Malware Analysis Report

2024-09-23 05:03

Sample ID 240613-exf4katfrh
Target 5dd6b1fb125f6dbc37b2891397bdf0d0_NeikiAnalytics.exe
SHA256 dff64a5ce53a9d42f9d857f95abcb5f377988091f8ba3213a92861711422d4a7
Tags
upx ransomware
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

dff64a5ce53a9d42f9d857f95abcb5f377988091f8ba3213a92861711422d4a7

Threat Level: Likely malicious

The file 5dd6b1fb125f6dbc37b2891397bdf0d0_NeikiAnalytics.exe was found to be: Likely malicious.

Malicious Activity Summary

upx ransomware

Renames multiple (98) files with added filename extension

Renames multiple (243) files with added filename extension

UPX packed file

Drops file in Program Files directory

Unsigned PE

MITRE ATT&CK Matrix

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-13 04:19

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-13 04:18

Reported

2024-06-13 04:21

Platform

win7-20240611-en

Max time kernel

150s

Max time network

126s

Command Line

"C:\Users\Admin\AppData\Local\Temp\5dd6b1fb125f6dbc37b2891397bdf0d0_NeikiAnalytics.exe"

Signatures

Renames multiple (98) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\7-Zip\7-zip.dll.tmp C:\Users\Admin\AppData\Local\Temp\5dd6b1fb125f6dbc37b2891397bdf0d0_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\7-zip32.dll.tmp C:\Users\Admin\AppData\Local\Temp\5dd6b1fb125f6dbc37b2891397bdf0d0_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\7zG.exe.tmp C:\Users\Admin\AppData\Local\Temp\5dd6b1fb125f6dbc37b2891397bdf0d0_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\af.txt.tmp C:\Users\Admin\AppData\Local\Temp\5dd6b1fb125f6dbc37b2891397bdf0d0_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\an.txt.tmp C:\Users\Admin\AppData\Local\Temp\5dd6b1fb125f6dbc37b2891397bdf0d0_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\7z.exe.tmp C:\Users\Admin\AppData\Local\Temp\5dd6b1fb125f6dbc37b2891397bdf0d0_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\7zCon.sfx.tmp C:\Users\Admin\AppData\Local\Temp\5dd6b1fb125f6dbc37b2891397bdf0d0_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\descript.ion.tmp C:\Users\Admin\AppData\Local\Temp\5dd6b1fb125f6dbc37b2891397bdf0d0_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\ar.txt.tmp C:\Users\Admin\AppData\Local\Temp\5dd6b1fb125f6dbc37b2891397bdf0d0_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\7-zip.chm.tmp C:\Users\Admin\AppData\Local\Temp\5dd6b1fb125f6dbc37b2891397bdf0d0_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\7z.dll.tmp C:\Users\Admin\AppData\Local\Temp\5dd6b1fb125f6dbc37b2891397bdf0d0_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\7z.sfx.tmp C:\Users\Admin\AppData\Local\Temp\5dd6b1fb125f6dbc37b2891397bdf0d0_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\7zFM.exe.tmp C:\Users\Admin\AppData\Local\Temp\5dd6b1fb125f6dbc37b2891397bdf0d0_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\History.txt.tmp C:\Users\Admin\AppData\Local\Temp\5dd6b1fb125f6dbc37b2891397bdf0d0_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\ast.txt.tmp C:\Users\Admin\AppData\Local\Temp\5dd6b1fb125f6dbc37b2891397bdf0d0_NeikiAnalytics.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\5dd6b1fb125f6dbc37b2891397bdf0d0_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\5dd6b1fb125f6dbc37b2891397bdf0d0_NeikiAnalytics.exe"

Network

N/A

Files

memory/2540-0-0x0000000000400000-0x000000000040B000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-39690363-730359138-1046745555-1000\desktop.ini.tmp

MD5 d0080f6710738102909741a1cc1fde69
SHA1 f81ae57ee46a63f2a61af7845ac60baac3396fd8
SHA256 88fb941de9b745c8ff33301781fa05b3a1f6285a774f0124eb086ca921d0453b
SHA512 34bac3501522ddbd4f1f10c5a4766ed764569101f5369ea892a3717e556f4a8f3ae3c38b4b6b2fb2251a9aba596b969187e6dd5e6160dd127fcbd6558d5f9bf9

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 49497a6311338c981461d36d80b82fb4
SHA1 2354f8533251294d337d5fe9af338d10bf7f30e4
SHA256 190b125759521d92a2d40b2895ddfa2de9a11ad9c06287e652ea63e96d5bd6ec
SHA512 4d77e16e40641d90764006e8d95505fc91f9e1706b2c5e9b2b0692a0167c86ad6730d07f2d915c8250a69c258e01a8d36951db0b073d8580d21104b5a9221733

memory/2540-24-0x0000000000400000-0x000000000040B000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-13 04:18

Reported

2024-06-13 04:21

Platform

win10v2004-20240611-en

Max time kernel

149s

Max time network

150s

Command Line

"C:\Users\Admin\AppData\Local\Temp\5dd6b1fb125f6dbc37b2891397bdf0d0_NeikiAnalytics.exe"

Signatures

Renames multiple (243) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Common Files\microsoft shared\ink\cs-CZ\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\5dd6b1fb125f6dbc37b2891397bdf0d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\ja-JP\ShapeCollector.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\5dd6b1fb125f6dbc37b2891397bdf0d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\uk-UA\tabskb.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\5dd6b1fb125f6dbc37b2891397bdf0d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Services\verisign.bmp.tmp C:\Users\Admin\AppData\Local\Temp\5dd6b1fb125f6dbc37b2891397bdf0d0_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\7zG.exe.tmp C:\Users\Admin\AppData\Local\Temp\5dd6b1fb125f6dbc37b2891397bdf0d0_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\ky.txt.tmp C:\Users\Admin\AppData\Local\Temp\5dd6b1fb125f6dbc37b2891397bdf0d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVClient.man.tmp C:\Users\Admin\AppData\Local\Temp\5dd6b1fb125f6dbc37b2891397bdf0d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.th-th.dll.tmp C:\Users\Admin\AppData\Local\Temp\5dd6b1fb125f6dbc37b2891397bdf0d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\base_heb.xml.tmp C:\Users\Admin\AppData\Local\Temp\5dd6b1fb125f6dbc37b2891397bdf0d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\hu-HU\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\5dd6b1fb125f6dbc37b2891397bdf0d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\ipsrus.xml.tmp C:\Users\Admin\AppData\Local\Temp\5dd6b1fb125f6dbc37b2891397bdf0d0_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\hr.txt.tmp C:\Users\Admin\AppData\Local\Temp\5dd6b1fb125f6dbc37b2891397bdf0d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.it-it.dll.tmp C:\Users\Admin\AppData\Local\Temp\5dd6b1fb125f6dbc37b2891397bdf0d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\es-ES\TipTsf.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\5dd6b1fb125f6dbc37b2891397bdf0d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\ipscat.xml.tmp C:\Users\Admin\AppData\Local\Temp\5dd6b1fb125f6dbc37b2891397bdf0d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVOrchestration.dll.tmp C:\Users\Admin\AppData\Local\Temp\5dd6b1fb125f6dbc37b2891397bdf0d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.de-de.dll.tmp C:\Users\Admin\AppData\Local\Temp\5dd6b1fb125f6dbc37b2891397bdf0d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\en-US\InputPersonalization.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\5dd6b1fb125f6dbc37b2891397bdf0d0_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\mng2.txt.tmp C:\Users\Admin\AppData\Local\Temp\5dd6b1fb125f6dbc37b2891397bdf0d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\ipsptg.xml.tmp C:\Users\Admin\AppData\Local\Temp\5dd6b1fb125f6dbc37b2891397bdf0d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\it-IT\TipRes.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\5dd6b1fb125f6dbc37b2891397bdf0d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\rtscom.dll.tmp C:\Users\Admin\AppData\Local\Temp\5dd6b1fb125f6dbc37b2891397bdf0d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\MSInfo\en-US\msinfo32.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\5dd6b1fb125f6dbc37b2891397bdf0d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\base_ca.xml.tmp C:\Users\Admin\AppData\Local\Temp\5dd6b1fb125f6dbc37b2891397bdf0d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\osknumpad.xml.tmp C:\Users\Admin\AppData\Local\Temp\5dd6b1fb125f6dbc37b2891397bdf0d0_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\7-zip.dll.tmp C:\Users\Admin\AppData\Local\Temp\5dd6b1fb125f6dbc37b2891397bdf0d0_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\en.ttt.tmp C:\Users\Admin\AppData\Local\Temp\5dd6b1fb125f6dbc37b2891397bdf0d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-convert-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\5dd6b1fb125f6dbc37b2891397bdf0d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.pl-pl.dll.tmp C:\Users\Admin\AppData\Local\Temp\5dd6b1fb125f6dbc37b2891397bdf0d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-locale-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\5dd6b1fb125f6dbc37b2891397bdf0d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\bg-BG\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\5dd6b1fb125f6dbc37b2891397bdf0d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\Microsoft.Ink.dll.tmp C:\Users\Admin\AppData\Local\Temp\5dd6b1fb125f6dbc37b2891397bdf0d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\ado\en-US\msader15.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\5dd6b1fb125f6dbc37b2891397bdf0d0_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\el.txt.tmp C:\Users\Admin\AppData\Local\Temp\5dd6b1fb125f6dbc37b2891397bdf0d0_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\uk.txt.tmp C:\Users\Admin\AppData\Local\Temp\5dd6b1fb125f6dbc37b2891397bdf0d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\it-IT\InkObj.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\5dd6b1fb125f6dbc37b2891397bdf0d0_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\sa.txt.tmp C:\Users\Admin\AppData\Local\Temp\5dd6b1fb125f6dbc37b2891397bdf0d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskmenu\oskmenubase.xml.tmp C:\Users\Admin\AppData\Local\Temp\5dd6b1fb125f6dbc37b2891397bdf0d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\zh-TW\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\5dd6b1fb125f6dbc37b2891397bdf0d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\base_kor.xml.tmp C:\Users\Admin\AppData\Local\Temp\5dd6b1fb125f6dbc37b2891397bdf0d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVIsvStreamingManager.dll.tmp C:\Users\Admin\AppData\Local\Temp\5dd6b1fb125f6dbc37b2891397bdf0d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeC2RCom.dll.tmp C:\Users\Admin\AppData\Local\Temp\5dd6b1fb125f6dbc37b2891397bdf0d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\mip.exe.tmp C:\Users\Admin\AppData\Local\Temp\5dd6b1fb125f6dbc37b2891397bdf0d0_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\nl.txt.tmp C:\Users\Admin\AppData\Local\Temp\5dd6b1fb125f6dbc37b2891397bdf0d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.fi-fi.dll.tmp C:\Users\Admin\AppData\Local\Temp\5dd6b1fb125f6dbc37b2891397bdf0d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\ipsdeu.xml.tmp C:\Users\Admin\AppData\Local\Temp\5dd6b1fb125f6dbc37b2891397bdf0d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\ipssrl.xml.tmp C:\Users\Admin\AppData\Local\Temp\5dd6b1fb125f6dbc37b2891397bdf0d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\it-IT\mshwLatin.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\5dd6b1fb125f6dbc37b2891397bdf0d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\ipshrv.xml.tmp C:\Users\Admin\AppData\Local\Temp\5dd6b1fb125f6dbc37b2891397bdf0d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\ja-JP\TabTip.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\5dd6b1fb125f6dbc37b2891397bdf0d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\OFFICE16\LICLUA.EXE.tmp C:\Users\Admin\AppData\Local\Temp\5dd6b1fb125f6dbc37b2891397bdf0d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\ja-jp.xml.tmp C:\Users\Admin\AppData\Local\Temp\5dd6b1fb125f6dbc37b2891397bdf0d0_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\uz.txt.tmp C:\Users\Admin\AppData\Local\Temp\5dd6b1fb125f6dbc37b2891397bdf0d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-filesystem-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\5dd6b1fb125f6dbc37b2891397bdf0d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.sr-latn-rs.dll.tmp C:\Users\Admin\AppData\Local\Temp\5dd6b1fb125f6dbc37b2891397bdf0d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.vi-vn.dll.tmp C:\Users\Admin\AppData\Local\Temp\5dd6b1fb125f6dbc37b2891397bdf0d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\zh-phonetic.xml.tmp C:\Users\Admin\AppData\Local\Temp\5dd6b1fb125f6dbc37b2891397bdf0d0_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\mr.txt.tmp C:\Users\Admin\AppData\Local\Temp\5dd6b1fb125f6dbc37b2891397bdf0d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-runtime-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\5dd6b1fb125f6dbc37b2891397bdf0d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2R32.dll.tmp C:\Users\Admin\AppData\Local\Temp\5dd6b1fb125f6dbc37b2891397bdf0d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\InkDiv.dll.tmp C:\Users\Admin\AppData\Local\Temp\5dd6b1fb125f6dbc37b2891397bdf0d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\ro-RO\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\5dd6b1fb125f6dbc37b2891397bdf0d0_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\ga.txt.tmp C:\Users\Admin\AppData\Local\Temp\5dd6b1fb125f6dbc37b2891397bdf0d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVIsvApi.dll.tmp C:\Users\Admin\AppData\Local\Temp\5dd6b1fb125f6dbc37b2891397bdf0d0_NeikiAnalytics.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\5dd6b1fb125f6dbc37b2891397bdf0d0_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\5dd6b1fb125f6dbc37b2891397bdf0d0_NeikiAnalytics.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 72.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.237:443 g.bing.com tcp
NL 23.62.61.194:443 www.bing.com tcp
US 8.8.8.8:53 82.90.14.23.in-addr.arpa udp
US 8.8.8.8:53 194.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 26.165.165.52.in-addr.arpa udp
US 8.8.8.8:53 56.126.166.20.in-addr.arpa udp
US 8.8.8.8:53 57.15.31.184.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 11.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 137.71.105.51.in-addr.arpa udp

Files

memory/2168-0-0x0000000000400000-0x000000000040B000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-4204450073-1267028356-951339405-1000\desktop.ini.tmp

MD5 9ffcfb66b228bb6b88e0c874135e9a7e
SHA1 0a6f7a81f6260caf915642d0c7ebf1de31e1f594
SHA256 ca4fb46ca9f192ad851a6cd52cda34bbe2330dece9e4b1e8230fb81e084c491b
SHA512 182ce884203584580fe83cbd7a02912c9243daeb9ba78be63431fa41a7390a832132093debc08f03621fbc1c3c2de166112106fa724bb8f16c2a311ddb802447

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 8af5ba7226ed0cf77d585c2f6cca4244
SHA1 25daeefdf6960e17c26ecba2cc3d2cb368edd094
SHA256 ba0529e3ed16dcc3c55689c699f7cf61bbe3ff45cbceb4ee17ef0b36865a9a27
SHA512 d7a3e1a449f2d859fdad97a9fa7cb93108c69e35d08cf9c25947b1d5245656410243684161d178834b3d453f49772b3d99625b01095c3828c13d171e4c27692f

memory/2168-134-0x0000000000400000-0x000000000040B000-memory.dmp