Analysis Overview
SHA256
bdfe1c709973c63c6529bbf3acc2dca09aeba233611b1a3e58cbc337dd7f0e77
Threat Level: Known bad
The file 22b200fd33138460f6e97a83894c11e4 was found to be: Known bad.
Malicious Activity Summary
Dridex
Dridex Shellcode
Checks whether UAC is enabled
Unsigned PE
Suspicious behavior: EnumeratesProcesses
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2023-12-31 01:17
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2023-12-31 01:17
Reported
2024-01-01 18:15
Platform
win7-20231215-en
Max time kernel
8s
Max time network
126s
Command Line
Signatures
Dridex
Dridex Shellcode
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Checks whether UAC is enabled
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Windows\system32\rundll32.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\rundll32.exe | N/A |
| N/A | N/A | C:\Windows\system32\rundll32.exe | N/A |
| N/A | N/A | C:\Windows\system32\rundll32.exe | N/A |
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\22b200fd33138460f6e97a83894c11e4.dll,#1
C:\Windows\system32\osk.exe
C:\Windows\system32\osk.exe
C:\Users\Admin\AppData\Local\4T4A\osk.exe
C:\Users\Admin\AppData\Local\4T4A\osk.exe
C:\Windows\system32\xpsrchvw.exe
C:\Windows\system32\xpsrchvw.exe
C:\Users\Admin\AppData\Local\VJj8S3Ok\xpsrchvw.exe
C:\Users\Admin\AppData\Local\VJj8S3Ok\xpsrchvw.exe
C:\Windows\system32\p2phost.exe
C:\Windows\system32\p2phost.exe
C:\Users\Admin\AppData\Local\l5VHKow9\p2phost.exe
C:\Users\Admin\AppData\Local\l5VHKow9\p2phost.exe
Network
Files
memory/2300-0-0x0000000000340000-0x0000000000347000-memory.dmp
memory/2300-1-0x0000000140000000-0x0000000140338000-memory.dmp
memory/1312-4-0x0000000077576000-0x0000000077577000-memory.dmp
memory/1312-5-0x0000000002AF0000-0x0000000002AF1000-memory.dmp
memory/1312-8-0x0000000140000000-0x0000000140338000-memory.dmp
memory/1312-12-0x0000000140000000-0x0000000140338000-memory.dmp
memory/1312-17-0x0000000140000000-0x0000000140338000-memory.dmp
memory/1312-22-0x0000000140000000-0x0000000140338000-memory.dmp
memory/1312-24-0x0000000140000000-0x0000000140338000-memory.dmp
memory/1312-25-0x0000000140000000-0x0000000140338000-memory.dmp
memory/1312-27-0x0000000140000000-0x0000000140338000-memory.dmp
memory/1312-31-0x0000000140000000-0x0000000140338000-memory.dmp
memory/1312-34-0x0000000140000000-0x0000000140338000-memory.dmp
memory/1312-38-0x0000000140000000-0x0000000140338000-memory.dmp
memory/1312-42-0x0000000140000000-0x0000000140338000-memory.dmp
memory/1312-44-0x0000000140000000-0x0000000140338000-memory.dmp
memory/1312-51-0x0000000140000000-0x0000000140338000-memory.dmp
memory/1312-52-0x0000000140000000-0x0000000140338000-memory.dmp
memory/1312-53-0x0000000140000000-0x0000000140338000-memory.dmp
memory/1312-50-0x0000000140000000-0x0000000140338000-memory.dmp
memory/1312-54-0x0000000140000000-0x0000000140338000-memory.dmp
memory/1312-55-0x0000000140000000-0x0000000140338000-memory.dmp
memory/1312-56-0x0000000140000000-0x0000000140338000-memory.dmp
memory/1312-59-0x0000000140000000-0x0000000140338000-memory.dmp
