Malware Analysis Report

2024-11-30 18:51

Sample ID 240314-b7wp8ahg99
Target BlitzedGrabberV12-main_1.zip
SHA256 d26efeb960b006f21abb1a215cbb77fc47cd10c4e9f0722c766239a603d530df
Tags
agilenet
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral4

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral6

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral12

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral13

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral14

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral15

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral5

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral7

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral11

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral8

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral9

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral10

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral16

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

d26efeb960b006f21abb1a215cbb77fc47cd10c4e9f0722c766239a603d530df

Threat Level: Shows suspicious behavior

The file BlitzedGrabberV12-main_1.zip was found to be: Shows suspicious behavior.

Malicious Activity Summary

agilenet

Obfuscated with Agile.Net obfuscator

Loads dropped DLL

Enumerates physical storage devices

Program crash

Unsigned PE

Suspicious use of FindShellTrayWindow

Suspicious use of WriteProcessMemory

Suspicious use of AdjustPrivilegeToken

Modifies registry class

Suspicious behavior: GetForegroundWindowSpam

Suspicious use of SetWindowsHookEx

Modifies Internet Explorer settings

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-03-14 01:47

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Analysis: behavioral4

Detonation Overview

Submitted

2024-03-14 01:47

Reported

2024-03-14 02:22

Platform

win10v2004-20240226-en

Max time kernel

1793s

Max time network

1803s

Command Line

"C:\Users\Admin\AppData\Local\Temp\BlitzedGrabberV12-main\BlitzedGrabberV12\BlitzedGrabberV12.exe"

Signatures

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\BlitzedGrabberV12-main\BlitzedGrabberV12\BlitzedGrabberV12.exe N/A

Obfuscated with Agile.Net obfuscator

agilenet
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Processes

C:\Users\Admin\AppData\Local\Temp\BlitzedGrabberV12-main\BlitzedGrabberV12\BlitzedGrabberV12.exe

"C:\Users\Admin\AppData\Local\Temp\BlitzedGrabberV12-main\BlitzedGrabberV12\BlitzedGrabberV12.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3608 --field-trial-handle=2284,i,9807419199535700662,2319175108930815708,262144 --variations-seed-version /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=1040 --field-trial-handle=2284,i,9807419199535700662,2319175108930815708,262144 --variations-seed-version /prefetch:8

Network

Country Destination Domain Proto
US 8.8.8.8:53 68.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 9.228.82.20.in-addr.arpa udp
US 8.8.8.8:53 173.178.17.96.in-addr.arpa udp
US 8.8.8.8:53 41.110.16.96.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.200:443 g.bing.com tcp
US 8.8.8.8:53 200.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 232.168.11.51.in-addr.arpa udp
US 8.8.8.8:53 97.17.167.52.in-addr.arpa udp
US 13.107.253.64:443 tcp
US 8.8.8.8:53 86.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
US 8.8.8.8:53 217.135.221.88.in-addr.arpa udp
US 8.8.8.8:53 43.229.111.52.in-addr.arpa udp
US 8.8.8.8:53 chromewebstore.googleapis.com udp
US 8.8.8.8:53 chromewebstore.googleapis.com udp
NL 142.250.179.202:443 chromewebstore.googleapis.com tcp
US 8.8.8.8:53 202.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 2.17.178.52.in-addr.arpa udp
US 8.8.8.8:53 149.220.183.52.in-addr.arpa udp
US 8.8.8.8:53 26.35.223.20.in-addr.arpa udp
US 8.8.8.8:53 88.156.103.20.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp

Files

memory/4820-1-0x0000000000090000-0x000000000023C000-memory.dmp

memory/4820-2-0x0000000074A40000-0x00000000751F0000-memory.dmp

memory/4820-3-0x0000000005210000-0x00000000057B4000-memory.dmp

memory/4820-4-0x0000000004C60000-0x0000000004CF2000-memory.dmp

memory/4820-5-0x0000000004B70000-0x0000000004B80000-memory.dmp

memory/4820-6-0x0000000004C00000-0x0000000004C0A000-memory.dmp

memory/4820-7-0x0000000004FC0000-0x00000000051B2000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\dcfb00f9-5ae7-4197-ba59-e48107e40d35\GunaDotNetRT.dll

MD5 e069bc3d7dc563d602783e0169de52b0
SHA1 e30909fe5d2fea2d17de90ae95f3208743f33034
SHA256 40fa530143aad845add884b06709674d13c02a70f9af19d6024b57876e037875
SHA512 081bfe056196021b785e1e2cf323fd35668b0cf3af4c02252d8ccc0eab06f0d7829b08a213e0b98ecbc7cd57d008add9787e0426391b9b5919296c06586b36c8

memory/4820-13-0x0000000071140000-0x0000000071177000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\dcfb00f9-5ae7-4197-ba59-e48107e40d35\GunaDotNetRT.dll

MD5 9af5eb006bb0bab7f226272d82c896c7
SHA1 c2a5bb42a5f08f4dc821be374b700652262308f0
SHA256 77dc05a6bda90757f66552ee3f469b09f1e00732b4edca0f542872fb591ed9db
SHA512 7badd41be4c1039302fda9bba19d374ec9446ce24b7db33b66bee4ef38180d1abcd666d2aea468e7e452aa1e1565eedfefed582bf1c2fe477a4171d99d48772a

