Analysis Overview
SHA256
600b6df1fa279556cb7bfcbba34a3fc80c04e85f0b1923de0318b06b5f1ca955
Threat Level: Shows suspicious behavior
The file 080d6cb9a1b7d17f5047d64a739a4670_NeikiAnalytics.exe was found to be: Shows suspicious behavior.
Malicious Activity Summary
Deletes itself
Executes dropped EXE
Loads dropped DLL
Adds Run key to start application
Writes to the Master Boot Record (MBR)
Drops file in System32 directory
Suspicious use of SetThreadContext
Unsigned PE
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-05-26 14:18
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-05-26 14:18
Reported
2024-05-26 14:20
Platform
win7-20240508-en
Max time kernel
148s
Max time network
149s
Command Line
Signatures
Deletes itself
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\cmd.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | \??\c:\windows\SysWOW64\wuaucldt.exe | N/A |
| N/A | N/A | \??\c:\users\admin\wuaucldt.exe | N/A |
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\080d6cb9a1b7d17f5047d64a739a4670_NeikiAnalytics.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\080d6cb9a1b7d17f5047d64a739a4670_NeikiAnalytics.exe | N/A |
| N/A | N/A | \??\c:\windows\SysWOW64\wuaucldt.exe | N/A |
| N/A | N/A | \??\c:\windows\SysWOW64\wuaucldt.exe | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\wuaucldt = "c:\\windows\\system32\\wuaucldt.exe" | \??\c:\users\admin\wuaucldt.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Windows\CurrentVersion\Run\wuaucldt = "c:\\users\\admin\\wuaucldt.exe" | \??\c:\users\admin\wuaucldt.exe | N/A |
Writes to the Master Boot Record (MBR)
| Description | Indicator | Process | Target |
| File opened for modification | \??\PhysicalDrive0 | C:\Windows\SysWOW64\svchost.exe | N/A |
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File created | \??\c:\windows\SysWOW64\wuaucldt.exe | C:\Users\Admin\AppData\Local\Temp\080d6cb9a1b7d17f5047d64a739a4670_NeikiAnalytics.exe | N/A |
| File created | \??\c:\windows\SysWOW64\wuaucldt.exe | \??\c:\windows\SysWOW64\wuaucldt.exe | N/A |
Suspicious use of SetThreadContext
| Description | Indicator | Process | Target |
| PID 3000 set thread context of 1916 | N/A | \??\c:\users\admin\wuaucldt.exe | C:\Windows\SysWOW64\svchost.exe |
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\080d6cb9a1b7d17f5047d64a739a4670_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\080d6cb9a1b7d17f5047d64a739a4670_NeikiAnalytics.exe"
\??\c:\windows\SysWOW64\wuaucldt.exe
c:\windows\system32\wuaucldt.exe
\??\c:\users\admin\wuaucldt.exe
c:\users\admin\wuaucldt.exe
C:\Windows\SysWOW64\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del c:\users\admin\appdata\local\temp\080D6C~1.EXE
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del c:\windows\syswow64\wuaucldt.exe
Network
| Country | Destination | Domain | Proto |
| US | 64.56.68.34:443 | tcp | |
| BR | 200.192.143.87:443 | tcp | |
| JP | 202.164.228.11:443 | tcp | |
| JP | 163.209.180.1:443 | tcp | |
| UA | 77.120.110.76:443 | tcp | |
| JP | 210.165.4.71:443 | tcp | |
| US | 8.8.8.8:53 | ss1.coressl.jp | udp |
| US | 8.8.8.8:53 | www.imusica.com.br | udp |
| US | 8.8.8.8:53 | spooky.cartoons.org.ua | udp |
| US | 8.8.8.8:53 | ex2.broadser | udp |
| US | 8.8.8.8:53 | forums.ubuntulinux.jp | udp |
| US | 8.8.8.8:53 | ex2.broadser | udp |
| US | 8.8.8.8:53 | www.guiaseshop.com.br | udp |
| US | 8.8.8.8:53 | www.marantz.jp | udp |
| US | 8.8.8.8:53 | ss1.coressl.jp | udp |
| JP | 183.90.183.210:443 | ss1.coressl.jp | tcp |
