Analysis Overview
SHA256
d56bd415ae2cc3d890580a2e871892d92aa784869c4613647733d8ce4a5fc753
Threat Level: Known bad
The file d56bd415ae2cc3d890580a2e871892d92aa784869c4613647733d8ce4a5fc753 was found to be: Known bad.
Malicious Activity Summary
Simda family
simda
Modifies WinLogon for persistence
Modifies WinLogon
Adds Run key to start application
System Location Discovery: System Language Discovery
Unsigned PE
Suspicious use of AdjustPrivilegeToken
Suspicious behavior: EnumeratesProcesses
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-11-04 05:12
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral2
Detonation Overview
Submitted
2024-11-04 05:12
Reported
2024-11-04 05:15
Platform
win10v2004-20241007-en
Max time kernel
150s
Max time network
154s
Command Line
Signatures
Modifies WinLogon for persistence
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\userinit = "C:\\Windows\\system32\\userinit.exe,C:\\Users\\Admin\\AppData\\Local\\Temp\\D56BD4~1.EXE," | C:\Users\Admin\AppData\Local\Temp\d56bd415ae2cc3d890580a2e871892d92aa784869c4613647733d8ce4a5fc753.exe | N/A |
Simda family
simda
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\userinit = "C:\\Users\\Admin\\AppData\\Local\\Temp\\D56BD4~1.EXE" | C:\Users\Admin\AppData\Local\Temp\d56bd415ae2cc3d890580a2e871892d92aa784869c4613647733d8ce4a5fc753.exe | N/A |
Modifies WinLogon
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\System = "C:\\Users\\Admin\\AppData\\Local\\Temp\\D56BD4~1.EXE" | C:\Users\Admin\AppData\Local\Temp\d56bd415ae2cc3d890580a2e871892d92aa784869c4613647733d8ce4a5fc753.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\a4973cd3 = "ÿE\u00a0AD÷\vÀ0\u00adH\x01E8uuGÏH\x03(sµ_“4ýC{ŽÜ)\rÞ\u00ad1ƒÌ¶\x02>\x03\u00adê„\x15®\u0081q\u008dîá\u0090\x06£ŸÏX:i\x7fÉ\x12‹Ù]6e\x02MÙ§´\nåÂ0’m\x0fµgêèä©«l0t28·B\x11Ž\x1a™z‡ô`]\x0f|Ìl$ßÍ•+{éj\u0081\x1cçd\x02LÔ¬ß2ýZŒN—\ti„|D©MLŸZ\x11ù\x7fDl\u008d\x1bŒæü‡\x11½\x02\u0081jL\u008fmBÓj2Í*rm»ÆvDG\x14\u009d*ê\füÓnme£;\r*oÅ\u009d\u008f+j³NÔrÛ|ÔóVa¶Ì\u0081·ìbÍüô7QL;\x13òåYBçL–Ñ.\x1cK„\v\x05±\x1cRçæ÷…+—Ï¡¡û6\r\a\x1b†t\x04\u0081\x1bÚ~ãžÊƒåÍ" | C:\Users\Admin\AppData\Local\Temp\d56bd415ae2cc3d890580a2e871892d92aa784869c4613647733d8ce4a5fc753.exe | N/A |
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\d56bd415ae2cc3d890580a2e871892d92aa784869c4613647733d8ce4a5fc753.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeSecurityPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\d56bd415ae2cc3d890580a2e871892d92aa784869c4613647733d8ce4a5fc753.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\d56bd415ae2cc3d890580a2e871892d92aa784869c4613647733d8ce4a5fc753.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\d56bd415ae2cc3d890580a2e871892d92aa784869c4613647733d8ce4a5fc753.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\d56bd415ae2cc3d890580a2e871892d92aa784869c4613647733d8ce4a5fc753.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\d56bd415ae2cc3d890580a2e871892d92aa784869c4613647733d8ce4a5fc753.exe
"C:\Users\Admin\AppData\Local\Temp\d56bd415ae2cc3d890580a2e871892d92aa784869c4613647733d8ce4a5fc753.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 104.219.191.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 73.209.201.84.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 67.31.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 57.169.31.20.in-addr.arpa | udp |
| GB | 92.123.128.146:80 | www.bing.com | tcp |
| US | 8.8.8.8:53 | cihunemyror.eu | udp |
| US | 8.8.8.8:53 | digivehusyd.eu | udp |
| US | 8.8.8.8:53 | vofozymufok.eu | udp |
| US | 8.8.8.8:53 | fodakyhijyv.eu | udp |
| US | 8.8.8.8:53 | nopegymozow.eu | udp |
| US | 8.8.8.8:53 | gatedyhavyd.eu | udp |
| US | 8.8.8.8:53 | marytymenok.eu | udp |
| US | 8.8.8.8:53 | jewuqyjywyv.eu | udp |
| US | 8.8.8.8:53 | qeqinuqypoq.eu | udp |
| US | 8.8.8.8:53 | kemocujufys.eu | udp |
| US | 8.8.8.8:53 | rynazuqihoj.eu | udp |
| US | 8.8.8.8:53 | lyvejujolec.eu | udp |
| NL | 5.79.71.225:80 | lyvejujolec.eu | tcp |
| NL | 5.79.71.225:80 | lyvejujolec.eu | tcp |
| NL | 85.17.31.122:80 | lyvejujolec.eu | tcp |
| NL | 5.79.71.225:80 | lyvejujolec.eu | tcp |
| DE | 178.162.217.107:80 | lyvejujolec.eu | tcp |
| NL | 85.17.31.82:80 | lyvejujolec.eu | tcp |
| DE | 178.162.203.226:80 | lyvejujolec.eu | tcp |
| NL | 5.79.71.225:80 | lyvejujolec.eu | tcp |
| DE | 178.162.203.226:80 | lyvejujolec.eu | tcp |
| NL | 85.17.31.122:80 | lyvejujolec.eu | tcp |
| US | 8.8.8.8:53 | tucyguqaciq.eu | udp |
| US | 8.8.8.8:53 | xuxusujenes.eu | udp |
| US | 8.8.8.8:53 | ciliqikytec.eu | udp |
| US | 8.8.8.8:53 | dikoniwudim.eu | udp |
| US | 8.8.8.8:53 | vojacikigep.eu | udp |
| US | 8.8.8.8:53 | fogeliwokih.eu | udp |
| US | 8.8.8.8:53 | nofyjikoxex.eu | udp |
| US | 8.8.8.8:53 | gadufiwabim.eu | udp |
| US | 8.8.8.8:53 | masisokemep.eu | udp |
| US | 8.8.8.8:53 | jepororyrih.eu | udp |
| NL | 5.79.71.225:80 | jepororyrih.eu | tcp |
| US | 8.8.8.8:53 | qetoqolusex.eu | udp |
| US | 8.8.8.8:53 | keraborigin.eu | udp |
| NL | 85.17.31.82:80 | keraborigin.eu | tcp |
| DE | 178.162.203.226:80 | keraborigin.eu | tcp |
| DE | 178.162.203.211:80 | keraborigin.eu | tcp |
| NL | 85.17.31.82:80 | keraborigin.eu | tcp |
| US | 8.8.8.8:53 | ryqecolijet.eu | udp |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | tunujolavez.eu | udp |
| US | 8.8.8.8:53 | xubifaremin.eu | udp |
| US | 8.8.8.8:53 | puvopalywet.eu | udp |
| US | 8.8.8.8:53 | cicaratupig.eu | udp |
| US | 8.8.8.8:53 | dixemazufel.eu | udp |
| DE | 178.162.203.211:80 | dixemazufel.eu | tcp |
| US | 8.8.8.8:53 | volebatijub.eu | udp |
| US | 8.8.8.8:53 | fokyxazolar.eu | udp |
| US | 8.8.8.8:53 | nojuletacuf.eu | udp |
| US | 8.8.8.8:53 | gahihezenal.eu | udp |
| NL | 85.17.31.122:80 | gahihezenal.eu | tcp |
| US | 8.8.8.8:53 | magofetequb.eu | udp |
| US | 8.8.8.8:53 | jefapexytar.eu | udp |
| US | 8.8.8.8:53 | qederepuduf.eu | udp |
| US | 8.8.8.8:53 | kepymexihak.eu | udp |
| NL | 5.79.71.225:80 | kepymexihak.eu | tcp |
| US | 8.8.8.8:53 | rytuvepokuv.eu | udp |
| US | 8.8.8.8:53 | lyruxyxaxaw.eu | udp |
| US | 8.8.8.8:53 | tuwikypabud.eu | udp |
| US | 8.8.8.8:53 | xuqohyxeqak.eu | udp |
| US | 8.8.8.8:53 | pumadypyruv.eu | udp |
| US | 8.8.8.8:53 | cinepycusaw.eu | udp |
| US | 8.8.8.8:53 | divywysigud.eu | udp |
| US | 8.8.8.8:53 | vocumucokaj.eu | udp |
| US | 8.8.8.8:53 | foxivusozuc.eu | udp |
| US | 8.8.8.8:53 | nozoxucavaq.eu | udp |
| US | 8.8.8.8:53 | puzutuqeqij.eu | udp |
| NL | 85.17.31.122:80 | puzutuqeqij.eu | tcp |
| DE | 178.162.217.107:80 | puzutuqeqij.eu | tcp |
| NL | 85.17.31.82:80 | puzutuqeqij.eu | tcp |
| NL | 5.79.71.205:80 | puzutuqeqij.eu | tcp |
| US | 8.8.8.8:53 | galokusemus.eu | udp |
| US | 8.8.8.8:53 | makagucyraj.eu | udp |
| US | 8.8.8.8:53 | jejedudupuc.eu | udp |
| US | 8.8.8.8:53 | qegytuvufoq.eu | udp |
| US | 8.8.8.8:53 | kefuwidijyp.eu | udp |
| US | 8.8.8.8:53 | rydinivoloh.eu | udp |
| US | 8.8.8.8:53 | lysovidacyx.eu | udp |
