Description	Indicator	Process	Target
Key value queried	\REGISTRY\USER\S-1-5-21-2288054676-1871194608-3559553667-1000\Control Panel\International\Geo\Nation	C:\Users\Admin\AppData\Local\Temp\slinkyloader.exe	N/A
Key value queried	\REGISTRY\USER\S-1-5-21-2288054676-1871194608-3559553667-1000\Control Panel\International\Geo\Nation	C:\Users\Admin\AppData\Local\Temp\slinkyloader.exe	N/A
Key value queried	\REGISTRY\USER\S-1-5-21-2288054676-1871194608-3559553667-1000\Control Panel\International\Geo\Nation	C:\Users\Admin\AppData\Local\Temp\slinkyloader.exe	N/A
Key value queried	\REGISTRY\USER\S-1-5-21-2288054676-1871194608-3559553667-1000\Control Panel\International\Geo\Nation	C:\Users\Admin\AppData\Local\Temp\slinkyloader.exe	N/A
Key value queried	\REGISTRY\USER\S-1-5-21-2288054676-1871194608-3559553667-1000\Control Panel\International\Geo\Nation	C:\Users\Admin\AppData\Local\Temp\slinkyloader.exe	N/A
Key value queried	\REGISTRY\USER\S-1-5-21-2288054676-1871194608-3559553667-1000\Control Panel\International\Geo\Nation	C:\Users\Admin\AppData\Local\Temp\slinkyloader.exe	N/A
Key value queried	\REGISTRY\USER\S-1-5-21-2288054676-1871194608-3559553667-1000\Control Panel\International\Geo\Nation	C:\Users\Admin\AppData\Local\Temp\slinkyloader.exe	N/A
Key value queried	\REGISTRY\USER\S-1-5-21-2288054676-1871194608-3559553667-1000\Control Panel\International\Geo\Nation	C:\Users\Admin\AppData\Local\Temp\slinkyloader.exe	N/A
Key value queried	\REGISTRY\USER\S-1-5-21-2288054676-1871194608-3559553667-1000\Control Panel\International\Geo\Nation	C:\Users\Admin\AppData\Local\Temp\slinkyloader.exe	N/A
Key value queried	\REGISTRY\USER\S-1-5-21-2288054676-1871194608-3559553667-1000\Control Panel\International\Geo\Nation	C:\Users\Admin\AppData\Local\Temp\slinkyloader.exe	N/A
Key value queried	\REGISTRY\USER\S-1-5-21-2288054676-1871194608-3559553667-1000\Control Panel\International\Geo\Nation	C:\Users\Admin\AppData\Local\Temp\slinkyloader.exe	N/A
Key value queried	\REGISTRY\USER\S-1-5-21-2288054676-1871194608-3559553667-1000\Control Panel\International\Geo\Nation	C:\Users\Admin\AppData\Local\Temp\slinkyloader.exe	N/A
Key value queried	\REGISTRY\USER\S-1-5-21-2288054676-1871194608-3559553667-1000\Control Panel\International\Geo\Nation	C:\Users\Admin\AppData\Local\Temp\slinkyloader.exe	N/A
Key value queried	\REGISTRY\USER\S-1-5-21-2288054676-1871194608-3559553667-1000\Control Panel\International\Geo\Nation	C:\Users\Admin\AppData\Local\Temp\slinkyloader.exe	N/A
Key value queried	\REGISTRY\USER\S-1-5-21-2288054676-1871194608-3559553667-1000\Control Panel\International\Geo\Nation	C:\Users\Admin\AppData\Local\Temp\slinkyloader.exe	N/A
Key value queried	\REGISTRY\USER\S-1-5-21-2288054676-1871194608-3559553667-1000\Control Panel\International\Geo\Nation	C:\Users\Admin\AppData\Local\Temp\slinkyloader.exe	N/A
Key value queried	\REGISTRY\USER\S-1-5-21-2288054676-1871194608-3559553667-1000\Control Panel\International\Geo\Nation	C:\Users\Admin\AppData\Local\Temp\slinkyloader.exe	N/A
Key value queried	\REGISTRY\USER\S-1-5-21-2288054676-1871194608-3559553667-1000\Control Panel\International\Geo\Nation	C:\Users\Admin\AppData\Local\Temp\slinkyloader.exe	N/A
Key value queried	\REGISTRY\USER\S-1-5-21-2288054676-1871194608-3559553667-1000\Control Panel\International\Geo\Nation	C:\Users\Admin\AppData\Local\Temp\slinkyloader.exe	N/A
Key value queried	\REGISTRY\USER\S-1-5-21-2288054676-1871194608-3559553667-1000\Control Panel\International\Geo\Nation	C:\Users\Admin\AppData\Local\Temp\slinkyloader.exe	N/A
Key value queried	\REGISTRY\USER\S-1-5-21-2288054676-1871194608-3559553667-1000\Control Panel\International\Geo\Nation	C:\Users\Admin\AppData\Local\Temp\slinkyloader.exe	N/A
Key value queried	\REGISTRY\USER\S-1-5-21-2288054676-1871194608-3559553667-1000\Control Panel\International\Geo\Nation	C:\Users\Admin\AppData\Local\Temp\slinkyloader.exe	N/A
Key value queried	\REGISTRY\USER\S-1-5-21-2288054676-1871194608-3559553667-1000\Control Panel\International\Geo\Nation	C:\Users\Admin\AppData\Local\Temp\slinkyloader.exe	N/A
Key value queried	\REGISTRY\USER\S-1-5-21-2288054676-1871194608-3559553667-1000\Control Panel\International\Geo\Nation	C:\Users\Admin\AppData\Local\Temp\slinkyloader.exe	N/A
Key value queried	\REGISTRY\USER\S-1-5-21-2288054676-1871194608-3559553667-1000\Control Panel\International\Geo\Nation	C:\Users\Admin\AppData\Local\Temp\slinkyloader.exe	N/A
Key value queried	\REGISTRY\USER\S-1-5-21-2288054676-1871194608-3559553667-1000\Control Panel\International\Geo\Nation	C:\Users\Admin\AppData\Local\Temp\slinkyloader.exe	N/A
Key value queried	\REGISTRY\USER\S-1-5-21-2288054676-1871194608-3559553667-1000\Control Panel\International\Geo\Nation	C:\Users\Admin\AppData\Local\Temp\slinkyloader.exe	N/A
Key value queried	\REGISTRY\USER\S-1-5-21-2288054676-1871194608-3559553667-1000\Control Panel\International\Geo\Nation	C:\Users\Admin\AppData\Local\Temp\slinkyloader.exe	N/A
Key value queried	\REGISTRY\USER\S-1-5-21-2288054676-1871194608-3559553667-1000\Control Panel\International\Geo\Nation	C:\Users\Admin\AppData\Local\Temp\slinkyloader.exe	N/A
Key value queried	\REGISTRY\USER\S-1-5-21-2288054676-1871194608-3559553667-1000\Control Panel\International\Geo\Nation	C:\Users\Admin\AppData\Local\Temp\slinkyloader.exe	N/A
Key value queried	\REGISTRY\USER\S-1-5-21-2288054676-1871194608-3559553667-1000\Control Panel\International\Geo\Nation	C:\Users\Admin\AppData\Local\Temp\slinkyloader.exe	N/A
Key value queried	\REGISTRY\USER\S-1-5-21-2288054676-1871194608-3559553667-1000\Control Panel\International\Geo\Nation	C:\Users\Admin\AppData\Local\Temp\slinkyloader.exe	N/A
Key value queried	\REGISTRY\USER\S-1-5-21-2288054676-1871194608-3559553667-1000\Control Panel\International\Geo\Nation	C:\Users\Admin\AppData\Local\Temp\slinkyloader.exe	N/A
Key value queried	\REGISTRY\USER\S-1-5-21-2288054676-1871194608-3559553667-1000\Control Panel\International\Geo\Nation	C:\Users\Admin\AppData\Local\Temp\slinkyloader.exe	N/A
Key value queried	\REGISTRY\USER\S-1-5-21-2288054676-1871194608-3559553667-1000\Control Panel\International\Geo\Nation	C:\Users\Admin\AppData\Local\Temp\slinkyloader.exe	N/A
Key value queried	\REGISTRY\USER\S-1-5-21-2288054676-1871194608-3559553667-1000\Control Panel\International\Geo\Nation	C:\Users\Admin\AppData\Local\Temp\slinkyloader.exe	N/A
Key value queried	\REGISTRY\USER\S-1-5-21-2288054676-1871194608-3559553667-1000\Control Panel\International\Geo\Nation	C:\Users\Admin\AppData\Local\Temp\slinkyloader.exe	N/A
Key value queried	\REGISTRY\USER\S-1-5-21-2288054676-1871194608-3559553667-1000\Control Panel\International\Geo\Nation	C:\Users\Admin\AppData\Local\Temp\slinkyloader.exe	N/A
Key value queried	\REGISTRY\USER\S-1-5-21-2288054676-1871194608-3559553667-1000\Control Panel\International\Geo\Nation	C:\Users\Admin\AppData\Local\Temp\slinkyloader.exe	N/A
Key value queried	\REGISTRY\USER\S-1-5-21-2288054676-1871194608-3559553667-1000\Control Panel\International\Geo\Nation	C:\Users\Admin\AppData\Local\Temp\slinkyloader.exe	N/A
Key value queried	\REGISTRY\USER\S-1-5-21-2288054676-1871194608-3559553667-1000\Control Panel\International\Geo\Nation	C:\Users\Admin\AppData\Local\Temp\slinkyloader.exe	N/A
Key value queried	\REGISTRY\USER\S-1-5-21-2288054676-1871194608-3559553667-1000\Control Panel\International\Geo\Nation	C:\Users\Admin\AppData\Local\Temp\slinkyloader.exe	N/A
Key value queried	\REGISTRY\USER\S-1-5-21-2288054676-1871194608-3559553667-1000\Control Panel\International\Geo\Nation	C:\Users\Admin\AppData\Local\Temp\slinkyloader.exe	N/A
Key value queried	\REGISTRY\USER\S-1-5-21-2288054676-1871194608-3559553667-1000\Control Panel\International\Geo\Nation	C:\Users\Admin\AppData\Local\Temp\slinkyloader.exe	N/A
Key value queried	\REGISTRY\USER\S-1-5-21-2288054676-1871194608-3559553667-1000\Control Panel\International\Geo\Nation	C:\Users\Admin\AppData\Local\Temp\slinkyloader.exe	N/A

