Analysis Overview
SHA256
b8ed5c60158a55812bd992672bd070500b352b36d841c704d70eccdaba9b7c07
Threat Level: Shows suspicious behavior
The file ultraiso.exe was found to be: Shows suspicious behavior.
Malicious Activity Summary
UPX packed file
ASPack v2.12-2.42
Executes dropped EXE
Loads dropped DLL
AutoIT Executable
Enumerates physical storage devices
Unsigned PE
Runs .reg file with regedit
Modifies registry class
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of WriteProcessMemory
Modifies registry key
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-05-10 12:57
Signatures
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
AutoIT Executable
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-05-10 12:57
Reported
2024-05-10 13:00
Platform
win7-20240221-en
Max time kernel
145s
Max time network
129s
Command Line
Signatures
ASPack v2.12-2.42
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\ultraiso\UltraISO.exe | N/A |
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\cmd.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\cmd.exe | N/A |
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
AutoIT Executable
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Enumerates physical storage devices
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\.ima | C:\Windows\SysWOW64\cmd.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\.ima\ = "isoui" | C:\Windows\SysWOW64\cmd.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\isoui\Shell\Open\Command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Temp\\ultraiso\\ultraiso.exe\" \"%1\"" | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\isoui\DefaultIcon | C:\Windows\SysWOW64\reg.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\isoui | C:\Windows\SysWOW64\reg.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\.isz | C:\Windows\SysWOW64\cmd.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\.img\ = "isoui" | C:\Windows\SysWOW64\cmd.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\.iso\ = "isoui" | C:\Windows\SysWOW64\cmd.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\isoui\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ultraiso\\UltraISO.EXE,0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\isoui | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\isoui\Shell\Open | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\isoui\Shell | C:\Windows\SysWOW64\cmd.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\isoui\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ultraiso\\UltraISO.EXE,0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\.iso | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\.img | C:\Windows\SysWOW64\cmd.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\.mos\ = "isoui" | C:\Windows\SysWOW64\cmd.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\.isz\ = "isoui" | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\.mos | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\isoui\DefaultIcon | C:\Windows\SysWOW64\reg.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\isoui\Shell\Open\Command | C:\Windows\SysWOW64\cmd.exe | N/A |
Modifies registry key
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\reg.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\reg.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\reg.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\reg.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\reg.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\reg.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\reg.exe | N/A |
Runs .reg file with regedit
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\regedit.exe | N/A |
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\ultraiso\UltraISO.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\ultraiso.exe
"C:\Users\Admin\AppData\Local\Temp\ultraiso.exe"
C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\ultraiso\RunUi.CMD
C:\Windows\SysWOW64\reg.exe
reg export "HKCU\Software\EasyBoot Systems\UltraISO\5.0" "C:\Users\Admin\AppData\Local\Temp\ultraiso\$oset.reg"
C:\Windows\SysWOW64\reg.exe
REG DELETE HKCU\Software\Microsoft\Software\EasyBoot Systems\UltraISO\5.0\ /f
C:\Windows\SysWOW64\reg.exe
reg add "HKCU\Software\EasyBoot Systems\UltraISO\5.0" /v "Language" /t REG_SZ /d "2052" /f
