Malware Analysis Report

2024-10-16 03:14

Sample ID 220321-pj7pgacccj
Target 370b510335cc2f8bfabb348a2a4dc5293fecf8f17af76f52847dc260cdd83fde
SHA256 370b510335cc2f8bfabb348a2a4dc5293fecf8f17af76f52847dc260cdd83fde
Tags
score
8/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
8/10

SHA256

370b510335cc2f8bfabb348a2a4dc5293fecf8f17af76f52847dc260cdd83fde

Threat Level: Likely malicious

The file 370b510335cc2f8bfabb348a2a4dc5293fecf8f17af76f52847dc260cdd83fde was found to be: Likely malicious.

Malicious Activity Summary


Executes dropped EXE

Loads dropped DLL

Drops file in Windows directory

Suspicious behavior: GetForegroundWindowSpam

Suspicious use of WriteProcessMemory

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2022-03-21 12:22

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2022-03-21 12:22

Reported

2022-03-21 12:26

Platform

win7-20220311-en

Max time kernel

4294180s

Max time network

122s

Command Line

"C:\Users\Admin\AppData\Local\Temp\370b510335cc2f8bfabb348a2a4dc5293fecf8f17af76f52847dc260cdd83fde.exe"

Signatures

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\f76170a\370b510335cc2f8bfabb348a2a4dc5293fecf8f17af76f52847dc260cdd83fde.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\370b510335cc2f8bfabb348a2a4dc5293fecf8f17af76f52847dc260cdd83fde.exe

"C:\Users\Admin\AppData\Local\Temp\370b510335cc2f8bfabb348a2a4dc5293fecf8f17af76f52847dc260cdd83fde.exe"

C:\Users\Admin\AppData\Local\Temp\f76170a\370b510335cc2f8bfabb348a2a4dc5293fecf8f17af76f52847dc260cdd83fde.exe

-run=1 -shortcut="C:\Users\Admin\AppData\Local\Temp\370b510335cc2f8bfabb348a2a4dc5293fecf8f17af76f52847dc260cdd83fde.exe"

Network

N/A

Files

\Users\Admin\AppData\Local\Temp\f76170a\370b510335cc2f8bfabb348a2a4dc5293fecf8f17af76f52847dc260cdd83fde.exe

MD5 76863eb690c9385a6fb13503a60f0b7f
SHA1 09af8728202201928db0fbe7c0364e6070fa26f3
SHA256 370b510335cc2f8bfabb348a2a4dc5293fecf8f17af76f52847dc260cdd83fde
SHA512 6f06bf8ef2b0d300090d4ecff807453699c3af9f85f8ac6ad7489877a72e693e59e73cbbf81a6a2f185dccba8b5b3790ec57b04e23e9a0a46ab206868e244d18

C:\Users\Admin\AppData\Local\Temp\f76170a\370b510335cc2f8bfabb348a2a4dc5293fecf8f17af76f52847dc260cdd83fde.exe

MD5 76863eb690c9385a6fb13503a60f0b7f
SHA1 09af8728202201928db0fbe7c0364e6070fa26f3
SHA256 370b510335cc2f8bfabb348a2a4dc5293fecf8f17af76f52847dc260cdd83fde
SHA512 6f06bf8ef2b0d300090d4ecff807453699c3af9f85f8ac6ad7489877a72e693e59e73cbbf81a6a2f185dccba8b5b3790ec57b04e23e9a0a46ab206868e244d18

C:\Users\Admin\AppData\Local\Temp\f76170a\370b510335cc2f8bfabb348a2a4dc5293fecf8f17af76f52847dc260cdd83fde.exe

MD5 76863eb690c9385a6fb13503a60f0b7f
SHA1 09af8728202201928db0fbe7c0364e6070fa26f3
SHA256 370b510335cc2f8bfabb348a2a4dc5293fecf8f17af76f52847dc260cdd83fde
SHA512 6f06bf8ef2b0d300090d4ecff807453699c3af9f85f8ac6ad7489877a72e693e59e73cbbf81a6a2f185dccba8b5b3790ec57b04e23e9a0a46ab206868e244d18

Analysis: behavioral2

Detonation Overview

Submitted

2022-03-21 12:22

Reported

2022-03-21 12:26

Platform

win10v2004-20220310-en

Max time kernel

115s

Max time network

142s

Command Line

"C:\Users\Admin\AppData\Local\Temp\370b510335cc2f8bfabb348a2a4dc5293fecf8f17af76f52847dc260cdd83fde.exe"

