a1465a6c79d927b7c539f74712589dbbf17cf6cc49663918a4f20d6c506e9dcd

Analysis

max time kernel
195s
max time network
204s
platform
windows10-2004_x64
resource
win10v2004-20230915-en
resource tags

arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
submitted
13/10/2023, 20:22 UTC

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

NEAS.4a6c8db57361c9ad2b091bc8befc6ad0.exe
Size

66KB
MD5

4a6c8db57361c9ad2b091bc8befc6ad0
SHA1

fac346321199e5931c3c0e695490751a8132cfe4
SHA256

a1465a6c79d927b7c539f74712589dbbf17cf6cc49663918a4f20d6c506e9dcd
SHA512

265d6fb3b2fd391ed76af62dfdbea0032886924ae28c38210ec9a8686104305318c978383a0b55aa59bb4b018c8b7978e90b887333caba996161ead58990909e
SSDEEP

768:SrmZsZxwmP1ap8FZjM39zN2MQuqWl9Tg8IRix8CBcwdLBtaQsnuIxbkgsr2e+YQ/:/szXm67WjIcHcYNsF+gT0QvwXwsA4Q

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 4 IoCs

pid	Process
1464	urdvxc.exe
3120	urdvxc.exe
3132	urdvxc.exe
5088	urdvxc.exe

Drops file in System32 directory 3 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SysWOW64\urdvxc.exe	NEAS.4a6c8db57361c9ad2b091bc8befc6ad0.exe
File created	C:\Windows\SysWOW64\urdvxc.exe	urdvxc.exe
File created	C:\Windows\SysWOW64\urdvxc.exe	NEAS.4a6c8db57361c9ad2b091bc8befc6ad0.exe

Drops file in Program Files directory 62 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.equinox.p2.rcp.feature_1.2.0.v20140523-0116\license.html	urdvxc.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\about.html	urdvxc.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\PersonaSpy\PersonaSpy.html	urdvxc.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_ja_4.4.0.v20140623020002\about.html	urdvxc.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.e4.rcp_1.3.100.v20141007-2033\license.html	urdvxc.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.feature_3.9.0.v20140827-1444\about.html	urdvxc.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.equinox.launcher.win32.win32.x86_64_1.1.200.v20141007-2033\about.html	urdvxc.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_ja_4.4.0.v20140623020002\license.html	urdvxc.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\about.html	urdvxc.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\license.html	urdvxc.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\preface.htm	urdvxc.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_zh_4.4.0.v20140623020002\epl-v10.html	urdvxc.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_zh_4.4.0.v20140623020002\license.html	urdvxc.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.ecf.core.feature_1.1.0.v20140827-1444\epl-v10.html	urdvxc.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\README.html	urdvxc.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\html\cpyr.htm	urdvxc.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\olh001.htm	urdvxc.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\bklnbknw.exe	urdvxc.exe
File opened for modification	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Smart Tag\1033\rvhrjtnt.exe	urdvxc.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_ja_4.4.0.v20140623020002\epl-v10.html	urdvxc.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.emf.common_2.10.1.v20140901-1043\epl-v10.html	urdvxc.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.emf.common_2.10.1.v20140901-1043\license.html	urdvxc.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\license.html	urdvxc.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.emf.ecore_2.10.1.v20140901-1043\license.html	urdvxc.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\title.htm	urdvxc.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_zh_4.4.0.v20140623020002\about.html	urdvxc.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.ecf.core.feature_1.1.0.v20140827-1444\about.html	urdvxc.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.ecf.core.feature_1.1.0.v20140827-1444\license.html	urdvxc.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.rcp_4.4.0.v20141007-2301\epl-v10.html	urdvxc.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\PersonaSpy\tsbknceh.exe	urdvxc.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.ssl.feature_1.0.0.v20140827-1444\license.html	urdvxc.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.equinox.p2.core.feature_1.3.0.v20140523-0116\license.html	urdvxc.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.help_2.0.102.v20141007-2301\epl-v10.html	urdvxc.exe
File opened for modification	C:\Program Files\Java\jre1.8.0_66\jtlnctqk.exe	urdvxc.exe
File opened for modification	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\1033\README.HTM	urdvxc.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\db\README-JDK.html	urdvxc.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.feature_3.9.0.v20140827-1444\epl-v10.html	urdvxc.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.feature_3.9.1.v20140827-1444\epl-v10.html	urdvxc.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.e4.rcp_1.3.100.v20141007-2033\epl-v10.html	urdvxc.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.help_2.0.102.v20141007-2301\license.html	urdvxc.exe
File opened for modification	C:\Program Files\Microsoft Office\Office16\OSPP.HTM	urdvxc.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_ja_4.4.0.v20140623020002\nsstljje.exe	urdvxc.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.emf.ecore_2.10.1.v20140901-1043\epl-v10.html	urdvxc.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.rcp_4.4.0.v20141007-2301\license.html	urdvxc.exe
File opened for modification	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Smart Tag\1033\MCABOUT.HTM	urdvxc.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\jre\Welcome.html	urdvxc.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.ssl.feature_1.0.0.v20140827-1444\about.html	urdvxc.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.ssl.feature_1.0.0.v20140827-1444\epl-v10.html	urdvxc.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\db\qrhljwvn.exe	urdvxc.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\olh.htm	urdvxc.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\epl-v10.html	urdvxc.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.equinox.p2.rcp.feature_1.2.0.v20140523-0116\epl-v10.html	urdvxc.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.feature_3.9.1.v20140827-1444\about.html	urdvxc.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.feature_3.9.1.v20140827-1444\license.html	urdvxc.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\about.html	urdvxc.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.feature_3.9.0.v20140827-1444\license.html	urdvxc.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\epl-v10.html	urdvxc.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.equinox.p2.core.feature_1.3.0.v20140523-0116\epl-v10.html	urdvxc.exe
File opened for modification	C:\Program Files\Java\jre1.8.0_66\Welcome.html	urdvxc.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\db\RELEASE-NOTES.html	urdvxc.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\jre\sekbhrbe.exe	urdvxc.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_zh_4.4.0.v20140623020002\njqrsbcq.exe	urdvxc.exe

