Analysis
-
max time kernel
133s -
max time network
148s -
platform
windows10-2004_x64 -
resource
win10v2004-20240412-en -
resource tags
-
submitted
20-04-2024 01:30
Errors
General
-
Target
tinytask.exe
-
Size
35KB
-
MD5
8fd3551654f0f5281ddbd7e32cb73054
-
SHA1
9b1c9722847cd57cd11e4de80cd9e8197c3c34cd
-
SHA256
75e06ac5b7c1adb01ab994633466685e3dcef31d635eba1734fe16c7893ffe12
-
SHA512
a716f535e363fc1225b1665e1c24693e768d13699ea37bdf57effe4fea24b4b30a2181174f66c35e749b9c845b07f82eecbf282ee5972de0426f847293d46b4b
-
SSDEEP
768:sAzGzd0LnFjuwY6QlVwvHI1pSgNEl/MYoeAW:5zGzd0wXlVwv0SgNQXoeAW
Malware Config
Signatures
-
Downloads MZ/PE file
-
Checks computer location settings 2 TTPs 3 IoCs
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE 8 IoCs
-
Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs
-
Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
Drops file in Windows directory 1 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Enumerates system info in registry 2 TTPs 6 IoCs
-
Modifies data under HKEY_USERS 2 IoCs
-
Suspicious behavior: EnumeratesProcesses 64 IoCs
-
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 16 IoCs
-
Suspicious use of AdjustPrivilegeToken 64 IoCs
-
Suspicious use of FindShellTrayWindow 61 IoCs
-
Suspicious use of SendNotifyMessage 48 IoCs
-
Suspicious use of SetWindowsHookEx 4 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\tinytask.exe"C:\Users\Admin\AppData\Local\Temp\tinytask.exe"1⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe"1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffdc2d6ab58,0x7ffdc2d6ab68,0x7ffdc2d6ab782⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1676 --field-trial-handle=1896,i,18428845151556531064,8036213434733987668,131072 /prefetch:22⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1824 --field-trial-handle=1896,i,18428845151556531064,8036213434733987668,131072 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2208 --field-trial-handle=1896,i,18428845151556531064,8036213434733987668,131072 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2936 --field-trial-handle=1896,i,18428845151556531064,8036213434733987668,131072 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2944 --field-trial-handle=1896,i,18428845151556531064,8036213434733987668,131072 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4200 --field-trial-handle=1896,i,18428845151556531064,8036213434733987668,131072 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4472 --field-trial-handle=1896,i,18428845151556531064,8036213434733987668,131072 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4552 --field-trial-handle=1896,i,18428845151556531064,8036213434733987668,131072 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4612 --field-trial-handle=1896,i,18428845151556531064,8036213434733987668,131072 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4744 --field-trial-handle=1896,i,18428845151556531064,8036213434733987668,131072 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4644 --field-trial-handle=1896,i,18428845151556531064,8036213434733987668,131072 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4868 --field-trial-handle=1896,i,18428845151556531064,8036213434733987668,131072 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=4820 --field-trial-handle=1896,i,18428845151556531064,8036213434733987668,131072 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=3052 --field-trial-handle=1896,i,18428845151556531064,8036213434733987668,131072 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3476 --field-trial-handle=1896,i,18428845151556531064,8036213434733987668,131072 