memory/1312-60-0x0000000140000000-0x0000000140338000-memory.dmp
memory/1312-61-0x0000000140000000-0x0000000140338000-memory.dmp
memory/1312-62-0x0000000140000000-0x0000000140338000-memory.dmp
memory/1312-63-0x0000000140000000-0x0000000140338000-memory.dmp
memory/1312-64-0x0000000140000000-0x0000000140338000-memory.dmp
memory/1312-65-0x0000000140000000-0x0000000140338000-memory.dmp
memory/1312-58-0x0000000140000000-0x0000000140338000-memory.dmp
memory/1312-57-0x0000000140000000-0x0000000140338000-memory.dmp
memory/1312-71-0x0000000002AC0000-0x0000000002AC7000-memory.dmp
memory/1312-49-0x0000000140000000-0x0000000140338000-memory.dmp
memory/1312-48-0x0000000140000000-0x0000000140338000-memory.dmp
memory/1312-46-0x0000000140000000-0x0000000140338000-memory.dmp
memory/1312-47-0x0000000140000000-0x0000000140338000-memory.dmp
memory/1312-45-0x0000000140000000-0x0000000140338000-memory.dmp
memory/1312-43-0x0000000140000000-0x0000000140338000-memory.dmp
memory/1312-41-0x0000000140000000-0x0000000140338000-memory.dmp
memory/1312-40-0x0000000140000000-0x0000000140338000-memory.dmp
memory/1312-39-0x0000000140000000-0x0000000140338000-memory.dmp
memory/1312-37-0x0000000140000000-0x0000000140338000-memory.dmp
memory/1312-36-0x0000000140000000-0x0000000140338000-memory.dmp
memory/1312-35-0x0000000140000000-0x0000000140338000-memory.dmp
memory/1312-33-0x0000000140000000-0x0000000140338000-memory.dmp
memory/1312-32-0x0000000140000000-0x0000000140338000-memory.dmp
memory/1312-30-0x0000000140000000-0x0000000140338000-memory.dmp
memory/1312-29-0x0000000140000000-0x0000000140338000-memory.dmp
memory/1312-28-0x0000000140000000-0x0000000140338000-memory.dmp
memory/1312-26-0x0000000140000000-0x0000000140338000-memory.dmp
memory/1312-23-0x0000000140000000-0x0000000140338000-memory.dmp
memory/1312-21-0x0000000140000000-0x0000000140338000-memory.dmp
memory/1312-20-0x0000000140000000-0x0000000140338000-memory.dmp
memory/1312-19-0x0000000140000000-0x0000000140338000-memory.dmp
memory/1312-18-0x0000000140000000-0x0000000140338000-memory.dmp
memory/1312-79-0x0000000077681000-0x0000000077682000-memory.dmp
memory/1312-16-0x0000000140000000-0x0000000140338000-memory.dmp
memory/1312-15-0x0000000140000000-0x0000000140338000-memory.dmp
memory/1312-14-0x0000000140000000-0x0000000140338000-memory.dmp
memory/1312-13-0x0000000140000000-0x0000000140338000-memory.dmp
memory/1312-80-0x00000000777E0000-0x00000000777E2000-memory.dmp
memory/1312-11-0x0000000140000000-0x0000000140338000-memory.dmp
memory/1312-10-0x0000000140000000-0x0000000140338000-memory.dmp
memory/1312-9-0x0000000140000000-0x0000000140338000-memory.dmp
memory/2300-7-0x0000000140000000-0x0000000140338000-memory.dmp
C:\Users\Admin\AppData\Local\4T4A\osk.exe
| MD5 | cbbaf202fbf1b2933fe2e757e4999acb |
| SHA1 | e8bf1f6ee44a5e344e3707b48001b7583f5b0e75 |
| SHA256 | 89bf6ace53974e3a014dac5105d88c0723e7ccab24acf7bd148cd182fc73a97b |
| SHA512 | b30b1c5849f60f9d17e1e4ed7c341ba4b7a83ddca8720bd7cc7baa1fa6daf77d09ed68c938eac070170cd1b57d95f3813c5a374d4f66d647c7e54415609ac125 |
