Malware Analysis Report

2024-10-18 22:58

Sample ID 221113-zx1s7agb9y
Target 623eeeaa50222b04c502c65aa6fee5342c4640a10b50c882b388fdeda0f21478
SHA256 623eeeaa50222b04c502c65aa6fee5342c4640a10b50c882b388fdeda0f21478
Tags
joker infostealer trojan
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V6

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

623eeeaa50222b04c502c65aa6fee5342c4640a10b50c882b388fdeda0f21478

Threat Level: Known bad

The file 623eeeaa50222b04c502c65aa6fee5342c4640a10b50c882b388fdeda0f21478 was found to be: Known bad.

Malicious Activity Summary

joker infostealer trojan

joker

Enumerates physical storage devices

Modifies Internet Explorer settings

Modifies registry class

Modifies system certificate store

Suspicious use of AdjustPrivilegeToken

Suspicious use of SetWindowsHookEx

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2022-11-13 21:06

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2022-11-13 21:06

Reported

2022-11-13 21:09

Platform

win7-20220901-en

Max time kernel

146s

Max time network

126s

Command Line

"C:\Users\Admin\AppData\Local\Temp\623eeeaa50222b04c502c65aa6fee5342c4640a10b50c882b388fdeda0f21478.exe"

Signatures

joker

infostealer trojan joker

Enumerates physical storage devices

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Internet Explorer\Main C:\Users\Admin\AppData\Local\Temp\623eeeaa50222b04c502c65aa6fee5342c4640a10b50c882b388fdeda0f21478.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Users\Admin\AppData\Local\Temp\623eeeaa50222b04c502c65aa6fee5342c4640a10b50c882b388fdeda0f21478.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Internet Explorer\DOMStorage\2dama.com\NumberOfSubdomains = "1" C:\Users\Admin\AppData\Local\Temp\623eeeaa50222b04c502c65aa6fee5342c4640a10b50c882b388fdeda0f21478.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.2dama.com\ = "126" C:\Users\Admin\AppData\Local\Temp\623eeeaa50222b04c502c65aa6fee5342c4640a10b50c882b388fdeda0f21478.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Users\Admin\AppData\Local\Temp\623eeeaa50222b04c502c65aa6fee5342c4640a10b50c882b388fdeda0f21478.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Internet Explorer\DOMStorage\2dama.com C:\Users\Admin\AppData\Local\Temp\623eeeaa50222b04c502c65aa6fee5342c4640a10b50c882b388fdeda0f21478.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Internet Explorer\DOMStorage\2dama.com\Total = "126" C:\Users\Admin\AppData\Local\Temp\623eeeaa50222b04c502c65aa6fee5342c4640a10b50c882b388fdeda0f21478.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Internet Explorer\DOMStorage C:\Users\Admin\AppData\Local\Temp\623eeeaa50222b04c502c65aa6fee5342c4640a10b50c882b388fdeda0f21478.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total C:\Users\Admin\AppData\Local\Temp\623eeeaa50222b04c502c65aa6fee5342c4640a10b50c882b388fdeda0f21478.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Internet Explorer\DOMStorage\2dama.com\Total = "63" C:\Users\Admin\AppData\Local\Temp\623eeeaa50222b04c502c65aa6fee5342c4640a10b50c882b388fdeda0f21478.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "126" C:\Users\Admin\AppData\Local\Temp\623eeeaa50222b04c502c65aa6fee5342c4640a10b50c882b388fdeda0f21478.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "63" C:\Users\Admin\AppData\Local\Temp\623eeeaa50222b04c502c65aa6fee5342c4640a10b50c882b388fdeda0f21478.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.2dama.com C:\Users\Admin\AppData\Local\Temp\623eeeaa50222b04c502c65aa6fee5342c4640a10b50c882b388fdeda0f21478.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.2dama.com\ = "63" C:\Users\Admin\AppData\Local\Temp\623eeeaa50222b04c502c65aa6fee5342c4640a10b50c882b388fdeda0f21478.exe N/A

Modifies registry class

Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{FCAA32E7-B054-4E44-8EFE-C24329CB7D9F}\ProgID\ = "623eeeaa50222b04c502c65aa6fee5342c4640a10b50c882b388fdeda0f21478.GHSProtocol" C:\Users\Admin\AppData\Local\Temp\623eeeaa50222b04c502c65aa6fee5342c4640a10b50c882b388fdeda0f21478.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{FCAA32E7-B054-4E44-8EFE-C24329CB7D9F}\ = "Embedded Async Pluggable Protocol" C:\Users\Admin\AppData\Local\Temp\623eeeaa50222b04c502c65aa6fee5342c4640a10b50c882b388fdeda0f21478.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{FCAA32E7-B054-4E44-8EFE-C24329CB7D9F}\LocalServer32 C:\Users\Admin\AppData\Local\Temp\623eeeaa50222b04c502c65aa6fee5342c4640a10b50c882b388fdeda0f21478.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\623eeeaa50222b04c502c65aa6fee5342c4640a10b50c882b388fdeda0f21478.GHSProtocol C:\Users\Admin\AppData\Local\Temp\623eeeaa50222b04c502c65aa6fee5342c4640a10b50c882b388fdeda0f21478.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\623eeeaa50222b04c502c65aa6fee5342c4640a10b50c882b388fdeda0f21478.GHSProtocol\Clsid C:\Users\Admin\AppData\Local\Temp\623eeeaa50222b04c502c65aa6fee5342c4640a10b50c882b388fdeda0f21478.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\623eeeaa50222b04c502c65aa6fee5342c4640a10b50c882b388fdeda0f21478.GHSProtocol\Clsid\ = "{FCAA32E7-B054-4E44-8EFE-C24329CB7D9F}" C:\Users\Admin\AppData\Local\Temp\623eeeaa50222b04c502c65aa6fee5342c4640a10b50c882b388fdeda0f21478.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{FCAA32E7-B054-4E44-8EFE-C24329CB7D9F} C:\Users\Admin\AppData\Local\Temp\623eeeaa50222b04c502c65aa6fee5342c4640a10b50c882b388fdeda0f21478.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{FCAA32E7-B054-4E44-8EFE-C24329CB7D9F}\LocalServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\623eeeaa50222b04c502c65aa6fee5342c4640a10b50c882b388fdeda0f21478.exe" C:\Users\Admin\AppData\Local\Temp\623eeeaa50222b04c502c65aa6fee5342c4640a10b50c882b388fdeda0f21478.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\623eeeaa50222b04c502c65aa6fee5342c4640a10b50c882b388fdeda0f21478.GHSProtocol\ = "Embedded Async Pluggable Protocol" C:\Users\Admin\AppData\Local\Temp\623eeeaa50222b04c502c65aa6fee5342c4640a10b50c882b388fdeda0f21478.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{FCAA32E7-B054-4E44-8EFE-C24329CB7D9F}\ProgID C:\Users\Admin\AppData\Local\Temp\623eeeaa50222b04c502c65aa6fee5342c4640a10b50c882b388fdeda0f21478.exe N/A

