Malware Analysis Report

2024-11-30 11:43

Sample ID 240225-1w649aeb8y
Target 2024-02-25_e6c711e9e99daf9d4b2bd783a41f4c46_darkside
SHA256 f0db0d23b83b54d8a565f8e9bd66b4ae7be8b2f8efffc471b6e5ef95298376e8
Tags
lockbit ransomware spyware stealer
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

f0db0d23b83b54d8a565f8e9bd66b4ae7be8b2f8efffc471b6e5ef95298376e8

Threat Level: Known bad

The file 2024-02-25_e6c711e9e99daf9d4b2bd783a41f4c46_darkside was found to be: Known bad.

Malicious Activity Summary

lockbit ransomware spyware stealer

Rule to detect Lockbit 3.0 ransomware Windows payload

Lockbit family

Renames multiple (621) files with added filename extension

Renames multiple (365) files with added filename extension

Deletes itself

Executes dropped EXE

Reads user/profile data of web browsers

Loads dropped DLL

Drops desktop.ini file(s)

Suspicious use of NtSetInformationThreadHideFromDebugger

Sets desktop wallpaper using registry

Unsigned PE

Enumerates physical storage devices

Suspicious use of WriteProcessMemory

Suspicious behavior: RenamesItself

Suspicious behavior: EnumeratesProcesses

Modifies Control Panel

Modifies registry class

Suspicious use of AdjustPrivilegeToken

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-02-25 22:01

Signatures

Lockbit family

lockbit

Rule to detect Lockbit 3.0 ransomware Windows payload

Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-02-25 22:01

Reported

2024-02-25 22:03

Platform

win7-20240221-en

Max time kernel

119s

Max time network

123s

Command Line

"C:\Users\Admin\AppData\Local\Temp\2024-02-25_e6c711e9e99daf9d4b2bd783a41f4c46_darkside.exe"

Signatures

Renames multiple (365) files with added filename extension

ransomware

Deletes itself

Description Indicator Process Target
N/A N/A C:\ProgramData\C938.tmp N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\ProgramData\C938.tmp N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-02-25_e6c711e9e99daf9d4b2bd783a41f4c46_darkside.exe N/A

Reads user/profile data of web browsers

spyware stealer

Drops desktop.ini file(s)

Description Indicator Process Target
File opened for modification C:\$Recycle.Bin\S-1-5-21-330940541-141609230-1670313778-1000\desktop.ini C:\Users\Admin\AppData\Local\Temp\2024-02-25_e6c711e9e99daf9d4b2bd783a41f4c46_darkside.exe N/A
File opened for modification F:\$RECYCLE.BIN\S-1-5-21-330940541-141609230-1670313778-1000\desktop.ini C:\Users\Admin\AppData\Local\Temp\2024-02-25_e6c711e9e99daf9d4b2bd783a41f4c46_darkside.exe N/A

Sets desktop wallpaper using registry

ransomware
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Control Panel\Desktop\WallPaper = "C:\\ProgramData\\x6HpDuwdD.bmp" C:\Users\Admin\AppData\Local\Temp\2024-02-25_e6c711e9e99daf9d4b2bd783a41f4c46_darkside.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Control Panel\Desktop\Wallpaper = "C:\\ProgramData\\x6HpDuwdD.bmp" C:\Users\Admin\AppData\Local\Temp\2024-02-25_e6c711e9e99daf9d4b2bd783a41f4c46_darkside.exe N/A