Signatures

Drops file in Windows directory

Description Indicator Process Target
File opened for modification C:\Windows\SoftwareDistribution\Download\9d6172fa1dc41a48846593219fc6519f\BIT4035.tmp C:\Windows\System32\svchost.exe N/A
File opened for modification C:\Windows\SoftwareDistribution\Download\2ef09e08315a593ec3af8ec57ab6a31e\YZBnsYBVNBTl3Isrrjy7P0\FTTOLXxEZk0li+ZNE2Uo= C:\Windows\System32\svchost.exe N/A
File opened for modification C:\Windows\SoftwareDistribution\Download\6feeefdf55ac33c2cb46a25670952111\o\egfDu3QHOC\BITBADB.tmp C:\Windows\System32\svchost.exe N/A
File opened for modification C:\Windows\SoftwareDistribution\Download\26794b1631618c81e2caec277357b370\BIT404.tmp C:\Windows\System32\svchost.exe N/A
File opened for modification C:\Windows\SoftwareDistribution\Download\2ef09e08315a593ec3af8ec57ab6a31e\6e15245aed25ee83b027521f9cf9ea812c9d016d C:\Windows\System32\svchost.exe N/A
File opened for modification C:\Windows\SoftwareDistribution\Download\d1d4bb0c910695f4fcf53d8f91faafa7\BITA838.tmp C:\Windows\System32\svchost.exe N/A
File opened for modification C:\Windows\SoftwareDistribution\Download\26794b1631618c81e2caec277357b370\BITFB54.tmp C:\Windows\System32\svchost.exe N/A
File opened for modification C:\Windows\SoftwareDistribution\Download\26794b1631618c81e2caec277357b370\BITFBD3.tmp C:\Windows\System32\svchost.exe N/A
File opened for modification C:\Windows\SoftwareDistribution\Download\17087e6e4710e63df4fcd8834f70bc99\pj5OoD7hJ+dBGy+3XOjLT8WsuYwervv\BIT34F7.tmp C:\Windows\System32\svchost.exe N/A
File opened for modification C:\Windows\SoftwareDistribution\Download\ca4af4339884f7018bf988ecac7702ff\BIT9266.tmp C:\Windows\System32\svchost.exe N/A
File opened for modification C:\Windows\SoftwareDistribution\Download\7752a73587b3362d505a041fe7f69ecd\BIT8DFD.tmp C:\Windows\System32\svchost.exe N/A
File opened for modification C:\Windows\SoftwareDistribution\Download\7752a73587b3362d505a041fe7f69ecd\F2WKV54ysEMEW9U+EfiUeJcNcgfNL4pMC5NmE0a3mAg= C:\Windows\System32\svchost.exe N/A
File opened for modification C:\Windows\SoftwareDistribution\Download\cb9f14b7916e97a31f1e53948ed1b67f\6\BITFDC8.tmp C:\Windows\System32\svchost.exe N/A
File opened for modification C:\Windows\SoftwareDistribution\Download\17087e6e4710e63df4fcd8834f70bc99\a3f602ea4d534d006919a2613d91f9506b383314 C:\Windows\System32\svchost.exe N/A
File opened for modification C:\Windows\SoftwareDistribution\Download\9d6172fa1dc41a48846593219fc6519f\BIT3F98.tmp C:\Windows\System32\svchost.exe N/A
File opened for modification C:\Windows\SoftwareDistribution\Download\6feeefdf55ac33c2cb46a25670952111\o\egfDu3QHOC\BITB7AD.tmp C:\Windows\System32\svchost.exe N/A
File opened for modification C:\Windows\SoftwareDistribution\Download\d60cb501610b6a66743c55eade3ef996\CsA9z1\SlUHUPO8bKnA\5ondRmJ90JlkPETuN535TWk= C:\Windows\System32\svchost.exe N/A
File opened for modification C:\Windows\SoftwareDistribution\Download\d60cb501610b6a66743c55eade3ef996\BIT8466.tmp C:\Windows\System32\svchost.exe N/A
File opened for modification C:\Windows\SoftwareDistribution\Download\7752a73587b3362d505a041fe7f69ecd\BIT98A1.tmp C:\Windows\System32\svchost.exe N/A
File opened for modification C:\Windows\SoftwareDistribution\Download\26794b1631618c81e2caec277357b370\daNJ9YVgpN191GzoPynRDpTEDO9uUytOK6Ln7xcN8To= C:\Windows\System32\svchost.exe N/A
File opened for modification C:\Windows\SoftwareDistribution\Download\26794b1631618c81e2caec277357b370\fbaaae7103d0f0a1303a40d280aa18bafcd08dcf C:\Windows\System32\svchost.exe N/A
