Analysis Overview
SHA256
770085623b4d362d143b631396d03255197cdfdff9b239a4668e75a611e0cc53
Threat Level: Known bad
The file Cutor2.rar was found to be: Known bad.
Malicious Activity Summary
Lumma Stealer
Checks computer location settings
Loads dropped DLL
Executes dropped EXE
Enumerates physical storage devices
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of FindShellTrayWindow
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Suspicious use of AdjustPrivilegeToken
Modifies registry class
Runs ping.exe
Enumerates processes with tasklist
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-05-20 15:42
Signatures
Analysis: behavioral16
Detonation Overview
Submitted
2024-05-20 15:42
Reported
2024-05-20 15:46
Platform
win10v2004-20240426-en
Max time kernel
149s
Max time network
153s
Command Line
Signatures
Processes
C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\$INTERNET_CACHE\Coverage
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 217.106.137.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 79.190.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 228.249.119.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 209.205.72.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 103.169.127.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.35.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 77.190.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 19.229.111.52.in-addr.arpa | udp |
| NL | 23.62.61.171:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 171.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.167.79.40.in-addr.arpa | udp |
Files
Analysis: behavioral20
Detonation Overview
Submitted
2024-05-20 15:42
Reported
2024-05-20 15:46
Platform
win10v2004-20240508-en
Max time kernel
136s
Max time network
100s
Command Line
Signatures
Processes
C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\$INTERNET_CACHE\Describes
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 232.168.11.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 79.190.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 76.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.35.223.20.in-addr.arpa | udp |
| NL | 23.62.61.194:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 97.17.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 194.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.23.12.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 88.156.103.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 200.197.79.204.in-addr.arpa | udp |
Files
Analysis: behavioral21
Detonation Overview
Submitted
2024-05-20 15:42
Reported
2024-05-20 15:46
Platform
win7-20240221-en
Max time kernel
122s
Max time network
126s
Command Line
Signatures
Processes
C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\$INTERNET_CACHE\Following
Network
Files
Analysis: behavioral2
Detonation Overview
Submitted
2024-05-20 15:42
Reported
2024-05-20 15:46
Platform
win10v2004-20240508-en
Max time kernel
148s
Max time network
152s
Command Line
Signatures
Enumerates physical storage devices
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000_Classes\Local Settings | C:\Windows\system32\cmd.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000_Classes\Local Settings | C:\Windows\system32\OpenWith.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
Processes
C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\Cutor2.rar
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 228.249.119.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 204.79.197.237:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | 79.190.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 237.197.79.204.in-addr.arpa | udp |
| NL | 23.62.61.171:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 171.61.62.23.in-addr.arpa | udp |
| NL | 23.62.61.171:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 71.31.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 43.58.199.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 149.220.183.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 183.59.114.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 19.229.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 200.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 5.173.189.20.in-addr.arpa | udp |
Files
Analysis: behavioral4
Detonation Overview
Submitted
2024-05-20 15:42
Reported
2024-05-20 15:46
Platform
win10v2004-20240508-en
Max time kernel
141s
Max time network
149s
Command Line
Signatures
Lumma Stealer
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\Cutor.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\297852\Journals.pif | N/A |
Enumerates physical storage devices
Enumerates processes with tasklist
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\tasklist.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\tasklist.exe | N/A |
Runs ping.exe
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\PING.EXE | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\297852\Journals.pif | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\297852\Journals.pif | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\297852\Journals.pif | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\297852\Journals.pif | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\297852\Journals.pif | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\297852\Journals.pif | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Windows\SysWOW64\tasklist.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\SysWOW64\tasklist.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\297852\Journals.pif | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\297852\Journals.pif | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\297852\Journals.pif | N/A |
Suspicious use of SendNotifyMessage
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\297852\Journals.pif | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\297852\Journals.pif | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\297852\Journals.pif | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\Cutor.exe
"C:\Users\Admin\AppData\Local\Temp\Cutor.exe"
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /k copy Mountain Mountain.cmd & Mountain.cmd & exit
C:\Windows\SysWOW64\tasklist.exe
tasklist
C:\Windows\SysWOW64\findstr.exe
findstr /I "wrsa.exe opssvc.exe"
C:\Windows\SysWOW64\tasklist.exe
tasklist
C:\Windows\SysWOW64\findstr.exe
findstr /I "avastui.exe avgui.exe nswscsvc.exe sophoshealth.exe"
C:\Windows\SysWOW64\cmd.exe
cmd /c md 297852
C:\Windows\SysWOW64\findstr.exe
findstr /V "mjscheduledkindspsychology" Roulette
C:\Windows\SysWOW64\cmd.exe
cmd /c copy /b Bone + Personnel + Watson + Describes 297852\O
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\297852\Journals.pif
297852\Journals.pif 297852\O
C:\Windows\SysWOW64\PING.EXE
ping -n 5 127.0.0.1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 228.249.119.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.35.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | NQjeNdVADsUyMtAGmp.NQjeNdVADsUyMtAGmp | udp |
| US | 8.8.8.8:53 | 149.220.183.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | employeedscratshj.shop | udp |
| US | 172.67.186.163:443 | employeedscratshj.shop | tcp |
| US | 8.8.8.8:53 | sofaprivateawarderysj.shop | udp |
| US | 8.8.8.8:53 | lineagelasserytailsd.shop | udp |
| US | 8.8.8.8:53 | tendencyportionjsuk.shop | udp |
| US | 8.8.8.8:53 | headraisepresidensu.shop | udp |
| US | 8.8.8.8:53 | appetitesallooonsj.shop | udp |
| US | 8.8.8.8:53 | minorittyeffeoos.shop | udp |
| US | 8.8.8.8:53 | prideconstituiiosjk.shop | udp |
| US | 8.8.8.8:53 | smallelementyjdui.shop | udp |
| US | 8.8.8.8:53 | 163.186.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.23.12.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 142.53.16.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 19.229.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Mountain
| MD5 | 1f442fb73d09d937f6bcc25652658aa8 |
| SHA1 | 7d47f3e5573bf12843b9fb8df0a7ecdde10c9dc7 |
| SHA256 | 9b66a4edacc06979e23b7a267eb01e704710dcd2160ac6df16fa2823b1fdf459 |
| SHA512 | da8c9bbad6be295b3cde5f44db858d2b5a03c2acde0f9f9b582ecb7203b77853916d9d22ebb2056e53d96746e9f3dd7e89616d6cca01fb39744128e4fadac1d9 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Roulette
| MD5 | b307bbe071e0eac1ef58ae91b18f9756 |
| SHA1 | 0ad6b3ec67d3393ccf7e2921273da467fb07748c |
| SHA256 | c016da1246b29af5e0b39e560c2ff04970aa5811daf59de3325457aa277f3b4e |
| SHA512 | e4c5739e03fc24abf1a3afa0852157809fb80e9d72732c3c7a2867470dd81cb41bad22249fa78a0dd6333bb2d8629d29490e3407f12c180684fc6a6be0496b54 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Oils
| MD5 | 073f9e2c594b99cfb7ba3880aa680f20 |
| SHA1 | 84e31597a55f99f7e9322353116c2168ddbf3e9f |
| SHA256 | e3446f9e24cdc1dade438588b8f6a82b5d66baace47736bfc21212f05d83254d |
| SHA512 | 7cca73ff39e3c24f281999a1f9c28609c18550af3db0ba5d0bea74aeaa6d570737d9bbc01f3a89de5d934cf8894e75fd81832ac39ae3d59659810e41f5113fa4 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Sperm
| MD5 | 8b7cd805746dd7d542f11521108000cf |
| SHA1 | 560df5a1f4cf97c1686235687082ca84dcc09238 |
| SHA256 | 7ea7b24c9a43fd3c499254e03b090d3ae9003f4ec7069519e2b88a79cca5e410 |