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3384 --field-trial-handle=1896,i,18428845151556531064,8036213434733987668,131072 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5332 --field-trial-handle=1896,i,18428845151556531064,8036213434733987668,131072 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4876 --field-trial-handle=1896,i,18428845151556531064,8036213434733987668,131072 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5184 --field-trial-handle=1896,i,18428845151556531064,8036213434733987668,131072 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3360 --field-trial-handle=1896,i,18428845151556531064,8036213434733987668,131072 /prefetch:82⤵
-
C:\Users\Admin\Downloads\MEMZ.exe"C:\Users\Admin\Downloads\MEMZ.exe"2⤵
- Checks computer location settings
- Executes dropped EXE
-
C:\Users\Admin\Downloads\MEMZ.exe"C:\Users\Admin\Downloads\MEMZ.exe" /watchdog3⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
-
C:\Users\Admin\Downloads\MEMZ.exe"C:\Users\Admin\Downloads\MEMZ.exe" /watchdog3⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
-
C:\Users\Admin\Downloads\MEMZ.exe"C:\Users\Admin\Downloads\MEMZ.exe" /watchdog3⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
-
C:\Users\Admin\Downloads\MEMZ.exe"C:\Users\Admin\Downloads\MEMZ.exe" /watchdog3⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
-
C:\Users\Admin\Downloads\MEMZ.exe"C:\Users\Admin\Downloads\MEMZ.exe" /watchdog3⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
-
C:\Users\Admin\Downloads\MEMZ.exe"C:\Users\Admin\Downloads\MEMZ.exe" /main3⤵
- Checks computer location settings
- Executes dropped EXE
- Writes to the Master Boot Record (MBR)
-
C:\Windows\SysWOW64\notepad.exe"C:\Windows\System32\notepad.exe" \note.txt4⤵
- Suspicious use of FindShellTrayWindow
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://answers.microsoft.com/en-us/protect/forum/protect_other-protect_scanning/memz-malwarevirus-trojan-completely-destroying/268bc1c2-39f4-42f8-90c2-597a673b6b454⤵
- Enumerates system info in registry
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffdc1fc46f8,0x7ffdc1fc4708,0x7ffdc1fc47185⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2072,4611255723821417702,6911649624558985363,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2092 /prefetch:25⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2072,4611255723821417702,6911649624558985363,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2164 /prefetch:35⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2072,4611255723821417702,6911649624558985363,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2900 /prefetch:85⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,4611255723821417702,6911649624558985363,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:15⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,4611255723821417702,6911649624558985363,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:15⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,4611255723821417702,6911649624558985363,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4680 /prefetch:15⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,4611255723821417702,6911649624558985363,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3612 /prefetch:15⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,4611255723821417702,6911649624558985363,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3816 /prefetch:15⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,4611255723821417702,6911649624558985363,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5380 /prefetch:15⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,4611255723821417702,6911649624558985363,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5504 /prefetch:15⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,4611255723821417702,6911649624558985363,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5836 /prefetch:15⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,4611255723821417702,6911649624558985363,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6020 /prefetch:15⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,4611255723821417702,6911649624558985363,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5352 /prefetch:15⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2072,4611255723821417702,6911649624558985363,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5940 /prefetch:85⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2072,4611255723821417702,6911649624558985363,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5940 /prefetch:85⤵
-
C:\Windows\SysWOW64\mspaint.exe"C:\Windows\System32\mspaint.exe"4⤵
- Drops file in Windows directory
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"1⤵
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Users\Admin\Downloads\MEMZ.exe"C:\Users\Admin\Downloads\MEMZ.exe"1⤵
- Checks computer location settings
- Executes dropped EXE
-
C:\Users\Admin\Downloads\MEMZ.exe"C:\Users\Admin\Downloads\MEMZ.exe" /watchdog2⤵
-
C:\Users\Admin\Downloads\MEMZ.exe"C:\Users\Admin\Downloads\MEMZ.exe" /watchdog2⤵
-
C:\Users\Admin\Downloads\MEMZ.exe"C:\Users\Admin\Downloads\MEMZ.exe" /watchdog2⤵
-
C:\Users\Admin\Downloads\MEMZ.exe"C:\Users\Admin\Downloads\MEMZ.exe" /watchdog2⤵
-
C:\Users\Admin\Downloads\MEMZ.exe"C:\Users\Admin\Downloads\MEMZ.exe" /watchdog2⤵
-
C:\Users\Admin\Downloads\MEMZ.exe"C:\Users\Admin\Downloads\MEMZ.exe" /main2⤵
-
C:\Windows\SysWOW64\notepad.exe"C:\Windows\System32\notepad.exe" \note.txt3⤵
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s DeviceAssociationService1⤵
Network
MITRE ATT&CK Matrix ATT&CK v13
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-indexFilesize
432B
MD580e4f737744cc8f1a395324c542be858
SHA1d69fb92e1b2e14bad2277b489f9beffd770009b2
SHA25653b3b4f276baa6a2893662fff4a52e3596053330bc0ebf2bdf22c6ded16b62e2
SHA512617fd7bff5763fa12fce8f430ad00214eba3fe98c6f34b95851ab3e3d730aa8a92f2e11d43e810097fd454a998477057b72625e5d8addf071994ad642a2671b3
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-indexFilesize
2KB
MD551efb88f7f6d41d339c6c2bde098a2a9
SHA1b5758a983ced40e6d8128f2010935339778a89ff
SHA256483548792302f9936d667ec55170a51df85362b8248b5664efc2542158a1427f
SHA5120337865a4300e501890cc32415c734ef9e7cb8449ef223f2b43f6842069bba7d6fa89e0fa1b2ea58c935150b2a27407d6d6a6626636ef2b394ea556052af9fa9
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1Filesize
264KB
MD58223ddf032add963fd0ad5c6bfdd07d6
SHA1c6d8a54edf87bf9acf3b7d12d7195aca22c6b500
SHA25663cf8708ed642df4b45dbb03b37945153ca631c5f249c35886f6348b46dd7857
SHA512f8ceb91cd0e2969e749d31730b43eefc7b1827f3fe45d8b0f3de61b98606b8c66a212254e8121d233bf88502e17facf182a4e70aee60013a492d6bf9dac01220
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent StateFilesize
4KB
MD55c9c82d0232b4ae3933d9d7eca26b50e
SHA1d0bdf16107c7d9878377a38d0e3ba6ca343ce811
SHA256bf8c7faa595435884985977e7f9585f0c2da92aabb77d3dd05e4f6541d93ac6c
SHA512c63359c6e0eb8bf1ee50b764670b2014658c4766e4a89cc886d39ba164851a229ea513927d6efda3dbbebe4d58c6e800f2e7805a8005765bb1f69e08acf670aa
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent StateFilesize
4KB
MD51b7a55c16758b52573d8fcb5937c2500
SHA1b4bf49a056d0dc3f659ca5103692cc85e08f8630
