Analysis Overview
SHA256
42bdc31b7f09c6fb3556c6cec8fcd476fbb49024666ee180aa4b7aeabac4ca1c
Threat Level: Shows suspicious behavior
The file 42bdc31b7f09c6fb3556c6cec8fcd476fbb49024666ee180aa4b7aeabac4ca1c was found to be: Shows suspicious behavior.
Malicious Activity Summary
UPX packed file
Executes dropped EXE
Loads dropped DLL
Adds Run key to start application
Unsigned PE
Modifies registry class
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-13 22:09
Signatures
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-13 22:09
Reported
2024-06-13 22:11
Platform
win7-20240221-en
Max time kernel
121s
Max time network
121s
Command Line
Signatures
Executes dropped EXE
Loads dropped DLL
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\42bdc31b7f09c6fb3556c6cec8fcd476fbb49024666ee180aa4b7aeabac4ca1c_3202p.exe\"" | \??\c:\users\admin\appdata\local\temp\42bdc31b7f09c6fb3556c6cec8fcd476fbb49024666ee180aa4b7aeabac4ca1c_3202o.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\42bdc31b7f09c6fb3556c6cec8fcd476fbb49024666ee180aa4b7aeabac4ca1c_3202e.exe\"" | \??\c:\users\admin\appdata\local\temp\42bdc31b7f09c6fb3556c6cec8fcd476fbb49024666ee180aa4b7aeabac4ca1c_3202d.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\42bdc31b7f09c6fb3556c6cec8fcd476fbb49024666ee180aa4b7aeabac4ca1c_3202m.exe\"" | \??\c:\users\admin\appdata\local\temp\42bdc31b7f09c6fb3556c6cec8fcd476fbb49024666ee180aa4b7aeabac4ca1c_3202l.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\42bdc31b7f09c6fb3556c6cec8fcd476fbb49024666ee180aa4b7aeabac4ca1c_3202a.exe\"" | \??\c:\users\admin\appdata\local\temp\42bdc31b7f09c6fb3556c6cec8fcd476fbb49024666ee180aa4b7aeabac4ca1c_3202.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\42bdc31b7f09c6fb3556c6cec8fcd476fbb49024666ee180aa4b7aeabac4ca1c_3202s.exe\"" | \??\c:\users\admin\appdata\local\temp\42bdc31b7f09c6fb3556c6cec8fcd476fbb49024666ee180aa4b7aeabac4ca1c_3202r.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\42bdc31b7f09c6fb3556c6cec8fcd476fbb49024666ee180aa4b7aeabac4ca1c_3202q.exe\"" | \??\c:\users\admin\appdata\local\temp\42bdc31b7f09c6fb3556c6cec8fcd476fbb49024666ee180aa4b7aeabac4ca1c_3202p.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\42bdc31b7f09c6fb3556c6cec8fcd476fbb49024666ee180aa4b7aeabac4ca1c_3202o.exe\"" | \??\c:\users\admin\appdata\local\temp\42bdc31b7f09c6fb3556c6cec8fcd476fbb49024666ee180aa4b7aeabac4ca1c_3202n.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\42bdc31b7f09c6fb3556c6cec8fcd476fbb49024666ee180aa4b7aeabac4ca1c_3202w.exe\"" | \??\c:\users\admin\appdata\local\temp\42bdc31b7f09c6fb3556c6cec8fcd476fbb49024666ee180aa4b7aeabac4ca1c_3202v.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\42bdc31b7f09c6fb3556c6cec8fcd476fbb49024666ee180aa4b7aeabac4ca1c_3202i.exe\"" | \??\c:\users\admin\appdata\local\temp\42bdc31b7f09c6fb3556c6cec8fcd476fbb49024666ee180aa4b7aeabac4ca1c_3202h.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\42bdc31b7f09c6fb3556c6cec8fcd476fbb49024666ee180aa4b7aeabac4ca1c_3202j.exe\"" | \??\c:\users\admin\appdata\local\temp\42bdc31b7f09c6fb3556c6cec8fcd476fbb49024666ee180aa4b7aeabac4ca1c_3202i.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\42bdc31b7f09c6fb3556c6cec8fcd476fbb49024666ee180aa4b7aeabac4ca1c_3202k.exe\"" | \??\c:\users\admin\appdata\local\temp\42bdc31b7f09c6fb3556c6cec8fcd476fbb49024666ee180aa4b7aeabac4ca1c_3202j.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\42bdc31b7f09c6fb3556c6cec8fcd476fbb49024666ee180aa4b7aeabac4ca1c_3202c.exe\"" | \??\c:\users\admin\appdata\local\temp\42bdc31b7f09c6fb3556c6cec8fcd476fbb49024666ee180aa4b7aeabac4ca1c_3202b.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\42bdc31b7f09c6fb3556c6cec8fcd476fbb49024666ee180aa4b7aeabac4ca1c_3202d.exe\"" | \??\c:\users\admin\appdata\local\temp\42bdc31b7f09c6fb3556c6cec8fcd476fbb49024666ee180aa4b7aeabac4ca1c_3202c.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\42bdc31b7f09c6fb3556c6cec8fcd476fbb49024666ee180aa4b7aeabac4ca1c_3202l.exe\"" | \??\c:\users\admin\appdata\local\temp\42bdc31b7f09c6fb3556c6cec8fcd476fbb49024666ee180aa4b7aeabac4ca1c_3202k.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\42bdc31b7f09c6fb3556c6cec8fcd476fbb49024666ee180aa4b7aeabac4ca1c_3202n.exe\"" | \??\c:\users\admin\appdata\local\temp\42bdc31b7f09c6fb3556c6cec8fcd476fbb49024666ee180aa4b7aeabac4ca1c_3202m.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\42bdc31b7f09c6fb3556c6cec8fcd476fbb49024666ee180aa4b7aeabac4ca1c_3202v.exe\"" | \??\c:\users\admin\appdata\local\temp\42bdc31b7f09c6fb3556c6cec8fcd476fbb49024666ee180aa4b7aeabac4ca1c_3202u.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\42bdc31b7f09c6fb3556c6cec8fcd476fbb49024666ee180aa4b7aeabac4ca1c_3202f.exe\"" | \??\c:\users\admin\appdata\local\temp\42bdc31b7f09c6fb3556c6cec8fcd476fbb49024666ee180aa4b7aeabac4ca1c_3202e.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\42bdc31b7f09c6fb3556c6cec8fcd476fbb49024666ee180aa4b7aeabac4ca1c_3202g.exe\"" | \??\c:\users\admin\appdata\local\temp\42bdc31b7f09c6fb3556c6cec8fcd476fbb49024666ee180aa4b7aeabac4ca1c_3202f.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\42bdc31b7f09c6fb3556c6cec8fcd476fbb49024666ee180aa4b7aeabac4ca1c_3202.exe\"" | C:\Users\Admin\AppData\Local\Temp\42bdc31b7f09c6fb3556c6cec8fcd476fbb49024666ee180aa4b7aeabac4ca1c.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\42bdc31b7f09c6fb3556c6cec8fcd476fbb49024666ee180aa4b7aeabac4ca1c_3202r.exe\"" | \??\c:\users\admin\appdata\local\temp\42bdc31b7f09c6fb3556c6cec8fcd476fbb49024666ee180aa4b7aeabac4ca1c_3202q.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\42bdc31b7f09c6fb3556c6cec8fcd476fbb49024666ee180aa4b7aeabac4ca1c_3202t.exe\"" | \??\c:\users\admin\appdata\local\temp\42bdc31b7f09c6fb3556c6cec8fcd476fbb49024666ee180aa4b7aeabac4ca1c_3202s.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\42bdc31b7f09c6fb3556c6cec8fcd476fbb49024666ee180aa4b7aeabac4ca1c_3202u.exe\"" | \??\c:\users\admin\appdata\local\temp\42bdc31b7f09c6fb3556c6cec8fcd476fbb49024666ee180aa4b7aeabac4ca1c_3202t.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\42bdc31b7f09c6fb3556c6cec8fcd476fbb49024666ee180aa4b7aeabac4ca1c_3202x.exe\"" | \??\c:\users\admin\appdata\local\temp\42bdc31b7f09c6fb3556c6cec8fcd476fbb49024666ee180aa4b7aeabac4ca1c_3202w.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\42bdc31b7f09c6fb3556c6cec8fcd476fbb49024666ee180aa4b7aeabac4ca1c_3202y.exe\"" | \??\c:\users\admin\appdata\local\temp\42bdc31b7f09c6fb3556c6cec8fcd476fbb49024666ee180aa4b7aeabac4ca1c_3202x.