Malware Analysis Report

2025-03-15 04:23

Sample ID 241025-2fvxqawame
Target 53701250c034867c790c728b7d9c1daabc7f7156a66c74b6969a6ed1fd83578dN
SHA256 53701250c034867c790c728b7d9c1daabc7f7156a66c74b6969a6ed1fd83578d
Tags
discovery persistence spyware stealer
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

53701250c034867c790c728b7d9c1daabc7f7156a66c74b6969a6ed1fd83578d

Threat Level: Known bad

The file 53701250c034867c790c728b7d9c1daabc7f7156a66c74b6969a6ed1fd83578dN was found to be: Known bad.

Malicious Activity Summary

discovery persistence spyware stealer

Modifies WinLogon for persistence

Drops file in Drivers directory

Drops startup file

Reads user/profile data of web browsers

Legitimate hosting services abused for malware hosting/C2

Adds Run key to start application

Drops file in Program Files directory

Enumerates physical storage devices

Unsigned PE

System Location Discovery: System Language Discovery

Suspicious use of AdjustPrivilegeToken

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-10-25 22:31

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-10-25 22:31

Reported

2024-10-25 22:34

Platform

win7-20240903-en

Max time kernel

44s

Max time network

121s

Command Line

"C:\Users\Admin\AppData\Local\Temp\53701250c034867c790c728b7d9c1daabc7f7156a66c74b6969a6ed1fd83578dN.exe"

Signatures

Modifies WinLogon for persistence

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "C:\\Users\\Admin\\AppData\\Local\\Temp\\53701250c034867c790c728b7d9c1daabc7f7156a66c74b6969a6ed1fd83578dN.exe" C:\Users\Admin\AppData\Local\Temp\53701250c034867c790c728b7d9c1daabc7f7156a66c74b6969a6ed1fd83578dN.exe N/A

Drops file in Drivers directory

Description Indicator Process Target
File opened for modification C:\Windows\System32\drivers\etc\hosts C:\Users\Admin\AppData\Local\Temp\53701250c034867c790c728b7d9c1daabc7f7156a66c74b6969a6ed1fd83578dN.exe N/A
File opened for modification C:\Windows\System32\drivers\etc\lmhosts.sam C:\Users\Admin\AppData\Local\Temp\53701250c034867c790c728b7d9c1daabc7f7156a66c74b6969a6ed1fd83578dN.exe N/A
File opened for modification C:\Windows\System32\drivers\etc\networks C:\Users\Admin\AppData\Local\Temp\53701250c034867c790c728b7d9c1daabc7f7156a66c74b6969a6ed1fd83578dN.exe N/A
File opened for modification C:\Windows\System32\drivers\etc\protocol C:\Users\Admin\AppData\Local\Temp\53701250c034867c790c728b7d9c1daabc7f7156a66c74b6969a6ed1fd83578dN.exe N/A
File opened for modification C:\Windows\System32\drivers\etc\services C:\Users\Admin\AppData\Local\Temp\53701250c034867c790c728b7d9c1daabc7f7156a66c74b6969a6ed1fd83578dN.exe N/A

Drops startup file

Description Indicator Process Target
File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Antivirus.bat C:\Users\Admin\AppData\Local\Temp\53701250c034867c790c728b7d9c1daabc7f7156a66c74b6969a6ed1fd83578dN.exe N/A

Reads user/profile data of web browsers

spyware stealer

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Windows\CurrentVersion\Run\My Program = "\\C:\\Users\\Admin\\AppData\\Local\\Temp\\53701250c034867c790c728b7d9c1daabc7f7156a66c74b6969a6ed1fd83578dN.exe\\" C:\Users\Admin\AppData\Local\Temp\53701250c034867c790c728b7d9c1daabc7f7156a66c74b6969a6ed1fd83578dN.exe N/A

