Malware Analysis Report

2024-11-30 15:58

Sample ID 220705-d5jc8afee4
Target a04cc80c15dcf9cf97d4244232995ce425311a0687284d0fec0b9e0d196b0a35
SHA256 a04cc80c15dcf9cf97d4244232995ce425311a0687284d0fec0b9e0d196b0a35
Tags
imminent persistence spyware trojan
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V6

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

a04cc80c15dcf9cf97d4244232995ce425311a0687284d0fec0b9e0d196b0a35

Threat Level: Known bad

The file a04cc80c15dcf9cf97d4244232995ce425311a0687284d0fec0b9e0d196b0a35 was found to be: Known bad.

Malicious Activity Summary

imminent persistence spyware trojan

Imminent RAT

Executes dropped EXE

Loads dropped DLL

Deletes itself

Checks computer location settings

Adds Run key to start application

Drops desktop.ini file(s)

Drops file in Windows directory

Enumerates physical storage devices

Suspicious behavior: GetForegroundWindowSpam

Runs ping.exe

Checks SCSI registry key(s)

Suspicious behavior: EnumeratesProcesses

Suspicious use of AdjustPrivilegeToken

Suspicious use of WriteProcessMemory

Suspicious use of FindShellTrayWindow

Suspicious use of SetWindowsHookEx

Suspicious use of SendNotifyMessage

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2022-07-05 03:35

Signatures

N/A

Analysis: behavioral2

Detonation Overview

Submitted

2022-07-05 03:35

Reported

2022-07-05 04:05

Platform

win10v2004-20220414-en

Max time kernel

1800s

Max time network

1802s

Command Line

"C:\Users\Admin\AppData\Local\Temp\a04cc80c15dcf9cf97d4244232995ce425311a0687284d0fec0b9e0d196b0a35.exe"

Signatures

Imminent RAT

trojan spyware imminent

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-3751123196-3323558407-1869646069-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\a04cc80c15dcf9cf97d4244232995ce425311a0687284d0fec0b9e0d196b0a35.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3751123196-3323558407-1869646069-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\a04cc80c15dcf9cf97d4244232995ce425311a0687284d0fec0b9e0d196b0a35\a04cc80c15dcf9cf97d4244232995ce425311a0687284d0fec0b9e0d196b0a35.exe N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-3751123196-3323558407-1869646069-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Microsoft = "\\Copyright\\Microsoft.exe" C:\Users\Admin\AppData\Local\Temp\a04cc80c15dcf9cf97d4244232995ce425311a0687284d0fec0b9e0d196b0a35\a04cc80c15dcf9cf97d4244232995ce425311a0687284d0fec0b9e0d196b0a35.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3751123196-3323558407-1869646069-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Microsoft = "C:\\Users\\Admin\\AppData\\Roaming\\Copyright\\Microsoft.exe" C:\Users\Admin\AppData\Local\Temp\a04cc80c15dcf9cf97d4244232995ce425311a0687284d0fec0b9e0d196b0a35\a04cc80c15dcf9cf97d4244232995ce425311a0687284d0fec0b9e0d196b0a35.exe N/A

Enumerates physical storage devices

Checks SCSI registry key(s)

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000 C:\Windows\SysWOW64\Taskmgr.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A C:\Windows\SysWOW64\Taskmgr.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName C:\Windows\SysWOW64\Taskmgr.exe N/A