memory/4820-17-0x0000000004FC0000-0x00000000051AE000-memory.dmp

memory/4820-18-0x0000000004FC0000-0x00000000051AE000-memory.dmp

memory/4820-16-0x0000000073450000-0x00000000734D9000-memory.dmp

memory/4820-20-0x0000000004FC0000-0x00000000051AE000-memory.dmp

memory/4820-22-0x0000000004FC0000-0x00000000051AE000-memory.dmp

memory/4820-24-0x0000000004FC0000-0x00000000051AE000-memory.dmp

memory/4820-26-0x0000000004FC0000-0x00000000051AE000-memory.dmp

memory/4820-28-0x0000000004FC0000-0x00000000051AE000-memory.dmp

memory/4820-30-0x0000000004FC0000-0x00000000051AE000-memory.dmp

memory/4820-32-0x0000000004FC0000-0x00000000051AE000-memory.dmp

memory/4820-34-0x0000000004FC0000-0x00000000051AE000-memory.dmp

memory/4820-36-0x0000000004FC0000-0x00000000051AE000-memory.dmp

memory/4820-38-0x0000000004FC0000-0x00000000051AE000-memory.dmp

memory/4820-40-0x0000000004FC0000-0x00000000051AE000-memory.dmp

memory/4820-42-0x0000000004FC0000-0x00000000051AE000-memory.dmp

memory/4820-44-0x0000000004FC0000-0x00000000051AE000-memory.dmp

memory/4820-46-0x0000000004FC0000-0x00000000051AE000-memory.dmp

memory/4820-48-0x0000000004FC0000-0x00000000051AE000-memory.dmp

memory/4820-50-0x0000000004FC0000-0x00000000051AE000-memory.dmp

memory/4820-52-0x0000000004FC0000-0x00000000051AE000-memory.dmp

memory/4820-54-0x0000000004FC0000-0x00000000051AE000-memory.dmp

memory/4820-58-0x0000000004FC0000-0x00000000051AE000-memory.dmp

memory/4820-60-0x0000000004FC0000-0x00000000051AE000-memory.dmp

memory/4820-56-0x0000000004FC0000-0x00000000051AE000-memory.dmp

memory/4820-62-0x0000000004FC0000-0x00000000051AE000-memory.dmp

memory/4820-64-0x0000000004FC0000-0x00000000051AE000-memory.dmp

memory/4820-66-0x0000000004FC0000-0x00000000051AE000-memory.dmp

memory/4820-68-0x0000000004FC0000-0x00000000051AE000-memory.dmp

memory/4820-70-0x0000000004FC0000-0x00000000051AE000-memory.dmp

memory/4820-72-0x0000000004FC0000-0x00000000051AE000-memory.dmp

memory/4820-74-0x0000000004FC0000-0x00000000051AE000-memory.dmp

memory/4820-76-0x0000000004FC0000-0x00000000051AE000-memory.dmp

memory/4820-78-0x0000000004FC0000-0x00000000051AE000-memory.dmp

memory/4820-1297-0x0000000074A40000-0x00000000751F0000-memory.dmp

memory/4820-1736-0x0000000004B70000-0x0000000004B80000-memory.dmp

memory/4820-2186-0x0000000071140000-0x0000000071177000-memory.dmp

memory/4820-11674-0x0000000000C20000-0x0000000000CBC000-memory.dmp

memory/4820-11675-0x0000000004B70000-0x0000000004B80000-memory.dmp

memory/4820-11676-0x0000000004B70000-0x0000000004B80000-memory.dmp

memory/4820-11677-0x0000000004B70000-0x0000000004B80000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\BlitzedGrabberV12-main\BlitzedGrabberV12\BlitzedGrabberV12.exe.Config

MD5 02bafe634a181de6af59ecfb1a9a7230
SHA1 5fb944dc91a95007795d83f2037cfe42f0d959f0
SHA256 6288699c8a0e00de7329c8f642bc22e6d7ed873f1decd32f05231cf69cac4470
SHA512 3e4dc4ae10bf527b98608883638356a84aa9652707276981458b0d9c58f000b290f24b4fbd1794ef02484ccf5ff43d5b55ab7161f5c9f408f68f7caa0676b362

memory/4820-11684-0x0000000004B70000-0x0000000004B80000-memory.dmp

memory/4820-11686-0x0000000004B70000-0x0000000004B80000-memory.dmp

memory/4820-11687-0x0000000004B70000-0x0000000004B80000-memory.dmp

memory/4820-11688-0x0000000004B70000-0x0000000004B80000-memory.dmp

memory/4820-11689-0x0000000004B70000-0x0000000004B80000-memory.dmp

Analysis: behavioral6

Detonation Overview

Submitted

2024-03-14 01:47

Reported

2024-03-14 02:22

Platform

win10v2004-20240226-en

Max time kernel

1386s

Max time network

1175s

Command Line

"C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\MSOXMLED.EXE" /verb open "C:\Users\Admin\AppData\Local\Temp\BlitzedGrabberV12-main\BlitzedGrabberV12\BlitzedGrabberV12.exe.xml"

Signatures

N/A

Processes

C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\MSOXMLED.EXE

"C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\MSOXMLED.EXE" /verb open "C:\Users\Admin\AppData\Local\Temp\BlitzedGrabberV12-main\BlitzedGrabberV12\BlitzedGrabberV12.exe.xml"

Network

Country Destination Domain Proto
US 8.8.8.8:53 g.bing.com udp
US 8.8.8.8:53 228.249.119.40.in-addr.arpa udp
US 204.79.197.200:443 g.bing.com tcp
US 8.8.8.8:53 14.160.190.20.in-addr.arpa udp
US 8.8.8.8:53 0.204.248.87.in-addr.arpa udp
US 8.8.8.8:53 200.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 154.239.44.20.in-addr.arpa udp
US 8.8.8.8:53 9.228.82.20.in-addr.arpa udp
US 8.8.8.8:53 43.58.199.20.in-addr.arpa udp
US 8.8.8.8:53 41.110.16.96.in-addr.arpa udp
US 8.8.8.8:53 104.219.191.52.in-addr.arpa udp
US 8.8.8.8:53 183.59.114.20.in-addr.arpa udp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
US 8.8.8.8:53 217.135.221.88.in-addr.arpa udp
US 8.8.8.8:53 0.205.248.87.in-addr.arpa udp
US 8.8.8.8:53 13.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 85.65.42.20.in-addr.arpa udp