Legitimate hosting services abused for malware hosting/C2

Description Indicator Process Target
N/A raw.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File opened for modification C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\FLTLDR.EXE C:\Users\Admin\AppData\Local\Temp\53701250c034867c790c728b7d9c1daabc7f7156a66c74b6969a6ed1fd83578dN.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\microsoft shared\EQUATION\EQNEDT32.EXE C:\Users\Admin\AppData\Local\Temp\53701250c034867c790c728b7d9c1daabc7f7156a66c74b6969a6ed1fd83578dN.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\ACERCLR.DLL C:\Users\Admin\AppData\Local\Temp\53701250c034867c790c728b7d9c1daabc7f7156a66c74b6969a6ed1fd83578dN.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\microsoft shared\VSTA\8.0\x86\VSTARemotingServer.dll C:\Users\Admin\AppData\Local\Temp\53701250c034867c790c728b7d9c1daabc7f7156a66c74b6969a6ed1fd83578dN.exe N/A
File created C:\Program Files (x86)\Common Files\System\Ole DB\msdaora.dll C:\Users\Admin\AppData\Local\Temp\53701250c034867c790c728b7d9c1daabc7f7156a66c74b6969a6ed1fd83578dN.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\ink\InkDiv.dll C:\Users\Admin\AppData\Local\Temp\53701250c034867c790c728b7d9c1daabc7f7156a66c74b6969a6ed1fd83578dN.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\ink\mraut.dll C:\Users\Admin\AppData\Local\Temp\53701250c034867c790c728b7d9c1daabc7f7156a66c74b6969a6ed1fd83578dN.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\microsoft shared\TRANSLAT\ESEN\MSB1ESEN.DLL C:\Users\Admin\AppData\Local\Temp\53701250c034867c790c728b7d9c1daabc7f7156a66c74b6969a6ed1fd83578dN.exe N/A
File created C:\Program Files (x86)\Common Files\System\Ole DB\msdatt.dll C:\Users\Admin\AppData\Local\Temp\53701250c034867c790c728b7d9c1daabc7f7156a66c74b6969a6ed1fd83578dN.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\MSInfo\msinfo32.exe C:\Users\Admin\AppData\Local\Temp\53701250c034867c790c728b7d9c1daabc7f7156a66c74b6969a6ed1fd83578dN.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\microsoft shared\Help\1031\hxdsui.dll C:\Users\Admin\AppData\Local\Temp\53701250c034867c790c728b7d9c1daabc7f7156a66c74b6969a6ed1fd83578dN.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\1033\ACEODBCI.DLL C:\Users\Admin\AppData\Local\Temp\53701250c034867c790c728b7d9c1daabc7f7156a66c74b6969a6ed1fd83578dN.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\microsoft shared\PROOF\MSLID.DLL C:\Users\Admin\AppData\Local\Temp\53701250c034867c790c728b7d9c1daabc7f7156a66c74b6969a6ed1fd83578dN.exe N/A
File created C:\Program Files (x86)\Common Files\System\Ole DB\msdaosp.dll C:\Users\Admin\AppData\Local\Temp\53701250c034867c790c728b7d9c1daabc7f7156a66c74b6969a6ed1fd83578dN.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\ink\pipres.dll C:\Users\Admin\AppData\Local\Temp\53701250c034867c790c728b7d9c1daabc7f7156a66c74b6969a6ed1fd83578dN.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\OSetupPS.dll C:\Users\Admin\AppData\Local\Temp\53701250c034867c790c728b7d9c1daabc7f7156a66c74b6969a6ed1fd83578dN.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\Office.en-us\promointl.dll C:\Users\Admin\AppData\Local\Temp\53701250c034867c790c728b7d9c1daabc7f7156a66c74b6969a6ed1fd83578dN.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\microsoft shared\Smart Tag\1033\STINTL.DLL C:\Users\Admin\AppData\Local\Temp\53701250c034867c790c728b7d9c1daabc7f7156a66c74b6969a6ed1fd83578dN.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\microsoft shared\TextConv\MSCONV97.DLL C:\Users\Admin\AppData\Local\Temp\53701250c034867c790c728b7d9c1daabc7f7156a66c74b6969a6ed1fd83578dN.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\ink\Microsoft.Ink.dll C:\Users\Admin\AppData\Local\Temp\53701250c034867c790c728b7d9c1daabc7f7156a66c74b6969a6ed1fd83578dN.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\USP10.DLL C:\Users\Admin\AppData\Local\Temp\53701250c034867c790c728b7d9c1daabc7f7156a66c74b6969a6ed1fd83578dN.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\microsoft shared\VC\msdia90.dll C:\Users\Admin\AppData\Local\Temp\53701250c034867c790c728b7d9c1daabc7f7156a66c74b6969a6ed1fd83578dN.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\microsoft shared\VSTA\Pipeline.v10.0\AddInSideAdapters\Microsoft.VisualStudio.Tools.Office.Excel.AddInAdapter.v9.0.dll C:\Users\Admin\AppData\Local\Temp\53701250c034867c790c728b7d9c1daabc7f7156a66c74b6969a6ed1fd83578dN.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\microsoft shared\VSTA\Pipeline.v10.0\AddInViews\Microsoft.VisualStudio.Tools.Applications.Runtime.v9.0.dll C:\Users\Admin\AppData\Local\Temp\53701250c034867c790c728b7d9c1daabc7f7156a66c74b6969a6ed1fd83578dN.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\microsoft shared\VSTA\Pipeline.v10.0\HostSideAdapters\Microsoft.VisualStudio.Tools.Office.HostAdapter.v10.0.dll C:\Users\Admin\AppData\Local\Temp\53701250c034867c790c728b7d9c1daabc7f7156a66c74b6969a6ed1fd83578dN.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\microsoft shared\Filters\odffilt.dll C:\Users\Admin\AppData\Local\Temp\53701250c034867c790c728b7d9c1daabc7f7156a66c74b6969a6ed1fd83578dN.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\ink\journal.dll C:\Users\Admin\AppData\Local\Temp\53701250c034867c790c728b7d9c1daabc7f7156a66c74b6969a6ed1fd83578dN.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\microsoft shared\VC\msdia100.dll C:\Users\Admin\AppData\Local\Temp\53701250c034867c790c728b7d9c1daabc7f7156a66c74b6969a6ed1fd83578dN.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\microsoft shared\Web Server Extensions\14\BIN\FPSRVUTL.DLL C:\Users\Admin\AppData\Local\Temp\53701250c034867c790c728b7d9c1daabc7f7156a66c74b6969a6ed1fd83578dN.exe N/A
File created C:\Program Files (x86)\Common Files\System\msadc\msadcs.dll C:\Users\Admin\AppData\Local\Temp\53701250c034867c790c728b7d9c1daabc7f7156a66c74b6969a6ed1fd83578dN.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\1033\ACEINTL.DLL C:\Users\Admin\AppData\Local\Temp\53701250c034867c790c728b7d9c1daabc7f7156a66c74b6969a6ed1fd83578dN.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\microsoft shared\Portal\1033\PortalConnect.dll C:\Users\Admin\AppData\Local\Temp\53701250c034867c790c728b7d9c1daabc7f7156a66c74b6969a6ed1fd83578dN.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\microsoft shared\Smart Tag\IMCONTACT.DLL C:\Users\Admin\AppData\Local\Temp\53701250c034867c790c728b7d9c1daabc7f7156a66c74b6969a6ed1fd83578dN.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\microsoft shared\TextConv\WPEQU532.DLL C:\Users\Admin\AppData\Local\Temp\53701250c034867c790c728b7d9c1daabc7f7156a66c74b6969a6ed1fd83578dN.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\microsoft shared\VSTA\Pipeline.v10.0\AddInSideAdapters\Microsoft.VisualStudio.Tools.Office.Word.AddInAdapter.v9.0.dll C:\Users\Admin\AppData\Local\Temp\53701250c034867c790c728b7d9c1daabc7f7156a66c74b6969a6ed1fd83578dN.exe N/A
File created C:\Program Files (x86)\Common Files\System\ado\msador15.dll C:\Users\Admin\AppData\Local\Temp\53701250c034867c790c728b7d9c1daabc7f7156a66c74b6969a6ed1fd83578dN.exe N/A
File created C:\Program Files (x86)\Common Files\System\Ole DB\msdaenum.dll C:\Users\Admin\AppData\Local\Temp\53701250c034867c790c728b7d9c1daabc7f7156a66c74b6969a6ed1fd83578dN.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\ink\InkObj.dll C:\Users\Admin\AppData\Local\Temp\53701250c034867c790c728b7d9c1daabc7f7156a66c74b6969a6ed1fd83578dN.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\RICHED20.DLL C:\Users\Admin\AppData\Local\Temp\53701250c034867c790c728b7d9c1daabc7f7156a66c74b6969a6ed1fd83578dN.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\ACEODTXT.DLL C:\Users\Admin\AppData\Local\Temp\53701250c034867c790c728b7d9c1daabc7f7156a66c74b6969a6ed1fd83578dN.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\1033\MSOINTL.DLL C:\Users\Admin\AppData\Local\Temp\53701250c034867c790c728b7d9c1daabc7f7156a66c74b6969a6ed1fd83578dN.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\microsoft shared\Smart Tag\FPLACE.DLL C:\Users\Admin\AppData\Local\Temp\53701250c034867c790c728b7d9c1daabc7f7156a66c74b6969a6ed1fd83578dN.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\microsoft shared\Help\hxds.dll C:\Users\Admin\AppData\Local\Temp\53701250c034867c790c728b7d9c1daabc7f7156a66c74b6969a6ed1fd83578dN.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\microsoft shared\Help\1036\hxdsui.dll C:\Users\Admin\AppData\Local\Temp\53701250c034867c790c728b7d9c1daabc7f7156a66c74b6969a6ed1fd83578dN.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\microsoft shared\Smart Tag\METCONV.DLL C:\Users\Admin\AppData\Local\Temp\53701250c034867c790c728b7d9c1daabc7f7156a66c74b6969a6ed1fd83578dN.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\microsoft shared\Help\1046\hxdsui.dll C:\Users\Admin\AppData\Local\Temp\53701250c034867c790c728b7d9c1daabc7f7156a66c74b6969a6ed1fd83578dN.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\1033\xlsrvintl.dll C:\Users\Admin\AppData\Local\Temp\53701250c034867c790c728b7d9c1daabc7f7156a66c74b6969a6ed1fd83578dN.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\microsoft shared\VSTA\Pipeline.v10.0\AddInSideAdapters\Microsoft.VisualStudio.Tools.Applications.AddInAdapter.v10.0.dll C:\Users\Admin\AppData\Local\Temp\53701250c034867c790c728b7d9c1daabc7f7156a66c74b6969a6ed1fd83578dN.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\ink\micaut.dll C:\Users\Admin\AppData\Local\Temp\53701250c034867c790c728b7d9c1daabc7f7156a66c74b6969a6ed1fd83578dN.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\ACEDAO.DLL C:\Users\Admin\AppData\Local\Temp\53701250c034867c790c728b7d9c1daabc7f7156a66c74b6969a6ed1fd83578dN.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\microsoft shared\VSTO\10.0\VSTOLoader.dll C:\Users\Admin\AppData\Local\Temp\53701250c034867c790c728b7d9c1daabc7f7156a66c74b6969a6ed1fd83578dN.exe N/A
File created C:\Program Files (x86)\Common Files\System\wab32res.dll C:\Users\Admin\AppData\Local\Temp\53701250c034867c790c728b7d9c1daabc7f7156a66c74b6969a6ed1fd83578dN.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL C:\Users\Admin\AppData\Local\Temp\53701250c034867c790c728b7d9c1daabc7f7156a66c74b6969a6ed1fd83578dN.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\OPHPROXY.DLL C:\Users\Admin\AppData\Local\Temp\53701250c034867c790c728b7d9c1daabc7f7156a66c74b6969a6ed1fd83578dN.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\microsoft shared\TRANSLAT\FREN\MSB1FREN.DLL C:\Users\Admin\AppData\Local\Temp\53701250c034867c790c728b7d9c1daabc7f7156a66c74b6969a6ed1fd83578dN.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\microsoft shared\VSTO\10.0\VSTOMessageProvider.dll C:\Users\Admin\AppData\Local\Temp\53701250c034867c790c728b7d9c1daabc7f7156a66c74b6969a6ed1fd83578dN.exe N/A
File created C:\Program Files (x86)\Common Files\System\Ole DB\msdaps.dll C:\Users\Admin\AppData\Local\Temp\53701250c034867c790c728b7d9c1daabc7f7156a66c74b6969a6ed1fd83578dN.exe N/A
File created C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroPDF.dll C:\Users\Admin\AppData\Local\Temp\53701250c034867c790c728b7d9c1daabc7f7156a66c74b6969a6ed1fd83578dN.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\microsoft shared\Help\3082\hxdsui.dll C:\Users\Admin\AppData\Local\Temp\53701250c034867c790c728b7d9c1daabc7f7156a66c74b6969a6ed1fd83578dN.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\EXP_PDF.DLL C:\Users\Admin\AppData\Local\Temp\53701250c034867c790c728b7d9c1daabc7f7156a66c74b6969a6ed1fd83578dN.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\ACEODBC.DLL C:\Users\Admin\AppData\Local\Temp\53701250c034867c790c728b7d9c1daabc7f7156a66c74b6969a6ed1fd83578dN.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\ACEXBE.DLL C:\Users\Admin\AppData\Local\Temp\53701250c034867c790c728b7d9c1daabc7f7156a66c74b6969a6ed1fd83578dN.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\microsoft shared\VSTA\Pipeline.v10.0\AddInViews\Microsoft.Office.Tools.v9.0.dll C:\Users\Admin\AppData\Local\Temp\53701250c034867c790c728b7d9c1daabc7f7156a66c74b6969a6ed1fd83578dN.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Csi.dll C:\Users\Admin\AppData\Local\Temp\53701250c034867c790c728b7d9c1daabc7f7156a66c74b6969a6ed1fd83578dN.exe N/A

