Malware Analysis Report

2024-09-23 11:19

Sample ID 240615-hnsb1s1fre
Target MEMZ.exe
SHA256 3872c12d31fc9825e8661ac01ecee2572460677afbc7093f920a8436a42e28ff
Tags
bootkit persistence
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

3872c12d31fc9825e8661ac01ecee2572460677afbc7093f920a8436a42e28ff

Threat Level: Shows suspicious behavior

The file MEMZ.exe was found to be: Shows suspicious behavior.

Malicious Activity Summary

bootkit persistence

Checks computer location settings

Writes to the Master Boot Record (MBR)

Drops file in System32 directory

Drops file in Windows directory

Unsigned PE

Enumerates physical storage devices

Suspicious use of FindShellTrayWindow

Suspicious behavior: EnumeratesProcesses

Modifies Internet Explorer settings

Suspicious behavior: GetForegroundWindowSpam

Suspicious use of SendNotifyMessage

Suspicious use of SetWindowsHookEx

Suspicious use of AdjustPrivilegeToken

Runs regedit.exe

Suspicious use of WriteProcessMemory

MITRE ATT&CK Matrix V13

Analysis: static1

Detonation Overview

Reported

2024-06-15 06:53

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-15 06:53

Reported

2024-06-15 08:01

Platform

win7-20231129-en

Max time kernel

599s

Max time network

595s

Command Line

"C:\Users\Admin\AppData\Local\Temp\MEMZ.exe"

Signatures

Writes to the Master Boot Record (MBR)

bootkit persistence
Description Indicator Process Target
File opened for modification \??\PhysicalDrive0 C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File opened for modification C:\Windows\System32\devmgmt.msc C:\Windows\system32\mmc.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File opened for modification C:\Windows\Debug\WIA\wiatrace.log C:\Windows\SysWOW64\mspaint.exe N/A
File opened for modification C:\Windows\Debug\WIA\wiatrace.log C:\Windows\SysWOW64\mspaint.exe N/A

Enumerates physical storage devices

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DOMStorage\google.com C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.google.com C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "25" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DOMStorage\google.com\Total = "25" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 30219809f9beda01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000006310fe0cf215c44386800cfbf8dc5974000000000200000000001066000000010000200000005cfec0f1e80929b2f100ac437de9f7ea2c0f5dfd40f5e7abc749ad0aaf9bdbe6000000000e80000000020000200000004360fb5e5c9a2237a8fe531d5afbe3921f6d04f96b0e65f94d34088ecce42d6b200000004d3798c567daf83abcc2f9ddaa10024f078139e7cbb98cb81e2054783ec4bcdd40000000dd04e4f27dac2675a840e6837aa9eb7c55a856591ab0a69be4bf4df73a2647c4957e2c41944c250506f79682c2f9ebba568f52a080bb463e1ddf132317652900 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DOMStorage C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DOMStorage\google.com\NumberOfSubdomains = "1" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\FaviconPath = "C:\\Users\\Admin\\AppData\\LocalLow\\Microsoft\\Internet Explorer\\Services\\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000006310fe0cf215c44386800cfbf8dc59740000000002000000000010660000000100002000000055a6cff8c059ad63a21cd57e9db3ca042920283f5e8a5203d53a5b7605c9396f000000000e80000000020000200000001089c47f753edca9b15e7c8fbfe15b520f7762b1e547959253364367ed1f5cf290000000564f5e445544b5aa37bae78ccdf846cd04979b91ff4460f08756de34d00b35de7f14bd34ca81e7bfc094855b8cbb8da5e614026ec45b68489e9717445aa67bc8a5c7bb58c5ba89e59bb9b35dc4f4e49b9bc8ad561aa851de0dd057b3be40da56fa72c4ee6cc53753af4be9ca58155803f7e7b9ef0d12546dcb0a35a02ebca25aa4d234c333dd8191428f34192941ddce40000000818b72f3ecffb09664c18c231ba1c59fd2ebf9e2b3170922c1f6475afcc5c3695ae1285062d0ec3a9efb0c7905db3669e35f3456830eef71847ce4f30072825b C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A

Runs regedit.exe

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\regedit.exe N/A
N/A N/A C:\Windows\SysWOW64\regedit.exe N/A
N/A N/A C:\Windows\SysWOW64\regedit.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Windows\system32\mmc.exe N/A
N/A N/A C:\Windows\SysWOW64\regedit.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: 33 N/A C:\Windows\system32\mmc.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\system32\mmc.exe N/A
Token: 33 N/A C:\Windows\system32\mmc.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\system32\mmc.exe N/A
Token: 33 N/A C:\Windows\system32\AUDIODG.EXE N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\system32\AUDIODG.EXE N/A
Token: 33 N/A C:\Windows\system32\AUDIODG.EXE N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\system32\AUDIODG.EXE N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\taskmgr.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A
N/A N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
N/A N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
N/A N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
N/A N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
N/A N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
N/A N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
N/A N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
N/A N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
N/A N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
N/A N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
N/A N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
N/A N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
N/A N/A C:\Windows\SysWOW64\mmc.exe N/A
N/A N/A C:\Windows\system32\mmc.exe N/A
N/A N/A C:\Windows\system32\mmc.exe N/A
N/A N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
N/A N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
N/A N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
N/A N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
N/A N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
N/A N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
N/A N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
N/A N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
N/A N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
N/A N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
N/A N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
N/A N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
N/A N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
N/A N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
N/A N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
N/A N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
N/A N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
N/A N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
N/A N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
N/A N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
N/A N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
N/A N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
N/A N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
N/A N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Windows\SysWOW64\mspaint.exe N/A
N/A N/A C:\Windows\SysWOW64\mspaint.exe N/A
N/A N/A C:\Windows\SysWOW64\mspaint.exe N/A
N/A N/A C:\Windows\SysWOW64\mspaint.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Program Files (x86)\Windows NT\Accessories\wordpad.exe N/A
N/A N/A C:\Program Files (x86)\Windows NT\Accessories\wordpad.exe N/A
N/A N/A C:\Program Files (x86)\Windows NT\Accessories\wordpad.exe N/A
N/A N/A C:\Program Files (x86)\Windows NT\Accessories\wordpad.exe N/A
N/A N/A C:\Program Files (x86)\Windows NT\Accessories\wordpad.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
N/A N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
N/A N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
N/A N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
N/A N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
N/A N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1068 wrote to memory of 2192 N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe C:\Users\Admin\AppData\Local\Temp\MEMZ.exe
PID 1068 wrote to memory of 2192 N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe C:\Users\Admin\AppData\Local\Temp\MEMZ.exe
PID 1068 wrote to memory of 2192 N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe C:\Users\Admin\AppData\Local\Temp\MEMZ.exe
PID 1068 wrote to memory of 2192 N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe C:\Users\Admin\AppData\Local\Temp\MEMZ.exe
PID 1068 wrote to memory of 2148 N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe C:\Users\Admin\AppData\Local\Temp\MEMZ.exe
PID 1068 wrote to memory of 2148 N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe C:\Users\Admin\AppData\Local\Temp\MEMZ.exe
PID 1068 wrote to memory of 2148 N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe C:\Users\Admin\AppData\Local\Temp\MEMZ.exe
PID 1068 wrote to memory of 2148 N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe C:\Users\Admin\AppData\Local\Temp\MEMZ.exe
PID 1068 wrote to memory of 2172 N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe C:\Users\Admin\AppData\Local\Temp\MEMZ.exe
PID 1068 wrote to memory of 2172 N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe C:\Users\Admin\AppData\Local\Temp\MEMZ.exe
PID 1068 wrote to memory of 2172 N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe C:\Users\Admin\AppData\Local\Temp\MEMZ.exe
PID 1068 wrote to memory of 2172 N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe C:\Users\Admin\AppData\Local\Temp\MEMZ.exe
PID 1068 wrote to memory of 2488 N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe C:\Users\Admin\AppData\Local\Temp\MEMZ.exe
PID 1068 wrote to memory of 2488 N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe C:\Users\Admin\AppData\Local\Temp\MEMZ.exe
PID 1068 wrote to memory of 2488 N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe C:\Users\Admin\AppData\Local\Temp\MEMZ.exe
PID 1068 wrote to memory of 2488 N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe C:\Users\Admin\AppData\Local\Temp\MEMZ.exe
PID 1068 wrote to memory of 2740 N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe C:\Users\Admin\AppData\Local\Temp\MEMZ.exe
PID 1068 wrote to memory of 2740 N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe C:\Users\Admin\AppData\Local\Temp\MEMZ.exe
PID 1068 wrote to memory of 2740 N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe C:\Users\Admin\AppData\Local\Temp\MEMZ.exe
PID 1068 wrote to memory of 2740 N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe C:\Users\Admin\AppData\Local\Temp\MEMZ.exe
PID 1068 wrote to memory of 2196 N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe C:\Users\Admin\AppData\Local\Temp\MEMZ.exe
PID 1068 wrote to memory of 2196 N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe C:\Users\Admin\AppData\Local\Temp\MEMZ.exe
PID 1068 wrote to memory of 2196 N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe C:\Users\Admin\AppData\Local\Temp\MEMZ.exe
PID 1068 wrote to memory of 2196 N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe C:\Users\Admin\AppData\Local\Temp\MEMZ.exe
PID 2196 wrote to memory of 3052 N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe C:\Windows\SysWOW64\notepad.exe
PID 2196 wrote to memory of 3052 N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe C:\Windows\SysWOW64\notepad.exe
PID 2196 wrote to memory of 3052 N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe C:\Windows\SysWOW64\notepad.exe
PID 2196 wrote to memory of 3052 N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe C:\Windows\SysWOW64\notepad.exe
PID 2196 wrote to memory of 2440 N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2196 wrote to memory of 2440 N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2196 wrote to memory of 2440 N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2196 wrote to memory of 2440 N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2440 wrote to memory of 2420 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2440 wrote to memory of 2420 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2440 wrote to memory of 2420 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2440 wrote to memory of 2420 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2196 wrote to memory of 2152 N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe C:\Windows\SysWOW64\calc.exe
PID 2196 wrote to memory of 2152 N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe C:\Windows\SysWOW64\calc.exe
PID 2196 wrote to memory of 2152 N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe C:\Windows\SysWOW64\calc.exe
PID 2196 wrote to memory of 2152 N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe C:\Windows\SysWOW64\calc.exe
PID 2440 wrote to memory of 2692 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2440 wrote to memory of 2692 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2440 wrote to memory of 2692 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2440 wrote to memory of 2692 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2440 wrote to memory of 2896 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2440 wrote to memory of 2896 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2440 wrote to memory of 2896 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2440 wrote to memory of 2896 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2196 wrote to memory of 2508 N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe C:\Windows\SysWOW64\mmc.exe
PID 2196 wrote to memory of 2508 N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe C:\Windows\SysWOW64\mmc.exe
PID 2196 wrote to memory of 2508 N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe C:\Windows\SysWOW64\mmc.exe
PID 2196 wrote to memory of 2508 N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe C:\Windows\SysWOW64\mmc.exe
PID 2508 wrote to memory of 2496 N/A C:\Windows\SysWOW64\mmc.exe C:\Windows\system32\mmc.exe
PID 2508 wrote to memory of 2496 N/A C:\Windows\SysWOW64\mmc.exe C:\Windows\system32\mmc.exe
PID 2508 wrote to memory of 2496 N/A C:\Windows\SysWOW64\mmc.exe C:\Windows\system32\mmc.exe
PID 2508 wrote to memory of 2496 N/A C:\Windows\SysWOW64\mmc.exe C:\Windows\system32\mmc.exe
PID 2440 wrote to memory of 712 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2440 wrote to memory of 712 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2440 wrote to memory of 712 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2440 wrote to memory of 712 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2440 wrote to memory of 2044 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2440 wrote to memory of 2044 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2440 wrote to memory of 2044 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2440 wrote to memory of 2044 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

