Malware Analysis Report

2024-11-13 15:00

Sample ID 240314-erx5wscd63
Target 4cefaa9c547f282b73828d5330a47d774fbf23e9cdafe1e4dc7507e9415ddb3e
SHA256 4cefaa9c547f282b73828d5330a47d774fbf23e9cdafe1e4dc7507e9415ddb3e
Tags
lockbit ransomware spyware stealer
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

4cefaa9c547f282b73828d5330a47d774fbf23e9cdafe1e4dc7507e9415ddb3e

Threat Level: Known bad

The file 4cefaa9c547f282b73828d5330a47d774fbf23e9cdafe1e4dc7507e9415ddb3e was found to be: Known bad.

Malicious Activity Summary

lockbit ransomware spyware stealer

Lockbit family

Rule to detect Lockbit 3.0 ransomware Windows payload

Renames multiple (643) files with added filename extension

Renames multiple (356) files with added filename extension

Reads user/profile data of web browsers

Drops desktop.ini file(s)

Drops file in System32 directory

Suspicious use of NtSetInformationThreadHideFromDebugger

Unsigned PE

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

Suspicious use of AdjustPrivilegeToken

Suspicious behavior: EnumeratesProcesses

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-03-14 04:11

Signatures

Lockbit family

lockbit

Rule to detect Lockbit 3.0 ransomware Windows payload

Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-03-14 04:11

Reported

2024-03-14 04:13

Platform

win7-20240221-en

Max time kernel

118s

Max time network

119s

Command Line

"C:\Users\Admin\AppData\Local\Temp\4cefaa9c547f282b73828d5330a47d774fbf23e9cdafe1e4dc7507e9415ddb3e.exe"

Signatures

Renames multiple (356) files with added filename extension

ransomware

Reads user/profile data of web browsers

spyware stealer

Drops desktop.ini file(s)