Enumerates physical storage devices

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\53701250c034867c790c728b7d9c1daabc7f7156a66c74b6969a6ed1fd83578dN.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\53701250c034867c790c728b7d9c1daabc7f7156a66c74b6969a6ed1fd83578dN.exe

"C:\Users\Admin\AppData\Local\Temp\53701250c034867c790c728b7d9c1daabc7f7156a66c74b6969a6ed1fd83578dN.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 raw.githubusercontent.com udp
US 185.199.108.133:443 raw.githubusercontent.com tcp

Files

memory/2640-0-0x000000007409E000-0x000000007409F000-memory.dmp

memory/2640-1-0x0000000000110000-0x000000000011A000-memory.dmp

memory/2640-2-0x0000000074090000-0x000000007477E000-memory.dmp

C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\airappinstaller.exe

MD5 52020fb713143f15456da51e4d895970
SHA1 29857a25ca0915011ea8fea0c58c85ecbbe13894
SHA256 53701250c034867c790c728b7d9c1daabc7f7156a66c74b6969a6ed1fd83578d
SHA512 ba9956edd06bc1738817454f9dcd2b6588a44107e7ec825a31e5c0e57d450a966f228ce106bef10bfccc4ecf86e40e7f6378f343359a52618e7e930dfa1cb461

C:\Windows\System32\drivers\etc\networks

MD5 8b20ea0476a4ef666ffde47cf8d160b1
SHA1 528db63e91e4c53a7b591dae179b501ed1b567e6
SHA256 8fd9c10a4641311464f5a6529b4d2b23c5727d44cf735b05336d63fb905c9173
SHA512 8286bfcfe07695ba7aa5a3f75e6ae80643fc3b7c72f21246a9f3c614c1fe5eed70a438227335f0dce8a4014e0fc8975718efd13c3316314ebd28d88b065ab844

memory/2640-5277-0x000000007409E000-0x000000007409F000-memory.dmp

memory/2640-5994-0x0000000074090000-0x000000007477E000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-10-25 22:31

Reported

2024-10-25 22:34

Platform

win10v2004-20241007-en

Max time kernel

46s

Max time network

150s

Command Line

"C:\Users\Admin\AppData\Local\Temp\53701250c034867c790c728b7d9c1daabc7f7156a66c74b6969a6ed1fd83578dN.exe"

Signatures

Modifies WinLogon for persistence

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "C:\\Users\\Admin\\AppData\\Local\\Temp\\53701250c034867c790c728b7d9c1daabc7f7156a66c74b6969a6ed1fd83578dN.exe" C:\Users\Admin\AppData\Local\Temp\53701250c034867c790c728b7d9c1daabc7f7156a66c74b6969a6ed1fd83578dN.exe N/A

Drops file in Drivers directory

Description Indicator Process Target
File opened for modification C:\Windows\System32\drivers\etc\hosts C:\Users\Admin\AppData\Local\Temp\53701250c034867c790c728b7d9c1daabc7f7156a66c74b6969a6ed1fd83578dN.exe N/A
File opened for modification C:\Windows\System32\drivers\etc\lmhosts.sam C:\Users\Admin\AppData\Local\Temp\53701250c034867c790c728b7d9c1daabc7f7156a66c74b6969a6ed1fd83578dN.exe N/A
File opened for modification C:\Windows\System32\drivers\etc\networks C:\Users\Admin\AppData\Local\Temp\53701250c034867c790c728b7d9c1daabc7f7156a66c74b6969a6ed1fd83578dN.exe N/A
File opened for modification C:\Windows\System32\drivers\etc\protocol C:\Users\Admin\AppData\Local\Temp\53701250c034867c790c728b7d9c1daabc7f7156a66c74b6969a6ed1fd83578dN.exe N/A
File opened for modification C:\Windows\System32\drivers\etc\services C:\Users\Admin\AppData\Local\Temp\53701250c034867c790c728b7d9c1daabc7f7156a66c74b6969a6ed1fd83578dN.exe N/A