| SHA512 | 8a5225600e0dd9cb9a8d31d67379cd865a730b0802f83f336f30945bea42fc008ade55083b5ddd008d34343c5cb7bfcbdfd9bf8aba27f87865bac50d595b26c7 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Arrives
| MD5 | 473722f790596c4d6b159fcd8a4dadef |
| SHA1 | 20271a29dcab261fee279401cba6b0bab3dc2ef2 |
| SHA256 | a33baf56fe478318a92035b652b7a7a63721aa119b355fb07e4c2bc3c405cd54 |
| SHA512 | 338337b9d4645580816abb2a042e2698b2cd698d36475d66f88ba461a6d51bc0899fdb36acd3bb944fa35aeec4d3d816eb386e2bc87de771527da415fd89c194 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Price
| MD5 | 39418d72162b9df1140a89f2f76305a4 |
| SHA1 | 632d7ec32c9957e6ca6189dbc7336684c38c5c95 |
| SHA256 | 01fe66fbc940d38ed886c76d4ebf634b94a20f51c074dff3f79994fb0af5fda6 |
| SHA512 | d88a5ba614f49473bbc0a2fc4eb3d408a78396467c42a6d525304772266c8f01d0bdfa27fc9e0a8373d02e97d2b8662c1e26d9e5d0b98cdc2ffbf7ea4c5ec33a |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Return
| MD5 | 8a1020709bd28304d685a6f2bd995f10 |
| SHA1 | f9d5fda4d34eee658b275b08ff33a82a4b29173a |
| SHA256 | b675e5376289d1b683b513d0dc51aef7441d29467f31ffa63f23c8ce7c0b530e |
| SHA512 | ba74fd5d9630d8b6a5177454025123c5c4e5fc486a73bb6734f2de01a308610b537ffa7a063642187dab68fec3a9908fc1859424cdf735007bbd8aa8687f462c |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Immune
| MD5 | 45ceb552adc3a75aa55a5d7d78b8c0d7 |
| SHA1 | fc584a0cd566842eb236c9c3b2635d2d4b97a5a9 |
| SHA256 | dd816a6509a6845e44384860fda4dcad095fac1fb9fdd2e8cceb74fb224dcc91 |
| SHA512 | 39bfb1470e2cc31127f654a07a17827ba19d6aed1c6108a27dffb8d2bf00ccad8124417f662fe714a30461147d4f860ea97f3e45d26c3df5aa266774a73f82e5 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Corresponding
| MD5 | 24f764a45140ae61b291022b188cad50 |
| SHA1 | ff59085b23c849d589360dc19df2aa82c5032bd0 |
| SHA256 | eb85a752452828fe7e83d18dcaa80fdd81b416a3cef1429a8765228bf889738e |
| SHA512 | 3fd4f1e7c9214687c99400a951101c194067c01fb79107a3381d5c122900571b0a064548a4f9065b2dc14dbe01b8bf871afc860123408ade78a52a22c28bd122 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Spice
| MD5 | b06d471853c6da37b444d76be3b6ecfc |
| SHA1 | 8c2a438aa36f0d8f1cec0b31da0a29b14a812497 |
| SHA256 | a2bd59c5f2c04de8d9c33bdef220d6f4a187cd81079cf0b2c93a56fa941d707e |
| SHA512 | 654ec116606ed2c6d93a3b769efaab8abcf5510d9b8f3a72af127badebff4d5bee089ce4439cef37e8ec5cd758698978a9674d72b94a309a04096d8402223179 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Blond
| MD5 | 499020d7a6695730ade820ec473a7014 |
| SHA1 | 8dbe5dd49c6b527426c41eb8f75c66cc525e8d07 |
| SHA256 | 7b6044b2f019eb7161602f2b177ef387ea22a5fd498f2262e671e6bf1c0418d5 |
| SHA512 | 273c79a06188de53dfeeaad4ee682ffd6afdc255b28df77e867bef2ddfd44528035cd61732192d7cd76359ac71b9e08c4a3cb94368eed8dd07c5a208c74f54da |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Sucking
| MD5 | 56938cf26450118dad55a15254f72f97 |
| SHA1 | ed5a4bb79709dac97dc477fa1d648349272aa7a5 |
| SHA256 | 6540e092e2faa60fe480d81d59e34dd88c13876bef37830e2206bfb59ce9132c |
| SHA512 | 5dcd81b1ce7c59cf02e0cc0981d39d4888da6a7ccb0c818a095a4ac9244fd01a78d513198b04b4be867f2574c26bd17b450da2bcdcc30dce9a3de4075f9bc682 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Following
| MD5 | 82d51a65bbe96f2f9e8e7b6cfb333282 |
| SHA1 | e8633d184ee93e8792c3ea8b4c1563a126d2dbfc |
| SHA256 | 654f10643984ab084893f728bf2e713a432a164d97b29e718dfd018d2acece7a |
| SHA512 | 782b892afbc79ccdfecec5072a96e209b6097d116401fe648dedfad06bd7117011af2fc4032976a0b3c6d5e97f29eb2c34e54020dc0bb8c60fdc9596d1abe46b |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Scientists
| MD5 | 0e5323e41231d475a85eb34008564de9 |
| SHA1 | e1200348bb64a087bca0a2dd98559455f506c1b7 |
| SHA256 | 586162f22f885c94ee84600d8f7682b71b0808473d8eaa43b3215ba110eea9d5 |
| SHA512 | 783a80bb025cde2c408cb70e84fe8795955fb6553b43c89f3c5915194e4890493aa1069f3bf055ae2a52837474c31eae08b7839d7b109b3d25012199efe8d647 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Referral
| MD5 | 4cbdbdebd19893c381833152e5e19e56 |
| SHA1 | 2169c833e64ac99c3bfc03747b97e6a44dd55d8c |
| SHA256 | 03030ce5872c5919ebab051e61af997c80465f002678c50af377b016b65f2645 |
| SHA512 | 7779e03a9a1ef90134778a9df83229064c0fa6c912ebf62183d5e9af7d5d21767a90eef0495608d832f40fa098692d32d22243bbf4aa892d6e8ae2d3c0d6b74e |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Provisions
| MD5 | be14b60d3523be659afe7c53a2a9aa49 |
| SHA1 | 299a05f78861186ee0c74855f790446d72a25c83 |
| SHA256 | 20415ec7bf6a4dcbd66a4b5cf66767adfcac2a59c8cb1327feee264ef6d683c3 |
| SHA512 | 296e5df4f94e3b7f02f6943fa80f35dda72951e64732e60f913d7560e6ffb3288c4c3f388c6fab505479114e163f5ef360828dfc66ba3510d6c576b2d71c4ffc |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Rich
| MD5 | 2c56890263ecb94d2205c8f3fbff85e4 |
| SHA1 | a76fa63a6705f9def165271e85360a44c9a30f76 |
| SHA256 | 7fccc2c8e04bcfeaf347efecb73db0f2d59ecc961e09b789f5e672148142a01b |
| SHA512 | 9268d4256566239e1bb557098cb5d00de1b7b4298d00bfe56bfccf3016c8f6ba42921bd182fe744619a6876a498117eceaf8a3c0db4bf6f90026b614e7f0b184 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Wed
| MD5 | 40b80c470cf945e5e6c9a00a42ee88e3 |
| SHA1 | 5fe2646ab8100f8beae82c5492d70665a912f1b5 |
| SHA256 | cb7045844af5ed931d7359025b91defd249491b9838ccfee52f8845d582d6076 |
| SHA512 | 678b0248cb9e676979dfb1b578d9e8cba412d9e10dcce5937df1c52340c549e2e8e4f3cca5f052d9538f1072c46e1a62628da3e6adc28f51818b6860f669d417 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Sale
| MD5 | f60ab8cf18169eb48aa133662c841964 |
| SHA1 | 7eb62ede0f1080f08455c4a3752eab265cf9cc8d |
| SHA256 | 438eb080850f59ad18a338d7d2a5e2d495c7f58370366819031831a6baf2d1e5 |
| SHA512 | 0f9c1c5921a58675a6502e148ba997d6852e479ca8690f274017e85cc91bb1a378bf53c4695a0237b003051e5cbe48fc6c611e8555e0970907d5925c18186349 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Principal
| MD5 | 0177f90b037f9f9ba5c331a8d7d7eb59 |
| SHA1 | ecb1458679725cd7c05c3bc7f2daf00970ffc44e |
| SHA256 | 7a75623c96b9700b77159cc729b105b127673cb326dc95d124d9e6da1049305e |
| SHA512 | a9907c2a3688974e595eb48b68e95b857450f1995852c08b322ae38f902cabced37ffb254d8b8dad6a301ccf50cc6bf7a8c9a0dea95213b1c728d6702bb14f46 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Demonstrates
| MD5 | e08e5bf768a64fe55414a7efe75bb98e |
| SHA1 | 1a4131e823a04c34bb877e1bd2da4747f88c36e6 |
| SHA256 | 5f9e851b902ead6c553929b0747a2e4038c0d47a1a9679b0e66186fcbdcf4145 |
| SHA512 | 920c6db4296d4384d9368313aa9d00d93da69305836cf497bfa864f5907f892b51d6917bd20cf881ed91ac08ad2f3d7768f6dcaf29a4c0c62c526a16eb1653d5 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Wedding
| MD5 | a6916adaee9f6cd664646c133fe21adc |
| SHA1 | eec52f456e83c3e1bd3cb44078fd626f1595285d |
| SHA256 | 921695f853705f15c057ee9bcb88163143430f5218eadd65ffa685974bc239ba |
| SHA512 | 89c27fab7e1fb34deff313fcdeb3071cf38c3122217fbf2f7adc85c1a6ace34736c50cdaeb8d39e1addebc534456ad346a3892c6c2d63ced2ef53284790c79b9 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Kay
| MD5 | 9e77f9fc5c1bbae0ade16a1dd8effb21 |
| SHA1 | dd769a5be09309f4f21e06d04d68185d624195ac |
| SHA256 | e3e1f7fb978a9ed404525039fafaf519f0d414a44ddae7e3acd92ad3d3bc11fa |
| SHA512 | d04227ffddb76b7ef4e311096ea192252c53be5dfcac97441cddd7be52d056a6dcab4be594ef4d40ed10b45dc50c0f8ac6b0db8dad4a375baa7296e2c15b13d6 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Walls
| MD5 | 84d1975124695d39a9ed377145e65ef7 |
| SHA1 | 5cfb122165e5030b6f42442f4d843017de51ebd6 |
| SHA256 | 910a7915baf6b38abcc2346b6d9aca1967c62d6fe6276474e779c376984bebda |
| SHA512 | f658e2aad732bfd898252029ad928e623a2944f38ed4d2a9f24babc6f6c977c44d168477e51b9b5d9cd4fa5be962b516c7f9b71551759791774a700355f4879e |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Aspect
| MD5 | 156462caf2897d681dad8fe61d1c7279 |
| SHA1 | a7ed61c1abf6256a339247d5212624d06497051d |
| SHA256 | a4d6fcc99632d1ede57a38043e46f4a0e6d60edc10d388acf47de7f186810d6d |
| SHA512 | c09be41bdd19d22dc9d7d8259116a1c98f5a37819ac4ea45b4230ca093b34784f397d523fc5ae5f644aa3a35750e0c570af01ef94d34b060da5d18c19a30fd67 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Coverage
| MD5 | d51d5baf2c9751a080d23ca1d67fc877 |
| SHA1 | 4e03ddd85f9a93d666093fff94296a1e8119b492 |
| SHA256 | e66104a1f8fa1926811e2c82f16a415584732d80c984bc95472d26663355130f |
| SHA512 | 048eabdff052549ea0005096109a155e3cbb3cb55e45e7a6b4813637b7390f56f605083c352ad01171c275e1e8a1305d1ed4bc3dd62af15bda2e68bfcceeef85 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\K
| MD5 | f9596ddb1d9b538409e412b39569212e |
| SHA1 | 99de9993abb4c4480061a00e3b7a7e0ec9c18efa |
| SHA256 | 8c9328d2260c23517a1835f80946bf9e2e21db5265905484e0ac4d8b888a6162 |
| SHA512 | f2fea44814a21507108169f82222a8725fe464c28126edb6edac227f138b406af0d7a19a69738ed3dc7326a44432d93be5124eaad2410c44c54b1e61dbef1afb |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Quotations
| MD5 | 2d7d4d7423acbccfce375010af3bfe95 |
| SHA1 | 7164bc8fa3a08eaccb1441ee00dc0df595e79e35 |
| SHA256 | 5098e9326c80f53dcafba899fa500a68823d33df64c9641d2b7b4b3551af1b32 |
| SHA512 | 1c50f366c452dc84aa42b0c69e90b4de97942869da4f465b267a81af2fc37ab6815d2c454038861d38105890fb3962f0f50365cd77dc298c1609377e5349aaec |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Spots
| MD5 | 6534ef16cc3db989801dab27ce49df95 |