Modifies registry class 54 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{EB4470BE-3A35-A218-C7F6-4398C8694892}\LocalServer32	urdvxc.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{66E9A00C-64D1-4956-05AE-619DF5D22A84}\LocalServer32	urdvxc.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{66E9A00C-64D1-4956-05AE-619DF5D22A84}	urdvxc.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{2C803653-A26A-88C7-574B-3B28BF06C94C}\ = "btvlwhzbejrtlwln"	urdvxc.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{EB4470BE-3A35-A218-C7F6-4398C8694892}\LocalServer32\ = "C:\\Program Files\\Microsoft Office\\root\\vfs\\ProgramFilesCommonX64\\Microsoft Shared\\Smart Tag\\1033\\rvhrjtnt.exe"	urdvxc.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{66E9A00C-64D1-4956-05AE-619DF5D22A84}\LocalServer32\ = "C:\\Windows\\SysWOW64\\urdvxc.exe"	urdvxc.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{7774BDCB-BC2A-526E-C798-34FA771E21D1}	urdvxc.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{7774BDCB-BC2A-526E-C798-34FA771E21D1}\LocalServer32\ = "C:\\Program Files\\Java\\jdk1.8.0_66\\db\\qrhljwvn.exe"	urdvxc.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{3E88A8DA-6487-F103-FFE5-C2B0648486DC}\LocalServer32	urdvxc.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{17B30228-FEAE-52CE-E831-3379C40FDBE8}\ = "veejscnsjthbjhrk"	urdvxc.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{58F22A6B-E9C1-CE13-9AB2-6E6A8B42D5FD}	urdvxc.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{D9E5B2A0-6DA4-8211-3F09-7196AABBE564}\LocalServer32\ = "C:\\Program Files\\Microsoft Office\\root\\Office16\\PersonaSpy\\tsbknceh.exe"	urdvxc.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{66E9A00C-64D1-4956-05AE-619DF5D22A84}\ = "rqjlhelrncrskhkl"	urdvxc.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{7774BDCB-BC2A-526E-C798-34FA771E21D1}\LocalServer32	urdvxc.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{07185A04-82F9-14AB-51B6-AD83A271DEB3}\ = "xkcjtbwlhklrrnkr"	NEAS.4a6c8db57361c9ad2b091bc8befc6ad0.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{58F22A6B-E9C1-CE13-9AB2-6E6A8B42D5FD}\ = "hbqjrklchjzbtcnt"	urdvxc.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{66E9A00C-64D1-4956-05AE-619DF5D22A84}\LocalServer32\ = "C:\\Windows\\SysWOW64\\urdvxc.exe"	urdvxc.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{66E9A00C-64D1-4956-05AE-619DF5D22A84}\LocalServer32\ = "C:\\Windows\\SysWOW64\\urdvxc.exe"	urdvxc.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{2C803653-A26A-88C7-574B-3B28BF06C94C}\LocalServer32\ = "C:\\Program Files\\Java\\jdk1.8.0_66\\bklnbknw.exe"	urdvxc.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{D9E5B2A0-6DA4-8211-3F09-7196AABBE564}\ = "cwnrvlhckxzqknlj"	urdvxc.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{EB4470BE-3A35-A218-C7F6-4398C8694892}	urdvxc.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{66E9A00C-64D1-4956-05AE-619DF5D22A84}	urdvxc.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{7774BDCB-BC2A-526E-C798-34FA771E21D1}\ = "hkqlkstlrvbkzjzc"	urdvxc.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{3E88A8DA-6487-F103-FFE5-C2B0648486DC}\LocalServer32\ = "C:\\Program Files\\Java\\jdk1.8.0_66\\jre\\sekbhrbe.exe"	urdvxc.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{D9E5B2A0-6DA4-8211-3F09-7196AABBE564}	urdvxc.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{D9E5B2A0-6DA4-8211-3F09-7196AABBE564}\LocalServer32	urdvxc.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{66E9A00C-64D1-4956-05AE-619DF5D22A84}\LocalServer32	urdvxc.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{58F22A6B-E9C1-CE13-9AB2-6E6A8B42D5FD}\ = "knnlknbttrhkhkcv"	urdvxc.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{EB4470BE-3A35-A218-C7F6-4398C8694892}\ = "kjnstknlxwrsqkew"	urdvxc.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{66E9A00C-64D1-4956-05AE-619DF5D22A84}\ = "jhhsschckwnskvnt"	urdvxc.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{58F22A6B-E9C1-CE13-9AB2-6E6A8B42D5FD}\LocalServer32	urdvxc.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{07185A04-82F9-14AB-51B6-AD83A271DEB3}	NEAS.4a6c8db57361c9ad2b091bc8befc6ad0.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{2C803653-A26A-88C7-574B-3B28BF06C94C}	urdvxc.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{66E9A00C-64D1-4956-05AE-619DF5D22A84}\ = "ebexseqtnreknbxb"	urdvxc.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{66E9A00C-64D1-4956-05AE-619DF5D22A84}	urdvxc.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{3E88A8DA-6487-F103-FFE5-C2B0648486DC}\ = "xclrkletblhbcbks"	urdvxc.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{17B30228-FEAE-52CE-E831-3379C40FDBE8}	urdvxc.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{17B30228-FEAE-52CE-E831-3379C40FDBE8}\LocalServer32	urdvxc.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{17B30228-FEAE-52CE-E831-3379C40FDBE8}\ = "vhswnnbzbssnsrxj"	urdvxc.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{66E9A00C-64D1-4956-05AE-619DF5D22A84}	urdvxc.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{66E9A00C-64D1-4956-05AE-619DF5D22A84}\ = "ktlsteebnntjrclt"	urdvxc.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{58F22A6B-E9C1-CE13-9AB2-6E6A8B42D5FD}\LocalServer32\ = "C:\\Program Files\\Java\\jdk1.8.0_66\\lib\\missioncontrol\\features\\org.eclipse.babel.nls_eclipse_zh_4.4.0.v20140623020002\\njqrsbcq.exe"	urdvxc.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{2C803653-A26A-88C7-574B-3B28BF06C94C}\LocalServer32	urdvxc.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{5CA91ECD-564C-3E29-5336-C066EB2FABF6}\ = "jexjeltbxvjhlrbh"	urdvxc.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{07185A04-82F9-14AB-51B6-AD83A271DEB3}\LocalServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\NEAS.4a6c8db57361c9ad2b091bc8befc6ad0.exe"	NEAS.4a6c8db57361c9ad2b091bc8befc6ad0.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{66E9A00C-64D1-4956-05AE-619DF5D22A84}\LocalServer32\ = "C:\\Windows\\SysWOW64\\urdvxc.exe"	urdvxc.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{66E9A00C-64D1-4956-05AE-619DF5D22A84}\LocalServer32	urdvxc.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{66E9A00C-64D1-4956-05AE-619DF5D22A84}\LocalServer32	urdvxc.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{17B30228-FEAE-52CE-E831-3379C40FDBE8}\LocalServer32\ = "C:\\Program Files\\Java\\jdk1.8.0_66\\lib\\missioncontrol\\features\\org.eclipse.babel.nls_eclipse_ja_4.4.0.v20140623020002\\nsstljje.exe"	urdvxc.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{5CA91ECD-564C-3E29-5336-C066EB2FABF6}	urdvxc.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{5CA91ECD-564C-3E29-5336-C066EB2FABF6}\LocalServer32	urdvxc.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{5CA91ECD-564C-3E29-5336-C066EB2FABF6}\LocalServer32\ = "C:\\Program Files\\Java\\jre1.8.0_66\\jtlnctqk.exe"	urdvxc.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{07185A04-82F9-14AB-51B6-AD83A271DEB3}\LocalServer32	NEAS.4a6c8db57361c9ad2b091bc8befc6ad0.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{3E88A8DA-6487-F103-FFE5-C2B0648486DC}	urdvxc.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	1464	urdvxc.exe

Suspicious use of WriteProcessMemory 9 IoCs

description	pid	Process	procid_target
PID 1940 wrote to memory of 1464	1940	NEAS.4a6c8db57361c9ad2b091bc8befc6ad0.exe	87
PID 1940 wrote to memory of 1464	1940	NEAS.4a6c8db57361c9ad2b091bc8befc6ad0.exe	87
PID 1940 wrote to memory of 1464	1940	NEAS.4a6c8db57361c9ad2b091bc8befc6ad0.exe	87
PID 1940 wrote to memory of 3120	1940	NEAS.4a6c8db57361c9ad2b091bc8befc6ad0.exe	88
PID 1940 wrote to memory of 3120	1940	NEAS.4a6c8db57361c9ad2b091bc8befc6ad0.exe	88
PID 1940 wrote to memory of 3120	1940	NEAS.4a6c8db57361c9ad2b091bc8befc6ad0.exe	88
PID 1940 wrote to memory of 5088	1940	NEAS.4a6c8db57361c9ad2b091bc8befc6ad0.exe	90
PID 1940 wrote to memory of 5088	1940	NEAS.4a6c8db57361c9ad2b091bc8befc6ad0.exe	90
PID 1940 wrote to memory of 5088	1940	NEAS.4a6c8db57361c9ad2b091bc8befc6ad0.exe	90