Files

memory/632-0-0x00007FFED5A90000-0x00007FFED5AA0000-memory.dmp

memory/632-1-0x00007FFF15A10000-0x00007FFF15C05000-memory.dmp

memory/632-2-0x00007FFF15A10000-0x00007FFF15C05000-memory.dmp

memory/632-3-0x00007FFF13470000-0x00007FFF13739000-memory.dmp

memory/632-4-0x00007FFED5A90000-0x00007FFED5AA0000-memory.dmp

memory/632-5-0x00007FFF15A10000-0x00007FFF15C05000-memory.dmp

Analysis: behavioral12

Detonation Overview

Submitted

2024-03-14 01:47

Reported

2024-03-14 02:32

Platform

win10v2004-20231215-en

Max time kernel

453s

Max time network

1175s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\BlitzedGrabberV12-main\BlitzedGrabberV12\Resources\Newtonsoft.Json.dll,#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\BlitzedGrabberV12-main\BlitzedGrabberV12\Resources\Newtonsoft.Json.dll,#1

Network

Country Destination Domain Proto
US 8.8.8.8:53 133.211.185.52.in-addr.arpa udp
US 8.8.8.8:53 180.178.17.96.in-addr.arpa udp
US 8.8.8.8:53 136.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 58.55.71.13.in-addr.arpa udp
US 8.8.8.8:53 157.123.68.40.in-addr.arpa udp
US 8.8.8.8:53 18.31.95.13.in-addr.arpa udp
US 8.8.8.8:53 217.135.221.88.in-addr.arpa udp
US 8.8.8.8:53 104.219.191.52.in-addr.arpa udp
US 8.8.8.8:53 194.178.17.96.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 1.173.189.20.in-addr.arpa udp

Files

N/A

Analysis: behavioral13

Detonation Overview

Submitted

2024-03-14 01:47

Reported

2024-03-14 02:33

Platform

win7-20240221-en

Max time kernel

1566s

Max time network

1569s

Command Line

"C:\Users\Admin\AppData\Local\Temp\BlitzedGrabberV12-main\BlitzedGrabberV12\Resources\UltraEmbeddable.exe"

Signatures

Processes

C:\Users\Admin\AppData\Local\Temp\BlitzedGrabberV12-main\BlitzedGrabberV12\Resources\UltraEmbeddable.exe

"C:\Users\Admin\AppData\Local\Temp\BlitzedGrabberV12-main\BlitzedGrabberV12\Resources\UltraEmbeddable.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 1552 -s 556

Network

N/A

Files

memory/1552-0-0x0000000001140000-0x00000000011BA000-memory.dmp

memory/1552-1-0x0000000074D20000-0x000000007540E000-memory.dmp

memory/1552-2-0x0000000074D20000-0x000000007540E000-memory.dmp

Analysis: behavioral14

Detonation Overview

Submitted

2024-03-14 01:47

Reported

2024-03-14 02:37

Platform

win10v2004-20240226-en

Max time kernel

1429s

Max time network

1177s

Command Line

"C:\Users\Admin\AppData\Local\Temp\BlitzedGrabberV12-main\BlitzedGrabberV12\Resources\UltraEmbeddable.exe"

Signatures

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeManageVolumePrivilege N/A C:\Windows\System32\svchost.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\BlitzedGrabberV12-main\BlitzedGrabberV12\Resources\UltraEmbeddable.exe

"C:\Users\Admin\AppData\Local\Temp\BlitzedGrabberV12-main\BlitzedGrabberV12\Resources\UltraEmbeddable.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 416 -p 4620 -ip 4620

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 4620 -s 868

C:\Windows\system32\rundll32.exe

"C:\Windows\system32\rundll32.exe" "C:\Windows\SYSTEM32\EDGEHTML.dll",#141 Microsoft.VCLibs.140.00_8wekyb3d8bbwe

C:\Windows\System32\svchost.exe

C:\Windows\System32\svchost.exe -k UnistackSvcGroup

Network

Country Destination Domain Proto
US 8.8.8.8:53 136.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.200:443 g.bing.com tcp
US 8.8.8.8:53 200.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 180.178.17.96.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 97.17.167.52.in-addr.arpa udp
US 8.8.8.8:53 88.156.103.20.in-addr.arpa udp
US 8.8.8.8:53 241.154.82.20.in-addr.arpa udp
US 8.8.8.8:53 157.123.68.40.in-addr.arpa udp
US 8.8.8.8:53 41.110.16.96.in-addr.arpa udp
US 8.8.8.8:53 9.228.82.20.in-addr.arpa udp
US 8.8.8.8:53 154.239.44.20.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 13.86.106.20.in-addr.arpa udp
US 8.8.8.8:53 104.241.123.92.in-addr.arpa udp
US 8.8.8.8:53 119.110.54.20.in-addr.arpa udp
US 8.8.8.8:53 0.205.248.87.in-addr.arpa udp
US 8.8.8.8:53 174.178.17.96.in-addr.arpa udp
US 8.8.8.8:53 0.204.248.87.in-addr.arpa udp
US 8.8.8.8:53 50.134.221.88.in-addr.arpa udp
US 8.8.8.8:53 56.126.166.20.in-addr.arpa udp
US 8.8.8.8:53 217.135.221.88.in-addr.arpa udp
US 8.8.8.8:53 211.178.17.96.in-addr.arpa udp
US 8.8.8.8:53 18.134.221.88.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 13.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 43.58.199.20.in-addr.arpa udp
US 8.8.8.8:53 18.173.189.20.in-addr.arpa udp
NL 52.142.223.178:80 tcp