C:\Users\Admin\AppData\Local\4T4A\WMsgAPI.dll
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
\Users\Admin\AppData\Local\4T4A\osk.exe
| MD5 | f7e568949ac4a72e9d0b038617c8035f |
| SHA1 | f9bc41107838fc40dadf10f01388825c24fda806 |
| SHA256 | d90121bc7dbc21669ee872b2758620e323c99fc566ae65aaa4264379cd532bf6 |
| SHA512 | 4cea4950f15b00130bc70f0221711253897a63285fdc48cbc1b030dffa988e481b0642b04ff75e284908dbdfcdac2f51ea14e9b396c3ebff1d9e749186b7401c |
\Users\Admin\AppData\Local\4T4A\WMsgAPI.dll
| MD5 | fa20d775b9d6aa59fb52cbaabbc1f43a |
| SHA1 | 72246446728adc113dc0eaff14b307bd3c163296 |
| SHA256 | c6b583f10dd4d0e9bfa3a1cc8845d5275af2fcab26f99397cdea8924f6969679 |
| SHA512 | 4482042cce08fdc6d7c6c94a23bfe719e69a16f0d5fa3302ddeae9b7f30eb9093254a92b3cb0bfd3fb350b3cc6df14527279168e7a9251d0afd050d9d5c78f23 |
memory/1532-107-0x0000000000100000-0x0000000000107000-memory.dmp
C:\Users\Admin\AppData\Local\4T4A\osk.exe
| MD5 | 1648421a1a4c2d08d2096de85c7f1d8a |
| SHA1 | 47b71bafe3f54aa163f87cb40d290bb88d2fd0d4 |
| SHA256 | 4cb1a0e1e84b152736b4f5791b296f6526b85e93fdec473e8f63a2dc3f31d097 |
| SHA512 | 46945dabe49543d2673f417a3dee868a62b7479e1073d80f58fbacf0d5f8ad237973b191350a2b59171d2120f54439d8883bbcf2fdda2d29b6045d9a09e77b1c |
\Users\Admin\AppData\Local\VJj8S3Ok\xpsrchvw.exe
| MD5 | 083367dd86f7a27e42e6be0946ea9473 |
| SHA1 | 361c55205d32c43fcb58b68128cc56d60ec387f7 |
| SHA256 | cc0f3d91931d77961c5c11a0e4a6a00634ac37ae1cdae6b90e1432d92a2147b0 |
| SHA512 | 84801ab539891588154debb83e4e2c7100c0fdb283b4d136e5e7d8f09c0e0d77ce7eb64612e78677611af673ec9dc460ab47ddd644bbb62ab1ea71b9141ab915 |
C:\Users\Admin\AppData\Local\VJj8S3Ok\WINMM.dll
| MD5 | 4ef8ef8f41871a9c0489b003e72b124a |
| SHA1 | fcd51a2d15366c64c0d9767de0870c2d7a6a8661 |
| SHA256 | 2e23baeb51d62aa8e7aa02153666e010a8b5faae1c095d063b711df82d484f94 |
| SHA512 | ae7e535114fad7936ef54674e26ede56a33af59cffe86452c3caa22c8fc5c8f73be15f4788b1948564d187ea78b8e16ac7f018b74b0d2b5ce25e64945cca2804 |
\Users\Admin\AppData\Local\VJj8S3Ok\WINMM.dll
| MD5 | f01ab61fe1631276d828bc947dafce40 |
| SHA1 | ecf463b5fafac9d42f8366c0fc3713a55a8f1e95 |
| SHA256 | 7f329604c41bfaa95725a6a429ab08930cda336ba20b6f0c590999c30d9deeb9 |
| SHA512 | 69836f9208eb449c06f8d90b2ed45adcd52f3a23065d7af8f39559c4442273fe7ec7513a4620a9963c6f1c066cfe26d54b0ed3763fd2654a03cfcadb7cbef25c |
memory/1372-131-0x0000000001B50000-0x0000000001B57000-memory.dmp
C:\Users\Admin\AppData\Local\VJj8S3Ok\xpsrchvw.exe
| MD5 | 01590e08d0ef7645601146b6ada7217d |
| SHA1 | 31c154626a6df8b177eb1d7e4849f25e7bbd7fdc |
| SHA256 | 1815c24f0e545e0cd9d9c2d23a6cd00ba7fd87c08472911747ebfd89a6576458 |
| SHA512 | 4367d2028cce8d59c6ba8c2df6045a0d0c3b7b889a7749e55b9be36346742316d90951552f316187ff64a43985ffb86a25d3b304faa60c918c9c75a1a3579c98 |
C:\Users\Admin\AppData\Local\VJj8S3Ok\xpsrchvw.exe
| MD5 | e8d7434c7be81f2df6ca6026f642ed0b |
| SHA1 | 223078014ba5dc170e7c2133ca796e8b02f3fd07 |
| SHA256 | 9eca0ea757c17b5f8cfc2e29cefce881f20b75c0e95a6576c5c60fbce0e0fc6e |