| US | 8.8.8.8:53 | tupazivenom.eu | udp |
| DE | 178.162.203.211:80 | tupazivenom.eu | tcp |
| DE | 178.162.203.211:80 | tupazivenom.eu | tcp |
| DE | 178.162.203.226:80 | tupazivenom.eu | tcp |
| NL | 85.17.31.82:80 | tupazivenom.eu | tcp |
| NL | 5.79.71.205:80 | tupazivenom.eu | tcp |
| NL | 85.17.31.122:80 | tupazivenom.eu | tcp |
| DE | 178.162.203.211:80 | tupazivenom.eu | tcp |
| NL | 85.17.31.122:80 | tupazivenom.eu | tcp |
| DE | 178.162.203.211:80 | tupazivenom.eu | tcp |
| DE | 178.162.203.226:80 | tupazivenom.eu | tcp |
| NL | 85.17.31.82:80 | tupazivenom.eu | tcp |
| NL | 5.79.71.205:80 | tupazivenom.eu | tcp |
| DE | 178.162.217.107:80 | tupazivenom.eu | tcp |
| NL | 85.17.31.122:80 | tupazivenom.eu | tcp |
| NL | 5.79.71.225:80 | tupazivenom.eu | tcp |
| DE | 178.162.203.211:80 | tupazivenom.eu | tcp |
| NL | 85.17.31.122:80 | tupazivenom.eu | tcp |
| NL | 85.17.31.82:80 | tupazivenom.eu | tcp |
| NL | 5.79.71.225:80 | tupazivenom.eu | tcp |
| NL | 85.17.31.122:80 | tupazivenom.eu | tcp |
| DE | 178.162.203.211:80 | tupazivenom.eu | tcp |
| NL | 85.17.31.82:80 | tupazivenom.eu | tcp |
| NL | 85.17.31.82:80 | tupazivenom.eu | tcp |
| DE | 178.162.203.226:80 | tupazivenom.eu | tcp |
| NL | 85.17.31.82:80 | tupazivenom.eu | tcp |
| NL | 5.79.71.205:80 | tupazivenom.eu | tcp |
| DE | 178.162.217.107:80 | tupazivenom.eu | tcp |
| US | 8.8.8.8:53 | xutekidywyp.eu | udp |
| DE | 178.162.203.211:80 | xutekidywyp.eu | tcp |
| NL | 5.79.71.205:80 | xutekidywyp.eu | tcp |
| DE | 178.162.203.226:80 | xutekidywyp.eu | tcp |
| NL | 85.17.31.82:80 | xutekidywyp.eu | tcp |
| NL | 85.17.31.82:80 | xutekidywyp.eu | tcp |
| US | 8.8.8.8:53 | puregivytoh.eu | udp |
| US | 8.8.8.8:53 | ciqydofudyx.eu | udp |
| US | 8.8.8.8:53 | dimutobihom.eu | udp |
| US | 8.8.8.8:53 | voniqofolyt.eu | udp |
| US | 8.8.8.8:53 | fobonobaxog.eu | udp |
| DE | 178.162.203.211:80 | fobonobaxog.eu | tcp |
| NL | 85.17.31.122:80 | fobonobaxog.eu | tcp |
| NL | 85.17.31.122:80 | fobonobaxog.eu | tcp |
| NL | 5.79.71.205:80 | fobonobaxog.eu | tcp |
| NL | 85.17.31.82:80 | fobonobaxog.eu | tcp |
| NL | 5.79.71.225:80 | fobonobaxog.eu | tcp |
| NL | 85.17.31.122:80 | fobonobaxog.eu | tcp |
| NL | 5.79.71.205:80 | fobonobaxog.eu | tcp |
| NL | 5.79.71.205:80 | fobonobaxog.eu | tcp |
| NL | 5.79.71.205:80 | fobonobaxog.eu | tcp |
| NL | 85.17.31.82:80 | fobonobaxog.eu | tcp |
| NL | 5.79.71.205:80 | fobonobaxog.eu | tcp |
| NL | 5.79.71.205:80 | fobonobaxog.eu | tcp |
| NL | 5.79.71.205:80 | fobonobaxog.eu | tcp |
| US | 8.8.8.8:53 | 146.128.123.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 205.71.79.5.in-addr.arpa | udp |
| DE | 178.162.203.226:80 | fobonobaxog.eu | tcp |
| NL | 85.17.31.122:80 | fobonobaxog.eu | tcp |
| NL | 85.17.31.82:80 | fobonobaxog.eu | tcp |
| NL | 85.17.31.82:80 | fobonobaxog.eu | tcp |
| NL | 85.17.31.82:80 | fobonobaxog.eu | tcp |
| NL | 85.17.31.82:80 | fobonobaxog.eu | tcp |
| NL | 85.17.31.82:80 | fobonobaxog.eu | tcp |
| NL | 85.17.31.82:80 | fobonobaxog.eu | tcp |
| NL | 85.17.31.82:80 | fobonobaxog.eu | tcp |
| NL | 85.17.31.82:80 | fobonobaxog.eu | tcp |
| NL | 85.17.31.82:80 | fobonobaxog.eu | tcp |
| NL | 85.17.31.82:80 | fobonobaxog.eu | tcp |
| NL | 85.17.31.82:80 | fobonobaxog.eu | tcp |
| NL | 85.17.31.82:80 | fobonobaxog.eu | tcp |
| NL | 85.17.31.82:80 | fobonobaxog.eu | tcp |
| NL | 85.17.31.122:80 | fobonobaxog.eu | tcp |
| NL | 85.17.31.82:80 | fobonobaxog.eu | tcp |
| NL | 85.17.31.122:80 | fobonobaxog.eu | tcp |
| NL | 85.17.31.122:80 | fobonobaxog.eu | tcp |
| NL | 85.17.31.122:80 | fobonobaxog.eu | tcp |
| NL | 85.17.31.82:80 | fobonobaxog.eu | tcp |
| NL | 85.17.31.82:80 | fobonobaxog.eu | tcp |
| NL | 85.17.31.82:80 | fobonobaxog.eu | tcp |
| NL | 85.17.31.82:80 | fobonobaxog.eu | tcp |
| NL | 85.17.31.82:80 | fobonobaxog.eu | tcp |
| NL | 85.17.31.82:80 | fobonobaxog.eu | tcp |
| NL | 85.17.31.82:80 | fobonobaxog.eu | tcp |
| NL | 85.17.31.82:80 | fobonobaxog.eu | tcp |
| NL | 85.17.31.82:80 | fobonobaxog.eu | tcp |
| NL | 85.17.31.82:80 | fobonobaxog.eu | tcp |
| NL | 85.17.31.82:80 | fobonobaxog.eu | tcp |
| NL | 85.17.31.82:80 | fobonobaxog.eu | tcp |
| NL | 85.17.31.82:80 | fobonobaxog.eu | tcp |
| NL | 85.17.31.82:80 | fobonobaxog.eu | tcp |
| NL | 85.17.31.122:80 | fobonobaxog.eu | tcp |
| NL | 85.17.31.122:80 | fobonobaxog.eu | tcp |
| NL | 85.17.31.122:80 | fobonobaxog.eu | tcp |
| NL | 85.17.31.122:80 | fobonobaxog.eu | tcp |
| NL | 85.17.31.122:80 | fobonobaxog.eu | tcp |
| NL | 85.17.31.122:80 | fobonobaxog.eu | tcp |
| NL | 85.17.31.122:80 | fobonobaxog.eu | tcp |
| NL | 85.17.31.122:80 | fobonobaxog.eu | tcp |
| NL | 85.17.31.122:80 | fobonobaxog.eu | tcp |
| NL | 85.17.31.122:80 | fobonobaxog.eu | tcp |
| NL | 85.17.31.122:80 | fobonobaxog.eu | tcp |
| NL | 85.17.31.122:80 | fobonobaxog.eu | tcp |
| NL | 85.17.31.122:80 | fobonobaxog.eu | tcp |
| NL | 85.17.31.122:80 | fobonobaxog.eu | tcp |
| NL | 85.17.31.122:80 | fobonobaxog.eu | tcp |
| US | 8.8.8.8:53 | 82.31.17.85.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 122.31.17.85.in-addr.arpa | udp |
| NL | 5.79.71.205:80 | fobonobaxog.eu | tcp |
| NL | 85.17.31.82:80 | fobonobaxog.eu | tcp |
| NL | 85.17.31.82:80 | fobonobaxog.eu | tcp |
| NL | 5.79.71.205:80 | fobonobaxog.eu | tcp |
| DE | 178.162.203.202:80 | fobonobaxog.eu | tcp |
| NL | 5.79.71.225:80 | fobonobaxog.eu | tcp |
| DE | 178.162.203.202:80 | fobonobaxog.eu | tcp |
| NL | 5.79.71.205:80 | fobonobaxog.eu | tcp |
| NL | 5.79.71.225:80 | fobonobaxog.eu | tcp |
| DE | 178.162.203.202:80 | fobonobaxog.eu | tcp |
| DE | 178.162.203.226:80 | fobonobaxog.eu | tcp |
| DE | 178.162.203.226:80 | fobonobaxog.eu | tcp |
| NL | 5.79.71.205:80 | fobonobaxog.eu | tcp |
| NL | 5.79.71.225:80 | fobonobaxog.eu | tcp |
| NL | 5.79.71.225:80 | fobonobaxog.eu | tcp |
| NL | 85.17.31.82:80 | fobonobaxog.eu | tcp |
| NL | 85.17.31.82:80 | fobonobaxog.eu | tcp |
| NL | 85.17.31.82:80 | fobonobaxog.eu | tcp |
| NL | 85.17.31.82:80 | fobonobaxog.eu | tcp |
| NL | 85.17.31.122:80 | fobonobaxog.eu | tcp |
| NL | 85.17.31.122:80 | fobonobaxog.eu | tcp |
| NL | 5.79.71.225:80 | fobonobaxog.eu | tcp |
| DE | 178.162.203.202:80 | fobonobaxog.eu | tcp |
| US | 8.8.8.8:53 | 28.118.140.52.in-addr.arpa | udp |
| NL | 5.79.71.225:80 | fobonobaxog.eu | tcp |
| US | 8.8.8.8:53 | 225.71.79.5.in-addr.arpa | udp |
| DE | 178.162.203.211:80 | fobonobaxog.eu | tcp |
| NL | 85.17.31.82:80 | fobonobaxog.eu | tcp |
| NL | 85.17.31.122:80 | fobonobaxog.eu | tcp |
| DE | 178.162.203.202:80 | fobonobaxog.eu | tcp |
| DE | 178.162.217.107:80 | fobonobaxog.eu | tcp |
| DE | 178.162.203.211:80 | fobonobaxog.eu | tcp |
| DE | 178.162.203.226:80 | fobonobaxog.eu | tcp |
| DE | 178.162.203.226:80 | fobonobaxog.eu | tcp |
| DE | 178.162.203.226:80 | fobonobaxog.eu | tcp |
| NL | 85.17.31.122:80 | fobonobaxog.eu | tcp |
| DE | 178.162.217.107:80 | fobonobaxog.eu | tcp |
| NL | 85.17.31.122:80 | fobonobaxog.eu | tcp |
