of 2392 N/A \??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202a.exe \??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202b.exe
PID 2684 wrote to memory of 2392 N/A \??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202a.exe \??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202b.exe
PID 2684 wrote to memory of 2392 N/A \??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202a.exe \??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202b.exe
PID 2392 wrote to memory of 2984 N/A \??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202b.exe \??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202c.exe
PID 2392 wrote to memory of 2984 N/A \??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202b.exe \??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202c.exe
PID 2392 wrote to memory of 2984 N/A \??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202b.exe \??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202c.exe
PID 2392 wrote to memory of 2984 N/A \??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202b.exe \??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202c.exe
PID 2984 wrote to memory of 2416 N/A \??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202c.exe \??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202d.exe
PID 2984 wrote to memory of 2416 N/A \??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202c.exe \??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202d.exe
PID 2984 wrote to memory of 2416 N/A \??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202c.exe \??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202d.exe
PID 2984 wrote to memory of 2416 N/A \??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202c.exe \??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202d.exe
PID 2416 wrote to memory of 1792 N/A \??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202d.exe \??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202e.exe
PID 2416 wrote to memory of 1792 N/A \??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202d.exe \??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202e.exe
PID 2416 wrote to memory of 1792 N/A \??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202d.exe \??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202e.exe
PID 2416 wrote to memory of 1792 N/A \??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202d.exe \??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202e.exe
PID 1792 wrote to memory of 2620 N/A \??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202e.exe \??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202f.exe
PID 1792 wrote to memory of 2620 N/A \??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202e.exe \??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202f.exe
PID 1792 wrote to memory of 2620 N/A \??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202e.exe \??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202f.exe
PID 1792 wrote to memory of 2620 N/A \??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202e.exe \??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202f.exe
PID 2620 wrote to memory of 2776 N/A \??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202f.exe \??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202g.exe
PID 2620 wrote to memory of 2776 N/A \??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202f.exe \??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202g.exe
PID 2620 wrote to memory of 2776 N/A \??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202f.exe \??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202g.exe
PID 2620 wrote to memory of 2776 N/A \??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202f.exe \??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202g.exe
PID 2776 wrote to memory of 112 N/A \??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202g.exe \??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202h.exe
PID 2776 wrote to memory of 112 N/A \??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202g.exe \??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202h.exe
PID 2776 wrote to memory of 112 N/A \??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202g.exe \??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202h.exe
PID 2776 wrote to memory of 112 N/A \??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202g.exe \??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202h.exe
PID 112 wrote to memory of 1500 N/A \??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202h.exe \??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202i.exe
PID 112 wrote to memory of 1500 N/A \??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202h.exe \??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202i.exe
PID 112 wrote to memory of 1500 N/A \??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202h.exe \??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202i.exe
PID 112 wrote to memory of 1500 N/A \??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202h.exe \??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202i.exe
PID 1500 wrote to memory of 672 N/A \??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202i.exe \??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202j.exe
PID 1500 wrote to memory of 672 N/A \??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202i.exe \??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202j.exe
PID 1500 wrote to memory of 672 N/A \??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202i.exe \??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202j.exe
PID 1500 wrote to memory of 672 N/A \??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202i.exe \??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202j.exe
PID 672 wrote to memory of 2348 N/A \??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202j.exe \??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202k.exe
PID 672 wrote to memory of 2348 N/A \??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202j.exe \??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202k.exe
PID 672 wrote to memory of 2348 N/A \??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202j.exe \??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202k.exe
PID 672 wrote to memory of 2348 N/A \??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202j.exe \??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202k.exe
PID 2348 wrote to memory of 2824 N/A \??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202k.exe \??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202l.exe
PID 2348 wrote to memory of 2824 N/A \??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202k.exe \??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202l.exe
PID 2348 wrote to memory of 2824 N/A \??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202k.exe \??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202l.exe
PID 2348 wrote to memory of 2824 N/A \??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202k.exe \??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202l.exe
PID 2824 wrote to memory of 1656 N/A \??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202l.exe \??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202m.exe
PID 2824 wrote to memory of 1656 N/A \??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202l.exe \??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202m.exe
PID 2824 wrote to memory of 1656 N/A \??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202l.exe \??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202m.exe
PID 2824 wrote to memory of 1656 N/A \??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202l.exe \??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202m.exe
PID 1656 wrote to memory of 2952 N/A \??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202m.exe \??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202n.exe
PID 1656 wrote to memory of 2952 N/A \??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202m.exe \??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202n.exe
PID 1656 wrote to memory of 2952 N/A \??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202m.exe \??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202n.exe
PID 1656 wrote to memory of 2952 N/A \??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202m.exe \??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202n.exe
PID 2952 wrote to memory of 1116 N/A \??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202n.exe \??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202o.exe
PID 2952 wrote to memory of 1116 N/A \??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202n.exe \??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202o.exe
PID 2952 wrote to memory of 1116 N/A \??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202n.exe \??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202o.exe
PID 2952 wrote to memory of 1116 N/A \??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202n.exe \??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202o.exe