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\42bdc31b7f09c6fb3556c6cec8fcd476fbb49024666ee180aa4b7aeabac4ca1c_3202b.exe\"" | \??\c:\users\admin\appdata\local\temp\42bdc31b7f09c6fb3556c6cec8fcd476fbb49024666ee180aa4b7aeabac4ca1c_3202a.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\42bdc31b7f09c6fb3556c6cec8fcd476fbb49024666ee180aa4b7aeabac4ca1c_3202h.exe\"" | \??\c:\users\admin\appdata\local\temp\42bdc31b7f09c6fb3556c6cec8fcd476fbb49024666ee180aa4b7aeabac4ca1c_3202g.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C} | \??\c:\users\admin\appdata\local\temp\42bdc31b7f09c6fb3556c6cec8fcd476fbb49024666ee180aa4b7aeabac4ca1c_3202b.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 34eec3b6a9b8c2f5 | \??\c:\users\admin\appdata\local\temp\42bdc31b7f09c6fb3556c6cec8fcd476fbb49024666ee180aa4b7aeabac4ca1c_3202m.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 34eec3b6a9b8c2f5 | \??\c:\users\admin\appdata\local\temp\42bdc31b7f09c6fb3556c6cec8fcd476fbb49024666ee180aa4b7aeabac4ca1c_3202b.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C} | \??\c:\users\admin\appdata\local\temp\42bdc31b7f09c6fb3556c6cec8fcd476fbb49024666ee180aa4b7aeabac4ca1c_3202o.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 34eec3b6a9b8c2f5 | \??\c:\users\admin\appdata\local\temp\42bdc31b7f09c6fb3556c6cec8fcd476fbb49024666ee180aa4b7aeabac4ca1c_3202s.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C} | \??\c:\users\admin\appdata\local\temp\42bdc31b7f09c6fb3556c6cec8fcd476fbb49024666ee180aa4b7aeabac4ca1c_3202w.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 34eec3b6a9b8c2f5 | \??\c:\users\admin\appdata\local\temp\42bdc31b7f09c6fb3556c6cec8fcd476fbb49024666ee180aa4b7aeabac4ca1c_3202a.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C} | \??\c:\users\admin\appdata\local\temp\42bdc31b7f09c6fb3556c6cec8fcd476fbb49024666ee180aa4b7aeabac4ca1c_3202f.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C} | \??\c:\users\admin\appdata\local\temp\42bdc31b7f09c6fb3556c6cec8fcd476fbb49024666ee180aa4b7aeabac4ca1c_3202p.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 34eec3b6a9b8c2f5 | \??\c:\users\admin\appdata\local\temp\42bdc31b7f09c6fb3556c6cec8fcd476fbb49024666ee180aa4b7aeabac4ca1c_3202q.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C} | \??\c:\users\admin\appdata\local\temp\42bdc31b7f09c6fb3556c6cec8fcd476fbb49024666ee180aa4b7aeabac4ca1c_3202t.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 34eec3b6a9b8c2f5 | \??\c:\users\admin\appdata\local\temp\42bdc31b7f09c6fb3556c6cec8fcd476fbb49024666ee180aa4b7aeabac4ca1c_3202p.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C} | \??\c:\users\admin\appdata\local\temp\42bdc31b7f09c6fb3556c6cec8fcd476fbb49024666ee180aa4b7aeabac4ca1c_3202q.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C} | \??\c:\users\admin\appdata\local\temp\42bdc31b7f09c6fb3556c6cec8fcd476fbb49024666ee180aa4b7aeabac4ca1c_3202e.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C} | \??\c:\users\admin\appdata\local\temp\42bdc31b7f09c6fb3556c6cec8fcd476fbb49024666ee180aa4b7aeabac4ca1c_3202j.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 34eec3b6a9b8c2f5 | \??\c:\users\admin\appdata\local\temp\42bdc31b7f09c6fb3556c6cec8fcd476fbb49024666ee180aa4b7aeabac4ca1c_3202x.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C} | \??\c:\users\admin\appdata\local\temp\42bdc31b7f09c6fb3556c6cec8fcd476fbb49024666ee180aa4b7aeabac4ca1c_3202i.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 34eec3b6a9b8c2f5 | \??\c:\users\admin\appdata\local\temp\42bdc31b7f09c6fb3556c6cec8fcd476fbb49024666ee180aa4b7aeabac4ca1c_3202j.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C} | \??\c:\users\admin\appdata\local\temp\42bdc31b7f09c6fb3556c6cec8fcd476fbb49024666ee180aa4b7aeabac4ca1c_3202s.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 34eec3b6a9b8c2f5 | \??\c:\users\admin\appdata\local\temp\42bdc31b7f09c6fb3556c6cec8fcd476fbb49024666ee180aa4b7aeabac4ca1c_3202u.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 34eec3b6a9b8c2f5 | \??\c:\users\admin\appdata\local\temp\42bdc31b7f09c6fb3556c6cec8fcd476fbb49024666ee180aa4b7aeabac4ca1c_3202i.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C} | \??\c:\users\admin\appdata\local\temp\42bdc31b7f09c6fb3556c6cec8fcd476fbb49024666ee180aa4b7aeabac4ca1c_3202u.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 34eec3b6a9b8c2f5 | \??\c:\users\admin\appdata\local\temp\42bdc31b7f09c6fb3556c6cec8fcd476fbb49024666ee180aa4b7aeabac4ca1c_3202w.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C} | \??\c:\users\admin\appdata\local\temp\42bdc31b7f09c6fb3556c6cec8fcd476fbb49024666ee180aa4b7aeabac4ca1c_3202x.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 02f1942cc3ba2162 | \??\c:\users\admin\appdata\local\temp\42bdc31b7f09c6fb3556c6cec8fcd476fbb49024666ee180aa4b7aeabac4ca1c_3202y.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 34eec3b6a9b8c2f5 | \??\c:\users\admin\appdata\local\temp\42bdc31b7f09c6fb3556c6cec8fcd476fbb49024666ee180aa4b7aeabac4ca1c_3202g.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C} | \??\c:\users\admin\appdata\local\temp\42bdc31b7f09c6fb3556c6cec8fcd476fbb49024666ee180aa4b7aeabac4ca1c_3202h.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 34eec3b6a9b8c2f5 | \??\c:\users\admin\appdata\local\temp\42bdc31b7f09c6fb3556c6cec8fcd476fbb49024666ee180aa4b7aeabac4ca1c_3202l.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C} | C:\Users\Admin\AppData\Local\Temp\42bdc31b7f09c6fb3556c6cec8fcd476fbb49024666ee180aa4b7aeabac4ca1c.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C} | \??\c:\users\admin\appdata\local\temp\42bdc31b7f09c6fb3556c6cec8fcd476fbb49024666ee180aa4b7aeabac4ca1c_3202.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C} | \??\c:\users\admin\appdata\local\temp\42bdc31b7f09c6fb3556c6cec8fcd476fbb49024666ee180aa4b7aeabac4ca1c_3202a.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C} | \??\c:\users\admin\appdata\local\temp\42bdc31b7f09c6fb3556c6cec8fcd476fbb49024666ee180aa4b7aeabac4ca1c_3202c.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C} | \??\c:\users\admin\appdata\local\temp\42bdc31b7f09c6fb3556c6cec8fcd476fbb49024666ee180aa4b7aeabac4ca1c_3202d.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 34eec3b6a9b8c2f5 | \??\c:\users\admin\appdata\local\temp\42bdc31b7f09c6fb3556c6cec8fcd476fbb49024666ee180aa4b7aeabac4ca1c_3202n.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 34eec3b6a9b8c2f5 | C:\Users\Admin\AppData\Local\Temp\42bdc31b7f09c6fb3556c6cec8fcd476fbb49024666ee180aa4b7aeabac4ca1c.