05b6a2cb3afc7728ff4b8e6f07b0d795bb4ba6a46a8ffd284956af09d97e1669

Analysis

max time kernel
120s
max time network
122s
platform
windows7_x64
resource
win7-20240220-en
resource tags

arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
submitted
16-05-2024 03:42

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

PRODUCTS.exe
Size

1.6MB
MD5

c602a8370b58252d95cd8a6f6aa8c4fe
SHA1

89fade2a77769925085d8e3053b2cb367c7d6e65
SHA256

6fc9cd411abc81271ab3c8d4ff15a707a9aa9c537bb26199f3a4c65c0abfc066
SHA512

7ee8ef6cf954caa43e5c0961c21e9c222df8d6f83aeeeb18f7471e5a7ec03e9a167351eddeb6b09e8cc415d99d9992cad739e85fa9e4d495cee55819da32add1
SSDEEP

24576:hCdxte/80jYLT3U1jfsWaEpYEOcz4IsPoFM8C50kHk6QWegpI15w2XzbtQ:Aw80cTsjkWaEpX5sEM86HeoGpX2

Score

1^/10

Malware Config

Signatures

Suspicious behavior: MapViewOfSection 64 IoCs

pid	Process
1664	PRODUCTS.exe
1664	PRODUCTS.exe
1664	PRODUCTS.exe
1664	PRODUCTS.exe
1664	PRODUCTS.exe
1664	PRODUCTS.exe
1664	PRODUCTS.exe
1664	PRODUCTS.exe
1664	PRODUCTS.exe
1664	PRODUCTS.exe
1664	PRODUCTS.exe
1664	PRODUCTS.exe
1664	PRODUCTS.exe
1664	PRODUCTS.exe
1664	PRODUCTS.exe
1664	PRODUCTS.exe
1664	PRODUCTS.exe
1664	PRODUCTS.exe
1664	PRODUCTS.exe
1664	PRODUCTS.exe
1664	PRODUCTS.exe
1664	PRODUCTS.exe
1664	PRODUCTS.exe
1664	PRODUCTS.exe
1664	PRODUCTS.exe
1664	PRODUCTS.exe
1664	PRODUCTS.exe
1664	PRODUCTS.exe
1664	PRODUCTS.exe
1664	PRODUCTS.exe
1664	PRODUCTS.exe
1664	PRODUCTS.exe
1664	PRODUCTS.exe
1664	PRODUCTS.exe
1664	PRODUCTS.exe
1664	PRODUCTS.exe
1664	PRODUCTS.exe
1664	PRODUCTS.exe
1664	PRODUCTS.exe
1664	PRODUCTS.exe
1664	PRODUCTS.exe
1664	PRODUCTS.exe
1664	PRODUCTS.exe
1664	PRODUCTS.exe
1664	PRODUCTS.exe
1664	PRODUCTS.exe
1664	PRODUCTS.exe
1664	PRODUCTS.exe
1664	PRODUCTS.exe
1664	PRODUCTS.exe
1664	PRODUCTS.exe
1664	PRODUCTS.exe
1664	PRODUCTS.exe
1664	PRODUCTS.exe
1664	PRODUCTS.exe
1664	PRODUCTS.exe
1664	PRODUCTS.exe
1664	PRODUCTS.exe
1664	PRODUCTS.exe
1664	PRODUCTS.exe
1664	PRODUCTS.exe
1664	PRODUCTS.exe
1664	PRODUCTS.exe
1664	PRODUCTS.exe