Executes dropped EXE

Description	Indicator	Process	Target
N/A	N/A	C:\Users\Admin\AppData\Local\Temp\Server.exe	N/A
N/A	N/A	C:\Users\Admin\AppData\Local\Temp\Server.exe	N/A
N/A	N/A	C:\Users\Admin\AppData\Local\Temp\Server.exe	N/A
N/A	N/A	C:\Users\Admin\AppData\Local\Temp\Server.exe	N/A
N/A	N/A	C:\Users\Admin\AppData\Local\Temp\Server.exe	N/A
N/A	N/A	C:\Users\Admin\AppData\Local\Temp\Server.exe	N/A
N/A	N/A	C:\Users\Admin\AppData\Local\Temp\Server.exe	N/A
N/A	N/A	C:\Users\Admin\AppData\Local\Temp\Server.exe	N/A
N/A	N/A	C:\Users\Admin\AppData\Local\Temp\Server.exe	N/A
N/A	N/A	C:\Users\Admin\AppData\Local\Temp\Server.exe	N/A
N/A	N/A	C:\Users\Admin\AppData\Local\Temp\Server.exe	N/A
N/A	N/A	C:\Users\Admin\AppData\Local\Temp\Server.exe	N/A
N/A	N/A	C:\Users\Admin\AppData\Local\Temp\Server.exe	N/A
N/A	N/A	C:\Users\Admin\AppData\Local\Temp\Server.exe	N/A
N/A	N/A	C:\Users\Admin\AppData\Local\Temp\Server.exe	N/A
N/A	N/A	C:\Users\Admin\AppData\Local\Temp\Server.exe	N/A
N/A	N/A	C:\Users\Admin\AppData\Local\Temp\Server.exe	N/A
N/A	N/A	C:\Users\Admin\AppData\Local\Temp\Server.exe	N/A
N/A	N/A	C:\Users\Admin\AppData\Local\Temp\Server.exe	N/A
N/A	N/A	C:\Users\Admin\AppData\Local\Temp\Server.exe	N/A
N/A	N/A	C:\Users\Admin\AppData\Local\Temp\Server.exe	N/A
N/A	N/A	C:\Users\Admin\AppData\Local\Temp\Server.exe	N/A
N/A	N/A	C:\Users\Admin\AppData\Local\Temp\Server.exe	N/A
N/A	N/A	C:\Users\Admin\AppData\Local\Temp\Server.exe	N/A
N/A	N/A	C:\Users\Admin\AppData\Local\Temp\Server.exe	N/A
N/A	N/A	C:\Users\Admin\AppData\Local\Temp\Server.exe	N/A
N/A	N/A	C:\Users\Admin\AppData\Local\Temp\Server.exe	N/A
N/A	N/A	C:\Users\Admin\AppData\Local\Temp\Server.exe	N/A
N/A	N/A	C:\Users\Admin\AppData\Local\Temp\Server.exe	N/A
N/A	N/A	C:\Users\Admin\AppData\Local\Temp\Server.exe	N/A
N/A	N/A	C:\Users\Admin\AppData\Local\Temp\Server.exe	N/A
N/A	N/A	C:\Users\Admin\AppData\Local\Temp\Server.exe	N/A
N/A	N/A	C:\Users\Admin\AppData\Local\Temp\Server.exe	N/A
N/A	N/A	C:\Users\Admin\AppData\Local\Temp\Server.exe	N/A
N/A	N/A	C:\Users\Admin\AppData\Local\Temp\Server.exe	N/A
N/A	N/A	C:\Users\Admin\AppData\Local\Temp\Server.exe	N/A
N/A	N/A	C:\Users\Admin\AppData\Local\Temp\Server.exe	N/A
N/A	N/A	C:\Users\Admin\AppData\Local\Temp\Server.exe	N/A
N/A	N/A	C:\Users\Admin\AppData\Local\Temp\Server.exe	N/A
N/A	N/A	C:\Users\Admin\AppData\Local\Temp\Server.exe	N/A
N/A	N/A	C:\Users\Admin\AppData\Local\Temp\Server.exe	N/A
N/A	N/A	C:\Users\Admin\AppData\Local\Temp\Server.exe	N/A
N/A	N/A	C:\Users\Admin\AppData\Local\Temp\Server.exe	N/A
N/A	N/A	C:\Users\Admin\AppData\Local\Temp\Server.exe	N/A
N/A	N/A	C:\Users\Admin\AppData\Local\Temp\Server.exe	N/A

