Analysis Overview
SHA256
62cd46aa795b1866af35ed6b2f8e299210e23f0c3e5d0a5ba9e90acbec7a5ba5
Threat Level: Known bad
The file 62cd46aa795b1866af35ed6b2f8e299210e23f0c3e5d0a5ba9e90acbec7a5ba5 was found to be: Known bad.
Malicious Activity Summary
Modifies visiblity of hidden/system files in Explorer
Loads dropped DLL
Checks computer location settings
Executes dropped EXE
Adds Run key to start application
Enumerates physical storage devices
Unsigned PE
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Suspicious behavior: EnumeratesProcesses
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-04-06 21:41
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral2
Detonation Overview
Submitted
2024-04-06 21:41
Reported
2024-04-06 21:43
Platform
win10v2004-20240226-en
Max time kernel
150s
Max time network
152s
Command Line
Signatures
Modifies visiblity of hidden/system files in Explorer
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\S-1-5-21-399997616-3400990511-967324271-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ShowSuperHidden = "0" | C:\Users\Admin\AppData\Local\Temp\62cd46aa795b1866af35ed6b2f8e299210e23f0c3e5d0a5ba9e90acbec7a5ba5.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-399997616-3400990511-967324271-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ShowSuperHidden = "0" | C:\Users\Admin\ceiuj.exe | N/A |
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-399997616-3400990511-967324271-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\62cd46aa795b1866af35ed6b2f8e299210e23f0c3e5d0a5ba9e90acbec7a5ba5.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\ceiuj.exe | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\ceiuj = "C:\\Users\\Admin\\ceiuj.exe /n" | C:\Users\Admin\ceiuj.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-399997616-3400990511-967324271-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ceiuj = "C:\\Users\\Admin\\ceiuj.exe /i" | C:\Users\Admin\ceiuj.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\ceiuj = "C:\\Users\\Admin\\ceiuj.exe /w" | C:\Users\Admin\ceiuj.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\ceiuj = "C:\\Users\\Admin\\ceiuj.exe /s" | C:\Users\Admin\ceiuj.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-399997616-3400990511-967324271-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ceiuj = "C:\\Users\\Admin\\ceiuj.exe /g" | C:\Users\Admin\ceiuj.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\ceiuj = "C:\\Users\\Admin\\ceiuj.exe /g" | C:\Users\Admin\ceiuj.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\ceiuj = "C:\\Users\\Admin\\ceiuj.exe /m" | C:\Users\Admin\ceiuj.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-399997616-3400990511-967324271-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ceiuj = "C:\\Users\\Admin\\ceiuj.exe /d" | C:\Users\Admin\ceiuj.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\ceiuj = "C:\\Users\\Admin\\ceiuj.exe /y" | C:\Users\Admin\ceiuj.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-399997616-3400990511-967324271-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ceiuj = "C:\\Users\\Admin\\ceiuj.exe /r" | C:\Users\Admin\ceiuj.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-399997616-3400990511-967324271-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ceiuj = "C:\\Users\\Admin\\ceiuj.exe /q" | C:\Users\Admin\ceiuj.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\ceiuj = "C:\\Users\\Admin\\ceiuj.exe /f" | C:\Users\Admin\ceiuj.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\ceiuj = "C:\\Users\\Admin\\ceiuj.exe /l" | C:\Users\Admin\ceiuj.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-399997616-3400990511-967324271-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ceiuj = "C:\\Users\\Admin\\ceiuj.exe /n" | C:\Users\Admin\ceiuj.