| SHA1 | e2df162e54d2a601ce6af9af1ffe7e0b8dfd5fd6 |
| SHA256 | 3152a116e9ad00bbd28af33f9f90c18e7703b9df822fa6af720397c3f8ae6e79 |
| SHA512 | 17174c0412df108cce6efdf944ccc334d699cee8ffc1c42023d25b235e1460a7e329cc453c35b78e19a827a13e4b62ae121aba7dcd71bf6c5d1fd4e3716642be |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Bone
| MD5 | 124e240a6529b61f018b30adac17553d |
| SHA1 | 950077be632fde663aacf7636a0ece5c918d2f63 |
| SHA256 | 70e4f36876b997f504b67027be7bb02d9fb5faecf014f603cbe7d5e640631994 |
| SHA512 | c57ccf9cdcce52cc197fdba2586e9e924823b74cc8491e1cafdf9d74069aa13d4a5dcedaa80804456885bb9fca7ea8beb4a5ebe1ef15c0fb91f5fe127324ab8b |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Personnel
| MD5 | 588fc6008acff48bb6638695bcf6f1b0 |
| SHA1 | 9292a8d099705f171df67fe90ee89bd856abf5df |
| SHA256 | 9c0eb0254a68fd60b04489af0bd9615d91a6c1c189af0c457c258c886afd8931 |
| SHA512 | 1068d494de53e441ee7e89c29062acaf6f966ec53541c0dca79f7660b13d0c7f40c04f17c23928eab548cb5700123f94b60f90f9b9ecc3e35780e3fb9877b804 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Describes
| MD5 | dab205ef316a75b18e861f7a867e0989 |
| SHA1 | 650f9b788b6213225dc0f8d21236d1b06bde4fc9 |
| SHA256 | a14ab8b356d3d939c5b2283e3cda3af305d4107e7f178c852e0680457acc269e |
| SHA512 | 365fa6a6b20c940cee09294c5bfd35c52928874532a5b27e73891a498f1463d84fa0305b2d6a721f67bc39b828379eacfa092df664f73a8f863ae39ef7ae4d8b |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Watson
| MD5 | 7aa422834f47f989ad74fb8a87de4225 |
| SHA1 | 5b94537ea7df76b5b6a70aab1078623198ec2d2f |
| SHA256 | 79012da4bd552682d1635fa3fa33209f75bf059c7f63c0ab727ae72fa92f1332 |
| SHA512 | d1560c003880da5a030107030504cba01efd0829e5fbf24037145b131752b91c7b295999a0123a87094889cf086f0214fb6efe67bd27faa185b6a38a9b51efca |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\297852\Journals.pif
| MD5 | b06e67f9767e5023892d9698703ad098 |
| SHA1 | acc07666f4c1d4461d3e1c263cf6a194a8dd1544 |
| SHA256 | 8498900e57a490404e7ec4d8159bee29aed5852ae88bd484141780eaadb727bb |
| SHA512 | 7972c78acebdd86c57d879c12cb407120155a24a52fda23ddb7d9e181dd59dac1eb74f327817adbc364d37c8dc704f8236f3539b4d3ee5a022814924a1616943 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\297852\O
| MD5 | 46191d9919762445f6246396127d6d86 |
| SHA1 | 1387f35b5fe3f56402c89444f2e74b0f5d5b4e42 |
| SHA256 | 7bbe5eb8ffb88fc4e9872cfaa467cf8d41f37466c078fc403f163030abf7c507 |
| SHA512 | cc898c08a711d4e5163576d2737735d2f0cb042c87e9e09abe1d3c27751024f9f90314e9dc4d65821d18cf5da1fd592a14f216ba84ec24db119b380644cee736 |
memory/4764-667-0x0000000004700000-0x0000000004757000-memory.dmp
memory/4764-668-0x0000000004700000-0x0000000004757000-memory.dmp
memory/4764-669-0x0000000004700000-0x0000000004757000-memory.dmp
memory/4764-670-0x0000000004700000-0x0000000004757000-memory.dmp
memory/4764-671-0x0000000004700000-0x0000000004757000-memory.dmp
Analysis: behavioral10
Detonation Overview
Submitted
2024-05-20 15:42
Reported
2024-05-20 15:46
Platform
win10v2004-20240426-en
Max time kernel
150s
Max time network
151s
Command Line
Signatures
Processes
C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\$INTERNET_CACHE\Blond
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 204.79.197.237:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | 209.205.72.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 237.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 71.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| NL | 23.62.61.171:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 171.61.62.23.in-addr.arpa | udp |
| NL | 23.62.61.129:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 129.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 232.168.11.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 217.106.137.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 157.123.68.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 56.126.166.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.35.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 43.58.199.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | udp |
Files
Analysis: behavioral12
Detonation Overview
Submitted
2024-05-20 15:42
Reported
2024-05-20 15:46
Platform
win10v2004-20240508-en
Max time kernel
139s
Max time network
106s
Command Line
Signatures
Processes
C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\$INTERNET_CACHE\Bone
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 97.17.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 77.190.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 140.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 209.205.72.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 228.249.119.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.23.12.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 79.190.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 204.79.197.237:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | 237.197.79.204.in-addr.arpa | udp |
| NL | 23.62.61.72:443 | www.bing.com | tcp |
| NL | 23.62.61.72:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 72.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 71.31.126.40.in-addr.arpa | udp |
| NL | 52.111.243.31:443 | tcp | |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 43.229.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 88.156.103.20.in-addr.arpa | udp |
Files
Analysis: behavioral15
Detonation Overview
Submitted
2024-05-20 15:42
Reported
2024-05-20 15:46
Platform
win7-20240221-en
Max time kernel
120s
Max time network
121s
Command Line
Signatures
Processes
C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\$INTERNET_CACHE\Coverage
Network
Files
Analysis: behavioral1
Detonation Overview
Submitted
2024-05-20 15:42
Reported
2024-05-20 15:46
Platform
win7-20240221-en
Max time kernel
122s
Max time network
124s
Command Line
Signatures
Executes dropped EXE
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\cmd.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\cmd.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\cmd.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\cmd.exe | N/A |
Enumerates physical storage devices
Enumerates processes with tasklist
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\tasklist.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\tasklist.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\tasklist.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\tasklist.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\tasklist.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\tasklist.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\tasklist.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\tasklist.exe | N/A |
Runs ping.exe
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\PING.EXE | N/A |
| N/A | N/A | C:\Windows\SysWOW64\PING.EXE | N/A |
| N/A | N/A | C:\Windows\SysWOW64\PING.EXE | N/A |
| N/A | N/A | C:\Windows\SysWOW64\PING.EXE | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\7-Zip\7zFM.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeRestorePrivilege | N/A | C:\Program Files\7-Zip\7zFM.exe | N/A |
| Token: 35 | N/A | C:\Program Files\7-Zip\7zFM.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Program Files\7-Zip\7zFM.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\SysWOW64\tasklist.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\SysWOW64\tasklist.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Program Files\7-Zip\7zFM.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\SysWOW64\tasklist.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\SysWOW64\tasklist.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Program Files\7-Zip\7zFM.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Program Files\7-Zip\7zFM.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\SysWOW64\tasklist.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\SysWOW64\tasklist.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\SysWOW64\tasklist.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\SysWOW64\tasklist.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\Cutor2.rar
C:\Program Files\7-Zip\7zFM.exe
"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\AppData\Local\Temp\Cutor2.rar"
C:\Users\Admin\AppData\Local\Temp\7zO81A5D156\Cutor.exe
"C:\Users\Admin\AppData\Local\Temp\7zO81A5D156\Cutor.exe"
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /k copy Mountain Mountain.cmd & Mountain.cmd & exit
C:\Windows\SysWOW64\tasklist.exe
tasklist
C:\Windows\SysWOW64\findstr.exe
findstr /I "wrsa.exe opssvc.exe"
C:\Windows\SysWOW64\tasklist.exe
tasklist
C:\Windows\SysWOW64\findstr.exe
findstr /I "avastui.exe avgui.exe nswscsvc.exe sophoshealth.exe"
C:\Windows\SysWOW64\cmd.exe
cmd /c md 298542
C:\Windows\SysWOW64\findstr.exe
findstr /V "mjscheduledkindspsychology" Roulette
C:\Windows\SysWOW64\cmd.exe
cmd /c copy /b Bone + Personnel + Watson + Describes 298542\O
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\298542\Journals.pif
298542\Journals.pif 298542\O
C:\Windows\SysWOW64\PING.EXE
ping -n 5 127.0.0.1
C:\Users\Admin\AppData\Local\Temp\7zO81A031B6\Cutor.exe
"C:\Users\Admin\AppData\Local\Temp\7zO81A031B6\Cutor.exe"
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /k copy Mountain Mountain.cmd & Mountain.cmd & exit