Enumerates physical storage devices

Suspicious use of AdjustPrivilegeToken

Description	Indicator	Process	Target
Token: SeDebugPrivilege	N/A	C:\Users\Admin\AppData\Local\Temp\Server.exe	N/A
Token: SeDebugPrivilege	N/A	C:\Users\Admin\AppData\Local\Temp\Server.exe	N/A
Token: SeDebugPrivilege	N/A	C:\Users\Admin\AppData\Local\Temp\Server.exe	N/A
Token: SeDebugPrivilege	N/A	C:\Users\Admin\AppData\Local\Temp\Server.exe	N/A
Token: SeDebugPrivilege	N/A	C:\Users\Admin\AppData\Local\Temp\Server.exe	N/A
Token: SeDebugPrivilege	N/A	C:\Users\Admin\AppData\Local\Temp\Server.exe	N/A
Token: SeDebugPrivilege	N/A	C:\Users\Admin\AppData\Local\Temp\Server.exe	N/A
Token: SeDebugPrivilege	N/A	C:\Users\Admin\AppData\Local\Temp\Server.exe	N/A
Token: SeDebugPrivilege	N/A	C:\Users\Admin\AppData\Local\Temp\Server.exe	N/A
Token: SeDebugPrivilege	N/A	C:\Users\Admin\AppData\Local\Temp\Server.exe	N/A
Token: SeDebugPrivilege	N/A	C:\Users\Admin\AppData\Local\Temp\Server.exe	N/A
Token: SeDebugPrivilege	N/A	C:\Users\Admin\AppData\Local\Temp\Server.exe	N/A
Token: SeDebugPrivilege	N/A	C:\Users\Admin\AppData\Local\Temp\Server.exe	N/A
Token: SeDebugPrivilege	N/A	C:\Users\Admin\AppData\Local\Temp\Server.exe	N/A
Token: SeDebugPrivilege	N/A	C:\Users\Admin\AppData\Local\Temp\Server.exe	N/A
Token: SeDebugPrivilege	N/A	C:\Users\Admin\AppData\Local\Temp\Server.exe	N/A
Token: SeDebugPrivilege	N/A	C:\Users\Admin\AppData\Local\Temp\Server.exe	N/A
Token: SeDebugPrivilege	N/A	C:\Users\Admin\AppData\Local\Temp\Server.exe	N/A
Token: SeDebugPrivilege	N/A	C:\Users\Admin\AppData\Local\Temp\Server.exe	N/A
Token: SeDebugPrivilege	N/A	C:\Users\Admin\AppData\Local\Temp\Server.exe	N/A
Token: SeDebugPrivilege	N/A	C:\Users\Admin\AppData\Local\Temp\Server.exe	N/A
Token: SeDebugPrivilege	N/A	C:\Users\Admin\AppData\Local\Temp\Server.exe	N/A
Token: SeDebugPrivilege	N/A	C:\Users\Admin\AppData\Local\Temp\Server.exe	N/A
Token: SeDebugPrivilege	N/A	C:\Users\Admin\AppData\Local\Temp\Server.exe	N/A
Token: SeDebugPrivilege	N/A	C:\Users\Admin\AppData\Local\Temp\Server.exe	N/A
Token: SeDebugPrivilege	N/A	C:\Users\Admin\AppData\Local\Temp\Server.exe	N/A
Token: SeDebugPrivilege	N/A	C:\Users\Admin\AppData\Local\Temp\Server.exe	N/A
Token: SeDebugPrivilege	N/A	C:\Users\Admin\AppData\Local\Temp\Server.exe	N/A
Token: SeDebugPrivilege	N/A	C:\Users\Admin\AppData\Local\Temp\Server.exe	N/A
Token: SeDebugPrivilege	N/A	C:\Users\Admin\AppData\Local\Temp\Server.exe	N/A
Token: SeDebugPrivilege	N/A	C:\Users\Admin\AppData\Local\Temp\Server.exe	N/A
Token: SeDebugPrivilege	N/A	C:\Users\Admin\AppData\Local\Temp\Server.exe	N/A
Token: SeDebugPrivilege	N/A	C:\Users\Admin\AppData\Local\Temp\Server.exe	N/A
Token: SeDebugPrivilege	N/A	C:\Users\Admin\AppData\Local\Temp\Server.exe	N/A
Token: SeDebugPrivilege	N/A	C:\Users\Admin\AppData\Local\Temp\Server.exe	N/A
Token: SeDebugPrivilege	N/A	C:\Users\Admin\AppData\Local\Temp\Server.exe	N/A
Token: SeDebugPrivilege	N/A	C:\Users\Admin\AppData\Local\Temp\Server.exe	N/A
Token: SeDebugPrivilege	N/A	C:\Users\Admin\AppData\Local\Temp\Server.exe	N/A
Token: SeDebugPrivilege	N/A	C:\Users\Admin\AppData\Local\Temp\Server.exe	N/A
Token: SeDebugPrivilege	N/A	C:\Users\Admin\AppData\Local\Temp\Server.exe	N/A
Token: SeDebugPrivilege	N/A	C:\Users\Admin\AppData\Local\Temp\Server.exe	N/A
Token: SeDebugPrivilege	N/A	C:\Users\Admin\AppData\Local\Temp\Server.exe	N/A
Token: SeDebugPrivilege	N/A	C:\Users\Admin\AppData\Local\Temp\Server.exe	N/A
Token: SeDebugPrivilege	N/A	C:\Users\Admin\AppData\Local\Temp\Server.exe	N/A
Token: SeDebugPrivilege	N/A	C:\Users\Admin\AppData\Local\Temp\Server.exe	N/A

