ae0485631d5ede70adc0dddf753b64f82fb69116d41590e5a37bd1ddea007580

Analysis

max time kernel
204s
max time network
209s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
03/12/2022, 01:24 UTC

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ae0485631d5ede70adc0dddf753b64f82fb69116d41590e5a37bd1ddea007580.exe
Size

63KB
MD5

8882de96051d194c75188f17db77ed33
SHA1

3613514331b0e21513275c6bbc62ff391dd3efd1
SHA256

ae0485631d5ede70adc0dddf753b64f82fb69116d41590e5a37bd1ddea007580
SHA512

87095d8b63b0df61a36f938a2dcfe1fd540a1b157fbd53aec042ba83de1c485ff34d320ffe5787861adf10d2b3f27b411f061555abdf614acfca429fff3b67d1
SSDEEP

1536:la6Mcvi8Klp+hsxeS1XXuOHEDfjUQCiYpievTLvJrHLIuT8I42gdqnej:layiWCxeS1XXH4HyTLNIFV

Score

8^/10

Malware Config

Signatures

Executes dropped EXE 4 IoCs

pid	Process
1512	urdvxc.exe
1588	urdvxc.exe
976	urdvxc.exe
4800	urdvxc.exe

Drops file in System32 directory 3 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SysWOW64\urdvxc.exe	ae0485631d5ede70adc0dddf753b64f82fb69116d41590e5a37bd1ddea007580.exe
File created	C:\Windows\SysWOW64\urdvxc.exe	urdvxc.exe
File created	C:\Windows\SysWOW64\urdvxc.exe	ae0485631d5ede70adc0dddf753b64f82fb69116d41590e5a37bd1ddea007580.exe

Drops file in Program Files directory 57 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.ecf.core.feature_1.1.0.v20140827-1444\epl-v10.html	urdvxc.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.feature_3.9.0.v20140827-1444\about.html	urdvxc.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.feature_3.9.0.v20140827-1444\license.html	urdvxc.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\olh.htm	urdvxc.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.equinox.p2.rcp.feature_1.2.0.v20140523-0116\epl-v10.html	urdvxc.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.equinox.p2.rcp.feature_1.2.0.v20140523-0116\license.html	urdvxc.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.rcp_4.4.0.v20141007-2301\epl-v10.html	urdvxc.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\db\RELEASE-NOTES.html	urdvxc.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_ja_4.4.0.v20140623020002\epl-v10.html	urdvxc.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_zh_4.4.0.v20140623020002\epl-v10.html	urdvxc.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.e4.rcp_1.3.100.v20141007-2033\epl-v10.html	urdvxc.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.emf.ecore_2.10.1.v20140901-1043\license.html	urdvxc.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\olh001.htm	urdvxc.exe
File opened for modification	C:\Program Files\Java\jre1.8.0_66\jtlnctqk.exe	urdvxc.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\db\README-JDK.html	urdvxc.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_ja_4.4.0.v20140623020002\license.html	urdvxc.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\about.html	urdvxc.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.help_2.0.102.v20141007-2301\epl-v10.html	urdvxc.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\jre\Welcome.html	urdvxc.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.help_2.0.102.v20141007-2301\license.html	urdvxc.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\title.htm	urdvxc.exe
File opened for modification	C:\Program Files\Microsoft Office\Office16\OSPP.HTM	urdvxc.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.feature_3.9.1.v20140827-1444\license.html	urdvxc.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.equinox.launcher.win32.win32.x86_64_1.1.200.v20141007-2033\about.html	urdvxc.exe
File opened for modification	C:\Program Files\Java\jre1.8.0_66\Welcome.html	urdvxc.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.feature_3.9.0.v20140827-1444\epl-v10.html	urdvxc.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.emf.ecore_2.10.1.v20140901-1043\epl-v10.html	urdvxc.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.equinox.p2.core.feature_1.3.0.v20140523-0116\license.html	urdvxc.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\preface.htm	urdvxc.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\bklnbknw.exe	urdvxc.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\about.html	urdvxc.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\epl-v10.html	urdvxc.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\jre\sekbhrbe.exe	urdvxc.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_zh_4.4.0.v20140623020002\njqrsbcq.exe	urdvxc.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.ecf.core.feature_1.1.0.v20140827-1444\license.html	urdvxc.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\epl-v10.html	urdvxc.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.feature_3.9.1.v20140827-1444\epl-v10.html	urdvxc.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.feature_3.9.1.v20140827-1444\about.html	urdvxc.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.emf.common_2.10.1.v20140901-1043\epl-v10.html	urdvxc.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_ja_4.4.0.v20140623020002\nsstljje.exe	urdvxc.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.emf.common_2.10.1.v20140901-1043\license.html	urdvxc.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.rcp_4.4.0.v20141007-2301\license.html	urdvxc.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_zh_4.4.0.v20140623020002\about.html	urdvxc.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_ja_4.4.0.v20140623020002\about.html	urdvxc.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\license.html	urdvxc.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.equinox.p2.core.feature_1.3.0.v20140523-0116\epl-v10.html	urdvxc.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_zh_4.4.0.v20140623020002\license.html	urdvxc.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.ecf.core.feature_1.1.0.v20140827-1444\about.html	urdvxc.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.ssl.feature_1.0.0.v20140827-1444\epl-v10.html	urdvxc.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\db\qrhljwvn.exe	urdvxc.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.e4.rcp_1.3.100.v20141007-2033\license.html	urdvxc.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.ssl.feature_1.0.0.v20140827-1444\about.html	urdvxc.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\about.html	urdvxc.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\README.html	urdvxc.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\license.html	urdvxc.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.ssl.feature_1.0.0.v20140827-1444\license.html	urdvxc.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\html\cpyr.htm	urdvxc.exe

