Analysis Overview
SHA256
cd8025c4845fe6d05e681a6bb668efe97ddd1899d23d5ad378080c6e2b202a94
Threat Level: Known bad
The file cd8025c4845fe6d05e681a6bb668efe97ddd1899d23d5ad378080c6e2b202a94N was found to be: Known bad.
Malicious Activity Summary
MetamorpherRAT
Metamorpherrat family
Checks computer location settings
Deletes itself
Loads dropped DLL
Executes dropped EXE
Uses the VBS compiler for execution
System Location Discovery: System Language Discovery
Unsigned PE
Enumerates physical storage devices
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-11-09 05:51
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral2
Detonation Overview
Submitted
2024-11-09 05:51
Reported
2024-11-09 05:53
Platform
win10v2004-20241007-en
Max time kernel
119s
Max time network
120s
Command Line
Signatures
MetamorpherRAT
Metamorpherrat family
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\cd8025c4845fe6d05e681a6bb668efe97ddd1899d23d5ad378080c6e2b202a94N.exe | N/A |
Deletes itself
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\tmp884A.tmp.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\tmp884A.tmp.exe | N/A |
Uses the VBS compiler for execution
Enumerates physical storage devices
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\cd8025c4845fe6d05e681a6bb668efe97ddd1899d23d5ad378080c6e2b202a94N.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\tmp884A.tmp.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\cd8025c4845fe6d05e681a6bb668efe97ddd1899d23d5ad378080c6e2b202a94N.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\tmp884A.tmp.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\cd8025c4845fe6d05e681a6bb668efe97ddd1899d23d5ad378080c6e2b202a94N.exe
"C:\Users\Admin\AppData\Local\Temp\cd8025c4845fe6d05e681a6bb668efe97ddd1899d23d5ad378080c6e2b202a94N.exe"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\yuignblg.cmdline"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES8993.tmp" "C:\Users\Admin\AppData\Local\Temp\vbc41EC762CFCC142489B8E30E6134D96.TMP"
C:\Users\Admin\AppData\Local\Temp\tmp884A.tmp.exe
"C:\Users\Admin\AppData\Local\Temp\tmp884A.tmp.exe" C:\Users\Admin\AppData\Local\Temp\cd8025c4845fe6d05e681a6bb668efe97ddd1899d23d5ad378080c6e2b202a94N.exe
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 217.106.137.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 72.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | bejnz.com | udp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 8.8.8.8:53 | simrat.no-ip.info | udp |
| US | 8.8.8.8:53 | 105.84.221.44.in-addr.arpa | udp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 8.8.8.8:53 | simrat.no-ip.info | udp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 8.8.8.8:53 | simrat.no-ip.info | udp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 8.8.8.8:53 | simrat.no-ip.info | udp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 8.8.8.8:53 | simrat.no-ip.info | udp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 8.8.8.8:53 | 200.163.202.172.in-addr.arpa | udp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 8.8.8.8:53 | simrat.no-ip.info | udp |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 8.8.8.8:53 | simrat.no-ip.info | udp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 8.8.8.8:53 | simrat.no-ip.info | udp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 8.8.8.8:53 | simrat.no-ip.info | udp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 8.8.8.8:53 | simrat.no-ip.info | udp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 8.8.8.8:53 | simrat.no-ip.info | udp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 8.8.8.8:53 | simrat.no-ip.info | udp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 8.8.8.8:53 | 68.209.201.84.in-addr.arpa | udp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 8.8.8.8:53 | simrat.no-ip.info | udp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 8.8.8.8:53 | simrat.no-ip.info | udp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 8.8.8.8:53 | simrat.no-ip.info | udp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 8.8.8.8:53 | simrat.no-ip.info | udp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 8.8.8.8:53 | simrat.no-ip.info | udp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 8.8.8.8:53 | simrat.no-ip.info | udp |
