Analysis Overview
SHA256
58f6b5a6fca911a751d3a30e796de0ea9612fca461404aa5eea6622be08a1aab
Threat Level: Known bad
The file 2024-10-14_71213eb9e5f168f41b83a7e603f6681d_globeimposter was found to be: Known bad.
Malicious Activity Summary
GlobeImposter
Renames multiple (7323) files with added filename extension
Renames multiple (6107) files with added filename extension
Checks computer location settings
Deletes itself
Reads user/profile data of web browsers
Adds Run key to start application
Indicator Removal: File Deletion
Drops file in Program Files directory
System Location Discovery: System Language Discovery
Unsigned PE
Enumerates physical storage devices
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-10-14 06:27
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-10-14 06:27
Reported
2024-10-14 06:30
Platform
win7-20240729-en
Max time kernel
44s
Max time network
17s
Command Line
Signatures
GlobeImposter
Renames multiple (7323) files with added filename extension
Deletes itself
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\cmd.exe | N/A |
Reads user/profile data of web browsers
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\BrowserUpdateCheck = "C:\\Users\\Admin\\AppData\\Local\\2024-10-14_71213eb9e5f168f41b83a7e603f6681d_globeimposter.exe" | C:\Users\Admin\AppData\Local\Temp\2024-10-14_71213eb9e5f168f41b83a7e603f6681d_globeimposter.exe | N/A |
Indicator Removal: File Deletion
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\WB01300_.GIF | C:\Users\Admin\AppData\Local\Temp\2024-10-14_71213eb9e5f168f41b83a7e603f6681d_globeimposter.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Asia\Yerevan | C:\Users\Admin\AppData\Local\Temp\2024-10-14_71213eb9e5f168f41b83a7e603f6681d_globeimposter.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\LINES\BD14677_.GIF | C:\Users\Admin\AppData\Local\Temp\2024-10-14_71213eb9e5f168f41b83a7e603f6681d_globeimposter.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0106146.WMF | C:\Users\Admin\AppData\Local\Temp\2024-10-14_71213eb9e5f168f41b83a7e603f6681d_globeimposter.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0199307.WMF | C:\Users\Admin\AppData\Local\Temp\2024-10-14_71213eb9e5f168f41b83a7e603f6681d_globeimposter.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\lua\modules\simplexml.luac | C:\Users\Admin\AppData\Local\Temp\2024-10-14_71213eb9e5f168f41b83a7e603f6681d_globeimposter.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Document Themes 14\Theme Fonts\Composite.xml | C:\Users\Admin\AppData\Local\Temp\2024-10-14_71213eb9e5f168f41b83a7e603f6681d_globeimposter.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0196060.WMF | C:\Users\Admin\AppData\Local\Temp\2024-10-14_71213eb9e5f168f41b83a7e603f6681d_globeimposter.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\DD00449_.WMF | C:\Users\Admin\AppData\Local\Temp\2024-10-14_71213eb9e5f168f41b83a7e603f6681d_globeimposter.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\AN04235_.WMF | C:\Users\Admin\AppData\Local\Temp\2024-10-14_71213eb9e5f168f41b83a7e603f6681d_globeimposter.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0185806.WMF | C:\Users\Admin\AppData\Local\Temp\2024-10-14_71213eb9e5f168f41b83a7e603f6681d_globeimposter.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\AUTOSHAP\BD18230_.WMF | C:\Users\Admin\AppData\Local\Temp\2024-10-14_71213eb9e5f168f41b83a7e603f6681d_globeimposter.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Document Themes 14\Waveform.thmx | C:\Users\Admin\AppData\Local\Temp\2024-10-14_71213eb9e5f168f41b83a7e603f6681d_globeimposter.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Document Themes 14\Theme Effects\Verve.eftx | C:\Users\Admin\AppData\Local\Temp\2024-10-14_71213eb9e5f168f41b83a7e603f6681d_globeimposter.