Modifies registry class 46 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{66E9A00C-64D1-4956-05AE-619DF5D22A84}\ = "hsjshnqvhknrhbjs"	urdvxc.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{2C803653-A26A-88C7-574B-3B28BF06C94C}\ = "essnjktbvrlhhtke"	urdvxc.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{5CA91ECD-564C-3E29-5336-C066EB2FABF6}\ = "bntxlqhhrkeljnwl"	urdvxc.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{7774BDCB-BC2A-526E-C798-34FA771E21D1}	urdvxc.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{3E88A8DA-6487-F103-FFE5-C2B0648486DC}\LocalServer32\ = "C:\\Program Files\\Java\\jdk1.8.0_66\\jre\\sekbhrbe.exe"	urdvxc.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{17B30228-FEAE-52CE-E831-3379C40FDBE8}\ = "rrnwbrtkkwwznkvn"	urdvxc.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{FA38FFC8-81C3-40CE-E4C5-8F7E0D6EA671}\ = "nkrneslbbshshkqj"	ae0485631d5ede70adc0dddf753b64f82fb69116d41590e5a37bd1ddea007580.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{66E9A00C-64D1-4956-05AE-619DF5D22A84}\ = "bkjttjtksttslbqv"	urdvxc.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{66E9A00C-64D1-4956-05AE-619DF5D22A84}\LocalServer32\ = "C:\\Windows\\SysWOW64\\urdvxc.exe"	urdvxc.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{66E9A00C-64D1-4956-05AE-619DF5D22A84}\LocalServer32	urdvxc.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{66E9A00C-64D1-4956-05AE-619DF5D22A84}\LocalServer32	urdvxc.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{5CA91ECD-564C-3E29-5336-C066EB2FABF6}	urdvxc.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{5CA91ECD-564C-3E29-5336-C066EB2FABF6}\LocalServer32\ = "C:\\Program Files\\Java\\jre1.8.0_66\\jtlnctqk.exe"	urdvxc.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{FA38FFC8-81C3-40CE-E4C5-8F7E0D6EA671}\LocalServer32	ae0485631d5ede70adc0dddf753b64f82fb69116d41590e5a37bd1ddea007580.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{66E9A00C-64D1-4956-05AE-619DF5D22A84}\ = "rzkvxksttsthesen"	urdvxc.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{3E88A8DA-6487-F103-FFE5-C2B0648486DC}\LocalServer32	urdvxc.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{17B30228-FEAE-52CE-E831-3379C40FDBE8}\LocalServer32	urdvxc.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{2C803653-A26A-88C7-574B-3B28BF06C94C}\LocalServer32	urdvxc.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{17B30228-FEAE-52CE-E831-3379C40FDBE8}\ = "bvvqxvntklkcktkr"	urdvxc.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{58F22A6B-E9C1-CE13-9AB2-6E6A8B42D5FD}\LocalServer32\ = "C:\\Program Files\\Java\\jdk1.8.0_66\\lib\\missioncontrol\\features\\org.eclipse.babel.nls_eclipse_zh_4.4.0.v20140623020002\\njqrsbcq.exe"	urdvxc.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{66E9A00C-64D1-4956-05AE-619DF5D22A84}\LocalServer32\ = "C:\\Windows\\SysWOW64\\urdvxc.exe"	urdvxc.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{66E9A00C-64D1-4956-05AE-619DF5D22A84}\LocalServer32\ = "C:\\Windows\\SysWOW64\\urdvxc.exe"	urdvxc.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{7774BDCB-BC2A-526E-C798-34FA771E21D1}\ = "kvxjknreekekwvqr"	urdvxc.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{3E88A8DA-6487-F103-FFE5-C2B0648486DC}\ = "nsnnslhsvrbzzhst"	urdvxc.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{17B30228-FEAE-52CE-E831-3379C40FDBE8}	urdvxc.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{FA38FFC8-81C3-40CE-E4C5-8F7E0D6EA671}\LocalServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ae0485631d5ede70adc0dddf753b64f82fb69116d41590e5a37bd1ddea007580.exe"	ae0485631d5ede70adc0dddf753b64f82fb69116d41590e5a37bd1ddea007580.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{66E9A00C-64D1-4956-05AE-619DF5D22A84}\LocalServer32	urdvxc.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{66E9A00C-64D1-4956-05AE-619DF5D22A84}	urdvxc.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{17B30228-FEAE-52CE-E831-3379C40FDBE8}\LocalServer32\ = "C:\\Program Files\\Java\\jdk1.8.0_66\\lib\\missioncontrol\\features\\org.eclipse.babel.nls_eclipse_ja_4.4.0.v20140623020002\\nsstljje.exe"	urdvxc.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{58F22A6B-E9C1-CE13-9AB2-6E6A8B42D5FD}\LocalServer32	urdvxc.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{66E9A00C-64D1-4956-05AE-619DF5D22A84}\LocalServer32	urdvxc.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{66E9A00C-64D1-4956-05AE-619DF5D22A84}	urdvxc.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{66E9A00C-64D1-4956-05AE-619DF5D22A84}\LocalServer32\ = "C:\\Windows\\SysWOW64\\urdvxc.exe"	urdvxc.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{7774BDCB-BC2A-526E-C798-34FA771E21D1}\LocalServer32\ = "C:\\Program Files\\Java\\jdk1.8.0_66\\db\\qrhljwvn.exe"	urdvxc.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{58F22A6B-E9C1-CE13-9AB2-6E6A8B42D5FD}\ = "eebtzkethkqbcnbl"	urdvxc.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{FA38FFC8-81C3-40CE-E4C5-8F7E0D6EA671}	ae0485631d5ede70adc0dddf753b64f82fb69116d41590e5a37bd1ddea007580.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{66E9A00C-64D1-4956-05AE-619DF5D22A84}\ = "qwennwrnznsrtzjw"	urdvxc.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{58F22A6B-E9C1-CE13-9AB2-6E6A8B42D5FD}\ = "sshernrjnlrellrv"	urdvxc.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{2C803653-A26A-88C7-574B-3B28BF06C94C}	urdvxc.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{2C803653-A26A-88C7-574B-3B28BF06C94C}\LocalServer32\ = "C:\\Program Files\\Java\\jdk1.8.0_66\\bklnbknw.exe"	urdvxc.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{5CA91ECD-564C-3E29-5336-C066EB2FABF6}\LocalServer32	urdvxc.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{66E9A00C-64D1-4956-05AE-619DF5D22A84}	urdvxc.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{66E9A00C-64D1-4956-05AE-619DF5D22A84}	urdvxc.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{7774BDCB-BC2A-526E-C798-34FA771E21D1}\LocalServer32	urdvxc.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{3E88A8DA-6487-F103-FFE5-C2B0648486DC}	urdvxc.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{58F22A6B-E9C1-CE13-9AB2-6E6A8B42D5FD}	urdvxc.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	1512	urdvxc.exe

