05b6a2cb3afc7728ff4b8e6f07b0d795bb4ba6a46a8ffd284956af09d97e1669

General

Target

PRODUCTS.exe
Size

1.6MB
MD5

c602a8370b58252d95cd8a6f6aa8c4fe
SHA1

89fade2a77769925085d8e3053b2cb367c7d6e65
SHA256

6fc9cd411abc81271ab3c8d4ff15a707a9aa9c537bb26199f3a4c65c0abfc066
SHA512

7ee8ef6cf954caa43e5c0961c21e9c222df8d6f83aeeeb18f7471e5a7ec03e9a167351eddeb6b09e8cc415d99d9992cad739e85fa9e4d495cee55819da32add1
SSDEEP

24576:hCdxte/80jYLT3U1jfsWaEpYEOcz4IsPoFM8C50kHk6QWegpI15w2XzbtQ:Aw80cTsjkWaEpX5sEM86HeoGpX2

Score

1^/10

Malware Config

Signatures

Suspicious behavior: MapViewOfSection 64 IoCs

Processes:

PRODUCTS.exe

pid	process
1664	PRODUCTS.exe
1664	PRODUCTS.exe
1664	PRODUCTS.exe
1664	PRODUCTS.exe
1664	PRODUCTS.exe
1664	PRODUCTS.exe
1664	PRODUCTS.exe
1664	PRODUCTS.exe
1664	PRODUCTS.exe
1664	PRODUCTS.exe
1664	PRODUCTS.exe
1664	PRODUCTS.exe
1664	PRODUCTS.exe
1664	PRODUCTS.exe
1664	PRODUCTS.exe
1664	PRODUCTS.exe
1664	PRODUCTS.exe
1664	PRODUCTS.exe
1664	PRODUCTS.exe
1664	PRODUCTS.exe
1664	PRODUCTS.exe
1664	PRODUCTS.exe
1664	PRODUCTS.exe
1664	PRODUCTS.exe
1664	PRODUCTS.exe
1664	PRODUCTS.exe
1664	PRODUCTS.exe
1664	PRODUCTS.exe
1664	PRODUCTS.exe
1664	PRODUCTS.exe
1664	PRODUCTS.exe
1664	PRODUCTS.exe
1664	PRODUCTS.exe
1664	PRODUCTS.exe
1664	PRODUCTS.exe
1664	PRODUCTS.exe
1664	PRODUCTS.exe
1664	PRODUCTS.exe
1664	PRODUCTS.exe
1664	PRODUCTS.exe
1664	PRODUCTS.exe
1664	PRODUCTS.exe
1664	PRODUCTS.exe
1664	PRODUCTS.exe
1664	PRODUCTS.exe
1664	PRODUCTS.exe
1664	PRODUCTS.exe
1664	PRODUCTS.exe
1664	PRODUCTS.exe
1664	PRODUCTS.exe
1664	PRODUCTS.exe
1664	PRODUCTS.exe
1664	PRODUCTS.exe
1664	PRODUCTS.exe
1664	PRODUCTS.exe
1664	PRODUCTS.exe
1664	PRODUCTS.exe
1664	PRODUCTS.exe
1664	PRODUCTS.exe
1664	PRODUCTS.exe
1664	PRODUCTS.exe
1664	PRODUCTS.exe
1664	PRODUCTS.exe
1664	PRODUCTS.exe

Suspicious use of FindShellTrayWindow 3 IoCs

Processes:

PRODUCTS.exe

pid process

1664 PRODUCTS.exe
1664 PRODUCTS.exe
1664 PRODUCTS.exe
Suspicious use of SendNotifyMessage 3 IoCs

Processes:

PRODUCTS.exe

pid process

1664 PRODUCTS.exe
1664 PRODUCTS.exe
1664 PRODUCTS.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

PRODUCTS.exe

description	pid	process	target process
PID 1664 wrote to memory of 2856	1664	PRODUCTS.exe	PRODUCTS.exe
PID 1664 wrote to memory of 2856	1664	PRODUCTS.exe	PRODUCTS.exe
PID 1664 wrote to memory of 2856	1664	PRODUCTS.exe	PRODUCTS.exe
PID 1664 wrote to memory of 2856	1664	PRODUCTS.exe	PRODUCTS.exe
PID 1664 wrote to memory of 1800	1664	PRODUCTS.exe	PRODUCTS.exe
PID 1664 wrote to memory of 1800	1664	PRODUCTS.exe	PRODUCTS.exe
PID 1664 wrote to memory of 1800	1664	PRODUCTS.exe	PRODUCTS.exe
PID 1664 wrote to memory of 1800	1664	PRODUCTS.exe	PRODUCTS.exe
PID 1664 wrote to memory of 2224	1664	PRODUCTS.exe	PRODUCTS.exe
PID 1664 wrote to memory of 2224	1664	PRODUCTS.exe	PRODUCTS.exe
PID 1664 wrote to memory of 2224	1664	PRODUCTS.exe	PRODUCTS.exe
PID 1664 wrote to memory of 2224	1664	PRODUCTS.exe	PRODUCTS.exe
PID 1664 wrote to memory of 2872	1664	PRODUCTS.exe	PRODUCTS.exe
PID 1664 wrote to memory of 2872	1664	PRODUCTS.exe	PRODUCTS.exe
PID 1664 wrote to memory of 2872	1664	PRODUCTS.exe	PRODUCTS.exe
PID 1664 wrote to memory of 2872	1664	PRODUCTS.exe	PRODUCTS.exe
PID 1664 wrote to memory of 3048	1664	PRODUCTS.exe	PRODUCTS.exe
PID 1664 wrote to memory of 3048	1664	PRODUCTS.exe	PRODUCTS.exe
PID 1664 wrote to memory of 3048	1664	PRODUCTS.exe	PRODUCTS.exe
PID 1664 wrote to memory of 3048	1664	PRODUCTS.exe	PRODUCTS.exe
PID 1664 wrote to memory of 2900	1664	PRODUCTS.exe	PRODUCTS.exe
PID 1664 wrote to memory of 2900	1664	PRODUCTS.exe	PRODUCTS.exe
PID 1664 wrote to memory of 2900	1664	PRODUCTS.exe	PRODUCTS.exe
PID 1664 wrote to memory of 2900	1664	PRODUCTS.exe	PRODUCTS.exe
PID 1664 wrote to memory of 2948	1664	PRODUCTS.exe	PRODUCTS.exe
PID 1664 wrote to memory of 2948	1664	PRODUCTS.exe	PRODUCTS.exe
PID 1664 wrote to memory of 2948	1664	PRODUCTS.exe	PRODUCTS.exe
PID 1664 wrote to memory of 2948	1664	PRODUCTS.exe	PRODUCTS.exe
PID 1664 wrote to memory of 2116	1664	PRODUCTS.exe	PRODUCTS.exe
PID 1664 wrote to memory of 2116	1664	PRODUCTS.exe	PRODUCTS.exe
PID 1664 wrote to memory of 2116	1664	PRODUCTS.exe	PRODUCTS.exe
PID 1664 wrote to memory of 2116	1664	PRODUCTS.exe	PRODUCTS.exe
PID 1664 wrote to memory of 2544	1664	PRODUCTS.exe	PRODUCTS.exe
PID 1664 wrote to memory of 2544	1664	PRODUCTS.exe	PRODUCTS.exe
PID 1664 wrote to memory of 2544	1664	PRODUCTS.exe	PRODUCTS.exe
PID 1664 wrote to memory of 2544	1664	PRODUCTS.exe	PRODUCTS.exe
PID 1664 wrote to memory of 2564	1664	PRODUCTS.exe	PRODUCTS.exe
PID 1664 wrote to memory of 2564	1664	PRODUCTS.exe	PRODUCTS.exe
PID 1664 wrote to memory of 2564	1664	PRODUCTS.exe	PRODUCTS.exe
PID 1664 wrote to memory of 2564	1664	PRODUCTS.exe	PRODUCTS.exe
PID 1664 wrote to memory of 2612	1664	PRODUCTS.exe	PRODUCTS.exe
PID 1664 wrote to memory of 2612	1664	PRODUCTS.exe	PRODUCTS.exe
PID 1664 wrote to memory of 2612	1664	PRODUCTS.exe	PRODUCTS.exe
PID 1664 wrote to memory of 2612	1664	PRODUCTS.exe	PRODUCTS.exe
PID 1664 wrote to memory of 2648	1664	PRODUCTS.exe	PRODUCTS.exe
PID 1664 wrote to memory of 2648	1664	PRODUCTS.exe	PRODUCTS.exe
PID 1664 wrote to memory of 2648	1664	PRODUCTS.exe	PRODUCTS.exe
PID 1664 wrote to memory of 2648	1664	PRODUCTS.exe	PRODUCTS.exe
PID 1664 wrote to memory of 2652	1664	PRODUCTS.exe	PRODUCTS.exe
PID 1664 wrote to memory of 2652	1664	PRODUCTS.exe	PRODUCTS.exe
PID 1664 wrote to memory of 2652	1664	PRODUCTS.exe	PRODUCTS.exe
PID 1664 wrote to memory of 2652	1664	PRODUCTS.exe	PRODUCTS.exe
PID 1664 wrote to memory of 2672	1664	PRODUCTS.exe	PRODUCTS.exe
PID 1664 wrote to memory of 2672	1664	PRODUCTS.exe	PRODUCTS.exe
PID 1664 wrote to memory of 2672	1664	PRODUCTS.exe	PRODUCTS.exe
PID 1664 wrote to memory of 2672	1664	PRODUCTS.exe	PRODUCTS.exe
PID 1664 wrote to memory of 2684	1664	PRODUCTS.exe	PRODUCTS.exe
PID 1664 wrote to memory of 2684	1664	PRODUCTS.exe	PRODUCTS.exe
PID 1664 wrote to memory of 2684	1664	PRODUCTS.exe	PRODUCTS.exe
PID 1664 wrote to memory of 2684	1664	PRODUCTS.exe	PRODUCTS.exe
PID 1664 wrote to memory of 2616	1664	PRODUCTS.exe	PRODUCTS.exe
PID 1664 wrote to memory of 2616	1664	PRODUCTS.exe	PRODUCTS.exe
PID 1664 wrote to memory of 2616	1664	PRODUCTS.exe	PRODUCTS.exe
PID 1664 wrote to memory of 2616	1664	PRODUCTS.exe	PRODUCTS.exe