| SHA512 | e48eb42cd2710dd64afd41e9f79af91b69acf3214a5da88ffa00ae4217e126f18ebf291c5c42b347c688ae640e6c85c9c084e7ed8d91ee501227aa3ded7ae831 |
\Users\Admin\AppData\Local\l5VHKow9\p2phost.exe
| MD5 | 9bcca34518fcf378338ffb192c5a0e34 |
| SHA1 | 6520196e53c1767518000e3c37e1f155062ddff3 |
| SHA256 | ccb852783cf1b97379cf177ee793b5e98ebae73ab3959cd4736f5e18e0e5f249 |
| SHA512 | 0a4ed7866072565cd1b82d37481bcf3dab9dfbedc752b0656ac76ca1fd23d93205de8615e4945551f84b8bc2e957d3e9a185b68524221b7fbe2014eda5368d9f |
\Users\Admin\AppData\Local\l5VHKow9\P2PCOLLAB.dll
| MD5 | 1e6ad5a8ec9f7dcc813e568b70ac1d4a |
| SHA1 | 4b1b3d42339d0c1a49a5ee4d09a2b1b15d5bcba8 |
| SHA256 | ecf522380401e54cd4a6c3e07f6ca880cb0be3f456fd24ecfe562d59e2671dab |
| SHA512 | 2bf79ed62ce196b4f367edbf08c01515629c293a3fc2471ea604e5426af3cf9b283fdd9674f0c4910418b51e11b9c58beb99a3e49872d91e5ca1ac54fd099ba9 |
C:\Users\Admin\AppData\Local\l5VHKow9\P2PCOLLAB.dll
| MD5 | 74c57350e39baee3e31975149f6f392b |
| SHA1 | 0f613c8d4d620633a14e02a9651214430272c490 |
| SHA256 | 5475d5828245c71a61f066e627dfd92c0193259b0de8193389b2d4b8d2f97516 |
| SHA512 | e582be9cc44a0c3af3c91544223d19cc09a272ff58bea49724b931a01818d27343bd2cbd577f34f9c7b0e021b5952d1d861b717ffd7ddc5508437df0445195ba |
C:\Users\Admin\AppData\Local\l5VHKow9\p2phost.exe
| MD5 | 318ecc4995f322b1154dc5bb790ed8d9 |
| SHA1 | a0b825952e82786ed314784d41e75f7da2f74abd |
| SHA256 | 8ed7e0f1616f41820f34a9228eb3c6ea7f49fa06a2b86de23213300fb9ad3185 |
| SHA512 | ebe58d7fb6dd969c0a25092b15d5cd33a805f3b046da43652a49bec14501bf54e7d90f6106e76398e3631e383676a8712e7d841cd7ebf681ed762ebdf04c07d1 |
C:\Users\Admin\AppData\Local\l5VHKow9\p2phost.exe
| MD5 | 01ef80a59cc4b9a0a832469b2304e593 |
| SHA1 | ef06440cc44a2dbf6dc1dcd7acd37b9a67ebd9a0 |
| SHA256 | 26f9ab76ea736ca7a3ed432163017f094b7fe35d99fb9bb1f42e512f4df2469b |
| SHA512 | ac7ff2ae296104c8c582536bbaf8c6b8a0261e8eb999db6512a235d3bbb05f20d244002c7ed7ea9e8611222226a7eb627b5269796e72df6c9be86557d7eb5356 |
\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\ZFwWO7XPcRQ\p2phost.exe
| MD5 | 4eb43925fe1fb3e943aca3fef86b00c6 |
| SHA1 | df0e96f4666a62e44f4eb2e410ece5ff63334068 |
| SHA256 | 0643e75d4d44971d5d54c3680140f2b0415e984f1869151f46d158f73ff188bd |
| SHA512 | 7fc5c59c62bf08547884695f7aef21aa43082120fc9ebe4c12d96e795db1dc492dbce878057e8293cb338be5a0bf0a5fb739493d28db10e096f4be4d1a072872 |
C:\Users\Admin\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Zrkibbhbsqvuoso.lnk
| MD5 | 110afdbd8c5ab606766e4a4d645a0860 |
| SHA1 | c01309af115d3d0e2fe87844187f37db12a04151 |
| SHA256 | 749b23228f695ea20ad06f92d2cbac545ded06167ad9c1dbc5e154b178403f09 |
| SHA512 | 173ce0d0e95776358a4ae678a59159787b0930523de480928443925e0395a4cc752f98148d1fa024c655364c61550e4535ee8f72b25756966a7ba48add496618 |
C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\3joFc\WMsgAPI.dll
| MD5 | 9dcdcd19ddf38f7400b7beb3b2560e20 |
| SHA1 | 2129d0d24d56d41f6d19737e806f1716ae9c3a5e |
| SHA256 | c2836d93de108ec19e26112468f7c3ea580679c56139502279ea56d4c5e3f4ba |
