Analysis Overview
SHA256
a1c2e6660cff8d87a924ed0079f94374d04602433014c46ae6c52700c45ddc10
Threat Level: Known bad
The file a1c2e6660cff8d87a924ed0079f94374d04602433014c46ae6c52700c45ddc10 was found to be: Known bad.
Malicious Activity Summary
Ryuk
Enumerates physical storage devices
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Runs net.exe
MITRE ATT&CK
Enterprise Matrix V6
Analysis: static1
Detonation Overview
Reported
2022-02-20 03:52
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2022-02-20 03:52
Reported
2022-02-20 04:27
Platform
win7-en-20211208
Max time kernel
162s
Max time network
36s
Command Line
Signatures
Ryuk
Enumerates physical storage devices
Runs net.exe
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\a1c2e6660cff8d87a924ed0079f94374d04602433014c46ae6c52700c45ddc10.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\system32\taskhost.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\a1c2e6660cff8d87a924ed0079f94374d04602433014c46ae6c52700c45ddc10.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Windows\system32\Dwm.exe
"C:\Windows\system32\Dwm.exe"
C:\Windows\system32\taskhost.exe
"taskhost.exe"
C:\Users\Admin\AppData\Local\Temp\a1c2e6660cff8d87a924ed0079f94374d04602433014c46ae6c52700c45ddc10.exe
"C:\Users\Admin\AppData\Local\Temp\a1c2e6660cff8d87a924ed0079f94374d04602433014c46ae6c52700c45ddc10.exe"
C:\Windows\System32\net.exe
"C:\Windows\System32\net.exe" stop "audioendpointbuilder" /y
C:\Windows\System32\net.exe
"C:\Windows\System32\net.exe" stop "samss" /y
C:\Windows\system32\net1.exe
C:\Windows\system32\net1 stop "audioendpointbuilder" /y
C:\Windows\system32\net1.exe
C:\Windows\system32\net1 stop "samss" /y
C:\Windows\System32\net.exe
"C:\Windows\System32\net.exe" stop "audioendpointbuilder" /y
C:\Windows\system32\net1.exe
C:\Windows\system32\net1 stop "audioendpointbuilder" /y
C:\Windows\System32\net.exe
"C:\Windows\System32\net.exe" stop "samss" /y
C:\Windows\system32\net1.exe
C:\Windows\system32\net1 stop "samss" /y
C:\Windows\System32\net.exe
"C:\Windows\System32\net.exe" stop "samss" /y
C:\Windows\system32\net1.exe
C:\Windows\system32\net1 stop "samss" /y
C:\Windows\System32\net.exe
"C:\Windows\System32\net.exe" stop "samss" /y
C:\Windows\system32\net1.exe
C:\Windows\system32\net1 stop "samss" /y
C:\Windows\System32\net.exe
"C:\Windows\System32\net.exe" stop "samss" /y
C:\Windows\system32\net1.exe
C:\Windows\system32\net1 stop "samss" /y
C:\Windows\System32\net.exe
"C:\Windows\System32\net.exe" stop "samss" /y
C:\Windows\system32\net1.exe
C:\Windows\system32\net1 stop "samss" /y
C:\Windows\System32\net.exe
"C:\Windows\System32\net.exe" stop "samss" /y
C:\Windows\system32\net1.exe
C:\Windows\system32\net1 stop "samss" /y
C:\Windows\System32\net.exe
"C:\Windows\System32\net.exe" stop "samss" /y
C:\Windows\system32\net1.exe
C:\Windows\system32\net1 stop "samss" /y
C:\Windows\System32\net.exe
"C:\Windows\System32\net.exe" stop "samss" /y
C:\Windows\system32\net1.exe
C:\Windows\system32\net1 stop "samss" /y
Network
Files
memory/744-55-0x000007FEFBAD1000-0x000007FEFBAD3000-memory.dmp
memory/1120-54-0x000000013F500000-0x000000013F7DA000-memory.dmp
memory/1120-57-0x000000013F500000-0x000000013F7DA000-memory.dmp
memory/1180-58-0x000000013F500000-0x000000013F7DA000-memory.dmp
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\08e575673cce10c72090304839888e02_bc8e1036-7fb3-448e-8ad9-a824b1a03b8e
| MD5 | 93a5aadeec082ffc1bca5aa27af70f52 |
| SHA1 | 47a92aee3ea4d1c1954ed4da9f86dd79d9277d31 |
| SHA256 | a1a21799e98f97f271657ce656076f33dcb020d9370f1f2671d783cafd230294 |