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\ceiuj = "C:\\Users\\Admin\\ceiuj.exe /o" | C:\Users\Admin\ceiuj.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-399997616-3400990511-967324271-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ceiuj = "C:\\Users\\Admin\\ceiuj.exe /u" | C:\Users\Admin\ceiuj.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-399997616-3400990511-967324271-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ceiuj = "C:\\Users\\Admin\\ceiuj.exe /c" | C:\Users\Admin\ceiuj.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\ceiuj = "C:\\Users\\Admin\\ceiuj.exe /i" | C:\Users\Admin\ceiuj.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\ceiuj = "C:\\Users\\Admin\\ceiuj.exe /r" | C:\Users\Admin\ceiuj.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-399997616-3400990511-967324271-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ceiuj = "C:\\Users\\Admin\\ceiuj.exe /e" | C:\Users\Admin\ceiuj.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-399997616-3400990511-967324271-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ceiuj = "C:\\Users\\Admin\\ceiuj.exe /z" | C:\Users\Admin\ceiuj.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\ceiuj = "C:\\Users\\Admin\\ceiuj.exe /e" | C:\Users\Admin\ceiuj.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\ceiuj = "C:\\Users\\Admin\\ceiuj.exe /u" | C:\Users\Admin\ceiuj.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-399997616-3400990511-967324271-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ceiuj = "C:\\Users\\Admin\\ceiuj.exe /a" | C:\Users\Admin\ceiuj.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-399997616-3400990511-967324271-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ceiuj = "C:\\Users\\Admin\\ceiuj.exe /l" | C:\Users\Admin\ceiuj.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\ceiuj = "C:\\Users\\Admin\\ceiuj.exe /m" | C:\Users\Admin\AppData\Local\Temp\62cd46aa795b1866af35ed6b2f8e299210e23f0c3e5d0a5ba9e90acbec7a5ba5.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-399997616-3400990511-967324271-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ceiuj = "C:\\Users\\Admin\\ceiuj.exe /b" | C:\Users\Admin\ceiuj.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\ceiuj = "C:\\Users\\Admin\\ceiuj.exe /t" | C:\Users\Admin\ceiuj.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\ceiuj = "C:\\Users\\Admin\\ceiuj.exe /c" | C:\Users\Admin\ceiuj.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-399997616-3400990511-967324271-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ceiuj = "C:\\Users\\Admin\\ceiuj.exe /y" | C:\Users\Admin\ceiuj.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-399997616-3400990511-967324271-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ceiuj = "C:\\Users\\Admin\\ceiuj.exe /k" | C:\Users\Admin\ceiuj.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\ceiuj = "C:\\Users\\Admin\\ceiuj.exe /d" | C:\Users\Admin\ceiuj.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-399997616-3400990511-967324271-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ceiuj = "C:\\Users\\Admin\\ceiuj.exe /s" | C:\Users\Admin\ceiuj.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\ceiuj = "C:\\Users\\Admin\\ceiuj.exe /j" | C:\Users\Admin\ceiuj.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\ceiuj = "C:\\Users\\Admin\\ceiuj.exe /p" | C:\Users\Admin\ceiuj.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-399997616-3400990511-967324271-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ceiuj = "C:\\Users\\Admin\\ceiuj.exe /t" | C:\Users\Admin\ceiuj.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-399997616-3400990511-967324271-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ceiuj = "C:\\Users\\Admin\\ceiuj.exe /f" | C:\Users\Admin\ceiuj.