Analysis Overview
SHA256
567c4101aa7ad812b7bd42d87a5ba7d9c4f82dd7096daa7b079cfa70649dec2e
Threat Level: Known bad
The file Keygen Xdecoder.exe was found to be: Known bad.
Malicious Activity Summary
njRAT/Bladabindi
Executes dropped EXE
Loads dropped DLL
Drops startup file
Adds Run key to start application
Suspicious use of NtSetInformationThreadHideFromDebugger
Drops file in Windows directory
Unsigned PE
Enumerates physical storage devices
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Suspicious use of SetWindowsHookEx
Views/modifies file attributes
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-01-27 13:39
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-01-27 13:39
Reported
2024-01-27 14:04
Platform
win7-20231215-en
Max time kernel
1200s
Max time network
1200s
Command Line
Signatures
njRAT/Bladabindi
Drops startup file
| Description | Indicator | Process | Target |
| File created | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Windows.lnk | C:\Users\Admin\AppData\Local\Temp\paylod.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Windows.lnk | C:\Windows\svchost.exe | N/A |
| File created | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Windows.exe | C:\Windows\svchost.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Windows.exe | C:\Windows\svchost.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\paylod.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Keygen (2).exe | N/A |
| N/A | N/A | C:\Windows\svchost.exe | N/A |
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Keygen Xdecoder.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Keygen Xdecoder.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Keygen Xdecoder.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Keygen Xdecoder.exe | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Windows = "C:\\Users\\Admin\\AppData\\Roaming\\Microsoft\\Windows\\Templates\\Windows.URL" | C:\Windows\svchost.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Windows\CurrentVersion\Run\Windows2 = "C:\\Windows\\svchost.exe" | C:\Users\Admin\AppData\Local\Temp\paylod.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Windows\CurrentVersion\Run\Windows2 = "C:\\Users\\Admin\\AppData\\Roaming\\Microsoft\\Windows\\Templates\\Windows.URL" | C:\Windows\svchost.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Windows2 = "C:\\Users\\Admin\\AppData\\Roaming\\Microsoft\\Windows\\Templates\\Windows.URL" | C:\Windows\svchost.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Windows\CurrentVersion\Run\Windows = "C:\\Users\\Admin\\AppData\\Roaming\\Microsoft\\Windows\\Templates\\Windows.URL" | C:\Windows\svchost.exe | N/A |
Suspicious use of NtSetInformationThreadHideFromDebugger
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Keygen Xdecoder.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\svchost.exe | C:\Users\Admin\AppData\Local\Temp\paylod.exe | N/A |
| File opened for modification | C:\Windows\svchost.exe | C:\Windows\SysWOW64\attrib.exe | N/A |
Enumerates physical storage devices
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Keygen Xdecoder.exe | N/A |
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Keygen (2).exe | N/A |
| N/A | N/A | C:\Windows\svchost.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Windows\svchost.exe | N/A |
| Token: 33 | N/A | C:\Windows\svchost.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\svchost.exe | N/A |
| Token: 33 | N/A | C:\Windows\svchost.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\svchost.exe | N/A |
| Token: 33 | N/A | C:\Windows\svchost.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\svchost.exe | N/A |
| Token: 33 | N/A | C:\Windows\svchost.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\svchost.exe | N/A |
| Token: 33 | N/A | C:\Windows\svchost.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\svchost.exe | N/A |
| Token: 33 | N/A | C:\Windows\svchost.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\svchost.exe | N/A |