| SHA512 | df388c8d83e779e006d6311b2046fcf9259ec33d379fc0e2c6a4b6b90418f587a12c5c23acd488413a02568ca2d3effe04608ec7c791925c7ed53dc71093ca45 |
C:\Documents and Settings\Admin\AppData\Local\Adobe\Color\RyukReadMe.html
| MD5 | 96a91962d17fd1210150b48859c9fe8c |
| SHA1 | 7b1c385b48682884985edd213044876a3d2cd2dd |
| SHA256 | 34479d7147a935c6a95454e3e334cbba577871ef36b2d4932bd41abfc468861b |
| SHA512 | 5c9efbf65e8559c5ac1c8e31a815e6e96dfd5beff989454421c0873bd8497b4d22bb2e789eaa48a64d3697cd1971191c8607dd97110f0d95193215b91bc5be26 |
C:\Documents and Settings\Admin\AppData\Local\Adobe\Acrobat\9.0\Cache\AcroFnt09.lst.RYK
| MD5 | 0be16aa241eeb7741b47dade475b9b8b |
| SHA1 | 80c6d64acdf0cc67bc8d404b768f82c3bfc1682a |
| SHA256 | 359ebde7187de84da3523b4d85025b7f83ea36a29942eafbc5603b569b09b07d |
| SHA512 | 07217b3da6461d5cde456cdeaea377e0815af49c91900bc36967615f38bdb9acb57878a53ae4361f2d491d564a3c517d9bbed86464098d61b631802294f23f76 |
C:\Documents and Settings\Admin\AppData\Local\Adobe\Acrobat\9.0\Cache\RyukReadMe.html
| MD5 | 96a91962d17fd1210150b48859c9fe8c |
| SHA1 | 7b1c385b48682884985edd213044876a3d2cd2dd |
| SHA256 | 34479d7147a935c6a95454e3e334cbba577871ef36b2d4932bd41abfc468861b |
| SHA512 | 5c9efbf65e8559c5ac1c8e31a815e6e96dfd5beff989454421c0873bd8497b4d22bb2e789eaa48a64d3697cd1971191c8607dd97110f0d95193215b91bc5be26 |
C:\Documents and Settings\Admin\AppData\Local\Adobe\Acrobat\9.0\RyukReadMe.html
| MD5 | 96a91962d17fd1210150b48859c9fe8c |
| SHA1 | 7b1c385b48682884985edd213044876a3d2cd2dd |
| SHA256 | 34479d7147a935c6a95454e3e334cbba577871ef36b2d4932bd41abfc468861b |
| SHA512 | 5c9efbf65e8559c5ac1c8e31a815e6e96dfd5beff989454421c0873bd8497b4d22bb2e789eaa48a64d3697cd1971191c8607dd97110f0d95193215b91bc5be26 |
C:\Documents and Settings\Admin\AppData\Local\Adobe\Acrobat\RyukReadMe.html
| MD5 | 96a91962d17fd1210150b48859c9fe8c |
| SHA1 | 7b1c385b48682884985edd213044876a3d2cd2dd |
| SHA256 | 34479d7147a935c6a95454e3e334cbba577871ef36b2d4932bd41abfc468861b |
| SHA512 | 5c9efbf65e8559c5ac1c8e31a815e6e96dfd5beff989454421c0873bd8497b4d22bb2e789eaa48a64d3697cd1971191c8607dd97110f0d95193215b91bc5be26 |
C:\Documents and Settings\Admin\AppData\Local\Adobe\RyukReadMe.html
| MD5 | 96a91962d17fd1210150b48859c9fe8c |
| SHA1 | 7b1c385b48682884985edd213044876a3d2cd2dd |
| SHA256 | 34479d7147a935c6a95454e3e334cbba577871ef36b2d4932bd41abfc468861b |
| SHA512 | 5c9efbf65e8559c5ac1c8e31a815e6e96dfd5beff989454421c0873bd8497b4d22bb2e789eaa48a64d3697cd1971191c8607dd97110f0d95193215b91bc5be26 |
C:\Documents and Settings\Admin\AppData\Local\RyukReadMe.html
| MD5 | 96a91962d17fd1210150b48859c9fe8c |
| SHA1 | 7b1c385b48682884985edd213044876a3d2cd2dd |
| SHA256 | 34479d7147a935c6a95454e3e334cbba577871ef36b2d4932bd41abfc468861b |
| SHA512 | 5c9efbf65e8559c5ac1c8e31a815e6e96dfd5beff989454421c0873bd8497b4d22bb2e789eaa48a64d3697cd1971191c8607dd97110f0d95193215b91bc5be26 |
C:\Documents and Settings\Admin\AppData\RyukReadMe.html
| MD5 | 96a91962d17fd1210150b48859c9fe8c |
| SHA1 | 7b1c385b48682884985edd213044876a3d2cd2dd |
| SHA256 | 34479d7147a935c6a95454e3e334cbba577871ef36b2d4932bd41abfc468861b |
| SHA512 | 5c9efbf65e8559c5ac1c8e31a815e6e96dfd5beff989454421c0873bd8497b4d22bb2e789eaa48a64d3697cd1971191c8607dd97110f0d95193215b91bc5be26 |
C:\Documents and Settings\Admin\RyukReadMe.html
| MD5 | 96a91962d17fd1210150b48859c9fe8c |
| SHA1 | 7b1c385b48682884985edd213044876a3d2cd2dd |
| SHA256 | 34479d7147a935c6a95454e3e334cbba577871ef36b2d4932bd41abfc468861b |
| SHA512 | 5c9efbf65e8559c5ac1c8e31a815e6e96dfd5beff989454421c0873bd8497b4d22bb2e789eaa48a64d3697cd1971191c8607dd97110f0d95193215b91bc5be26 |
C:\Documents and Settings\RyukReadMe.html
