Analysis Overview
SHA256
dc892eea399a446647ddba9a51df8e2f4b99b11cfc2377b9833c9a4069015e61
Threat Level: Known bad
The file dc892eea399a446647ddba9a51df8e2f4b99b11cfc2377b9833c9a4069015e61 was found to be: Known bad.
Malicious Activity Summary
Amadey
Identifies VirtualBox via ACPI registry values (likely anti-VM)
Checks BIOS information in registry
Executes dropped EXE
Identifies Wine through registry keys
Loads dropped DLL
Suspicious use of NtSetInformationThreadHideFromDebugger
Drops file in Windows directory
Unsigned PE
System Location Discovery: System Language Discovery
Enumerates physical storage devices
Suspicious use of WriteProcessMemory
Suspicious use of FindShellTrayWindow
Suspicious behavior: EnumeratesProcesses
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-09-26 23:15
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-09-26 23:15
Reported
2024-09-26 23:20
Platform
win7-20240704-en
Max time kernel
291s
Max time network
259s
Command Line
Signatures
Amadey
Identifies VirtualBox via ACPI registry values (likely anti-VM)
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ | C:\Users\Admin\AppData\Local\Temp\dc892eea399a446647ddba9a51df8e2f4b99b11cfc2377b9833c9a4069015e61.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ | C:\Users\Admin\AppData\Local\Temp\44111dbc49\axplong.exe | N/A |
Checks BIOS information in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\AppData\Local\Temp\44111dbc49\axplong.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion | C:\Users\Admin\AppData\Local\Temp\44111dbc49\axplong.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\AppData\Local\Temp\dc892eea399a446647ddba9a51df8e2f4b99b11cfc2377b9833c9a4069015e61.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion | C:\Users\Admin\AppData\Local\Temp\dc892eea399a446647ddba9a51df8e2f4b99b11cfc2377b9833c9a4069015e61.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\44111dbc49\axplong.exe | N/A |
Identifies Wine through registry keys
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Wine | C:\Users\Admin\AppData\Local\Temp\dc892eea399a446647ddba9a51df8e2f4b99b11cfc2377b9833c9a4069015e61.exe | N/A |
| Key opened | \REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Wine | C:\Users\Admin\AppData\Local\Temp\44111dbc49\axplong.exe | N/A |
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\dc892eea399a446647ddba9a51df8e2f4b99b11cfc2377b9833c9a4069015e61.exe | N/A |
Suspicious use of NtSetInformationThreadHideFromDebugger
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\dc892eea399a446647ddba9a51df8e2f4b99b11cfc2377b9833c9a4069015e61.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\44111dbc49\axplong.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\Tasks\axplong.job | C:\Users\Admin\AppData\Local\Temp\dc892eea399a446647ddba9a51df8e2f4b99b11cfc2377b9833c9a4069015e61.exe | N/A |
Enumerates physical storage devices
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\dc892eea399a446647ddba9a51df8e2f4b99b11cfc2377b9833c9a4069015e61.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\44111dbc49\axplong.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\dc892eea399a446647ddba9a51df8e2f4b99b11cfc2377b9833c9a4069015e61.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\44111dbc49\axplong.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\dc892eea399a446647ddba9a51df8e2f4b99b11cfc2377b9833c9a4069015e61.exe | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 1280 wrote to memory of 2716 | N/A | C:\Users\Admin\AppData\Local\Temp\dc892eea399a446647ddba9a51df8e2f4b99b11cfc2377b9833c9a4069015e61.exe | C:\Users\Admin\AppData\Local\Temp\44111dbc49\axplong.exe |