| Token: 33 | N/A | C:\Windows\svchost.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\svchost.exe | N/A |
| Token: 33 | N/A | C:\Windows\svchost.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\svchost.exe | N/A |
| Token: 33 | N/A | C:\Windows\svchost.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\svchost.exe | N/A |
| Token: 33 | N/A | C:\Windows\svchost.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\svchost.exe | N/A |
| Token: 33 | N/A | C:\Windows\svchost.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\svchost.exe | N/A |
| Token: 33 | N/A | C:\Windows\svchost.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\svchost.exe | N/A |
| Token: 33 | N/A | C:\Windows\svchost.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\svchost.exe | N/A |
| Token: 33 | N/A | C:\Windows\svchost.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\svchost.exe | N/A |
| Token: 33 | N/A | C:\Windows\svchost.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\svchost.exe | N/A |
| Token: 33 | N/A | C:\Windows\svchost.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\svchost.exe | N/A |
| Token: 33 | N/A | C:\Windows\svchost.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\svchost.exe | N/A |
| Token: 33 | N/A | C:\Windows\svchost.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\svchost.exe | N/A |
| Token: 33 | N/A | C:\Windows\svchost.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\svchost.exe | N/A |
| Token: 33 | N/A | C:\Windows\svchost.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\svchost.exe | N/A |
| Token: 33 | N/A | C:\Windows\svchost.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\svchost.exe | N/A |
| Token: 33 | N/A | C:\Windows\svchost.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\svchost.exe | N/A |
| Token: 33 | N/A | C:\Windows\svchost.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\svchost.exe | N/A |
| Token: 33 | N/A | C:\Windows\svchost.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\svchost.exe | N/A |
| Token: 33 | N/A | C:\Windows\svchost.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\svchost.exe | N/A |
| Token: 33 | N/A | C:\Windows\svchost.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\svchost.exe | N/A |
| Token: 33 | N/A | C:\Windows\svchost.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\svchost.exe | N/A |
| Token: 33 | N/A | C:\Windows\svchost.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\svchost.exe | N/A |
| Token: 33 | N/A | C:\Windows\svchost.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\svchost.exe | N/A |
| Token: 33 | N/A | C:\Windows\svchost.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\svchost.exe | N/A |
| Token: 33 | N/A | C:\Windows\svchost.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\svchost.exe | N/A |
| Token: 33 | N/A | C:\Windows\svchost.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Keygen Xdecoder.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Keygen (2).exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Keygen (2).exe | N/A |
Suspicious use of WriteProcessMemory
Views/modifies file attributes
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\attrib.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\Keygen Xdecoder.exe
"C:\Users\Admin\AppData\Local\Temp\Keygen Xdecoder.exe"
C:\Users\Admin\AppData\Local\Temp\Keygen (2).exe
"C:\Users\Admin\AppData\Local\Temp\Keygen (2).exe"
C:\Users\Admin\AppData\Local\Temp\paylod.exe
"C:\Users\Admin\AppData\Local\Temp\paylod.exe"
C:\Windows\svchost.exe
"C:\Windows\svchost.exe"
C:\Windows\SysWOW64\attrib.exe
attrib +h +r +s "C:\Windows\svchost.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | ecutuning.ddns.net | udp |
| DZ | 105.105.91.157:11560 | ecutuning.ddns.net | tcp |
| DZ | 105.105.91.157:11560 | ecutuning.ddns.net | tcp |
| DZ | 105.105.91.157:11560 | ecutuning.ddns.net | tcp |
| DZ | 105.105.91.157:11560 | ecutuning.ddns.net | tcp |
| DZ | 105.105.91.157:11560 | ecutuning.ddns.net | tcp |