Processes

C:\Users\Admin\AppData\Local\Temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c.exe

"C:\Users\Admin\AppData\Local\Temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c.exe"

\??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202.exe

c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202.exe

\??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202a.exe

c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202a.exe

\??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202b.exe

c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202b.exe

\??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202c.exe

c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202c.exe

\??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202d.exe

c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202d.exe

\??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202e.exe

c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202e.exe

\??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202f.exe

c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202f.exe

\??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202g.exe

c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202g.exe

\??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202h.exe

c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202h.exe

\??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202i.exe

c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202i.exe

\??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202j.exe

c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202j.exe

\??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202k.exe

c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202k.exe

\??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202l.exe

c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202l.exe

\??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202m.exe

c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202m.exe

\??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202n.exe

c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202n.exe

\??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202o.exe

c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202o.exe

\??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202p.exe

c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202p.exe

\??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202q.exe

c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202q.exe

\??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202r.exe

c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202r.exe

\??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202s.exe

c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202s.exe

\??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202t.exe

c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202t.exe

\??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202u.exe

c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202u.exe

\??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202v.exe

c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202v.exe

\??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202w.exe

c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202w.exe

\??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202x.exe

c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202x.exe

\??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202y.exe

c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202y.exe

Network

N/A

Files

memory/2156-0-0x0000000000400000-0x000000000043C000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202.exe

MD5 e4ee3b52c0aaaa0d12d7b31e20a3dbb7
SHA1 869559f77f96e665d46b1ba6259c26414173ad41
SHA256 8827360cfa18af299d316e03d6525e6299dfe44d260a062f19230e4462e3d6a7
SHA512 257b9fd33b10c9c505d64dbd6035eb913b07e58fc7ac892061dbe5ba98c12bd7d34e21f7ac2d829ecf607f2623b7c4f872cc37657e6cfa0c4ec1a92554c78546

memory/2156-12-0x0000000000400000-0x000000000043C000-memory.dmp

memory/1200-21-0x0000000000400000-0x000000000043C000-memory.dmp

memory/2156-13-0x0000000000250000-0x000000000028C000-memory.dmp

memory/2392-49-0x0000000000400000-0x000000000043C000-memory.dmp

memory/2684-29-0x0000000000400000-0x000000000043C000-memory.dmp

\Users\Admin\AppData\Local\Temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202d.exe