| PID 1280 wrote to memory of 2716 | N/A | C:\Users\Admin\AppData\Local\Temp\dc892eea399a446647ddba9a51df8e2f4b99b11cfc2377b9833c9a4069015e61.exe | C:\Users\Admin\AppData\Local\Temp\44111dbc49\axplong.exe |
| PID 1280 wrote to memory of 2716 | N/A | C:\Users\Admin\AppData\Local\Temp\dc892eea399a446647ddba9a51df8e2f4b99b11cfc2377b9833c9a4069015e61.exe | C:\Users\Admin\AppData\Local\Temp\44111dbc49\axplong.exe |
| PID 1280 wrote to memory of 2716 | N/A | C:\Users\Admin\AppData\Local\Temp\dc892eea399a446647ddba9a51df8e2f4b99b11cfc2377b9833c9a4069015e61.exe | C:\Users\Admin\AppData\Local\Temp\44111dbc49\axplong.exe |
Processes
C:\Users\Admin\AppData\Local\Temp\dc892eea399a446647ddba9a51df8e2f4b99b11cfc2377b9833c9a4069015e61.exe
"C:\Users\Admin\AppData\Local\Temp\dc892eea399a446647ddba9a51df8e2f4b99b11cfc2377b9833c9a4069015e61.exe"
C:\Users\Admin\AppData\Local\Temp\44111dbc49\axplong.exe
"C:\Users\Admin\AppData\Local\Temp\44111dbc49\axplong.exe"
Network
| Country | Destination | Domain | Proto |
| RU | 185.215.113.16:80 | 185.215.113.16 | tcp |
| RU | 185.215.113.16:80 | 185.215.113.16 | tcp |
Files
memory/1280-0-0x0000000001280000-0x000000000171F000-memory.dmp
memory/1280-1-0x0000000076EA0000-0x0000000076EA2000-memory.dmp
memory/1280-2-0x0000000001281000-0x00000000012AF000-memory.dmp
memory/1280-3-0x0000000001280000-0x000000000171F000-memory.dmp
memory/1280-4-0x0000000001280000-0x000000000171F000-memory.dmp
memory/1280-5-0x0000000001280000-0x000000000171F000-memory.dmp
\Users\Admin\AppData\Local\Temp\44111dbc49\axplong.exe
| MD5 | 42fe94b0488e8662b02a748c8d274462 |
| SHA1 | b5e12eb503c727613d9645b67f444ee10c2668af |
| SHA256 | dc892eea399a446647ddba9a51df8e2f4b99b11cfc2377b9833c9a4069015e61 |
| SHA512 | db59de15dc0ffbdf865aec06c02e2c5c698a9c83364e553019764bbc55891acb88850ee78b99ddd8147beb8df1f33ec5b0cdc5fc18ca39ccd7c647d4b31aa45a |
memory/1280-15-0x0000000001280000-0x000000000171F000-memory.dmp
memory/2716-17-0x0000000000E80000-0x000000000131F000-memory.dmp
memory/2716-18-0x0000000000E80000-0x000000000131F000-memory.dmp
memory/2716-19-0x0000000000E80000-0x000000000131F000-memory.dmp
memory/2716-22-0x0000000000E80000-0x000000000131F000-memory.dmp
memory/2716-21-0x0000000000E80000-0x000000000131F000-memory.dmp
memory/1280-23-0x0000000001280000-0x000000000171F000-memory.dmp
memory/2716-24-0x0000000000E80000-0x000000000131F000-memory.dmp
memory/2716-26-0x0000000000E80000-0x000000000131F000-memory.dmp
memory/2716-27-0x0000000000E80000-0x000000000131F000-memory.dmp
memory/2716-28-0x0000000000E80000-0x000000000131F000-memory.dmp
memory/2716-29-0x0000000000E80000-0x000000000131F000-memory.dmp
memory/2716-30-0x0000000000E80000-0x000000000131F000-memory.dmp
memory/2716-31-0x0000000000E80000-0x000000000131F000-memory.dmp
memory/2716-32-0x0000000000E80000-0x000000000131F000-memory.dmp
memory/2716-33-0x0000000000E80000-0x000000000131F000-memory.dmp
memory/2716-34-0x0000000000E80000-0x000000000131F000-memory.dmp
memory/2716-35-0x0000000000E80000-0x000000000131F000-memory.dmp
memory/2716-36-0x0000000000E80000-0x000000000131F000-memory.dmp
memory/2716-37-0x0000000000E80000-0x000000000131F000-memory.dmp
memory/2716-38-0x0000000000E80000-0x000000000131F000-memory.dmp
memory/2716-39-0x0000000000E80000-0x000000000131F000-memory.dmp
memory/2716-40-0x0000000000E80000-0x000000000131F000-memory.dmp
memory/2716-41-0x0000000000E80000-0x000000000131F000-memory.dmp
memory/2716-42-0x0000000000E80000-0x000000000131F000-memory.dmp
memory/2716-43-0x0000000000E80000-0x000000000131F000-memory.dmp
memory/2716-44-0x0000000000E80000-0x000000000131F000-memory.dmp
memory/2716-45-0x0000000000E80000-0x000000000131F000-memory.dmp
memory/2716-46-0x0000000000E80000-0x000000000131F000-memory.dmp
memory/2716-47-0x0000000000E80000-0x000000000131F000-memory.dmp