| DZ | 105.105.91.157:11560 | ecutuning.ddns.net | tcp |
| DZ | 105.105.91.157:11560 | ecutuning.ddns.net | tcp |
| DZ | 105.105.91.157:11560 | ecutuning.ddns.net | tcp |
| DZ | 105.105.91.157:11560 | ecutuning.ddns.net | tcp |
| DZ | 105.105.91.157:11560 | ecutuning.ddns.net | tcp |
| DZ | 105.105.91.157:11560 | ecutuning.ddns.net | tcp |
| DZ | 105.105.91.157:11560 | ecutuning.ddns.net | tcp |
| DZ | 105.105.91.157:11560 | ecutuning.ddns.net | tcp |
| DZ | 105.105.91.157:11560 | ecutuning.ddns.net | tcp |
| DZ | 105.105.91.157:11560 | ecutuning.ddns.net | tcp |
| US | 8.8.8.8:53 | ecutuning.ddns.net | udp |
| DZ | 105.105.91.157:11560 | ecutuning.ddns.net | tcp |
| DZ | 105.105.91.157:11560 | ecutuning.ddns.net | tcp |
| DZ | 105.105.91.157:11560 | ecutuning.ddns.net | tcp |
| DZ | 105.105.91.157:11560 | ecutuning.ddns.net | tcp |
| DZ | 105.105.91.157:11560 | ecutuning.ddns.net | tcp |
| DZ | 105.105.91.157:11560 | ecutuning.ddns.net | tcp |
| DZ | 105.105.91.157:11560 | ecutuning.ddns.net | tcp |
| DZ | 105.105.91.157:11560 | ecutuning.ddns.net | tcp |
| DZ | 105.105.91.157:11560 | ecutuning.ddns.net | tcp |
| DZ | 105.105.91.157:11560 | ecutuning.ddns.net | tcp |
| DZ | 105.105.91.157:11560 | ecutuning.ddns.net | tcp |
| DZ | 105.105.91.157:11560 | ecutuning.ddns.net | tcp |
| DZ | 105.105.91.157:11560 | ecutuning.ddns.net | tcp |
| DZ | 105.105.91.157:11560 | ecutuning.ddns.net | tcp |
| DZ | 105.105.91.157:11560 | ecutuning.ddns.net | tcp |
| DZ | 105.105.91.157:11560 | ecutuning.ddns.net | tcp |
| DZ | 105.105.91.157:11560 | ecutuning.ddns.net | tcp |
| DZ | 105.105.91.157:11560 | ecutuning.ddns.net | tcp |
| US | 8.8.8.8:53 | ecutuning.ddns.net | udp |
| DZ | 105.105.91.157:11560 | ecutuning.ddns.net | tcp |
| DZ | 105.105.91.157:11560 | ecutuning.ddns.net | tcp |
| DZ | 105.105.91.157:11560 | ecutuning.ddns.net | tcp |
| DZ | 105.105.91.157:11560 | ecutuning.ddns.net | tcp |
| DZ | 105.105.91.157:11560 | ecutuning.ddns.net | tcp |
| DZ | 105.105.91.157:11560 | ecutuning.ddns.net | tcp |
| DZ | 105.105.91.157:11560 | ecutuning.ddns.net | tcp |
| DZ | 105.105.91.157:11560 | ecutuning.ddns.net | tcp |
| DZ | 105.105.91.157:11560 | ecutuning.ddns.net | tcp |
| DZ | 105.105.91.157:11560 | ecutuning.ddns.net | tcp |
| DZ | 105.105.91.157:11560 | ecutuning.ddns.net | tcp |
| DZ | 105.105.91.157:11560 | ecutuning.ddns.net | tcp |
| DZ | 105.105.91.157:11560 | ecutuning.ddns.net | tcp |
| DZ | 105.105.91.157:11560 | ecutuning.ddns.net | tcp |
| DZ | 105.105.91.157:11560 | ecutuning.ddns.net | tcp |
| DZ | 105.105.91.157:11560 | ecutuning.ddns.net | tcp |
| DZ | 105.105.91.157:11560 | ecutuning.ddns.net | tcp |
| DZ | 105.105.91.157:11560 | ecutuning.ddns.net | tcp |
| US | 8.8.8.8:53 | ecutuning.ddns.net | udp |
| DZ | 105.105.91.157:11560 | ecutuning.ddns.net | tcp |
| DZ | 105.105.91.157:11560 | ecutuning.ddns.net | tcp |
| DZ | 105.105.91.157:11560 | ecutuning.ddns.net | tcp |
| DZ | 105.105.91.157:11560 | ecutuning.ddns.net | tcp |
| DZ | 105.105.91.157:11560 | ecutuning.ddns.net | tcp |
| DZ | 105.105.91.157:11560 | ecutuning.ddns.net | tcp |
| DZ | 105.105.91.157:11560 | ecutuning.ddns.net | tcp |
| DZ | 105.105.91.157:11560 | ecutuning.ddns.net | tcp |
| DZ | 105.105.91.157:11560 | ecutuning.ddns.net | tcp |
| DZ | 105.105.91.157:11560 | ecutuning.ddns.net | tcp |
| DZ | 105.105.91.157:11560 | ecutuning.ddns.net | tcp |
| DZ | 105.105.91.157:11560 | ecutuning.ddns.net | tcp |
| DZ | 105.105.91.157:11560 | ecutuning.ddns.net | tcp |
| DZ | 105.105.91.157:11560 | ecutuning.ddns.net | tcp |
| DZ | 105.105.91.157:11560 | ecutuning.ddns.net | tcp |
| DZ | 105.105.91.157:11560 | ecutuning.ddns.net | tcp |
| DZ | 105.105.91.157:11560 | ecutuning.ddns.net | tcp |
| DZ | 105.105.91.157:11560 | ecutuning.ddns.net | tcp |
| US | 8.8.8.8:53 | ecutuning.ddns.net | udp |
| DZ | 105.105.91.157:11560 | ecutuning.ddns.net | tcp |
| DZ | 105.105.91.157:11560 | ecutuning.ddns.net | tcp |