MD5 da6a2d4a1a40099cf2bfcb83edab4a33
SHA1 a3d806c9f32ffce98f5193cd5af54bcd871a24df
SHA256 f8f5e70cd1a40f4be3ee3af67a528fda50d3c67f9e88d434f0467ec8d34e04e4
SHA512 17891ed653faee95d8deb6a69ad45a60d165b01dc4edf36264a39b42e32b02c3bea9ca9637cfd08e40c05c8a8398da886044158f9409b434f3c3880c0f17f6e7

memory/2392-57-0x0000000000400000-0x000000000043C000-memory.dmp

memory/2392-56-0x0000000000340000-0x000000000037C000-memory.dmp

memory/2984-65-0x0000000000400000-0x000000000043C000-memory.dmp

memory/2416-85-0x0000000000400000-0x000000000043C000-memory.dmp

memory/1792-88-0x0000000000400000-0x000000000043C000-memory.dmp

memory/2620-115-0x0000000000400000-0x000000000043C000-memory.dmp

memory/1792-100-0x0000000000400000-0x000000000043C000-memory.dmp

memory/1792-101-0x0000000000440000-0x000000000047C000-memory.dmp

\Users\Admin\AppData\Local\Temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202h.exe

MD5 50ce7c3baf3e4631424f829762e899aa
SHA1 9b847f6380c76effea4f2854209a327d358f9df8
SHA256 29cd6161281753fbdedfcb40c2ac8ea531c9b52ccbabc29f135722b006ab0762
SHA512 4f5a636bc1e880c8b4b3a3ec63e13843a1be00a83290dcf62324badc45cfe4ffd1ca29ed530d8e07aff2e240b70ec3d38e13eca247ddb657ae8fb041ee9a8d17

memory/2156-126-0x0000000000250000-0x000000000028C000-memory.dmp

memory/2776-123-0x0000000000400000-0x000000000043C000-memory.dmp

memory/2776-131-0x0000000000400000-0x000000000043C000-memory.dmp

memory/112-139-0x0000000000400000-0x000000000043C000-memory.dmp

memory/1200-140-0x0000000000400000-0x000000000043C000-memory.dmp

memory/2684-142-0x0000000000400000-0x000000000043C000-memory.dmp

memory/112-148-0x0000000000400000-0x000000000043C000-memory.dmp

memory/112-156-0x0000000000510000-0x000000000054C000-memory.dmp

memory/1500-157-0x0000000000400000-0x000000000043C000-memory.dmp

memory/1500-165-0x0000000000400000-0x000000000043C000-memory.dmp

memory/672-172-0x0000000000400000-0x000000000043C000-memory.dmp

memory/672-181-0x0000000000400000-0x000000000043C000-memory.dmp

memory/672-180-0x0000000000290000-0x00000000002CC000-memory.dmp

memory/2984-175-0x0000000000400000-0x000000000043C000-memory.dmp

memory/2348-189-0x0000000000400000-0x000000000043C000-memory.dmp

memory/1792-205-0x0000000000440000-0x000000000047C000-memory.dmp

memory/2824-206-0x0000000000400000-0x000000000043C000-memory.dmp

\Users\Admin\AppData\Local\Temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202m.exe

MD5 a1cc3a07b67a8abb14e94b2177c53340
SHA1 cfe5a6aa869bbc19a308027fdfb04124a05c5613
SHA256 289a06a297f4d772f592853341aaf35764d35bf76e4248724eafc394bc0a328f
SHA512 82da09caefd11ef80748ff01a5b408440d256b6dc9d502ea7949125b39ca8507e0aaed958e3f173cc44937dad3d12f57ca640148b7fc762b190128a7b9f433fc