memory/2716-48-0x0000000000E80000-0x000000000131F000-memory.dmp
memory/2716-49-0x0000000000E80000-0x000000000131F000-memory.dmp
memory/2716-50-0x0000000000E80000-0x000000000131F000-memory.dmp
memory/2716-51-0x0000000000E80000-0x000000000131F000-memory.dmp
memory/2716-52-0x0000000000E80000-0x000000000131F000-memory.dmp
memory/2716-53-0x0000000000E80000-0x000000000131F000-memory.dmp
memory/2716-54-0x0000000000E80000-0x000000000131F000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2024-09-26 23:15
Reported
2024-09-26 23:20
Platform
win10-20240404-en
Max time kernel
292s
Max time network
262s
Command Line
Signatures
Amadey
Identifies VirtualBox via ACPI registry values (likely anti-VM)
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ | C:\Users\Admin\AppData\Local\Temp\44111dbc49\axplong.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ | C:\Users\Admin\AppData\Local\Temp\44111dbc49\axplong.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ | C:\Users\Admin\AppData\Local\Temp\44111dbc49\axplong.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ | C:\Users\Admin\AppData\Local\Temp\dc892eea399a446647ddba9a51df8e2f4b99b11cfc2377b9833c9a4069015e61.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ | C:\Users\Admin\AppData\Local\Temp\44111dbc49\axplong.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ | C:\Users\Admin\AppData\Local\Temp\44111dbc49\axplong.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ | C:\Users\Admin\AppData\Local\Temp\44111dbc49\axplong.exe | N/A |
Checks BIOS information in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\AppData\Local\Temp\dc892eea399a446647ddba9a51df8e2f4b99b11cfc2377b9833c9a4069015e61.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\AppData\Local\Temp\44111dbc49\axplong.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\AppData\Local\Temp\44111dbc49\axplong.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\AppData\Local\Temp\44111dbc49\axplong.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\AppData\Local\Temp\44111dbc49\axplong.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\AppData\Local\Temp\44111dbc49\axplong.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion | C:\Users\Admin\AppData\Local\Temp\44111dbc49\axplong.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion | C:\Users\Admin\AppData\Local\Temp\44111dbc49\axplong.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion | C:\Users\Admin\AppData\Local\Temp\44111dbc49\axplong.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion | C:\Users\Admin\AppData\Local\Temp\44111dbc49\axplong.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion | C:\Users\Admin\AppData\Local\Temp\44111dbc49\axplong.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion | C:\Users\Admin\AppData\Local\Temp\dc892eea399a446647ddba9a51df8e2f4b99b11cfc2377b9833c9a4069015e61.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\AppData\Local\Temp\44111dbc49\axplong.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion | C:\Users\Admin\AppData\Local\Temp\44111dbc49\axplong.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\44111dbc49\axplong.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\44111dbc49\axplong.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\44111dbc49\axplong.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\44111dbc49\axplong.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\44111dbc49\axplong.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\44111dbc49\axplong.exe | N/A |
Identifies Wine through registry keys
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000\Software\Wine | C:\Users\Admin\AppData\Local\Temp\44111dbc49\axplong.exe | N/A |