Drops startup file

Description Indicator Process Target
File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\YourMom.vbs C:\Users\Admin\AppData\Local\Temp\53701250c034867c790c728b7d9c1daabc7f7156a66c74b6969a6ed1fd83578dN.exe N/A
File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MSDOS32.mp3 C:\Users\Admin\AppData\Local\Temp\53701250c034867c790c728b7d9c1daabc7f7156a66c74b6969a6ed1fd83578dN.exe N/A
File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MSDOS323.mp3 C:\Users\Admin\AppData\Local\Temp\53701250c034867c790c728b7d9c1daabc7f7156a66c74b6969a6ed1fd83578dN.exe N/A
File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Antivirus.bat C:\Users\Admin\AppData\Local\Temp\53701250c034867c790c728b7d9c1daabc7f7156a66c74b6969a6ed1fd83578dN.exe N/A
File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Antivirus2.vbs C:\Users\Admin\AppData\Local\Temp\53701250c034867c790c728b7d9c1daabc7f7156a66c74b6969a6ed1fd83578dN.exe N/A
File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Antivirus3.vbs C:\Users\Admin\AppData\Local\Temp\53701250c034867c790c728b7d9c1daabc7f7156a66c74b6969a6ed1fd83578dN.exe N/A
File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\KasperskyScanner.hta C:\Users\Admin\AppData\Local\Temp\53701250c034867c790c728b7d9c1daabc7f7156a66c74b6969a6ed1fd83578dN.exe N/A
File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\YourMomIsGay.html C:\Users\Admin\AppData\Local\Temp\53701250c034867c790c728b7d9c1daabc7f7156a66c74b6969a6ed1fd83578dN.exe N/A

Reads user/profile data of web browsers

spyware stealer

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\My Program = "\\C:\\Users\\Admin\\AppData\\Local\\Temp\\53701250c034867c790c728b7d9c1daabc7f7156a66c74b6969a6ed1fd83578dN.exe\\" C:\Users\Admin\AppData\Local\Temp\53701250c034867c790c728b7d9c1daabc7f7156a66c74b6969a6ed1fd83578dN.exe N/A