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-399997616-3400990511-967324271-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ceiuj = "C:\\Users\\Admin\\ceiuj.exe /z" | C:\Users\Admin\AppData\Local\Temp\62cd46aa795b1866af35ed6b2f8e299210e23f0c3e5d0a5ba9e90acbec7a5ba5.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\ceiuj = "C:\\Users\\Admin\\ceiuj.exe /b" | C:\Users\Admin\ceiuj.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-399997616-3400990511-967324271-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ceiuj = "C:\\Users\\Admin\\ceiuj.exe /o" | C:\Users\Admin\ceiuj.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\ceiuj = "C:\\Users\\Admin\\ceiuj.exe /z" | C:\Users\Admin\ceiuj.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-399997616-3400990511-967324271-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ceiuj = "C:\\Users\\Admin\\ceiuj.exe /x" | C:\Users\Admin\ceiuj.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-399997616-3400990511-967324271-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ceiuj = "C:\\Users\\Admin\\ceiuj.exe /j" | C:\Users\Admin\ceiuj.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-399997616-3400990511-967324271-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ceiuj = "C:\\Users\\Admin\\ceiuj.exe /m" | C:\Users\Admin\ceiuj.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-399997616-3400990511-967324271-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ceiuj = "C:\\Users\\Admin\\ceiuj.exe /h" | C:\Users\Admin\ceiuj.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-399997616-3400990511-967324271-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ceiuj = "C:\\Users\\Admin\\ceiuj.exe /p" | C:\Users\Admin\ceiuj.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\ceiuj = "C:\\Users\\Admin\\ceiuj.exe /v" | C:\Users\Admin\ceiuj.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\ceiuj = "C:\\Users\\Admin\\ceiuj.exe /h" | C:\Users\Admin\ceiuj.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\ceiuj = "C:\\Users\\Admin\\ceiuj.exe /q" | C:\Users\Admin\ceiuj.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\ceiuj = "C:\\Users\\Admin\\ceiuj.exe /a" | C:\Users\Admin\ceiuj.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-399997616-3400990511-967324271-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ceiuj = "C:\\Users\\Admin\\ceiuj.exe /w" | C:\Users\Admin\ceiuj.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\ceiuj = "C:\\Users\\Admin\\ceiuj.exe /x" | C:\Users\Admin\ceiuj.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-399997616-3400990511-967324271-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ceiuj = "C:\\Users\\Admin\\ceiuj.exe /v" | C:\Users\Admin\ceiuj.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\ceiuj = "C:\\Users\\Admin\\ceiuj.exe /k" | C:\Users\Admin\ceiuj.exe | N/A |
Enumerates physical storage devices
Suspicious behavior: EnumeratesProcesses
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\62cd46aa795b1866af35ed6b2f8e299210e23f0c3e5d0a5ba9e90acbec7a5ba5.exe | N/A |
| N/A | N/A | C:\Users\Admin\ceiuj.exe | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 4784 wrote to memory of 4972 | N/A | C:\Users\Admin\AppData\Local\Temp\62cd46aa795b1866af35ed6b2f8e299210e23f0c3e5d0a5ba9e90acbec7a5ba5.exe | C:\Users\Admin\ceiuj.exe |
| PID 4784 wrote to memory of 4972 | N/A | C:\Users\Admin\AppData\Local\Temp\62cd46aa795b1866af35ed6b2f8e299210e23f0c3e5d0a5ba9e90acbec7a5ba5.exe | C:\Users\Admin\ceiuj.exe |
| PID 4784 wrote to memory of 4972 | N/A | C:\Users\Admin\AppData\Local\Temp\62cd46aa795b1866af35ed6b2f8e299210e23f0c3e5d0a5ba9e90acbec7a5ba5.exe | C:\Users\Admin\ceiuj.exe |
Processes
C:\Users\Admin\AppData\Local\Temp\62cd46aa795b1866af35ed6b2f8e299210e23f0c3e5d0a5ba9e90acbec7a5ba5.exe
"C:\Users\Admin\AppData\Local\Temp\62cd46aa795b1866af35ed6b2f8e299210e23f0c3e5d0a5ba9e90acbec7a5ba5.exe"