memory/2348-197-0x0000000000400000-0x000000000043C000-memory.dmp

memory/2824-209-0x0000000000350000-0x000000000038C000-memory.dmp

memory/2348-192-0x0000000000290000-0x00000000002CC000-memory.dmp

memory/1656-230-0x0000000000400000-0x000000000043C000-memory.dmp

memory/2952-237-0x0000000000400000-0x000000000043C000-memory.dmp

memory/1116-253-0x0000000000400000-0x000000000043C000-memory.dmp

memory/2952-247-0x0000000000440000-0x000000000047C000-memory.dmp

memory/1240-264-0x0000000000400000-0x000000000043C000-memory.dmp

memory/1284-281-0x0000000000400000-0x000000000043C000-memory.dmp

memory/1008-280-0x0000000000400000-0x000000000043C000-memory.dmp

memory/1284-288-0x0000000000370000-0x00000000003AC000-memory.dmp

memory/1284-292-0x0000000000400000-0x000000000043C000-memory.dmp

memory/1008-275-0x0000000000400000-0x000000000043C000-memory.dmp

memory/1016-302-0x0000000000400000-0x000000000043C000-memory.dmp

memory/2240-308-0x0000000000400000-0x000000000043C000-memory.dmp

memory/2976-330-0x0000000000400000-0x000000000043C000-memory.dmp

memory/1988-324-0x0000000000400000-0x000000000043C000-memory.dmp

memory/876-337-0x0000000000400000-0x000000000043C000-memory.dmp

memory/876-347-0x0000000000400000-0x000000000043C000-memory.dmp

memory/876-353-0x00000000003A0000-0x00000000003DC000-memory.dmp

memory/3068-354-0x0000000000400000-0x000000000043C000-memory.dmp

memory/2004-360-0x0000000000400000-0x000000000043C000-memory.dmp

memory/3068-359-0x0000000000400000-0x000000000043C000-memory.dmp

memory/2976-336-0x0000000000400000-0x000000000043C000-memory.dmp

memory/2976-335-0x0000000000250000-0x000000000028C000-memory.dmp

memory/1988-319-0x0000000000400000-0x000000000043C000-memory.dmp

memory/2240-313-0x0000000000400000-0x000000000043C000-memory.dmp

memory/1240-269-0x0000000000400000-0x000000000043C000-memory.dmp

memory/1116-258-0x0000000000400000-0x000000000043C000-memory.dmp

memory/2952-245-0x0000000000400000-0x000000000043C000-memory.dmp

memory/1656-222-0x0000000000400000-0x000000000043C000-memory.dmp

memory/2824-214-0x0000000000400000-0x000000000043C000-memory.dmp

memory/3068-361-0x0000000000290000-0x00000000002CC000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-04-06 23:53

Reported

2024-04-06 23:56

Platform

win10v2004-20240226-en

Max time kernel

92s

Max time network

96s

Command Line

"C:\Users\Admin\AppData\Local\Temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c.exe"