Suspicious use of FindShellTrayWindow 3 IoCs

pid	Process
1664	PRODUCTS.exe
1664	PRODUCTS.exe
1664	PRODUCTS.exe

Suspicious use of SendNotifyMessage 3 IoCs

pid	Process
1664	PRODUCTS.exe
1664	PRODUCTS.exe
1664	PRODUCTS.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1664 wrote to memory of 2856	1664	PRODUCTS.exe	28
PID 1664 wrote to memory of 2856	1664	PRODUCTS.exe	28
PID 1664 wrote to memory of 2856	1664	PRODUCTS.exe	28
PID 1664 wrote to memory of 2856	1664	PRODUCTS.exe	28
PID 1664 wrote to memory of 1800	1664	PRODUCTS.exe	29
PID 1664 wrote to memory of 1800	1664	PRODUCTS.exe	29
PID 1664 wrote to memory of 1800	1664	PRODUCTS.exe	29
PID 1664 wrote to memory of 1800	1664	PRODUCTS.exe	29
PID 1664 wrote to memory of 2224	1664	PRODUCTS.exe	30
PID 1664 wrote to memory of 2224	1664	PRODUCTS.exe	30
PID 1664 wrote to memory of 2224	1664	PRODUCTS.exe	30
PID 1664 wrote to memory of 2224	1664	PRODUCTS.exe	30
PID 1664 wrote to memory of 2872	1664	PRODUCTS.exe	31
PID 1664 wrote to memory of 2872	1664	PRODUCTS.exe	31
PID 1664 wrote to memory of 2872	1664	PRODUCTS.exe	31
PID 1664 wrote to memory of 2872	1664	PRODUCTS.exe	31
PID 1664 wrote to memory of 3048	1664	PRODUCTS.exe	32
PID 1664 wrote to memory of 3048	1664	PRODUCTS.exe	32
PID 1664 wrote to memory of 3048	1664	PRODUCTS.exe	32
PID 1664 wrote to memory of 3048	1664	PRODUCTS.exe	32
PID 1664 wrote to memory of 2900	1664	PRODUCTS.exe	33
PID 1664 wrote to memory of 2900	1664	PRODUCTS.exe	33
PID 1664 wrote to memory of 2900	1664	PRODUCTS.exe	33
PID 1664 wrote to memory of 2900	1664	PRODUCTS.exe	33
PID 1664 wrote to memory of 2948	1664	PRODUCTS.exe	34
PID 1664 wrote to memory of 2948	1664	PRODUCTS.exe	34
PID 1664 wrote to memory of 2948	1664	PRODUCTS.exe	34
PID 1664 wrote to memory of 2948	1664	PRODUCTS.exe	34
PID 1664 wrote to memory of 2116	1664	PRODUCTS.exe	35
PID 1664 wrote to memory of 2116	1664	PRODUCTS.exe	35
PID 1664 wrote to memory of 2116	1664	PRODUCTS.exe	35
PID 1664 wrote to memory of 2116	1664	PRODUCTS.exe	35
PID 1664 wrote to memory of 2544	1664	PRODUCTS.exe	36
PID 1664 wrote to memory of 2544	1664	PRODUCTS.exe	36
PID 1664 wrote to memory of 2544	1664	PRODUCTS.exe	36
PID 1664 wrote to memory of 2544	1664	PRODUCTS.exe	36
PID 1664 wrote to memory of 2564	1664	PRODUCTS.exe	37
PID 1664 wrote to memory of 2564	1664	PRODUCTS.exe	37
PID 1664 wrote to memory of 2564	1664	PRODUCTS.exe	37
PID 1664 wrote to memory of 2564	1664	PRODUCTS.exe	37
PID 1664 wrote to memory of 2612	1664	PRODUCTS.exe	38
PID 1664 wrote to memory of 2612	1664	PRODUCTS.exe	38
PID 1664 wrote to memory of 2612	1664	PRODUCTS.exe	38
PID 1664 wrote to memory of 2612	1664	PRODUCTS.exe	38
PID 1664 wrote to memory of 2648	1664	PRODUCTS.exe	39
PID 1664 wrote to memory of 2648	1664	PRODUCTS.exe	39
PID 1664 wrote to memory of 2648	1664	PRODUCTS.exe	39
PID 1664 wrote to memory of 2648	1664	PRODUCTS.exe	39
PID 1664 wrote to memory of 2652	1664	PRODUCTS.exe	40
PID 1664 wrote to memory of 2652	1664	PRODUCTS.exe	40
PID 1664 wrote to memory of 2652	1664	PRODUCTS.exe	40
PID 1664 wrote to memory of 2652	1664	PRODUCTS.exe	40
PID 1664 wrote to memory of 2672	1664	PRODUCTS.exe	41
PID 1664 wrote to memory of 2672	1664	PRODUCTS.exe	41
PID 1664 wrote to memory of 2672	1664	PRODUCTS.exe	41
PID 1664 wrote to memory of 2672	1664	PRODUCTS.exe	41
PID 1664 wrote to memory of 2684	1664	PRODUCTS.exe	42
PID 1664 wrote to memory of 2684	1664	PRODUCTS.exe	42
PID 1664 wrote to memory of 2684	1664	PRODUCTS.exe	42
PID 1664 wrote to memory of 2684	1664	PRODUCTS.exe	42
PID 1664 wrote to memory of 2616	1664	PRODUCTS.exe	43
PID 1664 wrote to memory of 2616	1664	PRODUCTS.exe	43
PID 1664 wrote to memory of 2616	1664	PRODUCTS.exe	43
PID 1664 wrote to memory of 2616	1664	PRODUCTS.exe	43