C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe
"C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe"
1⤵
- Suspicious behavior: MapViewOfSection
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1664

C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe
"C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe"
2⤵
PID:2856

C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe
"C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe"
2⤵
PID:1800

C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe
"C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe"
2⤵
PID:2224

C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe
"C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe"
2⤵
PID:2872

C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe
"C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe"
2⤵
PID:3048

C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe
"C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe"
2⤵
PID:2900

C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe
"C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe"
2⤵
PID:2948

C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe
"C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe"
2⤵
PID:2116

C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe
"C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe"
2⤵
PID:2544

C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe
"C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe"
2⤵
PID:2564

C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe
"C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe"
2⤵
PID:2612

C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe
"C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe"
2⤵
PID:2648

C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe
"C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe"
2⤵
PID:2652

C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe
"C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe"
2⤵
PID:2672

C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe
"C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe"
2⤵
PID:2684

C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe
"C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe"
2⤵
PID:2616

C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe
"C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe"
2⤵
PID:1640

C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe
"C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe"
2⤵
PID:2520

C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe
"C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe"
2⤵
PID:2540

C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe
"C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe"
2⤵
PID:2420

C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe
"C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe"
2⤵
PID:2912

C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe
"C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe"
2⤵
PID:2688

C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe
"C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe"
2⤵
PID:2748

C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe
"C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe"
2⤵
PID:2664

C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe
"C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe"
2⤵
PID:2628

C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe
"C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe"
2⤵
PID:2636

C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe
"C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe"
2⤵
PID:2504