Suspicious use of WriteProcessMemory 9 IoCs

description	pid	Process	procid_target
PID 1940 wrote to memory of 1512	1940	ae0485631d5ede70adc0dddf753b64f82fb69116d41590e5a37bd1ddea007580.exe	78
PID 1940 wrote to memory of 1512	1940	ae0485631d5ede70adc0dddf753b64f82fb69116d41590e5a37bd1ddea007580.exe	78
PID 1940 wrote to memory of 1512	1940	ae0485631d5ede70adc0dddf753b64f82fb69116d41590e5a37bd1ddea007580.exe	78
PID 1940 wrote to memory of 1588	1940	ae0485631d5ede70adc0dddf753b64f82fb69116d41590e5a37bd1ddea007580.exe	79
PID 1940 wrote to memory of 1588	1940	ae0485631d5ede70adc0dddf753b64f82fb69116d41590e5a37bd1ddea007580.exe	79
PID 1940 wrote to memory of 1588	1940	ae0485631d5ede70adc0dddf753b64f82fb69116d41590e5a37bd1ddea007580.exe	79
PID 1940 wrote to memory of 4800	1940	ae0485631d5ede70adc0dddf753b64f82fb69116d41590e5a37bd1ddea007580.exe	81
PID 1940 wrote to memory of 4800	1940	ae0485631d5ede70adc0dddf753b64f82fb69116d41590e5a37bd1ddea007580.exe	81
PID 1940 wrote to memory of 4800	1940	ae0485631d5ede70adc0dddf753b64f82fb69116d41590e5a37bd1ddea007580.exe	81

C:\Users\Admin\AppData\Local\Temp\ae0485631d5ede70adc0dddf753b64f82fb69116d41590e5a37bd1ddea007580.exe
"C:\Users\Admin\AppData\Local\Temp\ae0485631d5ede70adc0dddf753b64f82fb69116d41590e5a37bd1ddea007580.exe"
1⤵
- Drops file in System32 directory
- Modifies registry class
- Suspicious use of WriteProcessMemory
PID:1940
- C:\Windows\SysWOW64\urdvxc.exe
  C:\Windows\system32\urdvxc.exe /installservice
  2⤵
  - Executes dropped EXE
  - Modifies registry class
  - Suspicious use of AdjustPrivilegeToken
  PID:1512
- C:\Windows\SysWOW64\urdvxc.exe
  C:\Windows\system32\urdvxc.exe /start
  2⤵
  - Executes dropped EXE
  - Modifies registry class
  PID:1588
- C:\Windows\SysWOW64\urdvxc.exe
  C:\Windows\system32\urdvxc.exe /uninstallservice patch:C:\Users\Admin\AppData\Local\Temp\ae0485631d5ede70adc0dddf753b64f82fb69116d41590e5a37bd1ddea007580.exe
  2⤵
  - Executes dropped EXE
  - Modifies registry class
  PID:4800

C:\Windows\SysWOW64\urdvxc.exe
"C:\Windows\SysWOW64\urdvxc.exe" /service
1⤵
- Executes dropped EXE
- Drops file in System32 directory
- Drops file in Program Files directory
- Modifies registry class
PID:976