Description Indicator Process Target
File opened for modification F:\$RECYCLE.BIN\S-1-5-21-3452737119-3959686427-228443150-1000\desktop.ini C:\Users\Admin\AppData\Local\Temp\4cefaa9c547f282b73828d5330a47d774fbf23e9cdafe1e4dc7507e9415ddb3e.exe N/A
File opened for modification C:\$Recycle.Bin\S-1-5-21-3452737119-3959686427-228443150-1000\desktop.ini C:\Users\Admin\AppData\Local\Temp\4cefaa9c547f282b73828d5330a47d774fbf23e9cdafe1e4dc7507e9415ddb3e.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeAssignPrimaryTokenPrivilege N/A C:\Users\Admin\AppData\Local\Temp\4cefaa9c547f282b73828d5330a47d774fbf23e9cdafe1e4dc7507e9415ddb3e.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\4cefaa9c547f282b73828d5330a47d774fbf23e9cdafe1e4dc7507e9415ddb3e.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\4cefaa9c547f282b73828d5330a47d774fbf23e9cdafe1e4dc7507e9415ddb3e.exe N/A
Token: 36 N/A C:\Users\Admin\AppData\Local\Temp\4cefaa9c547f282b73828d5330a47d774fbf23e9cdafe1e4dc7507e9415ddb3e.exe N/A
Token: SeImpersonatePrivilege N/A C:\Users\Admin\AppData\Local\Temp\4cefaa9c547f282b73828d5330a47d774fbf23e9cdafe1e4dc7507e9415ddb3e.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\4cefaa9c547f282b73828d5330a47d774fbf23e9cdafe1e4dc7507e9415ddb3e.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Users\Admin\AppData\Local\Temp\4cefaa9c547f282b73828d5330a47d774fbf23e9cdafe1e4dc7507e9415ddb3e.exe N/A
Token: 33 N/A C:\Users\Admin\AppData\Local\Temp\4cefaa9c547f282b73828d5330a47d774fbf23e9cdafe1e4dc7507e9415ddb3e.exe N/A
Token: SeManageVolumePrivilege N/A C:\Users\Admin\AppData\Local\Temp\4cefaa9c547f282b73828d5330a47d774fbf23e9cdafe1e4dc7507e9415ddb3e.exe N/A
Token: SeProfSingleProcessPrivilege N/A C:\Users\Admin\AppData\Local\Temp\4cefaa9c547f282b73828d5330a47d774fbf23e9cdafe1e4dc7507e9415ddb3e.exe N/A
Token: SeRestorePrivilege N/A C:\Users\Admin\AppData\Local\Temp\4cefaa9c547f282b73828d5330a47d774fbf23e9cdafe1e4dc7507e9415ddb3e.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\4cefaa9c547f282b73828d5330a47d774fbf23e9cdafe1e4dc7507e9415ddb3e.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\4cefaa9c547f282b73828d5330a47d774fbf23e9cdafe1e4dc7507e9415ddb3e.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Users\Admin\AppData\Local\Temp\4cefaa9c547f282b73828d5330a47d774fbf23e9cdafe1e4dc7507e9415ddb3e.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\4cefaa9c547f282b73828d5330a47d774fbf23e9cdafe1e4dc7507e9415ddb3e.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\4cefaa9c547f282b73828d5330a47d774fbf23e9cdafe1e4dc7507e9415ddb3e.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\4cefaa9c547f282b73828d5330a47d774fbf23e9cdafe1e4dc7507e9415ddb3e.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\4cefaa9c547f282b73828d5330a47d774fbf23e9cdafe1e4dc7507e9415ddb3e.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\4cefaa9c547f282b73828d5330a47d774fbf23e9cdafe1e4dc7507e9415ddb3e.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\4cefaa9c547f282b73828d5330a47d774fbf23e9cdafe1e4dc7507e9415ddb3e.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\4cefaa9c547f282b73828d5330a47d774fbf23e9cdafe1e4dc7507e9415ddb3e.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\4cefaa9c547f282b73828d5330a47d774fbf23e9cdafe1e4dc7507e9415ddb3e.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\4cefaa9c547f282b73828d5330a47d774fbf23e9cdafe1e4dc7507e9415ddb3e.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\4cefaa9c547f282b73828d5330a47d774fbf23e9cdafe1e4dc7507e9415ddb3e.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\4cefaa9c547f282b73828d5330a47d774fbf23e9cdafe1e4dc7507e9415ddb3e.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\4cefaa9c547f282b73828d5330a47d774fbf23e9cdafe1e4dc7507e9415ddb3e.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\4cefaa9c547f282b73828d5330a47d774fbf23e9cdafe1e4dc7507e9415ddb3e.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\4cefaa9c547f282b73828d5330a47d774fbf23e9cdafe1e4dc7507e9415ddb3e.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\4cefaa9c547f282b73828d5330a47d774fbf23e9cdafe1e4dc7507e9415ddb3e.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\4cefaa9c547f282b73828d5330a47d774fbf23e9cdafe1e4dc7507e9415ddb3e.