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 34eec3b6a9b8c2f5 | \??\c:\users\admin\appdata\local\temp\42bdc31b7f09c6fb3556c6cec8fcd476fbb49024666ee180aa4b7aeabac4ca1c_3202.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 34eec3b6a9b8c2f5 | \??\c:\users\admin\appdata\local\temp\42bdc31b7f09c6fb3556c6cec8fcd476fbb49024666ee180aa4b7aeabac4ca1c_3202c.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 34eec3b6a9b8c2f5 | \??\c:\users\admin\appdata\local\temp\42bdc31b7f09c6fb3556c6cec8fcd476fbb49024666ee180aa4b7aeabac4ca1c_3202k.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C} | \??\c:\users\admin\appdata\local\temp\42bdc31b7f09c6fb3556c6cec8fcd476fbb49024666ee180aa4b7aeabac4ca1c_3202m.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C} | \??\c:\users\admin\appdata\local\temp\42bdc31b7f09c6fb3556c6cec8fcd476fbb49024666ee180aa4b7aeabac4ca1c_3202g.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 34eec3b6a9b8c2f5 | \??\c:\users\admin\appdata\local\temp\42bdc31b7f09c6fb3556c6cec8fcd476fbb49024666ee180aa4b7aeabac4ca1c_3202o.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 34eec3b6a9b8c2f5 | \??\c:\users\admin\appdata\local\temp\42bdc31b7f09c6fb3556c6cec8fcd476fbb49024666ee180aa4b7aeabac4ca1c_3202r.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C} | \??\c:\users\admin\appdata\local\temp\42bdc31b7f09c6fb3556c6cec8fcd476fbb49024666ee180aa4b7aeabac4ca1c_3202k.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C} | \??\c:\users\admin\appdata\local\temp\42bdc31b7f09c6fb3556c6cec8fcd476fbb49024666ee180aa4b7aeabac4ca1c_3202r.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 34eec3b6a9b8c2f5 | \??\c:\users\admin\appdata\local\temp\42bdc31b7f09c6fb3556c6cec8fcd476fbb49024666ee180aa4b7aeabac4ca1c_3202f.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 34eec3b6a9b8c2f5 | \??\c:\users\admin\appdata\local\temp\42bdc31b7f09c6fb3556c6cec8fcd476fbb49024666ee180aa4b7aeabac4ca1c_3202h.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C} | \??\c:\users\admin\appdata\local\temp\42bdc31b7f09c6fb3556c6cec8fcd476fbb49024666ee180aa4b7aeabac4ca1c_3202l.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C} | \??\c:\users\admin\appdata\local\temp\42bdc31b7f09c6fb3556c6cec8fcd476fbb49024666ee180aa4b7aeabac4ca1c_3202n.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C} | \??\c:\users\admin\appdata\local\temp\42bdc31b7f09c6fb3556c6cec8fcd476fbb49024666ee180aa4b7aeabac4ca1c_3202v.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 34eec3b6a9b8c2f5 | \??\c:\users\admin\appdata\local\temp\42bdc31b7f09c6fb3556c6cec8fcd476fbb49024666ee180aa4b7aeabac4ca1c_3202e.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 34eec3b6a9b8c2f5 | \??\c:\users\admin\appdata\local\temp\42bdc31b7f09c6fb3556c6cec8fcd476fbb49024666ee180aa4b7aeabac4ca1c_3202t.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 34eec3b6a9b8c2f5 | \??\c:\users\admin\appdata\local\temp\42bdc31b7f09c6fb3556c6cec8fcd476fbb49024666ee180aa4b7aeabac4ca1c_3202d.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 34eec3b6a9b8c2f5 | \??\c:\users\admin\appdata\local\temp\42bdc31b7f09c6fb3556c6cec8fcd476fbb49024666ee180aa4b7aeabac4ca1c_3202v.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C} | \??\c:\users\admin\appdata\local\temp\42bdc31b7f09c6fb3556c6cec8fcd476fbb49024666ee180aa4b7aeabac4ca1c_3202y.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\42bdc31b7f09c6fb3556c6cec8fcd476fbb49024666ee180aa4b7aeabac4ca1c.exe
"C:\Users\Admin\AppData\Local\Temp\42bdc31b7f09c6fb3556c6cec8fcd476fbb49024666ee180aa4b7aeabac4ca1c.exe"
\??\c:\users\admin\appdata\local\temp\42bdc31b7f09c6fb3556c6cec8fcd476fbb49024666ee180aa4b7aeabac4ca1c_3202.exe
c:\users\admin\appdata\local\temp\42bdc31b7f09c6fb3556c6cec8fcd476fbb49024666ee180aa4b7aeabac4ca1c_3202.exe
\??\c:\users\admin\appdata\local\temp\42bdc31b7f09c6fb3556c6cec8fcd476fbb49024666ee180aa4b7aeabac4ca1c_3202a.exe
c:\users\admin\appdata\local\temp\42bdc31b7f09c6fb3556c6cec8fcd476fbb49024666ee180aa4b7aeabac4ca1c_3202a.exe
\??\c:\users\admin\appdata\local\temp\42bdc31b7f09c6fb3556c6cec8fcd476fbb49024666ee180aa4b7aeabac4ca1c_3202b.exe
c:\users\admin\appdata\local\temp\42bdc31b7f09c6fb3556c6cec8fcd476fbb49024666ee180aa4b7aeabac4ca1c_3202b.exe
\??\c:\users\admin\appdata\local\temp\42bdc31b7f09c6fb3556c6cec8fcd476fbb49024666ee180aa4b7aeabac4ca1c_3202c.exe
c:\users\admin\appdata\local\temp\42bdc31b7f09c6fb3556c6cec8fcd476fbb49024666ee180aa4b7aeabac4ca1c_3202c.exe
\??\c:\users\admin\appdata\local\temp\42bdc31b7f09c6fb3556c6cec8fcd476fbb49024666ee180aa4b7aeabac4ca1c_3202d.exe
c:\users\admin\appdata\local\temp\42bdc31b7f09c6fb3556c6cec8fcd476fbb49024666ee180aa4b7aeabac4ca1c_3202d.exe
\??\c:\users\admin\appdata\local\temp\42bdc31b7f09c6fb3556c6cec8fcd476fbb49024666ee180aa4b7aeabac4ca1c_3202e.exe
c:\users\admin\appdata\local\temp\42bdc31b7f09c6fb3556c6cec8fcd476fbb49024666ee180aa4b7aeabac4ca1c_3202e.exe
\??\c:\users\admin\appdata\local\temp\42bdc31b7f09c6fb3556c6cec8fcd476fbb49024666ee180aa4b7aeabac4ca1c_3202f.exe
c:\users\admin\appdata\local\temp\42bdc31b7f09c6fb3556c6cec8fcd476fbb49024666ee180aa4b7aeabac4ca1c_3202f.exe
\??\c:\users\admin\appdata\local\temp\42bdc31b7f09c6fb3556c6cec8fcd476fbb49024666ee180aa4b7aeabac4ca1c_3202g.exe
c:\users\admin\appdata\local\temp\42bdc31b7f09c6fb3556c6cec8fcd476fbb49024666ee180aa4b7aeabac4ca1c_3202g.exe
\??\c:\users\admin\appdata\local\temp\42bdc31b7f09c6fb3556c6cec8fcd476fbb49024666ee180aa4b7aeabac4ca1c_3202h.exe
c:\users\admin\appdata\local\temp\42bdc31b7f09c6fb3556c6cec8fcd476fbb49024666ee180aa4b7aeabac4ca1c_3202h.exe
\??\c:\users\admin\appdata\local\temp\42bdc31b7f09c6fb3556c6cec8fcd476fbb49024666ee180aa4b7aeabac4ca1c_3202i.exe
c:\users\admin\appdata\local\temp\42bdc31b7f09c6fb3556c6cec8fcd476fbb49024666ee180aa4b7aeabac4ca1c_3202i.exe
\??\c:\users\admin\appdata\local\temp\42bdc31b7f09c6fb3556c6cec8fcd476fbb49024666ee180aa4b7aeabac4ca1c_3202j.exe
c:\users\admin\appdata\local\temp\42bdc31b7f09c6fb3556c6cec8fcd476fbb49024666ee180aa4b7aeabac4ca1c_3202j.exe
\??\c:\users\admin\appdata\local\temp\42bdc31b7f09c6fb3556c6cec8fcd476fbb49024666ee180aa4b7aeabac4ca1c_3202k.exe
c:\users\admin\appdata\local\temp\42bdc31b7f09c6fb3556c6cec8fcd476fbb49024666ee180aa4b7aeabac4ca1c_3202k.exe
\??\c:\users\admin\appdata\local\temp\42bdc31b7f09c6fb3556c6cec8fcd476fbb49024666ee180aa4b7aeabac4ca1c_3202l.exe
c:\users\admin\appdata\local\temp\42bdc31b7f09c6fb3556c6cec8fcd476fbb49024666ee180aa4b7aeabac4ca1c_3202l.exe
\??\c:\users\admin\appdata\local\temp\42bdc31b7f09c6fb3556c6cec8fcd476fbb49024666ee180aa4b7aeabac4ca1c_3202m.exe
