Analysis Overview
SHA256
392d339ae5e2b0a19eb498cd0388f01c7b58f22ecf18d02029fcc75bbabf0e22
Threat Level: Known bad
The file 392d339ae5e2b0a19eb498cd0388f01c7b58f22ecf18d02029fcc75bbabf0e22N was found to be: Known bad.
Malicious Activity Summary
Modifies WinLogon for persistence
Simda family
simda
Executes dropped EXE
Loads dropped DLL
Modifies WinLogon
Drops file in Windows directory
System Location Discovery: System Language Discovery
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: RenamesItself
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-10-31 11:05
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-10-31 11:05
Reported
2024-10-31 11:07
Platform
win7-20240903-en
Max time kernel
118s
Max time network
123s
Command Line
Signatures
Modifies WinLogon for persistence
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\userinit = "C:\\Windows\\system32\\userinit.exe,C:\\Windows\\apppatch\\svchost.exe," | C:\Windows\apppatch\svchost.exe | N/A |
Simda family
simda
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\apppatch\svchost.exe | N/A |
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\392d339ae5e2b0a19eb498cd0388f01c7b58f22ecf18d02029fcc75bbabf0e22N.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\392d339ae5e2b0a19eb498cd0388f01c7b58f22ecf18d02029fcc75bbabf0e22N.exe | N/A |
Modifies WinLogon
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\405963f1 = "D\u0090½u/à›/\x19ïè•’À¤æJá\næ¹ym\n1\u00ad\fï\x12jÍÄd\f¤LB¸ŽrÖP\x02\x12R°4Âd¦ÿù(¦gØö‰Ï/&\u0090æ\x18:üÚŠzļȆ€¸’Â\f’º\u0090h¢\nQTºö„d”˜X¬iºYÒ\x02¦1Ÿ\x16ø¬v\u008f²Êx_\x1a^v”Ü!æ\x04Té´.êo–\nü^ò!šÐd\x1a\x7f®f\tÎzîñ1B<Ѳ\a®vgWï.¾¹*\"÷žŒ!\x06Ù*`f\x168¨òÌ6¾rÊbä†_¬1ÎJTì\x06ÿ榿è´Aî\n¸V¼ÿÜ~”Jîi†v¨_\x18®LG(\x0e6ªæöoZ9&|\x16nÜáJ±†f\x04l6Y,È™¾Q$.È‚€\x7fùœn—É<Ø\x17Â\u008f" | C:\Users\Admin\AppData\Local\Temp\392d339ae5e2b0a19eb498cd0388f01c7b58f22ecf18d02029fcc75bbabf0e22N.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\405963f1 = "D\u0090½u/à›/\x19ïè•’À¤æJá\næ¹ym\n1\u00ad\fï\x12jÍÄd\f¤LB¸ŽrÖP\x02\x12R°4Âd¦ÿù(¦gØö‰Ï/&\u0090æ\x18:üÚŠzļȆ€¸’Â\f’º\u0090h¢\nQTºö„d”˜X¬iºYÒ\x02¦1Ÿ\x16ø¬v\u008f²Êx_\x1a^v”Ü!æ\x04Té´.êo–\nü^ò!šÐd\x1a\x7f®f\tÎzîñ1B<Ѳ\a®vgWï.¾¹*\"÷žŒ!\x06Ù*`f\x168¨òÌ6¾rÊbä†_¬1ÎJTì\x06ÿ榿è´Aî\n¸V¼ÿÜ~”Jîi†v¨_\x18®LG(\x0e6ªæöoZ9&|\x16nÜáJ±†f\x04l6Y,È™¾Q$.È‚€\x7fùœn—É<Ø\x17Â\u008f" | C:\Windows\apppatch\svchost.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\apppatch\svchost.exe | C:\Users\Admin\AppData\Local\Temp\392d339ae5e2b0a19eb498cd0388f01c7b58f22ecf18d02029fcc75bbabf0e22N.exe | N/A |
| File opened for modification | C:\Windows\apppatch\svchost.exe | C:\Users\Admin\AppData\Local\Temp\392d339ae5e2b0a19eb498cd0388f01c7b58f22ecf18d02029fcc75bbabf0e22N.exe | N/A |
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\apppatch\svchost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\392d339ae5e2b0a19eb498cd0388f01c7b58f22ecf18d02029fcc75bbabf0e22N.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: RenamesItself
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\392d339ae5e2b0a19eb498cd0388f01c7b58f22ecf18d02029fcc75bbabf0e22N.exe | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2388 wrote to memory of 2328 | N/A | C:\Users\Admin\AppData\Local\Temp\392d339ae5e2b0a19eb498cd0388f01c7b58f22ecf18d02029fcc75bbabf0e22N.exe | C:\Windows\apppatch\svchost.exe |
| PID 2388 wrote to memory of 2328 | N/A | C:\Users\Admin\AppData\Local\Temp\392d339ae5e2b0a19eb498cd0388f01c7b58f22ecf18d02029fcc75bbabf0e22N.exe | C:\Windows\apppatch\svchost.exe |
| PID 2388 wrote to memory of 2328 | N/A | C:\Users\Admin\AppData\Local\Temp\392d339ae5e2b0a19eb498cd0388f01c7b58f22ecf18d02029fcc75bbabf0e22N.exe | C:\Windows\apppatch\svchost.exe |
| PID 2388 wrote to memory of 2328 | N/A | C:\Users\Admin\AppData\Local\Temp\392d339ae5e2b0a19eb498cd0388f01c7b58f22ecf18d02029fcc75bbabf0e22N.exe | C:\Windows\apppatch\svchost.exe |
Processes
C:\Users\Admin\AppData\Local\Temp\392d339ae5e2b0a19eb498cd0388f01c7b58f22ecf18d02029fcc75bbabf0e22N.exe
"C:\Users\Admin\AppData\Local\Temp\392d339ae5e2b0a19eb498cd0388f01c7b58f22ecf18d02029fcc75bbabf0e22N.exe"
C:\Windows\apppatch\svchost.exe
"C:\Windows\apppatch\svchost.exe"
Network
| Country | Destination | Domain | Proto |
| US | 95.100.195.51:80 | www.bing.com | tcp |
| US | 8.8.8.8:53 | gatyfus.com | udp |
| US | 8.8.8.8:53 | gacyzuz.com | udp |
| US | 8.8.8.8:53 | qegyqaq.com | udp |
| US | 8.8.8.8:53 | lyryfyd.com | udp |
| US | 8.8.8.8:53 | puvyxil.com | udp |
| US | 8.8.8.8:53 | vojyqem.com | udp |
| US | 8.8.8.8:53 | lyvyxor.com | udp |
| US | 8.8.8.8:53 | qetyfuv.com | udp |
| US | 8.8.8.8:53 | gahyqah.com | udp |
| US | 8.8.8.8:53 | vocyzit.com | udp |
| US | 8.8.8.8:53 | lygymoj.com | udp |
| US | 8.8.8.8:53 | vowydef.com | udp |
| US | 8.8.8.8:53 | purydyv.com | udp |
| US | 8.8.8.8:53 | qexylup.com | udp |
| US | 8.8.8.8:53 | gaqydeb.com | udp |
| US | 8.8.8.8:53 | vofymik.com | udp |
| US | 8.8.8.8:53 | puzylyp.com | udp |
| US | 8.8.8.8:53 | lymysan.com | udp |
| US | 8.8.8.8:53 | vonypom.com | udp |
| US | 8.8.8.8:53 | lyxylux.com | udp |
| US | 8.8.8.8:53 | pupybul.com | udp |
| US | 8.8.8.8:53 | lykyjad.com | udp |
| US | 8.8.8.8:53 | qebytiq.com | udp |
| US | 8.8.8.8:53 | gatyvyz.com | udp |
| US | 8.8.8.8:53 | vojyjof.com | udp |
| US | 8.8.8.8:53 | pufymoq.com | udp |
| US | 8.8.8.8:53 | puvytuq.com | udp |
| US | 8.8.8.8:53 | lyryvex.com | udp |
| US | 8.8.8.8:53 | qedynul.com | udp |
| US | 8.8.8.8:53 | qegyhig.com | udp |
| US | 8.8.8.8:53 | qeqysag.com | udp |
| US | 8.8.8.8:53 | gadyniw.com | udp |
| US | 8.8.8.8:53 | volykyc.com | udp |
| US | 8.8.8.8:53 | pumypog.com | udp |
| US | 8.8.8.8:53 | lysynur.com | udp |
| US | 8.8.8.8:53 | qekykev.com | udp |
| US | 8.8.8.8:53 | ganypih.com | udp |
| US | 8.8.8.8:53 | vopybyt.com | udp |
| US | 8.8.8.8:53 | pujyjav.com | udp |
| US | 8.8.8.8:53 | lyvytuj.com | udp |
| US | 8.8.8.8:53 | qetyvep.com | udp |
| US | 8.8.8.8:53 | gahyhob.com | udp |
| US | 8.8.8.8:53 | vocyruk.com | udp |
| US | 8.8.8.8:53 | purycap.com | udp |
