Malware Analysis Report

2025-01-18 16:40

Sample ID 241208-gd2l9szmer
Target d583a09455a589af608dd14605680028_JaffaCakes118
SHA256 5067be80b05a552ddd9ca03d22b822855ffa56a7a28f0ba32d0ced57e9e12810
Tags
isrstealer bootkit discovery persistence spyware stealer trojan
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral4

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

5067be80b05a552ddd9ca03d22b822855ffa56a7a28f0ba32d0ced57e9e12810

Threat Level: Known bad

The file d583a09455a589af608dd14605680028_JaffaCakes118 was found to be: Known bad.

Malicious Activity Summary

isrstealer bootkit discovery persistence spyware stealer trojan

ISR Stealer payload

Isrstealer family

ISR Stealer

Reads data files stored by FTP clients

Executes dropped EXE

Reads user/profile data of web browsers

Checks computer location settings

Loads dropped DLL

Writes to the Master Boot Record (MBR)

Suspicious use of SetThreadContext

Enumerates physical storage devices

System Location Discovery: System Language Discovery

Unsigned PE

Program crash

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

Suspicious behavior: EnumeratesProcesses

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-12-08 05:42

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-12-08 05:42

Reported

2024-12-08 05:44

Platform

win7-20240708-en

Max time kernel

30s

Max time network

150s

Command Line

"C:\Users\Admin\AppData\Local\Temp\WinJect.exe"

Signatures

ISR Stealer

trojan stealer isrstealer

ISR Stealer payload

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Isrstealer family

isrstealer

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\WinJect.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\WinJect.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Winject.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Winject.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Winject.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Winject.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Winject.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Winject.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Winject.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Winject.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Winject.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Winject.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Winject.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Winject.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Winject.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Winject.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Winject.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Winject.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Winject.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Winject.exe N/A

Reads data files stored by FTP clients

spyware stealer

Reads user/profile data of web browsers

spyware stealer

Writes to the Master Boot Record (MBR)

bootkit persistence
Description Indicator Process Target
File opened for modification \??\PhysicalDrive0 C:\Users\Admin\AppData\Local\Temp\Winject.exe N/A
File opened for modification \??\PhysicalDrive0 C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe N/A
File opened for modification \??\PhysicalDrive0 C:\Users\Admin\AppData\Local\Temp\Winject.exe N/A
File opened for modification \??\PhysicalDrive0 C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe N/A
File opened for modification \??\PhysicalDrive0 C:\Users\Admin\AppData\Local\Temp\Winject.exe N/A
File opened for modification \??\PhysicalDrive0 C:\Users\Admin\AppData\Local\Temp\Winject.exe N/A
File opened for modification \??\PhysicalDrive0 C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe N/A
File opened for modification \??\PhysicalDrive0 C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe N/A
File opened for modification \??\PhysicalDrive0 C:\Users\Admin\AppData\Local\Temp\WinJect.exe N/A
File opened for modification \??\PhysicalDrive0 C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe N/A
File opened for modification \??\PhysicalDrive0 C:\Users\Admin\AppData\Local\Temp\Winject.exe N/A
File opened for modification \??\PhysicalDrive0 C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe N/A
File opened for modification \??\PhysicalDrive0 C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe N/A
File opened for modification \??\PhysicalDrive0 C:\Users\Admin\AppData\Local\Temp\Winject.exe N/A
File opened for modification \??\PhysicalDrive0 C:\Users\Admin\AppData\Local\Temp\Winject.exe N/A
File opened for modification \??\PhysicalDrive0 C:\Users\Admin\AppData\Local\Temp\Winject.exe N/A
File opened for modification \??\PhysicalDrive0 C:\Users\Admin\AppData\Local\Temp\Winject.exe N/A
File opened for modification \??\PhysicalDrive0 C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe N/A
File opened for modification \??\PhysicalDrive0 C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe N/A

Suspicious use of SetThreadContext

Description Indicator Process Target
PID 2064 set thread context of 924 N/A C:\Users\Admin\AppData\Local\Temp\WinJect.exe C:\Users\Admin\AppData\Local\Temp\WinJect.exe
PID 2416 set thread context of 2848 N/A C:\Users\Admin\AppData\Local\Temp\Winject.exe C:\Users\Admin\AppData\Local\Temp\Winject.exe
PID 2356 set thread context of 3020 N/A C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe
PID 3020 set thread context of 2612 N/A C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe
PID 2620 set thread context of 1512 N/A C:\Users\Admin\AppData\Local\Temp\Winject.exe C:\Users\Admin\AppData\Local\Temp\Winject.exe
PID 2980 set thread context of 1968 N/A C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe
PID 1968 set thread context of 1540 N/A C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe
PID 1116 set thread context of 2336 N/A C:\Users\Admin\AppData\Local\Temp\Winject.exe C:\Users\Admin\AppData\Local\Temp\Winject.exe
PID 1952 set thread context of 556 N/A C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe
PID 556 set thread context of 2712 N/A C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe
PID 3000 set thread context of 1228 N/A C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe
PID 1228 set thread context of 2480 N/A C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe
PID 2992 set thread context of 2124 N/A C:\Users\Admin\AppData\Local\Temp\Winject.exe C:\Users\Admin\AppData\Local\Temp\Winject.exe
PID 2476 set thread context of 2176 N/A C:\Users\Admin\AppData\Local\Temp\Winject.exe C:\Users\Admin\AppData\Local\Temp\Winject.exe
PID 1776 set thread context of 3008 N/A C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe
PID 3008 set thread context of 2332 N/A C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe
PID 1932 set thread context of 2780 N/A C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe
PID 2780 set thread context of 896 N/A C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe
PID 2796 set thread context of 1528 N/A C:\Users\Admin\AppData\Local\Temp\Winject.exe C:\Users\Admin\AppData\Local\Temp\Winject.exe
PID 2904 set thread context of 2196 N/A C:\Users\Admin\AppData\Local\Temp\Winject.exe C:\Users\Admin\AppData\Local\Temp\Winject.exe
PID 2916 set thread context of 2988 N/A C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe
PID 2988 set thread context of 604 N/A C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe
PID 1780 set thread context of 1688 N/A C:\Users\Admin\AppData\Local\Temp\Winject.exe C:\Users\Admin\AppData\Local\Temp\Winject.exe
PID 1640 set thread context of 2268 N/A C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe
PID 2268 set thread context of 2424 N/A C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe
PID 2244 set thread context of 1552 N/A C:\Users\Admin\AppData\Local\Temp\Winject.exe C:\Users\Admin\AppData\Local\Temp\Winject.exe
PID 2416 set thread context of 2752 N/A C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe
PID 2752 set thread context of 1668 N/A C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe

Enumerates physical storage devices

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\Winject.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\Winject.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\WinJect.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\Winject.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\Winject.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\Winject.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\Winject.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\Winject.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\Winject.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\Winject.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\Winject.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\Winject.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\Winject.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\WinJect.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\Winject.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\Winject.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\Winject.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\Winject.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\Winject.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\Winject.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\Winject.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\WinJect.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\WinJect.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Winject.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Winject.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Winject.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Winject.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Winject.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Winject.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Winject.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Winject.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Winject.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Winject.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Winject.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Winject.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Winject.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Winject.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Winject.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Winject.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Winject.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Winject.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Winject.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2064 wrote to memory of 924 N/A C:\Users\Admin\AppData\Local\Temp\WinJect.exe C:\Users\Admin\AppData\Local\Temp\WinJect.exe
PID 2064 wrote to memory of 924 N/A C:\Users\Admin\AppData\Local\Temp\WinJect.exe C:\Users\Admin\AppData\Local\Temp\WinJect.exe
PID 2064 wrote to memory of 924 N/A C:\Users\Admin\AppData\Local\Temp\WinJect.exe C:\Users\Admin\AppData\Local\Temp\WinJect.exe
PID 2064 wrote to memory of 924 N/A C:\Users\Admin\AppData\Local\Temp\WinJect.exe C:\Users\Admin\AppData\Local\Temp\WinJect.exe
PID 2064 wrote to memory of 924 N/A C:\Users\Admin\AppData\Local\Temp\WinJect.exe C:\Users\Admin\AppData\Local\Temp\WinJect.exe
PID 2064 wrote to memory of 924 N/A C:\Users\Admin\AppData\Local\Temp\WinJect.exe C:\Users\Admin\AppData\Local\Temp\WinJect.exe
PID 2064 wrote to memory of 924 N/A C:\Users\Admin\AppData\Local\Temp\WinJect.exe C:\Users\Admin\AppData\Local\Temp\WinJect.exe
PID 2064 wrote to memory of 924 N/A C:\Users\Admin\AppData\Local\Temp\WinJect.exe C:\Users\Admin\AppData\Local\Temp\WinJect.exe
PID 2064 wrote to memory of 924 N/A C:\Users\Admin\AppData\Local\Temp\WinJect.exe C:\Users\Admin\AppData\Local\Temp\WinJect.exe
PID 924 wrote to memory of 2416 N/A C:\Users\Admin\AppData\Local\Temp\WinJect.exe C:\Users\Admin\AppData\Local\Temp\Winject.exe
PID 924 wrote to memory of 2416 N/A C:\Users\Admin\AppData\Local\Temp\WinJect.exe C:\Users\Admin\AppData\Local\Temp\Winject.exe
PID 924 wrote to memory of 2416 N/A C:\Users\Admin\AppData\Local\Temp\WinJect.exe C:\Users\Admin\AppData\Local\Temp\Winject.exe
PID 924 wrote to memory of 2416 N/A C:\Users\Admin\AppData\Local\Temp\WinJect.exe C:\Users\Admin\AppData\Local\Temp\Winject.exe
PID 924 wrote to memory of 2356 N/A C:\Users\Admin\AppData\Local\Temp\WinJect.exe C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe
PID 924 wrote to memory of 2356 N/A C:\Users\Admin\AppData\Local\Temp\WinJect.exe C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe
PID 924 wrote to memory of 2356 N/A C:\Users\Admin\AppData\Local\Temp\WinJect.exe C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe
PID 924 wrote to memory of 2356 N/A C:\Users\Admin\AppData\Local\Temp\WinJect.exe C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe
PID 2416 wrote to memory of 2848 N/A C:\Users\Admin\AppData\Local\Temp\Winject.exe C:\Users\Admin\AppData\Local\Temp\Winject.exe
PID 2416 wrote to memory of 2848 N/A C:\Users\Admin\AppData\Local\Temp\Winject.exe C:\Users\Admin\AppData\Local\Temp\Winject.exe
PID 2416 wrote to memory of 2848 N/A C:\Users\Admin\AppData\Local\Temp\Winject.exe C:\Users\Admin\AppData\Local\Temp\Winject.exe
PID 2416 wrote to memory of 2848 N/A C:\Users\Admin\AppData\Local\Temp\Winject.exe C:\Users\Admin\AppData\Local\Temp\Winject.exe
PID 2416 wrote to memory of 2848 N/A C:\Users\Admin\AppData\Local\Temp\Winject.exe C:\Users\Admin\AppData\Local\Temp\Winject.exe
PID 2416 wrote to memory of 2848 N/A C:\Users\Admin\AppData\Local\Temp\Winject.exe C:\Users\Admin\AppData\Local\Temp\Winject.exe
PID 2416 wrote to memory of 2848 N/A C:\Users\Admin\AppData\Local\Temp\Winject.exe C:\Users\Admin\AppData\Local\Temp\Winject.exe
PID 2416 wrote to memory of 2848 N/A C:\Users\Admin\AppData\Local\Temp\Winject.exe C:\Users\Admin\AppData\Local\Temp\Winject.exe
PID 2416 wrote to memory of 2848 N/A C:\Users\Admin\AppData\Local\Temp\Winject.exe C:\Users\Admin\AppData\Local\Temp\Winject.exe
PID 2848 wrote to memory of 2620 N/A C:\Users\Admin\AppData\Local\Temp\Winject.exe C:\Users\Admin\AppData\Local\Temp\Winject.exe
PID 2848 wrote to memory of 2620 N/A C:\Users\Admin\AppData\Local\Temp\Winject.exe C:\Users\Admin\AppData\Local\Temp\Winject.exe
PID 2848 wrote to memory of 2620 N/A C:\Users\Admin\AppData\Local\Temp\Winject.exe C:\Users\Admin\AppData\Local\Temp\Winject.exe
PID 2848 wrote to memory of 2620 N/A C:\Users\Admin\AppData\Local\Temp\Winject.exe C:\Users\Admin\AppData\Local\Temp\Winject.exe
PID 2356 wrote to memory of 3020 N/A C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe
PID 2356 wrote to memory of 3020 N/A C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe
PID 2356 wrote to memory of 3020 N/A C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe
PID 2356 wrote to memory of 3020 N/A C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe
PID 2356 wrote to memory of 3020 N/A C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe
PID 2356 wrote to memory of 3020 N/A C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe
PID 2356 wrote to memory of 3020 N/A C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe
PID 2356 wrote to memory of 3020 N/A C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe
PID 2848 wrote to memory of 2980 N/A C:\Users\Admin\AppData\Local\Temp\Winject.exe C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe
PID 2848 wrote to memory of 2980 N/A C:\Users\Admin\AppData\Local\Temp\Winject.exe C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe
PID 2848 wrote to memory of 2980 N/A C:\Users\Admin\AppData\Local\Temp\Winject.exe C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe
PID 2848 wrote to memory of 2980 N/A C:\Users\Admin\AppData\Local\Temp\Winject.exe C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe
PID 2356 wrote to memory of 3020 N/A C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe
PID 3020 wrote to memory of 2612 N/A C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe
PID 3020 wrote to memory of 2612 N/A C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe
PID 3020 wrote to memory of 2612 N/A C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe
PID 3020 wrote to memory of 2612 N/A C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe
PID 3020 wrote to memory of 2612 N/A C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe
PID 3020 wrote to memory of 2612 N/A C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe
PID 3020 wrote to memory of 2612 N/A C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe
PID 3020 wrote to memory of 2612 N/A C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe
PID 2620 wrote to memory of 1512 N/A C:\Users\Admin\AppData\Local\Temp\Winject.exe C:\Users\Admin\AppData\Local\Temp\Winject.exe
PID 2620 wrote to memory of 1512 N/A C:\Users\Admin\AppData\Local\Temp\Winject.exe C:\Users\Admin\AppData\Local\Temp\Winject.exe
PID 2620 wrote to memory of 1512 N/A C:\Users\Admin\AppData\Local\Temp\Winject.exe C:\Users\Admin\AppData\Local\Temp\Winject.exe
PID 2620 wrote to memory of 1512 N/A C:\Users\Admin\AppData\Local\Temp\Winject.exe C:\Users\Admin\AppData\Local\Temp\Winject.exe
PID 2620 wrote to memory of 1512 N/A C:\Users\Admin\AppData\Local\Temp\Winject.exe C:\Users\Admin\AppData\Local\Temp\Winject.exe
PID 2620 wrote to memory of 1512 N/A C:\Users\Admin\AppData\Local\Temp\Winject.exe C:\Users\Admin\AppData\Local\Temp\Winject.exe
PID 2620 wrote to memory of 1512 N/A C:\Users\Admin\AppData\Local\Temp\Winject.exe C:\Users\Admin\AppData\Local\Temp\Winject.exe
PID 2620 wrote to memory of 1512 N/A C:\Users\Admin\AppData\Local\Temp\Winject.exe C:\Users\Admin\AppData\Local\Temp\Winject.exe
PID 2620 wrote to memory of 1512 N/A C:\Users\Admin\AppData\Local\Temp\Winject.exe C:\Users\Admin\AppData\Local\Temp\Winject.exe
PID 2980 wrote to memory of 1968 N/A C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe
PID 2980 wrote to memory of 1968 N/A C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe
PID 2980 wrote to memory of 1968 N/A C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe
PID 2980 wrote to memory of 1968 N/A C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe

Processes

C:\Users\Admin\AppData\Local\Temp\WinJect.exe

"C:\Users\Admin\AppData\Local\Temp\WinJect.exe"

C:\Users\Admin\AppData\Local\Temp\WinJect.exe

"C:\Users\Admin\AppData\Local\Temp\WinJect.exe"

C:\Users\Admin\AppData\Local\Temp\Winject.exe

"C:\Users\Admin\AppData\Local\Temp\Winject.exe"

C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe

"C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe"

C:\Users\Admin\AppData\Local\Temp\Winject.exe

"C:\Users\Admin\AppData\Local\Temp\Winject.exe"

C:\Users\Admin\AppData\Local\Temp\Winject.exe

"C:\Users\Admin\AppData\Local\Temp\Winject.exe"

C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe

"C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe"

C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe

"C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe"

C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe

"C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe"

C:\Users\Admin\AppData\Local\Temp\Winject.exe

"C:\Users\Admin\AppData\Local\Temp\Winject.exe"

C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe

"C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe"

C:\Users\Admin\AppData\Local\Temp\Winject.exe

"C:\Users\Admin\AppData\Local\Temp\Winject.exe"

C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe

"C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe"

C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe

"C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe"

C:\Users\Admin\AppData\Local\Temp\Winject.exe

"C:\Users\Admin\AppData\Local\Temp\Winject.exe"

C:\Users\Admin\AppData\Local\Temp\Winject.exe

"C:\Users\Admin\AppData\Local\Temp\Winject.exe"

C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe

"C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe"

C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe

"C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe"

C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe

"C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe"

C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe

"C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe"

C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe

"C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe"

C:\Users\Admin\AppData\Local\Temp\Winject.exe

"C:\Users\Admin\AppData\Local\Temp\Winject.exe"

C:\Users\Admin\AppData\Local\Temp\Winject.exe

"C:\Users\Admin\AppData\Local\Temp\Winject.exe"

C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe

"C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe"

C:\Users\Admin\AppData\Local\Temp\Winject.exe

"C:\Users\Admin\AppData\Local\Temp\Winject.exe"

C:\Users\Admin\AppData\Local\Temp\Winject.exe

"C:\Users\Admin\AppData\Local\Temp\Winject.exe"

C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe

"C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe"

C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe

"C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe"

C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe

"C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe"

C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe

"C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe"

C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe

"C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe"

C:\Users\Admin\AppData\Local\Temp\Winject.exe

"C:\Users\Admin\AppData\Local\Temp\Winject.exe"

C:\Users\Admin\AppData\Local\Temp\Winject.exe

"C:\Users\Admin\AppData\Local\Temp\Winject.exe"

C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe

"C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe"

C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe

"C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe"

C:\Users\Admin\AppData\Local\Temp\Winject.exe

"C:\Users\Admin\AppData\Local\Temp\Winject.exe"

C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe

"C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe"

C:\Users\Admin\AppData\Local\Temp\Winject.exe

"C:\Users\Admin\AppData\Local\Temp\Winject.exe"

C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe

"C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe"

C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe

"C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe"

C:\Users\Admin\AppData\Local\Temp\Winject.exe

"C:\Users\Admin\AppData\Local\Temp\Winject.exe"

C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe

"C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe"

C:\Users\Admin\AppData\Local\Temp\Winject.exe

"C:\Users\Admin\AppData\Local\Temp\Winject.exe"

C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe

"C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe"

C:\Users\Admin\AppData\Local\Temp\Winject.exe

"C:\Users\Admin\AppData\Local\Temp\Winject.exe"

C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe

"C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe"

C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe

"C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe"

C:\Users\Admin\AppData\Local\Temp\Winject.exe

"C:\Users\Admin\AppData\Local\Temp\Winject.exe"

C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe

"C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe"

C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe

"C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe"

C:\Users\Admin\AppData\Local\Temp\Winject.exe

"C:\Users\Admin\AppData\Local\Temp\Winject.exe"

C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe

"C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe"

C:\Users\Admin\AppData\Local\Temp\Winject.exe

"C:\Users\Admin\AppData\Local\Temp\Winject.exe"

C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe

"C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe"

C:\Users\Admin\AppData\Local\Temp\Winject.exe

"C:\Users\Admin\AppData\Local\Temp\Winject.exe"

C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe

"C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe"

C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe

"C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe"

C:\Users\Admin\AppData\Local\Temp\Winject.exe

"C:\Users\Admin\AppData\Local\Temp\Winject.exe"

C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe

"C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe"

C:\Users\Admin\AppData\Local\Temp\Winject.exe

"C:\Users\Admin\AppData\Local\Temp\Winject.exe"