Runs ping.exe

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\PING.EXE N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\a04cc80c15dcf9cf97d4244232995ce425311a0687284d0fec0b9e0d196b0a35.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a04cc80c15dcf9cf97d4244232995ce425311a0687284d0fec0b9e0d196b0a35.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a04cc80c15dcf9cf97d4244232995ce425311a0687284d0fec0b9e0d196b0a35.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a04cc80c15dcf9cf97d4244232995ce425311a0687284d0fec0b9e0d196b0a35.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a04cc80c15dcf9cf97d4244232995ce425311a0687284d0fec0b9e0d196b0a35.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a04cc80c15dcf9cf97d4244232995ce425311a0687284d0fec0b9e0d196b0a35.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a04cc80c15dcf9cf97d4244232995ce425311a0687284d0fec0b9e0d196b0a35.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a04cc80c15dcf9cf97d4244232995ce425311a0687284d0fec0b9e0d196b0a35.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a04cc80c15dcf9cf97d4244232995ce425311a0687284d0fec0b9e0d196b0a35.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a04cc80c15dcf9cf97d4244232995ce425311a0687284d0fec0b9e0d196b0a35.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a04cc80c15dcf9cf97d4244232995ce425311a0687284d0fec0b9e0d196b0a35.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a04cc80c15dcf9cf97d4244232995ce425311a0687284d0fec0b9e0d196b0a35.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a04cc80c15dcf9cf97d4244232995ce425311a0687284d0fec0b9e0d196b0a35.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a04cc80c15dcf9cf97d4244232995ce425311a0687284d0fec0b9e0d196b0a35.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a04cc80c15dcf9cf97d4244232995ce425311a0687284d0fec0b9e0d196b0a35.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a04cc80c15dcf9cf97d4244232995ce425311a0687284d0fec0b9e0d196b0a35.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a04cc80c15dcf9cf97d4244232995ce425311a0687284d0fec0b9e0d196b0a35.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a04cc80c15dcf9cf97d4244232995ce425311a0687284d0fec0b9e0d196b0a35.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a04cc80c15dcf9cf97d4244232995ce425311a0687284d0fec0b9e0d196b0a35.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a04cc80c15dcf9cf97d4244232995ce425311a0687284d0fec0b9e0d196b0a35.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a04cc80c15dcf9cf97d4244232995ce425311a0687284d0fec0b9e0d196b0a35.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a04cc80c15dcf9cf97d4244232995ce425311a0687284d0fec0b9e0d196b0a35.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a04cc80c15dcf9cf97d4244232995ce425311a0687284d0fec0b9e0d196b0a35.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a04cc80c15dcf9cf97d4244232995ce425311a0687284d0fec0b9e0d196b0a35.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a04cc80c15dcf9cf97d4244232995ce425311a0687284d0fec0b9e0d196b0a35.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a04cc80c15dcf9cf97d4244232995ce425311a0687284d0fec0b9e0d196b0a35\a04cc80c15dcf9cf97d4244232995ce425311a0687284d0fec0b9e0d196b0a35.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a04cc80c15dcf9cf97d4244232995ce425311a0687284d0fec0b9e0d196b0a35\a04cc80c15dcf9cf97d4244232995ce425311a0687284d0fec0b9e0d196b0a35.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a04cc80c15dcf9cf97d4244232995ce425311a0687284d0fec0b9e0d196b0a35\a04cc80c15dcf9cf97d4244232995ce425311a0687284d0fec0b9e0d196b0a35.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a04cc80c15dcf9cf97d4244232995ce425311a0687284d0fec0b9e0d196b0a35\a04cc80c15dcf9cf97d4244232995ce425311a0687284d0fec0b9e0d196b0a35.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a04cc80c15dcf9cf97d4244232995ce425311a0687284d0fec0b9e0d196b0a35\a04cc80c15dcf9cf97d4244232995ce425311a0687284d0fec0b9e0d196b0a35.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a04cc80c15dcf9cf97d4244232995ce425311a0687284d0fec0b9e0d196b0a35\a04cc80c15dcf9cf97d4244232995ce425311a0687284d0fec0b9e0d196b0a35.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a04cc80c15dcf9cf97d4244232995ce425311a0687284d0fec0b9e0d196b0a35\a04cc80c15dcf9cf97d4244232995ce425311a0687284d0fec0b9e0d196b0a35.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a04cc80c15dcf9cf97d4244232995ce425311a0687284d0fec0b9e0d196b0a35\a04cc80c15dcf9cf97d4244232995ce425311a0687284d0fec0b9e0d196b0a35.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a04cc80c15dcf9cf97d4244232995ce425311a0687284d0fec0b9e0d196b0a35\a04cc80c15dcf9cf97d4244232995ce425311a0687284d0fec0b9e0d196b0a35.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a04cc80c15dcf9cf97d4244232995ce425311a0687284d0fec0b9e0d196b0a35\a04cc80c15dcf9cf97d4244232995ce425311a0687284d0fec0b9e0d196b0a35.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a04cc80c15dcf9cf97d4244232995ce425311a0687284d0fec0b9e0d196b0a35\a04cc80c15dcf9cf97d4244232995ce425311a0687284d0fec0b9e0d196b0a35.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a04cc80c15dcf9cf97d4244232995ce425311a0687284d0fec0b9e0d196b0a35\a04cc80c15dcf9cf97d4244232995ce425311a0687284d0fec0b9e0d196b0a35.