File opened for modification C:\Windows\SoftwareDistribution\Download\26794b1631618c81e2caec277357b370\BIT472.tmp C:\Windows\System32\svchost.exe N/A
File opened for modification C:\Windows\SoftwareDistribution\Download\d60cb501610b6a66743c55eade3ef996\BIT3062.tmp C:\Windows\System32\svchost.exe N/A
File opened for modification C:\Windows\SoftwareDistribution\Download\17087e6e4710e63df4fcd8834f70bc99\BIT35C3.tmp C:\Windows\System32\svchost.exe N/A
File opened for modification C:\Windows\SoftwareDistribution\Download\6feeefdf55ac33c2cb46a25670952111\BITBB88.tmp C:\Windows\System32\svchost.exe N/A
File opened for modification C:\Windows\SoftwareDistribution\Download\6feeefdf55ac33c2cb46a25670952111\o\egfDu3QHOC\BITC359.tmp C:\Windows\System32\svchost.exe N/A
File opened for modification C:\Windows\SoftwareDistribution\Download\2ef09e08315a593ec3af8ec57ab6a31e\YZBnsYBVNBTl3Isrrjy7P0\BITA3B1.tmp C:\Windows\System32\svchost.exe N/A
File opened for modification C:\Windows\SoftwareDistribution\Download\6feeefdf55ac33c2cb46a25670952111\BITB8B7.tmp C:\Windows\System32\svchost.exe N/A
File opened for modification C:\Windows\SoftwareDistribution\Download\9d6172fa1dc41a48846593219fc6519f\BIT2F17.tmp C:\Windows\System32\svchost.exe N/A
File opened for modification C:\Windows\SoftwareDistribution\Download\d60cb501610b6a66743c55eade3ef996\CsA9z1\SlUHUPO8bKnA\BIT2FA5.tmp C:\Windows\System32\svchost.exe N/A
File opened for modification C:\Windows\SoftwareDistribution\Download\17087e6e4710e63df4fcd8834f70bc99\pj5OoD7hJ+dBGy+3XOjLT8WsuYwervv\LZOCjtiHKk8= C:\Windows\System32\svchost.exe N/A
File opened for modification C:\Windows\SoftwareDistribution\Download\17087e6e4710e63df4fcd8834f70bc99\pj5OoD7hJ+dBGy+3XOjLT8WsuYwervv\BIT4343.tmp C:\Windows\System32\svchost.exe N/A
File opened for modification C:\Windows\SoftwareDistribution\Download\17087e6e4710e63df4fcd8834f70bc99\BIT4596.tmp C:\Windows\System32\svchost.exe N/A
File opened for modification C:\Windows\SoftwareDistribution\Download\ca4af4339884f7018bf988ecac7702ff\BIT91AA.tmp C:\Windows\System32\svchost.exe N/A
File opened for modification C:\Windows\SoftwareDistribution\Download\cb9f14b7916e97a31f1e53948ed1b67f\BITFBB3.tmp C:\Windows\System32\svchost.exe N/A
File opened for modification C:\Windows\SoftwareDistribution\Download\cb9f14b7916e97a31f1e53948ed1b67f\6\v9GXr9MSfUt92b0dEpOsHH2H0TwcnvKmtIW8g3ovM= C:\Windows\System32\svchost.exe N/A
File opened for modification C:\Windows\SoftwareDistribution\Download\d60cb501610b6a66743c55eade3ef996\f3535a3b47819a04c6d5ee18905493be086e801e C:\Windows\System32\svchost.exe N/A
File opened for modification C:\Windows\SoftwareDistribution\Download\d60cb501610b6a66743c55eade3ef996\CsA9z1\SlUHUPO8bKnA\BIT835C.tmp C:\Windows\System32\svchost.exe N/A
File opened for modification C:\Windows\SoftwareDistribution\Download\d1d4bb0c910695f4fcf53d8f91faafa7\Jda7di8befpfPWz3DrhkMwwJL9XbuL8\BITA267.tmp C:\Windows\System32\svchost.exe N/A
File opened for modification C:\Windows\SoftwareDistribution\Download\d1d4bb0c910695f4fcf53d8f91faafa7\BITA314.tmp C:\Windows\System32\svchost.exe N/A
File opened for modification C:\Windows\SoftwareDistribution\Download\d1d4bb0c910695f4fcf53d8f91faafa7\Jda7di8befpfPWz3DrhkMwwJL9XbuL8\BITA7BA.tmp C:\Windows\System32\svchost.exe N/A
File opened for modification C:\Windows\SoftwareDistribution\Download\6feeefdf55ac33c2cb46a25670952111\2cd32031792245e69c7777193005916861cbbe94 C:\Windows\System32\svchost.exe N/A