C:\Users\Admin\AppData\Local\Temp\Winject.exe

"C:\Users\Admin\AppData\Local\Temp\Winject.exe"

C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe

"C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe"

C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe

"C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe"

C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe

"C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe"

C:\Users\Admin\AppData\Local\Temp\Winject.exe

"C:\Users\Admin\AppData\Local\Temp\Winject.exe"

C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe

"C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe"

C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe

"C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe"

C:\Users\Admin\AppData\Local\Temp\Winject.exe

"C:\Users\Admin\AppData\Local\Temp\Winject.exe"

C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe

"C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe"

C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe

"C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe"

C:\Users\Admin\AppData\Local\Temp\Winject.exe

"C:\Users\Admin\AppData\Local\Temp\Winject.exe"

C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe

"C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe"

C:\Users\Admin\AppData\Local\Temp\Winject.exe

"C:\Users\Admin\AppData\Local\Temp\Winject.exe"

C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe

"C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe"

C:\Users\Admin\AppData\Local\Temp\Winject.exe

"C:\Users\Admin\AppData\Local\Temp\Winject.exe"

C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe

"C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe"

C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe

"C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe"

C:\Users\Admin\AppData\Local\Temp\Winject.exe

"C:\Users\Admin\AppData\Local\Temp\Winject.exe"

C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe

"C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe"

C:\Users\Admin\AppData\Local\Temp\Winject.exe

"C:\Users\Admin\AppData\Local\Temp\Winject.exe"

C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe

"C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe"

C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe

"C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe"

C:\Users\Admin\AppData\Local\Temp\Winject.exe

"C:\Users\Admin\AppData\Local\Temp\Winject.exe"

C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe

"C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe"

C:\Users\Admin\AppData\Local\Temp\Winject.exe

"C:\Users\Admin\AppData\Local\Temp\Winject.exe"

C:\Users\Admin\AppData\Local\Temp\Winject.exe

"C:\Users\Admin\AppData\Local\Temp\Winject.exe"

C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe

"C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe"

C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe

"C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe"

C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe

"C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe"

C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe

"C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe"

C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe

"C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe"

C:\Users\Admin\AppData\Local\Temp\Winject.exe

"C:\Users\Admin\AppData\Local\Temp\Winject.exe"

C:\Users\Admin\AppData\Local\Temp\Winject.exe

"C:\Users\Admin\AppData\Local\Temp\Winject.exe"

C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe

"C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe"

C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe

"C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe"

C:\Users\Admin\AppData\Local\Temp\Winject.exe

"C:\Users\Admin\AppData\Local\Temp\Winject.exe"

C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe

"C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe"

C:\Users\Admin\AppData\Local\Temp\Winject.exe

"C:\Users\Admin\AppData\Local\Temp\Winject.exe"

C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe

"C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe"

C:\Users\Admin\AppData\Local\Temp\Winject.exe

"C:\Users\Admin\AppData\Local\Temp\Winject.exe"

C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe

"C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe"

C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe

"C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe"

C:\Users\Admin\AppData\Local\Temp\Winject.exe

"C:\Users\Admin\AppData\Local\Temp\Winject.exe"

C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe

"C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe"

C:\Users\Admin\AppData\Local\Temp\Winject.exe

"C:\Users\Admin\AppData\Local\Temp\Winject.exe"

C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe

"C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe"

C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe

"C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe"

C:\Users\Admin\AppData\Local\Temp\Winject.exe

"C:\Users\Admin\AppData\Local\Temp\Winject.exe"

C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe

"C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe"

C:\Users\Admin\AppData\Local\Temp\Winject.exe

"C:\Users\Admin\AppData\Local\Temp\Winject.exe"

C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe

"C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe"

C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe

"C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe"

C:\Users\Admin\AppData\Local\Temp\Winject.exe

"C:\Users\Admin\AppData\Local\Temp\Winject.exe"

C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe

"C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe"

C:\Users\Admin\AppData\Local\Temp\Winject.exe

"C:\Users\Admin\AppData\Local\Temp\Winject.exe"

C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe

"C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe"

C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe

"C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe"

C:\Users\Admin\AppData\Local\Temp\Winject.exe

"C:\Users\Admin\AppData\Local\Temp\Winject.exe"

C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe

"C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe"

C:\Users\Admin\AppData\Local\Temp\Winject.exe

"C:\Users\Admin\AppData\Local\Temp\Winject.exe"

C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe

"C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe"

C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe

"C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe"

C:\Users\Admin\AppData\Local\Temp\Winject.exe

"C:\Users\Admin\AppData\Local\Temp\Winject.exe"

C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe

"C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe"

C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe

"C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe"

C:\Users\Admin\AppData\Local\Temp\Winject.exe

"C:\Users\Admin\AppData\Local\Temp\Winject.exe"

C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe

"C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe"

C:\Users\Admin\AppData\Local\Temp\Winject.exe

"C:\Users\Admin\AppData\Local\Temp\Winject.exe"

C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe

"C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe"

C:\Users\Admin\AppData\Local\Temp\Winject.exe

"C:\Users\Admin\AppData\Local\Temp\Winject.exe"

C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe

"C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe"

C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe

"C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe"

C:\Users\Admin\AppData\Local\Temp\Winject.exe

"C:\Users\Admin\AppData\Local\Temp\Winject.exe"

C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe

"C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe"

C:\Users\Admin\AppData\Local\Temp\Winject.exe

"C:\Users\Admin\AppData\Local\Temp\Winject.exe"

C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe

"C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe"

C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe

"C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe"

C:\Users\Admin\AppData\Local\Temp\Winject.exe

"C:\Users\Admin\AppData\Local\Temp\Winject.exe"

C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe

"C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe"

C:\Users\Admin\AppData\Local\Temp\Winject.exe

"C:\Users\Admin\AppData\Local\Temp\Winject.exe"

C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe

"C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe"

C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe

"C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe"

C:\Users\Admin\AppData\Local\Temp\Winject.exe

"C:\Users\Admin\AppData\Local\Temp\Winject.exe"

C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe

"C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe"

C:\Users\Admin\AppData\Local\Temp\Winject.exe

"C:\Users\Admin\AppData\Local\Temp\Winject.exe"

C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe

"C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe"

C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe

"C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe"

C:\Users\Admin\AppData\Local\Temp\Winject.exe

"C:\Users\Admin\AppData\Local\Temp\Winject.exe"

C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe

"C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe"

C:\Users\Admin\AppData\Local\Temp\Winject.exe

"C:\Users\Admin\AppData\Local\Temp\Winject.exe"

C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe

"C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe"

C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe

"C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe"

C:\Users\Admin\AppData\Local\Temp\Winject.exe

"C:\Users\Admin\AppData\Local\Temp\Winject.exe"

C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe

"C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe"

C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe

"C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe"

C:\Users\Admin\AppData\Local\Temp\Winject.exe

"C:\Users\Admin\AppData\Local\Temp\Winject.exe"

C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe

"C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe"

C:\Users\Admin\AppData\Local\Temp\Winject.exe

"C:\Users\Admin\AppData\Local\Temp\Winject.exe"

C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe

"C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe"

C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe

"C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe"

C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe

"C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe"

C:\Users\Admin\AppData\Local\Temp\Winject.exe

"C:\Users\Admin\AppData\Local\Temp\Winject.exe"

C:\Users\Admin\AppData\Local\Temp\Winject.exe

"C:\Users\Admin\AppData\Local\Temp\Winject.exe"

C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe

"C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe"

C:\Users\Admin\AppData\Local\Temp\Winject.exe

"C:\Users\Admin\AppData\Local\Temp\Winject.exe"

C:\Users\Admin\AppData\Local\Temp\Winject.exe

"C:\Users\Admin\AppData\Local\Temp\Winject.exe"

C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe

"C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe"

C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe

"C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe"

C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe

"C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe"

C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe

"C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe"

C:\Users\Admin\AppData\Local\Temp\Winject.exe

"C:\Users\Admin\AppData\Local\Temp\Winject.exe"

C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe

"C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe"

C:\Users\Admin\AppData\Local\Temp\Winject.exe

"C:\Users\Admin\AppData\Local\Temp\Winject.exe"

C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe

"C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe"

C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe

"C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe"

C:\Users\Admin\AppData\Local\Temp\Winject.exe

"C:\Users\Admin\AppData\Local\Temp\Winject.exe"

C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe

"C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe"

C:\Users\Admin\AppData\Local\Temp\Winject.exe

"C:\Users\Admin\AppData\Local\Temp\Winject.exe"

C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe

"C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe"

C:\Users\Admin\AppData\Local\Temp\Winject.exe

"C:\Users\Admin\AppData\Local\Temp\Winject.exe"

C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe

"C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe"

C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe

"C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe"

C:\Users\Admin\AppData\Local\Temp\Winject.exe

"C:\Users\Admin\AppData\Local\Temp\Winject.exe"

C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe

"C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe"

C:\Users\Admin\AppData\Local\Temp\Winject.exe

"C:\Users\Admin\AppData\Local\Temp\Winject.exe"

C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe

"C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe"

C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe

"C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe"

C:\Users\Admin\AppData\Local\Temp\Winject.exe

"C:\Users\Admin\AppData\Local\Temp\Winject.exe"

C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe

"C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe"

C:\Users\Admin\AppData\Local\Temp\Winject.exe

"C:\Users\Admin\AppData\Local\Temp\Winject.exe"

C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe

"C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe"

C:\Users\Admin\AppData\Local\Temp\Winject.exe

"C:\Users\Admin\AppData\Local\Temp\Winject.exe"

C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe

"C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe"

C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe

"C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe"

C:\Users\Admin\AppData\Local\Temp\Winject.exe

"C:\Users\Admin\AppData\Local\Temp\Winject.exe"

C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe

"C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe"

C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe

"C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe"

C:\Users\Admin\AppData\Local\Temp\Winject.exe

"C:\Users\Admin\AppData\Local\Temp\Winject.exe"

C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe

"C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe"

C:\Users\Admin\AppData\Local\Temp\Winject.exe

"C:\Users\Admin\AppData\Local\Temp\Winject.exe"

C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe

"C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe"

C:\Users\Admin\AppData\Local\Temp\Winject.exe

"C:\Users\Admin\AppData\Local\Temp\Winject.exe"