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rcp.intro.zh_CN_5.5.0.165303.jar | C:\Users\Admin\AppData\Local\Temp\2024-10-14_71213eb9e5f168f41b83a7e603f6681d_globeimposter.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Solutions\Document.gif | C:\Users\Admin\AppData\Local\Temp\2024-10-14_71213eb9e5f168f41b83a7e603f6681d_globeimposter.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\AUTOSHAP\BD18207_.WMF | C:\Users\Admin\AppData\Local\Temp\2024-10-14_71213eb9e5f168f41b83a7e603f6681d_globeimposter.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\PSSKETSM.WMF | C:\Users\Admin\AppData\Local\Temp\2024-10-14_71213eb9e5f168f41b83a7e603f6681d_globeimposter.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\lua\http\requests\vlm.xml | C:\Users\Admin\AppData\Local\Temp\2024-10-14_71213eb9e5f168f41b83a7e603f6681d_globeimposter.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\images\cursors\win32_CopyNoDrop32x32.gif | C:\Users\Admin\AppData\Local\Temp\2024-10-14_71213eb9e5f168f41b83a7e603f6681d_globeimposter.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.workbench.renderers.swt.nl_zh_4.4.0.v20140623020002.jar | C:\Users\Admin\AppData\Local\Temp\2024-10-14_71213eb9e5f168f41b83a7e603f6681d_globeimposter.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\MEDIA\CAGCAT10\J0297707.WMF | C:\Users\Admin\AppData\Local\Temp\2024-10-14_71213eb9e5f168f41b83a7e603f6681d_globeimposter.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0238959.WMF | C:\Users\Admin\AppData\Local\Temp\2024-10-14_71213eb9e5f168f41b83a7e603f6681d_globeimposter.exe | N/A |
| File opened for modification | C:\Program Files\Windows Journal\ja-JP\Journal.exe.mui | C:\Users\Admin\AppData\Local\Temp\2024-10-14_71213eb9e5f168f41b83a7e603f6681d_globeimposter.exe | N/A |
| File created | C:\Program Files\VideoLAN\VLC\locale\ml\LC_MESSAGES\how_to_back_files.html | C:\Users\Admin\AppData\Local\Temp\2024-10-14_71213eb9e5f168f41b83a7e603f6681d_globeimposter.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.simpleconfigurator.nl_ja_4.4.0.v20140623020002.jar | C:\Users\Admin\AppData\Local\Temp\2024-10-14_71213eb9e5f168f41b83a7e603f6681d_globeimposter.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Office14\1033\POWERPNT.DEV_F_COL.HXK | C:\Users\Admin\AppData\Local\Temp\2024-10-14_71213eb9e5f168f41b83a7e603f6681d_globeimposter.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0107526.WMF | C:\Users\Admin\AppData\Local\Temp\2024-10-14_71213eb9e5f168f41b83a7e603f6681d_globeimposter.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0150861.WMF | C:\Users\Admin\AppData\Local\Temp\2024-10-14_71213eb9e5f168f41b83a7e603f6681d_globeimposter.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Office14\QUERIES\MSN MoneyCentral Investor Major Indicies.iqy | C:\Users\Admin\AppData\Local\Temp\2024-10-14_71213eb9e5f168f41b83a7e603f6681d_globeimposter.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Office14\PAGESIZE\PGLBL058.XML | C:\Users\Admin\AppData\Local\Temp\2024-10-14_71213eb9e5f168f41b83a7e603f6681d_globeimposter.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\MEDIA\CAGCAT10\J0300912.WMF | C:\Users\Admin\AppData\Local\Temp\2024-10-14_71213eb9e5f168f41b83a7e603f6681d_globeimposter.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0297229.WMF | C:\Users\Admin\AppData\Local\Temp\2024-10-14_71213eb9e5f168f41b83a7e603f6681d_globeimposter.exe | N/A |