File opened for modification C:\Windows\SoftwareDistribution\Download\7752a73587b3362d505a041fe7f69ecd\BIT991F.tmp C:\Windows\System32\svchost.exe N/A
File opened for modification C:\Windows\SoftwareDistribution\Download\d1d4bb0c910695f4fcf53d8f91faafa7\d9f2a302574bf135efc9dbd1a8083a336f7f52f0 C:\Windows\System32\svchost.exe N/A
File opened for modification C:\Windows\SoftwareDistribution\Download\cb9f14b7916e97a31f1e53948ed1b67f\c3ca3df6b0660cc02fa0c60992eb1164c186b223 C:\Windows\System32\svchost.exe N/A
File opened for modification C:\Windows\SoftwareDistribution\Download\ca4af4339884f7018bf988ecac7702ff\9+dL4Puh6FM8puPxsBEX86BMeGqpuC0b7gf2fD9DLLo= C:\Windows\System32\svchost.exe N/A
File opened for modification C:\Windows\SoftwareDistribution\Download\ca4af4339884f7018bf988ecac7702ff\BIT8E5C.tmp C:\Windows\System32\svchost.exe N/A
File opened for modification C:\Windows\SoftwareDistribution\Download\cb9f14b7916e97a31f1e53948ed1b67f\6\BITFAA7.tmp C:\Windows\System32\svchost.exe N/A
File opened for modification C:\Windows\SoftwareDistribution\Download\6feeefdf55ac33c2cb46a25670952111\BITC415.tmp C:\Windows\System32\svchost.exe N/A
File opened for modification C:\Windows\SoftwareDistribution\Download\9d6172fa1dc41a48846593219fc6519f\Cmn5TH6S2lFFnfMN8MLr2EoNUIAGzQo2UUjHGMEC99A= C:\Windows\System32\svchost.exe N/A
File opened for modification C:\Windows\SoftwareDistribution\Download\ca4af4339884f7018bf988ecac7702ff\612ad442b8740f4c57b8c84e6bf465ba4699118c C:\Windows\System32\svchost.exe N/A
File opened for modification C:\Windows\SoftwareDistribution\Download\7752a73587b3362d505a041fe7f69ecd\BIT8E7C.tmp C:\Windows\System32\svchost.exe N/A
File opened for modification C:\Windows\SoftwareDistribution\Download\7752a73587b3362d505a041fe7f69ecd\af66e12c1bb9d8519da21259d0fcd88c247cb4f1 C:\Windows\System32\svchost.exe N/A
File opened for modification C:\Windows\SoftwareDistribution\Download\2ef09e08315a593ec3af8ec57ab6a31e\BITB00A.tmp C:\Windows\System32\svchost.exe N/A
File opened for modification C:\Windows\SoftwareDistribution\Download\6feeefdf55ac33c2cb46a25670952111\o\egfDu3QHOC\Xbfe7KpvVnvJHxQ2cRDBmUlnoMnpDY= C:\Windows\System32\svchost.exe N/A
File opened for modification C:\Windows\SoftwareDistribution\Download\2ef09e08315a593ec3af8ec57ab6a31e\YZBnsYBVNBTl3Isrrjy7P0\BITAF5E.tmp C:\Windows\System32\svchost.exe N/A
File opened for modification C:\Windows\SoftwareDistribution\Download\cb9f14b7916e97a31f1e53948ed1b67f\BITFE36.tmp C:\Windows\System32\svchost.exe N/A
File opened for modification C:\Windows\SoftwareDistribution\Download\d1d4bb0c910695f4fcf53d8f91faafa7\Jda7di8befpfPWz3DrhkMwwJL9XbuL8\fDFnweOZvFE= C:\Windows\System32\svchost.exe N/A
File opened for modification C:\Windows\SoftwareDistribution\Download\9d6172fa1dc41a48846593219fc6519f\BIT3032.tmp C:\Windows\System32\svchost.exe N/A
File opened for modification C:\Windows\SoftwareDistribution\Download\9d6172fa1dc41a48846593219fc6519f\e1a85885fd4453165061351651289cce8f8590c4 C:\Windows\System32\svchost.exe N/A
File opened for modification C:\Windows\SoftwareDistribution\Download\ca4af4339884f7018bf988ecac7702ff\BIT8D31.tmp C:\Windows\System32\svchost.exe N/A
File opened for modification C:\Windows\SoftwareDistribution\Download\2ef09e08315a593ec3af8ec57ab6a31e\BITA46E.tmp C:\Windows\System32\svchost.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\370b510335cc2f8bfabb348a2a4dc5293fecf8f17af76f52847dc260cdd83fde.exe