Network

No results found

104.110.191.133:80

322 B
7
104.110.191.133:80

322 B
7
211.189.41.185:139

urdvxc.exe

260 B
200 B
5
5
211.189.150.62:139

urdvxc.exe

156 B
3
211.189.220.8:139

urdvxc.exe

156 B
3
211.189.225.156:139

urdvxc.exe

156 B
3
211.189.208.74:139

urdvxc.exe

156 B
3
211.189.232.7:139

urdvxc.exe

156 B
3
211.189.194.147:139

urdvxc.exe

156 B
3
211.189.219.6:139

urdvxc.exe

156 B
3
211.189.232.69:139

urdvxc.exe

156 B
3
211.189.217.51:139

urdvxc.exe

156 B
3
211.189.253.20:139

urdvxc.exe

156 B
3
211.189.205.203:139

urdvxc.exe

156 B
3
211.189.229.73:139

urdvxc.exe

156 B
3
211.189.41.185:445

urdvxc.exe

156 B
3
211.189.217.86:139

urdvxc.exe

156 B
3
211.189.150.62:445

urdvxc.exe

156 B
3
211.189.220.8:445

urdvxc.exe

156 B
3
211.189.225.156:445

urdvxc.exe

156 B
3
211.189.219.80:139

urdvxc.exe

260 B
200 B
5
5
211.189.208.74:445

urdvxc.exe

156 B
3
211.189.232.7:445

urdvxc.exe

156 B
3
211.189.194.147:445

urdvxc.exe

156 B
3
211.189.219.6:445

urdvxc.exe

156 B
3
211.189.209.147:139

urdvxc.exe

260 B
200 B
5
5
211.189.232.69:445

urdvxc.exe

156 B
3
211.189.61.130:139

urdvxc.exe

156 B
3
211.189.217.51:445

urdvxc.exe

156 B
3
211.189.253.20:445

urdvxc.exe

156 B
3
211.189.205.203:445

urdvxc.exe

156 B
3
211.189.229.73:445

urdvxc.exe

156 B
3
211.189.246.206:139

urdvxc.exe

156 B
3
211.189.217.86:445

urdvxc.exe

156 B
3
211.189.217.165:139

urdvxc.exe

156 B
3
211.189.242.44:139

urdvxc.exe

156 B
3
211.189.237.152:139

urdvxc.exe

156 B
3
211.189.211.17:139

urdvxc.exe

156 B
3
211.189.194.10:139

urdvxc.exe

156 B
3
211.189.219.80:445

urdvxc.exe

156 B
3
211.189.243.142:139

urdvxc.exe

156 B
3
211.189.204.208:139

urdvxc.exe

156 B
3
211.189.209.147:445

urdvxc.exe

260 B
200 B
5
5
211.189.100.32:139

urdvxc.exe

156 B
3
211.189.61.130:445

urdvxc.exe

156 B
3
211.189.100.2:139

urdvxc.exe

156 B
3
211.189.209.70:139

urdvxc.exe

156 B
3
211.189.246.206:445

urdvxc.exe

156 B
3
211.189.217.165:445

urdvxc.exe

156 B
3
211.189.228.70:139

urdvxc.exe

156 B
3
211.189.242.44:445

urdvxc.exe

156 B
3
211.189.237.152:445

urdvxc.exe

156 B
3
211.189.211.17:445

urdvxc.exe

156 B
3
211.189.228.153:139

urdvxc.exe

156 B
3
211.189.125.166:139

urdvxc.exe

156 B
3
211.189.253.27:139

urdvxc.exe

156 B
3
211.189.194.10:445

urdvxc.exe

156 B
3
211.189.204.191:139

urdvxc.exe

156 B
3
211.189.243.142:445

urdvxc.exe

156 B
3
211.189.253.12:139

urdvxc.exe

156 B
3
211.189.2.55:139

urdvxc.exe

156 B
3
211.189.204.208:445

urdvxc.exe

156 B
3
211.189.100.32:445

urdvxc.exe

156 B
3
211.189.209.70:445

urdvxc.exe

156 B
3
211.189.100.2:445

urdvxc.exe

156 B
3
211.189.216.217:139

urdvxc.exe

156 B
3
211.189.141.133:139

urdvxc.exe

156 B
3
211.189.206.249:139

urdvxc.exe

156 B
3
211.189.217.175:139

urdvxc.exe

156 B
3
211.189.228.70:445

urdvxc.exe

156 B
3
211.189.206.241:139

urdvxc.exe

156 B
3
211.189.228.153:445

urdvxc.exe

156 B
3
211.189.125.166:445

urdvxc.exe

156 B
3
211.189.253.27:445

urdvxc.exe

156 B
3
211.189.223.47:139

urdvxc.exe

156 B
3
211.189.204.191:445

urdvxc.exe

156 B
3
211.189.253.12:445

urdvxc.exe

156 B
3
211.189.2.55:445

urdvxc.exe

156 B
3
211.189.228.175:139

urdvxc.exe

156 B
3
211.189.216.217:445

urdvxc.exe

156 B
3
211.189.141.133:445

urdvxc.exe

156 B
3
211.189.211.202:139

urdvxc.exe

260 B
200 B
5
5
211.189.216.55:139

urdvxc.exe

156 B
3
211.189.206.249:445

urdvxc.exe

156 B
3
211.189.217.175:445

urdvxc.exe

156 B
3
211.189.253.8:139

urdvxc.exe

156 B
3
211.189.225.198:139

urdvxc.exe

156 B
3
211.189.241.28:139

urdvxc.exe

156 B
3
211.189.216.40:139

urdvxc.exe

156 B
3
211.189.222.176:139

urdvxc.exe

156 B
3
211.189.205.222:139

urdvxc.exe

156 B
3
211.189.206.241:445

urdvxc.exe

156 B
3
211.189.222.136:139

urdvxc.exe

156 B
3
211.189.223.47:445

urdvxc.exe

156 B
3
211.189.37.184:139

urdvxc.exe

156 B
3
211.189.228.175:445

urdvxc.exe

156 B
3
211.189.211.202:445

urdvxc.exe

156 B
3
211.189.216.55:445

urdvxc.exe

156 B
3
211.189.200.204:139

urdvxc.exe

156 B
3
211.189.253.8:445

urdvxc.exe

156 B
3
211.189.225.198:445

urdvxc.exe

156 B
3
211.189.241.28:445

urdvxc.exe

156 B
3