Suspicious use of WriteProcessMemory

Description	Indicator	Process	Target
PID 100 wrote to memory of 2268	N/A	C:\Users\Admin\AppData\Local\Temp\slinkyloader.exe	C:\Users\Admin\AppData\Local\Temp\Server.exe
PID 100 wrote to memory of 2268	N/A	C:\Users\Admin\AppData\Local\Temp\slinkyloader.exe	C:\Users\Admin\AppData\Local\Temp\Server.exe
PID 100 wrote to memory of 2268	N/A	C:\Users\Admin\AppData\Local\Temp\slinkyloader.exe	C:\Users\Admin\AppData\Local\Temp\Server.exe
PID 100 wrote to memory of 4640	N/A	C:\Users\Admin\AppData\Local\Temp\slinkyloader.exe	C:\Users\Admin\AppData\Local\Temp\slinkyloader.exe
PID 100 wrote to memory of 4640	N/A	C:\Users\Admin\AppData\Local\Temp\slinkyloader.exe	C:\Users\Admin\AppData\Local\Temp\slinkyloader.exe
PID 4640 wrote to memory of 3076	N/A	C:\Users\Admin\AppData\Local\Temp\slinkyloader.exe	C:\Users\Admin\AppData\Local\Temp\Server.exe
PID 4640 wrote to memory of 3076	N/A	C:\Users\Admin\AppData\Local\Temp\slinkyloader.exe	C:\Users\Admin\AppData\Local\Temp\Server.exe
PID 4640 wrote to memory of 3076	N/A	C:\Users\Admin\AppData\Local\Temp\slinkyloader.exe	C:\Users\Admin\AppData\Local\Temp\Server.exe
PID 4640 wrote to memory of 4872	N/A	C:\Users\Admin\AppData\Local\Temp\slinkyloader.exe	C:\Users\Admin\AppData\Local\Temp\slinkyloader.exe
PID 4640 wrote to memory of 4872	N/A	C:\Users\Admin\AppData\Local\Temp\slinkyloader.exe	C:\Users\Admin\AppData\Local\Temp\slinkyloader.exe
PID 4872 wrote to memory of 4516	N/A	C:\Users\Admin\AppData\Local\Temp\slinkyloader.exe	C:\Users\Admin\AppData\Local\Temp\Server.exe
PID 4872 wrote to memory of 4516	N/A	C:\Users\Admin\AppData\Local\Temp\slinkyloader.exe	C:\Users\Admin\AppData\Local\Temp\Server.exe
PID 4872 wrote to memory of 4516	N/A	C:\Users\Admin\AppData\Local\Temp\slinkyloader.exe	C:\Users\Admin\AppData\Local\Temp\Server.exe
PID 4872 wrote to memory of 4716	N/A	C:\Users\Admin\AppData\Local\Temp\slinkyloader.exe	C:\Users\Admin\AppData\Local\Temp\slinkyloader.exe
PID 4872 wrote to memory of 4716	N/A	C:\Users\Admin\AppData\Local\Temp\slinkyloader.exe	C:\Users\Admin\AppData\Local\Temp\slinkyloader.exe
PID 4716 wrote to memory of 3904	N/A	C:\Users\Admin\AppData\Local\Temp\slinkyloader.exe	C:\Users\Admin\AppData\Local\Temp\Server.exe
PID 4716 wrote to memory of 3904	N/A	C:\Users\Admin\AppData\Local\Temp\slinkyloader.exe	C:\Users\Admin\AppData\Local\Temp\Server.exe
PID 4716 wrote to memory of 3904	N/A	C:\Users\Admin\AppData\Local\Temp\slinkyloader.exe	C:\Users\Admin\AppData\Local\Temp\Server.exe
PID 4716 wrote to memory of 3940	N/A	C:\Users\Admin\AppData\Local\Temp\slinkyloader.exe	C:\Users\Admin\AppData\Local\Temp\slinkyloader.exe
PID 4716 wrote to memory of 3940	N/A	C:\Users\Admin\AppData\Local\Temp\slinkyloader.exe	C:\Users\Admin\AppData\Local\Temp\slinkyloader.exe
PID 3940 wrote to memory of 4016	N/A	C:\Users\Admin\AppData\Local\Temp\slinkyloader.exe	C:\Users\Admin\AppData\Local\Temp\Server.exe
PID 3940 wrote to memory of 4016	N/A	C:\Users\Admin\AppData\Local\Temp\slinkyloader.exe	C:\Users\Admin\AppData\Local\Temp\Server.exe
PID 3940 wrote to memory of 4016	N/A	C:\Users\Admin\AppData\Local\Temp\slinkyloader.exe	C:\Users\Admin\AppData\Local\Temp\Server.exe
PID 3940 wrote to memory of 3608	N/A	C:\Users\Admin\AppData\Local\Temp\slinkyloader.exe	C:\Users\Admin\AppData\Local\Temp\slinkyloader.exe
PID 3940 wrote to memory of 3608	N/A	C:\Users\Admin\AppData\Local\Temp\slinkyloader.exe	C:\Users\Admin\AppData\Local\Temp\slinkyloader.exe
PID 3608 wrote to memory of 3056	N/A	C:\Users\Admin\AppData\Local\Temp\slinkyloader.exe	C:\Users\Admin\AppData\Local\Temp\Server.exe
PID 3608 wrote to memory of 3056	N/A	C:\Users\Admin\AppData\Local\Temp\slinkyloader.exe	C:\Users\Admin\AppData\Local\Temp\Server.exe
PID 3608 wrote to memory of 3056	N/A	C:\Users\Admin\AppData\Local\Temp\slinkyloader.exe	C:\Users\Admin\AppData\Local\Temp\Server.exe
PID 3608 wrote to memory of 1756	N/A	C:\Users\Admin\AppData\Local\Temp\slinkyloader.exe	C:\Users\Admin\AppData\Local\Temp\slinkyloader.exe
PID 3608 wrote to memory of 1756	N/A	C:\Users\Admin\AppData\Local\Temp\slinkyloader.exe	C:\Users\Admin\AppData\Local\Temp\slinkyloader.exe
PID 1756 wrote to memory of 1776	N/A	C:\Users\Admin\AppData\Local\Temp\slinkyloader.exe	C:\Users\Admin\AppData\Local\Temp\Server.exe
PID 1756 wrote to memory of 1776	N/A	C:\Users\Admin\AppData\Local\Temp\slinkyloader.exe	C:\Users\Admin\AppData\Local\Temp\Server.exe
PID 1756 wrote to memory of 1776	N/A	C:\Users\Admin\AppData\Local\Temp\slinkyloader.exe	C:\Users\Admin\AppData\Local\Temp\Server.exe
PID 1756 wrote to memory of 3928	N/A	C:\Users\Admin\AppData\Local\Temp\slinkyloader.exe	C:\Users\Admin\AppData\Local\Temp\slinkyloader.exe
PID 1756 wrote to memory of 3928	N/A	C:\Users\Admin\AppData\Local\Temp\slinkyloader.exe	C:\Users\Admin\AppData\Local\Temp\slinkyloader.exe
PID 3928 wrote to memory of 1720	N/A	C:\Users\Admin\AppData\Local\Temp\slinkyloader.exe	C:\Users\Admin\AppData\Local\Temp\Server.exe
PID 3928 wrote to memory of 1720	N/A	C:\Users\Admin\AppData\Local\Temp\slinkyloader.exe	C:\Users\Admin\AppData\Local\Temp\Server.exe
PID 3928 wrote to memory of 1720	N/A	C:\Users\Admin\AppData\Local\Temp\slinkyloader.exe	C:\Users\Admin\AppData\Local\Temp\Server.exe
PID 3928 wrote to memory of 4768	N/A	C:\Users\Admin\AppData\Local\Temp\slinkyloader.exe	C:\Users\Admin\AppData\Local\Temp\slinkyloader.exe
PID 3928 wrote to memory of 4768	N/A	C:\Users\Admin\AppData\Local\Temp\slinkyloader.exe	C:\Users\Admin\AppData\Local\Temp\slinkyloader.exe
PID 4768 wrote to memory of 3940	N/A	C:\Users\Admin\AppData\Local\Temp\slinkyloader.exe	C:\Users\Admin\AppData\Local\Temp\Server.exe
PID 4768 wrote to memory of 3940	N/A	C:\Users\Admin\AppData\Local\Temp\slinkyloader.exe	C:\Users\Admin\AppData\Local\Temp\Server.exe
PID 4768 wrote to memory of 3940	N/A	C:\Users\Admin\AppData\Local\Temp\slinkyloader.exe	C:\Users\Admin\AppData\Local\Temp\Server.exe
PID 4768 wrote to memory of 640	N/A	C:\Users\Admin\AppData\Local\Temp\slinkyloader.exe	C:\Users\Admin\AppData\Local\Temp\slinkyloader.exe
PID 4768 wrote to memory of 640	N/A	C:\Users\Admin\AppData\Local\Temp\slinkyloader.exe	C:\Users\Admin\AppData\Local\Temp\slinkyloader.exe
PID 640 wrote to memory of 2452	N/A	C:\Users\Admin\AppData\Local\Temp\slinkyloader.exe	C:\Users\Admin\AppData\Local\Temp\Server.exe
PID 640 wrote to memory of 2452	N/A	C:\Users\Admin\AppData\Local\Temp\slinkyloader.exe	C:\Users\Admin\AppData\Local\Temp\Server.exe
PID 640 wrote to memory of 2452	N/A	C:\Users\Admin\AppData\Local\Temp\slinkyloader.exe	C:\Users\Admin\AppData\Local\Temp\Server.exe
PID 640 wrote to memory of 3064	N/A	C:\Users\Admin\AppData\Local\Temp\slinkyloader.exe	C:\Users\Admin\AppData\Local\Temp\slinkyloader.exe
PID 640 wrote to memory of 3064	N/A	C:\Users\Admin\AppData\Local\Temp\slinkyloader.exe	C:\Users\Admin\AppData\Local\Temp\slinkyloader.exe
PID 3064 wrote to memory of 3648	N/A	C:\Users\Admin\AppData\Local\Temp\slinkyloader.exe	C:\Users\Admin\AppData\Local\Temp\Server.exe
PID 3064 wrote to memory of 3648	N/A	C:\Users\Admin\AppData\Local\Temp\slinkyloader.exe	C:\Users\Admin\AppData\Local\Temp\Server.exe
PID 3064 wrote to memory of 3648	N/A	C:\Users\Admin\AppData\Local\Temp\slinkyloader.exe	C:\Users\Admin\AppData\Local\Temp\Server.exe
PID 3064 wrote to memory of 2896	N/A	C:\Users\Admin\AppData\Local\Temp\slinkyloader.exe	C:\Users\Admin\AppData\Local\Temp\slinkyloader.exe
PID 3064 wrote to memory of 2896	N/A	C:\Users\Admin\AppData\Local\Temp\slinkyloader.exe	C:\Users\Admin\AppData\Local\Temp\slinkyloader.exe
PID 2896 wrote to memory of 3860	N/A	C:\Users\Admin\AppData\Local\Temp\slinkyloader.exe	C:\Users\Admin\AppData\Local\Temp\Server.exe
PID 2896 wrote to memory of 3860	N/A	C:\Users\Admin\AppData\Local\Temp\slinkyloader.exe	C:\Users\Admin\AppData\Local\Temp\Server.exe
PID 2896 wrote to memory of 3860	N/A	C:\Users\Admin\AppData\Local\Temp\slinkyloader.exe	C:\Users\Admin\AppData\Local\Temp\Server.exe
PID 2896 wrote to memory of 2264	N/A	C:\Users\Admin\AppData\Local\Temp\slinkyloader.exe	C:\Users\Admin\AppData\Local\Temp\slinkyloader.exe
PID 2896 wrote to memory of 2264	N/A	C:\Users\Admin\AppData\Local\Temp\slinkyloader.exe	C:\Users\Admin\AppData\Local\Temp\slinkyloader.exe
PID 2264 wrote to memory of 5308	N/A	C:\Users\Admin\AppData\Local\Temp\slinkyloader.exe	C:\Users\Admin\AppData\Local\Temp\Server.exe
PID 2264 wrote to memory of 5308	N/A	C:\Users\Admin\AppData\Local\Temp\slinkyloader.exe	C:\Users\Admin\AppData\Local\Temp\Server.exe
PID 2264 wrote to memory of 5308	N/A	C:\Users\Admin\AppData\Local\Temp\slinkyloader.exe	C:\Users\Admin\AppData\Local\Temp\Server.exe
PID 2264 wrote to memory of 5372	N/A	C:\Users\Admin\AppData\Local\Temp\slinkyloader.exe	C:\Users\Admin\AppData\Local\Temp\slinkyloader.exe

Processes

C:\Users\Admin\AppData\Local\Temp\slinkyloader.exe

"C:\Users\Admin\AppData\Local\Temp\slinkyloader.exe"

C:\Users\Admin\AppData\Local\Temp\Server.exe

"C:\Users\Admin\AppData\Local\Temp\Server.exe"

C:\Users\Admin\AppData\Local\Temp\slinkyloader.exe

"C:\Users\Admin\AppData\Local\Temp\slinkyloader.exe"