C:\Windows\SysWOW64\tasklist.exe
tasklist
C:\Windows\SysWOW64\findstr.exe
findstr /I "wrsa.exe opssvc.exe"
C:\Windows\SysWOW64\tasklist.exe
tasklist
C:\Windows\SysWOW64\findstr.exe
findstr /I "avastui.exe avgui.exe nswscsvc.exe sophoshealth.exe"
C:\Windows\SysWOW64\cmd.exe
cmd /c md 298802
C:\Windows\SysWOW64\findstr.exe
findstr /V "mjscheduledkindspsychology" Roulette
C:\Windows\SysWOW64\cmd.exe
cmd /c copy /b Bone + Personnel + Watson + Describes 298802\O
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\298802\Journals.pif
298802\Journals.pif 298802\O
C:\Windows\SysWOW64\PING.EXE
ping -n 5 127.0.0.1
C:\Users\Admin\AppData\Local\Temp\7zO81A37096\Cutor.exe
"C:\Users\Admin\AppData\Local\Temp\7zO81A37096\Cutor.exe"
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /k copy Mountain Mountain.cmd & Mountain.cmd & exit
C:\Users\Admin\AppData\Local\Temp\7zO81A0D696\Cutor.exe
"C:\Users\Admin\AppData\Local\Temp\7zO81A0D696\Cutor.exe"
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /k copy Mountain Mountain.cmd & Mountain.cmd & exit
C:\Windows\SysWOW64\tasklist.exe
tasklist
C:\Windows\SysWOW64\findstr.exe
findstr /I "wrsa.exe opssvc.exe"
C:\Windows\SysWOW64\tasklist.exe
tasklist
C:\Windows\SysWOW64\findstr.exe
findstr /I "avastui.exe avgui.exe nswscsvc.exe sophoshealth.exe"
C:\Windows\SysWOW64\cmd.exe
cmd /c md 299062
C:\Windows\SysWOW64\findstr.exe
findstr /V "mjscheduledkindspsychology" Roulette
C:\Windows\SysWOW64\tasklist.exe
tasklist
C:\Windows\SysWOW64\findstr.exe
findstr /I "wrsa.exe opssvc.exe"
C:\Windows\SysWOW64\cmd.exe
cmd /c copy /b Bone + Personnel + Watson + Describes 299062\O
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\299062\Journals.pif
299062\Journals.pif 299062\O
C:\Windows\SysWOW64\PING.EXE
ping -n 5 127.0.0.1
C:\Windows\SysWOW64\tasklist.exe
tasklist
C:\Windows\SysWOW64\findstr.exe
findstr /I "avastui.exe avgui.exe nswscsvc.exe sophoshealth.exe"
C:\Windows\SysWOW64\cmd.exe
cmd /c md 299132
C:\Windows\SysWOW64\findstr.exe
findstr /V "mjscheduledkindspsychology" Roulette
C:\Windows\SysWOW64\cmd.exe
cmd /c copy /b Bone + Personnel + Watson + Describes 299132\O
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\299132\Journals.pif
299132\Journals.pif 299132\O
C:\Windows\SysWOW64\PING.EXE
ping -n 5 127.0.0.1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | NQjeNdVADsUyMtAGmp.NQjeNdVADsUyMtAGmp | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Mountain
| MD5 | 1f442fb73d09d937f6bcc25652658aa8 |
| SHA1 | 7d47f3e5573bf12843b9fb8df0a7ecdde10c9dc7 |
| SHA256 | 9b66a4edacc06979e23b7a267eb01e704710dcd2160ac6df16fa2823b1fdf459 |
| SHA512 | da8c9bbad6be295b3cde5f44db858d2b5a03c2acde0f9f9b582ecb7203b77853916d9d22ebb2056e53d96746e9f3dd7e89616d6cca01fb39744128e4fadac1d9 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Roulette
| MD5 | b307bbe071e0eac1ef58ae91b18f9756 |
| SHA1 | 0ad6b3ec67d3393ccf7e2921273da467fb07748c |
| SHA256 | c016da1246b29af5e0b39e560c2ff04970aa5811daf59de3325457aa277f3b4e |
| SHA512 | e4c5739e03fc24abf1a3afa0852157809fb80e9d72732c3c7a2867470dd81cb41bad22249fa78a0dd6333bb2d8629d29490e3407f12c180684fc6a6be0496b54 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Oils
| MD5 | 073f9e2c594b99cfb7ba3880aa680f20 |
| SHA1 | 84e31597a55f99f7e9322353116c2168ddbf3e9f |
| SHA256 | e3446f9e24cdc1dade438588b8f6a82b5d66baace47736bfc21212f05d83254d |
| SHA512 | 7cca73ff39e3c24f281999a1f9c28609c18550af3db0ba5d0bea74aeaa6d570737d9bbc01f3a89de5d934cf8894e75fd81832ac39ae3d59659810e41f5113fa4 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Sperm
| MD5 | 8b7cd805746dd7d542f11521108000cf |
| SHA1 | 560df5a1f4cf97c1686235687082ca84dcc09238 |
| SHA256 | 7ea7b24c9a43fd3c499254e03b090d3ae9003f4ec7069519e2b88a79cca5e410 |
| SHA512 | 8a5225600e0dd9cb9a8d31d67379cd865a730b0802f83f336f30945bea42fc008ade55083b5ddd008d34343c5cb7bfcbdfd9bf8aba27f87865bac50d595b26c7 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Arrives
| MD5 | 473722f790596c4d6b159fcd8a4dadef |
| SHA1 | 20271a29dcab261fee279401cba6b0bab3dc2ef2 |
| SHA256 | a33baf56fe478318a92035b652b7a7a63721aa119b355fb07e4c2bc3c405cd54 |
| SHA512 | 338337b9d4645580816abb2a042e2698b2cd698d36475d66f88ba461a6d51bc0899fdb36acd3bb944fa35aeec4d3d816eb386e2bc87de771527da415fd89c194 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Price
| MD5 | 39418d72162b9df1140a89f2f76305a4 |
| SHA1 | 632d7ec32c9957e6ca6189dbc7336684c38c5c95 |
| SHA256 | 01fe66fbc940d38ed886c76d4ebf634b94a20f51c074dff3f79994fb0af5fda6 |
| SHA512 | d88a5ba614f49473bbc0a2fc4eb3d408a78396467c42a6d525304772266c8f01d0bdfa27fc9e0a8373d02e97d2b8662c1e26d9e5d0b98cdc2ffbf7ea4c5ec33a |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Return
| MD5 | 8a1020709bd28304d685a6f2bd995f10 |
| SHA1 | f9d5fda4d34eee658b275b08ff33a82a4b29173a |
| SHA256 | b675e5376289d1b683b513d0dc51aef7441d29467f31ffa63f23c8ce7c0b530e |
| SHA512 | ba74fd5d9630d8b6a5177454025123c5c4e5fc486a73bb6734f2de01a308610b537ffa7a063642187dab68fec3a9908fc1859424cdf735007bbd8aa8687f462c |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Immune
| MD5 | 45ceb552adc3a75aa55a5d7d78b8c0d7 |
| SHA1 | fc584a0cd566842eb236c9c3b2635d2d4b97a5a9 |
| SHA256 | dd816a6509a6845e44384860fda4dcad095fac1fb9fdd2e8cceb74fb224dcc91 |
| SHA512 | 39bfb1470e2cc31127f654a07a17827ba19d6aed1c6108a27dffb8d2bf00ccad8124417f662fe714a30461147d4f860ea97f3e45d26c3df5aa266774a73f82e5 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Corresponding
| MD5 | 24f764a45140ae61b291022b188cad50 |
| SHA1 | ff59085b23c849d589360dc19df2aa82c5032bd0 |
| SHA256 | eb85a752452828fe7e83d18dcaa80fdd81b416a3cef1429a8765228bf889738e |
| SHA512 | 3fd4f1e7c9214687c99400a951101c194067c01fb79107a3381d5c122900571b0a064548a4f9065b2dc14dbe01b8bf871afc860123408ade78a52a22c28bd122 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Spice
| MD5 | b06d471853c6da37b444d76be3b6ecfc |
| SHA1 | 8c2a438aa36f0d8f1cec0b31da0a29b14a812497 |
| SHA256 | a2bd59c5f2c04de8d9c33bdef220d6f4a187cd81079cf0b2c93a56fa941d707e |
| SHA512 | 654ec116606ed2c6d93a3b769efaab8abcf5510d9b8f3a72af127badebff4d5bee089ce4439cef37e8ec5cd758698978a9674d72b94a309a04096d8402223179 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Blond
| MD5 | 499020d7a6695730ade820ec473a7014 |
| SHA1 | 8dbe5dd49c6b527426c41eb8f75c66cc525e8d07 |
| SHA256 | 7b6044b2f019eb7161602f2b177ef387ea22a5fd498f2262e671e6bf1c0418d5 |
| SHA512 | 273c79a06188de53dfeeaad4ee682ffd6afdc255b28df77e867bef2ddfd44528035cd61732192d7cd76359ac71b9e08c4a3cb94368eed8dd07c5a208c74f54da |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Sucking
| MD5 | 56938cf26450118dad55a15254f72f97 |
| SHA1 | ed5a4bb79709dac97dc477fa1d648349272aa7a5 |
| SHA256 | 6540e092e2faa60fe480d81d59e34dd88c13876bef37830e2206bfb59ce9132c |
| SHA512 | 5dcd81b1ce7c59cf02e0cc0981d39d4888da6a7ccb0c818a095a4ac9244fd01a78d513198b04b4be867f2574c26bd17b450da2bcdcc30dce9a3de4075f9bc682 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Scientists
| MD5 | 0e5323e41231d475a85eb34008564de9 |
| SHA1 | e1200348bb64a087bca0a2dd98559455f506c1b7 |
| SHA256 | 586162f22f885c94ee84600d8f7682b71b0808473d8eaa43b3215ba110eea9d5 |
| SHA512 | 783a80bb025cde2c408cb70e84fe8795955fb6553b43c89f3c5915194e4890493aa1069f3bf055ae2a52837474c31eae08b7839d7b109b3d25012199efe8d647 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Referral
| MD5 | 4cbdbdebd19893c381833152e5e19e56 |
| SHA1 | 2169c833e64ac99c3bfc03747b97e6a44dd55d8c |
| SHA256 | 03030ce5872c5919ebab051e61af997c80465f002678c50af377b016b65f2645 |
| SHA512 | 7779e03a9a1ef90134778a9df83229064c0fa6c912ebf62183d5e9af7d5d21767a90eef0495608d832f40fa098692d32d22243bbf4aa892d6e8ae2d3c0d6b74e |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Following
| MD5 | 82d51a65bbe96f2f9e8e7b6cfb333282 |
| SHA1 | e8633d184ee93e8792c3ea8b4c1563a126d2dbfc |
| SHA256 | 654f10643984ab084893f728bf2e713a432a164d97b29e718dfd018d2acece7a |
| SHA512 | 782b892afbc79ccdfecec5072a96e209b6097d116401fe648dedfad06bd7117011af2fc4032976a0b3c6d5e97f29eb2c34e54020dc0bb8c60fdc9596d1abe46b |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Provisions
| MD5 | be14b60d3523be659afe7c53a2a9aa49 |
| SHA1 | 299a05f78861186ee0c74855f790446d72a25c83 |
| SHA256 | 20415ec7bf6a4dcbd66a4b5cf66767adfcac2a59c8cb1327feee264ef6d683c3 |
| SHA512 | 296e5df4f94e3b7f02f6943fa80f35dda72951e64732e60f913d7560e6ffb3288c4c3f388c6fab505479114e163f5ef360828dfc66ba3510d6c576b2d71c4ffc |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Wed
| MD5 | 40b80c470cf945e5e6c9a00a42ee88e3 |
| SHA1 | 5fe2646ab8100f8beae82c5492d70665a912f1b5 |
| SHA256 | cb7045844af5ed931d7359025b91defd249491b9838ccfee52f8845d582d6076 |
| SHA512 | 678b0248cb9e676979dfb1b578d9e8cba412d9e10dcce5937df1c52340c549e2e8e4f3cca5f052d9538f1072c46e1a62628da3e6adc28f51818b6860f669d417 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Sale
| MD5 | f60ab8cf18169eb48aa133662c841964 |
| SHA1 | 7eb62ede0f1080f08455c4a3752eab265cf9cc8d |
| SHA256 | 438eb080850f59ad18a338d7d2a5e2d495c7f58370366819031831a6baf2d1e5 |
| SHA512 | 0f9c1c5921a58675a6502e148ba997d6852e479ca8690f274017e85cc91bb1a378bf53c4695a0237b003051e5cbe48fc6c611e8555e0970907d5925c18186349 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Rich
| MD5 | 2c56890263ecb94d2205c8f3fbff85e4 |