| NL | 5.79.71.205:80 | fobonobaxog.eu | tcp |
| DE | 178.162.203.226:80 | fobonobaxog.eu | tcp |
| DE | 178.162.203.211:80 | fobonobaxog.eu | tcp |
| DE | 178.162.203.202:80 | fobonobaxog.eu | tcp |
| DE | 178.162.203.226:80 | fobonobaxog.eu | tcp |
| DE | 178.162.217.107:80 | fobonobaxog.eu | tcp |
| NL | 85.17.31.82:80 | fobonobaxog.eu | tcp |
| NL | 85.17.31.82:80 | fobonobaxog.eu | tcp |
| NL | 85.17.31.122:80 | fobonobaxog.eu | tcp |
| NL | 85.17.31.122:80 | fobonobaxog.eu | tcp |
| NL | 85.17.31.122:80 | fobonobaxog.eu | tcp |
| NL | 85.17.31.82:80 | fobonobaxog.eu | tcp |
| NL | 85.17.31.82:80 | fobonobaxog.eu | tcp |
| NL | 85.17.31.122:80 | fobonobaxog.eu | tcp |
| NL | 85.17.31.122:80 | fobonobaxog.eu | tcp |
| NL | 85.17.31.122:80 | fobonobaxog.eu | tcp |
| NL | 85.17.31.82:80 | fobonobaxog.eu | tcp |
| NL | 5.79.71.225:80 | fobonobaxog.eu | tcp |
| DE | 178.162.217.107:80 | fobonobaxog.eu | tcp |
| DE | 178.162.203.202:80 | fobonobaxog.eu | tcp |
| NL | 5.79.71.225:80 | fobonobaxog.eu | tcp |
| DE | 178.162.203.202:80 | fobonobaxog.eu | tcp |
| NL | 85.17.31.122:80 | fobonobaxog.eu | tcp |
| NL | 5.79.71.225:80 | fobonobaxog.eu | tcp |
| DE | 178.162.203.211:80 | fobonobaxog.eu | tcp |
| DE | 178.162.203.211:80 | fobonobaxog.eu | tcp |
| NL | 85.17.31.122:80 | fobonobaxog.eu | tcp |
| NL | 85.17.31.82:80 | fobonobaxog.eu | tcp |
| DE | 178.162.203.202:80 | fobonobaxog.eu | tcp |
| NL | 5.79.71.205:80 | fobonobaxog.eu | tcp |
| DE | 178.162.203.202:80 | fobonobaxog.eu | tcp |
| NL | 5.79.71.225:80 | fobonobaxog.eu | tcp |
| NL | 85.17.31.82:80 | fobonobaxog.eu | tcp |
| DE | 178.162.203.226:80 | fobonobaxog.eu | tcp |
| NL | 85.17.31.122:80 | fobonobaxog.eu | tcp |
| NL | 85.17.31.122:80 | fobonobaxog.eu | tcp |
| NL | 85.17.31.122:80 | fobonobaxog.eu | tcp |
| NL | 5.79.71.205:80 | fobonobaxog.eu | tcp |
| NL | 85.17.31.122:80 | fobonobaxog.eu | tcp |
| NL | 85.17.31.122:80 | fobonobaxog.eu | tcp |
| NL | 85.17.31.122:80 | fobonobaxog.eu | tcp |
| DE | 178.162.203.211:80 | fobonobaxog.eu | tcp |
| US | 8.8.8.8:53 | 206.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 56.163.245.4.in-addr.arpa | udp |
| NL | 5.79.71.225:80 | fobonobaxog.eu | tcp |
| DE | 178.162.203.211:80 | fobonobaxog.eu | tcp |
| DE | 178.162.203.211:80 | fobonobaxog.eu | tcp |
| DE | 178.162.203.211:80 | fobonobaxog.eu | tcp |
| US | 8.8.8.8:53 | 211.203.162.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.214.232.199.in-addr.arpa | udp |
| NL | 85.17.31.122:80 | fobonobaxog.eu | tcp |
| NL | 5.79.71.225:80 | fobonobaxog.eu | tcp |
| DE | 178.162.203.202:80 | fobonobaxog.eu | tcp |
| DE | 178.162.203.211:80 | fobonobaxog.eu | tcp |
| DE | 178.162.203.211:80 | fobonobaxog.eu | tcp |
| DE | 178.162.203.211:80 | fobonobaxog.eu | tcp |
| NL | 5.79.71.205:80 | fobonobaxog.eu | tcp |
| NL | 85.17.31.122:80 | fobonobaxog.eu | tcp |
| NL | 85.17.31.122:80 | fobonobaxog.eu | tcp |
| NL | 5.79.71.205:80 | fobonobaxog.eu | tcp |
| NL | 5.79.71.205:80 | fobonobaxog.eu | tcp |
| NL | 5.79.71.205:80 | fobonobaxog.eu | tcp |
| NL | 5.79.71.205:80 | fobonobaxog.eu | tcp |
| NL | 5.79.71.205:80 | fobonobaxog.eu | tcp |
| NL | 5.79.71.205:80 | fobonobaxog.eu | tcp |
| NL | 5.79.71.205:80 | fobonobaxog.eu | tcp |
| NL | 5.79.71.225:80 | fobonobaxog.eu | tcp |
| DE | 178.162.217.107:80 | fobonobaxog.eu | tcp |
| NL | 5.79.71.205:80 | fobonobaxog.eu | tcp |
| NL | 5.79.71.205:80 | fobonobaxog.eu | tcp |
| NL | 5.79.71.205:80 | fobonobaxog.eu | tcp |
| NL | 5.79.71.225:80 | fobonobaxog.eu | tcp |
| NL | 5.79.71.225:80 | fobonobaxog.eu | tcp |
| NL | 5.79.71.205:80 | fobonobaxog.eu | tcp |
| DE | 178.162.203.226:80 | fobonobaxog.eu | tcp |
| DE | 178.162.217.107:80 | fobonobaxog.eu | tcp |
| DE | 178.162.203.211:80 | fobonobaxog.eu | tcp |
| NL | 5.79.71.205:80 | fobonobaxog.eu | tcp |
| DE | 178.162.217.107:80 | fobonobaxog.eu | tcp |
| NL | 5.79.71.205:80 | fobonobaxog.eu | tcp |
| DE | 178.162.217.107:80 | fobonobaxog.eu | tcp |
| DE | 178.162.203.211:80 | fobonobaxog.eu | tcp |
| DE | 178.162.203.211:80 | fobonobaxog.eu | tcp |
| NL | 85.17.31.122:80 | fobonobaxog.eu | tcp |
| NL | 85.17.31.82:80 | fobonobaxog.eu | tcp |
| NL | 5.79.71.205:80 | fobonobaxog.eu | tcp |
| NL | 5.79.71.205:80 | fobonobaxog.eu | tcp |
| NL | 85.17.31.122:80 | fobonobaxog.eu | tcp |
| NL | 85.17.31.122:80 | fobonobaxog.eu | tcp |
| NL | 85.17.31.82:80 | fobonobaxog.eu | tcp |
| NL | 85.17.31.82:80 | fobonobaxog.eu | tcp |
| DE | 178.162.203.211:80 | fobonobaxog.eu | tcp |
| US | 8.8.8.8:53 | 0.204.248.87.in-addr.arpa | udp |
| NL | 5.79.71.205:80 | fobonobaxog.eu | tcp |
| NL | 5.79.71.205:80 | fobonobaxog.eu | tcp |
| NL | 5.79.71.205:80 | fobonobaxog.eu | tcp |
| DE | 178.162.203.211:80 | fobonobaxog.eu | tcp |
| DE | 178.162.203.211:80 | fobonobaxog.eu | tcp |
| DE | 178.162.203.211:80 | fobonobaxog.eu | tcp |
| NL | 5.79.71.205:80 | fobonobaxog.eu | tcp |
| DE | 178.162.203.211:80 | fobonobaxog.eu | tcp |
| NL | 5.79.71.205:80 | fobonobaxog.eu | tcp |
| NL | 5.79.71.225:80 | fobonobaxog.eu | tcp |
| NL | 5.79.71.225:80 | fobonobaxog.eu | tcp |
| DE | 178.162.217.107:80 | fobonobaxog.eu | tcp |
| NL | 85.17.31.122:80 | fobonobaxog.eu | tcp |
| NL | 85.17.31.122:80 | fobonobaxog.eu | tcp |
| NL | 85.17.31.82:80 | fobonobaxog.eu | tcp |
| NL | 85.17.31.82:80 | fobonobaxog.eu | tcp |
| US | 8.8.8.8:53 | 107.209.201.84.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.227.111.52.in-addr.arpa | udp |
| NL | 5.79.71.205:80 | fobonobaxog.eu | tcp |
| NL | 5.79.71.205:80 | fobonobaxog.eu | tcp |
| NL | 5.79.71.205:80 | fobonobaxog.eu | tcp |
| US | 8.8.8.8:53 | 45.19.74.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 10.28.171.150.in-addr.arpa | udp |
| DE | 178.162.203.226:80 | fobonobaxog.eu | tcp |
| DE | 178.162.217.107:80 | fobonobaxog.eu | tcp |
| DE | 178.162.217.107:80 | fobonobaxog.eu | tcp |
| DE | 178.162.203.226:80 | fobonobaxog.eu | tcp |
| NL | 85.17.31.82:80 | fobonobaxog.eu | tcp |
| DE | 178.162.203.211:80 | fobonobaxog.eu | tcp |
| DE | 178.162.203.211:80 | fobonobaxog.eu | tcp |
| NL | 85.17.31.82:80 | fobonobaxog.eu | tcp |
| NL | 85.17.31.82:80 | fobonobaxog.eu | tcp |
| US | 8.8.8.8:53 | novacofebyz.eu | udp |
| US | 8.8.8.8:53 | gacezobeqon.eu | udp |
| US | 8.8.8.8:53 | maxyjofytyt.eu | udp |
| US | 8.8.8.8:53 | jeluganusog.eu | udp |
| US | 8.8.8.8:53 | qekusagigyz.eu | udp |
| US | 8.8.8.8:53 | kejitanokon.eu | udp |
| US | 8.8.8.8:53 | ryhoqagoxyr.eu | udp |
| US | 8.8.8.8:53 | lygananavof.eu | udp |
| US | 8.8.8.8:53 | tufecagemyl.eu | udp |
| US | 8.8.8.8:53 | xudylenyrob.eu | udp |
| US | 8.8.8.8:53 | pupujeguper.eu | udp |
| US | 8.8.8.8:53 | citifemifif.eu | udp |
| US | 8.8.8.8:53 | dirosehijel.eu | udp |
| US | 8.8.8.8:53 | voworemoziv.eu | udp |
| US | 8.8.8.8:53 | foqaqehacew.eu | udp |
| US | 8.8.8.8:53 | nomebemenid.eu | udp |
| US | 8.8.8.8:53 | ganycyhywek.eu | udp |
| US | 8.8.8.8:53 | mavulymupiv.eu | udp |