211.189.216.40:445

urdvxc.exe

156 B
3
211.189.202.138:139

urdvxc.exe

156 B
3
211.189.222.176:445

urdvxc.exe

156 B
3
211.189.205.222:445

urdvxc.exe

156 B
3
211.189.202.41:139

urdvxc.exe

156 B
3
211.189.212.91:139

urdvxc.exe

260 B
200 B
5
5
211.189.222.136:445

urdvxc.exe

156 B
3
211.189.209.76:139

urdvxc.exe

156 B
3
211.189.37.184:445

urdvxc.exe

156 B
3
211.189.200.204:445

urdvxc.exe

156 B
3
211.189.219.57:139

urdvxc.exe

156 B
3
211.189.219.24:139

urdvxc.exe

156 B
3
211.189.202.138:445

urdvxc.exe

156 B
3
211.189.202.41:445

urdvxc.exe

156 B
3
211.189.192.101:139

urdvxc.exe

156 B
3
211.189.234.191:139

urdvxc.exe

156 B
3
211.189.212.91:445

urdvxc.exe

260 B
200 B
5
5
211.189.211.98:139

urdvxc.exe

156 B
3
211.189.241.115:139

urdvxc.exe

156 B
3
211.189.209.76:445

urdvxc.exe

156 B
3
211.189.204.18:139

urdvxc.exe

260 B
200 B
5
5
211.189.194.160:139

urdvxc.exe

156 B
3
211.189.219.57:445

urdvxc.exe

156 B
3
211.189.219.31:139

urdvxc.exe

260 B
200 B
5
5
211.189.219.241:139

urdvxc.exe

156 B
3
211.189.219.24:445

urdvxc.exe

156 B
3
211.189.196.23:139

urdvxc.exe

260 B
200 B
5
5
211.189.208.199:139

urdvxc.exe

260 B
200 B
5
5
211.189.219.105:139

urdvxc.exe

156 B
3
211.189.192.101:445

urdvxc.exe

156 B
3
211.189.234.191:445

urdvxc.exe

156 B
3
211.189.211.98:445

urdvxc.exe

156 B
3
211.189.223.33:139

urdvxc.exe

156 B
3
211.189.241.115:445

urdvxc.exe

156 B
3
211.189.211.101:139

urdvxc.exe

260 B
200 B
5
5
211.189.204.18:445

urdvxc.exe

260 B
200 B
5
5
211.189.212.30:139

urdvxc.exe

156 B
3
211.189.16.1:139

urdvxc.exe

156 B
3
211.189.194.160:445

urdvxc.exe

156 B
3
211.189.3.123:139

urdvxc.exe

156 B
3
211.189.203.7:139

urdvxc.exe

156 B
3
211.189.146.21:139

urdvxc.exe

156 B
3
211.189.211.245:139

urdvxc.exe

156 B
3
211.189.219.31:445

urdvxc.exe

156 B
3
211.189.219.241:445

urdvxc.exe

156 B
3
211.189.209.1:139

urdvxc.exe

260 B
200 B
5
5
211.189.228.197:139

urdvxc.exe

156 B
3
211.189.214.9:139

urdvxc.exe

156 B
3
211.189.100.4:139

urdvxc.exe

156 B
3
211.189.196.254:139

urdvxc.exe

260 B
200 B
5
5
211.189.196.23:445

urdvxc.exe

260 B
200 B
5
5
211.189.208.199:445

urdvxc.exe

156 B
3
211.189.216.209:139

urdvxc.exe

156 B
3
211.189.222.166:139

urdvxc.exe

156 B
3
211.189.210.107:139

urdvxc.exe

156 B
3
211.189.214.93:139

urdvxc.exe

156 B
3
211.189.219.105:445

urdvxc.exe

156 B
3
211.189.223.33:445

urdvxc.exe

156 B
3
211.189.202.62:139

urdvxc.exe

156 B
3
211.189.211.101:445

urdvxc.exe

156 B
3
211.189.215.199:139

urdvxc.exe

260 B
200 B
5
5
211.189.212.30:445

urdvxc.exe

156 B
3
211.189.16.1:445

urdvxc.exe

156 B
3
211.189.3.123:445

urdvxc.exe

156 B
3
211.189.203.7:445

urdvxc.exe

156 B
3
211.189.146.21:445

urdvxc.exe

156 B
3
211.189.211.245:445

urdvxc.exe

156 B
3
211.189.211.210:139

urdvxc.exe

260 B
200 B
5
5
211.189.209.1:445

urdvxc.exe

260 B
200 B
5
5
211.189.228.197:445

urdvxc.exe

156 B
3
211.189.214.9:445

urdvxc.exe

156 B
3
211.189.196.254:445

urdvxc.exe

260 B
200 B
5
5
211.189.100.4:445

urdvxc.exe

156 B
3
211.189.215.51:139

urdvxc.exe

156 B
3
211.189.216.209:445

urdvxc.exe

156 B
3
211.189.222.166:445

urdvxc.exe

156 B
3
211.189.210.107:445

urdvxc.exe

156 B
3
211.189.214.93:445

urdvxc.exe

156 B
3
211.189.216.53:139

urdvxc.exe

156 B
3
211.189.237.165:139

urdvxc.exe

156 B
3
211.189.202.62:445

urdvxc.exe

156 B
3
211.189.215.199:445

urdvxc.exe

156 B
3
211.189.218.235:139

urdvxc.exe

156 B
3
211.189.238.63:139

urdvxc.exe

156 B
3
211.189.99.20:139

urdvxc.exe

156 B
3
211.189.211.210:445

urdvxc.exe

156 B
3
211.189.194.158:139

urdvxc.exe

156 B
3
211.189.215.51:445

urdvxc.exe

156 B
3
211.189.207.104:139

urdvxc.exe

156 B
3
211.189.196.61:139

urdvxc.exe

156 B
3
211.189.196.89:139

urdvxc.exe

156 B
3
211.189.220.36:139

urdvxc.exe

156 B
3
211.189.216.53:445

urdvxc.exe

156 B
3
211.189.237.165:445

urdvxc.exe

156 B
3
211.189.214.26:139

urdvxc.exe

156 B
3
211.189.244.50:139

urdvxc.exe

156 B
3
211.189.206.153:139

urdvxc.exe

260 B
200 B
5
5
211.189.219.47:139

urdvxc.exe

156 B
3
211.189.218.235:445

urdvxc.exe

156 B
3
211.189.225.137:139

urdvxc.exe

156 B