| US | 8.8.8.8:53 | lygygin.com | udp |
| US | 8.8.8.8:53 | qexyryl.com | udp |
| US | 8.8.8.8:53 | gaqycos.com | udp |
| US | 8.8.8.8:53 | vofygum.com | udp |
| US | 8.8.8.8:53 | gacyryw.com | udp |
| US | 8.8.8.8:53 | galykes.com | udp |
| US | 8.8.8.8:53 | vowycac.com | udp |
| US | 8.8.8.8:53 | pufygug.com | udp |
| US | 8.8.8.8:53 | lyxywer.com | udp |
| US | 8.8.8.8:53 | qeqyxov.com | udp |
| US | 8.8.8.8:53 | gadyfuh.com | udp |
| US | 8.8.8.8:53 | volyqat.com | udp |
| US | 8.8.8.8:53 | pumyxiv.com | udp |
| US | 8.8.8.8:53 | lysyfyj.com | udp |
| US | 8.8.8.8:53 | qekyqop.com | udp |
| US | 8.8.8.8:53 | puzywel.com | udp |
| US | 8.8.8.8:53 | lymyxid.com | udp |
| US | 8.8.8.8:53 | qedyfyq.com | udp |
| US | 8.8.8.8:53 | galyqaz.com | udp |
| US | 8.8.8.8:53 | vonyzuf.com | udp |
| US | 8.8.8.8:53 | lyvyxor.com | udp |
| US | 8.8.8.8:53 | vonypom.com | udp |
| US | 8.8.8.8:53 | qetyfuv.com | udp |
| US | 8.8.8.8:53 | puzylyp.com | udp |
| US | 8.8.8.8:53 | lysyfyj.com | udp |
| US | 8.8.8.8:53 | gahyqah.com | udp |
| US | 8.8.8.8:53 | vocyzit.com | udp |
| US | 8.8.8.8:53 | qegyhig.com | udp |
| US | 8.8.8.8:53 | gadyniw.com | udp |
| US | 8.8.8.8:53 | galyqaz.com | udp |
| US | 8.8.8.8:53 | lymyxid.com | udp |
| US | 8.8.8.8:53 | vojyqem.com | udp |
| US | 8.8.8.8:53 | gatyfus.com | udp |
| US | 44.221.84.105:80 | vocyzit.com | tcp |
| US | 199.191.50.83:80 | galyqaz.com | tcp |
| US | 172.67.173.131:80 | qegyhig.com | tcp |
| US | 23.253.46.64:80 | gahyqah.com | tcp |
| US | 99.83.170.3:80 | puzylyp.com | tcp |
| US | 3.94.10.34:80 | lymyxid.com | tcp |
| DE | 178.162.217.107:80 | gatyfus.com | tcp |
| US | 172.234.222.143:80 | vojyqem.com | tcp |
| US | 44.221.84.105:80 | vocyzit.com | tcp |
| HK | 154.212.231.82:80 | gadyniw.com | tcp |
| US | 18.208.156.248:80 | vonypom.com | tcp |
| US | 208.100.26.245:80 | lyvyxor.com | tcp |
| US | 69.162.80.61:80 | lysyfyj.com | tcp |
| US | 23.253.46.64:80 | gahyqah.com | tcp |
| US | 172.234.222.143:80 | vojyqem.com | tcp |
| US | 99.83.170.3:80 | puzylyp.com | tcp |
| US | 172.67.173.131:443 | qegyhig.com | tcp |
| US | 8.8.8.8:53 | ww8.galyqaz.com | udp |
| US | 45.33.18.44:80 | ww8.galyqaz.com | tcp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| GB | 216.58.212.227:80 | c.pki.goog | tcp |
| US | 172.67.173.131:443 | qegyhig.com | tcp |
| DE | 178.162.203.202:80 | gatyfus.com | tcp |
| NL | 5.79.71.225:80 | gatyfus.com | tcp |
| US | 8.8.8.8:53 | crl.microsoft.com | udp |
| GB | 2.19.252.143:80 | crl.microsoft.com | tcp |
| DE | 178.162.203.226:80 | gatyfus.com | tcp |
| NL | 5.79.71.205:80 | gatyfus.com | tcp |
| DE | 178.162.203.211:80 | gatyfus.com | tcp |
| NL | 85.17.31.122:80 | gatyfus.com | tcp |
| NL | 85.17.31.82:80 | gatyfus.com | tcp |
| US | 8.8.8.8:53 | pupydeq.com | udp |
| US | 8.8.8.8:53 | qebylug.com | udp |
| US | 8.8.8.8:53 | vopydek.com | udp |
| US | 8.8.8.8:53 | lykymox.com | udp |
| US | 8.8.8.8:53 | pujymip.com | udp |
| US | 8.8.8.8:53 | ganyzub.com | udp |
| US | 8.8.8.8:53 | qetysal.com | udp |
| US | 8.8.8.8:53 | gahynus.com | udp |
| US | 8.8.8.8:53 | vocykem.com | udp |
| US | 8.8.8.8:53 | purypol.com | udp |
| US | 8.8.8.8:53 | lyvylyn.com | udp |
| US | 8.8.8.8:53 | lygynud.com | udp |
| US | 8.8.8.8:53 | vonyryc.com | udp |
| US | 8.8.8.8:53 | qedyveg.com | udp |
| US | 8.8.8.8:53 | galyhiw.com | udp |
| US | 8.8.8.8:53 | pupycag.com | udp |
| US | 8.8.8.8:53 | qexykaq.com | udp |
| US | 8.8.8.8:53 | gaqypiz.com | udp |
| US | 8.8.8.8:53 | vofybyf.com | udp |
| US | 8.8.8.8:53 | puzyjoq.com | udp |
| US | 8.8.8.8:53 | lykygur.com | udp |
| US | 8.8.8.8:53 | qebyrev.com | udp |
| US | 8.8.8.8:53 | gatycoh.com | udp |
| US | 8.8.8.8:53 | vojygut.com | udp |
| US | 8.8.8.8:53 | puvywav.com | udp |
| US | 8.8.8.8:53 | lyryxij.com | udp |
| US | 8.8.8.8:53 | qegyfyp.com | udp |
| US | 8.8.8.8:53 | gacyqob.com | udp |
| US | 8.8.8.8:53 | vowyzuk.com | udp |
| US | 8.8.8.8:53 | lymytux.com | udp |
| US | 8.8.8.8:53 | lyxymin.com | udp |
| US | 8.8.8.8:53 | qeqylyl.com | udp |
| US | 8.8.8.8:53 | gadydas.com | udp |
| US | 8.8.8.8:53 | volymum.com | udp |
| US | 8.8.8.8:53 | gatydaw.com | udp |
| US | 8.8.8.8:53 | pufydep.com | udp |
| US | 8.8.8.8:53 | vojymic.com | udp |
| US | 8.8.8.8:53 | lyrysor.com | udp |
| US | 8.8.8.8:53 | puvylyg.com | udp |
| US | 8.8.8.8:53 | qegynuv.com | udp |
| US | 8.8.8.8:53 | gacykeh.com | udp |
| US | 8.8.8.8:53 | pufybyv.com | udp |
| US | 8.8.8.8:53 | vowypit.com | udp |
| US | 8.8.8.8:53 | lyxyjaj.com | udp |
| US | 8.8.8.8:53 | qeqytup.com | udp |
| US | 8.8.8.8:53 | gadyveb.com | udp |
| US | 8.8.8.8:53 | volyjok.com | udp |
| US | 8.8.8.8:53 | pumytup.com | udp |
| US | 8.8.8.8:53 | lysyvan.com | udp |
| US | 8.8.8.8:53 | qekyhil.com | udp |
| US | 8.8.8.8:53 | ganyrys.com | udp |
| US | 8.8.8.8:53 | vopycom.com | udp |
| US | 8.8.8.8:53 | pujygul.com | udp |
| US | 8.8.8.8:53 | lyvywed.com | udp |
| US | 8.8.8.8:53 | qetyxiq.com | udp |
| US | 8.8.8.8:53 | gahyfyz.com | udp |
| US | 8.8.8.8:53 | vocyqaf.com | udp |
| US | 8.8.8.8:53 | puryxuq.com | udp |
| US | 8.8.8.8:53 | lygyfex.com | udp |
| US | 8.8.8.8:53 | qexyqog.com | udp |
| US | 8.8.8.8:53 | gaqyzuw.com | udp |
| US | 8.8.8.8:53 | vofydac.com | udp |
| US | 8.8.8.8:53 | puzymig.com | udp |
| US | 8.8.8.8:53 | lymylyr.com | udp |
| US | 8.8.8.8:53 | pupydeq.com | udp |
| US | 76.223.54.146:80 | pupydeq.com | tcp |
| US | 8.8.8.8:53 | lygynud.com | udp |
| US | 107.178.223.183:80 | lygynud.com | tcp |
| US | 8.8.8.8:53 | lyrysor.com | udp |
| US | 8.8.8.8:53 | pupycag.com | udp |
| CN | 111.6.96.18:80 | lyrysor.com | tcp |
| US | 18.208.156.248:80 | pupycag.com | tcp |
| US | 8.8.8.8:53 | lysyvan.com | udp |
| US | 104.21.26.151:80 | lysyvan.com | tcp |
| US | 104.21.26.151:443 | lysyvan.com | tcp |
| US | 104.21.26.151:443 | lysyvan.com | tcp |
| US | 76.223.54.146:80 | pupydeq.com | tcp |
Files
memory/2388-0-0x0000000001CE0000-0x0000000001D31000-memory.dmp