| File opened for modification | C:\Program Files\Windows Journal\en-US\JNTFiltr.dll.mui | C:\Users\Admin\AppData\Local\Temp\2024-10-14_71213eb9e5f168f41b83a7e603f6681d_globeimposter.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\SystemV\MST7MDT | C:\Users\Admin\AppData\Local\Temp\2024-10-14_71213eb9e5f168f41b83a7e603f6681d_globeimposter.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\feedbck2.gif | C:\Users\Admin\AppData\Local\Temp\2024-10-14_71213eb9e5f168f41b83a7e603f6681d_globeimposter.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Templates\1033\OriginLetter.Dotx | C:\Users\Admin\AppData\Local\Temp\2024-10-14_71213eb9e5f168f41b83a7e603f6681d_globeimposter.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\CommonData\AlertImage_ContactHigh.jpg | C:\Users\Admin\AppData\Local\Temp\2024-10-14_71213eb9e5f168f41b83a7e603f6681d_globeimposter.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\fontconfig.properties.src | C:\Users\Admin\AppData\Local\Temp\2024-10-14_71213eb9e5f168f41b83a7e603f6681d_globeimposter.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Tallinn | C:\Users\Admin\AppData\Local\Temp\2024-10-14_71213eb9e5f168f41b83a7e603f6681d_globeimposter.exe | N/A |
| File opened for modification | C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_frame-border.png | C:\Users\Admin\AppData\Local\Temp\2024-10-14_71213eb9e5f168f41b83a7e603f6681d_globeimposter.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Document Themes 14\Equity.thmx | C:\Users\Admin\AppData\Local\Temp\2024-10-14_71213eb9e5f168f41b83a7e603f6681d_globeimposter.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0105496.WMF | C:\Users\Admin\AppData\Local\Temp\2024-10-14_71213eb9e5f168f41b83a7e603f6681d_globeimposter.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Office14\Bibliography\Style\MLA.XSL | C:\Users\Admin\AppData\Local\Temp\2024-10-14_71213eb9e5f168f41b83a7e603f6681d_globeimposter.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Multimedia\MPP\Flash.mpp | C:\Users\Admin\AppData\Local\Temp\2024-10-14_71213eb9e5f168f41b83a7e603f6681d_globeimposter.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\Calendar\GlobeButtonImage.jpg | C:\Users\Admin\AppData\Local\Temp\2024-10-14_71213eb9e5f168f41b83a7e603f6681d_globeimposter.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\VDKHome\ENU\VDK10.RSD | C:\Users\Admin\AppData\Local\Temp\2024-10-14_71213eb9e5f168f41b83a7e603f6681d_globeimposter.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\NA00238_.WMF | C:\Users\Admin\AppData\Local\Temp\2024-10-14_71213eb9e5f168f41b83a7e603f6681d_globeimposter.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD14514_.GIF | C:\Users\Admin\AppData\Local\Temp\2024-10-14_71213eb9e5f168f41b83a7e603f6681d_globeimposter.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0198712.WMF | C:\Users\Admin\AppData\Local\Temp\2024-10-14_71213eb9e5f168f41b83a7e603f6681d_globeimposter.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD14513_.GIF | C:\Users\Admin\AppData\Local\Temp\2024-10-14_71213eb9e5f168f41b83a7e603f6681d_globeimposter.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0384895.JPG | C:\Users\Admin\AppData\Local\Temp\2024-10-14_71213eb9e5f168f41b83a7e603f6681d_globeimposter.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\locale\sl\LC_MESSAGES\vlc.mo | C:\Users\Admin\AppData\Local\Temp\2024-10-14_71213eb9e5f168f41b83a7e603f6681d_globeimposter.exe | N/A |
| File opened for modification | C:\Program Files\DVD Maker\Shared\DvdStyles\NavigationUp_ButtonGraphic.png | C:\Users\Admin\AppData\Local\Temp\2024-10-14_71213eb9e5f168f41b83a7e603f6681d_globeimposter.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Office14\mset7es.kic | C:\Users\Admin\AppData\Local\Temp\2024-10-14_71213eb9e5f168f41b83a7e603f6681d_globeimposter.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Americana.css | C:\Users\Admin\AppData\Local\Temp\2024-10-14_71213eb9e5f168f41b83a7e603f6681d_globeimposter.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Office14\OutlookAutoDiscover\YAHOO.SE.XML | C:\Users\Admin\AppData\Local\Temp\2024-10-14_71213eb9e5f168f41b83a7e603f6681d_globeimposter.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\jfr\default.jfc | C:\Users\Admin\AppData\Local\Temp\2024-10-14_71213eb9e5f168f41b83a7e603f6681d_globeimposter.exe | N/A |