3
211.189.238.63:445

urdvxc.exe

156 B
3
211.189.99.20:445

urdvxc.exe

156 B
3
211.189.217.123:139

urdvxc.exe

156 B
3
211.189.194.158:445

urdvxc.exe

156 B
3
211.189.207.104:445

urdvxc.exe

156 B
3
211.189.196.61:445

urdvxc.exe

156 B
3
211.189.196.89:445

urdvxc.exe

156 B
3
211.189.220.36:445

urdvxc.exe

156 B
3
211.189.215.21:139

urdvxc.exe

260 B
200 B
5
5
211.189.194.225:139

urdvxc.exe

156 B
3
211.189.205.219:139

urdvxc.exe

156 B
3
211.189.237.169:139

urdvxc.exe

156 B
3
211.189.214.26:445

urdvxc.exe

156 B
3
211.189.216.41:139

urdvxc.exe

156 B
3
211.189.244.50:445

urdvxc.exe

156 B
3
211.189.241.96:139

urdvxc.exe

156 B
3
211.189.206.153:445

urdvxc.exe

260 B
200 B
5
5
211.189.210.11:139

urdvxc.exe

156 B
3
211.189.209.103:139

urdvxc.exe

156 B
3
211.189.36.155:139

urdvxc.exe

156 B
3
211.189.219.47:445

urdvxc.exe

156 B
3
211.189.225.137:445

urdvxc.exe

156 B
3
211.189.219.102:139

urdvxc.exe

156 B
3
211.189.217.123:445

urdvxc.exe

156 B
3
211.189.137.248:139

urdvxc.exe

156 B
3
211.189.194.225:445

urdvxc.exe

156 B
3
211.189.215.21:445

urdvxc.exe

156 B
3
211.189.205.219:445

urdvxc.exe

156 B
3
211.189.224.132:139

urdvxc.exe

156 B
3
211.189.200.192:139

urdvxc.exe

260 B
200 B
5
5
211.189.237.169:445

urdvxc.exe

156 B
3
211.189.216.41:445

urdvxc.exe

156 B
3
211.189.215.235:139

urdvxc.exe

260 B
200 B
5
5
211.189.241.96:445

urdvxc.exe

156 B
3
211.189.210.11:445

urdvxc.exe

156 B
3
211.189.237.176:139

urdvxc.exe

156 B
3
211.189.209.103:445

urdvxc.exe

156 B
3
211.189.206.26:139

urdvxc.exe

156 B
3
211.189.36.155:445

urdvxc.exe

156 B
3
211.189.219.192:139

urdvxc.exe

260 B
200 B
5
5
211.189.219.102:445

urdvxc.exe

156 B
3
211.189.41.141:139

urdvxc.exe

260 B
200 B
5
5
211.189.216.43:139

urdvxc.exe

156 B
3
211.189.137.248:445

urdvxc.exe

156 B
3
211.189.196.29:139

urdvxc.exe

156 B
3
211.189.241.31:139

urdvxc.exe

156 B
3
211.189.193.20:139

urdvxc.exe

156 B
3
211.189.220.108:139

urdvxc.exe

156 B
3
211.189.206.27:139

urdvxc.exe

156 B
3
211.189.219.41:139

urdvxc.exe

156 B
3
211.189.224.132:445

urdvxc.exe

156 B
3
211.189.225.173:139

urdvxc.exe

156 B
3
211.189.200.192:445

urdvxc.exe

260 B
200 B
5
5
211.189.215.235:445

urdvxc.exe

156 B
3
211.189.237.176:445

urdvxc.exe

156 B
3
211.189.206.26:445

urdvxc.exe

156 B
3
211.189.220.4:139

urdvxc.exe

156 B
3
211.189.219.192:445

urdvxc.exe

156 B
3
211.189.41.141:445

urdvxc.exe

260 B
200 B
5
5
211.189.199.121:139

urdvxc.exe

156 B
3
211.189.216.237:139

urdvxc.exe

156 B
3
211.189.216.43:445

urdvxc.exe

156 B
3
211.189.196.29:445

urdvxc.exe

156 B
3
211.189.241.31:445

urdvxc.exe

156 B
3
211.189.193.20:445

urdvxc.exe

156 B
3
211.189.220.65:139

urdvxc.exe

260 B
200 B
5
5
211.189.220.108:445

urdvxc.exe

156 B
3
211.189.206.27:445

urdvxc.exe

156 B
3
211.189.219.41:445

urdvxc.exe

156 B
3
211.189.211.14:139

urdvxc.exe

156 B
3
211.189.225.173:445

urdvxc.exe

156 B
3
211.189.219.37:139

urdvxc.exe

156 B
3
211.189.211.170:139

urdvxc.exe

156 B
3
211.189.223.169:139

urdvxc.exe

156 B
3
211.189.192.4:139

urdvxc.exe

156 B
3
211.189.218.206:139

urdvxc.exe

156 B
3
211.189.220.4:445

urdvxc.exe

156 B
3
211.189.199.121:445

urdvxc.exe

156 B
3
211.189.211.120:139

urdvxc.exe

260 B
200 B
5
5
211.189.216.237:445

urdvxc.exe

156 B
3
211.189.202.188:139

urdvxc.exe

260 B
200 B
5
5
211.189.220.65:445

urdvxc.exe

260 B
200 B
5
5
211.189.141.21:139

urdvxc.exe

156 B
3
211.189.211.14:445

urdvxc.exe

156 B
3
211.189.206.176:139

urdvxc.exe

156 B
3
211.189.219.37:445

urdvxc.exe

156 B
3
211.189.208.70:139

urdvxc.exe

260 B
200 B
5
5
211.189.211.170:445

urdvxc.exe

156 B
3
211.189.199.74:139

urdvxc.exe

156 B
3
211.189.223.169:445

urdvxc.exe

156 B
3
211.189.219.67:139

urdvxc.exe

156 B
3
211.189.192.4:445

urdvxc.exe

156 B
3
211.189.218.206:445

urdvxc.exe

156 B
3
211.189.192.87:139

urdvxc.exe

156 B
3
211.189.205.96:139

urdvxc.exe

260 B
200 B
5
5
211.189.209.39:139

urdvxc.exe

260 B
200 B
5
5
211.189.211.120:445

urdvxc.exe

156 B
3
211.189.194.137:139

urdvxc.exe

156 B
3
211.189.202.188:445

urdvxc.exe

260 B
200 B
5
5
211.189.222.14:139