memory/2388-1-0x0000000000400000-0x000000000045F000-memory.dmp
\Windows\AppPatch\svchost.exe
| MD5 | caf629ca845123f9bc15d8a5a569991b |
| SHA1 | f8d6a7385ea8ff7d4b44544e330dbc51ba133276 |
| SHA256 | 5a6a169425f892d6d9032dc84b35723511bbb4daa9063f32c2cd7dc7e9cbb9c6 |
| SHA512 | 2084c807722643e6e3036b818d38943bca869c2677ec0a33fc7ae8173948c91e5469c2d78956b4b6ebc132a166002f0c3fbf1ed4f6fcdab70922686305f2f26e |
memory/2388-17-0x0000000000400000-0x000000000045F000-memory.dmp
memory/2328-18-0x0000000000400000-0x00000000005AE000-memory.dmp
memory/2388-16-0x0000000001CE0000-0x0000000001D31000-memory.dmp
memory/2388-15-0x0000000000400000-0x00000000005AE000-memory.dmp
memory/2328-19-0x0000000000400000-0x00000000005AE000-memory.dmp
memory/2328-20-0x00000000023B0000-0x0000000002458000-memory.dmp
memory/2328-22-0x00000000023B0000-0x0000000002458000-memory.dmp
memory/2328-30-0x00000000023B0000-0x0000000002458000-memory.dmp
memory/2328-28-0x00000000023B0000-0x0000000002458000-memory.dmp
memory/2328-31-0x0000000000400000-0x00000000005AE000-memory.dmp
memory/2328-26-0x00000000023B0000-0x0000000002458000-memory.dmp
memory/2328-24-0x00000000023B0000-0x0000000002458000-memory.dmp
memory/2328-36-0x0000000002630000-0x00000000026E6000-memory.dmp
memory/2328-34-0x0000000002630000-0x00000000026E6000-memory.dmp
memory/2328-32-0x0000000002630000-0x00000000026E6000-memory.dmp
memory/2328-47-0x0000000002630000-0x00000000026E6000-memory.dmp
memory/2328-69-0x0000000002630000-0x00000000026E6000-memory.dmp
memory/2328-84-0x0000000002630000-0x00000000026E6000-memory.dmp
memory/2328-83-0x0000000002630000-0x00000000026E6000-memory.dmp
memory/2328-82-0x0000000002630000-0x00000000026E6000-memory.dmp
memory/2328-81-0x0000000002630000-0x00000000026E6000-memory.dmp
memory/2328-80-0x0000000002630000-0x00000000026E6000-memory.dmp
memory/2328-79-0x0000000002630000-0x00000000026E6000-memory.dmp
memory/2328-78-0x0000000002630000-0x00000000026E6000-memory.dmp
memory/2328-77-0x0000000002630000-0x00000000026E6000-memory.dmp
memory/2328-76-0x0000000002630000-0x00000000026E6000-memory.dmp
memory/2328-75-0x0000000002630000-0x00000000026E6000-memory.dmp
memory/2328-74-0x0000000002630000-0x00000000026E6000-memory.dmp
memory/2328-73-0x0000000002630000-0x00000000026E6000-memory.dmp
memory/2328-71-0x0000000002630000-0x00000000026E6000-memory.dmp
memory/2328-70-0x0000000002630000-0x00000000026E6000-memory.dmp
memory/2328-68-0x0000000002630000-0x00000000026E6000-memory.dmp
memory/2328-67-0x0000000002630000-0x00000000026E6000-memory.dmp
memory/2328-66-0x0000000002630000-0x00000000026E6000-memory.dmp
memory/2328-65-0x0000000002630000-0x00000000026E6000-memory.dmp
memory/2328-64-0x0000000002630000-0x00000000026E6000-memory.dmp
memory/2328-63-0x0000000002630000-0x00000000026E6000-memory.dmp
memory/2328-62-0x0000000002630000-0x00000000026E6000-memory.dmp
memory/2328-61-0x0000000002630000-0x00000000026E6000-memory.dmp
memory/2328-60-0x0000000002630000-0x00000000026E6000-memory.dmp
memory/2328-58-0x0000000002630000-0x00000000026E6000-memory.dmp
memory/2328-57-0x0000000002630000-0x00000000026E6000-memory.dmp
memory/2328-56-0x0000000002630000-0x00000000026E6000-memory.dmp
memory/2328-55-0x0000000002630000-0x00000000026E6000-memory.dmp
memory/2328-54-0x0000000002630000-0x00000000026E6000-memory.dmp
memory/2328-53-0x0000000002630000-0x00000000026E6000-memory.dmp
memory/2328-52-0x0000000002630000-0x00000000026E6000-memory.dmp
memory/2328-51-0x0000000002630000-0x00000000026E6000-memory.dmp
memory/2328-49-0x0000000002630000-0x00000000026E6000-memory.dmp
memory/2328-48-0x0000000002630000-0x00000000026E6000-memory.dmp
memory/2328-72-0x0000000002630000-0x00000000026E6000-memory.dmp
memory/2328-46-0x0000000002630000-0x00000000026E6000-memory.dmp
memory/2328-45-0x0000000002630000-0x00000000026E6000-memory.dmp
memory/2328-59-0x0000000002630000-0x00000000026E6000-memory.dmp
memory/2328-44-0x0000000002630000-0x00000000026E6000-memory.dmp
memory/2328-43-0x0000000002630000-0x00000000026E6000-memory.dmp
memory/2328-42-0x0000000002630000-0x00000000026E6000-memory.dmp
memory/2328-41-0x0000000002630000-0x00000000026E6000-memory.dmp
memory/2328-40-0x0000000002630000-0x00000000026E6000-memory.dmp
memory/2328-50-0x0000000002630000-0x00000000026E6000-memory.dmp
memory/2328-39-0x0000000002630000-0x00000000026E6000-memory.dmp
memory/2328-38-0x0000000002630000-0x00000000026E6000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\E3E5.tmp
| MD5 | a8fdaeb96f537dbec9628f694495b48f |
| SHA1 | 21303fb84944f2f5e879e45acf9f963621f278c8 |
| SHA256 | 1ce2a210ca7027edc388cab03a76ace291525edc4d7c9d8401154085805b3b3a |
| SHA512 | 57cdf37e3dfafd9d63eeecfa410ac07830da16143999a45601715a8a8132bc2e7e6fc202a15ab0359b82ebca6125f130a65af979e2799418fc91b4adb1717347 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-10-31 11:05
Reported
2024-10-31 11:07
Platform
win10v2004-20241007-en
Max time kernel
117s
Max time network
124s
Command Line
Signatures
Modifies WinLogon for persistence
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\userinit = "C:\\Windows\\system32\\userinit.exe,C:\\Windows\\apppatch\\svchost.exe," | C:\Windows\apppatch\svchost.exe | N/A |
Simda family
simda
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\apppatch\svchost.exe | N/A |
Modifies WinLogon
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\83e8fb60 = "ù\x18ÓP9\u0081cˆ€k?Û\n_׉¾‘ŸV¬\x19‹ïp¤Nvß\x10*ï°2rX?ïWgÇ÷ø\u00a0çB°çòÇwãX`" | C:\Users\Admin\AppData\Local\Temp\392d339ae5e2b0a19eb498cd0388f01c7b58f22ecf18d02029fcc75bbabf0e22N.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\83e8fb60 = "ù\x18ÓP9\u0081cˆ€k?Û\n_׉¾‘ŸV¬\x19‹ïp¤Nvß\x10*ï°2rX?ïWgÇ÷ø\u00a0çB°çòÇwãX`" | C:\Windows\apppatch\svchost.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\apppatch\svchost.exe | C:\Users\Admin\AppData\Local\Temp\392d339ae5e2b0a19eb498cd0388f01c7b58f22ecf18d02029fcc75bbabf0e22N.exe | N/A |
| File created | C:\Windows\apppatch\svchost.exe | C:\Users\Admin\AppData\Local\Temp\392d339ae5e2b0a19eb498cd0388f01c7b58f22ecf18d02029fcc75bbabf0e22N.exe | N/A |