Processes

C:\Users\Admin\AppData\Local\Temp\MEMZ.exe

"C:\Users\Admin\AppData\Local\Temp\MEMZ.exe"

C:\Users\Admin\AppData\Local\Temp\MEMZ.exe

"C:\Users\Admin\AppData\Local\Temp\MEMZ.exe" /watchdog

C:\Users\Admin\AppData\Local\Temp\MEMZ.exe

"C:\Users\Admin\AppData\Local\Temp\MEMZ.exe" /watchdog

C:\Users\Admin\AppData\Local\Temp\MEMZ.exe

"C:\Users\Admin\AppData\Local\Temp\MEMZ.exe" /watchdog

C:\Users\Admin\AppData\Local\Temp\MEMZ.exe

"C:\Users\Admin\AppData\Local\Temp\MEMZ.exe" /watchdog

C:\Users\Admin\AppData\Local\Temp\MEMZ.exe

"C:\Users\Admin\AppData\Local\Temp\MEMZ.exe" /watchdog

C:\Users\Admin\AppData\Local\Temp\MEMZ.exe

"C:\Users\Admin\AppData\Local\Temp\MEMZ.exe" /main

C:\Windows\SysWOW64\notepad.exe

"C:\Windows\System32\notepad.exe" \note.txt

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" http://google.co.ck/search?q=how+to+code+a+virus+in+visual+basic

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2440 CREDAT:275457 /prefetch:2

C:\Windows\SysWOW64\calc.exe

"C:\Windows\System32\calc.exe"

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2440 CREDAT:406547 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2440 CREDAT:734227 /prefetch:2

C:\Windows\SysWOW64\mmc.exe

"C:\Windows\system32\mmc.exe" "C:\Windows\System32\devmgmt.msc"

C:\Windows\system32\mmc.exe

"C:\Windows\System32\devmgmt.msc" "C:\Windows\System32\devmgmt.msc"

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x4ec

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2440 CREDAT:930834 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2440 CREDAT:603186 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2440 CREDAT:668743 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2440 CREDAT:603225 /prefetch:2

C:\Windows\SysWOW64\calc.exe

"C:\Windows\System32\calc.exe"

C:\Windows\SysWOW64\mspaint.exe

"C:\Windows\System32\mspaint.exe"

C:\Program Files (x86)\Windows NT\Accessories\wordpad.exe

"C:\Program Files (x86)\Windows NT\Accessories\wordpad.exe"

C:\Windows\splwow64.exe

C:\Windows\splwow64.exe 12288

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2440 CREDAT:3879986 /prefetch:2

C:\Windows\SysWOW64\mspaint.exe

"C:\Windows\System32\mspaint.exe"

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2440 CREDAT:3945539 /prefetch:2

C:\Windows\SysWOW64\control.exe

"C:\Windows\System32\control.exe"

C:\Windows\SysWOW64\DllHost.exe

C:\Windows\SysWOW64\DllHost.exe /Processid:{06622D85-6856-4460-8DE1-A81921B41C4B}

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2440 CREDAT:2307136 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2440 CREDAT:3093585 /prefetch:2

C:\Windows\SysWOW64\explorer.exe

"C:\Windows\System32\explorer.exe"

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2440 CREDAT:1324145 /prefetch:2

C:\Program Files (x86)\Windows NT\Accessories\wordpad.exe

"C:\Program Files (x86)\Windows NT\Accessories\wordpad.exe"

C:\Windows\SysWOW64\regedit.exe

"C:\Windows\System32\regedit.exe"

C:\Windows\SysWOW64\regedit.exe

"C:\Windows\System32\regedit.exe"

C:\Windows\SysWOW64\calc.exe

"C:\Windows\System32\calc.exe"

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2440 CREDAT:3093665 /prefetch:2

C:\Windows\SysWOW64\explorer.exe

"C:\Windows\System32\explorer.exe"

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2440 CREDAT:3093700 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2440 CREDAT:2962594 /prefetch:2

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe"

C:\Windows\SysWOW64\control.exe

"C:\Windows\System32\control.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe"

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2440 CREDAT:3224776 /prefetch:2

C:\Windows\SysWOW64\regedit.exe

"C:\Windows\System32\regedit.exe"

C:\Windows\SysWOW64\calc.exe

"C:\Windows\System32\calc.exe"

C:\Windows\SysWOW64\control.exe

"C:\Windows\System32\control.exe"

C:\Windows\SysWOW64\taskmgr.exe

"C:\Windows\System32\taskmgr.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe"

C:\Windows\SysWOW64\mmc.exe

"C:\Windows\System32\mmc.exe"