Files

memory/4620-0-0x0000000000040000-0x00000000000BA000-memory.dmp

memory/4620-1-0x0000000074D00000-0x00000000754B0000-memory.dmp

memory/4620-2-0x0000000074D00000-0x00000000754B0000-memory.dmp

memory/3760-3-0x0000024B23B40000-0x0000024B23B50000-memory.dmp

memory/3760-19-0x0000024B23C40000-0x0000024B23C50000-memory.dmp

memory/3760-35-0x0000024B2BF40000-0x0000024B2BF41000-memory.dmp

memory/3760-37-0x0000024B2BF70000-0x0000024B2BF71000-memory.dmp

memory/3760-38-0x0000024B2BF70000-0x0000024B2BF71000-memory.dmp

memory/3760-39-0x0000024B2C080000-0x0000024B2C081000-memory.dmp

Analysis: behavioral15

Detonation Overview

Submitted

2024-03-14 01:47

Reported

2024-03-14 02:37

Platform

win7-20240221-en

Max time kernel

1556s

Max time network

1557s

Command Line

cmd /c C:\Users\Admin\AppData\Local\Temp\BlitzedGrabberV12-main\README.md

Signatures

Enumerates physical storage devices

Modifies registry class

Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000_CLASSES\md_auto_file\ C:\Windows\system32\rundll32.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000_CLASSES\.md\ = "md_auto_file" C:\Windows\system32\rundll32.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000_CLASSES\md_auto_file\shell C:\Windows\system32\rundll32.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000_CLASSES\md_auto_file\shell\Read\command C:\Windows\system32\rundll32.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000_CLASSES\md_auto_file\shell\Read\command\ = "\"C:\\Program Files (x86)\\Adobe\\Reader 9.0\\Reader\\AcroRd32.exe\" \"%1\"" C:\Windows\system32\rundll32.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000_Classes\Local Settings C:\Windows\system32\rundll32.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000_CLASSES\md_auto_file C:\Windows\system32\rundll32.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000_CLASSES\.md C:\Windows\system32\rundll32.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000_CLASSES\md_auto_file\shell\Read C:\Windows\system32\rundll32.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe N/A
N/A N/A C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe N/A

Processes

C:\Windows\system32\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\BlitzedGrabberV12-main\README.md

C:\Windows\system32\rundll32.exe

"C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\BlitzedGrabberV12-main\README.md

C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe

"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\BlitzedGrabberV12-main\README.md"

Network

N/A

Files

C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents

MD5 f96402e416c563e7f63b378f8c31d443
SHA1 0030868e4822de3e89a903604f3750f834ad83a2
SHA256 9d2a8a0f6116199443da055d78ccd0b5e1f79bb78519dca78e0618245d491a91
SHA512 397c76c004008fbc1c78f0dfc8ce8cac0b5283a5b31ee835af9f81f050e4ad230ea41be6f66eaea1866c80e3ca31310e62e23b64d3c4bca3cc05cf95c4ecaf02

Analysis: behavioral2

Detonation Overview

Submitted

2024-03-14 01:47

Reported

2024-03-14 02:21

Platform

win10v2004-20240226-en

Max time kernel

1371s

Max time network

1162s

Command Line

C:\Windows\Explorer.exe /idlist,,C:\Users\Admin\AppData\Local\Temp\BlitzedGrabberV12-main_1.zip

Signatures

N/A

Processes

C:\Windows\Explorer.exe

C:\Windows\Explorer.exe /idlist,,C:\Users\Admin\AppData\Local\Temp\BlitzedGrabberV12-main_1.zip

Network

Country Destination Domain Proto
US 8.8.8.8:53 228.249.119.40.in-addr.arpa udp
US 8.8.8.8:53 0.204.248.87.in-addr.arpa udp
US 8.8.8.8:53 14.160.190.20.in-addr.arpa udp
US 8.8.8.8:53 241.154.82.20.in-addr.arpa udp
US 8.8.8.8:53 55.36.223.20.in-addr.arpa udp
US 8.8.8.8:53 41.110.16.96.in-addr.arpa udp
US 8.8.8.8:53 26.165.165.52.in-addr.arpa udp
US 8.8.8.8:53 56.126.166.20.in-addr.arpa udp
US 8.8.8.8:53 217.135.221.88.in-addr.arpa udp
US 8.8.8.8:53 154.239.44.20.in-addr.arpa udp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
US 8.8.8.8:53 104.241.123.92.in-addr.arpa udp
US 8.8.8.8:53 119.110.54.20.in-addr.arpa udp
US 8.8.8.8:53 88.156.103.20.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 200.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 176.178.17.96.in-addr.arpa udp
US 8.8.8.8:53 174.178.17.96.in-addr.arpa udp
US 8.8.8.8:53 11.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 18.134.221.88.in-addr.arpa udp
US 8.8.8.8:53 0.205.248.87.in-addr.arpa udp
US 8.8.8.8:53 27.178.89.13.in-addr.arpa udp

Files

N/A

Analysis: behavioral3

Detonation Overview

Submitted

2024-03-14 01:47

Reported

2024-03-14 02:22

Platform

win7-20240221-en

Max time kernel

1559s

Max time network

1562s

Command Line

"C:\Users\Admin\AppData\Local\Temp\BlitzedGrabberV12-main\BlitzedGrabberV12\BlitzedGrabberV12.exe"

Signatures

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\BlitzedGrabberV12-main\BlitzedGrabberV12\BlitzedGrabberV12.exe N/A

Obfuscated with Agile.Net obfuscator

agilenet
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Processes

C:\Users\Admin\AppData\Local\Temp\BlitzedGrabberV12-main\BlitzedGrabberV12\BlitzedGrabberV12.exe

"C:\Users\Admin\AppData\Local\Temp\BlitzedGrabberV12-main\BlitzedGrabberV12\BlitzedGrabberV12.exe"