c:\users\admin\appdata\local\temp\42bdc31b7f09c6fb3556c6cec8fcd476fbb49024666ee180aa4b7aeabac4ca1c_3202m.exe
\??\c:\users\admin\appdata\local\temp\42bdc31b7f09c6fb3556c6cec8fcd476fbb49024666ee180aa4b7aeabac4ca1c_3202n.exe
c:\users\admin\appdata\local\temp\42bdc31b7f09c6fb3556c6cec8fcd476fbb49024666ee180aa4b7aeabac4ca1c_3202n.exe
\??\c:\users\admin\appdata\local\temp\42bdc31b7f09c6fb3556c6cec8fcd476fbb49024666ee180aa4b7aeabac4ca1c_3202o.exe
c:\users\admin\appdata\local\temp\42bdc31b7f09c6fb3556c6cec8fcd476fbb49024666ee180aa4b7aeabac4ca1c_3202o.exe
\??\c:\users\admin\appdata\local\temp\42bdc31b7f09c6fb3556c6cec8fcd476fbb49024666ee180aa4b7aeabac4ca1c_3202p.exe
c:\users\admin\appdata\local\temp\42bdc31b7f09c6fb3556c6cec8fcd476fbb49024666ee180aa4b7aeabac4ca1c_3202p.exe
\??\c:\users\admin\appdata\local\temp\42bdc31b7f09c6fb3556c6cec8fcd476fbb49024666ee180aa4b7aeabac4ca1c_3202q.exe
c:\users\admin\appdata\local\temp\42bdc31b7f09c6fb3556c6cec8fcd476fbb49024666ee180aa4b7aeabac4ca1c_3202q.exe
\??\c:\users\admin\appdata\local\temp\42bdc31b7f09c6fb3556c6cec8fcd476fbb49024666ee180aa4b7aeabac4ca1c_3202r.exe
c:\users\admin\appdata\local\temp\42bdc31b7f09c6fb3556c6cec8fcd476fbb49024666ee180aa4b7aeabac4ca1c_3202r.exe
\??\c:\users\admin\appdata\local\temp\42bdc31b7f09c6fb3556c6cec8fcd476fbb49024666ee180aa4b7aeabac4ca1c_3202s.exe
c:\users\admin\appdata\local\temp\42bdc31b7f09c6fb3556c6cec8fcd476fbb49024666ee180aa4b7aeabac4ca1c_3202s.exe
\??\c:\users\admin\appdata\local\temp\42bdc31b7f09c6fb3556c6cec8fcd476fbb49024666ee180aa4b7aeabac4ca1c_3202t.exe
c:\users\admin\appdata\local\temp\42bdc31b7f09c6fb3556c6cec8fcd476fbb49024666ee180aa4b7aeabac4ca1c_3202t.exe
\??\c:\users\admin\appdata\local\temp\42bdc31b7f09c6fb3556c6cec8fcd476fbb49024666ee180aa4b7aeabac4ca1c_3202u.exe
c:\users\admin\appdata\local\temp\42bdc31b7f09c6fb3556c6cec8fcd476fbb49024666ee180aa4b7aeabac4ca1c_3202u.exe
\??\c:\users\admin\appdata\local\temp\42bdc31b7f09c6fb3556c6cec8fcd476fbb49024666ee180aa4b7aeabac4ca1c_3202v.exe
c:\users\admin\appdata\local\temp\42bdc31b7f09c6fb3556c6cec8fcd476fbb49024666ee180aa4b7aeabac4ca1c_3202v.exe
\??\c:\users\admin\appdata\local\temp\42bdc31b7f09c6fb3556c6cec8fcd476fbb49024666ee180aa4b7aeabac4ca1c_3202w.exe
c:\users\admin\appdata\local\temp\42bdc31b7f09c6fb3556c6cec8fcd476fbb49024666ee180aa4b7aeabac4ca1c_3202w.exe
\??\c:\users\admin\appdata\local\temp\42bdc31b7f09c6fb3556c6cec8fcd476fbb49024666ee180aa4b7aeabac4ca1c_3202x.exe
c:\users\admin\appdata\local\temp\42bdc31b7f09c6fb3556c6cec8fcd476fbb49024666ee180aa4b7aeabac4ca1c_3202x.exe
\??\c:\users\admin\appdata\local\temp\42bdc31b7f09c6fb3556c6cec8fcd476fbb49024666ee180aa4b7aeabac4ca1c_3202y.exe
c:\users\admin\appdata\local\temp\42bdc31b7f09c6fb3556c6cec8fcd476fbb49024666ee180aa4b7aeabac4ca1c_3202y.exe
Network
Files
memory/1924-0-0x0000000000400000-0x000000000043B000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\42bdc31b7f09c6fb3556c6cec8fcd476fbb49024666ee180aa4b7aeabac4ca1c_3202.exe
| MD5 | 48407d59b283b105a5dcd0e62543dea6 |
| SHA1 | 8cc75b6db991817eca6310dd43493cbb734f0642 |
| SHA256 | 0cbf1c14e048df8f23fc02aaae1831cfa8db54e5f9660ed37bd58c8f7bb1dc44 |
| SHA512 | e934e9c9dd0baca9f7d861f7859e0b65809f46b043f5545dbd6a9a5fde5854e42a3efb8d674591f714d2c25d3c7c5d4b8b949a5826b068826cac00b4c52d0106 |
memory/2320-15-0x0000000000400000-0x000000000043B000-memory.dmp
memory/1924-12-0x0000000000400000-0x000000000043B000-memory.dmp
memory/2576-29-0x0000000000400000-0x000000000043B000-memory.dmp
memory/2320-27-0x0000000000400000-0x000000000043B000-memory.dmp
memory/2576-42-0x0000000000400000-0x000000000043B000-memory.dmp
memory/2772-58-0x0000000000400000-0x000000000043B000-memory.dmp
memory/2700-56-0x0000000000400000-0x000000000043B000-memory.dmp
memory/2772-72-0x0000000000400000-0x000000000043B000-memory.dmp
memory/2392-79-0x0000000000400000-0x000000000043B000-memory.dmp
memory/2392-87-0x0000000000400000-0x000000000043B000-memory.dmp
memory/2444-88-0x0000000000400000-0x000000000043B000-memory.dmp
memory/2444-102-0x0000000000400000-0x000000000043B000-memory.dmp
memory/2564-103-0x0000000000400000-0x000000000043B000-memory.dmp
\Users\Admin\AppData\Local\Temp\42bdc31b7f09c6fb3556c6cec8fcd476fbb49024666ee180aa4b7aeabac4ca1c_3202g.exe
| MD5 | dceb14661310d5af2c423f722a7477b1 |
| SHA1 | 92a57631daeacd3769df4e1f834c5feab90bf830 |
| SHA256 | 3a05388d9bfa39f3df57172d6b4ad6d7f5e9cfabc82125616b0aaea2448ddb21 |
| SHA512 | c47d65e372be88a830fe5da0120d21726bc719442fa633970eb6766f1e5593c45f55292b9804fa4b318f0ad4874e0a70e5ff1c6f99e93af00eaa9d7b3aa3d340 |
memory/2564-116-0x0000000000400000-0x000000000043B000-memory.dmp
memory/2760-124-0x0000000000400000-0x000000000043B000-memory.dmp
memory/2760-132-0x0000000000400000-0x000000000043B000-memory.dmp
memory/1508-145-0x0000000000400000-0x000000000043B000-memory.dmp
memory/2280-161-0x0000000000400000-0x000000000043B000-memory.dmp
memory/2280-159-0x0000000000270000-0x00000000002AB000-memory.dmp
memory/1600-175-0x0000000000400000-0x000000000043B000-memory.dmp
memory/1600-170-0x0000000000540000-0x000000000057B000-memory.dmp
memory/1932-192-0x0000000000400000-0x000000000043B000-memory.dmp
memory/2044-190-0x0000000000400000-0x000000000043B000-memory.dmp
memory/1932-204-0x0000000000400000-0x000000000043B000-memory.dmp
memory/2088-218-0x00000000002E0000-0x000000000031B000-memory.dmp
memory/2088-220-0x0000000000400000-0x000000000043B000-memory.dmp
memory/480-221-0x0000000000400000-0x000000000043B000-memory.dmp
memory/480-234-0x0000000000400000-0x000000000043B000-memory.dmp
memory/1704-247-0x0000000000400000-0x000000000043B000-memory.dmp
memory/1704-248-0x0000000000290000-0x00000000002CB000-memory.dmp
memory/1704-246-0x0000000000290000-0x00000000002CB000-memory.dmp
memory/920-258-0x0000000000400000-0x000000000043B000-memory.dmp
memory/2996-259-0x0000000000400000-0x000000000043B000-memory.dmp
memory/2996-269-0x0000000000400000-0x000000000043B000-memory.dmp
memory/804-280-0x0000000000400000-0x000000000043B000-memory.dmp
memory/992-279-0x0000000000400000-0x000000000043B000-memory.dmp
memory/804-290-0x0000000000400000-0x000000000043B000-memory.dmp
memory/240-300-0x0000000000400000-0x000000000043B000-memory.dmp
memory/2096-310-0x0000000000400000-0x000000000043B000-memory.dmp
memory/2084-320-0x0000000000400000-0x000000000043B000-memory.dmp
memory/1864-322-0x0000000000400000-0x000000000043B000-memory.dmp
memory/1704-321-0x0000000000290000-0x00000000002CB000-memory.dmp
memory/1864-332-0x0000000000400000-0x000000000043B000-memory.dmp
memory/1696-338-0x0000000000400000-0x000000000043B000-memory.dmp
