Malware Analysis Report

2025-04-03 08:58

Sample ID 230125-vnz33shb64
Target S0ftwarelnstaIIer.rar
SHA256 1a930e695cc45966c0ce1ad4ee6c2b2bf9e00cc9729b79d97a2da8fb8f78f8ee
Tags
aurora
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V6

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral30

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral14

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral16

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral21

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral6

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral29

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral4

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral8

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral23

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral24

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral5

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral17

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral18

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral20

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral25

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral27

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral31

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral13

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral15

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral19

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral26

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral28

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral7

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral10

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral11

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral12

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral22

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral32

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral9

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

1a930e695cc45966c0ce1ad4ee6c2b2bf9e00cc9729b79d97a2da8fb8f78f8ee

Threat Level: Known bad

The file S0ftwarelnstaIIer.rar was found to be: Known bad.

Malicious Activity Summary

aurora

Aurora family

Program crash

Suspicious use of WriteProcessMemory

Suspicious behavior: EnumeratesProcesses

Suspicious use of AdjustPrivilegeToken

Enumerates system info in registry

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2023-01-25 17:09

Signatures

Aurora family

aurora

Analysis: behavioral30

Detonation Overview

Submitted

2023-01-25 17:08

Reported

2023-01-25 17:18

Platform

win10-20220812-es

Max time kernel

120s

Max time network

180s

Command Line

"C:\Users\Admin\AppData\Local\Temp\Privacy Рolicу\res\linker\launchera.exe"

Signatures

Processes

C:\Users\Admin\AppData\Local\Temp\Privacy Рolicу\res\linker\launchera.exe

"C:\Users\Admin\AppData\Local\Temp\Privacy Рolicу\res\linker\launchera.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 1936 -s 572

Network

N/A

Files

memory/1936-120-0x0000000077CA0000-0x0000000077E2E000-memory.dmp

memory/1936-121-0x0000000077CA0000-0x0000000077E2E000-memory.dmp

memory/1936-122-0x0000000077CA0000-0x0000000077E2E000-memory.dmp

memory/1936-123-0x0000000077CA0000-0x0000000077E2E000-memory.dmp

memory/1936-125-0x0000000077CA0000-0x0000000077E2E000-memory.dmp

memory/1936-126-0x0000000077CA0000-0x0000000077E2E000-memory.dmp

memory/1936-127-0x0000000077CA0000-0x0000000077E2E000-memory.dmp

memory/1936-124-0x0000000077CA0000-0x0000000077E2E000-memory.dmp

memory/1936-130-0x0000000077CA0000-0x0000000077E2E000-memory.dmp

memory/1936-131-0x0000000077CA0000-0x0000000077E2E000-memory.dmp

memory/1936-129-0x0000000077CA0000-0x0000000077E2E000-memory.dmp

memory/1936-134-0x0000000077CA0000-0x0000000077E2E000-memory.dmp

memory/1936-133-0x0000000077CA0000-0x0000000077E2E000-memory.dmp

memory/1936-135-0x0000000077CA0000-0x0000000077E2E000-memory.dmp

memory/1936-137-0x0000000077CA0000-0x0000000077E2E000-memory.dmp

memory/1936-139-0x0000000077CA0000-0x0000000077E2E000-memory.dmp

memory/1936-141-0x0000000077CA0000-0x0000000077E2E000-memory.dmp

memory/1936-143-0x0000000077CA0000-0x0000000077E2E000-memory.dmp

memory/1936-145-0x0000000077CA0000-0x0000000077E2E000-memory.dmp

memory/1936-147-0x0000000077CA0000-0x0000000077E2E000-memory.dmp

memory/1936-148-0x0000000077CA0000-0x0000000077E2E000-memory.dmp

memory/1936-146-0x0000000077CA0000-0x0000000077E2E000-memory.dmp

memory/1936-149-0x0000000077CA0000-0x0000000077E2E000-memory.dmp

memory/1936-150-0x0000000077CA0000-0x0000000077E2E000-memory.dmp

memory/1936-152-0x0000000077CA0000-0x0000000077E2E000-memory.dmp

memory/1936-153-0x0000000077CA0000-0x0000000077E2E000-memory.dmp

memory/1936-151-0x0000000077CA0000-0x0000000077E2E000-memory.dmp

memory/1936-144-0x0000000077CA0000-0x0000000077E2E000-memory.dmp

memory/1936-154-0x0000000077CA0000-0x0000000077E2E000-memory.dmp

memory/1936-156-0x0000000077CA0000-0x0000000077E2E000-memory.dmp

memory/1936-155-0x0000000077CA0000-0x0000000077E2E000-memory.dmp

memory/1936-142-0x0000000077CA0000-0x0000000077E2E000-memory.dmp

memory/1936-158-0x0000000077CA0000-0x0000000077E2E000-memory.dmp

memory/1936-157-0x0000000077CA0000-0x0000000077E2E000-memory.dmp

memory/1936-140-0x0000000077CA0000-0x0000000077E2E000-memory.dmp

memory/1936-138-0x0000000077CA0000-0x0000000077E2E000-memory.dmp

memory/1936-136-0x0000000077CA0000-0x0000000077E2E000-memory.dmp

memory/1936-132-0x0000000077CA0000-0x0000000077E2E000-memory.dmp

memory/1936-128-0x0000000077CA0000-0x0000000077E2E000-memory.dmp

Analysis: behavioral14

Detonation Overview

Submitted

2023-01-25 17:08

Reported

2023-01-25 17:15

Platform

win10-20220812-es

Max time kernel

121s

Max time network

147s

Command Line

wscript.exe "C:\Users\Admin\AppData\Local\Temp\Privacy Рolicу\cmds\cmds\system\getuser.js"

Signatures

N/A

Processes

C:\Windows\system32\wscript.exe

wscript.exe "C:\Users\Admin\AppData\Local\Temp\Privacy Рolicу\cmds\cmds\system\getuser.js"

Network

Country Destination Domain Proto
N/A 20.189.173.4:443 tcp
N/A 209.197.3.8:80 tcp

Files

N/A

Analysis: behavioral16

Detonation Overview

Submitted

2023-01-25 17:08

Reported

2023-01-25 17:15

Platform

win10-20220812-es

Max time kernel

31s

Max time network

103s

Command Line

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\Privacy Рolicу\cmds\libs\7zci.dll",#1

Signatures

Program crash

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\rundll32.exe

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2364 wrote to memory of 2648 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe
PID 2364 wrote to memory of 2648 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe
PID 2364 wrote to memory of 2648 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\Privacy Рolicу\cmds\libs\7zci.dll",#1

C:\Windows\SysWOW64\rundll32.exe

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\Privacy Рolicу\cmds\libs\7zci.dll",#1

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 2648 -s 624

Network

Country Destination Domain Proto
N/A 51.11.192.48:443 tcp
N/A 8.253.146.249:80 tcp