"C:\Users\Admin\AppData\Local\Temp\370b510335cc2f8bfabb348a2a4dc5293fecf8f17af76f52847dc260cdd83fde.exe"

C:\Users\Admin\AppData\Local\Temp\1cd9b53\370b510335cc2f8bfabb348a2a4dc5293fecf8f17af76f52847dc260cdd83fde.exe

-run=1 -shortcut="C:\Users\Admin\AppData\Local\Temp\370b510335cc2f8bfabb348a2a4dc5293fecf8f17af76f52847dc260cdd83fde.exe"

C:\Windows\System32\svchost.exe

C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS

Network

Country Destination Domain Proto
US 93.184.220.29:80 tcp
US 93.184.220.29:80 tcp
US 93.184.220.29:80 tcp
US 8.8.8.8:53 licensing.mp.microsoft.com udp
US 20.96.63.25:443 licensing.mp.microsoft.com tcp
US 8.8.8.8:53 storesdk.dsx.mp.microsoft.com udp
NL 104.123.45.204:443 storesdk.dsx.mp.microsoft.com tcp
US 20.96.63.25:443 licensing.mp.microsoft.com tcp
US 20.96.63.25:443 licensing.mp.microsoft.com tcp
US 20.96.63.25:443 licensing.mp.microsoft.com tcp
US 8.8.8.8:53 store-images.s-microsoft.com udp
NL 104.123.41.133:80 store-images.s-microsoft.com tcp
NL 104.123.41.133:80 store-images.s-microsoft.com tcp
NL 104.123.41.133:80 store-images.s-microsoft.com tcp
US 20.96.63.25:443 licensing.mp.microsoft.com tcp
NL 104.123.41.133:80 store-images.s-microsoft.com tcp
NL 104.123.41.133:80 store-images.s-microsoft.com tcp
NL 104.123.41.133:80 store-images.s-microsoft.com tcp
US 20.96.63.25:443 licensing.mp.microsoft.com tcp
US 8.8.8.8:53 tsfe.trafficshaping.dsp.mp.microsoft.com udp
IE 20.54.110.119:443 tsfe.trafficshaping.dsp.mp.microsoft.com tcp
IE 20.54.110.119:443 tsfe.trafficshaping.dsp.mp.microsoft.com tcp
US 8.8.8.8:53 dl.delivery.mp.microsoft.com udp
NL 8.248.1.254:80 dl.delivery.mp.microsoft.com tcp
NL 8.248.1.254:80 dl.delivery.mp.microsoft.com tcp
NL 8.248.1.254:80 dl.delivery.mp.microsoft.com tcp
NL 8.248.1.254:80 dl.delivery.mp.microsoft.com tcp
US 8.8.8.8:53 tlu.dl.delivery.mp.microsoft.com udp
US 93.184.221.240:80 tlu.dl.delivery.mp.microsoft.com tcp
US 93.184.221.240:80 tlu.dl.delivery.mp.microsoft.com tcp
US 93.184.221.240:80 tlu.dl.delivery.mp.microsoft.com tcp
US 93.184.221.240:80 tlu.dl.delivery.mp.microsoft.com tcp
NL 8.248.1.254:80 dl.delivery.mp.microsoft.com tcp
NL 8.248.1.254:80 dl.delivery.mp.microsoft.com tcp
US 93.184.221.240:80 tlu.dl.delivery.mp.microsoft.com tcp
US 93.184.221.240:80 tlu.dl.delivery.mp.microsoft.com tcp
NL 8.248.1.254:80 dl.delivery.mp.microsoft.com tcp
NL 8.248.1.254:80 dl.delivery.mp.microsoft.com tcp
US 93.184.221.240:80 tlu.dl.delivery.mp.microsoft.com tcp
US 93.184.221.240:80 tlu.dl.delivery.mp.microsoft.com tcp
NL 8.248.1.254:80 dl.delivery.mp.microsoft.com tcp
NL 8.248.1.254:80 dl.delivery.mp.microsoft.com tcp
US 93.184.221.240:80 tlu.dl.delivery.mp.microsoft.com tcp
US 93.184.221.240:80 tlu.dl.delivery.mp.microsoft.com tcp
NL 8.248.1.254:80 dl.delivery.mp.microsoft.com tcp
NL 8.248.1.254:80 dl.delivery.mp.microsoft.com tcp
US 93.184.221.240:80 tlu.dl.delivery.mp.microsoft.com tcp
US 93.184.221.240:80 tlu.dl.delivery.mp.microsoft.com tcp
NL 8.248.1.254:80 dl.delivery.mp.microsoft.com tcp
NL 8.248.1.254:80 dl.delivery.mp.microsoft.com tcp
NL 8.248.1.254:80 dl.delivery.mp.microsoft.com tcp
NL 8.248.1.254:80 dl.delivery.mp.microsoft.com tcp