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\4cefaa9c547f282b73828d5330a47d774fbf23e9cdafe1e4dc7507e9415ddb3e.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\4cefaa9c547f282b73828d5330a47d774fbf23e9cdafe1e4dc7507e9415ddb3e.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\4cefaa9c547f282b73828d5330a47d774fbf23e9cdafe1e4dc7507e9415ddb3e.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\4cefaa9c547f282b73828d5330a47d774fbf23e9cdafe1e4dc7507e9415ddb3e.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\4cefaa9c547f282b73828d5330a47d774fbf23e9cdafe1e4dc7507e9415ddb3e.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\4cefaa9c547f282b73828d5330a47d774fbf23e9cdafe1e4dc7507e9415ddb3e.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\4cefaa9c547f282b73828d5330a47d774fbf23e9cdafe1e4dc7507e9415ddb3e.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\4cefaa9c547f282b73828d5330a47d774fbf23e9cdafe1e4dc7507e9415ddb3e.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\4cefaa9c547f282b73828d5330a47d774fbf23e9cdafe1e4dc7507e9415ddb3e.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\4cefaa9c547f282b73828d5330a47d774fbf23e9cdafe1e4dc7507e9415ddb3e.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\4cefaa9c547f282b73828d5330a47d774fbf23e9cdafe1e4dc7507e9415ddb3e.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\4cefaa9c547f282b73828d5330a47d774fbf23e9cdafe1e4dc7507e9415ddb3e.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\4cefaa9c547f282b73828d5330a47d774fbf23e9cdafe1e4dc7507e9415ddb3e.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\4cefaa9c547f282b73828d5330a47d774fbf23e9cdafe1e4dc7507e9415ddb3e.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\4cefaa9c547f282b73828d5330a47d774fbf23e9cdafe1e4dc7507e9415ddb3e.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\4cefaa9c547f282b73828d5330a47d774fbf23e9cdafe1e4dc7507e9415ddb3e.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\4cefaa9c547f282b73828d5330a47d774fbf23e9cdafe1e4dc7507e9415ddb3e.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\4cefaa9c547f282b73828d5330a47d774fbf23e9cdafe1e4dc7507e9415ddb3e.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\4cefaa9c547f282b73828d5330a47d774fbf23e9cdafe1e4dc7507e9415ddb3e.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\4cefaa9c547f282b73828d5330a47d774fbf23e9cdafe1e4dc7507e9415ddb3e.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\4cefaa9c547f282b73828d5330a47d774fbf23e9cdafe1e4dc7507e9415ddb3e.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\4cefaa9c547f282b73828d5330a47d774fbf23e9cdafe1e4dc7507e9415ddb3e.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\4cefaa9c547f282b73828d5330a47d774fbf23e9cdafe1e4dc7507e9415ddb3e.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\4cefaa9c547f282b73828d5330a47d774fbf23e9cdafe1e4dc7507e9415ddb3e.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\4cefaa9c547f282b73828d5330a47d774fbf23e9cdafe1e4dc7507e9415ddb3e.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\4cefaa9c547f282b73828d5330a47d774fbf23e9cdafe1e4dc7507e9415ddb3e.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\4cefaa9c547f282b73828d5330a47d774fbf23e9cdafe1e4dc7507e9415ddb3e.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\4cefaa9c547f282b73828d5330a47d774fbf23e9cdafe1e4dc7507e9415ddb3e.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\4cefaa9c547f282b73828d5330a47d774fbf23e9cdafe1e4dc7507e9415ddb3e.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\4cefaa9c547f282b73828d5330a47d774fbf23e9cdafe1e4dc7507e9415ddb3e.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\4cefaa9c547f282b73828d5330a47d774fbf23e9cdafe1e4dc7507e9415ddb3e.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\4cefaa9c547f282b73828d5330a47d774fbf23e9cdafe1e4dc7507e9415ddb3e.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\4cefaa9c547f282b73828d5330a47d774fbf23e9cdafe1e4dc7507e9415ddb3e.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\4cefaa9c547f282b73828d5330a47d774fbf23e9cdafe1e4dc7507e9415ddb3e.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\4cefaa9c547f282b73828d5330a47d774fbf23e9cdafe1e4dc7507e9415ddb3e.exe