C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe
"C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe"
1⤵
- Suspicious behavior: MapViewOfSection
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1664
- C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe
  "C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe"
  2⤵
  PID:2856
- C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe
  "C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe"
  2⤵
  PID:1800
- C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe
  "C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe"
  2⤵
  PID:2224
- C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe
  "C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe"
  2⤵
  PID:2872
- C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe
  "C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe"
  2⤵
  PID:3048
- C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe
  "C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe"
  2⤵
  PID:2900
- C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe
  "C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe"
  2⤵
  PID:2948
- C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe
  "C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe"
  2⤵
  PID:2116
- C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe
  "C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe"
  2⤵
  PID:2544
- C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe
  "C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe"
  2⤵
  PID:2564
- C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe
  "C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe"
  2⤵
  PID:2612
- C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe
  "C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe"
  2⤵
  PID:2648
- C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe
  "C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe"
  2⤵
  PID:2652
- C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe
  "C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe"
  2⤵
  PID:2672
- C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe
  "C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe"
  2⤵
  PID:2684
- C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe
  "C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe"
  2⤵
  PID:2616
- C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe
  "C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe"
  2⤵
  PID:1640
- C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe
  "C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe"
  2⤵
  PID:2520
- C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe
  "C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe"
  2⤵
  PID:2540
- C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe
  "C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe"
  2⤵
  PID:2420
- C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe
  "C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe"
  2⤵
  PID:2912
- C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe
  "C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe"
  2⤵
  PID:2688
- C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe
  "C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe"
  2⤵
  PID:2748
- C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe
  "C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe"
  2⤵
  PID:2664
- C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe
  "C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe"
  2⤵
  PID:2628
- C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe
  "C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe"
  2⤵
  PID:2636
- C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe
  "C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe"
  2⤵
  PID:2504
- C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe
  "C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe"
  2⤵
  PID:2596
- C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe
  "C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe"
  2⤵
  PID:2608
- C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe
  "C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe"
  2⤵
  PID:2288
- C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe
  "C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe"
  2⤵
  PID:2580
- C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe
  "C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe"
  2⤵
  PID:2460
- C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe
  "C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe"
  2⤵
  PID:2676
- C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe
  "C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe"
  2⤵
  PID:2468
- C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe
  "C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe"
  2⤵
  PID:2588
- C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe
  "C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe"
  2⤵
  PID:2416
- C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe
  "C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe"
  2⤵
  PID:2424
- C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe
  "C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe"
  2⤵
  PID:2444
- C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe
  "C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe"
  2⤵
  PID:2472
- C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe
  "C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe"
  2⤵
  PID:2492
- C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe
  "C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe"
  2⤵
  PID:2536
- C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe
  "C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe"
  2⤵
  PID:2584
- C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe
  "C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe"
  2⤵
  PID:2820
- C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe
  "C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe"
  2⤵
  PID:2864
- C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe
  "C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe"
  2⤵
  PID:2456
- C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe
  "C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe"
  2⤵
  PID:3040
- C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe
  "C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe"
  2⤵
  PID:2832
- C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe
  "C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe"
  2⤵
  PID:2428
- C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe
  "C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe"
  2⤵
  PID:2156
- C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe
  "C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe"
  2⤵
  PID:2196