| SHA1 | a76fa63a6705f9def165271e85360a44c9a30f76 |
| SHA256 | 7fccc2c8e04bcfeaf347efecb73db0f2d59ecc961e09b789f5e672148142a01b |
| SHA512 | 9268d4256566239e1bb557098cb5d00de1b7b4298d00bfe56bfccf3016c8f6ba42921bd182fe744619a6876a498117eceaf8a3c0db4bf6f90026b614e7f0b184 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Demonstrates
| MD5 | e08e5bf768a64fe55414a7efe75bb98e |
| SHA1 | 1a4131e823a04c34bb877e1bd2da4747f88c36e6 |
| SHA256 | 5f9e851b902ead6c553929b0747a2e4038c0d47a1a9679b0e66186fcbdcf4145 |
| SHA512 | 920c6db4296d4384d9368313aa9d00d93da69305836cf497bfa864f5907f892b51d6917bd20cf881ed91ac08ad2f3d7768f6dcaf29a4c0c62c526a16eb1653d5 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Principal
| MD5 | 0177f90b037f9f9ba5c331a8d7d7eb59 |
| SHA1 | ecb1458679725cd7c05c3bc7f2daf00970ffc44e |
| SHA256 | 7a75623c96b9700b77159cc729b105b127673cb326dc95d124d9e6da1049305e |
| SHA512 | a9907c2a3688974e595eb48b68e95b857450f1995852c08b322ae38f902cabced37ffb254d8b8dad6a301ccf50cc6bf7a8c9a0dea95213b1c728d6702bb14f46 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Wedding
| MD5 | a6916adaee9f6cd664646c133fe21adc |
| SHA1 | eec52f456e83c3e1bd3cb44078fd626f1595285d |
| SHA256 | 921695f853705f15c057ee9bcb88163143430f5218eadd65ffa685974bc239ba |
| SHA512 | 89c27fab7e1fb34deff313fcdeb3071cf38c3122217fbf2f7adc85c1a6ace34736c50cdaeb8d39e1addebc534456ad346a3892c6c2d63ced2ef53284790c79b9 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Kay
| MD5 | 9e77f9fc5c1bbae0ade16a1dd8effb21 |
| SHA1 | dd769a5be09309f4f21e06d04d68185d624195ac |
| SHA256 | e3e1f7fb978a9ed404525039fafaf519f0d414a44ddae7e3acd92ad3d3bc11fa |
| SHA512 | d04227ffddb76b7ef4e311096ea192252c53be5dfcac97441cddd7be52d056a6dcab4be594ef4d40ed10b45dc50c0f8ac6b0db8dad4a375baa7296e2c15b13d6 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Aspect
| MD5 | 156462caf2897d681dad8fe61d1c7279 |
| SHA1 | a7ed61c1abf6256a339247d5212624d06497051d |
| SHA256 | a4d6fcc99632d1ede57a38043e46f4a0e6d60edc10d388acf47de7f186810d6d |
| SHA512 | c09be41bdd19d22dc9d7d8259116a1c98f5a37819ac4ea45b4230ca093b34784f397d523fc5ae5f644aa3a35750e0c570af01ef94d34b060da5d18c19a30fd67 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Spots
| MD5 | 6534ef16cc3db989801dab27ce49df95 |
| SHA1 | e2df162e54d2a601ce6af9af1ffe7e0b8dfd5fd6 |
| SHA256 | 3152a116e9ad00bbd28af33f9f90c18e7703b9df822fa6af720397c3f8ae6e79 |
| SHA512 | 17174c0412df108cce6efdf944ccc334d699cee8ffc1c42023d25b235e1460a7e329cc453c35b78e19a827a13e4b62ae121aba7dcd71bf6c5d1fd4e3716642be |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Quotations
| MD5 | 2d7d4d7423acbccfce375010af3bfe95 |
| SHA1 | 7164bc8fa3a08eaccb1441ee00dc0df595e79e35 |
| SHA256 | 5098e9326c80f53dcafba899fa500a68823d33df64c9641d2b7b4b3551af1b32 |
| SHA512 | 1c50f366c452dc84aa42b0c69e90b4de97942869da4f465b267a81af2fc37ab6815d2c454038861d38105890fb3962f0f50365cd77dc298c1609377e5349aaec |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\K
| MD5 | f9596ddb1d9b538409e412b39569212e |
| SHA1 | 99de9993abb4c4480061a00e3b7a7e0ec9c18efa |
| SHA256 | 8c9328d2260c23517a1835f80946bf9e2e21db5265905484e0ac4d8b888a6162 |
| SHA512 | f2fea44814a21507108169f82222a8725fe464c28126edb6edac227f138b406af0d7a19a69738ed3dc7326a44432d93be5124eaad2410c44c54b1e61dbef1afb |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Coverage
| MD5 | d51d5baf2c9751a080d23ca1d67fc877 |
| SHA1 | 4e03ddd85f9a93d666093fff94296a1e8119b492 |
| SHA256 | e66104a1f8fa1926811e2c82f16a415584732d80c984bc95472d26663355130f |
| SHA512 | 048eabdff052549ea0005096109a155e3cbb3cb55e45e7a6b4813637b7390f56f605083c352ad01171c275e1e8a1305d1ed4bc3dd62af15bda2e68bfcceeef85 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Walls
| MD5 | 84d1975124695d39a9ed377145e65ef7 |
| SHA1 | 5cfb122165e5030b6f42442f4d843017de51ebd6 |
| SHA256 | 910a7915baf6b38abcc2346b6d9aca1967c62d6fe6276474e779c376984bebda |
| SHA512 | f658e2aad732bfd898252029ad928e623a2944f38ed4d2a9f24babc6f6c977c44d168477e51b9b5d9cd4fa5be962b516c7f9b71551759791774a700355f4879e |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Bone
| MD5 | 124e240a6529b61f018b30adac17553d |
| SHA1 | 950077be632fde663aacf7636a0ece5c918d2f63 |
| SHA256 | 70e4f36876b997f504b67027be7bb02d9fb5faecf014f603cbe7d5e640631994 |
| SHA512 | c57ccf9cdcce52cc197fdba2586e9e924823b74cc8491e1cafdf9d74069aa13d4a5dcedaa80804456885bb9fca7ea8beb4a5ebe1ef15c0fb91f5fe127324ab8b |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Personnel
| MD5 | 588fc6008acff48bb6638695bcf6f1b0 |
| SHA1 | 9292a8d099705f171df67fe90ee89bd856abf5df |
| SHA256 | 9c0eb0254a68fd60b04489af0bd9615d91a6c1c189af0c457c258c886afd8931 |
| SHA512 | 1068d494de53e441ee7e89c29062acaf6f966ec53541c0dca79f7660b13d0c7f40c04f17c23928eab548cb5700123f94b60f90f9b9ecc3e35780e3fb9877b804 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Watson
| MD5 | 7aa422834f47f989ad74fb8a87de4225 |
| SHA1 | 5b94537ea7df76b5b6a70aab1078623198ec2d2f |
| SHA256 | 79012da4bd552682d1635fa3fa33209f75bf059c7f63c0ab727ae72fa92f1332 |
| SHA512 | d1560c003880da5a030107030504cba01efd0829e5fbf24037145b131752b91c7b295999a0123a87094889cf086f0214fb6efe67bd27faa185b6a38a9b51efca |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Describes
| MD5 | dab205ef316a75b18e861f7a867e0989 |
| SHA1 | 650f9b788b6213225dc0f8d21236d1b06bde4fc9 |
| SHA256 | a14ab8b356d3d939c5b2283e3cda3af305d4107e7f178c852e0680457acc269e |
| SHA512 | 365fa6a6b20c940cee09294c5bfd35c52928874532a5b27e73891a498f1463d84fa0305b2d6a721f67bc39b828379eacfa092df664f73a8f863ae39ef7ae4d8b |
\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\298542\Journals.pif
| MD5 | b06e67f9767e5023892d9698703ad098 |
| SHA1 | acc07666f4c1d4461d3e1c263cf6a194a8dd1544 |
| SHA256 | 8498900e57a490404e7ec4d8159bee29aed5852ae88bd484141780eaadb727bb |
| SHA512 | 7972c78acebdd86c57d879c12cb407120155a24a52fda23ddb7d9e181dd59dac1eb74f327817adbc364d37c8dc704f8236f3539b4d3ee5a022814924a1616943 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\298542\O
| MD5 | 46191d9919762445f6246396127d6d86 |
| SHA1 | 1387f35b5fe3f56402c89444f2e74b0f5d5b4e42 |
| SHA256 | 7bbe5eb8ffb88fc4e9872cfaa467cf8d41f37466c078fc403f163030abf7c507 |
| SHA512 | cc898c08a711d4e5163576d2737735d2f0cb042c87e9e09abe1d3c27751024f9f90314e9dc4d65821d18cf5da1fd592a14f216ba84ec24db119b380644cee736 |
memory/1868-1366-0x0000000003A50000-0x0000000003AA7000-memory.dmp
memory/1868-1370-0x0000000003A50000-0x0000000003AA7000-memory.dmp
memory/1868-1369-0x0000000003A50000-0x0000000003AA7000-memory.dmp
memory/1868-1368-0x0000000003A50000-0x0000000003AA7000-memory.dmp
memory/1868-1367-0x0000000003A50000-0x0000000003AA7000-memory.dmp
Analysis: behavioral9
Detonation Overview
Submitted
2024-05-20 15:42
Reported
2024-05-20 15:46
Platform
win7-20240221-en
Max time kernel
120s
Max time network
124s
Command Line
Signatures
Processes
C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\$INTERNET_CACHE\Blond
Network
Files
Analysis: behavioral14
Detonation Overview
Submitted
2024-05-20 15:42
Reported
2024-05-20 15:46
Platform
win10v2004-20240508-en
Max time kernel
93s
Max time network
97s
Command Line
Signatures
Processes
C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\$INTERNET_CACHE\Corresponding
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 97.17.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 79.190.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 76.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 232.168.11.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 103.169.127.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.39.242.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 19.229.111.52.in-addr.arpa | udp |
Files
Analysis: behavioral18
Detonation Overview
Submitted
2024-05-20 15:42
Reported
2024-05-20 15:46
Platform
win10v2004-20240508-en
Max time kernel
145s
Max time network
113s
Command Line
Signatures
Processes
C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\$INTERNET_CACHE\Demonstrates
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 8.8.8.8:53 | 149.220.183.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 79.190.18.2.in-addr.arpa | udp |
| US | 204.79.197.237:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | 237.197.79.204.in-addr.arpa | udp |
| NL | 23.62.61.97:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 97.61.62.23.in-addr.arpa | udp |
| NL | 23.62.61.97:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 88.156.103.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 217.106.137.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 228.249.119.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 97.17.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 103.169.127.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 48.229.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 26.35.223.20.in-addr.arpa | udp |
Files
Analysis: behavioral11
Detonation Overview
Submitted
2024-05-20 15:42
Reported
2024-05-20 15:46
Platform
win7-20240508-en
Max time kernel
120s
Max time network
122s
Command Line
Signatures
Processes
C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\$INTERNET_CACHE\Bone
Network
Files
Analysis: behavioral13
Detonation Overview
Submitted
2024-05-20 15:42
Reported
2024-05-20 15:46
Platform
win7-20240221-en
Max time kernel
118s