US 93.184.221.240:80 tlu.dl.delivery.mp.microsoft.com tcp
US 93.184.221.240:80 tlu.dl.delivery.mp.microsoft.com tcp
US 93.184.221.240:80 tlu.dl.delivery.mp.microsoft.com tcp
US 93.184.221.240:80 tlu.dl.delivery.mp.microsoft.com tcp
NL 8.248.1.254:80 dl.delivery.mp.microsoft.com tcp
NL 8.248.1.254:80 dl.delivery.mp.microsoft.com tcp
US 93.184.221.240:80 tlu.dl.delivery.mp.microsoft.com tcp
US 93.184.221.240:80 tlu.dl.delivery.mp.microsoft.com tcp
NL 8.248.1.254:80 dl.delivery.mp.microsoft.com tcp
NL 8.248.1.254:80 dl.delivery.mp.microsoft.com tcp
US 93.184.221.240:80 tlu.dl.delivery.mp.microsoft.com tcp
US 93.184.221.240:80 tlu.dl.delivery.mp.microsoft.com tcp
NL 8.248.1.254:80 dl.delivery.mp.microsoft.com tcp
NL 8.248.1.254:80 dl.delivery.mp.microsoft.com tcp
US 93.184.221.240:80 tlu.dl.delivery.mp.microsoft.com tcp
US 93.184.221.240:80 tlu.dl.delivery.mp.microsoft.com tcp
NL 8.248.1.254:80 dl.delivery.mp.microsoft.com tcp
NL 8.248.1.254:80 dl.delivery.mp.microsoft.com tcp
US 93.184.221.240:80 tlu.dl.delivery.mp.microsoft.com tcp
US 93.184.221.240:80 tlu.dl.delivery.mp.microsoft.com tcp
NL 8.248.1.254:80 dl.delivery.mp.microsoft.com tcp
NL 8.248.1.254:80 dl.delivery.mp.microsoft.com tcp
US 93.184.221.240:80 tlu.dl.delivery.mp.microsoft.com tcp
US 93.184.221.240:80 tlu.dl.delivery.mp.microsoft.com tcp
NL 8.248.1.254:80 dl.delivery.mp.microsoft.com tcp
NL 8.248.1.254:80 dl.delivery.mp.microsoft.com tcp
US 93.184.221.240:80 tlu.dl.delivery.mp.microsoft.com tcp
US 93.184.221.240:80 tlu.dl.delivery.mp.microsoft.com tcp
NL 8.248.1.254:80 dl.delivery.mp.microsoft.com tcp
NL 8.248.1.254:80 dl.delivery.mp.microsoft.com tcp
US 93.184.221.240:80 tlu.dl.delivery.mp.microsoft.com tcp
US 93.184.221.240:80 tlu.dl.delivery.mp.microsoft.com tcp
NL 8.248.1.254:80 dl.delivery.mp.microsoft.com tcp
NL 8.248.1.254:80 dl.delivery.mp.microsoft.com tcp
US 93.184.221.240:80 tlu.dl.delivery.mp.microsoft.com tcp
US 93.184.221.240:80 tlu.dl.delivery.mp.microsoft.com tcp
NL 8.248.1.254:80 dl.delivery.mp.microsoft.com tcp
NL 8.248.1.254:80 dl.delivery.mp.microsoft.com tcp
US 93.184.221.240:80 tlu.dl.delivery.mp.microsoft.com tcp
US 93.184.221.240:80 tlu.dl.delivery.mp.microsoft.com tcp
US 204.79.197.200:443 tcp
NL 8.248.1.254:80 dl.delivery.mp.microsoft.com tcp
NL 8.248.1.254:80 dl.delivery.mp.microsoft.com tcp
NL 8.248.1.254:80 dl.delivery.mp.microsoft.com tcp
NL 8.248.1.254:80 dl.delivery.mp.microsoft.com tcp
US 93.184.221.240:80 tlu.dl.delivery.mp.microsoft.com tcp
US 93.184.221.240:80 tlu.dl.delivery.mp.microsoft.com tcp
US 93.184.221.240:80 tlu.dl.delivery.mp.microsoft.com tcp
US 93.184.221.240:80 tlu.dl.delivery.mp.microsoft.com tcp
NL 8.248.1.254:80 dl.delivery.mp.microsoft.com tcp
NL 8.248.1.254:80 dl.delivery.mp.microsoft.com tcp
US 93.184.221.240:80 tlu.dl.delivery.mp.microsoft.com tcp
US 93.184.221.240:80 tlu.dl.delivery.mp.microsoft.com tcp
NL 8.248.1.254:80 dl.delivery.mp.microsoft.com tcp
NL 8.248.1.254:80 dl.delivery.mp.microsoft.com tcp
US 93.184.221.240:80 tlu.dl.delivery.mp.microsoft.com tcp
US 93.184.221.240:80 tlu.dl.delivery.mp.microsoft.com tcp
IE 20.54.110.119:443 tsfe.trafficshaping.dsp.mp.microsoft.com tcp