Signatures

Executes dropped EXE

Description Indicator Process Target
N/A N/A \??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202.exe N/A
N/A N/A \??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202a.exe N/A
N/A N/A \??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202b.exe N/A
N/A N/A \??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202c.exe N/A
N/A N/A \??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202d.exe N/A
N/A N/A \??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202e.exe N/A
N/A N/A \??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202f.exe N/A
N/A N/A \??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202g.exe N/A
N/A N/A \??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202h.exe N/A
N/A N/A \??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202i.exe N/A
N/A N/A \??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202j.exe N/A
N/A N/A \??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202k.exe N/A
N/A N/A \??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202l.exe N/A
N/A N/A \??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202m.exe N/A
N/A N/A \??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202n.exe N/A
N/A N/A \??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202o.exe N/A
N/A N/A \??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202p.exe N/A
N/A N/A \??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202q.exe N/A
N/A N/A \??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202r.exe N/A
N/A N/A \??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202s.exe N/A
N/A N/A \??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202t.exe N/A
N/A N/A \??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202u.exe N/A
N/A N/A \??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202v.exe N/A
N/A N/A \??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202w.exe N/A
N/A N/A \??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202x.exe N/A
N/A N/A \??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202y.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202x.exe\"" \??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202w.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202k.exe\"" \??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202j.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202g.exe\"" \??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202f.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202l.exe\"" \??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202k.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202.exe\"" C:\Users\Admin\AppData\Local\Temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202p.exe\"" \??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202o.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202q.exe\"" \??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202p.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202v.exe\"" \??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202u.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202n.exe\"" \??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202m.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202o.exe\"" \??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202n.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202b.exe\"" \??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202a.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202f.exe\"" \??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202e.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202i.exe\"" \??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202h.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202j.exe\"" \??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202i.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202u.exe\"" \??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202t.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202w.exe\"" \??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202v.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202e.exe\"" \??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202d.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202s.exe\"" \??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202r.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202y.exe\"" \??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202x.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202d.exe\"" \??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202c.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202m.exe\"" \??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202l.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202c.exe\"" \??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202b.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202h.exe\"" \??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202g.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202r.exe\"" \??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202q.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202t.exe\"" \??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202s.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202a.exe\"" \??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C} \??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202b.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = d6781c4a07cdbf75 \??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202j.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = d6781c4a07cdbf75 \??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202l.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = d6781c4a07cdbf75 \??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202o.exe N/A
Key created \REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C} \??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202r.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = d6781c4a07cdbf75 \??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202a.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = d6781c4a07cdbf75 \??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202b.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = d6781c4a07cdbf75 \??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202h.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = d6781c4a07cdbf75 \??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202t.exe N/A
Key created \REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C} \??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202u.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = d6781c4a07cdbf75 \??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202u.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = d6781c4a07cdbf75 \??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202y.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = d6781c4a07cdbf75 \??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202d.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = d6781c4a07cdbf75 \??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202f.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = d6781c4a07cdbf75 \??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202k.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = d6781c4a07cdbf75 \??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202r.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = d6781c4a07cdbf75 \??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202s.exe N/A
Key created \REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C} \??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202w.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = d6781c4a07cdbf75 \??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202w.exe N/A
Key created \REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C} \??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202p.exe N/A
Key created \REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C} \??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202c.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = d6781c4a07cdbf75 \??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202c.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = d6781c4a07cdbf75 \??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202g.exe N/A
Key created \REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C} \??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202m.exe N/A
Key created \REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C} \??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202q.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = d6781c4a07cdbf75 \??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202.exe N/A
Key created \REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C} \??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202a.exe N/A
Key created \REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C} \??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202s.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = d6781c4a07cdbf75 \??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202v.exe N/A
Key created \REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C} \??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202e.exe N/A
Key created \REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C} \??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202f.exe N/A
Key created \REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C} \??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202o.exe N/A
Key created \REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C} \??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202x.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = d6781c4a07cdbf75 C:\Users\Admin\AppData\Local\Temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c.exe N/A
Key created \REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C} \??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202h.exe N/A
Key created \REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C} \??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = d6781c4a07cdbf75 \??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202e.exe N/A
Key created \REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C} \??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202g.exe N/A
Key created \REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C} \??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202j.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = d6781c4a07cdbf75 \??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202p.exe N/A
Key created \REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C} \??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202d.exe N/A
Key created \REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C} \??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202v.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = d6781c4a07cdbf75 \??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202x.exe N/A
Key created \REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C} \??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202k.exe N/A
Key created \REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C} \??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202l.exe N/A
Key created \REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C} \??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202t.exe N/A
Key created \REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C} \??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202y.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = d6781c4a07cdbf75 \??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202i.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = d6781c4a07cdbf75 \??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202m.exe N/A