Max time network
119s
Command Line
Signatures
Processes
C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\$INTERNET_CACHE\Corresponding
Network
Files
Analysis: behavioral24
Detonation Overview
Submitted
2024-05-20 15:42
Reported
2024-05-20 15:46
Platform
win10v2004-20240426-en
Max time kernel
138s
Max time network
108s
Command Line
Signatures
Processes
C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\$INTERNET_CACHE\Immune
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 8.8.8.8:53 | 133.211.185.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 204.79.197.237:443 | g.bing.com | tcp |
| NL | 23.62.61.72:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 237.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 74.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 72.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 149.220.183.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 43.58.199.20.in-addr.arpa | udp |
| NL | 23.62.61.72:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 154.239.44.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.23.12.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 79.190.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 77.190.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 200.197.79.204.in-addr.arpa | udp |
Files
Analysis: behavioral26
Detonation Overview
Submitted
2024-05-20 15:42
Reported
2024-05-20 15:46
Platform
win10v2004-20240508-en
Max time kernel
138s
Max time network
132s
Command Line
Signatures
Processes
C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\$INTERNET_CACHE\K
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=3848,i,15721081447618313297,6839074028983272033,262144 --variations-seed-version --mojo-platform-channel-handle=3940 /prefetch:8
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 209.205.72.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 79.190.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 204.79.197.237:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | 140.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 237.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 55.36.223.20.in-addr.arpa | udp |
| NL | 23.62.61.97:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 97.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 149.220.183.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 228.249.119.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 103.169.127.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 29.243.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 99.56.20.217.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.35.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 200.197.79.204.in-addr.arpa | udp |
Files
Analysis: behavioral6
Detonation Overview
Submitted
2024-05-20 15:42
Reported
2024-05-20 15:46
Platform
win10v2004-20240426-en
Max time kernel
129s
Max time network
134s
Command Line
Signatures
Processes
C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\$INTERNET_CACHE\Arrives
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 58.55.71.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 36.56.20.217.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 73.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 228.249.119.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.23.12.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.39.242.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 79.190.18.2.in-addr.arpa | udp |
| US | 52.111.227.11:443 | tcp | |
| US | 8.8.8.8:53 | 48.229.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 77.190.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| NL | 23.62.61.171:443 | www.bing.com | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 88.156.103.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 200.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 33.140.123.92.in-addr.arpa | udp |
Files
Analysis: behavioral19
Detonation Overview
Submitted
2024-05-20 15:42
Reported
2024-05-20 15:46
Platform
win7-20231129-en
Max time kernel
120s
Max time network
121s
Command Line
Signatures
Processes
C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\$INTERNET_CACHE\Describes
Network
Files
Analysis: behavioral17
Detonation Overview
Submitted
2024-05-20 15:42
Reported
2024-05-20 15:46
Platform
win7-20240215-en
Max time kernel
117s
Max time network
117s
Command Line
Signatures
Processes
C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\$INTERNET_CACHE\Demonstrates
Network
Files
Analysis: behavioral29
Detonation Overview
Submitted
2024-05-20 15:42
Reported
2024-05-20 15:46
Platform
win7-20240221-en
Max time kernel
119s
Max time network
121s
Command Line
Signatures
Processes
C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\$INTERNET_CACHE\Mountain
Network
Files
Analysis: behavioral30
Detonation Overview
Submitted
2024-05-20 15:42
Reported
2024-05-20 15:46
Platform
win10v2004-20240508-en
Max time kernel
137s
Max time network
128s
Command Line
Signatures
Processes
C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\$INTERNET_CACHE\Mountain
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 232.168.11.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 67.31.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 217.106.137.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 209.205.72.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 228.249.119.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 86.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 22.177.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 79.190.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 77.190.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 204.79.197.237:443 | g.bing.com | tcp |
| NL | 23.62.61.75:443 | www.bing.com | tcp |
| NL | 23.62.61.75:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 75.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 237.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.35.223.20.in-addr.arpa | udp |
Files
Analysis: behavioral31
Detonation Overview
Submitted
2024-05-20 15:42
Reported
2024-05-20 15:46
Platform
win7-20240220-en
Max time kernel
120s
Max time network
120s
Command Line
Signatures
Processes
C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\$INTERNET_CACHE\Oils
Network
Files
Analysis: behavioral27
Detonation Overview
Submitted
2024-05-20 15:42
Reported
2024-05-20 15:46
Platform
win7-20231129-en
Max time kernel
120s
Max time network
121s
Command Line
Signatures
Processes
C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\$INTERNET_CACHE\Kay
Network
Files
Analysis: behavioral22
Detonation Overview
Submitted
2024-05-20 15:42
Reported
2024-05-20 15:46
Platform
win10v2004-20240508-en
Max time kernel
139s
Max time network
130s
Command Line
Signatures
Processes
C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\$INTERNET_CACHE\Following
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 204.79.197.237:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 237.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 79.190.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 71.31.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 97.17.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 209.205.72.20.in-addr.arpa | udp |
| NL | 23.62.61.75:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 75.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 43.58.199.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.211.185.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.23.12.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 139.53.16.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.35.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 29.243.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 55.36.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 200.197.79.204.in-addr.arpa | udp |
Files
Analysis: behavioral32
Detonation Overview
Submitted
2024-05-20 15:42
Reported
2024-05-20 15:46
Platform
win10v2004-20240508-en
Max time kernel
146s
Max time network
130s
Command Line
Signatures
Processes
C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\$INTERNET_CACHE\Oils
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 228.249.119.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 79.190.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 76.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 43.58.199.20.in-addr.arpa | udp |
| NL | 23.62.61.194:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 194.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 209.205.72.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 149.220.183.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 86.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.39.242.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 142.53.16.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 77.190.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.35.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
Files
Analysis: behavioral3
Detonation Overview
Submitted
2024-05-20 15:42
Reported
2024-05-20 15:46
Platform
win7-20240221-en
Max time kernel
120s
Max time network
122s
Command Line
Signatures
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\297892\Journals.pif | N/A |