urdvxc.exe

156 B
3
211.189.141.21:445

urdvxc.exe

156 B
3
211.189.206.176:445

urdvxc.exe

156 B
3
211.189.218.198:139

urdvxc.exe

156 B
3
211.189.208.70:445

urdvxc.exe

156 B
3
211.189.194.177:139

urdvxc.exe

156 B
3
211.189.199.74:445

urdvxc.exe

156 B
3
211.189.228.167:139

urdvxc.exe

156 B
3
211.189.219.67:445

urdvxc.exe

156 B
3
211.189.223.132:139

urdvxc.exe

156 B
3
211.189.192.87:445

urdvxc.exe

156 B
3
211.189.206.186:139

urdvxc.exe

156 B
3
211.189.205.96:445

urdvxc.exe

260 B
200 B
5
5
211.189.209.39:445

urdvxc.exe

260 B
200 B
5
5
211.189.194.137:445

urdvxc.exe

156 B
3
211.189.222.14:445

urdvxc.exe

156 B
3
211.189.199.105:139

urdvxc.exe

156 B
3
211.189.222.28:139

urdvxc.exe

156 B
3
211.189.209.113:139

urdvxc.exe

260 B
200 B
5
5
211.189.16.30:139

urdvxc.exe

156 B
3
211.189.218.198:445

urdvxc.exe

156 B
3
211.189.216.112:139

urdvxc.exe

156 B
3
211.189.194.177:445

urdvxc.exe

156 B
3
211.189.228.167:445

urdvxc.exe

156 B
3
211.189.210.101:139

urdvxc.exe

156 B
3
211.189.205.221:139

urdvxc.exe

156 B
3
211.189.216.135:139

urdvxc.exe

260 B
200 B
5
5
211.189.223.132:445

urdvxc.exe

156 B
3
211.189.208.124:139

urdvxc.exe

156 B
3
211.189.206.186:445

urdvxc.exe

156 B
3
211.189.203.132:139

urdvxc.exe

156 B
3
211.189.194.155:139

urdvxc.exe

156 B
3
211.189.204.220:139

urdvxc.exe

156 B
3
211.189.194.220:139

urdvxc.exe

156 B
3
211.189.223.109:139

urdvxc.exe

156 B
3
211.189.199.105:445

urdvxc.exe

156 B
3
211.189.222.28:445

urdvxc.exe

156 B
3
211.189.209.113:445

urdvxc.exe

260 B
200 B
5
5
211.189.16.30:445

urdvxc.exe

156 B
3
211.189.203.255:139

urdvxc.exe

156 B
3
211.189.216.112:445

urdvxc.exe

156 B
3
211.189.210.101:445

urdvxc.exe

156 B
3
211.189.205.221:445

urdvxc.exe

156 B
3
211.189.217.32:139

urdvxc.exe

156 B
3
211.189.216.135:445

urdvxc.exe

260 B
200 B
5
5
211.189.228.114:139

urdvxc.exe

156 B
3
211.189.208.124:445

urdvxc.exe

156 B
3
211.189.203.132:445

urdvxc.exe

156 B
3
211.189.220.121:139

urdvxc.exe

260 B
200 B
5
5
211.189.137.252:139

urdvxc.exe

156 B
3
211.189.205.249:139

urdvxc.exe

260 B
200 B
5
5
211.189.194.155:445

urdvxc.exe

156 B
3
211.189.241.21:139

urdvxc.exe

156 B
3
211.189.141.52:139

urdvxc.exe

156 B
3
211.189.204.220:445

urdvxc.exe

156 B
3
211.189.194.220:445

urdvxc.exe

156 B
3
211.189.223.109:445

urdvxc.exe

156 B
3
211.189.218.243:139

urdvxc.exe

156 B
3
211.189.216.167:139

urdvxc.exe

156 B
3
211.189.214.4:139

urdvxc.exe

156 B
3
211.189.203.255:445

urdvxc.exe

156 B
3
211.189.206.188:139

urdvxc.exe

260 B
200 B
5
5
211.189.200.17:139

urdvxc.exe

156 B
3
211.189.217.17:139

urdvxc.exe

156 B
3
211.189.100.36:139

urdvxc.exe

156 B
3
211.189.228.24:139

urdvxc.exe

156 B
3
211.189.217.32:445

urdvxc.exe

156 B
3
211.189.228.114:445

urdvxc.exe

156 B
3
211.189.202.199:139

urdvxc.exe

260 B
200 B
5
5
211.189.220.121:445

urdvxc.exe

260 B
200 B
5
5
211.189.137.252:445

urdvxc.exe

156 B
3
211.189.205.249:445

urdvxc.exe

260 B
200 B
5
5
211.189.241.21:445

urdvxc.exe

156 B
3
211.189.141.52:445

urdvxc.exe

156 B
3
211.189.209.145:139

urdvxc.exe

156 B
3
211.189.218.243:445

urdvxc.exe

156 B
3
211.189.216.184:139

urdvxc.exe

156 B
3
211.189.216.167:445

urdvxc.exe

156 B
3
211.189.137.236:139

urdvxc.exe

156 B
3
211.189.214.4:445

urdvxc.exe

156 B
3
211.189.229.92:139

urdvxc.exe

156 B
3
211.189.206.188:445

urdvxc.exe

260 B
200 B
5
5
211.189.194.7:139

urdvxc.exe

156 B
3
211.189.225.160:139

urdvxc.exe

156 B
3
211.189.200.17:445

urdvxc.exe

156 B
3
211.189.217.17:445

urdvxc.exe

156 B
3
211.189.218.207:139

urdvxc.exe

156 B
3
211.189.100.36:445

urdvxc.exe

156 B
3
211.189.228.24:445

urdvxc.exe

156 B
3
211.189.216.146:139

urdvxc.exe

156 B
3
211.189.202.199:445

urdvxc.exe

260 B
200 B
5
5
211.189.194.235:139

urdvxc.exe

156 B
3
211.189.209.125:139

urdvxc.exe

260 B
200 B
5
5
211.189.209.145:445

urdvxc.exe

156 B
3
211.189.194.213:139

urdvxc.exe

156 B
3
211.189.216.184:445

urdvxc.exe

156 B
3
211.189.228.143:139

urdvxc.exe

156 B
3
211.189.204.185:139

urdvxc.exe

156 B
3
211.189.208.116:139

urdvxc.exe

156 B
3
211.189.137.236:445

urdvxc.exe