C:\Users\Admin\AppData\Local\Temp\Server.exe

"C:\Users\Admin\AppData\Local\Temp\Server.exe"

C:\Users\Admin\AppData\Local\Temp\slinkyloader.exe

"C:\Users\Admin\AppData\Local\Temp\slinkyloader.exe"

C:\Users\Admin\AppData\Local\Temp\Server.exe

"C:\Users\Admin\AppData\Local\Temp\Server.exe"

C:\Users\Admin\AppData\Local\Temp\slinkyloader.exe

"C:\Users\Admin\AppData\Local\Temp\slinkyloader.exe"

C:\Users\Admin\AppData\Local\Temp\Server.exe

"C:\Users\Admin\AppData\Local\Temp\Server.exe"

C:\Users\Admin\AppData\Local\Temp\slinkyloader.exe

"C:\Users\Admin\AppData\Local\Temp\slinkyloader.exe"

C:\Users\Admin\AppData\Local\Temp\Server.exe

"C:\Users\Admin\AppData\Local\Temp\Server.exe"

C:\Users\Admin\AppData\Local\Temp\slinkyloader.exe

"C:\Users\Admin\AppData\Local\Temp\slinkyloader.exe"

C:\Users\Admin\AppData\Local\Temp\Server.exe

"C:\Users\Admin\AppData\Local\Temp\Server.exe"

C:\Users\Admin\AppData\Local\Temp\slinkyloader.exe

"C:\Users\Admin\AppData\Local\Temp\slinkyloader.exe"

C:\Users\Admin\AppData\Local\Temp\Server.exe

"C:\Users\Admin\AppData\Local\Temp\Server.exe"

C:\Users\Admin\AppData\Local\Temp\slinkyloader.exe

"C:\Users\Admin\AppData\Local\Temp\slinkyloader.exe"

C:\Users\Admin\AppData\Local\Temp\Server.exe

"C:\Users\Admin\AppData\Local\Temp\Server.exe"

C:\Users\Admin\AppData\Local\Temp\slinkyloader.exe

"C:\Users\Admin\AppData\Local\Temp\slinkyloader.exe"

C:\Users\Admin\AppData\Local\Temp\Server.exe

"C:\Users\Admin\AppData\Local\Temp\Server.exe"

C:\Users\Admin\AppData\Local\Temp\slinkyloader.exe

"C:\Users\Admin\AppData\Local\Temp\slinkyloader.exe"

C:\Users\Admin\AppData\Local\Temp\Server.exe

"C:\Users\Admin\AppData\Local\Temp\Server.exe"

C:\Users\Admin\AppData\Local\Temp\slinkyloader.exe

"C:\Users\Admin\AppData\Local\Temp\slinkyloader.exe"

C:\Users\Admin\AppData\Local\Temp\Server.exe

"C:\Users\Admin\AppData\Local\Temp\Server.exe"

C:\Users\Admin\AppData\Local\Temp\slinkyloader.exe

"C:\Users\Admin\AppData\Local\Temp\slinkyloader.exe"

C:\Users\Admin\AppData\Local\Temp\Server.exe

"C:\Users\Admin\AppData\Local\Temp\Server.exe"

C:\Users\Admin\AppData\Local\Temp\slinkyloader.exe

"C:\Users\Admin\AppData\Local\Temp\slinkyloader.exe"

C:\Users\Admin\AppData\Local\Temp\Server.exe

"C:\Users\Admin\AppData\Local\Temp\Server.exe"

C:\Users\Admin\AppData\Local\Temp\slinkyloader.exe

"C:\Users\Admin\AppData\Local\Temp\slinkyloader.exe"

C:\Users\Admin\AppData\Local\Temp\Server.exe

"C:\Users\Admin\AppData\Local\Temp\Server.exe"

C:\Users\Admin\AppData\Local\Temp\slinkyloader.exe

"C:\Users\Admin\AppData\Local\Temp\slinkyloader.exe"

C:\Users\Admin\AppData\Local\Temp\Server.exe

"C:\Users\Admin\AppData\Local\Temp\Server.exe"

C:\Users\Admin\AppData\Local\Temp\slinkyloader.exe

"C:\Users\Admin\AppData\Local\Temp\slinkyloader.exe"

C:\Users\Admin\AppData\Local\Temp\Server.exe

"C:\Users\Admin\AppData\Local\Temp\Server.exe"

C:\Users\Admin\AppData\Local\Temp\slinkyloader.exe

"C:\Users\Admin\AppData\Local\Temp\slinkyloader.exe"

C:\Users\Admin\AppData\Local\Temp\Server.exe

"C:\Users\Admin\AppData\Local\Temp\Server.exe"

C:\Users\Admin\AppData\Local\Temp\slinkyloader.exe

"C:\Users\Admin\AppData\Local\Temp\slinkyloader.exe"

C:\Users\Admin\AppData\Local\Temp\Server.exe

"C:\Users\Admin\AppData\Local\Temp\Server.exe"

C:\Users\Admin\AppData\Local\Temp\slinkyloader.exe

"C:\Users\Admin\AppData\Local\Temp\slinkyloader.exe"

C:\Users\Admin\AppData\Local\Temp\Server.exe

"C:\Users\Admin\AppData\Local\Temp\Server.exe"

C:\Users\Admin\AppData\Local\Temp\slinkyloader.exe

"C:\Users\Admin\AppData\Local\Temp\slinkyloader.exe"

C:\Users\Admin\AppData\Local\Temp\Server.exe

"C:\Users\Admin\AppData\Local\Temp\Server.exe"

C:\Users\Admin\AppData\Local\Temp\slinkyloader.exe

"C:\Users\Admin\AppData\Local\Temp\slinkyloader.exe"

C:\Users\Admin\AppData\Local\Temp\Server.exe

"C:\Users\Admin\AppData\Local\Temp\Server.exe"

C:\Users\Admin\AppData\Local\Temp\slinkyloader.exe

"C:\Users\Admin\AppData\Local\Temp\slinkyloader.exe"

C:\Users\Admin\AppData\Local\Temp\Server.exe

"C:\Users\Admin\AppData\Local\Temp\Server.exe"

C:\Users\Admin\AppData\Local\Temp\slinkyloader.exe

"C:\Users\Admin\AppData\Local\Temp\slinkyloader.exe"

C:\Users\Admin\AppData\Local\Temp\Server.exe

"C:\Users\Admin\AppData\Local\Temp\Server.exe"

C:\Users\Admin\AppData\Local\Temp\slinkyloader.exe

"C:\Users\Admin\AppData\Local\Temp\slinkyloader.exe"

C:\Users\Admin\AppData\Local\Temp\Server.exe

"C:\Users\Admin\AppData\Local\Temp\Server.exe"

C:\Users\Admin\AppData\Local\Temp\slinkyloader.exe

"C:\Users\Admin\AppData\Local\Temp\slinkyloader.exe"

C:\Users\Admin\AppData\Local\Temp\Server.exe

"C:\Users\Admin\AppData\Local\Temp\Server.exe"

C:\Users\Admin\AppData\Local\Temp\slinkyloader.exe

"C:\Users\Admin\AppData\Local\Temp\slinkyloader.exe"

C:\Users\Admin\AppData\Local\Temp\Server.exe

"C:\Users\Admin\AppData\Local\Temp\Server.exe"

C:\Users\Admin\AppData\Local\Temp\slinkyloader.exe

"C:\Users\Admin\AppData\Local\Temp\slinkyloader.exe"

C:\Users\Admin\AppData\Local\Temp\Server.exe

"C:\Users\Admin\AppData\Local\Temp\Server.exe"

C:\Users\Admin\AppData\Local\Temp\slinkyloader.exe

"C:\Users\Admin\AppData\Local\Temp\slinkyloader.exe"

C:\Users\Admin\AppData\Local\Temp\Server.exe

"C:\Users\Admin\AppData\Local\Temp\Server.exe"

C:\Users\Admin\AppData\Local\Temp\slinkyloader.exe

"C:\Users\Admin\AppData\Local\Temp\slinkyloader.exe"

C:\Users\Admin\AppData\Local\Temp\Server.exe

"C:\Users\Admin\AppData\Local\Temp\Server.exe"

C:\Users\Admin\AppData\Local\Temp\slinkyloader.exe

"C:\Users\Admin\AppData\Local\Temp\slinkyloader.exe"

C:\Users\Admin\AppData\Local\Temp\Server.exe

"C:\Users\Admin\AppData\Local\Temp\Server.exe"