| SHA512 | f8acb1261cd56d92b44b49b53271c8d8472f0959e43c02dbcf7b2cf7acd05a8f929205e0014d3705c29f44a00ae04b6ce0e515c0999988681ab9903f9c71332d |
C:\Users\Admin\AppData\Roaming\Adobe\Flash Player\NativeCache\kEbejuc\WINMM.dll
| MD5 | d6adbba17ac8e2df96e0267ab12dc007 |
| SHA1 | b800f8cd7a5b10b9af5c052e38b42ba5ad7aa4c4 |
| SHA256 | 018999f71f723041e226b976048a3ad6770965fe0a6e370af61446f013c19ca0 |
| SHA512 | 9b7b54304df92465a4a09173c4c07b3b4a5d7a79b1fb90377e5f14f7003debe2061a3da5cd63901a0a9adce683449635ad92c249f2d0cc12e5aeb66fe3f724a2 |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\ZFwWO7XPcRQ\P2PCOLLAB.dll
| MD5 | 0075a860458385fe2d4a731aa362b518 |
| SHA1 | 06e7cdc3d4e35234212cac5a391c461271bf0f4e |
| SHA256 | 32de26a2f976310dc63670cb374f5d7eca17e489bce0293e4439320abf3271cf |
| SHA512 | 9639ba33f3b3ec7dc1610b460cb1b740a12a9e5a45c49090c3979dc7f38a798a912b72853b8569134bfcb965bba08a481b1198c0291dc7cbce2256282360f25c |
Analysis: behavioral2
Detonation Overview
Submitted
2023-12-31 01:17
Reported
2024-01-01 18:15
Platform
win10v2004-20231215-en
Max time kernel
26s
Max time network
155s
Command Line
Signatures
Dridex
Dridex Shellcode
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Checks whether UAC is enabled
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Windows\system32\rundll32.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\rundll32.exe | N/A |
| N/A | N/A | C:\Windows\system32\rundll32.exe | N/A |
| N/A | N/A | C:\Windows\system32\rundll32.exe | N/A |
| N/A | N/A | C:\Windows\system32\rundll32.exe | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\22b200fd33138460f6e97a83894c11e4.dll,#1
C:\Windows\system32\Magnify.exe
C:\Windows\system32\Magnify.exe
C:\Users\Admin\AppData\Local\FsZCMH\Magnify.exe
C:\Users\Admin\AppData\Local\FsZCMH\Magnify.exe
C:\Windows\system32\MusNotificationUx.exe
C:\Windows\system32\MusNotificationUx.exe
C:\Users\Admin\AppData\Local\DhcG3Ad\MusNotificationUx.exe
C:\Users\Admin\AppData\Local\DhcG3Ad\MusNotificationUx.exe
C:\Windows\system32\Narrator.exe
C:\Windows\system32\Narrator.exe
C:\Windows\system32\sigverif.exe
C:\Windows\system32\sigverif.exe
C:\Users\Admin\AppData\Local\SsILNfZ\Narrator.exe
C:\Users\Admin\AppData\Local\SsILNfZ\Narrator.exe
C:\Users\Admin\AppData\Local\q3Z6GedT\sigverif.exe
C:\Users\Admin\AppData\Local\q3Z6GedT\sigverif.exe
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 83.177.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 59.128.231.4.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 0.205.248.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.154.82.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 57.110.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 86.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 84.177.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 171.39.242.20.in-addr.arpa | udp |
| US | 138.91.171.81:80 | tcp | |