Enumerates physical storage devices

Modifies Control Panel

evasion
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Control Panel\Desktop\WallpaperStyle = "10" C:\Users\Admin\AppData\Local\Temp\2024-02-25_e6c711e9e99daf9d4b2bd783a41f4c46_darkside.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Control Panel\Desktop C:\Users\Admin\AppData\Local\Temp\2024-02-25_e6c711e9e99daf9d4b2bd783a41f4c46_darkside.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.x6HpDuwdD C:\Users\Admin\AppData\Local\Temp\2024-02-25_e6c711e9e99daf9d4b2bd783a41f4c46_darkside.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.x6HpDuwdD\ = "x6HpDuwdD" C:\Users\Admin\AppData\Local\Temp\2024-02-25_e6c711e9e99daf9d4b2bd783a41f4c46_darkside.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\x6HpDuwdD\DefaultIcon C:\Users\Admin\AppData\Local\Temp\2024-02-25_e6c711e9e99daf9d4b2bd783a41f4c46_darkside.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\x6HpDuwdD C:\Users\Admin\AppData\Local\Temp\2024-02-25_e6c711e9e99daf9d4b2bd783a41f4c46_darkside.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\x6HpDuwdD\DefaultIcon\ = "C:\\ProgramData\\x6HpDuwdD.ico" C:\Users\Admin\AppData\Local\Temp\2024-02-25_e6c711e9e99daf9d4b2bd783a41f4c46_darkside.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeAssignPrimaryTokenPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-25_e6c711e9e99daf9d4b2bd783a41f4c46_darkside.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-25_e6c711e9e99daf9d4b2bd783a41f4c46_darkside.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-25_e6c711e9e99daf9d4b2bd783a41f4c46_darkside.exe N/A
Token: 36 N/A C:\Users\Admin\AppData\Local\Temp\2024-02-25_e6c711e9e99daf9d4b2bd783a41f4c46_darkside.exe N/A
Token: SeImpersonatePrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-25_e6c711e9e99daf9d4b2bd783a41f4c46_darkside.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-25_e6c711e9e99daf9d4b2bd783a41f4c46_darkside.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-25_e6c711e9e99daf9d4b2bd783a41f4c46_darkside.exe N/A
Token: 33 N/A C:\Users\Admin\AppData\Local\Temp\2024-02-25_e6c711e9e99daf9d4b2bd783a41f4c46_darkside.exe N/A
Token: SeManageVolumePrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-25_e6c711e9e99daf9d4b2bd783a41f4c46_darkside.exe N/A
Token: SeProfSingleProcessPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-25_e6c711e9e99daf9d4b2bd783a41f4c46_darkside.exe N/A
Token: SeRestorePrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-25_e6c711e9e99daf9d4b2bd783a41f4c46_darkside.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-25_e6c711e9e99daf9d4b2bd783a41f4c46_darkside.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-25_e6c711e9e99daf9d4b2bd783a41f4c46_darkside.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-25_e6c711e9e99daf9d4b2bd783a41f4c46_darkside.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-25_e6c711e9e99daf9d4b2bd783a41f4c46_darkside.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-25_e6c711e9e99daf9d4b2bd783a41f4c46_darkside.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-25_e6c711e9e99daf9d4b2bd783a41f4c46_darkside.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-25_e6c711e9e99daf9d4b2bd783a41f4c46_darkside.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-25_e6c711e9e99daf9d4b2bd783a41f4c46_darkside.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-25_e6c711e9e99daf9d4b2bd783a41f4c46_darkside.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-25_e6c711e9e99daf9d4b2bd783a41f4c46_darkside.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-25_e6c711e9e99daf9d4b2bd783a41f4c46_darkside.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-25_e6c711e9e99daf9d4b2bd783a41f4c46_darkside.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-25_e6c711e9e99daf9d4b2bd783a41f4c46_darkside.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-25_e6c711e9e99daf9d4b2bd783a41f4c46_darkside.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-25_e6c711e9e99daf9d4b2bd783a41f4c46_darkside.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-25_e6c711e9e99daf9d4b2bd783a41f4c46_darkside.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-25_e6c711e9e99daf9d4b2bd783a41f4c46_darkside.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-25_e6c711e9e99daf9d4b2bd783a41f4c46_darkside.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-25_e6c711e9e99daf9d4b2bd783a41f4c46_darkside.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-25_e6c711e9e99daf9d4b2bd783a41f4c46_darkside.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-25_e6c711e9e99daf9d4b2bd783a41f4c46_darkside.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-25_e6c711e9e99daf9d4b2bd783a41f4c46_darkside.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-25_e6c711e9e99daf9d4b2bd783a41f4c46_darkside.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-25_e6c711e9e99daf9d4b2bd783a41f4c46_darkside.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-25_e6c711e9e99daf9d4b2bd783a41f4c46_darkside.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-25_e6c711e9e99daf9d4b2bd783a41f4c46_darkside.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-25_e6c711e9e99daf9d4b2bd783a41f4c46_darkside.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-25_e6c711e9e99daf9d4b2bd783a41f4c46_darkside.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-25_e6c711e9e99daf9d4b2bd783a41f4c46_darkside.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-25_e6c711e9e99daf9d4b2bd783a41f4c46_darkside.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-25_e6c711e9e99daf9d4b2bd783a41f4c46_darkside.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-25_e6c711e9e99daf9d4b2bd783a41f4c46_darkside.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-25_e6c711e9e99daf9d4b2bd783a41f4c46_darkside.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-25_e6c711e9e99daf9d4b2bd783a41f4c46_darkside.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-25_e6c711e9e99daf9d4b2bd783a41f4c46_darkside.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-25_e6c711e9e99daf9d4b2bd783a41f4c46_darkside.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-25_e6c711e9e99daf9d4b2bd783a41f4c46_darkside.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-25_e6c711e9e99daf9d4b2bd783a41f4c46_darkside.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-25_e6c711e9e99daf9d4b2bd783a41f4c46_darkside.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-25_e6c711e9e99daf9d4b2bd783a41f4c46_darkside.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-25_e6c711e9e99daf9d4b2bd783a41f4c46_darkside.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-25_e6c711e9e99daf9d4b2bd783a41f4c46_darkside.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-25_e6c711e9e99daf9d4b2bd783a41f4c46_darkside.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-25_e6c711e9e99daf9d4b2bd783a41f4c46_darkside.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-25_e6c711e9e99daf9d4b2bd783a41f4c46_darkside.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-25_e6c711e9e99daf9d4b2bd783a41f4c46_darkside.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-25_e6c711e9e99daf9d4b2bd783a41f4c46_darkside.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-25_e6c711e9e99daf9d4b2bd783a41f4c46_darkside.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-25_e6c711e9e99daf9d4b2bd783a41f4c46_darkside.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-25_e6c711e9e99daf9d4b2bd783a41f4c46_darkside.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-25_e6c711e9e99daf9d4b2bd783a41f4c46_darkside.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-25_e6c711e9e99daf9d4b2bd783a41f4c46_darkside.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-25_e6c711e9e99daf9d4b2bd783a41f4c46_darkside.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\2024-02-25_e6c711e9e99daf9d4b2bd783a41f4c46_darkside.exe