C:\Users\Admin\AppData\Local\Temp\slinkyloader.exe

"C:\Users\Admin\AppData\Local\Temp\slinkyloader.exe"

C:\Users\Admin\AppData\Local\Temp\Server.exe

"C:\Users\Admin\AppData\Local\Temp\Server.exe"

C:\Users\Admin\AppData\Local\Temp\slinkyloader.exe

"C:\Users\Admin\AppData\Local\Temp\slinkyloader.exe"

C:\Users\Admin\AppData\Local\Temp\Server.exe

"C:\Users\Admin\AppData\Local\Temp\Server.exe"

C:\Users\Admin\AppData\Local\Temp\slinkyloader.exe

"C:\Users\Admin\AppData\Local\Temp\slinkyloader.exe"

C:\Users\Admin\AppData\Local\Temp\Server.exe

"C:\Users\Admin\AppData\Local\Temp\Server.exe"

C:\Users\Admin\AppData\Local\Temp\slinkyloader.exe

"C:\Users\Admin\AppData\Local\Temp\slinkyloader.exe"

C:\Users\Admin\AppData\Local\Temp\Server.exe

"C:\Users\Admin\AppData\Local\Temp\Server.exe"

C:\Users\Admin\AppData\Local\Temp\slinkyloader.exe

"C:\Users\Admin\AppData\Local\Temp\slinkyloader.exe"

C:\Users\Admin\AppData\Local\Temp\Server.exe

"C:\Users\Admin\AppData\Local\Temp\Server.exe"

C:\Users\Admin\AppData\Local\Temp\slinkyloader.exe

"C:\Users\Admin\AppData\Local\Temp\slinkyloader.exe"

C:\Users\Admin\AppData\Local\Temp\Server.exe

"C:\Users\Admin\AppData\Local\Temp\Server.exe"

C:\Users\Admin\AppData\Local\Temp\slinkyloader.exe

"C:\Users\Admin\AppData\Local\Temp\slinkyloader.exe"

C:\Users\Admin\AppData\Local\Temp\Server.exe

"C:\Users\Admin\AppData\Local\Temp\Server.exe"

C:\Users\Admin\AppData\Local\Temp\slinkyloader.exe

"C:\Users\Admin\AppData\Local\Temp\slinkyloader.exe"

C:\Users\Admin\AppData\Local\Temp\Server.exe

"C:\Users\Admin\AppData\Local\Temp\Server.exe"

C:\Users\Admin\AppData\Local\Temp\slinkyloader.exe

"C:\Users\Admin\AppData\Local\Temp\slinkyloader.exe"

C:\Users\Admin\AppData\Local\Temp\Server.exe

"C:\Users\Admin\AppData\Local\Temp\Server.exe"

C:\Users\Admin\AppData\Local\Temp\slinkyloader.exe

"C:\Users\Admin\AppData\Local\Temp\slinkyloader.exe"

C:\Users\Admin\AppData\Local\Temp\Server.exe

"C:\Users\Admin\AppData\Local\Temp\Server.exe"

C:\Users\Admin\AppData\Local\Temp\slinkyloader.exe

"C:\Users\Admin\AppData\Local\Temp\slinkyloader.exe"

C:\Users\Admin\AppData\Local\Temp\Server.exe

"C:\Users\Admin\AppData\Local\Temp\Server.exe"

C:\Users\Admin\AppData\Local\Temp\slinkyloader.exe

"C:\Users\Admin\AppData\Local\Temp\slinkyloader.exe"

C:\Users\Admin\AppData\Local\Temp\Server.exe

"C:\Users\Admin\AppData\Local\Temp\Server.exe"

C:\Users\Admin\AppData\Local\Temp\slinkyloader.exe

"C:\Users\Admin\AppData\Local\Temp\slinkyloader.exe"

C:\Users\Admin\AppData\Local\Temp\Server.exe

"C:\Users\Admin\AppData\Local\Temp\Server.exe"

C:\Users\Admin\AppData\Local\Temp\slinkyloader.exe

"C:\Users\Admin\AppData\Local\Temp\slinkyloader.exe"

C:\Users\Admin\AppData\Local\Temp\Server.exe

"C:\Users\Admin\AppData\Local\Temp\Server.exe"

C:\Users\Admin\AppData\Local\Temp\slinkyloader.exe

"C:\Users\Admin\AppData\Local\Temp\slinkyloader.exe"

C:\Users\Admin\AppData\Local\Temp\Server.exe

"C:\Users\Admin\AppData\Local\Temp\Server.exe"

C:\Users\Admin\AppData\Local\Temp\slinkyloader.exe

"C:\Users\Admin\AppData\Local\Temp\slinkyloader.exe"

C:\Users\Admin\AppData\Local\Temp\Server.exe

"C:\Users\Admin\AppData\Local\Temp\Server.exe"

C:\Users\Admin\AppData\Local\Temp\slinkyloader.exe

"C:\Users\Admin\AppData\Local\Temp\slinkyloader.exe"