Network

N/A

Files

memory/2828-0-0x0000000001140000-0x00000000012EC000-memory.dmp

memory/2828-1-0x00000000746C0000-0x0000000074DAE000-memory.dmp

memory/2828-2-0x0000000004A70000-0x0000000004AB0000-memory.dmp

memory/2828-3-0x0000000005000000-0x00000000051F2000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\dcfb00f9-5ae7-4197-ba59-e48107e40d35\GunaDotNetRT.dll

MD5 9af5eb006bb0bab7f226272d82c896c7
SHA1 c2a5bb42a5f08f4dc821be374b700652262308f0
SHA256 77dc05a6bda90757f66552ee3f469b09f1e00732b4edca0f542872fb591ed9db
SHA512 7badd41be4c1039302fda9bba19d374ec9446ce24b7db33b66bee4ef38180d1abcd666d2aea468e7e452aa1e1565eedfefed582bf1c2fe477a4171d99d48772a

memory/2828-10-0x0000000073EE0000-0x0000000073F17000-memory.dmp

memory/2828-11-0x00000000744C0000-0x0000000074540000-memory.dmp

memory/2828-12-0x0000000005000000-0x00000000051EE000-memory.dmp

memory/2828-13-0x0000000005000000-0x00000000051EE000-memory.dmp

memory/2828-15-0x0000000005000000-0x00000000051EE000-memory.dmp

memory/2828-17-0x0000000005000000-0x00000000051EE000-memory.dmp

memory/2828-19-0x0000000005000000-0x00000000051EE000-memory.dmp

memory/2828-21-0x0000000005000000-0x00000000051EE000-memory.dmp

memory/2828-23-0x0000000005000000-0x00000000051EE000-memory.dmp

memory/2828-25-0x0000000005000000-0x00000000051EE000-memory.dmp

memory/2828-27-0x0000000005000000-0x00000000051EE000-memory.dmp

memory/2828-31-0x0000000005000000-0x00000000051EE000-memory.dmp

memory/2828-29-0x0000000005000000-0x00000000051EE000-memory.dmp

memory/2828-73-0x0000000005000000-0x00000000051EE000-memory.dmp

memory/2828-71-0x0000000005000000-0x00000000051EE000-memory.dmp

memory/2828-69-0x0000000005000000-0x00000000051EE000-memory.dmp

memory/2828-67-0x0000000005000000-0x00000000051EE000-memory.dmp

memory/2828-65-0x0000000005000000-0x00000000051EE000-memory.dmp

memory/2828-63-0x0000000005000000-0x00000000051EE000-memory.dmp

memory/2828-61-0x0000000005000000-0x00000000051EE000-memory.dmp

memory/2828-59-0x0000000005000000-0x00000000051EE000-memory.dmp

memory/2828-57-0x0000000005000000-0x00000000051EE000-memory.dmp

memory/2828-55-0x0000000005000000-0x00000000051EE000-memory.dmp

memory/2828-53-0x0000000005000000-0x00000000051EE000-memory.dmp

memory/2828-51-0x0000000005000000-0x00000000051EE000-memory.dmp

memory/2828-49-0x0000000005000000-0x00000000051EE000-memory.dmp

memory/2828-47-0x0000000005000000-0x00000000051EE000-memory.dmp

memory/2828-45-0x0000000005000000-0x00000000051EE000-memory.dmp

memory/2828-43-0x0000000005000000-0x00000000051EE000-memory.dmp

memory/2828-41-0x0000000005000000-0x00000000051EE000-memory.dmp

memory/2828-39-0x0000000005000000-0x00000000051EE000-memory.dmp

memory/2828-37-0x0000000005000000-0x00000000051EE000-memory.dmp

memory/2828-35-0x0000000005000000-0x00000000051EE000-memory.dmp

memory/2828-33-0x0000000005000000-0x00000000051EE000-memory.dmp

memory/2828-1136-0x00000000746C0000-0x0000000074DAE000-memory.dmp

memory/2828-5631-0x0000000004A70000-0x0000000004AB0000-memory.dmp

memory/2828-6244-0x0000000073EE0000-0x0000000073F17000-memory.dmp

memory/2828-11669-0x0000000004A70000-0x0000000004AB0000-memory.dmp

memory/2828-11670-0x0000000004A70000-0x0000000004AB0000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\BlitzedGrabberV12-main\BlitzedGrabberV12\BlitzedGrabberV12.exe.Config

MD5 02bafe634a181de6af59ecfb1a9a7230
SHA1 5fb944dc91a95007795d83f2037cfe42f0d959f0
SHA256 6288699c8a0e00de7329c8f642bc22e6d7ed873f1decd32f05231cf69cac4470
SHA512 3e4dc4ae10bf527b98608883638356a84aa9652707276981458b0d9c58f000b290f24b4fbd1794ef02484ccf5ff43d5b55ab7161f5c9f408f68f7caa0676b362

memory/2828-11678-0x0000000004A70000-0x0000000004AB0000-memory.dmp

Analysis: behavioral5

Detonation Overview

Submitted

2024-03-14 01:47

Reported

2024-03-14 02:22

Platform

win7-20240221-en

Max time kernel

1563s

Max time network

1565s

Command Line

"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLED.EXE" /verb open "C:\Users\Admin\AppData\Local\Temp\BlitzedGrabberV12-main\BlitzedGrabberV12\BlitzedGrabberV12.exe.xml"