| NL | 5.79.71.225:80 | mavulymupiv.eu | tcp |
| DE | 178.162.203.211:80 | mavulymupiv.eu | tcp |
| DE | 178.162.217.107:80 | mavulymupiv.eu | tcp |
| DE | 178.162.203.211:80 | mavulymupiv.eu | tcp |
| NL | 85.17.31.122:80 | mavulymupiv.eu | tcp |
| DE | 178.162.217.107:80 | mavulymupiv.eu | tcp |
| DE | 178.162.203.211:80 | mavulymupiv.eu | tcp |
| NL | 85.17.31.82:80 | mavulymupiv.eu | tcp |
| NL | 85.17.31.82:80 | mavulymupiv.eu | tcp |
| NL | 5.79.71.225:80 | mavulymupiv.eu | tcp |
| NL | 85.17.31.82:80 | mavulymupiv.eu | tcp |
| DE | 178.162.203.211:80 | mavulymupiv.eu | tcp |
| DE | 178.162.203.226:80 | mavulymupiv.eu | tcp |
| DE | 178.162.217.107:80 | mavulymupiv.eu | tcp |
| DE | 178.162.203.202:80 | mavulymupiv.eu | tcp |
| NL | 5.79.71.225:80 | mavulymupiv.eu | tcp |
| DE | 178.162.217.107:80 | mavulymupiv.eu | tcp |
| NL | 5.79.71.205:80 | mavulymupiv.eu | tcp |
| US | 8.8.8.8:53 | jecijyjudew.eu | udp |
| US | 8.8.8.8:53 | kezapyjolek.eu | udp |
| US | 8.8.8.8:53 | ryleryqacic.eu | udp |
| US | 8.8.8.8:53 | lykemujebeq.eu | udp |
| US | 8.8.8.8:53 | tujybuqeqis.eu | udp |
| US | 8.8.8.8:53 | pufiluqudic.eu | udp |
| US | 8.8.8.8:53 | cidohukigeq.eu | udp |
| US | 8.8.8.8:53 | fotyriwavix.eu | udp |
| US | 8.8.8.8:53 | disafuwokis.eu | udp |
| US | 8.8.8.8:53 | vopepukaxej.eu | udp |
| US | 8.8.8.8:53 | norumikemem.eu | udp |
| US | 8.8.8.8:53 | gaquviwyrup.eu | udp |
| US | 8.8.8.8:53 | mamixikusah.eu | udp |
| US | 8.8.8.8:53 | qebahilojam.eu | udp |
| US | 8.8.8.8:53 | jenokirifux.eu | udp |
| US | 8.8.8.8:53 | kevedorozup.eu | udp |
| US | 8.8.8.8:53 | rycypolavag.eu | udp |
| US | 8.8.8.8:53 | lyxuworenuz.eu | udp |
| US | 8.8.8.8:53 | tulimolywan.eu | udp |
| US | 8.8.8.8:53 | xukovoruput.eu | udp |
| US | 8.8.8.8:53 | pujoxolufag.eu | udp |
| US | 8.8.8.8:53 | cihakotihuz.eu | udp |
| US | 8.8.8.8:53 | digegazolan.eu | udp |
| US | 8.8.8.8:53 | nopiwatyqul.eu | udp |
| US | 8.8.8.8:53 | vofydatacut.eu | udp |
| US | 8.8.8.8:53 | fodutazenaf.eu | udp |
| US | 8.8.8.8:53 | gatonazytab.eu | udp |
| US | 8.8.8.8:53 | maravatudur.eu | udp |
| US | 8.8.8.8:53 | jewezexigaf.eu | udp |
| US | 8.8.8.8:53 | qeqekepokul.eu | udp |
| US | 8.8.8.8:53 | kemygexaxab.eu | udp |
| US | 8.8.8.8:53 | rynudepebur.eu | udp |
| US | 8.8.8.8:53 | lyvitexemod.eu | udp |
| US | 8.8.8.8:53 | tucoqepyryk.eu | udp |
| US | 8.8.8.8:53 | xuxanexusov.eu | udp |
| US | 8.8.8.8:53 | puzecypigyw.eu | udp |
| US | 8.8.8.8:53 | cilyzycojod.eu | udp |
| US | 8.8.8.8:53 | vojugycavov.eu | udp |
| US | 8.8.8.8:53 | fogisysemyq.eu | udp |
| US | 8.8.8.8:53 | dikujysozyk.eu | udp |
| US | 8.8.8.8:53 | gadaqusupyj.eu | udp |
| US | 8.8.8.8:53 | nofotycywos.eu | udp |
| US | 8.8.8.8:53 | masenucifoc.eu | udp |
| US | 8.8.8.8:53 | jepycudijyq.eu | udp |
| US | 8.8.8.8:53 | qexofyqihid.eu | udp |
| US | 8.8.8.8:53 | xuguxujytej.eu | udp |
| NL | 5.79.71.225:80 | xuguxujytej.eu | tcp |
| NL | 5.79.71.225:80 | xuguxujytej.eu | tcp |
| NL | 5.79.71.225:80 | xuguxujytej.eu | tcp |
| DE | 178.162.203.226:80 | xuguxujytej.eu | tcp |
| NL | 5.79.71.225:80 | xuguxujytej.eu | tcp |
| DE | 178.162.203.202:80 | xuguxujytej.eu | tcp |
| DE | 178.162.203.226:80 | xuguxujytej.eu | tcp |
| DE | 178.162.203.202:80 | xuguxujytej.eu | tcp |
| NL | 5.79.71.225:80 | xuguxujytej.eu | tcp |
| NL | 85.17.31.122:80 | xuguxujytej.eu | tcp |
| DE | 178.162.203.226:80 | xuguxujytej.eu | tcp |
| NL | 5.79.71.225:80 | xuguxujytej.eu | tcp |
| DE | 178.162.203.202:80 | xuguxujytej.eu | tcp |
| NL | 5.79.71.225:80 | xuguxujytej.eu | tcp |
| NL | 85.17.31.82:80 | xuguxujytej.eu | tcp |
| NL | 5.79.71.225:80 | xuguxujytej.eu | tcp |
| NL | 5.79.71.205:80 | xuguxujytej.eu | tcp |
| NL | 85.17.31.122:80 | xuguxujytej.eu | tcp |
| NL | 85.17.31.82:80 | xuguxujytej.eu | tcp |
| DE | 178.162.217.107:80 | xuguxujytej.eu | tcp |
| NL | 5.79.71.225:80 | xuguxujytej.eu | tcp |
| DE | 178.162.203.226:80 | xuguxujytej.eu | tcp |
| NL | 5.79.71.205:80 | xuguxujytej.eu | tcp |
| NL | 85.17.31.82:80 | xuguxujytej.eu | tcp |
| DE | 178.162.203.202:80 | xuguxujytej.eu | tcp |
| DE | 178.162.203.226:80 | xuguxujytej.eu | tcp |
| NL | 5.79.71.205:80 | xuguxujytej.eu | tcp |
| DE | 178.162.203.226:80 | xuguxujytej.eu | tcp |
| DE | 178.162.217.107:80 | xuguxujytej.eu | tcp |
| NL | 5.79.71.225:80 | xuguxujytej.eu | tcp |
| DE | 178.162.203.202:80 | xuguxujytej.eu | tcp |
| DE | 178.162.203.202:80 | xuguxujytej.eu | tcp |
| NL | 85.17.31.82:80 | xuguxujytej.eu | tcp |
| NL | 5.79.71.225:80 | xuguxujytej.eu | tcp |
| DE | 178.162.203.211:80 | xuguxujytej.eu | tcp |
| DE | 178.162.203.202:80 | xuguxujytej.eu | tcp |
| DE | 178.162.203.211:80 | xuguxujytej.eu | tcp |
| NL | 85.17.31.82:80 | xuguxujytej.eu | tcp |
| NL | 5.79.71.205:80 | xuguxujytej.eu | tcp |
| NL | 85.17.31.122:80 | xuguxujytej.eu | tcp |
| DE | 178.162.203.211:80 | xuguxujytej.eu | tcp |
| DE | 178.162.203.226:80 | xuguxujytej.eu | tcp |
| NL | 5.79.71.205:80 | xuguxujytej.eu | tcp |
| NL | 85.17.31.82:80 | xuguxujytej.eu | tcp |
| NL | 85.17.31.122:80 | xuguxujytej.eu | tcp |
| NL | 5.79.71.225:80 | xuguxujytej.eu | tcp |
| DE | 178.162.203.211:80 | xuguxujytej.eu | tcp |
| NL | 5.79.71.225:80 | xuguxujytej.eu | tcp |
| NL | 5.79.71.225:80 | xuguxujytej.eu | tcp |
| NL | 5.79.71.225:80 | xuguxujytej.eu | tcp |
| DE | 178.162.203.226:80 | xuguxujytej.eu | tcp |
| NL | 5.79.71.225:80 | xuguxujytej.eu | tcp |
| NL | 5.79.71.225:80 | xuguxujytej.eu | tcp |
| NL | 5.79.71.225:80 | xuguxujytej.eu | tcp |
| NL | 5.79.71.225:80 | xuguxujytej.eu | tcp |
| NL | 5.79.71.225:80 | xuguxujytej.eu | tcp |
| NL | 5.79.71.225:80 | xuguxujytej.eu | tcp |
| DE | 178.162.203.211:80 | xuguxujytej.eu | tcp |
| NL | 85.17.31.122:80 | xuguxujytej.eu | tcp |
| NL | 85.17.31.122:80 | xuguxujytej.eu | tcp |
| NL | 85.17.31.122:80 | xuguxujytej.eu | tcp |
| NL | 85.17.31.122:80 | xuguxujytej.eu | tcp |
| NL | 85.17.31.122:80 | xuguxujytej.eu | tcp |
| NL | 85.17.31.122:80 | xuguxujytej.eu | tcp |
| NL | 85.17.31.122:80 | xuguxujytej.eu | tcp |
| NL | 85.17.31.122:80 | xuguxujytej.eu | tcp |
| NL | 85.17.31.122:80 | xuguxujytej.eu | tcp |
| NL | 85.17.31.122:80 | xuguxujytej.eu | tcp |
| NL | 85.17.31.82:80 | xuguxujytej.eu | tcp |
| NL | 85.17.31.82:80 | xuguxujytej.eu | tcp |
| NL | 85.17.31.82:80 | xuguxujytej.eu | tcp |
| NL | 5.79.71.225:80 | xuguxujytej.eu | tcp |
| NL | 85.17.31.82:80 | xuguxujytej.eu | tcp |
| NL | 85.17.31.82:80 | xuguxujytej.eu | tcp |
| NL | 85.17.31.82:80 | xuguxujytej.eu | tcp |
| NL | 85.17.31.82:80 | xuguxujytej.eu | tcp |
| NL | 85.17.31.82:80 | xuguxujytej.eu | tcp |
| NL | 85.17.31.82:80 | xuguxujytej.eu | tcp |
| DE | 178.162.203.202:80 | xuguxujytej.eu | tcp |
| NL | 5.79.71.205:80 | xuguxujytej.eu | tcp |
| NL | 5.79.71.225:80 | xuguxujytej.eu | tcp |
| DE | 178.162.203.202:80 | xuguxujytej.eu | tcp |
| DE | 178.162.203.202:80 | xuguxujytej.eu | tcp |
| NL | 5.79.71.225:80 | xuguxujytej.eu | tcp |