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\392d339ae5e2b0a19eb498cd0388f01c7b58f22ecf18d02029fcc75bbabf0e22N.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\apppatch\svchost.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: RenamesItself
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\392d339ae5e2b0a19eb498cd0388f01c7b58f22ecf18d02029fcc75bbabf0e22N.exe | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 4360 wrote to memory of 3360 | N/A | C:\Users\Admin\AppData\Local\Temp\392d339ae5e2b0a19eb498cd0388f01c7b58f22ecf18d02029fcc75bbabf0e22N.exe | C:\Windows\apppatch\svchost.exe |
| PID 4360 wrote to memory of 3360 | N/A | C:\Users\Admin\AppData\Local\Temp\392d339ae5e2b0a19eb498cd0388f01c7b58f22ecf18d02029fcc75bbabf0e22N.exe | C:\Windows\apppatch\svchost.exe |
| PID 4360 wrote to memory of 3360 | N/A | C:\Users\Admin\AppData\Local\Temp\392d339ae5e2b0a19eb498cd0388f01c7b58f22ecf18d02029fcc75bbabf0e22N.exe | C:\Windows\apppatch\svchost.exe |
Processes
C:\Users\Admin\AppData\Local\Temp\392d339ae5e2b0a19eb498cd0388f01c7b58f22ecf18d02029fcc75bbabf0e22N.exe
"C:\Users\Admin\AppData\Local\Temp\392d339ae5e2b0a19eb498cd0388f01c7b58f22ecf18d02029fcc75bbabf0e22N.exe"
C:\Windows\apppatch\svchost.exe
"C:\Windows\apppatch\svchost.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 150.171.28.10:443 | g.bing.com | tcp |
| US | 95.100.195.16:80 | www.bing.com | tcp |
| US | 8.8.8.8:53 | gatyfus.com | udp |
| US | 8.8.8.8:53 | lyvyxor.com | udp |
| US | 8.8.8.8:53 | vojyqem.com | udp |
| US | 8.8.8.8:53 | qetyfuv.com | udp |
| US | 8.8.8.8:53 | puvyxil.com | udp |
| US | 8.8.8.8:53 | gahyqah.com | udp |
| US | 8.8.8.8:53 | lyryfyd.com | udp |
| US | 8.8.8.8:53 | vocyzit.com | udp |
| US | 8.8.8.8:53 | qegyqaq.com | udp |
| US | 8.8.8.8:53 | purydyv.com | udp |
| US | 8.8.8.8:53 | gacyzuz.com | udp |
| US | 8.8.8.8:53 | lygymoj.com | udp |
| US | 8.8.8.8:53 | vowydef.com | udp |
| US | 8.8.8.8:53 | qexylup.com | udp |
| US | 8.8.8.8:53 | gaqydeb.com | udp |
| US | 8.8.8.8:53 | pufymoq.com | udp |
| US | 8.8.8.8:53 | lyxylux.com | udp |
| US | 8.8.8.8:53 | vofymik.com | udp |
| US | 8.8.8.8:53 | qeqysag.com | udp |
| US | 8.8.8.8:53 | puzylyp.com | udp |
| US | 8.8.8.8:53 | gadyniw.com | udp |
| US | 8.8.8.8:53 | lymysan.com | udp |
| US | 8.8.8.8:53 | volykyc.com | udp |
| US | 8.8.8.8:53 | qedynul.com | udp |
| US | 8.8.8.8:53 | pumypog.com | udp |
| US | 8.8.8.8:53 | galykes.com | udp |
| US | 8.8.8.8:53 | lysynur.com | udp |
| US | 8.8.8.8:53 | vonypom.com | udp |
| US | 8.8.8.8:53 | qekykev.com | udp |
| US | 8.8.8.8:53 | pupybul.com | udp |
| US | 8.8.8.8:53 | ganypih.com | udp |
| US | 8.8.8.8:53 | lykyjad.com | udp |
| US | 8.8.8.8:53 | vopybyt.com | udp |
| US | 8.8.8.8:53 | qebytiq.com | udp |
| US | 8.8.8.8:53 | pujyjav.com | udp |
| US | 8.8.8.8:53 | gatyvyz.com | udp |
| US | 8.8.8.8:53 | lyvytuj.com | udp |
| US | 8.8.8.8:53 | vojyjof.com | udp |
| US | 8.8.8.8:53 | qetyvep.com | udp |
| US | 8.8.8.8:53 | puvytuq.com | udp |
| US | 8.8.8.8:53 | gahyhob.com | udp |
| US | 8.8.8.8:53 | lyryvex.com | udp |
| US | 8.8.8.8:53 | vocyruk.com | udp |
| US | 8.8.8.8:53 | qegyhig.com | udp |
| US | 8.8.8.8:53 | gacyryw.com | udp |
| US | 8.8.8.8:53 | purycap.com | udp |
| US | 8.8.8.8:53 | lygygin.com | udp |
| US | 8.8.8.8:53 | vowycac.com | udp |
| US | 8.8.8.8:53 | qexyryl.com | udp |
| US | 8.8.8.8:53 | pufygug.com | udp |
| US | 8.8.8.8:53 | gaqycos.com | udp |
| US | 8.8.8.8:53 | lyxywer.com | udp |
| US | 8.8.8.8:53 | vofygum.com | udp |
| US | 8.8.8.8:53 | qeqyxov.com | udp |
| US | 8.8.8.8:53 | puzywel.com | udp |
| US | 8.8.8.8:53 | gadyfuh.com | udp |
| US | 8.8.8.8:53 | lymyxid.com | udp |
| US | 8.8.8.8:53 | volyqat.com | udp |
| US | 8.8.8.8:53 | qedyfyq.com | udp |
| US | 8.8.8.8:53 | pumyxiv.com | udp |
| US | 8.8.8.8:53 | galyqaz.com | udp |
| US | 8.8.8.8:53 | lysyfyj.com | udp |
| US | 8.8.8.8:53 | vonyzuf.com | udp |
| US | 8.8.8.8:53 | qekyqop.com | udp |
| US | 8.8.8.8:53 | gatyfus.com | udp |
| US | 8.8.8.8:53 | qetyfuv.com | udp |
| US | 8.8.8.8:53 | gahyqah.com | udp |
| US | 8.8.8.8:53 | vocyzit.com | udp |
| US | 8.8.8.8:53 | lyvyxor.com | udp |
| US | 8.8.8.8:53 | vojyqem.com | udp |
| US | 8.8.8.8:53 | qegyhig.com | udp |
| US | 8.8.8.8:53 | lymyxid.com | udp |
| US | 8.8.8.8:53 | lysyfyj.com | udp |
| US | 8.8.8.8:53 | galyqaz.com | udp |
| DE | 178.162.217.107:80 | gatyfus.com | tcp |
| US | 208.100.26.245:80 | lyvyxor.com | tcp |
| US | 44.221.84.105:80 | vocyzit.com | tcp |
| US | 172.234.222.138:80 | vojyqem.com | tcp |
| US | 44.221.84.105:80 | vocyzit.com | tcp |
| US | 172.234.222.138:80 | vojyqem.com | tcp |
| US | 8.8.8.8:53 | 232.168.11.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 16.195.100.95.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.214.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 245.26.100.208.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 105.84.221.44.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 138.222.234.172.in-addr.arpa | udp |
| US | 199.191.50.83:80 | galyqaz.com | tcp |
| US | 3.94.10.34:80 | lymyxid.com | tcp |
| US | 8.8.8.8:53 | vonypom.com | udp |
| US | 8.8.8.8:53 | gadyniw.com | udp |
| US | 8.8.8.8:53 | puzylyp.com | udp |
| HK | 154.212.231.82:80 | gadyniw.com | tcp |
| US | 8.8.8.8:53 | 10.28.171.150.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 74.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 34.10.94.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 83.50.191.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 82.231.212.154.in-addr.arpa | udp |
| US | 162.255.119.102:80 | gahyqah.com | tcp |
| US | 172.67.173.131:80 | qegyhig.com | tcp |
| US | 69.162.80.61:80 | lysyfyj.com | tcp |
| US | 75.2.71.199:80 | puzylyp.com | tcp |
| US | 18.208.156.248:80 | vonypom.com | tcp |
| US | 172.67.173.131:443 | qegyhig.com | tcp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| US | 75.2.71.199:443 | puzylyp.com | tcp |