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\cmd.exe | N/A |
Enumerates physical storage devices
Enumerates processes with tasklist
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\tasklist.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\tasklist.exe | N/A |
Runs ping.exe
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\PING.EXE | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\297892\Journals.pif | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\297892\Journals.pif | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\297892\Journals.pif | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Windows\SysWOW64\tasklist.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\SysWOW64\tasklist.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\297892\Journals.pif | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\297892\Journals.pif | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\297892\Journals.pif | N/A |
Suspicious use of SendNotifyMessage
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\297892\Journals.pif | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\297892\Journals.pif | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\297892\Journals.pif | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\Cutor.exe
"C:\Users\Admin\AppData\Local\Temp\Cutor.exe"
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /k copy Mountain Mountain.cmd & Mountain.cmd & exit
C:\Windows\SysWOW64\tasklist.exe
tasklist
C:\Windows\SysWOW64\findstr.exe
findstr /I "wrsa.exe opssvc.exe"
C:\Windows\SysWOW64\tasklist.exe
tasklist
C:\Windows\SysWOW64\findstr.exe
findstr /I "avastui.exe avgui.exe nswscsvc.exe sophoshealth.exe"
C:\Windows\SysWOW64\cmd.exe
cmd /c md 297892
C:\Windows\SysWOW64\findstr.exe
findstr /V "mjscheduledkindspsychology" Roulette
C:\Windows\SysWOW64\cmd.exe
cmd /c copy /b Bone + Personnel + Watson + Describes 297892\O
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\297892\Journals.pif
297892\Journals.pif 297892\O
C:\Windows\SysWOW64\PING.EXE
ping -n 5 127.0.0.1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | NQjeNdVADsUyMtAGmp.NQjeNdVADsUyMtAGmp | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Mountain
| MD5 | 1f442fb73d09d937f6bcc25652658aa8 |
| SHA1 | 7d47f3e5573bf12843b9fb8df0a7ecdde10c9dc7 |
| SHA256 | 9b66a4edacc06979e23b7a267eb01e704710dcd2160ac6df16fa2823b1fdf459 |
| SHA512 | da8c9bbad6be295b3cde5f44db858d2b5a03c2acde0f9f9b582ecb7203b77853916d9d22ebb2056e53d96746e9f3dd7e89616d6cca01fb39744128e4fadac1d9 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Roulette
| MD5 | b307bbe071e0eac1ef58ae91b18f9756 |
| SHA1 | 0ad6b3ec67d3393ccf7e2921273da467fb07748c |
| SHA256 | c016da1246b29af5e0b39e560c2ff04970aa5811daf59de3325457aa277f3b4e |
| SHA512 | e4c5739e03fc24abf1a3afa0852157809fb80e9d72732c3c7a2867470dd81cb41bad22249fa78a0dd6333bb2d8629d29490e3407f12c180684fc6a6be0496b54 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Oils
| MD5 | 073f9e2c594b99cfb7ba3880aa680f20 |
| SHA1 | 84e31597a55f99f7e9322353116c2168ddbf3e9f |
| SHA256 | e3446f9e24cdc1dade438588b8f6a82b5d66baace47736bfc21212f05d83254d |
| SHA512 | 7cca73ff39e3c24f281999a1f9c28609c18550af3db0ba5d0bea74aeaa6d570737d9bbc01f3a89de5d934cf8894e75fd81832ac39ae3d59659810e41f5113fa4 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Sperm
| MD5 | 8b7cd805746dd7d542f11521108000cf |
| SHA1 | 560df5a1f4cf97c1686235687082ca84dcc09238 |
| SHA256 | 7ea7b24c9a43fd3c499254e03b090d3ae9003f4ec7069519e2b88a79cca5e410 |
| SHA512 | 8a5225600e0dd9cb9a8d31d67379cd865a730b0802f83f336f30945bea42fc008ade55083b5ddd008d34343c5cb7bfcbdfd9bf8aba27f87865bac50d595b26c7 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Arrives
| MD5 | 473722f790596c4d6b159fcd8a4dadef |
| SHA1 | 20271a29dcab261fee279401cba6b0bab3dc2ef2 |
| SHA256 | a33baf56fe478318a92035b652b7a7a63721aa119b355fb07e4c2bc3c405cd54 |
| SHA512 | 338337b9d4645580816abb2a042e2698b2cd698d36475d66f88ba461a6d51bc0899fdb36acd3bb944fa35aeec4d3d816eb386e2bc87de771527da415fd89c194 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Price
| MD5 | 39418d72162b9df1140a89f2f76305a4 |
| SHA1 | 632d7ec32c9957e6ca6189dbc7336684c38c5c95 |
| SHA256 | 01fe66fbc940d38ed886c76d4ebf634b94a20f51c074dff3f79994fb0af5fda6 |
| SHA512 | d88a5ba614f49473bbc0a2fc4eb3d408a78396467c42a6d525304772266c8f01d0bdfa27fc9e0a8373d02e97d2b8662c1e26d9e5d0b98cdc2ffbf7ea4c5ec33a |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Return
| MD5 | 8a1020709bd28304d685a6f2bd995f10 |
| SHA1 | f9d5fda4d34eee658b275b08ff33a82a4b29173a |
| SHA256 | b675e5376289d1b683b513d0dc51aef7441d29467f31ffa63f23c8ce7c0b530e |
| SHA512 | ba74fd5d9630d8b6a5177454025123c5c4e5fc486a73bb6734f2de01a308610b537ffa7a063642187dab68fec3a9908fc1859424cdf735007bbd8aa8687f462c |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Immune
| MD5 | 45ceb552adc3a75aa55a5d7d78b8c0d7 |
| SHA1 | fc584a0cd566842eb236c9c3b2635d2d4b97a5a9 |
| SHA256 | dd816a6509a6845e44384860fda4dcad095fac1fb9fdd2e8cceb74fb224dcc91 |
| SHA512 | 39bfb1470e2cc31127f654a07a17827ba19d6aed1c6108a27dffb8d2bf00ccad8124417f662fe714a30461147d4f860ea97f3e45d26c3df5aa266774a73f82e5 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Corresponding
| MD5 | 24f764a45140ae61b291022b188cad50 |
| SHA1 | ff59085b23c849d589360dc19df2aa82c5032bd0 |
| SHA256 | eb85a752452828fe7e83d18dcaa80fdd81b416a3cef1429a8765228bf889738e |
| SHA512 | 3fd4f1e7c9214687c99400a951101c194067c01fb79107a3381d5c122900571b0a064548a4f9065b2dc14dbe01b8bf871afc860123408ade78a52a22c28bd122 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Spice
| MD5 | b06d471853c6da37b444d76be3b6ecfc |
| SHA1 | 8c2a438aa36f0d8f1cec0b31da0a29b14a812497 |
| SHA256 | a2bd59c5f2c04de8d9c33bdef220d6f4a187cd81079cf0b2c93a56fa941d707e |
| SHA512 | 654ec116606ed2c6d93a3b769efaab8abcf5510d9b8f3a72af127badebff4d5bee089ce4439cef37e8ec5cd758698978a9674d72b94a309a04096d8402223179 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Blond
| MD5 | 499020d7a6695730ade820ec473a7014 |
| SHA1 | 8dbe5dd49c6b527426c41eb8f75c66cc525e8d07 |
| SHA256 | 7b6044b2f019eb7161602f2b177ef387ea22a5fd498f2262e671e6bf1c0418d5 |
| SHA512 | 273c79a06188de53dfeeaad4ee682ffd6afdc255b28df77e867bef2ddfd44528035cd61732192d7cd76359ac71b9e08c4a3cb94368eed8dd07c5a208c74f54da |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Following
| MD5 | 82d51a65bbe96f2f9e8e7b6cfb333282 |
| SHA1 | e8633d184ee93e8792c3ea8b4c1563a126d2dbfc |
| SHA256 | 654f10643984ab084893f728bf2e713a432a164d97b29e718dfd018d2acece7a |
| SHA512 | 782b892afbc79ccdfecec5072a96e209b6097d116401fe648dedfad06bd7117011af2fc4032976a0b3c6d5e97f29eb2c34e54020dc0bb8c60fdc9596d1abe46b |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Sucking
| MD5 | 56938cf26450118dad55a15254f72f97 |
| SHA1 | ed5a4bb79709dac97dc477fa1d648349272aa7a5 |
| SHA256 | 6540e092e2faa60fe480d81d59e34dd88c13876bef37830e2206bfb59ce9132c |
| SHA512 | 5dcd81b1ce7c59cf02e0cc0981d39d4888da6a7ccb0c818a095a4ac9244fd01a78d513198b04b4be867f2574c26bd17b450da2bcdcc30dce9a3de4075f9bc682 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Referral
| MD5 | 4cbdbdebd19893c381833152e5e19e56 |
| SHA1 | 2169c833e64ac99c3bfc03747b97e6a44dd55d8c |
| SHA256 | 03030ce5872c5919ebab051e61af997c80465f002678c50af377b016b65f2645 |
| SHA512 | 7779e03a9a1ef90134778a9df83229064c0fa6c912ebf62183d5e9af7d5d21767a90eef0495608d832f40fa098692d32d22243bbf4aa892d6e8ae2d3c0d6b74e |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Aspect
| MD5 | 156462caf2897d681dad8fe61d1c7279 |
| SHA1 | a7ed61c1abf6256a339247d5212624d06497051d |
| SHA256 | a4d6fcc99632d1ede57a38043e46f4a0e6d60edc10d388acf47de7f186810d6d |
| SHA512 | c09be41bdd19d22dc9d7d8259116a1c98f5a37819ac4ea45b4230ca093b34784f397d523fc5ae5f644aa3a35750e0c570af01ef94d34b060da5d18c19a30fd67 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Coverage
| MD5 | d51d5baf2c9751a080d23ca1d67fc877 |
| SHA1 | 4e03ddd85f9a93d666093fff94296a1e8119b492 |
| SHA256 | e66104a1f8fa1926811e2c82f16a415584732d80c984bc95472d26663355130f |
| SHA512 | 048eabdff052549ea0005096109a155e3cbb3cb55e45e7a6b4813637b7390f56f605083c352ad01171c275e1e8a1305d1ed4bc3dd62af15bda2e68bfcceeef85 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Walls
| MD5 | 84d1975124695d39a9ed377145e65ef7 |
| SHA1 | 5cfb122165e5030b6f42442f4d843017de51ebd6 |
| SHA256 | 910a7915baf6b38abcc2346b6d9aca1967c62d6fe6276474e779c376984bebda |
| SHA512 | f658e2aad732bfd898252029ad928e623a2944f38ed4d2a9f24babc6f6c977c44d168477e51b9b5d9cd4fa5be962b516c7f9b71551759791774a700355f4879e |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Kay
| MD5 | 9e77f9fc5c1bbae0ade16a1dd8effb21 |
| SHA1 | dd769a5be09309f4f21e06d04d68185d624195ac |
| SHA256 | e3e1f7fb978a9ed404525039fafaf519f0d414a44ddae7e3acd92ad3d3bc11fa |
| SHA512 | d04227ffddb76b7ef4e311096ea192252c53be5dfcac97441cddd7be52d056a6dcab4be594ef4d40ed10b45dc50c0f8ac6b0db8dad4a375baa7296e2c15b13d6 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Wedding
| MD5 | a6916adaee9f6cd664646c133fe21adc |
| SHA1 | eec52f456e83c3e1bd3cb44078fd626f1595285d |
| SHA256 | 921695f853705f15c057ee9bcb88163143430f5218eadd65ffa685974bc239ba |
| SHA512 | 89c27fab7e1fb34deff313fcdeb3071cf38c3122217fbf2f7adc85c1a6ace34736c50cdaeb8d39e1addebc534456ad346a3892c6c2d63ced2ef53284790c79b9 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Demonstrates