| US | 8.8.8.8:53 | 79.190.18.2.in-addr.arpa | udp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 8.8.8.8:53 | 30.243.111.52.in-addr.arpa | udp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 8.8.8.8:53 | simrat.no-ip.info | udp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 8.8.8.8:53 | simrat.no-ip.info | udp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 8.8.8.8:53 | simrat.no-ip.info | udp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 8.8.8.8:53 | simrat.no-ip.info | udp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 8.8.8.8:53 | simrat.no-ip.info | udp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
Files
memory/3892-0-0x0000000074A62000-0x0000000074A63000-memory.dmp
memory/3892-1-0x0000000074A60000-0x0000000075011000-memory.dmp
memory/3892-2-0x0000000074A60000-0x0000000075011000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\yuignblg.cmdline
| MD5 | 184986374e84499bcf6f693870a76b3a |
| SHA1 | ce4a6fddfac7962cc8a146c8eeaf0636141ddc23 |
| SHA256 | 18404405d40778790cc2414c3a1eeeebbcb066c1d245126f9d1d60d6675734dc |
| SHA512 | 39cc0c450607cba9a3b39e4776dd0aad3cda08ec46eecc57431794ad8e4c42a89595acee681d87e1ad7a88d345c328e9fe5ec12c351df52eda41a3ff3692bf50 |
C:\Users\Admin\AppData\Local\Temp\yuignblg.0.vb
| MD5 | 6033a45f60a56133f940c48b74c15973 |
| SHA1 | e073f56ede861d9ae9df3d533c615c96c8b9f274 |
| SHA256 | 8025b6468bd6cc9484aa23a963b333ef9bcb3864772274c667589ed19d1ba8a6 |
| SHA512 | 9e3b5b7d220f096d9ef64db7cd708373d1a6199725bfa2d5158a6c30341eabb5e363aac225a7c5f6cfd7527f186461782a633bca728c86f954fdb61ad6324f08 |
memory/1552-9-0x0000000074A60000-0x0000000075011000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\zCom.resources
| MD5 | 8008b17644b64cea2613d47c30c6e9f4 |
| SHA1 | 4cd2935358e7a306af6aac6d1c0e495535bd5b32 |
| SHA256 | fc343d0c2ee741f89cc4f187d7b6694397765e151dbc737052df4c19d7a36c55 |
| SHA512 | 0c1161a8ebcc659ffd920f0607cc751ece0a0c918a8d3b8f8ca508ebc03b854c29bd0bdf1518922c4525a825f90ef3bca8c7540975d4ecab9182b9f0ce6880ea |
C:\Users\Admin\AppData\Local\Temp\vbc41EC762CFCC142489B8E30E6134D96.TMP
| MD5 | 22d9375175e87a3c8110e176b2580cef |
| SHA1 | b86771ec7291b2235438f29a800b9d781e31e3ad |
| SHA256 | afeba67c3efb909108df641e27a6f96f626d25c08e617147735444a0a4303a0d |
| SHA512 | 3e3d4a2d8efe2c437fc9c771f0dd5a4611edde9e99ae7c36af59ad072361c7399c67e0147e2166a1fd331480f78ce740a2eb340c62bf5330d0f880fc1353d612 |
C:\Users\Admin\AppData\Local\Temp\RES8993.tmp
| MD5 | d1c40fd0d86043a4d1cb39e0e9c6587a |
| SHA1 | aace5b93bfe7d1d1d0be88020b7edb708e47ad22 |
| SHA256 | b5430964be77c20f0d615c14c41f4d3408cdf79a165cd2b6abb58336e2b06302 |
| SHA512 | ac06bd211627c16141a2370b56609eff40c2c9f0e75fb7cd94a3b88475fd20805d936f96358a032a43168e770c63c967d4b82de83383747353090930dda3f0a0 |
memory/1552-18-0x0000000074A60000-0x0000000075011000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\tmp884A.tmp.exe
| MD5 | 6b6f41912b0b687b3ce6cd2747993f83 |
| SHA1 | 87033edbad1dfd1902235b586467131b9e2c6b57 |
| SHA256 | 46ff22bb3681f0a5d917f4781e7b457c81a5251bf68016997366bf563a0640da |
| SHA512 | 290e174914671674ef734ddcd54731ab1e2b9ce5a6fd121cf3cbdf19aec32668175e4873515a1442c81fc7ee575a3778399c57fd14c90f2877b9695387c2fee3 |
memory/3892-22-0x0000000074A60000-0x0000000075011000-memory.dmp
memory/1496-24-0x0000000074A60000-0x0000000075011000-memory.dmp
memory/1496-23-0x0000000074A60000-0x0000000075011000-memory.dmp
memory/1496-25-0x0000000074A60000-0x0000000075011000-memory.dmp
memory/1496-26-0x0000000074A60000-0x0000000075011000-memory.dmp
memory/1496-27-0x0000000074A60000-0x0000000075011000-memory.dmp
Analysis: behavioral1
Detonation Overview
Submitted
2024-11-09 05:51
Reported
2024-11-09 05:53
Platform
win7-20240903-en
Max time kernel
120s
Max time network
120s
Command Line
Signatures
MetamorpherRAT
Metamorpherrat family
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\tmpE9C3.tmp.exe | N/A |
