05b6a2cb3afc7728ff4b8e6f07b0d795bb4ba6a46a8ffd284956af09d97e1669

Analysis

max time kernel
121s
max time network
123s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
16-05-2024 07:12

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

PRODUCTS.exe
Size

1.6MB
MD5

c602a8370b58252d95cd8a6f6aa8c4fe
SHA1

89fade2a77769925085d8e3053b2cb367c7d6e65
SHA256

6fc9cd411abc81271ab3c8d4ff15a707a9aa9c537bb26199f3a4c65c0abfc066
SHA512

7ee8ef6cf954caa43e5c0961c21e9c222df8d6f83aeeeb18f7471e5a7ec03e9a167351eddeb6b09e8cc415d99d9992cad739e85fa9e4d495cee55819da32add1
SSDEEP

24576:hCdxte/80jYLT3U1jfsWaEpYEOcz4IsPoFM8C50kHk6QWegpI15w2XzbtQ:Aw80cTsjkWaEpX5sEM86HeoGpX2

Score

1^/10

Malware Config

Signatures

Suspicious behavior: MapViewOfSection 64 IoCs

Processes:

PRODUCTS.exe

pid	process
3000	PRODUCTS.exe
3000	PRODUCTS.exe
3000	PRODUCTS.exe
3000	PRODUCTS.exe
3000	PRODUCTS.exe
3000	PRODUCTS.exe
3000	PRODUCTS.exe
3000	PRODUCTS.exe
3000	PRODUCTS.exe
3000	PRODUCTS.exe
3000	PRODUCTS.exe
3000	PRODUCTS.exe
3000	PRODUCTS.exe
3000	PRODUCTS.exe
3000	PRODUCTS.exe
3000	PRODUCTS.exe
3000	PRODUCTS.exe
3000	PRODUCTS.exe
3000	PRODUCTS.exe
3000	PRODUCTS.exe
3000	PRODUCTS.exe
3000	PRODUCTS.exe
3000	PRODUCTS.exe
3000	PRODUCTS.exe
3000	PRODUCTS.exe
3000	PRODUCTS.exe
3000	PRODUCTS.exe
3000	PRODUCTS.exe
3000	PRODUCTS.exe
3000	PRODUCTS.exe
3000	PRODUCTS.exe
3000	PRODUCTS.exe
3000	PRODUCTS.exe
3000	PRODUCTS.exe
3000	PRODUCTS.exe
3000	PRODUCTS.exe
3000	PRODUCTS.exe
3000	PRODUCTS.exe
3000	PRODUCTS.exe
3000	PRODUCTS.exe
3000	PRODUCTS.exe
3000	PRODUCTS.exe
3000	PRODUCTS.exe
3000	PRODUCTS.exe
3000	PRODUCTS.exe
3000	PRODUCTS.exe
3000	PRODUCTS.exe
3000	PRODUCTS.exe
3000	PRODUCTS.exe
3000	PRODUCTS.exe
3000	PRODUCTS.exe
3000	PRODUCTS.exe
3000	PRODUCTS.exe
3000	PRODUCTS.exe
3000	PRODUCTS.exe
3000	PRODUCTS.exe
3000	PRODUCTS.exe
3000	PRODUCTS.exe
3000	PRODUCTS.exe
3000	PRODUCTS.exe
3000	PRODUCTS.exe
3000	PRODUCTS.exe
3000	PRODUCTS.exe
3000	PRODUCTS.exe

Suspicious use of FindShellTrayWindow 3 IoCs

Processes:

PRODUCTS.exe

pid process

3000 PRODUCTS.exe
3000 PRODUCTS.exe
3000 PRODUCTS.exe
Suspicious use of SendNotifyMessage 3 IoCs

Processes:

PRODUCTS.exe

pid process

3000 PRODUCTS.exe
3000 PRODUCTS.exe
3000 PRODUCTS.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

PRODUCTS.exe

description	pid	process	target process
PID 3000 wrote to memory of 2032	3000	PRODUCTS.exe	PRODUCTS.exe
PID 3000 wrote to memory of 2032	3000	PRODUCTS.exe	PRODUCTS.exe
PID 3000 wrote to memory of 2032	3000	PRODUCTS.exe	PRODUCTS.exe
PID 3000 wrote to memory of 2032	3000	PRODUCTS.exe	PRODUCTS.exe
PID 3000 wrote to memory of 1076	3000	PRODUCTS.exe	PRODUCTS.exe
PID 3000 wrote to memory of 1076	3000	PRODUCTS.exe	PRODUCTS.exe
PID 3000 wrote to memory of 1076	3000	PRODUCTS.exe	PRODUCTS.exe
PID 3000 wrote to memory of 1076	3000	PRODUCTS.exe	PRODUCTS.exe
PID 3000 wrote to memory of 2388	3000	PRODUCTS.exe	PRODUCTS.exe
PID 3000 wrote to memory of 2388	3000	PRODUCTS.exe	PRODUCTS.exe
PID 3000 wrote to memory of 2388	3000	PRODUCTS.exe	PRODUCTS.exe
PID 3000 wrote to memory of 2388	3000	PRODUCTS.exe	PRODUCTS.exe
PID 3000 wrote to memory of 1432	3000	PRODUCTS.exe	PRODUCTS.exe
PID 3000 wrote to memory of 1432	3000	PRODUCTS.exe	PRODUCTS.exe
PID 3000 wrote to memory of 1432	3000	PRODUCTS.exe	PRODUCTS.exe
PID 3000 wrote to memory of 1432	3000	PRODUCTS.exe	PRODUCTS.exe
PID 3000 wrote to memory of 2156	3000	PRODUCTS.exe	PRODUCTS.exe
PID 3000 wrote to memory of 2156	3000	PRODUCTS.exe	PRODUCTS.exe
PID 3000 wrote to memory of 2156	3000	PRODUCTS.exe	PRODUCTS.exe
PID 3000 wrote to memory of 2156	3000	PRODUCTS.exe	PRODUCTS.exe
PID 3000 wrote to memory of 2200	3000	PRODUCTS.exe	PRODUCTS.exe
PID 3000 wrote to memory of 2200	3000	PRODUCTS.exe	PRODUCTS.exe
PID 3000 wrote to memory of 2200	3000	PRODUCTS.exe	PRODUCTS.exe
PID 3000 wrote to memory of 2200	3000	PRODUCTS.exe	PRODUCTS.exe
PID 3000 wrote to memory of 3012	3000	PRODUCTS.exe	PRODUCTS.exe
PID 3000 wrote to memory of 3012	3000	PRODUCTS.exe	PRODUCTS.exe
PID 3000 wrote to memory of 3012	3000	PRODUCTS.exe	PRODUCTS.exe
PID 3000 wrote to memory of 3012	3000	PRODUCTS.exe	PRODUCTS.exe
PID 3000 wrote to memory of 1816	3000	PRODUCTS.exe	PRODUCTS.exe
PID 3000 wrote to memory of 1816	3000	PRODUCTS.exe	PRODUCTS.exe
PID 3000 wrote to memory of 1816	3000	PRODUCTS.exe	PRODUCTS.exe