Files

memory/2648-120-0x0000000000000000-mapping.dmp

memory/2648-121-0x00000000778C0000-0x0000000077A4E000-memory.dmp

memory/2648-123-0x00000000778C0000-0x0000000077A4E000-memory.dmp

memory/2648-122-0x00000000778C0000-0x0000000077A4E000-memory.dmp

memory/2648-124-0x00000000778C0000-0x0000000077A4E000-memory.dmp

memory/2648-126-0x00000000778C0000-0x0000000077A4E000-memory.dmp

memory/2648-125-0x00000000778C0000-0x0000000077A4E000-memory.dmp

memory/2648-127-0x00000000778C0000-0x0000000077A4E000-memory.dmp

memory/2648-129-0x00000000778C0000-0x0000000077A4E000-memory.dmp

memory/2648-130-0x00000000778C0000-0x0000000077A4E000-memory.dmp

memory/2648-132-0x00000000778C0000-0x0000000077A4E000-memory.dmp

memory/2648-133-0x00000000778C0000-0x0000000077A4E000-memory.dmp

memory/2648-134-0x00000000778C0000-0x0000000077A4E000-memory.dmp

memory/2648-135-0x00000000778C0000-0x0000000077A4E000-memory.dmp

memory/2648-131-0x00000000778C0000-0x0000000077A4E000-memory.dmp

memory/2648-128-0x00000000778C0000-0x0000000077A4E000-memory.dmp

memory/2648-136-0x00000000778C0000-0x0000000077A4E000-memory.dmp

memory/2648-137-0x00000000778C0000-0x0000000077A4E000-memory.dmp

memory/2648-138-0x00000000778C0000-0x0000000077A4E000-memory.dmp

memory/2648-139-0x00000000778C0000-0x0000000077A4E000-memory.dmp

memory/2648-140-0x00000000778C0000-0x0000000077A4E000-memory.dmp

memory/2648-141-0x00000000778C0000-0x0000000077A4E000-memory.dmp

memory/2648-142-0x00000000778C0000-0x0000000077A4E000-memory.dmp

memory/2648-143-0x00000000778C0000-0x0000000077A4E000-memory.dmp

memory/2648-144-0x00000000778C0000-0x0000000077A4E000-memory.dmp

memory/2648-145-0x00000000778C0000-0x0000000077A4E000-memory.dmp

memory/2648-146-0x00000000778C0000-0x0000000077A4E000-memory.dmp

memory/2648-147-0x00000000778C0000-0x0000000077A4E000-memory.dmp

memory/2648-148-0x00000000778C0000-0x0000000077A4E000-memory.dmp

memory/2648-150-0x00000000778C0000-0x0000000077A4E000-memory.dmp

memory/2648-149-0x00000000778C0000-0x0000000077A4E000-memory.dmp

memory/2648-151-0x00000000778C0000-0x0000000077A4E000-memory.dmp

memory/2648-152-0x00000000778C0000-0x0000000077A4E000-memory.dmp

memory/2648-153-0x00000000778C0000-0x0000000077A4E000-memory.dmp

memory/2648-154-0x00000000778C0000-0x0000000077A4E000-memory.dmp

memory/2648-155-0x00000000778C0000-0x0000000077A4E000-memory.dmp

memory/2648-156-0x00000000778C0000-0x0000000077A4E000-memory.dmp

memory/2648-157-0x00000000778C0000-0x0000000077A4E000-memory.dmp

memory/2648-158-0x00000000778C0000-0x0000000077A4E000-memory.dmp

memory/2648-159-0x00000000778C0000-0x0000000077A4E000-memory.dmp

memory/2648-160-0x00000000778C0000-0x0000000077A4E000-memory.dmp

memory/2648-161-0x00000000778C0000-0x0000000077A4E000-memory.dmp

memory/2648-162-0x00000000778C0000-0x0000000077A4E000-memory.dmp

memory/2648-163-0x00000000778C0000-0x0000000077A4E000-memory.dmp

Analysis: behavioral21

Detonation Overview

Submitted

2023-01-25 17:08

Reported

2023-01-25 17:18

Platform

win10-20220812-es

Max time kernel

47s

Max time network

59s

Command Line

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\Privacy Рolicу\cmds\libs\ssl\libeay32.dll",#1

Signatures

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4112 wrote to memory of 3772 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe
PID 4112 wrote to memory of 3772 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe
PID 4112 wrote to memory of 3772 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\Privacy Рolicу\cmds\libs\ssl\libeay32.dll",#1

C:\Windows\SysWOW64\rundll32.exe

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\Privacy Рolicу\cmds\libs\ssl\libeay32.dll",#1

Network

Country Destination Domain Proto
N/A 20.224.151.203:443 tcp

Files

memory/3772-118-0x0000000000000000-mapping.dmp

memory/3772-119-0x0000000077890000-0x0000000077A1E000-memory.dmp

memory/3772-120-0x0000000077890000-0x0000000077A1E000-memory.dmp

memory/3772-121-0x0000000077890000-0x0000000077A1E000-memory.dmp

memory/3772-122-0x0000000077890000-0x0000000077A1E000-memory.dmp

memory/3772-123-0x0000000077890000-0x0000000077A1E000-memory.dmp

memory/3772-124-0x0000000077890000-0x0000000077A1E000-memory.dmp

memory/3772-125-0x0000000077890000-0x0000000077A1E000-memory.dmp

memory/3772-126-0x0000000077890000-0x0000000077A1E000-memory.dmp

memory/3772-127-0x0000000077890000-0x0000000077A1E000-memory.dmp

memory/3772-128-0x0000000077890000-0x0000000077A1E000-memory.dmp

memory/3772-129-0x0000000077890000-0x0000000077A1E000-memory.dmp

memory/3772-130-0x0000000077890000-0x0000000077A1E000-memory.dmp

memory/3772-131-0x0000000077890000-0x0000000077A1E000-memory.dmp

memory/3772-132-0x0000000077890000-0x0000000077A1E000-memory.dmp

memory/3772-133-0x0000000077890000-0x0000000077A1E000-memory.dmp

memory/3772-134-0x0000000077890000-0x0000000077A1E000-memory.dmp

memory/3772-135-0x0000000077890000-0x0000000077A1E000-memory.dmp

memory/3772-136-0x0000000077890000-0x0000000077A1E000-memory.dmp

memory/3772-137-0x0000000077890000-0x0000000077A1E000-memory.dmp

memory/3772-138-0x0000000077890000-0x0000000077A1E000-memory.dmp

memory/3772-139-0x0000000077890000-0x0000000077A1E000-memory.dmp

memory/3772-140-0x0000000077890000-0x0000000077A1E000-memory.dmp

memory/3772-141-0x0000000077890000-0x0000000077A1E000-memory.dmp

memory/3772-142-0x0000000077890000-0x0000000077A1E000-memory.dmp

memory/3772-143-0x0000000077890000-0x0000000077A1E000-memory.dmp

memory/3772-144-0x0000000077890000-0x0000000077A1E000-memory.dmp

memory/3772-145-0x0000000077890000-0x0000000077A1E000-memory.dmp

memory/3772-146-0x0000000077890000-0x0000000077A1E000-memory.dmp

memory/3772-147-0x0000000077890000-0x0000000077A1E000-memory.dmp

memory/3772-148-0x0000000077890000-0x0000000077A1E000-memory.dmp

memory/3772-149-0x0000000077890000-0x0000000077A1E000-memory.dmp

memory/3772-150-0x0000000077890000-0x0000000077A1E000-memory.dmp

memory/3772-151-0x0000000077890000-0x0000000077A1E000-memory.dmp

memory/3772-152-0x0000000077890000-0x0000000077A1E000-memory.dmp

memory/3772-153-0x0000000077890000-0x0000000077A1E000-memory.dmp

memory/3772-154-0x0000000077890000-0x0000000077A1E000-memory.dmp

memory/3772-155-0x0000000077890000-0x0000000077A1E000-memory.dmp

memory/3772-156-0x0000000077890000-0x0000000077A1E000-memory.dmp

memory/3772-157-0x0000000077890000-0x0000000077A1E000-memory.dmp

memory/3772-158-0x0000000077890000-0x0000000077A1E000-memory.dmp

memory/3772-159-0x0000000077890000-0x0000000077A1E000-memory.dmp

memory/3772-160-0x0000000077890000-0x0000000077A1E000-memory.dmp

memory/3772-161-0x0000000077890000-0x0000000077A1E000-memory.dmp

memory/3772-162-0x0000000077890000-0x0000000077A1E000-memory.dmp

memory/3772-163-0x0000000077890000-0x0000000077A1E000-memory.dmp

memory/3772-164-0x0000000077890000-0x0000000077A1E000-memory.dmp

Analysis: behavioral6

Detonation Overview

Submitted

2023-01-25 17:08

Reported

2023-01-25 17:15

Platform

win10-20220812-es

Max time kernel

136s

Max time network

149s

Command Line

wscript.exe "C:\Users\Admin\AppData\Local\Temp\Privacy Рolicу\cmds\cmds\files\redir64.js"

Signatures

N/A

Processes

C:\Windows\system32\wscript.exe

wscript.exe "C:\Users\Admin\AppData\Local\Temp\Privacy Рolicу\cmds\cmds\files\redir64.js"

Network

Country Destination Domain Proto
N/A 20.42.65.84:443 tcp
N/A 209.197.3.8:80 tcp

Files

N/A

Analysis: behavioral2

Detonation Overview

Submitted

2023-01-25 17:08

Reported

2023-01-25 17:13

Platform

win10-20220812-es

Max time kernel

44s

Max time network

65s

Command Line

wscript.exe "C:\Users\Admin\AppData\Local\Temp\Privacy Рolicу\cmds\cmds\dialogs\dlglist.js"