| DE | 178.162.203.211:80 | xuguxujytej.eu | tcp |
| NL | 5.79.71.205:80 | xuguxujytej.eu | tcp |
| NL | 85.17.31.82:80 | xuguxujytej.eu | tcp |
| NL | 85.17.31.122:80 | xuguxujytej.eu | tcp |
| DE | 178.162.203.202:80 | xuguxujytej.eu | tcp |
| NL | 85.17.31.82:80 | xuguxujytej.eu | tcp |
| NL | 85.17.31.82:80 | xuguxujytej.eu | tcp |
| NL | 85.17.31.82:80 | xuguxujytej.eu | tcp |
| NL | 85.17.31.82:80 | xuguxujytej.eu | tcp |
| NL | 85.17.31.82:80 | xuguxujytej.eu | tcp |
| NL | 85.17.31.82:80 | xuguxujytej.eu | tcp |
| NL | 85.17.31.82:80 | xuguxujytej.eu | tcp |
| NL | 85.17.31.82:80 | xuguxujytej.eu | tcp |
| NL | 85.17.31.82:80 | xuguxujytej.eu | tcp |
| NL | 85.17.31.82:80 | xuguxujytej.eu | tcp |
| NL | 85.17.31.82:80 | xuguxujytej.eu | tcp |
| NL | 85.17.31.122:80 | xuguxujytej.eu | tcp |
| NL | 85.17.31.122:80 | xuguxujytej.eu | tcp |
Files
memory/3328-0-0x000000007FDE0000-0x000000007FE49000-memory.dmp
memory/3328-1-0x0000000000400000-0x0000000000439000-memory.dmp
memory/3328-3-0x0000000002780000-0x0000000002832000-memory.dmp
memory/3328-4-0x0000000000400000-0x00000000004F2000-memory.dmp
memory/3328-5-0x0000000002940000-0x00000000029F8000-memory.dmp
memory/3328-9-0x0000000002940000-0x00000000029F8000-memory.dmp
memory/3328-11-0x00000000005E0000-0x00000000005E1000-memory.dmp
memory/3328-7-0x0000000002940000-0x00000000029F8000-memory.dmp
memory/3328-62-0x0000000002940000-0x00000000029F8000-memory.dmp
memory/3328-66-0x0000000002940000-0x00000000029F8000-memory.dmp
memory/3328-65-0x0000000002940000-0x00000000029F8000-memory.dmp
memory/3328-64-0x0000000002940000-0x00000000029F8000-memory.dmp
memory/3328-67-0x0000000002940000-0x00000000029F8000-memory.dmp
memory/3328-63-0x0000000002940000-0x00000000029F8000-memory.dmp
memory/3328-143-0x000000007FDE0000-0x000000007FE49000-memory.dmp
memory/3328-154-0x0000000000400000-0x0000000000439000-memory.dmp
Analysis: behavioral1
Detonation Overview
Submitted
2024-11-04 05:12
Reported
2024-11-04 05:14
Platform
win7-20241010-en
Max time kernel
150s
Max time network
128s
Command Line
Signatures
Modifies WinLogon for persistence
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\userinit = "C:\\Windows\\system32\\userinit.exe,C:\\Users\\Admin\\AppData\\Local\\Temp\\D56BD4~1.EXE," | C:\Users\Admin\AppData\Local\Temp\d56bd415ae2cc3d890580a2e871892d92aa784869c4613647733d8ce4a5fc753.exe | N/A |
Simda family
simda
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Windows\CurrentVersion\Run\userinit = "C:\\Users\\Admin\\AppData\\Local\\Temp\\D56BD4~1.EXE" | C:\Users\Admin\AppData\Local\Temp\d56bd415ae2cc3d890580a2e871892d92aa784869c4613647733d8ce4a5fc753.exe | N/A |
Modifies WinLogon
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\accd2035 = "DS\u008dWʈ\x13þ\nàe\x1a$\x01ZtÑ\r¹›þóŽûnÜ`%\x03V'89\x1aEçGŸõI—\x18˜Z/v‰º{\t°R—ßzîû\x1cÂMTmg\u009dÞd¼g4=½qº$h!‘÷\u00a0\x19ÌEÕ2Êñm!\x1a\x1b\r¶Ã;\x1e.Ï‚\x1bÃ\u0081¸‘!Ñ²Š±õ¿\u00ade¦I5¿7\x19‘\u0081JaÁU\u009dfï_}Îù\nåv}ž•žBF\x126\nâvñµÎW=uõ*e:J-¯Ñ’Ö!\u0081aŽ9\x11®=¿Mµ‘¡š÷i\u008d¢ù1VÙvÉêU\x0eu¹5\x16¹aå•-a\x19^\x1aç=Ò2F¹Ém\r²}eò\x1d†Êá\x11¡\x1dõõM)\"\x19’'\x02jÅÒV1N‘µm]ÑziÁRúÍJ*¹Ò¿G\tv/¯5Oé" | C:\Users\Admin\AppData\Local\Temp\d56bd415ae2cc3d890580a2e871892d92aa784869c4613647733d8ce4a5fc753.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\System = "C:\\Users\\Admin\\AppData\\Local\\Temp\\D56BD4~1.EXE" | C:\Users\Admin\AppData\Local\Temp\d56bd415ae2cc3d890580a2e871892d92aa784869c4613647733d8ce4a5fc753.exe | N/A |
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\d56bd415ae2cc3d890580a2e871892d92aa784869c4613647733d8ce4a5fc753.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeSecurityPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\d56bd415ae2cc3d890580a2e871892d92aa784869c4613647733d8ce4a5fc753.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\d56bd415ae2cc3d890580a2e871892d92aa784869c4613647733d8ce4a5fc753.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\d56bd415ae2cc3d890580a2e871892d92aa784869c4613647733d8ce4a5fc753.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\d56bd415ae2cc3d890580a2e871892d92aa784869c4613647733d8ce4a5fc753.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\d56bd415ae2cc3d890580a2e871892d92aa784869c4613647733d8ce4a5fc753.exe
"C:\Users\Admin\AppData\Local\Temp\d56bd415ae2cc3d890580a2e871892d92aa784869c4613647733d8ce4a5fc753.exe"
Network
| Country | Destination | Domain | Proto |
| GB | 92.123.128.146:80 | www.bing.com | tcp |
| US | 8.8.8.8:53 | cihunemyror.eu | udp |
| US | 8.8.8.8:53 | vofozymufok.eu | udp |
| US | 8.8.8.8:53 | nopegymozow.eu | udp |
| US | 8.8.8.8:53 | marytymenok.eu | udp |
| US | 8.8.8.8:53 | qeqinuqypoq.eu | udp |
| US | 8.8.8.8:53 | rynazuqihoj.eu | udp |
| US | 8.8.8.8:53 | tucyguqaciq.eu | udp |
| US | 8.8.8.8:53 | puzutuqeqij.eu | udp |
| US | 8.8.8.8:53 | dikoniwudim.eu | udp |
| US | 8.8.8.8:53 | fogeliwokih.eu | udp |
| US | 8.8.8.8:53 | gadufiwabim.eu | udp |
| US | 8.8.8.8:53 | jepororyrih.eu | udp |
| US | 8.8.8.8:53 | keraborigin.eu | udp |
| US | 8.8.8.8:53 | lymylorozig.eu | udp |
| US | 8.8.8.8:53 | xubifaremin.eu | udp |
| US | 8.8.8.8:53 | cicaratupig.eu | udp |
| US | 8.8.8.8:53 | volebatijub.eu | udp |
| US | 8.8.8.8:53 | nojuletacuf.eu | udp |
| US | 8.8.8.8:53 | magofetequb.eu | udp |
| US | 8.8.8.8:53 | qederepuduf.eu | udp |
| US | 8.8.8.8:53 | rytuvepokuv.eu | udp |
| US | 8.8.8.8:53 | tuwikypabud.eu | udp |
| US | 8.8.8.8:53 | pumadypyruv.eu | udp |
| US | 8.8.8.8:53 | divywysigud.eu | udp |
| US | 8.8.8.8:53 | foxivusozuc.eu | udp |
| US | 8.8.8.8:53 | galokusemus.eu | udp |
| US | 8.8.8.8:53 | jejedudupuc.eu | udp |
| US | 8.8.8.8:53 | kefuwidijyp.eu | udp |
| US | 8.8.8.8:53 | lysovidacyx.eu | udp |
| US | 8.8.8.8:53 | xutekidywyp.eu | udp |
| US | 8.8.8.8:53 | ciqydofudyx.eu | udp |
| US | 8.8.8.8:53 | voniqofolyt.eu | udp |
| US | 8.8.8.8:53 | fodakyhijyv.eu | udp |
| US | 8.8.8.8:53 | gatedyhavyd.eu | udp |
| US | 8.8.8.8:53 | jewuqyjywyv.eu | udp |
| US | 8.8.8.8:53 | kemocujufys.eu | udp |
| US | 8.8.8.8:53 | lyvejujolec.eu | udp |
| US | 8.8.8.8:53 | xuxusujenes.eu | udp |
| US | 8.8.8.8:53 | ciliqikytec.eu | udp |
| US | 8.8.8.8:53 | vojacikigep.eu | udp |
| US | 8.8.8.8:53 | nofyjikoxex.eu | udp |
| US | 8.8.8.8:53 | masisokemep.eu | udp |
| US | 8.8.8.8:53 | qetoqolusex.eu | udp |
| US | 8.8.8.8:53 | ryqecolijet.eu | udp |
| US | 8.8.8.8:53 | tunujolavez.eu | udp |
| US | 8.8.8.8:53 | puvopalywet.eu | udp |
| US | 8.8.8.8:53 | dixemazufel.eu | udp |
| US | 8.8.8.8:53 | fokyxazolar.eu | udp |
| US | 8.8.8.8:53 | gahihezenal.eu | udp |
| US | 8.8.8.8:53 | jefapexytar.eu | udp |
| US | 8.8.8.8:53 | kepymexihak.eu | udp |
| US | 8.8.8.8:53 | lyruxyxaxaw.eu | udp |
| US | 8.8.8.8:53 | xuqohyxeqak.eu | udp |
| US | 8.8.8.8:53 | cinepycusaw.eu | udp |
| US | 8.8.8.8:53 | vocumucokaj.eu | udp |
| US | 8.8.8.8:53 | nozoxucavaq.eu | udp |
| US | 8.8.8.8:53 | makagucyraj.eu | udp |
| US | 8.8.8.8:53 | qegytuvufoq.eu | udp |