| MD5 | e08e5bf768a64fe55414a7efe75bb98e |
| SHA1 | 1a4131e823a04c34bb877e1bd2da4747f88c36e6 |
| SHA256 | 5f9e851b902ead6c553929b0747a2e4038c0d47a1a9679b0e66186fcbdcf4145 |
| SHA512 | 920c6db4296d4384d9368313aa9d00d93da69305836cf497bfa864f5907f892b51d6917bd20cf881ed91ac08ad2f3d7768f6dcaf29a4c0c62c526a16eb1653d5 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Principal
| MD5 | 0177f90b037f9f9ba5c331a8d7d7eb59 |
| SHA1 | ecb1458679725cd7c05c3bc7f2daf00970ffc44e |
| SHA256 | 7a75623c96b9700b77159cc729b105b127673cb326dc95d124d9e6da1049305e |
| SHA512 | a9907c2a3688974e595eb48b68e95b857450f1995852c08b322ae38f902cabced37ffb254d8b8dad6a301ccf50cc6bf7a8c9a0dea95213b1c728d6702bb14f46 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Rich
| MD5 | 2c56890263ecb94d2205c8f3fbff85e4 |
| SHA1 | a76fa63a6705f9def165271e85360a44c9a30f76 |
| SHA256 | 7fccc2c8e04bcfeaf347efecb73db0f2d59ecc961e09b789f5e672148142a01b |
| SHA512 | 9268d4256566239e1bb557098cb5d00de1b7b4298d00bfe56bfccf3016c8f6ba42921bd182fe744619a6876a498117eceaf8a3c0db4bf6f90026b614e7f0b184 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Wed
| MD5 | 40b80c470cf945e5e6c9a00a42ee88e3 |
| SHA1 | 5fe2646ab8100f8beae82c5492d70665a912f1b5 |
| SHA256 | cb7045844af5ed931d7359025b91defd249491b9838ccfee52f8845d582d6076 |
| SHA512 | 678b0248cb9e676979dfb1b578d9e8cba412d9e10dcce5937df1c52340c549e2e8e4f3cca5f052d9538f1072c46e1a62628da3e6adc28f51818b6860f669d417 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Sale
| MD5 | f60ab8cf18169eb48aa133662c841964 |
| SHA1 | 7eb62ede0f1080f08455c4a3752eab265cf9cc8d |
| SHA256 | 438eb080850f59ad18a338d7d2a5e2d495c7f58370366819031831a6baf2d1e5 |
| SHA512 | 0f9c1c5921a58675a6502e148ba997d6852e479ca8690f274017e85cc91bb1a378bf53c4695a0237b003051e5cbe48fc6c611e8555e0970907d5925c18186349 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Provisions
| MD5 | be14b60d3523be659afe7c53a2a9aa49 |
| SHA1 | 299a05f78861186ee0c74855f790446d72a25c83 |
| SHA256 | 20415ec7bf6a4dcbd66a4b5cf66767adfcac2a59c8cb1327feee264ef6d683c3 |
| SHA512 | 296e5df4f94e3b7f02f6943fa80f35dda72951e64732e60f913d7560e6ffb3288c4c3f388c6fab505479114e163f5ef360828dfc66ba3510d6c576b2d71c4ffc |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Scientists
| MD5 | 0e5323e41231d475a85eb34008564de9 |
| SHA1 | e1200348bb64a087bca0a2dd98559455f506c1b7 |
| SHA256 | 586162f22f885c94ee84600d8f7682b71b0808473d8eaa43b3215ba110eea9d5 |
| SHA512 | 783a80bb025cde2c408cb70e84fe8795955fb6553b43c89f3c5915194e4890493aa1069f3bf055ae2a52837474c31eae08b7839d7b109b3d25012199efe8d647 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\K
| MD5 | f9596ddb1d9b538409e412b39569212e |
| SHA1 | 99de9993abb4c4480061a00e3b7a7e0ec9c18efa |
| SHA256 | 8c9328d2260c23517a1835f80946bf9e2e21db5265905484e0ac4d8b888a6162 |
| SHA512 | f2fea44814a21507108169f82222a8725fe464c28126edb6edac227f138b406af0d7a19a69738ed3dc7326a44432d93be5124eaad2410c44c54b1e61dbef1afb |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Quotations
| MD5 | 2d7d4d7423acbccfce375010af3bfe95 |
| SHA1 | 7164bc8fa3a08eaccb1441ee00dc0df595e79e35 |
| SHA256 | 5098e9326c80f53dcafba899fa500a68823d33df64c9641d2b7b4b3551af1b32 |
| SHA512 | 1c50f366c452dc84aa42b0c69e90b4de97942869da4f465b267a81af2fc37ab6815d2c454038861d38105890fb3962f0f50365cd77dc298c1609377e5349aaec |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Spots
| MD5 | 6534ef16cc3db989801dab27ce49df95 |
| SHA1 | e2df162e54d2a601ce6af9af1ffe7e0b8dfd5fd6 |
| SHA256 | 3152a116e9ad00bbd28af33f9f90c18e7703b9df822fa6af720397c3f8ae6e79 |
| SHA512 | 17174c0412df108cce6efdf944ccc334d699cee8ffc1c42023d25b235e1460a7e329cc453c35b78e19a827a13e4b62ae121aba7dcd71bf6c5d1fd4e3716642be |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Bone
| MD5 | 124e240a6529b61f018b30adac17553d |
| SHA1 | 950077be632fde663aacf7636a0ece5c918d2f63 |
| SHA256 | 70e4f36876b997f504b67027be7bb02d9fb5faecf014f603cbe7d5e640631994 |
| SHA512 | c57ccf9cdcce52cc197fdba2586e9e924823b74cc8491e1cafdf9d74069aa13d4a5dcedaa80804456885bb9fca7ea8beb4a5ebe1ef15c0fb91f5fe127324ab8b |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Personnel
| MD5 | 588fc6008acff48bb6638695bcf6f1b0 |
| SHA1 | 9292a8d099705f171df67fe90ee89bd856abf5df |
| SHA256 | 9c0eb0254a68fd60b04489af0bd9615d91a6c1c189af0c457c258c886afd8931 |
| SHA512 | 1068d494de53e441ee7e89c29062acaf6f966ec53541c0dca79f7660b13d0c7f40c04f17c23928eab548cb5700123f94b60f90f9b9ecc3e35780e3fb9877b804 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Watson
| MD5 | 7aa422834f47f989ad74fb8a87de4225 |
| SHA1 | 5b94537ea7df76b5b6a70aab1078623198ec2d2f |
| SHA256 | 79012da4bd552682d1635fa3fa33209f75bf059c7f63c0ab727ae72fa92f1332 |
| SHA512 | d1560c003880da5a030107030504cba01efd0829e5fbf24037145b131752b91c7b295999a0123a87094889cf086f0214fb6efe67bd27faa185b6a38a9b51efca |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Describes
| MD5 | dab205ef316a75b18e861f7a867e0989 |
| SHA1 | 650f9b788b6213225dc0f8d21236d1b06bde4fc9 |
| SHA256 | a14ab8b356d3d939c5b2283e3cda3af305d4107e7f178c852e0680457acc269e |
| SHA512 | 365fa6a6b20c940cee09294c5bfd35c52928874532a5b27e73891a498f1463d84fa0305b2d6a721f67bc39b828379eacfa092df664f73a8f863ae39ef7ae4d8b |
\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\297892\Journals.pif
| MD5 | b06e67f9767e5023892d9698703ad098 |
| SHA1 | acc07666f4c1d4461d3e1c263cf6a194a8dd1544 |
| SHA256 | 8498900e57a490404e7ec4d8159bee29aed5852ae88bd484141780eaadb727bb |
| SHA512 | 7972c78acebdd86c57d879c12cb407120155a24a52fda23ddb7d9e181dd59dac1eb74f327817adbc364d37c8dc704f8236f3539b4d3ee5a022814924a1616943 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\297892\O
| MD5 | 46191d9919762445f6246396127d6d86 |
| SHA1 | 1387f35b5fe3f56402c89444f2e74b0f5d5b4e42 |
| SHA256 | 7bbe5eb8ffb88fc4e9872cfaa467cf8d41f37466c078fc403f163030abf7c507 |
| SHA512 | cc898c08a711d4e5163576d2737735d2f0cb042c87e9e09abe1d3c27751024f9f90314e9dc4d65821d18cf5da1fd592a14f216ba84ec24db119b380644cee736 |
memory/1572-669-0x00000000039E0000-0x0000000003A37000-memory.dmp
memory/1572-670-0x00000000039E0000-0x0000000003A37000-memory.dmp
memory/1572-671-0x00000000039E0000-0x0000000003A37000-memory.dmp
memory/1572-672-0x00000000039E0000-0x0000000003A37000-memory.dmp
memory/1572-673-0x00000000039E0000-0x0000000003A37000-memory.dmp
Analysis: behavioral8
Detonation Overview
Submitted
2024-05-20 15:42
Reported
2024-05-20 15:46
Platform
win10v2004-20240508-en
Max time kernel
148s
Max time network
150s
Command Line
Signatures
Processes
C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\$INTERNET_CACHE\Aspect
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 217.106.137.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 71.159.190.20.in-addr.arpa | udp |
| NL | 23.62.61.97:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 97.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 149.220.183.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.23.12.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 142.53.16.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 77.190.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.156.103.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 26.35.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 170.117.168.52.in-addr.arpa | udp |
Files
Analysis: behavioral23
Detonation Overview
Submitted
2024-05-20 15:42
Reported
2024-05-20 15:46
Platform
win7-20240215-en
Max time kernel
118s
Max time network
119s
Command Line
Signatures
Processes
C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\$INTERNET_CACHE\Immune
Network
Files
Analysis: behavioral25
Detonation Overview
Submitted
2024-05-20 15:42
Reported
2024-05-20 15:46
Platform
win7-20240508-en
Max time kernel
118s
Max time network
118s
Command Line
Signatures
Processes
C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\$INTERNET_CACHE\K
Network
Files
Analysis: behavioral28
Detonation Overview
Submitted
2024-05-20 15:42
Reported
2024-05-20 15:46
Platform
win10v2004-20240508-en
Max time kernel
93s
Max time network
128s
Command Line
Signatures
Processes
C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\$INTERNET_CACHE\Kay
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 58.55.71.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 79.190.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 64.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 97.17.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.23.12.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 99.56.20.217.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 19.229.111.52.in-addr.arpa | udp |
Files
Analysis: behavioral5
Detonation Overview
Submitted
2024-05-20 15:42
Reported
2024-05-20 15:46
Platform
win7-20240419-en
Max time kernel
119s
Max time network
120s
Command Line
Signatures
Processes
C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\$INTERNET_CACHE\Arrives
Network
Files
Analysis: behavioral7
Detonation Overview
Submitted
2024-05-20 15:42
Reported
2024-05-20 15:46
Platform
win7-20240215-en
Max time kernel
119s
Max time network
120s
Command Line
Signatures
Processes
C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\$INTERNET_CACHE\Aspect