Network

Country	Destination	Domain	Proto
US	8.8.8.8:53	75.159.190.20.in-addr.arpa	udp
US	8.8.8.8:53	241.150.49.20.in-addr.arpa	udp
US	8.8.8.8:53	g.bing.com	udp
US	204.79.197.237:443	g.bing.com	tcp
US	8.8.8.8:53	237.197.79.204.in-addr.arpa	udp
US	8.8.8.8:53	241.154.82.20.in-addr.arpa	udp
US	8.8.8.8:53	57.169.31.20.in-addr.arpa	udp
US	8.8.8.8:53	209.205.72.20.in-addr.arpa	udp
US	8.8.8.8:53	month-washer.gl.at.ply.gg	udp
NL	23.62.61.75:443	www.bing.com	tcp
US	147.185.221.19:33498	month-washer.gl.at.ply.gg	tcp
US	147.185.221.19:33498	month-washer.gl.at.ply.gg	tcp
US	8.8.8.8:53	132.46.30.184.in-addr.arpa	udp
US	8.8.8.8:53	75.61.62.23.in-addr.arpa	udp
US	147.185.221.19:33498	month-washer.gl.at.ply.gg	tcp
US	8.8.8.8:53	26.165.165.52.in-addr.arpa	udp
US	147.185.221.19:33498	month-washer.gl.at.ply.gg	tcp
US	147.185.221.19:33498	month-washer.gl.at.ply.gg	tcp
US	147.185.221.19:33498	month-washer.gl.at.ply.gg	tcp
US	147.185.221.19:33498	month-washer.gl.at.ply.gg	tcp
US	8.8.8.8:53	28.118.140.52.in-addr.arpa	udp
US	147.185.221.19:33498	month-washer.gl.at.ply.gg	tcp
US	147.185.221.19:33498	month-washer.gl.at.ply.gg	tcp
US	147.185.221.19:33498	month-washer.gl.at.ply.gg	tcp
US	8.8.8.8:53	198.187.3.20.in-addr.arpa	udp
US	147.185.221.19:33498	month-washer.gl.at.ply.gg	tcp
US	147.185.221.19:33498	month-washer.gl.at.ply.gg	tcp
US	147.185.221.19:33498	month-washer.gl.at.ply.gg	tcp
US	147.185.221.19:33498	month-washer.gl.at.ply.gg	tcp
US	147.185.221.19:33498	month-washer.gl.at.ply.gg	tcp
US	147.185.221.19:33498	month-washer.gl.at.ply.gg	tcp
US	147.185.221.19:33498	month-washer.gl.at.ply.gg	tcp
US	8.8.8.8:53	24.139.73.23.in-addr.arpa	udp
US	147.185.221.19:33498	month-washer.gl.at.ply.gg	tcp
US	8.8.8.8:53	154.173.246.72.in-addr.arpa	udp
US	147.185.221.19:33498	month-washer.gl.at.ply.gg	tcp
US	8.8.8.8:53	206.221.208.4.in-addr.arpa	udp
US	147.185.221.19:33498	month-washer.gl.at.ply.gg	tcp
US	147.185.221.19:33498	month-washer.gl.at.ply.gg	tcp
US	8.8.8.8:53	119.110.54.20.in-addr.arpa	udp
US	147.185.221.19:33498	month-washer.gl.at.ply.gg	tcp
US	147.185.221.19:33498	month-washer.gl.at.ply.gg	tcp
US	147.185.221.19:33498	month-washer.gl.at.ply.gg	tcp
US	147.185.221.19:33498	month-washer.gl.at.ply.gg	tcp
US	147.185.221.19:33498	month-washer.gl.at.ply.gg	tcp
US	147.185.221.19:33498	month-washer.gl.at.ply.gg	tcp
US	147.185.221.19:33498	month-washer.gl.at.ply.gg	tcp
US	8.8.8.8:53	172.210.232.199.in-addr.arpa	udp
US	147.185.221.19:33498	month-washer.gl.at.ply.gg	tcp
US	147.185.221.19:33498	month-washer.gl.at.ply.gg	tcp
US	147.185.221.19:33498	month-washer.gl.at.ply.gg	tcp
US	147.185.221.19:33498	month-washer.gl.at.ply.gg	tcp
US	147.185.221.19:33498	month-washer.gl.at.ply.gg	tcp
US	147.185.221.19:33498	month-washer.gl.at.ply.gg	tcp
US	147.185.221.19:33498	month-washer.gl.at.ply.gg	tcp
US	147.185.221.19:33498	month-washer.gl.at.ply.gg	tcp
US	147.185.221.19:33498	month-washer.gl.at.ply.gg	tcp
US	147.185.221.19:33498	month-washer.gl.at.ply.gg	tcp
US	8.8.8.8:53	240.197.17.2.in-addr.arpa	udp
US	147.185.221.19:33498	month-washer.gl.at.ply.gg	tcp
US	147.185.221.19:33498	month-washer.gl.at.ply.gg	tcp
US	147.185.221.19:33498	month-washer.gl.at.ply.gg	tcp
US	147.185.221.19:33498	month-washer.gl.at.ply.gg	tcp
US	147.185.221.19:33498	month-washer.gl.at.ply.gg	tcp
US	8.8.8.8:53	216.197.17.2.in-addr.arpa	udp
US	147.185.221.19:33498	month-washer.gl.at.ply.gg	tcp
US	147.185.221.19:33498	month-washer.gl.at.ply.gg	tcp
US	147.185.221.19:33498	month-washer.gl.at.ply.gg	tcp
US	8.8.8.8:53	205.47.74.20.in-addr.arpa	udp
US	8.8.8.8:53	51.15.97.104.in-addr.arpa	udp
US	147.185.221.19:33498	month-washer.gl.at.ply.gg	tcp
US	147.185.221.19:33498	month-washer.gl.at.ply.gg	tcp
US	147.185.221.19:33498	month-washer.gl.at.ply.gg	tcp
US	147.185.221.19:33498	month-washer.gl.at.ply.gg	tcp
US	147.185.221.19:33498	month-washer.gl.at.ply.gg	tcp
US	147.185.221.19:33498	month-washer.gl.at.ply.gg	tcp
US	147.185.221.19:33498	month-washer.gl.at.ply.gg	tcp
US	147.185.221.19:33498	month-washer.gl.at.ply.gg	tcp
US	147.185.221.19:33498	month-washer.gl.at.ply.gg	tcp
US	147.185.221.19:33498	month-washer.gl.at.ply.gg	tcp
US	147.185.221.19:33498	month-washer.gl.at.ply.gg	tcp
US	147.185.221.19:33498	month-washer.gl.at.ply.gg	tcp
US	147.185.221.19:33498	month-washer.gl.at.ply.gg	tcp
US	147.185.221.19:33498	month-washer.gl.at.ply.gg	tcp
US	147.185.221.19:33498	month-washer.gl.at.ply.gg	tcp
US	147.185.221.19:33498	month-washer.gl.at.ply.gg	tcp
US	147.185.221.19:33498	month-washer.gl.at.ply.gg	tcp
US	147.185.221.19:33498	month-washer.gl.at.ply.gg	tcp
US	147.185.221.19:33498	month-washer.gl.at.ply.gg	tcp
US	147.185.221.19:33498	month-washer.gl.at.ply.gg	tcp
US	147.185.221.19:33498	month-washer.gl.at.ply.gg	tcp
US	147.185.221.19:33498	month-washer.gl.at.ply.gg	tcp
US	147.185.221.19:33498	month-washer.gl.at.ply.gg	tcp
US	147.185.221.19:33498	month-washer.gl.at.ply.gg	tcp
US	8.8.8.8:53	48.229.111.52.in-addr.arpa	udp
US	147.185.221.19:33498	month-washer.gl.at.ply.gg	tcp
US	147.185.221.19:33498	month-washer.gl.at.ply.gg	tcp
US	147.185.221.19:33498	month-washer.gl.at.ply.gg	tcp
US	147.185.221.19:33498	month-washer.gl.at.ply.gg	tcp
US	147.185.221.19:33498	month-washer.gl.at.ply.gg	tcp
US	147.185.221.19:33498	month-washer.gl.at.ply.gg	tcp
US	147.185.221.19:33498	month-washer.gl.at.ply.gg	tcp
US	147.185.221.19:33498	month-washer.gl.at.ply.gg	tcp
US	147.185.221.19:33498	month-washer.gl.at.ply.gg	tcp
US	147.185.221.19:33498	month-washer.gl.at.ply.gg	tcp
US	147.185.221.19:33498	month-washer.gl.at.ply.gg	tcp
US	147.185.221.19:33498	month-washer.gl.at.ply.gg	tcp
US	147.185.221.19:33498	month-washer.gl.at.ply.gg	tcp
US	147.185.221.19:33498	month-washer.gl.at.ply.gg	tcp
US	147.185.221.19:33498	month-washer.gl.at.ply.gg	tcp
US	147.185.221.19:33498	month-washer.gl.at.ply.gg	tcp
US	147.185.221.19:33498	month-washer.gl.at.ply.gg	tcp
US	147.185.221.19:33498	month-washer.gl.at.ply.gg	tcp
US	147.185.221.19:33498	month-washer.gl.at.ply.gg	tcp
US	147.185.221.19:33498	month-washer.gl.at.ply.gg	tcp
US	147.185.221.19:33498	month-washer.gl.at.ply.gg	tcp
US	8.8.8.8:53	tse1.mm.bing.net	udp
US	204.79.197.200:443	tse1.mm.bing.net	tcp
US	204.79.197.200:443	tse1.mm.bing.net	tcp
US	204.79.197.200:443	tse1.mm.bing.net	tcp
US	204.79.197.200:443	tse1.mm.bing.net	tcp
US	204.79.197.200:443	tse1.mm.bing.net	tcp
US	147.185.221.19:33498	month-washer.gl.at.ply.gg	tcp
US	147.185.221.19:33498	month-washer.gl.at.ply.gg	tcp
US	147.185.221.19:33498	month-washer.gl.at.ply.gg	tcp
US	147.185.221.19:33498	month-washer.gl.at.ply.gg	tcp
US	147.185.221.19:33498	month-washer.gl.at.ply.gg	tcp
US	147.185.221.19:33498	month-washer.gl.at.ply.gg	tcp
US	147.185.221.19:33498	month-washer.gl.at.ply.gg	tcp
US	147.185.221.19:33498	month-washer.gl.at.ply.gg	tcp
US	147.185.221.19:33498	month-washer.gl.at.ply.gg	tcp
US	147.185.221.19:33498	month-washer.gl.at.ply.gg	tcp
US	147.185.221.19:33498	month-washer.gl.at.ply.gg	tcp
US	147.185.221.19:33498	month-washer.gl.at.ply.gg	tcp
US	147.185.221.19:33498	month-washer.gl.at.ply.gg	tcp
US	147.185.221.19:33498	month-washer.gl.at.ply.gg	tcp
US	147.185.221.19:33498	month-washer.gl.at.ply.gg	tcp
US	147.185.221.19:33498	month-washer.gl.at.ply.gg	tcp
US	147.185.221.19:33498	month-washer.gl.at.ply.gg	tcp
US	147.185.221.19:33498	month-washer.gl.at.ply.gg	tcp
US	147.185.221.19:33498	month-washer.gl.at.ply.gg	tcp
US	147.185.221.19:33498	month-washer.gl.at.ply.gg	tcp
US	147.185.221.19:33498	month-washer.gl.at.ply.gg	tcp
US	147.185.221.19:33498	month-washer.gl.at.ply.gg	tcp
US	147.185.221.19:33498	month-washer.gl.at.ply.gg	tcp
US	147.185.221.19:33498	month-washer.gl.at.ply.gg	tcp
US	147.185.221.19:33498	month-washer.gl.at.ply.gg	tcp
US	147.185.221.19:33498	month-washer.gl.at.ply.gg	tcp
US	147.185.221.19:33498	month-washer.gl.at.ply.gg	tcp
US	147.185.221.19:33498	month-washer.gl.at.ply.gg	tcp
US	147.185.221.19:33498	month-washer.gl.at.ply.gg	tcp
US	147.185.221.19:33498	month-washer.gl.at.ply.gg	tcp
US	147.185.221.19:33498	month-washer.gl.at.ply.gg	tcp
US	147.185.221.19:33498	month-washer.gl.at.ply.gg	tcp
US	147.185.221.19:33498	month-washer.gl.at.ply.gg	tcp
US	147.185.221.19:33498	month-washer.gl.at.ply.gg	tcp
US	147.185.221.19:33498	month-washer.gl.at.ply.gg	tcp
US	147.185.221.19:33498	month-washer.gl.at.ply.gg	tcp
US	147.185.221.19:33498	month-washer.gl.at.ply.gg	tcp
US	147.185.221.19:33498	month-washer.gl.at.ply.gg	tcp
US	147.185.221.19:33498	month-washer.gl.at.ply.gg	tcp
US	147.185.221.19:33498	month-washer.gl.at.ply.gg	tcp
US	147.185.221.19:33498	month-washer.gl.at.ply.gg	tcp
US	147.185.221.19:33498	month-washer.gl.at.ply.gg	tcp
US	147.185.221.19:33498	month-washer.gl.at.ply.gg	tcp
US	147.185.221.19:33498	month-washer.gl.at.ply.gg	tcp