C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe

"C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe"

C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe

"C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe"

C:\Users\Admin\AppData\Local\Temp\Winject.exe

"C:\Users\Admin\AppData\Local\Temp\Winject.exe"

C:\Users\Admin\AppData\Local\Temp\Winject.exe

"C:\Users\Admin\AppData\Local\Temp\Winject.exe"

C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe

"C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe"

C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe

"C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe"

C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe

"C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe"

C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe

"C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe"

C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe

"C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe"

C:\Users\Admin\AppData\Local\Temp\Winject.exe

"C:\Users\Admin\AppData\Local\Temp\Winject.exe"

C:\Users\Admin\AppData\Local\Temp\Winject.exe

"C:\Users\Admin\AppData\Local\Temp\Winject.exe"

C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe

"C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe"

C:\Users\Admin\AppData\Local\Temp\Winject.exe

"C:\Users\Admin\AppData\Local\Temp\Winject.exe"

C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe

"C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe"

C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe

"C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe"

C:\Users\Admin\AppData\Local\Temp\Winject.exe

"C:\Users\Admin\AppData\Local\Temp\Winject.exe"

C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe

"C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe"

C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe

"C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe"

C:\Users\Admin\AppData\Local\Temp\Winject.exe

"C:\Users\Admin\AppData\Local\Temp\Winject.exe"

C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe

"C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe"

C:\Users\Admin\AppData\Local\Temp\Winject.exe

"C:\Users\Admin\AppData\Local\Temp\Winject.exe"

C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe

"C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe"

C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe

"C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe"

C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe

"C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe"

C:\Users\Admin\AppData\Local\Temp\Winject.exe

"C:\Users\Admin\AppData\Local\Temp\Winject.exe"

C:\Users\Admin\AppData\Local\Temp\Winject.exe

"C:\Users\Admin\AppData\Local\Temp\Winject.exe"

C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe

"C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe"

C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe

"C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe"

C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe

"C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe"

C:\Users\Admin\AppData\Local\Temp\Winject.exe

"C:\Users\Admin\AppData\Local\Temp\Winject.exe"

C:\Users\Admin\AppData\Local\Temp\Winject.exe

"C:\Users\Admin\AppData\Local\Temp\Winject.exe"

C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe

"C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe"

C:\Users\Admin\AppData\Local\Temp\Winject.exe

"C:\Users\Admin\AppData\Local\Temp\Winject.exe"

C:\Users\Admin\AppData\Local\Temp\Winject.exe

"C:\Users\Admin\AppData\Local\Temp\Winject.exe"

C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe

"C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe"

C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe

"C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe"

C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe

"C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe"

C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe

"C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe"

C:\Users\Admin\AppData\Local\Temp\Winject.exe

"C:\Users\Admin\AppData\Local\Temp\Winject.exe"

C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe

"C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe"

C:\Users\Admin\AppData\Local\Temp\Winject.exe

"C:\Users\Admin\AppData\Local\Temp\Winject.exe"

C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe

"C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe"

C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe

"C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe"

C:\Users\Admin\AppData\Local\Temp\Winject.exe

"C:\Users\Admin\AppData\Local\Temp\Winject.exe"

C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe

"C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe"

C:\Users\Admin\AppData\Local\Temp\Winject.exe

"C:\Users\Admin\AppData\Local\Temp\Winject.exe"

C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe

"C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe"

C:\Users\Admin\AppData\Local\Temp\Winject.exe

"C:\Users\Admin\AppData\Local\Temp\Winject.exe"

C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe

"C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe"

C:\Users\Admin\AppData\Local\Temp\Winject.exe

"C:\Users\Admin\AppData\Local\Temp\Winject.exe"

C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe

"C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe"

C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe

"C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 agree.netau.net udp
US 8.8.8.8:53 agree.netau.net udp
US 8.8.8.8:53 agree.netau.net udp
US 8.8.8.8:53 agree.netau.net udp
US 8.8.8.8:53 agree.netau.net udp
US 8.8.8.8:53 agree.netau.net udp
US 8.8.8.8:53 agree.netau.net udp
US 8.8.8.8:53 agree.netau.net udp
US 8.8.8.8:53 agree.netau.net udp
US 8.8.8.8:53 agree.netau.net udp
US 8.8.8.8:53 agree.netau.net udp
US 8.8.8.8:53 agree.netau.net udp
US 8.8.8.8:53 agree.netau.net udp
US 8.8.8.8:53 agree.netau.net udp
US 8.8.8.8:53 agree.netau.net udp
US 8.8.8.8:53 agree.netau.net udp
US 8.8.8.8:53 agree.netau.net udp
US 8.8.8.8:53 agree.netau.net udp
US 8.8.8.8:53 agree.netau.net udp
US 8.8.8.8:53 agree.netau.net udp
US 8.8.8.8:53 agree.netau.net udp
US 8.8.8.8:53 agree.netau.net udp
US 8.8.8.8:53 agree.netau.net udp
US 8.8.8.8:53 agree.netau.net udp
US 8.8.8.8:53 agree.netau.net udp
US 8.8.8.8:53 agree.netau.net udp
US 8.8.8.8:53 agree.netau.net udp
US 8.8.8.8:53 agree.netau.net udp
US 8.8.8.8:53 agree.netau.net udp
US 8.8.8.8:53 agree.netau.net udp
US 8.8.8.8:53 agree.netau.net udp
US 8.8.8.8:53 agree.netau.net udp
US 8.8.8.8:53 agree.netau.net udp
US 8.8.8.8:53 agree.netau.net udp
US 8.8.8.8:53 agree.netau.net udp
US 8.8.8.8:53 agree.netau.net udp
US 8.8.8.8:53 agree.netau.net udp
US 8.8.8.8:53 agree.netau.net udp
US 8.8.8.8:53 agree.netau.net udp
US 8.8.8.8:53 agree.netau.net udp
US 8.8.8.8:53 agree.netau.net udp
US 8.8.8.8:53 agree.netau.net udp
US 8.8.8.8:53 agree.netau.net udp
US 8.8.8.8:53 agree.netau.net udp
US 8.8.8.8:53 agree.netau.net udp
US 8.8.8.8:53 agree.netau.net udp
US 8.8.8.8:53 agree.netau.net udp
US 8.8.8.8:53 agree.netau.net udp
US 8.8.8.8:53 agree.netau.net udp

Files

memory/924-6-0x0000000000400000-0x000000000046B000-memory.dmp

memory/924-14-0x0000000000400000-0x000000000046B000-memory.dmp

memory/924-12-0x0000000000400000-0x000000000046B000-memory.dmp

memory/924-4-0x0000000000400000-0x000000000046B000-memory.dmp

memory/924-3-0x0000000000400000-0x000000000046B000-memory.dmp

memory/924-10-0x000000007EFDE000-0x000000007EFDF000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe

MD5 4bde2fa501b271311668b79e08c3977e
SHA1 60517822d48cf2b560c2d4681c4e5685e29f9632
SHA256 73903815bf438131d3dee70fb8f7f757f1ae57deb7fddd802685fd14d95c33dd
SHA512 4a39144ed55e44228882b1d30e1d4b6ddc76cbc8037089fdd0e058ad79364a66d13d311827bf181907d3e29b84b6443349624e2d505d1c4d64cea2e48cd684c3

memory/924-32-0x0000000000400000-0x000000000046B000-memory.dmp

memory/3020-55-0x0000000000400000-0x000000000041E000-memory.dmp

memory/3020-53-0x0000000000400000-0x000000000041E000-memory.dmp

memory/3020-51-0x0000000000400000-0x000000000041E000-memory.dmp

memory/2848-48-0x0000000000400000-0x000000000046B000-memory.dmp

memory/2612-75-0x0000000000400000-0x0000000000414000-memory.dmp

memory/2612-73-0x0000000000400000-0x0000000000414000-memory.dmp

memory/2612-71-0x0000000000400000-0x0000000000414000-memory.dmp

memory/2612-80-0x0000000000400000-0x0000000000414000-memory.dmp

memory/2848-83-0x0000000000400000-0x000000000046B000-memory.dmp

memory/3020-84-0x0000000000400000-0x000000000041E000-memory.dmp

memory/3020-67-0x0000000000400000-0x000000000041E000-memory.dmp

memory/3020-63-0x0000000000400000-0x000000000041E000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-12-08 05:42

Reported

2024-12-08 05:44

Platform

win10v2004-20241007-en

Max time kernel

72s

Max time network

150s

Command Line

"C:\Users\Admin\AppData\Local\Temp\WinJect.exe"

Signatures

ISR Stealer

trojan stealer isrstealer

ISR Stealer payload

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Isrstealer family

isrstealer

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\WinJect.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\Winject.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\Winject.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\Winject.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\Winject.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\Winject.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\Winject.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\Winject.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\Winject.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\Winject.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\Winject.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\Winject.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\Winject.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\Winject.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\Winject.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\Winject.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\Winject.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\Winject.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\Winject.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\Winject.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\Winject.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\Winject.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\Winject.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe N/A