| MD5 | 96a91962d17fd1210150b48859c9fe8c |
| SHA1 | 7b1c385b48682884985edd213044876a3d2cd2dd |
| SHA256 | 34479d7147a935c6a95454e3e334cbba577871ef36b2d4932bd41abfc468861b |
| SHA512 | 5c9efbf65e8559c5ac1c8e31a815e6e96dfd5beff989454421c0873bd8497b4d22bb2e789eaa48a64d3697cd1971191c8607dd97110f0d95193215b91bc5be26 |
C:\RyukReadMe.html
| MD5 | 96a91962d17fd1210150b48859c9fe8c |
| SHA1 | 7b1c385b48682884985edd213044876a3d2cd2dd |
| SHA256 | 34479d7147a935c6a95454e3e334cbba577871ef36b2d4932bd41abfc468861b |
| SHA512 | 5c9efbf65e8559c5ac1c8e31a815e6e96dfd5beff989454421c0873bd8497b4d22bb2e789eaa48a64d3697cd1971191c8607dd97110f0d95193215b91bc5be26 |
C:\Users\Admin\AppData\Local\Temp\RyukReadMe.html
| MD5 | 96a91962d17fd1210150b48859c9fe8c |
| SHA1 | 7b1c385b48682884985edd213044876a3d2cd2dd |
| SHA256 | 34479d7147a935c6a95454e3e334cbba577871ef36b2d4932bd41abfc468861b |
| SHA512 | 5c9efbf65e8559c5ac1c8e31a815e6e96dfd5beff989454421c0873bd8497b4d22bb2e789eaa48a64d3697cd1971191c8607dd97110f0d95193215b91bc5be26 |
C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Adobe\Color\Profiles\wsRGB.icc.RYK
| MD5 | 7732787c4edd9ea5aceafad97ffcdcdd |
| SHA1 | a1885afbdbc12d360e4a681be063d6b33483caca |
| SHA256 | 29aab684606acd86c7de691359503b7b70166ad76381ae75b81aac7aa35eaf8a |
| SHA512 | 4d042b0fee3b82d447e5e0a465c36b6d614440948ca47fb6fc7e7d4618608e46e6f3234422bcb860008a170370f6c955b92497f51fab91ea1ff037a21a641739 |
C:\Documents and Settings\Admin\AppData\Local\Adobe\Color\Profiles\wscRGB.icc.RYK
| MD5 | 094e821af46dce25eb9d5056d63b92fc |
| SHA1 | c3db9a038747058bd18c83722461f2ee8b88b173 |
| SHA256 | 3f3f20527e9c7b6425e9141ba54ef9fd3ae88d4604c901d34e85b7bcfa6f8220 |
| SHA512 | 8dff784974691fed265fd18b57fc3d2a9600894e4a802e32bb19472c3f5c37f417db1678ed8b30431538d6808a27a08c66c6f55e8f1987583053c4419927e339 |
C:\Documents and Settings\Admin\AppData\Local\Adobe\Color\Profiles\RyukReadMe.html
| MD5 | 96a91962d17fd1210150b48859c9fe8c |
| SHA1 | 7b1c385b48682884985edd213044876a3d2cd2dd |
| SHA256 | 34479d7147a935c6a95454e3e334cbba577871ef36b2d4932bd41abfc468861b |
| SHA512 | 5c9efbf65e8559c5ac1c8e31a815e6e96dfd5beff989454421c0873bd8497b4d22bb2e789eaa48a64d3697cd1971191c8607dd97110f0d95193215b91bc5be26 |
C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Adobe\Color\ACECache10.lst.RYK
| MD5 | 6d56b69286fccecdbc13fa13d25a475b |
| SHA1 | 2e5ad48cf0b993fc9c4497c23fa9ec003a539811 |
| SHA256 | d5d15240e1efa096b725a79d93a14b39af9a1bffc105621cc8a413482e85aee6 |
| SHA512 | 74a48c5dbc45ddf586f77e67315c60e6e56a99b927e79a5db41a77e7d954d21a2962d6f7ad37698498bd2aa94c26ffa41d749a386a158e43091ddf2504a0c5cc |
C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\RyukReadMe.html
| MD5 | 96a91962d17fd1210150b48859c9fe8c |
| SHA1 | 7b1c385b48682884985edd213044876a3d2cd2dd |
| SHA256 | 34479d7147a935c6a95454e3e334cbba577871ef36b2d4932bd41abfc468861b |
| SHA512 | 5c9efbf65e8559c5ac1c8e31a815e6e96dfd5beff989454421c0873bd8497b4d22bb2e789eaa48a64d3697cd1971191c8607dd97110f0d95193215b91bc5be26 |
C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\RyukReadMe.html
| MD5 | 96a91962d17fd1210150b48859c9fe8c |
| SHA1 | 7b1c385b48682884985edd213044876a3d2cd2dd |
| SHA256 | 34479d7147a935c6a95454e3e334cbba577871ef36b2d4932bd41abfc468861b |
| SHA512 | 5c9efbf65e8559c5ac1c8e31a815e6e96dfd5beff989454421c0873bd8497b4d22bb2e789eaa48a64d3697cd1971191c8607dd97110f0d95193215b91bc5be26 |
C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\IconCache.db
| MD5 | 61d19386608c999b6892153510e35e09 |
| SHA1 | 5a07cb0e4e3e88702d64fa3a39b1437b5b8a1353 |
| SHA256 | cc903ecfd8c0551d4f7c9126ec1c4cf4d7a1fbd26b6364c565c25bb79dccc087 |