PID 3000 wrote to memory of 1816	3000	PRODUCTS.exe	PRODUCTS.exe
PID 3000 wrote to memory of 2036	3000	PRODUCTS.exe	PRODUCTS.exe
PID 3000 wrote to memory of 2036	3000	PRODUCTS.exe	PRODUCTS.exe
PID 3000 wrote to memory of 2036	3000	PRODUCTS.exe	PRODUCTS.exe
PID 3000 wrote to memory of 2036	3000	PRODUCTS.exe	PRODUCTS.exe
PID 3000 wrote to memory of 2608	3000	PRODUCTS.exe	PRODUCTS.exe
PID 3000 wrote to memory of 2608	3000	PRODUCTS.exe	PRODUCTS.exe
PID 3000 wrote to memory of 2608	3000	PRODUCTS.exe	PRODUCTS.exe
PID 3000 wrote to memory of 2608	3000	PRODUCTS.exe	PRODUCTS.exe
PID 3000 wrote to memory of 2988	3000	PRODUCTS.exe	PRODUCTS.exe
PID 3000 wrote to memory of 2988	3000	PRODUCTS.exe	PRODUCTS.exe
PID 3000 wrote to memory of 2988	3000	PRODUCTS.exe	PRODUCTS.exe
PID 3000 wrote to memory of 2988	3000	PRODUCTS.exe	PRODUCTS.exe
PID 3000 wrote to memory of 2516	3000	PRODUCTS.exe	PRODUCTS.exe
PID 3000 wrote to memory of 2516	3000	PRODUCTS.exe	PRODUCTS.exe
PID 3000 wrote to memory of 2516	3000	PRODUCTS.exe	PRODUCTS.exe
PID 3000 wrote to memory of 2516	3000	PRODUCTS.exe	PRODUCTS.exe
PID 3000 wrote to memory of 2568	3000	PRODUCTS.exe	PRODUCTS.exe
PID 3000 wrote to memory of 2568	3000	PRODUCTS.exe	PRODUCTS.exe
PID 3000 wrote to memory of 2568	3000	PRODUCTS.exe	PRODUCTS.exe
PID 3000 wrote to memory of 2568	3000	PRODUCTS.exe	PRODUCTS.exe
PID 3000 wrote to memory of 2256	3000	PRODUCTS.exe	PRODUCTS.exe
PID 3000 wrote to memory of 2256	3000	PRODUCTS.exe	PRODUCTS.exe
PID 3000 wrote to memory of 2256	3000	PRODUCTS.exe	PRODUCTS.exe
PID 3000 wrote to memory of 2256	3000	PRODUCTS.exe	PRODUCTS.exe
PID 3000 wrote to memory of 2532	3000	PRODUCTS.exe	PRODUCTS.exe
PID 3000 wrote to memory of 2532	3000	PRODUCTS.exe	PRODUCTS.exe
PID 3000 wrote to memory of 2532	3000	PRODUCTS.exe	PRODUCTS.exe
PID 3000 wrote to memory of 2532	3000	PRODUCTS.exe	PRODUCTS.exe
PID 3000 wrote to memory of 2528	3000	PRODUCTS.exe	PRODUCTS.exe
PID 3000 wrote to memory of 2528	3000	PRODUCTS.exe	PRODUCTS.exe
PID 3000 wrote to memory of 2528	3000	PRODUCTS.exe	PRODUCTS.exe
PID 3000 wrote to memory of 2528	3000	PRODUCTS.exe	PRODUCTS.exe