| US | 8.8.8.8:53 | www.gahyqah.com | udp |
| DE | 91.195.240.19:80 | www.gahyqah.com | tcp |
| GB | 216.58.212.227:80 | c.pki.goog | tcp |
| US | 8.8.8.8:53 | 131.173.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 102.119.255.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 199.71.2.75.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 248.156.208.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 19.240.195.91.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 227.212.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 233.38.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 61.80.162.69.in-addr.arpa | udp |
| NL | 85.17.31.122:80 | gatyfus.com | tcp |
| US | 172.67.173.131:443 | qegyhig.com | tcp |
| NL | 85.17.31.122:80 | gatyfus.com | tcp |
| US | 8.8.8.8:53 | 43.58.199.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 122.31.17.85.in-addr.arpa | udp |
| US | 8.8.8.8:53 | pupydeq.com | udp |
| US | 8.8.8.8:53 | ganyzub.com | udp |
| US | 8.8.8.8:53 | lykymox.com | udp |
| US | 8.8.8.8:53 | vopydek.com | udp |
| US | 8.8.8.8:53 | qebylug.com | udp |
| US | 8.8.8.8:53 | pujymip.com | udp |
| US | 8.8.8.8:53 | gatydaw.com | udp |
| US | 8.8.8.8:53 | lyvylyn.com | udp |
| US | 8.8.8.8:53 | vojymic.com | udp |
| US | 8.8.8.8:53 | qetysal.com | udp |
| US | 8.8.8.8:53 | puvylyg.com | udp |
| US | 8.8.8.8:53 | gahynus.com | udp |
| US | 8.8.8.8:53 | lyrysor.com | udp |
| US | 8.8.8.8:53 | vocykem.com | udp |
| US | 8.8.8.8:53 | qegynuv.com | udp |
| US | 8.8.8.8:53 | purypol.com | udp |
| US | 8.8.8.8:53 | gacykeh.com | udp |
| US | 8.8.8.8:53 | lygynud.com | udp |
| US | 8.8.8.8:53 | vowypit.com | udp |
| US | 8.8.8.8:53 | qexykaq.com | udp |
| US | 8.8.8.8:53 | pufybyv.com | udp |
| US | 8.8.8.8:53 | gaqypiz.com | udp |
| US | 8.8.8.8:53 | vofybyf.com | udp |
| US | 8.8.8.8:53 | qeqytup.com | udp |
| US | 8.8.8.8:53 | lyxyjaj.com | udp |
| US | 8.8.8.8:53 | gadyveb.com | udp |
| US | 8.8.8.8:53 | puzyjoq.com | udp |
| US | 8.8.8.8:53 | lymytux.com | udp |
| US | 8.8.8.8:53 | volyjok.com | udp |
| US | 8.8.8.8:53 | qedyveg.com | udp |
| US | 8.8.8.8:53 | pumytup.com | udp |
| US | 8.8.8.8:53 | lysyvan.com | udp |
| US | 8.8.8.8:53 | qekyhil.com | udp |
| US | 8.8.8.8:53 | galyhiw.com | udp |
| US | 8.8.8.8:53 | vonyryc.com | udp |
| US | 8.8.8.8:53 | pupycag.com | udp |
| US | 8.8.8.8:53 | ganyrys.com | udp |
| US | 8.8.8.8:53 | vopycom.com | udp |
| US | 8.8.8.8:53 | lykygur.com | udp |
| US | 8.8.8.8:53 | qebyrev.com | udp |
| US | 8.8.8.8:53 | pujygul.com | udp |
| US | 8.8.8.8:53 | gatycoh.com | udp |
| US | 8.8.8.8:53 | lyvywed.com | udp |
| US | 8.8.8.8:53 | puvywav.com | udp |
| US | 8.8.8.8:53 | vojygut.com | udp |
| US | 8.8.8.8:53 | gahyfyz.com | udp |
| US | 8.8.8.8:53 | qetyxiq.com | udp |
| US | 8.8.8.8:53 | vocyqaf.com | udp |
| US | 8.8.8.8:53 | lyryxij.com | udp |
| US | 8.8.8.8:53 | qegyfyp.com | udp |
| US | 8.8.8.8:53 | puryxuq.com | udp |
| US | 8.8.8.8:53 | lygyfex.com | udp |
| US | 8.8.8.8:53 | gacyqob.com | udp |
| US | 8.8.8.8:53 | vowyzuk.com | udp |
| US | 8.8.8.8:53 | qexyqog.com | udp |
| US | 8.8.8.8:53 | pufydep.com | udp |
| US | 8.8.8.8:53 | gaqyzuw.com | udp |
| US | 8.8.8.8:53 | lyxymin.com | udp |
| US | 8.8.8.8:53 | vofydac.com | udp |
| US | 8.8.8.8:53 | qeqylyl.com | udp |
| US | 8.8.8.8:53 | puzymig.com | udp |
| US | 8.8.8.8:53 | gadydas.com | udp |
| US | 8.8.8.8:53 | lymylyr.com | udp |
| US | 8.8.8.8:53 | volymum.com | udp |
| US | 8.8.8.8:53 | lysyvan.com | udp |
| US | 8.8.8.8:53 | pupycag.com | udp |
| US | 8.8.8.8:53 | lyrysor.com | udp |
| US | 18.208.156.248:80 | pupycag.com | tcp |
| US | 172.67.136.136:80 | lysyvan.com | tcp |
| CN | 111.6.96.18:80 | lyrysor.com | tcp |
| US | 172.67.136.136:443 | lysyvan.com | tcp |
| US | 8.8.8.8:53 | pupydeq.com | udp |
| US | 8.8.8.8:53 | 136.136.67.172.in-addr.arpa | udp |
| US | 76.223.54.146:80 | pupydeq.com | tcp |
| US | 8.8.8.8:53 | lygynud.com | udp |
| US | 107.178.223.183:80 | lygynud.com | tcp |
| US | 8.8.8.8:53 | 146.54.223.76.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 183.223.178.107.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 58.55.71.13.in-addr.arpa | udp |
| US | 172.67.136.136:443 | lysyvan.com | tcp |
| US | 76.223.54.146:80 | pupydeq.com | tcp |
| US | 8.8.8.8:53 | 53.210.109.20.in-addr.arpa | udp |
| CN | 111.6.96.18:80 | lyrysor.com | tcp |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | qedysov.com | udp |
| US | 8.8.8.8:53 | pumylel.com | udp |
| US | 8.8.8.8:53 | galynuh.com | udp |
| US | 8.8.8.8:53 | lysysod.com | udp |
| US | 8.8.8.8:53 | vonyket.com | udp |
| US | 8.8.8.8:53 | qekynuq.com | udp |
| US | 8.8.8.8:53 | pupypiv.com | udp |
| US | 8.8.8.8:53 | ganykaz.com | udp |
| US | 8.8.8.8:53 | lykynyj.com | udp |
| US | 8.8.8.8:53 | vopypif.com | udp |
| US | 8.8.8.8:53 | qebykap.com | udp |
| US | 8.8.8.8:53 | pujybyq.com | udp |
| US | 8.8.8.8:53 | gatypub.com | udp |
| US | 8.8.8.8:53 | lyvyjox.com | udp |
| US | 8.8.8.8:53 | vojybek.com | udp |
| US | 8.8.8.8:53 | qetytug.com | udp |
| US | 8.8.8.8:53 | puvyjop.com | udp |
| US | 8.8.8.8:53 | gahyvew.com | udp |
| US | 8.8.8.8:53 | vocyjic.com | udp |
| US | 8.8.8.8:53 | qegyval.com | udp |
| US | 8.8.8.8:53 | purytyg.com | udp |
| US | 8.8.8.8:53 | gacyhis.com | udp |
| US | 8.8.8.8:53 | lygyvar.com | udp |
| US | 8.8.8.8:53 | vowyrym.com | udp |
| US | 8.8.8.8:53 | qexyhuv.com | udp |
| US | 8.8.8.8:53 | pufycol.com | udp |
| US | 8.8.8.8:53 | gaqyreh.com | udp |
| US | 8.8.8.8:53 | lyxygud.com | udp |
| US | 8.8.8.8:53 | vofycot.com | udp |
| US | 8.8.8.8:53 | qeqyreq.com | udp |
| US | 8.8.8.8:53 | puzyguv.com | udp |
| US | 8.8.8.8:53 | gadyciz.com | udp |
| US | 8.8.8.8:53 | lymywaj.com | udp |
| US | 8.8.8.8:53 | volygyf.com | udp |
| US | 8.8.8.8:53 | qedyxip.com | udp |
| US | 8.8.8.8:53 | pumywaq.com | udp |
| US | 8.8.8.8:53 | galyfyb.com | udp |
| US | 8.8.8.8:53 | lysyxux.com | udp |