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a04cc80c15dcf9cf97d4244232995ce425311a0687284d0fec0b9e0d196b0a35\a04cc80c15dcf9cf97d4244232995ce425311a0687284d0fec0b9e0d196b0a35.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a04cc80c15dcf9cf97d4244232995ce425311a0687284d0fec0b9e0d196b0a35\a04cc80c15dcf9cf97d4244232995ce425311a0687284d0fec0b9e0d196b0a35.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a04cc80c15dcf9cf97d4244232995ce425311a0687284d0fec0b9e0d196b0a35\a04cc80c15dcf9cf97d4244232995ce425311a0687284d0fec0b9e0d196b0a35.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a04cc80c15dcf9cf97d4244232995ce425311a0687284d0fec0b9e0d196b0a35\a04cc80c15dcf9cf97d4244232995ce425311a0687284d0fec0b9e0d196b0a35.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a04cc80c15dcf9cf97d4244232995ce425311a0687284d0fec0b9e0d196b0a35\a04cc80c15dcf9cf97d4244232995ce425311a0687284d0fec0b9e0d196b0a35.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a04cc80c15dcf9cf97d4244232995ce425311a0687284d0fec0b9e0d196b0a35\a04cc80c15dcf9cf97d4244232995ce425311a0687284d0fec0b9e0d196b0a35.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a04cc80c15dcf9cf97d4244232995ce425311a0687284d0fec0b9e0d196b0a35\a04cc80c15dcf9cf97d4244232995ce425311a0687284d0fec0b9e0d196b0a35.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a04cc80c15dcf9cf97d4244232995ce425311a0687284d0fec0b9e0d196b0a35\a04cc80c15dcf9cf97d4244232995ce425311a0687284d0fec0b9e0d196b0a35.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a04cc80c15dcf9cf97d4244232995ce425311a0687284d0fec0b9e0d196b0a35\a04cc80c15dcf9cf97d4244232995ce425311a0687284d0fec0b9e0d196b0a35.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a04cc80c15dcf9cf97d4244232995ce425311a0687284d0fec0b9e0d196b0a35\a04cc80c15dcf9cf97d4244232995ce425311a0687284d0fec0b9e0d196b0a35.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a04cc80c15dcf9cf97d4244232995ce425311a0687284d0fec0b9e0d196b0a35\a04cc80c15dcf9cf97d4244232995ce425311a0687284d0fec0b9e0d196b0a35.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a04cc80c15dcf9cf97d4244232995ce425311a0687284d0fec0b9e0d196b0a35\a04cc80c15dcf9cf97d4244232995ce425311a0687284d0fec0b9e0d196b0a35.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a04cc80c15dcf9cf97d4244232995ce425311a0687284d0fec0b9e0d196b0a35\a04cc80c15dcf9cf97d4244232995ce425311a0687284d0fec0b9e0d196b0a35.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a04cc80c15dcf9cf97d4244232995ce425311a0687284d0fec0b9e0d196b0a35\a04cc80c15dcf9cf97d4244232995ce425311a0687284d0fec0b9e0d196b0a35.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a04cc80c15dcf9cf97d4244232995ce425311a0687284d0fec0b9e0d196b0a35\a04cc80c15dcf9cf97d4244232995ce425311a0687284d0fec0b9e0d196b0a35.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1472 wrote to memory of 1880 N/A C:\Users\Admin\AppData\Local\Temp\a04cc80c15dcf9cf97d4244232995ce425311a0687284d0fec0b9e0d196b0a35.exe C:\Users\Admin\AppData\Local\Temp\a04cc80c15dcf9cf97d4244232995ce425311a0687284d0fec0b9e0d196b0a35\a04cc80c15dcf9cf97d4244232995ce425311a0687284d0fec0b9e0d196b0a35.exe
PID 1472 wrote to memory of 1880 N/A C:\Users\Admin\AppData\Local\Temp\a04cc80c15dcf9cf97d4244232995ce425311a0687284d0fec0b9e0d196b0a35.exe C:\Users\Admin\AppData\Local\Temp\a04cc80c15dcf9cf97d4244232995ce425311a0687284d0fec0b9e0d196b0a35\a04cc80c15dcf9cf97d4244232995ce425311a0687284d0fec0b9e0d196b0a35.exe
PID 1472 wrote to memory of 1880 N/A C:\Users\Admin\AppData\Local\Temp\a04cc80c15dcf9cf97d4244232995ce425311a0687284d0fec0b9e0d196b0a35.exe C:\Users\Admin\AppData\Local\Temp\a04cc80c15dcf9cf97d4244232995ce425311a0687284d0fec0b9e0d196b0a35\a04cc80c15dcf9cf97d4244232995ce425311a0687284d0fec0b9e0d196b0a35.exe
PID 1472 wrote to memory of 3968 N/A C:\Users\Admin\AppData\Local\Temp\a04cc80c15dcf9cf97d4244232995ce425311a0687284d0fec0b9e0d196b0a35.exe C:\Windows\SysWOW64\cmd.exe
PID 1472 wrote to memory of 3968 N/A C:\Users\Admin\AppData\Local\Temp\a04cc80c15dcf9cf97d4244232995ce425311a0687284d0fec0b9e0d196b0a35.exe C:\Windows\SysWOW64\cmd.exe
PID 1472 wrote to memory of 3968 N/A C:\Users\Admin\AppData\Local\Temp\a04cc80c15dcf9cf97d4244232995ce425311a0687284d0fec0b9e0d196b0a35.exe C:\Windows\SysWOW64\cmd.exe
PID 3968 wrote to memory of 3392 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\PING.EXE
PID 3968 wrote to memory of 3392 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\PING.EXE
PID 3968 wrote to memory of 3392 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\PING.EXE
PID 1880 wrote to memory of 4928 N/A C:\Users\Admin\AppData\Local\Temp\a04cc80c15dcf9cf97d4244232995ce425311a0687284d0fec0b9e0d196b0a35\a04cc80c15dcf9cf97d4244232995ce425311a0687284d0fec0b9e0d196b0a35.exe C:\Windows\SysWOW64\Taskmgr.exe
PID 1880 wrote to memory of 4928 N/A C:\Users\Admin\AppData\Local\Temp\a04cc80c15dcf9cf97d4244232995ce425311a0687284d0fec0b9e0d196b0a35\a04cc80c15dcf9cf97d4244232995ce425311a0687284d0fec0b9e0d196b0a35.exe C:\Windows\SysWOW64\Taskmgr.exe
PID 1880 wrote to memory of 4928 N/A C:\Users\Admin\AppData\Local\Temp\a04cc80c15dcf9cf97d4244232995ce425311a0687284d0fec0b9e0d196b0a35\a04cc80c15dcf9cf97d4244232995ce425311a0687284d0fec0b9e0d196b0a35.exe C:\Windows\SysWOW64\Taskmgr.exe