Legitimate hosting services abused for malware hosting/C2

Description Indicator Process Target
N/A raw.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files (x86)\Common Files\System\Ole DB\msdatl3.dll C:\Users\Admin\AppData\Local\Temp\53701250c034867c790c728b7d9c1daabc7f7156a66c74b6969a6ed1fd83578dN.exe N/A
File created C:\Program Files (x86)\Common Files\Microsoft Shared\ink\mshwLatin.dll C:\Users\Admin\AppData\Local\Temp\53701250c034867c790c728b7d9c1daabc7f7156a66c74b6969a6ed1fd83578dN.exe N/A
File created C:\Program Files (x86)\Common Files\System\Ole DB\msdaer.dll C:\Users\Admin\AppData\Local\Temp\53701250c034867c790c728b7d9c1daabc7f7156a66c74b6969a6ed1fd83578dN.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe C:\Users\Admin\AppData\Local\Temp\53701250c034867c790c728b7d9c1daabc7f7156a66c74b6969a6ed1fd83578dN.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\Microsoft Shared\MSEnv\PublicAssemblies\extensibility.dll C:\Users\Admin\AppData\Local\Temp\53701250c034867c790c728b7d9c1daabc7f7156a66c74b6969a6ed1fd83578dN.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\Contracts\Microsoft.VisualStudio.Tools.Office.Contract.v9.0.dll C:\Users\Admin\AppData\Local\Temp\53701250c034867c790c728b7d9c1daabc7f7156a66c74b6969a6ed1fd83578dN.exe N/A
File created C:\Program Files (x86)\Common Files\System\msadc\msadce.dll C:\Users\Admin\AppData\Local\Temp\53701250c034867c790c728b7d9c1daabc7f7156a66c74b6969a6ed1fd83578dN.exe N/A
File created C:\Program Files (x86)\Common Files\System\Ole DB\msdadc.dll C:\Users\Admin\AppData\Local\Temp\53701250c034867c790c728b7d9c1daabc7f7156a66c74b6969a6ed1fd83578dN.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARMHelper.exe C:\Users\Admin\AppData\Local\Temp\53701250c034867c790c728b7d9c1daabc7f7156a66c74b6969a6ed1fd83578dN.exe N/A
File created C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroPDF64.dll C:\Users\Admin\AppData\Local\Temp\53701250c034867c790c728b7d9c1daabc7f7156a66c74b6969a6ed1fd83578dN.exe N/A
File created C:\Program Files (x86)\Common Files\Microsoft Shared\ink\mshwgst.dll C:\Users\Admin\AppData\Local\Temp\53701250c034867c790c728b7d9c1daabc7f7156a66c74b6969a6ed1fd83578dN.exe N/A
File created C:\Program Files (x86)\Common Files\Microsoft Shared\ink\tiptsf.dll C:\Users\Admin\AppData\Local\Temp\53701250c034867c790c728b7d9c1daabc7f7156a66c74b6969a6ed1fd83578dN.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\AddInSideAdapters\Microsoft.VisualStudio.Tools.Office.Excel.AddInAdapter.v9.0.dll C:\Users\Admin\AppData\Local\Temp\53701250c034867c790c728b7d9c1daabc7f7156a66c74b6969a6ed1fd83578dN.exe N/A
File created C:\Program Files (x86)\Common Files\System\ado\msadox.dll C:\Users\Admin\AppData\Local\Temp\53701250c034867c790c728b7d9c1daabc7f7156a66c74b6969a6ed1fd83578dN.exe N/A
File created C:\Program Files (x86)\Common Files\System\msadc\msdarem.dll C:\Users\Admin\AppData\Local\Temp\53701250c034867c790c728b7d9c1daabc7f7156a66c74b6969a6ed1fd83578dN.exe N/A
File created C:\Program Files (x86)\Common Files\System\Ole DB\msdaps.dll C:\Users\Admin\AppData\Local\Temp\53701250c034867c790c728b7d9c1daabc7f7156a66c74b6969a6ed1fd83578dN.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\Microsoft Shared\VC\msdia90.dll C:\Users\Admin\AppData\Local\Temp\53701250c034867c790c728b7d9c1daabc7f7156a66c74b6969a6ed1fd83578dN.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\HostSideAdapters\Microsoft.VisualStudio.Tools.Office.Word.HostAdapter.v10.0.dll C:\Users\Admin\AppData\Local\Temp\53701250c034867c790c728b7d9c1daabc7f7156a66c74b6969a6ed1fd83578dN.exe N/A
File created C:\Program Files (x86)\Common Files\Microsoft Shared\ink\pipanel.exe C:\Users\Admin\AppData\Local\Temp\53701250c034867c790c728b7d9c1daabc7f7156a66c74b6969a6ed1fd83578dN.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\AddInSideAdapters\Microsoft.VisualStudio.Tools.Office.AddInAdapter.v9.0.dll C:\Users\Admin\AppData\Local\Temp\53701250c034867c790c728b7d9c1daabc7f7156a66c74b6969a6ed1fd83578dN.exe N/A
File created C:\Program Files (x86)\Common Files\System\Ole DB\oledb32r.dll C:\Users\Admin\AppData\Local\Temp\53701250c034867c790c728b7d9c1daabc7f7156a66c74b6969a6ed1fd83578dN.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\Oracle\Java\javapath\javaws.exe C:\Users\Admin\AppData\Local\Temp\53701250c034867c790c728b7d9c1daabc7f7156a66c74b6969a6ed1fd83578dN.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_85250\java.exe C:\Users\Admin\AppData\Local\Temp\53701250c034867c790c728b7d9c1daabc7f7156a66c74b6969a6ed1fd83578dN.exe N/A
File created C:\Program Files (x86)\Common Files\Microsoft Shared\ink\InkObj.dll C:\Users\Admin\AppData\Local\Temp\53701250c034867c790c728b7d9c1daabc7f7156a66c74b6969a6ed1fd83578dN.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\Contracts\Microsoft.VisualStudio.Tools.Applications.Contract.v10.0.dll C:\Users\Admin\AppData\Local\Temp\53701250c034867c790c728b7d9c1daabc7f7156a66c74b6969a6ed1fd83578dN.exe N/A
File created C:\Program Files (x86)\Common Files\System\msadc\msadco.dll C:\Users\Admin\AppData\Local\Temp\53701250c034867c790c728b7d9c1daabc7f7156a66c74b6969a6ed1fd83578dN.exe N/A
File created C:\Program Files (x86)\Common Files\System\msadc\msaddsr.dll C:\Users\Admin\AppData\Local\Temp\53701250c034867c790c728b7d9c1daabc7f7156a66c74b6969a6ed1fd83578dN.exe N/A
File created C:\Program Files (x86)\Common Files\Microsoft Shared\ink\penusa.dll C:\Users\Admin\AppData\Local\Temp\53701250c034867c790c728b7d9c1daabc7f7156a66c74b6969a6ed1fd83578dN.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\AppInfoDocument\Microsoft.VisualStudio.Tools.Office.AppInfoDocument\Microsoft.VisualStudio.Tools.Office.AppInfoDocument.v9.0.dll C:\Users\Admin\AppData\Local\Temp\53701250c034867c790c728b7d9c1daabc7f7156a66c74b6969a6ed1fd83578dN.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\HostSideAdapters\Microsoft.VisualStudio.Tools.Office.Excel.HostAdapter.v10.0.dll C:\Users\Admin\AppData\Local\Temp\53701250c034867c790c728b7d9c1daabc7f7156a66c74b6969a6ed1fd83578dN.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\Microsoft Shared\VSTO\vstoee.dll C:\Users\Admin\AppData\Local\Temp\53701250c034867c790c728b7d9c1daabc7f7156a66c74b6969a6ed1fd83578dN.exe N/A
File created C:\Program Files (x86)\Common Files\System\ado\msado15.dll C:\Users\Admin\AppData\Local\Temp\53701250c034867c790c728b7d9c1daabc7f7156a66c74b6969a6ed1fd83578dN.exe N/A