C:\Users\Admin\AppData\Local\Temp\NEAS.4a6c8db57361c9ad2b091bc8befc6ad0.exe
"C:\Users\Admin\AppData\Local\Temp\NEAS.4a6c8db57361c9ad2b091bc8befc6ad0.exe"
1⤵
- Drops file in System32 directory
- Modifies registry class
- Suspicious use of WriteProcessMemory
PID:1940
- C:\Windows\SysWOW64\urdvxc.exe
  C:\Windows\system32\urdvxc.exe /installservice
  2⤵
  - Executes dropped EXE
  - Modifies registry class
  - Suspicious use of AdjustPrivilegeToken
  PID:1464
- C:\Windows\SysWOW64\urdvxc.exe
  C:\Windows\system32\urdvxc.exe /start
  2⤵
  - Executes dropped EXE
  - Modifies registry class
  PID:3120
- C:\Windows\SysWOW64\urdvxc.exe
  C:\Windows\system32\urdvxc.exe /uninstallservice patch:C:\Users\Admin\AppData\Local\Temp\NEAS.4a6c8db57361c9ad2b091bc8befc6ad0.exe
  2⤵
  - Executes dropped EXE
  - Modifies registry class
  PID:5088

C:\Windows\SysWOW64\urdvxc.exe
"C:\Windows\SysWOW64\urdvxc.exe" /service
1⤵
- Executes dropped EXE
- Drops file in System32 directory
- Drops file in Program Files directory
- Modifies registry class
PID:3132

Network

DNS

8.8.8.8.in-addr.arpa

Remote address:

8.8.8.8:53

Request

8.8.8.8.in-addr.arpa

IN PTR

Response

8.8.8.8.in-addr.arpa

IN PTR

dnsgoogle
DNS

2.136.104.51.in-addr.arpa

Remote address:

8.8.8.8:53

Request

2.136.104.51.in-addr.arpa

IN PTR

Response
DNS

1.208.79.178.in-addr.arpa

Remote address:

8.8.8.8:53

Request

1.208.79.178.in-addr.arpa

IN PTR

Response

1.208.79.178.in-addr.arpa

IN PTR

https-178-79-208-1amsllnwnet
DNS

103.169.127.40.in-addr.arpa

Remote address:

8.8.8.8:53

Request

103.169.127.40.in-addr.arpa

IN PTR

Response
DNS

198.187.3.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

198.187.3.20.in-addr.arpa

IN PTR

Response
DNS

69.31.126.40.in-addr.arpa

Remote address:

8.8.8.8:53

Request

69.31.126.40.in-addr.arpa

IN PTR

Response
DNS

95.221.229.192.in-addr.arpa

Remote address:

8.8.8.8:53

Request

95.221.229.192.in-addr.arpa

IN PTR

Response
DNS

43.58.199.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

43.58.199.20.in-addr.arpa

IN PTR

Response
DNS

9.228.82.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

9.228.82.20.in-addr.arpa

IN PTR

Response
DNS

208.194.73.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

208.194.73.20.in-addr.arpa

IN PTR

Response
DNS

126.23.238.8.in-addr.arpa

Remote address:

8.8.8.8:53

Request

126.23.238.8.in-addr.arpa

IN PTR

Response
DNS

29.81.57.23.in-addr.arpa

Remote address:

8.8.8.8:53

Request

29.81.57.23.in-addr.arpa

IN PTR

Response

29.81.57.23.in-addr.arpa

IN PTR

a23-57-81-29deploystaticakamaitechnologiescom
DNS

9.57.101.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

9.57.101.20.in-addr.arpa

IN PTR

Response
DNS

1.202.248.87.in-addr.arpa

Remote address:

8.8.8.8:53

Request

1.202.248.87.in-addr.arpa

IN PTR

Response

1.202.248.87.in-addr.arpa

IN PTR

https-87-248-202-1amsllnwnet
DNS

5.173.189.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

5.173.189.20.in-addr.arpa

IN PTR

Response
DNS

240.221.184.93.in-addr.arpa

Remote address:

8.8.8.8:53

Request

240.221.184.93.in-addr.arpa

IN PTR

Response
DNS

26.35.223.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

26.35.223.20.in-addr.arpa

IN PTR

Response
DNS

tse1.mm.bing.net

Remote address:

8.8.8.8:53

Request

tse1.mm.bing.net

IN A

Response

tse1.mm.bing.net

IN CNAME

mm-mm.bing.net.trafficmanager.net

mm-mm.bing.net.trafficmanager.net

IN CNAME

dual-a-0001.a-msedge.net

dual-a-0001.a-msedge.net

IN A

204.79.197.200

dual-a-0001.a-msedge.net

IN A

13.107.21.200
GET

https://tse1.mm.bing.net/th?id=OADD2.10239317301529_1DMPN0VMBUXDAYN7W&pid=21.2&w=1080&h=1920&c=4

Remote address:

204.79.197.200:443

Request

GET /th?id=OADD2.10239317301529_1DMPN0VMBUXDAYN7W&pid=21.2&w=1080&h=1920&c=4 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041

Response

HTTP/2.0 200

cache-control: public, max-age=2592000
content-length: 444999
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 428927478469428B8B9FDC127FBC273A Ref B: BRU30EDGE0910 Ref C: 2023-10-13T22:45:59Z
date: Fri, 13 Oct 2023 22:45:59 GMT
GET

https://tse1.mm.bing.net/th?id=OADD2.10239317301037_1F4LYB5BP3D8EEGSO&pid=21.2&w=1920&h=1080&c=4

Remote address:

204.79.197.200:443

Request

GET /th?id=OADD2.10239317301037_1F4LYB5BP3D8EEGSO&pid=21.2&w=1920&h=1080&c=4 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041

Response

HTTP/2.0 200

cache-control: public, max-age=2592000
content-length: 326717
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 59C5A78DC7784D5786B39215AAFF5513 Ref B: BRU30EDGE0910 Ref C: 2023-10-13T22:45:59Z
date: Fri, 13 Oct 2023 22:45:59 GMT
GET

https://tse1.mm.bing.net/th?id=OADD2.10239317301470_10T4S66MXCAC1M054&pid=21.2&w=1080&h=1920&c=4

Remote address:

204.79.197.200:443

Request

GET /th?id=OADD2.10239317301470_10T4S66MXCAC1M054&pid=21.2&w=1080&h=1920&c=4 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041

Response

HTTP/2.0 200

cache-control: public, max-age=2592000
content-length: 396701
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 6788794D9D404D36A455A14F00A6DD5C Ref B: BRU30EDGE0910 Ref C: 2023-10-13T22:45:59Z
date: Fri, 13 Oct 2023 22:45:59 GMT
GET

https://tse1.mm.bing.net/th?id=OADD2.10239317301096_19QEA75LL3ZH4HJ9P&pid=21.2&w=1920&h=1080&c=4

Remote address:

204.79.197.200:443

Request

GET /th?id=OADD2.10239317301096_19QEA75LL3ZH4HJ9P&pid=21.2&w=1920&h=1080&c=4 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041

Response

HTTP/2.0 200

cache-control: public, max-age=2592000
content-length: 378343
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 0DAC142B9DBA403E8E84BF7562123576 Ref B: BRU30EDGE0910 Ref C: 2023-10-13T22:45:59Z
date: Fri, 13 Oct 2023 22:45:59 GMT
GET

https://tse1.mm.bing.net/th?id=OADD2.10239317300998_1VQZSKOQ4GB7QD9KL&pid=21.2&w=1920&h=1080&c=4

Remote address:

204.79.197.200:443

Request

GET /th?id=OADD2.10239317300998_1VQZSKOQ4GB7QD9KL&pid=21.2&w=1920&h=1080&c=4 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041

Response

HTTP/2.0 200

cache-control: public, max-age=2592000
content-length: 303976
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 47A1900459134857B1FB8D5A8F288FE2 Ref B: BRU30EDGE0910 Ref C: 2023-10-13T22:45:59Z
date: Fri, 13 Oct 2023 22:45:59 GMT
GET

https://tse1.mm.bing.net/th?id=OADD2.10239317301431_1VDBP7BM4DABZY935&pid=21.2&w=1080&h=1920&c=4

Remote address:

204.79.197.200:443

Request

GET /th?id=OADD2.10239317301431_1VDBP7BM4DABZY935&pid=21.2&w=1080&h=1920&c=4 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041

Response

HTTP/2.0 200

cache-control: public, max-age=2592000
content-length: 248383
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 9703501014134697B1FDAA8C018B7796 Ref B: BRU30EDGE0910 Ref C: 2023-10-13T22:46:00Z
date: Fri, 13 Oct 2023 22:46:00 GMT

67.83.87.8:139

urdvxc.exe

156 B
3
67.83.1.22:139

urdvxc.exe

156 B
3
67.83.204.170:139

urdvxc.exe

156 B
3
67.83.117.136:139

urdvxc.exe

156 B
3
67.83.12.1:139

urdvxc.exe

260 B
200 B
5
5
67.83.151.241:139

urdvxc.exe

156 B
3
67.83.44.215:139

urdvxc.exe

156 B
3
67.83.121.33:139

urdvxc.exe

156 B
3
67.83.112.108:139

urdvxc.exe

156 B
3
67.83.135.132:139

urdvxc.exe

156 B
3
67.83.44.67:139

urdvxc.exe

156 B
3
67.83.87.8:445

urdvxc.exe

156 B
3
67.83.1.22:445

urdvxc.exe

260 B
200 B
5
5
67.83.204.170:445

urdvxc.exe

156 B
3
67.83.121.183:139

urdvxc.exe

156 B
3
67.83.146.112:139

urdvxc.exe

156 B
3
67.83.117.136:445

urdvxc.exe

156 B
3
67.83.12.1:445

urdvxc.exe

260 B
200 B
5
5
67.83.151.241:445

urdvxc.exe

156 B
3
67.83.137.227:139

urdvxc.exe

156 B
3
67.83.44.215:445

urdvxc.exe

156 B
3
67.83.121.33:445

urdvxc.exe

156 B
3
67.83.189.161:139

urdvxc.exe

156 B
3
67.83.135.19:139

urdvxc.exe

156 B
3
67.83.112.108:445

urdvxc.exe

156 B
3
67.83.135.132:445

urdvxc.exe

156 B
3
67.83.44.67:445

urdvxc.exe

260 B
200 B
5
5
67.83.77.127:139

urdvxc.exe

156 B
3
67.83.174.51:139

urdvxc.exe

156 B
3
67.83.60.164:139

urdvxc.exe

156 B
3
67.83.121.183:445

urdvxc.exe

156 B
3
67.83.117.203:139

urdvxc.exe

156 B
3
67.83.146.112:445

urdvxc.exe

156 B
3
67.83.117.44:139

urdvxc.exe

156 B
3
67.83.137.227:445

urdvxc.exe

156 B
3
67.83.189.161:445

urdvxc.exe

156 B
3
67.83.135.19:445

urdvxc.exe

156 B
3
67.83.14.78:139

urdvxc.exe

156 B
3
67.83.142.100:139

urdvxc.exe

156 B
3
67.83.118.54:139

urdvxc.exe

156 B
3
67.83.188.211:139

urdvxc.exe

156 B
3
67.83.202.188:139

urdvxc.exe

156 B
3
67.83.77.127:445

urdvxc.exe

156 B
3
67.83.174.51:445

urdvxc.exe

156 B
3
67.83.65.200:139

urdvxc.exe

156 B
3
67.83.219.100:139

urdvxc.exe

156 B
3
67.83.6.240:139

urdvxc.exe

156 B
3
67.83.217.94:139

urdvxc.exe

156 B
3
67.83.60.164:445

urdvxc.exe

156 B
3
67.83.117.203:445

urdvxc.exe

156 B
3
67.83.117.44:445

urdvxc.exe

156 B
3
67.83.1.232:139

urdvxc.exe

156 B
3
67.83.189.167:139

urdvxc.exe

156 B
3
67.83.14.78:445

urdvxc.exe

156 B
3
67.83.142.100:445

urdvxc.exe

260 B
200 B
5
5
67.83.179.92:139

urdvxc.exe

156 B
3
67.83.118.54:445

urdvxc.exe

156 B
3
67.83.188.211:445

urdvxc.exe

156 B
3
67.83.127.143:139

urdvxc.exe

156 B
3
67.83.202.188:445

urdvxc.exe

156 B
3
67.83.61.73:139

urdvxc.exe

156 B
3
67.83.59.80:139

urdvxc.exe

156 B
3
67.83.65.200:445

urdvxc.exe

156 B
3
67.83.209.172:139

urdvxc.exe

156 B
3
67.83.219.100:445

urdvxc.exe

156 B
3
67.83.6.240:445

urdvxc.exe

260 B
200 B
5
5
67.83.217.94:445

urdvxc.exe

156 B
3
67.83.0.219:139

urdvxc.exe

156 B
3
67.83.46.49:139

urdvxc.exe

156 B
3
67.83.156.134:139

urdvxc.exe

156 B
3
67.83.189.37:139

urdvxc.exe

156 B
3
67.83.190.161:139

urdvxc.exe

156 B
3
67.83.1.232:445

urdvxc.exe

260 B
200 B
5
5
67.83.189.167:445

urdvxc.exe

156 B
3
67.83.26.33:139

urdvxc.exe

156 B
3
67.83.79.250:139

urdvxc.exe

156 B
3
67.83.179.92:445

urdvxc.exe

260 B
200 B
5
5
67.83.127.143:445

urdvxc.exe

156 B
3
67.83.61.73:445

urdvxc.exe

156 B
3
67.83.34.75:139

urdvxc.exe

156 B
3
67.83.59.80:445

urdvxc.exe

156 B
3
67.83.209.172:445

urdvxc.exe

156 B
3
67.83.44.96:139

urdvxc.exe

156 B
3
67.83.208.50:139

urdvxc.exe

156 B
3
67.83.35.247:139

urdvxc.exe

156 B
3
67.83.0.219:445

urdvxc.exe

156 B
3
67.83.46.49:445

urdvxc.exe

156 B
3
67.83.0.163:139

urdvxc.exe

156 B
3
67.83.156.134:445

urdvxc.exe

156 B
3
67.83.1.158:139

urdvxc.exe

156 B
3
67.83.0.102:139

urdvxc.exe

156 B
3
67.83.9.236:139

urdvxc.exe

156 B
3
67.83.201.0:139

urdvxc.exe

156 B
3
67.83.189.37:445

urdvxc.exe

156 B
3
67.83.172.182:139

urdvxc.exe