C:\Windows\SysWOW64\reg.exe
reg add "HKCU\Software\EasyBoot Systems\UltraISO\5.0" /v "SoundEffect" /t REG_SZ /d "0" /f
C:\Windows\SysWOW64\reg.exe
reg add "HKCU\Software\EasyBoot Systems\UltraISO\5.0" /v "USBBootPart" /t REG_SZ /d "2" /f
C:\Windows\SysWOW64\reg.exe
reg add "HKCU\Software\EasyBoot Systems\UltraISO\5.0" /v "UPlusV2Level" /t REG_SZ /d "3" /f
C:\Windows\SysWOW64\reg.exe
reg add "HKCU\Software\EasyBoot Systems\UltraISO\5.0" /v "USBMode" /t REG_SZ /d "4" /f
C:\Windows\SysWOW64\reg.exe
reg add "HKCU\Software\EasyBoot Systems\UltraISO\5.0" /v "UseSkins" /t REG_SZ /d "1" /f
C:\Windows\SysWOW64\reg.exe
REG ADD HKCR\isoui\DefaultIcon /ve /t REG_SZ /d "C:\Users\Admin\AppData\Local\Temp\ultraiso\UltraISO.EXE,0" /f
C:\Windows\SysWOW64\reg.exe
reg export HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iso "C:\Users\Admin\AppData\Local\Temp\ultraiso\$isoszr.reg"
C:\Windows\SysWOW64\reg.exe
reg export HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.isz "C:\Users\Admin\AppData\Local\Temp\ultraiso\$iszszr.reg
C:\Windows\SysWOW64\reg.exe
REG DELETE HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iso /v Progid /f
C:\Windows\SysWOW64\reg.exe
REG DELETE HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iso /v Application /f
C:\Windows\SysWOW64\reg.exe
REG DELETE HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.isz /v Progid /f
C:\Windows\SysWOW64\reg.exe
REG DELETE HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.isz /v Application /f
C:\Windows\SysWOW64\regedit.exe
regedit /s "C:\Users\Admin\AppData\Local\Temp\ultraiso\$78iso.reg"
C:\Windows\SysWOW64\reg.exe
REG DELETE HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iso\UserChoice /v Progid /f
C:\Windows\SysWOW64\reg.exe
REG DELETE HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.isz\UserChoice /v Progid /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c assoc .iso
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c assoc .isz
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c assoc .img
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ftype isofile
C:\Windows\SysWOW64\reg.exe
REG DELETE HKCR\isofile\ /f
C:\Windows\SysWOW64\reg.exe
REG ADD HKCR\isoui\DefaultIcon /ve /t REG_SZ /d "C:\Users\Admin\AppData\Local\Temp\ultraiso\UltraISO.EXE,0" /f
C:\Users\Admin\AppData\Local\Temp\ultraiso\UltraISO.exe
C:\Users\Admin\AppData\Local\Temp\ultraiso\UltraISO.exe
Network
Files
memory/2180-0-0x0000000000400000-0x00000000004BC000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\ultraiso\uikey.ini
| MD5 | 3166d14469a096f73ef8d9a3895a8f7a |
| SHA1 | 1b7e1f2cdafadab6949e71735ebd60019ac59ebf |
| SHA256 | 1a71d93088fcae27728b2dd59c7b9e753d54c6eede456831b4a789d6c9040ca2 |
| SHA512 | af0855b0392cee330ffa0c566afdb5f54e3d67cfd8ff63dbb14936bc55f49605379e41e12e55e0158a5e677ee82f8b2ed0a6f2c15cda033e9f19f87c3785c044 |
C:\Users\Admin\AppData\Local\Temp\ultraiso\RunUi.CMD
| MD5 | 983ad153b341b7bc079cc2987a01ab1f |
| SHA1 | a7ddf118ee5b6341184e076149c417e6c498e863 |
| SHA256 | 174f8de4f2584da68d6259746298755f2eaa9c5691697b3faa57a8fc0cd9992f |
| SHA512 | 0126af0ec97b8bde671692ff217ab6f3bc05fb941d8f71e7c54958a84ac5d24f9e475db295c1a162c72e1225cb7acbcc630d85678d8054b6116dfcb45bc4c56e |
C:\Users\Admin\AppData\Local\Temp\ultraiso\UltraISO.exe
| MD5 | c2ff494fb85fe7b58f4be896e32e845d |
| SHA1 | 0684b12137b15f0b3ef65fc120f60cb050310e87 |
| SHA256 | 3b8dff206552ea85f1ae3fb47504f26c0736e79ca5479428812ba73ca0a62fb4 |
| SHA512 | b6bbf3be94406856b94236143c3fe42d52144d2e451702d8afd6459649c094fb26cfdbdc182df2fc20064afb39ffb9a3f7493a398ff78719d3b6af553a07e4c6 |
memory/2680-75-0x0000000000400000-0x0000000000C51000-memory.dmp
memory/836-74-0x0000000002120000-0x0000000002971000-memory.dmp
memory/836-72-0x0000000002120000-0x0000000002971000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\ultraiso\ultraiso.ini
| MD5 | 0b741417eb99638db4c39e90ab9497e8 |
| SHA1 | 2c1d02dd12eef7ca6056b4e6fbd46ff32c211cc4 |
| SHA256 | aa084f956778df4025dcfb9f555dc899d7b62810c7962ea4a6c72db9e9165eb9 |
| SHA512 | 441ce56758a17a007aaeee7b8da7d280f476851eb321a45132d0ed3d57252b3ee5e81c3ba0a54db7b0c4d86b6ea92253066f93390880ccb4d9bb9788641bc522 |
memory/2180-78-0x0000000000400000-0x00000000004BC000-memory.dmp