Reads data files stored by FTP clients

spyware stealer

Reads user/profile data of web browsers

spyware stealer

Writes to the Master Boot Record (MBR)

bootkit persistence
Description Indicator Process Target
File opened for modification \??\PhysicalDrive0 C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe N/A
File opened for modification \??\PhysicalDrive0 C:\Users\Admin\AppData\Local\Temp\Winject.exe N/A
File opened for modification \??\PhysicalDrive0 C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe N/A
File opened for modification \??\PhysicalDrive0 C:\Users\Admin\AppData\Local\Temp\Winject.exe N/A
File opened for modification \??\PhysicalDrive0 C:\Users\Admin\AppData\Local\Temp\Winject.exe N/A
File opened for modification \??\PhysicalDrive0 C:\Users\Admin\AppData\Local\Temp\Winject.exe N/A
File opened for modification \??\PhysicalDrive0 C:\Users\Admin\AppData\Local\Temp\Winject.exe N/A
File opened for modification \??\PhysicalDrive0 C:\Users\Admin\AppData\Local\Temp\Winject.exe N/A
File opened for modification \??\PhysicalDrive0 C:\Users\Admin\AppData\Local\Temp\Winject.exe N/A
File opened for modification \??\PhysicalDrive0 C:\Users\Admin\AppData\Local\Temp\Winject.exe N/A
File opened for modification \??\PhysicalDrive0 C:\Users\Admin\AppData\Local\Temp\Winject.exe N/A
File opened for modification \??\PhysicalDrive0 C:\Users\Admin\AppData\Local\Temp\Winject.exe N/A
File opened for modification \??\PhysicalDrive0 C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe N/A
File opened for modification \??\PhysicalDrive0 C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe N/A
File opened for modification \??\PhysicalDrive0 C:\Users\Admin\AppData\Local\Temp\Winject.exe N/A
File opened for modification \??\PhysicalDrive0 C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe N/A
File opened for modification \??\PhysicalDrive0 C:\Users\Admin\AppData\Local\Temp\Winject.exe N/A
File opened for modification \??\PhysicalDrive0 C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe N/A
File opened for modification \??\PhysicalDrive0 C:\Users\Admin\AppData\Local\Temp\Winject.exe N/A
File opened for modification \??\PhysicalDrive0 C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe N/A
File opened for modification \??\PhysicalDrive0 C:\Users\Admin\AppData\Local\Temp\Winject.exe N/A
File opened for modification \??\PhysicalDrive0 C:\Users\Admin\AppData\Local\Temp\Winject.exe N/A
File opened for modification \??\PhysicalDrive0 C:\Users\Admin\AppData\Local\Temp\WinJect.exe N/A
File opened for modification \??\PhysicalDrive0 C:\Users\Admin\AppData\Local\Temp\Winject.exe N/A
File opened for modification \??\PhysicalDrive0 C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe N/A
File opened for modification \??\PhysicalDrive0 C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe N/A
File opened for modification \??\PhysicalDrive0 C:\Users\Admin\AppData\Local\Temp\Winject.exe N/A
File opened for modification \??\PhysicalDrive0 C:\Users\Admin\AppData\Local\Temp\Winject.exe N/A
File opened for modification \??\PhysicalDrive0 C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe N/A
File opened for modification \??\PhysicalDrive0 C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe N/A
File opened for modification \??\PhysicalDrive0 C:\Users\Admin\AppData\Local\Temp\Winject.exe N/A
File opened for modification \??\PhysicalDrive0 C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe N/A
File opened for modification \??\PhysicalDrive0 C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe N/A
File opened for modification \??\PhysicalDrive0 C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe N/A
File opened for modification \??\PhysicalDrive0 C:\Users\Admin\AppData\Local\Temp\Winject.exe N/A
File opened for modification \??\PhysicalDrive0 C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe N/A
File opened for modification \??\PhysicalDrive0 C:\Users\Admin\AppData\Local\Temp\Winject.exe N/A
File opened for modification \??\PhysicalDrive0 C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe N/A
File opened for modification \??\PhysicalDrive0 C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe N/A
File opened for modification \??\PhysicalDrive0 C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe N/A
File opened for modification \??\PhysicalDrive0 C:\Users\Admin\AppData\Local\Temp\Winject.exe N/A
File opened for modification \??\PhysicalDrive0 C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe N/A
File opened for modification \??\PhysicalDrive0 C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe N/A
File opened for modification \??\PhysicalDrive0 C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe N/A
File opened for modification \??\PhysicalDrive0 C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe N/A

Suspicious use of SetThreadContext

Description Indicator Process Target
PID 1820 set thread context of 4884 N/A C:\Users\Admin\AppData\Local\Temp\WinJect.exe C:\Users\Admin\AppData\Local\Temp\WinJect.exe
PID 2752 set thread context of 1060 N/A C:\Users\Admin\AppData\Local\Temp\Winject.exe C:\Users\Admin\AppData\Local\Temp\Winject.exe
PID 5012 set thread context of 760 N/A C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe
PID 760 set thread context of 4840 N/A C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe
PID 2496 set thread context of 3760 N/A C:\Users\Admin\AppData\Local\Temp\Winject.exe C:\Users\Admin\AppData\Local\Temp\Winject.exe
PID 2344 set thread context of 3800 N/A C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe
PID 3800 set thread context of 5116 N/A C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe
PID 3656 set thread context of 1096 N/A C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe
PID 2052 set thread context of 3684 N/A C:\Users\Admin\AppData\Local\Temp\Winject.exe C:\Users\Admin\AppData\Local\Temp\Winject.exe
PID 1096 set thread context of 3680 N/A C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe
PID 4236 set thread context of 2280 N/A C:\Users\Admin\AppData\Local\Temp\Winject.exe C:\Users\Admin\AppData\Local\Temp\Winject.exe
PID 2076 set thread context of 4620 N/A C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe
PID 4620 set thread context of 3232 N/A C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe
PID 5096 set thread context of 4576 N/A C:\Users\Admin\AppData\Local\Temp\Winject.exe C:\Users\Admin\AppData\Local\Temp\Winject.exe
PID 3696 set thread context of 3880 N/A C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe
PID 3880 set thread context of 2004 N/A C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe
PID 4700 set thread context of 2384 N/A C:\Users\Admin\AppData\Local\Temp\Winject.exe C:\Users\Admin\AppData\Local\Temp\Winject.exe
PID 4084 set thread context of 3404 N/A C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe
PID 3404 set thread context of 4936 N/A C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe
PID 4448 set thread context of 4300 N/A C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe
PID 4484 set thread context of 920 N/A C:\Users\Admin\AppData\Local\Temp\Winject.exe C:\Users\Admin\AppData\Local\Temp\Winject.exe
PID 4300 set thread context of 112 N/A C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe
PID 4848 set thread context of 5064 N/A C:\Users\Admin\AppData\Local\Temp\Winject.exe C:\Users\Admin\AppData\Local\Temp\Winject.exe
PID 1180 set thread context of 1952 N/A C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe
PID 1952 set thread context of 2436 N/A C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe
PID 3812 set thread context of 4760 N/A C:\Users\Admin\AppData\Local\Temp\Winject.exe C:\Users\Admin\AppData\Local\Temp\Winject.exe
PID 1852 set thread context of 3976 N/A C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe
PID 3976 set thread context of 1084 N/A C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe
PID 4320 set thread context of 1720 N/A C:\Users\Admin\AppData\Local\Temp\Winject.exe C:\Users\Admin\AppData\Local\Temp\Winject.exe
PID 3280 set thread context of 4812 N/A C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe
PID 4812 set thread context of 1164 N/A C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe
PID 3528 set thread context of 740 N/A C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe
PID 3576 set thread context of 4344 N/A C:\Users\Admin\AppData\Local\Temp\Winject.exe C:\Users\Admin\AppData\Local\Temp\Winject.exe
PID 740 set thread context of 3956 N/A C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe
PID 5008 set thread context of 320 N/A C:\Users\Admin\AppData\Local\Temp\Winject.exe C:\Users\Admin\AppData\Local\Temp\Winject.exe
PID 880 set thread context of 3568 N/A C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe
PID 3568 set thread context of 2476 N/A C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe
PID 1564 set thread context of 3968 N/A C:\Users\Admin\AppData\Local\Temp\Winject.exe C:\Users\Admin\AppData\Local\Temp\Winject.exe
PID 4264 set thread context of 2492 N/A C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe
PID 2492 set thread context of 2880 N/A C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe
PID 2372 set thread context of 2692 N/A C:\Users\Admin\AppData\Local\Temp\Winject.exe C:\Users\Admin\AppData\Local\Temp\Winject.exe
PID 1448 set thread context of 4716 N/A C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe
PID 4716 set thread context of 4868 N/A C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe
PID 4000 set thread context of 392 N/A C:\Users\Admin\AppData\Local\Temp\Winject.exe C:\Users\Admin\AppData\Local\Temp\Winject.exe
PID 4600 set thread context of 1988 N/A C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe
PID 1988 set thread context of 5052 N/A C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe
PID 4028 set thread context of 1676 N/A C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe
PID 1076 set thread context of 2832 N/A C:\Users\Admin\AppData\Local\Temp\Winject.exe C:\Users\Admin\AppData\Local\Temp\Winject.exe
PID 1676 set thread context of 2604 N/A C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe
PID 2520 set thread context of 2040 N/A C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe
PID 2052 set thread context of 2688 N/A C:\Users\Admin\AppData\Local\Temp\Winject.exe C:\Users\Admin\AppData\Local\Temp\Winject.exe
PID 2040 set thread context of 1328 N/A C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe
PID 1192 set thread context of 364 N/A C:\Users\Admin\AppData\Local\Temp\Winject.exe C:\Users\Admin\AppData\Local\Temp\Winject.exe
PID 2836 set thread context of 1368 N/A C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe
PID 1368 set thread context of 2268 N/A C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe
PID 4504 set thread context of 1376 N/A C:\Users\Admin\AppData\Local\Temp\Winject.exe C:\Users\Admin\AppData\Local\Temp\Winject.exe
PID 4924 set thread context of 4920 N/A C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe
PID 4920 set thread context of 4324 N/A C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe
PID 2936 set thread context of 4072 N/A C:\Users\Admin\AppData\Local\Temp\Winject.exe C:\Users\Admin\AppData\Local\Temp\Winject.exe
PID 216 set thread context of 2892 N/A C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe
PID 2892 set thread context of 4856 N/A C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe
PID 1740 set thread context of 5040 N/A C:\Users\Admin\AppData\Local\Temp\Winject.exe C:\Users\Admin\AppData\Local\Temp\Winject.exe
PID 3388 set thread context of 880 N/A C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe
PID 880 set thread context of 2096 N/A C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe

Enumerates physical storage devices

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\Winject.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\Winject.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\Winject.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\Winject.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\Winject.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\Winject.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\Winject.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\Winject.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\Winject.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\Winject.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\Winject.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\Winject.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\Winject.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\Winject.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\Winject.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\Winject.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\Winject.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\Winject.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\Winject.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\Winject.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\Winject.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\Winject.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\Winject.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\Winject.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\Winject.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\WinJect.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\WinJect.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Winject.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Winject.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Winject.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Winject.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Winject.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Winject.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Winject.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Winject.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Winject.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Winject.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Winject.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Winject.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Winject.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Winject.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Winject.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Winject.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Winject.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Winject.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Winject.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Winject.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Winject.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Winject.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Winject.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Winject.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Winject.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1820 wrote to memory of 4884 N/A C:\Users\Admin\AppData\Local\Temp\WinJect.exe C:\Users\Admin\AppData\Local\Temp\WinJect.exe
PID 1820 wrote to memory of 4884 N/A C:\Users\Admin\AppData\Local\Temp\WinJect.exe C:\Users\Admin\AppData\Local\Temp\WinJect.exe
PID 1820 wrote to memory of 4884 N/A C:\Users\Admin\AppData\Local\Temp\WinJect.exe C:\Users\Admin\AppData\Local\Temp\WinJect.exe
PID 1820 wrote to memory of 4884 N/A C:\Users\Admin\AppData\Local\Temp\WinJect.exe C:\Users\Admin\AppData\Local\Temp\WinJect.exe
PID 1820 wrote to memory of 4884 N/A C:\Users\Admin\AppData\Local\Temp\WinJect.exe C:\Users\Admin\AppData\Local\Temp\WinJect.exe
PID 1820 wrote to memory of 4884 N/A C:\Users\Admin\AppData\Local\Temp\WinJect.exe C:\Users\Admin\AppData\Local\Temp\WinJect.exe
PID 1820 wrote to memory of 4884 N/A C:\Users\Admin\AppData\Local\Temp\WinJect.exe C:\Users\Admin\AppData\Local\Temp\WinJect.exe
PID 1820 wrote to memory of 4884 N/A C:\Users\Admin\AppData\Local\Temp\WinJect.exe C:\Users\Admin\AppData\Local\Temp\WinJect.exe
PID 4884 wrote to memory of 2752 N/A C:\Users\Admin\AppData\Local\Temp\WinJect.exe C:\Users\Admin\AppData\Local\Temp\Winject.exe
PID 4884 wrote to memory of 2752 N/A C:\Users\Admin\AppData\Local\Temp\WinJect.exe C:\Users\Admin\AppData\Local\Temp\Winject.exe
PID 4884 wrote to memory of 2752 N/A C:\Users\Admin\AppData\Local\Temp\WinJect.exe C:\Users\Admin\AppData\Local\Temp\Winject.exe
PID 4884 wrote to memory of 5012 N/A C:\Users\Admin\AppData\Local\Temp\WinJect.exe C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe
PID 4884 wrote to memory of 5012 N/A C:\Users\Admin\AppData\Local\Temp\WinJect.exe C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe
PID 4884 wrote to memory of 5012 N/A C:\Users\Admin\AppData\Local\Temp\WinJect.exe C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe
PID 2752 wrote to memory of 1060 N/A C:\Users\Admin\AppData\Local\Temp\Winject.exe C:\Users\Admin\AppData\Local\Temp\Winject.exe
PID 2752 wrote to memory of 1060 N/A C:\Users\Admin\AppData\Local\Temp\Winject.exe C:\Users\Admin\AppData\Local\Temp\Winject.exe
PID 2752 wrote to memory of 1060 N/A C:\Users\Admin\AppData\Local\Temp\Winject.exe C:\Users\Admin\AppData\Local\Temp\Winject.exe
PID 2752 wrote to memory of 1060 N/A C:\Users\Admin\AppData\Local\Temp\Winject.exe C:\Users\Admin\AppData\Local\Temp\Winject.exe
PID 2752 wrote to memory of 1060 N/A C:\Users\Admin\AppData\Local\Temp\Winject.exe C:\Users\Admin\AppData\Local\Temp\Winject.exe
PID 2752 wrote to memory of 1060 N/A C:\Users\Admin\AppData\Local\Temp\Winject.exe C:\Users\Admin\AppData\Local\Temp\Winject.exe
PID 2752 wrote to memory of 1060 N/A C:\Users\Admin\AppData\Local\Temp\Winject.exe C:\Users\Admin\AppData\Local\Temp\Winject.exe
PID 2752 wrote to memory of 1060 N/A C:\Users\Admin\AppData\Local\Temp\Winject.exe C:\Users\Admin\AppData\Local\Temp\Winject.exe
PID 5012 wrote to memory of 760 N/A C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe
PID 5012 wrote to memory of 760 N/A C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe
PID 5012 wrote to memory of 760 N/A C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe
PID 5012 wrote to memory of 760 N/A C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe
PID 5012 wrote to memory of 760 N/A C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe
PID 5012 wrote to memory of 760 N/A C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe
PID 5012 wrote to memory of 760 N/A C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe
PID 5012 wrote to memory of 760 N/A C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe
PID 760 wrote to memory of 4840 N/A C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe
PID 760 wrote to memory of 4840 N/A C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe
PID 760 wrote to memory of 4840 N/A C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe
PID 760 wrote to memory of 4840 N/A C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe
PID 760 wrote to memory of 4840 N/A C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe
PID 760 wrote to memory of 4840 N/A C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe
PID 760 wrote to memory of 4840 N/A C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe
PID 760 wrote to memory of 4840 N/A C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe
PID 1060 wrote to memory of 2496 N/A C:\Users\Admin\AppData\Local\Temp\Winject.exe C:\Users\Admin\AppData\Local\Temp\Winject.exe
PID 1060 wrote to memory of 2496 N/A C:\Users\Admin\AppData\Local\Temp\Winject.exe C:\Users\Admin\AppData\Local\Temp\Winject.exe
PID 1060 wrote to memory of 2496 N/A C:\Users\Admin\AppData\Local\Temp\Winject.exe C:\Users\Admin\AppData\Local\Temp\Winject.exe
PID 1060 wrote to memory of 2344 N/A C:\Users\Admin\AppData\Local\Temp\Winject.exe C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe
PID 1060 wrote to memory of 2344 N/A C:\Users\Admin\AppData\Local\Temp\Winject.exe C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe
PID 1060 wrote to memory of 2344 N/A C:\Users\Admin\AppData\Local\Temp\Winject.exe C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe
PID 2496 wrote to memory of 3760 N/A C:\Users\Admin\AppData\Local\Temp\Winject.exe C:\Users\Admin\AppData\Local\Temp\Winject.exe
PID 2496 wrote to memory of 3760 N/A C:\Users\Admin\AppData\Local\Temp\Winject.exe C:\Users\Admin\AppData\Local\Temp\Winject.exe
PID 2496 wrote to memory of 3760 N/A C:\Users\Admin\AppData\Local\Temp\Winject.exe C:\Users\Admin\AppData\Local\Temp\Winject.exe
PID 2496 wrote to memory of 3760 N/A C:\Users\Admin\AppData\Local\Temp\Winject.exe C:\Users\Admin\AppData\Local\Temp\Winject.exe
PID 2496 wrote to memory of 3760 N/A C:\Users\Admin\AppData\Local\Temp\Winject.exe C:\Users\Admin\AppData\Local\Temp\Winject.exe
PID 2496 wrote to memory of 3760 N/A C:\Users\Admin\AppData\Local\Temp\Winject.exe C:\Users\Admin\AppData\Local\Temp\Winject.exe
PID 2496 wrote to memory of 3760 N/A C:\Users\Admin\AppData\Local\Temp\Winject.exe C:\Users\Admin\AppData\Local\Temp\Winject.exe
PID 2496 wrote to memory of 3760 N/A C:\Users\Admin\AppData\Local\Temp\Winject.exe C:\Users\Admin\AppData\Local\Temp\Winject.exe
PID 2344 wrote to memory of 3800 N/A C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe
PID 2344 wrote to memory of 3800 N/A C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe
PID 2344 wrote to memory of 3800 N/A C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe
PID 2344 wrote to memory of 3800 N/A C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe
PID 2344 wrote to memory of 3800 N/A C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe
PID 2344 wrote to memory of 3800 N/A C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe
PID 2344 wrote to memory of 3800 N/A C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe
PID 2344 wrote to memory of 3800 N/A C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe
PID 3800 wrote to memory of 5116 N/A C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe
PID 3800 wrote to memory of 5116 N/A C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe
PID 3800 wrote to memory of 5116 N/A C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe
PID 3800 wrote to memory of 5116 N/A C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe

Processes

C:\Users\Admin\AppData\Local\Temp\WinJect.exe

"C:\Users\Admin\AppData\Local\Temp\WinJect.exe"

C:\Users\Admin\AppData\Local\Temp\WinJect.exe

"C:\Users\Admin\AppData\Local\Temp\WinJect.exe"

C:\Users\Admin\AppData\Local\Temp\Winject.exe

"C:\Users\Admin\AppData\Local\Temp\Winject.exe"

C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe

"C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe"

C:\Users\Admin\AppData\Local\Temp\Winject.exe

"C:\Users\Admin\AppData\Local\Temp\Winject.exe"

C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe

"C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe"

C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe

"C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe"

C:\Users\Admin\AppData\Local\Temp\Winject.exe

"C:\Users\Admin\AppData\Local\Temp\Winject.exe"

C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe

"C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe"

C:\Users\Admin\AppData\Local\Temp\Winject.exe

"C:\Users\Admin\AppData\Local\Temp\Winject.exe"

C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe

"C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe"

C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe

"C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe"

C:\Users\Admin\AppData\Local\Temp\Winject.exe

"C:\Users\Admin\AppData\Local\Temp\Winject.exe"

C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe

"C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe"

C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe

"C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe"

C:\Users\Admin\AppData\Local\Temp\Winject.exe

"C:\Users\Admin\AppData\Local\Temp\Winject.exe"

C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe

"C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe"

C:\Users\Admin\AppData\Local\Temp\Winject.exe

"C:\Users\Admin\AppData\Local\Temp\Winject.exe"

C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe

"C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe"

C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe

"C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe"

C:\Users\Admin\AppData\Local\Temp\Winject.exe

"C:\Users\Admin\AppData\Local\Temp\Winject.exe"

C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe

"C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe"

C:\Users\Admin\AppData\Local\Temp\Winject.exe

"C:\Users\Admin\AppData\Local\Temp\Winject.exe"

C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe

"C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe"

C:\Users\Admin\AppData\Local\Temp\Winject.exe

"C:\Users\Admin\AppData\Local\Temp\Winject.exe"

C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe

"C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe"

C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe

"C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe"

C:\Users\Admin\AppData\Local\Temp\Winject.exe

"C:\Users\Admin\AppData\Local\Temp\Winject.exe"

C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe

"C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe"

C:\Users\Admin\AppData\Local\Temp\Winject.exe

"C:\Users\Admin\AppData\Local\Temp\Winject.exe"