"C:\Users\Admin\AppData\Local\Temp\2024-02-25_e6c711e9e99daf9d4b2bd783a41f4c46_darkside.exe"

C:\ProgramData\C938.tmp

"C:\ProgramData\C938.tmp"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /C DEL /F /Q C:\PROGRA~3\C938.tmp >> NUL

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x154

Network

N/A

Files

memory/2224-0-0x0000000002250000-0x0000000002290000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-330940541-141609230-1670313778-1000\desktop.ini

MD5 183220098b03d543b7f2b029e63b5077
SHA1 17c7fd4e928f4b3c99d3639f7a4fd5f57762c5c3
SHA256 dfb7ddf626b419061c08929f919a4bc535a595d4b353f52118a11d9bf202ecb6
SHA512 80cdab609b10d1b443a76354d53137df22740bba0d4818bec98edc4dd10efbe6c2a5be91aec86f03115f6d9da0ea6959af92cfca32b571b5c7ae08e12e89e2cd

C:\x6HpDuwdD.README.txt

MD5 fdf364df492669311826571aba21c121
SHA1 d09bf45b9d55fe900b59bc6c73df6d7d254d8936
SHA256 09b46d04e367c849c8b859f67120f98ee5b3a09eeff2d0c67fddf53c670e3d2f
SHA512 597fd1bc23f5d3996709c0393ece12b5cc30759129ccc4495d9092ff2f41e2c430dcd3667e9528830b19deb1b61f29781b8f3a77787038bc93d55a004c221db6

F:\$RECYCLE.BIN\S-1-5-21-330940541-141609230-1670313778-1000\AAAAAAAAAAA

MD5 bd59542b155892a09ebbf46fd6bba377
SHA1 e4f409f07d5188e769459b7eef951a3a82783fba
SHA256 7350f29eb05bb5c059136cdb9e7284a98d7bf7bcca9380d7a62158bc0fd23900
SHA512 0378ad0eb15859a9e15e016beff6fa8357a53a1ed43278c68ef0bf39ed538baa3d629548d9e0583eedf30360743cd664b8af25b0bfc4d6bcb427369eb7055a90