C:\Windows\system32\mmc.exe

"C:\Windows\system32\mmc.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 google.co.ck udp
GB 142.250.187.228:80 google.co.ck tcp
GB 142.250.187.228:80 google.co.ck tcp
US 8.8.8.8:53 www.google.com udp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:443 www.google.com tcp
US 8.8.8.8:53 pki.goog udp
US 216.239.32.29:80 pki.goog tcp
US 8.8.8.8:53 www.microsoft.com udp
BE 88.221.83.208:80 www.bing.com tcp
BE 88.221.83.208:80 www.bing.com tcp
GB 142.250.187.228:80 google.co.ck tcp
GB 142.250.187.228:80 google.co.ck tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:443 www.google.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
GB 142.250.187.228:80 google.co.ck tcp
GB 142.250.187.228:80 google.co.ck tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:443 www.google.com tcp
GB 142.250.187.228:80 google.co.ck tcp
GB 142.250.187.228:80 google.co.ck tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:443 www.google.com tcp
GB 142.250.187.228:80 google.co.ck tcp
GB 142.250.187.228:80 google.co.ck tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:443 www.google.com tcp
GB 142.250.187.228:80 google.co.ck tcp
GB 142.250.187.228:80 google.co.ck tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:443 www.google.com tcp
GB 142.250.187.228:80 google.co.ck tcp
GB 142.250.187.228:80 google.co.ck tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:443 www.google.com tcp
GB 142.250.187.228:80 google.co.ck tcp
GB 142.250.187.228:80 google.co.ck tcp
US 8.8.8.8:53 www.google.com udp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:443 www.google.com tcp
GB 142.250.187.228:80 google.co.ck tcp
GB 142.250.187.228:80 google.co.ck tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:443 www.google.com tcp
US 8.8.8.8:53 pcoptimizerpro.com udp
US 8.8.8.8:53 pcoptimizerpro.com udp
US 50.63.8.124:80 pcoptimizerpro.com tcp
US 50.63.8.124:80 pcoptimizerpro.com tcp
US 50.63.8.124:443 pcoptimizerpro.com tcp
US 8.8.8.8:53 www.pcoptimizerpro.com udp
US 50.63.8.124:443 www.pcoptimizerpro.com tcp
US 50.63.8.124:443 www.pcoptimizerpro.com tcp
US 50.63.8.124:443 www.pcoptimizerpro.com tcp
US 50.63.8.124:443 www.pcoptimizerpro.com tcp
US 50.63.8.124:443 www.pcoptimizerpro.com tcp
US 8.8.8.8:53 www.jqueryscript.net udp
US 8.8.8.8:53 maxcdn.bootstrapcdn.com udp
US 172.67.75.171:443 www.jqueryscript.net tcp
US 172.67.75.171:443 www.jqueryscript.net tcp
US 104.18.11.207:443 maxcdn.bootstrapcdn.com tcp
US 104.18.11.207:443 maxcdn.bootstrapcdn.com tcp
US 50.63.8.124:443 www.pcoptimizerpro.com tcp
US 50.63.8.124:443 www.pcoptimizerpro.com tcp
US 50.63.8.124:443 www.pcoptimizerpro.com tcp
US 8.8.8.8:53 apps.identrust.com udp
US 8.8.8.8:53 apps.identrust.com udp
BE 2.17.107.226:80 apps.identrust.com tcp
BE 2.17.107.226:80 apps.identrust.com tcp
US 50.63.8.124:443 www.pcoptimizerpro.com tcp
US 50.63.8.124:443 www.pcoptimizerpro.com tcp
US 8.8.8.8:53 cdn.jquery.app udp
US 104.21.66.214:443 cdn.jquery.app tcp
US 104.21.66.214:443 cdn.jquery.app tcp
US 8.8.8.8:53 x2.c.lencr.org udp
US 8.8.8.8:53 x2.c.lencr.org udp
BE 23.55.97.11:80 x2.c.lencr.org tcp
BE 23.55.97.11:80 x2.c.lencr.org tcp
US 8.8.8.8:53 region1.google-analytics.com udp
US 8.8.8.8:53 www.clarity.ms udp
US 216.239.34.36:443 region1.google-analytics.com tcp
US 216.239.34.36:443 region1.google-analytics.com tcp
US 13.107.246.64:443 www.clarity.ms tcp
US 13.107.246.64:443 www.clarity.ms tcp
US 8.8.8.8:53 static.hotjar.com udp
GB 13.224.245.27:443 static.hotjar.com tcp
GB 13.224.245.27:443 static.hotjar.com tcp
GB 13.224.245.27:443 static.hotjar.com tcp
GB 13.224.245.27:443 static.hotjar.com tcp
GB 13.224.245.27:443 static.hotjar.com tcp
GB 13.224.245.27:443 static.hotjar.com tcp
US 8.8.8.8:53 stats.g.doubleclick.net udp
GB 13.224.245.27:443 static.hotjar.com tcp
GB 13.224.245.27:443 static.hotjar.com tcp
BE 108.177.15.154:443 stats.g.doubleclick.net tcp
BE 108.177.15.154:443 stats.g.doubleclick.net tcp
US 8.8.8.8:53 c.clarity.ms udp
IE 68.219.88.97:443 c.clarity.ms tcp
IE 68.219.88.97:443 c.clarity.ms tcp
IE 68.219.88.97:443 c.clarity.ms tcp
GB 142.250.187.228:80 google.co.ck tcp
GB 142.250.187.228:80 google.co.ck tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:443 www.google.com tcp
GB 142.250.187.228:80 google.co.ck tcp
GB 142.250.187.228:80 google.co.ck tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:443 www.google.com tcp
GB 142.250.187.228:80 google.co.ck tcp
GB 142.250.187.228:80 google.co.ck tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:443 www.google.com tcp
GB 142.250.187.228:80 google.co.ck tcp
GB 142.250.187.228:80 google.co.ck tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:443 www.google.com tcp
US 50.63.8.124:443 www.pcoptimizerpro.com tcp
US 50.63.8.124:443 www.pcoptimizerpro.com tcp
US 172.67.75.171:443 www.jqueryscript.net tcp
US 172.67.75.171:443 www.jqueryscript.net tcp
US 8.8.8.8:53 www.clarity.ms udp
US 8.8.8.8:53 static.hotjar.com udp
BE 108.177.15.154:443 stats.g.doubleclick.net tcp
BE 108.177.15.154:443 stats.g.doubleclick.net tcp
US 13.107.246.64:443 www.clarity.ms tcp
US 13.107.246.64:443 www.clarity.ms tcp
GB 13.224.245.89:443 static.hotjar.com tcp
GB 13.224.245.89:443 static.hotjar.com tcp
US 216.239.34.36:443 region1.google-analytics.com tcp
US 216.239.34.36:443 region1.google-analytics.com tcp
GB 13.224.245.89:443 static.hotjar.com tcp
GB 13.224.245.89:443 static.hotjar.com tcp
GB 13.224.245.89:443 static.hotjar.com tcp
GB 13.224.245.89:443 static.hotjar.com tcp
GB 13.224.245.89:443 static.hotjar.com tcp
GB 13.224.245.89:443 static.hotjar.com tcp
US 8.8.8.8:53 c.clarity.ms udp
IE 68.219.88.97:443 c.clarity.ms tcp
IE 68.219.88.97:443 c.clarity.ms tcp
IE 68.219.88.97:443 c.clarity.ms tcp
GB 142.250.187.228:80 google.co.ck tcp
GB 142.250.187.228:80 google.co.ck tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:443 www.google.com tcp
GB 142.250.187.228:80 google.co.ck tcp
GB 142.250.187.228:80 google.co.ck tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:443 www.google.com tcp
US 8.8.8.8:53 softonic.com udp
US 8.8.8.8:53 softonic.com udp
US 199.232.209.91:80 softonic.com tcp
US 199.232.209.91:80 softonic.com tcp
US 199.232.209.91:443 softonic.com tcp
US 199.232.209.91:443 softonic.com tcp
US 199.232.209.91:443 softonic.com tcp
US 199.232.209.91:443 softonic.com tcp
US 8.8.8.8:53 google.co.ck udp
US 8.8.8.8:53 google.co.ck udp
GB 142.250.187.228:80 google.co.ck tcp
GB 142.250.187.228:80 google.co.ck tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:443 www.google.com tcp
GB 142.250.187.228:80 google.co.ck tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:443 www.google.com tcp
US 8.8.8.8:53 www.google.com udp
GB 142.250.187.228:80 google.co.ck tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:443 www.google.com tcp
US 8.8.8.8:53 answers.microsoft.com udp
US 8.8.8.8:53 answers.microsoft.com udp
CZ 104.64.172.89:80 answers.microsoft.com tcp
CZ 104.64.172.89:80 answers.microsoft.com tcp
CZ 104.64.172.89:443 answers.microsoft.com tcp
CZ 104.64.172.89:443 answers.microsoft.com tcp
CZ 104.64.172.89:443 answers.microsoft.com tcp
CZ 104.64.172.89:443 answers.microsoft.com tcp
GB 142.250.187.228:80 google.co.ck tcp
GB 142.250.187.228:80 google.co.ck tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:443 www.google.com tcp
GB 142.250.187.228:80 google.co.ck tcp
GB 142.250.187.228:80 google.co.ck tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:443 www.google.com tcp
GB 142.250.187.228:80 google.co.ck tcp
GB 142.250.187.228:80 google.co.ck tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:443 www.google.com tcp
GB 142.250.187.228:80 google.co.ck tcp
GB 142.250.187.228:80 google.co.ck tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:443 www.google.com tcp
GB 142.250.187.228:80 google.co.ck tcp
GB 142.250.187.228:80 google.co.ck tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:443 www.google.com tcp
GB 142.250.187.228:80 google.co.ck tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:443 www.google.com tcp
GB 142.250.187.228:80 google.co.ck tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:443 www.google.com tcp
GB 142.250.187.228:80 google.co.ck tcp
GB 142.250.187.228:80 google.co.ck tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:443 www.google.com tcp
GB 142.250.187.228:80 google.co.ck tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:443 www.google.com tcp
GB 142.250.187.228:80 google.co.ck tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:443 www.google.com tcp
US 8.8.8.8:53 answers.microsoft.com udp
US 8.8.8.8:53 answers.microsoft.com udp
CZ 104.64.172.89:80 answers.microsoft.com tcp
CZ 104.64.172.89:443 answers.microsoft.com tcp
CZ 104.64.172.89:443 answers.microsoft.com tcp
CZ 104.64.172.89:443 answers.microsoft.com tcp
CZ 104.64.172.89:443 answers.microsoft.com tcp
GB 142.250.187.228:80 google.co.ck tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:443 www.google.com tcp
GB 142.250.187.228:80 google.co.ck tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:443 www.google.com tcp

Files

C:\note.txt

MD5 afa6955439b8d516721231029fb9ca1b
SHA1 087a043cc123c0c0df2ffadcf8e71e3ac86bbae9
SHA256 8e9f20f6864c66576536c0b866c6ffdcf11397db67fe120e972e244c3c022270
SHA512 5da21a31fbc4e8250dffed30f66b896bdf007ac91948140334fe36a3f010e1bac3e70a07e9f3eb9da8633189091fd5cadcabbaacd3e01da0fe7ae28a11b3dddf

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KTCUYJBV\favicon[1].ico

MD5 f3418a443e7d841097c714d69ec4bcb8
SHA1 49263695f6b0cdd72f45cf1b775e660fdc36c606
SHA256 6da5620880159634213e197fafca1dde0272153be3e4590818533fab8d040770
SHA512 82d017c4b7ec8e0c46e8b75da0ca6a52fd8bce7fcf4e556cbdf16b49fc81be9953fe7e25a05f63ecd41c7272e8bb0a9fd9aedf0ac06cb6032330b096b3702563

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\s8rbov0\imagestore.dat

MD5 9a031a29947a869d10a4f072e814504a
SHA1 98135edee7fd716ac406164a021d090b8aa3c077
SHA256 809ec03bad4affae6fe506efa6b0db6330d05d1bb3b671e58e05bc7badbfb96b
SHA512 cac1aa027669f7502615c67da997b12e5016b6a1d47110eb7da0dfae5fb7e659686ef46029dec2ffb89e905a2e797ddb1c93179178cbce6a850ac4f9a17f03c0

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UIC05TTQ\recaptcha__en[1].js

MD5 38e25c4634858aaf2fc6125b7a8a1205
SHA1 ee075d53e8668a2267610b05df51416d1912de63
SHA256 3be69375a428a615caa7c5307c15298a41a4f272c77ff19051a462462d1af5a3
SHA512 ec8cca0137d29dc8eaa217a6d923a8c49c89a6bf9bca01748f09a2d4cb8d7863b7393f15eaf096591933373fdc96ca6fff0f1097e7505e5a699738a61498c066

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\2O2RULM5\www.google[1].xml

MD5 ab823223f2f833bc2325d5b4de66e0cb
SHA1 df7e74f6539cf240e90eabf325da622d7dd7baf7
SHA256 791de5e18969297a222850352406842d3e014dcca7ef22efb7a0850565849d2e
SHA512 736fbec183c22d2765f2402db10a016bf8ed948e9e9cca437ef5688e49372adbe1e65290e6f159aec2b10b61b13f97dc1b0471120c6e3501a83e97d3a6ca2398

C:\Users\Admin\AppData\Local\Temp\TarDECD.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 a266bb7dcc38a562631361bbf61dd11b
SHA1 3b1efd3a66ea28b16697394703a72ca340a05bd5
SHA256 df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e
SHA512 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 f699e8e7d80af37787be74de41abe9d9
SHA1 c13076ef4f083d847eb68a53d5d7c7c1630b224a
SHA256 29ef9ec08ee7256e1ac678be8902bccab2673869fc02691180affd07b22e7161
SHA512 91b2a39cff36afdd0db3866fedf1cf206c1330985fa0e1f6f79e3465c9682af83d7b997fb89747f19c89da712a42ba9d6be79e0f7be94681080e7232c41c5a09

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 25507fd158fed3b26d8d3a4aea5ce38a
SHA1 213e14fe0f64198464ba3f2f32069bae5dc76bda
SHA256 1f39eeaac855d54c99a677aae124ba9949c65cc22b4209ccd6177fa8f7aaa62d
SHA512 1e3a9abb6b425f3e1522cc850522b8b43508098025a22fedc5c2beac85dcd6b260e28dec048f191f7969ff4e92e187d1a7e092c846a69f1cf3532e5f38338e16

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e93039cd6c0fdf23dc55a2ec6797d867
SHA1 6bcda764436dde4248470b9fbb490335d93f4a36
SHA256 09ebcfd32989960cbf96959d509a89f8c1f5badf502664023a2463a110be1676
SHA512 bcf338e991720d57910f09dc9f1fda5e41e7b289ba31b1b9022e36e98ed770448400693ecd203e8be7265be3b1d70926392d0f480bbec05afb92490723ed68fd

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c56ddc5055cdff13ab8b486cf4409411
SHA1 142ffdbd217a4d4fe9a91f5404b62a127cc1479e
SHA256 559c6f5a7ed0550da6cb9043abac258cc1cd2ececa3a156a08011c598871f619
SHA512 6e59825939008c6681ebb3024075a2157ca67d769ffc01d72a653ef62293414c6f340e55eb2dd9308913f5d088ce0c991249e3432110022de05d08d177c8820a

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WCBNI5KW\styles__ltr[1].css

MD5 5208f5e6c617977a89cf80522b53a899
SHA1 6869036a2ed590aaeeeeab433be01967549a44d0
SHA256 487d9c5def62bc08f6c5d65273f9aaece71f070134169a6a6bc365055be5a92d
SHA512 bdd95d8b4c260959c1010a724f8251b88ed62f4eb4f435bde7f85923c67f20fe9c038257bb59a5bb6107abdf0d053f75761211870ca537e1a28d73093f07198b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d84eae79ec1aa55fde2643724b66050c
SHA1 52adb658744f5fee503e9139cdf7cc53b0b8cf78
SHA256 67569882f55d6c2cb28def628778b6a03a51991b9ba0820fd5fc3524b3ef1918
SHA512 0cfb4bb895451c3191555e1f55b8584b60149b5c24c740b499d7b27fb4b77f52204d1e45baaf602eeefbe66acb1aa109e860f3ef9b5ddc5ebcd71e79f09ac774