Modifies system certificate store

evasion spyware trojan
Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349 C:\Users\Admin\AppData\Local\Temp\623eeeaa50222b04c502c65aa6fee5342c4640a10b50c882b388fdeda0f21478.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13\Blob = 1900000001000000100000006cf252fec3e8f20996de5d4dd9aef424030000000100000014000000dac9024f54d8f6df94935fb1732638ca6ad77c131d00000001000000100000004558d512eecb27464920897de7b66053140000000100000014000000c4a7b1a47b2c71fadbe14b9075ffc41560858910090000000100000016000000301406082b0601050507030406082b060105050703010b000000010000001e000000440053005400200052006f006f00740020004300410020005800330000000f00000001000000140000005bcaa1c2780f0bcb5a90770451d96f38963f012d20000000010000004e0300003082034a30820232a003020102021044afb080d6a327ba893039862ef8406b300d06092a864886f70d0101050500303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f74204341205833301e170d3030303933303231313231395a170d3231303933303134303131355a303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f7420434120583330820122300d06092a864886f70d01010105000382010f003082010a0282010100dfafe99750088357b4cc6265f69082ecc7d32c6b30ca5becd9c37dc740c118148be0e83376492ae33f214993ac4e0eaf3e48cb65eefcd3210f65d22ad9328f8ce5f777b0127bb595c089a3a9baed732e7a0c063283a27e8a1430cd11a0e12a38b9790a31fd50bd8065dfb7516383c8e28861ea4b6181ec526bb9a2e24b1a289f48a39e0cda098e3e172e1edd20df5bc62a8aab2ebd70adc50b1a25907472c57b6aab34d63089ffe568137b540bc8d6aeec5a9c921e3d64b38cc6dfbfc94170ec1672d526ec38553943d0fcfd185c40f197ebd59a9b8d1dbada25b9c6d8dfc115023aabda6ef13e2ef55c089c3cd68369e4109b192ab62957e3e53d9b9ff0025d0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e04160414c4a7b1a47b2c71fadbe14b9075ffc41560858910300d06092a864886f70d01010505000382010100a31a2c9b17005ca91eee2866373abf83c73f4bc309a095205de3d95944d23e0d3ebd8a4ba0741fce10829c741a1d7e981addcb134bb32044e491e9ccfc7da5db6ae5fee6fde04eddb7003ab57049aff2e5eb02f1d1028b19cb943a5e48c4181e58195f1e025af00cf1b1ada9dc59868b6ee991f586cafab96633aa595bcee2a7167347cb2bcc99b03748cfe3564bf5cf0f0c723287c6f044bb53726d43f526489a5267b758abfe67767178db0da256141339243185a2a8025a3047e1dd5007bc02099000eb6463609b16bc88c912e6d27d918bf93d328d65b4e97cb15776eac5b62839bf15651cc8f677966a0a8d770bd8910b048e07db29b60aee9d82353510 C:\Users\Admin\AppData\Local\Temp\623eeeaa50222b04c502c65aa6fee5342c4640a10b50c882b388fdeda0f21478.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\A8985D3A65E5E5C4B2D7D66D40C6DD2FB19C5436\Blob = 04000000010000001000000079e4a9840d7d3a96d7c04fe2434c892e0f0000000100000014000000b34ddd372ed92e8f2abfbb9e20a9d31f204f194b090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b0601050507030814000000010000001400000003de503556d14cbb66f0a3e21b1bc397b23dd1550b00000001000000120000004400690067006900430065007200740000001d000000010000001000000059779e39e21a2e3dfced6857ed5c5fd9030000000100000014000000a8985d3a65e5e5c4b2d7d66d40c6dd2fb19c54361900000001000000100000000f3a0527d242de2dc98e5cfcb1e991ee2000000001000000b3030000308203af30820297a0030201020210083be056904246b1a1756ac95991c74a300d06092a864886f70d01010505003061310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3120301e06035504031317446967694365727420476c6f62616c20526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3061310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3120301e06035504031317446967694365727420476c6f62616c20526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100e23be11172dea8a4d3a357aa50a28f0b7790c9a2a5ee12ce965b010920cc0193a74e30b753f743c46900579de28d22dd870640008109cece1b83bfdfcd3b7146e2d666c705b37627168f7b9e1e957deeb748a308dad6af7a0c3906657f4a5d1fbc17f8abbeee28d7747f7a78995985686e5c23324bbf4ec0e85a6de370bf7710bffc01f685d9a844105832a97518d5d1a2be47e2276af49a33f84908608bd45fb43a84bfa1aa4a4c7d3ecf4f5f6c765ea04b37919edc22e66dce141a8e6acbfecdb3146417c75b299e32bff2eefad30b42d4abb74132da0cd4eff881d5bb8d583fb51be84928a270da3104ddf7b216f24c0a4e07a8ed4a3d5eb57fa390c3af270203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041403de503556d14cbb66f0a3e21b1bc397b23dd155301f0603551d2304183016801403de503556d14cbb66f0a3e21b1bc397b23dd155300d06092a864886f70d01010505000382010100cb9c37aa4813120afadd449c4f52b0f4dfae04f5797908a32418fc4b2b84c02db9d5c7fef4c11f58cbb86d9c7a74e79829ab11b5e370a0a1cd4c8899938c9170e2ab0f1cbe93a9ff63d5e40760d3a3bf9d5b09f1d58ee353f48e63fa3fa7dbb466df6266d6d16e418df22db5ea774a9f9d58e22b59c04023ed2d2882453e7954922698e08048a837eff0d6796016deace80ecd6eac4417382f49dae1453e2ab93653cf3a5006f72ee8c457496c612118d504ad783c2c3a806ba7ebaf1514e9d889c1b9386ce2916c8aff64b977255730c01b24a3e1dce9df477cb5b424080530ec2dbd0bbf45bf50b9a9f3eb980112adc888c698345f8d0a3cc6e9d595956dde C:\Users\Admin\AppData\Local\Temp\623eeeaa50222b04c502c65aa6fee5342c4640a10b50c882b388fdeda0f21478.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349\Blob = 0f00000001000000140000003e8e6487f8fd27d322a269a71edaac5d57811286090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b0601050507030853000000010000002600000030243022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c00b00000001000000180000004300b7004f00b7004d00b7004f00b7004400b7004f000000140000000100000014000000a0110a233e96f107ece2af29ef82a57fd030a4b41d00000001000000100000002e0d6875874a44c820912e85e964cfdb030000000100000014000000d1eb23a46d17d68fd92564c2f1f1601764d8e349200000000100000036040000308204323082031aa003020102020101300d06092a864886f70d0101050500307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c18414141204365727469666963617465205365727669636573301e170d3034303130313030303030305a170d3238313233313233353935395a307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c1841414120436572746966696361746520536572766963657330820122300d06092a864886f70d01010105000382010f003082010a0282010100be409df46ee1ea76871c4d45448ebe46c883069dc12afe181f8ee402faf3ab5d508a16310b9a06d0c57022cd492d5463ccb66e68460b53eacb4c24c0bc724eeaf115aef4549a120ac37ab23360e2da8955f32258f3dedccfef8386a28c944f9f68f29890468427c776bfe3cc352c8b5e07646582c048b0a891f9619f762050a891c766b5eb78620356f08a1a13ea31a31ea099fd38f6f62732586f07f56bb8fb142bafb7aaccd6635f738cda0599a838a8cb17783651ace99ef4783a8dcf0fd942e2980cab2f9f0e01deef9f9949f12ddfac744d1b98b547c5e529d1f99018c7629cbe83c7267b3e8a25c7c0dd9de6356810209d8fd8ded2c3849c0d5ee82fc90203010001a381c03081bd301d0603551d0e04160414a0110a233e96f107ece2af29ef82a57fd030a4b4300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff307b0603551d1f047430723038a036a0348632687474703a2f2f63726c2e636f6d6f646f63612e636f6d2f414141436572746966696361746553657276696365732e63726c3036a034a0328630687474703a2f2f63726c2e636f6d6f646f2e6e65742f414141436572746966696361746553657276696365732e63726c300d06092a864886f70d010105050003820101000856fc02f09be8ffa4fad67bc64480ce4fc4c5f60058cca6b6bc1449680476e8e6ee5dec020f60d68d50184f264e01e3e6b0a5eebfbc745441bffdfc12b8c74f5af48960057f60b7054af3f6f1c2bfc4b97486b62d7d6bccd2f346dd2fc6e06ac3c334032c7d96dd5ac20ea70a99c1058bab0c2ff35c3acf6c37550987de53406c58effcb6ab656e04f61bdc3ce05a15c69ed9f15948302165036cece92173ec9b03a1e037ada015188ffaba02cea72ca910132cd4e50826ab229760f8905e74d4a29a53bdf2a968e0a26ec2d76cb1a30f9ebfeb68e756f2aef2e32b383a0981b56b85d7be2ded3f1ab7b263e2f5622c82d46a004150f139839f95e93696986e C:\Users\Admin\AppData\Local\Temp\623eeeaa50222b04c502c65aa6fee5342c4640a10b50c882b388fdeda0f21478.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8 C:\Users\Admin\AppData\Local\Temp\623eeeaa50222b04c502c65aa6fee5342c4640a10b50c882b388fdeda0f21478.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13 C:\Users\Admin\AppData\Local\Temp\623eeeaa50222b04c502c65aa6fee5342c4640a10b50c882b388fdeda0f21478.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\A8985D3A65E5E5C4B2D7D66D40C6DD2FB19C5436 C:\Users\Admin\AppData\Local\Temp\623eeeaa50222b04c502c65aa6fee5342c4640a10b50c882b388fdeda0f21478.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349\Blob = 040000000100000010000000497904b0eb8719ac47b0bc11519b74d0030000000100000014000000d1eb23a46d17d68fd92564c2f1f1601764d8e3491d00000001000000100000002e0d6875874a44c820912e85e964cfdb140000000100000014000000a0110a233e96f107ece2af29ef82a57fd030a4b40b00000001000000180000004300b7004f00b7004d00b7004f00b7004400b7004f00000053000000010000002600000030243022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b060105050703080f00000001000000140000003e8e6487f8fd27d322a269a71edaac5d57811286200000000100000036040000308204323082031aa003020102020101300d06092a864886f70d0101050500307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c18414141204365727469666963617465205365727669636573301e170d3034303130313030303030305a170d3238313233313233353935395a307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c1841414120436572746966696361746520536572766963657330820122300d06092a864886f70d01010105000382010f003082010a0282010100be409df46ee1ea76871c4d45448ebe46c883069dc12afe181f8ee402faf3ab5d508a16310b9a06d0c57022cd492d5463ccb66e68460b53eacb4c24c0bc724eeaf115aef4549a120ac37ab23360e2da8955f32258f3dedccfef8386a28c944f9f68f29890468427c776bfe3cc352c8b5e07646582c048b0a891f9619f762050a891c766b5eb78620356f08a1a13ea31a31ea099fd38f6f62732586f07f56bb8fb142bafb7aaccd6635f738cda0599a838a8cb17783651ace99ef4783a8dcf0fd942e2980cab2f9f0e01deef9f9949f12ddfac744d1b98b547c5e529d1f99018c7629cbe83c7267b3e8a25c7c0dd9de6356810209d8fd8ded2c3849c0d5ee82fc90203010001a381c03081bd301d0603551d0e04160414a0110a233e96f107ece2af29ef82a57fd030a4b4300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff307b0603551d1f047430723038a036a0348632687474703a2f2f63726c2e636f6d6f646f63612e636f6d2f414141436572746966696361746553657276696365732e63726c3036a034a0328630687474703a2f2f63726c2e636f6d6f646f2e6e65742f414141436572746966696361746553657276696365732e63726c300d06092a864886f70d010105050003820101000856fc02f09be8ffa4fad67bc64480ce4fc4c5f60058cca6b6bc1449680476e8e6ee5dec020f60d68d50184f264e01e3e6b0a5eebfbc745441bffdfc12b8c74f5af48960057f60b7054af3f6f1c2bfc4b97486b62d7d6bccd2f346dd2fc6e06ac3c334032c7d96dd5ac20ea70a99c1058bab0c2ff35c3acf6c37550987de53406c58effcb6ab656e04f61bdc3ce05a15c69ed9f15948302165036cece92173ec9b03a1e037ada015188ffaba02cea72ca910132cd4e50826ab229760f8905e74d4a29a53bdf2a968e0a26ec2d76cb1a30f9ebfeb68e756f2aef2e32b383a0981b56b85d7be2ded3f1ab7b263e2f5622c82d46a004150f139839f95e93696986e C:\Users\Admin\AppData\Local\Temp\623eeeaa50222b04c502c65aa6fee5342c4640a10b50c882b388fdeda0f21478.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349\Blob = 1900000001000000100000002aa1c05e2ae606f198c2c5e937c97aa20f00000001000000140000003e8e6487f8fd27d322a269a71edaac5d57811286090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b0601050507030853000000010000002600000030243022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c00b00000001000000180000004300b7004f00b7004d00b7004f00b7004400b7004f000000140000000100000014000000a0110a233e96f107ece2af29ef82a57fd030a4b41d00000001000000100000002e0d6875874a44c820912e85e964cfdb030000000100000014000000d1eb23a46d17d68fd92564c2f1f1601764d8e349040000000100000010000000497904b0eb8719ac47b0bc11519b74d0200000000100000036040000308204323082031aa003020102020101300d06092a864886f70d0101050500307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c18414141204365727469666963617465205365727669636573301e170d3034303130313030303030305a170d3238313233313233353935395a307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c1841414120436572746966696361746520536572766963657330820122300d06092a864886f70d01010105000382010f003082010a0282010100be409df46ee1ea76871c4d45448ebe46c883069dc12afe181f8ee402faf3ab5d508a16310b9a06d0c57022cd492d5463ccb66e68460b53eacb4c24c0bc724eeaf115aef4549a120ac37ab23360e2da8955f32258f3dedccfef8386a28c944f9f68f29890468427c776bfe3cc352c8b5e07646582c048b0a891f9619f762050a891c766b5eb78620356f08a1a13ea31a31ea099fd38f6f62732586f07f56bb8fb142bafb7aaccd6635f738cda0599a838a8cb17783651ace99ef4783a8dcf0fd942e2980cab2f9f0e01deef9f9949f12ddfac744d1b98b547c5e529d1f99018c7629cbe83c7267b3e8a25c7c0dd9de6356810209d8fd8ded2c3849c0d5ee82fc90203010001a381c03081bd301d0603551d0e04160414a0110a233e96f107ece2af29ef82a57fd030a4b4300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff307b0603551d1f047430723038a036a0348632687474703a2f2f63726c2e636f6d6f646f63612e636f6d2f414141436572746966696361746553657276696365732e63726c3036a034a0328630687474703a2f2f63726c2e636f6d6f646f2e6e65742f414141436572746966696361746553657276696365732e63726c300d06092a864886f70d010105050003820101000856fc02f09be8ffa4fad67bc64480ce4fc4c5f60058cca6b6bc1449680476e8e6ee5dec020f60d68d50184f264e01e3e6b0a5eebfbc745441bffdfc12b8c74f5af48960057f60b7054af3f6f1c2bfc4b97486b62d7d6bccd2f346dd2fc6e06ac3c334032c7d96dd5ac20ea70a99c1058bab0c2ff35c3acf6c37550987de53406c58effcb6ab656e04f61bdc3ce05a15c69ed9f15948302165036cece92173ec9b03a1e037ada015188ffaba02cea72ca910132cd4e50826ab229760f8905e74d4a29a53bdf2a968e0a26ec2d76cb1a30f9ebfeb68e756f2aef2e32b383a0981b56b85d7be2ded3f1ab7b263e2f5622c82d46a004150f139839f95e93696986e C:\Users\Admin\AppData\Local\Temp\623eeeaa50222b04c502c65aa6fee5342c4640a10b50c882b388fdeda0f21478.