Analysis Overview
SHA256
d43a11afe04901455f8a2b7d239482092d89dcfa7326df9a4de4ab7e71021331
Threat Level: Known bad
The file 7df0dc2f54f12fac26335242b32dfa60N.exe was found to be: Known bad.
Malicious Activity Summary
Floxif, Floodfix
Detects Floxif payload
Event Triggered Execution: AppInit DLLs
Identifies Wine through registry keys
Loads dropped DLL
Executes dropped EXE
ACProtect 1.3x - 1.4x DLL software
UPX packed file
Checks computer location settings
Enumerates connected drives
Drops file in Program Files directory
Enumerates physical storage devices
Unsigned PE
System Location Discovery: System Language Discovery
Modifies Internet Explorer settings
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Suspicious use of SendNotifyMessage
Suspicious use of FindShellTrayWindow
Suspicious behavior: GetForegroundWindowSpam
Checks SCSI registry key(s)
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-08-16 04:58
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-08-16 04:58
Reported
2024-08-16 05:00
Platform
win7-20240705-en
Max time kernel
118s
Max time network
119s
Command Line
Signatures
Floxif, Floodfix
Detects Floxif payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
ACProtect 1.3x - 1.4x DLL software
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\7df0dc2f54f12fac26335242b32dfa60N.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\7df0dc2f54f12fac26335242b32dfa60N.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\7df0dc2f54f12fac26335242b32dfa60N.exe | N/A |
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Enumerates connected drives
| Description | Indicator | Process | Target |
| File opened (read-only) | \??\e: | C:\Users\Admin\AppData\Local\Temp\7df0dc2f54f12fac26335242b32dfa60N.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files\Common Files\System\symsrv.dll | C:\Users\Admin\AppData\Local\Temp\7df0dc2f54f12fac26335242b32dfa60N.exe | N/A |
| File created | \??\c:\program files\common files\system\symsrv.dll.000 | C:\Users\Admin\AppData\Local\Temp\7df0dc2f54f12fac26335242b32dfa60N.exe | N/A |
Enumerates physical storage devices
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\7df0dc2f54f12fac26335242b32dfa60N.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\7df0dc2f54f12fac26335242b32dfa60N.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\7df0dc2f54f12fac26335242b32dfa60N.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\7df0dc2f54f12fac26335242b32dfa60N.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\7df0dc2f54f12fac26335242b32dfa60N.exe | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2672 wrote to memory of 2392 | N/A | C:\Users\Admin\AppData\Local\Temp\7df0dc2f54f12fac26335242b32dfa60N.exe | C:\Users\Admin\AppData\Local\Temp\7df0dc2f54f12fac26335242b32dfa60N.exe |
| PID 2672 wrote to memory of 2392 | N/A | C:\Users\Admin\AppData\Local\Temp\7df0dc2f54f12fac26335242b32dfa60N.exe | C:\Users\Admin\AppData\Local\Temp\7df0dc2f54f12fac26335242b32dfa60N.exe |
| PID 2672 wrote to memory of 2392 | N/A | C:\Users\Admin\AppData\Local\Temp\7df0dc2f54f12fac26335242b32dfa60N.exe | C:\Users\Admin\AppData\Local\Temp\7df0dc2f54f12fac26335242b32dfa60N.exe |
| PID 2672 wrote to memory of 2392 | N/A | C:\Users\Admin\AppData\Local\Temp\7df0dc2f54f12fac26335242b32dfa60N.exe | C:\Users\Admin\AppData\Local\Temp\7df0dc2f54f12fac26335242b32dfa60N.exe |
Processes
C:\Users\Admin\AppData\Local\Temp\7df0dc2f54f12fac26335242b32dfa60N.exe
"C:\Users\Admin\AppData\Local\Temp\7df0dc2f54f12fac26335242b32dfa60N.exe"
C:\Users\Admin\AppData\Local\Temp\7df0dc2f54f12fac26335242b32dfa60N.exe
"C:\Users\Admin\AppData\Local\Temp\7df0dc2f54f12fac26335242b32dfa60N.exe" -sfxwaitall:0 "uTorrent.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 5isohu.com | udp |
| US | 8.8.8.8:53 | www.aieov.com | udp |
| US | 173.255.194.134:80 | www.aieov.com | tcp |
Files
\Program Files\Common Files\System\symsrv.dll
| MD5 | 7574cf2c64f35161ab1292e2f532aabf |
| SHA1 | 14ba3fa927a06224dfe587014299e834def4644f |
| SHA256 | de055a89de246e629a8694bde18af2b1605e4b9b493c7e4aef669dd67acf5085 |
| SHA512 | 4db19f2d8d5bc1c7bbb812d3fa9c43b80fa22140b346d2760f090b73aed8a5177edb4bddc647a6ebd5a2db8565be5a1a36a602b0d759e38540d9a584ba5896ab |
memory/2672-3-0x0000000010000000-0x0000000010030000-memory.dmp
memory/2672-5-0x0000000000413000-0x0000000000414000-memory.dmp
memory/2392-25-0x0000000010000000-0x0000000010030000-memory.dmp
memory/2392-26-0x0000000000400000-0x00000000004A3000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\uTorrent.exe
| MD5 | bfefeac4bc2447bfda3ab718200db2e9 |
| SHA1 | 49aa1da5becb748d974c71673ec497d8e63ad6b6 |
| SHA256 | 1f39d582ff6e6ab4af6c377670c9e8c2b1859f0c2484b1cd9c28629c652161dd |
| SHA512 | 8b9f30417d78f4c999c63932ea57ad12660dfd59d4fc1d0e323e7af99025761fcf1a072387d3c8b5ce61599a8f94611f8c8831fd180e7d426a3a0d36478b616a |
memory/2392-33-0x0000000000400000-0x00000000004A3000-memory.dmp
memory/2392-32-0x0000000010000000-0x0000000010030000-memory.dmp
\Users\Admin\AppData\Local\Temp\7ZipSfx.000\uTorrent.exe.tmp
| MD5 | cfe11bbaa805096f9c929d82bafea2bf |
| SHA1 | 58e7e8fc84b5fd6f6edeb055f39b8a36bea54ad2 |
| SHA256 | 0d552373e1aa3b38b946caf57443dd565750870ac7c4da1b8b3034ce428a6e5c |
| SHA512 | 0ec3e5cd649256f9d6b580d28e35c1359f855d096f446113f5fdda0c6b0388f02a52cc1a39c5bac099dbfb2093f31aa7cf553b1bad071ab216cf35d7c4154496 |
C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\main.ico
| MD5 | b80acc761c7b6e79f07c025428ae1bba |
| SHA1 | 05644594a68db487be3f568737a34f72f6043ac9 |
| SHA256 | 16084d4d50747faa7fd27d255fc10d6694e451cb57643fed369251930e09f618 |
| SHA512 | 92c689f2121e59a19873ffb6be5bd96a6d33a0e36af8ee654d5524ea6bc750858c764df70e9c05b3c49f9dfaa5bd3064a24dd6c8adf387e74d2b3917b200d501 |
memory/2672-52-0x0000000010000000-0x0000000010030000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2024-08-16 04:58
Reported
2024-08-16 05:00
Platform
win10v2004-20240802-en
Max time kernel
116s
Max time network
119s
Command Line
Signatures
Floxif, Floodfix
Detects Floxif payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Event Triggered Execution: AppInit DLLs
ACProtect 1.3x - 1.4x DLL software
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\7df0dc2f54f12fac26335242b32dfa60N.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\uTorrent.exe | N/A |
Identifies Wine through registry keys
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\Software\WOW6432Node\Wine | C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\uTorrent.exe | N/A |
| Key opened | \REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000\Software\Wine | C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\uTorrent.exe | N/A |
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\7df0dc2f54f12fac26335242b32dfa60N.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\7df0dc2f54f12fac26335242b32dfa60N.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\uTorrent.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\DllHost.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\7df0dc2f54f12fac26335242b32dfa60N.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\7df0dc2f54f12fac26335242b32dfa60N.exe | N/A |
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Enumerates connected drives
| Description | Indicator | Process | Target |
| File opened (read-only) | \??\e: | C:\Users\Admin\AppData\Local\Temp\7df0dc2f54f12fac26335242b32dfa60N.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | \??\c:\program files\common files\system\symsrv.dll.000 | C:\Users\Admin\AppData\Local\Temp\7df0dc2f54f12fac26335242b32dfa60N.exe | N/A |
| File created | C:\Program Files\Common Files\System\symsrv.dll | C:\Users\Admin\AppData\Local\Temp\7df0dc2f54f12fac26335242b32dfa60N.exe | N/A |
Enumerates physical storage devices
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\7df0dc2f54f12fac26335242b32dfa60N.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\7df0dc2f54f12fac26335242b32dfa60N.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\uTorrent.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\DllHost.exe | N/A |
Checks SCSI registry key(s)
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000 | C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\uTorrent.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\FriendlyName | C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\uTorrent.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000 | C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\uTorrent.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\FriendlyName | C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\uTorrent.exe | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\utorrentie.exe = "11000" | C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\uTorrent.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SCRIPTURL_MITIGATION | C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\uTorrent.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SCRIPTURL_MITIGATION\utorrentie.exe = "1" | C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\uTorrent.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_CROSS_DOMAIN_REDIRECT_MITIGATION | C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\uTorrent.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_CROSS_DOMAIN_REDIRECT_MITIGATION\utorrentie.exe = "0" | C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\uTorrent.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION | C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\uTorrent.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\uTorrent.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\7df0dc2f54f12fac26335242b32dfa60N.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\7df0dc2f54f12fac26335242b32dfa60N.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\uTorrent.exe | N/A |
| Token: SeManageVolumePrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\uTorrent.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\SysWOW64\DllHost.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\uTorrent.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\uTorrent.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\uTorrent.exe | N/A |
Suspicious use of SendNotifyMessage
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\uTorrent.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\uTorrent.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\uTorrent.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\7df0dc2f54f12fac26335242b32dfa60N.exe
"C:\Users\Admin\AppData\Local\Temp\7df0dc2f54f12fac26335242b32dfa60N.exe"
C:\Users\Admin\AppData\Local\Temp\7df0dc2f54f12fac26335242b32dfa60N.exe
"C:\Users\Admin\AppData\Local\Temp\7df0dc2f54f12fac26335242b32dfa60N.exe" -sfxwaitall:0 "uTorrent.exe"
C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\uTorrent.exe
"C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\uTorrent.exe"
C:\Windows\SysWOW64\DllHost.exe
C:\Windows\SysWOW64\DllHost.exe /Processid:{E2B3C97F-6AE1-41AC-817A-F6F92166D7DD}
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.150.49.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.214.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 71.31.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | router.bittorrent.com | udp |
| US | 8.8.8.8:53 | router.utorrent.com | udp |
| US | 8.8.8.8:53 | 5isohu.com | udp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 13.107.21.237:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | www.aieov.com | udp |
| US | 198.58.118.167:80 | www.aieov.com | tcp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 237.21.107.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 167.118.58.198.in-addr.arpa | udp |
| US | 8.8.8.8:53 | i-21.b-46036.ut.bench.utorrent.com | udp |
| US | 52.3.106.130:80 | i-21.b-46036.ut.bench.utorrent.com | tcp |
| N/A | 10.127.0.1:5351 | udp | |
| US | 8.8.8.8:53 | 88.156.103.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 130.106.3.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | rutor.info | udp |
| US | 67.215.246.10:6881 | router.bittorrent.com | udp |
| IS | 82.221.103.244:6881 | router.utorrent.com | udp |
| RO | 193.46.255.29:80 | rutor.info | tcp |
| US | 8.8.8.8:53 | nnm-club.me | udp |
| US | 8.8.8.8:53 | i-67.b-46036.ut.bench.utorrent.com | udp |
| US | 44.220.102.186:80 | i-67.b-46036.ut.bench.utorrent.com | tcp |
| US | 8.8.8.8:53 | i-29.b-46036.ut.bench.utorrent.com | udp |
| US | 44.220.102.186:80 | i-29.b-46036.ut.bench.utorrent.com | tcp |
| US | 8.8.8.8:53 | 10.246.215.67.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 244.103.221.82.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 29.255.46.193.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 186.102.220.44.in-addr.arpa | udp |
| US | 44.220.102.186:80 | i-29.b-46036.ut.bench.utorrent.com | tcp |
| US | 8.8.8.8:53 | i-32.b-46036.ut.bench.utorrent.com | udp |
| US | 44.220.102.186:80 | i-32.b-46036.ut.bench.utorrent.com | tcp |
| US | 8.8.8.8:53 | i-49.b-46036.ut.bench.utorrent.com | udp |
| US | 44.212.239.146:80 | i-49.b-46036.ut.bench.utorrent.com | tcp |
| US | 198.58.118.167:80 | www.aieov.com | tcp |
| US | 8.8.8.8:53 | 146.239.212.44.in-addr.arpa | udp |
| N/A | 10.127.0.170:31768 | tcp | |
| US | 8.8.8.8:53 | 5isohu.com | udp |
| US | 8.8.8.8:53 | nnm-club.me | udp |
| US | 198.58.118.167:80 | www.aieov.com | tcp |
| US | 8.8.8.8:53 | rutracker.org | udp |
| US | 8.8.8.8:53 | 5isohu.com | udp |
| US | 104.21.32.39:443 | rutracker.org | tcp |
| US | 8.8.8.8:53 | rustorka.com | udp |
| US | 104.21.52.252:443 | rustorka.com | tcp |
| US | 8.8.8.8:53 | www.lostfilm.tv | udp |
| US | 172.67.161.94:80 | www.lostfilm.tv | tcp |
| US | 104.21.9.225:443 | www.lostfilm.tv | tcp |
| US | 172.67.161.94:443 | www.lostfilm.tv | tcp |
| US | 8.8.8.8:53 | 39.32.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 252.52.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 94.161.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 225.9.21.104.in-addr.arpa | udp |
| US | 198.58.118.167:80 | www.aieov.com | tcp |
| US | 8.8.8.8:53 | 5isohu.com | udp |
| US | 198.58.118.167:80 | www.aieov.com | tcp |
| US | 104.21.9.225:443 | www.lostfilm.tv | tcp |
| US | 8.8.8.8:53 | 5isohu.com | udp |
| US | 198.58.118.167:80 | www.aieov.com | tcp |
| US | 8.8.8.8:53 | 86.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.31.95.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | i-29.b-46036.ut.bench.utorrent.com | udp |
| US | 52.6.182.227:80 | i-29.b-46036.ut.bench.utorrent.com | tcp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | i-139.b-46036.ut.bench.utorrent.com | udp |
| US | 52.71.66.144:80 | i-139.b-46036.ut.bench.utorrent.com | tcp |
| US | 44.220.102.186:80 | i-29.b-46036.ut.bench.utorrent.com | tcp |
| US | 8.8.8.8:53 | i-43.b-46036.ut.bench.utorrent.com | udp |
| US | 44.212.239.146:80 | i-43.b-46036.ut.bench.utorrent.com | tcp |
| US | 8.8.8.8:53 | 227.182.6.52.in-addr.arpa | udp |
| US | 44.212.239.146:80 | i-43.b-46036.ut.bench.utorrent.com | tcp |
| US | 44.212.239.146:80 | i-43.b-46036.ut.bench.utorrent.com | tcp |
| US | 44.212.239.146:80 | i-43.b-46036.ut.bench.utorrent.com | tcp |
| US | 8.8.8.8:53 | 144.66.71.52.in-addr.arpa | udp |
| US | 44.212.239.146:80 | i-43.b-46036.ut.bench.utorrent.com | tcp |
| US | 172.67.161.94:443 | www.lostfilm.tv | tcp |
| US | 104.21.9.225:443 | www.lostfilm.tv | tcp |
| US | 8.8.8.8:53 | 81.144.22.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 57.169.31.20.in-addr.arpa | udp |
| US | 172.67.161.94:443 | www.lostfilm.tv | tcp |
| US | 104.21.9.225:443 | www.lostfilm.tv | tcp |
| US | 8.8.8.8:53 | 14.227.111.52.in-addr.arpa | udp |
| US | 172.67.161.94:443 | www.lostfilm.tv | tcp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 172.67.161.94:443 | www.lostfilm.tv | tcp |
Files
C:\Program Files\Common Files\System\symsrv.dll
| MD5 | 7574cf2c64f35161ab1292e2f532aabf |
| SHA1 | 14ba3fa927a06224dfe587014299e834def4644f |
| SHA256 | de055a89de246e629a8694bde18af2b1605e4b9b493c7e4aef669dd67acf5085 |
| SHA512 | 4db19f2d8d5bc1c7bbb812d3fa9c43b80fa22140b346d2760f090b73aed8a5177edb4bddc647a6ebd5a2db8565be5a1a36a602b0d759e38540d9a584ba5896ab |
memory/2464-3-0x0000000010000000-0x0000000010030000-memory.dmp
memory/2464-5-0x0000000000413000-0x0000000000414000-memory.dmp
memory/1220-25-0x0000000010000000-0x0000000010030000-memory.dmp
memory/1220-26-0x0000000000400000-0x00000000004A3000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\uTorrent.exe
| MD5 | bfefeac4bc2447bfda3ab718200db2e9 |
| SHA1 | 49aa1da5becb748d974c71673ec497d8e63ad6b6 |
| SHA256 | 1f39d582ff6e6ab4af6c377670c9e8c2b1859f0c2484b1cd9c28629c652161dd |
| SHA512 | 8b9f30417d78f4c999c63932ea57ad12660dfd59d4fc1d0e323e7af99025761fcf1a072387d3c8b5ce61599a8f94611f8c8831fd180e7d426a3a0d36478b616a |
memory/2468-29-0x0000000000400000-0x00000000008C5000-memory.dmp
memory/2468-31-0x0000000010000000-0x0000000010030000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\utorrent.lng
| MD5 | 80e85e634b7772686655f1be930da07d |
| SHA1 | 33327e9006450eac668bb72653f886ac304b1fed |
| SHA256 | 7b879aa4253676a4d7cb3f5d5dd1af93f8d2756276de72130aec06fe96828ed5 |
| SHA512 | e2df3e2f41c5410642f0cc91052b9e016ffde7755a5fca6f2b17640446260e5f4953f564e6b2de20e74632078d87de47b3d4fec34e3ecca7fa1475cec8ae3270 |
C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\settings.dat
| MD5 | f00cf69026cdd8814dcf5ebd6bf98e61 |
| SHA1 | d289c2c572365bedfa65a0b2353fde62a7d0b992 |
| SHA256 | 06c24a74717ec408eb31bf2093a6464b705e98f1612be94d7190f689a4c2a5d6 |
| SHA512 | 934356a38f75947efa9676aa62af8f18a7a9af933745503abfd00e23c25c929ccd21a05220e50e3df9c01e449f2f0876f451cb183e862048a1cf509608261372 |
memory/2464-42-0x0000000000400000-0x00000000004A3000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\main.ico
| MD5 | b80acc761c7b6e79f07c025428ae1bba |
| SHA1 | 05644594a68db487be3f568737a34f72f6043ac9 |
| SHA256 | 16084d4d50747faa7fd27d255fc10d6694e451cb57643fed369251930e09f618 |
| SHA512 | 92c689f2121e59a19873ffb6be5bd96a6d33a0e36af8ee654d5524ea6bc750858c764df70e9c05b3c49f9dfaa5bd3064a24dd6c8adf387e74d2b3917b200d501 |
C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\settings.dat.old
| MD5 | a00887193f782ab83b95932ec9619a2b |
| SHA1 | f72d94132457fcce698cdacb0d4b5a8c65ad58c3 |
| SHA256 | a859f113d96260ff49a11116100d0fbdd94c42a10d55edb97a3e5416692873c3 |
| SHA512 | 87cf951bed3b8f7a228465757245e0278f86d7cebef43025049d6e21ec219063a46e5bbc818dc87a06bbada5601552f4224059a02c9c9df1633434a310809dcb |
C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\settings.dat.old
| MD5 | 811f95788c2adf81550993112462bd12 |
| SHA1 | 0b43783f1f16108380e07b149b2867154f9527ff |
| SHA256 | d3f91a5d1ff104d11589267052bf9e2e99a1ca3cb46be2e8386b609be3998a20 |
| SHA512 | b1570c7c8baaec83071652229de07924bf8a853aa85b76e5a41151e885b2cb941526067b6db0722245268cd245e66c9fb769231808516e104c18e5b735584cc3 |
memory/1436-56-0x0000000010000000-0x0000000010030000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\flags.conf
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\uTorrent.exe.tmp
| MD5 | 80c9538a4006b339d2c06f88e694375a |
| SHA1 | 8b860d10e831bde2a080fe625fe86cf2587f1c38 |
| SHA256 | 206cf28be24450802a5ebdabca75356a8e77fed45e84574adb1f515ebe7abb63 |
| SHA512 | 47f386a3cfb5c7d876038d6e968593d58193d3d3c6136c7740ab2de9e540efe068d6d0431c862ed2f7805a688fac2b7acdecd51d663748f85bc4f57b677f3434 |
memory/2464-69-0x0000000010000000-0x0000000010030000-memory.dmp
memory/1436-72-0x0000000010000000-0x0000000010030000-memory.dmp
memory/1220-73-0x0000000010000000-0x0000000010030000-memory.dmp
memory/1220-74-0x0000000000400000-0x00000000004A3000-memory.dmp
memory/2464-75-0x0000000010000000-0x0000000010030000-memory.dmp
memory/2468-76-0x0000000010000000-0x0000000010030000-memory.dmp
memory/2464-85-0x0000000010000000-0x0000000010030000-memory.dmp
C:\Program Files\Common Files\System\symsrv.dll.000
| MD5 | 1130c911bf5db4b8f7cf9b6f4b457623 |
| SHA1 | 48e734c4bc1a8b5399bff4954e54b268bde9d54c |
| SHA256 | eba08cc8182f379392a97f542b350ea0dbbe5e4009472f35af20e3d857eafdf1 |
| SHA512 | 94e2511ef2c53494c2aff0960266491ffc0e54e75185427d1ccedae27c286992c754ca94cbb0c9ea36e3f04cd4eb7f032c551cf2d4b309f292906303f1a75fa0 |
memory/2464-93-0x0000000010000000-0x0000000010030000-memory.dmp
memory/2464-112-0x0000000010000000-0x0000000010030000-memory.dmp