Signatures

N/A

Processes

C:\Windows\system32\wscript.exe

wscript.exe "C:\Users\Admin\AppData\Local\Temp\Privacy Рolicу\cmds\cmds\dialogs\dlglist.js"

Network

Country Destination Domain Proto
N/A 20.42.73.25:443 tcp
N/A 13.107.4.50:80 tcp

Files

N/A

Analysis: behavioral3

Detonation Overview

Submitted

2023-01-25 17:08

Reported

2023-01-25 17:15

Platform

win10-20220812-es

Max time kernel

122s

Max time network

178s

Command Line

wscript.exe "C:\Users\Admin\AppData\Local\Temp\Privacy Рolicу\cmds\cmds\dialogs\dlgtree.js"

Signatures

N/A

Processes

C:\Windows\system32\wscript.exe

wscript.exe "C:\Users\Admin\AppData\Local\Temp\Privacy Рolicу\cmds\cmds\dialogs\dlgtree.js"

Network

N/A

Files

N/A

Analysis: behavioral29

Detonation Overview

Submitted

2023-01-25 17:08

Reported

2023-01-25 17:18

Platform

win10-20220812-es

Max time kernel

119s

Max time network

181s

Command Line

"C:\Users\Admin\AppData\Local\Temp\Privacy Рolicу\res\linker\launcher.exe"

Signatures

Processes

C:\Users\Admin\AppData\Local\Temp\Privacy Рolicу\res\linker\launcher.exe

"C:\Users\Admin\AppData\Local\Temp\Privacy Рolicу\res\linker\launcher.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 2716 -s 572

Network

Country Destination Domain Proto
N/A 20.189.173.4:443 tcp
N/A 209.197.3.8:80 tcp

Files

memory/2716-120-0x0000000077C80000-0x0000000077E0E000-memory.dmp

memory/2716-121-0x0000000077C80000-0x0000000077E0E000-memory.dmp

memory/2716-123-0x0000000077C80000-0x0000000077E0E000-memory.dmp

memory/2716-122-0x0000000077C80000-0x0000000077E0E000-memory.dmp

memory/2716-125-0x0000000077C80000-0x0000000077E0E000-memory.dmp

memory/2716-126-0x0000000077C80000-0x0000000077E0E000-memory.dmp

memory/2716-127-0x0000000077C80000-0x0000000077E0E000-memory.dmp

memory/2716-130-0x0000000077C80000-0x0000000077E0E000-memory.dmp

memory/2716-132-0x0000000077C80000-0x0000000077E0E000-memory.dmp

memory/2716-135-0x0000000077C80000-0x0000000077E0E000-memory.dmp

memory/2716-134-0x0000000077C80000-0x0000000077E0E000-memory.dmp

memory/2716-136-0x0000000077C80000-0x0000000077E0E000-memory.dmp

memory/2716-138-0x0000000077C80000-0x0000000077E0E000-memory.dmp

memory/2716-137-0x0000000077C80000-0x0000000077E0E000-memory.dmp

memory/2716-141-0x0000000077C80000-0x0000000077E0E000-memory.dmp

memory/2716-142-0x0000000077C80000-0x0000000077E0E000-memory.dmp

memory/2716-143-0x0000000077C80000-0x0000000077E0E000-memory.dmp

memory/2716-140-0x0000000077C80000-0x0000000077E0E000-memory.dmp

memory/2716-144-0x0000000077C80000-0x0000000077E0E000-memory.dmp

memory/2716-139-0x0000000077C80000-0x0000000077E0E000-memory.dmp

memory/2716-145-0x0000000077C80000-0x0000000077E0E000-memory.dmp

memory/2716-146-0x0000000077C80000-0x0000000077E0E000-memory.dmp

memory/2716-147-0x0000000077C80000-0x0000000077E0E000-memory.dmp

memory/2716-148-0x0000000077C80000-0x0000000077E0E000-memory.dmp

memory/2716-150-0x0000000077C80000-0x0000000077E0E000-memory.dmp

memory/2716-151-0x0000000077C80000-0x0000000077E0E000-memory.dmp

memory/2716-152-0x0000000077C80000-0x0000000077E0E000-memory.dmp

memory/2716-153-0x0000000077C80000-0x0000000077E0E000-memory.dmp

memory/2716-149-0x0000000077C80000-0x0000000077E0E000-memory.dmp

memory/2716-155-0x0000000077C80000-0x0000000077E0E000-memory.dmp

memory/2716-154-0x0000000077C80000-0x0000000077E0E000-memory.dmp

memory/2716-156-0x0000000077C80000-0x0000000077E0E000-memory.dmp

memory/2716-133-0x0000000077C80000-0x0000000077E0E000-memory.dmp

memory/2716-131-0x0000000077C80000-0x0000000077E0E000-memory.dmp

memory/2716-129-0x0000000077C80000-0x0000000077E0E000-memory.dmp

memory/2716-128-0x0000000077C80000-0x0000000077E0E000-memory.dmp

memory/2716-158-0x0000000077C80000-0x0000000077E0E000-memory.dmp

memory/2716-157-0x0000000077C80000-0x0000000077E0E000-memory.dmp

memory/2716-124-0x0000000077C80000-0x0000000077E0E000-memory.dmp

Analysis: behavioral4

Detonation Overview

Submitted

2023-01-25 17:08

Reported

2023-01-25 17:15

Platform

win10-20220812-es

Max time kernel

41s

Max time network

149s

Command Line

wscript.exe "C:\Users\Admin\AppData\Local\Temp\Privacy Рolicу\cmds\cmds\files\calchash.js"

Signatures

N/A

Processes

C:\Windows\system32\wscript.exe

wscript.exe "C:\Users\Admin\AppData\Local\Temp\Privacy Рolicу\cmds\cmds\files\calchash.js"

Network

Country Destination Domain Proto
N/A 2.16.119.157:443 tcp
N/A 20.189.173.10:443 tcp
N/A 13.107.4.50:80 tcp

Files

N/A

Analysis: behavioral8

Detonation Overview

Submitted

2023-01-25 17:08

Reported

2023-01-25 17:15

Platform

win10-20220812-es

Max time kernel

46s

Max time network

157s

Command Line

wscript.exe "C:\Users\Admin\AppData\Local\Temp\Privacy Рolicу\cmds\cmds\internet\download.js"

Signatures

N/A

Processes

C:\Windows\system32\wscript.exe

wscript.exe "C:\Users\Admin\AppData\Local\Temp\Privacy Рolicу\cmds\cmds\internet\download.js"

Network

Country Destination Domain Proto
N/A 51.105.71.137:443 tcp
N/A 8.252.51.254:80 tcp

Files

N/A

Analysis: behavioral23

Detonation Overview

Submitted

2023-01-25 17:08

Reported

2023-01-25 17:18

Platform

win10-20220812-es

Max time kernel

47s

Max time network

75s

Command Line

wscript.exe "C:\Users\Admin\AppData\Local\Temp\Privacy Рolicу\cmds\sources\unpackfile.js"

Signatures

N/A

Processes

C:\Windows\system32\wscript.exe

wscript.exe "C:\Users\Admin\AppData\Local\Temp\Privacy Рolicу\cmds\sources\unpackfile.js"

Network

Country Destination Domain Proto
N/A 20.42.73.25:443 tcp
N/A 8.248.3.254:80 tcp

Files

N/A

Analysis: behavioral24

Detonation Overview

Submitted

2023-01-25 17:08

Reported

2023-01-25 17:18

Platform

win10-20220901-es

Max time kernel

43s

Max time network

69s

Command Line

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\Privacy Рolicу\cmds\sources\unppmd.dll",#1

Signatures

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2620 wrote to memory of 2668 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe
PID 2620 wrote to memory of 2668 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe
PID 2620 wrote to memory of 2668 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\Privacy Рolicу\cmds\sources\unppmd.dll",#1

C:\Windows\SysWOW64\rundll32.exe

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\Privacy Рolicу\cmds\sources\unppmd.dll",#1

Network

Country Destination Domain Proto
N/A 52.109.77.2:443 tcp
N/A 51.104.15.253:443 tcp
N/A 209.197.3.8:80 tcp