Files

C:\Users\Admin\AppData\Local\Temp\1cd9b53\370b510335cc2f8bfabb348a2a4dc5293fecf8f17af76f52847dc260cdd83fde.exe

MD5 76863eb690c9385a6fb13503a60f0b7f
SHA1 09af8728202201928db0fbe7c0364e6070fa26f3
SHA256 370b510335cc2f8bfabb348a2a4dc5293fecf8f17af76f52847dc260cdd83fde
SHA512 6f06bf8ef2b0d300090d4ecff807453699c3af9f85f8ac6ad7489877a72e693e59e73cbbf81a6a2f185dccba8b5b3790ec57b04e23e9a0a46ab206868e244d18

C:\Users\Admin\AppData\Local\Temp\1cd9b53\370b510335cc2f8bfabb348a2a4dc5293fecf8f17af76f52847dc260cdd83fde.exe

MD5 76863eb690c9385a6fb13503a60f0b7f
SHA1 09af8728202201928db0fbe7c0364e6070fa26f3
SHA256 370b510335cc2f8bfabb348a2a4dc5293fecf8f17af76f52847dc260cdd83fde
SHA512 6f06bf8ef2b0d300090d4ecff807453699c3af9f85f8ac6ad7489877a72e693e59e73cbbf81a6a2f185dccba8b5b3790ec57b04e23e9a0a46ab206868e244d18

memory/2292-136-0x0000020BEAF80000-0x0000020BEAF90000-memory.dmp

memory/2292-137-0x0000020BEB860000-0x0000020BEB870000-memory.dmp

memory/2292-138-0x0000020BEDE00000-0x0000020BEDE04000-memory.dmp

memory/2292-139-0x0000020BEE100000-0x0000020BEE104000-memory.dmp

memory/2292-140-0x0000020BEE100000-0x0000020BEE104000-memory.dmp

memory/2292-141-0x0000020BEE180000-0x0000020BEE184000-memory.dmp

memory/2292-142-0x0000020BEE180000-0x0000020BEE184000-memory.dmp

memory/2292-143-0x0000020BEE2C0000-0x0000020BEE2C4000-memory.dmp

memory/2292-144-0x0000020BEE290000-0x0000020BEE294000-memory.dmp