| US | 104.18.21.243:443 | www.marantz.jp | tcp |
| US | 104.21.80.9:443 | forums.ubuntulinux.jp | tcp |
| US | 104.18.21.243:443 | www.marantz.jp | tcp |
| UA | 195.182.192.2:443 | tcp | |
| US | 3.162.140.55:443 | www.imusica.com.br | tcp |
| US | 207.44.220.4:443 | tcp | |
| UA | 91.196.95.24:443 | tcp | |
| US | 8.8.8.8:53 | www.treasuryislandcasino.com.ua | udp |
| DE | 37.1.197.107:443 | www.treasuryislandcasino.com.ua | tcp |
| BR | 201.20.45.207:443 | tcp | |
| JP | 183.90.183.210:443 | ss1.coressl.jp | tcp |
| JP | 130.69.92.68:443 | tcp | |
| US | 8.8.8.8:53 | wow.merlin.org.ua | udp |
| UA | 193.138.146.141:443 | wow.merlin.org.ua | tcp |
| NL | 87.239.184.105:443 | tcp | |
| BR | 201.20.45.207:443 | tcp | |
| UA | 193.178.147.110:443 | tcp | |
| US | 8.8.8.8:53 | www.jica.go.jp | udp |
| US | 3.162.140.60:443 | www.jica.go.jp | tcp |
| US | 8.8.8.8:53 | shop.poziti | udp |
| JP | 133.26.200.10:443 | tcp | |
| US | 8.8.8.8:53 | www.myeclipseide.jp | udp |
| DE | 185.53.178.50:443 | www.myeclipseide.jp | tcp |
| JP | 118.67.65.194:443 | tcp | |
| BR | 201.76.50.168:443 | tcp | |
| US | 8.8.8.8:53 | www.sextoy.com.br | udp |
| US | 147.182.196.237:443 | www.sextoy.com.br | tcp |
| US | 8.8.8.8:53 | bunker.org.ua | udp |
| DE | 116.202.13.71:443 | bunker.org.ua | tcp |
| US | 8.8.8.8:53 | loja.tray.com.br | udp |
| BR | 177.67.115.135:443 | loja.tray.com.br | tcp |
| US | 64.79.197.143:443 | tcp | |
| US | 8.8.8.8:53 | weather.co.ua | udp |
| RU | 185.9.147.4:443 | weather.co.ua | tcp |
| UA | 212.82.216.42:443 | tcp | |
| US | 64.56.68.36:443 | tcp | |
| BR | 200.192.143.87:443 | tcp | |
| US | 204.13.248.107:443 | tcp | |
| UA | 82.193.122.190:443 | tcp | |
| JP | 202.226.91.62:443 | tcp | |
| US | 8.8.8.8:53 | bookweb.kinokuniya.co.jp | udp |
| JP | 122.219.252.105:443 | tcp | |
| BR | 200.234.192.141:443 | tcp | |
| JP | 203.216.221.246:443 | bookweb.kinokuniya.co.jp | tcp |
| UA | 82.193.122.190:443 | tcp | |
| JP | 210.171.131.16:443 | tcp | |
| UA | 79.171.122.236:443 | tcp | |
| JP | 203.216.221.246:443 | bookweb.kinokuniya.co.jp | tcp |
| JP | 202.218.203.244:443 | tcp | |
| UA | 195.214.214.53:443 | tcp | |
| BR | 201.20.45.207:443 | tcp | |
| US | 8.8.8.8:53 | secure.fox | udp |
| US | 64.79.197.143:443 | tcp | |
| RU | 185.9.147.4:443 | weather.co.ua | tcp |
| US | 104.21.80.9:443 | forums.ubuntulinux.jp | tcp |
| JP | 219.99.163.41:443 | tcp | |
| BR | 201.76.41.87:443 | tcp | |
| US | 208.110.80.34:443 | tcp | |
| US | 8.8.8.8:53 | www.billboxrecords.com.br | udp |
| UA | 82.193.122.190:443 | tcp | |
| UA | 91.203.146.30:443 | tcp | |
| JP | 118.67.65.194:443 | tcp | |
| UA | 91.196.95.24:443 | tcp | |
| US | 8.8.8.8:53 | www.miltenyibiotec.co.jp | udp |
| DE | 45.87.158.7:443 | www.miltenyibiotec.co.jp | tcp |
| US | 140.177.205.56:443 | tcp | |
| US | 8.8.8.8:53 | m-repo.lib.meiji.ac.jp | udp |
| US | 8.8.8.8:53 | isu2.tup.km.ua | udp |
| FR | 217.182.53.72:443 | isu2.tup.km.ua | tcp |
| JP | 133.26.200.10:443 | m-repo.lib.meiji.ac.jp | tcp |
| JP | 202.218.203.244:443 | tcp | |
| UA | 109.72.122.165:443 | tcp | |
| UA | 193.178.147.110:443 | tcp | |
| DE | 37.1.197.107:443 | www.treasuryislandcasino.com.ua | tcp |
| BR | 177.67.115.135:443 | loja.tray.com.br | tcp |
| JP | 133.26.200.10:443 | m-repo.lib.meiji.ac.jp | tcp |
| JP | 211.133.134.87:443 | tcp | |
| UA | 212.82.216.42:443 | tcp | |
| UA | 212.42.72.183:443 | tcp | |
| US | 8.8.8.8:53 | www.kajima.co.jp | udp |
| JP | 202.241.202.159:443 | www.kajima.co.jp | tcp |