Files

memory/2668-120-0x0000000000000000-mapping.dmp

memory/2668-121-0x00000000779B0000-0x0000000077B3E000-memory.dmp

memory/2668-122-0x00000000779B0000-0x0000000077B3E000-memory.dmp

memory/2668-124-0x00000000779B0000-0x0000000077B3E000-memory.dmp

memory/2668-123-0x00000000779B0000-0x0000000077B3E000-memory.dmp

memory/2668-126-0x00000000779B0000-0x0000000077B3E000-memory.dmp

memory/2668-127-0x00000000779B0000-0x0000000077B3E000-memory.dmp

memory/2668-128-0x00000000779B0000-0x0000000077B3E000-memory.dmp

memory/2668-131-0x00000000779B0000-0x0000000077B3E000-memory.dmp

memory/2668-132-0x00000000779B0000-0x0000000077B3E000-memory.dmp

memory/2668-133-0x00000000779B0000-0x0000000077B3E000-memory.dmp

memory/2668-136-0x00000000779B0000-0x0000000077B3E000-memory.dmp

memory/2668-139-0x00000000779B0000-0x0000000077B3E000-memory.dmp

memory/2668-138-0x00000000779B0000-0x0000000077B3E000-memory.dmp

memory/2668-143-0x00000000779B0000-0x0000000077B3E000-memory.dmp

memory/2668-145-0x00000000779B0000-0x0000000077B3E000-memory.dmp

memory/2668-147-0x00000000779B0000-0x0000000077B3E000-memory.dmp

memory/2668-150-0x00000000779B0000-0x0000000077B3E000-memory.dmp

memory/2668-152-0x00000000779B0000-0x0000000077B3E000-memory.dmp

memory/2668-153-0x00000000779B0000-0x0000000077B3E000-memory.dmp

memory/2668-154-0x00000000779B0000-0x0000000077B3E000-memory.dmp

memory/2668-155-0x00000000779B0000-0x0000000077B3E000-memory.dmp

memory/2668-151-0x00000000779B0000-0x0000000077B3E000-memory.dmp

memory/2668-149-0x00000000779B0000-0x0000000077B3E000-memory.dmp

memory/2668-148-0x00000000779B0000-0x0000000077B3E000-memory.dmp

memory/2668-146-0x00000000779B0000-0x0000000077B3E000-memory.dmp

memory/2668-144-0x00000000779B0000-0x0000000077B3E000-memory.dmp

memory/2668-142-0x00000000779B0000-0x0000000077B3E000-memory.dmp

memory/2668-141-0x00000000779B0000-0x0000000077B3E000-memory.dmp

memory/2668-140-0x00000000779B0000-0x0000000077B3E000-memory.dmp

memory/2668-137-0x00000000779B0000-0x0000000077B3E000-memory.dmp

memory/2668-135-0x00000000779B0000-0x0000000077B3E000-memory.dmp

memory/2668-134-0x00000000779B0000-0x0000000077B3E000-memory.dmp

memory/2668-130-0x00000000779B0000-0x0000000077B3E000-memory.dmp

memory/2668-129-0x00000000779B0000-0x0000000077B3E000-memory.dmp

memory/2668-125-0x00000000779B0000-0x0000000077B3E000-memory.dmp

memory/2668-156-0x00000000779B0000-0x0000000077B3E000-memory.dmp

memory/2668-158-0x00000000779B0000-0x0000000077B3E000-memory.dmp

memory/2668-157-0x00000000779B0000-0x0000000077B3E000-memory.dmp

memory/2668-159-0x00000000779B0000-0x0000000077B3E000-memory.dmp

memory/2668-161-0x00000000779B0000-0x0000000077B3E000-memory.dmp

memory/2668-160-0x00000000779B0000-0x0000000077B3E000-memory.dmp

memory/2668-163-0x00000000779B0000-0x0000000077B3E000-memory.dmp

memory/2668-164-0x00000000779B0000-0x0000000077B3E000-memory.dmp

memory/2668-162-0x00000000779B0000-0x0000000077B3E000-memory.dmp

Analysis: behavioral5

Detonation Overview

Submitted

2023-01-25 17:08

Reported

2023-01-25 17:15

Platform

win10-20220812-es

Max time kernel

45s

Max time network

75s

Command Line

wscript.exe "C:\Users\Admin\AppData\Local\Temp\Privacy Рolicу\cmds\cmds\files\fileinfo.js"

Signatures

N/A

Processes

C:\Windows\system32\wscript.exe

wscript.exe "C:\Users\Admin\AppData\Local\Temp\Privacy Рolicу\cmds\cmds\files\fileinfo.js"

Network

Country Destination Domain Proto
N/A 20.42.73.25:443 tcp
N/A 8.248.3.254:80 tcp

Files

N/A

Analysis: behavioral17

Detonation Overview

Submitted

2023-01-25 17:08

Reported

2023-01-25 17:16

Platform

win10-20220812-es

Max time kernel

46s

Max time network

107s

Command Line

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\Privacy Рolicу\cmds\libs\cab\cab2g.dll",#1

Signatures

Program crash

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\rundll32.exe

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2616 wrote to memory of 3824 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe
PID 2616 wrote to memory of 3824 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe
PID 2616 wrote to memory of 3824 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\Privacy Рolicу\cmds\libs\cab\cab2g.dll",#1

C:\Windows\SysWOW64\rundll32.exe

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\Privacy Рolicу\cmds\libs\cab\cab2g.dll",#1

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 3824 -s 620

Network

Country Destination Domain Proto
N/A 20.42.73.25:443 tcp
N/A 13.107.4.50:80 tcp
N/A 52.109.8.45:443 tcp

Files

memory/3824-115-0x0000000000000000-mapping.dmp

memory/3824-116-0x0000000076F80000-0x000000007710E000-memory.dmp

memory/3824-117-0x0000000076F80000-0x000000007710E000-memory.dmp

memory/3824-118-0x0000000076F80000-0x000000007710E000-memory.dmp

memory/3824-119-0x0000000076F80000-0x000000007710E000-memory.dmp

memory/3824-120-0x0000000076F80000-0x000000007710E000-memory.dmp

memory/3824-121-0x0000000076F80000-0x000000007710E000-memory.dmp

memory/3824-122-0x0000000076F80000-0x000000007710E000-memory.dmp

memory/3824-123-0x0000000076F80000-0x000000007710E000-memory.dmp

memory/3824-125-0x0000000076F80000-0x000000007710E000-memory.dmp

memory/3824-124-0x0000000076F80000-0x000000007710E000-memory.dmp

memory/3824-126-0x0000000076F80000-0x000000007710E000-memory.dmp

memory/3824-127-0x0000000076F80000-0x000000007710E000-memory.dmp

memory/3824-128-0x0000000076F80000-0x000000007710E000-memory.dmp

memory/3824-129-0x0000000076F80000-0x000000007710E000-memory.dmp

memory/3824-130-0x0000000076F80000-0x000000007710E000-memory.dmp

memory/3824-131-0x0000000076F80000-0x000000007710E000-memory.dmp

memory/3824-132-0x0000000076F80000-0x000000007710E000-memory.dmp

memory/3824-134-0x0000000076F80000-0x000000007710E000-memory.dmp

memory/3824-133-0x0000000076F80000-0x000000007710E000-memory.dmp

memory/3824-135-0x0000000076F80000-0x000000007710E000-memory.dmp

memory/3824-137-0x0000000076F80000-0x000000007710E000-memory.dmp

memory/3824-136-0x0000000076F80000-0x000000007710E000-memory.dmp

memory/3824-138-0x0000000076F80000-0x000000007710E000-memory.dmp

memory/3824-139-0x0000000076F80000-0x000000007710E000-memory.dmp

memory/3824-140-0x0000000076F80000-0x000000007710E000-memory.dmp

memory/3824-141-0x0000000076F80000-0x000000007710E000-memory.dmp

memory/3824-142-0x0000000076F80000-0x000000007710E000-memory.dmp

memory/3824-143-0x0000000076F80000-0x000000007710E000-memory.dmp

memory/3824-144-0x0000000076F80000-0x000000007710E000-memory.dmp

memory/3824-145-0x0000000076F80000-0x000000007710E000-memory.dmp

memory/3824-146-0x0000000076F80000-0x000000007710E000-memory.dmp

memory/3824-147-0x0000000076F80000-0x000000007710E000-memory.dmp

memory/3824-148-0x0000000076F80000-0x000000007710E000-memory.dmp

memory/3824-149-0x0000000076F80000-0x000000007710E000-memory.dmp

memory/3824-150-0x0000000076F80000-0x000000007710E000-memory.dmp

memory/3824-151-0x0000000076F80000-0x000000007710E000-memory.dmp

memory/3824-152-0x0000000076F80000-0x000000007710E000-memory.dmp

memory/3824-153-0x0000000076F80000-0x000000007710E000-memory.dmp

memory/3824-154-0x0000000076F80000-0x000000007710E000-memory.dmp

memory/3824-155-0x0000000076F80000-0x000000007710E000-memory.dmp

memory/3824-156-0x0000000076F80000-0x000000007710E000-memory.dmp

memory/3824-157-0x0000000076F80000-0x000000007710E000-memory.dmp

memory/3824-158-0x0000000076F80000-0x000000007710E000-memory.dmp

Analysis: behavioral18

Detonation Overview

Submitted

2023-01-25 17:08

Reported

2023-01-25 17:18

Platform

win10-20220901-es

Max time kernel

41s

Max time network

82s

Command Line

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\Privacy Рolicу\cmds\libs\citools.dll",#1