"C:\Users\Admin\AppData\Local\Temp\4cefaa9c547f282b73828d5330a47d774fbf23e9cdafe1e4dc7507e9415ddb3e.exe"

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x14c

Network

N/A

Files

C:\CHR4bQVWh.README.txt

MD5 1cd2c508680a93907346e98d6a1677e6
SHA1 42ab98d499046fe5477610f5c256aff0b0f5be5e
SHA256 f722457807534d1c563d6cfaa43e3a8b90d721dcef1d48c0a3921b4025cd6bda
SHA512 2757aeab0f7c2703e0dfb095b37aada25d2947d21c7c988e4dc4b842d07741f34e4f35447694bae5a60de374f6812c511fd912177c81f37a3efd578848ae574c

memory/2160-0-0x0000000000170000-0x00000000001B0000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-3452737119-3959686427-228443150-1000\desktop.ini

MD5 4984c45b20796a3ed9e782d8da1223f6
SHA1 055c01ce85e1bed499a19468bbc8119e62ac4e46
SHA256 ae2f7466183e803efd7af83dcf58181ef684d005fcc80038b579277f6cea4719
SHA512 c4860d8bfd738aee708510f3dee79584f46f4da020b012637ce2f4bb6b676ac85f1473b2dece200c750debecc7cf36cb2dae8bc50f3acb42093b95a0c5bf459a

F:\$RECYCLE.BIN\S-1-5-21-3452737119-3959686427-228443150-1000\DDDDDDDDDDD

MD5 ca5560d8dd6fc077d91c6138ccae3f6a
SHA1 d98d0184b722fb2c33712d5e3d7a365bd98b954f
SHA256 dc80b9ccb0ab22b859d8492cb73ff04ad61005bb24766d868b15067c4044b437
SHA512 673aa9014e0fca354424c6304c7116c2e641ce9bf52a2d4ae1d49dc8c6b3d8d09ed46a0ec57e064aeda9cd34d494cc53751f1a1deeab8b27f699e3977b34e063

Analysis: behavioral2

Detonation Overview

Submitted

2024-03-14 04:11

Reported

2024-03-14 04:14

Platform

win10v2004-20240226-en

Max time kernel

165s

Max time network

177s

Command Line

"C:\Users\Admin\AppData\Local\Temp\4cefaa9c547f282b73828d5330a47d774fbf23e9cdafe1e4dc7507e9415ddb3e.exe"

Signatures

Renames multiple (643) files with added filename extension

ransomware

Reads user/profile data of web browsers

spyware stealer

Drops desktop.ini file(s)