| SHA512 | 8b370acf839302aaecd4f31feb818ff7dfab9208bbae1b4489a3817d740cd247e62ad7973d362a210bdb141b3bc58c947242ac015cff685aa9a922cc5a5421db |
C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\RyukReadMe.html
| MD5 | 96a91962d17fd1210150b48859c9fe8c |
| SHA1 | 7b1c385b48682884985edd213044876a3d2cd2dd |
| SHA256 | 34479d7147a935c6a95454e3e334cbba577871ef36b2d4932bd41abfc468861b |
| SHA512 | 5c9efbf65e8559c5ac1c8e31a815e6e96dfd5beff989454421c0873bd8497b4d22bb2e789eaa48a64d3697cd1971191c8607dd97110f0d95193215b91bc5be26 |
C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\chrome_installer.log
| MD5 | 3bba43fe4c920d9411e86faadf94b900 |
| SHA1 | 41d759fdd4feac2cf60c567e44add2319d5dc0a8 |
| SHA256 | 855eab8b05ea9fba87312202bcdf0febf7594a573119f14f40669d975f155b99 |
| SHA512 | 73a9e0ee60acb97008526ce224c638021c433ef932058d01ab1bddfb3deb4f653807d8234ee813f8e23ad117a77af7c0be2e8828469a56dce9fff03548cd9306 |
C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Low\RyukReadMe.html
| MD5 | 96a91962d17fd1210150b48859c9fe8c |
| SHA1 | 7b1c385b48682884985edd213044876a3d2cd2dd |
| SHA256 | 34479d7147a935c6a95454e3e334cbba577871ef36b2d4932bd41abfc468861b |
| SHA512 | 5c9efbf65e8559c5ac1c8e31a815e6e96dfd5beff989454421c0873bd8497b4d22bb2e789eaa48a64d3697cd1971191c8607dd97110f0d95193215b91bc5be26 |
C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\dd_SetupUtility.txt
| MD5 | 3ffcbd7202bab86bd35e1b40bb991320 |
| SHA1 | f7bab8636031d2363fa9f3e8a228e94fc3e21c22 |
| SHA256 | c5ebaef9bae4b010cf72787ce6c6ae1ad0cc45908f926b5241fd71bcd3b10f63 |
| SHA512 | 340bd18e2571002bf96612c61f124e1306b71259bdf544101ff872e63e7e432a759c3e5c21de04b58975886c6a832906b6556cd8b070acbcb22239692836df2c |
C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\dd_vcredistUI37AD.txt
| MD5 | c6d72c6adb1bf85686db58dbac4533e5 |
| SHA1 | bda2e4ed63814f6f44eebab7f138a8acf0e2b053 |
| SHA256 | 0747e62f78a7f9568ad61591287f3d098b57b97fbb4b0542033f293e8968729a |
| SHA512 | 2b6ce09fea4885fc32511045f17bb14580ae04d86d4eda6fd38d9956d5c3ca6d65f2f38fb58569b1b4e00f74f4d35f1dfd929992b2e6fb95269225f0c81ad468 |
C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\ASPNETSetup_00000.log
| MD5 | 3e98b676ed822dc72e6c9dccf47bdac1 |
| SHA1 | f1f8fe423f93c0fbeed96a993853a1ccda0025de |
| SHA256 | db3bb8b9fa01928d3e4f2788557765a37d484034709c796d459bbf8e1796c34d |
| SHA512 | 3deb53800b827faadd3569d347bc4743cc14144b1634ff225174866825603e1ef0ad04b558f7e0d78ff144207bc03e8dc4859c697e0460626775f57bd3aab03e |
C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds Cache\RyukReadMe.html
| MD5 | 96a91962d17fd1210150b48859c9fe8c |
| SHA1 | 7b1c385b48682884985edd213044876a3d2cd2dd |
| SHA256 | 34479d7147a935c6a95454e3e334cbba577871ef36b2d4932bd41abfc468861b |
| SHA512 | 5c9efbf65e8559c5ac1c8e31a815e6e96dfd5beff989454421c0873bd8497b4d22bb2e789eaa48a64d3697cd1971191c8607dd97110f0d95193215b91bc5be26 |
C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\java_install_reg.log
| MD5 | d9faaa45e2fa4dccaf96307459f10363 |
| SHA1 | eb011d19eb626db509620c8303e8bb70ff1f8daa |
| SHA256 | 294baf5514a1eaf82bcee689afca5d708dd6f307b663b7a8b756cccd2fc640c0 |
| SHA512 | 56b0480dea253361a2d08b3ff2cbd0c3bfa542ed0fa9833df7fd1630dd449c5779c38ae510bf81df29a18c62a7307b7de20edbe303251d580281df5900f26610 |
C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds\RyukReadMe.html
| MD5 | 96a91962d17fd1210150b48859c9fe8c |
| SHA1 | 7b1c385b48682884985edd213044876a3d2cd2dd |
| SHA256 | 34479d7147a935c6a95454e3e334cbba577871ef36b2d4932bd41abfc468861b |
| SHA512 | 5c9efbf65e8559c5ac1c8e31a815e6e96dfd5beff989454421c0873bd8497b4d22bb2e789eaa48a64d3697cd1971191c8607dd97110f0d95193215b91bc5be26 |