| DZ | 105.105.91.157:11560 | ecutuning.ddns.net | tcp |
| DZ | 105.105.91.157:11560 | ecutuning.ddns.net | tcp |
| DZ | 105.105.91.157:11560 | ecutuning.ddns.net | tcp |
| DZ | 105.105.91.157:11560 | ecutuning.ddns.net | tcp |
| DZ | 105.105.91.157:11560 | ecutuning.ddns.net | tcp |
| DZ | 105.105.91.157:11560 | ecutuning.ddns.net | tcp |
| DZ | 105.105.91.157:11560 | ecutuning.ddns.net | tcp |
| DZ | 105.105.91.157:11560 | ecutuning.ddns.net | tcp |
| US | 8.8.8.8:53 | ecutuning.ddns.net | udp |
| DZ | 105.105.91.157:11560 | ecutuning.ddns.net | tcp |
| DZ | 105.105.91.157:11560 | ecutuning.ddns.net | tcp |
| DZ | 105.105.91.157:11560 | ecutuning.ddns.net | tcp |
| DZ | 105.105.91.157:11560 | ecutuning.ddns.net | tcp |
| DZ | 105.105.91.157:11560 | ecutuning.ddns.net | tcp |
| DZ | 105.105.91.157:11560 | ecutuning.ddns.net | tcp |
| DZ | 105.105.91.157:11560 | ecutuning.ddns.net | tcp |
| DZ | 105.105.91.157:11560 | ecutuning.ddns.net | tcp |
| DZ | 105.105.91.157:11560 | ecutuning.ddns.net | tcp |
| DZ | 105.105.91.157:11560 | ecutuning.ddns.net | tcp |
| DZ | 105.105.91.157:11560 | ecutuning.ddns.net | tcp |
| DZ | 105.105.91.157:11560 | ecutuning.ddns.net | tcp |
| DZ | 105.105.91.157:11560 | ecutuning.ddns.net | tcp |
| DZ | 105.105.91.157:11560 | ecutuning.ddns.net | tcp |
| DZ | 105.105.91.157:11560 | ecutuning.ddns.net | tcp |
| DZ | 105.105.91.157:11560 | ecutuning.ddns.net | tcp |
| DZ | 105.105.91.157:11560 | ecutuning.ddns.net | tcp |
| DZ | 105.105.91.157:11560 | ecutuning.ddns.net | tcp |
| US | 8.8.8.8:53 | ecutuning.ddns.net | udp |
| DZ | 105.105.91.157:11560 | ecutuning.ddns.net | tcp |
| DZ | 105.105.91.157:11560 | ecutuning.ddns.net | tcp |
| DZ | 105.105.91.157:11560 | ecutuning.ddns.net | tcp |
| DZ | 105.105.91.157:11560 | ecutuning.ddns.net | tcp |
| DZ | 105.105.91.157:11560 | ecutuning.ddns.net | tcp |
| DZ | 105.105.91.157:11560 | ecutuning.ddns.net | tcp |
| DZ | 105.105.91.157:11560 | ecutuning.ddns.net | tcp |
| DZ | 105.105.91.157:11560 | ecutuning.ddns.net | tcp |
| DZ | 105.105.91.157:11560 | ecutuning.ddns.net | tcp |
| DZ | 105.105.91.157:11560 | ecutuning.ddns.net | tcp |
| DZ | 105.105.91.157:11560 | ecutuning.ddns.net | tcp |
| DZ | 105.105.91.157:11560 | ecutuning.ddns.net | tcp |
| US | 8.8.8.8:53 | ecutuning.ddns.net | udp |
| DZ | 105.105.91.157:11560 | ecutuning.ddns.net | tcp |
| DZ | 105.105.91.157:11560 | ecutuning.ddns.net | tcp |
| DZ | 105.105.91.157:11560 | ecutuning.ddns.net | tcp |
| DZ | 105.105.91.157:11560 | ecutuning.ddns.net | tcp |
| DZ | 105.105.91.157:11560 | ecutuning.ddns.net | tcp |
| DZ | 105.105.91.157:11560 | ecutuning.ddns.net | tcp |
| DZ | 105.105.91.157:11560 | ecutuning.ddns.net | tcp |
| DZ | 105.105.91.157:11560 | ecutuning.ddns.net | tcp |
| DZ | 105.105.91.157:11560 | ecutuning.ddns.net | tcp |
| DZ | 105.105.91.157:11560 | ecutuning.ddns.net | tcp |
| DZ | 105.105.91.157:11560 | ecutuning.ddns.net | tcp |
| DZ | 105.105.91.157:11560 | ecutuning.ddns.net | tcp |
| DZ | 105.105.91.157:11560 | ecutuning.ddns.net | tcp |
| DZ | 105.105.91.157:11560 | ecutuning.ddns.net | tcp |
| DZ | 105.105.91.157:11560 | ecutuning.ddns.net | tcp |
| DZ | 105.105.91.157:11560 | ecutuning.ddns.net | tcp |
| DZ | 105.105.91.157:11560 | ecutuning.ddns.net | tcp |
| DZ | 105.105.91.157:11560 | ecutuning.ddns.net | tcp |
| US | 8.8.8.8:53 | ecutuning.ddns.net | udp |
| DZ | 105.105.91.157:11560 | ecutuning.ddns.net | tcp |
| DZ | 105.105.91.157:11560 | ecutuning.ddns.net | tcp |
| DZ | 105.105.91.157:11560 | ecutuning.ddns.net | tcp |
| DZ | 105.105.91.157:11560 | ecutuning.ddns.net | tcp |
| DZ | 105.105.91.157:11560 | ecutuning.ddns.net | tcp |
| DZ | 105.105.91.157:11560 | ecutuning.ddns.net | tcp |
| DZ | 105.105.91.157:11560 | ecutuning.ddns.net | tcp |
| DZ | 105.105.91.157:11560 | ecutuning.ddns.net | tcp |
| DZ | 105.105.91.157:11560 | ecutuning.ddns.net | tcp |
| DZ | 105.105.91.157:11560 | ecutuning.ddns.net | tcp |
| DZ | 105.105.91.157:11560 | ecutuning.ddns.net | tcp |