Description Indicator Process Target
File opened for modification C:\$Recycle.Bin\S-1-5-21-3808065738-1666277613-1125846146-1000\desktop.ini C:\Users\Admin\AppData\Local\Temp\4cefaa9c547f282b73828d5330a47d774fbf23e9cdafe1e4dc7507e9415ddb3e.exe N/A
File opened for modification F:\$RECYCLE.BIN\S-1-5-21-3808065738-1666277613-1125846146-1000\desktop.ini C:\Users\Admin\AppData\Local\Temp\4cefaa9c547f282b73828d5330a47d774fbf23e9cdafe1e4dc7507e9415ddb3e.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\system32\spool\PRINTERS\00002.SPL C:\Windows\splwow64.exe N/A
File created C:\Windows\system32\spool\PRINTERS\PPq9_rjne6_syo18uyzdaze8k3c.TMP C:\Windows\system32\printfilterpipelinesvc.exe N/A
File created C:\Windows\system32\spool\PRINTERS\PP6hz1q0ww0t0i8t0nclw_tni3c.TMP C:\Windows\system32\printfilterpipelinesvc.exe N/A
File created C:\Windows\system32\spool\PRINTERS\PPhd_ph_97xydvth0nzqcctcyqb.TMP C:\Windows\system32\printfilterpipelinesvc.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\4cefaa9c547f282b73828d5330a47d774fbf23e9cdafe1e4dc7507e9415ddb3e.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4cefaa9c547f282b73828d5330a47d774fbf23e9cdafe1e4dc7507e9415ddb3e.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4cefaa9c547f282b73828d5330a47d774fbf23e9cdafe1e4dc7507e9415ddb3e.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4cefaa9c547f282b73828d5330a47d774fbf23e9cdafe1e4dc7507e9415ddb3e.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4cefaa9c547f282b73828d5330a47d774fbf23e9cdafe1e4dc7507e9415ddb3e.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4cefaa9c547f282b73828d5330a47d774fbf23e9cdafe1e4dc7507e9415ddb3e.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4cefaa9c547f282b73828d5330a47d774fbf23e9cdafe1e4dc7507e9415ddb3e.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4cefaa9c547f282b73828d5330a47d774fbf23e9cdafe1e4dc7507e9415ddb3e.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4cefaa9c547f282b73828d5330a47d774fbf23e9cdafe1e4dc7507e9415ddb3e.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4cefaa9c547f282b73828d5330a47d774fbf23e9cdafe1e4dc7507e9415ddb3e.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4cefaa9c547f282b73828d5330a47d774fbf23e9cdafe1e4dc7507e9415ddb3e.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4cefaa9c547f282b73828d5330a47d774fbf23e9cdafe1e4dc7507e9415ddb3e.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4cefaa9c547f282b73828d5330a47d774fbf23e9cdafe1e4dc7507e9415ddb3e.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4cefaa9c547f282b73828d5330a47d774fbf23e9cdafe1e4dc7507e9415ddb3e.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4cefaa9c547f282b73828d5330a47d774fbf23e9cdafe1e4dc7507e9415ddb3e.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4cefaa9c547f282b73828d5330a47d774fbf23e9cdafe1e4dc7507e9415ddb3e.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4cefaa9c547f282b73828d5330a47d774fbf23e9cdafe1e4dc7507e9415ddb3e.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4cefaa9c547f282b73828d5330a47d774fbf23e9cdafe1e4dc7507e9415ddb3e.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4cefaa9c547f282b73828d5330a47d774fbf23e9cdafe1e4dc7507e9415ddb3e.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4cefaa9c547f282b73828d5330a47d774fbf23e9cdafe1e4dc7507e9415ddb3e.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4cefaa9c547f282b73828d5330a47d774fbf23e9cdafe1e4dc7507e9415ddb3e.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4cefaa9c547f282b73828d5330a47d774fbf23e9cdafe1e4dc7507e9415ddb3e.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4cefaa9c547f282b73828d5330a47d774fbf23e9cdafe1e4dc7507e9415ddb3e.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4cefaa9c547f282b73828d5330a47d774fbf23e9cdafe1e4dc7507e9415ddb3e.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4cefaa9c547f282b73828d5330a47d774fbf23e9cdafe1e4dc7507e9415ddb3e.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4cefaa9c547f282b73828d5330a47d774fbf23e9cdafe1e4dc7507e9415ddb3e.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4cefaa9c547f282b73828d5330a47d774fbf23e9cdafe1e4dc7507e9415ddb3e.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4cefaa9c547f282b73828d5330a47d774fbf23e9cdafe1e4dc7507e9415ddb3e.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4cefaa9c547f282b73828d5330a47d774fbf23e9cdafe1e4dc7507e9415ddb3e.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4cefaa9c547f282b73828d5330a47d774fbf23e9cdafe1e4dc7507e9415ddb3e.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4cefaa9c547f282b73828d5330a47d774fbf23e9cdafe1e4dc7507e9415ddb3e.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4cefaa9c547f282b73828d5330a47d774fbf23e9cdafe1e4dc7507e9415ddb3e.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4cefaa9c547f282b73828d5330a47d774fbf23e9cdafe1e4dc7507e9415ddb3e.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4cefaa9c547f282b73828d5330a47d774fbf23e9cdafe1e4dc7507e9415ddb3e.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4cefaa9c547f282b73828d5330a47d774fbf23e9cdafe1e4dc7507e9415ddb3e.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4cefaa9c547f282b73828d5330a47d774fbf23e9cdafe1e4dc7507e9415ddb3e.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4cefaa9c547f282b73828d5330a47d774fbf23e9cdafe1e4dc7507e9415ddb3e.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4cefaa9c547f282b73828d5330a47d774fbf23e9cdafe1e4dc7507e9415ddb3e.