| US | 8.8.8.8:53 | vonyqok.com | udp |
| US | 8.8.8.8:53 | qekyfeg.com | udp |
| US | 8.8.8.8:53 | pupyxup.com | udp |
| US | 8.8.8.8:53 | lykyfen.com | udp |
| US | 8.8.8.8:53 | ganyqow.com | udp |
| US | 8.8.8.8:53 | vopyzuc.com | udp |
| US | 8.8.8.8:53 | pujydag.com | udp |
| US | 8.8.8.8:53 | qebyqil.com | udp |
| US | 8.8.8.8:53 | gatyzys.com | udp |
| US | 8.8.8.8:53 | lyvymir.com | udp |
| US | 8.8.8.8:53 | vojydam.com | udp |
| US | 8.8.8.8:53 | puvymul.com | udp |
| US | 8.8.8.8:53 | gahydoh.com | udp |
| US | 8.8.8.8:53 | vocymut.com | udp |
| US | 8.8.8.8:53 | lyryled.com | udp |
| US | 8.8.8.8:53 | qegysoq.com | udp |
| US | 8.8.8.8:53 | qetylyv.com | udp |
| US | 8.8.8.8:53 | gacynuz.com | udp |
| US | 8.8.8.8:53 | purylev.com | udp |
| US | 8.8.8.8:53 | lygysij.com | udp |
| US | 8.8.8.8:53 | vowykaf.com | udp |
| US | 8.8.8.8:53 | qexynyp.com | udp |
| US | 8.8.8.8:53 | pufypiq.com | udp |
| US | 8.8.8.8:53 | gaqykab.com | udp |
| US | 8.8.8.8:53 | lyxynyx.com | udp |
| US | 8.8.8.8:53 | galynuh.com | udp |
| US | 64.225.91.73:80 | galynuh.com | tcp |
| US | 8.8.8.8:53 | qexyhuv.com | udp |
| US | 8.8.8.8:53 | gadyciz.com | udp |
| US | 8.8.8.8:53 | lyxynyx.com | udp |
| US | 8.8.8.8:53 | vofycot.com | udp |
| US | 15.197.240.20:80 | qexyhuv.com | tcp |
| US | 44.221.84.105:80 | gadyciz.com | tcp |
| US | 103.224.212.210:80 | lyxynyx.com | tcp |
| US | 8.8.8.8:53 | qegyval.com | udp |
| HK | 154.85.183.50:80 | qegyval.com | tcp |
| US | 8.8.8.8:53 | ww25.lyxynyx.com | udp |
| US | 199.59.243.227:80 | ww25.lyxynyx.com | tcp |
| US | 8.8.8.8:53 | 73.91.225.64.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 20.240.197.15.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 210.212.224.103.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 227.243.59.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 92.12.20.2.in-addr.arpa | udp |
| US | 103.224.182.252:80 | vofycot.com | tcp |
| US | 8.8.8.8:53 | 252.182.224.103.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ww16.vofycot.com | udp |
| DE | 64.190.63.136:80 | ww16.vofycot.com | tcp |
| US | 8.8.8.8:53 | 136.63.190.64.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 81.144.22.2.in-addr.arpa | udp |
| US | 15.197.240.20:80 | qexyhuv.com | tcp |
| US | 8.8.8.8:53 | 88.156.103.20.in-addr.arpa | udp |
| HK | 154.85.183.50:80 | qegyval.com | tcp |
| US | 8.8.8.8:53 | vofypuk.com | udp |
| US | 8.8.8.8:53 | qeqykog.com | udp |
| US | 8.8.8.8:53 | puzybep.com | udp |
| US | 8.8.8.8:53 | gadypuw.com | udp |
| US | 8.8.8.8:53 | lymyjon.com | udp |
| US | 8.8.8.8:53 | volybec.com | udp |
| US | 8.8.8.8:53 | qedytul.com | udp |
| US | 8.8.8.8:53 | pumyjig.com | udp |
| US | 8.8.8.8:53 | galyvas.com | udp |
| US | 8.8.8.8:53 | lysytyr.com | udp |
| US | 8.8.8.8:53 | vonyjim.com | udp |
| US | 8.8.8.8:53 | qekyvav.com | udp |
| US | 8.8.8.8:53 | pupytyl.com | udp |
| US | 8.8.8.8:53 | ganyhuh.com | udp |
| US | 8.8.8.8:53 | lykyvod.com | udp |
| US | 8.8.8.8:53 | vopyret.com | udp |
| US | 8.8.8.8:53 | qebyhuq.com | udp |
| US | 8.8.8.8:53 | pujycov.com | udp |
| US | 8.8.8.8:53 | gatyrez.com | udp |
| US | 8.8.8.8:53 | lyvyguj.com | udp |
| US | 8.8.8.8:53 | vojycif.com | udp |
| US | 8.8.8.8:53 | qetyrap.com | udp |
| US | 8.8.8.8:53 | puvygyq.com | udp |
| US | 8.8.8.8:53 | gahycib.com | udp |
| US | 8.8.8.8:53 | lyrywax.com | udp |
| US | 8.8.8.8:53 | vocygyk.com | udp |
| US | 8.8.8.8:53 | qegyxug.com | udp |
| US | 8.8.8.8:53 | purywop.com | udp |
| US | 8.8.8.8:53 | gacyfew.com | udp |
| US | 8.8.8.8:53 | lygyxun.com | udp |
| US | 8.8.8.8:53 | vowyqoc.com | udp |
| US | 8.8.8.8:53 | qexyfel.com | udp |
| US | 8.8.8.8:53 | pufyxug.com | udp |
| US | 8.8.8.8:53 | gaqyqis.com | udp |
| US | 8.8.8.8:53 | lyxyfar.com | udp |
| US | 8.8.8.8:53 | vofyzym.com | udp |
| US | 8.8.8.8:53 | qeqyqiv.com | udp |
| US | 8.8.8.8:53 | puzydal.com | udp |
| US | 8.8.8.8:53 | gadyzyh.com | udp |
| US | 8.8.8.8:53 | lymymud.com | udp |
| US | 8.8.8.8:53 | volydot.com | udp |
| US | 8.8.8.8:53 | qedyleq.com | udp |
| US | 8.8.8.8:53 | pumymuv.com | udp |
| US | 8.8.8.8:53 | galydoz.com | udp |
| US | 8.8.8.8:53 | lysylej.com | udp |
| US | 8.8.8.8:53 | vonymuf.com | udp |
| US | 8.8.8.8:53 | qekysip.com | udp |
| US | 8.8.8.8:53 | pupylaq.com | udp |
| US | 8.8.8.8:53 | ganynyb.com | udp |
| US | 8.8.8.8:53 | lykysix.com | udp |
| US | 8.8.8.8:53 | vopykak.com | udp |
| US | 8.8.8.8:53 | qebynyg.com | udp |
| US | 8.8.8.8:53 | pujypup.com | udp |
| US | 8.8.8.8:53 | lyvynen.com | udp |
| US | 8.8.8.8:53 | gatykow.com | udp |
| US | 8.8.8.8:53 | qetykol.com | udp |
| US | 8.8.8.8:53 | vojypuc.com | udp |
| US | 8.8.8.8:53 | puvybeg.com | udp |
| US | 8.8.8.8:53 | gahypus.com | udp |
| US | 8.8.8.8:53 | vocybam.com | udp |
| US | 8.8.8.8:53 | lyryjir.com | udp |
| US | 8.8.8.8:53 | puryjil.com | udp |
| US | 8.8.8.8:53 | qegytyv.com | udp |
| US | 8.8.8.8:53 | gacyvah.com | udp |
| US | 8.8.8.8:53 | lygytyd.com | udp |
| US | 8.8.8.8:53 | vowyjut.com | udp |
| US | 8.8.8.8:53 | qexyvoq.com | udp |
| US | 8.8.8.8:53 | pufytev.com | udp |
| US | 8.8.8.8:53 | gaqyhuz.com | udp |
| US | 8.8.8.8:53 | lyxyvoj.com | udp |
| US | 8.8.8.8:53 | vofyref.com | udp |
| US | 8.8.8.8:53 | qeqyhup.com | udp |
| US | 8.8.8.8:53 | puzyciq.com | udp |
| US | 8.8.8.8:53 | gadyrab.com | udp |
| US | 8.8.8.8:53 | lymygyx.com | udp |
| US | 8.8.8.8:53 | volycik.com | udp |
| US | 8.8.8.8:53 | qedyrag.com | udp |
| US | 8.8.8.8:53 | pumygyp.com | udp |
| US | 8.8.8.8:53 | galycuw.com | udp |
| US | 8.8.8.8:53 | lysywon.com | udp |
| US | 8.8.8.8:53 | vonygec.com | udp |
| US | 8.8.8.8:53 | qekyxul.com | udp |
| US | 8.8.8.8:53 | pupywog.com | udp |
| US | 8.8.8.8:53 | qebyfav.com | udp |
| US | 8.8.8.8:53 | pujyxyl.com | udp |
| US | 8.8.8.8:53 | vopyqim.com | udp |
| US | 8.8.8.8:53 | gatyqih.com | udp |
| US | 8.8.8.8:53 | lyvyfad.com | udp |
| US | 8.8.8.8:53 | vojyzyt.com | udp |
| US | 8.8.8.8:53 | puvydov.com | udp |
| US | 8.8.8.8:53 | qetyquq.com | udp |