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 368fb55ab1e570a7523415c27c83572c
SHA1 6f4f1264280037f819cc1c06e2c6b43ed9bbb1ee
SHA256 2a13becaeced6299a35acea17d6f971e9dae1e419a3911c89c543b8b81aec4e5
SHA512 be2b84f0c321634b0250b06002413d0348d1e5a97eb19c268838aa87cebd66ca1b1755961be70ab43c7da61f4e98d96d831355e3ad2be7eef281c8a4aa7a88c6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9a5134199159a73abee019414ceb7105
SHA1 461c467a30e9195fcf48b9be222f82ec6dc380a4
SHA256 f155b21ccc1bf8aa31534a631ae1f7c304c9b3b56f3d58680ed1c96cf71e6a44
SHA512 38b4e28471853ce4dbc5bd0983f3413d84136aeaacc696b34012959cedf341e721f7fedea1f9c521ffe71ed3cfb7c384fbb1ee455fd056eb43cace2ebdee2466

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 272c67b2459a7bef0c3a05937217d125
SHA1 af4fbc678375b00accbf519beb9cd0f75221dae2
SHA256 02f9c6744d99be2d2a3b5c105c2b5c00b3d22b8df7bbe25fdd36343c0d27c97b
SHA512 51ebd5a600b49fe564dfe185c4b05ccb01bf5ec74a42f1c85eb1b50c58e352d8ef877c0fed012a737b964e40f255ff496fb59b98dd270a1f32fde212309c80d8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 67c877b9c82805cd1b0508f7cd6787a5
SHA1 a820a074c241772bbb47774863948c928cbe1b3d
SHA256 5eebd670cef5b780874860c12b3ce09a9840866c46237665192df0e764d8fd8d
SHA512 f18e4a6dd0586deec0215ae29cfe3b5e95d074e74c97d01c2f17300f3ce393d70c6d010505b42657c445ac6c58abbc786505b775c475a36d928a34f0b55a0955

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 e4a68ac854ac5242460afd72481b2a44
SHA1 df3c24f9bfd666761b268073fe06d1cc8d4f82a4
SHA256 cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f
SHA512 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ebc175d3e4704e262cef794cca50de19
SHA1 ac2703e2d681d832cc5d1e9086d1c80b268d545b
SHA256 10311ab54b11fbec799e5e7d2f34591f91092863795c8e15d3a7b04af38fcb43
SHA512 4b238fbe921ae2f2ec04a04a11e9912736a9903cc1f64b3b4b1f9ddaee0a3bd68269f1461511adb2fdfec25278c3cbf7766c489f74314052e3be63e354e48fa8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f05b110912a6dd2c638063e84ccee6bd
SHA1 29d3ba44dfce680ec5ed250e41563e460859ae7e
SHA256 1aec607508d924bba070754a6566ea00f61b8e3a606cb4fae3c7c923939bfe48
SHA512 cd84c41eeebb3352d800e16ee1eab2d812e29b0fa8ecb15ae66fd6e153bf4680594daaf395ac154e5d896af604231a66f38b44ab1f847ef43669c8ac8fe23ef6

C:\Users\Admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico

MD5 da597791be3b6e732f0bc8b20e38ee62
SHA1 1125c45d285c360542027d7554a5c442288974de
SHA256 5b2c34b3c4e8dd898b664dba6c3786e2ff9869eff55d673aa48361f11325ed07
SHA512 d8dc8358727590a1ed74dc70356aedc0499552c2dc0cd4f7a01853dd85ceb3aead5fbdc7c75d7da36db6af2448ce5abdff64cebdca3533ecad953c061a9b338e

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\SCRMVPXT.txt

MD5 f1689d1b1cabec074cbfb95ed3c43478
SHA1 b66ee5db0ef9eb80144ae26aa9ba3760cc22bd48
SHA256 a1cad5dd59836fcaaa9b42654468611a1b73e3457f732f0f3bcc0c2c2dc8d98f
SHA512 2a8156c36e97afe06246ba4fb2bde8c4154e10859e14afbbcdbb99f899d1d19a0b85757a4957508b3d7fdc472330ea7b3602d97fdfe35ae73345d26c40f6f029

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\L7PG4A0G\api[1].js

MD5 43777d56ff985ce00b69a9f8ecf4550c
SHA1 563a28ec5261287060ad78334860463a410306d9
SHA256 d2f33b09cd1f4a2a14c0498a973167281909656c84a24093775f9957413c7ba7
SHA512 5bb6f9c7364601bc0218af632e85e3158c87f0f91dc5f53b54643cc215bd0c32c94871eb456825de5de4d47881d653bf4a812071ec845c2a9577a404a0a1c553

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 ac5336f1f174cbec803904fce0e8256b
SHA1 c3f4bf7a2f88953e56db56275921a2695269503f
SHA256 e26d49105fc12539a2bafdf47186ccf74046c5da69b2f4e8f8656da386118b93
SHA512 3b05ee314e3d041efa9ba89a458850bcf544e576aed810034490e3219605a1407b625d031481970f87b7b934a0a83756122f93043cccec71fd3a6a1494981f0e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 27f142ff61de3a6d971e29f28b972cf9
SHA1 609227e28f940a24d743b8f0b8973a4236aa39eb
SHA256 e31b77cdd942790fe2a6ef7c156e08656f11225afb89ff7424f909eb5af63bb2
SHA512 32d2d6e6ff55d5348ad89ccc55850c93921a2030412aa54c5875ebe704ba57973702d2ed3617c32dfb10d4474024537971eb0600935d293eb4963006f71ca943

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

MD5 ac89a852c2aaa3d389b2d2dd312ad367
SHA1 8f421dd6493c61dbda6b839e2debb7b50a20c930
SHA256 0b720e19270c672f9b6e0ec40b468ac49376807de08a814573fe038779534f45
SHA512 c6a88f33688cc0c287f04005e07d5b5e4a8721d204aa429f93ade2a56aeb86e05d89a8f7a44c1e93359a185a4c5f418240c6cdbc5a21314226681c744cf37f36

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

MD5 cad33a58ed83272ebb1e35b3baa17424
SHA1 2c43a51db81956cf1499c130aed086706ab6031f
SHA256 c56c0cb6233fa287e6ec555f3bcc9dc30cc1df3ce9f21d15cdee7b510133f7f2
SHA512 6b36a402d6a529638216b0c2f13ed136e6605a5991d73d74fce0d33c48c72650cfae7397110dff0c30159c2d03c9a7ac4852c087cd6e3ae6f44cab77db4ca0ae

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E87CE99F124623F95572A696C80EFCAF_47A43067FD26B14BE12C55F112579786

MD5 f474c87e4fe17ec6e274d4ce1207ed37
SHA1 94ab4a865455282384687444355f6599922158c7
SHA256 642f6fec22b157141c7140d494f322ed23cf6e99768648f1ff792436c4f19472
SHA512 8c956a46a55c5bfdc66899b9e0c2d3a64ccf6f71b05704d4eadd8281c5b5c1fffd986d8a4275dead02f18f17c2601ecf58e8bca1f27df364b17b950ecdc8295d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E87CE99F124623F95572A696C80EFCAF_47A43067FD26B14BE12C55F112579786

MD5 d87608a38de42b7fdb06a691d591c036
SHA1 126afc6493abcd6abdf0276014d347020d436520
SHA256 c63896b1158e029313ac6040bdeb1ebbb93b07e33e67a8cb10ffc96417dd9434
SHA512 0674b2fcf5f8d63453f1eaa9ceeec964842eeb997e5adea109b50407fd01b73362be662b1ef7694d065dccb9833ac1c9a90fc2e1275c705334a3fbe0f942d5fa

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6e7996c8f5260d5a40de3ccb8c972089
SHA1 de3fe333016399a818eb4fb41c2d36a8785620d2
SHA256 8b69a69f0fb253a886682de0ca16b973fcb461748aed20eb7f8aa76eeb550997
SHA512 1fa79e016ae793bcc3f940ae037489ffa59941275c1496b94e02fe36d0f1cdbf35491315bada5d67124f7cb4eed8202a0f0f804af5269e4b9e3ef5bafe76de5f

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WCBNI5KW\KFOmCnqEu92Fr1Mu4mxP[1].ttf

MD5 372d0cc3288fe8e97df49742baefce90
SHA1 754d9eaa4a009c42e8d6d40c632a1dad6d44ec21
SHA256 466989fd178ca6ed13641893b7003e5d6ec36e42c2a816dee71f87b775ea097f
SHA512 8447bc59795b16877974cd77c52729f6ff08a1e741f68ff445c087ecc09c8c4822b83e8907d156a00be81cb2c0259081926e758c12b3aea023ac574e4a6c9885

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WCBNI5KW\KFOlCnqEu92Fr1MmEU9fBBc9[1].ttf

MD5 4d88404f733741eaacfda2e318840a98
SHA1 49e0f3d32666ac36205f84ac7457030ca0a9d95f
SHA256 b464107219af95400af44c949574d9617de760e100712d4dec8f51a76c50dda1
SHA512 2e5d3280d5f7e70ca3ea29e7c01f47feb57fe93fc55fd0ea63641e99e5d699bb4b1f1f686da25c91ba4f64833f9946070f7546558cbd68249b0d853949ff85c5

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WCBNI5KW\KFOlCnqEu92Fr1MmYUtfBBc9[1].ttf

MD5 4d99b85fa964307056c1410f78f51439
SHA1 f8e30a1a61011f1ee42435d7e18ba7e21d4ee894
SHA256 01027695832f4a3850663c9e798eb03eadfd1462d0b76e7c5ac6465d2d77dbd0
SHA512 13d93544b16453fe9ac9fc025c3d4320c1c83a2eca4cd01132ce5c68b12e150bc7d96341f10cbaa2777526cf72b2ca0cd64458b3df1875a184bbb907c5e3d731

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\L7PG4A0G\XVS3LyjBK-lASMPd26lduin_hcOQQT6JA1sEiPtbJyA[1].js

MD5 3138a2d90af4d6f6c1ebef7fbb29e918
SHA1 ccddc3e08d2481ffc52485106a9f64ef5a6162ea
SHA256 5d54b72f28c12be94048c3dddba95dba29ff85c390413e89035b0488fb5b2720
SHA512 b273431e3de89ada4ac7b87e73700fffc293dc3357d3356b28ef2243ae9e55ed6051cd35db7e4f2a699f9438d5fe8bf897000e321d56d6b61adf6d7c8a3d9604