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4cefaa9c547f282b73828d5330a47d774fbf23e9cdafe1e4dc7507e9415ddb3e.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4cefaa9c547f282b73828d5330a47d774fbf23e9cdafe1e4dc7507e9415ddb3e.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4cefaa9c547f282b73828d5330a47d774fbf23e9cdafe1e4dc7507e9415ddb3e.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4cefaa9c547f282b73828d5330a47d774fbf23e9cdafe1e4dc7507e9415ddb3e.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4cefaa9c547f282b73828d5330a47d774fbf23e9cdafe1e4dc7507e9415ddb3e.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4cefaa9c547f282b73828d5330a47d774fbf23e9cdafe1e4dc7507e9415ddb3e.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4cefaa9c547f282b73828d5330a47d774fbf23e9cdafe1e4dc7507e9415ddb3e.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4cefaa9c547f282b73828d5330a47d774fbf23e9cdafe1e4dc7507e9415ddb3e.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4cefaa9c547f282b73828d5330a47d774fbf23e9cdafe1e4dc7507e9415ddb3e.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4cefaa9c547f282b73828d5330a47d774fbf23e9cdafe1e4dc7507e9415ddb3e.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4cefaa9c547f282b73828d5330a47d774fbf23e9cdafe1e4dc7507e9415ddb3e.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4cefaa9c547f282b73828d5330a47d774fbf23e9cdafe1e4dc7507e9415ddb3e.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4cefaa9c547f282b73828d5330a47d774fbf23e9cdafe1e4dc7507e9415ddb3e.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4cefaa9c547f282b73828d5330a47d774fbf23e9cdafe1e4dc7507e9415ddb3e.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4cefaa9c547f282b73828d5330a47d774fbf23e9cdafe1e4dc7507e9415ddb3e.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4cefaa9c547f282b73828d5330a47d774fbf23e9cdafe1e4dc7507e9415ddb3e.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4cefaa9c547f282b73828d5330a47d774fbf23e9cdafe1e4dc7507e9415ddb3e.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4cefaa9c547f282b73828d5330a47d774fbf23e9cdafe1e4dc7507e9415ddb3e.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4cefaa9c547f282b73828d5330a47d774fbf23e9cdafe1e4dc7507e9415ddb3e.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4cefaa9c547f282b73828d5330a47d774fbf23e9cdafe1e4dc7507e9415ddb3e.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4cefaa9c547f282b73828d5330a47d774fbf23e9cdafe1e4dc7507e9415ddb3e.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4cefaa9c547f282b73828d5330a47d774fbf23e9cdafe1e4dc7507e9415ddb3e.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4cefaa9c547f282b73828d5330a47d774fbf23e9cdafe1e4dc7507e9415ddb3e.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4cefaa9c547f282b73828d5330a47d774fbf23e9cdafe1e4dc7507e9415ddb3e.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4cefaa9c547f282b73828d5330a47d774fbf23e9cdafe1e4dc7507e9415ddb3e.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4cefaa9c547f282b73828d5330a47d774fbf23e9cdafe1e4dc7507e9415ddb3e.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeAssignPrimaryTokenPrivilege N/A C:\Users\Admin\AppData\Local\Temp\4cefaa9c547f282b73828d5330a47d774fbf23e9cdafe1e4dc7507e9415ddb3e.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\4cefaa9c547f282b73828d5330a47d774fbf23e9cdafe1e4dc7507e9415ddb3e.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\4cefaa9c547f282b73828d5330a47d774fbf23e9cdafe1e4dc7507e9415ddb3e.exe N/A
Token: 36 N/A C:\Users\Admin\AppData\Local\Temp\4cefaa9c547f282b73828d5330a47d774fbf23e9cdafe1e4dc7507e9415ddb3e.exe N/A
Token: SeImpersonatePrivilege N/A C:\Users\Admin\AppData\Local\Temp\4cefaa9c547f282b73828d5330a47d774fbf23e9cdafe1e4dc7507e9415ddb3e.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\4cefaa9c547f282b73828d5330a47d774fbf23e9cdafe1e4dc7507e9415ddb3e.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Users\Admin\AppData\Local\Temp\4cefaa9c547f282b73828d5330a47d774fbf23e9cdafe1e4dc7507e9415ddb3e.exe N/A
Token: 33 N/A C:\Users\Admin\AppData\Local\Temp\4cefaa9c547f282b73828d5330a47d774fbf23e9cdafe1e4dc7507e9415ddb3e.exe N/A
Token: SeManageVolumePrivilege N/A C:\Users\Admin\AppData\Local\Temp\4cefaa9c547f282b73828d5330a47d774fbf23e9cdafe1e4dc7507e9415ddb3e.exe N/A
Token: SeProfSingleProcessPrivilege N/A C:\Users\Admin\AppData\Local\Temp\4cefaa9c547f282b73828d5330a47d774fbf23e9cdafe1e4dc7507e9415ddb3e.exe N/A
Token: SeRestorePrivilege N/A C:\Users\Admin\AppData\Local\Temp\4cefaa9c547f282b73828d5330a47d774fbf23e9cdafe1e4dc7507e9415ddb3e.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\4cefaa9c547f282b73828d5330a47d774fbf23e9cdafe1e4dc7507e9415ddb3e.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\4cefaa9c547f282b73828d5330a47d774fbf23e9cdafe1e4dc7507e9415ddb3e.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Users\Admin\AppData\Local\Temp\4cefaa9c547f282b73828d5330a47d774fbf23e9cdafe1e4dc7507e9415ddb3e.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\4cefaa9c547f282b73828d5330a47d774fbf23e9cdafe1e4dc7507e9415ddb3e.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\4cefaa9c547f282b73828d5330a47d774fbf23e9cdafe1e4dc7507e9415ddb3e.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\4cefaa9c547f282b73828d5330a47d774fbf23e9cdafe1e4dc7507e9415ddb3e.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\4cefaa9c547f282b73828d5330a47d774fbf23e9cdafe1e4dc7507e9415ddb3e.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\4cefaa9c547f282b73828d5330a47d774fbf23e9cdafe1e4dc7507e9415ddb3e.