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\SystemCertificates\CA\Certificates\A053375BFE84E8B748782C7CEE15827A6AF5A405 C:\Users\Admin\AppData\Local\Temp\623eeeaa50222b04c502c65aa6fee5342c4640a10b50c882b388fdeda0f21478.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\SystemCertificates\CA\Certificates\A053375BFE84E8B748782C7CEE15827A6AF5A405\Blob = 030000000100000014000000a053375bfe84e8b748782c7cee15827a6af5a405140000000100000014000000142eb317b75856cbae500940e61faf9d8b14c2c6040000000100000010000000e829e65d7c4307d6fbc13c179e037a360f0000000100000020000000444ebd67bb83f8807b3921e938ac9178b882bd50aadb11231f044cf5f08df7ce190000000100000010000000f044424c506513d62804c04f719403f91800000001000000100000002fe1f70bb05d7c92335bc5e05b984da620000000010000001a05000030820516308202fea003020102021100912b084acf0c18a753f6d62e25a75f5a300d06092a864886f70d01010b0500304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f74205831301e170d3230303930343030303030305a170d3235303931353136303030305a3032310b300906035504061302555331163014060355040a130d4c6574277320456e6372797074310b300906035504031302523330820122300d06092a864886f70d01010105000382010f003082010a0282010100bb021528ccf6a094d30f12ec8d5592c3f882f199a67a4288a75d26aab52bb9c54cb1af8e6bf975c8a3d70f4794145535578c9ea8a23919f5823c42a94e6ef53bc32edb8dc0b05cf35938e7edcf69f05a0b1bbec094242587fa3771b313e71cace19befdbe43b45524596a9c153ce34c852eeb5aeed8fde6070e2a554abb66d0e97a540346b2bd3bc66eb66347cfa6b8b8f572999f830175dba726ffb81c5add286583d17c7e709bbf12bf786dcc1da715dd446e3ccad25c188bc60677566b3f118f7a25ce653ff3a88b647a5ff1318ea9809773f9d53f9cf01e5f5a6701714af63a4ff99b3939ddc53a706fe48851da169ae2575bb13cc5203f5ed51a18bdb150203010001a382010830820104300e0603551d0f0101ff040403020186301d0603551d250416301406082b0601050507030206082b0601050507030130120603551d130101ff040830060101ff020100301d0603551d0e04160414142eb317b75856cbae500940e61faf9d8b14c2c6301f0603551d2304183016801479b459e67bb6e5e40173800888c81a58f6e99b6e303206082b0601050507010104263024302206082b060105050730028616687474703a2f2f78312e692e6c656e63722e6f72672f30270603551d1f0420301e301ca01aa0188616687474703a2f2f78312e632e6c656e63722e6f72672f30220603551d20041b30193008060667810c010201300d060b2b0601040182df13010101300d06092a864886f70d01010b0500038202010085ca4e473ea3f7854485bcd56778b29863ad754d1e963d336572542d81a0eac3edf820bf5fccb77000b76e3bf65e94dee4209fa6ef8bb203e7a2b5163c91ceb4ed3902e77c258a47e6656e3f46f4d9f0ce942bee54ce12bc8c274bb8c1982fa2afcd71914a08b7c8b8237b042d08f908573e83d904330a472178098227c32ac89bb9ce5cf264c8c0be79c04f8e6d440c5e92bb2ef78b10e1e81d4429db5920ed63b921f81226949357a01d6504c10a22ae100d4397a1181f7ee0e08637b55ab1bd30bf876e2b2aff214e1b05c3f51897f05eacc3a5b86af02ebc3b33b9ee4bdeccfce4af840b863fc0554336f668e136176a8e99d1ffa540a734b7c0d063393539756ef2ba76c89302e9a94b6c17ce0c02d9bd81fb9fb768d40665b3823d7753f88e7903ad0a3107752a43d8559772c4290ef7c45d4ec8ae468430d7f2855f18a179bbe75e708b07e18693c3b98fdc6171252aafdfed255052688b92dce5d6b5e3da7dd0876c842131ae82f5fbb9abc889173de14ce5380ef6bd2bbd968114ebd5db3d20a77e59d3e2f858f95bb848cdfe5c4f1629fe1e5523afc811b08dea7c9390172ffdaca20947463ff0e9b0b7ff284d6832d6675e1e69a393b8f59d8b2f0bd25243a66f3257654d3281df3853855d7e5d6629eab8dde495b5cdb5561242cdc44ec6253844506decce005518fee94964d44eca979cb45bc073a8abb847c2 C:\Users\Admin\AppData\Local\Temp\623eeeaa50222b04c502c65aa6fee5342c4640a10b50c882b388fdeda0f21478.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8\Blob = 0400000001000000100000000cd2f9e0da1773e9ed864da5e370e74e14000000010000001400000079b459e67bb6e5e40173800888c81a58f6e99b6e030000000100000014000000cabd2a79a1076a31f21d253635cb039d4329a5e80f00000001000000200000003f0411ede9c4477057d57e57883b1f205b20cdc0f3263129b1ee0269a2678f631900000001000000100000002fe1f70bb05d7c92335bc5e05b984da620000000010000006f0500003082056b30820353a0030201020211008210cfb0d240e3594463e0bb63828b00300d06092a864886f70d01010b0500304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f74205831301e170d3135303630343131303433385a170d3335303630343131303433385a304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f7420583130820222300d06092a864886f70d01010105000382020f003082020a0282020100ade82473f41437f39b9e2b57281c87bedcb7df38908c6e3ce657a078f775c2a2fef56a6ef6004f28dbde68866c4493b6b163fd14126bbf1fd2ea319b217ed1333cba48f5dd79dfb3b8ff12f1219a4bc18a8671694a66666c8f7e3c70bfad292206f3e4c0e680aee24b8fb7997e94039fd347977c99482353e838ae4f0a6f832ed149578c8074b6da2fd0388d7b0370211b75f2303cfa8faeddda63abeb164fc28e114b7ecf0be8ffb5772ef4b27b4ae04c12250c708d0329a0e15324ec13d9ee19bf10b34a8c3f89a36151deac870794f46371ec2ee26f5b9881e1895c34796c76ef3b906279e6dba49a2f26c5d010e10eded9108e16fbb7f7a8f7c7e50207988f360895e7e237960d36759efb0e72b11d9bbc03f94905d881dd05b42ad641e9ac0176950a0fd8dfd5bd121f352f28176cd298c1a80964776e4737baceac595e689d7f72d689c50641293e593edd26f524c911a75aa34c401f46a199b5a73a516e863b9e7d72a712057859ed3e5178150b038f8dd02f05b23e7b4a1c4b730512fcc6eae050137c439374b3ca74e78e1f0108d030d45b7136b407bac130305c48b7823b98a67d608aa2a32982ccbabd83041ba2830341a1d605f11bc2b6f0a87c863b46a8482a88dc769a76bf1f6aa53d198feb38f364dec82b0d0a28fff7dbe21542d422d0275de179fe18e77088ad4ee6d98b3ac6dd27516effbc64f533434f0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e0416041479b459e67bb6e5e40173800888c81a58f6e99b6e300d06092a864886f70d01010b05000382020100551f58a9bcb2a850d00cb1d81a6920272908ac61755c8a6ef882e5692fd5f6564bb9b8731059d321977ee74c71fbb2d260ad39a80bea17215685f1500e59ebcee059e9bac915ef869d8f8480f6e4e99190dc179b621b45f06695d27c6fc2ea3bef1fcfcbd6ae27f1a9b0c8aefd7d7e9afa2204ebffd97fea912b22b1170e8ff28a345b58d8fc01c954b9b826cc8a8833894c2d843c82dfee965705ba2cbbf7c4b7c74e3b82be31c822737392d1c280a43939103323824c3c9f86b255981dbe29868c229b9ee26b3b573a82704ddc09c789cb0a074d6ce85d8ec9efceabc7bbb52b4e45d64ad026cce572ca086aa595e315a1f7a4edc92c5fa5fbffac28022ebed77bbbe3717b9016d3075e46537c3707428cd3c4969cd599b52ae0951a8048ae4c3907cecc47a452952bbab8fbadd233537de51d4d6dd5a1b1c7426fe64027355ca328b7078de78d3390e7239ffb509c796c46d5b415b3966e7e9b0c963ab8522d3fd65be1fb08c284fe24a8a389daac6ae1182ab1a843615bd31fdc3b8d76f22de88d75df17336c3d53fb7bcb415fffdca2d06138e196b8ac5d8b37d775d533c09911ae9d41c1727584be0241425f67244894d19b27be073fb9b84f817451e17ab7ed9d23e2bee0d52804133c31039edd7a6c8fc60718c67fde478e3f289e0406cfa5543477bdec899be91743df5bdb5ffe8e1e57a2cd409d7e6222dade1827 C:\Users\Admin\AppData\Local\Temp\623eeeaa50222b04c502c65aa6fee5342c4640a10b50c882b388fdeda0f21478.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13\Blob = 0f00000001000000140000005bcaa1c2780f0bcb5a90770451d96f38963f012d0b000000010000001e000000440053005400200052006f006f0074002000430041002000580033000000090000000100000016000000301406082b0601050507030406082b06010505070301140000000100000014000000c4a7b1a47b2c71fadbe14b9075ffc415608589101d00000001000000100000004558d512eecb27464920897de7b66053030000000100000014000000dac9024f54d8f6df94935fb1732638ca6ad77c1320000000010000004e0300003082034a30820232a003020102021044afb080d6a327ba893039862ef8406b300d06092a864886f70d0101050500303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f74204341205833301e170d3030303933303231313231395a170d3231303933303134303131355a303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f7420434120583330820122300d06092a864886f70d01010105000382010f003082010a0282010100dfafe99750088357b4cc6265f69082ecc7d32c6b30ca5becd9c37dc740c118148be0e83376492ae33f214993ac4e0eaf3e48cb65eefcd3210f65d22ad9328f8ce5f777b0127bb595c089a3a9baed732e7a0c063283a27e8a1430cd11a0e12a38b9790a31fd50bd8065dfb7516383c8e28861ea4b6181ec526bb9a2e24b1a289f48a39e0cda098e3e172e1edd20df5bc62a8aab2ebd70adc50b1a25907472c57b6aab34d63089ffe568137b540bc8d6aeec5a9c921e3d64b38cc6dfbfc94170ec1672d526ec38553943d0fcfd185c40f197ebd59a9b8d1dbada25b9c6d8dfc115023aabda6ef13e2ef55c089c3cd68369e4109b192ab62957e3e53d9b9ff0025d0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e04160414c4a7b1a47b2c71fadbe14b9075ffc41560858910300d06092a864886f70d01010505000382010100a31a2c9b17005ca91eee2866373abf83c73f4bc309a095205de3d95944d23e0d3ebd8a4ba0741fce10829c741a1d7e981addcb134bb32044e491e9ccfc7da5db6ae5fee6fde04eddb7003ab57049aff2e5eb02f1d1028b19cb943a5e48c4181e58195f1e025af00cf1b1ada9dc59868b6ee991f586cafab96633aa595bcee2a7167347cb2bcc99b03748cfe3564bf5cf0f0c723287c6f044bb53726d43f526489a5267b758abfe67767178db0da256141339243185a2a8025a3047e1dd5007bc02099000eb6463609b16bc88c912e6d27d918bf93d328d65b4e97cb15776eac5b62839bf15651cc8f677966a0a8d770bd8910b048e07db29b60aee9d82353510 C:\Users\Admin\AppData\Local\Temp\623eeeaa50222b04c502c65aa6fee5342c4640a10b50c882b388fdeda0f21478.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13\Blob = 040000000100000010000000410352dc0ff7501b16f0028eba6f45c50f00000001000000140000005bcaa1c2780f0bcb5a90770451d96f38963f012d0b000000010000001e000000440053005400200052006f006f0074002000430041002000580033000000090000000100000016000000301406082b0601050507030406082b06010505070301140000000100000014000000c4a7b1a47b2c71fadbe14b9075ffc415608589101d00000001000000100000004558d512eecb27464920897de7b66053030000000100000014000000dac9024f54d8f6df94935fb1732638ca6ad77c131900000001000000100000006cf252fec3e8f20996de5d4dd9aef42420000000010000004e0300003082034a30820232a003020102021044afb080d6a327ba893039862ef8406b300d06092a864886f70d0101050500303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f74204341205833301e170d3030303933303231313231395a170d3231303933303134303131355a303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f7420434120583330820122300d06092a864886f70d01010105000382010f003082010a0282010100dfafe99750088357b4cc6265f69082ecc7d32c6b30ca5becd9c37dc740c118148be0e83376492ae33f214993ac4e0eaf3e48cb65eefcd3210f65d22ad9328f8ce5f777b0127bb595c089a3a9baed732e7a0c063283a27e8a1430cd11a0e12a38b9790a31fd50bd8065dfb7516383c8e28861ea4b6181ec526bb9a2e24b1a289f48a39e0cda098e3e172e1edd20df5bc62a8aab2ebd70adc50b1a25907472c57b6aab34d63089ffe568137b540bc8d6aeec5a9c921e3d64b38cc6dfbfc94170ec1672d526ec38553943d0fcfd185c40f197ebd59a9b8d1dbada25b9c6d8dfc115023aabda6ef13e2ef55c089c3cd68369e4109b192ab62957e3e53d9b9ff0025d0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e04160414c4a7b1a47b2c71fadbe14b9075ffc41560858910300d06092a864886f70d01010505000382010100a31a2c9b17005ca91eee2866373abf83c73f4bc309a095205de3d95944d23e0d3ebd8a4ba0741fce10829c741a1d7e981addcb134bb32044e491e9ccfc7da5db6ae5fee6fde04eddb7003ab57049aff2e5eb02f1d1028b19cb943a5e48c4181e58195f1e025af00cf1b1ada9dc59868b6ee991f586cafab96633aa595bcee2a7167347cb2bcc99b03748cfe3564bf5cf0f0c723287c6f044bb53726d43f526489a5267b758abfe67767178db0da256141339243185a2a8025a3047e1dd5007bc02099000eb6463609b16bc88c912e6d27d918bf93d328d65b4e97cb15776eac5b62839bf15651cc8f677966a0a8d770bd8910b048e07db29b60aee9d82353510 C:\Users\Admin\AppData\Local\Temp\623eeeaa50222b04c502c65aa6fee5342c4640a10b50c882b388fdeda0f21478.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: 33 N/A C:\Windows\system32\AUDIODG.EXE N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\system32\AUDIODG.EXE N/A
Token: 33 N/A C:\Windows\system32\AUDIODG.EXE N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\system32\AUDIODG.EXE N/A

Processes

C:\Users\Admin\AppData\Local\Temp\623eeeaa50222b04c502c65aa6fee5342c4640a10b50c882b388fdeda0f21478.exe

"C:\Users\Admin\AppData\Local\Temp\623eeeaa50222b04c502c65aa6fee5342c4640a10b50c882b388fdeda0f21478.exe"

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x570

Network

Country Destination Domain Proto
N/A 8.8.8.8:53 www.2dama.com udp
N/A 147.255.233.71:80 www.2dama.com tcp
N/A 147.255.233.71:80 www.2dama.com tcp
N/A 8.8.8.8:53 hm.baidu.com udp
N/A 8.8.8.8:53 mitao5.tv udp
N/A 103.235.46.191:443 hm.baidu.com tcp
N/A 103.235.46.191:443 hm.baidu.com tcp
N/A 154.198.231.227:8443 mitao5.tv tcp
N/A 154.198.231.227:8443 mitao5.tv tcp
N/A 8.8.8.8:53 apps.identrust.com udp
N/A 8.8.8.8:53 apps.identrust.com udp
N/A 104.109.143.75:80 apps.identrust.com tcp
N/A 104.109.143.75:80 apps.identrust.com tcp
N/A 8.8.8.8:53 613711567.com udp
N/A 8.8.8.8:53 cdn.staticfile.org udp
N/A 8.8.8.8:53 n0499.com udp
N/A 8.8.8.8:53 n0600.com udp
N/A 8.8.8.8:53 u0081.com udp
N/A 8.8.8.8:53 297892531.com udp
N/A 8.8.8.8:53 kvexx.com udp
N/A 8.8.8.8:53 kvezz.com udp
N/A 8.8.8.8:53 vcawmm.com udp
N/A 8.8.8.8:53 kzeaa.com udp
N/A 8.8.8.8:53 kzerr.com udp
N/A 8.8.8.8:53 223969ufy.com udp
N/A 8.8.8.8:53 kveww.com udp
N/A 8.8.8.8:53 539397377.com udp
N/A 8.8.8.8:53 kzeii.com udp
N/A 8.8.8.8:53 kvemm.com udp
N/A 8.8.8.8:53 kzecc.com udp
N/A 8.8.8.8:53 616182863.com udp
N/A 8.8.8.8:53 p.qlogo.cn udp
N/A 8.8.8.8:53 taiwtp1.com udp
N/A 8.8.8.8:53 dimg04.c-ctrip.com udp
N/A 47.75.19.145:443 616182863.com tcp
N/A 8.8.8.8:53 de88deggtp89.com udp
N/A 8.8.8.8:53 img.9275x.com udp
N/A 8.8.8.8:53 img.byznc.xyz udp
N/A 8.8.8.8:53 img.2588u.com udp
N/A 8.8.8.8:53 kaiyuan-advertising.oss-cn-hongkong.aliyuncs.com udp
N/A 104.143.94.110:443 kzeii.com tcp
N/A 8.8.8.8:53 ak-d.tripcdn.com udp
N/A 8.8.8.8:53 cdn.jsdelivr.net udp
N/A 47.75.19.145:443 616182863.com tcp
N/A 45.61.212.228:443 223969ufy.com tcp
N/A 45.61.212.228:443 223969ufy.com tcp
N/A 151.101.1.229:443 cdn.jsdelivr.net tcp
N/A 47.75.19.145:443 616182863.com tcp
N/A 23.225.228.58:443 img.2588u.com tcp
N/A 47.246.48.206:443 cdn.staticfile.org tcp
N/A 47.246.48.206:443 cdn.staticfile.org tcp
N/A 47.75.19.39:443 kaiyuan-advertising.oss-cn-hongkong.aliyuncs.com tcp
N/A 47.75.19.145:443 616182863.com tcp
N/A 220.128.218.220:443 taiwtp1.com tcp
N/A 220.128.218.220:443 taiwtp1.com tcp
N/A 104.74.225.127:443 dimg04.c-ctrip.com tcp
N/A 104.74.225.139:443 ak-d.tripcdn.com tcp
N/A 104.74.225.127:443 dimg04.c-ctrip.com tcp
N/A 20.243.255.199:443 u0081.com tcp
N/A 8.8.8.8:53 ocsp.digicert.cn udp
N/A 47.246.48.205:80 ocsp.digicert.cn tcp
N/A 47.246.48.205:80 ocsp.digicert.cn tcp
N/A 104.143.94.110:443 kzeii.com tcp
N/A 45.154.215.92:443 kzeaa.com tcp
N/A 20.239.194.128:443 u0081.com tcp
N/A 66.150.130.123:443 kzecc.com tcp
N/A 43.154.254.32:443 p.qlogo.cn tcp
N/A 45.154.215.92:443 kzeaa.com tcp
N/A 66.150.130.123:443 kzecc.com tcp
N/A 45.154.215.92:443 kzeaa.com tcp
N/A 23.225.228.58:443 img.2588u.com tcp
N/A 20.243.254.232:443 u0081.com tcp
N/A 23.225.228.58:443 img.2588u.com tcp
N/A 23.224.145.233:80 de88deggtp89.com tcp
N/A 23.224.145.233:80 de88deggtp89.com tcp
N/A 45.61.212.132:443 vcawmm.com tcp
N/A 20.243.254.232:443 u0081.com tcp
N/A 20.239.194.128:443 u0081.com tcp
N/A 20.243.255.199:443 u0081.com tcp
N/A 45.61.212.132:443 vcawmm.com tcp
N/A 47.75.19.145:443 616182863.com tcp
N/A 47.75.19.145:443 616182863.com tcp
N/A 47.75.19.145:443 616182863.com tcp
N/A 45.154.215.92:443 kzeaa.com tcp
N/A 45.154.215.92:443 kzeaa.com tcp
N/A 45.154.215.92:443 kzeaa.com tcp
N/A 104.143.94.110:443 kzeii.com tcp
N/A 66.150.130.123:443 kzecc.com tcp
N/A 47.75.19.145:443 616182863.com tcp
N/A 43.154.254.32:443 p.qlogo.cn tcp
N/A 23.225.228.58:443 img.2588u.com tcp
N/A 23.225.228.58:443 img.2588u.com tcp
N/A 23.225.228.58:443 img.2588u.com tcp
N/A 47.75.19.39:443 kaiyuan-advertising.oss-cn-hongkong.aliyuncs.com tcp
N/A 151.101.1.229:443 cdn.jsdelivr.net tcp
N/A 8.8.8.8:53 kvhsss.top udp
N/A 8.8.8.8:53 kvkbbb.top udp
N/A 8.8.8.8:53 kvhooo.top udp
N/A 188.114.97.0:443 kvkbbb.top tcp
N/A 188.114.96.0:443 kvkbbb.top tcp
N/A 188.114.96.0:443 kvkbbb.top tcp
N/A 188.114.97.0:443 kvkbbb.top tcp
N/A 104.21.33.12:443 kvhooo.top tcp
N/A 45.154.214.219:443 kvemm.com tcp
N/A 45.154.214.219:443 kvemm.com tcp
N/A 8.8.8.8:53 kvhttt.top udp
N/A 188.114.97.0:443 kvhttt.top tcp
N/A 8.8.8.8:53 tx2.a.yximgs.com udp
N/A 8.8.8.8:53 ali2.a.yximgs.com udp
N/A 8.8.8.8:53 static.yximgs.com udp
N/A 47.246.48.226:443 ali2.a.yximgs.com tcp
N/A 47.246.48.226:443 ali2.a.yximgs.com tcp
N/A 104.109.143.7:443 static.yximgs.com tcp
N/A 104.109.143.7:443 static.yximgs.com tcp
N/A 43.132.64.59:443 tx2.a.yximgs.com tcp
N/A 43.132.64.59:443 tx2.a.yximgs.com tcp
N/A 104.21.33.12:443 kvhooo.top tcp
N/A 8.8.8.8:53 x2.c.lencr.org udp
N/A 8.8.8.8:53 x2.c.lencr.org udp
N/A 8.8.8.8:53 x2.c.lencr.org udp
N/A 23.2.164.159:80 x2.c.lencr.org tcp
N/A 23.2.164.159:80 x2.c.lencr.org tcp
N/A 23.2.164.159:80 x2.c.lencr.org tcp
N/A 8.8.8.8:53 kvkggg.top udp
N/A 8.8.8.8:53 e1.o.lencr.org udp
N/A 8.8.8.8:53 e1.o.lencr.org udp
N/A 104.109.143.90:80 e1.o.lencr.org tcp
N/A 104.109.143.90:80 e1.o.lencr.org tcp
N/A 104.109.143.90:80 e1.o.lencr.org tcp
N/A 188.114.97.0:443 kvkggg.top tcp
N/A 188.114.97.0:443 kvkggg.top tcp
N/A 8.8.8.8:53 kvhjjj.top udp
N/A 8.8.8.8:53 kvhccc.top udp
N/A 8.8.8.8:53 kvkooo.top udp
N/A 172.67.189.45:443 kvkooo.top tcp
N/A 172.67.189.45:443 kvkooo.top tcp
N/A 104.21.234.216:443 kvhjjj.top tcp
N/A 104.21.234.216:443 kvhjjj.top tcp
N/A 104.21.233.190:443 kvhccc.top tcp
N/A 104.21.233.190:443 kvhccc.top tcp
N/A 8.8.8.8:53 k68tkg.com udp
N/A 8.8.8.8:53 yaoji666.oss-cn-hongkong.aliyuncs.com udp
N/A 8.8.8.8:53 65211351892.com udp
N/A 47.75.19.16:443 yaoji666.oss-cn-hongkong.aliyuncs.com tcp
N/A 47.75.19.16:443 yaoji666.oss-cn-hongkong.aliyuncs.com tcp
N/A 8.8.8.8:53 u1055.com udp
N/A 8.8.8.8:53 vecukb.com udp
N/A 8.8.8.8:53 537882736.com udp
N/A 8.8.8.8:53 n0533.com udp
N/A 8.8.8.8:53 upffxs6.com udp
N/A 8.8.8.8:53 253669vqx.com udp
N/A 8.8.8.8:53 3338635.com udp
N/A 8.8.8.8:53 dl66d.com udp
N/A 20.243.252.217:443 n0533.com tcp
N/A 20.243.252.217:443 n0533.com tcp
N/A 185.135.77.234:443 dl66d.com tcp
N/A 185.135.77.234:443 dl66d.com tcp
N/A 47.75.19.145:443 537882736.com tcp
N/A 47.75.19.145:443 537882736.com tcp
N/A 45.61.212.162:443 vecukb.com tcp
N/A 45.61.212.162:443 vecukb.com tcp
N/A 103.170.15.82:443 253669vqx.com tcp
N/A 103.170.15.82:443 253669vqx.com tcp
N/A 103.170.15.92:443 upffxs6.com tcp
N/A 103.170.15.92:443 upffxs6.com tcp
N/A 45.61.212.128:443 3338635.com tcp
N/A 45.61.212.128:443 3338635.com tcp
N/A 103.170.15.67:443 vecukb.com tcp
N/A 103.170.15.67:443 vecukb.com tcp
N/A 103.170.15.52:443 vecukb.com tcp
N/A 103.170.15.52:443 vecukb.com tcp
N/A 45.61.212.122:443 3338635.com tcp
N/A 45.61.212.122:443 3338635.com tcp
N/A 8.8.8.8:53 yinyongbao3.app udp
N/A 151.101.1.229:443 cdn.jsdelivr.net tcp
N/A 151.101.1.229:443 cdn.jsdelivr.net tcp
N/A 151.101.1.229:443 cdn.jsdelivr.net tcp
N/A 151.101.1.229:443 cdn.jsdelivr.net tcp
N/A 151.101.1.229:443 cdn.jsdelivr.net tcp
N/A 151.101.1.229:443 cdn.jsdelivr.net tcp

Files

memory/1380-54-0x00000000757A1000-0x00000000757A3000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2022-11-13 21:06

Reported

2022-11-13 21:09

Platform

win10v2004-20220812-en

Max time kernel

69s

Max time network

131s

Command Line

"C:\Users\Admin\AppData\Local\Temp\623eeeaa50222b04c502c65aa6fee5342c4640a10b50c882b388fdeda0f21478.exe"

Signatures

joker

infostealer trojan joker

Enumerates physical storage devices

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total C:\Users\Admin\AppData\Local\Temp\623eeeaa50222b04c502c65aa6fee5342c4640a10b50c882b388fdeda0f21478.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\Total\ = "63" C:\Users\Admin\AppData\Local\Temp\623eeeaa50222b04c502c65aa6fee5342c4640a10b50c882b388fdeda0f21478.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Users\Admin\AppData\Local\Temp\623eeeaa50222b04c502c65aa6fee5342c4640a10b50c882b388fdeda0f21478.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\Software\Microsoft\Internet Explorer\IESettingSync C:\Users\Admin\AppData\Local\Temp\623eeeaa50222b04c502c65aa6fee5342c4640a10b50c882b388fdeda0f21478.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\SOFTWARE\Microsoft\Internet Explorer\IESettingSync\SlowSettingTypesChanged = "2" C:\Users\Admin\AppData\Local\Temp\623eeeaa50222b04c502c65aa6fee5342c4640a10b50c882b388fdeda0f21478.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\Software\Microsoft\Internet Explorer\DOMStorage\2dama.com C:\Users\Admin\AppData\Local\Temp\623eeeaa50222b04c502c65aa6fee5342c4640a10b50c882b388fdeda0f21478.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\www.2dama.com\ = "63" C:\Users\Admin\AppData\Local\Temp\623eeeaa50222b04c502c65aa6fee5342c4640a10b50c882b388fdeda0f21478.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\Total\ = "126" C:\Users\Admin\AppData\Local\Temp\623eeeaa50222b04c502c65aa6fee5342c4640a10b50c882b388fdeda0f21478.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\2dama.com\Total = "126" C:\Users\Admin\AppData\Local\Temp\623eeeaa50222b04c502c65aa6fee5342c4640a10b50c882b388fdeda0f21478.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Users\Admin\AppData\Local\Temp\623eeeaa50222b04c502c65aa6fee5342c4640a10b50c882b388fdeda0f21478.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage C:\Users\Admin\AppData\Local\Temp\623eeeaa50222b04c502c65aa6fee5342c4640a10b50c882b388fdeda0f21478.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\2dama.com C:\Users\Admin\AppData\Local\Temp\623eeeaa50222b04c502c65aa6fee5342c4640a10b50c882b388fdeda0f21478.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\2dama.com\NumberOfSubdomains = "1" C:\Users\Admin\AppData\Local\Temp\623eeeaa50222b04c502c65aa6fee5342c4640a10b50c882b388fdeda0f21478.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.2dama.com C:\Users\Admin\AppData\Local\Temp\623eeeaa50222b04c502c65aa6fee5342c4640a10b50c882b388fdeda0f21478.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\2dama.com\Total = "63" C:\Users\Admin\AppData\Local\Temp\623eeeaa50222b04c502c65aa6fee5342c4640a10b50c882b388fdeda0f21478.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\www.2dama.com\ = "126" C:\Users\Admin\AppData\Local\Temp\623eeeaa50222b04c502c65aa6fee5342c4640a10b50c882b388fdeda0f21478.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\623eeeaa50222b04c502c65aa6fee5342c4640a10b50c882b388fdeda0f21478.GHSProtocol\Clsid C:\Users\Admin\AppData\Local\Temp\623eeeaa50222b04c502c65aa6fee5342c4640a10b50c882b388fdeda0f21478.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\623eeeaa50222b04c502c65aa6fee5342c4640a10b50c882b388fdeda0f21478.GHSProtocol\Clsid\ = "{FCAA32E7-B054-4E44-8EFE-C24329CB7D9F}" C:\Users\Admin\AppData\Local\Temp\623eeeaa50222b04c502c65aa6fee5342c4640a10b50c882b388fdeda0f21478.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\623eeeaa50222b04c502c65aa6fee5342c4640a10b50c882b388fdeda0f21478.GHSProtocol\ = "Embedded Async Pluggable Protocol" C:\Users\Admin\AppData\Local\Temp\623eeeaa50222b04c502c65aa6fee5342c4640a10b50c882b388fdeda0f21478.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{FCAA32E7-B054-4E44-8EFE-C24329CB7D9F}\ = "Embedded Async Pluggable Protocol" C:\Users\Admin\AppData\Local\Temp\623eeeaa50222b04c502c65aa6fee5342c4640a10b50c882b388fdeda0f21478.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{FCAA32E7-B054-4E44-8EFE-C24329CB7D9F}\LocalServer32 C:\Users\Admin\AppData\Local\Temp\623eeeaa50222b04c502c65aa6fee5342c4640a10b50c882b388fdeda0f21478.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{FCAA32E7-B054-4E44-8EFE-C24329CB7D9F}\LocalServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\623eeeaa50222b04c502c65aa6fee5342c4640a10b50c882b388fdeda0f21478.exe" C:\Users\Admin\AppData\Local\Temp\623eeeaa50222b04c502c65aa6fee5342c4640a10b50c882b388fdeda0f21478.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\623eeeaa50222b04c502c65aa6fee5342c4640a10b50c882b388fdeda0f21478.GHSProtocol C:\Users\Admin\AppData\Local\Temp\623eeeaa50222b04c502c65aa6fee5342c4640a10b50c882b388fdeda0f21478.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{FCAA32E7-B054-4E44-8EFE-C24329CB7D9F}\ProgID C:\Users\Admin\AppData\Local\Temp\623eeeaa50222b04c502c65aa6fee5342c4640a10b50c882b388fdeda0f21478.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{FCAA32E7-B054-4E44-8EFE-C24329CB7D9F}\ProgID\ = "623eeeaa50222b04c502c65aa6fee5342c4640a10b50c882b388fdeda0f21478.GHSProtocol" C:\Users\Admin\AppData\Local\Temp\623eeeaa50222b04c502c65aa6fee5342c4640a10b50c882b388fdeda0f21478.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{FCAA32E7-B054-4E44-8EFE-C24329CB7D9F} C:\Users\Admin\AppData\Local\Temp\623eeeaa50222b04c502c65aa6fee5342c4640a10b50c882b388fdeda0f21478.exe N/A

Modifies system certificate store

evasion spyware trojan
Description Indicator Process Target
Set value (data) \REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates\A053375BFE84E8B748782C7CEE15827A6AF5A405\Blob = 190000000100000010000000f044424c506513d62804c04f719403f9040000000100000010000000e829e65d7c4307d6fbc13c179e037a36030000000100000014000000a053375bfe84e8b748782c7cee15827a6af5a4055c0000000100000004000000000800001800000001000000100000002fe1f70bb05d7c92335bc5e05b984da6140000000100000014000000142eb317b75856cbae500940e61faf9d8b14c2c60f0000000100000020000000444ebd67bb83f8807b3921e938ac9178b882bd50aadb11231f044cf5f08df7ce20000000010000001a05000030820516308202fea003020102021100912b084acf0c18a753f6d62e25a75f5a300d06092a864886f70d01010b0500304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f74205831301e170d3230303930343030303030305a170d3235303931353136303030305a3032310b300906035504061302555331163014060355040a130d4c6574277320456e6372797074310b300906035504031302523330820122300d06092a864886f70d01010105000382010f003082010a0282010100bb021528ccf6a094d30f12ec8d5592c3f882f199a67a4288a75d26aab52bb9c54cb1af8e6bf975c8a3d70f4794145535578c9ea8a23919f5823c42a94e6ef53bc32edb8dc0b05cf35938e7edcf69f05a0b1bbec094242587fa3771b313e71cace19befdbe43b45524596a9c153ce34c852eeb5aeed8fde6070e2a554abb66d0e97a540346b2bd3bc66eb66347cfa6b8b8f572999f830175dba726ffb81c5add286583d17c7e709bbf12bf786dcc1da715dd446e3ccad25c188bc60677566b3f118f7a25ce653ff3a88b647a5ff1318ea9809773f9d53f9cf01e5f5a6701714af63a4ff99b3939ddc53a706fe48851da169ae2575bb13cc5203f5ed51a18bdb150203010001a382010830820104300e0603551d0f0101ff040403020186301d0603551d250416301406082b0601050507030206082b0601050507030130120603551d130101ff040830060101ff020100301d0603551d0e04160414142eb317b75856cbae500940e61faf9d8b14c2c6301f0603551d2304183016801479b459e67bb6e5e40173800888c81a58f6e99b6e303206082b0601050507010104263024302206082b060105050730028616687474703a2f2f78312e692e6c656e63722e6f72672f30270603551d1f0420301e301ca01aa0188616687474703a2f2f78312e632e6c656e63722e6f72672f30220603551d20041b30193008060667810c010201300d060b2b0601040182df13010101300d06092a864886f70d01010b0500038202010085ca4e473ea3f7854485bcd56778b29863ad754d1e963d336572542d81a0eac3edf820bf5fccb77000b76e3bf65e94dee4209fa6ef8bb203e7a2b5163c91ceb4ed3902e77c258a47e6656e3f46f4d9f0ce942bee54ce12bc8c274bb8c1982fa2afcd71914a08b7c8b8237b042d08f908573e83d904330a472178098227c32ac89bb9ce5cf264c8c0be79c04f8e6d440c5e92bb2ef78b10e1e81d4429db5920ed63b921f81226949357a01d6504c10a22ae100d4397a1181f7ee0e08637b55ab1bd30bf876e2b2aff214e1b05c3f51897f05eacc3a5b86af02ebc3b33b9ee4bdeccfce4af840b863fc0554336f668e136176a8e99d1ffa540a734b7c0d063393539756ef2ba76c89302e9a94b6c17ce0c02d9bd81fb9fb768d40665b3823d7753f88e7903ad0a3107752a43d8559772c4290ef7c45d4ec8ae468430d7f2855f18a179bbe75e708b07e18693c3b98fdc6171252aafdfed255052688b92dce5d6b5e3da7dd0876c842131ae82f5fbb9abc889173de14ce5380ef6bd2bbd968114ebd5db3d20a77e59d3e2f858f95bb848cdfe5c4f1629fe1e5523afc811b08dea7c9390172ffdaca20947463ff0e9b0b7ff284d6832d6675e1e69a393b8f59d8b2f0bd25243a66f3257654d3281df3853855d7e5d6629eab8dde495b5cdb5561242cdc44ec6253844506decce005518fee94964d44eca979cb45bc073a8abb847c2 C:\Users\Admin\AppData\Local\Temp\623eeeaa50222b04c502c65aa6fee5342c4640a10b50c882b388fdeda0f21478.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates\A053375BFE84E8B748782C7CEE15827A6AF5A405\Blob = 5c0000000100000004000000000800000f0000000100000020000000444ebd67bb83f8807b3921e938ac9178b882bd50aadb11231f044cf5f08df7ce140000000100000014000000142eb317b75856cbae500940e61faf9d8b14c2c61800000001000000100000002fe1f70bb05d7c92335bc5e05b984da6030000000100000014000000a053375bfe84e8b748782c7cee15827a6af5a405040000000100000010000000e829e65d7c4307d6fbc13c179e037a36190000000100000010000000f044424c506513d62804c04f719403f920000000010000001a05000030820516308202fea003020102021100912b084acf0c18a753f6d62e25a75f5a300d06092a864886f70d01010b0500304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f74205831301e170d3230303930343030303030305a170d3235303931353136303030305a3032310b300906035504061302555331163014060355040a130d4c6574277320456e6372797074310b300906035504031302523330820122300d06092a864886f70d01010105000382010f003082010a0282010100bb021528ccf6a094d30f12ec8d5592c3f882f199a67a4288a75d26aab52bb9c54cb1af8e6bf975c8a3d70f4794145535578c9ea8a23919f5823c42a94e6ef53bc32edb8dc0b05cf35938e7edcf69f05a0b1bbec094242587fa3771b313e71cace19befdbe43b45524596a9c153ce34c852eeb5aeed8fde6070e2a554abb66d0e97a540346b2bd3bc66eb66347cfa6b8b8f572999f830175dba726ffb81c5add286583d17c7e709bbf12bf786dcc1da715dd446e3ccad25c188bc60677566b3f118f7a25ce653ff3a88b647a5ff1318ea9809773f9d53f9cf01e5f5a6701714af63a4ff99b3939ddc53a706fe48851da169ae2575bb13cc5203f5ed51a18bdb150203010001a382010830820104300e0603551d0f0101ff040403020186301d0603551d250416301406082b0601050507030206082b0601050507030130120603551d130101ff040830060101ff020100301d0603551d0e04160414142eb317b75856cbae500940e61faf9d8b14c2c6301f0603551d2304183016801479b459e67bb6e5e40173800888c81a58f6e99b6e303206082b0601050507010104263024302206082b060105050730028616687474703a2f2f78312e692e6c656e63722e6f72672f30270603551d1f0420301e301ca01aa0188616687474703a2f2f78312e632e6c656e63722e6f72672f30220603551d20041b30193008060667810c010201300d060b2b0601040182df13010101300d06092a864886f70d01010b0500038202010085ca4e473ea3f7854485bcd56778b29863ad754d1e963d336572542d81a0eac3edf820bf5fccb77000b76e3bf65e94dee4209fa6ef8bb203e7a2b5163c91ceb4ed3902e77c258a47e6656e3f46f4d9f0ce942bee54ce12bc8c274bb8c1982fa2afcd71914a08b7c8b8237b042d08f908573e83d904330a472178098227c32ac89bb9ce5cf264c8c0be79c04f8e6d440c5e92bb2ef78b10e1e81d4429db5920ed63b921f81226949357a01d6504c10a22ae100d4397a1181f7ee0e08637b55ab1bd30bf876e2b2aff214e1b05c3f51897f05eacc3a5b86af02ebc3b33b9ee4bdeccfce4af840b863fc0554336f668e136176a8e99d1ffa540a734b7c0d063393539756ef2ba76c89302e9a94b6c17ce0c02d9bd81fb9fb768d40665b3823d7753f88e7903ad0a3107752a43d8559772c4290ef7c45d4ec8ae468430d7f2855f18a179bbe75e708b07e18693c3b98fdc6171252aafdfed255052688b92dce5d6b5e3da7dd0876c842131ae82f5fbb9abc889173de14ce5380ef6bd2bbd968114ebd5db3d20a77e59d3e2f858f95bb848cdfe5c4f1629fe1e5523afc811b08dea7c9390172ffdaca20947463ff0e9b0b7ff284d6832d6675e1e69a393b8f59d8b2f0bd25243a66f3257654d3281df3853855d7e5d6629eab8dde495b5cdb5561242cdc44ec6253844506decce005518fee94964d44eca979cb45bc073a8abb847c2 C:\Users\Admin\AppData\Local\Temp\623eeeaa50222b04c502c65aa6fee5342c4640a10b50c882b388fdeda0f21478.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates\A053375BFE84E8B748782C7CEE15827A6AF5A405\Blob = 1800000001000000100000002fe1f70bb05d7c92335bc5e05b984da6190000000100000010000000f044424c506513d62804c04f719403f9040000000100000010000000e829e65d7c4307d6fbc13c179e037a36030000000100000014000000a053375bfe84e8b748782c7cee15827a6af5a405140000000100000014000000142eb317b75856cbae500940e61faf9d8b14c2c60f0000000100000020000000444ebd67bb83f8807b3921e938ac9178b882bd50aadb11231f044cf5f08df7ce5c00000001000000040000000008000020000000010000001a05000030820516308202fea003020102021100912b084acf0c18a753f6d62e25a75f5a300d06092a864886f70d01010b0500304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f74205831301e170d3230303930343030303030305a170d3235303931353136303030305a3032310b300906035504061302555331163014060355040a130d4c6574277320456e6372797074310b300906035504031302523330820122300d06092a864886f70d01010105000382010f003082010a0282010100bb021528ccf6a094d30f12ec8d5592c3f882f199a67a4288a75d26aab52bb9c54cb1af8e6bf975c8a3d70f4794145535578c9ea8a23919f5823c42a94e6ef53bc32edb8dc0b05cf35938e7edcf69f05a0b1bbec094242587fa3771b313e71cace19befdbe43b45524596a9c153ce34c852eeb5aeed8fde6070e2a554abb66d0e97a540346b2bd3bc66eb66347cfa6b8b8f572999f830175dba726ffb81c5add286583d17c7e709bbf12bf786dcc1da715dd446e3ccad25c188bc60677566b3f118f7a25ce653ff3a88b647a5ff1318ea9809773f9d53f9cf01e5f5a6701714af63a4ff99b3939ddc53a706fe48851da169ae2575bb13cc5203f5ed51a18bdb150203010001a382010830820104300e0603551d0f0101ff040403020186301d0603551d250416301406082b0601050507030206082b0601050507030130120603551d130101ff040830060101ff020100301d0603551d0e04160414142eb317b75856cbae500940e61faf9d8b14c2c6301f0603551d2304183016801479b459e67bb6e5e40173800888c81a58f6e99b6e303206082b0601050507010104263024302206082b060105050730028616687474703a2f2f78312e692e6c656e63722e6f72672f30270603551d1f0420301e301ca01aa0188616687474703a2f2f78312e632e6c656e63722e6f72672f30220603551d20041b30193008060667810c010201300d060b2b0601040182df13010101300d06092a864886f70d01010b0500038202010085ca4e473ea3f7854485bcd56778b29863ad754d1e963d336572542d81a0eac3edf820bf5fccb77000b76e3bf65e94dee4209fa6ef8bb203e7a2b5163c91ceb4ed3902e77c258a47e6656e3f46f4d9f0ce942bee54ce12bc8c274bb8c1982fa2afcd71914a08b7c8b8237b042d08f908573e83d904330a472178098227c32ac89bb9ce5cf264c8c0be79c04f8e6d440c5e92bb2ef78b10e1e81d4429db5920ed63b921f81226949357a01d6504c10a22ae100d4397a1181f7ee0e08637b55ab1bd30bf876e2b2aff214e1b05c3f51897f05eacc3a5b86af02ebc3b33b9ee4bdeccfce4af840b863fc0554336f668e136176a8e99d1ffa540a734b7c0d063393539756ef2ba76c89302e9a94b6c17ce0c02d9bd81fb9fb768d40665b3823d7753f88e7903ad0a3107752a43d8559772c4290ef7c45d4ec8ae468430d7f2855f18a179bbe75e708b07e18693c3b98fdc6171252aafdfed255052688b92dce5d6b5e3da7dd0876c842131ae82f5fbb9abc889173de14ce5380ef6bd2bbd968114ebd5db3d20a77e59d3e2f858f95bb848cdfe5c4f1629fe1e5523afc811b08dea7c9390172ffdaca20947463ff0e9b0b7ff284d6832d6675e1e69a393b8f59d8b2f0bd25243a66f3257654d3281df3853855d7e5d6629eab8dde495b5cdb5561242cdc44ec6253844506decce005518fee94964d44eca979cb45bc073a8abb847c2 C:\Users\Admin\AppData\Local\Temp\623eeeaa50222b04c502c65aa6fee5342c4640a10b50c882b388fdeda0f21478.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates\A053375BFE84E8B748782C7CEE15827A6AF5A405 C:\Users\Admin\AppData\Local\Temp\623eeeaa50222b04c502c65aa6fee5342c4640a10b50c882b388fdeda0f21478.