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UIC05TTQ\logo_48[1].png

MD5 ef9941290c50cd3866e2ba6b793f010d
SHA1 4736508c795667dcea21f8d864233031223b7832
SHA256 1b9efb22c938500971aac2b2130a475fa23684dd69e43103894968df83145b8a
SHA512 a0c69c70117c5713caf8b12f3b6e8bbb9cdaf72768e5db9db5831a3c37541b87613c6b020dd2f9b8760064a8c7337f175e7234bfe776eee5e3588dc5662419d9

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KTCUYJBV\webworker[1].js

MD5 94f719ac8a712acf01ae4c4b97ec3ce8
SHA1 4f01cc4913362743c1d0bf57b95f18f9d59b51e4
SHA256 aaacb25a6d0228ec65f79f3428ec76ef7d383e0e81e16f0a0c35a629da5e8378
SHA512 1f44d70be4f4e5f77a6fdee2df42031625dcf25e174f392934b7175a5e40957bc8877eae9d57f1fa03204e56a1e8f384bd156eeccc3a461a8af863992e87712e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 99239b81cef56a91b4ff05c3ffc69476
SHA1 b2b2767f198a256ffc1264d568650300488394d0
SHA256 a92b3d623a70a0314bb8523bb422c73743ed3549979925845bfcdffc60254ee5
SHA512 e2e6f61a7c77e828e2e393fca923c5c1d4237c69fbb0418881850bac2072bf73db3d8c5a0c9b668a0ff34a081d47a628f3a4aff6d842ba3f609074a69368ae2e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 28c94ab6ce6b53f3e65e849a1a5312b3
SHA1 c0c80e240e7674cb160265eb9a02358e498085e4
SHA256 6fa7440969a846ddfb144083399f3287313930fca4d040497865405406eda041
SHA512 41542ec7a141c16bd70ec950b5fa36749617d018f1f7ff8a4102c1f65c5770eb981ae391ff561f18cb75190a9432972915cbe1e1a1b99dc29856acb449d7f0ac

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f512a2b7ae64a683cb5143fe4d9d7026
SHA1 57995298ee84f2257d26a8641a02a4e67f72e6e3
SHA256 eb8a7c1c3117842f449d369e4f4824d5d8748c717480d67b93013646765974d8
SHA512 b3ae93f28c56a2dd44f0a8a718f1f0a2929a2f087ab657daa4b4c27652165c33bdd2a28a878bfc20d172a9b36c60ee4fc617928b721759de716c824943f437b5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 cf8d850547f5d1de05299c5576b478fd
SHA1 a7aa3ff732f9efb8188eea911bae190270777d77
SHA256 ed533b1d41f1cc77b1cd471777d671c9c0657a058be7be8e14ff5bb364576bb2
SHA512 7a074b93ed913c74a89a59595d0d5e2260c38cc77eaf4043cfc321d3eaa2451f419c0f585409bf46891dbed0b54e46b84b3b3cf7b2b18557ba88f671be49fcef

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b9ffbc358e01c964ad3d75659fd5c9f0
SHA1 314addd66636ae1ba6da5f9f7db5a775383f9edb
SHA256 921f580325349c9b1389731248e854368d59509ba5877c3b490f72e11ba5bd0f
SHA512 0dc29990e2c6123f55b52b0713eb479ed01d738e922bca1821795a4030788c3a31dce27bfccb91172948509b9a2a23f2a060395081bddef66cc0f05cbc6832a0

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 99fba059879f92186ea774d70f35d235
SHA1 6859e14258d91c4d82ada6674a73ceeae7f8cb87
SHA256 4625254f947d077a6d61950c03292b3162598a93686e83317171f845dbe6cfed
SHA512 558d853c5278de8b04cafef44404a6b961c6ddcb29c13c7ab677f2403d59b626f691421926dc4d15e016f0315280963507c834fdcb4148394d8f6800177c1dda

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7415bf0c55c66b60f3bf86481db3cb09
SHA1 ded57f4ae922eb791d73f7b37ff11cc96e09ac64
SHA256 8879698c46786af897540b9844f030ecce96605e1955adec9e0e0843bc9e85bb
SHA512 67dac155d9f48a8d5a51ace3dfb96db740e28d5c9a30f42e84f69baa5b030b1d3f5ae6a364829d9ae840345b5c32ecad498e86cc4f13322e7d4eb66b63a113c9

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f58dd0218905ca17ef3290368ef91923
SHA1 24fe44e117bfa44f653e93df299f0565423c0e01
SHA256 f3b960074938d6f2a2376ec5bb84b7a572daf758f7015b161456972eb10cb902
SHA512 776ddc33341d2d95430826ae27966f85013c692341539879afd0239b38dc108654f3b2d254170b6ee8a087db3329b286d9acb797857603182eecd36613f5765e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 fd05f1ac6b9154b5062ccbf65c6b1220
SHA1 52afa7a93a3b90c48729c7446abb743c8b25f8a5
SHA256 e4d7ef6a02db043db1b05026da8bf71ea5ec9656d5e10b419375a04120299b95
SHA512 b5280035a27a16f967733ef00829ad33b45a732ca1105f2185055db4df0c4b9532b9d1c2db2b074a46654b3b84301e10bbe6762874d861816d9062fdcab1e4c9

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9a26cc396daf3c3086190a722fee51cc
SHA1 caaf2ef889ae2d5bb951ae7090a5dfcd9fc9b75b
SHA256 5d93e6949e1c69f7d2c005523f91bb17d75cf99794007d00c1988da961a7e688
SHA512 27b548fae4c2403fcb220ef92e7779fcd1d5f8682b0ab781b7f9d55f6c0bd7109792762627fbc0487f0a8cf6bd63f856ad96bfbd64cb9180c8a2308f93aff966

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\VI8235ZP.txt

MD5 6c9e9fc7b25b7ced742d35c16f5f9e1f
SHA1 83f284d352c8dab1304f717e0f71e21bec985f4c
SHA256 d02d347d114641dad149cb626b2798f2fa9028cc421dcb807a468c49f2605e59
SHA512 dc40cb0548c6b052187c7f46873f79398e3560ab48ab909eb12d5d9a390b68fdccae8731b22b0ef3113a917a77e3fadc03e06b02be00e534f391e31f91165617

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9d6e409de745a4a93ba88c650391fee9
SHA1 5198a8bf7f75a4751e30ffe276cd586a0dfdac8b
SHA256 89a8793eec7afd9cf28b56b6c5a5e2285cf54e64ed03e086603f0cf4f03c3863
SHA512 f8c1f665c8efa59e2f919ac5c669605d774d39f3feb10eb07c82e10abb6a8821e02ddad02d5056b21d5517a064a57088ddeee2cecc140bbec024981d1bcc6b6b

memory/2496-1045-0x000007FEF5FE0000-0x000007FEF601A000-memory.dmp

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\IM0TLH6U.txt

MD5 880bce639ecaed6f1f8200f9670d0bca
SHA1 aef48ea907cf217158008a5e47d1707f8b2dfaf8
SHA256 4d2221aefe23a6037fdef99863bfebcbae1ab3e5cf5d93f5ee9e12ecabd7ee1d
SHA512 f2f80e22ee291324f77312b92dda0d74c660772e6547fcc77e46cf92f9926a1ed6983e9e1cab582c02cf28c0f6a9102ce87972751cfce1f12aca626d0169dd10

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 844c0234f499df948de40b0382bda62d
SHA1 777d9fa5c72fb80bf3e7b7e9926afa4672bb71e0
SHA256 181ba645484281a9f8cc34b9175ed7900d4ced53594025c60d593f7e71bb9233
SHA512 3dfd59a818813fef61aa28af46deff5a1aaf1a4a5cc9756f0bdfc742872da5b922ccc37f0eecb82fa937cb162ca8d877907333606f6b24015505ae9c3eba017a

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\I2M6JVF9.txt

MD5 cecf9e85ad8f580732fac7f53517a7a7
SHA1 29ab88f3f4cc87ef57db54532f4dd05ab5cb9db2
SHA256 018dface9e3777742264d5d1c01c79ed3760e9414e673792c2ab6156913321db
SHA512 0abc53c4586404339b4d3aeebf909bfa7ee9af02091ff26b585aef44416855f3af2081e1e1819175d58510b3f5aff0c70661ceeb42f8d397a1d1a5e26f052805

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\6P06WNLN.txt

MD5 494b21e5801cfbea145d9207ef260ba6
SHA1 4e6e8bdc5855ee6d502b99ec02a8a462be19ac92
SHA256 dfa9ceb3b6a2d5c382e8ec69c4bd96125bc346f3e685b4c894023ede6b2b347c
SHA512 2e914cce97736e9c069e921b826a6e1c3c8ede6e3c1d4334f00157bf05d858444fee1c7b04df05beadb30084d9a6f1b01c4cf0057c1ea0c8068726273fb1fe4f

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\9K43J72Q.txt

MD5 ac148f2c1e1b64bd98e4d8c0557294a6
SHA1 00bd3cf9a26d47e8278af5f6dc099cfccc787a3a
SHA256 c52569ecbd190e43e78d78130df3b7f57b96a8792b1ee284fce42b4bb1f0bf90
SHA512 8b5fb62003a4052813b3d1b0c1f1552d64a96c054759c8ed758adcff4e71e3bc399cab58f1d9788e1607222748a3e38ccd157a5cd3830ae21685460767377cc4

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\ZCRXMUK7.txt

MD5 0a2ea0480d12a2d90f604a9685d5b309
SHA1 2c6c42cdd180bb017274c575c2d3133217c439bb
SHA256 937f81e60f89ff357e5e80f47297a0a7ba68fcbf99a3fe567189d851f547d0f0
SHA512 749e33dba1f83f63a9dc7880e6f70aee44294def7055373c5f3657bffcd14e8fcc14c561399490a70c2ee92caa39a54540a3825c1f6a406280ea92094bacc57d