\ProgramData\C938.tmp

MD5 294e9f64cb1642dd89229fff0592856b
SHA1 97b148c27f3da29ba7b18d6aee8a0db9102f47c9
SHA256 917e115cc403e29b4388e0d175cbfac3e7e40ca1742299fbdb353847db2de7c2
SHA512 b87d531890bf1577b9b4af41dddb2cdbbfa164cf197bd5987df3a3075983645a3acba443e289b7bfd338422978a104f55298fbfe346872de0895bde44adc89cf

memory/2808-883-0x000000007EFA0000-0x000000007EFA1000-memory.dmp

memory/2808-884-0x0000000000250000-0x0000000000290000-memory.dmp

memory/2808-902-0x000000007EF20000-0x000000007EF21000-memory.dmp

memory/2808-900-0x000000007EF80000-0x000000007EF81000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\KKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKK

MD5 35d7770f7f58b675b1bab2a3cc790148
SHA1 aeee958b1e168386a822c4ca88fc6f51ceff9940
SHA256 1db29ee585fb277079a2674faadeed1b74f1bea70051b0751800cae7981f2447
SHA512 7ad21014c17f34d8d450c5082f4cb2a0fd461b782fd7f9379f6c2136b0ae41defa41e121f2878306f6fb23e6044d1e76a535746ac4fab3d7414d653feaa603d1

memory/2808-915-0x000000007EF40000-0x000000007EF41000-memory.dmp

memory/2808-916-0x000000007EF60000-0x000000007EF61000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-02-25 22:01

Reported

2024-02-25 22:03

Platform

win10v2004-20240221-en

Max time kernel

151s

Max time network

155s

Command Line

"C:\Users\Admin\AppData\Local\Temp\2024-02-25_e6c711e9e99daf9d4b2bd783a41f4c46_darkside.exe"

Signatures

Renames multiple (621) files with added filename extension

ransomware

Reads user/profile data of web browsers

spyware stealer

Drops desktop.ini file(s)