| DZ | 105.105.91.157:11560 | ecutuning.ddns.net | tcp |
| DZ | 105.105.91.157:11560 | ecutuning.ddns.net | tcp |
| DZ | 105.105.91.157:11560 | ecutuning.ddns.net | tcp |
| DZ | 105.105.91.157:11560 | ecutuning.ddns.net | tcp |
| DZ | 105.105.91.157:11560 | ecutuning.ddns.net | tcp |
| DZ | 105.105.91.157:11560 | ecutuning.ddns.net | tcp |
| DZ | 105.105.91.157:11560 | ecutuning.ddns.net | tcp |
| US | 8.8.8.8:53 | ecutuning.ddns.net | udp |
| DZ | 105.105.91.157:11560 | ecutuning.ddns.net | tcp |
| DZ | 105.105.91.157:11560 | ecutuning.ddns.net | tcp |
| DZ | 105.105.91.157:11560 | ecutuning.ddns.net | tcp |
| DZ | 105.105.91.157:11560 | ecutuning.ddns.net | tcp |
| DZ | 105.105.91.157:11560 | ecutuning.ddns.net | tcp |
| DZ | 105.105.91.157:11560 | ecutuning.ddns.net | tcp |
| DZ | 105.105.91.157:11560 | ecutuning.ddns.net | tcp |
| DZ | 105.105.91.157:11560 | ecutuning.ddns.net | tcp |
| DZ | 105.105.91.157:11560 | ecutuning.ddns.net | tcp |
| DZ | 105.105.91.157:11560 | ecutuning.ddns.net | tcp |
| DZ | 105.105.91.157:11560 | ecutuning.ddns.net | tcp |
| DZ | 105.105.91.157:11560 | ecutuning.ddns.net | tcp |
| DZ | 105.105.91.157:11560 | ecutuning.ddns.net | tcp |
| DZ | 105.105.91.157:11560 | ecutuning.ddns.net | tcp |
| DZ | 105.105.91.157:11560 | ecutuning.ddns.net | tcp |
| DZ | 105.105.91.157:11560 | ecutuning.ddns.net | tcp |
| DZ | 105.105.91.157:11560 | ecutuning.ddns.net | tcp |
| DZ | 105.105.91.157:11560 | ecutuning.ddns.net | tcp |
| US | 8.8.8.8:53 | ecutuning.ddns.net | udp |
| DZ | 105.105.91.157:11560 | ecutuning.ddns.net | tcp |
| DZ | 105.105.91.157:11560 | ecutuning.ddns.net | tcp |
| DZ | 105.105.91.157:11560 | ecutuning.ddns.net | tcp |
| DZ | 105.105.91.157:11560 | ecutuning.ddns.net | tcp |
| DZ | 105.105.91.157:11560 | ecutuning.ddns.net | tcp |
| DZ | 105.105.91.157:11560 | ecutuning.ddns.net | tcp |
| DZ | 105.105.91.157:11560 | ecutuning.ddns.net | tcp |
| DZ | 105.105.91.157:11560 | ecutuning.ddns.net | tcp |
| DZ | 105.105.91.157:11560 | ecutuning.ddns.net | tcp |
| DZ | 105.105.91.157:11560 | ecutuning.ddns.net | tcp |
| DZ | 105.105.91.157:11560 | ecutuning.ddns.net | tcp |
| DZ | 105.105.91.157:11560 | ecutuning.ddns.net | tcp |
| DZ | 105.105.91.157:11560 | ecutuning.ddns.net | tcp |
| DZ | 105.105.91.157:11560 | ecutuning.ddns.net | tcp |
| DZ | 105.105.91.157:11560 | ecutuning.ddns.net | tcp |
| DZ | 105.105.91.157:11560 | ecutuning.ddns.net | tcp |
| DZ | 105.105.91.157:11560 | ecutuning.ddns.net | tcp |
| DZ | 105.105.91.157:11560 | ecutuning.ddns.net | tcp |
| US | 8.8.8.8:53 | ecutuning.ddns.net | udp |
| DZ | 105.105.91.157:11560 | ecutuning.ddns.net | tcp |
| DZ | 105.105.91.157:11560 | ecutuning.ddns.net | tcp |
| DZ | 105.105.91.157:11560 | ecutuning.ddns.net | tcp |
| DZ | 105.105.91.157:11560 | ecutuning.ddns.net | tcp |
| DZ | 105.105.91.157:11560 | ecutuning.ddns.net | tcp |
| DZ | 105.105.91.157:11560 | ecutuning.ddns.net | tcp |
| DZ | 105.105.91.157:11560 | ecutuning.ddns.net | tcp |
| DZ | 105.105.91.157:11560 | ecutuning.ddns.net | tcp |
| DZ | 105.105.91.157:11560 | ecutuning.ddns.net | tcp |
| DZ | 105.105.91.157:11560 | ecutuning.ddns.net | tcp |
| DZ | 105.105.91.157:11560 | ecutuning.ddns.net | tcp |
| DZ | 105.105.91.157:11560 | ecutuning.ddns.net | tcp |
| DZ | 105.105.91.157:11560 | ecutuning.ddns.net | tcp |
| DZ | 105.105.91.157:11560 | ecutuning.ddns.net | tcp |
| DZ | 105.105.91.157:11560 | ecutuning.ddns.net | tcp |
| DZ | 105.105.91.157:11560 | ecutuning.ddns.net | tcp |
| DZ | 105.105.91.157:11560 | ecutuning.ddns.net | tcp |
| US | 8.8.8.8:53 | ecutuning.ddns.net | udp |
| DZ | 105.105.91.157:11560 | ecutuning.ddns.net | tcp |
| DZ | 105.105.91.157:11560 | ecutuning.ddns.net | tcp |
| DZ | 105.105.91.157:11560 | ecutuning.ddns.net | tcp |
| DZ | 105.105.91.157:11560 | ecutuning.ddns.net | tcp |
| DZ | 105.105.91.157:11560 | ecutuning.ddns.net | tcp |
| DZ | 105.105.91.157:11560 | ecutuning.ddns.net | tcp |
| DZ | 105.105.91.157:11560 | ecutuning.ddns.net | tcp |