| US | 8.8.8.8:53 | lyrymuj.com | udp |
| US | 8.8.8.8:53 | qegylep.com | udp |
| US | 8.8.8.8:53 | gahyzez.com | udp |
| US | 8.8.8.8:53 | purymuq.com | udp |
| US | 8.8.8.8:53 | gacydib.com | udp |
| US | 8.8.8.8:53 | lygylax.com | udp |
| US | 8.8.8.8:53 | vowymyk.com | udp |
| US | 8.8.8.8:53 | qexysig.com | udp |
| US | 8.8.8.8:53 | pufylap.com | udp |
| US | 8.8.8.8:53 | gaqynyw.com | udp |
| US | 8.8.8.8:53 | vofykoc.com | udp |
| US | 8.8.8.8:53 | qeqynel.com | udp |
| US | 8.8.8.8:53 | puzypug.com | udp |
| US | 8.8.8.8:53 | gadykos.com | udp |
| US | 8.8.8.8:53 | lymyner.com | udp |
| US | 8.8.8.8:53 | volypum.com | udp |
| US | 8.8.8.8:53 | pumybal.com | udp |
| US | 8.8.8.8:53 | galypyh.com | udp |
| US | 8.8.8.8:53 | qedykiv.com | udp |
| US | 8.8.8.8:53 | lysyjid.com | udp |
| US | 8.8.8.8:53 | qekytyq.com | udp |
| US | 8.8.8.8:53 | vonybat.com | udp |
| US | 8.8.8.8:53 | pupyjuv.com | udp |
| US | 8.8.8.8:53 | lykytej.com | udp |
| US | 8.8.8.8:53 | ganyvoz.com | udp |
| US | 8.8.8.8:53 | ganyfes.com | udp |
| US | 8.8.8.8:53 | vopyjuf.com | udp |
| US | 8.8.8.8:53 | qebyvop.com | udp |
| US | 8.8.8.8:53 | gatyhub.com | udp |
| US | 8.8.8.8:53 | pujyteq.com | udp |
| US | 8.8.8.8:53 | lyvyvix.com | udp |
| US | 8.8.8.8:53 | qetyhyg.com | udp |
| US | 8.8.8.8:53 | vojyrak.com | udp |
| US | 8.8.8.8:53 | puvycip.com | udp |
| US | 8.8.8.8:53 | lykyxur.com | udp |
| US | 8.8.8.8:53 | gatyhub.com | udp |
| US | 8.8.8.8:53 | qetyhyg.com | udp |
| US | 72.52.179.174:80 | gatyhub.com | tcp |
| US | 64.225.91.73:80 | qetyhyg.com | tcp |
| US | 72.52.179.174:80 | gatyhub.com | tcp |
| US | 8.8.8.8:53 | 174.179.52.72.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | gahyraw.com | udp |
| US | 8.8.8.8:53 | lyrygyn.com | udp |
| US | 8.8.8.8:53 | vocycuc.com | udp |
| US | 8.8.8.8:53 | qegyrol.com | udp |
| US | 8.8.8.8:53 | purygeg.com | udp |
| US | 8.8.8.8:53 | gacycus.com | udp |
| US | 8.8.8.8:53 | lygywor.com | udp |
| US | 8.8.8.8:53 | vowygem.com | udp |
| US | 8.8.8.8:53 | qexyxuv.com | udp |
| US | 8.8.8.8:53 | pufywil.com | udp |
| US | 8.8.8.8:53 | gaqyfah.com | udp |
| US | 8.8.8.8:53 | lyxyxyd.com | udp |
| US | 8.8.8.8:53 | vofyqit.com | udp |
| US | 8.8.8.8:53 | qeqyfaq.com | udp |
| US | 8.8.8.8:53 | puzyxyv.com | udp |
| US | 8.8.8.8:53 | gadyquz.com | udp |
| US | 8.8.8.8:53 | lymyfoj.com | udp |
| US | 8.8.8.8:53 | volyzef.com | udp |
| US | 8.8.8.8:53 | qedyqup.com | udp |
| US | 8.8.8.8:53 | pumydoq.com | udp |
| US | 8.8.8.8:53 | galyzeb.com | udp |
| US | 8.8.8.8:53 | vonydik.com | udp |
| US | 8.8.8.8:53 | lysymux.com | udp |
| US | 8.8.8.8:53 | qekylag.com | udp |
| US | 8.8.8.8:53 | pupymyp.com | udp |
| US | 8.8.8.8:53 | ganydiw.com | udp |
| US | 8.8.8.8:53 | lykylan.com | udp |
| US | 8.8.8.8:53 | vopymyc.com | udp |
| US | 8.8.8.8:53 | qebysul.com | udp |
| US | 8.8.8.8:53 | pujylog.com | udp |
| US | 8.8.8.8:53 | gatynes.com | udp |
| US | 8.8.8.8:53 | vojykom.com | udp |
| US | 8.8.8.8:53 | puvypul.com | udp |
| US | 8.8.8.8:53 | qetynev.com | udp |
| US | 8.8.8.8:53 | lyrynad.com | udp |
| US | 8.8.8.8:53 | gahykih.com | udp |
| US | 8.8.8.8:53 | qegykiq.com | udp |
| US | 8.8.8.8:53 | vocypyt.com | udp |
| US | 8.8.8.8:53 | purybav.com | udp |
| US | 8.8.8.8:53 | lygyjuj.com | udp |
| US | 8.8.8.8:53 | vowybof.com | udp |
| US | 8.8.8.8:53 | qexytep.com | udp |
| US | 8.8.8.8:53 | gaqyvob.com | udp |
| US | 8.8.8.8:53 | pufyjuq.com | udp |
| US | 8.8.8.8:53 | lyxytex.com | udp |
| US | 8.8.8.8:53 | vofyjuk.com | udp |
| US | 8.8.8.8:53 | puzytap.com | udp |
| US | 8.8.8.8:53 | qeqyvig.com | udp |
| US | 8.8.8.8:53 | lymyvin.com | udp |
| US | 8.8.8.8:53 | gadyhyw.com | udp |
| US | 8.8.8.8:53 | volyrac.com | udp |
| US | 8.8.8.8:53 | qedyhyl.com | udp |
| US | 8.8.8.8:53 | pumycug.com | udp |
| US | 8.8.8.8:53 | galyros.com | udp |
| US | 8.8.8.8:53 | lysyger.com | udp |
| US | 8.8.8.8:53 | vonycum.com | udp |
| US | 8.8.8.8:53 | qekyrov.com | udp |
| US | 8.8.8.8:53 | pupygel.com | udp |
| US | 8.8.8.8:53 | lykywid.com | udp |
| US | 8.8.8.8:53 | ganycuh.com | udp |
| US | 8.8.8.8:53 | vopygat.com | udp |
| US | 8.8.8.8:53 | qebyxyq.com | udp |
| US | 8.8.8.8:53 | pujywiv.com | udp |
| US | 8.8.8.8:53 | gatyfaz.com | udp |
| US | 8.8.8.8:53 | lyvyxyj.com | udp |
| US | 8.8.8.8:53 | vojyquf.com | udp |
| US | 8.8.8.8:53 | qetyfop.com | udp |
| US | 8.8.8.8:53 | puvyxeq.com | udp |
| US | 8.8.8.8:53 | lyryfox.com | udp |
| US | 8.8.8.8:53 | vocyzek.com | udp |
| US | 8.8.8.8:53 | qegyqug.com | udp |
| US | 8.8.8.8:53 | purydip.com | udp |
| US | 8.8.8.8:53 | gacyzaw.com | udp |
| US | 8.8.8.8:53 | lygymyn.com | udp |
| US | 8.8.8.8:53 | vowydic.com | udp |
| US | 8.8.8.8:53 | qexylal.com | udp |
| US | 8.8.8.8:53 | pufymyg.com | udp |
| US | 8.8.8.8:53 | gaqydus.com | udp |
| US | 8.8.8.8:53 | lyxylor.com | udp |
| US | 8.8.8.8:53 | vofymem.com | udp |
| US | 8.8.8.8:53 | qeqysuv.com | udp |
| US | 8.8.8.8:53 | puzylol.com | udp |
| US | 8.8.8.8:53 | gadyneh.com | udp |
| US | 8.8.8.8:53 | lymysud.com | udp |
| US | 8.8.8.8:53 | volykit.com | udp |
| US | 8.8.8.8:53 | qedynaq.com | udp |
| US | 8.8.8.8:53 | pumypyv.com | udp |
| US | 8.8.8.8:53 | galykiz.com | udp |
| US | 8.8.8.8:53 | lysynaj.com | udp |
| US | 8.8.8.8:53 | vonypyf.com | udp |
| US | 8.8.8.8:53 | qekykup.com | udp |
| US | 8.8.8.8:53 | pupyboq.com | udp |
| US | 8.8.8.8:53 | ganypeb.com | udp |
| US | 8.8.8.8:53 | lykyjux.com | udp |
| US | 8.8.8.8:53 | vopybok.com | udp |
| US | 8.8.8.8:53 | qebyteg.com | udp |
| US | 8.8.8.8:53 | pujyjup.com | udp |
| US | 8.8.8.8:53 | lyvytan.com | udp |
| US | 8.8.8.8:53 | gatyviw.com | udp |
| US | 8.8.8.8:53 | vojyjyc.com | udp |
| US | 8.8.8.8:53 | qetyvil.com | udp |
| US | 8.8.8.8:53 | puvytag.com | udp |
| US | 8.8.8.8:53 | gahyhys.com | udp |
| US | 8.8.8.8:53 | lyryvur.com | udp |
| US | 8.8.8.8:53 | vocyrom.com | udp |
| US | 8.8.8.8:53 | qegyhev.com | udp |
| US | 8.8.8.8:53 | purycul.com | udp |