| File opened for modification | C:\Program Files\DVD Maker\Shared\DvdStyles\Full\NavigationLeft_ButtonGraphic.png | C:\Users\Admin\AppData\Local\Temp\2024-10-14_71213eb9e5f168f41b83a7e603f6681d_globeimposter.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\HH01242_.WMF | C:\Users\Admin\AppData\Local\Temp\2024-10-14_71213eb9e5f168f41b83a7e603f6681d_globeimposter.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\turnOffNotificationInTray.gif | C:\Users\Admin\AppData\Local\Temp\2024-10-14_71213eb9e5f168f41b83a7e603f6681d_globeimposter.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-profiler.jar | C:\Users\Admin\AppData\Local\Temp\2024-10-14_71213eb9e5f168f41b83a7e603f6681d_globeimposter.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-application.jar | C:\Users\Admin\AppData\Local\Temp\2024-10-14_71213eb9e5f168f41b83a7e603f6681d_globeimposter.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-core-kit_ja.jar | C:\Users\Admin\AppData\Local\Temp\2024-10-14_71213eb9e5f168f41b83a7e603f6681d_globeimposter.exe | N/A |
Enumerates physical storage devices
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\2024-10-14_71213eb9e5f168f41b83a7e603f6681d_globeimposter.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2300 wrote to memory of 1368 | N/A | C:\Users\Admin\AppData\Local\Temp\2024-10-14_71213eb9e5f168f41b83a7e603f6681d_globeimposter.exe | C:\Windows\SysWOW64\cmd.exe |
| PID 2300 wrote to memory of 1368 | N/A | C:\Users\Admin\AppData\Local\Temp\2024-10-14_71213eb9e5f168f41b83a7e603f6681d_globeimposter.exe | C:\Windows\SysWOW64\cmd.exe |
| PID 2300 wrote to memory of 1368 | N/A | C:\Users\Admin\AppData\Local\Temp\2024-10-14_71213eb9e5f168f41b83a7e603f6681d_globeimposter.exe | C:\Windows\SysWOW64\cmd.exe |
| PID 2300 wrote to memory of 1368 | N/A | C:\Users\Admin\AppData\Local\Temp\2024-10-14_71213eb9e5f168f41b83a7e603f6681d_globeimposter.exe | C:\Windows\SysWOW64\cmd.exe |
Processes
C:\Users\Admin\AppData\Local\Temp\2024-10-14_71213eb9e5f168f41b83a7e603f6681d_globeimposter.exe
"C:\Users\Admin\AppData\Local\Temp\2024-10-14_71213eb9e5f168f41b83a7e603f6681d_globeimposter.exe"
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\system32\cmd.exe" /c del C:\Users\Admin\AppData\Local\Temp\2024-10-14_71213eb9e5f168f41b83a7e603f6681d_globeimposter.exe > nul
Network
Files
memory/2300-0-0x0000000000400000-0x000000000040E000-memory.dmp
C:\Users\Public\Music\Sample Music\how_to_back_files.html
| MD5 | 1098f06dd133c2ad73c3901fa24821b7 |
| SHA1 | 9c46486d67c42c93e3e2f2d4cdd8bb9c560ddd31 |
| SHA256 | 6fc24870424ebbcd40e7874c98571e10ae72f25a0c1da5218f71205b194a0ad5 |
| SHA512 | 4f236d26bbc898d417e72a69d5a7d86ad4a197cfcd79a8cfa9336e06a7292d3ae4a00aa1241657d8571a947e36dd3ecef4aaea41154c9eb15af7cf05a7f5270b |
memory/2300-2266-0x0000000000400000-0x000000000040E000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2024-10-14 06:27
Reported
2024-10-14 06:30
Platform
win10v2004-20241007-en
Max time kernel
149s
Max time network
150s
Command Line
Signatures
GlobeImposter
Renames multiple (6107) files with added filename extension
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\2024-10-14_71213eb9e5f168f41b83a7e603f6681d_globeimposter.exe | N/A |
Reads user/profile data of web browsers
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\BrowserUpdateCheck = "C:\\Users\\Admin\\AppData\\Local\\2024-10-14_71213eb9e5f168f41b83a7e603f6681d_globeimposter.exe" | C:\Users\Admin\AppData\Local\Temp\2024-10-14_71213eb9e5f168f41b83a7e603f6681d_globeimposter.exe | N/A |