| DZ | 105.105.91.157:11560 | ecutuning.ddns.net | tcp |
| DZ | 105.105.91.157:11560 | ecutuning.ddns.net | tcp |
| DZ | 105.105.91.157:11560 | ecutuning.ddns.net | tcp |
| DZ | 105.105.91.157:11560 | ecutuning.ddns.net | tcp |
| DZ | 105.105.91.157:11560 | ecutuning.ddns.net | tcp |
| DZ | 105.105.91.157:11560 | ecutuning.ddns.net | tcp |
| DZ | 105.105.91.157:11560 | ecutuning.ddns.net | tcp |
| DZ | 105.105.91.157:11560 | ecutuning.ddns.net | tcp |
| DZ | 105.105.91.157:11560 | ecutuning.ddns.net | tcp |
| DZ | 105.105.91.157:11560 | ecutuning.ddns.net | tcp |
| DZ | 105.105.91.157:11560 | ecutuning.ddns.net | tcp |
| US | 8.8.8.8:53 | ecutuning.ddns.net | udp |
| DZ | 105.105.91.157:11560 | ecutuning.ddns.net | tcp |
| DZ | 105.105.91.157:11560 | ecutuning.ddns.net | tcp |
| DZ | 105.105.91.157:11560 | ecutuning.ddns.net | tcp |
| DZ | 105.105.91.157:11560 | ecutuning.ddns.net | tcp |
| DZ | 105.105.91.157:11560 | ecutuning.ddns.net | tcp |
| DZ | 105.105.91.157:11560 | ecutuning.ddns.net | tcp |
| DZ | 105.105.91.157:11560 | ecutuning.ddns.net | tcp |
| DZ | 105.105.91.157:11560 | ecutuning.ddns.net | tcp |
| DZ | 105.105.91.157:11560 | ecutuning.ddns.net | tcp |
| DZ | 105.105.91.157:11560 | ecutuning.ddns.net | tcp |
| DZ | 105.105.91.157:11560 | ecutuning.ddns.net | tcp |
| DZ | 105.105.91.157:11560 | ecutuning.ddns.net | tcp |
| DZ | 105.105.91.157:11560 | ecutuning.ddns.net | tcp |
| DZ | 105.105.91.157:11560 | ecutuning.ddns.net | tcp |
| DZ | 105.105.91.157:11560 | ecutuning.ddns.net | tcp |
| DZ | 105.105.91.157:11560 | ecutuning.ddns.net | tcp |
| DZ | 105.105.91.157:11560 | ecutuning.ddns.net | tcp |
| DZ | 105.105.91.157:11560 | ecutuning.ddns.net | tcp |
| US | 8.8.8.8:53 | ecutuning.ddns.net | udp |
| DZ | 105.105.91.157:11560 | ecutuning.ddns.net | tcp |
| DZ | 105.105.91.157:11560 | ecutuning.ddns.net | tcp |
| DZ | 105.105.91.157:11560 | ecutuning.ddns.net | tcp |
| DZ | 105.105.91.157:11560 | ecutuning.ddns.net | tcp |
| DZ | 105.105.91.157:11560 | ecutuning.ddns.net | tcp |
| DZ | 105.105.91.157:11560 | ecutuning.ddns.net | tcp |
| DZ | 105.105.91.157:11560 | ecutuning.ddns.net | tcp |
| DZ | 105.105.91.157:11560 | ecutuning.ddns.net | tcp |
| DZ | 105.105.91.157:11560 | ecutuning.ddns.net | tcp |
| DZ | 105.105.91.157:11560 | ecutuning.ddns.net | tcp |
| DZ | 105.105.91.157:11560 | ecutuning.ddns.net | tcp |
| DZ | 105.105.91.157:11560 | ecutuning.ddns.net | tcp |
| DZ | 105.105.91.157:11560 | ecutuning.ddns.net | tcp |
| DZ | 105.105.91.157:11560 | ecutuning.ddns.net | tcp |
| DZ | 105.105.91.157:11560 | ecutuning.ddns.net | tcp |
| US | 8.8.8.8:53 | ecutuning.ddns.net | udp |
| DZ | 105.105.91.157:11560 | ecutuning.ddns.net | tcp |
| DZ | 105.105.91.157:11560 | ecutuning.ddns.net | tcp |
| DZ | 105.105.91.157:11560 | ecutuning.ddns.net | tcp |
| DZ | 105.105.91.157:11560 | ecutuning.ddns.net | tcp |
| DZ | 105.105.91.157:11560 | ecutuning.ddns.net | tcp |
| DZ | 105.105.91.157:11560 | ecutuning.ddns.net | tcp |
| DZ | 105.105.91.157:11560 | ecutuning.ddns.net | tcp |
| DZ | 105.105.91.157:11560 | ecutuning.ddns.net | tcp |
| DZ | 105.105.91.157:11560 | ecutuning.ddns.net | tcp |
| DZ | 105.105.91.157:11560 | ecutuning.ddns.net | tcp |
| DZ | 105.105.91.157:11560 | ecutuning.ddns.net | tcp |
| DZ | 105.105.91.157:11560 | ecutuning.ddns.net | tcp |
| DZ | 105.105.91.157:11560 | ecutuning.ddns.net | tcp |
| DZ | 105.105.91.157:11560 | ecutuning.ddns.net | tcp |
| DZ | 105.105.91.157:11560 | ecutuning.ddns.net | tcp |
| DZ | 105.105.91.157:11560 | ecutuning.ddns.net | tcp |
| DZ | 105.105.91.157:11560 | ecutuning.ddns.net | tcp |
| DZ | 105.105.91.157:11560 | ecutuning.ddns.net | tcp |
| US | 8.8.8.8:53 | ecutuning.ddns.net | udp |
| DZ | 105.105.91.157:11560 | ecutuning.ddns.net | tcp |
| DZ | 105.105.91.157:11560 | ecutuning.ddns.net | tcp |
| DZ | 105.105.91.157:11560 | ecutuning.ddns.net | tcp |
| DZ | 105.105.91.157:11560 | ecutuning.ddns.net | tcp |