memory/1696-340-0x00000000003B0000-0x00000000003EB000-memory.dmp
memory/1696-344-0x0000000000400000-0x000000000043B000-memory.dmp
memory/2012-347-0x0000000000400000-0x000000000043B000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-13 22:09
Reported
2024-06-13 22:11
Platform
win10v2004-20240508-en
Max time kernel
51s
Max time network
52s
Command Line
Signatures
Executes dropped EXE
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\42bdc31b7f09c6fb3556c6cec8fcd476fbb49024666ee180aa4b7aeabac4ca1c_3202j.exe\"" | \??\c:\users\admin\appdata\local\temp\42bdc31b7f09c6fb3556c6cec8fcd476fbb49024666ee180aa4b7aeabac4ca1c_3202i.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\42bdc31b7f09c6fb3556c6cec8fcd476fbb49024666ee180aa4b7aeabac4ca1c_3202u.exe\"" | \??\c:\users\admin\appdata\local\temp\42bdc31b7f09c6fb3556c6cec8fcd476fbb49024666ee180aa4b7aeabac4ca1c_3202t.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\42bdc31b7f09c6fb3556c6cec8fcd476fbb49024666ee180aa4b7aeabac4ca1c_3202y.exe\"" | \??\c:\users\admin\appdata\local\temp\42bdc31b7f09c6fb3556c6cec8fcd476fbb49024666ee180aa4b7aeabac4ca1c_3202x.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\42bdc31b7f09c6fb3556c6cec8fcd476fbb49024666ee180aa4b7aeabac4ca1c_3202a.exe\"" | \??\c:\users\admin\appdata\local\temp\42bdc31b7f09c6fb3556c6cec8fcd476fbb49024666ee180aa4b7aeabac4ca1c_3202.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\42bdc31b7f09c6fb3556c6cec8fcd476fbb49024666ee180aa4b7aeabac4ca1c_3202d.exe\"" | \??\c:\users\admin\appdata\local\temp\42bdc31b7f09c6fb3556c6cec8fcd476fbb49024666ee180aa4b7aeabac4ca1c_3202c.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\42bdc31b7f09c6fb3556c6cec8fcd476fbb49024666ee180aa4b7aeabac4ca1c_3202f.exe\"" | \??\c:\users\admin\appdata\local\temp\42bdc31b7f09c6fb3556c6cec8fcd476fbb49024666ee180aa4b7aeabac4ca1c_3202e.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\42bdc31b7f09c6fb3556c6cec8fcd476fbb49024666ee180aa4b7aeabac4ca1c_3202p.exe\"" | \??\c:\users\admin\appdata\local\temp\42bdc31b7f09c6fb3556c6cec8fcd476fbb49024666ee180aa4b7aeabac4ca1c_3202o.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\42bdc31b7f09c6fb3556c6cec8fcd476fbb49024666ee180aa4b7aeabac4ca1c_3202x.exe\"" | \??\c:\users\admin\appdata\local\temp\42bdc31b7f09c6fb3556c6cec8fcd476fbb49024666ee180aa4b7aeabac4ca1c_3202w.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\42bdc31b7f09c6fb3556c6cec8fcd476fbb49024666ee180aa4b7aeabac4ca1c_3202b.exe\"" | \??\c:\users\admin\appdata\local\temp\42bdc31b7f09c6fb3556c6cec8fcd476fbb49024666ee180aa4b7aeabac4ca1c_3202a.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\42bdc31b7f09c6fb3556c6cec8fcd476fbb49024666ee180aa4b7aeabac4ca1c_3202v.exe\"" | \??\c:\users\admin\appdata\local\temp\42bdc31b7f09c6fb3556c6cec8fcd476fbb49024666ee180aa4b7aeabac4ca1c_3202u.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\42bdc31b7f09c6fb3556c6cec8fcd476fbb49024666ee180aa4b7aeabac4ca1c_3202w.exe\"" | \??\c:\users\admin\appdata\local\temp\42bdc31b7f09c6fb3556c6cec8fcd476fbb49024666ee180aa4b7aeabac4ca1c_3202v.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\42bdc31b7f09c6fb3556c6cec8fcd476fbb49024666ee180aa4b7aeabac4ca1c_3202k.exe\"" | \??\c:\users\admin\appdata\local\temp\42bdc31b7f09c6fb3556c6cec8fcd476fbb49024666ee180aa4b7aeabac4ca1c_3202j.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\42bdc31b7f09c6fb3556c6cec8fcd476fbb49024666ee180aa4b7aeabac4ca1c_3202r.exe\"" | \??\c:\users\admin\appdata\local\temp\42bdc31b7f09c6fb3556c6cec8fcd476fbb49024666ee180aa4b7aeabac4ca1c_3202q.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\42bdc31b7f09c6fb3556c6cec8fcd476fbb49024666ee180aa4b7aeabac4ca1c_3202.exe\"" | C:\Users\Admin\AppData\Local\Temp\42bdc31b7f09c6fb3556c6cec8fcd476fbb49024666ee180aa4b7aeabac4ca1c.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\42bdc31b7f09c6fb3556c6cec8fcd476fbb49024666ee180aa4b7aeabac4ca1c_3202g.exe\"" | \??\c:\users\admin\appdata\local\temp\42bdc31b7f09c6fb3556c6cec8fcd476fbb49024666ee180aa4b7aeabac4ca1c_3202f.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\42bdc31b7f09c6fb3556c6cec8fcd476fbb49024666ee180aa4b7aeabac4ca1c_3202h.exe\"" | \??\c:\users\admin\appdata\local\temp\42bdc31b7f09c6fb3556c6cec8fcd476fbb49024666ee180aa4b7aeabac4ca1c_3202g.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\42bdc31b7f09c6fb3556c6cec8fcd476fbb49024666ee180aa4b7aeabac4ca1c_3202i.exe\"" | \??\c:\users\admin\appdata\local\temp\42bdc31b7f09c6fb3556c6cec8fcd476fbb49024666ee180aa4b7aeabac4ca1c_3202h.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\42bdc31b7f09c6fb3556c6cec8fcd476fbb49024666ee180aa4b7aeabac4ca1c_3202s.exe\"" | \??\c:\users\admin\appdata\local\temp\42bdc31b7f09c6fb3556c6cec8fcd476fbb49024666ee180aa4b7aeabac4ca1c_3202r.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\42bdc31b7f09c6fb3556c6cec8fcd476fbb49024666ee180aa4b7aeabac4ca1c_3202t.exe\"" | \??\c:\users\admin\appdata\local\temp\42bdc31b7f09c6fb3556c6cec8fcd476fbb49024666ee180aa4b7aeabac4ca1c_3202s.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\42bdc31b7f09c6fb3556c6cec8fcd476fbb49024666ee180aa4b7aeabac4ca1c_3202n.exe\"" | \??\c:\users\admin\appdata\local\temp\42bdc31b7f09c6fb3556c6cec8fcd476fbb49024666ee180aa4b7aeabac4ca1c_3202m.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\42bdc31b7f09c6fb3556c6cec8fcd476fbb49024666ee180aa4b7aeabac4ca1c_3202m.exe\"" | \??\c:\users\admin\appdata\local\temp\42bdc31b7f09c6fb3556c6cec8fcd476fbb49024666ee180aa4b7aeabac4ca1c_3202l.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\42bdc31b7f09c6fb3556c6cec8fcd476fbb49024666ee180aa4b7aeabac4ca1c_3202o.exe\"" | \??\c:\users\admin\appdata\local\temp\42bdc31b7f09c6fb3556c6cec8fcd476fbb49024666ee180aa4b7aeabac4ca1c_3202n.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\42bdc31b7f09c6fb3556c6cec8fcd476fbb49024666ee180aa4b7aeabac4ca1c_3202q.exe\"" | \??\c:\users\admin\appdata\local\temp\42bdc31b7f09c6fb3556c6cec8fcd476fbb49024666ee180aa4b7aeabac4ca1c_3202p.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\42bdc31b7f09c6fb3556c6cec8fcd476fbb49024666ee180aa4b7aeabac4ca1c_3202c.exe\"" | \??\c:\users\admin\appdata\local\temp\42bdc31b7f09c6fb3556c6cec8fcd476fbb49024666ee180aa4b7aeabac4ca1c_3202b.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\42bdc31b7f09c6fb3556c6cec8fcd476fbb49024666ee180aa4b7aeabac4ca1c_3202e.exe\"" | \??\c:\users\admin\appdata\local\temp\42bdc31b7f09c6fb3556c6cec8fcd476fbb49024666ee180aa4b7aeabac4ca1c_3202d.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\42bdc31b7f09c6fb3556c6cec8fcd476fbb49024666ee180aa4b7aeabac4ca1c_3202l.exe\"" | \??