Indicator Removal: File Deletion
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\Outlook2019R_Retail-ppd.xrm-ms | C:\Users\Admin\AppData\Local\Temp\2024-10-14_71213eb9e5f168f41b83a7e603f6681d_globeimposter.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\editpdf\images\themes\dark\how_to_back_files.html | C:\Users\Admin\AppData\Local\Temp\2024-10-14_71213eb9e5f168f41b83a7e603f6681d_globeimposter.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Assets\FileExtension.targetsize-20.png | C:\Users\Admin\AppData\Local\Temp\2024-10-14_71213eb9e5f168f41b83a7e603f6681d_globeimposter.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\Microsoft.StorePurchaseApp_11811.1001.18.0_x64__8wekyb3d8bbwe\Store.Purchase\Resources\DefaultResourceDictionary.xaml | C:\Users\Admin\AppData\Local\Temp\2024-10-14_71213eb9e5f168f41b83a7e603f6681d_globeimposter.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_Subscription5-ul-oob.xrm-ms | C:\Users\Admin\AppData\Local\Temp\2024-10-14_71213eb9e5f168f41b83a7e603f6681d_globeimposter.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Assets\Square44x44Logo.targetsize-30_altform-unplated.png | C:\Users\Admin\AppData\Local\Temp\2024-10-14_71213eb9e5f168f41b83a7e603f6681d_globeimposter.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer-select\js\nls\it-it\how_to_back_files.html | C:\Users\Admin\AppData\Local\Temp\2024-10-14_71213eb9e5f168f41b83a7e603f6681d_globeimposter.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Assets\contrast-white\AppList.targetsize-16_contrast-white.png | C:\Users\Admin\AppData\Local\Temp\2024-10-14_71213eb9e5f168f41b83a7e603f6681d_globeimposter.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\Microsoft.WindowsSoundRecorder_10.1906.1972.0_x64__8wekyb3d8bbwe\Assets\VoiceRecorderAppList.targetsize-60.png | C:\Users\Admin\AppData\Local\Temp\2024-10-14_71213eb9e5f168f41b83a7e603f6681d_globeimposter.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Home\LTR\contrast-white\LargeTile.scale-200.png | C:\Users\Admin\AppData\Local\Temp\2024-10-14_71213eb9e5f168f41b83a7e603f6681d_globeimposter.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\EmptyShare.scale-200.png | C:\Users\Admin\AppData\Local\Temp\2024-10-14_71213eb9e5f168f41b83a7e603f6681d_globeimposter.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\HxCalendarLargeTile.scale-200.png | C:\Users\Admin\AppData\Local\Temp\2024-10-14_71213eb9e5f168f41b83a7e603f6681d_globeimposter.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\osf\dropdownarrow_16x16x32.png | C:\Users\Admin\AppData\Local\Temp\2024-10-14_71213eb9e5f168f41b83a7e603f6681d_globeimposter.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\reviews\images\dd_arrow_small2x.png | C:\Users\Admin\AppData\Local\Temp\2024-10-14_71213eb9e5f168f41b83a7e603f6681d_globeimposter.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\Microsoft.ScreenSketch_10.1907.2471.0_x64__8wekyb3d8bbwe\Assets\ScreenSketchSquare44x44Logo.targetsize-256_altform-lightunplated.png | C:\Users\Admin\AppData\Local\Temp\2024-10-14_71213eb9e5f168f41b83a7e603f6681d_globeimposter.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\Assets\contrast-white\AppPackageSplashScreen.scale-100_contrast-white.png | C:\Users\Admin\AppData\Local\Temp\2024-10-14_71213eb9e5f168f41b83a7e603f6681d_globeimposter.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_OEM_Perp2-ul-oob.xrm-ms | C:\Users\Admin\AppData\Local\Temp\2024-10-14_71213eb9e5f168f41b83a7e603f6681d_globeimposter.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\[email protected] | C:\Users\Admin\AppData\Local\Temp\2024-10-14_71213eb9e5f168f41b83a7e603f6681d_globeimposter.