C:\Users\Admin\ceiuj.exe
"C:\Users\Admin\ceiuj.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 149.220.183.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 17.160.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 217.106.137.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ns1.helpupdates.com | udp |
| US | 8.8.8.8:53 | ns1.helpupdater.net | udp |
| US | 8.8.8.8:53 | ns1.helpupdated.com | udp |
| US | 8.8.8.8:53 | ns1.helpupdated.net | udp |
| US | 8.8.8.8:53 | ns1.helpupdated.org | udp |
| US | 8.8.8.8:53 | ns1.helpupdates.com | udp |
| US | 8.8.8.8:53 | ns1.helpupdated.com | udp |
| US | 8.8.8.8:53 | 58.55.71.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ns1.helpupdated.net | udp |
| US | 8.8.8.8:53 | ns1.helpupdated.org | udp |
| US | 8.8.8.8:53 | ns1.helpupdates.com | udp |
| US | 8.8.8.8:53 | ns1.helpupdated.com | udp |
| US | 8.8.8.8:53 | ns1.helpupdated.net | udp |
| US | 8.8.8.8:53 | ns1.helpupdated.org | udp |
| US | 8.8.8.8:53 | ns1.helpupdates.com | udp |
| US | 8.8.8.8:53 | ns1.helpupdated.com | udp |
| US | 8.8.8.8:53 | ns1.helpupdated.net | udp |
| US | 8.8.8.8:53 | ns1.helpupdated.org | udp |
| US | 8.8.8.8:53 | ns1.helpupdates.com | udp |
| US | 8.8.8.8:53 | ns1.helpupdated.com | udp |
| US | 8.8.8.8:53 | ns1.helpupdated.net | udp |
| US | 8.8.8.8:53 | 157.123.68.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.31.95.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ns1.helpupdated.org | udp |
| US | 8.8.8.8:53 | ns1.helpupdates.com | udp |
| US | 8.8.8.8:53 | ns1.helpupdated.com | udp |
| US | 8.8.8.8:53 | ns1.helpupdated.net | udp |
| US | 8.8.8.8:53 | ns1.helpupdated.org | udp |
| US | 8.8.8.8:53 | ns1.helpupdates.com | udp |
| US | 8.8.8.8:53 | ns1.helpupdated.com | udp |
| US | 8.8.8.8:53 | ns1.helpupdated.net | udp |
| US | 8.8.8.8:53 | ns1.helpupdated.com | udp |
| US | 8.8.8.8:53 | ns1.helpupdated.org | udp |
| US | 8.8.8.8:53 | ns1.helpupdates.com | udp |
| US | 8.8.8.8:53 | ns1.helpupdated.net | udp |
| US | 8.8.8.8:53 | ns1.helpupdated.org | udp |
| US | 8.8.8.8:53 | ns1.helpupdates.com | udp |
| US | 8.8.8.8:53 | ns1.helpupdated.com | udp |
| US | 8.8.8.8:53 | ns1.helpupdated.net | udp |
| US | 8.8.8.8:53 | ns1.helpupdated.org | udp |
| US | 8.8.8.8:53 | ns1.helpupdates.com | udp |
| US | 8.8.8.8:53 | ns1.helpupdated.com | udp |
| US | 8.8.8.8:53 | ns1.helpupdated.net | udp |
| US | 8.8.8.8:53 | ns1.helpupdated.org | udp |
| US | 8.8.8.8:53 | ns1.helpupdates.com | udp |
| US | 8.8.8.8:53 | ns1.helpupdated.com | udp |
| US | 8.8.8.8:53 | ns1.helpupdated.net | udp |
| US | 8.8.8.8:53 | ns1.helpupdated.org | udp |
| US | 8.8.8.8:53 | ns1.helpupdates.com | udp |
| US | 8.8.8.8:53 | ns1.helpupdated.com | udp |
| US | 8.8.8.8:53 | ns1.helpupdated.net | udp |
| US | 8.8.8.8:53 | ns1.helpupdated.org | udp |
| US | 8.8.8.8:53 | ns1.helpupdates.com | udp |
| US | 8.8.8.8:53 | ns1.helpupdated.com | udp |
| US | 8.8.8.8:53 | ns1.helpupdated.net | udp |
| US | 8.8.8.8:53 | ns1.helpupdated.org | udp |
| US | 8.8.8.8:53 | ns1.helpupdates.com | udp |
| US | 8.8.8.8:53 | ns1.helpupdated.com | udp |
| US | 8.8.8.8:53 | ns1.helpupdated.net | udp |
| US | 8.8.8.8:53 | ns1.helpupdated.org | udp |
| US | 8.8.8.8:53 | ns1.helpupdates.com | udp |
| US | 8.8.8.8:53 | ns1.helpupdated.com | udp |
| US | 8.8.8.8:53 | ns1.helpupdated.net | udp |
| US | 8.8.8.8:53 | ns1.helpupdated.org | udp |
| US | 8.8.8.8:53 | ns1.helpupdates.com | udp |
| US | 8.8.8.8:53 | ns1.helpupdated.com | udp |
| US | 8.8.8.8:53 | ns1.helpupdated.net | udp |
| US | 8.8.8.8:53 | ns1.helpupdated.org | udp |
| US | 8.8.8.8:53 | ns1.helpupdates.com | udp |
| US | 8.8.8.8:53 | ns1.helpupdated.com | udp |
| US | 8.8.8.8:53 | ns1.helpupdated.net | udp |
| US | 8.8.8.8:53 | ns1.helpupdated.com | udp |