Processes

C:\Users\Admin\AppData\Local\Temp\a04cc80c15dcf9cf97d4244232995ce425311a0687284d0fec0b9e0d196b0a35.exe

"C:\Users\Admin\AppData\Local\Temp\a04cc80c15dcf9cf97d4244232995ce425311a0687284d0fec0b9e0d196b0a35.exe"

C:\Users\Admin\AppData\Local\Temp\a04cc80c15dcf9cf97d4244232995ce425311a0687284d0fec0b9e0d196b0a35\a04cc80c15dcf9cf97d4244232995ce425311a0687284d0fec0b9e0d196b0a35.exe

"C:\Users\Admin\AppData\Local\Temp\a04cc80c15dcf9cf97d4244232995ce425311a0687284d0fec0b9e0d196b0a35\a04cc80c15dcf9cf97d4244232995ce425311a0687284d0fec0b9e0d196b0a35.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /C ping 1.1.1.1 -n 1 -w 1000 > Nul & Del "C:\Users\Admin\AppData\Local\Temp\a04cc80c15dcf9cf97d4244232995ce425311a0687284d0fec0b9e0d196b0a35.exe"

C:\Windows\SysWOW64\PING.EXE

ping 1.1.1.1 -n 1 -w 1000

C:\Windows\SysWOW64\Taskmgr.exe

"C:\Windows\System32\Taskmgr.exe"

C:\Windows\system32\wbem\WmiApSrv.exe

C:\Windows\system32\wbem\WmiApSrv.exe

C:\Windows\system32\wbem\WmiApSrv.exe

C:\Windows\system32\wbem\WmiApSrv.exe

Network

Country Destination Domain Proto
US 8.8.8.8:53 speednet.duckdns.org udp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
IE 20.54.110.249:443 tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
US 8.8.8.8:53 176.122.125.40.in-addr.arpa udp
US 13.107.4.50:80 tcp
US 13.107.4.50:80 tcp
US 8.8.8.8:53 speednet.duckdns.org udp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
US 8.8.8.8:53 ocsp.msocsp.com udp
US 104.18.25.243:80 ocsp.msocsp.com tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
US 8.8.8.8:53 speednet.duckdns.org udp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
US 8.8.8.8:53 speednet.duckdns.org udp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
US 8.8.8.8:53 speednet.duckdns.org udp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
US 204.79.197.200:443 tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
US 8.8.8.8:53 speednet.duckdns.org udp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
US 8.8.8.8:53 speednet.duckdns.org udp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
US 8.8.8.8:53 speednet.duckdns.org udp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
US 8.8.8.8:53 speednet.duckdns.org udp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
US 8.8.8.8:53 speednet.duckdns.org udp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
SG 168.63.250.82:80 tcp
US 8.8.8.8:53 speednet.duckdns.org udp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
US 8.8.8.8:53 speednet.duckdns.org udp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
US 8.8.8.8:53 speednet.duckdns.org udp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
US 8.8.8.8:53 speednet.duckdns.org udp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
US 8.8.8.8:53 speednet.duckdns.org udp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
US 8.8.8.8:53 speednet.duckdns.org udp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
US 8.8.8.8:53 speednet.duckdns.org udp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
US 8.8.8.8:53 speednet.duckdns.org udp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
US 8.8.8.8:53 speednet.duckdns.org udp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
US 8.8.8.8:53 speednet.duckdns.org udp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
US 8.8.8.8:53 speednet.duckdns.org udp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
US 8.8.8.8:53 speednet.duckdns.org udp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
US 8.8.8.8:53 speednet.duckdns.org udp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
US 8.8.8.8:53 speednet.duckdns.org udp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
US 8.8.8.8:53 speednet.duckdns.org udp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
US 8.8.8.8:53 speednet.duckdns.org udp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
US 8.8.8.8:53 speednet.duckdns.org udp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
US 8.8.8.8:53 speednet.duckdns.org udp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
US 8.8.8.8:53 speednet.duckdns.org udp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
US 8.8.8.8:53 speednet.duckdns.org udp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp

Files

memory/1472-130-0x00000000747B0000-0x0000000074D61000-memory.dmp

memory/1880-131-0x0000000000000000-mapping.dmp

C:\Users\Admin\AppData\Local\Temp\a04cc80c15dcf9cf97d4244232995ce425311a0687284d0fec0b9e0d196b0a35\a04cc80c15dcf9cf97d4244232995ce425311a0687284d0fec0b9e0d196b0a35.exe

MD5 6d27ad0025dec94b10e62945543eba31
SHA1 3fcd349ea78cac0b8179b3d995beca6552522ba3
SHA256 a04cc80c15dcf9cf97d4244232995ce425311a0687284d0fec0b9e0d196b0a35
SHA512 b6af990b574cfecee839ad550e77440acb25c359ac7f082bac8f9bc469937e1e3ec262129736a24b958b4586947303176ec0b9844703d65182a444e982eaabdb

C:\Users\Admin\AppData\Local\Temp\a04cc80c15dcf9cf97d4244232995ce425311a0687284d0fec0b9e0d196b0a35\a04cc80c15dcf9cf97d4244232995ce425311a0687284d0fec0b9e0d196b0a35.exe

MD5 6d27ad0025dec94b10e62945543eba31
SHA1 3fcd349ea78cac0b8179b3d995beca6552522ba3
SHA256 a04cc80c15dcf9cf97d4244232995ce425311a0687284d0fec0b9e0d196b0a35
SHA512 b6af990b574cfecee839ad550e77440acb25c359ac7f082bac8f9bc469937e1e3ec262129736a24b958b4586947303176ec0b9844703d65182a444e982eaabdb

memory/3968-134-0x0000000000000000-mapping.dmp

memory/1472-136-0x00000000747B0000-0x0000000074D61000-memory.dmp

memory/3392-135-0x0000000000000000-mapping.dmp

memory/1880-137-0x00000000747B0000-0x0000000074D61000-memory.dmp

memory/4928-138-0x0000000000000000-mapping.dmp

memory/1880-139-0x00000000747B0000-0x0000000074D61000-memory.dmp

Analysis: behavioral1

Detonation Overview

Submitted

2022-07-05 03:35

Reported

2022-07-05 04:05

Platform

win7-20220414-en

Max time kernel

1800s

Max time network

1801s

Command Line

"C:\Users\Admin\AppData\Local\Temp\a04cc80c15dcf9cf97d4244232995ce425311a0687284d0fec0b9e0d196b0a35.exe"

Signatures

Imminent RAT

trojan spyware imminent

Deletes itself

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\cmd.exe N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-1083475884-596052423-1669053738-1000\Software\Microsoft\Windows\CurrentVersion\Run\Microsoft = "C:\\Users\\Admin\\AppData\\Roaming\\Copyright\\Microsoft.exe" C:\Users\Admin\AppData\Local\Temp\a04cc80c15dcf9cf97d4244232995ce425311a0687284d0fec0b9e0d196b0a35\a04cc80c15dcf9cf97d4244232995ce425311a0687284d0fec0b9e0d196b0a35.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1083475884-596052423-1669053738-1000\Software\Microsoft\Windows\CurrentVersion\Run\Microsoft = "\\Copyright\\Microsoft.exe" C:\Users\Admin\AppData\Local\Temp\a04cc80c15dcf9cf97d4244232995ce425311a0687284d0fec0b9e0d196b0a35\a04cc80c15dcf9cf97d4244232995ce425311a0687284d0fec0b9e0d196b0a35.exe N/A