| Key opened | \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000\Software\Wine | C:\Users\Admin\AppData\Local\Temp\44111dbc49\axplong.exe | N/A |
| Key opened | \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000\Software\Wine | C:\Users\Admin\AppData\Local\Temp\44111dbc49\axplong.exe | N/A |
| Key opened | \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000\Software\Wine | C:\Users\Admin\AppData\Local\Temp\44111dbc49\axplong.exe | N/A |
| Key opened | \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000\Software\Wine | C:\Users\Admin\AppData\Local\Temp\44111dbc49\axplong.exe | N/A |
| Key opened | \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000\Software\Wine | C:\Users\Admin\AppData\Local\Temp\44111dbc49\axplong.exe | N/A |
| Key opened | \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000\Software\Wine | C:\Users\Admin\AppData\Local\Temp\dc892eea399a446647ddba9a51df8e2f4b99b11cfc2377b9833c9a4069015e61.exe | N/A |
Suspicious use of NtSetInformationThreadHideFromDebugger
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\dc892eea399a446647ddba9a51df8e2f4b99b11cfc2377b9833c9a4069015e61.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\44111dbc49\axplong.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\44111dbc49\axplong.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\44111dbc49\axplong.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\44111dbc49\axplong.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\44111dbc49\axplong.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\44111dbc49\axplong.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\Tasks\axplong.job | C:\Users\Admin\AppData\Local\Temp\dc892eea399a446647ddba9a51df8e2f4b99b11cfc2377b9833c9a4069015e61.exe | N/A |
Enumerates physical storage devices
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\44111dbc49\axplong.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\dc892eea399a446647ddba9a51df8e2f4b99b11cfc2377b9833c9a4069015e61.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\dc892eea399a446647ddba9a51df8e2f4b99b11cfc2377b9833c9a4069015e61.exe | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 3620 wrote to memory of 2220 | N/A | C:\Users\Admin\AppData\Local\Temp\dc892eea399a446647ddba9a51df8e2f4b99b11cfc2377b9833c9a4069015e61.exe | C:\Users\Admin\AppData\Local\Temp\44111dbc49\axplong.exe |
| PID 3620 wrote to memory of 2220 | N/A | C:\Users\Admin\AppData\Local\Temp\dc892eea399a446647ddba9a51df8e2f4b99b11cfc2377b9833c9a4069015e61.exe | C:\Users\Admin\AppData\Local\Temp\44111dbc49\axplong.exe |
| PID 3620 wrote to memory of 2220 | N/A | C:\Users\Admin\AppData\Local\Temp\dc892eea399a446647ddba9a51df8e2f4b99b11cfc2377b9833c9a4069015e61.exe | C:\Users\Admin\AppData\Local\Temp\44111dbc49\axplong.exe |
Processes
C:\Users\Admin\AppData\Local\Temp\dc892eea399a446647ddba9a51df8e2f4b99b11cfc2377b9833c9a4069015e61.exe
"C:\Users\Admin\AppData\Local\Temp\dc892eea399a446647ddba9a51df8e2f4b99b11cfc2377b9833c9a4069015e61.exe"
C:\Users\Admin\AppData\Local\Temp\44111dbc49\axplong.exe
"C:\Users\Admin\AppData\Local\Temp\44111dbc49\axplong.exe"
C:\Users\Admin\AppData\Local\Temp\44111dbc49\axplong.exe
C:\Users\Admin\AppData\Local\Temp\44111dbc49\axplong.exe
C:\Users\Admin\AppData\Local\Temp\44111dbc49\axplong.exe
C:\Users\Admin\AppData\Local\Temp\44111dbc49\axplong.exe
C:\Users\Admin\AppData\Local\Temp\44111dbc49\axplong.exe
C:\Users\Admin\AppData\Local\Temp\44111dbc49\axplong.exe
C:\Users\Admin\AppData\Local\Temp\44111dbc49\axplong.exe
C:\Users\Admin\AppData\Local\Temp\44111dbc49\axplong.exe
C:\Users\Admin\AppData\Local\Temp\44111dbc49\axplong.exe
C:\Users\Admin\AppData\Local\Temp\44111dbc49\axplong.exe
Network
| Country | Destination | Domain | Proto |
| RU | 185.215.113.16:80 | 185.215.113.16 | tcp |