| US | 8.8.8.8:53 | ns1.helpupdated.org | udp |
| US | 8.8.8.8:53 | ns1.helpupdates.com | udp |
| US | 8.8.8.8:53 | ns1.helpupdated.net | udp |
| US | 8.8.8.8:53 | ns1.helpupdated.org | udp |
| US | 8.8.8.8:53 | ns1.helpupdates.com | udp |
| US | 8.8.8.8:53 | ns1.helpupdated.com | udp |
| US | 8.8.8.8:53 | ns1.helpupdated.net | udp |
| US | 8.8.8.8:53 | ns1.helpupdated.org | udp |
| US | 8.8.8.8:53 | ns1.helpupdates.com | udp |
| US | 8.8.8.8:53 | ns1.helpupdated.com | udp |
| US | 8.8.8.8:53 | ns1.helpupdated.net | udp |
| US | 8.8.8.8:53 | ns1.helpupdated.org | udp |
| US | 8.8.8.8:53 | ns1.helpupdates.com | udp |
| US | 8.8.8.8:53 | ns1.helpupdated.com | udp |
| US | 8.8.8.8:53 | ns1.helpupdated.net | udp |
| US | 8.8.8.8:53 | ns1.helpupdated.org | udp |
| US | 8.8.8.8:53 | ns1.helpupdates.com | udp |
| US | 8.8.8.8:53 | ns1.helpupdated.com | udp |
| US | 8.8.8.8:53 | ns1.helpupdated.net | udp |
| US | 8.8.8.8:53 | ns1.helpupdated.org | udp |
| US | 8.8.8.8:53 | ns1.helpupdates.com | udp |
| US | 8.8.8.8:53 | ns1.helpupdated.com | udp |
| US | 8.8.8.8:53 | ns1.helpupdated.net | udp |
| US | 8.8.8.8:53 | ns1.helpupdated.org | udp |
| US | 8.8.8.8:53 | ns1.helpupdates.com | udp |
| US | 8.8.8.8:53 | ns1.helpupdated.com | udp |
| US | 8.8.8.8:53 | ns1.helpupdated.net | udp |
| US | 8.8.8.8:53 | ns1.helpupdated.org | udp |
| US | 8.8.8.8:53 | ns1.helpupdates.com | udp |
| US | 8.8.8.8:53 | ns1.helpupdated.com | udp |
| US | 8.8.8.8:53 | ns1.helpupdated.net | udp |
| US | 8.8.8.8:53 | ns1.helpupdated.org | udp |
| US | 8.8.8.8:53 | ns1.helpupdates.com | udp |
| US | 8.8.8.8:53 | ns1.helpupdated.com | udp |
| US | 8.8.8.8:53 | ns1.helpupdated.net | udp |
| US | 8.8.8.8:53 | ns1.helpupdated.com | udp |
| US | 8.8.8.8:53 | ns1.helpupdated.org | udp |
| US | 8.8.8.8:53 | ns1.helpupdates.com | udp |
| US | 8.8.8.8:53 | ns1.helpupdated.net | udp |
Files
C:\Users\Admin\ceiuj.exe
| MD5 | 1e07fd4f7023f5d4cfc30130fb09856f |
| SHA1 | 83d418410155ccee1a7925c5b71e04cbf33c3fac |
| SHA256 | a77cb37d8405808cc85c5dd8d230cce41eb501bbc48242679c71edd1d0788065 |
| SHA512 | be34e5faedf72cd34f0a138d82813d8f81c9f8d7582f5a4206a6bb40d275a1578364a6b0e4a8965d7b95b81e37395b4a0aeadba21c79f4ee9b01de4bc5f6680d |
Analysis: behavioral1
Detonation Overview
Submitted
2024-04-06 21:41
Reported
2024-04-06 21:43
Platform
win7-20240215-en
Max time kernel
150s
Max time network
151s
Command Line
Signatures
Modifies visiblity of hidden/system files in Explorer
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ShowSuperHidden = "0" | C:\Users\Admin\AppData\Local\Temp\62cd46aa795b1866af35ed6b2f8e299210e23f0c3e5d0a5ba9e90acbec7a5ba5.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ShowSuperHidden = "0" | C:\Users\Admin\yaukin.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\yaukin.exe | N/A |
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\62cd46aa795b1866af35ed6b2f8e299210e23f0c3e5d0a5ba9e90acbec7a5ba5.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\62cd46aa795b1866af35ed6b2f8e299210e23f0c3e5d0a5ba9e90acbec7a5ba5.exe | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\yaukin = "C:\\Users\\Admin\\yaukin.exe /e" | C:\Users\Admin\yaukin.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Windows\CurrentVersion\Run\yaukin = "C:\\Users\\Admin\\yaukin.exe /w" | C:\Users\Admin\yaukin.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Windows\CurrentVersion\Run\yaukin = "C:\\Users\\Admin\\yaukin.exe /i" | C:\Users\Admin\yaukin.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\yaukin = "C:\\Users\\Admin\\yaukin.exe /o" | C:\Users\Admin\yaukin.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Windows\CurrentVersion\Run\yaukin = "C:\\Users\\Admin\\yaukin.exe /v" | C:\Users\Admin\yaukin.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Windows\CurrentVersion\Run\yaukin = "C:\\Users\\Admin\\yaukin.exe /p" | C:\Users\Admin\yaukin.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Windows\CurrentVersion\Run\yaukin = "C:\\Users\\Admin\\yaukin.exe /z" | C:\Users\Admin\yaukin.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Windows\CurrentVersion\Run\yaukin = "C:\\Users\\Admin\\yaukin.exe /r" | C:\Users\Admin\yaukin.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Windows\CurrentVersion\Run\yaukin = "C:\\Users\\Admin\\yaukin.exe /f" | C:\Users\Admin\yaukin.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\yaukin = "C:\\Users\\Admin\\yaukin.exe /v" | C:\Users\Admin\yaukin.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\yaukin = "C:\\Users\\Admin\\yaukin.exe /b" | C:\Users\Admin\yaukin.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Windows\CurrentVersion\Run\yaukin = "C:\\Users\\Admin\\yaukin.exe /m" | C:\Users\Admin\yaukin.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Windows\CurrentVersion\Run\yaukin = "C:\\Users\\Admin\\yaukin.exe /h" | C:\Users\Admin\AppData\Local\Temp\62cd46aa795b1866af35ed6b2f8e299210e23f0c3e5d0a5ba9e90acbec7a5ba5.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\yaukin = "C:\\Users\\Admin\\yaukin.exe /d" | C:\Users\Admin\yaukin.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Windows\CurrentVersion\Run\yaukin = "C:\\Users\\Admin\\yaukin.exe /o" | C:\Users\Admin\yaukin.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\yaukin = "C:\\Users\\Admin\\yaukin.exe /r" | C:\Users\Admin\yaukin.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\yaukin = "C:\\Users\\Admin\\yaukin.exe /x" | C:\Users\Admin\yaukin.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Windows\CurrentVersion\Run\yaukin = "C:\\Users\\Admin\\yaukin.exe /b" | C:\Users\Admin\yaukin.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Windows\CurrentVersion\Run\yaukin = "C:\\Users\\Admin\\yaukin.exe /g" | C:\Users\Admin\yaukin.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\yaukin = "C:\\Users\\Admin\\yaukin.exe /f" | C:\Users\Admin\yaukin.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Windows\CurrentVersion\Run\yaukin = "C:\\Users\\Admin\\yaukin.exe /l" | C:\Users\Admin\yaukin.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Windows\CurrentVersion\Run\yaukin = "C:\\Users\\Admin\\yaukin.exe /j" | C:\Users\Admin\yaukin.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\yaukin = "C:\\Users\\Admin\\yaukin.exe /i" | C:\Users\Admin\yaukin.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\yaukin = "C:\\Users\\Admin\\yaukin.exe /j" | C:\Users\Admin\yaukin.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Windows\CurrentVersion\Run\yaukin = "C:\\Users\\Admin\\yaukin.exe /d" | C:\Users\Admin\yaukin.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Windows\CurrentVersion\Run\yaukin = "C:\\Users\\Admin\\yaukin.exe /x" | C:\Users\Admin\yaukin.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Windows\CurrentVersion\Run\yaukin = "C:\\Users\\Admin\\yaukin.exe /t" | C:\Users\Admin\yaukin.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\yaukin = "C:\\Users\\Admin\\yaukin.exe /g" | C:\Users\Admin\yaukin.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Windows\CurrentVersion\Run\yaukin = "C:\\Users\\Admin\\yaukin.exe /h" | C:\Users\Admin\yaukin.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Windows\CurrentVersion\Run\yaukin = "C:\\Users\\Admin\\yaukin.exe /n" | C:\Users\Admin\yaukin.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\yaukin = "C:\\Users\\Admin\\yaukin.exe /m" | C:\Users\Admin\yaukin.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Windows\CurrentVersion\Run\yaukin = "C:\\Users\\Admin\\yaukin.exe /y" | C:\Users\Admin\yaukin.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Windows\CurrentVersion\Run\yaukin = "C:\\Users\\Admin\\yaukin.exe /e" | C:\Users\Admin\yaukin.