Description Indicator Process Target
File opened for modification C:\$Recycle.Bin\S-1-5-21-3538781373-1545967067-4263767959-1000\desktop.ini C:\Users\Admin\AppData\Local\Temp\2024-02-25_e6c711e9e99daf9d4b2bd783a41f4c46_darkside.exe N/A
File opened for modification F:\$RECYCLE.BIN\S-1-5-21-3538781373-1545967067-4263767959-1000\desktop.ini C:\Users\Admin\AppData\Local\Temp\2024-02-25_e6c711e9e99daf9d4b2bd783a41f4c46_darkside.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.x6HpDuwdD C:\Users\Admin\AppData\Local\Temp\2024-02-25_e6c711e9e99daf9d4b2bd783a41f4c46_darkside.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.x6HpDuwdD\ = "x6HpDuwdD" C:\Users\Admin\AppData\Local\Temp\2024-02-25_e6c711e9e99daf9d4b2bd783a41f4c46_darkside.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\x6HpDuwdD\DefaultIcon C:\Users\Admin\AppData\Local\Temp\2024-02-25_e6c711e9e99daf9d4b2bd783a41f4c46_darkside.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\x6HpDuwdD C:\Users\Admin\AppData\Local\Temp\2024-02-25_e6c711e9e99daf9d4b2bd783a41f4c46_darkside.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\x6HpDuwdD\DefaultIcon\ = "C:\\ProgramData\\x6HpDuwdD.ico" C:\Users\Admin\AppData\Local\Temp\2024-02-25_e6c711e9e99daf9d4b2bd783a41f4c46_darkside.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-02-25_e6c711e9e99daf9d4b2bd783a41f4c46_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-02-25_e6c711e9e99daf9d4b2bd783a41f4c46_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-02-25_e6c711e9e99daf9d4b2bd783a41f4c46_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-02-25_e6c711e9e99daf9d4b2bd783a41f4c46_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-02-25_e6c711e9e99daf9d4b2bd783a41f4c46_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-02-25_e6c711e9e99daf9d4b2bd783a41f4c46_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-02-25_e6c711e9e99daf9d4b2bd783a41f4c46_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-02-25_e6c711e9e99daf9d4b2bd783a41f4c46_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-02-25_e6c711e9e99daf9d4b2bd783a41f4c46_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-02-25_e6c711e9e99daf9d4b2bd783a41f4c46_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-02-25_e6c711e9e99daf9d4b2bd783a41f4c46_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-02-25_e6c711e9e99daf9d4b2bd783a41f4c46_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-02-25_e6c711e9e99daf9d4b2bd783a41f4c46_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-02-25_e6c711e9e99daf9d4b2bd783a41f4c46_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-02-25_e6c711e9e99daf9d4b2bd783a41f4c46_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-02-25_e6c711e9e99daf9d4b2bd783a41f4c46_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-02-25_e6c711e9e99daf9d4b2bd783a41f4c46_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-02-25_e6c711e9e99daf9d4b2bd783a41f4c46_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-02-25_e6c711e9e99daf9d4b2bd783a41f4c46_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-02-25_e6c711e9e99daf9d4b2bd783a41f4c46_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-02-25_e6c711e9e99daf9d4b2bd783a41f4c46_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-02-25_e6c711e9e99daf9d4b2bd783a41f4c46_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-02-25_e6c711e9e99daf9d4b2bd783a41f4c46_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-02-25_e6c711e9e99daf9d4b2bd783a41f4c46_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-02-25_e6c711e9e99daf9d4b2bd783a41f4c46_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-02-25_e6c711e9e99daf9d4b2bd783a41f4c46_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-02-25_e6c711e9e99daf9d4b2bd783a41f4c46_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-02-25_e6c711e9e99daf9d4b2bd783a41f4c46_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-02-25_e6c711e9e99daf9d4b2bd783a41f4c46_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-02-25_e6c711e9e99daf9d4b2bd783a41f4c46_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-02-25_e6c711e9e99daf9d4b2bd783a41f4c46_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-02-25_e6c711e9e99daf9d4b2bd783a41f4c46_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-02-25_e6c711e9e99daf9d4b2bd783a41f4c46_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-02-25_e6c711e9e99daf9d4b2bd783a41f4c46_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-02-25_e6c711e9e99daf9d4b2bd783a41f4c46_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-02-25_e6c711e9e99daf9d4b2bd783a41f4c46_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-02-25_e6c711e9e99daf9d4b2bd783a41f4c46_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-02-25_e6c711e9e99daf9d4b2bd783a41f4c46_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-02-25_e6c711e9e99daf9d4b2bd783a41f4c46_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-02-25_e6c711e9e99daf9d4b2bd783a41f4c46_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-02-25_e6c711e9e99daf9d4b2bd783a41f4c46_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-02-25_e6c711e9e99daf9d4b2bd783a41f4c46_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-02-25_e6c711e9e99daf9d4b2bd783a41f4c46_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-02-25_e6c711e9e99daf9d4b2bd783a41f4c46_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-02-25_e6c711e9e99daf9d4b2bd783a41f4c46_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-02-25_e6c711e9e99daf9d4b2bd783a41f4c46_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-02-25_e6c711e9e99daf9d4b2bd783a41f4c46_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-02-25_e6c711e9e99daf9d4b2bd783a41f4c46_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-02-25_e6c711e9e99daf9d4b2bd783a41f4c46_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-02-25_e6c711e9e99daf9d4b2bd783a41f4c46_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-02-25_e6c711e9e99daf9d4b2bd783a41f4c46_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-02-25_e6c711e9e99daf9d4b2bd783a41f4c46_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-02-25_e6c711e9e99daf9d4b2bd783a41f4c46_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-02-25_e6c711e9e99daf9d4b2bd783a41f4c46_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-02-25_e6c711e9e99daf9d4b2bd783a41f4c46_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-02-25_e6c711e9e99daf9d4b2bd783a41f4c46_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-02-25_e6c711e9e99daf9d4b2bd783a41f4c46_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-02-25_e6c711e9e99daf9d4b2bd783a41f4c46_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-02-25_e6c711e9e99daf9d4b2bd783a41f4c46_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-02-25_e6c711e9e99daf9d4b2bd783a41f4c46_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-02-25_e6c711e9e99daf9d4b2bd783a41f4c46_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-02-25_e6c711e9e99daf9d4b2bd783a41f4c46_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-02-25_e6c711e9e99daf9d4b2bd783a41f4c46_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-02-25_e6c711e9e99daf9d4b2bd783a41f4c46_darkside.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeAssignPrimaryTokenPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-25_e6c711e9e99daf9d4b2bd783a41f4c46_darkside.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-25_e6c711e9e99daf9d4b2bd783a41f4c46_darkside.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-25_e6c711e9e99daf9d4b2bd783a41f4c46_darkside.exe N/A