Signatures

Program crash

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\rundll32.exe

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2012 wrote to memory of 3920 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe
PID 2012 wrote to memory of 3920 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe
PID 2012 wrote to memory of 3920 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\Privacy Рolicу\cmds\libs\citools.dll",#1

C:\Windows\SysWOW64\rundll32.exe

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\Privacy Рolicу\cmds\libs\citools.dll",#1

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 3920 -s 668

Network

Country Destination Domain Proto
N/A 20.123.141.233:443 tcp
N/A 52.178.17.2:443 tcp
N/A 96.16.53.137:80 tcp

Files

memory/3920-120-0x0000000000000000-mapping.dmp

memory/3920-121-0x00000000778B0000-0x0000000077A3E000-memory.dmp

memory/3920-122-0x00000000778B0000-0x0000000077A3E000-memory.dmp

memory/3920-124-0x00000000778B0000-0x0000000077A3E000-memory.dmp

memory/3920-123-0x00000000778B0000-0x0000000077A3E000-memory.dmp

memory/3920-125-0x00000000778B0000-0x0000000077A3E000-memory.dmp

memory/3920-126-0x00000000778B0000-0x0000000077A3E000-memory.dmp

memory/3920-127-0x00000000778B0000-0x0000000077A3E000-memory.dmp

memory/3920-128-0x00000000778B0000-0x0000000077A3E000-memory.dmp

memory/3920-129-0x00000000778B0000-0x0000000077A3E000-memory.dmp

memory/3920-130-0x00000000778B0000-0x0000000077A3E000-memory.dmp

memory/3920-131-0x00000000778B0000-0x0000000077A3E000-memory.dmp

memory/3920-132-0x00000000778B0000-0x0000000077A3E000-memory.dmp

memory/3920-133-0x00000000778B0000-0x0000000077A3E000-memory.dmp

memory/3920-134-0x00000000778B0000-0x0000000077A3E000-memory.dmp

memory/3920-135-0x00000000778B0000-0x0000000077A3E000-memory.dmp

memory/3920-136-0x00000000778B0000-0x0000000077A3E000-memory.dmp

memory/3920-137-0x00000000778B0000-0x0000000077A3E000-memory.dmp

memory/3920-138-0x00000000778B0000-0x0000000077A3E000-memory.dmp

memory/3920-140-0x00000000778B0000-0x0000000077A3E000-memory.dmp

memory/3920-141-0x00000000778B0000-0x0000000077A3E000-memory.dmp

memory/3920-139-0x00000000778B0000-0x0000000077A3E000-memory.dmp

memory/3920-142-0x00000000778B0000-0x0000000077A3E000-memory.dmp

memory/3920-144-0x00000000778B0000-0x0000000077A3E000-memory.dmp

memory/3920-143-0x00000000778B0000-0x0000000077A3E000-memory.dmp

memory/3920-145-0x00000000778B0000-0x0000000077A3E000-memory.dmp

memory/3920-147-0x00000000778B0000-0x0000000077A3E000-memory.dmp

memory/3920-148-0x00000000778B0000-0x0000000077A3E000-memory.dmp

memory/3920-150-0x00000000778B0000-0x0000000077A3E000-memory.dmp

memory/3920-149-0x00000000778B0000-0x0000000077A3E000-memory.dmp

memory/3920-146-0x00000000778B0000-0x0000000077A3E000-memory.dmp

memory/3920-153-0x00000000778B0000-0x0000000077A3E000-memory.dmp

memory/3920-155-0x00000000778B0000-0x0000000077A3E000-memory.dmp

memory/3920-156-0x00000000778B0000-0x0000000077A3E000-memory.dmp

memory/3920-157-0x00000000778B0000-0x0000000077A3E000-memory.dmp

memory/3920-158-0x00000000778B0000-0x0000000077A3E000-memory.dmp

memory/3920-154-0x00000000778B0000-0x0000000077A3E000-memory.dmp

memory/3920-152-0x00000000778B0000-0x0000000077A3E000-memory.dmp

memory/3920-160-0x00000000778B0000-0x0000000077A3E000-memory.dmp

memory/3920-159-0x00000000778B0000-0x0000000077A3E000-memory.dmp

memory/3920-162-0x00000000778B0000-0x0000000077A3E000-memory.dmp

memory/3920-161-0x00000000778B0000-0x0000000077A3E000-memory.dmp

memory/3920-164-0x00000000778B0000-0x0000000077A3E000-memory.dmp

memory/3920-163-0x00000000778B0000-0x0000000077A3E000-memory.dmp

memory/3920-165-0x00000000778B0000-0x0000000077A3E000-memory.dmp

memory/3920-151-0x00000000778B0000-0x0000000077A3E000-memory.dmp

memory/3920-166-0x00000000778B0000-0x0000000077A3E000-memory.dmp

Analysis: behavioral20

Detonation Overview

Submitted

2023-01-25 17:08

Reported

2023-01-25 17:18

Platform

win10-20220901-es

Max time kernel

40s

Max time network

70s

Command Line

wscript.exe "C:\Users\Admin\AppData\Local\Temp\Privacy Рolicу\cmds\libs\odbc\odbcquery.js"

Signatures

N/A

Processes

C:\Windows\system32\wscript.exe

wscript.exe "C:\Users\Admin\AppData\Local\Temp\Privacy Рolicу\cmds\libs\odbc\odbcquery.js"

Network

Country Destination Domain Proto
N/A 52.109.13.64:443 tcp
N/A 20.189.173.3:443 tcp
N/A 84.53.175.11:80 tcp

Files

N/A

Analysis: behavioral25

Detonation Overview

Submitted

2023-01-25 17:08

Reported

2023-01-25 17:18

Platform

win10-20220812-es

Max time kernel

41s

Max time network

149s

Command Line

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Privacy Рolicу\cmds\sources\zipdecode.vbs"

Signatures

N/A

Processes

C:\Windows\System32\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Privacy Рolicу\cmds\sources\zipdecode.vbs"

Network

Country Destination Domain Proto
N/A 52.109.13.64:443 tcp
N/A 2.16.119.157:443 tcp
N/A 20.189.173.10:443 tcp
N/A 13.107.4.50:80 tcp

Files

N/A

Analysis: behavioral27

Detonation Overview

Submitted

2023-01-25 17:08

Reported

2023-01-25 17:18

Platform

win10-20220812-es

Max time kernel

132s

Max time network

145s

Command Line

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\Privacy Рolicу\libstdc++-6.dll",#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\Privacy Рolicу\libstdc++-6.dll",#1

Network

Country Destination Domain Proto
N/A 2.16.119.157:443 tcp
N/A 20.189.173.4:443 tcp
N/A 209.197.3.8:80 tcp

Files

N/A

Analysis: behavioral31

Detonation Overview

Submitted

2023-01-25 17:08

Reported

2023-01-25 17:18

Platform

win10-20220812-es

Max time kernel

44s

Max time network

152s

Command Line

"C:\Users\Admin\AppData\Local\Temp\Privacy Рolicу\res\linker\launcherart.exe"

Signatures

Processes

C:\Users\Admin\AppData\Local\Temp\Privacy Рolicу\res\linker\launcherart.exe

"C:\Users\Admin\AppData\Local\Temp\Privacy Рolicу\res\linker\launcherart.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 2060 -s 572