C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe
"C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe"
2⤵
PID:2596

C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe
"C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe"
2⤵
PID:2608

C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe
"C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe"
2⤵
PID:2288

C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe
"C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe"
2⤵
PID:2580

C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe
"C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe"
2⤵
PID:2460

C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe
"C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe"
2⤵
PID:2676

C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe
"C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe"
2⤵
PID:2468

C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe
"C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe"
2⤵
PID:2588

C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe
"C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe"
2⤵
PID:2416

C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe
"C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe"
2⤵
PID:2424

C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe
"C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe"
2⤵
PID:2444

C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe
"C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe"
2⤵
PID:2472

C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe
"C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe"
2⤵
PID:2492

C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe
"C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe"
2⤵
PID:2536

C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe
"C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe"
2⤵
PID:2584

C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe
"C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe"
2⤵
PID:2820

C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe
"C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe"
2⤵
PID:2864

C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe
"C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe"
2⤵
PID:2456

C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe
"C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe"
2⤵
PID:3040

C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe
"C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe"
2⤵
PID:2832

C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe
"C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe"
2⤵
PID:2428

C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe
"C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe"
2⤵
PID:2156

C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe
"C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe"
2⤵
PID:2196

C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe
"C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe"
2⤵
PID:1584

C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe
"C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe"
2⤵
PID:1656

C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe
"C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe"
2⤵
PID:1576

C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe
"C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe"
2⤵
PID:1920

C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe
"C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe"
2⤵
PID:2320

C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe
"C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe"
2⤵
PID:644

C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe
"C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe"
2⤵
PID:1436

C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe
"C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe"
2⤵
PID:2140

C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe
"C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe"
2⤵
PID:1380

C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe
"C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe"
2⤵
PID:860

C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe
"C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe"
2⤵
PID:1044

C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe
"C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe"
2⤵
PID:1252

C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe
"C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe"
2⤵
PID:1248

C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe
"C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe"
2⤵
PID:2332

C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe
"C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe"
2⤵
PID:1032

C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe
"C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe"
2⤵
PID:280

C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe
"C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe"
2⤵
PID:300

C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe
"C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe"
2⤵
PID:1520

C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe
"C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe"
2⤵
PID:1776

C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe
"C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe"
2⤵
PID:2344

C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe
"C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe"
2⤵
PID:2180

C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe
"C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe"
2⤵
PID:1232

C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe
"C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe"
2⤵
PID:1716

C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe
"C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe"
2⤵
PID:2328

C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe
"C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe"
2⤵
PID:2192

C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe
"C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe"
2⤵
PID:2188

C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe
"C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe"
2⤵
PID:2176

C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe
"C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe"
2⤵
PID:2388

C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe
"C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe"
2⤵
PID:1556

C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe
"C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe"
2⤵
PID:1464

C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe
"C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe"
2⤵
PID:1652

C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe
"C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe"
2⤵
PID:472

C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe
"C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe"
2⤵
PID:1572

C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe
"C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe"
2⤵
PID:1480

C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe
"C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe"
2⤵
PID:2476

C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe
"C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe"
2⤵
PID:1768

C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe
"C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe"
2⤵
PID:1596

C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe
"C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe"
2⤵
PID:2132

C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe
"C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe"
2⤵
PID:1756

C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe
"C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe"
2⤵
PID:2164

C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe
"C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe"
2⤵
PID:1872

C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe
"C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe"
2⤵
PID:2484

C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe
"C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe"
2⤵
PID:2036

C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe
"C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe"
2⤵
PID:1176

C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe
"C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe"
2⤵
PID:1220

C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe
"C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe"
2⤵
PID:848

C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe
"C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe"
2⤵
PID:2020

C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe
"C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe"
2⤵
PID:2016

C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe
"C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe"
2⤵
PID:1692

C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe
"C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe"
2⤵
PID:2808

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1664-0-0x00000000005D0000-0x0000000000605000-memory.dmp

Filesize
212KB

Download
memory/1664-1-0x0000000000790000-0x00000000007C5000-memory.dmp

Filesize
212KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads