Analysis Overview
SHA256
2ce843364c8f6072de5759368c123f7b2924aa2c11d68d9394ea1e192b76fa18
Threat Level: Known bad
The file 8440316408.zip was found to be: Known bad.
Malicious Activity Summary
Azov
Modifies extensions of user files
Drops startup file
Reads user/profile data of web browsers
Adds Run key to start application
Enumerates connected drives
Drops file in Program Files directory
MITRE ATT&CK Matrix V6
Analysis: static1
Detonation Overview
Reported
2022-11-16 10:24
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2022-11-16 10:24
Reported
2022-11-16 10:26
Platform
win7-20221111-en
Max time kernel
149s
Max time network
33s
Command Line
Signatures
Azov
Modifies extensions of user files
| Description | Indicator | Process | Target |
| File renamed | C:\Users\Admin\Pictures\BlockStep.raw => C:\Users\Admin\Pictures\BlockStep.raw.azov | C:\Users\Admin\AppData\Local\Temp\650f0d694c0928d88aeeed649cf629fc8a7bec604563bca716b1688227e0cc7e.exe | N/A |
| File opened for modification | C:\Users\Admin\Pictures\ClearPush.tiff | C:\Users\Admin\AppData\Local\Temp\650f0d694c0928d88aeeed649cf629fc8a7bec604563bca716b1688227e0cc7e.exe | N/A |
| File renamed | C:\Users\Admin\Pictures\ClearPush.tiff => C:\Users\Admin\Pictures\ClearPush.tiff.azov | C:\Users\Admin\AppData\Local\Temp\650f0d694c0928d88aeeed649cf629fc8a7bec604563bca716b1688227e0cc7e.exe | N/A |
| File renamed | C:\Users\Admin\Pictures\GroupApprove.raw => C:\Users\Admin\Pictures\GroupApprove.raw.azov | C:\Users\Admin\AppData\Local\Temp\650f0d694c0928d88aeeed649cf629fc8a7bec604563bca716b1688227e0cc7e.exe | N/A |
| File renamed | C:\Users\Admin\Pictures\InvokeRestart.tiff => C:\Users\Admin\Pictures\InvokeRestart.tiff.azov | C:\Users\Admin\AppData\Local\Temp\650f0d694c0928d88aeeed649cf629fc8a7bec604563bca716b1688227e0cc7e.exe | N/A |
| File renamed | C:\Users\Admin\Pictures\MountBlock.png => C:\Users\Admin\Pictures\MountBlock.png.azov | C:\Users\Admin\AppData\Local\Temp\650f0d694c0928d88aeeed649cf629fc8a7bec604563bca716b1688227e0cc7e.exe | N/A |
| File renamed | C:\Users\Admin\Pictures\StartAssert.tif => C:\Users\Admin\Pictures\StartAssert.tif.azov | C:\Users\Admin\AppData\Local\Temp\650f0d694c0928d88aeeed649cf629fc8a7bec604563bca716b1688227e0cc7e.exe | N/A |
| File renamed | C:\Users\Admin\Pictures\InitializePush.raw => C:\Users\Admin\Pictures\InitializePush.raw.azov | C:\Users\Admin\AppData\Local\Temp\650f0d694c0928d88aeeed649cf629fc8a7bec604563bca716b1688227e0cc7e.exe | N/A |
| File opened for modification | C:\Users\Admin\Pictures\InvokeRestart.tiff | C:\Users\Admin\AppData\Local\Temp\650f0d694c0928d88aeeed649cf629fc8a7bec604563bca716b1688227e0cc7e.exe | N/A |
| File renamed | C:\Users\Admin\Pictures\ProtectWrite.raw => C:\Users\Admin\Pictures\ProtectWrite.raw.azov | C:\Users\Admin\AppData\Local\Temp\650f0d694c0928d88aeeed649cf629fc8a7bec604563bca716b1688227e0cc7e.exe | N/A |
| File renamed | C:\Users\Admin\Pictures\SyncResolve.tif => C:\Users\Admin\Pictures\SyncResolve.tif.azov | C:\Users\Admin\AppData\Local\Temp\650f0d694c0928d88aeeed649cf629fc8a7bec604563bca716b1688227e0cc7e.exe | N/A |
Drops startup file
| Description | Indicator | Process | Target |
| File created | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RESTORE_FILES.txt | C:\Users\Admin\AppData\Local\Temp\650f0d694c0928d88aeeed649cf629fc8a7bec604563bca716b1688227e0cc7e.exe | N/A |
Reads user/profile data of web browsers
Adds Run key to start application
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run | C:\Users\Admin\AppData\Local\Temp\650f0d694c0928d88aeeed649cf629fc8a7bec604563bca716b1688227e0cc7e.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Bandera = "C:\\ProgramData\\rdpclient.exe" | C:\Users\Admin\AppData\Local\Temp\650f0d694c0928d88aeeed649cf629fc8a7bec604563bca716b1688227e0cc7e.exe | N/A |
Enumerates connected drives
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\InfoPath.en-us\SETUP.XML | C:\Users\Admin\AppData\Local\Temp\650f0d694c0928d88aeeed649cf629fc8a7bec604563bca716b1688227e0cc7e.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\LINES\BD10358_.GIF | C:\Users\Admin\AppData\Local\Temp\650f0d694c0928d88aeeed649cf629fc8a7bec604563bca716b1688227e0cc7e.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\bg_GreenTea.gif | C:\Users\Admin\AppData\Local\Temp\650f0d694c0928d88aeeed649cf629fc8a7bec604563bca716b1688227e0cc7e.exe | N/A |
| File created | C:\Program Files (x86)\Windows Sidebar\Gadgets\RSSFeeds.Gadget\en-US\js\RESTORE_FILES.txt | C:\Users\Admin\AppData\Local\Temp\650f0d694c0928d88aeeed649cf629fc8a7bec604563bca716b1688227e0cc7e.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-openide-options.xml | C:\Users\Admin\AppData\Local\Temp\650f0d694c0928d88aeeed649cf629fc8a7bec604563bca716b1688227e0cc7e.exe | N/A |
| File created | C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\en-US\RESTORE_FILES.txt | C:\Users\Admin\AppData\Local\Temp\650f0d694c0928d88aeeed649cf629fc8a7bec604563bca716b1688227e0cc7e.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\skins\default.vlt | C:\Users\Admin\AppData\Local\Temp\650f0d694c0928d88aeeed649cf629fc8a7bec604563bca716b1688227e0cc7e.exe | N/A |
| File opened for modification | C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\fr-FR\gadget.xml | C:\Users\Admin\AppData\Local\Temp\650f0d694c0928d88aeeed649cf629fc8a7bec604563bca716b1688227e0cc7e.exe | N/A |
| File opened for modification | C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\it-IT\css\settings.css | C:\Users\Admin\AppData\Local\Temp\650f0d694c0928d88aeeed649cf629fc8a7bec604563bca716b1688227e0cc7e.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\LINES\RESTORE_FILES.txt | C:\Users\Admin\AppData\Local\Temp\650f0d694c0928d88aeeed649cf629fc8a7bec604563bca716b1688227e0cc7e.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\CSharp\1033\RESTORE_FILES.txt | C:\Users\Admin\AppData\Local\Temp\650f0d694c0928d88aeeed649cf629fc8a7bec604563bca716b1688227e0cc7e.exe | N/A |
| File created | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.rcp.product_5.5.0.165303\RESTORE_FILES.txt | C:\Users\Admin\AppData\Local\Temp\650f0d694c0928d88aeeed649cf629fc8a7bec604563bca716b1688227e0cc7e.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.publisher.eclipse.nl_zh_4.4.0.v20140623020002.jar | C:\Users\Admin\AppData\Local\Temp\650f0d694c0928d88aeeed649cf629fc8a7bec604563bca716b1688227e0cc7e.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\AN01545_.WMF | C:\Users\Admin\AppData\Local\Temp\650f0d694c0928d88aeeed649cf629fc8a7bec604563bca716b1688227e0cc7e.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\TN00253_.WMF | C:\Users\Admin\AppData\Local\Temp\650f0d694c0928d88aeeed649cf629fc8a7bec604563bca716b1688227e0cc7e.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Office14\PUBBA\MSPUB4.BDR | C:\Users\Admin\AppData\Local\Temp\650f0d694c0928d88aeeed649cf629fc8a7bec604563bca716b1688227e0cc7e.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\lua\http\dialogs\error_window.html | C:\Users\Admin\AppData\Local\Temp\650f0d694c0928d88aeeed649cf629fc8a7bec604563bca716b1688227e0cc7e.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\CAPSULES\CAPSULES.INF | C:\Users\Admin\AppData\Local\Temp\650f0d694c0928d88aeeed649cf629fc8a7bec604563bca716b1688227e0cc7e.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\EXPEDITN\EXPEDITN.ELM | C:\Users\Admin\AppData\Local\Temp\650f0d694c0928d88aeeed649cf629fc8a7bec604563bca716b1688227e0cc7e.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Office14\1033\EADOCUMENTAPPROVAL_REVIEW.XSN | C:\Users\Admin\AppData\Local\Temp\650f0d694c0928d88aeeed649cf629fc8a7bec604563bca716b1688227e0cc7e.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBFTSCM\SCHEME16.CSS | C:\Users\Admin\AppData\Local\Temp\650f0d694c0928d88aeeed649cf629fc8a7bec604563bca716b1688227e0cc7e.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsBrowserUpgrade.html | C:\Users\Admin\AppData\Local\Temp\650f0d694c0928d88aeeed649cf629fc8a7bec604563bca716b1688227e0cc7e.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\4.png | C:\Users\Admin\AppData\Local\Temp\650f0d694c0928d88aeeed649cf629fc8a7bec604563bca716b1688227e0cc7e.exe | N/A |
| File created | C:\Program Files\Microsoft Games\Hearts\it-IT\RESTORE_FILES.txt | C:\Users\Admin\AppData\Local\Temp\650f0d694c0928d88aeeed649cf629fc8a7bec604563bca716b1688227e0cc7e.exe | N/A |
| File opened for modification | C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\es-ES\css\cpu.css | C:\Users\Admin\AppData\Local\Temp\650f0d694c0928d88aeeed649cf629fc8a7bec604563bca716b1688227e0cc7e.exe | N/A |
| File opened for modification | C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\46.png | C:\Users\Admin\AppData\Local\Temp\650f0d694c0928d88aeeed649cf629fc8a7bec604563bca716b1688227e0cc7e.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\BLUECALM\THMBNAIL.PNG | C:\Users\Admin\AppData\Local\Temp\650f0d694c0928d88aeeed649cf629fc8a7bec604563bca716b1688227e0cc7e.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\DD01157_.WMF | C:\Users\Admin\AppData\Local\Temp\650f0d694c0928d88aeeed649cf629fc8a7bec604563bca716b1688227e0cc7e.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0199469.WMF | C:\Users\Admin\AppData\Local\Temp\650f0d694c0928d88aeeed649cf629fc8a7bec604563bca716b1688227e0cc7e.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\SO00208_.WMF | C:\Users\Admin\AppData\Local\Temp\650f0d694c0928d88aeeed649cf629fc8a7bec604563bca716b1688227e0cc7e.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBSPAPR\ZPDIR27F.GIF | C:\Users\Admin\AppData\Local\Temp\650f0d694c0928d88aeeed649cf629fc8a7bec604563bca716b1688227e0cc7e.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.alert.ja_5.5.0.165303.jar | C:\Users\Admin\AppData\Local\Temp\650f0d694c0928d88aeeed649cf629fc8a7bec604563bca716b1688227e0cc7e.exe | N/A |
| File opened for modification | C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\en-US\js\service.js | C:\Users\Admin\AppData\Local\Temp\650f0d694c0928d88aeeed649cf629fc8a7bec604563bca716b1688227e0cc7e.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Office14\1033\WINWORD.DEV_F_COL.HXK | C:\Users\Admin\AppData\Local\Temp\650f0d694c0928d88aeeed649cf629fc8a7bec604563bca716b1688227e0cc7e.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\BLUECALM\BLUECALM.INF | C:\Users\Admin\AppData\Local\Temp\650f0d694c0928d88aeeed649cf629fc8a7bec604563bca716b1688227e0cc7e.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0090149.WMF | C:\Users\Admin\AppData\Local\Temp\650f0d694c0928d88aeeed649cf629fc8a7bec604563bca716b1688227e0cc7e.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0199423.WMF | C:\Users\Admin\AppData\Local\Temp\650f0d694c0928d88aeeed649cf629fc8a7bec604563bca716b1688227e0cc7e.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Office14\Custom.propdesc | C:\Users\Admin\AppData\Local\Temp\650f0d694c0928d88aeeed649cf629fc8a7bec604563bca716b1688227e0cc7e.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\locale\de\LC_MESSAGES\vlc.mo | C:\Users\Admin\AppData\Local\Temp\650f0d694c0928d88aeeed649cf629fc8a7bec604563bca716b1688227e0cc7e.exe | N/A |
| File opened for modification | C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\ja-JP\css\settings.css | C:\Users\Admin\AppData\Local\Temp\650f0d694c0928d88aeeed649cf629fc8a7bec604563bca716b1688227e0cc7e.exe | N/A |
| File created | C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\it-IT\RESTORE_FILES.txt | C:\Users\Admin\AppData\Local\Temp\650f0d694c0928d88aeeed649cf629fc8a7bec604563bca716b1688227e0cc7e.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Legal\ENU\RESTORE_FILES.txt | C:\Users\Admin\AppData\Local\Temp\650f0d694c0928d88aeeed649cf629fc8a7bec604563bca716b1688227e0cc7e.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\WB01839_.GIF | C:\Users\Admin\AppData\Local\Temp\650f0d694c0928d88aeeed649cf629fc8a7bec604563bca716b1688227e0cc7e.exe | N/A |
| File opened for modification | C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\NavigationRight_ButtonGraphic.png | C:\Users\Admin\AppData\Local\Temp\650f0d694c0928d88aeeed649cf629fc8a7bec604563bca716b1688227e0cc7e.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.browser.jdp.ja_5.5.0.165303.jar | C:\Users\Admin\AppData\Local\Temp\650f0d694c0928d88aeeed649cf629fc8a7bec604563bca716b1688227e0cc7e.exe | N/A |
| File created | C:\Program Files\Microsoft Games\FreeCell\en-US\RESTORE_FILES.txt | C:\Users\Admin\AppData\Local\Temp\650f0d694c0928d88aeeed649cf629fc8a7bec604563bca716b1688227e0cc7e.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\MyriadPro-It.otf | C:\Users\Admin\AppData\Local\Temp\650f0d694c0928d88aeeed649cf629fc8a7bec604563bca716b1688227e0cc7e.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\WHIRL2.WMF | C:\Users\Admin\AppData\Local\Temp\650f0d694c0928d88aeeed649cf629fc8a7bec604563bca716b1688227e0cc7e.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Office14\Bibliography\Sort\TITLE.XSL | C:\Users\Admin\AppData\Local\Temp\650f0d694c0928d88aeeed649cf629fc8a7bec604563bca716b1688227e0cc7e.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsPrintTemplate.html | C:\Users\Admin\AppData\Local\Temp\650f0d694c0928d88aeeed649cf629fc8a7bec604563bca716b1688227e0cc7e.exe | N/A |
| File created | C:\Program Files\Google\Chrome\Application\89.0.4389.114\Locales\RESTORE_FILES.txt | C:\Users\Admin\AppData\Local\Temp\650f0d694c0928d88aeeed649cf629fc8a7bec604563bca716b1688227e0cc7e.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\management\jmxremote.password.template | C:\Users\Admin\AppData\Local\Temp\650f0d694c0928d88aeeed649cf629fc8a7bec604563bca716b1688227e0cc7e.exe | N/A |
| File created | C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\EDGE\RESTORE_FILES.txt | C:\Users\Admin\AppData\Local\Temp\650f0d694c0928d88aeeed649cf629fc8a7bec604563bca716b1688227e0cc7e.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\bin\javaws.exe | C:\Users\Admin\AppData\Local\Temp\650f0d694c0928d88aeeed649cf629fc8a7bec604563bca716b1688227e0cc7e.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\security\java.security | C:\Users\Admin\AppData\Local\Temp\650f0d694c0928d88aeeed649cf629fc8a7bec604563bca716b1688227e0cc7e.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Australia\Brisbane | C:\Users\Admin\AppData\Local\Temp\650f0d694c0928d88aeeed649cf629fc8a7bec604563bca716b1688227e0cc7e.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Etc\UTC | C:\Users\Admin\AppData\Local\Temp\650f0d694c0928d88aeeed649cf629fc8a7bec604563bca716b1688227e0cc7e.exe | N/A |
| File created | C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\Proof.es\RESTORE_FILES.txt | C:\Users\Admin\AppData\Local\Temp\650f0d694c0928d88aeeed649cf629fc8a7bec604563bca716b1688227e0cc7e.exe | N/A |
| File created | C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\RESTORE_FILES.txt | C:\Users\Admin\AppData\Local\Temp\650f0d694c0928d88aeeed649cf629fc8a7bec604563bca716b1688227e0cc7e.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT+5 | C:\Users\Admin\AppData\Local\Temp\650f0d694c0928d88aeeed649cf629fc8a7bec604563bca716b1688227e0cc7e.exe | N/A |
| File opened for modification | C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_black_moon-waning-gibbous.png | C:\Users\Admin\AppData\Local\Temp\650f0d694c0928d88aeeed649cf629fc8a7bec604563bca716b1688227e0cc7e.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\IN00957_.WMF | C:\Users\Admin\AppData\Local\Temp\650f0d694c0928d88aeeed649cf629fc8a7bec604563bca716b1688227e0cc7e.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBSPAPR\PDIR20F.GIF | C:\Users\Admin\AppData\Local\Temp\650f0d694c0928d88aeeed649cf629fc8a7bec604563bca716b1688227e0cc7e.exe | N/A |
| File created | C:\Program Files\VideoLAN\VLC\lua\extensions\RESTORE_FILES.txt | C:\Users\Admin\AppData\Local\Temp\650f0d694c0928d88aeeed649cf629fc8a7bec604563bca716b1688227e0cc7e.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\650f0d694c0928d88aeeed649cf629fc8a7bec604563bca716b1688227e0cc7e.exe
"C:\Users\Admin\AppData\Local\Temp\650f0d694c0928d88aeeed649cf629fc8a7bec604563bca716b1688227e0cc7e.exe"
Network
Files
memory/1736-56-0x0000000000400000-0x0000000000409000-memory.dmp
memory/1736-55-0x00000000000A0000-0x00000000000A5000-memory.dmp
memory/1736-54-0x0000000000020000-0x0000000000027000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2022-11-16 10:24
Reported
2022-11-16 10:26
Platform
win10v2004-20220812-en
Max time kernel
141s
Max time network
134s
Command Line
Signatures
Azov
Modifies extensions of user files
Drops startup file
| Description | Indicator | Process | Target |
| File created | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RESTORE_FILES.txt | C:\Users\Admin\AppData\Local\Temp\650f0d694c0928d88aeeed649cf629fc8a7bec604563bca716b1688227e0cc7e.exe | N/A |
Reads user/profile data of web browsers
Adds Run key to start application
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run | C:\Users\Admin\AppData\Local\Temp\650f0d694c0928d88aeeed649cf629fc8a7bec604563bca716b1688227e0cc7e.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Bandera = "C:\\ProgramData\\rdpclient.exe" | C:\Users\Admin\AppData\Local\Temp\650f0d694c0928d88aeeed649cf629fc8a7bec604563bca716b1688227e0cc7e.exe | N/A |
Enumerates connected drives
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Program Files\WindowsApps\Microsoft.XboxIdentityProvider_12.50.6001.0_neutral_~_8wekyb3d8bbwe\AppxBlockMap.xml | C:\Users\Admin\AppData\Local\Temp\650f0d694c0928d88aeeed649cf629fc8a7bec604563bca716b1688227e0cc7e.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\s_filter_18.svg | C:\Users\Admin\AppData\Local\Temp\650f0d694c0928d88aeeed649cf629fc8a7bec604563bca716b1688227e0cc7e.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\core\dev\nls\de-de\ui-strings.js | C:\Users\Admin\AppData\Local\Temp\650f0d694c0928d88aeeed649cf629fc8a7bec604563bca716b1688227e0cc7e.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\Assets\Logos\Square44x44\PaintAppList.targetsize-256_altform-unplated.png | C:\Users\Admin\AppData\Local\Temp\650f0d694c0928d88aeeed649cf629fc8a7bec604563bca716b1688227e0cc7e.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\Microsoft.XboxApp_48.49.31001.0_x64__8wekyb3d8bbwe\Assets\GamesXboxHubAppList.targetsize-40_contrast-high.png | C:\Users\Admin\AppData\Local\Temp\650f0d694c0928d88aeeed649cf629fc8a7bec604563bca716b1688227e0cc7e.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\rna-main.js | C:\Users\Admin\AppData\Local\Temp\650f0d694c0928d88aeeed649cf629fc8a7bec604563bca716b1688227e0cc7e.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\update_tracking\org-netbeans-modules-editor-mimelookup-impl.xml | C:\Users\Admin\AppData\Local\Temp\650f0d694c0928d88aeeed649cf629fc8a7bec604563bca716b1688227e0cc7e.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\models\Url.model | C:\Users\Admin\AppData\Local\Temp\650f0d694c0928d88aeeed649cf629fc8a7bec604563bca716b1688227e0cc7e.exe | N/A |
| File created | C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\whatsnewsrc\script\RESTORE_FILES.txt | C:\Users\Admin\AppData\Local\Temp\650f0d694c0928d88aeeed649cf629fc8a7bec604563bca716b1688227e0cc7e.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\Multimedia\MPP\WindowsMedia.mpp | C:\Users\Admin\AppData\Local\Temp\650f0d694c0928d88aeeed649cf629fc8a7bec604563bca716b1688227e0cc7e.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\js\nls\nl-nl\ui-strings.js | C:\Users\Admin\AppData\Local\Temp\650f0d694c0928d88aeeed649cf629fc8a7bec604563bca716b1688227e0cc7e.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sign-services-auth\js\nls\es-es\RESTORE_FILES.txt | C:\Users\Admin\AppData\Local\Temp\650f0d694c0928d88aeeed649cf629fc8a7bec604563bca716b1688227e0cc7e.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft\EdgeWebView\Application\104.0.1293.47\ResiliencyLinks\Locales\cy.pak.DATA | C:\Users\Admin\AppData\Local\Temp\650f0d694c0928d88aeeed649cf629fc8a7bec604563bca716b1688227e0cc7e.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.ZuneVideo_10.19071.19011.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\contrast-white\SplashScreen.scale-125_contrast-white.png | C:\Users\Admin\AppData\Local\Temp\650f0d694c0928d88aeeed649cf629fc8a7bec604563bca716b1688227e0cc7e.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_18.1903.1152.0_x64__8wekyb3d8bbwe\images\FileText32x32.png | C:\Users\Admin\AppData\Local\Temp\650f0d694c0928d88aeeed649cf629fc8a7bec604563bca716b1688227e0cc7e.exe | N/A |
| File created | C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.53.77.0_x64__kzf8qxf38zg5c\SkypeBridge\RESTORE_FILES.txt | C:\Users\Admin\AppData\Local\Temp\650f0d694c0928d88aeeed649cf629fc8a7bec604563bca716b1688227e0cc7e.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\pi_brokers\RESTORE_FILES.txt | C:\Users\Admin\AppData\Local\Temp\650f0d694c0928d88aeeed649cf629fc8a7bec604563bca716b1688227e0cc7e.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\task-handler\js\selector.js | C:\Users\Admin\AppData\Local\Temp\650f0d694c0928d88aeeed649cf629fc8a7bec604563bca716b1688227e0cc7e.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft\EdgeWebView\Application\104.0.1293.47\ResiliencyLinks\Locales\ar.pak.DATA | C:\Users\Admin\AppData\Local\Temp\650f0d694c0928d88aeeed649cf629fc8a7bec604563bca716b1688227e0cc7e.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\Microsoft.Getstarted_8.2.22942.0_x64__8wekyb3d8bbwe\Assets\GetStartedAppList.targetsize-60.png | C:\Users\Admin\AppData\Local\Temp\650f0d694c0928d88aeeed649cf629fc8a7bec604563bca716b1688227e0cc7e.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_18.1903.1152.0_x64__8wekyb3d8bbwe\AppxMetadata\CodeIntegrity.cat | C:\Users\Admin\AppData\Local\Temp\650f0d694c0928d88aeeed649cf629fc8a7bec604563bca716b1688227e0cc7e.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\Microsoft.WebpImageExtension_1.0.22753.0_x64__8wekyb3d8bbwe\Assets\contrast-white\WideTile.scale-100_contrast-white.png | C:\Users\Admin\AppData\Local\Temp\650f0d694c0928d88aeeed649cf629fc8a7bec604563bca716b1688227e0cc7e.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\Microsoft.WindowsStore_11910.1002.5.0_x64__8wekyb3d8bbwe\Assets\AppTiles\StoreBadgeLogo.scale-200.png | C:\Users\Admin\AppData\Local\Temp\650f0d694c0928d88aeeed649cf629fc8a7bec604563bca716b1688227e0cc7e.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\editpdf\js\plugins\rhp\editpdf-selector.js | C:\Users\Admin\AppData\Local\Temp\650f0d694c0928d88aeeed649cf629fc8a7bec604563bca716b1688227e0cc7e.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\js\nls\ca-es\RESTORE_FILES.txt | C:\Users\Admin\AppData\Local\Temp\650f0d694c0928d88aeeed649cf629fc8a7bec604563bca716b1688227e0cc7e.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\js\nls\hr-hr\ui-strings.js | C:\Users\Admin\AppData\Local\Temp\650f0d694c0928d88aeeed649cf629fc8a7bec604563bca716b1688227e0cc7e.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Analysis Services\AS OLEDB\140\Resources\1033\RESTORE_FILES.txt | C:\Users\Admin\AppData\Local\Temp\650f0d694c0928d88aeeed649cf629fc8a7bec604563bca716b1688227e0cc7e.exe | N/A |
| File created | C:\Program Files\VideoLAN\VLC\plugins\audio_output\RESTORE_FILES.txt | C:\Users\Admin\AppData\Local\Temp\650f0d694c0928d88aeeed649cf629fc8a7bec604563bca716b1688227e0cc7e.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogoSmall.scale-80.png | C:\Users\Admin\AppData\Local\Temp\650f0d694c0928d88aeeed649cf629fc8a7bec604563bca716b1688227e0cc7e.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Place\RTL\contrast-white\MedTile.scale-100.png | C:\Users\Admin\AppData\Local\Temp\650f0d694c0928d88aeeed649cf629fc8a7bec604563bca716b1688227e0cc7e.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\themes\dark\share_icons.png | C:\Users\Admin\AppData\Local\Temp\650f0d694c0928d88aeeed649cf629fc8a7bec604563bca716b1688227e0cc7e.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft\EdgeWebView\Application\104.0.1293.47\ResiliencyLinks\resources.pak.DATA | C:\Users\Admin\AppData\Local\Temp\650f0d694c0928d88aeeed649cf629fc8a7bec604563bca716b1688227e0cc7e.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.help.ui_4.0.100.v20140401-0608.jar | C:\Users\Admin\AppData\Local\Temp\650f0d694c0928d88aeeed649cf629fc8a7bec604563bca716b1688227e0cc7e.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\1033\officeinventoryagentfallback.xml | C:\Users\Admin\AppData\Local\Temp\650f0d694c0928d88aeeed649cf629fc8a7bec604563bca716b1688227e0cc7e.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\modules\ext\locale\updater_zh_CN.jar | C:\Users\Admin\AppData\Local\Temp\650f0d694c0928d88aeeed649cf629fc8a7bec604563bca716b1688227e0cc7e.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-profiling_zh_CN.jar | C:\Users\Admin\AppData\Local\Temp\650f0d694c0928d88aeeed649cf629fc8a7bec604563bca716b1688227e0cc7e.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\Access2019R_OEM_Perp-pl.xrm-ms | C:\Users\Admin\AppData\Local\Temp\650f0d694c0928d88aeeed649cf629fc8a7bec604563bca716b1688227e0cc7e.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Resources\1033\PowerPivotExcelClientAddIn.rll | C:\Users\Admin\AppData\Local\Temp\650f0d694c0928d88aeeed649cf629fc8a7bec604563bca716b1688227e0cc7e.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\Microsoft.WebMediaExtensions_1.0.20875.0_x64__8wekyb3d8bbwe\Assets\AppList.targetsize-20.png | C:\Users\Admin\AppData\Local\Temp\650f0d694c0928d88aeeed649cf629fc8a7bec604563bca716b1688227e0cc7e.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\js\nls\zh-tw\ui-strings.js | C:\Users\Admin\AppData\Local\Temp\650f0d694c0928d88aeeed649cf629fc8a7bec604563bca716b1688227e0cc7e.exe | N/A |
| File created | C:\Program Files\Common Files\System\ado\fr-FR\RESTORE_FILES.txt | C:\Users\Admin\AppData\Local\Temp\650f0d694c0928d88aeeed649cf629fc8a7bec604563bca716b1688227e0cc7e.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\config\Modules\org-openide-awt.xml | C:\Users\Admin\AppData\Local\Temp\650f0d694c0928d88aeeed649cf629fc8a7bec604563bca716b1688227e0cc7e.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Plugins2\AdobeHunspellPlugin\Dictionaries\en_GB\en_GB.aff | C:\Users\Admin\AppData\Local\Temp\650f0d694c0928d88aeeed649cf629fc8a7bec604563bca716b1688227e0cc7e.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Assets\AppList.targetsize-72_altform-lightunplated.png | C:\Users\Admin\AppData\Local\Temp\650f0d694c0928d88aeeed649cf629fc8a7bec604563bca716b1688227e0cc7e.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_Subscription3-pl.xrm-ms | C:\Users\Admin\AppData\Local\Temp\650f0d694c0928d88aeeed649cf629fc8a7bec604563bca716b1688227e0cc7e.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\SPRING\RESTORE_FILES.txt | C:\Users\Admin\AppData\Local\Temp\650f0d694c0928d88aeeed649cf629fc8a7bec604563bca716b1688227e0cc7e.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\Microsoft.WindowsAlarms_10.1906.2182.0_x64__8wekyb3d8bbwe\Assets\AlarmsAppList.contrast-white_targetsize-20_altform-unplated.png | C:\Users\Admin\AppData\Local\Temp\650f0d694c0928d88aeeed649cf629fc8a7bec604563bca716b1688227e0cc7e.exe | N/A |
| File created | C:\Program Files\Common Files\microsoft shared\MSInfo\de-DE\RESTORE_FILES.txt | C:\Users\Admin\AppData\Local\Temp\650f0d694c0928d88aeeed649cf629fc8a7bec604563bca716b1688227e0cc7e.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\VisioProR_OEM_Perp-ul-oob.xrm-ms | C:\Users\Admin\AppData\Local\Temp\650f0d694c0928d88aeeed649cf629fc8a7bec604563bca716b1688227e0cc7e.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\Microsoft.XboxApp_48.49.31001.0_x64__8wekyb3d8bbwe\Assets\GamesXboxHubAppList.targetsize-30_altform-unplated_contrast-high.png | C:\Users\Admin\AppData\Local\Temp\650f0d694c0928d88aeeed649cf629fc8a7bec604563bca716b1688227e0cc7e.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-recent-files-select\js\RESTORE_FILES.txt | C:\Users\Admin\AppData\Local\Temp\650f0d694c0928d88aeeed649cf629fc8a7bec604563bca716b1688227e0cc7e.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\ResiliencyLinks\Trust Protection Lists\Sigma\Staging.DATA | C:\Users\Admin\AppData\Local\Temp\650f0d694c0928d88aeeed649cf629fc8a7bec604563bca716b1688227e0cc7e.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft\EdgeWebView\Application\104.0.1293.47\ResiliencyLinks\Locales\nl.pak.DATA | C:\Users\Admin\AppData\Local\Temp\650f0d694c0928d88aeeed649cf629fc8a7bec604563bca716b1688227e0cc7e.exe | N/A |
| File created | C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\RedistList\RESTORE_FILES.txt | C:\Users\Admin\AppData\Local\Temp\650f0d694c0928d88aeeed649cf629fc8a7bec604563bca716b1688227e0cc7e.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.XboxApp_48.49.31001.0_neutral_split.scale-125_8wekyb3d8bbwe\AppxSignature.p7x | C:\Users\Admin\AppData\Local\Temp\650f0d694c0928d88aeeed649cf629fc8a7bec604563bca716b1688227e0cc7e.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\Microsoft.YourPhone_0.19051.7.0_x64__8wekyb3d8bbwe\Assets\AppTiles\contrast-black\AppIcon.targetsize-72_contrast-black.png | C:\Users\Admin\AppData\Local\Temp\650f0d694c0928d88aeeed649cf629fc8a7bec604563bca716b1688227e0cc7e.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\viewer\nls\en-gb\ui-strings.js | C:\Users\Admin\AppData\Local\Temp\650f0d694c0928d88aeeed649cf629fc8a7bec604563bca716b1688227e0cc7e.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\Excel2019VL_KMS_Client_AE-ul-oob.xrm-ms | C:\Users\Admin\AppData\Local\Temp\650f0d694c0928d88aeeed649cf629fc8a7bec604563bca716b1688227e0cc7e.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\Microsoft.HEIFImageExtension_1.0.22742.0_x64__8wekyb3d8bbwe\Assets\SmallTile.scale-150.png | C:\Users\Admin\AppData\Local\Temp\650f0d694c0928d88aeeed649cf629fc8a7bec604563bca716b1688227e0cc7e.exe | N/A |
| File created | C:\Program Files (x86)\WindowsPowerShell\Modules\Pester\3.4.0\RESTORE_FILES.txt | C:\Users\Admin\AppData\Local\Temp\650f0d694c0928d88aeeed649cf629fc8a7bec604563bca716b1688227e0cc7e.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\topnav.gif | C:\Users\Admin\AppData\Local\Temp\650f0d694c0928d88aeeed649cf629fc8a7bec604563bca716b1688227e0cc7e.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\Microsoft.WindowsCamera_2018.826.98.0_x64__8wekyb3d8bbwe\Assets\WindowsIcons\WindowsCameraAppList.contrast-white_targetsize-32.png | C:\Users\Admin\AppData\Local\Temp\650f0d694c0928d88aeeed649cf629fc8a7bec604563bca716b1688227e0cc7e.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\Microsoft.GetHelp_10.1706.13331.0_x64__8wekyb3d8bbwe\AppxManifest.xml | C:\Users\Admin\AppData\Local\Temp\650f0d694c0928d88aeeed649cf629fc8a7bec604563bca716b1688227e0cc7e.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\Microsoft.XboxGameOverlay_1.46.11001.0_x64__8wekyb3d8bbwe\Assets\GamesXboxHubSplashScreen.scale-200.png | C:\Users\Admin\AppData\Local\Temp\650f0d694c0928d88aeeed649cf629fc8a7bec604563bca716b1688227e0cc7e.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\650f0d694c0928d88aeeed649cf629fc8a7bec604563bca716b1688227e0cc7e.exe
"C:\Users\Admin\AppData\Local\Temp\650f0d694c0928d88aeeed649cf629fc8a7bec604563bca716b1688227e0cc7e.exe"
Network
| Country | Destination | Domain | Proto |
| N/A | 209.197.3.8:80 | tcp | |
| N/A | 209.197.3.8:80 | tcp | |
| N/A | 20.189.173.4:443 | tcp | |
| N/A | 13.107.21.200:443 | tcp |
Files
memory/1092-134-0x0000000000400000-0x0000000000409000-memory.dmp
memory/1092-132-0x0000000000020000-0x0000000000027000-memory.dmp
memory/1092-133-0x00000000001A0000-0x00000000001A5000-memory.dmp