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\JIYB1OX1.txt

MD5 e7360689d7ae54fdee1466ec51a39aef
SHA1 b41abe2bbb8c0ee1090002f303b3248280963e47
SHA256 22af350d8bf13c27ea4cfc00cd667df6c6c1fcb7dc93dc688cd5d3e2f76dcca6
SHA512 d97a76ddc8b61f3aa0660d0250164fda326fe989661ac7b02162fe3c39f3835e51947ba5ba2fd2b951ad3365539eb902445fe324dcee34f5a533f8939720737c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2b2e5357d65201f6fe50f9361df0b83a
SHA1 7232b71585fc336a0d8d2d8092bddb8cd4db8855
SHA256 0572dc5d6b735368489543a456cd96e3f59361b6d1ae3cb7530358d3931e444a
SHA512 cb68815111e2fe086f661aa4eb5a0bc89b418e3acb51293a57cfc77430087630176419b61d992dd7c1639d3be89eeb486eb75b49c1ae6c7c8c02b6380e3d88c6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1e4e598b596dcef00a605cc0f7b1247e
SHA1 ef96717002d97391dc0ee8422c2dda842ed4282f
SHA256 8983fb021613ad86cadf42d80dba2ee1713415da00544131adafbe57aa4987d3
SHA512 6b7bed4a893253947757f525067d1701bf4c18c54313576c2fb82e681774a1e9383e2668f840bd42eca0744aeed8fd7a85a73f09c0ba9dd95f781b33c6e8e1c8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 776674c70db87b0947a83c320cc09971
SHA1 0b5459176bf361f8d94c38374e87ada14ac21a8e
SHA256 ac02a024cb20dcb50c9d0c575aa24e2b14816da2e842868b69a5c9fb2f187f1e
SHA512 2e34264f2806b5b0b0841be3afccdb4c2082f62b18b3a0af1813ddf9d5b033f5bf23a91f51b88e6a046c4ad03e7a080a9ab815027db6bba2b0cb2731a8554343

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 370deff3dc9b00f91db01c5315855c3a
SHA1 984baf91409545189ba8c262718fbf9c88bb411e
SHA256 05b0e8f74c92e8dc18594621146455b37d061d76ad33215f7e87572da76f6790
SHA512 3b469ca5cb5809675a6f341a89403adbc33bcbd48e02d7b4f5e0bbd7068234b1d7bd167757850fcee3bb895d4a5c8d6963ec449efbfb7209e4ebae2c2ebcaaec

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\265C0DEB29181DD1891051371C5F863A_5E390E1CA50E646B1021D6CAA485D322

MD5 4182f0e25fba923f1901b9de3bb14a40
SHA1 73403b5efe56d62ff1ea5520e937bbcf2eec269a
SHA256 8cac4921af175e3c1c904d8494edfcc6bb289881aaa5a6892006dc2a32a34844
SHA512 a64d067384cedecc443e34874c9d2b599a9002f6110e5a1b866f18ef89fb3133c9add2f26824b4e5b2e4f65cf2b6adcddf325ec3eef905a9b543746a50519d54

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\265C0DEB29181DD1891051371C5F863A_5E390E1CA50E646B1021D6CAA485D322

MD5 0f1ed0db12059f7b222f8a74b31b129b
SHA1 44be908854b1b1cac7bab2c59a8115022e318a29
SHA256 6c09009ad595fcb7c095a5e061cb5a92dde03000c197da6da02a853d3048f2f4
SHA512 d64b184d1da973643d4645f42527ffbbbdf29a0827018f6cec6fa852901ccec47bee7b78926f30d441e4267e1dff3ab0d600d21e4d4205e9faed98c2230b9c4d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 06247137f9226c31560ace5991e60892
SHA1 0f063db3f35ccdced0bba494bf6ce5621156f31e
SHA256 ec3391bbb90435a0293d580f439502df129c23ad11a4c62ac4e132df654b0486
SHA512 858c0476c41733d28650b0406098b2785cfcf0c5ec512b3f23f071ad53cce5dcb2ae6d9b99e93a98d18a8416fda47259461145916c76490c9ee2b593fdb02d9f

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\L7PG4A0G\js[1].js

MD5 0f9fc24592621a359eda9135695c5a1c
SHA1 cd2c602a7fa3c735f47e19e57476ac52a87eeeb6
SHA256 eebb1ead403d3efd21e58ed41dbed2e502b0b4226d9e3a84ea7cb8dafa318aff
SHA512 adca03e7eb12630efe0b6c3d5e1946f2801dae2c11a50c65e0c6b1b900044984dde32813856ff17c40c79c77f77fc9934a7ca8f1f21f1a3e99cc5b738cc3f452

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UIC05TTQ\PCOP[1].ico

MD5 6303f12d8874cff180eecf8f113f75e9
SHA1 f68c3b96b039a05a77657a76f4330482877dc047
SHA256 cd2756b9a2e47b55a7e8e6b6ab2ca63392ed8b6ff400b8d2c99d061b9a4a615e
SHA512 6c0c234b9249ed2d755faf2d568c88e6f3db3665df59f4817684b78aaa03edaf1adc72a589d7168e0d706ddf4db2d6e69c6b25a317648bdedf5b1b4ab2ab92c5

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\s8rbov0\imagestore.dat

MD5 acc7a00db0011f753b8c4237d7332986
SHA1 a0cec54df1960c883db16140a20dcf124167ea65
SHA256 09d00758bdb7ad8b76d3e1c75f7225697c2aeec9e97abf6819fbd8413a3a78b7
SHA512 597fdcd0a1e306e6eafa2e20d9792c34394f7610c22517250148caf7579a5c9f0e2acb9a87fe73c48028c10306ee112273e49b4bfb3e221b593be79c304bdd15

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 95272da11d11ec352f594f5ad446b681
SHA1 f3d655a222b4d9a7e3240f1f890bc232fe49775d
SHA256 596307817413541d8ac2d76c65a74dd51c6a82fb7ec6cb7b3a921a09b4de11be
SHA512 6c5b5f860558f0b0e4688bab569b636530222b6a180ff6233c693c7e89e3d8737f83675a03c87ffa7a18fbd70a84494239a457c28ba5377c58a80bb3e8e2837f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 adbf37bf3697b335d4015731113295d5
SHA1 fb02c75797cb57e9b3e1570258b1027fe57e18eb
SHA256 8acd47530597144afef4f6e4ed47b3e59c1284f33c796798d87c145aa50d5060
SHA512 7e94bd5abb83383584f1474129e58ecea3fd7b82f4d5ab4fd75a32805c0762162069da358cad3632bf7f1f22eee193082d9c271f3ffdd2d1df0da5df301d5504

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f180e4a9cd1f6f263feb042cac83dcfc
SHA1 6a3181ffcd7f1864a32be98a0954701a203bf338
SHA256 bbc97967a26b20f345efb39fbc54b319b62e73b2478989a092aabcf73d812c4f
SHA512 00699184cabcdb3e6abc6b877b0df7552f688c504ef3f6b708c6c115581405de33bc62a8955f8a78cc5e57d2b18ebaee24612db23ab50499ba6a91a0356d095e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 efbe7bf1d9d1c95273ec7f3f1935afa0
SHA1 2fab4f9a65e5a43b3d259e6fcc7b1dfd2e86548d
SHA256 94a6fd70a5ce6c91830c7ff23ce75284e10abf53c908e4b935091c5e817360d1
SHA512 be85e78e0792eb0aa21655005dec02d5506e27f4f662408e807160605bfb84b689732cac0e007ae73093868fe9a1f11fbdb2bc05ad7cebcb78ad59e5c8062adb

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8ee5da871f0200382b549e7975c418e6
SHA1 0730833c9368b08721c7240bbaa65aa74d5281d8
SHA256 3ee71aac73ee59dd0cbc6eeb71d1765b76fdb059f706462002303b415117a761
SHA512 c298f9414d45dce9257743b7fa88926da3de44a6d9ab01a207632ed889ade67a2b30f25d8d38a008fc61a98d8305585c661af83ea34ca4be54096bbeeec21fb9

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8157b067b3743d774d830f303137219b
SHA1 452193027cb29fe9aaaf49bad8e3f677a3353ad6
SHA256 8f34f232e5996f9770022c597dcb7beb0c7984bb504d1853656a2875a0633c86
SHA512 a422ab091e474803342f0e6a102bb72c4f744f22b6569199c3fd6320dbd68f0d07e2b0b6ebc3bdc5ad4a23792e366960416d3f2a9b7246de9313105fe6e1cb76

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f3624010eac1a5d47b5bc6dbd1bca832
SHA1 cf3f97077192d3abe4a071e57b15da0932893895
SHA256 ebbe3caccae2389cc6cebe5de4f45cced6655bb6a2d84ca16a66b9ac1eba67c8
SHA512 0abaf734c7848421cd14746736ac01ca37505afd321e30eeb107162d0e2e390bf087a58a7a89716f98499c49840cd308e9323ae6fcdf2ea96d0a43d203bd1323

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e2577de77fd1e18e547dafceecf3fe4a
SHA1 552feae8c8559c65fd499dfa60904b9bf1e0a3c5
SHA256 9b4021178a13ce9e69e469d4707891000f2d25211c6fb976cfe8bb1eda03a0fb
SHA512 c439b63863d6ed78203844531959396f49a3e08634473e8fc76ec4f62ed3addfefa9fa62d3dc892e87a2422d3e8de5e335424a898fc7ed71b7ef2f63e19cd8b9

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 77110095b7d16b4cf69b63c5c5cce583
SHA1 cc5eb30b970fd139d5467b434ffffb9aea9fbeb9
SHA256 0b523bef042d9e8813cb80b5e07a24ed1909740458280672eebcc9d1f7f0c0cc
SHA512 b9973d8bdb937f135604d7ef9d74cf0be0464790f40a1d8d415a4c14daaaef77271b947b7eb38dc88b6fb04a5d775400abd53baf5f1a57a29a847faf7e9ecce1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 52a9082c436ddeb6572b8345f489c514
SHA1 042904595e49d6bd4fa4c3817123012159c098e1
SHA256 974cfcbff7860134cd63e3728e37477dab33220381663680e0983d148b4d448e
SHA512 864f6deff675e3c222affc9a3b3d64b853a7ec8fc3b89650988a64c76acd2cfafe2959a981e2e265bdd5dda2ce1d6ca9733aff28a556676333441800227e62f8

C:\Users\Admin\AppData\Local\Temp\~DF07C6FBEBF7252D4A.TMP

MD5 bffb89c96db3deab3cfeb37d36e336ad
SHA1 570a87e0fc8225d43c4d74068ff20f11d04cff45
SHA256 003c0b36b60b5c2432bb52ca3e8e17cd7ce2120d8c425d75162b8be025eacdd3
SHA512 f6a0a4a5d29d185365e7261fa9332b7def66332a3afeed3a59449d15d9f7540a1716fbb111f1e9d9f674815d6aaa830307fd73b7bdf41ee2a3d3e3045c7b2edd

memory/2496-1939-0x000007FEF5FE0000-0x000007FEF601A000-memory.dmp

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\VDQ0Y8PE.txt

MD5 00bb261ca6a66fcc7e6311935389c269
SHA1 4f54e7d5ccd9db0eee606bc49db1f122a34c0f75
SHA256 8fd551fb9eb5c104e02f1128d50483843f431d60a11a5caaf434e0941e530f81
SHA512 c81da4156fad09fee2fc4977c689969f28eaa324877c6c977cd449edf9676d1c068d5de5dc46398faee8172869d5f9e9998ebfc54533d81d02f15ab0808613a8