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\EmptyView-Dark.scale-150.png | C:\Users\Admin\AppData\Local\Temp\2024-10-14_71213eb9e5f168f41b83a7e603f6681d_globeimposter.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\Microsoft.VP9VideoExtensions_1.0.22681.0_x64__8wekyb3d8bbwe\Assets\contrast-white\StoreLogo.scale-100_contrast-white.png | C:\Users\Admin\AppData\Local\Temp\2024-10-14_71213eb9e5f168f41b83a7e603f6681d_globeimposter.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Templates\1033\RedAndBlackLetter.dotx | C:\Users\Admin\AppData\Local\Temp\2024-10-14_71213eb9e5f168f41b83a7e603f6681d_globeimposter.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\app-center\js\nls\en-il\how_to_back_files.html | C:\Users\Admin\AppData\Local\Temp\2024-10-14_71213eb9e5f168f41b83a7e603f6681d_globeimposter.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\da-dk\how_to_back_files.html | C:\Users\Admin\AppData\Local\Temp\2024-10-14_71213eb9e5f168f41b83a7e603f6681d_globeimposter.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\Microsoft.YourPhone_0.19051.7.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\AppTiles\BadgeLogo.scale-100.png | C:\Users\Admin\AppData\Local\Temp\2024-10-14_71213eb9e5f168f41b83a7e603f6681d_globeimposter.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\Microsoft.XboxApp_48.49.31001.0_x64__8wekyb3d8bbwe\Microsoft.Xbox.SmartGlass.Controls\MsaAuthenticatorView.xaml | C:\Users\Admin\AppData\Local\Temp\2024-10-14_71213eb9e5f168f41b83a7e603f6681d_globeimposter.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\Microsoft.WindowsStore_11910.1002.5.0_x64__8wekyb3d8bbwe\Resources\RetailDemo\data\en-us\3.jpg | C:\Users\Admin\AppData\Local\Temp\2024-10-14_71213eb9e5f168f41b83a7e603f6681d_globeimposter.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-black\OneNoteNotebookSmallTile.scale-200.png | C:\Users\Admin\AppData\Local\Temp\2024-10-14_71213eb9e5f168f41b83a7e603f6681d_globeimposter.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\ms.txt | C:\Users\Admin\AppData\Local\Temp\2024-10-14_71213eb9e5f168f41b83a7e603f6681d_globeimposter.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\HxCalendarAppList.scale-100.png | C:\Users\Admin\AppData\Local\Temp\2024-10-14_71213eb9e5f168f41b83a7e603f6681d_globeimposter.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\ExchangeMediumTile.scale-125.png | C:\Users\Admin\AppData\Local\Temp\2024-10-14_71213eb9e5f168f41b83a7e603f6681d_globeimposter.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1906.55.0_x64__8wekyb3d8bbwe\Assets\Date.targetsize-24_contrast-black.png | C:\Users\Admin\AppData\Local\Temp\2024-10-14_71213eb9e5f168f41b83a7e603f6681d_globeimposter.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\Microsoft.StorePurchaseApp_11811.1001.1813.0_neutral_~_8wekyb3d8bbwe\AppxBlockMap.xml | C:\Users\Admin\AppData\Local\Temp\2024-10-14_71213eb9e5f168f41b83a7e603f6681d_globeimposter.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-black\OneNoteSmallTile.scale-125.png | C:\Users\Admin\AppData\Local\Temp\2024-10-14_71213eb9e5f168f41b83a7e603f6681d_globeimposter.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\MondoR_Retail-ul-oob.xrm-ms | C:\Users\Admin\AppData\Local\Temp\2024-10-14_71213eb9e5f168f41b83a7e603f6681d_globeimposter.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\themes\dark\share_icons2x.png | C:\Users\Admin\AppData\Local\Temp\2024-10-14_71213eb9e5f168f41b83a7e603f6681d_globeimposter.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-recent-files-select\js\plugin.js | C:\Users\Admin\AppData\Local\Temp\2024-10-14_71213eb9e5f168f41b83a7e603f6681d_globeimposter.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Place\LTR\contrast-white\WideTile.scale-125.png | C:\Users\Admin\AppData\Local\Temp\2024-10-14_71213eb9e5f168f41b83a7e603f6681d_globeimposter.