156 B
3
67.83.190.161:445

urdvxc.exe

156 B
3
67.83.26.33:445

urdvxc.exe

156 B
3
67.83.79.250:445

urdvxc.exe

156 B
3
67.83.46.239:139

urdvxc.exe

156 B
3
67.83.34.75:445

urdvxc.exe

156 B
3
67.83.150.228:139

urdvxc.exe

156 B
3
67.83.114.48:139

urdvxc.exe

156 B
3
67.83.44.96:445

urdvxc.exe

156 B
3
67.83.208.50:445

urdvxc.exe

156 B
3
67.83.156.124:139

urdvxc.exe

156 B
3
67.83.35.247:445

urdvxc.exe

156 B
3
67.83.40.118:139

urdvxc.exe

156 B
3
67.83.0.163:445

urdvxc.exe

156 B
3
67.83.180.128:139

urdvxc.exe

156 B
3
67.83.1.158:445

urdvxc.exe

260 B
200 B
5
5
67.83.109.29:139

urdvxc.exe

156 B
3
67.83.0.102:445

urdvxc.exe

260 B
160 B
5
4
67.83.9.236:445

urdvxc.exe

156 B
3
67.83.201.0:445

urdvxc.exe

260 B
200 B
5
5
67.83.172.182:445

urdvxc.exe

156 B
3
67.83.60.244:139

urdvxc.exe

156 B
3
67.83.152.79:139

urdvxc.exe

156 B
3
67.83.118.103:139

urdvxc.exe

156 B
3
67.83.113.182:139

urdvxc.exe

156 B
3
67.83.90.245:139

urdvxc.exe

156 B
3
67.83.187.114:139

urdvxc.exe

156 B
3
67.83.46.239:445

urdvxc.exe

156 B
3
67.83.211.43:139

urdvxc.exe

156 B
3
67.83.150.228:445

urdvxc.exe

156 B
3
67.83.114.48:445

urdvxc.exe

156 B
3
67.83.156.124:445

urdvxc.exe

156 B
3
67.83.7.234:139

urdvxc.exe

156 B
3
67.83.40.118:445

urdvxc.exe

156 B
3
67.83.180.128:445

urdvxc.exe

260 B
200 B
5
5
67.83.109.29:445

urdvxc.exe

156 B
3
67.83.60.244:445

urdvxc.exe

156 B
3
67.83.118.103:445

urdvxc.exe

156 B
3
67.83.152.79:445

urdvxc.exe

260 B
200 B
5
5
67.83.113.182:445

urdvxc.exe

156 B
3
67.83.60.76:139

urdvxc.exe

156 B
3
67.83.90.245:445

urdvxc.exe

156 B
3
67.83.187.114:445

urdvxc.exe

156 B
3
67.83.211.43:445

urdvxc.exe

156 B
3
67.83.125.192:139

urdvxc.exe

156 B
3
67.83.140.155:139

urdvxc.exe

156 B
3
67.83.7.234:445

urdvxc.exe

260 B
200 B
5
5
67.83.2.78:139

urdvxc.exe

156 B
3
67.83.148.120:139

urdvxc.exe

156 B
3
67.83.81.27:139

urdvxc.exe

156 B
3
67.83.60.76:445

urdvxc.exe

156 B
3
67.83.140.155:445

urdvxc.exe

156 B
3
67.83.125.192:445

urdvxc.exe

156 B
3
67.83.196.103:139

urdvxc.exe

156 B
3
67.83.125.136:139

urdvxc.exe

156 B
3
67.83.121.215:139

urdvxc.exe

156 B
3
67.83.45.194:139

urdvxc.exe

156 B
3
67.83.207.55:139

urdvxc.exe

156 B
3
67.83.1.201:139

urdvxc.exe

156 B
3
67.83.205.161:139

urdvxc.exe

156 B
3
67.83.62.32:139

urdvxc.exe

156 B
3
67.83.194.185:139

urdvxc.exe

156 B
3
67.83.118.76:139

urdvxc.exe

156 B
3
67.83.151.240:139

urdvxc.exe

156 B
3
67.83.2.78:445

urdvxc.exe

156 B
3
67.83.16.143:139

urdvxc.exe

156 B
3
67.83.148.120:445

urdvxc.exe

156 B
3
67.83.81.27:445

urdvxc.exe

156 B
3
67.83.73.106:139

urdvxc.exe

156 B
3
67.83.77.187:139

urdvxc.exe

156 B
3
67.83.114.241:139

urdvxc.exe

156 B
3
67.83.100.51:139

urdvxc.exe

156 B
3
67.83.168.178:139

urdvxc.exe

156 B
3
67.83.196.103:445

urdvxc.exe

156 B
3
67.83.125.136:445

urdvxc.exe

156 B
3
67.83.121.215:445

urdvxc.exe

156 B
3
67.83.45.194:445

urdvxc.exe

156 B
3
67.83.61.186:139

urdvxc.exe

156 B
3
67.83.207.55:445

urdvxc.exe

260 B
200 B
5
5
67.83.205.161:445

urdvxc.exe

156 B
3
67.83.1.201:445

urdvxc.exe

156 B
3
67.83.62.32:445

urdvxc.exe

156 B
3
67.83.16.68:139

urdvxc.exe

156 B
3
67.83.194.185:445

urdvxc.exe

156 B
3
67.83.130.34:139

urdvxc.exe

156 B
3
67.83.118.76:445

urdvxc.exe

156 B
3
67.83.151.240:445

urdvxc.exe

156 B
3
67.83.123.54:139

urdvxc.exe

156 B
3
67.83.16.143:445

urdvxc.exe

156 B
3
67.83.66.249:139

urdvxc.exe

156 B
3
67.83.163.40:139

urdvxc.exe

156 B
3
67.83.59.112:139

urdvxc.exe

156 B
3
67.83.73.106:445

urdvxc.exe

156 B
3
67.83.77.187:445

urdvxc.exe

156 B
3
67.83.152.100:139

urdvxc.exe

156 B
3
67.83.114.241:445

urdvxc.exe

156 B
3
67.83.100.51:445

urdvxc.exe

156 B
3
67.83.168.178:445

urdvxc.exe

156 B
3
67.83.187.31:139

urdvxc.exe

156 B
3
67.83.35.120:139

urdvxc.exe

156 B
3
67.83.61.186:445

urdvxc.exe

156 B
3
67.83.16.68:445

urdvxc.exe

156 B
3
67.83.130.34:445

urdvxc.exe

156 B
3
67.83.128.1:139

urdvxc.exe

156 B
3
67.83.7.180:139

urdvxc.exe

156 B
3
67.83.123.54:445

urdvxc.exe

156 B
3
67.83.66.249:445