Token: 36 N/A C:\Users\Admin\AppData\Local\Temp\2024-02-25_e6c711e9e99daf9d4b2bd783a41f4c46_darkside.exe N/A
Token: SeImpersonatePrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-25_e6c711e9e99daf9d4b2bd783a41f4c46_darkside.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-25_e6c711e9e99daf9d4b2bd783a41f4c46_darkside.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-25_e6c711e9e99daf9d4b2bd783a41f4c46_darkside.exe N/A
Token: 33 N/A C:\Users\Admin\AppData\Local\Temp\2024-02-25_e6c711e9e99daf9d4b2bd783a41f4c46_darkside.exe N/A
Token: SeManageVolumePrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-25_e6c711e9e99daf9d4b2bd783a41f4c46_darkside.exe N/A
Token: SeProfSingleProcessPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-25_e6c711e9e99daf9d4b2bd783a41f4c46_darkside.exe N/A
Token: SeRestorePrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-25_e6c711e9e99daf9d4b2bd783a41f4c46_darkside.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-25_e6c711e9e99daf9d4b2bd783a41f4c46_darkside.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-25_e6c711e9e99daf9d4b2bd783a41f4c46_darkside.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-25_e6c711e9e99daf9d4b2bd783a41f4c46_darkside.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-25_e6c711e9e99daf9d4b2bd783a41f4c46_darkside.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-25_e6c711e9e99daf9d4b2bd783a41f4c46_darkside.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-25_e6c711e9e99daf9d4b2bd783a41f4c46_darkside.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-25_e6c711e9e99daf9d4b2bd783a41f4c46_darkside.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-25_e6c711e9e99daf9d4b2bd783a41f4c46_darkside.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-25_e6c711e9e99daf9d4b2bd783a41f4c46_darkside.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-25_e6c711e9e99daf9d4b2bd783a41f4c46_darkside.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-25_e6c711e9e99daf9d4b2bd783a41f4c46_darkside.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-25_e6c711e9e99daf9d4b2bd783a41f4c46_darkside.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-25_e6c711e9e99daf9d4b2bd783a41f4c46_darkside.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-25_e6c711e9e99daf9d4b2bd783a41f4c46_darkside.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-25_e6c711e9e99daf9d4b2bd783a41f4c46_darkside.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-25_e6c711e9e99daf9d4b2bd783a41f4c46_darkside.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-25_e6c711e9e99daf9d4b2bd783a41f4c46_darkside.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-25_e6c711e9e99daf9d4b2bd783a41f4c46_darkside.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-25_e6c711e9e99daf9d4b2bd783a41f4c46_darkside.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-25_e6c711e9e99daf9d4b2bd783a41f4c46_darkside.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-25_e6c711e9e99daf9d4b2bd783a41f4c46_darkside.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-25_e6c711e9e99daf9d4b2bd783a41f4c46_darkside.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-25_e6c711e9e99daf9d4b2bd783a41f4c46_darkside.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-25_e6c711e9e99daf9d4b2bd783a41f4c46_darkside.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-25_e6c711e9e99daf9d4b2bd783a41f4c46_darkside.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-25_e6c711e9e99daf9d4b2bd783a41f4c46_darkside.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-25_e6c711e9e99daf9d4b2bd783a41f4c46_darkside.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-25_e6c711e9e99daf9d4b2bd783a41f4c46_darkside.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-25_e6c711e9e99daf9d4b2bd783a41f4c46_darkside.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-25_e6c711e9e99daf9d4b2bd783a41f4c46_darkside.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-25_e6c711e9e99daf9d4b2bd783a41f4c46_darkside.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-25_e6c711e9e99daf9d4b2bd783a41f4c46_darkside.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-25_e6c711e9e99daf9d4b2bd783a41f4c46_darkside.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-25_e6c711e9e99daf9d4b2bd783a41f4c46_darkside.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-25_e6c711e9e99daf9d4b2bd783a41f4c46_darkside.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-25_e6c711e9e99daf9d4b2bd783a41f4c46_darkside.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-25_e6c711e9e99daf9d4b2bd783a41f4c46_darkside.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-25_e6c711e9e99daf9d4b2bd783a41f4c46_darkside.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-25_e6c711e9e99daf9d4b2bd783a41f4c46_darkside.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-25_e6c711e9e99daf9d4b2bd783a41f4c46_darkside.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-25_e6c711e9e99daf9d4b2bd783a41f4c46_darkside.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-25_e6c711e9e99daf9d4b2bd783a41f4c46_darkside.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-25_e6c711e9e99daf9d4b2bd783a41f4c46_darkside.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-25_e6c711e9e99daf9d4b2bd783a41f4c46_darkside.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-25_e6c711e9e99daf9d4b2bd783a41f4c46_darkside.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-25_e6c711e9e99daf9d4b2bd783a41f4c46_darkside.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-25_e6c711e9e99daf9d4b2bd783a41f4c46_darkside.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-25_e6c711e9e99daf9d4b2bd783a41f4c46_darkside.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-25_e6c711e9e99daf9d4b2bd783a41f4c46_darkside.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-25_e6c711e9e99daf9d4b2bd783a41f4c46_darkside.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-25_e6c711e9e99daf9d4b2bd783a41f4c46_darkside.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-25_e6c711e9e99daf9d4b2bd783a41f4c46_darkside.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-25_e6c711e9e99daf9d4b2bd783a41f4c46_darkside.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\2024-02-25_e6c711e9e99daf9d4b2bd783a41f4c46_darkside.exe