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates\A053375BFE84E8B748782C7CEE15827A6AF5A405\Blob = 030000000100000014000000a053375bfe84e8b748782c7cee15827a6af5a405140000000100000014000000142eb317b75856cbae500940e61faf9d8b14c2c6040000000100000010000000e829e65d7c4307d6fbc13c179e037a360f0000000100000020000000444ebd67bb83f8807b3921e938ac9178b882bd50aadb11231f044cf5f08df7ce190000000100000010000000f044424c506513d62804c04f719403f95c0000000100000004000000000800001800000001000000100000002fe1f70bb05d7c92335bc5e05b984da620000000010000001a05000030820516308202fea003020102021100912b084acf0c18a753f6d62e25a75f5a300d06092a864886f70d01010b0500304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f74205831301e170d3230303930343030303030305a170d3235303931353136303030305a3032310b300906035504061302555331163014060355040a130d4c6574277320456e6372797074310b300906035504031302523330820122300d06092a864886f70d01010105000382010f003082010a0282010100bb021528ccf6a094d30f12ec8d5592c3f882f199a67a4288a75d26aab52bb9c54cb1af8e6bf975c8a3d70f4794145535578c9ea8a23919f5823c42a94e6ef53bc32edb8dc0b05cf35938e7edcf69f05a0b1bbec094242587fa3771b313e71cace19befdbe43b45524596a9c153ce34c852eeb5aeed8fde6070e2a554abb66d0e97a540346b2bd3bc66eb66347cfa6b8b8f572999f830175dba726ffb81c5add286583d17c7e709bbf12bf786dcc1da715dd446e3ccad25c188bc60677566b3f118f7a25ce653ff3a88b647a5ff1318ea9809773f9d53f9cf01e5f5a6701714af63a4ff99b3939ddc53a706fe48851da169ae2575bb13cc5203f5ed51a18bdb150203010001a382010830820104300e0603551d0f0101ff040403020186301d0603551d250416301406082b0601050507030206082b0601050507030130120603551d130101ff040830060101ff020100301d0603551d0e04160414142eb317b75856cbae500940e61faf9d8b14c2c6301f0603551d2304183016801479b459e67bb6e5e40173800888c81a58f6e99b6e303206082b0601050507010104263024302206082b060105050730028616687474703a2f2f78312e692e6c656e63722e6f72672f30270603551d1f0420301e301ca01aa0188616687474703a2f2f78312e632e6c656e63722e6f72672f30220603551d20041b30193008060667810c010201300d060b2b0601040182df13010101300d06092a864886f70d01010b0500038202010085ca4e473ea3f7854485bcd56778b29863ad754d1e963d336572542d81a0eac3edf820bf5fccb77000b76e3bf65e94dee4209fa6ef8bb203e7a2b5163c91ceb4ed3902e77c258a47e6656e3f46f4d9f0ce942bee54ce12bc8c274bb8c1982fa2afcd71914a08b7c8b8237b042d08f908573e83d904330a472178098227c32ac89bb9ce5cf264c8c0be79c04f8e6d440c5e92bb2ef78b10e1e81d4429db5920ed63b921f81226949357a01d6504c10a22ae100d4397a1181f7ee0e08637b55ab1bd30bf876e2b2aff214e1b05c3f51897f05eacc3a5b86af02ebc3b33b9ee4bdeccfce4af840b863fc0554336f668e136176a8e99d1ffa540a734b7c0d063393539756ef2ba76c89302e9a94b6c17ce0c02d9bd81fb9fb768d40665b3823d7753f88e7903ad0a3107752a43d8559772c4290ef7c45d4ec8ae468430d7f2855f18a179bbe75e708b07e18693c3b98fdc6171252aafdfed255052688b92dce5d6b5e3da7dd0876c842131ae82f5fbb9abc889173de14ce5380ef6bd2bbd968114ebd5db3d20a77e59d3e2f858f95bb848cdfe5c4f1629fe1e5523afc811b08dea7c9390172ffdaca20947463ff0e9b0b7ff284d6832d6675e1e69a393b8f59d8b2f0bd25243a66f3257654d3281df3853855d7e5d6629eab8dde495b5cdb5561242cdc44ec6253844506decce005518fee94964d44eca979cb45bc073a8abb847c2 C:\Users\Admin\AppData\Local\Temp\623eeeaa50222b04c502c65aa6fee5342c4640a10b50c882b388fdeda0f21478.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates\A053375BFE84E8B748782C7CEE15827A6AF5A405\Blob = 140000000100000014000000142eb317b75856cbae500940e61faf9d8b14c2c61800000001000000100000002fe1f70bb05d7c92335bc5e05b984da65c000000010000000400000000080000190000000100000010000000f044424c506513d62804c04f719403f90f0000000100000020000000444ebd67bb83f8807b3921e938ac9178b882bd50aadb11231f044cf5f08df7ce040000000100000010000000e829e65d7c4307d6fbc13c179e037a36030000000100000014000000a053375bfe84e8b748782c7cee15827a6af5a40520000000010000001a05000030820516308202fea003020102021100912b084acf0c18a753f6d62e25a75f5a300d06092a864886f70d01010b0500304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f74205831301e170d3230303930343030303030305a170d3235303931353136303030305a3032310b300906035504061302555331163014060355040a130d4c6574277320456e6372797074310b300906035504031302523330820122300d06092a864886f70d01010105000382010f003082010a0282010100bb021528ccf6a094d30f12ec8d5592c3f882f199a67a4288a75d26aab52bb9c54cb1af8e6bf975c8a3d70f4794145535578c9ea8a23919f5823c42a94e6ef53bc32edb8dc0b05cf35938e7edcf69f05a0b1bbec094242587fa3771b313e71cace19befdbe43b45524596a9c153ce34c852eeb5aeed8fde6070e2a554abb66d0e97a540346b2bd3bc66eb66347cfa6b8b8f572999f830175dba726ffb81c5add286583d17c7e709bbf12bf786dcc1da715dd446e3ccad25c188bc60677566b3f118f7a25ce653ff3a88b647a5ff1318ea9809773f9d53f9cf01e5f5a6701714af63a4ff99b3939ddc53a706fe48851da169ae2575bb13cc5203f5ed51a18bdb150203010001a382010830820104300e0603551d0f0101ff040403020186301d0603551d250416301406082b0601050507030206082b0601050507030130120603551d130101ff040830060101ff020100301d0603551d0e04160414142eb317b75856cbae500940e61faf9d8b14c2c6301f0603551d2304183016801479b459e67bb6e5e40173800888c81a58f6e99b6e303206082b0601050507010104263024302206082b060105050730028616687474703a2f2f78312e692e6c656e63722e6f72672f30270603551d1f0420301e301ca01aa0188616687474703a2f2f78312e632e6c656e63722e6f72672f30220603551d20041b30193008060667810c010201300d060b2b0601040182df13010101300d06092a864886f70d01010b0500038202010085ca4e473ea3f7854485bcd56778b29863ad754d1e963d336572542d81a0eac3edf820bf5fccb77000b76e3bf65e94dee4209fa6ef8bb203e7a2b5163c91ceb4ed3902e77c258a47e6656e3f46f4d9f0ce942bee54ce12bc8c274bb8c1982fa2afcd71914a08b7c8b8237b042d08f908573e83d904330a472178098227c32ac89bb9ce5cf264c8c0be79c04f8e6d440c5e92bb2ef78b10e1e81d4429db5920ed63b921f81226949357a01d6504c10a22ae100d4397a1181f7ee0e08637b55ab1bd30bf876e2b2aff214e1b05c3f51897f05eacc3a5b86af02ebc3b33b9ee4bdeccfce4af840b863fc0554336f668e136176a8e99d1ffa540a734b7c0d063393539756ef2ba76c89302e9a94b6c17ce0c02d9bd81fb9fb768d40665b3823d7753f88e7903ad0a3107752a43d8559772c4290ef7c45d4ec8ae468430d7f2855f18a179bbe75e708b07e18693c3b98fdc6171252aafdfed255052688b92dce5d6b5e3da7dd0876c842131ae82f5fbb9abc889173de14ce5380ef6bd2bbd968114ebd5db3d20a77e59d3e2f858f95bb848cdfe5c4f1629fe1e5523afc811b08dea7c9390172ffdaca20947463ff0e9b0b7ff284d6832d6675e1e69a393b8f59d8b2f0bd25243a66f3257654d3281df3853855d7e5d6629eab8dde495b5cdb5561242cdc44ec6253844506decce005518fee94964d44eca979cb45bc073a8abb847c2 C:\Users\Admin\AppData\Local\Temp\623eeeaa50222b04c502c65aa6fee5342c4640a10b50c882b388fdeda0f21478.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates\A053375BFE84E8B748782C7CEE15827A6AF5A405\Blob = 040000000100000010000000e829e65d7c4307d6fbc13c179e037a36030000000100000014000000a053375bfe84e8b748782c7cee15827a6af5a4050f0000000100000020000000444ebd67bb83f8807b3921e938ac9178b882bd50aadb11231f044cf5f08df7ce190000000100000010000000f044424c506513d62804c04f719403f95c0000000100000004000000000800001800000001000000100000002fe1f70bb05d7c92335bc5e05b984da6140000000100000014000000142eb317b75856cbae500940e61faf9d8b14c2c620000000010000001a05000030820516308202fea003020102021100912b084acf0c18a753f6d62e25a75f5a300d06092a864886f70d01010b0500304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f74205831301e170d3230303930343030303030305a170d3235303931353136303030305a3032310b300906035504061302555331163014060355040a130d4c6574277320456e6372797074310b300906035504031302523330820122300d06092a864886f70d01010105000382010f003082010a0282010100bb021528ccf6a094d30f12ec8d5592c3f882f199a67a4288a75d26aab52bb9c54cb1af8e6bf975c8a3d70f4794145535578c9ea8a23919f5823c42a94e6ef53bc32edb8dc0b05cf35938e7edcf69f05a0b1bbec094242587fa3771b313e71cace19befdbe43b45524596a9c153ce34c852eeb5aeed8fde6070e2a554abb66d0e97a540346b2bd3bc66eb66347cfa6b8b8f572999f830175dba726ffb81c5add286583d17c7e709bbf12bf786dcc1da715dd446e3ccad25c188bc60677566b3f118f7a25ce653ff3a88b647a5ff1318ea9809773f9d53f9cf01e5f5a6701714af63a4ff99b3939ddc53a706fe48851da169ae2575bb13cc5203f5ed51a18bdb150203010001a382010830820104300e0603551d0f0101ff040403020186301d0603551d250416301406082b0601050507030206082b0601050507030130120603551d130101ff040830060101ff020100301d0603551d0e04160414142eb317b75856cbae500940e61faf9d8b14c2c6301f0603551d2304183016801479b459e67bb6e5e40173800888c81a58f6e99b6e303206082b0601050507010104263024302206082b060105050730028616687474703a2f2f78312e692e6c656e63722e6f72672f30270603551d1f0420301e301ca01aa0188616687474703a2f2f78312e632e6c656e63722e6f72672f30220603551d20041b30193008060667810c010201300d060b2b0601040182df13010101300d06092a864886f70d01010b0500038202010085ca4e473ea3f7854485bcd56778b29863ad754d1e963d336572542d81a0eac3edf820bf5fccb77000b76e3bf65e94dee4209fa6ef8bb203e7a2b5163c91ceb4ed3902e77c258a47e6656e3f46f4d9f0ce942bee54ce12bc8c274bb8c1982fa2afcd71914a08b7c8b8237b042d08f908573e83d904330a472178098227c32ac89bb9ce5cf264c8c0be79c04f8e6d440c5e92bb2ef78b10e1e81d4429db5920ed63b921f81226949357a01d6504c10a22ae100d4397a1181f7ee0e08637b55ab1bd30bf876e2b2aff214e1b05c3f51897f05eacc3a5b86af02ebc3b33b9ee4bdeccfce4af840b863fc0554336f668e136176a8e99d1ffa540a734b7c0d063393539756ef2ba76c89302e9a94b6c17ce0c02d9bd81fb9fb768d40665b3823d7753f88e7903ad0a3107752a43d8559772c4290ef7c45d4ec8ae468430d7f2855f18a179bbe75e708b07e18693c3b98fdc6171252aafdfed255052688b92dce5d6b5e3da7dd0876c842131ae82f5fbb9abc889173de14ce5380ef6bd2bbd968114ebd5db3d20a77e59d3e2f858f95bb848cdfe5c4f1629fe1e5523afc811b08dea7c9390172ffdaca20947463ff0e9b0b7ff284d6832d6675e1e69a393b8f59d8b2f0bd25243a66f3257654d3281df3853855d7e5d6629eab8dde495b5cdb5561242cdc44ec6253844506decce005518fee94964d44eca979cb45bc073a8abb847c2 C:\Users\Admin\AppData\Local\Temp\623eeeaa50222b04c502c65aa6fee5342c4640a10b50c882b388fdeda0f21478.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates\A053375BFE84E8B748782C7CEE15827A6AF5A405\Blob = 0f0000000100000020000000444ebd67bb83f8807b3921e938ac9178b882bd50aadb11231f044cf5f08df7ce140000000100000014000000142eb317b75856cbae500940e61faf9d8b14c2c61800000001000000100000002fe1f70bb05d7c92335bc5e05b984da65c000000010000000400000000080000190000000100000010000000f044424c506513d62804c04f719403f9030000000100000014000000a053375bfe84e8b748782c7cee15827a6af5a405040000000100000010000000e829e65d7c4307d6fbc13c179e037a3620000000010000001a05000030820516308202fea003020102021100912b084acf0c18a753f6d62e25a75f5a300d06092a864886f70d01010b0500304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f74205831301e170d3230303930343030303030305a170d3235303931353136303030305a3032310b300906035504061302555331163014060355040a130d4c6574277320456e6372797074310b300906035504031302523330820122300d06092a864886f70d01010105000382010f003082010a0282010100bb021528ccf6a094d30f12ec8d5592c3f882f199a67a4288a75d26aab52bb9c54cb1af8e6bf975c8a3d70f4794145535578c9ea8a23919f5823c42a94e6ef53bc32edb8dc0b05cf35938e7edcf69f05a0b1bbec094242587fa3771b313e71cace19befdbe43b45524596a9c153ce34c852eeb5aeed8fde6070e2a554abb66d0e97a540346b2bd3bc66eb66347cfa6b8b8f572999f830175dba726ffb81c5add286583d17c7e709bbf12bf786dcc1da715dd446e3ccad25c188bc60677566b3f118f7a25ce653ff3a88b647a5ff1318ea9809773f9d53f9cf01e5f5a6701714af63a4ff99b3939ddc53a706fe48851da169ae2575bb13cc5203f5ed51a18bdb150203010001a382010830820104300e0603551d0f0101ff040403020186301d0603551d250416301406082b0601050507030206082b0601050507030130120603551d130101ff040830060101ff020100301d0603551d0e04160414142eb317b75856cbae500940e61faf9d8b14c2c6301f0603551d2304183016801479b459e67bb6e5e40173800888c81a58f6e99b6e303206082b0601050507010104263024302206082b060105050730028616687474703a2f2f78312e692e6c656e63722e6f72672f30270603551d1f0420301e301ca01aa0188616687474703a2f2f78312e632e6c656e63722e6f72672f30220603551d20041b30193008060667810c010201300d060b2b0601040182df13010101300d06092a864886f70d01010b0500038202010085ca4e473ea3f7854485bcd56778b29863ad754d1e963d336572542d81a0eac3edf820bf5fccb77000b76e3bf65e94dee4209fa6ef8bb203e7a2b5163c91ceb4ed3902e77c258a47e6656e3f46f4d9f0ce942bee54ce12bc8c274bb8c1982fa2afcd71914a08b7c8b8237b042d08f908573e83d904330a472178098227c32ac89bb9ce5cf264c8c0be79c04f8e6d440c5e92bb2ef78b10e1e81d4429db5920ed63b921f81226949357a01d6504c10a22ae100d4397a1181f7ee0e08637b55ab1bd30bf876e2b2aff214e1b05c3f51897f05eacc3a5b86af02ebc3b33b9ee4bdeccfce4af840b863fc0554336f668e136176a8e99d1ffa540a734b7c0d063393539756ef2ba76c89302e9a94b6c17ce0c02d9bd81fb9fb768d40665b3823d7753f88e7903ad0a3107752a43d8559772c4290ef7c45d4ec8ae468430d7f2855f18a179bbe75e708b07e18693c3b98fdc6171252aafdfed255052688b92dce5d6b5e3da7dd0876c842131ae82f5fbb9abc889173de14ce5380ef6bd2bbd968114ebd5db3d20a77e59d3e2f858f95bb848cdfe5c4f1629fe1e5523afc811b08dea7c9390172ffdaca20947463ff0e9b0b7ff284d6832d6675e1e69a393b8f59d8b2f0bd25243a66f3257654d3281df3853855d7e5d6629eab8dde495b5cdb5561242cdc44ec6253844506decce005518fee94964d44eca979cb45bc073a8abb847c2 C:\Users\Admin\AppData\Local\Temp\623eeeaa50222b04c502c65aa6fee5342c4640a10b50c882b388fdeda0f21478.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\623eeeaa50222b04c502c65aa6fee5342c4640a10b50c882b388fdeda0f21478.exe