| US | 8.8.8.8:53 | 16.113.215.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.8.0.8.0.8.0.8.0.ip6.arpa | udp |
| US | 8.8.8.8:53 | 9.173.189.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 83.210.23.2.in-addr.arpa | udp |
| RU | 185.215.113.16:80 | 185.215.113.16 | tcp |
| US | 8.8.8.8:53 | 172.214.232.199.in-addr.arpa | udp |
Files
memory/3620-0-0x0000000000B20000-0x0000000000FBF000-memory.dmp
memory/3620-1-0x00000000770B4000-0x00000000770B5000-memory.dmp
memory/3620-2-0x0000000000B21000-0x0000000000B4F000-memory.dmp
memory/3620-3-0x0000000000B20000-0x0000000000FBF000-memory.dmp
memory/3620-5-0x0000000000B20000-0x0000000000FBF000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\44111dbc49\axplong.exe
| MD5 | 42fe94b0488e8662b02a748c8d274462 |
| SHA1 | b5e12eb503c727613d9645b67f444ee10c2668af |
| SHA256 | dc892eea399a446647ddba9a51df8e2f4b99b11cfc2377b9833c9a4069015e61 |
| SHA512 | db59de15dc0ffbdf865aec06c02e2c5c698a9c83364e553019764bbc55891acb88850ee78b99ddd8147beb8df1f33ec5b0cdc5fc18ca39ccd7c647d4b31aa45a |
memory/3620-15-0x0000000000B20000-0x0000000000FBF000-memory.dmp
memory/2220-13-0x0000000000BA0000-0x000000000103F000-memory.dmp
memory/2220-16-0x0000000000BA1000-0x0000000000BCF000-memory.dmp
memory/2220-17-0x0000000000BA0000-0x000000000103F000-memory.dmp
memory/2220-18-0x0000000000BA0000-0x000000000103F000-memory.dmp
memory/2220-19-0x0000000000BA0000-0x000000000103F000-memory.dmp
memory/2220-20-0x0000000000BA0000-0x000000000103F000-memory.dmp
memory/2220-21-0x0000000000BA0000-0x000000000103F000-memory.dmp
memory/4524-23-0x0000000000BA0000-0x000000000103F000-memory.dmp
memory/4524-24-0x0000000000BA0000-0x000000000103F000-memory.dmp
memory/2220-25-0x0000000000BA0000-0x000000000103F000-memory.dmp
memory/2220-26-0x0000000000BA0000-0x000000000103F000-memory.dmp
memory/2220-27-0x0000000000BA0000-0x000000000103F000-memory.dmp
memory/2220-28-0x0000000000BA0000-0x000000000103F000-memory.dmp
memory/2220-29-0x0000000000BA0000-0x000000000103F000-memory.dmp
memory/2220-30-0x0000000000BA0000-0x000000000103F000-memory.dmp
memory/4780-32-0x0000000000BA0000-0x000000000103F000-memory.dmp
memory/2220-33-0x0000000000BA0000-0x000000000103F000-memory.dmp
memory/2220-34-0x0000000000BA0000-0x000000000103F000-memory.dmp
memory/2220-35-0x0000000000BA0000-0x000000000103F000-memory.dmp
memory/2220-36-0x0000000000BA0000-0x000000000103F000-memory.dmp
memory/2220-37-0x0000000000BA0000-0x000000000103F000-memory.dmp
memory/2220-38-0x0000000000BA0000-0x000000000103F000-memory.dmp
memory/1696-41-0x0000000000BA0000-0x000000000103F000-memory.dmp
memory/2220-42-0x0000000000BA0000-0x000000000103F000-memory.dmp
memory/2220-43-0x0000000000BA0000-0x000000000103F000-memory.dmp
memory/2220-44-0x0000000000BA0000-0x000000000103F000-memory.dmp
memory/2220-45-0x0000000000BA0000-0x000000000103F000-memory.dmp
memory/2220-46-0x0000000000BA0000-0x000000000103F000-memory.dmp
memory/2220-47-0x0000000000BA0000-0x000000000103F000-memory.dmp
memory/3180-50-0x0000000000BA0000-0x000000000103F000-memory.dmp
memory/2220-51-0x0000000000BA0000-0x000000000103F000-memory.dmp
memory/2220-52-0x0000000000BA0000-0x000000000103F000-memory.dmp
memory/2220-53-0x0000000000BA0000-0x000000000103F000-memory.dmp
memory/2220-54-0x0000000000BA0000-0x000000000103F000-memory.dmp
memory/2220-55-0x0000000000BA0000-0x000000000103F000-memory.dmp
memory/2220-56-0x0000000000BA0000-0x000000000103F000-memory.dmp
memory/4992-59-0x0000000000BA0000-0x000000000103F000-memory.dmp
memory/2220-60-0x0000000000BA0000-0x000000000103F000-memory.dmp
memory/2220-61-0x0000000000BA0000-0x000000000103F000-memory.dmp
memory/2220-62-0x0000000000BA0000-0x000000000103F000-memory.dmp
memory/2220-63-0x0000000000BA0000-0x000000000103F000-memory.dmp