\c:\users\admin\appdata\local\temp\42bdc31b7f09c6fb3556c6cec8fcd476fbb49024666ee180aa4b7aeabac4ca1c_3202k.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = f2338261d44d6244 | \??\c:\users\admin\appdata\local\temp\42bdc31b7f09c6fb3556c6cec8fcd476fbb49024666ee180aa4b7aeabac4ca1c_3202u.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = f2338261d44d6244 | \??\c:\users\admin\appdata\local\temp\42bdc31b7f09c6fb3556c6cec8fcd476fbb49024666ee180aa4b7aeabac4ca1c_3202y.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = f2338261d44d6244 | \??\c:\users\admin\appdata\local\temp\42bdc31b7f09c6fb3556c6cec8fcd476fbb49024666ee180aa4b7aeabac4ca1c_3202x.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = f2338261d44d6244 | \??\c:\users\admin\appdata\local\temp\42bdc31b7f09c6fb3556c6cec8fcd476fbb49024666ee180aa4b7aeabac4ca1c_3202c.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = f2338261d44d6244 | \??\c:\users\admin\appdata\local\temp\42bdc31b7f09c6fb3556c6cec8fcd476fbb49024666ee180aa4b7aeabac4ca1c_3202d.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C} | \??\c:\users\admin\appdata\local\temp\42bdc31b7f09c6fb3556c6cec8fcd476fbb49024666ee180aa4b7aeabac4ca1c_3202j.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = f2338261d44d6244 | \??\c:\users\admin\appdata\local\temp\42bdc31b7f09c6fb3556c6cec8fcd476fbb49024666ee180aa4b7aeabac4ca1c_3202j.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C} | \??\c:\users\admin\appdata\local\temp\42bdc31b7f09c6fb3556c6cec8fcd476fbb49024666ee180aa4b7aeabac4ca1c_3202n.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = f2338261d44d6244 | \??\c:\users\admin\appdata\local\temp\42bdc31b7f09c6fb3556c6cec8fcd476fbb49024666ee180aa4b7aeabac4ca1c_3202w.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C} | \??\c:\users\admin\appdata\local\temp\42bdc31b7f09c6fb3556c6cec8fcd476fbb49024666ee180aa4b7aeabac4ca1c_3202y.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C} | \??\c:\users\admin\appdata\local\temp\42bdc31b7f09c6fb3556c6cec8fcd476fbb49024666ee180aa4b7aeabac4ca1c_3202.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = f2338261d44d6244 | \??\c:\users\admin\appdata\local\temp\42bdc31b7f09c6fb3556c6cec8fcd476fbb49024666ee180aa4b7aeabac4ca1c_3202i.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = f2338261d44d6244 | \??\c:\users\admin\appdata\local\temp\42bdc31b7f09c6fb3556c6cec8fcd476fbb49024666ee180aa4b7aeabac4ca1c_3202l.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = f2338261d44d6244 | \??\c:\users\admin\appdata\local\temp\42bdc31b7f09c6fb3556c6cec8fcd476fbb49024666ee180aa4b7aeabac4ca1c_3202o.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = f2338261d44d6244 | \??\c:\users\admin\appdata\local\temp\42bdc31b7f09c6fb3556c6cec8fcd476fbb49024666ee180aa4b7aeabac4ca1c_3202s.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C} | \??\c:\users\admin\appdata\local\temp\42bdc31b7f09c6fb3556c6cec8fcd476fbb49024666ee180aa4b7aeabac4ca1c_3202k.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = f2338261d44d6244 | \??\c:\users\admin\appdata\local\temp\42bdc31b7f09c6fb3556c6cec8fcd476fbb49024666ee180aa4b7aeabac4ca1c_3202p.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C} | \??\c:\users\admin\appdata\local\temp\42bdc31b7f09c6fb3556c6cec8fcd476fbb49024666ee180aa4b7aeabac4ca1c_3202a.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C} | \??\c:\users\admin\appdata\local\temp\42bdc31b7f09c6fb3556c6cec8fcd476fbb49024666ee180aa4b7aeabac4ca1c_3202i.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C} | \??\c:\users\admin\appdata\local\temp\42bdc31b7f09c6fb3556c6cec8fcd476fbb49024666ee180aa4b7aeabac4ca1c_3202r.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C} | \??\c:\users\admin\appdata\local\temp\42bdc31b7f09c6fb3556c6cec8fcd476fbb49024666ee180aa4b7aeabac4ca1c_3202u.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = f2338261d44d6244 | \??\c:\users\admin\appdata\local\temp\42bdc31b7f09c6fb3556c6cec8fcd476fbb49024666ee180aa4b7aeabac4ca1c_3202v.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C} | C:\Users\Admin\AppData\Local\Temp\42bdc31b7f09c6fb3556c6cec8fcd476fbb49024666ee180aa4b7aeabac4ca1c.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = f2338261d44d6244 | C:\Users\Admin\AppData\Local\Temp\42bdc31b7f09c6fb3556c6cec8fcd476fbb49024666ee180aa4b7aeabac4ca1c.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = f2338261d44d6244 | \??\c:\users\admin\appdata\local\temp\42bdc31b7f09c6fb3556c6cec8fcd476fbb49024666ee180aa4b7aeabac4ca1c_3202b.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = f2338261d44d6244 | \??\c:\users\admin\appdata\local\temp\42bdc31b7f09c6fb3556c6cec8fcd476fbb49024666ee180aa4b7aeabac4ca1c_3202f.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = f2338261d44d6244 | \??\c:\users\admin\appdata\local\temp\42bdc31b7f09c6fb3556c6cec8fcd476fbb49024666ee180aa4b7aeabac4ca1c_3202n.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = f2338261d44d6244 | \??\c:\users\admin\appdata\local\temp\42bdc31b7f09c6fb3556c6cec8fcd476fbb49024666ee180aa4b7aeabac4ca1c_3202k.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = f2338261d44d6244 | \??\c:\users\admin\appdata\local\temp\42bdc31b7f09c6fb3556c6cec8fcd476fbb49024666ee180aa4b7aeabac4ca1c_3202t.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = f2338261d44d6244 | \??\c:\users\admin\appdata\local\temp\42bdc31b7f09c6fb3556c6cec8fcd476fbb49024666ee180aa4b7aeabac4ca1c_3202.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C} | \??\c:\users\admin\appdata\local\temp\42bdc31b7f09c6fb3556c6cec8fcd476fbb49024666ee180aa4b7aeabac4ca1c_3202g.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C} | \??\c:\users\admin\appdata\local\temp\42bdc31b7f09c6fb3556c6cec8fcd476fbb49024666ee180aa4b7aeabac4ca1c_3202o.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = f2338261d44d6244 | \??\c:\users\admin\appdata\local\temp\42bdc31b7f09c6fb3556c6cec8fcd476fbb49024666ee180aa4b7aeabac4ca1c_3202r.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C} | \??\c:\users\admin\appdata\local\temp\42bdc31b7f09c6fb3556c6cec8fcd476fbb49024666ee180aa4b7aeabac4ca1c_3202s.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = f2338261d44d6244 | \??\c:\users\admin\appdata\local\temp\42bdc31b7f09c6fb3556c6cec8fcd476fbb49024666ee180aa4b7aeabac4ca1c_3202a.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C} | \??\c:\users\admin\appdata\local\temp\42bdc31b7f09c6fb3556c6cec8fcd476fbb49024666ee180aa4b7aeabac4ca1c_3202d.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C} | \??