| US | 8.8.8.8:53 | rydinivoloh.eu | udp |
| US | 8.8.8.8:53 | tupazivenom.eu | udp |
| US | 8.8.8.8:53 | puregivytoh.eu | udp |
| US | 8.8.8.8:53 | dimutobihom.eu | udp |
| US | 8.8.8.8:53 | fobonobaxog.eu | udp |
| US | 8.8.8.8:53 | digivehusyd.eu | udp |
| NL | 85.17.31.82:80 | digivehusyd.eu | tcp |
| NL | 5.79.71.205:80 | digivehusyd.eu | tcp |
| NL | 85.17.31.122:80 | digivehusyd.eu | tcp |
| DE | 178.162.203.226:80 | digivehusyd.eu | tcp |
| DE | 178.162.203.202:80 | digivehusyd.eu | tcp |
| NL | 85.17.31.82:80 | digivehusyd.eu | tcp |
| DE | 178.162.217.107:80 | digivehusyd.eu | tcp |
| DE | 178.162.203.211:80 | digivehusyd.eu | tcp |
| NL | 5.79.71.205:80 | digivehusyd.eu | tcp |
| DE | 178.162.203.211:80 | digivehusyd.eu | tcp |
| NL | 85.17.31.122:80 | digivehusyd.eu | tcp |
| NL | 85.17.31.122:80 | digivehusyd.eu | tcp |
| DE | 178.162.203.211:80 | digivehusyd.eu | tcp |
| DE | 178.162.203.202:80 | digivehusyd.eu | tcp |
| DE | 178.162.203.211:80 | digivehusyd.eu | tcp |
| NL | 85.17.31.82:80 | digivehusyd.eu | tcp |
| DE | 178.162.203.202:80 | digivehusyd.eu | tcp |
| DE | 178.162.203.202:80 | digivehusyd.eu | tcp |
| DE | 178.162.203.202:80 | digivehusyd.eu | tcp |
| NL | 5.79.71.205:80 | digivehusyd.eu | tcp |
| NL | 5.79.71.225:80 | digivehusyd.eu | tcp |
| NL | 85.17.31.82:80 | digivehusyd.eu | tcp |
| NL | 5.79.71.225:80 | digivehusyd.eu | tcp |
| NL | 5.79.71.225:80 | digivehusyd.eu | tcp |
| NL | 5.79.71.205:80 | digivehusyd.eu | tcp |
| DE | 178.162.203.202:80 | digivehusyd.eu | tcp |
| NL | 85.17.31.122:80 | digivehusyd.eu | tcp |
| DE | 178.162.203.202:80 | digivehusyd.eu | tcp |
| NL | 5.79.71.225:80 | digivehusyd.eu | tcp |
| NL | 5.79.71.205:80 | digivehusyd.eu | tcp |
| NL | 5.79.71.225:80 | digivehusyd.eu | tcp |
| NL | 5.79.71.205:80 | digivehusyd.eu | tcp |
| DE | 178.162.203.211:80 | digivehusyd.eu | tcp |
| NL | 5.79.71.205:80 | digivehusyd.eu | tcp |
| NL | 5.79.71.205:80 | digivehusyd.eu | tcp |
| NL | 85.17.31.122:80 | digivehusyd.eu | tcp |
| NL | 85.17.31.122:80 | digivehusyd.eu | tcp |
| DE | 178.162.203.211:80 | digivehusyd.eu | tcp |
| NL | 85.17.31.82:80 | digivehusyd.eu | tcp |
| NL | 5.79.71.205:80 | digivehusyd.eu | tcp |
| NL | 85.17.31.82:80 | digivehusyd.eu | tcp |
| DE | 178.162.203.226:80 | digivehusyd.eu | tcp |
| NL | 85.17.31.82:80 | digivehusyd.eu | tcp |
| NL | 5.79.71.205:80 | digivehusyd.eu | tcp |
| DE | 178.162.217.107:80 | digivehusyd.eu | tcp |
| NL | 5.79.71.205:80 | digivehusyd.eu | tcp |
| NL | 85.17.31.82:80 | digivehusyd.eu | tcp |
| NL | 5.79.71.205:80 | digivehusyd.eu | tcp |
| NL | 5.79.71.205:80 | digivehusyd.eu | tcp |
| DE | 178.162.203.211:80 | digivehusyd.eu | tcp |
| DE | 178.162.217.107:80 | digivehusyd.eu | tcp |
| NL | 85.17.31.122:80 | digivehusyd.eu | tcp |
| NL | 85.17.31.82:80 | digivehusyd.eu | tcp |
| NL | 5.79.71.205:80 | digivehusyd.eu | tcp |
| NL | 85.17.31.82:80 | digivehusyd.eu | tcp |
| DE | 178.162.203.226:80 | digivehusyd.eu | tcp |
| DE | 178.162.203.202:80 | digivehusyd.eu | tcp |
| NL | 85.17.31.122:80 | digivehusyd.eu | tcp |
| NL | 85.17.31.82:80 | digivehusyd.eu | tcp |
| DE | 178.162.217.107:80 | digivehusyd.eu | tcp |
| NL | 5.79.71.225:80 | digivehusyd.eu | tcp |
| NL | 85.17.31.122:80 | digivehusyd.eu | tcp |
| NL | 85.17.31.82:80 | digivehusyd.eu | tcp |
| DE | 178.162.203.226:80 | digivehusyd.eu | tcp |
| NL | 85.17.31.122:80 | digivehusyd.eu | tcp |
| NL | 5.79.71.225:80 | digivehusyd.eu | tcp |
| NL | 5.79.71.225:80 | digivehusyd.eu | tcp |
| NL | 85.17.31.82:80 | digivehusyd.eu | tcp |
| NL | 5.79.71.205:80 | digivehusyd.eu | tcp |
| DE | 178.162.203.226:80 | digivehusyd.eu | tcp |
| DE | 178.162.203.211:80 | digivehusyd.eu | tcp |
| DE | 178.162.217.107:80 | digivehusyd.eu | tcp |
| NL | 5.79.71.205:80 | digivehusyd.eu | tcp |
| NL | 5.79.71.205:80 | digivehusyd.eu | tcp |
| DE | 178.162.203.211:80 | digivehusyd.eu | tcp |
| DE | 178.162.203.211:80 | digivehusyd.eu | tcp |
| DE | 178.162.217.107:80 | digivehusyd.eu | tcp |
| NL | 85.17.31.122:80 | digivehusyd.eu | tcp |
| DE | 178.162.203.202:80 | digivehusyd.eu | tcp |
| DE | 178.162.203.226:80 | digivehusyd.eu | tcp |
| NL | 5.79.71.205:80 | digivehusyd.eu | tcp |
| DE | 178.162.217.107:80 | digivehusyd.eu | tcp |
| NL | 85.17.31.122:80 | digivehusyd.eu | tcp |
| NL | 85.17.31.122:80 | digivehusyd.eu | tcp |
| NL | 85.17.31.122:80 | digivehusyd.eu | tcp |
| NL | 85.17.31.82:80 | digivehusyd.eu | tcp |
| DE | 178.162.203.211:80 | digivehusyd.eu | tcp |
| NL | 85.17.31.82:80 | digivehusyd.eu | tcp |
| NL | 85.17.31.82:80 | digivehusyd.eu | tcp |
| DE | 178.162.203.211:80 | digivehusyd.eu | tcp |
| DE | 178.162.203.211:80 | digivehusyd.eu | tcp |
| NL | 85.17.31.122:80 | digivehusyd.eu | tcp |
| NL | 85.17.31.122:80 | digivehusyd.eu | tcp |
| NL | 85.17.31.122:80 | digivehusyd.eu | tcp |
| NL | 85.17.31.122:80 | digivehusyd.eu | tcp |
| NL | 85.17.31.122:80 | digivehusyd.eu | tcp |
| NL | 85.17.31.122:80 | digivehusyd.eu | tcp |
| NL | 85.17.31.122:80 | digivehusyd.eu | tcp |
| DE | 178.162.203.211:80 | digivehusyd.eu | tcp |
| NL | 5.79.71.225:80 | digivehusyd.eu | tcp |
| NL | 85.17.31.122:80 | digivehusyd.eu | tcp |
| NL | 5.79.71.225:80 | digivehusyd.eu | tcp |
| NL | 85.17.31.122:80 | digivehusyd.eu | tcp |
| NL | 85.17.31.122:80 | digivehusyd.eu | tcp |
| NL | 85.17.31.122:80 | digivehusyd.eu | tcp |
| NL | 85.17.31.122:80 | digivehusyd.eu | tcp |
| NL | 85.17.31.122:80 | digivehusyd.eu | tcp |
| NL | 85.17.31.122:80 | digivehusyd.eu | tcp |
| NL | 85.17.31.122:80 | digivehusyd.eu | tcp |
| NL | 5.79.71.225:80 | digivehusyd.eu | tcp |
| NL | 85.17.31.122:80 | digivehusyd.eu | tcp |
| NL | 85.17.31.122:80 | digivehusyd.eu | tcp |
| NL | 85.17.31.122:80 | digivehusyd.eu | tcp |
| DE | 178.162.203.211:80 | digivehusyd.eu | tcp |
| NL | 5.79.71.205:80 | digivehusyd.eu | tcp |
| DE | 178.162.203.202:80 | digivehusyd.eu | tcp |
| DE | 178.162.203.226:80 | digivehusyd.eu | tcp |
| DE | 178.162.203.211:80 | digivehusyd.eu | tcp |
| DE | 178.162.203.202:80 | digivehusyd.eu | tcp |
| NL | 5.79.71.225:80 | digivehusyd.eu | tcp |
| DE | 178.162.203.211:80 | digivehusyd.eu | tcp |
| DE | 178.162.203.202:80 | digivehusyd.eu | tcp |
| DE | 178.162.203.202:80 | digivehusyd.eu | tcp |
| DE | 178.162.203.226:80 | digivehusyd.eu | tcp |
| NL | 85.17.31.122:80 | digivehusyd.eu | tcp |
| NL | 85.17.31.82:80 | digivehusyd.eu | tcp |
| DE | 178.162.203.226:80 | digivehusyd.eu | tcp |
| NL | 85.17.31.122:80 | digivehusyd.eu | tcp |
| DE | 178.162.203.211:80 | digivehusyd.eu | tcp |
| DE | 178.162.203.202:80 | digivehusyd.eu | tcp |
| NL | 5.79.71.205:80 | digivehusyd.eu | tcp |
| DE | 178.162.203.202:80 | digivehusyd.eu | tcp |
| NL | 85.17.31.82:80 | digivehusyd.eu | tcp |
| NL | 85.17.31.82:80 | digivehusyd.eu | tcp |
| NL | 5.79.71.205:80 | digivehusyd.eu | tcp |
| DE | 178.162.203.226:80 | digivehusyd.eu | tcp |
| NL | 85.17.31.82:80 | digivehusyd.eu | tcp |