Enumerates physical storage devices

Runs ping.exe

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\PING.EXE N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\a04cc80c15dcf9cf97d4244232995ce425311a0687284d0fec0b9e0d196b0a35.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a04cc80c15dcf9cf97d4244232995ce425311a0687284d0fec0b9e0d196b0a35.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a04cc80c15dcf9cf97d4244232995ce425311a0687284d0fec0b9e0d196b0a35\a04cc80c15dcf9cf97d4244232995ce425311a0687284d0fec0b9e0d196b0a35.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a04cc80c15dcf9cf97d4244232995ce425311a0687284d0fec0b9e0d196b0a35\a04cc80c15dcf9cf97d4244232995ce425311a0687284d0fec0b9e0d196b0a35.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a04cc80c15dcf9cf97d4244232995ce425311a0687284d0fec0b9e0d196b0a35\a04cc80c15dcf9cf97d4244232995ce425311a0687284d0fec0b9e0d196b0a35.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a04cc80c15dcf9cf97d4244232995ce425311a0687284d0fec0b9e0d196b0a35\a04cc80c15dcf9cf97d4244232995ce425311a0687284d0fec0b9e0d196b0a35.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a04cc80c15dcf9cf97d4244232995ce425311a0687284d0fec0b9e0d196b0a35\a04cc80c15dcf9cf97d4244232995ce425311a0687284d0fec0b9e0d196b0a35.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1016 wrote to memory of 1168 N/A C:\Users\Admin\AppData\Local\Temp\a04cc80c15dcf9cf97d4244232995ce425311a0687284d0fec0b9e0d196b0a35.exe C:\Users\Admin\AppData\Local\Temp\a04cc80c15dcf9cf97d4244232995ce425311a0687284d0fec0b9e0d196b0a35\a04cc80c15dcf9cf97d4244232995ce425311a0687284d0fec0b9e0d196b0a35.exe
PID 1016 wrote to memory of 1168 N/A C:\Users\Admin\AppData\Local\Temp\a04cc80c15dcf9cf97d4244232995ce425311a0687284d0fec0b9e0d196b0a35.exe C:\Users\Admin\AppData\Local\Temp\a04cc80c15dcf9cf97d4244232995ce425311a0687284d0fec0b9e0d196b0a35\a04cc80c15dcf9cf97d4244232995ce425311a0687284d0fec0b9e0d196b0a35.exe
PID 1016 wrote to memory of 1168 N/A C:\Users\Admin\AppData\Local\Temp\a04cc80c15dcf9cf97d4244232995ce425311a0687284d0fec0b9e0d196b0a35.exe C:\Users\Admin\AppData\Local\Temp\a04cc80c15dcf9cf97d4244232995ce425311a0687284d0fec0b9e0d196b0a35\a04cc80c15dcf9cf97d4244232995ce425311a0687284d0fec0b9e0d196b0a35.exe
PID 1016 wrote to memory of 1168 N/A C:\Users\Admin\AppData\Local\Temp\a04cc80c15dcf9cf97d4244232995ce425311a0687284d0fec0b9e0d196b0a35.exe C:\Users\Admin\AppData\Local\Temp\a04cc80c15dcf9cf97d4244232995ce425311a0687284d0fec0b9e0d196b0a35\a04cc80c15dcf9cf97d4244232995ce425311a0687284d0fec0b9e0d196b0a35.exe
PID 1016 wrote to memory of 1952 N/A C:\Users\Admin\AppData\Local\Temp\a04cc80c15dcf9cf97d4244232995ce425311a0687284d0fec0b9e0d196b0a35.exe C:\Windows\SysWOW64\cmd.exe
PID 1016 wrote to memory of 1952 N/A C:\Users\Admin\AppData\Local\Temp\a04cc80c15dcf9cf97d4244232995ce425311a0687284d0fec0b9e0d196b0a35.exe C:\Windows\SysWOW64\cmd.exe
PID 1016 wrote to memory of 1952 N/A C:\Users\Admin\AppData\Local\Temp\a04cc80c15dcf9cf97d4244232995ce425311a0687284d0fec0b9e0d196b0a35.exe C:\Windows\SysWOW64\cmd.exe
PID 1016 wrote to memory of 1952 N/A C:\Users\Admin\AppData\Local\Temp\a04cc80c15dcf9cf97d4244232995ce425311a0687284d0fec0b9e0d196b0a35.exe C:\Windows\SysWOW64\cmd.exe
PID 1952 wrote to memory of 1208 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\PING.EXE
PID 1952 wrote to memory of 1208 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\PING.EXE
PID 1952 wrote to memory of 1208 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\PING.EXE
PID 1952 wrote to memory of 1208 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\PING.EXE
PID 1168 wrote to memory of 1960 N/A C:\Users\Admin\AppData\Local\Temp\a04cc80c15dcf9cf97d4244232995ce425311a0687284d0fec0b9e0d196b0a35\a04cc80c15dcf9cf97d4244232995ce425311a0687284d0fec0b9e0d196b0a35.exe C:\Windows\SysWOW64\taskmgr.exe
PID 1168 wrote to memory of 1960 N/A C:\Users\Admin\AppData\Local\Temp\a04cc80c15dcf9cf97d4244232995ce425311a0687284d0fec0b9e0d196b0a35\a04cc80c15dcf9cf97d4244232995ce425311a0687284d0fec0b9e0d196b0a35.exe C:\Windows\SysWOW64\taskmgr.exe
PID 1168 wrote to memory of 1960 N/A C:\Users\Admin\AppData\Local\Temp\a04cc80c15dcf9cf97d4244232995ce425311a0687284d0fec0b9e0d196b0a35\a04cc80c15dcf9cf97d4244232995ce425311a0687284d0fec0b9e0d196b0a35.exe C:\Windows\SysWOW64\taskmgr.exe
PID 1168 wrote to memory of 1960 N/A C:\Users\Admin\AppData\Local\Temp\a04cc80c15dcf9cf97d4244232995ce425311a0687284d0fec0b9e0d196b0a35\a04cc80c15dcf9cf97d4244232995ce425311a0687284d0fec0b9e0d196b0a35.exe C:\Windows\SysWOW64\taskmgr.exe