| US | 8.8.8.8:53 | 53.179.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 67.179.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 183.1.37.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 56.179.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 119.110.54.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 55.179.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 32.134.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 209.178.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 217.135.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.173.189.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.178.17.96.in-addr.arpa | udp |
Files
memory/4392-1-0x0000000140000000-0x0000000140338000-memory.dmp
memory/4392-0-0x00000246A02C0000-0x00000246A02C7000-memory.dmp
memory/3372-7-0x00007FFCE63DA000-0x00007FFCE63DB000-memory.dmp
memory/3372-9-0x0000000140000000-0x0000000140338000-memory.dmp
memory/3372-12-0x0000000140000000-0x0000000140338000-memory.dmp
memory/3372-14-0x0000000140000000-0x0000000140338000-memory.dmp
memory/3372-17-0x0000000140000000-0x0000000140338000-memory.dmp
memory/3372-19-0x0000000140000000-0x0000000140338000-memory.dmp
memory/3372-21-0x0000000140000000-0x0000000140338000-memory.dmp
memory/3372-22-0x0000000140000000-0x0000000140338000-memory.dmp
memory/3372-23-0x0000000140000000-0x0000000140338000-memory.dmp
memory/3372-26-0x0000000140000000-0x0000000140338000-memory.dmp
memory/3372-29-0x0000000140000000-0x0000000140338000-memory.dmp
memory/3372-31-0x0000000140000000-0x0000000140338000-memory.dmp
memory/3372-34-0x0000000140000000-0x0000000140338000-memory.dmp
memory/3372-36-0x0000000140000000-0x0000000140338000-memory.dmp
memory/3372-38-0x0000000140000000-0x0000000140338000-memory.dmp
memory/3372-41-0x0000000140000000-0x0000000140338000-memory.dmp
memory/3372-42-0x0000000140000000-0x0000000140338000-memory.dmp
memory/3372-45-0x0000000140000000-0x0000000140338000-memory.dmp
memory/3372-48-0x0000000140000000-0x0000000140338000-memory.dmp
memory/3372-50-0x0000000140000000-0x0000000140338000-memory.dmp
memory/3372-54-0x0000000140000000-0x0000000140338000-memory.dmp
memory/3372-56-0x0000000140000000-0x0000000140338000-memory.dmp
memory/3372-59-0x0000000140000000-0x0000000140338000-memory.dmp
memory/3372-61-0x0000000140000000-0x0000000140338000-memory.dmp
memory/3372-60-0x0000000140000000-0x0000000140338000-memory.dmp
memory/3372-62-0x0000000140000000-0x0000000140338000-memory.dmp
memory/3372-65-0x0000000140000000-0x0000000140338000-memory.dmp
memory/3372-64-0x0000000140000000-0x0000000140338000-memory.dmp
memory/3372-70-0x00000000024E0000-0x00000000024E7000-memory.dmp
memory/3372-63-0x0000000140000000-0x0000000140338000-memory.dmp
memory/3372-58-0x0000000140000000-0x0000000140338000-memory.dmp
memory/3372-57-0x0000000140000000-0x0000000140338000-memory.dmp
memory/3372-55-0x0000000140000000-0x0000000140338000-memory.dmp
memory/3372-52-0x0000000140000000-0x0000000140338000-memory.dmp
memory/3372-53-0x0000000140000000-0x0000000140338000-memory.dmp
memory/3372-51-0x0000000140000000-0x0000000140338000-memory.dmp
memory/3372-49-0x0000000140000000-0x0000000140338000-memory.dmp
memory/3372-47-0x0000000140000000-0x0000000140338000-memory.dmp