C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Credentials\RyukReadMe.html
| MD5 | 96a91962d17fd1210150b48859c9fe8c |
| SHA1 | 7b1c385b48682884985edd213044876a3d2cd2dd |
| SHA256 | 34479d7147a935c6a95454e3e334cbba577871ef36b2d4932bd41abfc468861b |
| SHA512 | 5c9efbf65e8559c5ac1c8e31a815e6e96dfd5beff989454421c0873bd8497b4d22bb2e789eaa48a64d3697cd1971191c8607dd97110f0d95193215b91bc5be26 |
C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\Low\RyukReadMe.html
| MD5 | 96a91962d17fd1210150b48859c9fe8c |
| SHA1 | 7b1c385b48682884985edd213044876a3d2cd2dd |
| SHA256 | 34479d7147a935c6a95454e3e334cbba577871ef36b2d4932bd41abfc468861b |
| SHA512 | 5c9efbf65e8559c5ac1c8e31a815e6e96dfd5beff989454421c0873bd8497b4d22bb2e789eaa48a64d3697cd1971191c8607dd97110f0d95193215b91bc5be26 |
C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\History.IE5\RyukReadMe.html
| MD5 | 96a91962d17fd1210150b48859c9fe8c |
| SHA1 | 7b1c385b48682884985edd213044876a3d2cd2dd |
| SHA256 | 34479d7147a935c6a95454e3e334cbba577871ef36b2d4932bd41abfc468861b |
| SHA512 | 5c9efbf65e8559c5ac1c8e31a815e6e96dfd5beff989454421c0873bd8497b4d22bb2e789eaa48a64d3697cd1971191c8607dd97110f0d95193215b91bc5be26 |
C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\RGID605.tmp
| MD5 | 8fd340c540dbdbb90d9d6d92556e361c |
| SHA1 | c53b78e7569a9497a682c17d2ccd694d1255e2d7 |
| SHA256 | a261464dc74af97221e52fa1ba383cf78d0e144386caa2c0056551ea541fd2a0 |
| SHA512 | 4ad7a39c47c923febcd239890d853d432de5fd3cdad13700e536326b8f05e98796461dac008e0f6925129bebd51b1b012f123c6536346fc57c0c6711993e0d7a |
C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds\FeedsStore.feedsdb-ms.RYK
| MD5 | 23537978727376e90147578d6e4a0cad |
| SHA1 | bc2c3a75bb0a102bb46c592ff2d0f0fa926dc699 |
| SHA256 | 073ce2a1530a511ad7309c8f2e7f3816219709262e36684c20ab27cc367417cd |
| SHA512 | 8d95b249da0796e0842f72bd9123da0dad06242c49f7e8af9708c45ab9d54fbeb2339b57a2ed6c8abe447cf2e1e68ed847480e70a4e6a7589e91c14e149ba4be |
C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\jusched.log
| MD5 | 0a59559fce05a717e41bd71cbf9777b2 |
| SHA1 | 16a8f9db909afc9e40870277677deddc107f99a7 |
| SHA256 | 551f528309b9df152bbbed67d412853120116cb0134e091b149cf94264c8b44f |
| SHA512 | 224a6a11f616c55a2c084598aeac0620c0bbc400a093c12030a7e47c5991e21efcb9213c6797f58eb993da5ed47c7b8636717238a410bc067125f0757a208714 |
C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\RyukReadMe.html
| MD5 | 96a91962d17fd1210150b48859c9fe8c |
| SHA1 | 7b1c385b48682884985edd213044876a3d2cd2dd |
| SHA256 | 34479d7147a935c6a95454e3e334cbba577871ef36b2d4932bd41abfc468861b |
| SHA512 | 5c9efbf65e8559c5ac1c8e31a815e6e96dfd5beff989454421c0873bd8497b4d22bb2e789eaa48a64d3697cd1971191c8607dd97110f0d95193215b91bc5be26 |
C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\brndlog.bak
| MD5 | 0e5ffff16e069f8eacf3cb833f26c131 |
| SHA1 | 0e7b80c7e8dc862f4bfc481d7686ec6e94d5d64b |
| SHA256 | d5a26fcd6ea0a772dec6bef78d955ef52d3ffae8b70219d3c6a1643b1bfcb7e5 |
| SHA512 | 9ab27b7b9b5e23f53f96fcf2a415b850abf1562cbb4d891e39297d8755503a2bbd969b53527e93a2cd97ecc098a4587ca763e22ddcce25d2341553574663e385 |
C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\ASPNETSetup_00001.log
| MD5 | 825e7c17486cb5daeeeaff9c238c7429 |
| SHA1 | b74b42139642fde274b72fde2faf5b35c8a614c1 |
| SHA256 | 4dc761222ae865dfac30200b9e53fb59abd6d72d3dc70e5b7040049af42e143d |
| SHA512 | 0b90604734259290a310302a15c923a0524d08bab44219ebce14d803dd511abb79f4e1d67702ee9cefd1c73abeac6dca884094ef85153f5ddd47f9dd11120962 |
C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\RyukReadMe.html