| NL | 85.17.31.82:80 | digivehusyd.eu | tcp |
| DE | 178.162.203.202:80 | digivehusyd.eu | tcp |
| NL | 5.79.71.225:80 | digivehusyd.eu | tcp |
| DE | 178.162.217.107:80 | digivehusyd.eu | tcp |
| NL | 85.17.31.82:80 | digivehusyd.eu | tcp |
| NL | 85.17.31.122:80 | digivehusyd.eu | tcp |
| NL | 85.17.31.82:80 | digivehusyd.eu | tcp |
| NL | 85.17.31.122:80 | digivehusyd.eu | tcp |
| NL | 85.17.31.82:80 | digivehusyd.eu | tcp |
| NL | 85.17.31.82:80 | digivehusyd.eu | tcp |
| NL | 85.17.31.82:80 | digivehusyd.eu | tcp |
| NL | 85.17.31.82:80 | digivehusyd.eu | tcp |
| DE | 178.162.203.202:80 | digivehusyd.eu | tcp |
| NL | 85.17.31.82:80 | digivehusyd.eu | tcp |
| DE | 178.162.203.202:80 | digivehusyd.eu | tcp |
| DE | 178.162.203.202:80 | digivehusyd.eu | tcp |
| DE | 178.162.203.202:80 | digivehusyd.eu | tcp |
| NL | 85.17.31.122:80 | digivehusyd.eu | tcp |
| NL | 85.17.31.82:80 | digivehusyd.eu | tcp |
| NL | 5.79.71.225:80 | digivehusyd.eu | tcp |
| NL | 5.79.71.225:80 | digivehusyd.eu | tcp |
| DE | 178.162.203.202:80 | digivehusyd.eu | tcp |
| NL | 5.79.71.205:80 | digivehusyd.eu | tcp |
| NL | 5.79.71.225:80 | digivehusyd.eu | tcp |
| DE | 178.162.217.107:80 | digivehusyd.eu | tcp |
| NL | 85.17.31.122:80 | digivehusyd.eu | tcp |
| DE | 178.162.203.211:80 | digivehusyd.eu | tcp |
| NL | 5.79.71.225:80 | digivehusyd.eu | tcp |
| NL | 85.17.31.122:80 | digivehusyd.eu | tcp |
| DE | 178.162.203.211:80 | digivehusyd.eu | tcp |
| DE | 178.162.203.202:80 | digivehusyd.eu | tcp |
| NL | 5.79.71.205:80 | digivehusyd.eu | tcp |
| NL | 85.17.31.82:80 | digivehusyd.eu | tcp |
| NL | 85.17.31.82:80 | digivehusyd.eu | tcp |
| NL | 85.17.31.82:80 | digivehusyd.eu | tcp |
| NL | 85.17.31.82:80 | digivehusyd.eu | tcp |
| NL | 85.17.31.82:80 | digivehusyd.eu | tcp |
| NL | 85.17.31.82:80 | digivehusyd.eu | tcp |
| NL | 85.17.31.122:80 | digivehusyd.eu | tcp |
| NL | 85.17.31.82:80 | digivehusyd.eu | tcp |
| NL | 85.17.31.122:80 | digivehusyd.eu | tcp |
| NL | 85.17.31.122:80 | digivehusyd.eu | tcp |
| DE | 178.162.203.202:80 | digivehusyd.eu | tcp |
| DE | 178.162.203.202:80 | digivehusyd.eu | tcp |
| NL | 85.17.31.122:80 | digivehusyd.eu | tcp |
| NL | 85.17.31.122:80 | digivehusyd.eu | tcp |
| NL | 85.17.31.82:80 | digivehusyd.eu | tcp |
| NL | 85.17.31.122:80 | digivehusyd.eu | tcp |
| NL | 85.17.31.122:80 | digivehusyd.eu | tcp |
| NL | 85.17.31.122:80 | digivehusyd.eu | tcp |
| NL | 5.79.71.225:80 | digivehusyd.eu | tcp |
| DE | 178.162.203.202:80 | digivehusyd.eu | tcp |
| NL | 5.79.71.225:80 | digivehusyd.eu | tcp |
| DE | 178.162.203.202:80 | digivehusyd.eu | tcp |
| DE | 178.162.203.202:80 | digivehusyd.eu | tcp |
| DE | 178.162.203.202:80 | digivehusyd.eu | tcp |
| DE | 178.162.203.202:80 | digivehusyd.eu | tcp |
| DE | 178.162.203.202:80 | digivehusyd.eu | tcp |
| NL | 5.79.71.225:80 | digivehusyd.eu | tcp |
| DE | 178.162.217.107:80 | digivehusyd.eu | tcp |
| NL | 5.79.71.205:80 | digivehusyd.eu | tcp |
| NL | 5.79.71.225:80 | digivehusyd.eu | tcp |
| DE | 178.162.203.226:80 | digivehusyd.eu | tcp |
| DE | 178.162.203.211:80 | digivehusyd.eu | tcp |
| NL | 85.17.31.82:80 | digivehusyd.eu | tcp |
| DE | 178.162.203.211:80 | digivehusyd.eu | tcp |
| NL | 5.79.71.225:80 | digivehusyd.eu | tcp |
| NL | 85.17.31.82:80 | digivehusyd.eu | tcp |
| NL | 85.17.31.82:80 | digivehusyd.eu | tcp |
| DE | 178.162.203.202:80 | digivehusyd.eu | tcp |
| NL | 85.17.31.82:80 | digivehusyd.eu | tcp |
| NL | 85.17.31.82:80 | digivehusyd.eu | tcp |
| DE | 178.162.203.202:80 | digivehusyd.eu | tcp |
| NL | 85.17.31.82:80 | digivehusyd.eu | tcp |
| DE | 178.162.217.107:80 | digivehusyd.eu | tcp |
| DE | 178.162.203.211:80 | digivehusyd.eu | tcp |
| NL | 85.17.31.122:80 | digivehusyd.eu | tcp |
| DE | 178.162.203.226:80 | digivehusyd.eu | tcp |
| NL | 85.17.31.122:80 | digivehusyd.eu | tcp |
| NL | 85.17.31.82:80 | digivehusyd.eu | tcp |
| NL | 85.17.31.82:80 | digivehusyd.eu | tcp |
| NL | 85.17.31.82:80 | digivehusyd.eu | tcp |
| NL | 85.17.31.122:80 | digivehusyd.eu | tcp |
| DE | 178.162.203.211:80 | digivehusyd.eu | tcp |
| DE | 178.162.203.211:80 | digivehusyd.eu | tcp |
| DE | 178.162.203.211:80 | digivehusyd.eu | tcp |
| DE | 178.162.203.226:80 | digivehusyd.eu | tcp |
| NL | 5.79.71.205:80 | digivehusyd.eu | tcp |
| NL | 5.79.71.205:80 | digivehusyd.eu | tcp |
| NL | 85.17.31.122:80 | digivehusyd.eu | tcp |
| NL | 85.17.31.122:80 | digivehusyd.eu | tcp |
| DE | 178.162.203.211:80 | digivehusyd.eu | tcp |
| DE | 178.162.203.211:80 | digivehusyd.eu | tcp |
| DE | 178.162.203.202:80 | digivehusyd.eu | tcp |
| DE | 178.162.217.107:80 | digivehusyd.eu | tcp |
| NL | 85.17.31.82:80 | digivehusyd.eu | tcp |
| NL | 85.17.31.122:80 | digivehusyd.eu | tcp |
| NL | 85.17.31.122:80 | digivehusyd.eu | tcp |
| DE | 178.162.203.202:80 | digivehusyd.eu | tcp |
| NL | 85.17.31.82:80 | digivehusyd.eu | tcp |
| NL | 5.79.71.205:80 | digivehusyd.eu | tcp |
| NL | 85.17.31.122:80 | digivehusyd.eu | tcp |
| NL | 85.17.31.122:80 | digivehusyd.eu | tcp |
| NL | 85.17.31.82:80 | digivehusyd.eu | tcp |
| NL | 5.79.71.205:80 | digivehusyd.eu | tcp |
| DE | 178.162.203.226:80 | digivehusyd.eu | tcp |
| DE | 178.162.203.211:80 | digivehusyd.eu | tcp |
| NL | 85.17.31.82:80 | digivehusyd.eu | tcp |
| NL | 85.17.31.82:80 | digivehusyd.eu | tcp |
| DE | 178.162.203.211:80 | digivehusyd.eu | tcp |
| NL | 5.79.71.205:80 | digivehusyd.eu | tcp |
| DE | 178.162.203.211:80 | digivehusyd.eu | tcp |
| DE | 178.162.203.202:80 | digivehusyd.eu | tcp |
| NL | 5.79.71.205:80 | digivehusyd.eu | tcp |
| DE | 178.162.217.107:80 | digivehusyd.eu | tcp |
| NL | 85.17.31.82:80 | digivehusyd.eu | tcp |
| DE | 178.162.203.202:80 | digivehusyd.eu | tcp |
| NL | 85.17.31.122:80 | digivehusyd.eu | tcp |
| DE | 178.162.203.202:80 | digivehusyd.eu | tcp |
| NL | 85.17.31.82:80 | digivehusyd.eu | tcp |
| NL | 85.17.31.122:80 | digivehusyd.eu | tcp |
| DE | 178.162.203.211:80 | digivehusyd.eu | tcp |
| NL | 5.79.71.225:80 | digivehusyd.eu | tcp |
| NL | 5.79.71.205:80 | digivehusyd.eu | tcp |
| NL | 85.17.31.82:80 | digivehusyd.eu | tcp |
| NL | 85.17.31.122:80 | digivehusyd.eu | tcp |
| NL | 85.17.31.82:80 | digivehusyd.eu | tcp |
| NL | 85.17.31.122:80 | digivehusyd.eu | tcp |
| NL | 85.17.31.122:80 | digivehusyd.eu | tcp |
| NL | 85.17.31.122:80 | digivehusyd.eu | tcp |
| NL | 85.17.31.82:80 | digivehusyd.eu | tcp |
| NL | 85.17.31.82:80 | digivehusyd.eu | tcp |
| NL | 85.17.31.82:80 | digivehusyd.eu | tcp |
| DE | 178.162.203.226:80 | digivehusyd.eu | tcp |
| NL | 85.17.31.122:80 | digivehusyd.eu | tcp |
| DE | 178.162.203.202:80 | digivehusyd.eu | tcp |
| DE | 178.162.217.107:80 | digivehusyd.eu | tcp |
| NL | 5.79.71.225:80 | digivehusyd.eu | tcp |
| NL | 5.79.71.225:80 | digivehusyd.eu | tcp |
| DE | 178.162.203.202:80 | digivehusyd.eu | tcp |
| DE | 178.162.203.202:80 | digivehusyd.eu | tcp |
| DE | 178.162.203.202:80 | digivehusyd.eu | tcp |
| NL | 5.79.71.225:80 | digivehusyd.eu | tcp |