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\lua\playlist\dailymotion.luac | C:\Users\Admin\AppData\Local\Temp\2024-10-14_71213eb9e5f168f41b83a7e603f6681d_globeimposter.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\lua\playlist\vimeo.luac | C:\Users\Admin\AppData\Local\Temp\2024-10-14_71213eb9e5f168f41b83a7e603f6681d_globeimposter.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Assets\AppList.targetsize-256_altform-unplated_devicefamily-colorfulunplated.png | C:\Users\Admin\AppData\Local\Temp\2024-10-14_71213eb9e5f168f41b83a7e603f6681d_globeimposter.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Office16\LivePersonaCard\images\default\how_to_back_files.html | C:\Users\Admin\AppData\Local\Temp\2024-10-14_71213eb9e5f168f41b83a7e603f6681d_globeimposter.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\Microsoft.WindowsSoundRecorder_10.1906.1972.0_x64__8wekyb3d8bbwe\Assets\VoiceRecorderAppList.targetsize-72.png | C:\Users\Admin\AppData\Local\Temp\2024-10-14_71213eb9e5f168f41b83a7e603f6681d_globeimposter.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusiness2019R_Grace-ul-oob.xrm-ms | C:\Users\Admin\AppData\Local\Temp\2024-10-14_71213eb9e5f168f41b83a7e603f6681d_globeimposter.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\Microsoft.WindowsCamera_2018.826.98.0_x64__8wekyb3d8bbwe\Assets\WindowsIcons\WindowsCameraAppList.contrast-black_targetsize-32.png | C:\Users\Admin\AppData\Local\Temp\2024-10-14_71213eb9e5f168f41b83a7e603f6681d_globeimposter.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-black\OneNotePageWideTile.scale-200.png | C:\Users\Admin\AppData\Local\Temp\2024-10-14_71213eb9e5f168f41b83a7e603f6681d_globeimposter.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\BORDERS\MSART9.BDR | C:\Users\Admin\AppData\Local\Temp\2024-10-14_71213eb9e5f168f41b83a7e603f6681d_globeimposter.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\jre\lib\management\management.properties | C:\Users\Admin\AppData\Local\Temp\2024-10-14_71213eb9e5f168f41b83a7e603f6681d_globeimposter.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\EmptyView.scale-100.png | C:\Users\Admin\AppData\Local\Temp\2024-10-14_71213eb9e5f168f41b83a7e603f6681d_globeimposter.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_18.1903.1152.0_x64__8wekyb3d8bbwe\msapp-error.css | C:\Users\Admin\AppData\Local\Temp\2024-10-14_71213eb9e5f168f41b83a7e603f6681d_globeimposter.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Assets\Square44x44Logo.targetsize-32.png | C:\Users\Admin\AppData\Local\Temp\2024-10-14_71213eb9e5f168f41b83a7e603f6681d_globeimposter.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected] | C:\Users\Admin\AppData\Local\Temp\2024-10-14_71213eb9e5f168f41b83a7e603f6681d_globeimposter.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\add-account\images\icons.png | C:\Users\Admin\AppData\Local\Temp\2024-10-14_71213eb9e5f168f41b83a7e603f6681d_globeimposter.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\uss-search\js\selector.js | C:\Users\Admin\AppData\Local\Temp\2024-10-14_71213eb9e5f168f41b83a7e603f6681d_globeimposter.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\OutlookMailSmallTile.scale-150.png | C:\Users\Admin\AppData\Local\Temp\2024-10-14_71213eb9e5f168f41b83a7e603f6681d_globeimposter.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\MondoR_Grace-ppd.xrm-ms | C:\Users\Admin\AppData\Local\Temp\2024-10-14_71213eb9e5f168f41b83a7e603f6681d_globeimposter.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\Microsoft.WebpImageExtension_1.0.22753.0_x64__8wekyb3d8bbwe\Assets\AppList.targetsize-48_altform-unplated.png | C:\Users\Admin\AppData\Local\Temp\2024-10-14_71213eb9e5f168f41b83a7e603f6681d_globeimposter.