\c:\users\admin\appdata\local\temp\42bdc31b7f09c6fb3556c6cec8fcd476fbb49024666ee180aa4b7aeabac4ca1c_3202q.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = f2338261d44d6244 | \??\c:\users\admin\appdata\local\temp\42bdc31b7f09c6fb3556c6cec8fcd476fbb49024666ee180aa4b7aeabac4ca1c_3202q.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = f2338261d44d6244 | \??\c:\users\admin\appdata\local\temp\42bdc31b7f09c6fb3556c6cec8fcd476fbb49024666ee180aa4b7aeabac4ca1c_3202e.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C} | \??\c:\users\admin\appdata\local\temp\42bdc31b7f09c6fb3556c6cec8fcd476fbb49024666ee180aa4b7aeabac4ca1c_3202l.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C} | \??\c:\users\admin\appdata\local\temp\42bdc31b7f09c6fb3556c6cec8fcd476fbb49024666ee180aa4b7aeabac4ca1c_3202m.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = f2338261d44d6244 | \??\c:\users\admin\appdata\local\temp\42bdc31b7f09c6fb3556c6cec8fcd476fbb49024666ee180aa4b7aeabac4ca1c_3202m.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = f2338261d44d6244 | \??\c:\users\admin\appdata\local\temp\42bdc31b7f09c6fb3556c6cec8fcd476fbb49024666ee180aa4b7aeabac4ca1c_3202g.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C} | \??\c:\users\admin\appdata\local\temp\42bdc31b7f09c6fb3556c6cec8fcd476fbb49024666ee180aa4b7aeabac4ca1c_3202w.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C} | \??\c:\users\admin\appdata\local\temp\42bdc31b7f09c6fb3556c6cec8fcd476fbb49024666ee180aa4b7aeabac4ca1c_3202f.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C} | \??\c:\users\admin\appdata\local\temp\42bdc31b7f09c6fb3556c6cec8fcd476fbb49024666ee180aa4b7aeabac4ca1c_3202h.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = f2338261d44d6244 | \??\c:\users\admin\appdata\local\temp\42bdc31b7f09c6fb3556c6cec8fcd476fbb49024666ee180aa4b7aeabac4ca1c_3202h.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C} | \??\c:\users\admin\appdata\local\temp\42bdc31b7f09c6fb3556c6cec8fcd476fbb49024666ee180aa4b7aeabac4ca1c_3202p.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C} | \??\c:\users\admin\appdata\local\temp\42bdc31b7f09c6fb3556c6cec8fcd476fbb49024666ee180aa4b7aeabac4ca1c_3202v.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C} | \??\c:\users\admin\appdata\local\temp\42bdc31b7f09c6fb3556c6cec8fcd476fbb49024666ee180aa4b7aeabac4ca1c_3202e.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C} | \??\c:\users\admin\appdata\local\temp\42bdc31b7f09c6fb3556c6cec8fcd476fbb49024666ee180aa4b7aeabac4ca1c_3202t.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C} | \??\c:\users\admin\appdata\local\temp\42bdc31b7f09c6fb3556c6cec8fcd476fbb49024666ee180aa4b7aeabac4ca1c_3202c.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C} | \??\c:\users\admin\appdata\local\temp\42bdc31b7f09c6fb3556c6cec8fcd476fbb49024666ee180aa4b7aeabac4ca1c_3202b.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C} | \??\c:\users\admin\appdata\local\temp\42bdc31b7f09c6fb3556c6cec8fcd476fbb49024666ee180aa4b7aeabac4ca1c_3202x.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\42bdc31b7f09c6fb3556c6cec8fcd476fbb49024666ee180aa4b7aeabac4ca1c.exe
"C:\Users\Admin\AppData\Local\Temp\42bdc31b7f09c6fb3556c6cec8fcd476fbb49024666ee180aa4b7aeabac4ca1c.exe"
\??\c:\users\admin\appdata\local\temp\42bdc31b7f09c6fb3556c6cec8fcd476fbb49024666ee180aa4b7aeabac4ca1c_3202.exe
c:\users\admin\appdata\local\temp\42bdc31b7f09c6fb3556c6cec8fcd476fbb49024666ee180aa4b7aeabac4ca1c_3202.exe
\??\c:\users\admin\appdata\local\temp\42bdc31b7f09c6fb3556c6cec8fcd476fbb49024666ee180aa4b7aeabac4ca1c_3202a.exe
c:\users\admin\appdata\local\temp\42bdc31b7f09c6fb3556c6cec8fcd476fbb49024666ee180aa4b7aeabac4ca1c_3202a.exe
\??\c:\users\admin\appdata\local\temp\42bdc31b7f09c6fb3556c6cec8fcd476fbb49024666ee180aa4b7aeabac4ca1c_3202b.exe
c:\users\admin\appdata\local\temp\42bdc31b7f09c6fb3556c6cec8fcd476fbb49024666ee180aa4b7aeabac4ca1c_3202b.exe
\??\c:\users\admin\appdata\local\temp\42bdc31b7f09c6fb3556c6cec8fcd476fbb49024666ee180aa4b7aeabac4ca1c_3202c.exe
c:\users\admin\appdata\local\temp\42bdc31b7f09c6fb3556c6cec8fcd476fbb49024666ee180aa4b7aeabac4ca1c_3202c.exe
\??\c:\users\admin\appdata\local\temp\42bdc31b7f09c6fb3556c6cec8fcd476fbb49024666ee180aa4b7aeabac4ca1c_3202d.exe
c:\users\admin\appdata\local\temp\42bdc31b7f09c6fb3556c6cec8fcd476fbb49024666ee180aa4b7aeabac4ca1c_3202d.exe
\??\c:\users\admin\appdata\local\temp\42bdc31b7f09c6fb3556c6cec8fcd476fbb49024666ee180aa4b7aeabac4ca1c_3202e.exe
c:\users\admin\appdata\local\temp\42bdc31b7f09c6fb3556c6cec8fcd476fbb49024666ee180aa4b7aeabac4ca1c_3202e.exe
\??\c:\users\admin\appdata\local\temp\42bdc31b7f09c6fb3556c6cec8fcd476fbb49024666ee180aa4b7aeabac4ca1c_3202f.exe
c:\users\admin\appdata\local\temp\42bdc31b7f09c6fb3556c6cec8fcd476fbb49024666ee180aa4b7aeabac4ca1c_3202f.exe
\??\c:\users\admin\appdata\local\temp\42bdc31b7f09c6fb3556c6cec8fcd476fbb49024666ee180aa4b7aeabac4ca1c_3202g.exe
c:\users\admin\appdata\local\temp\42bdc31b7f09c6fb3556c6cec8fcd476fbb49024666ee180aa4b7aeabac4ca1c_3202g.exe
\??\c:\users\admin\appdata\local\temp\42bdc31b7f09c6fb3556c6cec8fcd476fbb49024666ee180aa4b7aeabac4ca1c_3202h.exe
c:\users\admin\appdata\local\temp\42bdc31b7f09c6fb3556c6cec8fcd476fbb49024666ee180aa4b7aeabac4ca1c_3202h.exe
\??\c:\users\admin\appdata\local\temp\42bdc31b7f09c6fb3556c6cec8fcd476fbb49024666ee180aa4b7aeabac4ca1c_3202i.exe
c:\users\admin\appdata\local\temp\42bdc31b7f09c6fb3556c6cec8fcd476fbb49024666ee180aa4b7aeabac4ca1c_3202i.exe
\??\c:\users\admin\appdata\local\temp\42bdc31b7f09c6fb3556c6cec8fcd476fbb49024666ee180aa4b7aeabac4ca1c_3202j.exe
c:\users\admin\appdata\local\temp\42bdc31b7f09c6fb3556c6cec8fcd476fbb49024666ee180aa4b7aeabac4ca1c_3202j.exe
\??\c:\users\admin\appdata\local\temp\42bdc31b7f09c6fb3556c6cec8fcd476fbb49024666ee180aa4b7aeabac4ca1c_3202k.exe
c:\users\admin\appdata\local\temp\42bdc31b7f09c6fb3556c6cec8fcd476fbb49024666ee180aa4b7aeabac4ca1c_3202k.exe
\??\c:\users\admin\appdata\local\temp\42bdc31b7f09c6fb3556c6cec8fcd476fbb49024666ee180aa4b7aeabac4ca1c_3202l.exe
c:\users\admin\appdata\local\temp\42bdc31b7f09c6fb3556c6cec8fcd476fbb49024666ee180aa4b7aeabac4ca1c_3202l.exe
\??\c:\users\admin\appdata\local\temp\42bdc31b7f09c6fb3556c6cec8fcd476fbb49024666ee180aa4b7aeabac4ca1c_3202m.exe
c:\users\admin\appdata\local\temp\42bdc31b7f09c6fb3556c6cec8fcd476fbb49024666ee180aa4b7aeabac4ca1c_3202m.exe
\??\c:\users\admin\appdata\local\temp\42bdc31b7f09c6fb3556c6cec8fcd476fbb49024666ee180aa4b7aeabac4ca1c_3202n.exe
c:\users\admin\appdata\local\temp\42bdc31b7f09c6fb3556c6cec8fcd476fbb49024666ee180aa4b7aeabac4ca1c_3202n.exe