| US | 8.8.8.8:53 | rastu.com.ua | udp |
| US | 8.8.8.8:53 | newsletter.go | udp |
| JP | 130.69.92.68:443 | tcp | |
| US | 8.8.8.8:53 | www.saredrogarias.com.br | udp |
| US | 172.67.189.108:443 | www.saredrogarias.com.br | tcp |
| US | 64.131.68.169:443 | tcp | |
| US | 8.8.8.8:53 | masterkey.com.ua | udp |
| DE | 185.53.178.53:443 | masterkey.com.ua | tcp |
| BR | 201.20.45.207:443 | tcp | |
| US | 208.110.80.35:443 | tcp | |
| RU | 185.9.147.4:443 | weather.co.ua | tcp |
| US | 8.8.8.8:53 | www.okilogistics.co.jp | udp |
| US | 69.72.149.166:443 | tcp | |
| JP | 125.53.25.30:443 | tcp | |
| RU | 185.9.147.4:443 | weather.co.ua | tcp |
| UA | 212.111.198.59:443 | tcp | |
| US | 69.72.149.166:443 | tcp | |
| DE | 193.26.15.243:443 | tcp | |
| JP | 131.206.55.11:443 | tcp | |
| JP | 122.219.252.105:443 | tcp | |
| JP | 202.218.111.122:443 | tcp | |
| US | 8.8.8.8:53 | loja.tray.com.br | udp |
| BR | 177.67.115.135:443 | loja.tray.com.br | tcp |
| BR | 200.234.192.141:443 | tcp | |
| US | 8.8.8.8:53 | www.ristex.jp | udp |
| BR | 200.234.192.141:443 | tcp | |
| JP | 202.214.40.79:443 | tcp | |
| JP | 210.157.5.25:443 | tcp | |
| US | 104.21.80.9:443 | forums.ubuntulinux.jp | tcp |
| DE | 193.26.15.243:443 | tcp | |
| US | 8.8.8.8:53 | www.science-forum.co.jp | udp |
| UA | 193.178.147.110:443 | tcp | |
| US | 208.110.80.36:443 | tcp | |
| UA | 193.178.147.110:443 | tcp | |
| JP | 211.133.134.87:443 | tcp | |
| JP | 202.218.13.230:443 | tcp | |
| JP | 222.146.58.38:443 | tcp | |
| UA | 212.42.72.183:443 | tcp | |
| US | 8.8.8.8:53 | www.imusica.com.br | udp |
| UA | 212.111.198.59:443 | tcp | |
| US | 3.162.140.129:443 | www.imusica.com.br | tcp |
| UA | 62.149.23.110:443 | tcp | |
| US | 74.125.87.69:443 | tcp | |
| UA | 77.120.99.240:443 | tcp | |
| RU | 185.9.147.4:443 | weather.co.ua | tcp |
| JP | 202.214.40.79:443 | tcp | |
| US | 8.8.8.8:53 | www.jaif.or.jp | udp |
| JP | 150.60.251.193:443 | www.jaif.or.jp | tcp |
| BR | 201.20.45.207:443 | tcp | |
| JP | 202.191.113.9:443 | tcp | |
| US | 140.177.205.56:443 | tcp | |
| US | 8.8.8.8:53 | k.jfc.go.jp | udp |
| UA | 62.149.23.110:443 | tcp | |
| US | 8.8.8.8:53 | www.mlh.co.jp | udp |
| US | 204.74.99.100:443 | www.mlh.co.jp | tcp |
| UA | 109.72.122.165:443 | tcp | |
| US | 76.164.227.58:443 | tcp | |
| JP | 202.164.228.11:443 | tcp | |
| JP | 131.113.221.138:443 | tcp | |
| US | 69.72.149.166:443 | tcp | |
| JP | 219.99.163.41:443 | tcp | |
| US | 8.8.8.8:53 | ssl876.locaweb.com.br | udp |
| BR | 191.252.48.196:443 | ssl876.locaweb.com.br | tcp |
| BR | 177.67.115.135:443 | loja.tray.com.br | tcp |
| JP | 183.90.183.210:443 | ss1.coressl.jp | tcp |
| US | 8.8.8.8:53 | www.inde | udp |
| US | 104.18.21.243:443 | www.marantz.jp | tcp |
| UA | 212.111.198.59:443 | tcp | |
| JP | 202.226.91.62:443 | tcp | |
| US | 8.8.8.8:53 | www.nrw.co.jp | udp |
| UA | 62.149.23.110:443 | tcp | |
| UA | 77.120.99.240:443 | tcp | |
| FR | 217.182.53.72:443 | isu2.tup.km.ua | tcp |
| US | 8.8.8.8:53 | www.jica.go.jp | udp |
| US | 3.162.140.120:443 | www.jica.go.jp | tcp |
| US | 204.74.99.100:443 | www.mlh.co.jp | tcp |
| US | 104.21.80.9:443 | forums.ubuntulinux.jp | tcp |
| UA | 212.82.216.42:443 | tcp | |
| JP | 203.79.51.228:443 | tcp | |
| JP | 203.79.51.228:443 | tcp | |
| US | 8.8.8.8:53 | forum.gryada.org.ua | udp |
| BR | 201.20.45.207:443 | tcp | |
| BR | 201.76.41.87:443 | tcp | |
| UA | 62.149.23.110:443 | tcp | |
| BR | 200.234.192.141:443 | tcp | |
| US | 8.8.8.8:53 | www.wolfram.co.jp | udp |
| US | 140.177.9.54:443 | www.wolfram.co.jp | tcp |
| UA | 77.120.104.50:443 | tcp | |
| DE | 116.202.13.71:443 | bunker.org.ua | tcp |
| UA | 77.120.121.35:443 | tcp | |
| US | 8.8.8.8:53 | www.stone.co.ua | udp |
| JP | 202.218.13.230:443 | tcp | |
| UA | 91.196.95.24:443 | tcp | |
| US | 76.164.227.59:443 | tcp | |
| US | 8.8.8.8:53 | nodes.com.ua | udp |
| JP | 202.218.170.179:443 | tcp | |
| US | 8.8.8.8:53 | ss1.coressl.jp | udp |
| JP | 183.90.183.210:443 | ss1.coressl.jp | tcp |
| DE | 116.202.13.71:443 | bunker.org.ua | tcp |
| US | 8.8.8.8:53 | ssl.form-mailer.jp | udp |
| JP | 219.99.163.87:443 | ssl.form-mailer.jp | tcp |
| UA | 62.149.23.110:443 | tcp | |
| US | 204.74.99.100:443 | www.mlh.co.jp | tcp |
| JP | 61.120.56.37:443 | tcp | |
| JP | 202.218.170.179:443 | tcp | |
| JP | 202.164.228.11:443 | tcp | |
| JP | 203.180.136.89:443 | tcp | |
| JP | 150.60.251.193:443 | www.jaif.or.jp | tcp |
| BR | 200.192.143.87:443 | tcp | |
| JP | 133.26.200.10:443 | m-repo.lib.meiji.ac.jp | tcp |
| US | 8.8.8.8:53 | g105.secure.ne.jp | udp |
| JP | 202.164.228.11:443 | g105.secure.ne.jp | tcp |
| UA | 195.182.192.2:443 | tcp | |
| BR | 201.20.45.207:443 | tcp | |
| US | 8.8.8.8:53 | loja.tray.com.br | udp |
| BR | 177.67.115.135:443 | loja.tray.com.br | tcp |
| JP | 133.26.200.10:443 | m-repo.lib.meiji.ac.jp | tcp |
| BR | 177.67.115.135:443 | loja.tray.com.br | tcp |
| RU | 185.9.147.4:443 | weather.co.ua | tcp |
| US | 8.8.8.8:53 | www.kajima.co.jp | udp |
| DE | 116.202.13.71:443 | bunker.org.ua | tcp |
| JP | 202.241.202.159:443 | www.kajima.co.jp | tcp |
| UA | 193.110.163.66:443 | tcp | |
| US | 204.74.99.100:443 | www.mlh.co.jp | tcp |
| JP | 125.53.25.30:443 | tcp | |
| RU | 185.9.147.4:443 | weather.co.ua | tcp |
| UA | 77.120.99.240:443 | tcp | |
| FR | 217.182.53.72:443 | isu2.tup.km.ua | tcp |
| FR | 217.182.53.72:443 | isu2.tup.km.ua | tcp |
| UA | 62.149.23.110:443 | tcp | |
| UA | 195.214.214.53:443 | tcp | |
| US | 76.164.227.60:443 | tcp | |
| JP | 210.165.4.71:443 | tcp |
Files
memory/2928-0-0x0000000070000000-0x000000007000B000-memory.dmp
\Windows\SysWOW64\wuaucldt.exe
| MD5 | 080d6cb9a1b7d17f5047d64a739a4670 |
| SHA1 | ec817d6a722ed59c550b16b7099f46174352982f |
| SHA256 | 600b6df1fa279556cb7bfcbba34a3fc80c04e85f0b1923de0318b06b5f1ca955 |
| SHA512 | 614bedc411f76d5c6f472f9627c5dd525a144235949488214ba37975f8aa4f8c06814bc4684bd4d726834d26eabf2fabada12b1c110f2b1faac3c14b6cbf5121 |
memory/3000-20-0x0000000070000000-0x000000007000B000-memory.dmp
memory/1916-22-0x0000000000080000-0x0000000000089000-memory.dmp
memory/1916-25-0x0000000000080000-0x0000000000089000-memory.dmp
memory/1916-31-0x0000000000080000-0x0000000000089000-memory.dmp
memory/1916-30-0x0000000000080000-0x0000000000089000-memory.dmp
memory/1916-27-0x0000000000080000-0x0000000000089000-memory.dmp
memory/1916-23-0x000000007EFDE000-0x000000007EFDF000-memory.dmp
memory/1916-32-0x0000000000080000-0x0000000000089000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2024-05-26 14:18
Reported
2024-05-26 14:20
Platform
win10v2004-20240508-en
Max time kernel
148s
Max time network
153s
Command Line
Signatures
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | \??\c:\windows\SysWOW64\wuaucldt.exe | N/A |
| N/A | N/A | \??\c:\users\admin\wuaucldt.exe | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\wuaucldt = "c:\\windows\\system32\\wuaucldt.exe" | \??\c:\users\admin\wuaucldt.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\wuaucldt = "c:\\users\\admin\\wuaucldt.exe" | \??\c:\users\admin\wuaucldt.exe | N/A |
Writes to the Master Boot Record (MBR)
| Description | Indicator | Process | Target |
| File opened for modification | \??\PhysicalDrive0 | C:\Windows\SysWOW64\svchost.exe | N/A |
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File created | \??\c:\windows\SysWOW64\wuaucldt.exe | C:\Users\Admin\AppData\Local\Temp\080d6cb9a1b7d17f5047d64a739a4670_NeikiAnalytics.exe | N/A |
| File created | \??\c:\windows\SysWOW64\wuaucldt.exe | \??\c:\windows\SysWOW64\wuaucldt.exe | N/A |
Suspicious use of SetThreadContext
| Description | Indicator | Process | Target |
| PID 4608 set thread context of 2348 | N/A | \??\c:\users\admin\wuaucldt.exe | C:\Windows\SysWOW64\svchost.exe |
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\080d6cb9a1b7d17f5047d64a739a4670_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\080d6cb9a1b7d17f5047d64a739a4670_NeikiAnalytics.exe"
\??\c:\windows\SysWOW64\wuaucldt.exe
c:\windows\system32\wuaucldt.exe
\??\c:\users\admin\wuaucldt.exe
c:\users\admin\wuaucldt.exe
C:\Windows\SysWOW64\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del c:\users\admin\appdata\local\temp\080D6C~1.EXE
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del c:\windows\syswow64\wuaucldt.exe
Network
| Country | Destination | Domain | Proto |
| US | 64.56.68.34:443 | tcp | |
| UA | 195.214.214.53:443 | tcp | |
| BR | 200.234.223.237:443 | tcp | |
| UA | 62.149.23.110:443 | tcp | |
| UA | 82.193.122.190:443 | tcp | |
| UA | 212.111.198.59:443 | tcp | |
| JP | 133.87.45.189:443 | tcp | |
| US | 74.125.87.69:443 | tcp | |
| US | 8.8.8.8:53 | newsletter.go | udp |
| US | 8.8.8.8:53 | global-host.com.ua | udp |
| US | 8.8.8.8:53 | shop.poziti | udp |
| US | 8.8.8.8:53 | hosting.cnrg.com.ua | udp |
| US | 8.8.8.8:53 | cps-h3.ep.sci.hokudai.ac.jp | udp |
| US | 8.8.8.8:53 | wow.merlin.org.ua | udp |
| US | 8.8.8.8:53 | www.imagemfolheados.com.br | udp |
| N/A | 224.0.0.251:5353 | udp | |
| UA | 77.120.104.50:443 | tcp | |
| US | 8.8.8.8:53 | mst.com.ua | udp |
| JP | 164.46.227.120:443 | tcp | |
| NL | 82.196.6.164:443 | mst.com.ua | tcp |
| UA | 193.138.146.141:443 | wow.merlin.org.ua | tcp |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| BR | 143.137.190.15:443 | www.imagemfolheados.com.br | tcp |
| US | 8.8.8.8:53 | www.nrw.co.jp | udp |
| UA | 77.120.110.76:443 | tcp | |
| N/A | 10.127.0.215:443 | tcp | |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 204.79.197.237:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | 104.219.191.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.190.137.143.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.159.190.20.in-addr.arpa | udp |
| NL | 23.62.61.129:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 237.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 129.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.digimer.com.br | udp |
| UA | 195.182.192.2:443 | tcp | |
| JP | 202.218.170.179:443 | tcp | |
| US | 8.8.8.8:53 | cg.ces.kyutech.ac.jp | udp |
| US | 8.8.8.8:53 | loja.tray.com.br | udp |
| BR | 177.67.115.135:443 | loja.tray.com.br | tcp |
| US | 3.162.140.102:443 | www.digimer.com.br | tcp |
| US | 8.8.8.8:53 | nodes.com.ua | udp |
| NL | 23.62.61.129:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | weather.co.ua | udp |
| RU | 185.9.147.4:443 | weather.co.ua | tcp |
| JP | 203.180.136.89:443 | tcp | |
| US | 8.8.8.8:53 | 102.140.162.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.192.182.195.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 135.115.67.177.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 4.147.9.185.in-addr.arpa | udp |
| BR | 201.20.45.207:443 | tcp | |
| JP | 222.146.58.38:443 | tcp | |
| RU | 185.9.147.4:443 | weather.co.ua | tcp |
| US | 8.8.8.8:53 | www.inde | udp |
| UA | 212.111.198.59:443 | tcp | |
| US | 8.8.8.8:53 | 149.220.183.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.86.106.20.in-addr.arpa | udp |
| US | 64.56.68.36:443 | tcp | |
| US | 8.8.8.8:53 | hosting.cnrg.com.ua | udp |
| US | 8.8.8.8:53 | ssl876.locaweb.com.br | udp |
| US | 8.8.8.8:53 | newsletter.go | udp |
| US | 8.8.8.8:53 | www.billboxrecords.com.br | udp |
| JP | 131.113.221.138:443 | tcp | |
| US | 8.8.8.8:53 | spooky.cartoons.org.ua | udp |
| US | 207.44.220.4:443 | tcp | |
| JP | 133.26.200.10:443 | tcp | |
| US | 69.57.128.35:443 | tcp | |
| US | 8.8.8.8:53 | isu2.tup.km.ua | udp |
| UA | 82.193.122.190:443 | tcp | |
| BR | 200.234.192.141:443 | tcp | |
| BR | 143.137.190.15:443 | www.imagemfolheados.com.br | tcp |
| FR | 217.182.53.72:443 | isu2.tup.km.ua | tcp |
| BR | 191.252.48.196:443 | ssl876.locaweb.com.br | tcp |
| US | 64.131.68.169:443 | tcp | |
| US | 65.74.140.3:443 | tcp | |
| US | 8.8.8.8:53 | www.jaif.or.jp | udp |
| US | 8.8.8.8:53 | 72.53.182.217.in-addr.arpa | udp |
| UA | 212.82.216.42:443 | tcp | |
| JP | 150.60.251.193:443 | www.jaif.or.jp | tcp |
| US | 8.8.8.8:53 | www.365.e-secom.jp | udp |
| US | 8.8.8.8:53 | www.wolfram.co.jp | udp |
| US | 8.8.8.8:53 | 193.251.60.150.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 196.48.252.191.in-addr.arpa | udp |
| UA | 109.72.122.165:443 | tcp | |
| US | 140.177.9.54:443 | www.wolfram.co.jp | tcp |
| UA | 82.193.122.190:443 | tcp | |
| UA | 109.72.122.165:443 | tcp | |
| UA | 77.120.99.240:443 | tcp | |
| US | 207.44.220.4:443 | tcp | |
| UA | 79.171.122.236:443 | tcp | |
| US | 8.8.8.8:53 | 157.123.68.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.39.242.20.in-addr.arpa | udp |
| BR | 177.67.115.135:443 | loja.tray.com.br | tcp |
| US | 208.110.80.34:443 | tcp | |
| US | 8.8.8.8:53 | la2.meganet.org.ua | udp |
| US | 8.8.8.8:53 | www.aandd.jp | udp |
| US | 172.67.220.141:443 | la2.meganet.org.ua | tcp |
| US | 8.8.8.8:53 | m-repo.lib.meiji.ac.jp | udp |
| JP | 202.218.111.122:443 | tcp | |
| US | 172.67.205.214:443 | www.aandd.jp | tcp |
| US | 8.8.8.8:53 | www.irt | udp |
| JP | 202.214.40.79:443 | tcp | |
| FR | 217.182.53.72:443 | isu2.tup.km.ua | tcp |
| US | 8.8.8.8:53 | www.stone.co.ua | udp |
| UA | 109.72.122.165:443 | tcp | |
| US | 8.8.8.8:53 | center.umin.ac.jp | udp |
| JP | 133.26.200.10:443 | m-repo.lib.meiji.ac.jp | tcp |
| JP | 202.191.113.9:443 | tcp | |
| JP | 211.133.134.87:443 | tcp | |
| US | 8.8.8.8:53 | 141.220.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 214.205.67.172.in-addr.arpa | udp |
| JP | 210.165.4.71:443 | tcp | |
| JP | 202.218.111.122:443 | tcp | |
| JP | 211.133.134.87:443 | tcp | |
| UA | 193.178.147.110:443 | tcp | |
| US | 64.79.197.143:443 | tcp | |
| JP | 211.133.134.87:443 | tcp | |
| US | 8.8.8.8:53 | 110.147.178.193.in-addr.arpa | udp |
| JP | 202.214.40.79:443 | tcp | |
| US | 74.125.87.69:443 | tcp | |
| US | 8.8.8.8:53 | www.irt | udp |
| UA | 91.196.95.24:443 | tcp | |
| JP | 210.171.131.16:443 | tcp | |
| US | 208.110.80.35:443 | tcp | |
| US | 65.74.140.3:443 | tcp | |
| UA | 77.120.121.35:443 | tcp | |
| US | 64.79.197.143:443 | tcp | |
| BR | 200.143.10.165:443 | tcp | |
| JP | 210.171.131.16:443 | tcp | |
| PL | 193.23.48.228:443 | tcp | |
| US | 8.8.8.8:53 | www.epra | udp |
| BR | 201.49.212.100:443 | tcp | |
| US | 8.8.8.8:53 | cg.ces.kyutech.ac.jp | udp |
| UA | 77.120.110.76:443 | tcp | |
| JP | 210.165.4.71:443 | tcp | |
| US | 8.8.8.8:53 | newsletter.go | udp |
| US | 8.8.8.8:53 | masterkey.com.ua | udp |
| US | 8.8.8.8:53 | www.science-forum.co.jp | udp |
| DE | 185.53.178.53:443 | masterkey.com.ua | tcp |
| BR | 200.234.192.141:443 | tcp | |
| UA | 193.178.147.110:443 | tcp | |
| JP | 203.79.51.228:443 | tcp | |
| US | 8.8.8.8:53 | 53.178.53.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 228.51.79.203.in-addr.arpa | udp |
| BR | 201.20.45.207:443 | tcp | |
| JP | 125.53.25.30:443 | tcp | |
| US | 8.8.8.8:53 | loja.tray.com.br | udp |
| BR | 177.67.115.135:443 | loja.tray.com.br | tcp |
| US | 8.8.8.8:53 | www.saredrogarias.com.br | udp |
| US | 104.21.49.86:443 | www.saredrogarias.com.br | tcp |
| US | 8.8.8.8:53 | www.digimer.com.br | udp |
| US | 140.177.205.56:443 | tcp | |
| US | 3.162.140.122:443 | www.digimer.com.br | tcp |
| US | 8.8.8.8:53 | 86.49.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 122.140.162.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | itmedia.smartseminar.jp | udp |
| IE | 18.66.171.62:443 | itmedia.smartseminar.jp | tcp |
| US | 8.8.8.8:53 | 62.171.66.18.in-addr.arpa | udp |
| JP | 164.46.227.120:443 | tcp | |
| US | 8.8.8.8:53 | nodes.com.ua | udp |
| BR | 200.234.223.237:443 | tcp | |
| US | 208.110.80.36:443 | tcp | |
| US | 8.8.8.8:53 | www.stone.co.ua | udp |
| NL | 87.239.184.105:443 | tcp | |
| JP | 203.180.136.89:443 | tcp | |
| JP | 202.218.170.179:443 | tcp | |
| UA | 193.110.163.66:443 | tcp | |
| US | 8.8.8.8:53 | www.gsec.keio.ac.jp | udp |
| US | 74.125.87.69:443 | tcp | |
| RU | 185.9.147.4:443 | weather.co.ua | tcp |
| US | 8.8.8.8:53 | 66.163.110.193.in-addr.arpa | udp |
| JP | 222.146.58.38:443 | tcp | |
| UA | 195.214.214.53:443 | tcp | |
| JP | 222.146.58.38:443 | tcp | |
| US | 8.8.8.8:53 | direct.ips.co.jp | udp |
| JP | 202.218.13.170:443 | direct.ips.co.jp | tcp |
| UA | 195.182.192.2:443 | tcp | |
| RU | 185.9.147.4:443 | weather.co.ua | tcp |
| BR | 177.67.115.135:443 | loja.tray.com.br | tcp |
| US | 104.21.49.86:443 | www.saredrogarias.com.br | tcp |
| US | 8.8.8.8:53 | 170.13.218.202.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.epra | udp |
| US | 74.125.87.69:443 | tcp | |
| BR | 201.20.45.207:443 | tcp | |
| US | 8.8.8.8:53 | k.jfc.go.jp | udp |
| US | 65.74.140.3:443 | tcp | |
| DE | 193.26.15.243:443 | tcp | |
| US | 8.8.8.8:53 | www.nrw.co.jp | udp |
| US | 140.177.9.54:443 | www.wolfram.co.jp | tcp |
| BR | 201.20.45.207:443 | tcp | |
| US | 8.8.8.8:53 | 19.229.111.52.in-addr.arpa | udp |
| JP | 133.26.200.10:443 | m-repo.lib.meiji.ac.jp | tcp |
| UA | 91.203.146.30:443 | tcp | |
| JP | 202.218.170.179:443 | tcp | |
| US | 8.8.8.8:53 | www.inde | udp |
| US | 69.57.128.35:443 | tcp | |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 200.197.79.204.in-addr.arpa | udp |
| US | 76.164.227.58:443 | tcp | |
| NL | 87.239.184.105:443 | tcp | |
| JP | 210.171.131.16:443 | tcp | |
| DE | 193.26.15.243:443 | tcp | |
| JP | 202.218.13.230:443 | tcp | |
| BR | 200.192.143.87:443 | tcp | |
| US | 8.8.8.8:53 | www.nrw.co.jp | udp |
| JP | 133.26.200.10:443 | m-repo.lib.meiji.ac.jp | tcp |
| US | 8.8.8.8:53 | www.rulez.org.ua | udp |
| BR | 177.67.115.135:443 | loja.tray.com.br | tcp |
| US | 3.162.140.122:443 | www.digimer.com.br | tcp |
| JP | 202.218.13.170:443 | direct.ips.co.jp | tcp |
| JP | 203.179.38.26:443 | tcp | |
| US | 8.8.8.8:53 | www.kajima.co.jp | udp |
| JP | 202.241.202.159:443 | www.kajima.co.jp | tcp |
| US | 104.21.49.86:443 | www.saredrogarias.com.br | tcp |
| UA | 77.120.121.35:443 | tcp | |
| US | 8.8.8.8:53 | forum.gryada.org.ua | udp |
| US | 172.67.205.214:443 | www.aandd.jp | tcp |
| US | 8.8.8.8:53 | shop.poziti | udp |
| NL | 87.239.184.105:443 | tcp | |
| US | 8.8.8.8:53 | form.cao.go.jp | udp |
| JP | 210.148.118.162:443 | form.cao.go.jp | tcp |
| JP | 130.69.92.68:443 | tcp | |
| US | 69.57.128.35:443 | tcp | |
| US | 8.8.8.8:53 | 162.118.148.210.in-addr.arpa | udp |
| BR | 177.67.115.135:443 | loja.tray.com.br | tcp |
| BR | 200.143.10.165:443 | tcp | |
| BR | 177.67.115.135:443 | loja.tray.com.br | tcp |
| UA | 212.82.216.42:443 | tcp | |
| US | 104.21.49.86:443 | www.saredrogarias.com.br | tcp |
| JP | 202.226.91.62:443 | tcp | |
| US | 76.164.227.59:443 | tcp | |
| BR | 177.67.115.135:443 | loja.tray.com.br | tcp |
| US | 204.13.248.107:443 | tcp | |
| UA | 212.111.198.59:443 | tcp | |
| JP | 202.218.13.230:443 | tcp | |
| BR | 201.49.212.100:443 | tcp | |
| JP | 210.171.131.16:443 | tcp | |
| US | 8.8.8.8:53 | accounts.comodo.od.ua | udp |
| US | 162.255.25.25:443 | accounts.comodo.od.ua | tcp |
| US | 8.8.8.8:53 | www.science-forum.co.jp | udp |
| JP | 222.146.58.38:443 | tcp | |
| US | 8.8.8.8:53 | www.jica.go.jp | udp |
| US | 3.162.140.73:443 | www.jica.go.jp | tcp |
| UA | 77.120.121.35:443 | tcp | |
| US | 8.8.8.8:53 | 73.140.162.3.in-addr.arpa | udp |
| JP | 202.218.203.244:443 | tcp | |
| US | 3.162.140.73:443 | www.jica.go.jp | tcp |
| JP | 210.148.118.162:443 | form.cao.go.jp | tcp |
| US | 74.125.87.69:443 | tcp | |
| UA | 77.120.99.240:443 | tcp | |
| US | 8.8.8.8:53 | www.okilogistics.co.jp | udp |
| US | 140.177.9.54:443 | www.wolfram.co.jp | tcp |
| US | 8.8.8.8:53 | ss1.coressl.jp | udp |
| JP | 183.90.183.210:443 | ss1.coressl.jp | tcp |
| JP | 202.218.170.179:443 | tcp | |
| US | 8.8.8.8:53 | 210.183.90.183.in-addr.arpa | udp |
| UA | 77.120.104.50:443 | tcp | |
| US | 8.8.8.8:53 | shop.poziti | udp |
| NL | 87.239.184.105:443 | tcp | |
| JP | 183.90.183.210:443 | ss1.coressl.jp | tcp |
| JP | 164.46.227.120:443 | tcp | |
| UA | 77.120.104.50:443 | tcp | |
| US | 76.164.227.60:443 | tcp | |
| UA | 82.193.122.190:443 | tcp | |
| US | 8.8.8.8:53 | 137.71.105.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.365.e-secom.jp | udp |
| UA | 77.120.99.240:443 | tcp | |
| UA | 79.171.122.236:443 | tcp | |
| UA | 212.111.198.59:443 | tcp | |
| US | 8.8.8.8:53 | loja.tray.com.br | udp |
| BR | 177.67.115.135:443 | loja.tray.com.br | tcp |
| UA | 82.193.122.190:443 | tcp |
Files
C:\Windows\SysWOW64\wuaucldt.exe
| MD5 | 080d6cb9a1b7d17f5047d64a739a4670 |
| SHA1 | ec817d6a722ed59c550b16b7099f46174352982f |
| SHA256 | 600b6df1fa279556cb7bfcbba34a3fc80c04e85f0b1923de0318b06b5f1ca955 |
| SHA512 | 614bedc411f76d5c6f472f9627c5dd525a144235949488214ba37975f8aa4f8c06814bc4684bd4d726834d26eabf2fabada12b1c110f2b1faac3c14b6cbf5121 |
memory/4888-4-0x0000000070000000-0x000000007000B000-memory.dmp
memory/4608-11-0x0000000070000000-0x000000007000B000-memory.dmp
memory/2348-14-0x0000000000E00000-0x0000000000E09000-memory.dmp
memory/2348-15-0x0000000000E00000-0x0000000000E09000-memory.dmp
memory/2348-16-0x0000000000E00000-0x0000000000E09000-memory.dmp
memory/2348-19-0x0000000000E00000-0x0000000000E09000-memory.dmp
memory/2348-20-0x0000000000E00000-0x0000000000E09000-memory.dmp
memory/2348-21-0x0000000000E00000-0x0000000000E09000-memory.dmp