Key created \REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C} \??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202n.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = d6781c4a07cdbf75 \??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202n.exe N/A
Key created \REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C} C:\Users\Admin\AppData\Local\Temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c.exe N/A
Key created \REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C} \??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202i.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = d6781c4a07cdbf75 \??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202q.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3868 wrote to memory of 4908 N/A C:\Users\Admin\AppData\Local\Temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c.exe \??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202.exe
PID 3868 wrote to memory of 4908 N/A C:\Users\Admin\AppData\Local\Temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c.exe \??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202.exe
PID 3868 wrote to memory of 4908 N/A C:\Users\Admin\AppData\Local\Temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c.exe \??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202.exe
PID 4908 wrote to memory of 3020 N/A \??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202.exe \??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202a.exe
PID 4908 wrote to memory of 3020 N/A \??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202.exe \??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202a.exe
PID 4908 wrote to memory of 3020 N/A \??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202.exe \??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202a.exe
PID 3020 wrote to memory of 3220 N/A \??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202a.exe \??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202b.exe
PID 3020 wrote to memory of 3220 N/A \??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202a.exe \??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202b.exe
PID 3020 wrote to memory of 3220 N/A \??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202a.exe \??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202b.exe
PID 3220 wrote to memory of 3884 N/A \??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202b.exe \??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202c.exe
PID 3220 wrote to memory of 3884 N/A \??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202b.exe \??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202c.exe
PID 3220 wrote to memory of 3884 N/A \??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202b.exe \??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202c.exe
PID 3884 wrote to memory of 888 N/A \??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202c.exe \??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202d.exe
PID 3884 wrote to memory of 888 N/A \??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202c.exe \??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202d.exe
PID 3884 wrote to memory of 888 N/A \??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202c.exe \??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202d.exe
PID 888 wrote to memory of 4848 N/A \??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202d.exe \??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202e.exe
PID 888 wrote to memory of 4848 N/A \??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202d.exe \??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202e.exe
PID 888 wrote to memory of 4848 N/A \??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202d.exe \??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202e.exe
PID 4848 wrote to memory of 1756 N/A \??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202e.exe \??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202f.exe
PID 4848 wrote to memory of 1756 N/A \??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202e.exe \??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202f.exe
PID 4848 wrote to memory of 1756 N/A \??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202e.exe \??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202f.exe
PID 1756 wrote to memory of 4872 N/A \??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202f.exe \??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202g.exe
PID 1756 wrote to memory of 4872 N/A \??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202f.exe \??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202g.exe
PID 1756 wrote to memory of 4872 N/A \??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202f.exe \??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202g.exe
PID 4872 wrote to memory of 2128 N/A \??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202g.exe \??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202h.exe
PID 4872 wrote to memory of 2128 N/A \??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202g.exe \??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202h.exe
PID 4872 wrote to memory of 2128 N/A \??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202g.exe \??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202h.exe
PID 2128 wrote to memory of 1028 N/A \??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202h.exe \??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202i.exe
PID 2128 wrote to memory of 1028 N/A \??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202h.exe \??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202i.exe
PID 2128 wrote to memory of 1028 N/A \??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202h.exe \??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202i.exe
PID 1028 wrote to memory of 3604 N/A \??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202i.exe \??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202j.exe
PID 1028 wrote to memory of 3604 N/A \??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202i.exe \??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202j.exe
PID 1028 wrote to memory of 3604 N/A \??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202i.exe \??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202j.exe
PID 3604 wrote to memory of 4488 N/A \??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202j.exe \??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202k.exe
PID 3604 wrote to memory of 4488 N/A \??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202j.exe \??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202k.exe
PID 3604 wrote to memory of 4488 N/A \??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202j.exe \??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202k.exe
PID 4488 wrote to memory of 1932 N/A \??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202k.exe \??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202l.exe
PID 4488 wrote to memory of 1932 N/A \??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202k.exe \??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202l.exe
PID 4488 wrote to memory of 1932 N/A \??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202k.exe \??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202l.exe
PID 1932 wrote to memory of 1172 N/A \??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202l.exe \??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202m.exe
PID 1932 wrote to memory of 1172 N/A \??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202l.exe \??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202m.exe
PID 1932 wrote to memory of 1172 N/A \??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202l.exe \??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202m.exe
PID 1172 wrote to memory of 2200 N/A \??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202m.exe \??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202n.exe
PID 1172 wrote to memory of 2200 N/A \??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202m.exe \??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202n.exe
PID 1172 wrote to memory of 2200 N/A \??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202m.exe \??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202n.exe
PID 2200 wrote to memory of 1072 N/A \??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202n.exe \??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202o.exe
PID 2200 wrote to memory of 1072 N/A \??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202n.exe \??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202o.exe
PID 2200 wrote to memory of 1072 N/A \??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202n.exe \??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202o.exe
PID 1072 wrote to memory of 2680 N/A \??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202o.exe \??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202p.exe
PID 1072 wrote to memory of 2680 N/A \??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202o.exe \??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202p.exe
PID 1072 wrote to memory of 2680 N/A \??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202o.exe \??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202p.exe
PID 2680 wrote to memory of 1076 N/A \??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202p.exe \??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202q.exe
PID 2680 wrote to memory of 1076 N/A \??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202p.exe \??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202q.exe
PID 2680 wrote to memory of 1076 N/A \??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202p.exe \??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202q.exe
PID 1076 wrote to memory of 432 N/A \??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202q.exe \??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202r.exe
PID 1076 wrote to memory of 432 N/A \??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202q.exe \??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202r.exe
PID 1076 wrote to memory of 432 N/A \??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202q.exe \??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202r.exe
PID 432 wrote to memory of 588 N/A \??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202r.exe \??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202s.exe
PID 432 wrote to memory of 588 N/A \??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202r.exe \??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202s.exe
PID 432 wrote to memory of 588 N/A \??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202r.exe \??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202s.exe
PID 588 wrote to memory of 3372 N/A \??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202s.exe \??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202t.exe
PID 588 wrote to memory of 3372 N/A \??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202s.exe \??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202t.exe
PID 588 wrote to memory of 3372 N/A \??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202s.exe \??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202t.exe
PID 3372 wrote to memory of 3360 N/A \??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202t.exe \??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202u.exe

