Malware Analysis Report

2024-11-13 13:25

Sample ID 240613-f4ae2azaqp
Target Rbot-O 2.7z
SHA256 a96181997bfe6e3dea689a9f8ca59f04edd352fe1c6993d0334fecc9d6ff28f5
Tags
discovery
score
8/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
8/10

SHA256

a96181997bfe6e3dea689a9f8ca59f04edd352fe1c6993d0334fecc9d6ff28f5

Threat Level: Likely malicious

The file Rbot-O 2.7z was found to be: Likely malicious.

Malicious Activity Summary

discovery

Contacts a large (517) amount of remote hosts

Unsigned PE

Modifies registry class

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-13 05:25

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-13 05:25

Reported

2024-06-13 05:27

Platform

win7-20240611-en

Max time kernel

150s

Max time network

155s

Command Line

"C:\Users\Admin\AppData\Local\Temp\b0b39f058a958778b15a5c4589a2938d.exe"

Signatures

Contacts a large (517) amount of remote hosts

discovery

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{DC2ECB00-E7D5-97A9-DD30-62AE349BBE9C}\LocalServer32 C:\Users\Admin\AppData\Local\Temp\b0b39f058a958778b15a5c4589a2938d.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{DC2ECB00-E7D5-97A9-DD30-62AE349BBE9C}\LocalServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\b0b39f058a958778b15a5c4589a2938d.exe" C:\Users\Admin\AppData\Local\Temp\b0b39f058a958778b15a5c4589a2938d.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{DC2ECB00-E7D5-97A9-DD30-62AE349BBE9C} C:\Users\Admin\AppData\Local\Temp\b0b39f058a958778b15a5c4589a2938d.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{DC2ECB00-E7D5-97A9-DD30-62AE349BBE9C}\ = "rcbttkkltvkqehbb" C:\Users\Admin\AppData\Local\Temp\b0b39f058a958778b15a5c4589a2938d.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\b0b39f058a958778b15a5c4589a2938d.exe

"C:\Users\Admin\AppData\Local\Temp\b0b39f058a958778b15a5c4589a2938d.exe"

Network

Country Destination Domain Proto
DK 217.63.113.169:139 tcp
NL 217.63.20.110:139 tcp
NL 217.63.36.21:139 tcp
NL 217.63.35.58:139 tcp
NL 217.63.244.219:139 tcp
NL 217.63.9.163:139 tcp
NL 217.63.10.155:139 tcp
NL 217.63.40.94:139 tcp
NL 217.63.16.102:139 tcp
NL 217.63.243.176:139 tcp
NL 217.63.192.110:139 tcp
NL 217.63.48.207:139 tcp
NL 217.63.192.167:139 tcp
NL 217.63.60.222:139 tcp
NL 217.63.90.6:139 tcp
NL 217.63.56.196:139 tcp
NL 217.63.224.72:139 tcp
NL 217.63.5.202:139 tcp
NL 217.63.43.84:139 tcp
NL 217.63.26.148:139 tcp
NL 217.63.22.74:139 tcp
NL 217.63.221.129:139 tcp
NL 217.63.212.71:139 tcp
NL 217.63.213.179:139 tcp
NL 217.63.196.159:139 tcp
NL 217.63.70.230:139 tcp
NL 217.63.229.22:139 tcp
NL 217.63.63.153:139 tcp
NL 217.63.21.48:139 tcp
NL 217.63.247.208:139 tcp
NL 217.63.14.85:139 tcp
NL 217.63.31.254:139 tcp
NL 217.63.56.14:139 tcp
NL 217.63.61.121:139 tcp
NL 217.63.226.74:139 tcp
NL 217.63.10.156:139 tcp
NL 217.63.5.49:139 tcp
NL 217.63.59.184:139 tcp
NL 217.63.50.151:139 tcp
NL 217.63.219.212:139 tcp
NL 217.63.218.214:139 tcp
NL 217.63.216.94:139 tcp
NL 217.63.27.143:139 tcp
NL 217.63.213.44:139 tcp
NL 217.63.58.209:139 tcp
NL 217.63.37.17:139 tcp
NL 217.63.247.39:139 tcp
NL 217.63.51.174:139 tcp
NL 217.63.244.110:139 tcp
NL 217.63.26.89:139 tcp
NL 217.63.195.10:139 tcp
DK 217.63.113.169:445 tcp
NL 217.63.20.110:445 tcp
NL 217.63.36.21:445 tcp
NL 217.63.35.58:445 tcp
NL 217.63.244.219:445 tcp
NL 217.63.9.163:445 tcp
NL 217.63.10.155:445 tcp
NL 217.63.40.94:445 tcp
NL 217.63.16.102:445 tcp
NL 217.63.243.176:445 tcp
NL 217.63.192.110:445 tcp
NL 217.63.48.207:445 tcp
NL 217.63.192.167:445 tcp
NL 217.63.60.222:445 tcp
NL 217.63.90.6:445 tcp
NL 217.63.56.196:445 tcp
NL 217.63.224.72:445 tcp
NL 217.63.5.202:445 tcp
NL 217.63.43.84:445 tcp
NL 217.63.26.148:445 tcp
NL 217.63.22.74:445 tcp
NL 217.63.221.129:445 tcp
NL 217.63.212.71:445 tcp
NL 217.63.213.179:445 tcp
NL 217.63.196.159:445 tcp
NL 217.63.70.230:445 tcp
NL 217.63.229.22:445 tcp
NL 217.63.63.153:445 tcp
NL 217.63.21.48:445 tcp
NL 217.63.247.208:445 tcp
NL 217.63.14.85:445 tcp
NL 217.63.31.254:445 tcp
NL 217.63.56.14:445 tcp
NL 217.63.61.121:445 tcp
NL 217.63.226.74:445 tcp
NL 217.63.10.156:445 tcp
NL 217.63.5.49:445 tcp
NL 217.63.59.184:445 tcp
NL 217.63.50.151:445 tcp
NL 217.63.219.212:445 tcp
NL 217.63.218.214:445 tcp
NL 217.63.216.94:445 tcp
NL 217.63.27.143:445 tcp
NL 217.63.213.44:445 tcp
NL 217.63.58.209:445 tcp
NL 217.63.37.17:445 tcp
NL 217.63.247.39:445 tcp
NL 217.63.51.174:445 tcp
NL 217.63.244.110:445 tcp
NL 217.63.26.89:445 tcp
NL 217.63.195.10:445 tcp
NL 217.63.202.44:139 tcp
NL 217.63.218.33:139 tcp
NL 217.63.252.41:139 tcp
NL 217.63.92.196:139 tcp
NL 217.63.43.180:139 tcp
NL 217.63.22.51:139 tcp
NL 217.63.10.100:139 tcp
NL 217.63.29.112:139 tcp
NL 217.63.252.88:139 tcp
NL 217.63.30.131:139 tcp
NL 217.63.34.73:139 tcp
NL 217.63.8.66:139 tcp
NL 217.63.197.206:139 tcp
DK 217.63.99.129:139 tcp
NL 217.63.45.144:139 tcp
NL 217.63.43.25:139 tcp
NL 217.63.243.224:139 tcp
NL 217.63.216.176:139 tcp
NL 217.63.227.185:139 tcp
NL 217.63.20.206:139 tcp
NL 217.63.20.60:139 tcp
NL 217.63.13.64:139 tcp
NL 217.63.244.43:139 tcp
NL 217.63.6.253:139 tcp
NL 217.63.8.216:139 tcp
NL 217.63.46.213:139 tcp
NL 217.63.208.203:139 tcp
NL 217.63.253.92:139 tcp
NL 217.63.6.131:139 tcp
NL 217.63.55.183:139 tcp
NL 217.63.62.119:139 tcp
NL 217.63.196.215:139 tcp
NL 217.63.3.139:139 tcp
NL 217.63.8.79:139 tcp
NL 217.63.61.22:139 tcp
NL 217.63.2.48:139 tcp
NL 217.63.40.37:139 tcp
NL 217.63.228.219:139 tcp
NL 217.63.33.237:139 tcp
NL 217.63.238.92:139 tcp
NL 217.63.14.204:139 tcp
NL 217.63.53.136:139 tcp
NL 217.63.15.143:139 tcp
NL 217.63.62.109:139 tcp
NL 217.63.30.75:139 tcp
NL 217.63.43.113:139 tcp
NL 217.63.37.237:139 tcp
NL 217.63.52.33:139 tcp
NL 217.63.248.34:139 tcp
NL 217.63.24.248:139 tcp
NL 217.63.2.70:139 tcp
NL 217.63.202.44:445 tcp
NL 217.63.218.33:445 tcp
NL 217.63.252.41:445 tcp
NL 217.63.92.196:445 tcp
NL 217.63.43.180:445 tcp
NL 217.63.22.51:445 tcp
NL 217.63.10.100:445 tcp
NL 217.63.29.112:445 tcp
NL 217.63.252.88:445 tcp
NL 217.63.30.131:445 tcp
NL 217.63.34.73:445 tcp
NL 217.63.8.66:445 tcp
NL 217.63.197.206:445 tcp
DK 217.63.99.129:445 tcp
NL 217.63.45.144:445 tcp
NL 217.63.43.25:445 tcp
NL 217.63.243.224:445 tcp
NL 217.63.216.176:445 tcp
NL 217.63.227.185:445 tcp
NL 217.63.20.206:445 tcp
NL 217.63.20.60:445 tcp
NL 217.63.13.64:445 tcp
NL 217.63.244.43:445 tcp
NL 217.63.6.253:445 tcp
NL 217.63.8.216:445 tcp
NL 217.63.46.213:445 tcp
NL 217.63.208.203:445 tcp
NL 217.63.253.92:445 tcp
NL 217.63.6.131:445 tcp
NL 217.63.55.183:445 tcp
NL 217.63.62.119:445 tcp
NL 217.63.196.215:445 tcp
NL 217.63.3.139:445 tcp
NL 217.63.8.79:445 tcp
NL 217.63.61.22:445 tcp
NL 217.63.2.48:445 tcp
NL 217.63.40.37:445 tcp
NL 217.63.228.219:445 tcp
NL 217.63.33.237:445 tcp
NL 217.63.238.92:445 tcp
NL 217.63.14.204:445 tcp
NL 217.63.53.136:445 tcp
NL 217.63.15.143:445 tcp
NL 217.63.62.109:445 tcp
NL 217.63.30.75:445 tcp
NL 217.63.43.113:445 tcp
NL 217.63.37.237:445 tcp
NL 217.63.52.33:445 tcp
NL 217.63.248.34:445 tcp
NL 217.63.24.248:445 tcp
NL 217.63.2.70:445 tcp
NL 217.63.32.7:139 tcp
NL 217.63.0.249:139 tcp
NL 217.63.192.202:139 tcp
NL 217.63.51.201:139 tcp
NL 217.63.247.182:139 tcp
NL 217.63.25.58:139 tcp
NL 217.63.193.25:139 tcp
NL 217.63.219.43:139 tcp
NL 217.63.22.232:139 tcp
NL 217.63.36.162:139 tcp
NL 217.63.19.61:139 tcp
NL 217.63.247.103:139 tcp
NL 217.63.193.106:139 tcp
NL 217.63.2.157:139 tcp
NL 217.63.25.51:139 tcp
NL 217.63.85.60:139 tcp
NL 217.63.22.147:139 tcp
NL 217.63.33.39:139 tcp
NL 217.63.23.155:139 tcp
NL 217.63.206.148:139 tcp
NL 217.63.19.18:139 tcp
NL 217.63.241.226:139 tcp
NL 217.63.255.153:139 tcp
NL 217.63.241.254:139 tcp
NL 217.63.235.57:139 tcp
DK 217.63.113.108:139 tcp
NL 217.63.205.98:139 tcp
NL 217.63.23.220:139 tcp
NL 217.63.241.93:139 tcp
NL 217.63.238.244:139 tcp
NL 217.63.254.9:139 tcp
NL 217.63.63.194:139 tcp
NL 217.63.225.243:139 tcp
NL 217.63.244.221:139 tcp
NL 217.63.247.238:139 tcp
NL 217.63.255.78:139 tcp
NL 217.63.253.39:139 tcp
NL 217.63.25.207:139 tcp
NL 217.63.6.83:139 tcp
NL 217.63.27.151:139 tcp
NL 217.63.245.62:139 tcp
NL 217.63.227.207:139 tcp
NL 217.63.3.197:139 tcp
NL 217.63.26.153:139 tcp
NL 217.63.238.194:139 tcp
NL 217.63.33.17:139 tcp
NL 217.63.246.201:139 tcp
NL 217.63.45.87:139 tcp
NL 217.63.66.2:139 tcp
NL 217.63.57.211:139 tcp
NL 217.63.54.102:139 tcp
NL 217.63.32.7:445 tcp
NL 217.63.0.249:445 tcp
NL 217.63.192.202:445 tcp
NL 217.63.51.201:445 tcp
NL 217.63.247.182:445 tcp
NL 217.63.25.58:445 tcp
NL 217.63.193.25:445 tcp
NL 217.63.219.43:445 tcp
NL 217.63.22.232:445 tcp
NL 217.63.36.162:445 tcp
NL 217.63.19.61:445 tcp
NL 217.63.247.103:445 tcp
NL 217.63.193.106:445 tcp
NL 217.63.2.157:445 tcp
NL 217.63.25.51:445 tcp
NL 217.63.85.60:445 tcp
NL 217.63.22.147:445 tcp
NL 217.63.33.39:445 tcp
NL 217.63.23.155:445 tcp
NL 217.63.206.148:445 tcp
NL 217.63.19.18:445 tcp
NL 217.63.241.226:445 tcp
NL 217.63.255.153:445 tcp
NL 217.63.241.254:445 tcp
NL 217.63.235.57:445 tcp
DK 217.63.113.108:445 tcp
NL 217.63.205.98:445 tcp
NL 217.63.23.220:445 tcp
NL 217.63.241.93:445 tcp
NL 217.63.238.244:445 tcp
NL 217.63.254.9:445 tcp
NL 217.63.63.194:445 tcp
NL 217.63.225.243:445 tcp
NL 217.63.244.221:445 tcp
NL 217.63.247.238:445 tcp
NL 217.63.255.78:445 tcp
NL 217.63.253.39:445 tcp
NL 217.63.25.207:445 tcp
NL 217.63.6.83:445 tcp
NL 217.63.27.151:445 tcp
NL 217.63.245.62:445 tcp
NL 217.63.227.207:445 tcp
NL 217.63.3.197:445 tcp
NL 217.63.26.153:445 tcp
NL 217.63.238.194:445 tcp
NL 217.63.33.17:445 tcp
NL 217.63.246.201:445 tcp
NL 217.63.45.87:445 tcp
NL 217.63.66.2:445 tcp
NL 217.63.57.211:445 tcp
NL 217.63.54.102:445 tcp
NL 217.63.196.29:139 tcp
NL 217.63.196.212:139 tcp
NL 217.63.193.36:139 tcp
NL 217.63.51.27:139 tcp
NL 217.63.239.150:139 tcp
NL 217.63.24.153:139 tcp
NL 217.63.46.156:139 tcp
NL 217.63.13.143:139 tcp
NL 217.63.12.56:139 tcp
NL 217.63.52.66:139 tcp
NL 217.63.62.4:139 tcp
NL 217.63.241.46:139 tcp
NL 217.63.28.95:139 tcp
NL 217.63.62.37:139 tcp
NL 217.63.24.56:139 tcp
NL 217.63.24.98:139 tcp
NL 217.63.225.26:139 tcp
NL 217.63.19.67:139 tcp
NL 217.63.214.150:139 tcp
NL 217.63.219.65:139 tcp
NL 217.63.5.248:139 tcp
NL 217.63.39.211:139 tcp
NL 217.63.21.41:139 tcp
NL 217.63.21.139:139 tcp
NL 217.63.77.65:139 tcp
NL 217.63.26.109:139 tcp
NL 217.63.22.31:139 tcp
NL 217.63.34.23:139 tcp
NL 217.63.61.226:139 tcp
NL 217.63.24.27:139 tcp
NL 217.63.197.13:139 tcp
NL 217.63.2.38:139 tcp
NL 217.63.10.39:139 tcp
NL 217.63.235.29:139 tcp
NL 217.63.41.76:139 tcp
NL 217.63.196.201:139 tcp
NL 217.63.48.136:139 tcp
NL 217.63.26.165:139 tcp
NL 217.63.28.55:139 tcp
NL 217.63.196.98:139 tcp
NL 217.63.57.196:139 tcp
NL 217.63.36.83:139 tcp
NL 217.63.219.129:139 tcp
NL 217.63.193.230:139 tcp
NL 217.63.76.90:139 tcp
NL 217.63.15.76:139 tcp
NL 217.63.26.68:139 tcp
DK 217.63.121.25:139 tcp
NL 217.63.242.162:139 tcp
NL 217.63.11.153:139 tcp
NL 217.63.63.52:139 tcp
NL 217.63.246.124:139 tcp
NL 217.63.21.156:139 tcp
NL 217.63.196.29:445 tcp
NL 217.63.196.212:445 tcp
NL 217.63.193.36:445 tcp
NL 217.63.51.27:445 tcp
NL 217.63.239.150:445 tcp
NL 217.63.24.153:445 tcp
NL 217.63.46.156:445 tcp
NL 217.63.13.143:445 tcp
NL 217.63.12.56:445 tcp
NL 217.63.52.66:445 tcp
NL 217.63.62.4:445 tcp
NL 217.63.241.46:445 tcp
NL 217.63.28.95:445 tcp
NL 217.63.62.37:445 tcp
NL 217.63.24.56:445 tcp
NL 217.63.24.98:445 tcp
NL 217.63.225.26:445 tcp
NL 217.63.19.67:445 tcp
NL 217.63.214.150:445 tcp
NL 217.63.219.65:445 tcp
NL 217.63.5.248:445 tcp
NL 217.63.39.211:445 tcp
NL 217.63.21.41:445 tcp
NL 217.63.21.139:445 tcp
NL 217.63.77.65:445 tcp
NL 217.63.26.109:445 tcp
NL 217.63.22.31:445 tcp
NL 217.63.34.23:445 tcp
NL 217.63.61.226:445 tcp
NL 217.63.24.27:445 tcp
NL 217.63.197.13:445 tcp
NL 217.63.2.38:445 tcp
NL 217.63.10.39:445 tcp
NL 217.63.235.29:445 tcp
NL 217.63.41.76:445 tcp
NL 217.63.196.201:445 tcp
NL 217.63.48.136:445 tcp
NL 217.63.26.165:445 tcp
NL 217.63.28.55:445 tcp
NL 217.63.196.98:445 tcp
NL 217.63.57.196:445 tcp
NL 217.63.36.83:445 tcp
NL 217.63.219.129:445 tcp
NL 217.63.193.230:445 tcp
NL 217.63.76.90:445 tcp
NL 217.63.15.76:445 tcp
NL 217.63.26.68:445 tcp
DK 217.63.121.25:445 tcp
NL 217.63.242.162:445 tcp
NL 217.63.11.153:445 tcp
NL 217.63.63.52:445 tcp
NL 217.63.246.124:445 tcp
NL 217.63.21.156:445 tcp
NL 217.63.37.202:139 tcp
NL 217.63.248.175:139 tcp
NL 217.63.201.81:139 tcp
NL 217.63.43.81:139 tcp
NL 217.63.20.174:139 tcp
NL 217.63.37.54:139 tcp
NL 217.63.14.67:139 tcp
NL 217.63.92.198:139 tcp
NL 217.63.43.22:139 tcp
NL 217.63.216.11:139 tcp
NL 217.63.6.15:139 tcp
NL 217.63.241.250:139 tcp
NL 217.63.55.100:139 tcp
NL 217.63.7.56:139 tcp
NL 217.63.11.147:139 tcp
NL 217.63.223.121:139 tcp
NL 217.63.212.223:139 tcp
NL 217.63.239.185:139 tcp
NL 217.63.9.123:139 tcp
NL 217.63.2.160:139 tcp
NL 217.63.220.24:139 tcp
NL 217.63.11.25:139 tcp
NL 217.63.213.13:139 tcp
NL 217.63.43.12:139 tcp
NL 217.63.7.48:139 tcp
NL 217.63.241.191:139 tcp
NL 217.63.4.68:139 tcp
NL 217.63.28.241:139 tcp
NL 217.63.0.189:139 tcp
NL 217.63.253.178:139 tcp
NL 217.63.203.91:139 tcp
NL 217.63.220.234:139 tcp
NL 217.63.8.35:139 tcp
NL 217.63.29.40:139 tcp
NL 217.63.202.1:139 tcp
NL 217.63.54.195:139 tcp
NL 217.63.250.149:139 tcp
NL 217.63.25.176:139 tcp
NL 217.63.222.69:139 tcp
NL 217.63.62.238:139 tcp
NL 217.63.6.202:139 tcp
NL 217.63.53.230:139 tcp
NL 217.63.22.160:139 tcp
NL 217.63.55.15:139 tcp
NL 217.63.47.140:139 tcp
DK 217.63.124.13:139 tcp
NL 217.63.29.141:139 tcp
NL 217.63.215.176:139 tcp
NL 217.63.34.102:139 tcp
NL 217.63.246.254:139 tcp
NL 217.63.208.239:139 tcp
NL 217.63.14.224:139 tcp
NL 217.63.37.202:445 tcp
NL 217.63.248.175:445 tcp
NL 217.63.201.81:445 tcp
NL 217.63.43.81:445 tcp
NL 217.63.20.174:445 tcp
NL 217.63.37.54:445 tcp
NL 217.63.14.67:445 tcp
NL 217.63.92.198:445 tcp
NL 217.63.43.22:445 tcp
NL 217.63.216.11:445 tcp
NL 217.63.6.15:445 tcp
NL 217.63.241.250:445 tcp
NL 217.63.55.100:445 tcp
NL 217.63.7.56:445 tcp
NL 217.63.11.147:445 tcp
NL 217.63.223.121:445 tcp
NL 217.63.212.223:445 tcp
NL 217.63.239.185:445 tcp
NL 217.63.9.123:445 tcp
NL 217.63.2.160:445 tcp
NL 217.63.220.24:445 tcp
NL 217.63.11.25:445 tcp
NL 217.63.213.13:445 tcp
NL 217.63.43.12:445 tcp
NL 217.63.7.48:445 tcp
NL 217.63.241.191:445 tcp
NL 217.63.4.68:445 tcp
NL 217.63.28.241:445 tcp
NL 217.63.0.189:445 tcp
NL 217.63.253.178:445 tcp
NL 217.63.203.91:445 tcp
NL 217.63.220.234:445 tcp
NL 217.63.8.35:445 tcp
NL 217.63.29.40:445 tcp
NL 217.63.202.1:445 tcp
NL 217.63.54.195:445 tcp
NL 217.63.250.149:445 tcp
NL 217.63.25.176:445 tcp
NL 217.63.222.69:445 tcp
NL 217.63.62.238:445 tcp
NL 217.63.6.202:445 tcp
NL 217.63.53.230:445 tcp
NL 217.63.22.160:445 tcp
NL 217.63.55.15:445 tcp
NL 217.63.47.140:445 tcp
DK 217.63.124.13:445 tcp
NL 217.63.29.141:445 tcp
NL 217.63.215.176:445 tcp
NL 217.63.34.102:445 tcp
NL 217.63.246.254:445 tcp
NL 217.63.208.239:445 tcp
NL 217.63.14.224:445 tcp
NL 217.63.203.187:139 tcp
NL 217.63.203.228:139 tcp
NL 217.63.91.231:139 tcp
NL 217.63.14.246:139 tcp
NL 217.63.224.170:139 tcp
NL 217.63.36.188:139 tcp
NL 217.63.10.189:139 tcp
NL 217.63.60.42:139 tcp
NL 217.63.37.213:139 tcp
NL 217.63.214.106:139 tcp
NL 217.63.39.139:139 tcp
NL 217.63.243.48:139 tcp
NL 217.63.211.154:139 tcp
NL 217.63.75.134:139 tcp
NL 217.63.51.195:139 tcp
NL 217.63.227.146:139 tcp
NL 217.63.18.2:139 tcp
NL 217.63.226.152:139 tcp
NL 217.63.247.122:139 tcp
NL 217.63.199.66:139 tcp
NL 217.63.203.2:139 tcp
NL 217.63.214.141:139 tcp
NL 217.63.50.210:139 tcp
NL 217.63.220.179:139 tcp
NL 217.63.220.73:139 tcp
NL 217.63.7.54:139 tcp
NL 217.63.73.234:139 tcp
NL 217.63.24.47:139 tcp
NL 217.63.214.110:139 tcp
NL 217.63.11.55:139 tcp
NL 217.63.210.239:139 tcp
NL 217.63.22.211:139 tcp
NL 217.63.253.219:139 tcp
NL 217.63.3.190:139 tcp
NL 217.63.19.24:139 tcp
NL 217.63.60.96:139 tcp
NL 217.63.41.169:139 tcp
NL 217.63.44.200:139 tcp
NL 217.63.221.144:139 tcp
NL 217.63.18.116:139 tcp
NL 217.63.63.164:139 tcp
NL 217.63.9.23:139 tcp
NL 217.63.7.199:139 tcp
NL 217.63.66.138:139 tcp
NL 217.63.195.88:139 tcp
NL 217.63.39.172:139 tcp
NL 217.63.207.68:139 tcp
NL 217.63.57.207:139 tcp
NL 217.63.242.179:139 tcp
NL 217.63.231.148:139 tcp
NL 217.63.40.191:139 tcp
NL 217.63.238.149:139 tcp
NL 217.63.203.187:445 tcp
NL 217.63.203.228:445 tcp
NL 217.63.91.231:445 tcp
NL 217.63.14.246:445 tcp
NL 217.63.224.170:445 tcp
NL 217.63.36.188:445 tcp
NL 217.63.10.189:445 tcp
NL 217.63.60.42:445 tcp
NL 217.63.37.213:445 tcp
NL 217.63.214.106:445 tcp
NL 217.63.39.139:445 tcp
NL 217.63.243.48:445 tcp
NL 217.63.211.154:445 tcp
NL 217.63.75.134:445 tcp
NL 217.63.51.195:445 tcp
NL 217.63.227.146:445 tcp
NL 217.63.18.2:445 tcp
NL 217.63.226.152:445 tcp
NL 217.63.247.122:445 tcp
NL 217.63.199.66:445 tcp
NL 217.63.203.2:445 tcp
NL 217.63.214.141:445 tcp
NL 217.63.50.210:445 tcp
NL 217.63.220.179:445 tcp
NL 217.63.220.73:445 tcp
NL 217.63.7.54:445 tcp
NL 217.63.73.234:445 tcp
NL 217.63.24.47:445 tcp
NL 217.63.214.110:445 tcp
NL 217.63.11.55:445 tcp
NL 217.63.210.239:445 tcp
NL 217.63.22.211:445 tcp
NL 217.63.253.219:445 tcp
NL 217.63.3.190:445 tcp
NL 217.63.19.24:445 tcp
NL 217.63.60.96:445 tcp
NL 217.63.41.169:445 tcp
NL 217.63.44.200:445 tcp
NL 217.63.221.144:445 tcp
NL 217.63.18.116:445 tcp
NL 217.63.63.164:445 tcp
NL 217.63.9.23:445 tcp
NL 217.63.7.199:445 tcp
NL 217.63.66.138:445 tcp
NL 217.63.195.88:445 tcp
NL 217.63.39.172:445 tcp
NL 217.63.207.68:445 tcp
NL 217.63.57.207:445 tcp
NL 217.63.242.179:445 tcp
NL 217.63.231.148:445 tcp
NL 217.63.40.191:445 tcp
NL 217.63.238.149:445 tcp
NL 217.63.195.34:139 tcp
NL 217.63.220.20:139 tcp
NL 217.63.230.154:139 tcp
NL 217.63.33.34:139 tcp
NL 217.63.207.130:139 tcp
DK 217.63.127.212:139 tcp
NL 217.63.203.94:139 tcp
NL 217.63.238.165:139 tcp
NL 217.63.18.41:139 tcp
NL 217.63.33.121:139 tcp
NL 217.63.6.85:139 tcp
DK 217.63.105.178:139 tcp
NL 217.63.26.224:139 tcp
NL 217.63.6.205:139 tcp
NL 217.63.247.233:139 tcp
NL 217.63.62.52:139 tcp
NL 217.63.203.158:139 tcp
NL 217.63.21.73:139 tcp
NL 217.63.215.186:139 tcp
NL 217.63.198.200:139 tcp
NL 217.63.76.121:139 tcp
NL 217.63.214.171:139 tcp
NL 217.63.6.108:139 tcp
NL 217.63.30.200:139 tcp
NL 217.63.243.1:139 tcp
NL 217.63.0.127:139 tcp
NL 217.63.72.57:139 tcp
NL 217.63.69.102:139 tcp
NL 217.63.32.230:139 tcp
NL 217.63.211.225:139 tcp
NL 217.63.214.91:139 tcp
NL 217.63.196.181:139 tcp
NL 217.63.16.198:139 tcp
NL 217.63.57.175:139 tcp
NL 217.63.216.231:139 tcp
NL 217.63.16.123:139 tcp
NL 217.63.22.202:139 tcp
NL 217.63.223.96:139 tcp
NL 217.63.8.30:139 tcp
NL 217.63.14.17:139 tcp
NL 217.63.12.189:139 tcp
NL 217.63.57.13:139 tcp
NL 217.63.11.52:139 tcp
NL 217.63.239.36:139 tcp
NL 217.63.195.150:139 tcp
NL 217.63.60.246:139 tcp
NL 217.63.25.90:139 tcp
NL 217.63.79.85:139 tcp
DK 217.63.97.17:139 tcp
NL 217.63.40.237:139 tcp
NL 217.63.79.37:139 tcp
NL 217.63.214.64:139 tcp
NL 217.63.195.34:445 tcp
NL 217.63.220.20:445 tcp
NL 217.63.230.154:445 tcp
NL 217.63.33.34:445 tcp
NL 217.63.207.130:445 tcp
DK 217.63.127.212:445 tcp
NL 217.63.203.94:445 tcp
NL 217.63.238.165:445 tcp
NL 217.63.18.41:445 tcp
NL 217.63.33.121:445 tcp
NL 217.63.6.85:445 tcp
DK 217.63.105.178:445 tcp
NL 217.63.26.224:445 tcp
NL 217.63.6.205:445 tcp
NL 217.63.247.233:445 tcp
NL 217.63.62.52:445 tcp
NL 217.63.203.158:445 tcp
NL 217.63.21.73:445 tcp
NL 217.63.215.186:445 tcp
NL 217.63.198.200:445 tcp
NL 217.63.76.121:445 tcp
NL 217.63.214.171:445 tcp
NL 217.63.6.108:445 tcp
NL 217.63.30.200:445 tcp
NL 217.63.243.1:445 tcp
NL 217.63.0.127:445 tcp
NL 217.63.72.57:445 tcp
NL 217.63.69.102:445 tcp
NL 217.63.32.230:445 tcp
NL 217.63.211.225:445 tcp
NL 217.63.214.91:445 tcp
NL 217.63.196.181:445 tcp
NL 217.63.16.198:445 tcp
NL 217.63.57.175:445 tcp
NL 217.63.216.231:445 tcp
NL 217.63.16.123:445 tcp
NL 217.63.22.202:445 tcp
NL 217.63.223.96:445 tcp
NL 217.63.8.30:445 tcp
NL 217.63.14.17:445 tcp
NL 217.63.12.189:445 tcp
NL 217.63.57.13:445 tcp
NL 217.63.11.52:445 tcp
NL 217.63.239.36:445 tcp
NL 217.63.195.150:445 tcp
NL 217.63.60.246:445 tcp
NL 217.63.25.90:445 tcp
NL 217.63.79.85:445 tcp
DK 217.63.97.17:445 tcp
NL 217.63.40.237:445 tcp
NL 217.63.79.37:445 tcp
NL 217.63.214.64:445 tcp
NL 217.63.30.73:139 tcp
NL 217.63.230.5:139 tcp
NL 217.63.6.211:139 tcp
NL 217.63.226.184:139 tcp
NL 217.63.40.54:139 tcp
NL 217.63.250.235:139 tcp
DK 217.63.99.251:139 tcp
NL 217.63.51.18:139 tcp
NL 217.63.198.185:139 tcp
NL 217.63.3.198:139 tcp
NL 217.63.34.136:139 tcp
NL 217.63.0.76:139 tcp
NL 217.63.230.171:139 tcp
NL 217.63.72.181:139 tcp
NL 217.63.58.205:139 tcp
NL 217.63.2.152:139 tcp
NL 217.63.4.7:139 tcp
NL 217.63.20.163:139 tcp
NL 217.63.10.14:139 tcp
NL 217.63.63.144:139 tcp
NL 217.63.8.93:139 tcp
NL 217.63.203.99:139 tcp
NL 217.63.207.135:139 tcp
NL 217.63.8.185:139 tcp
NL 217.63.217.240:139 tcp
NL 217.63.36.61:139 tcp
NL 217.63.24.178:139 tcp
NL 217.63.249.37:139 tcp
NL 217.63.247.183:139 tcp
NL 217.63.79.186:139 tcp
NL 217.63.198.116:139 tcp
NL 217.63.32.3:139 tcp
NL 217.63.202.31:139 tcp
NL 217.63.228.39:139 tcp
NL 217.63.30.244:139 tcp
NL 217.63.241.57:139 tcp
NL 217.63.211.235:139 tcp
DK 217.63.127.134:139 tcp
NL 217.63.44.34:139 tcp
NL 217.63.238.17:139 tcp
NL 217.63.0.162:139 tcp
NL 217.63.226.45:139 tcp
NL 217.63.202.112:139 tcp
NL 217.63.231.111:139 tcp
NL 217.63.7.254:139 tcp
NL 217.63.210.96:139 tcp
NL 217.63.54.7:139 tcp
NL 217.63.20.48:139 tcp
NL 217.63.235.164:139 tcp
NL 217.63.36.235:139 tcp
NL 217.63.195.135:139 tcp
NL 217.63.195.207:139 tcp
NL 217.63.30.73:445 tcp
NL 217.63.230.5:445 tcp
NL 217.63.6.211:445 tcp
NL 217.63.226.184:445 tcp
NL 217.63.40.54:445 tcp
NL 217.63.250.235:445 tcp
DK 217.63.99.251:445 tcp
NL 217.63.51.18:445 tcp
NL 217.63.198.185:445 tcp
NL 217.63.3.198:445 tcp
NL 217.63.34.136:445 tcp
NL 217.63.0.76:445 tcp
NL 217.63.230.171:445 tcp
NL 217.63.72.181:445 tcp
NL 217.63.58.205:445 tcp
NL 217.63.2.152:445 tcp
NL 217.63.4.7:445 tcp
NL 217.63.20.163:445 tcp
NL 217.63.10.14:445 tcp
NL 217.63.63.144:445 tcp
NL 217.63.8.93:445 tcp
NL 217.63.203.99:445 tcp
NL 217.63.207.135:445 tcp
NL 217.63.8.185:445 tcp
NL 217.63.217.240:445 tcp
NL 217.63.36.61:445 tcp
NL 217.63.24.178:445 tcp
NL 217.63.249.37:445 tcp
NL 217.63.247.183:445 tcp
NL 217.63.79.186:445 tcp
NL 217.63.198.116:445 tcp
NL 217.63.32.3:445 tcp
NL 217.63.202.31:445 tcp
NL 217.63.228.39:445 tcp
NL 217.63.30.244:445 tcp
NL 217.63.241.57:445 tcp
NL 217.63.211.235:445 tcp
DK 217.63.127.134:445 tcp
NL 217.63.44.34:445 tcp
NL 217.63.238.17:445 tcp
NL 217.63.0.162:445 tcp
NL 217.63.226.45:445 tcp
NL 217.63.202.112:445 tcp
NL 217.63.231.111:445 tcp
NL 217.63.7.254:445 tcp
NL 217.63.210.96:445 tcp
NL 217.63.54.7:445 tcp
NL 217.63.20.48:445 tcp
NL 217.63.235.164:445 tcp
NL 217.63.36.235:445 tcp
NL 217.63.195.135:445 tcp
NL 217.63.195.207:445 tcp
NL 217.63.29.21:139 tcp
NL 217.63.24.221:139 tcp
NL 217.63.45.49:139 tcp
NL 217.63.52.50:139 tcp
NL 217.63.231.56:139 tcp
NL 217.63.212.206:139 tcp
NL 217.63.43.73:139 tcp
NL 217.63.79.61:139 tcp
NL 217.63.20.54:139 tcp
NL 217.63.30.215:139 tcp
NL 217.63.78.252:139 tcp
NL 217.63.5.9:139 tcp
NL 217.63.37.208:139 tcp
NL 217.63.13.65:139 tcp
NL 217.63.20.143:139 tcp
NL 217.63.38.208:139 tcp
NL 217.63.200.121:139 tcp
NL 217.63.75.86:139 tcp
NL 217.63.214.32:139 tcp
NL 217.63.8.219:139 tcp
NL 217.63.211.90:139 tcp
DK 217.63.103.243:139 tcp
NL 217.63.0.144:139 tcp
NL 217.63.238.192:139 tcp
NL 217.63.204.6:139 tcp
NL 217.63.16.38:139 tcp
NL 217.63.50.16:139 tcp
NL 217.63.210.56:139 tcp
NL 217.63.65.100:139 tcp
NL 217.63.24.80:139 tcp
NL 217.63.63.235:139 tcp
NL 217.63.221.86:139 tcp
NL 217.63.246.217:139 tcp
NL 217.63.15.3:139 tcp
NL 217.63.66.149:139 tcp
NL 217.63.193.244:139 tcp
NL 217.63.244.52:139 tcp
NL 217.63.218.81:139 tcp
NL 217.63.7.200:139 tcp
NL 217.63.56.181:139 tcp
DK 217.63.99.130:139 tcp
NL 217.63.205.176:139 tcp
NL 217.63.9.172:139 tcp
NL 217.63.1.153:139 tcp
DK 217.63.111.101:139 tcp
NL 217.63.20.38:139 tcp
NL 217.63.208.175:139 tcp
NL 217.63.217.38:139 tcp
NL 217.63.221.174:139 tcp
NL 217.63.21.197:139 tcp
NL 217.63.42.205:139 tcp
NL 217.63.29.21:445 tcp
NL 217.63.24.221:445 tcp
NL 217.63.45.49:445 tcp
NL 217.63.52.50:445 tcp
NL 217.63.231.56:445 tcp
NL 217.63.212.206:445 tcp
NL 217.63.43.73:445 tcp
NL 217.63.79.61:445 tcp
NL 217.63.20.54:445 tcp
NL 217.63.30.215:445 tcp
NL 217.63.78.252:445 tcp
NL 217.63.5.9:445 tcp
NL 217.63.37.208:445 tcp
NL 217.63.13.65:445 tcp
NL 217.63.20.143:445 tcp
NL 217.63.38.208:445 tcp
NL 217.63.200.121:445 tcp
NL 217.63.75.86:445 tcp
NL 217.63.214.32:445 tcp
NL 217.63.8.219:445 tcp
NL 217.63.211.90:445 tcp
DK 217.63.103.243:445 tcp
NL 217.63.0.144:445 tcp
NL 217.63.238.192:445 tcp
NL 217.63.204.6:445 tcp
NL 217.63.16.38:445 tcp
NL 217.63.50.16:445 tcp
NL 217.63.210.56:445 tcp
NL 217.63.65.100:445 tcp
NL 217.63.24.80:445 tcp
NL 217.63.63.235:445 tcp
NL 217.63.221.86:445 tcp
NL 217.63.246.217:445 tcp
NL 217.63.15.3:445 tcp
NL 217.63.66.149:445 tcp
NL 217.63.193.244:445 tcp
NL 217.63.244.52:445 tcp
NL 217.63.218.81:445 tcp
NL 217.63.7.200:445 tcp
NL 217.63.56.181:445 tcp
DK 217.63.99.130:445 tcp
NL 217.63.205.176:445 tcp
NL 217.63.9.172:445 tcp
NL 217.63.1.153:445 tcp
DK 217.63.111.101:445 tcp
NL 217.63.20.38:445 tcp
NL 217.63.208.175:445 tcp
NL 217.63.217.38:445 tcp
NL 217.63.221.174:445 tcp
NL 217.63.21.197:445 tcp
NL 217.63.42.205:445 tcp
NL 217.63.8.24:139 tcp
NL 217.63.15.98:139 tcp
NL 217.63.48.23:139 tcp
NL 217.63.229.133:139 tcp
NL 217.63.11.184:139 tcp
NL 217.63.5.104:139 tcp
NL 217.63.193.41:139 tcp
DK 217.63.121.69:139 tcp
NL 217.63.204.170:139 tcp
NL 217.63.59.77:139 tcp
NL 217.63.11.197:139 tcp
NL 217.63.38.229:139 tcp
NL 217.63.198.13:139 tcp
NL 217.63.20.123:139 tcp
NL 217.63.56.148:139 tcp
NL 217.63.25.38:139 tcp
NL 217.63.15.109:139 tcp
NL 217.63.41.246:139 tcp
NL 217.63.1.25:139 tcp
NL 217.63.1.86:139 tcp
NL 217.63.217.248:139 tcp
DK 217.63.107.217:139 tcp
NL 217.63.194.107:139 tcp
NL 217.63.26.149:139 tcp
NL 217.63.218.45:139 tcp
NL 217.63.220.19:139 tcp
NL 217.63.2.224:139 tcp
NL 217.63.207.12:139 tcp
NL 217.63.75.233:139 tcp
NL 217.63.19.64:139 tcp
NL 217.63.64.229:139 tcp
NL 217.63.230.71:139 tcp
NL 217.63.223.75:139 tcp
NL 217.63.25.184:139 tcp
NL 217.63.10.142:139 tcp
NL 217.63.73.30:139 tcp
NL 217.63.55.218:139 tcp
NL 217.63.47.75:139 tcp
NL 217.63.192.90:139 tcp
NL 217.63.201.89:139 tcp
NL 217.63.35.169:139 tcp
NL 217.63.215.78:139 tcp
DK 217.63.106.42:139 tcp
NL 217.63.38.32:139 tcp
NL 217.63.217.3:139 tcp
NL 217.63.39.210:139 tcp
NL 217.63.13.74:139 tcp
NL 217.63.253.42:139 tcp
NL 217.63.28.236:139 tcp
NL 217.63.51.152:139 tcp
NL 217.63.35.19:139 tcp
NL 217.63.23.188:139 tcp
NL 217.63.8.24:445 tcp
NL 217.63.15.98:445 tcp
NL 217.63.48.23:445 tcp
NL 217.63.229.133:445 tcp
NL 217.63.11.184:445 tcp
NL 217.63.5.104:445 tcp
NL 217.63.193.41:445 tcp
DK 217.63.121.69:445 tcp

Files

memory/3024-0-0x0000000000400000-0x0000000000420000-memory.dmp

memory/3024-7-0x0000000000020000-0x000000000003E000-memory.dmp

memory/3024-9-0x0000000000020000-0x000000000003E000-memory.dmp

memory/3024-11-0x0000000000020000-0x000000000003E000-memory.dmp

memory/3024-12-0x0000000000020000-0x000000000003E000-memory.dmp

memory/3024-13-0x0000000000020000-0x000000000003E000-memory.dmp

memory/3024-15-0x0000000000020000-0x000000000003E000-memory.dmp

memory/3024-14-0x0000000000020000-0x000000000003E000-memory.dmp

memory/3024-16-0x0000000000020000-0x000000000003E000-memory.dmp

memory/3024-18-0x0000000000020000-0x000000000003E000-memory.dmp

memory/3024-19-0x0000000000020000-0x000000000003E000-memory.dmp

memory/3024-20-0x0000000000020000-0x000000000003E000-memory.dmp

memory/3024-22-0x0000000000020000-0x000000000003E000-memory.dmp

memory/3024-23-0x0000000000020000-0x000000000003E000-memory.dmp

memory/3024-25-0x0000000000020000-0x000000000003E000-memory.dmp

memory/3024-26-0x0000000000020000-0x000000000003E000-memory.dmp

memory/3024-28-0x0000000000020000-0x000000000003E000-memory.dmp

memory/3024-29-0x0000000000020000-0x000000000003E000-memory.dmp

memory/3024-30-0x0000000000020000-0x000000000003E000-memory.dmp

memory/3024-32-0x0000000000020000-0x000000000003E000-memory.dmp

memory/3024-33-0x0000000000020000-0x000000000003E000-memory.dmp

memory/3024-35-0x0000000000020000-0x000000000003E000-memory.dmp

memory/3024-36-0x0000000000020000-0x000000000003E000-memory.dmp

memory/3024-38-0x0000000000020000-0x000000000003E000-memory.dmp

memory/3024-39-0x0000000000020000-0x000000000003E000-memory.dmp

memory/3024-41-0x0000000000020000-0x000000000003E000-memory.dmp

memory/3024-42-0x0000000000020000-0x000000000003E000-memory.dmp

memory/3024-43-0x0000000000020000-0x000000000003E000-memory.dmp

memory/3024-45-0x0000000000020000-0x000000000003E000-memory.dmp

memory/3024-46-0x0000000000020000-0x000000000003E000-memory.dmp

memory/3024-47-0x0000000000020000-0x000000000003E000-memory.dmp

memory/3024-49-0x0000000000020000-0x000000000003E000-memory.dmp

memory/3024-50-0x0000000000020000-0x000000000003E000-memory.dmp

memory/3024-51-0x0000000000020000-0x000000000003E000-memory.dmp

memory/3024-53-0x0000000000020000-0x000000000003E000-memory.dmp

memory/3024-54-0x0000000000020000-0x000000000003E000-memory.dmp

memory/3024-55-0x0000000000020000-0x000000000003E000-memory.dmp

memory/3024-57-0x0000000000020000-0x000000000003E000-memory.dmp

memory/3024-58-0x0000000000020000-0x000000000003E000-memory.dmp

memory/3024-59-0x0000000000020000-0x000000000003E000-memory.dmp

memory/3024-60-0x0000000000020000-0x000000000003E000-memory.dmp

memory/3024-61-0x0000000000020000-0x000000000003E000-memory.dmp

memory/3024-62-0x0000000000020000-0x000000000003E000-memory.dmp

memory/3024-63-0x0000000000020000-0x000000000003E000-memory.dmp

memory/3024-65-0x0000000000020000-0x000000000003E000-memory.dmp

memory/3024-64-0x0000000000020000-0x000000000003E000-memory.dmp

memory/3024-56-0x0000000000020000-0x000000000003E000-memory.dmp

memory/3024-52-0x0000000000020000-0x000000000003E000-memory.dmp

memory/3024-48-0x0000000000020000-0x000000000003E000-memory.dmp

memory/3024-44-0x0000000000020000-0x000000000003E000-memory.dmp

memory/3024-40-0x0000000000020000-0x000000000003E000-memory.dmp

memory/3024-37-0x0000000000020000-0x000000000003E000-memory.dmp

memory/3024-34-0x0000000000020000-0x000000000003E000-memory.dmp

memory/3024-31-0x0000000000020000-0x000000000003E000-memory.dmp

memory/3024-27-0x0000000000020000-0x000000000003E000-memory.dmp

memory/3024-24-0x0000000000020000-0x000000000003E000-memory.dmp

memory/3024-21-0x0000000000020000-0x000000000003E000-memory.dmp

memory/3024-17-0x0000000000020000-0x000000000003E000-memory.dmp

memory/3024-10-0x0000000000020000-0x000000000003E000-memory.dmp

memory/3024-8-0x0000000000020000-0x000000000003E000-memory.dmp

memory/3024-6-0x0000000000020000-0x000000000003E000-memory.dmp

memory/3024-5-0x0000000000020000-0x000000000003E000-memory.dmp

memory/3024-4-0x0000000000020000-0x000000000003E000-memory.dmp

memory/3024-2-0x0000000000020000-0x000000000003E000-memory.dmp

memory/3024-482-0x0000000000020000-0x000000000003E000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-13 05:25

Reported

2024-06-13 05:27

Platform

win10v2004-20240508-en

Max time kernel

150s

Max time network

52s

Command Line

"C:\Users\Admin\AppData\Local\Temp\b0b39f058a958778b15a5c4589a2938d.exe"

Signatures

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{DC2ECB00-E7D5-97A9-DD30-62AE349BBE9C} C:\Users\Admin\AppData\Local\Temp\b0b39f058a958778b15a5c4589a2938d.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{DC2ECB00-E7D5-97A9-DD30-62AE349BBE9C}\ = "lsthltvbrxtnlzzj" C:\Users\Admin\AppData\Local\Temp\b0b39f058a958778b15a5c4589a2938d.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{DC2ECB00-E7D5-97A9-DD30-62AE349BBE9C}\LocalServer32 C:\Users\Admin\AppData\Local\Temp\b0b39f058a958778b15a5c4589a2938d.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{DC2ECB00-E7D5-97A9-DD30-62AE349BBE9C}\LocalServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\b0b39f058a958778b15a5c4589a2938d.exe" C:\Users\Admin\AppData\Local\Temp\b0b39f058a958778b15a5c4589a2938d.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\b0b39f058a958778b15a5c4589a2938d.exe

"C:\Users\Admin\AppData\Local\Temp\b0b39f058a958778b15a5c4589a2938d.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp

Files

memory/4320-1-0x0000000000420000-0x000000000043E000-memory.dmp

memory/4320-0-0x0000000000400000-0x0000000000420000-memory.dmp

memory/4320-2-0x0000000000420000-0x000000000043E000-memory.dmp

memory/4320-5-0x0000000000420000-0x000000000043E000-memory.dmp

memory/4320-6-0x0000000000420000-0x000000000043E000-memory.dmp

memory/4320-7-0x0000000000420000-0x000000000043E000-memory.dmp

memory/4320-8-0x0000000000420000-0x000000000043E000-memory.dmp

memory/4320-9-0x0000000000420000-0x000000000043E000-memory.dmp

memory/4320-10-0x0000000000420000-0x000000000043E000-memory.dmp

memory/4320-11-0x0000000000420000-0x000000000043E000-memory.dmp

memory/4320-12-0x0000000000420000-0x000000000043E000-memory.dmp

memory/4320-13-0x0000000000420000-0x000000000043E000-memory.dmp

memory/4320-14-0x0000000000420000-0x000000000043E000-memory.dmp

memory/4320-15-0x0000000000420000-0x000000000043E000-memory.dmp

memory/4320-16-0x0000000000420000-0x000000000043E000-memory.dmp

memory/4320-17-0x0000000000420000-0x000000000043E000-memory.dmp

memory/4320-18-0x0000000000420000-0x000000000043E000-memory.dmp

memory/4320-19-0x0000000000420000-0x000000000043E000-memory.dmp

memory/4320-20-0x0000000000420000-0x000000000043E000-memory.dmp

memory/4320-21-0x0000000000420000-0x000000000043E000-memory.dmp

memory/4320-22-0x0000000000420000-0x000000000043E000-memory.dmp

memory/4320-23-0x0000000000420000-0x000000000043E000-memory.dmp

memory/4320-24-0x0000000000420000-0x000000000043E000-memory.dmp

memory/4320-25-0x0000000000420000-0x000000000043E000-memory.dmp

memory/4320-26-0x0000000000420000-0x000000000043E000-memory.dmp

memory/4320-27-0x0000000000420000-0x000000000043E000-memory.dmp

memory/4320-28-0x0000000000420000-0x000000000043E000-memory.dmp

memory/4320-29-0x0000000000420000-0x000000000043E000-memory.dmp

memory/4320-30-0x0000000000420000-0x000000000043E000-memory.dmp

memory/4320-31-0x0000000000420000-0x000000000043E000-memory.dmp

memory/4320-32-0x0000000000420000-0x000000000043E000-memory.dmp

memory/4320-33-0x0000000000420000-0x000000000043E000-memory.dmp

memory/4320-34-0x0000000000420000-0x000000000043E000-memory.dmp

memory/4320-35-0x0000000000420000-0x000000000043E000-memory.dmp

memory/4320-36-0x0000000000420000-0x000000000043E000-memory.dmp

memory/4320-37-0x0000000000420000-0x000000000043E000-memory.dmp

memory/4320-38-0x0000000000420000-0x000000000043E000-memory.dmp

memory/4320-39-0x0000000000420000-0x000000000043E000-memory.dmp

memory/4320-40-0x0000000000420000-0x000000000043E000-memory.dmp

memory/4320-41-0x0000000000420000-0x000000000043E000-memory.dmp

memory/4320-42-0x0000000000420000-0x000000000043E000-memory.dmp

memory/4320-43-0x0000000000420000-0x000000000043E000-memory.dmp

memory/4320-44-0x0000000000420000-0x000000000043E000-memory.dmp

memory/4320-45-0x0000000000420000-0x000000000043E000-memory.dmp

memory/4320-46-0x0000000000420000-0x000000000043E000-memory.dmp

memory/4320-47-0x0000000000420000-0x000000000043E000-memory.dmp

memory/4320-48-0x0000000000420000-0x000000000043E000-memory.dmp

memory/4320-49-0x0000000000420000-0x000000000043E000-memory.dmp

memory/4320-50-0x0000000000420000-0x000000000043E000-memory.dmp

memory/4320-51-0x0000000000420000-0x000000000043E000-memory.dmp

memory/4320-52-0x0000000000420000-0x000000000043E000-memory.dmp

memory/4320-53-0x0000000000420000-0x000000000043E000-memory.dmp

memory/4320-54-0x0000000000420000-0x000000000043E000-memory.dmp

memory/4320-55-0x0000000000420000-0x000000000043E000-memory.dmp

memory/4320-56-0x0000000000420000-0x000000000043E000-memory.dmp

memory/4320-57-0x0000000000420000-0x000000000043E000-memory.dmp

memory/4320-58-0x0000000000420000-0x000000000043E000-memory.dmp

memory/4320-59-0x0000000000420000-0x000000000043E000-memory.dmp

memory/4320-60-0x0000000000420000-0x000000000043E000-memory.dmp

memory/4320-61-0x0000000000420000-0x000000000043E000-memory.dmp

memory/4320-62-0x0000000000420000-0x000000000043E000-memory.dmp

memory/4320-63-0x0000000000420000-0x000000000043E000-memory.dmp

memory/4320-64-0x0000000000420000-0x000000000043E000-memory.dmp

memory/4320-65-0x0000000000420000-0x000000000043E000-memory.dmp

memory/4320-1384-0x0000000000420000-0x000000000043E000-memory.dmp