urdvxc.exe

156 B
3
67.83.138.243:139

urdvxc.exe

156 B
3
67.83.163.40:445

urdvxc.exe

156 B
3
67.83.59.112:445

urdvxc.exe

156 B
3
67.83.46.59:139

urdvxc.exe

156 B
3
67.83.0.42:139

urdvxc.exe

156 B
3
67.83.152.100:445

urdvxc.exe

260 B
200 B
5
5
67.83.187.31:445

urdvxc.exe

156 B
3
67.83.35.120:445

urdvxc.exe

156 B
3
67.83.45.115:139

urdvxc.exe

156 B
3
67.83.128.1:445

urdvxc.exe

156 B
3
67.83.7.180:445

urdvxc.exe

260 B
200 B
5
5
67.83.12.121:139

urdvxc.exe

156 B
3
67.83.115.243:139

urdvxc.exe

156 B
3
67.83.138.243:445

urdvxc.exe

156 B
3
67.83.114.100:139

urdvxc.exe

156 B
3
67.83.46.59:445

urdvxc.exe

156 B
3
67.83.137.5:139

urdvxc.exe

156 B
3
67.83.218.206:139

urdvxc.exe

156 B
3
67.83.0.42:445

urdvxc.exe

156 B
3
67.83.115.43:139

urdvxc.exe

156 B
3
67.83.7.233:139

urdvxc.exe

156 B
3
67.83.45.115:445

urdvxc.exe

156 B
3
67.83.12.121:445

urdvxc.exe

156 B
3
67.83.115.243:445

urdvxc.exe

156 B
3
67.83.66.7:139

urdvxc.exe

156 B
3
67.83.78.156:139

urdvxc.exe

156 B
3
67.83.114.100:445

urdvxc.exe

156 B
3
67.83.137.5:445

urdvxc.exe

156 B
3
67.83.154.227:139

urdvxc.exe

156 B
3
67.83.21.87:139

urdvxc.exe

156 B
3
67.83.218.206:445

urdvxc.exe

156 B
3
67.83.90.12:139

urdvxc.exe

156 B
3
67.83.12.60:139

urdvxc.exe

156 B
3
67.83.114.238:139

urdvxc.exe

156 B
3
67.83.76.7:139

urdvxc.exe

156 B
3
67.83.196.80:139

urdvxc.exe

156 B
3
67.83.124.140:139

urdvxc.exe

156 B
3
67.83.65.97:139

urdvxc.exe

156 B
3
67.83.115.43:445

urdvxc.exe

156 B
3
67.83.7.233:445

urdvxc.exe

260 B
200 B
5
5
67.83.174.131:139

urdvxc.exe

156 B
3
67.83.195.102:139

urdvxc.exe

156 B
3
67.83.66.7:445

urdvxc.exe

156 B
3
67.83.78.156:445

urdvxc.exe

156 B
3
67.83.121.18:139

urdvxc.exe

156 B
3
67.83.67.170:139

urdvxc.exe

156 B
3
67.83.154.227:445

urdvxc.exe

156 B
3
67.83.21.87:445

urdvxc.exe

156 B
3
67.83.90.12:445

urdvxc.exe

156 B
3
67.83.12.60:445

urdvxc.exe

156 B
3
67.83.12.202:139

urdvxc.exe

156 B
3
67.83.114.238:445

urdvxc.exe

156 B
3
67.83.13.138:139

urdvxc.exe

156 B
3
67.83.76.7:445

urdvxc.exe

156 B
3
67.83.196.80:445

urdvxc.exe

156 B
3
67.83.22.34:139

urdvxc.exe

156 B
3
67.83.124.140:445

urdvxc.exe

156 B
3
67.83.46.206:139

urdvxc.exe

156 B
3
67.83.65.97:445

urdvxc.exe

156 B
3
67.83.174.131:445

urdvxc.exe

156 B
3
67.83.195.102:445

urdvxc.exe

156 B
3
67.83.121.18:445

urdvxc.exe

156 B
3
67.83.67.170:445

urdvxc.exe

156 B
3
67.83.12.202:445

urdvxc.exe

156 B
3
67.83.13.138:445

urdvxc.exe

156 B
3
67.83.91.54:139

urdvxc.exe

156 B
3
67.83.22.34:445

urdvxc.exe

156 B
3
67.83.46.206:445

urdvxc.exe

260 B
200 B
5
5
67.83.122.18:139

urdvxc.exe

156 B
3
67.83.127.71:139

urdvxc.exe

156 B
3
67.83.91.54:445

urdvxc.exe

156 B
3
67.83.14.39:139

urdvxc.exe

156 B
3
67.83.122.18:445

urdvxc.exe

156 B
3
67.83.210.60:139

urdvxc.exe

156 B
3
67.83.127.71:445

urdvxc.exe

156 B
3
67.83.5.31:139

urdvxc.exe

156 B
3
67.83.14.39:445

urdvxc.exe

156 B
3
67.83.115.29:139

urdvxc.exe

156 B
3
67.83.65.178:139

urdvxc.exe

156 B
3
67.83.63.122:139

urdvxc.exe

156 B
3
67.83.33.30:139

urdvxc.exe

156 B
3
67.83.217.255:139

urdvxc.exe

156 B
3
67.83.107.6:139

urdvxc.exe

156 B
3
204.79.197.200:443

https://tse1.mm.bing.net/th?id=OADD2.10239317301431_1VDBP7BM4DABZY935&pid=21.2&w=1080&h=1920&c=4

tls, http2

81.2kB
2.2MB
1592
1587

HTTP Request

GET https://tse1.mm.bing.net/th?id=OADD2.10239317301529_1DMPN0VMBUXDAYN7W&pid=21.2&w=1080&h=1920&c=4

HTTP Request

GET https://tse1.mm.bing.net/th?id=OADD2.10239317301037_1F4LYB5BP3D8EEGSO&pid=21.2&w=1920&h=1080&c=4

HTTP Request

GET https://tse1.mm.bing.net/th?id=OADD2.10239317301470_10T4S66MXCAC1M054&pid=21.2&w=1080&h=1920&c=4

HTTP Request

GET https://tse1.mm.bing.net/th?id=OADD2.10239317301096_19QEA75LL3ZH4HJ9P&pid=21.2&w=1920&h=1080&c=4

HTTP Request

GET https://tse1.mm.bing.net/th?id=OADD2.10239317300998_1VQZSKOQ4GB7QD9KL&pid=21.2&w=1920&h=1080&c=4

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Request

GET https://tse1.mm.bing.net/th?id=OADD2.10239317301431_1VDBP7BM4DABZY935&pid=21.2&w=1080&h=1920&c=4