SHA25638dab70f05c477b51f241f1adc4a36a9ccb4033085a823768001ed69afd571c8
SHA51204ada945e71dd55d5077c9b753a3b98ce7ff64c4f730662fb80ef9355583cc3af8bdef8e091d6723b95bfcf29fe8355c0bc6e039ecb78a45e8df3e8464999466
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending ReportsFilesize
2B
MD5d751713988987e9331980363e24189ce
SHA197d170e1550eee4afc0af065b78cda302a97674c
SHA2564f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurityFilesize
356B
MD5ee3a355e039bb7d77f89c9e905c7e777
SHA1e7e93a42b8444a13c4dd63e5859609bbfc6182cc
SHA25606efe15984667a236acd73ceb473d13f59cda0e2d3dbb0edd0ce4fe68b40d861
SHA51259c726c568dc43742e5323595184881eb31788a487c2871c07460ff8f266518a768a657a24ae9fac01e54361118f41607f5289b987c542e245b4fd3f601b7b0f
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurityFilesize
1KB
MD5bd254ccca5ad74ac69d98cd6af67337d
SHA199eeb09c4cba110e5b1c4e26c67012bae9c3b93b
SHA25618c17779c5892e3637edd99d3fde10b3445a3ab0b22585a7d3f22cfa20a48ef7
SHA51247c501c73174a52dbf745fbd9597e733e28695e3698f3f0c2cda74780bd4604df05407336bdf41a0bf1705d5919727b97d48593c202001e89f12ef3b852df2a7
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurityFilesize
524B
MD5e0a058d471222c3b3d24618aaaeebb4a
SHA1dc8b781f1654c49568135ee9e96f5902351bcf84
SHA25685d3fd2c8369e062e218ac2823d100120dec2c0d5c99a068b74ff4f08e7396cb
SHA51231f604046c25fe26aaa17ed9fcdfdbebf3617249ade1ac7c44e9dd1feb57e581cb77a3d3d6d9b2dbb55145e56a374ba22e7816f465ca79fd140593f09c180d0e
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurityFilesize
1KB
MD5a5159a39b41627831f0f836cd3efc110
SHA1e618715352ce3c7719b1bfc20f8111e615f0f4ea
SHA25670b54b0a0d8fc083d6e878d2911c96017c2701838ecf97135c9e34a76b8f720e
SHA512ed3eb332c6cbc822c55e6bacfcdeea0c24b81f8a20cf37a849ed580d830e84bd6966873b3455fd0d73a36a20c5a118d08650a8c005e3c69155a73b8711aa9bf1
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurityFilesize
356B
MD583c06133edbf6e074a180e10a586c2dd
SHA14d895db175a6ed15225d6c63d50b2d1f0a7b32e7
SHA256cf4ef7de5f37b2464188a77111f5ccc01ba6221899a825128453701840e26f46
SHA512e6f89ff4cca96630063214bc5a49b7e4931cc4cb1b3ef9e8f7a1ed4d3b72addb518cda3cd5c8eb9374bd8853e9fac9b1a7340e00428a3fa134578c43543768a6
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\PreferencesFilesize
7KB
MD50c6e872d396815fb6fd6c32eba7ae101
SHA143e17ed57155a9881099212ae9210045b33ed7ed
SHA25637928854babb78806aca0077d6868b46ae799314a5e3c693873f45a481593c33
SHA512fe679ac75b29f5d522795ab00c51e482a59d7aaf458e25b175c79bb24fb91f8353af6a8a04840e2a842528c6e0385633c7b827a8e65a8e05abf341337bf4139f
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\PreferencesFilesize
8KB
MD5c0d1d4ce315f46cebd6b8afb099318f7
SHA15f2f9cdb1207b62292633edd87a2aa6b2da9c7e8
SHA256c550729e9b2ba78c41cc99e029db636a67e694b40f3d11d100bca59e2988131f
SHA512b9db218b6d9289755f64b7286d3b35df5eb9817eb6724b8886780009506c97227886c3a2127bb25e3e6e17c4a6d9f2f992acdb7d9de7fec1f2571fa01702104e
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\PreferencesFilesize
7KB
MD58bb1f8bc28364a8b6a0c1f1edf20f0ea
SHA15e05264ade7b9eafc2931ce8cd352b232ca7d499
SHA256ba52093348909b71e9157b12cde07aa8d45ac8de796e02a2f0a802ee6ff1bde4
SHA51270d0781205b8a0a6ec3d8be285b4b3655c5a6c568182d96822d1dcf3b9c91ab37d0dd489fc89ab92ca7c68e8b7a0a8407208c1580cb6d346cfdaf48c33e08843
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\PreferencesFilesize
8KB
MD571f3223b1198f2f90f9d91db3c2dfca1
SHA173211715e366fa5ab5a656959e87d2691bb827d4
SHA25659bf159ec0f867eb8b1f9f59d944399f5baefcc3132c26d1f82a01b0efcbedb0
SHA5120a2bf1f7e6a10a59f3c79e9842d76d92f723daab077380e7223f49b9f3b87c372c306493a1711df27c3d55a75036b123d83bddd157a14139672fe88620ba3dee