memory/3372-46-0x0000000140000000-0x0000000140338000-memory.dmp
memory/3372-44-0x0000000140000000-0x0000000140338000-memory.dmp
memory/3372-43-0x0000000140000000-0x0000000140338000-memory.dmp
memory/3372-40-0x0000000140000000-0x0000000140338000-memory.dmp
memory/3372-39-0x0000000140000000-0x0000000140338000-memory.dmp
memory/3372-37-0x0000000140000000-0x0000000140338000-memory.dmp
memory/3372-35-0x0000000140000000-0x0000000140338000-memory.dmp
memory/3372-33-0x0000000140000000-0x0000000140338000-memory.dmp
memory/3372-32-0x0000000140000000-0x0000000140338000-memory.dmp
memory/3372-30-0x0000000140000000-0x0000000140338000-memory.dmp
memory/3372-28-0x0000000140000000-0x0000000140338000-memory.dmp
memory/3372-27-0x0000000140000000-0x0000000140338000-memory.dmp
memory/3372-24-0x0000000140000000-0x0000000140338000-memory.dmp
memory/3372-25-0x0000000140000000-0x0000000140338000-memory.dmp
memory/3372-20-0x0000000140000000-0x0000000140338000-memory.dmp
memory/3372-18-0x0000000140000000-0x0000000140338000-memory.dmp
memory/3372-16-0x0000000140000000-0x0000000140338000-memory.dmp
memory/3372-15-0x0000000140000000-0x0000000140338000-memory.dmp
memory/3372-13-0x0000000140000000-0x0000000140338000-memory.dmp
memory/3372-11-0x0000000140000000-0x0000000140338000-memory.dmp
memory/3372-10-0x0000000140000000-0x0000000140338000-memory.dmp
memory/3372-8-0x0000000140000000-0x0000000140338000-memory.dmp
memory/3372-6-0x0000000140000000-0x0000000140338000-memory.dmp
memory/3372-4-0x0000000002520000-0x0000000002521000-memory.dmp
memory/3372-80-0x00007FFCE6580000-0x00007FFCE6590000-memory.dmp
C:\Users\Admin\AppData\Local\FsZCMH\OLEACC.dll
| MD5 | 156da998bd801189b83966f192719696 |
| SHA1 | ab357c84e45410c1e32d47a3204af13b81006cc0 |
| SHA256 | cdccf2e3735397bed3a174a3b3226af8b7d0cba94ec7df88467689c87f2e6ec2 |
| SHA512 | 8f767acfb6ec6295a85e0e14c09c1054b6a7f5470a54844a22f93bf1eed8dd9bee30deb12d84bc35b9e66fb67666c79cf71b69b2e29ed64cf32bfae37f4e51fd |
memory/996-100-0x000001EA98200000-0x000001EA98207000-memory.dmp
C:\Users\Admin\AppData\Local\FsZCMH\OLEACC.dll
| MD5 | 56ea2f9fca2be0c99022ec2a83ab604e |
| SHA1 | 2134f9c3ad7d2b1fcfb20d8ce12342a73c9f1801 |
| SHA256 | d7bf51e71e721abfcb408dfba5b5eee2d11a790ccbfe495aaef9449a0d1454dc |
| SHA512 | f276a175302702e02cbf9c2f535c63d3034db68994cee02bc2327aef7793e1e618da376ae9dca25398f4d3b403378e5eb73225e7cc501ee2bc247cc6196509a3 |
C:\Users\Admin\AppData\Local\FsZCMH\Magnify.exe
| MD5 | ac5117faa36caa3f71dd0574b117477a |
| SHA1 | 85fab77fe234788d706239693b446fbe44d3b9a2 |
| SHA256 | 3798d9a19f82173b0e9e0b45ad059e7a17e03c7240c126e84cb0d1609a4375c9 |
| SHA512 | 69e24ad2bf03564d3b279ea213cf8893870303600c78f822ff538867abdea9c76805759505b030a6f6f81fd53354ca2d35e916ab1523a9b6698526b19a9d8fe4 |
C:\Users\Admin\AppData\Local\FsZCMH\Magnify.exe
| MD5 | f018299c386965c0192b369421f9b877 |
| SHA1 | 9d58ef48bb04c913d4c64d69324e9589285f5762 |
| SHA256 | d0e5efc4b69e8efac61f59b975d58f4a72537663129b17846bb7d0c6d090203a |