HTTP Response

200
204.79.197.200:443

tse1.mm.bing.net

tls, http2

1.2kB
8.3kB
16
14
204.79.197.200:443

tse1.mm.bing.net

tls, http2

1.2kB
8.3kB
16
14
204.79.197.200:443

tse1.mm.bing.net

tls, http2

1.2kB
8.2kB
16
13
204.79.197.200:443

tse1.mm.bing.net

tls, http2

1.2kB
8.3kB
16
14
67.83.210.60:445

urdvxc.exe

156 B
3
67.83.218.65:139

urdvxc.exe

156 B
3
67.83.208.3:139

urdvxc.exe

156 B
3
67.83.63.96:139

urdvxc.exe

156 B
3
67.83.208.249:139

urdvxc.exe

156 B
3
67.83.5.31:445

urdvxc.exe

156 B
3
67.83.104.198:139

urdvxc.exe

156 B
3
67.83.217.182:139

urdvxc.exe

156 B
3
67.83.44.79:139

urdvxc.exe

156 B
3
67.83.115.29:445

urdvxc.exe

156 B
3
67.83.120.66:139

urdvxc.exe

156 B
3
67.83.65.178:445

urdvxc.exe

156 B
3
67.83.62.215:139

urdvxc.exe

156 B
3
67.83.63.122:445

urdvxc.exe

156 B
3
67.83.46.33:139

urdvxc.exe

156 B
3
67.83.96.1:139

urdvxc.exe

260 B
200 B
5
5
67.83.217.255:445

urdvxc.exe

260 B
200 B
5
5
67.83.33.30:445

urdvxc.exe

156 B
3
67.83.3.67:139

urdvxc.exe

156 B
3
67.83.107.6:445

urdvxc.exe

156 B
3
67.83.65.106:139

urdvxc.exe

156 B
3
67.83.26.255:139

urdvxc.exe

156 B
3
67.83.218.65:445

urdvxc.exe

260 B
200 B
5
5
67.83.208.3:445

urdvxc.exe

156 B
3
67.83.63.96:445

urdvxc.exe

156 B
3
67.83.208.249:445

urdvxc.exe

156 B
3
67.83.44.106:139

urdvxc.exe

156 B
3
67.83.67.37:139

urdvxc.exe

156 B
3
67.83.104.198:445

urdvxc.exe

156 B
3
67.83.217.182:445

urdvxc.exe

156 B
3
67.83.44.79:445

urdvxc.exe

156 B
3
67.83.156.190:139

urdvxc.exe

156 B
3
67.83.120.66:445

urdvxc.exe

156 B
3
67.83.2.142:139

urdvxc.exe

156 B
3
67.83.25.80:139

urdvxc.exe

156 B
3
67.83.150.100:139

urdvxc.exe

156 B
3
67.83.62.215:445

urdvxc.exe

156 B
3
67.83.111.122:139

urdvxc.exe

156 B
3
67.83.46.33:445

urdvxc.exe

156 B
3
67.83.96.1:445

urdvxc.exe

260 B
200 B
5
5
67.83.3.67:445

urdvxc.exe

156 B
3
67.83.53.78:139

urdvxc.exe

156 B
3
67.83.65.106:445

urdvxc.exe

156 B
3
67.83.26.255:445

urdvxc.exe

260 B
200 B
5
5
67.83.6.35:139

urdvxc.exe

156 B
3
67.83.44.106:445

urdvxc.exe

260 B
200 B
5
5
67.83.67.37:445

urdvxc.exe

156 B
3
67.83.165.202:139

urdvxc.exe

156 B
3
67.83.95.239:139

urdvxc.exe

156 B
3
67.83.151.168:139

urdvxc.exe

156 B
3
67.83.156.190:445

urdvxc.exe

156 B
3
67.83.2.142:445

urdvxc.exe

156 B
3
67.83.150.117:139

urdvxc.exe

156 B
3
67.83.25.80:445

urdvxc.exe

260 B
200 B
5
5
67.83.150.100:445

urdvxc.exe

156 B
3
67.83.111.122:445

urdvxc.exe

156 B
3
67.83.208.51:139

urdvxc.exe

156 B
3
67.83.53.78:445

urdvxc.exe

260 B
200 B
5
5
67.83.6.35:445

urdvxc.exe

260 B
200 B
5
5
67.83.64.131:139

urdvxc.exe

156 B
3
67.83.165.202:445

urdvxc.exe

260 B
200 B
5
5
67.83.95.239:445

urdvxc.exe

156 B
3
67.83.151.168:445

urdvxc.exe

156 B
3
67.83.30.20:139

urdvxc.exe

156 B
3
67.83.150.117:445

urdvxc.exe

156 B
3
67.83.55.43:139

urdvxc.exe

156 B
3
67.83.197.78:139

urdvxc.exe

156 B
3
67.83.208.51:445

urdvxc.exe

156 B
3
67.83.73.246:139

urdvxc.exe

156 B
3
67.83.69.222:139

urdvxc.exe

156 B
3
67.83.64.131:445

urdvxc.exe

156 B
3
67.83.101.221:139

urdvxc.exe

156 B
3
67.83.62.47:139

urdvxc.exe

156 B
3
67.83.148.70:139

urdvxc.exe

156 B
3
67.83.30.20:445

urdvxc.exe

156 B
3
67.83.55.43:445

urdvxc.exe

156 B
3
67.83.197.78:445

urdvxc.exe

156 B
3
67.83.61.154:139

urdvxc.exe

156 B
3
67.83.195.231:139

urdvxc.exe

156 B
3
67.83.174.129:139

urdvxc.exe

104 B
2
67.83.73.246:445

urdvxc.exe

104 B
2
67.83.69.222:445

urdvxc.exe

104 B
2
67.83.101.221:445

urdvxc.exe

104 B
2
67.83.23.70:139

urdvxc.exe

104 B
2
67.83.62.47:445

urdvxc.exe

52 B
1
67.83.148.70:445

urdvxc.exe

8.8.8.8:53

8.8.8.8.in-addr.arpa

dns

66 B
90 B
1
1

DNS Request

8.8.8.8.in-addr.arpa
8.8.8.8:53

2.136.104.51.in-addr.arpa

dns

71 B
157 B
1
1

DNS Request

2.136.104.51.in-addr.arpa
8.8.8.8:53

1.208.79.178.in-addr.arpa

dns

71 B
116 B
1
1

DNS Request

1.208.79.178.in-addr.arpa
8.8.8.8:53

103.169.127.40.in-addr.arpa

dns

73 B
147 B
1
1

DNS Request

103.169.127.40.in-addr.arpa
8.8.8.8:53

198.187.3.20.in-addr.arpa

dns

71 B
157 B
1
1

DNS Request

198.187.3.20.in-addr.arpa
8.8.8.8:53

69.31.126.40.in-addr.arpa

dns

71 B
157 B
1
1

DNS Request

69.31.126.40.in-addr.arpa
8.8.8.8:53

95.221.229.192.in-addr.arpa

dns

73 B
144 B
1
1

DNS Request

95.221.229.192.in-addr.arpa
8.8.8.8:53

43.58.199.20.in-addr.arpa

dns

71 B
157 B
1
1

DNS Request

43.58.199.20.in-addr.arpa
8.8.8.8:53

9.228.82.20.in-addr.arpa

dns

70 B
156 B
1
1

DNS Request

9.228.82.20.in-addr.arpa
8.8.8.8:53

208.194.73.20.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

208.194.73.20.in-addr.arpa
8.8.8.8:53

126.23.238.8.in-addr.arpa

dns

71 B
125 B
1
1

DNS Request

126.23.238.8.in-addr.arpa
8.8.8.8:53

29.81.57.23.in-addr.arpa

dns

70 B
133 B
1
1

DNS Request

29.81.57.23.in-addr.arpa
8.8.8.8:53

9.57.101.20.in-addr.arpa

dns

70 B
156 B
1
1

DNS Request

9.57.101.20.in-addr.arpa
8.8.8.8:53

1.202.248.87.in-addr.arpa

dns

71 B
116 B
1
1

DNS Request

1.202.248.87.in-addr.arpa
8.8.8.8:53

5.173.189.20.in-addr.arpa

dns

71 B
157 B
1
1

DNS Request

5.173.189.20.in-addr.arpa
8.8.8.8:53

240.221.184.93.in-addr.arpa

dns

73 B
144 B
1
1

DNS Request

240.221.184.93.in-addr.arpa
8.8.8.8:53

26.35.223.20.in-addr.arpa

dns

71 B
157 B
1
1

DNS Request

26.35.223.20.in-addr.arpa
8.8.8.8:53

tse1.mm.bing.net

dns

62 B
173 B
1
1

DNS Request

tse1.mm.bing.net

DNS Response

204.79.197.200

13.107.21.200

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\SysWOW64\urdvxc.exe

Filesize
66KB

MD5
4a6c8db57361c9ad2b091bc8befc6ad0

SHA1
fac346321199e5931c3c0e695490751a8132cfe4

SHA256
a1465a6c79d927b7c539f74712589dbbf17cf6cc49663918a4f20d6c506e9dcd

SHA512
265d6fb3b2fd391ed76af62dfdbea0032886924ae28c38210ec9a8686104305318c978383a0b55aa59bb4b018c8b7978e90b887333caba996161ead58990909e

Download Submit
C:\Windows\SysWOW64\urdvxc.exe

Filesize
66KB

MD5
4a6c8db57361c9ad2b091bc8befc6ad0

SHA1
fac346321199e5931c3c0e695490751a8132cfe4

SHA256
a1465a6c79d927b7c539f74712589dbbf17cf6cc49663918a4f20d6c506e9dcd

SHA512
265d6fb3b2fd391ed76af62dfdbea0032886924ae28c38210ec9a8686104305318c978383a0b55aa59bb4b018c8b7978e90b887333caba996161ead58990909e

Download Submit
C:\Windows\SysWOW64\urdvxc.exe

Filesize
66KB

MD5
4a6c8db57361c9ad2b091bc8befc6ad0

SHA1
fac346321199e5931c3c0e695490751a8132cfe4

SHA256
a1465a6c79d927b7c539f74712589dbbf17cf6cc49663918a4f20d6c506e9dcd

SHA512
265d6fb3b2fd391ed76af62dfdbea0032886924ae28c38210ec9a8686104305318c978383a0b55aa59bb4b018c8b7978e90b887333caba996161ead58990909e

Download Submit
C:\Windows\SysWOW64\urdvxc.exe

Filesize
66KB

MD5
4a6c8db57361c9ad2b091bc8befc6ad0

SHA1
fac346321199e5931c3c0e695490751a8132cfe4

SHA256
a1465a6c79d927b7c539f74712589dbbf17cf6cc49663918a4f20d6c506e9dcd

SHA512
265d6fb3b2fd391ed76af62dfdbea0032886924ae28c38210ec9a8686104305318c978383a0b55aa59bb4b018c8b7978e90b887333caba996161ead58990909e

Download Submit
C:\Windows\SysWOW64\urdvxc.exe

Filesize
66KB

MD5
4a6c8db57361c9ad2b091bc8befc6ad0

SHA1
fac346321199e5931c3c0e695490751a8132cfe4

SHA256
a1465a6c79d927b7c539f74712589dbbf17cf6cc49663918a4f20d6c506e9dcd

SHA512
265d6fb3b2fd391ed76af62dfdbea0032886924ae28c38210ec9a8686104305318c978383a0b55aa59bb4b018c8b7978e90b887333caba996161ead58990909e