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\PreferencesFilesize
8KB
MD5dcdd9162d735a7f6b5210a8c283a251e
SHA1196e270c2b005f61775faf921c69e447e8721e68
SHA256c002b68048d274c3b070a12f341a8fe1a29bc9821534e661690d1aff309e0ed6
SHA51206798e2147e014b23b6f32fe1e2085d2e3768528417deb7ef46a588370e1cd0e2d536fefd19ad1663f106b4f3974b7a040b4e16b33d36fc0b505e273d2491c6e
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure PreferencesFilesize
16KB
MD572e78587088e5d61d071815329f0ca8b
SHA1e502bd511d8c584774fc9e7158e14038dbd96e17
SHA256cebc566f95e998cdd35e5c3f0b07fdde15f1b898a0cd0f06da7f1a09884f2de1
SHA51211fd9b20017323669a7e3c34c09529f6480c5662f2909a26d9128ff0bff0303cea6399063e8066e03907e594f90212345487710ce3198179d1e0c67d94b92e03
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txtFilesize
56B
MD5ae1bccd6831ebfe5ad03b482ee266e4f
SHA101f4179f48f1af383b275d7ee338dd160b6f558a
SHA2561b11047e738f76c94c9d15ee981ec46b286a54def1a7852ca1ade7f908988649
SHA512baf7ff6747f30e542c254f46a9678b9dbf42312933962c391b79eca6fcb615e4ba9283c00f554d6021e594f18c087899bc9b5362c41c0d6f862bba7fb9f83038
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe57d0ae.TMPFilesize
120B
MD5a9b44ac4423a6d2b6b3060448f37a072
SHA11616b042b2dbe4633bf17ef8606fb5c00d048d7d
SHA25683409003c893ccbcafc83f28f8ca132961b24bd2c0e4cf057965a122fed14c64
SHA51261e5432060e79c041a2714c183a6ee407544e187d6427b2992d728b794e0b69b2499a3cebda4ce3230baa1b411a112c92e4715ab539d8e615e17b9832a5c6924
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local StateFilesize
252KB
MD594b1e9dd97516e63b5b3e72ef290fc6e
SHA1546990d5f70a12f582a26a1d1999bb78f312860a
SHA256cec5a2637af91f146962a4a4c94f5278ba8b032127ed283bbe1c8bd7964fb0d3
SHA5129ae5354f5e79d0722bf77f0977af0ce0b01d77245bceab97ff631e8a878712e89abaa1d921f4cce1a0f6a43346878b8dbb92c213dc977f13d9dac86ac690009d
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local StateFilesize
252KB
MD5677afd0e4fe580042b773beb081ba2ad
SHA131019b88088e49a8576df70f6807a08ffaa0cb84
SHA25648f77d744f4784b6af42c5606fe075ca24ee2fd91f4db4eeed967ad1228e0c67
SHA512b90db06f9d64389b8680f0739cac660404d51e3db9a3bdee593757955835abdadd2cd0ddeeb269c4d2c2797c5dae99c82a064a5733a83c94a70fe9057ccf3f02
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info CacheFilesize
101KB
MD5972eb6fff2d13fccc73af8c479772969
SHA12cee2ac12ade1fef6f1b070d919ceda49c6a56a9
SHA2565d4e2a8e1e8e23ea7c3091152789b63c83305032fbe5a557393724a17e16d57c
SHA5125f684472a3e3716e124909e526bc3b8efe093bb3b51b489449290135b62bae7792c2292b489b97cc4bebd073a3099583c870211101e58b1405eadfa7117e7609
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe586a0f.TMPFilesize
88KB
MD5f039d1ab1d2fd4f8b81e35edd725f0fe
SHA1548858207808bb54e7eecae53533a7589147afb0
SHA256e68291c442fbd9230baa73fd6978531eb4100072dc010258ff08291054818106
SHA512bf96401aab0f09c5b9779e189ec92deb289c0c604ec0b53be653215a644d73896579e2344bca172176865112a6129f230fedfabf6183fc7911e54516b4558bb7
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD5cb138796dbfb37877fcae3430bb1e2a7
SHA182bb82178c07530e42eca6caf3178d66527558bc
SHA25650c55ba7baeebe1fa4573118edbca59010d659ea42761148618fb3af8a1c9bdd
SHA512287471cccbe33e08015d6fc35e0bcdca0ec79bebc3a58f6a340b7747b5b2257b33651574bc83ed529aef2ba94be6e68968e59d2a8ef5f733dce9df6404ad7cc5
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD5a9519bc058003dbea34765176083739e
SHA1ef49b8790219eaddbdacb7fc97d3d05433b8575c
SHA256e034683bc434a09f5d0293cb786e6a3943b902614f9211d42bed47759164d38b
SHA512a1b67ccf313173c560ead25671c64de65e3e2599251926e33ce8399fde682fce5cb20f36ee330fcd8bb8f7a9c00ef432da56c9b02dfd7d3f02865f390c342b53