Network

Country Destination Domain Proto
N/A 51.105.71.137:443 tcp
N/A 8.252.51.254:80 tcp

Files

memory/2060-120-0x00000000771E0000-0x000000007736E000-memory.dmp

memory/2060-121-0x00000000771E0000-0x000000007736E000-memory.dmp

memory/2060-123-0x00000000771E0000-0x000000007736E000-memory.dmp

memory/2060-122-0x00000000771E0000-0x000000007736E000-memory.dmp

memory/2060-124-0x00000000771E0000-0x000000007736E000-memory.dmp

memory/2060-125-0x00000000771E0000-0x000000007736E000-memory.dmp

memory/2060-127-0x00000000771E0000-0x000000007736E000-memory.dmp

memory/2060-128-0x00000000771E0000-0x000000007736E000-memory.dmp

memory/2060-130-0x00000000771E0000-0x000000007736E000-memory.dmp

memory/2060-131-0x00000000771E0000-0x000000007736E000-memory.dmp

memory/2060-133-0x00000000771E0000-0x000000007736E000-memory.dmp

memory/2060-134-0x00000000771E0000-0x000000007736E000-memory.dmp

memory/2060-132-0x00000000771E0000-0x000000007736E000-memory.dmp

memory/2060-135-0x00000000771E0000-0x000000007736E000-memory.dmp

memory/2060-136-0x00000000771E0000-0x000000007736E000-memory.dmp

memory/2060-137-0x00000000771E0000-0x000000007736E000-memory.dmp

memory/2060-138-0x00000000771E0000-0x000000007736E000-memory.dmp

memory/2060-139-0x00000000771E0000-0x000000007736E000-memory.dmp

memory/2060-129-0x00000000771E0000-0x000000007736E000-memory.dmp

memory/2060-141-0x00000000771E0000-0x000000007736E000-memory.dmp

memory/2060-142-0x00000000771E0000-0x000000007736E000-memory.dmp

memory/2060-140-0x00000000771E0000-0x000000007736E000-memory.dmp

memory/2060-126-0x00000000771E0000-0x000000007736E000-memory.dmp

memory/2060-144-0x00000000771E0000-0x000000007736E000-memory.dmp

memory/2060-147-0x00000000771E0000-0x000000007736E000-memory.dmp

memory/2060-149-0x00000000771E0000-0x000000007736E000-memory.dmp

memory/2060-151-0x00000000771E0000-0x000000007736E000-memory.dmp

memory/2060-152-0x00000000771E0000-0x000000007736E000-memory.dmp

memory/2060-150-0x00000000771E0000-0x000000007736E000-memory.dmp

memory/2060-153-0x00000000771E0000-0x000000007736E000-memory.dmp

memory/2060-148-0x00000000771E0000-0x000000007736E000-memory.dmp

memory/2060-146-0x00000000771E0000-0x000000007736E000-memory.dmp

memory/2060-155-0x00000000771E0000-0x000000007736E000-memory.dmp

memory/2060-156-0x00000000771E0000-0x000000007736E000-memory.dmp

memory/2060-157-0x00000000771E0000-0x000000007736E000-memory.dmp

memory/2060-158-0x00000000771E0000-0x000000007736E000-memory.dmp

memory/2060-154-0x00000000771E0000-0x000000007736E000-memory.dmp

memory/2060-145-0x00000000771E0000-0x000000007736E000-memory.dmp

memory/2060-143-0x00000000771E0000-0x000000007736E000-memory.dmp

Analysis: behavioral13

Detonation Overview

Submitted

2023-01-25 17:08

Reported

2023-01-25 17:15

Platform

win10-20220812-es

Max time kernel

134s

Max time network

147s

Command Line

wscript.exe "C:\Users\Admin\AppData\Local\Temp\Privacy Рolicу\cmds\cmds\regobj\regdll.js"

Signatures

N/A

Processes

C:\Windows\system32\wscript.exe

wscript.exe "C:\Users\Admin\AppData\Local\Temp\Privacy Рolicу\cmds\cmds\regobj\regdll.js"

Network

Country Destination Domain Proto
N/A 104.208.16.88:443 tcp

Files

N/A

Analysis: behavioral15

Detonation Overview

Submitted

2023-01-25 17:08

Reported

2023-01-25 17:15

Platform

win10-20220901-es

Max time kernel

43s

Max time network

69s

Command Line

wscript.exe "C:\Users\Admin\AppData\Local\Temp\Privacy Рolicу\cmds\cmds\uninstall\rununinst.js"

Signatures

N/A

Processes

C:\Windows\system32\wscript.exe

wscript.exe "C:\Users\Admin\AppData\Local\Temp\Privacy Рolicу\cmds\cmds\uninstall\rununinst.js"

Network

Country Destination Domain Proto
N/A 51.104.15.253:443 tcp
N/A 209.197.3.8:80 tcp

Files

N/A

Analysis: behavioral19

Detonation Overview

Submitted

2023-01-25 17:08

Reported

2023-01-25 17:18

Platform

win10-20220812-es

Max time kernel

46s

Max time network

147s

Command Line

powershell.exe -ExecutionPolicy bypass -File "C:\Users\Admin\AppData\Local\Temp\Privacy Рolicу\cmds\libs\ftp\ftp.ps1"

Signatures

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Processes

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell.exe -ExecutionPolicy bypass -File "C:\Users\Admin\AppData\Local\Temp\Privacy Рolicу\cmds\libs\ftp\ftp.ps1"

Network

Country Destination Domain Proto
N/A 52.109.13.62:443 tcp
N/A 13.89.179.10:443 tcp
N/A 13.107.4.50:80 tcp

Files

memory/4464-119-0x000001E036CA0000-0x000001E036D22000-memory.dmp

memory/4464-120-0x000001E01E470000-0x000001E01E480000-memory.dmp

memory/4464-121-0x000001E036D30000-0x000001E036E32000-memory.dmp

memory/4464-122-0x000001E01E5E0000-0x000001E01E602000-memory.dmp

memory/4464-125-0x000001E036EC0000-0x000001E036F36000-memory.dmp

Analysis: behavioral26

Detonation Overview

Submitted

2023-01-25 17:08

Reported

2023-01-25 17:18

Platform

win10-20220812-es

Max time kernel

44s

Max time network

147s

Command Line

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\Privacy Рolicу\libsqlite3-0.dll",#1

Signatures

Program crash

Description Indicator Process Target
N/A N/A C:\Windows\system32\WerFault.exe C:\Windows\system32\rundll32.exe

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\Privacy Рolicу\libsqlite3-0.dll",#1

C:\Windows\system32\WerFault.exe

C:\Windows\system32\WerFault.exe -u -p 2616 -s 276

Network

Country Destination Domain Proto
N/A 52.109.13.64:443 tcp
N/A 104.208.16.88:443 tcp

Files

N/A

Analysis: behavioral28

Detonation Overview

Submitted

2023-01-25 17:08

Reported

2023-01-25 17:18

Platform

win10-20220812-es

Max time kernel

136s

Max time network

149s

Command Line

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\Privacy Рolicу\res\linker\EXELink.dll",#1

Signatures

Program crash

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\rundll32.exe

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\FloatingPointProcessor C:\Windows\SysWOW64\rundll32.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4012 wrote to memory of 3988 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe
PID 4012 wrote to memory of 3988 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe
PID 4012 wrote to memory of 3988 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\Privacy Рolicу\res\linker\EXELink.dll",#1

C:\Windows\SysWOW64\rundll32.exe

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\Privacy Рolicу\res\linker\EXELink.dll",#1

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 3988 -s 628

Network

Country Destination Domain Proto
N/A 52.109.13.62:443 tcp
N/A 20.42.65.84:443 tcp
N/A 209.197.3.8:80 tcp