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\RPHMX61J.txt

MD5 8fa272f67fecdb375ce6584458571177
SHA1 dfe80350f8060688e5d705a9f716da37f40161b1
SHA256 b998af18be96721f0cacce7c22d77f9a8b0d1057b39919708e96102a122a8165
SHA512 d346be39f07c449c1d9a282ce10d01dfd977212a9565f35537aae644fee727e65ff63b8b6e245b1db2be86802f7d00fff5f9ec53f1b0da8c390bafd2caefcd18

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e5808192f9c2fcb8dd9c551dbb7c0d15
SHA1 7b427d0dbc777617b896c7c6341450bddbb3b620
SHA256 7b476f4a30fc1dfca0a11283ff46553b09bdcc2017bc41dd1540d98ea4ec7fdf
SHA512 c65a160a5e5fba38bfe59acdee95fdb32ec29953237ad9082269d32afd396ceba1ff89902b9c4992e02af6a793f383945c8f2d963b67836a616fd829ea173d17

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\DJC53OYI.txt

MD5 a4ed64c5160867e9b995c54b4f46d8f0
SHA1 d77a273aff5e429e91eb942c79206d89c4e942f7
SHA256 3f5b9d842c2f8ead61b2a568bc6dddf5c1fd4e6137831fdfb1559bddcdb14b7e
SHA512 f15190b3ec6c4e538f0128784e98df752cb740f8edacab6ef85cf9555ee1f84d126aa8feff56b2148ffc3a5c93adcde8d18f10543dba3276cbbea4aade8e5929

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\084920IP.txt

MD5 a87121b6471873d0411a90f552481b5d
SHA1 2293a7f50e5fe67a2d9b4ad4c9c2a6fbe74e4d14
SHA256 85bfb939bc70131d434f2b4595df28a159915f3ad7e3290bbd0da794cd4e6ec5
SHA512 825c2fbfa2b50790c406467fb09d7c2054d02f8d100872765559c72ec1113f0efdb43aa425f9d908a87e6143f94fa3a8efd40f60b58bdfa911a863f69e79626e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f7478f03c2d3019802be27db6e11ecc4
SHA1 21583dd8594d6cc329006d50a1c6a1e5d662cc65
SHA256 ddb5d41f82716582911c3ffc3a0f3d0db244f577fe3c694346e5ed39a4a0dc39
SHA512 0c7db370d199ea9f61383e94648eadce3cc2abde1afcd6003c2de84521cc05116b31f11f63d89fb4658f86910ff5637c861db2c676eb6f23c53b7d257d23fb9a

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UIC05TTQ\9IZQARHP.htm

MD5 2eeb2e0202b1bf9daf39ac6eb1466b42
SHA1 26abaa251ff391b4311c5cfa927be41b09ced5d3
SHA256 66f963290dda5adc89f8ce4e16676df4540d5b8f600e0fecf86e03a4fcfc1c02
SHA512 101659d11d34d4d38aeeb181917a7ab7630dd6909699a018166a9cbbb4346eeb9801c75c57fb67b63f330bd363b7367ba99ab604bdd9f097127474207b871e16

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KTCUYJBV\5QQ1C024.htm

MD5 e05012443aa649971375a48f0437971e
SHA1 8963810380df775d316e9b40dcf353fb920843ba
SHA256 d4f01930da07190997c68b9f673e023f823e97eca74e80807f1b640203a54628
SHA512 7dd6804619da60736b8649df0b219ce4f2ca80080b22222d935c4fd21c51d9f0b448bd98ce8ae5593061e16c73569503c174611523113fe6ed39f53a2873f6be

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\TRUSGEO5.txt

MD5 b82a456585e2a155aaaabe57ee13e1cc
SHA1 7d46a1bbf6c3bbc5815ef2122c3f8f457ee94ab6
SHA256 74dc7cadaef201adbb2d9993fcef17e082e0d43e0f787c9ac876bd84b4d29028
SHA512 3424d86d99416f78cc97ee6d142a4341ef0398fefa34c90e362cddef8b247e934de385680b36da3c3497311d0b802549b1f5ccbbee49edf960d4636b6391581f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B2FAF7692FD9FFBD64EDE317E42334BA_D7393C8F62BDE4D4CB606228BC7A711E

MD5 2e2231443cb7ae1eb6893fd2c348071d
SHA1 f42c8ed36b7533765f49386ede30bfa16fd4b8c6
SHA256 8771d0dd41d115c03c9db99a3afd8dde40764531109ed5d77a810c5fd1ffc5fe
SHA512 2a5df718114dbcffd833ea8b8e0defdfae0d47a3898787e2dbc592025c738713e49c02fe18b360ad8481c401969d54a53761600895f92e2a1afb948d522098dc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\07CEF2F654E3ED6050FFC9B6EB844250_34D61B4A2A4AE0D3DDAB879224BCA77B

MD5 4d890f6620b53b7f83b04c6f5a4e90d3
SHA1 3e8ad9afa861245a3f7e8f5a597c2a8a5e436716
SHA256 b62431f6f5228f21dd76c34d0a22e5eb5f8dd8e0dcaf525619ae1dafd13c6a9d
SHA512 79ffee44a5317301a595c47fb904914c6aef3441db1015a35f80bb61f94c78aa57fa0eb3f58feaae14faee946253b840705401fa8fa9960d972cecb6f85fe0be

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\07CEF2F654E3ED6050FFC9B6EB844250_34D61B4A2A4AE0D3DDAB879224BCA77B

MD5 ee4b2611310960bcde2ff9e0586c8678
SHA1 9d09777308f01e40ed2a5df3ad0b1bd334cd3d95
SHA256 ac4290cc18c0989f229787c3f59501be7cbe6e7992792d413e719c0f8fcef9b7
SHA512 318bb3bae75e7155d0eab23a9819e74bb00f16b9f412f7aff3ebc8b79689a329875e1a4599878c2ac095240c9afb8c0a6d70fa3f02dcf4b63da1d079f109239a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B2FAF7692FD9FFBD64EDE317E42334BA_D7393C8F62BDE4D4CB606228BC7A711E

MD5 1df1c6030194987125bacb30321a8085
SHA1 c88c71a88dff496892a763b5b4f19cf7901ede45
SHA256 194bdefc31a58c2cc8a34d854f7ccb81cbeb62e548d4923139146c3b5236b0ae
SHA512 2fddd4dba740615eff3eecfa73fd21d83d74121d6d767820673d7a8124f313f99701a55c75e94fe462d4718ca31120b82ed81d57a319787eb807a47d49be0bb0

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WCBNI5KW\marquee[1].js

MD5 5f597d4d1b993365c8c9c97e6c7d352d
SHA1 2612a4c82b38bbeebac3f39f4e65562ca42afe71
SHA256 11d0527ff372454bb4f6cb9170e93c245df8cdd10ab335b29a0d05b206e8f456
SHA512 4de5e8d43a813c5894c54ffd88003389de64d003d2d47bdf105d0c31167bf69d83b32c37d15345f4449c7054daa58a94e8a1f6ee14a4832190da7ea76714e2da

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KTCUYJBV\css[1].css

MD5 e6a4936f58c9af5c00ddaab17f2be1ad
SHA1 dce4ee3ad98d30c7069384e00f1a1f4d9779a6be
SHA256 7bead969194c58f0e5cd444cf2e15e2689db50fd8b425bf63344f52a5aefdb02
SHA512 18de86aeaad8e1536b2c8a3a83576fb4882c7e554ca0e24384fe744d8c94914d6a3ccfa66f81a8dbdc3b8fb473790c191b96bc4efea0c7916ba721dad7e92c73

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KTCUYJBV\css[2].css

MD5 595a29fef2fa0d2f5d90d1ea5e26f374
SHA1 d398978a326d7405a66d8eaef5d5d495020eb749
SHA256 2e756d91811f849ce554abc778e52ed47d23d531a2e540829c27f2af69a2445e
SHA512 34ea1ecc2ae5a36b9986952f9d11aa0877a6095c71acf098f28c085e94faf886c90c017c447718bbd93d32fc7c28a5d95e017af40d5c28e00c545e4f6515c968

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\L7PG4A0G\PCPRO[1].css

MD5 88b7c6da19faa99cae52c46212cf078d
SHA1 37d7811fb05436cc0976fab9c6cbad9de3e218a0
SHA256 3a82c01b2096f24a9a8c6761994f00f3302ff4c0f0ec2c77bd440ff821afbc7e
SHA512 1055ab6f36668a8589ae94eb30a38a21b07889423e9a58fb5f8a05542bba0c365ff32d50e1c68ee46b0b012da180eddd6bd15b6f518318943e9d16767bc37fa5

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UIC05TTQ\tabcontent[1].js

MD5 f1645e882491b8e9b66b6704c290358f
SHA1 800bdf76515c5a3d7a87079fd2c018b30c1e5ed8
SHA256 4bf48103b3886ec0f395b1085b9fd27cdbb7eeb3ab272b4269ffe91bbe6c9a77
SHA512 1dc0572dd4092d8857dabe1b000c4baabe7d5bccf58af4a09948740a0140ae3b380f97be53d08f2f15a6b74bee5d920bb35dc726c2bb30aa12996c601e2cad5f

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KTCUYJBV\tab[1].css

MD5 e7ea0df6e57d25b257c9ce904589f0d3
SHA1 57d7d657bac6d17897bd114f2db77736e6228e0d
SHA256 7b9764da2d8c28d3b0432ed0ffd11101ef20e3be7356ae4a6b1e58a3967e430d
SHA512 e718017f623d246c0302d3ab9adcd2e7c0c1d578ca8b2b26ac9e766133fff9f95a4f3dc2b3b35d521da4d534a40f2650170178346f7e1d5fba733fed0857c7ed

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UIC05TTQ\supportlicense[1].js

MD5 cd2ff195838e035c52599c44fc9e4150
SHA1 a82a4f5cefe7e20ba0d293f72788d33a428d78b9
SHA256 247c79b820e0c6f172ec56a6a0eda7953e2860d165f8778e53de5d7c711e3c30
SHA512 2b5efc35e987b4c734134e4486ac26414e29bbd7457715eabefc9c14bd103ac2e9289f2fe47403a28af6d6eb1c869d145341eb55eaf13f417a9c30c26a690d16

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\L7PG4A0G\faq[1].js

MD5 506aeb1f4147e9da132cf745d8e9c258
SHA1 7702bc8743e96dab589de1fb5276acb46aed522d
SHA256 4de550096ce0b95effa7331fa701efc6261af28e9c3754c33938ca9bbb459948
SHA512 d559a5f619960640b2e51e8a8a93b6a3501a443343d0c0507eedbf352e8a33726fc10b04955f74c55647b1c48fafad0509e728099d7aa8f17a64a8286b1b16f9