memory/2680-79-0x0000000000400000-0x0000000000C51000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2024-05-10 12:57
Reported
2024-05-10 12:59
Platform
win10v2004-20240508-en
Max time kernel
149s
Max time network
151s
Command Line
Signatures
ASPack v2.12-2.42
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\ultraiso\UltraISO.exe | N/A |
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
AutoIT Executable
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Enumerates physical storage devices
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\isoui\DefaultIcon | C:\Windows\SysWOW64\reg.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\.img | C:\Windows\SysWOW64\cmd.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\.img\ = "isoui" | C:\Windows\SysWOW64\cmd.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\.mos\ = "isoui" | C:\Windows\SysWOW64\cmd.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\isoui\Shell\Open\Command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Temp\\ultraiso\\ultraiso.exe\" \"%1\"" | C:\Windows\SysWOW64\cmd.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\isoui\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ultraiso\\UltraISO.EXE,0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\isoui\Shell\Open | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\isoui\Shell\Open\Command | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\isoui | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\isoui\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ultraiso\\UltraISO.EXE,0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\.iso | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\.isz | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\isoui\DefaultIcon | C:\Windows\SysWOW64\reg.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\isoui | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\isoui\Shell | C:\Windows\SysWOW64\cmd.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\.iso\ = "isoui" | C:\Windows\SysWOW64\cmd.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\.isz\ = "isoui" | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\.ima | C:\Windows\SysWOW64\cmd.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\.ima\ = "isoui" | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\.mos | C:\Windows\SysWOW64\cmd.exe | N/A |
Modifies registry key
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\reg.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\reg.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\reg.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\reg.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\reg.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\reg.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\reg.exe | N/A |
Runs .reg file with regedit
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\regedit.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\ultraiso.exe
"C:\Users\Admin\AppData\Local\Temp\ultraiso.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ultraiso\RunUi.CMD
C:\Windows\SysWOW64\reg.exe
reg export "HKCU\Software\EasyBoot Systems\UltraISO\5.0" "C:\Users\Admin\AppData\Local\Temp\ultraiso\$oset.reg"
C:\Windows\SysWOW64\reg.exe
REG DELETE HKCU\Software\Microsoft\Software\EasyBoot Systems\UltraISO\5.0\ /f
C:\Windows\SysWOW64\reg.exe
reg add "HKCU\Software\EasyBoot Systems\UltraISO\5.0" /v "Language" /t REG_SZ /d "2052" /f
C:\Windows\SysWOW64\reg.exe
reg add "HKCU\Software\EasyBoot Systems\UltraISO\5.0" /v "SoundEffect" /t REG_SZ /d "0" /f
C:\Windows\SysWOW64\reg.exe
reg add "HKCU\Software\EasyBoot Systems\UltraISO\5.0" /v "USBBootPart" /t REG_SZ /d "2" /f
C:\Windows\SysWOW64\reg.exe
reg add "HKCU\Software\EasyBoot Systems\UltraISO\5.0" /v "UPlusV2Level" /t REG_SZ /d "3" /f
C:\Windows\SysWOW64\reg.exe
reg add "HKCU\Software\EasyBoot Systems\UltraISO\5.0" /v "USBMode" /t REG_SZ /d "4" /f
C:\Windows\SysWOW64\reg.exe
reg add "HKCU\Software\EasyBoot Systems\UltraISO\5.0" /v "UseSkins" /t REG_SZ /d "1" /f
C:\Windows\SysWOW64\reg.exe
REG ADD HKCR\isoui\DefaultIcon /ve /t REG_SZ /d "C:\Users\Admin\AppData\Local\Temp\ultraiso\UltraISO.EXE,0" /f
C:\Windows\SysWOW64\reg.exe