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Windows\CurrentVersion\Run\yaukin = "C:\\Users\\Admin\\yaukin.exe /q" | C:\Users\Admin\yaukin.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\yaukin = "C:\\Users\\Admin\\yaukin.exe /y" | C:\Users\Admin\yaukin.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\yaukin = "C:\\Users\\Admin\\yaukin.exe /t" | C:\Users\Admin\yaukin.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\yaukin = "C:\\Users\\Admin\\yaukin.exe /n" | C:\Users\Admin\yaukin.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Windows\CurrentVersion\Run\yaukin = "C:\\Users\\Admin\\yaukin.exe /a" | C:\Users\Admin\yaukin.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\yaukin = "C:\\Users\\Admin\\yaukin.exe /l" | C:\Users\Admin\yaukin.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Windows\CurrentVersion\Run\yaukin = "C:\\Users\\Admin\\yaukin.exe /u" | C:\Users\Admin\yaukin.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\yaukin = "C:\\Users\\Admin\\yaukin.exe /k" | C:\Users\Admin\yaukin.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\yaukin = "C:\\Users\\Admin\\yaukin.exe /z" | C:\Users\Admin\yaukin.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Windows\CurrentVersion\Run\yaukin = "C:\\Users\\Admin\\yaukin.exe /c" | C:\Users\Admin\yaukin.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Windows\CurrentVersion\Run\yaukin = "C:\\Users\\Admin\\yaukin.exe /s" | C:\Users\Admin\yaukin.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\yaukin = "C:\\Users\\Admin\\yaukin.exe /a" | C:\Users\Admin\yaukin.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\yaukin = "C:\\Users\\Admin\\yaukin.exe /h" | C:\Users\Admin\yaukin.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\yaukin = "C:\\Users\\Admin\\yaukin.exe /s" | C:\Users\Admin\yaukin.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\yaukin = "C:\\Users\\Admin\\yaukin.exe /u" | C:\Users\Admin\yaukin.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\yaukin = "C:\\Users\\Admin\\yaukin.exe /c" | C:\Users\Admin\yaukin.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\yaukin = "C:\\Users\\Admin\\yaukin.exe /q" | C:\Users\Admin\yaukin.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Windows\CurrentVersion\Run\yaukin = "C:\\Users\\Admin\\yaukin.exe /k" | C:\Users\Admin\yaukin.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\yaukin = "C:\\Users\\Admin\\yaukin.exe /w" | C:\Users\Admin\yaukin.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\yaukin = "C:\\Users\\Admin\\yaukin.exe /p" | C:\Users\Admin\AppData\Local\Temp\62cd46aa795b1866af35ed6b2f8e299210e23f0c3e5d0a5ba9e90acbec7a5ba5.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\yaukin = "C:\\Users\\Admin\\yaukin.exe /p" | C:\Users\Admin\yaukin.exe | N/A |
Enumerates physical storage devices
Suspicious behavior: EnumeratesProcesses
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\62cd46aa795b1866af35ed6b2f8e299210e23f0c3e5d0a5ba9e90acbec7a5ba5.exe | N/A |
| N/A | N/A | C:\Users\Admin\yaukin.exe | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 1844 wrote to memory of 2716 | N/A | C:\Users\Admin\AppData\Local\Temp\62cd46aa795b1866af35ed6b2f8e299210e23f0c3e5d0a5ba9e90acbec7a5ba5.exe | C:\Users\Admin\yaukin.exe |
| PID 1844 wrote to memory of 2716 | N/A | C:\Users\Admin\AppData\Local\Temp\62cd46aa795b1866af35ed6b2f8e299210e23f0c3e5d0a5ba9e90acbec7a5ba5.exe | C:\Users\Admin\yaukin.exe |
| PID 1844 wrote to memory of 2716 | N/A | C:\Users\Admin\AppData\Local\Temp\62cd46aa795b1866af35ed6b2f8e299210e23f0c3e5d0a5ba9e90acbec7a5ba5.exe | C:\Users\Admin\yaukin.exe |
| PID 1844 wrote to memory of 2716 | N/A | C:\Users\Admin\AppData\Local\Temp\62cd46aa795b1866af35ed6b2f8e299210e23f0c3e5d0a5ba9e90acbec7a5ba5.exe | C:\Users\Admin\yaukin.exe |