| MD5 | 96a91962d17fd1210150b48859c9fe8c |
| SHA1 | 7b1c385b48682884985edd213044876a3d2cd2dd |
| SHA256 | 34479d7147a935c6a95454e3e334cbba577871ef36b2d4932bd41abfc468861b |
| SHA512 | 5c9efbf65e8559c5ac1c8e31a815e6e96dfd5beff989454421c0873bd8497b4d22bb2e789eaa48a64d3697cd1971191c8607dd97110f0d95193215b91bc5be26 |
C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\RyukReadMe.html
| MD5 | 96a91962d17fd1210150b48859c9fe8c |
| SHA1 | 7b1c385b48682884985edd213044876a3d2cd2dd |
| SHA256 | 34479d7147a935c6a95454e3e334cbba577871ef36b2d4932bd41abfc468861b |
| SHA512 | 5c9efbf65e8559c5ac1c8e31a815e6e96dfd5beff989454421c0873bd8497b4d22bb2e789eaa48a64d3697cd1971191c8607dd97110f0d95193215b91bc5be26 |
C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\Groove\RyukReadMe.html
| MD5 | 96a91962d17fd1210150b48859c9fe8c |
| SHA1 | 7b1c385b48682884985edd213044876a3d2cd2dd |
| SHA256 | 34479d7147a935c6a95454e3e334cbba577871ef36b2d4932bd41abfc468861b |
| SHA512 | 5c9efbf65e8559c5ac1c8e31a815e6e96dfd5beff989454421c0873bd8497b4d22bb2e789eaa48a64d3697cd1971191c8607dd97110f0d95193215b91bc5be26 |
C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Burn\RyukReadMe.html
| MD5 | 96a91962d17fd1210150b48859c9fe8c |
| SHA1 | 7b1c385b48682884985edd213044876a3d2cd2dd |
| SHA256 | 34479d7147a935c6a95454e3e334cbba577871ef36b2d4932bd41abfc468861b |
| SHA512 | 5c9efbf65e8559c5ac1c8e31a815e6e96dfd5beff989454421c0873bd8497b4d22bb2e789eaa48a64d3697cd1971191c8607dd97110f0d95193215b91bc5be26 |
C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\RyukReadMe.html
| MD5 | 96a91962d17fd1210150b48859c9fe8c |
| SHA1 | 7b1c385b48682884985edd213044876a3d2cd2dd |
| SHA256 | 34479d7147a935c6a95454e3e334cbba577871ef36b2d4932bd41abfc468861b |
| SHA512 | 5c9efbf65e8559c5ac1c8e31a815e6e96dfd5beff989454421c0873bd8497b4d22bb2e789eaa48a64d3697cd1971191c8607dd97110f0d95193215b91bc5be26 |
C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Explorer\RyukReadMe.html
| MD5 | 96a91962d17fd1210150b48859c9fe8c |
| SHA1 | 7b1c385b48682884985edd213044876a3d2cd2dd |
| SHA256 | 34479d7147a935c6a95454e3e334cbba577871ef36b2d4932bd41abfc468861b |
| SHA512 | 5c9efbf65e8559c5ac1c8e31a815e6e96dfd5beff989454421c0873bd8497b4d22bb2e789eaa48a64d3697cd1971191c8607dd97110f0d95193215b91bc5be26 |
C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Admin.bmp
| MD5 | 96a4e806c7393f91effa3998abcc6656 |
| SHA1 | d19677a9a38abdfe4bf2e0922fae7174e9e2cc2c |
| SHA256 | 66d841c87b16bb9bbe8d9270b616a1abcf1067056fd671fe1d1880d3a7e49371 |
| SHA512 | dfb2d14b2ab8aeebbcd9cb21871c8a2e968f27d94aa6c28653bc4f011a5689feb9ac425b72088e11148d936d03c418341adbcf803afbf29ea1e9d2343f780ad1 |
C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Caches\RyukReadMe.html
| MD5 | 96a91962d17fd1210150b48859c9fe8c |
| SHA1 | 7b1c385b48682884985edd213044876a3d2cd2dd |
| SHA256 | 34479d7147a935c6a95454e3e334cbba577871ef36b2d4932bd41abfc468861b |
| SHA512 | 5c9efbf65e8559c5ac1c8e31a815e6e96dfd5beff989454421c0873bd8497b4d22bb2e789eaa48a64d3697cd1971191c8607dd97110f0d95193215b91bc5be26 |
C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\LocalMLS_3.wmdb
| MD5 | fc4b05d46ca63e1fd8043ad88e9c72cc |
| SHA1 | 9c0677cdeeadb1950ea42adf68079c4b5ac5546e |
| SHA256 | 8906653c47e32e6d076916e7e73f143e7db11908a10d627898da4acd72c97e6b |
| SHA512 | 5f0cf2b0e642044a1427526175c39d3c52e86e003bd20bd473c88c1605d0e3e32315d5a05c86b33dca6670d2c2e0c559e2d21e3f9134066988dcc66ca6749e8d |
C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Ringtones\RyukReadMe.html
| MD5 | 96a91962d17fd1210150b48859c9fe8c |
| SHA1 | 7b1c385b48682884985edd213044876a3d2cd2dd |