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WCBNI5KW\media[1].css

MD5 cf7ebf08c98702246680452eeccc93b2
SHA1 c88799ca63168f8d953f419a28ca7eb486808f43
SHA256 590741b58751d5333a29b1bfe948c3269a27f85424f7c7bf0e86337c87a80a96
SHA512 2d5ed86ff065494f24f4f5123e69a9ebb4a4aa075525fadf2fe834106bf39a1fea7e458efb34371a3131e4dc9fc56f56816ffd616536944a00fb653c70e10792

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\L7PG4A0G\style[1].css

MD5 6a899616d18af91f7707109eafcb19d3
SHA1 3179b45780ed7dacc49d9fc09b079d6a893e0bcf
SHA256 478cb919a1614c86930cdf7e7607e713ea721a488fbb0b150f5ced5a67fbf40a
SHA512 103319b3ef9180a224689f4650c431fe4cc3b6989925938317cd49c9a6d720ffdba639ea1e67a7a9bc96a24e4e8c134b7d480ec934f2f03365219f68521020e5

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\L7PG4A0G\bootstrap.min[1].css

MD5 0d9ad1c31f08421ab3e17bddeec2f0f5
SHA1 56b081079b6a00fd3ac7c7fae826f1e54edf92bf
SHA256 6971181fcbd5975a75b1b9062f5ea652faccbca4bbb995f7f3351697471383d6
SHA512 ad4b6badea519c2120744254926d151804b6ef3a2cf7a8a0ab34c2517a547687e76c9a769043042440f6f7954202b7c09c4a4d1e44ab17d0f27e97bfdcfc7147

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3efcbe47e87a3089f25fa624360f2fcc
SHA1 3b6667c192e457244fd256e91a0c175446242265
SHA256 548805c78fd565bca52fcedb3f5e88b9bf6b599bcc602de04e33245d413aa544
SHA512 06c7c7f5b928c43d58b92bd86369624f6472d0f8f4d3ad566bbc7c204926cf9e387099e7b3b3bfcc839986b95d59f769b94f609aabfd4b71766f477041d995ac

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d4d4c16802e0d3254f8f970f3137d03e
SHA1 d55c64069506e5d10b01983840e424eb485f5834
SHA256 f97b8df9bf9f32049461286ae875a8f6c1dc16628ab8fec1e19a8fe1a954508f
SHA512 af74b9c23a3d12407ba2aa23f275636c46c5e380270f609c10b93c282fd0864127ddf4c57ff7ea1d0f6cf8c88a48d1dafa722f0a584a49dec48ba897298fa8c6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 488f888695000d1f70a88efeebb802bf
SHA1 e270c8798dfbe438e74239176cdbc2ff4807b761
SHA256 180ae978faaaefc1e981c76b38659aae05c451ce5051c98939d3f2173ef9edbf
SHA512 9e4dc66aec344248a18b519359247070668fc3a7b7aa2e16604ccf70f3e72d381ec44162bda0b5c5847cc17b905fec6e7dc5ddde9e2569cd16b039b28e711175

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5081ef8a61c51ae5beae547c0d602ed7
SHA1 3e50c26f37ba25f82111f17bd4cbea1b7aa8e68d
SHA256 baa3a3f7c95eaf3d06a6f979ef06b32126145415aed7a55cb6180502b20258c1
SHA512 d724ea6e002b9e4aa31349346d3e3ab0583fd379c9e85a2bdb8c90111eed23db7981f45c49163c13cf138d41c5a679b4b56f47d2a8112e0c0388c42530203046

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 38ea420cdb6167af98c9453ada051427
SHA1 7115885e56561d0f45bbe6e5a1613ccfbc9ee51b
SHA256 a314942f91892dddbfb7c15d62455bea5630c62ea0785f24cede88b1cb08e1b9
SHA512 dca2565209e4b76963dcd6a42a419f012606eab3ea02bcaa1d9ae4d0a0136c3a8bd05eae46c430968e435e8aaaea73de53b6ad33924f96e63996d8ed3b129901

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d320f38c52e09db6a4b384f381ce4ff1
SHA1 66cc1870ba149355cf1663a188ec2e8f57a33c76
SHA256 039f6633081f8c78db57d0188c4770d960fa5aec1b7eb06f17d979ec86e039cc
SHA512 4150af2570d3416b646cbf64b77eaeba6c837b27781fb5a2a4016c3d31ac235cf363462f78c5f6c7f71e6479c3055d0da6b6a0373b2ebc9849c23a74a9d6810f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c3a41ddbfd001487208514a406069ef1
SHA1 04e43b958fe5609d26af7bc17bb5741b89197fe4
SHA256 a0371ced60a9ec26b472e59c8087edda60b076f722a294f364e2493ef2f3bb3f
SHA512 f70705d28981e658a02779fd3031ae56d9cdf2efff6fb669d04e588901974c4bba6e0d14d616cc0b4be11809d75351a57ca5b235659127de55b988d5d0eb8e4e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b74aa8fde4a167c19f5b7af765c8c24b
SHA1 f24ae8af82a1e5cb8680db444cf30e42803bc577
SHA256 01d2c06d8b7e4eb65d72cfc849efce8f7bcebf89047cd8c61c80c560c3df1008
SHA512 51237e938c273a9827e187ae19b10c0f3dbcebb78357cc8904d9a1ac2e5cf3076d720465b25e4ecde8fb1092957ca608f26f3ae9010b53e025387b86b97b6225

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2c53367134bd474d2433dda73a68358a
SHA1 ab453b0457fe3e2f7b066a335a2d6fbaffd4dfe0
SHA256 4fe124357c6ea92692d5f5330c5fee5829373ea1251be364f32819a023372676
SHA512 c7664fbe653f4f70df11ec76525bb08075a5307b8243d7734999b9a750d299e6a88e48f0c966a12ba81a5561d23959227b90018d41d299d2e67f3a74612067dd

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f4d16d2f67b6970ad7befcd46eedf3e3
SHA1 1c9bea632902073cf17f49bc3c7b9767f5671e16
SHA256 233e30a1359d5dec7067b1be5f69cda0b181d375637f8d06443bbeab475f6c45
SHA512 39b510fa7d7a178012ef05f5d5f599fdc88eadb73913f774e751e47047f3aebfa230a42bc05395e7421645b6904509f2ce014d9bb1607299e5c071712ff330ad

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3343e14c1b6cdbd982b1723e67fee93c
SHA1 8360e814bba26ac94918eab74818aaf5b9fc20d8
SHA256 6e79ddf0dd3ef0ffacd5871f61d1699a64c568ceee3c66ccef086c35baac7930
SHA512 8e79c9dc87dd59ac1d5c48d1ec0fea45b448a6e68ac0145f75d6c940f8ed2b7845577cc55bb9a65afba08521b8c9ebf4b4e1951c5d1839ad57e4df2ecab373c2

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-15 06:53

Reported

2024-06-15 08:02

Platform

win10v2004-20240226-en

Max time kernel

25s

Max time network

37s

Command Line

"C:\Users\Admin\AppData\Local\Temp\MEMZ.exe"

Signatures

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A

Writes to the Master Boot Record (MBR)

bootkit persistence
Description Indicator Process Target
File opened for modification \??\PhysicalDrive0 C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A

Enumerates physical storage devices

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 536 wrote to memory of 4280 N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe C:\Users\Admin\AppData\Local\Temp\MEMZ.exe
PID 536 wrote to memory of 4280 N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe C:\Users\Admin\AppData\Local\Temp\MEMZ.exe
PID 536 wrote to memory of 4280 N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe C:\Users\Admin\AppData\Local\Temp\MEMZ.exe
PID 536 wrote to memory of 4560 N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe C:\Users\Admin\AppData\Local\Temp\MEMZ.exe
PID 536 wrote to memory of 4560 N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe C:\Users\Admin\AppData\Local\Temp\MEMZ.exe
PID 536 wrote to memory of 4560 N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe C:\Users\Admin\AppData\Local\Temp\MEMZ.exe
PID 536 wrote to memory of 4044 N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe C:\Users\Admin\AppData\Local\Temp\MEMZ.exe
PID 536 wrote to memory of 4044 N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe C:\Users\Admin\AppData\Local\Temp\MEMZ.exe
PID 536 wrote to memory of 4044 N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe C:\Users\Admin\AppData\Local\Temp\MEMZ.exe
PID 536 wrote to memory of 4288 N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe C:\Users\Admin\AppData\Local\Temp\MEMZ.exe
PID 536 wrote to memory of 4288 N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe C:\Users\Admin\AppData\Local\Temp\MEMZ.exe
PID 536 wrote to memory of 4288 N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe C:\Users\Admin\AppData\Local\Temp\MEMZ.exe
PID 536 wrote to memory of 1692 N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe C:\Users\Admin\AppData\Local\Temp\MEMZ.exe
PID 536 wrote to memory of 1692 N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe C:\Users\Admin\AppData\Local\Temp\MEMZ.exe
PID 536 wrote to memory of 1692 N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe C:\Users\Admin\AppData\Local\Temp\MEMZ.exe
PID 536 wrote to memory of 4592 N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe C:\Users\Admin\AppData\Local\Temp\MEMZ.exe
PID 536 wrote to memory of 4592 N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe C:\Users\Admin\AppData\Local\Temp\MEMZ.exe
PID 536 wrote to memory of 4592 N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe C:\Users\Admin\AppData\Local\Temp\MEMZ.exe

Processes

C:\Users\Admin\AppData\Local\Temp\MEMZ.exe

"C:\Users\Admin\AppData\Local\Temp\MEMZ.exe"

C:\Users\Admin\AppData\Local\Temp\MEMZ.exe

"C:\Users\Admin\AppData\Local\Temp\MEMZ.exe" /watchdog

C:\Users\Admin\AppData\Local\Temp\MEMZ.exe

"C:\Users\Admin\AppData\Local\Temp\MEMZ.exe" /watchdog

C:\Users\Admin\AppData\Local\Temp\MEMZ.exe

"C:\Users\Admin\AppData\Local\Temp\MEMZ.exe" /watchdog

C:\Users\Admin\AppData\Local\Temp\MEMZ.exe

"C:\Users\Admin\AppData\Local\Temp\MEMZ.exe" /watchdog

C:\Users\Admin\AppData\Local\Temp\MEMZ.exe

"C:\Users\Admin\AppData\Local\Temp\MEMZ.exe" /watchdog

C:\Users\Admin\AppData\Local\Temp\MEMZ.exe

"C:\Users\Admin\AppData\Local\Temp\MEMZ.exe" /main

C:\Windows\SysWOW64\notepad.exe

"C:\Windows\System32\notepad.exe" \note.txt

Network

Country Destination Domain Proto
US 8.8.8.8:53 13.86.106.20.in-addr.arpa udp
US 8.8.8.8:53 105.83.221.88.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 0.159.190.20.in-addr.arpa udp
GB 172.217.169.74:443 tcp
US 8.8.8.8:53 104.219.191.52.in-addr.arpa udp

Files

N/A