File created C:\Program Files (x86)\Common Files\System\msadc\msdaprst.dll C:\Users\Admin\AppData\Local\Temp\53701250c034867c790c728b7d9c1daabc7f7156a66c74b6969a6ed1fd83578dN.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_85250\javaws.exe C:\Users\Admin\AppData\Local\Temp\53701250c034867c790c728b7d9c1daabc7f7156a66c74b6969a6ed1fd83578dN.exe N/A
File created C:\Program Files (x86)\Common Files\Microsoft Shared\ink\mraut.dll C:\Users\Admin\AppData\Local\Temp\53701250c034867c790c728b7d9c1daabc7f7156a66c74b6969a6ed1fd83578dN.exe N/A
File created C:\Program Files (x86)\Common Files\Microsoft Shared\ink\skchui.dll C:\Users\Admin\AppData\Local\Temp\53701250c034867c790c728b7d9c1daabc7f7156a66c74b6969a6ed1fd83578dN.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\Contracts\Microsoft.VisualStudio.Tools.Applications.Contract.v9.0.dll C:\Users\Admin\AppData\Local\Temp\53701250c034867c790c728b7d9c1daabc7f7156a66c74b6969a6ed1fd83578dN.exe N/A
File created C:\Program Files (x86)\Common Files\System\Ole DB\msdaorar.dll C:\Users\Admin\AppData\Local\Temp\53701250c034867c790c728b7d9c1daabc7f7156a66c74b6969a6ed1fd83578dN.exe N/A
File created C:\Program Files (x86)\Common Files\System\Ole DB\msdaosp.dll C:\Users\Admin\AppData\Local\Temp\53701250c034867c790c728b7d9c1daabc7f7156a66c74b6969a6ed1fd83578dN.exe N/A
File created C:\Program Files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll C:\Users\Admin\AppData\Local\Temp\53701250c034867c790c728b7d9c1daabc7f7156a66c74b6969a6ed1fd83578dN.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\AddInSideAdapters\Microsoft.VisualStudio.Tools.Applications.AddInAdapter.v9.0.dll C:\Users\Admin\AppData\Local\Temp\53701250c034867c790c728b7d9c1daabc7f7156a66c74b6969a6ed1fd83578dN.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\Microsoft Shared\VSTO\10.0\1033\VSTOLoaderUI.dll C:\Users\Admin\AppData\Local\Temp\53701250c034867c790c728b7d9c1daabc7f7156a66c74b6969a6ed1fd83578dN.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\Microsoft Shared\VC\msdia100.dll C:\Users\Admin\AppData\Local\Temp\53701250c034867c790c728b7d9c1daabc7f7156a66c74b6969a6ed1fd83578dN.exe N/A
File created C:\Program Files (x86)\Common Files\System\ado\msador15.dll C:\Users\Admin\AppData\Local\Temp\53701250c034867c790c728b7d9c1daabc7f7156a66c74b6969a6ed1fd83578dN.exe N/A
File created C:\Program Files (x86)\Common Files\System\Ole DB\msdaora.dll C:\Users\Admin\AppData\Local\Temp\53701250c034867c790c728b7d9c1daabc7f7156a66c74b6969a6ed1fd83578dN.exe N/A
File created C:\Program Files (x86)\Common Files\System\Ole DB\sqloledb.dll C:\Users\Admin\AppData\Local\Temp\53701250c034867c790c728b7d9c1daabc7f7156a66c74b6969a6ed1fd83578dN.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\Java\Java Update\jaureg.exe C:\Users\Admin\AppData\Local\Temp\53701250c034867c790c728b7d9c1daabc7f7156a66c74b6969a6ed1fd83578dN.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_85250\javaw.exe C:\Users\Admin\AppData\Local\Temp\53701250c034867c790c728b7d9c1daabc7f7156a66c74b6969a6ed1fd83578dN.exe N/A
File created C:\Program Files (x86)\Common Files\Microsoft Shared\ink\micaut.dll C:\Users\Admin\AppData\Local\Temp\53701250c034867c790c728b7d9c1daabc7f7156a66c74b6969a6ed1fd83578dN.exe N/A
File created C:\Program Files (x86)\Common Files\System\Ole DB\msdasc.dll C:\Users\Admin\AppData\Local\Temp\53701250c034867c790c728b7d9c1daabc7f7156a66c74b6969a6ed1fd83578dN.exe N/A
File created C:\Program Files (x86)\Common Files\Microsoft Shared\ink\mshwjpn.dll C:\Users\Admin\AppData\Local\Temp\53701250c034867c790c728b7d9c1daabc7f7156a66c74b6969a6ed1fd83578dN.exe N/A
File created C:\Program Files (x86)\Common Files\Microsoft Shared\ink\rtscom.dll C:\Users\Admin\AppData\Local\Temp\53701250c034867c790c728b7d9c1daabc7f7156a66c74b6969a6ed1fd83578dN.exe N/A
File created C:\Program Files (x86)\Common Files\System\Ole DB\msdasqlr.dll C:\Users\Admin\AppData\Local\Temp\53701250c034867c790c728b7d9c1daabc7f7156a66c74b6969a6ed1fd83578dN.exe N/A
File created C:\Program Files (x86)\Common Files\Microsoft Shared\ink\penchs.dll C:\Users\Admin\AppData\Local\Temp\53701250c034867c790c728b7d9c1daabc7f7156a66c74b6969a6ed1fd83578dN.exe N/A
File created C:\Program Files (x86)\Common Files\Microsoft Shared\ink\tpcps.dll C:\Users\Admin\AppData\Local\Temp\53701250c034867c790c728b7d9c1daabc7f7156a66c74b6969a6ed1fd83578dN.exe N/A
File created C:\Program Files (x86)\Common Files\System\msadc\msadcer.dll C:\Users\Admin\AppData\Local\Temp\53701250c034867c790c728b7d9c1daabc7f7156a66c74b6969a6ed1fd83578dN.exe N/A
File created C:\Program Files (x86)\Common Files\System\Ole DB\oledb32.dll C:\Users\Admin\AppData\Local\Temp\53701250c034867c790c728b7d9c1daabc7f7156a66c74b6969a6ed1fd83578dN.exe N/A
File created C:\Program Files (x86)\Common Files\Microsoft Shared\ink\TabTip32.exe C:\Users\Admin\AppData\Local\Temp\53701250c034867c790c728b7d9c1daabc7f7156a66c74b6969a6ed1fd83578dN.exe N/A
File created C:\Program Files (x86)\Common Files\Microsoft Shared\ink\pencht.dll C:\Users\Admin\AppData\Local\Temp\53701250c034867c790c728b7d9c1daabc7f7156a66c74b6969a6ed1fd83578dN.exe N/A
File created C:\Program Files (x86)\Common Files\Microsoft Shared\ink\pipres.dll C:\Users\Admin\AppData\Local\Temp\53701250c034867c790c728b7d9c1daabc7f7156a66c74b6969a6ed1fd83578dN.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\AddInSideAdapters\Microsoft.VisualStudio.Tools.Applications.AddInAdapter.v10.0.dll C:\Users\Admin\AppData\Local\Temp\53701250c034867c790c728b7d9c1daabc7f7156a66c74b6969a6ed1fd83578dN.exe N/A
File created C:\Program Files (x86)\Common Files\System\ado\msader15.dll C:\Users\Admin\AppData\Local\Temp\53701250c034867c790c728b7d9c1daabc7f7156a66c74b6969a6ed1fd83578dN.exe N/A
File created C:\Program Files (x86)\Common Files\System\msadc\msdfmap.dll C:\Users\Admin\AppData\Local\Temp\53701250c034867c790c728b7d9c1daabc7f7156a66c74b6969a6ed1fd83578dN.exe N/A
File created C:\Program Files (x86)\Common Files\Microsoft Shared\ink\InkDiv.dll C:\Users\Admin\AppData\Local\Temp\53701250c034867c790c728b7d9c1daabc7f7156a66c74b6969a6ed1fd83578dN.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\53701250c034867c790c728b7d9c1daabc7f7156a66c74b6969a6ed1fd83578dN.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\53701250c034867c790c728b7d9c1daabc7f7156a66c74b6969a6ed1fd83578dN.exe