Signatures

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 70435854b275da01 C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000e861098c19b4244d8627ee4664a9606900000000020000000000106600000001000020000000cbfa57fa341eac920a1f4ad1e8050c35fe6a0679110682c01dc33075c96add02000000000e8000000002000020000000c450189c97fc5b48cdaba3bd92f34d0d59d340dd53f61636acdad4546cbb146b90000000b56bb518f7992a8eb0b1bf0b6efc8d283997480f7180a2bfba78401c391712fe3a96abaf49c46e1148b0e72eb125b1f83542953a3148007dc54d5b61cbda53817ec4c9094ae0b32c8ebe62c90ddfe55dc2e52546c4fb07e1e7742d62202ffb6e1bf52b8536bf78928d668229836c80d8b223757c1fc9bbde9492a9c2d7f4038cc263d7c10839a19813cccba8ce25155b400000007acaed887b2f4e15eadfea9274e838f8bfd7087c7cb6b81a7a040a013d4abe7e3077777895d91ca5eced3a43c92c3ad84cc61dab0d3b0b96186e42eb699e649f C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "416543040" C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000e861098c19b4244d8627ee4664a9606900000000020000000000106600000001000020000000003669bf3d0742b740fafdfbaed35e7e28737949d21a03b7a8ab27ca2e95fa83000000000e80000000020000200000001b8a90b0189b919933b3b60d2a320fdd9c8ae0e420171b5d80689d4b962bd252200000001d161f735fc8ba3a19fcc766fb1f05f30907a179ea60ef0d944fcfd445fa01314000000045235c06ef74dff5bdbb47d25f4e7d482a8b64557571317c3a664e7293ce7dbf3ed3744962acc508503ca53b836676a11af79ace1ace567b71537fedd826fd7d C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{7FD74D71-E1A5-11EE-B991-7EEA931DE775} = "0" C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2452 wrote to memory of 2460 N/A C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLED.EXE C:\Program Files (x86)\Internet Explorer\iexplore.exe
PID 2452 wrote to memory of 2460 N/A C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLED.EXE C:\Program Files (x86)\Internet Explorer\iexplore.exe
PID 2452 wrote to memory of 2460 N/A C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLED.EXE C:\Program Files (x86)\Internet Explorer\iexplore.exe
PID 2452 wrote to memory of 2460 N/A C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLED.EXE C:\Program Files (x86)\Internet Explorer\iexplore.exe
PID 2460 wrote to memory of 2232 N/A C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE
PID 2460 wrote to memory of 2232 N/A C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE
PID 2460 wrote to memory of 2232 N/A C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE
PID 2460 wrote to memory of 2232 N/A C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE
PID 2232 wrote to memory of 2652 N/A C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2232 wrote to memory of 2652 N/A C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2232 wrote to memory of 2652 N/A C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2232 wrote to memory of 2652 N/A C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

Processes

C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLED.EXE

"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLED.EXE" /verb open "C:\Users\Admin\AppData\Local\Temp\BlitzedGrabberV12-main\BlitzedGrabberV12\BlitzedGrabberV12.exe.xml"

C:\Program Files (x86)\Internet Explorer\iexplore.exe

"C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome

C:\Program Files\Internet Explorer\IEXPLORE.EXE

"C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2232 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp

Files

C:\Users\Admin\AppData\Local\Temp\Cab2790.tmp

MD5 ac05d27423a85adc1622c714f2cb6184
SHA1 b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256 c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA512 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

MD5 753df6889fd7410a2e9fe333da83a429
SHA1 3c425f16e8267186061dd48ac1c77c122962456e
SHA256 b42dc237e44cbc9a43400e7d3f9cbd406dbdefd62bfe87328f8663897d69df78
SHA512 9d56f79410ad0cf852c74c3ef9454e7ae86e80bdd6ff67773994b48ccac71142bcf5c90635da6a056e1406e81e64674db9584928e867c55b77b59e2851cf6444

C:\Users\Admin\AppData\Local\Temp\Tar291D.tmp

MD5 dd73cead4b93366cf3465c8cd32e2796
SHA1 74546226dfe9ceb8184651e920d1dbfb432b314e
SHA256 a6752b7851b591550e4625b832a393aabcc428de18d83e8593cd540f7d7cae22
SHA512 ce1bdd595065c94fa528badf4a6a8777893807d6789267612755df818ba6ffe55e4df429710aea29526ee4aa8ef20e25f2f05341da53992157d21ae032c0fb63

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3f08b6c3598ecf4b29dcaee8d4f3b06b
SHA1 1494b06924e72abd2e37cd6626012da5ffb9f976
SHA256 6218d715dfd1746f0501453c69ffcf238a97e07813484f2b5b272f80068fdada
SHA512 5efd05c7d907637cce6bb61206678d3bc95e6aa01dd77a587d2ec25a43d58909a785a55d2c49eac44b9a7bcf9705d25a55fc93b56074e0c7e5c5305a594b1c0a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7ecd905e81677e7ba62f08ac651d7742
SHA1 252e50c9ad4748dc26220f2f80d21c937757fe69
SHA256 1b6883bb70a962e8cacd1d0684c0699b7d503038e6ce678acc3b5a57068de035
SHA512 4d72ff4578b3411bf7518bb37fafbfd6078140d896ece14d03a6c8875bcb6f72062d2cb88e08964fb84434ba27d9cf5b1e4a7a2d3729e85e974ad9732327f1b2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f2250670c0ec6b8114d71cdfba6f44f2
SHA1 a9a01a161fa4e3ea60c7280767c0670251817490
SHA256 7d8f310985ed3fa2315fd640c7a716dd12ee6c5f42b18cb21e3fb39aa121edd3
SHA512 c315821e0e17337bfa0e183b770e55a9be2b0ceef8addc4f1420f69b9f4f91de301105f696efc89baaf9ea93c7deb0d5a7e1c71f6f2262d0b3eb33f7cbee6f35

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6f0b3037b3b7b9be32c7bb8234f9a404
SHA1 73dd3dc527611c6be4ba74079b0e95a8bd5dfcc1
SHA256 bc9786b598a2d2ed7d63fc16061e535c22c1ffca761bf6e6fe83a37b1d4b8458
SHA512 ad9d6fd559200ccaacfb8b26dc8c238ac66dc34b89f4729a9d24e593941d82fc8a2752f43cab7667e2e58769538cfebbb0f9252d7f4edd0fa54a15834a193b57