| SHA256 | 34479d7147a935c6a95454e3e334cbba577871ef36b2d4932bd41abfc468861b |
| SHA512 | 5c9efbf65e8559c5ac1c8e31a815e6e96dfd5beff989454421c0873bd8497b4d22bb2e789eaa48a64d3697cd1971191c8607dd97110f0d95193215b91bc5be26 |
C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\WebCache\RyukReadMe.html
| MD5 | 96a91962d17fd1210150b48859c9fe8c |
| SHA1 | 7b1c385b48682884985edd213044876a3d2cd2dd |
| SHA256 | 34479d7147a935c6a95454e3e334cbba577871ef36b2d4932bd41abfc468861b |
| SHA512 | 5c9efbf65e8559c5ac1c8e31a815e6e96dfd5beff989454421c0873bd8497b4d22bb2e789eaa48a64d3697cd1971191c8607dd97110f0d95193215b91bc5be26 |
C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Mail\oeold.xml
| MD5 | 778a3409dffeca7379bfe0a9be17b6e0 |
| SHA1 | 68bf4d12dc8b9fcb111d382a628e4c952ab20959 |
| SHA256 | fadf5ecd602b3b5eec1c3d39aabe0b7d23612e87f74f1616bfb4950496ecb5c4 |
| SHA512 | a73356d167be3bc29498d3f4563fcc5e464e39d632d01b2858d135436027e40cdfd0ea5340442d739c1e05f8b80dae91d2332d1352ded35b87dba68b9f3a73dc |
C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Mail\RyukReadMe.html
| MD5 | 96a91962d17fd1210150b48859c9fe8c |
| SHA1 | 7b1c385b48682884985edd213044876a3d2cd2dd |
| SHA256 | 34479d7147a935c6a95454e3e334cbba577871ef36b2d4932bd41abfc468861b |
| SHA512 | 5c9efbf65e8559c5ac1c8e31a815e6e96dfd5beff989454421c0873bd8497b4d22bb2e789eaa48a64d3697cd1971191c8607dd97110f0d95193215b91bc5be26 |
C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Mail\edb.chk
| MD5 | 9ede00e24edfad5b8d184990b9318bd8 |
| SHA1 | 3ba3ff2d436cc6062840a6cc5d6a3d3e21691458 |
| SHA256 | 82208881c53b6d8d9296347e7a2d6f2ac4bc9a32d349746386bc976fa5881014 |
| SHA512 | cff0242870c735370eb6f03e5e99b1f133e0a2ec8ccf13374342076d6f3271ff018e0deed8a8a52ef63e3a708c3612f6a256519b82c9ca28d4a4917289d1a9d7 |
C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Mail\edb00001.log
| MD5 | 089ee21f514af9863cfea0ffe0fa8c15 |
| SHA1 | 4179a4c9997f3581b6ae5856f26f33afbe3589f5 |
| SHA256 | 7816eb84cc6d0ca321f3314a4b4fb089e9f80046359ccb39b36b3e57893dd15e |
| SHA512 | 3af7bcc3f45e8098edec44e836424ba155f5ef2d7a79c9c869f309ca3a139886a6c4c1629affc3a65d6cab90b2e4eabada3fb8ad91ffc368f6fa7d4540003518 |
C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Mail\Stationery\Bears.htm
| MD5 | a4495cd42801823ef04d27f7ad75e9a3 |
| SHA1 | 71fc4861597a1c1e4895570e10fe498087b2c8be |
| SHA256 | 38bb0c70efb319fbeee3806b62f587f091ec802a098d7ff3385e3fa98c799dcb |
| SHA512 | de333a917d0d93b1ef6234f34a0e4daa5b01e736c0d4273aae8615cf3aadfe317ab4c7856276072d12e9da3f8fba0c3c8cb8343bc4ff3c791df449df174b1bdf |
C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Mail\Stationery\Graph.emf
| MD5 | 62b35c15f688eea47474678af71fa62d |
| SHA1 | 60488069f7ba58ed318f01b453ce5e343071bb50 |
| SHA256 | 0f46e088206c94330a84e635cda9fba153601732a9c6fed253b4e1f671766e62 |
| SHA512 | 719e16c998babb0e6130413b400b1198258ae2d9a2d9d27231fcc04eaf847950a6008c06970da92e8930c35bf37dba970f0da8c7bb150d1b15bf99425f171204 |
C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Mail\Stationery\Music.emf
| MD5 | 567902cae3e426fb8665a0305d219de8 |
| SHA1 | 10bd810f309875f0920bd971549dad0a2da8cd90 |
| SHA256 | 45a520c84c08cf9d8c49f920f467722d5570a97615b8713087304967ad652613 |
| SHA512 | 04d2959b26f605087b58ebdd16125c1c2fffe0f4b3494fe72f9a2f750829e7e18b0c24d77743fef0f1dd4f595355a88e8e99d6832775d88c3f79eac9a831431e |
C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Mail\Stationery\Monet.jpg
| MD5 | 783eb182d2e9b0b3ec1f7dde25270606 |
| SHA1 | b28dfb5c6b2e4afef2598677ed0b6553870bab2f |
| SHA256 | c864fd3bc4c11053cf9a943795d11258d5b3978310376b09ed1ac1887b55899f |