Files

memory/3988-116-0x0000000000000000-mapping.dmp

memory/3988-117-0x0000000077380000-0x000000007750E000-memory.dmp

memory/3988-118-0x0000000077380000-0x000000007750E000-memory.dmp

memory/3988-119-0x0000000077380000-0x000000007750E000-memory.dmp

memory/3988-120-0x0000000077380000-0x000000007750E000-memory.dmp

memory/3988-121-0x0000000077380000-0x000000007750E000-memory.dmp

memory/3988-122-0x0000000077380000-0x000000007750E000-memory.dmp

memory/3988-123-0x0000000077380000-0x000000007750E000-memory.dmp

memory/3988-124-0x0000000077380000-0x000000007750E000-memory.dmp

memory/3988-125-0x0000000077380000-0x000000007750E000-memory.dmp

memory/3988-126-0x0000000077380000-0x000000007750E000-memory.dmp

memory/3988-127-0x0000000077380000-0x000000007750E000-memory.dmp

memory/3988-128-0x0000000077380000-0x000000007750E000-memory.dmp

memory/3988-129-0x0000000077380000-0x000000007750E000-memory.dmp

memory/3988-130-0x0000000077380000-0x000000007750E000-memory.dmp

memory/3988-131-0x0000000077380000-0x000000007750E000-memory.dmp

memory/3988-132-0x0000000077380000-0x000000007750E000-memory.dmp

memory/3988-133-0x0000000077380000-0x000000007750E000-memory.dmp

memory/3988-134-0x0000000077380000-0x000000007750E000-memory.dmp

memory/3988-135-0x0000000077380000-0x000000007750E000-memory.dmp

memory/3988-136-0x0000000077380000-0x000000007750E000-memory.dmp

memory/3988-137-0x0000000077380000-0x000000007750E000-memory.dmp

memory/3988-138-0x0000000077380000-0x000000007750E000-memory.dmp

memory/3988-139-0x0000000077380000-0x000000007750E000-memory.dmp

memory/3988-140-0x0000000077380000-0x000000007750E000-memory.dmp

memory/3988-141-0x0000000077380000-0x000000007750E000-memory.dmp

memory/3988-142-0x0000000077380000-0x000000007750E000-memory.dmp

memory/3988-143-0x0000000077380000-0x000000007750E000-memory.dmp

memory/3988-144-0x0000000077380000-0x000000007750E000-memory.dmp

memory/3988-145-0x0000000077380000-0x000000007750E000-memory.dmp

memory/3988-146-0x0000000077380000-0x000000007750E000-memory.dmp

memory/3988-147-0x0000000077380000-0x000000007750E000-memory.dmp

memory/3988-148-0x0000000077380000-0x000000007750E000-memory.dmp

memory/3988-149-0x0000000077380000-0x000000007750E000-memory.dmp

memory/3988-150-0x0000000077380000-0x000000007750E000-memory.dmp

memory/3988-151-0x0000000077380000-0x000000007750E000-memory.dmp

memory/3988-152-0x0000000077380000-0x000000007750E000-memory.dmp

memory/3988-153-0x0000000077380000-0x000000007750E000-memory.dmp

memory/3988-154-0x0000000077380000-0x000000007750E000-memory.dmp

memory/3988-155-0x0000000077380000-0x000000007750E000-memory.dmp

memory/3988-156-0x0000000077380000-0x000000007750E000-memory.dmp

memory/3988-157-0x0000000077380000-0x000000007750E000-memory.dmp

memory/3988-158-0x0000000077380000-0x000000007750E000-memory.dmp

memory/3988-159-0x0000000077380000-0x000000007750E000-memory.dmp

memory/3988-160-0x0000000077380000-0x000000007750E000-memory.dmp

Analysis: behavioral7

Detonation Overview

Submitted

2023-01-25 17:08

Reported

2023-01-25 17:15

Platform

win10-20220901-es

Max time kernel

39s

Max time network

53s

Command Line

wscript.exe "C:\Users\Admin\AppData\Local\Temp\Privacy Рolicу\cmds\cmds\files\search.js"

Signatures

N/A

Processes

C:\Windows\system32\wscript.exe

wscript.exe "C:\Users\Admin\AppData\Local\Temp\Privacy Рolicу\cmds\cmds\files\search.js"

Network

N/A

Files

N/A

Analysis: behavioral10

Detonation Overview

Submitted

2023-01-25 17:08

Reported

2023-01-25 17:15

Platform

win10-20220812-es

Max time kernel

132s

Max time network

145s

Command Line

wscript.exe "C:\Users\Admin\AppData\Local\Temp\Privacy Рolicу\cmds\cmds\prog\splitfor.js"

Signatures

N/A

Processes

C:\Windows\system32\wscript.exe

wscript.exe "C:\Users\Admin\AppData\Local\Temp\Privacy Рolicу\cmds\cmds\prog\splitfor.js"

Network

Country Destination Domain Proto
N/A 2.16.119.157:443 tcp
N/A 20.189.173.4:443 tcp
N/A 209.197.3.8:80 tcp

Files

N/A

Analysis: behavioral11

Detonation Overview

Submitted

2023-01-25 17:08

Reported

2023-01-25 17:15

Platform

win10-20220901-es

Max time kernel

38s

Max time network

70s

Command Line

wscript.exe "C:\Users\Admin\AppData\Local\Temp\Privacy Рolicу\cmds\cmds\regini\iniformat.js"

Signatures

N/A

Processes

C:\Windows\system32\wscript.exe

wscript.exe "C:\Users\Admin\AppData\Local\Temp\Privacy Рolicу\cmds\cmds\regini\iniformat.js"

Network

Country Destination Domain Proto
N/A 52.178.17.2:443 tcp
N/A 96.16.53.137:80 tcp

Files

N/A

Analysis: behavioral12

Detonation Overview

Submitted

2023-01-25 17:08

Reported

2023-01-25 17:15

Platform

win10-20220812-es

Max time kernel

46s

Max time network

58s

Command Line

wscript.exe "C:\Users\Admin\AppData\Local\Temp\Privacy Рolicу\cmds\cmds\regini\regfor.js"

Signatures

N/A

Processes

C:\Windows\system32\wscript.exe

wscript.exe "C:\Users\Admin\AppData\Local\Temp\Privacy Рolicу\cmds\cmds\regini\regfor.js"

Network

N/A

Files

N/A

Analysis: behavioral22

Detonation Overview

Submitted

2023-01-25 17:08

Reported

2023-01-25 17:18

Platform

win10-20220901-es

Max time kernel

39s

Max time network

53s

Command Line

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\Privacy Рolicу\cmds\libs\ssl\ssleay32.dll",#1

Signatures

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2856 wrote to memory of 4512 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe
PID 2856 wrote to memory of 4512 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe
PID 2856 wrote to memory of 4512 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe

Processes

C:\Windows\SysWOW64\rundll32.exe

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\Privacy Рolicу\cmds\libs\ssl\ssleay32.dll",#1

C:\Windows\system32\rundll32.exe

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\Privacy Рolicу\cmds\libs\ssl\ssleay32.dll",#1