| DZ | 105.105.91.157:11560 | ecutuning.ddns.net | tcp |
| DZ | 105.105.91.157:11560 | ecutuning.ddns.net | tcp |
| DZ | 105.105.91.157:11560 | ecutuning.ddns.net | tcp |
| DZ | 105.105.91.157:11560 | ecutuning.ddns.net | tcp |
| DZ | 105.105.91.157:11560 | ecutuning.ddns.net | tcp |
| DZ | 105.105.91.157:11560 | ecutuning.ddns.net | tcp |
| DZ | 105.105.91.157:11560 | ecutuning.ddns.net | tcp |
| DZ | 105.105.91.157:11560 | ecutuning.ddns.net | tcp |
| DZ | 105.105.91.157:11560 | ecutuning.ddns.net | tcp |
| DZ | 105.105.91.157:11560 | ecutuning.ddns.net | tcp |
| DZ | 105.105.91.157:11560 | ecutuning.ddns.net | tcp |
| DZ | 105.105.91.157:11560 | ecutuning.ddns.net | tcp |
| DZ | 105.105.91.157:11560 | ecutuning.ddns.net | tcp |
| DZ | 105.105.91.157:11560 | ecutuning.ddns.net | tcp |
| US | 8.8.8.8:53 | ecutuning.ddns.net | udp |
| DZ | 105.105.91.157:11560 | ecutuning.ddns.net | tcp |
| DZ | 105.105.91.157:11560 | ecutuning.ddns.net | tcp |
| DZ | 105.105.91.157:11560 | ecutuning.ddns.net | tcp |
| DZ | 105.105.91.157:11560 | ecutuning.ddns.net | tcp |
| DZ | 105.105.91.157:11560 | ecutuning.ddns.net | tcp |
| DZ | 105.105.91.157:11560 | ecutuning.ddns.net | tcp |
| DZ | 105.105.91.157:11560 | ecutuning.ddns.net | tcp |
| DZ | 105.105.91.157:11560 | ecutuning.ddns.net | tcp |
| DZ | 105.105.91.157:11560 | ecutuning.ddns.net | tcp |
| DZ | 105.105.91.157:11560 | ecutuning.ddns.net | tcp |
| DZ | 105.105.91.157:11560 | ecutuning.ddns.net | tcp |
| DZ | 105.105.91.157:11560 | ecutuning.ddns.net | tcp |
| DZ | 105.105.91.157:11560 | ecutuning.ddns.net | tcp |
| DZ | 105.105.91.157:11560 | ecutuning.ddns.net | tcp |
| DZ | 105.105.91.157:11560 | ecutuning.ddns.net | tcp |
| DZ | 105.105.91.157:11560 | ecutuning.ddns.net | tcp |
| DZ | 105.105.91.157:11560 | ecutuning.ddns.net | tcp |
| DZ | 105.105.91.157:11560 | ecutuning.ddns.net | tcp |
| US | 8.8.8.8:53 | ecutuning.ddns.net | udp |
| DZ | 105.105.91.157:11560 | ecutuning.ddns.net | tcp |
| DZ | 105.105.91.157:11560 | ecutuning.ddns.net | tcp |
| DZ | 105.105.91.157:11560 | ecutuning.ddns.net | tcp |
| DZ | 105.105.91.157:11560 | ecutuning.ddns.net | tcp |
| DZ | 105.105.91.157:11560 | ecutuning.ddns.net | tcp |
| DZ | 105.105.91.157:11560 | ecutuning.ddns.net | tcp |
| DZ | 105.105.91.157:11560 | ecutuning.ddns.net | tcp |
| DZ | 105.105.91.157:11560 | ecutuning.ddns.net | tcp |
| DZ | 105.105.91.157:11560 | ecutuning.ddns.net | tcp |
| DZ | 105.105.91.157:11560 | ecutuning.ddns.net | tcp |
| DZ | 105.105.91.157:11560 | ecutuning.ddns.net | tcp |
| DZ | 105.105.91.157:11560 | ecutuning.ddns.net | tcp |
| DZ | 105.105.91.157:11560 | ecutuning.ddns.net | tcp |
| DZ | 105.105.91.157:11560 | ecutuning.ddns.net | tcp |
| DZ | 105.105.91.157:11560 | ecutuning.ddns.net | tcp |
| DZ | 105.105.91.157:11560 | ecutuning.ddns.net | tcp |
| DZ | 105.105.91.157:11560 | ecutuning.ddns.net | tcp |
| DZ | 105.105.91.157:11560 | ecutuning.ddns.net | tcp |
| US | 8.8.8.8:53 | ecutuning.ddns.net | udp |
| DZ | 105.105.91.157:11560 | ecutuning.ddns.net | tcp |
| DZ | 105.105.91.157:11560 | ecutuning.ddns.net | tcp |
| DZ | 105.105.91.157:11560 | ecutuning.ddns.net | tcp |
| DZ | 105.105.91.157:11560 | ecutuning.ddns.net | tcp |
| DZ | 105.105.91.157:11560 | ecutuning.ddns.net | tcp |
| DZ | 105.105.91.157:11560 | ecutuning.ddns.net | tcp |
| DZ | 105.105.91.157:11560 | ecutuning.ddns.net | tcp |
| DZ | 105.105.91.157:11560 | ecutuning.ddns.net | tcp |
| DZ | 105.105.91.157:11560 | ecutuning.ddns.net | tcp |
| DZ | 105.105.91.157:11560 | ecutuning.ddns.net | tcp |
| DZ | 105.105.91.157:11560 | ecutuning.ddns.net | tcp |
| DZ | 105.105.91.157:11560 | ecutuning.ddns.net | tcp |
| DZ | 105.105.91.157:11560 | ecutuning.ddns.net | tcp |
| DZ | 105.105.91.157:11560 | ecutuning.ddns.net | tcp |
| DZ | 105.105.91.157:11560 | ecutuning.ddns.net | tcp |
| DZ | 105.105.91.157:11560 | ecutuning.ddns.net | tcp |
| US | 8.8.8.8:53 | ecutuning.ddns.net | udp |
| DZ | 105.105.91.157:11560 | ecutuning.ddns.net | tcp |