- C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe
  "C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe"
  2⤵
  PID:1584
- C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe
  "C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe"
  2⤵
  PID:1656
- C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe
  "C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe"
  2⤵
  PID:1576
- C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe
  "C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe"
  2⤵
  PID:1920
- C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe
  "C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe"
  2⤵
  PID:2320
- C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe
  "C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe"
  2⤵
  PID:644
- C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe
  "C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe"
  2⤵
  PID:1436
- C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe
  "C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe"
  2⤵
  PID:2140
- C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe
  "C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe"
  2⤵
  PID:1380
- C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe
  "C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe"
  2⤵
  PID:860
- C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe
  "C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe"
  2⤵
  PID:1044
- C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe
  "C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe"
  2⤵
  PID:1252
- C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe
  "C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe"
  2⤵
  PID:1248
- C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe
  "C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe"
  2⤵
  PID:2332
- C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe
  "C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe"
  2⤵
  PID:1032
- C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe
  "C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe"
  2⤵
  PID:280
- C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe
  "C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe"
  2⤵
  PID:300
- C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe
  "C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe"
  2⤵
  PID:1520
- C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe
  "C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe"
  2⤵
  PID:1776
- C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe
  "C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe"
  2⤵
  PID:2344
- C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe
  "C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe"
  2⤵
  PID:2180
- C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe
  "C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe"
  2⤵
  PID:1232
- C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe
  "C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe"
  2⤵
  PID:1716
- C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe
  "C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe"
  2⤵
  PID:2328
- C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe
  "C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe"
  2⤵
  PID:2192
- C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe
  "C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe"
  2⤵
  PID:2188
- C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe
  "C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe"
  2⤵
  PID:2176
- C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe
  "C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe"
  2⤵
  PID:2388
- C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe
  "C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe"
  2⤵
  PID:1556
- C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe
  "C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe"
  2⤵
  PID:1464
- C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe
  "C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe"
  2⤵
  PID:1652
- C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe
  "C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe"
  2⤵
  PID:472
- C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe
  "C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe"
  2⤵
  PID:1572
- C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe
  "C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe"
  2⤵
  PID:1480
- C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe
  "C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe"
  2⤵
  PID:2476
- C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe
  "C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe"
  2⤵
  PID:1768
- C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe
  "C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe"
  2⤵
  PID:1596
- C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe
  "C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe"
  2⤵
  PID:2132
- C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe
  "C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe"
  2⤵
  PID:1756
- C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe
  "C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe"
  2⤵
  PID:2164
- C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe
  "C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe"
  2⤵
  PID:1872
- C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe
  "C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe"
  2⤵
  PID:2484
- C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe
  "C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe"
  2⤵
  PID:2036
- C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe
  "C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe"
  2⤵
  PID:1176
- C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe
  "C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe"
  2⤵
  PID:1220
- C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe
  "C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe"
  2⤵
  PID:848
- C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe
  "C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe"
  2⤵
  PID:2020
- C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe
  "C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe"
  2⤵
  PID:2016
- C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe
  "C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe"
  2⤵
  PID:1692
- C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe
  "C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe"
  2⤵
  PID:2808

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1664-0-0x00000000005D0000-0x0000000000605000-memory.dmp

Filesize
212KB

Download
memory/1664-1-0x0000000000790000-0x00000000007C5000-memory.dmp

Filesize
212KB

Download