| US | 8.8.8.8:53 | lygyged.com | udp |
| US | 8.8.8.8:53 | vowycut.com | udp |
| US | 8.8.8.8:53 | qexyriq.com | udp |
| US | 8.8.8.8:53 | gacyroh.com | udp |
| US | 8.8.8.8:53 | pufygav.com | udp |
| US | 8.8.8.8:53 | gaqycyz.com | udp |
| US | 8.8.8.8:53 | lyxywij.com | udp |
| US | 8.8.8.8:53 | vofygaf.com | udp |
| US | 8.8.8.8:53 | gadyfob.com | udp |
| US | 8.8.8.8:53 | qeqyxyp.com | udp |
| US | 8.8.8.8:53 | lymyxex.com | udp |
| US | 8.8.8.8:53 | qedyfog.com | udp |
| US | 8.8.8.8:53 | volyquk.com | udp |
| US | 8.8.8.8:53 | galyquw.com | udp |
| US | 8.8.8.8:53 | lysyfin.com | udp |
| US | 8.8.8.8:53 | vonyzac.com | udp |
| US | 8.8.8.8:53 | pumyxep.com | udp |
Files
memory/4360-0-0x0000000002690000-0x00000000026E1000-memory.dmp
memory/4360-1-0x0000000000400000-0x000000000045F000-memory.dmp
C:\Windows\apppatch\svchost.exe
| MD5 | 1249b8e9427a6f93de4ca2646b75fe23 |
| SHA1 | b06f60bbcbe85ca603dc4bc2e0bc00168a8b05f4 |
| SHA256 | 8f2e3243756710cf0444db8c63fc2a2539301e33902fd763502bec29adef5912 |
| SHA512 | 614882918e811a355dec27da66ff70b069958098e7dd208f68c06d26a5ba1aada18b49526535433593595e19f76f0026d17087b9d2e20f8c9e575413b36010b1 |
memory/4360-11-0x0000000000400000-0x00000000005AE000-memory.dmp
memory/3360-14-0x0000000000400000-0x00000000005AE000-memory.dmp
memory/4360-13-0x0000000000400000-0x000000000045F000-memory.dmp
memory/4360-12-0x0000000002690000-0x00000000026E1000-memory.dmp
memory/3360-15-0x0000000000400000-0x00000000005AE000-memory.dmp
memory/3360-16-0x00000000028D0000-0x0000000002978000-memory.dmp
memory/3360-17-0x0000000000400000-0x00000000005AE000-memory.dmp
memory/3360-18-0x0000000002D00000-0x0000000002DB6000-memory.dmp
memory/3360-22-0x0000000002D00000-0x0000000002DB6000-memory.dmp
memory/3360-20-0x0000000002D00000-0x0000000002DB6000-memory.dmp
memory/3360-24-0x0000000002D00000-0x0000000002DB6000-memory.dmp
memory/3360-25-0x0000000002D00000-0x0000000002DB6000-memory.dmp
memory/3360-59-0x0000000002D00000-0x0000000002DB6000-memory.dmp
memory/3360-43-0x0000000002D00000-0x0000000002DB6000-memory.dmp
memory/3360-39-0x0000000002D00000-0x0000000002DB6000-memory.dmp
memory/3360-38-0x0000000002D00000-0x0000000002DB6000-memory.dmp
memory/3360-37-0x0000000002D00000-0x0000000002DB6000-memory.dmp
memory/3360-36-0x0000000002D00000-0x0000000002DB6000-memory.dmp
memory/3360-35-0x0000000002D00000-0x0000000002DB6000-memory.dmp
memory/3360-34-0x0000000002D00000-0x0000000002DB6000-memory.dmp
memory/3360-32-0x0000000002D00000-0x0000000002DB6000-memory.dmp
memory/3360-31-0x0000000002D00000-0x0000000002DB6000-memory.dmp
memory/3360-30-0x0000000002D00000-0x0000000002DB6000-memory.dmp
memory/3360-29-0x0000000002D00000-0x0000000002DB6000-memory.dmp
memory/3360-28-0x0000000002D00000-0x0000000002DB6000-memory.dmp
memory/3360-27-0x0000000002D00000-0x0000000002DB6000-memory.dmp
memory/3360-26-0x0000000002D00000-0x0000000002DB6000-memory.dmp
memory/3360-33-0x0000000002D00000-0x0000000002DB6000-memory.dmp
memory/3360-23-0x0000000002D00000-0x0000000002DB6000-memory.dmp
memory/3360-66-0x0000000002D00000-0x0000000002DB6000-memory.dmp
memory/3360-73-0x0000000002D00000-0x0000000002DB6000-memory.dmp
memory/3360-79-0x0000000002D00000-0x0000000002DB6000-memory.dmp
memory/3360-78-0x0000000002D00000-0x0000000002DB6000-memory.dmp
memory/3360-77-0x0000000002D00000-0x0000000002DB6000-memory.dmp
memory/3360-76-0x0000000002D00000-0x0000000002DB6000-memory.dmp
memory/3360-75-0x0000000002D00000-0x0000000002DB6000-memory.dmp
memory/3360-72-0x0000000002D00000-0x0000000002DB6000-memory.dmp
memory/3360-71-0x0000000002D00000-0x0000000002DB6000-memory.dmp
memory/3360-68-0x0000000002D00000-0x0000000002DB6000-memory.dmp
memory/3360-74-0x0000000002D00000-0x0000000002DB6000-memory.dmp
memory/3360-65-0x0000000002D00000-0x0000000002DB6000-memory.dmp
memory/3360-64-0x0000000002D00000-0x0000000002DB6000-memory.dmp
memory/3360-63-0x0000000002D00000-0x0000000002DB6000-memory.dmp
memory/3360-62-0x0000000002D00000-0x0000000002DB6000-memory.dmp
memory/3360-61-0x0000000002D00000-0x0000000002DB6000-memory.dmp
memory/3360-60-0x0000000002D00000-0x0000000002DB6000-memory.dmp
memory/3360-58-0x0000000002D00000-0x0000000002DB6000-memory.dmp
memory/3360-57-0x0000000002D00000-0x0000000002DB6000-memory.dmp
memory/3360-56-0x0000000002D00000-0x0000000002DB6000-memory.dmp
memory/3360-55-0x0000000002D00000-0x0000000002DB6000-memory.dmp
memory/3360-54-0x0000000002D00000-0x0000000002DB6000-memory.dmp
memory/3360-53-0x0000000002D00000-0x0000000002DB6000-memory.dmp
memory/3360-52-0x0000000002D00000-0x0000000002DB6000-memory.dmp
memory/3360-51-0x0000000002D00000-0x0000000002DB6000-memory.dmp
memory/3360-50-0x0000000002D00000-0x0000000002DB6000-memory.dmp
memory/3360-49-0x0000000002D00000-0x0000000002DB6000-memory.dmp
memory/3360-48-0x0000000002D00000-0x0000000002DB6000-memory.dmp
memory/3360-47-0x0000000002D00000-0x0000000002DB6000-memory.dmp
memory/3360-46-0x0000000002D00000-0x0000000002DB6000-memory.dmp
memory/3360-45-0x0000000002D00000-0x0000000002DB6000-memory.dmp
memory/3360-44-0x0000000002D00000-0x0000000002DB6000-memory.dmp
memory/3360-42-0x0000000002D00000-0x0000000002DB6000-memory.dmp
memory/3360-41-0x0000000002D00000-0x0000000002DB6000-memory.dmp
memory/3360-40-0x0000000002D00000-0x0000000002DB6000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\C919.tmp
| MD5 | 3230803f7d32881f8d8da6c252c04fc6 |
| SHA1 | d7322254b4ddee3ad86ed89c4e0b0a1dea9720ad |
| SHA256 | 0e0e99302d3557622be102a8fe53a63f3c978ab219c0da05e9e300a0c8db4346 |
| SHA512 | 0b4adba31756f6a8765cc835beda17c4263e29523d7823c4552fb98e058395fa2fdfb70cdf091aba1f3511050802796fc1dd5320082a40c702377064bb8b6370 |
C:\Users\Admin\AppData\Local\Temp\6DAE.tmp
| MD5 | 926512864979bc27cf187f1de3f57aff |
| SHA1 | acdeb9d6187932613c7fa08eaf28f0cd8116f4b5 |
| SHA256 | b3e893a653ec06c05ee90f2f6e98cc052a92f6616d7cca8c416420e178dcc73f |
| SHA512 | f6f9fd3ca9305bec879cfcd38e64111a18e65e30d25c49e9f2cd546cbab9b2dcd03eca81952f6b77c0eaab20192ef7bef0d8d434f6f371811929e75f8620633b |