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\cd8025c4845fe6d05e681a6bb668efe97ddd1899d23d5ad378080c6e2b202a94N.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\cd8025c4845fe6d05e681a6bb668efe97ddd1899d23d5ad378080c6e2b202a94N.exe | N/A |
Uses the VBS compiler for execution
Enumerates physical storage devices
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\tmpE9C3.tmp.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\cd8025c4845fe6d05e681a6bb668efe97ddd1899d23d5ad378080c6e2b202a94N.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\cd8025c4845fe6d05e681a6bb668efe97ddd1899d23d5ad378080c6e2b202a94N.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\cd8025c4845fe6d05e681a6bb668efe97ddd1899d23d5ad378080c6e2b202a94N.exe
"C:\Users\Admin\AppData\Local\Temp\cd8025c4845fe6d05e681a6bb668efe97ddd1899d23d5ad378080c6e2b202a94N.exe"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\tdky0clx.cmdline"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESEB0B.tmp" "C:\Users\Admin\AppData\Local\Temp\vbcEB0A.tmp"
C:\Users\Admin\AppData\Local\Temp\tmpE9C3.tmp.exe
"C:\Users\Admin\AppData\Local\Temp\tmpE9C3.tmp.exe" C:\Users\Admin\AppData\Local\Temp\cd8025c4845fe6d05e681a6bb668efe97ddd1899d23d5ad378080c6e2b202a94N.exe
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | bejnz.com | udp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 8.8.8.8:53 | simrat.no-ip.info | udp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
| US | 44.221.84.105:80 | bejnz.com | tcp |
Files
memory/2788-0-0x00000000745A1000-0x00000000745A2000-memory.dmp
memory/2788-1-0x00000000745A0000-0x0000000074B4B000-memory.dmp
memory/2788-2-0x00000000745A0000-0x0000000074B4B000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\tdky0clx.cmdline
| MD5 | fed1d2d74fcf9f2ebb06a01d71c08d41 |
| SHA1 | a62734bbcf101d6ef1cf5f89e2e22d95e2090445 |
| SHA256 | 665dd3b88cd14c170e8f3c383819ab14c47191e7084f784be31a27fce44795de |
| SHA512 | 44736ec4ef8452c59a8606188e839c9e8df1c4dd1927a7cdc1e43dcdf32270dbe8afbebc7cb71165e4edf31db532a1f29a720c0a35e73f485b693c78410122bf |
memory/2680-8-0x00000000745A0000-0x0000000074B4B000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\tdky0clx.0.vb
| MD5 | 3f808e1a3751cabdd98a4d92d479a91a |
| SHA1 | 0f30146b0aa0d51d28a1ad945bab45934c4b0e9c |
| SHA256 | 15b34b50188c2e44f78be4fb680b3420b15a59fba020a0c57d7c2c805fa6e2fc |
| SHA512 | b3e8d0a158fbc3123b35c0c3cff6b294469a07dc63f898bb4357f905fedc6e72e14568e461ed5e6de25e06921256160bb0d5cccdc13bec5243d8e9b9f61b390f |
C:\Users\Admin\AppData\Local\Temp\zCom.resources
| MD5 | 8008b17644b64cea2613d47c30c6e9f4 |
| SHA1 | 4cd2935358e7a306af6aac6d1c0e495535bd5b32 |
| SHA256 | fc343d0c2ee741f89cc4f187d7b6694397765e151dbc737052df4c19d7a36c55 |
| SHA512 | 0c1161a8ebcc659ffd920f0607cc751ece0a0c918a8d3b8f8ca508ebc03b854c29bd0bdf1518922c4525a825f90ef3bca8c7540975d4ecab9182b9f0ce6880ea |
C:\Users\Admin\AppData\Local\Temp\RESEB0B.tmp
| MD5 | 148cf3f369f4f0e09c157c273418f1f0 |
| SHA1 | bc6d1b46155e5d48315ee15da1a3d52778af5d1f |
| SHA256 | 87173b60a57328539f3150e5f88f8e9fe5b6a3dab566cdb6aa57d5257cbbcbab |
| SHA512 | 5379d2a4dc189c929b7023fd2894f711c1c1fb3853baad93b805d2de05881b85f9eab4289d4b105d3346df9fac3aa463402d2fe78366b62c62ac2ca12a3a1829 |
C:\Users\Admin\AppData\Local\Temp\vbcEB0A.tmp
| MD5 | 667ac222c090d2fd2af9265b5f678c5b |
| SHA1 | f07dfb75a53812e383f18407d70a1eaa0d2d3bc0 |
| SHA256 | 0a3e6f5dc62da28f077e4107cbaa3d0ef407e81bc86338341a5847967db6c9bb |
| SHA512 | b7b89c0a20db917ef16f243b0a15b2e941edd071ec47afb265e1bd4d856f9523a8db392e43caea22c8681f5b8c7693b391cc2af068fc7dd30e5e99c2beff77d7 |
memory/2680-18-0x00000000745A0000-0x0000000074B4B000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\tmpE9C3.tmp.exe
| MD5 | 016ebf1a17692cf760daed1abcf88e6a |
| SHA1 | 3a4521b85ab5688b554cd5f231a5a6d18d350cef |
| SHA256 | 6356028f295bf642290634881aea11792a6f12947e43fdfab8db24b8462decb0 |
| SHA512 | 66b8ad0929b1d9f799ddf3385ef684f36845d621bab62413bf73dcf888d55a1f440795bde2323dbcaba19120445606488f472f442f238dd9ec5ca79c4d96d3b2 |
memory/2788-24-0x00000000745A0000-0x0000000074B4B000-memory.dmp