156 B
3
211.189.222.155:139

urdvxc.exe

156 B
3
211.189.229.92:445

urdvxc.exe

156 B
3
211.189.194.7:445

urdvxc.exe

156 B
3
211.189.225.160:445

urdvxc.exe

156 B
3
211.189.144.158:139

urdvxc.exe

156 B
3
211.189.218.207:445

urdvxc.exe

156 B
3
211.189.241.252:139

urdvxc.exe

156 B
3
211.189.216.146:445

urdvxc.exe

156 B
3
211.189.220.76:139

urdvxc.exe

156 B
3
211.189.206.9:139

urdvxc.exe

156 B
3
211.189.194.235:445

urdvxc.exe

156 B
3
211.189.209.125:445

urdvxc.exe

260 B
200 B
5
5
211.189.213.144:139

urdvxc.exe

156 B
3
211.189.194.213:445

urdvxc.exe

156 B
3
211.189.205.211:139

urdvxc.exe

156 B
3
211.189.232.61:139

urdvxc.exe

156 B
3
211.189.228.143:445

urdvxc.exe

156 B
3
211.189.204.185:445

urdvxc.exe

156 B
3
211.189.208.116:445

urdvxc.exe

156 B
3
211.189.222.155:445

urdvxc.exe

156 B
3
211.189.221.236:139

urdvxc.exe

260 B
200 B
5
5
211.189.143.90:139

urdvxc.exe

156 B
3
211.189.144.158:445

urdvxc.exe

156 B
3
211.189.205.252:139

urdvxc.exe

156 B
3
211.189.241.252:445

urdvxc.exe

156 B
3
211.189.198.64:139

urdvxc.exe

156 B
3
211.189.220.76:445

urdvxc.exe

156 B
3
211.189.206.9:445

urdvxc.exe

104 B
2
211.189.196.60:139

urdvxc.exe

208 B
160 B
4
4
211.189.220.95:139

urdvxc.exe

104 B
40 B
2
1
211.189.213.144:445

urdvxc.exe

104 B
2
211.189.216.211:139

urdvxc.exe

104 B
2
211.189.149.36:139

urdvxc.exe

104 B
2
211.189.205.211:445

urdvxc.exe

104 B
2
211.189.209.115:139

urdvxc.exe

104 B
80 B
2
2
211.189.232.61:445

urdvxc.exe

104 B
2
211.189.232.123:139

urdvxc.exe

104 B
2
211.189.246.232:139

urdvxc.exe

104 B
2
211.189.223.42:139

urdvxc.exe

52 B
1
211.189.221.236:445

urdvxc.exe

52 B
1

No results found

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\SysWOW64\urdvxc.exe

Filesize
63KB

MD5
8882de96051d194c75188f17db77ed33

SHA1
3613514331b0e21513275c6bbc62ff391dd3efd1

SHA256
ae0485631d5ede70adc0dddf753b64f82fb69116d41590e5a37bd1ddea007580

SHA512
87095d8b63b0df61a36f938a2dcfe1fd540a1b157fbd53aec042ba83de1c485ff34d320ffe5787861adf10d2b3f27b411f061555abdf614acfca429fff3b67d1

Download Submit
C:\Windows\SysWOW64\urdvxc.exe

Filesize
63KB

MD5
8882de96051d194c75188f17db77ed33

SHA1
3613514331b0e21513275c6bbc62ff391dd3efd1

SHA256
ae0485631d5ede70adc0dddf753b64f82fb69116d41590e5a37bd1ddea007580

SHA512
87095d8b63b0df61a36f938a2dcfe1fd540a1b157fbd53aec042ba83de1c485ff34d320ffe5787861adf10d2b3f27b411f061555abdf614acfca429fff3b67d1

Download Submit
C:\Windows\SysWOW64\urdvxc.exe

Filesize
63KB

MD5
8882de96051d194c75188f17db77ed33

SHA1
3613514331b0e21513275c6bbc62ff391dd3efd1

SHA256
ae0485631d5ede70adc0dddf753b64f82fb69116d41590e5a37bd1ddea007580

SHA512
87095d8b63b0df61a36f938a2dcfe1fd540a1b157fbd53aec042ba83de1c485ff34d320ffe5787861adf10d2b3f27b411f061555abdf614acfca429fff3b67d1

Download Submit
C:\Windows\SysWOW64\urdvxc.exe

Filesize
63KB

MD5
8882de96051d194c75188f17db77ed33

SHA1
3613514331b0e21513275c6bbc62ff391dd3efd1

SHA256
ae0485631d5ede70adc0dddf753b64f82fb69116d41590e5a37bd1ddea007580

SHA512
87095d8b63b0df61a36f938a2dcfe1fd540a1b157fbd53aec042ba83de1c485ff34d320ffe5787861adf10d2b3f27b411f061555abdf614acfca429fff3b67d1

Download Submit
C:\Windows\SysWOW64\urdvxc.exe

Filesize
63KB

MD5
8882de96051d194c75188f17db77ed33

SHA1
3613514331b0e21513275c6bbc62ff391dd3efd1

SHA256
ae0485631d5ede70adc0dddf753b64f82fb69116d41590e5a37bd1ddea007580

SHA512
87095d8b63b0df61a36f938a2dcfe1fd540a1b157fbd53aec042ba83de1c485ff34d320ffe5787861adf10d2b3f27b411f061555abdf614acfca429fff3b67d1

Download Submit
memory/976-142-0x00000000001E0000-0x00000000001FF000-memory.dmp

Filesize
124KB

Download
memory/976-146-0x00000000001E0000-0x00000000001FF000-memory.dmp

Filesize
124KB

Download
memory/1512-137-0x0000000000430000-0x000000000044F000-memory.dmp

Filesize
124KB

Download
memory/1588-141-0x00000000001C0000-0x00000000001DF000-memory.dmp

Filesize
124KB

Download
memory/1940-132-0x0000000000400000-0x0000000000426000-memory.dmp

Filesize
152KB

Download
memory/1940-133-0x00000000001E0000-0x00000000001FF000-memory.dmp

Filesize
124KB

Download
memory/4800-145-0x00000000001C0000-0x00000000001DF000-memory.dmp

Filesize
124KB

Download