| SHA512 | 62e2165514bfe5c3c0af2ed9385285eb367de003c4b8cfa20648b25f599afd684d8b688eec40cbe5218fce6b4b6357acb69a308c3c9f9f1e6e769fec3a402c74 |
C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Mail\Stationery\Seyes.emf
| MD5 | 87c76be4b0b01516c7c5761e2b15e738 |
| SHA1 | 1095ee0068b85b298ebb984333e5391177952cab |
| SHA256 | 359cdc42e0e77d5f02dfe55a2dc8d6c71d61ce3671a284434ae6bb45f30dcbf5 |
| SHA512 | b723d273f9f6b9d8019764a006281100a3fb3d223f1d20b67c133d48c091abddb66831e062766980b24d6e516ddc0bcde06f8778083f96ed5f953cc345c63c54 |
C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Mail\Stationery\Stars.jpg
| MD5 | de675bc597c16c8e2e82373b65e5f4aa |
| SHA1 | 79f445e012fdfd60c412993baab0429564129df6 |
| SHA256 | cb5f780f15fc1c7a38f0ca716bb0fb13635c62e90b2edc29db0accf692a16b9a |
| SHA512 | 47eb30106f7c3f2c76976699f644a6bfe9cf5a30820d0a85f9d12165d65ec6e336b8d81e0edb094b24f2242f2729685dc884ac9da9154f103c14f403d7862c36 |
C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Media\RyukReadMe.html
| MD5 | 96a91962d17fd1210150b48859c9fe8c |
| SHA1 | 7b1c385b48682884985edd213044876a3d2cd2dd |
| SHA256 | 34479d7147a935c6a95454e3e334cbba577871ef36b2d4932bd41abfc468861b |
| SHA512 | 5c9efbf65e8559c5ac1c8e31a815e6e96dfd5beff989454421c0873bd8497b4d22bb2e789eaa48a64d3697cd1971191c8607dd97110f0d95193215b91bc5be26 |
Analysis: behavioral2
Detonation Overview
Submitted
2022-02-20 03:52
Reported
2022-02-20 04:27
Platform
win10v2004-en-20220113
Max time kernel
47s
Max time network
100s
Command Line
Signatures
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\a1c2e6660cff8d87a924ed0079f94374d04602433014c46ae6c52700c45ddc10.exe | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 4816 wrote to memory of 2896 | N/A | C:\Users\Admin\AppData\Local\Temp\a1c2e6660cff8d87a924ed0079f94374d04602433014c46ae6c52700c45ddc10.exe | C:\Windows\system32\sihost.exe |
| PID 4816 wrote to memory of 2916 | N/A | C:\Users\Admin\AppData\Local\Temp\a1c2e6660cff8d87a924ed0079f94374d04602433014c46ae6c52700c45ddc10.exe | C:\Windows\system32\svchost.exe |
| PID 4816 wrote to memory of 2956 | N/A | C:\Users\Admin\AppData\Local\Temp\a1c2e6660cff8d87a924ed0079f94374d04602433014c46ae6c52700c45ddc10.exe | C:\Windows\system32\taskhostw.exe |
| PID 4816 wrote to memory of 3008 | N/A | C:\Users\Admin\AppData\Local\Temp\a1c2e6660cff8d87a924ed0079f94374d04602433014c46ae6c52700c45ddc10.exe | C:\Windows\system32\svchost.exe |
| PID 4816 wrote to memory of 3260 | N/A | C:\Users\Admin\AppData\Local\Temp\a1c2e6660cff8d87a924ed0079f94374d04602433014c46ae6c52700c45ddc10.exe | C:\Windows\system32\DllHost.exe |
Processes
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k UnistackSvcGroup -s CDPUserSvc
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe /Processid:{3EB3C877-1F16-487C-9050-104DBCD66683}
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k ClipboardSvcGroup -p -s cbdhsvc
C:\Windows\system32\taskhostw.exe
taskhostw.exe {222A245B-E637-4AE9-A93F-A59CA119A75E}
C:\Windows\system32\sihost.exe
sihost.exe
C:\Users\Admin\AppData\Local\Temp\a1c2e6660cff8d87a924ed0079f94374d04602433014c46ae6c52700c45ddc10.exe
"C:\Users\Admin\AppData\Local\Temp\a1c2e6660cff8d87a924ed0079f94374d04602433014c46ae6c52700c45ddc10.exe"
Network
| Country | Destination | Domain | Proto |
| US | 93.184.221.240:80 | tcp | |
| US | 93.184.220.29:80 | tcp | |
| US | 13.107.21.200:443 | tcp | |
| US | 23.96.229.177:443 | tcp | |
| US | 52.182.143.208:443 | tcp | |
| US | 93.184.221.240:80 | tcp |
Files
memory/2916-131-0x00007FF7F03F0000-0x00007FF7F06CA000-memory.dmp
memory/2896-130-0x00007FF7F03F0000-0x00007FF7F06CA000-memory.dmp