C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe

"C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe"

C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe

"C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe"

C:\Users\Admin\AppData\Local\Temp\Winject.exe

"C:\Users\Admin\AppData\Local\Temp\Winject.exe"

C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe

"C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe"

C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe

"C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe"

C:\Users\Admin\AppData\Local\Temp\Winject.exe

"C:\Users\Admin\AppData\Local\Temp\Winject.exe"

C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe

"C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe"

C:\Users\Admin\AppData\Local\Temp\Winject.exe

"C:\Users\Admin\AppData\Local\Temp\Winject.exe"

C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe

"C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe"

C:\Users\Admin\AppData\Local\Temp\Winject.exe

"C:\Users\Admin\AppData\Local\Temp\Winject.exe"

C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe

"C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe"

C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe

"C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe"

C:\Users\Admin\AppData\Local\Temp\Winject.exe

"C:\Users\Admin\AppData\Local\Temp\Winject.exe"

C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe

"C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe"

C:\Users\Admin\AppData\Local\Temp\Winject.exe

"C:\Users\Admin\AppData\Local\Temp\Winject.exe"

C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe

"C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe"

C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe

"C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe"

C:\Users\Admin\AppData\Local\Temp\Winject.exe

"C:\Users\Admin\AppData\Local\Temp\Winject.exe"

C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe

"C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe"

C:\Users\Admin\AppData\Local\Temp\Winject.exe

"C:\Users\Admin\AppData\Local\Temp\Winject.exe"

C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe

"C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe"

C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe

"C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe"

C:\Users\Admin\AppData\Local\Temp\Winject.exe

"C:\Users\Admin\AppData\Local\Temp\Winject.exe"

C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe

"C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe"

C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe

"C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe"

C:\Users\Admin\AppData\Local\Temp\Winject.exe

"C:\Users\Admin\AppData\Local\Temp\Winject.exe"

C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe

"C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe"

C:\Users\Admin\AppData\Local\Temp\Winject.exe

"C:\Users\Admin\AppData\Local\Temp\Winject.exe"

C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe

"C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe"

C:\Users\Admin\AppData\Local\Temp\Winject.exe

"C:\Users\Admin\AppData\Local\Temp\Winject.exe"

C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe

"C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe"

C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe

"C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe"

C:\Users\Admin\AppData\Local\Temp\Winject.exe

"C:\Users\Admin\AppData\Local\Temp\Winject.exe"

C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe

"C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe"

C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe

"C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe"

C:\Users\Admin\AppData\Local\Temp\Winject.exe

"C:\Users\Admin\AppData\Local\Temp\Winject.exe"

C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe

"C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe"

C:\Users\Admin\AppData\Local\Temp\Winject.exe

"C:\Users\Admin\AppData\Local\Temp\Winject.exe"

C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe

"C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe"

C:\Users\Admin\AppData\Local\Temp\Winject.exe

"C:\Users\Admin\AppData\Local\Temp\Winject.exe"

C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe

"C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe"

C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe

"C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe"

C:\Users\Admin\AppData\Local\Temp\Winject.exe

"C:\Users\Admin\AppData\Local\Temp\Winject.exe"

C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe

"C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe"

C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe

"C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe"

C:\Users\Admin\AppData\Local\Temp\Winject.exe

"C:\Users\Admin\AppData\Local\Temp\Winject.exe"

C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe

"C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe"

C:\Users\Admin\AppData\Local\Temp\Winject.exe

"C:\Users\Admin\AppData\Local\Temp\Winject.exe"

C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe

"C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe"

C:\Users\Admin\AppData\Local\Temp\Winject.exe

"C:\Users\Admin\AppData\Local\Temp\Winject.exe"

C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe

"C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe"

C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe

"C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe"

C:\Users\Admin\AppData\Local\Temp\Winject.exe

"C:\Users\Admin\AppData\Local\Temp\Winject.exe"

C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe

"C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe"

C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe

"C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe"

C:\Users\Admin\AppData\Local\Temp\Winject.exe

"C:\Users\Admin\AppData\Local\Temp\Winject.exe"

C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe

"C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe"

C:\Users\Admin\AppData\Local\Temp\Winject.exe

"C:\Users\Admin\AppData\Local\Temp\Winject.exe"

C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe

"C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe"

C:\Users\Admin\AppData\Local\Temp\Winject.exe

"C:\Users\Admin\AppData\Local\Temp\Winject.exe"

C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe

"C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe"

C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe

"C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe"

C:\Users\Admin\AppData\Local\Temp\Winject.exe

"C:\Users\Admin\AppData\Local\Temp\Winject.exe"

C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe

"C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe"

C:\Users\Admin\AppData\Local\Temp\Winject.exe

"C:\Users\Admin\AppData\Local\Temp\Winject.exe"

C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe

"C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe"

C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe

"C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe"

C:\Users\Admin\AppData\Local\Temp\Winject.exe

"C:\Users\Admin\AppData\Local\Temp\Winject.exe"

C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe

"C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe"

C:\Users\Admin\AppData\Local\Temp\Winject.exe

"C:\Users\Admin\AppData\Local\Temp\Winject.exe"

C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe

"C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe"

C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe

"C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe"

C:\Users\Admin\AppData\Local\Temp\Winject.exe

"C:\Users\Admin\AppData\Local\Temp\Winject.exe"

C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe

"C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe"

C:\Users\Admin\AppData\Local\Temp\Winject.exe

"C:\Users\Admin\AppData\Local\Temp\Winject.exe"

C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe

"C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe"

C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe

"C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe"

C:\Users\Admin\AppData\Local\Temp\Winject.exe

"C:\Users\Admin\AppData\Local\Temp\Winject.exe"

C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe

"C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe"

C:\Users\Admin\AppData\Local\Temp\Winject.exe

"C:\Users\Admin\AppData\Local\Temp\Winject.exe"

C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe

"C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe"

C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe

"C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe"

C:\Users\Admin\AppData\Local\Temp\Winject.exe

"C:\Users\Admin\AppData\Local\Temp\Winject.exe"

C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe

"C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe"

C:\Users\Admin\AppData\Local\Temp\Winject.exe

"C:\Users\Admin\AppData\Local\Temp\Winject.exe"

C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe

"C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe"

C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe

"C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe"

C:\Users\Admin\AppData\Local\Temp\Winject.exe

"C:\Users\Admin\AppData\Local\Temp\Winject.exe"

C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe

"C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe"

C:\Users\Admin\AppData\Local\Temp\Winject.exe

"C:\Users\Admin\AppData\Local\Temp\Winject.exe"

C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe

"C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe"

C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe

"C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe"

C:\Users\Admin\AppData\Local\Temp\Winject.exe

"C:\Users\Admin\AppData\Local\Temp\Winject.exe"

C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe

"C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe"

C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe

"C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe"

C:\Users\Admin\AppData\Local\Temp\Winject.exe

"C:\Users\Admin\AppData\Local\Temp\Winject.exe"

C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe

"C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe"

C:\Users\Admin\AppData\Local\Temp\Winject.exe

"C:\Users\Admin\AppData\Local\Temp\Winject.exe"

C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe

"C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe"

C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe

"C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe"

C:\Users\Admin\AppData\Local\Temp\Winject.exe

"C:\Users\Admin\AppData\Local\Temp\Winject.exe"

C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe

"C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe"

C:\Users\Admin\AppData\Local\Temp\Winject.exe

"C:\Users\Admin\AppData\Local\Temp\Winject.exe"

C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe

"C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe"

C:\Users\Admin\AppData\Local\Temp\Winject.exe

"C:\Users\Admin\AppData\Local\Temp\Winject.exe"

C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe

"C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe"

C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe

"C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe"

C:\Users\Admin\AppData\Local\Temp\Winject.exe

"C:\Users\Admin\AppData\Local\Temp\Winject.exe"

C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe

"C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe"

C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe

"C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe"

C:\Users\Admin\AppData\Local\Temp\Winject.exe

"C:\Users\Admin\AppData\Local\Temp\Winject.exe"

C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe

"C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe"

C:\Users\Admin\AppData\Local\Temp\Winject.exe

"C:\Users\Admin\AppData\Local\Temp\Winject.exe"

C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe

"C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe"

C:\Users\Admin\AppData\Local\Temp\Winject.exe

"C:\Users\Admin\AppData\Local\Temp\Winject.exe"

C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe

"C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe"

C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe

"C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe"

C:\Users\Admin\AppData\Local\Temp\Winject.exe

"C:\Users\Admin\AppData\Local\Temp\Winject.exe"

C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe

"C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe"

C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe

"C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe"

C:\Users\Admin\AppData\Local\Temp\Winject.exe

"C:\Users\Admin\AppData\Local\Temp\Winject.exe"

C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe

"C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe"

C:\Users\Admin\AppData\Local\Temp\Winject.exe

"C:\Users\Admin\AppData\Local\Temp\Winject.exe"

C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe

"C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe"

C:\Users\Admin\AppData\Local\Temp\Winject.exe

"C:\Users\Admin\AppData\Local\Temp\Winject.exe"

C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe

"C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe"

C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe

"C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe"

C:\Users\Admin\AppData\Local\Temp\Winject.exe

"C:\Users\Admin\AppData\Local\Temp\Winject.exe"

C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe

"C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe"

C:\Users\Admin\AppData\Local\Temp\Winject.exe

"C:\Users\Admin\AppData\Local\Temp\Winject.exe"

C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe

"C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe"

C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe

"C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe"

C:\Users\Admin\AppData\Local\Temp\Winject.exe

"C:\Users\Admin\AppData\Local\Temp\Winject.exe"

C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe

"C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe"

C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe

"C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe"

C:\Users\Admin\AppData\Local\Temp\Winject.exe

"C:\Users\Admin\AppData\Local\Temp\Winject.exe"

C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe

"C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe"

C:\Users\Admin\AppData\Local\Temp\Winject.exe

"C:\Users\Admin\AppData\Local\Temp\Winject.exe"

C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe

"C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe"

C:\Users\Admin\AppData\Local\Temp\Winject.exe

"C:\Users\Admin\AppData\Local\Temp\Winject.exe"

C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe

"C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe"

C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe

"C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe"

C:\Users\Admin\AppData\Local\Temp\Winject.exe

"C:\Users\Admin\AppData\Local\Temp\Winject.exe"