\??\c:\users\admin\appdata\local\temp\42bdc31b7f09c6fb3556c6cec8fcd476fbb49024666ee180aa4b7aeabac4ca1c_3202o.exe
c:\users\admin\appdata\local\temp\42bdc31b7f09c6fb3556c6cec8fcd476fbb49024666ee180aa4b7aeabac4ca1c_3202o.exe
\??\c:\users\admin\appdata\local\temp\42bdc31b7f09c6fb3556c6cec8fcd476fbb49024666ee180aa4b7aeabac4ca1c_3202p.exe
c:\users\admin\appdata\local\temp\42bdc31b7f09c6fb3556c6cec8fcd476fbb49024666ee180aa4b7aeabac4ca1c_3202p.exe
\??\c:\users\admin\appdata\local\temp\42bdc31b7f09c6fb3556c6cec8fcd476fbb49024666ee180aa4b7aeabac4ca1c_3202q.exe
c:\users\admin\appdata\local\temp\42bdc31b7f09c6fb3556c6cec8fcd476fbb49024666ee180aa4b7aeabac4ca1c_3202q.exe
\??\c:\users\admin\appdata\local\temp\42bdc31b7f09c6fb3556c6cec8fcd476fbb49024666ee180aa4b7aeabac4ca1c_3202r.exe
c:\users\admin\appdata\local\temp\42bdc31b7f09c6fb3556c6cec8fcd476fbb49024666ee180aa4b7aeabac4ca1c_3202r.exe
\??\c:\users\admin\appdata\local\temp\42bdc31b7f09c6fb3556c6cec8fcd476fbb49024666ee180aa4b7aeabac4ca1c_3202s.exe
c:\users\admin\appdata\local\temp\42bdc31b7f09c6fb3556c6cec8fcd476fbb49024666ee180aa4b7aeabac4ca1c_3202s.exe
\??\c:\users\admin\appdata\local\temp\42bdc31b7f09c6fb3556c6cec8fcd476fbb49024666ee180aa4b7aeabac4ca1c_3202t.exe
c:\users\admin\appdata\local\temp\42bdc31b7f09c6fb3556c6cec8fcd476fbb49024666ee180aa4b7aeabac4ca1c_3202t.exe
\??\c:\users\admin\appdata\local\temp\42bdc31b7f09c6fb3556c6cec8fcd476fbb49024666ee180aa4b7aeabac4ca1c_3202u.exe
c:\users\admin\appdata\local\temp\42bdc31b7f09c6fb3556c6cec8fcd476fbb49024666ee180aa4b7aeabac4ca1c_3202u.exe
\??\c:\users\admin\appdata\local\temp\42bdc31b7f09c6fb3556c6cec8fcd476fbb49024666ee180aa4b7aeabac4ca1c_3202v.exe
c:\users\admin\appdata\local\temp\42bdc31b7f09c6fb3556c6cec8fcd476fbb49024666ee180aa4b7aeabac4ca1c_3202v.exe
\??\c:\users\admin\appdata\local\temp\42bdc31b7f09c6fb3556c6cec8fcd476fbb49024666ee180aa4b7aeabac4ca1c_3202w.exe
c:\users\admin\appdata\local\temp\42bdc31b7f09c6fb3556c6cec8fcd476fbb49024666ee180aa4b7aeabac4ca1c_3202w.exe
\??\c:\users\admin\appdata\local\temp\42bdc31b7f09c6fb3556c6cec8fcd476fbb49024666ee180aa4b7aeabac4ca1c_3202x.exe
c:\users\admin\appdata\local\temp\42bdc31b7f09c6fb3556c6cec8fcd476fbb49024666ee180aa4b7aeabac4ca1c_3202x.exe
\??\c:\users\admin\appdata\local\temp\42bdc31b7f09c6fb3556c6cec8fcd476fbb49024666ee180aa4b7aeabac4ca1c_3202y.exe
c:\users\admin\appdata\local\temp\42bdc31b7f09c6fb3556c6cec8fcd476fbb49024666ee180aa4b7aeabac4ca1c_3202y.exe
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
Files
memory/2172-0-0x0000000000400000-0x000000000043B000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\42bdc31b7f09c6fb3556c6cec8fcd476fbb49024666ee180aa4b7aeabac4ca1c_3202.exe
| MD5 | 48407d59b283b105a5dcd0e62543dea6 |
| SHA1 | 8cc75b6db991817eca6310dd43493cbb734f0642 |
| SHA256 | 0cbf1c14e048df8f23fc02aaae1831cfa8db54e5f9660ed37bd58c8f7bb1dc44 |
| SHA512 | e934e9c9dd0baca9f7d861f7859e0b65809f46b043f5545dbd6a9a5fde5854e42a3efb8d674591f714d2c25d3c7c5d4b8b949a5826b068826cac00b4c52d0106 |
memory/2520-19-0x0000000000400000-0x000000000043B000-memory.dmp
memory/2948-18-0x0000000000400000-0x000000000043B000-memory.dmp
memory/2172-14-0x0000000000400000-0x000000000043B000-memory.dmp
memory/2520-27-0x0000000000400000-0x000000000043B000-memory.dmp
memory/4028-34-0x0000000000400000-0x000000000043B000-memory.dmp
memory/4028-38-0x0000000000400000-0x000000000043B000-memory.dmp
memory/1528-52-0x0000000000400000-0x000000000043B000-memory.dmp
memory/1240-53-0x0000000000400000-0x000000000043B000-memory.dmp
memory/1528-57-0x0000000000400000-0x000000000043B000-memory.dmp
memory/3724-58-0x0000000000400000-0x000000000043B000-memory.dmp
memory/3724-65-0x0000000000400000-0x000000000043B000-memory.dmp
memory/3740-73-0x0000000000400000-0x000000000043B000-memory.dmp
memory/3740-76-0x0000000000400000-0x000000000043B000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\42bdc31b7f09c6fb3556c6cec8fcd476fbb49024666ee180aa4b7aeabac4ca1c_3202h.exe
| MD5 | dceb14661310d5af2c423f722a7477b1 |
| SHA1 | 92a57631daeacd3769df4e1f834c5feab90bf830 |
| SHA256 | 3a05388d9bfa39f3df57172d6b4ad6d7f5e9cfabc82125616b0aaea2448ddb21 |
| SHA512 | c47d65e372be88a830fe5da0120d21726bc719442fa633970eb6766f1e5593c45f55292b9804fa4b318f0ad4874e0a70e5ff1c6f99e93af00eaa9d7b3aa3d340 |
memory/1272-85-0x0000000000400000-0x000000000043B000-memory.dmp
memory/4032-97-0x0000000000400000-0x000000000043B000-memory.dmp
memory/684-98-0x0000000000400000-0x000000000043B000-memory.dmp
memory/4032-103-0x0000000000400000-0x000000000043B000-memory.dmp
memory/4392-111-0x0000000000400000-0x000000000043B000-memory.dmp
memory/4392-113-0x0000000000400000-0x000000000043B000-memory.dmp
memory/2120-130-0x0000000000400000-0x000000000043B000-memory.dmp
memory/4576-122-0x0000000000400000-0x000000000043B000-memory.dmp
memory/2120-133-0x0000000000400000-0x000000000043B000-memory.dmp
memory/3756-141-0x0000000000400000-0x000000000043B000-memory.dmp
memory/3140-144-0x0000000000400000-0x000000000043B000-memory.dmp
memory/3140-152-0x0000000000400000-0x000000000043B000-memory.dmp
memory/3468-160-0x0000000000400000-0x000000000043B000-memory.dmp
memory/3204-168-0x0000000000400000-0x000000000043B000-memory.dmp
memory/3204-172-0x0000000000400000-0x000000000043B000-memory.dmp
\??\c:\users\admin\appdata\local\temp\42bdc31b7f09c6fb3556c6cec8fcd476fbb49024666ee180aa4b7aeabac4ca1c_3202r.exe
| MD5 | 8be8e202a8998d8f4e6c4dc6034e231d |
| SHA1 | 57ab40bc927e4613dfa49d76d6ea4ca986981b65 |
| SHA256 | e27ec7c3a809ec4b43378d2b7f62576840531b33cd70404efe70d6ce1b97cedf |
| SHA512 | c8a99ee8a51c68ee8a47246bba88510b7b40d73fc28b3ce241d70496cf89494d3318046b292fc49520264da19250d853ce6f64ad16481a17afd51f27482d4f58 |
memory/3232-187-0x0000000000400000-0x000000000043B000-memory.dmp
memory/868-179-0x0000000000400000-0x000000000043B000-memory.dmp
memory/3232-190-0x0000000000400000-0x000000000043B000-memory.dmp
memory/2424-192-0x0000000000400000-0x000000000043B000-memory.dmp
memory/2424-199-0x0000000000400000-0x000000000043B000-memory.dmp
memory/1688-210-0x0000000000400000-0x000000000043B000-memory.dmp
memory/2372-218-0x0000000000400000-0x000000000043B000-memory.dmp
memory/3520-220-0x0000000000400000-0x000000000043B000-memory.dmp
memory/3520-227-0x0000000000400000-0x000000000043B000-memory.dmp
memory/4864-235-0x0000000000400000-0x000000000043B000-memory.dmp
memory/4864-238-0x0000000000400000-0x000000000043B000-memory.dmp
memory/3272-247-0x0000000000400000-0x000000000043B000-memory.dmp
memory/4624-249-0x0000000000400000-0x000000000043B000-memory.dmp