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\4cefaa9c547f282b73828d5330a47d774fbf23e9cdafe1e4dc7507e9415ddb3e.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\4cefaa9c547f282b73828d5330a47d774fbf23e9cdafe1e4dc7507e9415ddb3e.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\4cefaa9c547f282b73828d5330a47d774fbf23e9cdafe1e4dc7507e9415ddb3e.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\4cefaa9c547f282b73828d5330a47d774fbf23e9cdafe1e4dc7507e9415ddb3e.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\4cefaa9c547f282b73828d5330a47d774fbf23e9cdafe1e4dc7507e9415ddb3e.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\4cefaa9c547f282b73828d5330a47d774fbf23e9cdafe1e4dc7507e9415ddb3e.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\4cefaa9c547f282b73828d5330a47d774fbf23e9cdafe1e4dc7507e9415ddb3e.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\4cefaa9c547f282b73828d5330a47d774fbf23e9cdafe1e4dc7507e9415ddb3e.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\4cefaa9c547f282b73828d5330a47d774fbf23e9cdafe1e4dc7507e9415ddb3e.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\4cefaa9c547f282b73828d5330a47d774fbf23e9cdafe1e4dc7507e9415ddb3e.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\4cefaa9c547f282b73828d5330a47d774fbf23e9cdafe1e4dc7507e9415ddb3e.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\4cefaa9c547f282b73828d5330a47d774fbf23e9cdafe1e4dc7507e9415ddb3e.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\4cefaa9c547f282b73828d5330a47d774fbf23e9cdafe1e4dc7507e9415ddb3e.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\4cefaa9c547f282b73828d5330a47d774fbf23e9cdafe1e4dc7507e9415ddb3e.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\4cefaa9c547f282b73828d5330a47d774fbf23e9cdafe1e4dc7507e9415ddb3e.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\4cefaa9c547f282b73828d5330a47d774fbf23e9cdafe1e4dc7507e9415ddb3e.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\4cefaa9c547f282b73828d5330a47d774fbf23e9cdafe1e4dc7507e9415ddb3e.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\4cefaa9c547f282b73828d5330a47d774fbf23e9cdafe1e4dc7507e9415ddb3e.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\4cefaa9c547f282b73828d5330a47d774fbf23e9cdafe1e4dc7507e9415ddb3e.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\4cefaa9c547f282b73828d5330a47d774fbf23e9cdafe1e4dc7507e9415ddb3e.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\4cefaa9c547f282b73828d5330a47d774fbf23e9cdafe1e4dc7507e9415ddb3e.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\4cefaa9c547f282b73828d5330a47d774fbf23e9cdafe1e4dc7507e9415ddb3e.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\4cefaa9c547f282b73828d5330a47d774fbf23e9cdafe1e4dc7507e9415ddb3e.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\4cefaa9c547f282b73828d5330a47d774fbf23e9cdafe1e4dc7507e9415ddb3e.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\4cefaa9c547f282b73828d5330a47d774fbf23e9cdafe1e4dc7507e9415ddb3e.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\4cefaa9c547f282b73828d5330a47d774fbf23e9cdafe1e4dc7507e9415ddb3e.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\4cefaa9c547f282b73828d5330a47d774fbf23e9cdafe1e4dc7507e9415ddb3e.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\4cefaa9c547f282b73828d5330a47d774fbf23e9cdafe1e4dc7507e9415ddb3e.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\4cefaa9c547f282b73828d5330a47d774fbf23e9cdafe1e4dc7507e9415ddb3e.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\4cefaa9c547f282b73828d5330a47d774fbf23e9cdafe1e4dc7507e9415ddb3e.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\4cefaa9c547f282b73828d5330a47d774fbf23e9cdafe1e4dc7507e9415ddb3e.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\4cefaa9c547f282b73828d5330a47d774fbf23e9cdafe1e4dc7507e9415ddb3e.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\4cefaa9c547f282b73828d5330a47d774fbf23e9cdafe1e4dc7507e9415ddb3e.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\4cefaa9c547f282b73828d5330a47d774fbf23e9cdafe1e4dc7507e9415ddb3e.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\4cefaa9c547f282b73828d5330a47d774fbf23e9cdafe1e4dc7507e9415ddb3e.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\4cefaa9c547f282b73828d5330a47d774fbf23e9cdafe1e4dc7507e9415ddb3e.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\4cefaa9c547f282b73828d5330a47d774fbf23e9cdafe1e4dc7507e9415ddb3e.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\4cefaa9c547f282b73828d5330a47d774fbf23e9cdafe1e4dc7507e9415ddb3e.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\4cefaa9c547f282b73828d5330a47d774fbf23e9cdafe1e4dc7507e9415ddb3e.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\4cefaa9c547f282b73828d5330a47d774fbf23e9cdafe1e4dc7507e9415ddb3e.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\4cefaa9c547f282b73828d5330a47d774fbf23e9cdafe1e4dc7507e9415ddb3e.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\4cefaa9c547f282b73828d5330a47d774fbf23e9cdafe1e4dc7507e9415ddb3e.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\4cefaa9c547f282b73828d5330a47d774fbf23e9cdafe1e4dc7507e9415ddb3e.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\4cefaa9c547f282b73828d5330a47d774fbf23e9cdafe1e4dc7507e9415ddb3e.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\4cefaa9c547f282b73828d5330a47d774fbf23e9cdafe1e4dc7507e9415ddb3e.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE N/A
N/A N/A C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE N/A