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\SecondaryTiles\Place\contrast-white\MedTile.scale-125.png | C:\Users\Admin\AppData\Local\Temp\2024-10-14_71213eb9e5f168f41b83a7e603f6681d_globeimposter.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_OEM_Perp3-ppd.xrm-ms | C:\Users\Admin\AppData\Local\Temp\2024-10-14_71213eb9e5f168f41b83a7e603f6681d_globeimposter.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\search-summary\js\nls\sk-sk\ui-strings.js | C:\Users\Admin\AppData\Local\Temp\2024-10-14_71213eb9e5f168f41b83a7e603f6681d_globeimposter.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Assets\contrast-black\OrientationControlMiddleCircleHover.png | C:\Users\Admin\AppData\Local\Temp\2024-10-14_71213eb9e5f168f41b83a7e603f6681d_globeimposter.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\OutlookMailSmallTile.scale-100.png | C:\Users\Admin\AppData\Local\Temp\2024-10-14_71213eb9e5f168f41b83a7e603f6681d_globeimposter.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\Microsoft.VP9VideoExtensions_1.0.22681.0_x64__8wekyb3d8bbwe\Assets\contrast-black\AppList.targetsize-48_altform-unplated_contrast-black.png | C:\Users\Admin\AppData\Local\Temp\2024-10-14_71213eb9e5f168f41b83a7e603f6681d_globeimposter.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\Microsoft.XboxApp_48.49.31001.0_x64__8wekyb3d8bbwe\Assets\GamesXboxHubAppList.targetsize-60_contrast-high.png | C:\Users\Admin\AppData\Local\Temp\2024-10-14_71213eb9e5f168f41b83a7e603f6681d_globeimposter.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\GenericMailBadge.scale-400.png | C:\Users\Admin\AppData\Local\Temp\2024-10-14_71213eb9e5f168f41b83a7e603f6681d_globeimposter.exe | N/A |
Enumerates physical storage devices
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\2024-10-14_71213eb9e5f168f41b83a7e603f6681d_globeimposter.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 1828 wrote to memory of 1380 | N/A | C:\Users\Admin\AppData\Local\Temp\2024-10-14_71213eb9e5f168f41b83a7e603f6681d_globeimposter.exe | C:\Windows\SysWOW64\cmd.exe |
| PID 1828 wrote to memory of 1380 | N/A | C:\Users\Admin\AppData\Local\Temp\2024-10-14_71213eb9e5f168f41b83a7e603f6681d_globeimposter.exe | C:\Windows\SysWOW64\cmd.exe |
| PID 1828 wrote to memory of 1380 | N/A | C:\Users\Admin\AppData\Local\Temp\2024-10-14_71213eb9e5f168f41b83a7e603f6681d_globeimposter.exe | C:\Windows\SysWOW64\cmd.exe |
Processes
C:\Users\Admin\AppData\Local\Temp\2024-10-14_71213eb9e5f168f41b83a7e603f6681d_globeimposter.exe
"C:\Users\Admin\AppData\Local\Temp\2024-10-14_71213eb9e5f168f41b83a7e603f6681d_globeimposter.exe"
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\system32\cmd.exe" /c del C:\Users\Admin\AppData\Local\Temp\2024-10-14_71213eb9e5f168f41b83a7e603f6681d_globeimposter.exe > nul
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 150.171.28.10:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 74.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 200.163.202.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.39.242.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 98.117.19.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 19.229.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.16.208.104.in-addr.arpa | udp |
Files
memory/1828-0-0x0000000000400000-0x000000000040E000-memory.dmp
C:\ProgramData\Package Cache\{ef6b00ec-13e1-4c25-9064-b2f383cb8412}\how_to_back_files.html
| MD5 | e1d2ebfc66b903adb6ef33218d015e7f |
| SHA1 | 137f2d2a6fbef19e71798e6bbe0c7f96d935427f |
| SHA256 | 87e82c697b7fb7d9bd185101c173066ab0ee5967b6d272944db320ae32794cbb |
| SHA512 | e8d8bf1a7a5ca09b76ed9761fdd664faa9b29724190988ad73bdf5ef02c41ac0eae92b20bca5f5682953694633d50b2c5eb2083604a59a318141af0a0b3c5ca1 |
memory/1828-2389-0x0000000000400000-0x000000000040E000-memory.dmp