Processes

C:\Users\Admin\AppData\Local\Temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c.exe

"C:\Users\Admin\AppData\Local\Temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c.exe"

\??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202.exe

c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202.exe

\??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202a.exe

c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202a.exe

\??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202b.exe

c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202b.exe

\??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202c.exe

c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202c.exe

\??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202d.exe

c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202d.exe

\??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202e.exe

c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202e.exe

\??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202f.exe

c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202f.exe

\??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202g.exe

c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202g.exe

\??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202h.exe

c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202h.exe

\??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202i.exe

c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202i.exe

\??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202j.exe

c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202j.exe

\??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202k.exe

c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202k.exe

\??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202l.exe

c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202l.exe

\??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202m.exe

c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202m.exe

\??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202n.exe

c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202n.exe

\??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202o.exe

c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202o.exe

\??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202p.exe

c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202p.exe

\??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202q.exe

c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202q.exe

\??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202r.exe

c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202r.exe

\??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202s.exe

c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202s.exe

\??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202t.exe

c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202t.exe

\??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202u.exe

c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202u.exe

\??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202v.exe

c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202v.exe

\??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202w.exe

c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202w.exe

\??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202x.exe

c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202x.exe

\??\c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202y.exe

c:\users\admin\appdata\local\temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202y.exe

Network

Country Destination Domain Proto
US 8.8.8.8:53 209.205.72.20.in-addr.arpa udp
US 8.8.8.8:53 99.56.20.217.in-addr.arpa udp
US 8.8.8.8:53 0.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 241.150.49.20.in-addr.arpa udp
US 8.8.8.8:53 183.59.114.20.in-addr.arpa udp
US 8.8.8.8:53 56.126.166.20.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 48.229.111.52.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp

Files

memory/3868-0-0x0000000000400000-0x000000000043C000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202.exe