"C:\Users\Admin\AppData\Local\Temp\53701250c034867c790c728b7d9c1daabc7f7156a66c74b6969a6ed1fd83578dN.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 13.86.106.20.in-addr.arpa udp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp
US 8.8.8.8:53 raw.githubusercontent.com udp
US 185.199.110.133:443 raw.githubusercontent.com tcp
US 8.8.8.8:53 archive.org udp
US 207.241.224.2:443 archive.org tcp
US 8.8.8.8:53 71.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 133.110.199.185.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 ia600905.us.archive.org udp
US 207.241.227.65:443 ia600905.us.archive.org tcp
US 8.8.8.8:53 97.17.167.52.in-addr.arpa udp
US 8.8.8.8:53 2.224.241.207.in-addr.arpa udp
US 8.8.8.8:53 88.156.103.20.in-addr.arpa udp
US 8.8.8.8:53 65.227.241.207.in-addr.arpa udp
US 8.8.8.8:53 vgmsite.com udp
US 216.227.148.10:443 vgmsite.com tcp
US 8.8.8.8:53 10.148.227.216.in-addr.arpa udp
US 8.8.8.8:53 232.168.11.51.in-addr.arpa udp
US 8.8.8.8:53 56.163.245.4.in-addr.arpa udp
US 8.8.8.8:53 241.42.69.40.in-addr.arpa udp
US 8.8.8.8:53 226.108.222.173.in-addr.arpa udp
US 8.8.8.8:53 57.169.31.20.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 23.236.111.52.in-addr.arpa udp
US 8.8.8.8:53 26.35.223.20.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 10.28.171.150.in-addr.arpa udp