Processes

C:\Users\Admin\AppData\Local\Temp\4cefaa9c547f282b73828d5330a47d774fbf23e9cdafe1e4dc7507e9415ddb3e.exe

"C:\Users\Admin\AppData\Local\Temp\4cefaa9c547f282b73828d5330a47d774fbf23e9cdafe1e4dc7507e9415ddb3e.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4140 --field-trial-handle=2692,i,8678872182442199182,12502579059484928042,262144 --variations-seed-version /prefetch:8

C:\Windows\splwow64.exe

C:\Windows\splwow64.exe 12288

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k PrintWorkflow -s PrintWorkflowUserSvc

C:\Windows\system32\printfilterpipelinesvc.exe

C:\Windows\system32\printfilterpipelinesvc.exe -Embedding

C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE

/insertdoc "C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\{3809BA42-D8C7-4FF4-B891-7115CD5CA3FE}.xps" 133548631902100000

Network

Country Destination Domain Proto
US 8.8.8.8:53 0.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 204.79.197.200:443 g.bing.com tcp
US 8.8.8.8:53 200.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 241.154.82.20.in-addr.arpa udp
US 8.8.8.8:53 67.31.126.40.in-addr.arpa udp
US 8.8.8.8:53 41.110.16.96.in-addr.arpa udp
US 8.8.8.8:53 55.36.223.20.in-addr.arpa udp
US 8.8.8.8:53 241.150.49.20.in-addr.arpa udp
US 8.8.8.8:53 103.169.127.40.in-addr.arpa udp
US 8.8.8.8:53 56.126.166.20.in-addr.arpa udp
US 8.8.8.8:53 0.205.248.87.in-addr.arpa udp
US 8.8.8.8:53 chromewebstore.googleapis.com udp
US 8.8.8.8:53 chromewebstore.googleapis.com udp
NL 142.250.179.138:443 chromewebstore.googleapis.com tcp
US 8.8.8.8:53 138.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 209.205.72.20.in-addr.arpa udp
US 8.8.8.8:53 180.178.17.96.in-addr.arpa udp
US 8.8.8.8:53 183.142.211.20.in-addr.arpa udp
US 8.8.8.8:53 43.229.111.52.in-addr.arpa udp
US 8.8.8.8:53 200.79.70.13.in-addr.arpa udp
US 8.8.8.8:53 46.28.109.52.in-addr.arpa udp

Files

memory/2200-0-0x0000000003370000-0x0000000003380000-memory.dmp

memory/2200-1-0x0000000003370000-0x0000000003380000-memory.dmp

memory/2200-2-0x0000000003370000-0x0000000003380000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-3808065738-1666277613-1125846146-1000\desktop.ini

MD5 9b9c19145ae3c99e5fb313e2449ce306
SHA1 3d568c1f7fbd6c6926bb473eb392e323fbd57c72
SHA256 1f7f03023d38c4e33544c58380950691556556d52244981028b9faf933ff7d8b
SHA512 fe88038223b7ba0756a50e4016ebe714d36aa3ad899a7433382002c4172fe38b72843675504bc54ebfcb9be9c9a0fd58654ccbc803e094e9548de1fcb3effbb6

F:\$RECYCLE.BIN\S-1-5-21-3808065738-1666277613-1125846146-1000\DDDDDDDDDDD

MD5 692267a09866f827ed957d44d85b6b6f
SHA1 a02c6746bcea0347e5b977bbe4daa3b205d39b31
SHA256 2457123234c1f2b2ef5f19203d7587300ca7bdf42fe5b013f1e1c846e134d128
SHA512 80692ad49546d5a5a2916db7bcd384255bedd9dca656b3402af253bbe29b7ad3aacd33eae66a081e3ce1faf56c2153b9697d55310b622b19085e9ce5825eea78

C:\CHR4bQVWh.README.txt

MD5 1cd2c508680a93907346e98d6a1677e6
SHA1 42ab98d499046fe5477610f5c256aff0b0f5be5e
SHA256 f722457807534d1c563d6cfaa43e3a8b90d721dcef1d48c0a3921b4025cd6bda
SHA512 2757aeab0f7c2703e0dfb095b37aada25d2947d21c7c988e4dc4b842d07741f34e4f35447694bae5a60de374f6812c511fd912177c81f37a3efd578848ae574c

memory/2200-1324-0x0000000003370000-0x0000000003380000-memory.dmp

memory/2200-1325-0x0000000003370000-0x0000000003380000-memory.dmp

memory/2200-1329-0x0000000003370000-0x0000000003380000-memory.dmp

memory/4772-2831-0x00007FF881A90000-0x00007FF881AA0000-memory.dmp

memory/4772-2832-0x00007FF881A90000-0x00007FF881AA0000-memory.dmp

memory/4772-2834-0x00007FF8C1A10000-0x00007FF8C1C05000-memory.dmp

memory/4772-2833-0x00007FF881A90000-0x00007FF881AA0000-memory.dmp

memory/4772-2835-0x00007FF8C1A10000-0x00007FF8C1C05000-memory.dmp

memory/4772-2837-0x00007FF8C1A10000-0x00007FF8C1C05000-memory.dmp

memory/4772-2836-0x00007FF881A90000-0x00007FF881AA0000-memory.dmp

memory/4772-2838-0x00007FF881A90000-0x00007FF881AA0000-memory.dmp

memory/4772-2839-0x00007FF8C1A10000-0x00007FF8C1C05000-memory.dmp

memory/4772-2840-0x00007FF87F9A0000-0x00007FF87F9B0000-memory.dmp

memory/4772-2841-0x00007FF87F9A0000-0x00007FF87F9B0000-memory.dmp

memory/4772-2842-0x00007FF8C1A10000-0x00007FF8C1C05000-memory.dmp