Processes

C:\Users\Admin\AppData\Local\Temp\a04cc80c15dcf9cf97d4244232995ce425311a0687284d0fec0b9e0d196b0a35.exe

"C:\Users\Admin\AppData\Local\Temp\a04cc80c15dcf9cf97d4244232995ce425311a0687284d0fec0b9e0d196b0a35.exe"

C:\Users\Admin\AppData\Local\Temp\a04cc80c15dcf9cf97d4244232995ce425311a0687284d0fec0b9e0d196b0a35\a04cc80c15dcf9cf97d4244232995ce425311a0687284d0fec0b9e0d196b0a35.exe

"C:\Users\Admin\AppData\Local\Temp\a04cc80c15dcf9cf97d4244232995ce425311a0687284d0fec0b9e0d196b0a35\a04cc80c15dcf9cf97d4244232995ce425311a0687284d0fec0b9e0d196b0a35.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /C ping 1.1.1.1 -n 1 -w 1000 > Nul & Del "C:\Users\Admin\AppData\Local\Temp\a04cc80c15dcf9cf97d4244232995ce425311a0687284d0fec0b9e0d196b0a35.exe"

C:\Windows\SysWOW64\PING.EXE

ping 1.1.1.1 -n 1 -w 1000

C:\Windows\SysWOW64\taskmgr.exe

"C:\Windows\System32\taskmgr.exe"

C:\Windows\system32\wbem\WmiApSrv.exe

C:\Windows\system32\wbem\WmiApSrv.exe

Network

Country Destination Domain Proto
US 8.8.8.8:53 speednet.duckdns.org udp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
US 8.8.8.8:53 speednet.duckdns.org udp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
US 8.8.8.8:53 speednet.duckdns.org udp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
US 8.8.8.8:53 speednet.duckdns.org udp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
US 8.8.8.8:53 speednet.duckdns.org udp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
US 8.8.8.8:53 speednet.duckdns.org udp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
US 8.8.8.8:53 speednet.duckdns.org udp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
US 8.8.8.8:53 speednet.duckdns.org udp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
US 8.8.8.8:53 speednet.duckdns.org udp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
US 8.8.8.8:53 speednet.duckdns.org udp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
US 8.8.8.8:53 speednet.duckdns.org udp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
US 8.8.8.8:53 speednet.duckdns.org udp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
US 8.8.8.8:53 speednet.duckdns.org udp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
US 8.8.8.8:53 speednet.duckdns.org udp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
US 8.8.8.8:53 speednet.duckdns.org udp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
US 8.8.8.8:53 speednet.duckdns.org udp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
US 8.8.8.8:53 speednet.duckdns.org udp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
US 8.8.8.8:53 speednet.duckdns.org udp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
US 8.8.8.8:53 speednet.duckdns.org udp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
US 8.8.8.8:53 speednet.duckdns.org udp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
US 8.8.8.8:53 speednet.duckdns.org udp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
US 8.8.8.8:53 speednet.duckdns.org udp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
US 8.8.8.8:53 speednet.duckdns.org udp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
US 8.8.8.8:53 speednet.duckdns.org udp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
US 8.8.8.8:53 speednet.duckdns.org udp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
US 8.8.8.8:53 speednet.duckdns.org udp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
US 8.8.8.8:53 speednet.duckdns.org udp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
US 8.8.8.8:53 speednet.duckdns.org udp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
US 8.8.8.8:53 speednet.duckdns.org udp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
US 8.8.8.8:53 speednet.duckdns.org udp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
US 8.8.8.8:53 speednet.duckdns.org udp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
US 8.8.8.8:53 speednet.duckdns.org udp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
US 8.8.8.8:53 speednet.duckdns.org udp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
US 8.8.8.8:53 speednet.duckdns.org udp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp
FR 141.255.158.58:1397 speednet.duckdns.org tcp

Files

memory/1016-54-0x0000000075AE1000-0x0000000075AE3000-memory.dmp

memory/1016-55-0x0000000074F50000-0x00000000754FB000-memory.dmp

\Users\Admin\AppData\Local\Temp\a04cc80c15dcf9cf97d4244232995ce425311a0687284d0fec0b9e0d196b0a35\a04cc80c15dcf9cf97d4244232995ce425311a0687284d0fec0b9e0d196b0a35.exe