Processes
C:\Users\Admin\AppData\Local\Temp\62cd46aa795b1866af35ed6b2f8e299210e23f0c3e5d0a5ba9e90acbec7a5ba5.exe
"C:\Users\Admin\AppData\Local\Temp\62cd46aa795b1866af35ed6b2f8e299210e23f0c3e5d0a5ba9e90acbec7a5ba5.exe"
C:\Users\Admin\yaukin.exe
"C:\Users\Admin\yaukin.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | ns1.helpupdates.com | udp |
| US | 8.8.8.8:53 | ns1.helpupdater.net | udp |
| FI | 193.166.255.171:8000 | ns1.helpupdater.net | tcp |
| US | 8.8.8.8:53 | ns1.helpupdated.com | udp |
| US | 8.8.8.8:53 | ns1.helpupdated.net | udp |
| US | 8.8.8.8:53 | ns1.helpupdated.org | udp |
| FI | 193.166.255.171:8000 | ns1.helpupdater.net | tcp |
| US | 8.8.8.8:53 | ns1.helpupdated.net | udp |
| FI | 193.166.255.171:8000 | ns1.helpupdater.net | tcp |
| US | 8.8.8.8:53 | ns1.helpupdated.net | udp |
| FI | 193.166.255.171:8000 | ns1.helpupdater.net | tcp |
| US | 8.8.8.8:53 | ns1.helpupdated.net | udp |
| FI | 193.166.255.171:8000 | ns1.helpupdater.net | tcp |
| US | 8.8.8.8:53 | ns1.helpupdated.net | udp |
| FI | 193.166.255.171:8000 | ns1.helpupdater.net | tcp |
| US | 8.8.8.8:53 | ns1.helpupdated.net | udp |
| FI | 193.166.255.171:8000 | ns1.helpupdater.net | tcp |
| US | 8.8.8.8:53 | ns1.helpupdated.net | udp |
| FI | 193.166.255.171:8000 | ns1.helpupdater.net | tcp |
| US | 8.8.8.8:53 | ns1.helpupdated.net | udp |
| FI | 193.166.255.171:8000 | ns1.helpupdater.net | tcp |
| US | 8.8.8.8:53 | ns1.helpupdated.net | udp |
| FI | 193.166.255.171:8000 | ns1.helpupdater.net | tcp |
| US | 8.8.8.8:53 | ns1.helpupdated.net | udp |
| FI | 193.166.255.171:8000 | ns1.helpupdater.net | tcp |
| US | 8.8.8.8:53 | ns1.helpupdated.net | udp |
| FI | 193.166.255.171:8000 | ns1.helpupdater.net | tcp |
| US | 8.8.8.8:53 | ns1.helpupdated.net | udp |
| FI | 193.166.255.171:8000 | ns1.helpupdater.net | tcp |
| US | 8.8.8.8:53 | ns1.helpupdated.net | udp |
| FI | 193.166.255.171:8000 | ns1.helpupdater.net | tcp |
| US | 8.8.8.8:53 | ns1.helpupdated.net | udp |
| FI | 193.166.255.171:8000 | ns1.helpupdater.net | tcp |
| US | 8.8.8.8:53 | ns1.helpupdated.net | udp |
| FI | 193.166.255.171:8000 | ns1.helpupdater.net | tcp |
| US | 8.8.8.8:53 | ns1.helpupdated.net | udp |
| FI | 193.166.255.171:8000 | ns1.helpupdater.net | tcp |
| US | 8.8.8.8:53 | ns1.helpupdated.net | udp |
| FI | 193.166.255.171:8000 | ns1.helpupdater.net | tcp |
| US | 8.8.8.8:53 | ns1.helpupdated.net | udp |
| FI | 193.166.255.171:8000 | ns1.helpupdater.net | tcp |
| US | 8.8.8.8:53 | ns1.helpupdated.net | udp |
| FI | 193.166.255.171:8000 | ns1.helpupdater.net | tcp |
| US | 8.8.8.8:53 | ns1.helpupdated.net | udp |
| FI | 193.166.255.171:8000 | ns1.helpupdater.net | tcp |
| US | 8.8.8.8:53 | ns1.helpupdated.net | udp |
| FI | 193.166.255.171:8000 | ns1.helpupdater.net | tcp |
| US | 8.8.8.8:53 | ns1.helpupdated.net | udp |
| FI | 193.166.255.171:8000 | ns1.helpupdater.net | tcp |
| US | 8.8.8.8:53 | ns1.helpupdated.net | udp |
| FI | 193.166.255.171:8000 | ns1.helpupdater.net | tcp |
| US | 8.8.8.8:53 | ns1.helpupdated.net | udp |
| FI | 193.166.255.171:8000 | ns1.helpupdater.net | tcp |
| US | 8.8.8.8:53 | ns1.helpupdated.net | udp |
| FI | 193.166.255.171:8000 | ns1.helpupdater.net | tcp |
| US | 8.8.8.8:53 | ns1.helpupdated.net | udp |
| FI | 193.166.255.171:8000 | ns1.helpupdater.net | tcp |
| US | 8.8.8.8:53 | ns1.helpupdated.net | udp |
| FI | 193.166.255.171:8000 | ns1.helpupdater.net | tcp |
| US | 8.8.8.8:53 | ns1.helpupdated.net | udp |
Files
C:\Users\Admin\yaukin.exe
| MD5 | 7212d17e139e5edeaa97b3419b3ef066 |
| SHA1 | caa33832c4cce6e04c1ae4d58eae165029b2e855 |
| SHA256 | 0cb7779696e291a574059db0c0ca890e7032e7ee56a1f357df2a1794a645de0e |
| SHA512 | 16ede06bba155690c545499d4a82e9f4a372f60853790d7ac94ee95090dfb1faf43cb9e72602cab0c3e66910ad8963121976f543d791e6792441a90e02344695 |