Files

memory/3372-0-0x0000000074CFE000-0x0000000074CFF000-memory.dmp

memory/3372-1-0x0000000000C30000-0x0000000000C3A000-memory.dmp

memory/3372-2-0x0000000005B80000-0x0000000006124000-memory.dmp

memory/3372-3-0x0000000005670000-0x0000000005702000-memory.dmp

memory/3372-4-0x0000000005640000-0x000000000564A000-memory.dmp

memory/3372-5-0x0000000074CF0000-0x00000000754A0000-memory.dmp

C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_85250\java.exe

MD5 52020fb713143f15456da51e4d895970
SHA1 29857a25ca0915011ea8fea0c58c85ecbbe13894
SHA256 53701250c034867c790c728b7d9c1daabc7f7156a66c74b6969a6ed1fd83578d
SHA512 ba9956edd06bc1738817454f9dcd2b6588a44107e7ec825a31e5c0e57d450a966f228ce106bef10bfccc4ecf86e40e7f6378f343359a52618e7e930dfa1cb461

C:\Windows\System32\drivers\etc\networks

MD5 8b20ea0476a4ef666ffde47cf8d160b1
SHA1 528db63e91e4c53a7b591dae179b501ed1b567e6
SHA256 8fd9c10a4641311464f5a6529b4d2b23c5727d44cf735b05336d63fb905c9173
SHA512 8286bfcfe07695ba7aa5a3f75e6ae80643fc3b7c72f21246a9f3c614c1fe5eed70a438227335f0dce8a4014e0fc8975718efd13c3316314ebd28d88b065ab844

memory/3372-1370-0x0000000074CFE000-0x0000000074CFF000-memory.dmp

memory/3372-1803-0x0000000074CF0000-0x00000000754A0000-memory.dmp