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6fd0edf72ee339c847432f9d3616235d
SHA1 4da210b752927481d76fc3d88775119a0816e790
SHA256 9aac70224953828591d6d1ec046a1a492537c22e62b728916a349199598bd289
SHA512 207a8e23e5e41b0e85bab34f47aff24488d52f18f30555eca9d7e1d3f765809048d46f3c167849bfd897a89a8b96aab62662569aedd712096cca05f5180b9622

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d50892c512e766646962fa9885f697b8
SHA1 f8a03c76a2504f7c2d3dcf06faf51f815fb6c3c6
SHA256 313c86453632c9bdf5a74cf10204ba5bef4b1ed44a31a4cc64c836ad21368111
SHA512 f14513df79981265518f0aedf81491ef811c5efd6ac468ce9ce79e36a49a212b1de8d145e12f75fecd4ae241256c7a785c888e2bc2c98050b37bf552cd749868

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 99eacef54ff55fd98d80fa2e7fde6c22
SHA1 8812d476f8f0b1b175bc55269334a6914ebd1a88
SHA256 0fae807d42894d72eca1b5ac29a4ed335fcd5072aa2627c0a0ba017fa4c53191
SHA512 218ad5fa25156756e0815aed180109910c40475e0f9fe6940d7a077872b54ee11011caeb7d61822d495bf7c97066e3e0d4b3b6f2f7de6e5a6640df75ea1554f9

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 51a3c9679db1fadb3118768cc63fc4bc
SHA1 939c517185a864c57cc50efde6642e9c3f28481a
SHA256 d3e7093ccc99fd441f5dfbf0c5a662c6a66980e9b65661506a352349decc885d
SHA512 a9894f6f363f241d1a35f3546bcce124da3ffc68369fb273dba1e954ab224a1b7eea3599b67a3fb7bfd7a25d32f690f968b884f29516d05c390a210322242ced

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 eedfac5384bb537cc62dc5d17acb2d7e
SHA1 e30ace9e929527a7454420b72b3dfa23fde9b7f8
SHA256 0089f2c341b211df060d890fde0b7e89ab6ea1c3554114aa0e0eef263e26258c
SHA512 da2d27751c14083e1626ef40106374ad9d7061d02b329391ab2aa3df24d6e13e1df8ac29441365c8a024bf297e837503282b588f9b5af418c38f6e81b1b3668c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2b113d7dc4b7225be3eb8549fa8160e3
SHA1 e6af9c464ba2185cac5a3dbb5096206d384ff2ae
SHA256 c07191f68594b11dec46611dc2a42b17807378ff1ae47b18e3f89766d8235353
SHA512 51c4f55472e6f868b4279e77499d9902eba29f49f93eb43500252d41b78da1506f164935347da73d9958f7df24024e02963a43283467f3a629b1ff3dbb3982d9

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 374a02676e037deb045f95e7f0669304
SHA1 913f990601b498d9f847542261858295cf65a0a0
SHA256 2a9f025c57547c7b81b21bd224ab81c5ea8b62f7e29c6044837908a72b49f30b
SHA512 8f620a4987da7fba4058da65badcac8d38caf7d5b011bc4a8f9ef3249051bf3c146b441c64da6927b855a7c8693d8cd921c06d91f1f50f0c12b144dc683d86c2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2361cb6ad8edfb0c0086114a24126f66
SHA1 2f5b1851dc38b98f4043551a126a450f4c5bcb72
SHA256 cf730be661fb4e16d2edb183be03cb6e83917fd7b8543d5e9eed1fc9f7f4a986
SHA512 bc40e1a0787e8b59ac8a06aa2546aae6efef1e04576e23c0462750d3d49e5d6278df481ac97711f948133d909a2c5082935da2df9a9b6a4ada10cb93858a31f5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1cff841d040d9f63a0a909c99bff3235
SHA1 fc79d6cb8bbb23572490931f0aa1a5bf367b1db5
SHA256 16e48fa4c40870e4f104ed621dce99695a5d6a1ef228c0feebcfd4453c26ea66
SHA512 68ae0eab06ca01372520cd30256dfd5395ceefe7be1ee75ac5b93cb23178b7b1c895c8ce3835c08656515166b7cad1ec53a1966a5317a313c0f1cd1e76badfc6

Analysis: behavioral7

Detonation Overview

Submitted

2024-03-14 01:47

Reported

2024-03-14 02:24

Platform

win7-20240221-en

Max time kernel

1563s

Max time network

1574s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\BlitzedGrabberV12-main\BlitzedGrabberV12\Resources\APIFOR.dll,#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\BlitzedGrabberV12-main\BlitzedGrabberV12\Resources\APIFOR.dll,#1

Network

N/A

Files

N/A

Analysis: behavioral11

Detonation Overview

Submitted

2024-03-14 01:47

Reported

2024-03-14 02:27

Platform

win7-20240220-en

Max time kernel

1561s

Max time network

1562s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\BlitzedGrabberV12-main\BlitzedGrabberV12\Resources\Newtonsoft.Json.dll,#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\BlitzedGrabberV12-main\BlitzedGrabberV12\Resources\Newtonsoft.Json.dll,#1

Network

N/A

Files

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-03-14 01:47

Reported

2024-03-14 02:21

Platform

win7-20240221-en

Max time kernel

1560s

Max time network

1561s

Command Line

C:\Windows\Explorer.exe /idlist,,C:\Users\Admin\AppData\Local\Temp\BlitzedGrabberV12-main_1.zip

Signatures

N/A

Processes

C:\Windows\Explorer.exe

C:\Windows\Explorer.exe /idlist,,C:\Users\Admin\AppData\Local\Temp\BlitzedGrabberV12-main_1.zip