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
6KB
MD53e2f84ae25f88a699ed266d810f07a15
SHA18562d0bfcfdcdb6bd632593f5a75bb58ade15229
SHA256ca9ae20ffacf9ac912c272bfb0fc1e0b9ac36592b4455238062e72b4d708852e
SHA512a9ec582ec48cf262f8cefd4c5533c7d52d7806c7723bc8f95c448c73d1476c40c3481be89dfde92a8183ef6472445acbe00567413db5152f1a3aefb2a687ce63
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
6KB
MD57b4b28e0150fcf37e5c2355be715baed
SHA13c72f886c7cf0ebe7fcc6ad86ace5cbe316f5c7c
SHA25688b1d4ebf52deb99f83f6e36a6ad0a88d066a66e24d98e59a2544ec507573e34
SHA512aaf5d118563681aa29da8fd597c55a36d2bed9bb047b195f181a344a7892d983ffa366c528b1e47a076f7016b2f598e8523b7bf9d9393d769e98b1c16c0c30ac
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
6KB
MD5a9b0962f18b124327fb5eb4745d43a1d
SHA1a54e7199ee3e8d7a5fd3bb3ef73e32fab0036356
SHA2565b8e3462886345c59df4626d49327c7c12e2725a33310ed69dc737a58aac7b6c
SHA512df327b7ea14fd302e5494974b8e441e06af45d25f756cfaec8dc558f2bcd00fdc9a2806d0ff33b62eb87f6e08ad303e30b0de5c928349b74cca4dc8395fbf4d2
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurityFilesize
1KB
MD5bb7cc5ffaa4367aa4e349fc1190c3f92
SHA1a6677aa4e0b932c0f0978e3a1c2f3ff79849ec9e
SHA25642c236aa89c3b336dab6b815f83b90e7ae9aa7ceaa4594a6dcf7d9d1a288b82e
SHA512293a23b74562c93f3c014c917f6309809cb66cb0e75744c6d7dfab52a8e021eb26324e212c593424b20a5f0e9a325e47922c6a93489e430695761cf421676387
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe592215.TMPFilesize
1KB
MD5954d3aedca07d2ff9c9934d146245c54
SHA1552f3cbac75742fd58121cfbaf37634c879c0f92
SHA256e8ce62109bc9aa621d7764d10e26fdac5ffd398fb7a1d77efc732c520c5df2a0
SHA51276868f59b7512e08e340d8faf7455ed29b60edf975bb39cc4d991780684ed9ddfaf77d0d623f25b9bcdb7072c455c5ad1bb2f1c8dfd4e850877f238ae0077a67
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENTFilesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local StateFilesize
11KB
MD581c3e3118d26d14097d077c1e5a87231
SHA171c668d5f20c0c7b512700ec7b31e03af35f2dd5
SHA25635a8ac8b39e7a5db59ed9dbadb52f497fd7644a4725368a60468236a2099d3f8
SHA5127af78df635951e55c6f6e02504847226df931ca5588027eac531263d4477ce36fa093175c9993c3d1bdb429022a3ac31f718a0d479e8a6f6793f0c78ab0c2c79
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local StateFilesize
11KB
MD5a8ccfab6ddd590a14960b5dd07398b35
SHA130ee046cba25c137e9f0686511bf63b8c37e083b
SHA256540f00a491d7c6138bdafeaa67dd07951e55856ac79f9cdd7d9320178889d86c
SHA512d7f80481162aaa687e1bec65afc4968ba489da8c6526f3ddc3ee569c5bf2758d759759ba02c82738c1e2c5838ef8dad5b2b474a7789afb13767658a90df073e3
-
C:\Users\Admin\AppData\Local\Temp\tinytask.iniFilesize
138B
MD5bb756b51ec21dfa45df8eca40bb4feff
SHA1651ca12b9a65499bf8fca3112d207fb3f773ee30
SHA25691110f9f4fc28c551130807d82fb1c498add19cce02bd9fe4c7dca6609c16308
SHA512d11c10454ef3c83af313524ccf9e2eaa4f52d26af7ed548c5d57002cbdf606c328a46d5b6845e3a39e87635227c50a99d3c3080f79c7b73e2a4ff879e7d3af31
-
C:\Users\Admin\Downloads\MEMZ.exeFilesize
16KB
MD51d5ad9c8d3fee874d0feb8bfac220a11
SHA1ca6d3f7e6c784155f664a9179ca64e4034df9595
SHA2563872c12d31fc9825e8661ac01ecee2572460677afbc7093f920a8436a42e28ff
SHA512c8246f4137416be33b6d1ac89f2428b7c44d9376ac8489a9fbf65ef128a6c53fb50479e1e400c8e201c8611992ab1d6c1bd3d6cece89013edb4d35cdd22305b1
-
C:\note.txtFilesize
218B
MD5afa6955439b8d516721231029fb9ca1b
SHA1087a043cc123c0c0df2ffadcf8e71e3ac86bbae9
SHA2568e9f20f6864c66576536c0b866c6ffdcf11397db67fe120e972e244c3c022270
SHA5125da21a31fbc4e8250dffed30f66b896bdf007ac91948140334fe36a3f010e1bac3e70a07e9f3eb9da8633189091fd5cadcabbaacd3e01da0fe7ae28a11b3dddf
-
\??\pipe\crashpad_1860_ARUGURQPWWYSOIZXMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e