| SHA512 | 1780df6c704ab3c0950efe9d78461020d8ef0d39ad799c0b2f3c090c0c0d8f573599ac30d4c70c2e19c3efe9f18b64b65b525bf83b8fc8cf4548b4c144a9888c |
C:\Users\Admin\AppData\Local\DhcG3Ad\XmlLite.dll
| MD5 | a8e1cb6c7660874c181f733f3fcea15a |
| SHA1 | 374c60fca282e1f7f3be3a7467c3c3d274648657 |
| SHA256 | 35fc667efbfa837fe95778a41dd99b25bafdb94dfddd6ad2e62061bb4caa6bd7 |
| SHA512 | 4f2cfa36f94029b609abf34e6dd546da5103fbaaaf9481533bbe935cb9607fe069b1f86bff8c7de5707955308ecae1f40f4ab88874cb275334ee207045c407db |
C:\Users\Admin\AppData\Local\DhcG3Ad\XmlLite.dll
| MD5 | 381dea19d8b14bf7681496dbfdb2fec6 |
| SHA1 | b333f2e31c987016bc50c653fa4376fa753f6368 |
| SHA256 | 43d2db46a8010d46eea13755f3df902d55208709ffe308897753a596b5d1d25b |
| SHA512 | 83de8db6d8686b6848f117dcaf18a776c8fd8973684ad911fee63e4363d93b1c2802e0f784f15b4e9b51fdee1e2ae47c9e1b76bab728ae12aab68738aea4925e |
memory/4452-117-0x000001DEF2B10000-0x000001DEF2B17000-memory.dmp
C:\Users\Admin\AppData\Local\DhcG3Ad\MusNotificationUx.exe
| MD5 | 5879a4eb696bf53dc80732fc19b9a436 |
| SHA1 | b926eeb81bdefffe10f3d2a230cabda076452366 |
| SHA256 | b1cce1df3febb185d54029e570adf7d78062fce936679a5a7b6eff60e966b6f7 |
| SHA512 | bf30880dc5ae4d9743469519140fcd9ab1ebb5e3cb3b0915bf5fd0b08ebf7d9e8b74926d4307278641aa61afee75405cf46db4dd68a1c22b44149cc4c864af09 |
C:\Users\Admin\AppData\Local\DhcG3Ad\MusNotificationUx.exe
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
memory/2360-142-0x000001D8458B0000-0x000001D8458B7000-memory.dmp
C:\Users\Admin\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Gvhynkxuzozqjys.lnk
| MD5 | f8a8b1b5c6ea00a106bf588a59477d70 |
| SHA1 | 76f9bd72cdb460f67ddc67271f80eb5456a8cc39 |
| SHA256 | 654b39a77d153254cbbe28857359a9973b40d5f49a68678f846b14f9e3c35579 |
| SHA512 | c6ac8a147461c1077d5626babb34f881428fd022d8803a75c894add332463a177249fe9bdc7789e2e9f0680d54deaee42cb5ccf691b565b6303747a6ce16cdc6 |
C:\Users\Admin\AppData\Roaming\Microsoft\Protect\S-1-5-21-983843758-932321429-1636175382-1000\3c08\OLEACC.dll
| MD5 | f40010eaf18fc13cf6649cad8b0d2a86 |
| SHA1 | 2e8a55d244db710e8962cdc2667071bdd11dd4ef |
| SHA256 | 069520011e5df3413e362e70da6025308fcff7e5944bf451be63f5727e46a338 |
| SHA512 | 39a08c53b775c28fe0be4abb70803a544b823da218a79c6b6cf365256d00951468f4b488985e166f0da2f6e04e7781c296834649fee5e3d8b71d256255f102a0 |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\1rBGiGpaWL\XmlLite.dll
| MD5 | 4156d18954b383a6dfbc7a56ab554375 |
| SHA1 | 2643586fb75b633bfbfb7bcecd0f460d3e4b7e08 |
| SHA256 | 634c0b9d1a06191e6e1341c395e39f5aa6365552b781cb1705be127f607ab7c1 |
| SHA512 | eb528164b80b598cf33271ab0ac34dacf62d56cfee208280689b078b98814de26eb90dabfdbf57d907303edf431953bd7a85f313131422a8a99dfce29111f473 |
C:\Users\Admin\AppData\Roaming\Mozilla\LUeieo\VERSION.dll
| MD5 | 6a56f61a140bddaf228da5228944ac4b |
| SHA1 | 6f0c3a6689794c702451e43eb94b5798e9b4fa77 |
| SHA256 | 81c9d846c474580e050c05b335981bb9d00f9fa7b7de63c5a973af90a1a760e8 |
| SHA512 | e9a74d4f6db963d960b8b16b86903728f8fede3d069bc45927020afd54f924dfb8ee4e290f80be7b2f7b0a5bf29834c88a789620a04cba6abd88ba0d2c009b54 |