| DZ | 105.105.91.157:11560 | ecutuning.ddns.net | tcp |
Files
memory/1700-0-0x00000000003A0000-0x0000000000CDA000-memory.dmp
memory/1700-1-0x000000007EBD0000-0x000000007EFA1000-memory.dmp
memory/1700-2-0x0000000077E60000-0x0000000077E61000-memory.dmp
memory/1700-4-0x0000000004F50000-0x0000000004F90000-memory.dmp
memory/1700-3-0x0000000074CB0000-0x000000007525B000-memory.dmp
memory/1700-5-0x0000000074CB0000-0x000000007525B000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\Keygen (2).exe
| MD5 | 64cba06221b0fa10d6bb53f8af7d8b22 |
| SHA1 | d915a4b440eecff67d420c5b04d99d7463eab120 |
| SHA256 | a3ae13ffd73b423f57cc6ac82fd7555f6d84609b3e7e0c7c54fb2ca7e093d3bc |
| SHA512 | 2b1152bbd52204727244e019580887d4a8521a3c9da27eb0bb2d0def5396e36c2d4bef32d19a3a43caa8546afbd54d8408d7793c8e9ff07585d82997f6f512c9 |
C:\Users\Admin\AppData\Local\Temp\Keygen (2).exe
| MD5 | a5e0303ac288d0889ad7009e759f615b |
| SHA1 | 4c1a9b890fb183e58f9bf0842a91589cf7c5918e |
| SHA256 | 0ec55b3530366d0141f3cd4e29c35ca71412ccc49516bb3bd9aaf933f606efa1 |
| SHA512 | c668b36d4a7f0453a196263b1857da7326ecaebdc6c9ffa030dc69757a8d3c7b138920e83d8453d45b12f1f2a16c41ff65e4e57db1456931f0c3d1995037e626 |
memory/2904-26-0x0000000000230000-0x0000000000231000-memory.dmp
memory/1700-25-0x00000000003A0000-0x0000000000CDA000-memory.dmp
\Users\Admin\AppData\Local\Temp\Keygen (2).exe
| MD5 | 0a02a328b2bb782dff9218bf822cf8e5 |
| SHA1 | 32a42df6999c62ee8bc3fd6d20b22aef54f048b5 |
| SHA256 | 94e4b017d7da3f7ebd79937f9fb07914f983840163667cd152785061a5b2f36c |
| SHA512 | 034b2c186e50d79c1854541c1453657115ecdb2410344bd1224fe1e027c65384121a1fc3c200b8f7715e84f221587c71fb6216f2213bdb13ef62553350fb5fc0 |
C:\Users\Admin\AppData\Local\Temp\paylod.exe
| MD5 | e6149ed0cdf7e22aaa3c79dfc7150900 |
| SHA1 | d9e1b9e3feff75897030366ba28d2c460374afa2 |
| SHA256 | b107529ccc4a4ad32ab1bd60ef6ae6b1cebc5e5252c0a6cd53a0cf6028e346d2 |
| SHA512 | f086c90a52981143e79066482b73c5e673c0e72332f204fa8f33b2ff180dbe52f1ee93bb44a1852d513569c3091ce81ba1185e511e00abdbbe1f2182a853f67e |
\Users\Admin\AppData\Local\Temp\Keygen (2).exe
| MD5 | 01c972bd45505e5fe75b7cb83b27533c |
| SHA1 | e5c713841eed54be1fb263920108bd58beb6e0b8 |
| SHA256 | 41ef1d31a4782f939a024ca127eb1e6ea616a44ed0ed618ff5b31bd91b66cdb7 |
| SHA512 | 7caf6a572a960218716e3f3a40983b5ccc29c06320bef144465c4598abf4fbbb7e298c964edefd9a8fa8fdef08bb26ff9c3838e95ad98fe099581092afad282d |
memory/2800-27-0x0000000000D60000-0x0000000000D6C000-memory.dmp
memory/1700-28-0x000000007EBD0000-0x000000007EFA1000-memory.dmp
memory/1700-29-0x0000000074CB0000-0x000000007525B000-memory.dmp
memory/2800-30-0x00000000717A0000-0x0000000071E8E000-memory.dmp
memory/2628-41-0x00000000010B0000-0x00000000010BC000-memory.dmp
memory/2800-43-0x00000000717A0000-0x0000000071E8E000-memory.dmp
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Windows.lnk
| MD5 | 387937c39ce58e167c8ba732bd92931a |
| SHA1 | d31fb8d416efd34f9b965115edb54917e778f63f |
| SHA256 | b3b40e302cb318abff9736936e3e8e02953aeb8949c686a4e0583880ecfa51cc |
| SHA512 | e9265317d845d61e1cdc81942e1e37caa2ab9af7f6de6396610929bc56860d7f1fea9f39636d89885b417c49a4205fe2b322921997f3ef6040a1286df0d734e8 |
memory/2628-42-0x00000000717A0000-0x0000000071E8E000-memory.dmp
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Templates\Windows.lnk
| MD5 | 93b3ed8bc82c8b93c3aaa87b9d984542 |
| SHA1 | 1b01bbe3f7aef5a5114b3142c42cd4d9f694928b |
| SHA256 | 366b5a32bc0bec7ce9b4e97179ea7062ed9b20e9f04807b3fb44790757019d24 |
| SHA512 | 75d176a38fc1f54e14ec97aa1daf7b753e4a89c189df2777d0304f68835370896757646cd49cfbc7796437559cb18fe88135807e6bd2d3f8a37c2b9c65c8d781 |
memory/2904-48-0x0000000000400000-0x00000000005B5000-memory.dmp
memory/2904-50-0x0000000000230000-0x0000000000231000-memory.dmp
memory/2628-51-0x0000000005810000-0x0000000005850000-memory.dmp
memory/2904-52-0x0000000000400000-0x00000000005B5000-memory.dmp
memory/2628-54-0x00000000717A0000-0x0000000071E8E000-memory.dmp
memory/2628-56-0x0000000005810000-0x0000000005850000-memory.dmp