MD5 50ce7c3baf3e4631424f829762e899aa
SHA1 9b847f6380c76effea4f2854209a327d358f9df8
SHA256 29cd6161281753fbdedfcb40c2ac8ea531c9b52ccbabc29f135722b006ab0762
SHA512 4f5a636bc1e880c8b4b3a3ec63e13843a1be00a83290dcf62324badc45cfe4ffd1ca29ed530d8e07aff2e240b70ec3d38e13eca247ddb657ae8fb041ee9a8d17

memory/4908-15-0x0000000000400000-0x000000000043C000-memory.dmp

memory/3868-9-0x0000000000400000-0x000000000043C000-memory.dmp

memory/3220-34-0x0000000000400000-0x000000000043C000-memory.dmp

memory/3884-38-0x0000000000400000-0x000000000043C000-memory.dmp

memory/888-47-0x0000000000400000-0x000000000043C000-memory.dmp

memory/2128-99-0x0000000000400000-0x000000000043C000-memory.dmp

memory/1028-97-0x0000000000400000-0x000000000043C000-memory.dmp

memory/3604-107-0x0000000000400000-0x000000000043C000-memory.dmp

memory/3604-118-0x0000000000400000-0x000000000043C000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\a118c84a3cc3cd216ecf27d4bafc4f06475067728493fb0827b4ee4a9cbb958c_3202m.exe

MD5 a1cc3a07b67a8abb14e94b2177c53340
SHA1 cfe5a6aa869bbc19a308027fdfb04124a05c5613
SHA256 289a06a297f4d772f592853341aaf35764d35bf76e4248724eafc394bc0a328f
SHA512 82da09caefd11ef80748ff01a5b408440d256b6dc9d502ea7949125b39ca8507e0aaed958e3f173cc44937dad3d12f57ca640148b7fc762b190128a7b9f433fc

memory/2200-148-0x0000000000400000-0x000000000043C000-memory.dmp

memory/3020-156-0x0000000000400000-0x000000000043C000-memory.dmp

memory/2680-176-0x0000000000400000-0x000000000043C000-memory.dmp

memory/3360-215-0x0000000000400000-0x000000000043C000-memory.dmp

memory/3568-218-0x0000000000400000-0x000000000043C000-memory.dmp

memory/4384-248-0x0000000000400000-0x000000000043C000-memory.dmp

memory/1608-247-0x0000000000400000-0x000000000043C000-memory.dmp

memory/4588-244-0x0000000000400000-0x000000000043C000-memory.dmp

memory/1608-242-0x0000000000400000-0x000000000043C000-memory.dmp

memory/4488-234-0x0000000000400000-0x000000000043C000-memory.dmp

memory/4588-227-0x0000000000400000-0x000000000043C000-memory.dmp

memory/3372-213-0x0000000000400000-0x000000000043C000-memory.dmp

memory/3372-204-0x0000000000400000-0x000000000043C000-memory.dmp

memory/588-198-0x0000000000400000-0x000000000043C000-memory.dmp

memory/888-194-0x0000000000400000-0x000000000043C000-memory.dmp

memory/432-186-0x0000000000400000-0x000000000043C000-memory.dmp

memory/1076-184-0x0000000000400000-0x000000000043C000-memory.dmp

memory/3884-174-0x0000000000400000-0x000000000043C000-memory.dmp

memory/2680-159-0x0000000000400000-0x000000000043C000-memory.dmp

memory/1072-155-0x0000000000400000-0x000000000043C000-memory.dmp

memory/3220-157-0x0000000000400000-0x000000000043C000-memory.dmp

memory/2200-144-0x0000000000400000-0x000000000043C000-memory.dmp

memory/1172-138-0x0000000000400000-0x000000000043C000-memory.dmp

memory/1932-134-0x0000000000400000-0x000000000043C000-memory.dmp

memory/4488-111-0x0000000000400000-0x000000000043C000-memory.dmp

memory/4872-88-0x0000000000400000-0x000000000043C000-memory.dmp

memory/4872-74-0x0000000000400000-0x000000000043C000-memory.dmp

memory/1756-71-0x0000000000400000-0x000000000043C000-memory.dmp

memory/4848-70-0x0000000000400000-0x000000000043C000-memory.dmp

memory/3020-19-0x0000000000400000-0x000000000043C000-memory.dmp

memory/4908-26-0x0000000000400000-0x000000000043C000-memory.dmp

memory/3568-249-0x0000000000400000-0x000000000043C000-memory.dmp