C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe

"C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe"

C:\Users\Admin\AppData\Local\Temp\Winject.exe

"C:\Users\Admin\AppData\Local\Temp\Winject.exe"

C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe

"C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe"

C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe

"C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe"

C:\Users\Admin\AppData\Local\Temp\Winject.exe

"C:\Users\Admin\AppData\Local\Temp\Winject.exe"

C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe

"C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe"

C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe

"C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe"

C:\Users\Admin\AppData\Local\Temp\Winject.exe

"C:\Users\Admin\AppData\Local\Temp\Winject.exe"

C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe

"C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe"

C:\Users\Admin\AppData\Local\Temp\Winject.exe

"C:\Users\Admin\AppData\Local\Temp\Winject.exe"

C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe

"C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe"

C:\Users\Admin\AppData\Local\Temp\Winject.exe

"C:\Users\Admin\AppData\Local\Temp\Winject.exe"

C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe

"C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe"

C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe

"C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe"

C:\Users\Admin\AppData\Local\Temp\Winject.exe

"C:\Users\Admin\AppData\Local\Temp\Winject.exe"

C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe

"C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe"

C:\Users\Admin\AppData\Local\Temp\Winject.exe

"C:\Users\Admin\AppData\Local\Temp\Winject.exe"

C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe

"C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe"

C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe

"C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe"

C:\Users\Admin\AppData\Local\Temp\Winject.exe

"C:\Users\Admin\AppData\Local\Temp\Winject.exe"

C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe

"C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe"

C:\Users\Admin\AppData\Local\Temp\Winject.exe

"C:\Users\Admin\AppData\Local\Temp\Winject.exe"

C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe

"C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe"

C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe

"C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe"

C:\Users\Admin\AppData\Local\Temp\Winject.exe

"C:\Users\Admin\AppData\Local\Temp\Winject.exe"

C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe

"C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe"

C:\Users\Admin\AppData\Local\Temp\Winject.exe

"C:\Users\Admin\AppData\Local\Temp\Winject.exe"

C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe

"C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe"

C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe

"C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe"

C:\Users\Admin\AppData\Local\Temp\Winject.exe

"C:\Users\Admin\AppData\Local\Temp\Winject.exe"

C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe

"C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe"

C:\Users\Admin\AppData\Local\Temp\Winject.exe

"C:\Users\Admin\AppData\Local\Temp\Winject.exe"

C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe

"C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe"

C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe

"C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe"

C:\Users\Admin\AppData\Local\Temp\Winject.exe

"C:\Users\Admin\AppData\Local\Temp\Winject.exe"

C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe

"C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe"

C:\Users\Admin\AppData\Local\Temp\Winject.exe

"C:\Users\Admin\AppData\Local\Temp\Winject.exe"

C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe

"C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe"

C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe

"C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe"

C:\Users\Admin\AppData\Local\Temp\Winject.exe

"C:\Users\Admin\AppData\Local\Temp\Winject.exe"

C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe

"C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe"

C:\Users\Admin\AppData\Local\Temp\Winject.exe

"C:\Users\Admin\AppData\Local\Temp\Winject.exe"

C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe

"C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe"

C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe

"C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe"

C:\Users\Admin\AppData\Local\Temp\Winject.exe

"C:\Users\Admin\AppData\Local\Temp\Winject.exe"

C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe

"C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe"

C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe

"C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe"

C:\Users\Admin\AppData\Local\Temp\Winject.exe

"C:\Users\Admin\AppData\Local\Temp\Winject.exe"

C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe

"C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe"

C:\Users\Admin\AppData\Local\Temp\Winject.exe

"C:\Users\Admin\AppData\Local\Temp\Winject.exe"

C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe

"C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe"

C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe

"C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe"

C:\Users\Admin\AppData\Local\Temp\Winject.exe

"C:\Users\Admin\AppData\Local\Temp\Winject.exe"

C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe

"C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe"

C:\Users\Admin\AppData\Local\Temp\Winject.exe

"C:\Users\Admin\AppData\Local\Temp\Winject.exe"

C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe

"C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe"

C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe

"C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe"

C:\Users\Admin\AppData\Local\Temp\Winject.exe

"C:\Users\Admin\AppData\Local\Temp\Winject.exe"

C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe

"C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe"

C:\Users\Admin\AppData\Local\Temp\Winject.exe

"C:\Users\Admin\AppData\Local\Temp\Winject.exe"

C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe

"C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe"

C:\Users\Admin\AppData\Local\Temp\Winject.exe

"C:\Users\Admin\AppData\Local\Temp\Winject.exe"

C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe

"C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe"

C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe

"C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe"

C:\Users\Admin\AppData\Local\Temp\Winject.exe

"C:\Users\Admin\AppData\Local\Temp\Winject.exe"

C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe

"C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe"

C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe

"C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe"

C:\Users\Admin\AppData\Local\Temp\Winject.exe

"C:\Users\Admin\AppData\Local\Temp\Winject.exe"

C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe

"C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe"

C:\Users\Admin\AppData\Local\Temp\Winject.exe

"C:\Users\Admin\AppData\Local\Temp\Winject.exe"

C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe

"C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe"

C:\Users\Admin\AppData\Local\Temp\Winject.exe

"C:\Users\Admin\AppData\Local\Temp\Winject.exe"

C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe

"C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe"

C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe

"C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe"

C:\Users\Admin\AppData\Local\Temp\Winject.exe

"C:\Users\Admin\AppData\Local\Temp\Winject.exe"

C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe

"C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 104.219.191.52.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 4.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 agree.netau.net udp
US 8.8.8.8:53 232.168.11.51.in-addr.arpa udp
US 8.8.8.8:53 agree.netau.net udp
US 8.8.8.8:53 agree.netau.net udp
US 8.8.8.8:53 53.210.109.20.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 agree.netau.net udp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp
US 8.8.8.8:53 agree.netau.net udp
US 8.8.8.8:53 agree.netau.net udp
US 8.8.8.8:53 agree.netau.net udp
US 8.8.8.8:53 agree.netau.net udp
US 8.8.8.8:53 agree.netau.net udp
US 8.8.8.8:53 48.229.111.52.in-addr.arpa udp
US 8.8.8.8:53 agree.netau.net udp
US 8.8.8.8:53 agree.netau.net udp
US 8.8.8.8:53 agree.netau.net udp
US 8.8.8.8:53 agree.netau.net udp
US 8.8.8.8:53 agree.netau.net udp
US 8.8.8.8:53 agree.netau.net udp

Files

memory/4884-2-0x0000000000400000-0x000000000046B000-memory.dmp

memory/4884-4-0x0000000000400000-0x000000000046B000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\0718i2vupW.exe

MD5 4bde2fa501b271311668b79e08c3977e
SHA1 60517822d48cf2b560c2d4681c4e5685e29f9632
SHA256 73903815bf438131d3dee70fb8f7f757f1ae57deb7fddd802685fd14d95c33dd
SHA512 4a39144ed55e44228882b1d30e1d4b6ddc76cbc8037089fdd0e058ad79364a66d13d311827bf181907d3e29b84b6443349624e2d505d1c4d64cea2e48cd684c3

memory/4884-19-0x0000000000400000-0x000000000046B000-memory.dmp

memory/760-26-0x0000000000400000-0x000000000041E000-memory.dmp

memory/760-30-0x0000000000400000-0x000000000041E000-memory.dmp

memory/4840-35-0x0000000000400000-0x0000000000414000-memory.dmp

memory/4840-33-0x0000000000400000-0x0000000000414000-memory.dmp

memory/760-36-0x0000000000400000-0x000000000041E000-memory.dmp

memory/1060-45-0x0000000000400000-0x000000000046B000-memory.dmp

memory/3800-62-0x0000000000400000-0x000000000041E000-memory.dmp

memory/3760-69-0x0000000000400000-0x000000000046B000-memory.dmp

memory/5116-72-0x0000000000400000-0x0000000000414000-memory.dmp

memory/4840-71-0x0000000000400000-0x0000000000414000-memory.dmp

memory/1096-88-0x0000000000400000-0x000000000041E000-memory.dmp

memory/3684-95-0x0000000000400000-0x000000000046B000-memory.dmp

memory/3680-98-0x0000000000400000-0x0000000000414000-memory.dmp

memory/4620-112-0x0000000000400000-0x000000000041E000-memory.dmp

memory/2280-118-0x0000000000400000-0x000000000046B000-memory.dmp

memory/3232-123-0x0000000000400000-0x0000000000414000-memory.dmp

memory/3880-137-0x0000000000400000-0x000000000041E000-memory.dmp

Analysis: behavioral3

Detonation Overview

Submitted

2024-12-08 05:42

Reported

2024-12-08 05:44

Platform

win7-20240903-en

Max time kernel

122s

Max time network

122s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\bo_synapse_hack_v1.dll,#1

Signatures

Program crash

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\rundll32.exe

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\rundll32.exe N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\bo_synapse_hack_v1.dll,#1

C:\Windows\SysWOW64\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\bo_synapse_hack_v1.dll,#1

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 2736 -s 200

Network

N/A

Files

N/A

Analysis: behavioral4

Detonation Overview

Submitted

2024-12-08 05:42

Reported

2024-12-08 05:44

Platform

win10v2004-20241007-en

Max time kernel

95s

Max time network

144s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\bo_synapse_hack_v1.dll,#1

Signatures

Program crash

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\rundll32.exe

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\rundll32.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2416 wrote to memory of 1704 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe
PID 2416 wrote to memory of 1704 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe
PID 2416 wrote to memory of 1704 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\bo_synapse_hack_v1.dll,#1

C:\Windows\SysWOW64\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\bo_synapse_hack_v1.dll,#1

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 404 -p 1704 -ip 1704

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 1704 -s 564

Network

Country Destination Domain Proto
US 8.8.8.8:53 232.168.11.51.in-addr.arpa udp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 0.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 196.249.167.52.in-addr.arpa udp
US 8.8.8.8:53 200.163.202.172.in-addr.arpa udp
US 8.8.8.8:53 18.31.95.13.in-addr.arpa udp
US 8.8.8.8:53 181.129.81.91.in-addr.arpa udp
US 8.8.8.8:53 11.227.111.52.in-addr.arpa udp

Files

N/A