Network

N/A

Files

N/A

Analysis: behavioral8

Detonation Overview

Submitted

2024-03-14 01:47

Reported

2024-03-14 02:25

Platform

win10v2004-20240226-en

Max time kernel

1776s

Max time network

1171s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\BlitzedGrabberV12-main\BlitzedGrabberV12\Resources\APIFOR.dll,#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\BlitzedGrabberV12-main\BlitzedGrabberV12\Resources\APIFOR.dll,#1

Network

Country Destination Domain Proto
US 8.8.8.8:53 13.86.106.20.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.200:443 g.bing.com tcp
US 8.8.8.8:53 74.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 9.228.82.20.in-addr.arpa udp
US 20.231.121.79:80 tcp
US 8.8.8.8:53 41.110.16.96.in-addr.arpa udp
US 8.8.8.8:53 157.123.68.40.in-addr.arpa udp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
US 8.8.8.8:53 196.249.167.52.in-addr.arpa udp
US 8.8.8.8:53 104.241.123.92.in-addr.arpa udp
US 8.8.8.8:53 119.110.54.20.in-addr.arpa udp
US 8.8.8.8:53 174.178.17.96.in-addr.arpa udp
US 8.8.8.8:53 18.134.221.88.in-addr.arpa udp
US 8.8.8.8:53 32.134.221.88.in-addr.arpa udp
US 8.8.8.8:53 176.178.17.96.in-addr.arpa udp
US 8.8.8.8:53 57.169.31.20.in-addr.arpa udp
US 8.8.8.8:53 33.134.221.88.in-addr.arpa udp
US 8.8.8.8:53 31.243.111.52.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 88.156.103.20.in-addr.arpa udp
US 8.8.8.8:53 171.117.168.52.in-addr.arpa udp

Files

N/A

Analysis: behavioral9

Detonation Overview

Submitted

2024-03-14 01:47

Reported

2024-03-14 02:25

Platform

win7-20240221-en

Max time kernel

1563s

Max time network

1565s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\BlitzedGrabberV12-main\BlitzedGrabberV12\Resources\BouncyCastle.Crypto.dll,#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\BlitzedGrabberV12-main\BlitzedGrabberV12\Resources\BouncyCastle.Crypto.dll,#1

Network

N/A

Files

N/A

Analysis: behavioral10

Detonation Overview

Submitted

2024-03-14 01:47

Reported

2024-03-14 02:26

Platform

win10v2004-20240226-en

Max time kernel

1794s

Max time network

1803s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\BlitzedGrabberV12-main\BlitzedGrabberV12\Resources\BouncyCastle.Crypto.dll,#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\BlitzedGrabberV12-main\BlitzedGrabberV12\Resources\BouncyCastle.Crypto.dll,#1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4104 --field-trial-handle=2284,i,2771196087253062161,8107167670425198948,262144 --variations-seed-version /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=1308 --field-trial-handle=2284,i,2771196087253062161,8107167670425198948,262144 --variations-seed-version /prefetch:8

Network

Country Destination Domain Proto
US 8.8.8.8:53 67.31.126.40.in-addr.arpa udp
US 8.8.8.8:53 13.86.106.20.in-addr.arpa udp
US 8.8.8.8:53 9.228.82.20.in-addr.arpa udp
US 8.8.8.8:53 0.205.248.87.in-addr.arpa udp
US 8.8.8.8:53 88.156.103.20.in-addr.arpa udp
US 8.8.8.8:53 196.249.167.52.in-addr.arpa udp
US 8.8.8.8:53 41.110.16.96.in-addr.arpa udp
US 8.8.8.8:53 133.211.185.52.in-addr.arpa udp
US 8.8.8.8:53 11.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 157.123.68.40.in-addr.arpa udp
US 8.8.8.8:53 18.31.95.13.in-addr.arpa udp
US 8.8.8.8:53 18.134.221.88.in-addr.arpa udp
US 8.8.8.8:53 180.178.17.96.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 192.98.74.40.in-addr.arpa udp
US 8.8.8.8:53 chromewebstore.googleapis.com udp
US 8.8.8.8:53 chromewebstore.googleapis.com udp
US 8.8.8.8:53 chromewebstore.googleapis.com udp
NL 142.251.39.106:443 chromewebstore.googleapis.com tcp
US 8.8.8.8:53 106.39.251.142.in-addr.arpa udp

Files

N/A

Analysis: behavioral16

Detonation Overview

Submitted

2024-03-14 01:47

Reported

2024-03-14 02:38

Platform

win10v2004-20240226-en

Max time kernel

1388s

Max time network

1179s

Command Line

cmd /c C:\Users\Admin\AppData\Local\Temp\BlitzedGrabberV12-main\README.md

Signatures

Enumerates physical storage devices

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-3270530367-132075249-2153716227-1000_Classes\Local Settings C:\Windows\system32\cmd.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3270530367-132075249-2153716227-1000_Classes\Local Settings C:\Windows\system32\OpenWith.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Windows\system32\OpenWith.exe N/A

Processes

C:\Windows\system32\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\BlitzedGrabberV12-main\README.md

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

Network

Country Destination Domain Proto
US 8.8.8.8:53 228.249.119.40.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.200:443 g.bing.com tcp
US 8.8.8.8:53 41.110.16.96.in-addr.arpa udp
US 8.8.8.8:53 241.154.82.20.in-addr.arpa udp
US 8.8.8.8:53 149.220.183.52.in-addr.arpa udp
US 8.8.8.8:53 26.165.165.52.in-addr.arpa udp
US 8.8.8.8:53 18.31.95.13.in-addr.arpa udp
US 8.8.8.8:53 217.135.221.88.in-addr.arpa udp
US 8.8.8.8:53 55.36.223.20.in-addr.arpa udp
US 8.8.8.8:53 23.236.111.52.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 8.8.8.8:53 88.156.103.20.in-addr.arpa udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 16.173.189.20.in-addr.arpa udp

Files

N/A