reg export HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iso "C:\Users\Admin\AppData\Local\Temp\ultraiso\$isoszr.reg"
C:\Windows\SysWOW64\reg.exe
reg export HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.isz "C:\Users\Admin\AppData\Local\Temp\ultraiso\$iszszr.reg
C:\Windows\SysWOW64\reg.exe
REG DELETE HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iso /v Progid /f
C:\Windows\SysWOW64\reg.exe
REG DELETE HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iso /v Application /f
C:\Windows\SysWOW64\reg.exe
REG DELETE HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.isz /v Progid /f
C:\Windows\SysWOW64\reg.exe
REG DELETE HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.isz /v Application /f
C:\Windows\SysWOW64\regedit.exe
regedit /s "C:\Users\Admin\AppData\Local\Temp\ultraiso\$78iso.reg"
C:\Windows\SysWOW64\reg.exe
REG DELETE HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iso\UserChoice /v Progid /f
C:\Windows\SysWOW64\reg.exe
REG DELETE HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.isz\UserChoice /v Progid /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c assoc .iso
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c assoc .isz
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c assoc .img
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ftype isofile
C:\Windows\SysWOW64\reg.exe
REG DELETE HKCR\isofile\ /f
C:\Windows\SysWOW64\reg.exe
REG ADD HKCR\isoui\DefaultIcon /ve /t REG_SZ /d "C:\Users\Admin\AppData\Local\Temp\ultraiso\UltraISO.EXE,0" /f
C:\Users\Admin\AppData\Local\Temp\ultraiso\UltraISO.exe
C:\Users\Admin\AppData\Local\Temp\ultraiso\UltraISO.exe
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 79.190.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 17.160.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 205.47.74.20.in-addr.arpa | udp |
| BE | 2.17.196.137:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 137.196.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.165.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.39.242.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 17.143.109.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 215.143.182.52.in-addr.arpa | udp |
Files
memory/812-0-0x0000000000400000-0x00000000004BC000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\aut47C0.tmp
| MD5 | 3166d14469a096f73ef8d9a3895a8f7a |
| SHA1 | 1b7e1f2cdafadab6949e71735ebd60019ac59ebf |
| SHA256 | 1a71d93088fcae27728b2dd59c7b9e753d54c6eede456831b4a789d6c9040ca2 |
| SHA512 | af0855b0392cee330ffa0c566afdb5f54e3d67cfd8ff63dbb14936bc55f49605379e41e12e55e0158a5e677ee82f8b2ed0a6f2c15cda033e9f19f87c3785c044 |
C:\Users\Admin\AppData\Local\Temp\ultraiso\UltraISO.exe
| MD5 | c2ff494fb85fe7b58f4be896e32e845d |
| SHA1 | 0684b12137b15f0b3ef65fc120f60cb050310e87 |
| SHA256 | 3b8dff206552ea85f1ae3fb47504f26c0736e79ca5479428812ba73ca0a62fb4 |
| SHA512 | b6bbf3be94406856b94236143c3fe42d52144d2e451702d8afd6459649c094fb26cfdbdc182df2fc20064afb39ffb9a3f7493a398ff78719d3b6af553a07e4c6 |
C:\Users\Admin\AppData\Local\Temp\ultraiso\RunUi.CMD
| MD5 | 983ad153b341b7bc079cc2987a01ab1f |
| SHA1 | a7ddf118ee5b6341184e076149c417e6c498e863 |
| SHA256 | 174f8de4f2584da68d6259746298755f2eaa9c5691697b3faa57a8fc0cd9992f |
| SHA512 | 0126af0ec97b8bde671692ff217ab6f3bc05fb941d8f71e7c54958a84ac5d24f9e475db295c1a162c72e1225cb7acbcc630d85678d8054b6116dfcb45bc4c56e |
C:\Users\Admin\AppData\Local\Temp\REG498C.tmp
| MD5 | ef9a4a33dedea00b9e71f6538d3deab5 |
| SHA1 | 3b4e0e27a1bb378662186f31eacb3057fa3e578e |
| SHA256 | addae7f869b9b984f904815690ad1b3c2c10df573458a7e096965580033fa31c |
| SHA512 | 3a13b98795999eb46cb9c415b36d969da994b208b55088f7a7894469bddcf4585126dde18631e79e72f4b4c93ec00635cb19382d068b56caee59af860524b2a8 |
memory/5112-75-0x0000000000400000-0x0000000000C51000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\ultraiso\ultraiso.ini
| MD5 | 0b741417eb99638db4c39e90ab9497e8 |
| SHA1 | 2c1d02dd12eef7ca6056b4e6fbd46ff32c211cc4 |
| SHA256 | aa084f956778df4025dcfb9f555dc899d7b62810c7962ea4a6c72db9e9165eb9 |
| SHA512 | 441ce56758a17a007aaeee7b8da7d280f476851eb321a45132d0ed3d57252b3ee5e81c3ba0a54db7b0c4d86b6ea92253066f93390880ccb4d9bb9788641bc522 |
memory/812-78-0x0000000000400000-0x00000000004BC000-memory.dmp
memory/5112-79-0x0000000000400000-0x0000000000C51000-memory.dmp