MD5 6d27ad0025dec94b10e62945543eba31
SHA1 3fcd349ea78cac0b8179b3d995beca6552522ba3
SHA256 a04cc80c15dcf9cf97d4244232995ce425311a0687284d0fec0b9e0d196b0a35
SHA512 b6af990b574cfecee839ad550e77440acb25c359ac7f082bac8f9bc469937e1e3ec262129736a24b958b4586947303176ec0b9844703d65182a444e982eaabdb

\Users\Admin\AppData\Local\Temp\a04cc80c15dcf9cf97d4244232995ce425311a0687284d0fec0b9e0d196b0a35\a04cc80c15dcf9cf97d4244232995ce425311a0687284d0fec0b9e0d196b0a35.exe

MD5 6d27ad0025dec94b10e62945543eba31
SHA1 3fcd349ea78cac0b8179b3d995beca6552522ba3
SHA256 a04cc80c15dcf9cf97d4244232995ce425311a0687284d0fec0b9e0d196b0a35
SHA512 b6af990b574cfecee839ad550e77440acb25c359ac7f082bac8f9bc469937e1e3ec262129736a24b958b4586947303176ec0b9844703d65182a444e982eaabdb

memory/1168-58-0x0000000000000000-mapping.dmp

C:\Users\Admin\AppData\Local\Temp\a04cc80c15dcf9cf97d4244232995ce425311a0687284d0fec0b9e0d196b0a35\a04cc80c15dcf9cf97d4244232995ce425311a0687284d0fec0b9e0d196b0a35.exe

MD5 6d27ad0025dec94b10e62945543eba31
SHA1 3fcd349ea78cac0b8179b3d995beca6552522ba3
SHA256 a04cc80c15dcf9cf97d4244232995ce425311a0687284d0fec0b9e0d196b0a35
SHA512 b6af990b574cfecee839ad550e77440acb25c359ac7f082bac8f9bc469937e1e3ec262129736a24b958b4586947303176ec0b9844703d65182a444e982eaabdb

C:\Users\Admin\AppData\Local\Temp\a04cc80c15dcf9cf97d4244232995ce425311a0687284d0fec0b9e0d196b0a35\a04cc80c15dcf9cf97d4244232995ce425311a0687284d0fec0b9e0d196b0a35.exe

MD5 6d27ad0025dec94b10e62945543eba31
SHA1 3fcd349ea78cac0b8179b3d995beca6552522ba3
SHA256 a04cc80c15dcf9cf97d4244232995ce425311a0687284d0fec0b9e0d196b0a35
SHA512 b6af990b574cfecee839ad550e77440acb25c359ac7f082bac8f9bc469937e1e3ec262129736a24b958b4586947303176ec0b9844703d65182a444e982eaabdb

memory/1952-62-0x0000000000000000-mapping.dmp

memory/1208-63-0x0000000000000000-mapping.dmp

memory/1016-64-0x0000000074F50000-0x00000000754FB000-memory.dmp

memory/1168-65-0x0000000074F50000-0x00000000754FB000-memory.dmp

memory/1960-66-0x0000000000000000-mapping.dmp

\Users\Admin\AppData\Local\Temp\a04cc80c15dcf9cf97d4244232995ce425311a0687284d0fec0b9e0d196b0a35\a04cc80c15dcf9cf97d4244232995ce425311a0687284d0fec0b9e0d196b0a35.exe

MD5 6d27ad0025dec94b10e62945543eba31
SHA1 3fcd349ea78cac0b8179b3d995beca6552522ba3
SHA256 a04cc80c15dcf9cf97d4244232995ce425311a0687284d0fec0b9e0d196b0a35
SHA512 b6af990b574cfecee839ad550e77440acb25c359ac7f082bac8f9bc469937e1e3ec262129736a24b958b4586947303176ec0b9844703d65182a444e982eaabdb

\Users\Admin\AppData\Local\Temp\a04cc80c15dcf9cf97d4244232995ce425311a0687284d0fec0b9e0d196b0a35\a04cc80c15dcf9cf97d4244232995ce425311a0687284d0fec0b9e0d196b0a35.exe

MD5 6d27ad0025dec94b10e62945543eba31
SHA1 3fcd349ea78cac0b8179b3d995beca6552522ba3
SHA256 a04cc80c15dcf9cf97d4244232995ce425311a0687284d0fec0b9e0d196b0a35
SHA512 b6af990b574cfecee839ad550e77440acb25c359ac7f082bac8f9bc469937e1e3ec262129736a24b958b4586947303176ec0b9844703d65182a444e982eaabdb

memory/1168-70-0x0000000074F50000-0x00000000754FB000-memory.dmp