"C:\Users\Admin\AppData\Local\Temp\2024-02-25_e6c711e9e99daf9d4b2bd783a41f4c46_darkside.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 73.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 173.178.17.96.in-addr.arpa udp
US 8.8.8.8:53 241.154.82.20.in-addr.arpa udp
US 8.8.8.8:53 41.110.16.96.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.200:443 g.bing.com tcp
US 8.8.8.8:53 200.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 205.47.74.20.in-addr.arpa udp
US 8.8.8.8:53 183.59.114.20.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 134.71.91.104.in-addr.arpa udp
US 8.8.8.8:53 208.178.17.96.in-addr.arpa udp
US 8.8.8.8:53 30.243.111.52.in-addr.arpa udp
US 8.8.8.8:53 182.178.17.96.in-addr.arpa udp

Files

memory/1148-0-0x0000000003260000-0x0000000003270000-memory.dmp

memory/1148-1-0x0000000003260000-0x0000000003270000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-3538781373-1545967067-4263767959-1000\CCCCCCCCCCC

MD5 cf41c21117c03c8b521c4e6f6496a31f
SHA1 65d6994d4a338536936b515e7b2c13a1132d6564
SHA256 7aedcffc6898f13d79ed919f20bc1471b4cda8d9abb8b45a1905ebc742d4c1e1
SHA512 a41cf246b74ffce768435f3d22aee108cb4c247195009e0199489a297bf3d05c4ee4d16861a838f79dbc94fabdf5e34722c4b094560d4f4c4334ffe8297f8891

F:\$RECYCLE.BIN\S-1-5-21-3538781373-1545967067-4263767959-1000\DDDDDDDDDDD

MD5 9e3a0b4ba9e9673d89ce5bbcae6c19d2
SHA1 f1491e1d143e8d8c7e5ac77ad181fa1aa7c3700d
SHA256 067c6889c26e2d603381bebf05aaf94e3da57d5062cd1b4b86c8557a2fffd6d5
SHA512 5fe7b10ebc3ef37c9f8fee6e9977987289529e3fba0c70c8cd867b0a43800bd0ccae12cb3a6aa1b79aee74fcaba61f4b2b2ec8d57f3ef83500d60c0ee1afe58e

C:\x6HpDuwdD.README.txt

MD5 e942fb3da92ac2d090bd188c366bd441
SHA1 3d10eb01c1481ddda35b23d848c7644f21f05903
SHA256 9b62dc47739418db5590fbdeb5fe36584fa7d52d1f1e126c29e8e1420225e315
SHA512 d9b16301d77755727c19b0413bc2be7328d4865ea3e5f8d8a436c99f99032190c5b8c2b5cac6bd7722617ad870078b1534451f39ed5770ec5fe79e01590e0eef

memory/1148-2618-0x0000000003260000-0x0000000003270000-memory.dmp

memory/1148-2619-0x0000000003260000-0x0000000003270000-memory.dmp

memory/1148-2620-0x0000000003260000-0x0000000003270000-memory.dmp