"C:\Users\Admin\AppData\Local\Temp\623eeeaa50222b04c502c65aa6fee5342c4640a10b50c882b388fdeda0f21478.exe"

Network

Country Destination Domain Proto
N/A 8.8.8.8:53 www.2dama.com udp
N/A 147.255.233.71:80 www.2dama.com tcp
N/A 147.255.233.71:80 www.2dama.com tcp
N/A 8.8.8.8:53 hm.baidu.com udp
N/A 8.8.8.8:53 mitao5.tv udp
N/A 103.235.46.191:443 hm.baidu.com tcp
N/A 103.235.46.191:443 hm.baidu.com tcp
N/A 154.198.231.227:8443 mitao5.tv tcp
N/A 154.198.231.227:8443 mitao5.tv tcp
N/A 8.8.8.8:53 cdn.staticfile.org udp
N/A 8.8.8.8:53 n0499.com udp
N/A 8.8.8.8:53 n0600.com udp
N/A 8.8.8.8:53 u0081.com udp
N/A 8.8.8.8:53 vcawmm.com udp
N/A 8.8.8.8:53 539397377.com udp
N/A 8.8.8.8:53 223969ufy.com udp
N/A 8.8.8.8:53 297892531.com udp
N/A 8.8.8.8:53 613711567.com udp
N/A 8.8.8.8:53 kvexx.com udp
N/A 8.8.8.8:53 kvezz.com udp
N/A 8.8.8.8:53 kzeaa.com udp
N/A 47.246.48.206:443 cdn.staticfile.org tcp
N/A 47.246.48.206:443 cdn.staticfile.org tcp
N/A 8.8.8.8:53 kzerr.com udp
N/A 8.8.8.8:53 kveww.com udp
N/A 8.8.8.8:53 kzeii.com udp
N/A 8.8.8.8:53 kvemm.com udp
N/A 8.8.8.8:53 kzecc.com udp
N/A 8.8.8.8:53 616182863.com udp
N/A 8.8.8.8:53 p.qlogo.cn udp
N/A 8.8.8.8:53 taiwtp1.com udp
N/A 47.75.19.145:443 616182863.com tcp
N/A 104.208.86.153:443 u0081.com tcp
N/A 8.8.8.8:53 de88deggtp89.com udp
N/A 8.8.8.8:53 dimg04.c-ctrip.com udp
N/A 8.8.8.8:53 img.9275x.com udp
N/A 8.8.8.8:53 img.2588u.com udp
N/A 8.8.8.8:53 img.byznc.xyz udp
N/A 8.8.8.8:53 kaiyuan-advertising.oss-cn-hongkong.aliyuncs.com udp
N/A 8.8.8.8:53 ak-d.tripcdn.com udp
N/A 8.8.8.8:53 cdn.jsdelivr.net udp
N/A 47.75.19.145:443 616182863.com tcp
N/A 104.74.225.127:443 dimg04.c-ctrip.com tcp
N/A 104.74.225.127:443 dimg04.c-ctrip.com tcp
N/A 104.208.86.153:443 u0081.com tcp
N/A 220.128.218.220:443 taiwtp1.com tcp
N/A 220.128.218.220:443 taiwtp1.com tcp
N/A 47.75.19.145:443 616182863.com tcp
N/A 47.75.19.145:443 616182863.com tcp
N/A 8.8.8.8:53 ocsp.digicert.cn udp
N/A 151.101.1.229:443 cdn.jsdelivr.net tcp
N/A 151.101.1.229:443 cdn.jsdelivr.net tcp
N/A 104.74.225.139:443 ak-d.tripcdn.com tcp
N/A 104.74.225.139:443 ak-d.tripcdn.com tcp
N/A 47.246.48.205:80 ocsp.digicert.cn tcp
N/A 93.184.220.29:80 tcp
N/A 47.75.19.39:443 kaiyuan-advertising.oss-cn-hongkong.aliyuncs.com tcp
N/A 47.75.19.39:443 kaiyuan-advertising.oss-cn-hongkong.aliyuncs.com tcp
N/A 43.154.254.32:443 p.qlogo.cn tcp
N/A 43.154.254.32:443 p.qlogo.cn tcp
N/A 104.143.94.110:443 kzeii.com tcp
N/A 104.143.94.110:443 kzeii.com tcp
N/A 104.143.94.110:443 kzeii.com tcp
N/A 104.143.94.110:443 kzeii.com tcp
N/A 67.198.205.125:443 kzeaa.com tcp
N/A 67.198.205.125:443 kzeaa.com tcp
N/A 78.46.107.74:443 kvemm.com tcp
N/A 78.46.107.74:443 kvemm.com tcp
N/A 47.75.19.145:443 616182863.com tcp
N/A 47.75.19.145:443 616182863.com tcp
N/A 20.78.78.186:443 u0081.com tcp
N/A 20.78.78.186:443 u0081.com tcp
N/A 47.75.19.145:443 616182863.com tcp
N/A 47.75.19.145:443 616182863.com tcp
N/A 45.154.215.92:443 kvezz.com tcp
N/A 45.154.215.92:443 kvezz.com tcp
N/A 45.154.215.92:443 kvezz.com tcp
N/A 45.154.215.92:443 kvezz.com tcp
N/A 104.143.94.110:443 kzeii.com tcp
N/A 104.143.94.110:443 kzeii.com tcp
N/A 64.32.13.142:443 kzecc.com tcp
N/A 64.32.13.142:443 kzecc.com tcp
N/A 23.225.228.58:443 img.byznc.xyz tcp
N/A 23.225.228.58:443 img.byznc.xyz tcp
N/A 20.243.252.217:443 u0081.com tcp
N/A 20.243.252.217:443 u0081.com tcp
N/A 23.224.145.233:80 de88deggtp89.com tcp
N/A 23.224.145.233:80 de88deggtp89.com tcp
N/A 23.225.228.58:443 img.byznc.xyz tcp
N/A 23.225.228.58:443 img.byznc.xyz tcp
N/A 103.170.15.66:443 vcawmm.com tcp
N/A 103.170.15.66:443 vcawmm.com tcp
N/A 103.170.15.111:443 223969ufy.com tcp
N/A 103.170.15.111:443 223969ufy.com tcp
N/A 23.225.228.58:443 img.byznc.xyz tcp
N/A 23.225.228.58:443 img.byznc.xyz tcp
N/A 8.8.8.8:53 kvkiii.top udp
N/A 104.21.234.204:443 kvkiii.top tcp
N/A 104.21.234.204:443 kvkiii.top tcp
N/A 8.8.8.8:53 k68tkg.com udp
N/A 8.8.8.8:53 yaoji666.oss-cn-hongkong.aliyuncs.com udp
N/A 8.8.8.8:53 65211351892.com udp
N/A 47.75.19.16:443 yaoji666.oss-cn-hongkong.aliyuncs.com tcp
N/A 47.75.19.16:443 yaoji666.oss-cn-hongkong.aliyuncs.com tcp
N/A 8.8.8.8:53 u1055.com udp
N/A 8.8.8.8:53 vecukb.com udp
N/A 8.8.8.8:53 n0533.com udp
N/A 8.8.8.8:53 253669vqx.com udp
N/A 8.8.8.8:53 537882736.com udp
N/A 8.8.8.8:53 3338635.com udp
N/A 8.8.8.8:53 dl66d.com udp
N/A 8.8.8.8:53 upffxs6.com udp
N/A 20.243.252.217:443 n0533.com tcp
N/A 20.243.252.217:443 n0533.com tcp
N/A 185.135.77.234:443 dl66d.com tcp
N/A 185.135.77.234:443 dl66d.com tcp
N/A 8.8.8.8:53 kvhooo.top udp
N/A 47.75.19.145:443 537882736.com tcp
N/A 47.75.19.145:443 537882736.com tcp
N/A 8.8.8.8:53 yinyongbao3.app udp
N/A 172.67.139.162:443 kvhooo.top tcp
N/A 8.8.8.8:53 kvheee.top udp
N/A 8.8.8.8:53 x2.c.lencr.org udp
N/A 103.170.15.66:443 vecukb.com tcp
N/A 172.67.139.162:443 kvhooo.top tcp
N/A 103.170.15.66:443 vecukb.com tcp
N/A 8.8.8.8:53 kvhaaa.top udp
N/A 8.8.8.8:53 kvhttt.top udp
N/A 23.2.164.159:80 x2.c.lencr.org tcp
N/A 104.21.234.199:443 kvheee.top tcp
N/A 104.21.234.199:443 kvheee.top tcp
N/A 8.8.8.8:53 kvhsss.top udp
N/A 8.8.8.8:53 kvkggg.top udp
N/A 103.170.15.51:443 vecukb.com tcp
N/A 103.170.15.51:443 vecukb.com tcp
N/A 188.114.96.0:443 kvkggg.top tcp
N/A 188.114.96.0:443 kvkggg.top tcp
N/A 103.170.15.88:443 upffxs6.com tcp
N/A 103.170.15.88:443 upffxs6.com tcp
N/A 45.61.212.131:443 vecukb.com tcp
N/A 45.61.212.131:443 vecukb.com tcp
N/A 8.8.8.8:53 e1.o.lencr.org udp
N/A 188.114.96.0:443 kvkggg.top tcp
N/A 172.67.218.101:443 kvhaaa.top tcp
N/A 172.67.218.101:443 kvhaaa.top tcp
N/A 103.170.15.81:443 upffxs6.com tcp
N/A 103.170.15.81:443 upffxs6.com tcp
N/A 188.114.96.0:443 kvkggg.top tcp
N/A 45.61.212.55:443 upffxs6.com tcp
N/A 45.61.212.55:443 upffxs6.com tcp
N/A 104.109.143.99:80 e1.o.lencr.org tcp
N/A 103.170.15.91:443 upffxs6.com tcp
N/A 103.170.15.91:443 upffxs6.com tcp
N/A 8.8.8.8:53 ali2.a.yximgs.com udp
N/A 47.246.48.229:443 ali2.a.yximgs.com tcp
N/A 8.8.8.8:53 tx2.a.yximgs.com udp
N/A 47.246.48.229:443 ali2.a.yximgs.com tcp
N/A 8.8.8.8:53 static.yximgs.com udp
N/A 43.132.64.86:443 tx2.a.yximgs.com tcp
N/A 43.132.64.86:443 tx2.a.yximgs.com tcp
N/A 8.8.8.8:53 kvhqqq.top udp
N/A 104.109.143.99:80 e1.o.lencr.org tcp
N/A 104.109.143.99:80 e1.o.lencr.org tcp
N/A 188.114.97.0:443 kvkggg.top tcp
N/A 188.114.97.0:443 kvkggg.top tcp
N/A 104.109.143.7:443 static.yximgs.com tcp
N/A 104.109.143.7:443 static.yximgs.com tcp
N/A 104.109.143.99:80 e1.o.lencr.org tcp
N/A 104.21.235.197:443 kvhqqq.top tcp
N/A 104.21.235.197:443 kvhqqq.top tcp
N/A 8.238.23.254:80 tcp
N/A 8.238.23.254:80 tcp
N/A 47.75.19.39:443 kaiyuan-advertising.oss-cn-hongkong.aliyuncs.com tcp
N/A 45.154.215.92:443 kvezz.com tcp
N/A 47.75.19.145:443 537882736.com tcp
N/A 47.75.19.145:443 537882736.com tcp
N/A 20.222.141.126:443 n0533.com tcp
N/A 23.224.145.234:80 de88deggtp89.com tcp
N/A 51.116.253.170:443 tcp
N/A 93.184.221.240:80 tcp
N/A 93.184.221.240:80 tcp
N/A 93.184.221.240:80 tcp

Files

N/A