Download Submit
memory/1464-6-0x00000000001E0000-0x00000000001FF000-memory.dmp

Filesize
124KB

Download
memory/1464-7-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download
memory/1464-8-0x00000000001E0000-0x00000000001FF000-memory.dmp

Filesize
124KB

Download
memory/1940-29-0x00000000001E0000-0x00000000001FF000-memory.dmp

Filesize
124KB

Download
memory/1940-0-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download
memory/1940-1-0x00000000001E0000-0x00000000001FF000-memory.dmp

Filesize
124KB

Download
memory/3120-10-0x00000000001C0000-0x00000000001DF000-memory.dmp

Filesize
124KB

Download
memory/3132-43-0x0000000000500000-0x000000000051F000-memory.dmp

Filesize
124KB

Download
memory/3132-48-0x0000000000500000-0x000000000051F000-memory.dmp

Filesize
124KB

Download
memory/3132-15-0x0000000000500000-0x000000000051F000-memory.dmp

Filesize
124KB

Download
memory/3132-19-0x0000000000500000-0x000000000051F000-memory.dmp

Filesize
124KB

Download
memory/3132-20-0x0000000000500000-0x000000000051F000-memory.dmp

Filesize
124KB

Download
memory/3132-21-0x0000000000500000-0x000000000051F000-memory.dmp

Filesize
124KB

Download
memory/3132-22-0x0000000000500000-0x000000000051F000-memory.dmp

Filesize
124KB

Download
memory/3132-23-0x0000000000500000-0x000000000051F000-memory.dmp

Filesize
124KB

Download
memory/3132-24-0x0000000000500000-0x000000000051F000-memory.dmp

Filesize
124KB

Download
memory/3132-25-0x0000000000500000-0x000000000051F000-memory.dmp

Filesize
124KB

Download
memory/3132-297-0x0000000000500000-0x000000000051F000-memory.dmp

Filesize
124KB

Download
memory/3132-14-0x0000000000500000-0x000000000051F000-memory.dmp

Filesize
124KB

Download
memory/3132-27-0x0000000000500000-0x000000000051F000-memory.dmp

Filesize
124KB

Download
memory/3132-30-0x0000000000500000-0x000000000051F000-memory.dmp

Filesize
124KB

Download
memory/3132-31-0x0000000000500000-0x000000000051F000-memory.dmp

Filesize
124KB

Download
memory/3132-32-0x0000000000500000-0x000000000051F000-memory.dmp

Filesize
124KB

Download
memory/3132-33-0x0000000000500000-0x000000000051F000-memory.dmp

Filesize
124KB

Download
memory/3132-34-0x0000000000500000-0x000000000051F000-memory.dmp

Filesize
124KB

Download
memory/3132-35-0x0000000000500000-0x000000000051F000-memory.dmp

Filesize
124KB

Download
memory/3132-36-0x0000000000500000-0x000000000051F000-memory.dmp

Filesize
124KB

Download
memory/3132-37-0x0000000000500000-0x000000000051F000-memory.dmp

Filesize
124KB

Download
memory/3132-38-0x0000000000500000-0x000000000051F000-memory.dmp

Filesize
124KB

Download
memory/3132-39-0x0000000000500000-0x000000000051F000-memory.dmp

Filesize
124KB

Download
memory/3132-40-0x0000000000500000-0x000000000051F000-memory.dmp

Filesize
124KB

Download
memory/3132-41-0x0000000000500000-0x000000000051F000-memory.dmp

Filesize
124KB

Download
memory/3132-42-0x0000000000500000-0x000000000051F000-memory.dmp

Filesize
124KB

Download
memory/3132-12-0x0000000000500000-0x000000000051F000-memory.dmp

Filesize
124KB

Download
memory/3132-44-0x0000000000500000-0x000000000051F000-memory.dmp

Filesize
124KB

Download
memory/3132-45-0x0000000000500000-0x000000000051F000-memory.dmp

Filesize
124KB

Download
memory/3132-46-0x0000000000500000-0x000000000051F000-memory.dmp

Filesize
124KB

Download
memory/3132-47-0x0000000000500000-0x000000000051F000-memory.dmp

Filesize
124KB

Download
memory/3132-13-0x0000000000500000-0x000000000051F000-memory.dmp

Filesize
124KB

Download
memory/3132-49-0x0000000000500000-0x000000000051F000-memory.dmp

Filesize
124KB

Download
memory/3132-50-0x0000000000500000-0x000000000051F000-memory.dmp

Filesize
124KB

Download
memory/3132-51-0x0000000000500000-0x000000000051F000-memory.dmp

Filesize
124KB

Download
memory/3132-52-0x0000000000500000-0x000000000051F000-memory.dmp

Filesize
124KB

Download
memory/3132-53-0x0000000000500000-0x000000000051F000-memory.dmp

Filesize
124KB

Download
memory/3132-54-0x0000000000500000-0x000000000051F000-memory.dmp

Filesize
124KB

Download
memory/3132-55-0x0000000000500000-0x000000000051F000-memory.dmp

Filesize
124KB

Download
memory/3132-56-0x0000000000500000-0x000000000051F000-memory.dmp

Filesize
124KB

Download
memory/3132-57-0x0000000000500000-0x000000000051F000-memory.dmp

Filesize
124KB

Download
memory/3132-58-0x0000000000500000-0x000000000051F000-memory.dmp

Filesize
124KB

Download
memory/3132-59-0x0000000000500000-0x000000000051F000-memory.dmp

Filesize
124KB

Download
memory/3132-60-0x0000000000500000-0x000000000051F000-memory.dmp

Filesize
124KB

Download
memory/3132-61-0x0000000000500000-0x000000000051F000-memory.dmp

Filesize
124KB

Download
memory/3132-62-0x0000000000500000-0x000000000051F000-memory.dmp

Filesize
124KB

Download
memory/3132-63-0x0000000000500000-0x000000000051F000-memory.dmp

Filesize
124KB

Download
memory/3132-64-0x0000000000500000-0x000000000051F000-memory.dmp

Filesize
124KB

Download
memory/3132-65-0x0000000000500000-0x000000000051F000-memory.dmp

Filesize
124KB

Download
memory/3132-66-0x0000000000500000-0x000000000051F000-memory.dmp

Filesize
124KB

Download
memory/3132-67-0x0000000000500000-0x000000000051F000-memory.dmp

Filesize
124KB

Download
memory/3132-68-0x0000000000500000-0x000000000051F000-memory.dmp

Filesize
124KB

Download
memory/3132-69-0x0000000000500000-0x000000000051F000-memory.dmp

Filesize
124KB

Download
memory/3132-70-0x0000000000500000-0x000000000051F000-memory.dmp

Filesize
124KB

Download
memory/3132-71-0x0000000000500000-0x000000000051F000-memory.dmp

Filesize
124KB

Download
memory/3132-72-0x0000000000500000-0x000000000051F000-memory.dmp

Filesize
124KB

Download
memory/3132-73-0x0000000000500000-0x000000000051F000-memory.dmp

Filesize
124KB

Download
memory/3132-74-0x0000000000500000-0x000000000051F000-memory.dmp

Filesize
124KB

Download
memory/3132-75-0x0000000000500000-0x000000000051F000-memory.dmp

Filesize
124KB

Download
memory/3132-76-0x0000000000500000-0x000000000051F000-memory.dmp

Filesize
124KB

Download
memory/3132-77-0x0000000000500000-0x000000000051F000-memory.dmp

Filesize
124KB

Download
memory/3132-78-0x0000000000500000-0x000000000051F000-memory.dmp

Filesize
124KB

Download
memory/3132-79-0x0000000000500000-0x000000000051F000-memory.dmp

Filesize
124KB

Download
memory/5088-28-0x00000000001C0000-0x00000000001DF000-memory.dmp

Filesize
124KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Response

HTTP Response

HTTP Response

HTTP Response

HTTP Response

HTTP Request

HTTP Response

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Response

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

We care about your privacy.