Files

memory/100-1-0x0000000000C40000-0x0000000001DD2000-memory.dmp

memory/100-0-0x00007FFB61CB0000-0x00007FFB62771000-memory.dmp

memory/100-3-0x000000001C930000-0x000000001C940000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\Server.exe

MD5	5bf06998216b64bdde7e0356fff186e6
SHA1	2bfc86b0718eff41d4976212547fc651c75a5814
SHA256	b5f4a205a5c19245cfc9ea9a0e443d394b76f94af19f69144a084a5252c0da50
SHA512	1355ec92bf7eedba5b3785fb2ecc83aa91fb4beebdecca863c40f1e64925af9ee6281b78137ec891a278da808dbe4f3eca0828d6aece17f25cf061ab108e741c

C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\slinkyloader.exe.log

MD5	2ff39f6c7249774be85fd60a8f9a245e
SHA1	684ff36b31aedc1e587c8496c02722c6698c1c4e
SHA256	e1b91642d85d98124a6a31f710e137ab7fd90dec30e74a05ab7fcf3b7887dced
SHA512	1d7e8b92ef4afd463d62cfa7e8b9d1799db5bf2a263d3cd7840df2e0a1323d24eb595b5f8eb615c6cb15f9e3a7b4fc99f8dd6a3d34479222e966ec708998aed1

memory/100-16-0x00007FFB61CB0000-0x00007FFB62771000-memory.dmp

memory/4640-18-0x00007FFB61CB0000-0x00007FFB62771000-memory.dmp

memory/2268-17-0x00000000005B0000-0x00000000005CE000-memory.dmp

memory/2268-19-0x0000000075180000-0x0000000075930000-memory.dmp

memory/2268-20-0x00000000054F0000-0x0000000005B08000-memory.dmp

memory/2268-21-0x0000000004F80000-0x0000000004F92000-memory.dmp

memory/2268-22-0x0000000004FE0000-0x000000000501C000-memory.dmp

memory/2268-23-0x0000000004EC0000-0x0000000004ED0000-memory.dmp

memory/2268-24-0x0000000005020000-0x000000000506C000-memory.dmp

memory/2268-25-0x0000000005280000-0x000000000538A000-memory.dmp

memory/3076-27-0x0000000075180000-0x0000000075930000-memory.dmp

memory/4640-28-0x00007FFB61CB0000-0x00007FFB62771000-memory.dmp

memory/4872-29-0x00007FFB61CB0000-0x00007FFB62771000-memory.dmp

memory/3076-30-0x0000000005420000-0x0000000005430000-memory.dmp

memory/4872-31-0x000000001C110000-0x000000001C120000-memory.dmp

memory/4516-33-0x0000000075180000-0x0000000075930000-memory.dmp

memory/4716-34-0x00007FFB61CB0000-0x00007FFB62771000-memory.dmp

memory/4872-35-0x00007FFB61CB0000-0x00007FFB62771000-memory.dmp

memory/4516-36-0x00000000051C0000-0x00000000051D0000-memory.dmp

memory/4716-37-0x000000001CB70000-0x000000001CB80000-memory.dmp

memory/2268-39-0x0000000075180000-0x0000000075930000-memory.dmp

memory/3904-40-0x0000000075180000-0x0000000075930000-memory.dmp

memory/2268-41-0x0000000004EC0000-0x0000000004ED0000-memory.dmp

memory/3940-43-0x00007FFB61CB0000-0x00007FFB62771000-memory.dmp

memory/4716-42-0x00007FFB61CB0000-0x00007FFB62771000-memory.dmp

memory/3904-44-0x00000000051E0000-0x00000000051F0000-memory.dmp

memory/3076-45-0x0000000075180000-0x0000000075930000-memory.dmp

memory/3940-46-0x000000001C870000-0x000000001C880000-memory.dmp

memory/4016-49-0x0000000075180000-0x0000000075930000-memory.dmp

memory/3076-48-0x0000000005420000-0x0000000005430000-memory.dmp

memory/4516-50-0x0000000075180000-0x0000000075930000-memory.dmp

memory/3940-52-0x00007FFB61CB0000-0x00007FFB62771000-memory.dmp

memory/3608-51-0x00007FFB61CB0000-0x00007FFB62771000-memory.dmp

memory/3608-53-0x0000000003300000-0x0000000003310000-memory.dmp

memory/4516-55-0x00000000051C0000-0x00000000051D0000-memory.dmp

memory/3056-56-0x0000000075180000-0x0000000075930000-memory.dmp

memory/3904-57-0x0000000075180000-0x0000000075930000-memory.dmp

memory/3056-58-0x0000000000D70000-0x0000000000D80000-memory.dmp

memory/1756-59-0x00007FFB61CB0000-0x00007FFB62771000-memory.dmp

memory/3608-60-0x00007FFB61CB0000-0x00007FFB62771000-memory.dmp

memory/1756-61-0x000000001CAD0000-0x000000001CAE0000-memory.dmp

memory/1776-63-0x0000000075180000-0x0000000075930000-memory.dmp

memory/4016-64-0x0000000075180000-0x0000000075930000-memory.dmp

memory/1756-66-0x00007FFB61CB0000-0x00007FFB62771000-memory.dmp

memory/3928-67-0x00007FFB61CB0000-0x00007FFB62771000-memory.dmp

memory/1776-65-0x0000000005650000-0x0000000005660000-memory.dmp

memory/4016-68-0x0000000004B10000-0x0000000004B20000-memory.dmp

memory/1720-70-0x0000000075180000-0x0000000075930000-memory.dmp

memory/4768-72-0x00007FFB61CB0000-0x00007FFB62771000-memory.dmp

memory/3928-71-0x00007FFB61CB0000-0x00007FFB62771000-memory.dmp

memory/3056-73-0x0000000075180000-0x0000000075930000-memory.dmp

memory/4768-74-0x000000001C920000-0x000000001C930000-memory.dmp

memory/3940-76-0x0000000075180000-0x0000000075930000-memory.dmp

memory/3940-77-0x0000000005040000-0x0000000005050000-memory.dmp

memory/4768-78-0x00007FFB61CB0000-0x00007FFB62771000-memory.dmp

memory/1776-79-0x0000000075180000-0x0000000075930000-memory.dmp

memory/640-80-0x00007FFB61CB0000-0x00007FFB62771000-memory.dmp

memory/640-81-0x0000000002180000-0x0000000002190000-memory.dmp

memory/1776-83-0x0000000005650000-0x0000000005660000-memory.dmp

memory/2452-84-0x0000000075180000-0x0000000075930000-memory.dmp

memory/640-85-0x00007FFB61CB0000-0x00007FFB62771000-memory.dmp

Malware Analysis Report

2024-09-11 08:44

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

Threat Level: Known bad

Malicious Activity Summary

MITRE ATT&CK Matrix V13

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Sample ID	240421-s9f6zsee35
Target	slinkyloader.exe
SHA256	369b5e6e18c6f1b494147389106008ee284eb20e448d57dd8fd814b05884e7a8
Tags	redline sectoprat cheat infostealer rat trojan