C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe
"C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe"
1⤵
- Suspicious behavior: MapViewOfSection
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3000
- C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe
  "C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe"
  2⤵
  PID:2032
- C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe
  "C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe"
  2⤵
  PID:1076
- C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe
  "C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe"
  2⤵
  PID:2388
- C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe
  "C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe"
  2⤵
  PID:1432
- C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe
  "C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe"
  2⤵
  PID:2156
- C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe
  "C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe"
  2⤵
  PID:2200
- C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe
  "C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe"
  2⤵
  PID:3012
- C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe
  "C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe"
  2⤵
  PID:1816
- C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe
  "C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe"
  2⤵
  PID:2036
- C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe
  "C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe"
  2⤵
  PID:2608
- C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe
  "C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe"
  2⤵
  PID:2988
- C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe
  "C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe"
  2⤵
  PID:2516
- C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe
  "C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe"
  2⤵
  PID:2568
- C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe
  "C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe"
  2⤵
  PID:2256
- C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe
  "C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe"
  2⤵
  PID:2532
- C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe
  "C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe"
  2⤵
  PID:2528
- C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe
  "C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe"
  2⤵
  PID:2572
- C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe
  "C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe"
  2⤵
  PID:2628
- C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe
  "C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe"
  2⤵
  PID:2644
- C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe
  "C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe"
  2⤵
  PID:2648
- C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe
  "C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe"
  2⤵
  PID:2720
- C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe
  "C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe"
  2⤵
  PID:2656
- C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe
  "C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe"
  2⤵
  PID:2632
- C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe
  "C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe"
  2⤵
  PID:2580
- C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe
  "C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe"
  2⤵
  PID:2840
- C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe
  "C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe"
  2⤵
  PID:2556
- C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe
  "C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe"
  2⤵
  PID:2260
- C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe
  "C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe"
  2⤵
  PID:2836
- C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe
  "C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe"
  2⤵
  PID:2540
- C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe
  "C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe"
  2⤵
  PID:1800
- C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe
  "C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe"
  2⤵
  PID:2732
- C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe
  "C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe"
  2⤵
  PID:2752
- C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe
  "C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe"
  2⤵
  PID:2452
- C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe
  "C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe"
  2⤵
  PID:2704
- C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe
  "C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe"
  2⤵
  PID:2448
- C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe
  "C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe"
  2⤵
  PID:2620
- C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe
  "C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe"
  2⤵
  PID:2560
- C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe
  "C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe"
  2⤵
  PID:2588
- C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe
  "C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe"
  2⤵
  PID:2472
- C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe
  "C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe"
  2⤵
  PID:876
- C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe
  "C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe"
  2⤵
  PID:2480
- C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe
  "C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe"
  2⤵
  PID:2424
- C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe
  "C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe"
  2⤵
  PID:2420
- C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe
  "C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe"
  2⤵
  PID:2440
- C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe
  "C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe"
  2⤵
  PID:2456
- C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe
  "C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe"
  2⤵
  PID:2496
- C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe
  "C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe"
  2⤵
  PID:2544
- C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe
  "C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe"
  2⤵
  PID:2476
- C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe
  "C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe"
  2⤵
  PID:2940
- C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe
  "C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe"
  2⤵
  PID:2468
- C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe
  "C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe"
  2⤵
  PID:2936
- C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe
  "C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe"
  2⤵
  PID:1152
- C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe
  "C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe"
  2⤵
  PID:2992
- C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe
  "C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe"
  2⤵
  PID:2996
- C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe
  "C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe"
  2⤵
  PID:1912
- C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe
  "C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe"
  2⤵
  PID:1708
- C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe
  "C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe"
  2⤵
  PID:1508
- C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe
  "C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe"
  2⤵
  PID:2716
- C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe
  "C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe"
  2⤵
  PID:2800
- C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe
  "C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe"
  2⤵
  PID:2696
- C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe
  "C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe"
  2⤵
  PID:2512
- C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe
  "C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe"
  2⤵
  PID:2816
- C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe
  "C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe"
  2⤵
  PID:2788
- C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe
  "C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe"
  2⤵
  PID:2812
- C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe
  "C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe"
  2⤵
  PID:2916
- C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe
  "C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe"
  2⤵
  PID:2948
- C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe
  "C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe"
  2⤵
  PID:2964
- C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe
  "C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe"
  2⤵
  PID:2980
- C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe
  "C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe"
  2⤵
  PID:2920
- C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe
  "C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe"
  2⤵
  PID:1376
- C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe
  "C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe"
  2⤵
  PID:2412
- C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe
  "C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe"
  2⤵
  PID:2944
- C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe
  "C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe"
  2⤵
  PID:800
- C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe
  "C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe"
  2⤵
  PID:2952
- C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe
  "C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe"
  2⤵
  PID:1736
- C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe
  "C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe"
  2⤵
  PID:1700
- C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe
  "C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe"
  2⤵
  PID:1592
- C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe
  "C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe"
  2⤵
  PID:1272
- C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe
  "C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe"
  2⤵
  PID:1776
- C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe
  "C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe"
  2⤵
  PID:1564
- C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe
  "C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe"
  2⤵
  PID:1620
- C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe
  "C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe"
  2⤵
  PID:1696
- C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe
  "C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe"
  2⤵
  PID:1568
- C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe
  "C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe"
  2⤵
  PID:2308
- C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe
  "C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe"
  2⤵
  PID:1452
- C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe
  "C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe"
  2⤵
  PID:624
- C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe
  "C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe"
  2⤵
  PID:1984
- C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe
  "C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe"
  2⤵
  PID:1324
- C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe
  "C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe"
  2⤵
  PID:2492
- C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe
  "C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe"
  2⤵
  PID:2712
- C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe
  "C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe"
  2⤵
  PID:2692
- C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe
  "C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe"
  2⤵
  PID:2684
- C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe
  "C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe"
  2⤵
  PID:2524
- C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe
  "C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe"
  2⤵
  PID:2668
- C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe
  "C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe"
  2⤵
  PID:2600
- C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe
  "C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe"
  2⤵
  PID:1608
- C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe
  "C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe"
  2⤵
  PID:288
- C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe
  "C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe"
  2⤵
  PID:1252
- C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe
  "C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe"
  2⤵
  PID:1292
- C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe
  "C:\Users\Admin\AppData\Local\Temp\PRODUCTS.exe"
  2⤵
  PID:1244

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/3000-0-0x00000000004F0000-0x0000000000525000-memory.dmp

Filesize
212KB

Download
memory/3000-1-0x0000000000640000-0x0000000000675000-memory.dmp

Filesize
212KB

Download