Network

N/A

Files

memory/4512-120-0x0000000000000000-mapping.dmp

memory/4512-121-0x0000000077AD0000-0x0000000077C5E000-memory.dmp

memory/4512-123-0x0000000077AD0000-0x0000000077C5E000-memory.dmp

memory/4512-124-0x0000000077AD0000-0x0000000077C5E000-memory.dmp

memory/4512-125-0x0000000077AD0000-0x0000000077C5E000-memory.dmp

memory/4512-126-0x0000000077AD0000-0x0000000077C5E000-memory.dmp

memory/4512-127-0x0000000077AD0000-0x0000000077C5E000-memory.dmp

memory/4512-128-0x0000000077AD0000-0x0000000077C5E000-memory.dmp

memory/4512-130-0x0000000077AD0000-0x0000000077C5E000-memory.dmp

memory/4512-131-0x0000000077AD0000-0x0000000077C5E000-memory.dmp

memory/4512-129-0x0000000077AD0000-0x0000000077C5E000-memory.dmp

memory/4512-122-0x0000000077AD0000-0x0000000077C5E000-memory.dmp

memory/4512-132-0x0000000077AD0000-0x0000000077C5E000-memory.dmp

memory/4512-133-0x0000000077AD0000-0x0000000077C5E000-memory.dmp

memory/4512-135-0x0000000077AD0000-0x0000000077C5E000-memory.dmp

memory/4512-138-0x0000000077AD0000-0x0000000077C5E000-memory.dmp

memory/4512-137-0x0000000077AD0000-0x0000000077C5E000-memory.dmp

memory/4512-139-0x0000000077AD0000-0x0000000077C5E000-memory.dmp

memory/4512-140-0x0000000077AD0000-0x0000000077C5E000-memory.dmp

memory/4512-141-0x0000000077AD0000-0x0000000077C5E000-memory.dmp

memory/4512-143-0x0000000077AD0000-0x0000000077C5E000-memory.dmp

memory/4512-144-0x0000000077AD0000-0x0000000077C5E000-memory.dmp

memory/4512-145-0x0000000077AD0000-0x0000000077C5E000-memory.dmp

memory/4512-146-0x0000000077AD0000-0x0000000077C5E000-memory.dmp

memory/4512-147-0x0000000077AD0000-0x0000000077C5E000-memory.dmp

memory/4512-150-0x0000000077AD0000-0x0000000077C5E000-memory.dmp

memory/4512-151-0x0000000077AD0000-0x0000000077C5E000-memory.dmp

memory/4512-152-0x0000000077AD0000-0x0000000077C5E000-memory.dmp

memory/4512-153-0x0000000077AD0000-0x0000000077C5E000-memory.dmp

memory/4512-154-0x0000000077AD0000-0x0000000077C5E000-memory.dmp

memory/4512-155-0x0000000077AD0000-0x0000000077C5E000-memory.dmp

memory/4512-156-0x0000000077AD0000-0x0000000077C5E000-memory.dmp

memory/4512-149-0x0000000077AD0000-0x0000000077C5E000-memory.dmp

memory/4512-158-0x0000000077AD0000-0x0000000077C5E000-memory.dmp

memory/4512-159-0x0000000077AD0000-0x0000000077C5E000-memory.dmp

memory/4512-161-0x0000000077AD0000-0x0000000077C5E000-memory.dmp

memory/4512-160-0x0000000077AD0000-0x0000000077C5E000-memory.dmp

memory/4512-162-0x0000000077AD0000-0x0000000077C5E000-memory.dmp

memory/4512-165-0x0000000077AD0000-0x0000000077C5E000-memory.dmp

memory/4512-167-0x0000000077AD0000-0x0000000077C5E000-memory.dmp

memory/4512-168-0x0000000077AD0000-0x0000000077C5E000-memory.dmp

memory/4512-166-0x0000000077AD0000-0x0000000077C5E000-memory.dmp

memory/4512-164-0x0000000077AD0000-0x0000000077C5E000-memory.dmp

memory/4512-163-0x0000000077AD0000-0x0000000077C5E000-memory.dmp

memory/4512-157-0x0000000077AD0000-0x0000000077C5E000-memory.dmp

memory/4512-148-0x0000000077AD0000-0x0000000077C5E000-memory.dmp

memory/4512-142-0x0000000077AD0000-0x0000000077C5E000-memory.dmp

memory/4512-136-0x0000000077AD0000-0x0000000077C5E000-memory.dmp

memory/4512-134-0x0000000077AD0000-0x0000000077C5E000-memory.dmp

Analysis: behavioral32

Detonation Overview

Submitted

2023-01-25 17:08

Reported

2023-01-25 17:18

Platform

win10-20220812-es

Max time kernel

38s

Max time network

63s

Command Line

"C:\Users\Admin\AppData\Local\Temp\Privacy Рolicу\res\linker\launcherd.exe"

Signatures

N/A

Processes

C:\Users\Admin\AppData\Local\Temp\Privacy Рolicу\res\linker\launcherd.exe

"C:\Users\Admin\AppData\Local\Temp\Privacy Рolicу\res\linker\launcherd.exe"

Network

Country Destination Domain Proto
N/A 51.11.192.48:443 tcp
N/A 8.253.146.249:80 tcp

Files

memory/2364-120-0x00000000778C0000-0x0000000077A4E000-memory.dmp

memory/2364-121-0x00000000778C0000-0x0000000077A4E000-memory.dmp

memory/2364-123-0x00000000778C0000-0x0000000077A4E000-memory.dmp

memory/2364-124-0x00000000778C0000-0x0000000077A4E000-memory.dmp

memory/2364-122-0x00000000778C0000-0x0000000077A4E000-memory.dmp

memory/2364-126-0x00000000778C0000-0x0000000077A4E000-memory.dmp

memory/2364-125-0x00000000778C0000-0x0000000077A4E000-memory.dmp

memory/2364-128-0x00000000778C0000-0x0000000077A4E000-memory.dmp

memory/2364-131-0x00000000778C0000-0x0000000077A4E000-memory.dmp

memory/2364-130-0x00000000778C0000-0x0000000077A4E000-memory.dmp

memory/2364-133-0x00000000778C0000-0x0000000077A4E000-memory.dmp

memory/2364-132-0x00000000778C0000-0x0000000077A4E000-memory.dmp

memory/2364-134-0x00000000778C0000-0x0000000077A4E000-memory.dmp

memory/2364-129-0x00000000778C0000-0x0000000077A4E000-memory.dmp

memory/2364-135-0x00000000778C0000-0x0000000077A4E000-memory.dmp

memory/2364-136-0x00000000778C0000-0x0000000077A4E000-memory.dmp

memory/2364-137-0x00000000778C0000-0x0000000077A4E000-memory.dmp

memory/2364-139-0x00000000778C0000-0x0000000077A4E000-memory.dmp

memory/2364-141-0x00000000778C0000-0x0000000077A4E000-memory.dmp

memory/2364-140-0x00000000778C0000-0x0000000077A4E000-memory.dmp

memory/2364-143-0x00000000778C0000-0x0000000077A4E000-memory.dmp

memory/2364-145-0x00000000778C0000-0x0000000077A4E000-memory.dmp

memory/2364-146-0x00000000778C0000-0x0000000077A4E000-memory.dmp

memory/2364-149-0x00000000778C0000-0x0000000077A4E000-memory.dmp

memory/2364-148-0x00000000778C0000-0x0000000077A4E000-memory.dmp

memory/2364-151-0x00000000778C0000-0x0000000077A4E000-memory.dmp

memory/2364-150-0x00000000778C0000-0x0000000077A4E000-memory.dmp

memory/2364-147-0x00000000778C0000-0x0000000077A4E000-memory.dmp

memory/2364-153-0x00000000778C0000-0x0000000077A4E000-memory.dmp

memory/2364-155-0x00000000778C0000-0x0000000077A4E000-memory.dmp

memory/2364-154-0x00000000778C0000-0x0000000077A4E000-memory.dmp

memory/2364-156-0x00000000778C0000-0x0000000077A4E000-memory.dmp

memory/2364-152-0x00000000778C0000-0x0000000077A4E000-memory.dmp

memory/2364-144-0x00000000778C0000-0x0000000077A4E000-memory.dmp

memory/2364-157-0x00000000778C0000-0x0000000077A4E000-memory.dmp

memory/2364-142-0x00000000778C0000-0x0000000077A4E000-memory.dmp

memory/2364-158-0x00000000778C0000-0x0000000077A4E000-memory.dmp

memory/2364-138-0x00000000778C0000-0x0000000077A4E000-memory.dmp

memory/2364-127-0x00000000778C0000-0x0000000077A4E000-memory.dmp

Analysis: behavioral1

Detonation Overview

Submitted

2023-01-25 17:08

Reported

2023-01-25 17:15

Platform

win10-20220901-es

Max time kernel

40s

Max time network

70s

Command Line

wscript.exe "C:\Users\Admin\AppData\Local\Temp\Privacy Рolicу\cmds\cmds\application\wsh.js"

Signatures

N/A

Processes

C:\Windows\system32\wscript.exe

wscript.exe "C:\Users\Admin\AppData\Local\Temp\Privacy Рolicу\cmds\cmds\application\wsh.js"

Network

Country Destination Domain Proto
N/A 20.189.173.3:443 tcp
N/A 84.53.175.11:80 tcp

Files

N/A

Analysis: behavioral9

Detonation Overview

Submitted

2023-01-25 17:08

Reported

2023-01-25 17:15

Platform

win10-20220812-es

Max time kernel

44s

Max time network

147s

Command Line

wscript.exe "C:\Users\Admin\AppData\Local\Temp\Privacy Рolicу\cmds\cmds\prog\for.js"

Signatures

N/A

Processes

C:\Windows\system32\wscript.exe

wscript.exe "C:\Users\Admin\AppData\Local\Temp\Privacy Рolicу\cmds\cmds\prog\for.js"

Network

Country Destination Domain Proto
N/A 13.89.179.10:443 tcp
N/A 13.107.4.50:80 tcp

Files

N/A