| DE | 178.162.203.226:80 | digivehusyd.eu | tcp |
| NL | 85.17.31.122:80 | digivehusyd.eu | tcp |
| NL | 85.17.31.122:80 | digivehusyd.eu | tcp |
| NL | 5.79.71.225:80 | digivehusyd.eu | tcp |
| DE | 178.162.203.211:80 | digivehusyd.eu | tcp |
| NL | 85.17.31.82:80 | digivehusyd.eu | tcp |
| DE | 178.162.203.211:80 | digivehusyd.eu | tcp |
| NL | 85.17.31.82:80 | digivehusyd.eu | tcp |
| NL | 85.17.31.122:80 | digivehusyd.eu | tcp |
| NL | 85.17.31.122:80 | digivehusyd.eu | tcp |
| DE | 178.162.203.211:80 | digivehusyd.eu | tcp |
| NL | 5.79.71.205:80 | digivehusyd.eu | tcp |
| NL | 85.17.31.122:80 | digivehusyd.eu | tcp |
| DE | 178.162.203.211:80 | digivehusyd.eu | tcp |
| DE | 178.162.217.107:80 | digivehusyd.eu | tcp |
| NL | 5.79.71.225:80 | digivehusyd.eu | tcp |
| NL | 85.17.31.82:80 | digivehusyd.eu | tcp |
| DE | 178.162.217.107:80 | digivehusyd.eu | tcp |
| DE | 178.162.203.202:80 | digivehusyd.eu | tcp |
| DE | 178.162.217.107:80 | digivehusyd.eu | tcp |
| NL | 5.79.71.225:80 | digivehusyd.eu | tcp |
| NL | 5.79.71.225:80 | digivehusyd.eu | tcp |
| NL | 85.17.31.82:80 | digivehusyd.eu | tcp |
| NL | 85.17.31.82:80 | digivehusyd.eu | tcp |
| DE | 178.162.203.202:80 | digivehusyd.eu | tcp |
| DE | 178.162.203.202:80 | digivehusyd.eu | tcp |
| DE | 178.162.203.202:80 | digivehusyd.eu | tcp |
| DE | 178.162.203.202:80 | digivehusyd.eu | tcp |
| DE | 178.162.203.202:80 | digivehusyd.eu | tcp |
| DE | 178.162.203.202:80 | digivehusyd.eu | tcp |
| DE | 178.162.203.202:80 | digivehusyd.eu | tcp |
| DE | 178.162.203.202:80 | digivehusyd.eu | tcp |
| DE | 178.162.203.202:80 | digivehusyd.eu | tcp |
| DE | 178.162.203.202:80 | digivehusyd.eu | tcp |
| DE | 178.162.203.202:80 | digivehusyd.eu | tcp |
| DE | 178.162.203.211:80 | digivehusyd.eu | tcp |
| DE | 178.162.203.211:80 | digivehusyd.eu | tcp |
| DE | 178.162.203.202:80 | digivehusyd.eu | tcp |
| DE | 178.162.203.226:80 | digivehusyd.eu | tcp |
| NL | 85.17.31.122:80 | digivehusyd.eu | tcp |
| NL | 85.17.31.82:80 | digivehusyd.eu | tcp |
| DE | 178.162.203.211:80 | digivehusyd.eu | tcp |
| DE | 178.162.203.211:80 | digivehusyd.eu | tcp |
| NL | 5.79.71.225:80 | digivehusyd.eu | tcp |
| DE | 178.162.203.202:80 | digivehusyd.eu | tcp |
| NL | 5.79.71.205:80 | digivehusyd.eu | tcp |
| DE | 178.162.203.226:80 | digivehusyd.eu | tcp |
| NL | 5.79.71.225:80 | digivehusyd.eu | tcp |
| DE | 178.162.203.211:80 | digivehusyd.eu | tcp |
| NL | 5.79.71.225:80 | digivehusyd.eu | tcp |
| NL | 5.79.71.205:80 | digivehusyd.eu | tcp |
| NL | 5.79.71.225:80 | digivehusyd.eu | tcp |
| NL | 85.17.31.122:80 | digivehusyd.eu | tcp |
| DE | 178.162.217.107:80 | digivehusyd.eu | tcp |
| DE | 178.162.217.107:80 | digivehusyd.eu | tcp |
| NL | 85.17.31.122:80 | digivehusyd.eu | tcp |
| NL | 5.79.71.205:80 | digivehusyd.eu | tcp |
| NL | 5.79.71.225:80 | digivehusyd.eu | tcp |
| NL | 5.79.71.225:80 | digivehusyd.eu | tcp |
| DE | 178.162.203.202:80 | digivehusyd.eu | tcp |
| DE | 178.162.203.202:80 | digivehusyd.eu | tcp |
| DE | 178.162.203.202:80 | digivehusyd.eu | tcp |
| DE | 178.162.203.202:80 | digivehusyd.eu | tcp |
| DE | 178.162.203.226:80 | digivehusyd.eu | tcp |
| NL | 85.17.31.122:80 | digivehusyd.eu | tcp |
| NL | 5.79.71.205:80 | digivehusyd.eu | tcp |
| NL | 85.17.31.82:80 | digivehusyd.eu | tcp |
| NL | 85.17.31.82:80 | digivehusyd.eu | tcp |
| DE | 178.162.203.226:80 | digivehusyd.eu | tcp |
| DE | 178.162.217.107:80 | digivehusyd.eu | tcp |
| NL | 85.17.31.82:80 | digivehusyd.eu | tcp |
| NL | 85.17.31.82:80 | digivehusyd.eu | tcp |
| DE | 178.162.217.107:80 | digivehusyd.eu | tcp |
| DE | 178.162.217.107:80 | digivehusyd.eu | tcp |
| DE | 178.162.203.226:80 | digivehusyd.eu | tcp |
| NL | 85.17.31.82:80 | digivehusyd.eu | tcp |
| DE | 178.162.203.211:80 | digivehusyd.eu | tcp |
| NL | 85.17.31.82:80 | digivehusyd.eu | tcp |
| DE | 178.162.203.226:80 | digivehusyd.eu | tcp |
| NL | 5.79.71.205:80 | digivehusyd.eu | tcp |
| DE | 178.162.203.226:80 | digivehusyd.eu | tcp |
| NL | 85.17.31.82:80 | digivehusyd.eu | tcp |
| DE | 178.162.203.202:80 | digivehusyd.eu | tcp |
Files
memory/576-0-0x000000007EF40000-0x000000007EFA9000-memory.dmp
memory/576-1-0x0000000000400000-0x0000000000439000-memory.dmp
memory/576-2-0x0000000000220000-0x0000000000221000-memory.dmp
memory/576-3-0x0000000002420000-0x00000000024D2000-memory.dmp
memory/576-11-0x0000000002420000-0x00000000024D2000-memory.dmp
memory/576-13-0x0000000002420000-0x00000000024D2000-memory.dmp
memory/576-14-0x0000000000400000-0x00000000004F2000-memory.dmp
memory/576-7-0x0000000002420000-0x00000000024D2000-memory.dmp
memory/576-5-0x0000000002420000-0x00000000024D2000-memory.dmp
memory/576-9-0x0000000002420000-0x00000000024D2000-memory.dmp
memory/576-15-0x00000000025E0000-0x0000000002698000-memory.dmp
memory/576-19-0x00000000025E0000-0x0000000002698000-memory.dmp
memory/576-18-0x00000000025E0000-0x0000000002698000-memory.dmp
memory/576-43-0x00000000025E0000-0x0000000002698000-memory.dmp
memory/576-42-0x00000000025E0000-0x0000000002698000-memory.dmp
memory/576-41-0x00000000025E0000-0x0000000002698000-memory.dmp
memory/576-47-0x00000000025E0000-0x0000000002698000-memory.dmp
memory/576-46-0x00000000025E0000-0x0000000002698000-memory.dmp
memory/576-45-0x00000000025E0000-0x0000000002698000-memory.dmp
memory/576-44-0x00000000025E0000-0x0000000002698000-memory.dmp
memory/576-48-0x00000000025E0000-0x0000000002698000-memory.dmp
memory/576-72-0x00000000025E0000-0x0000000002698000-memory.dmp
memory/576-50-0x00000000025E0000-0x0000000002698000-memory.dmp
memory/576-49-0x00000000025E0000-0x0000000002698000-memory.dmp
memory/576-75-0x00000000025E0000-0x0000000002698000-memory.dmp
memory/576-51-0x00000000025E0000-0x0000000002698000-memory.dmp
memory/576-86-0x00000000025E0000-0x0000000002698000-memory.dmp
memory/576-85-0x00000000025E0000-0x0000000002698000-memory.dmp
memory/576-84-0x00000000025E0000-0x0000000002698000-memory.dmp
memory/576-83-0x00000000025E0000-0x0000000002698000-memory.dmp
memory/576-82-0x00000000025E0000-0x0000000002698000-memory.dmp
memory/576-81-0x00000000025E0000-0x0000000002698000-memory.dmp
memory/576-80-0x00000000025E0000-0x0000000002698000-memory.dmp
memory/576-79-0x00000000025E0000-0x0000000002698000-memory.dmp
memory/576-78-0x00000000025E0000-0x0000000002698000-memory.dmp
memory/576-77-0x00000000025E0000-0x0000000002698000-memory.dmp
memory/576-76-0x00000000025E0000-0x0000000002698000-memory.dmp
memory/576-74-0x00000000025E0000-0x0000000002698000-memory.dmp
memory/576-73-0x00000000025E0000-0x0000000002698000-memory.dmp
memory/576-71-0x00000000025E0000-0x0000000002698000-memory.dmp
memory/576-70-0x00000000025E0000-0x0000000002698000-memory.dmp
memory/576-69-0x00000000025E0000-0x0000000002698000-memory.dmp
memory/576-68-0x00000000025E0000-0x0000000002698000-memory.dmp
memory/576-67-0x00000000025E0000-0x0000000002698000-memory.dmp
memory/576-66-0x00000000025E0000-0x0000000002698000-memory.dmp
memory/576-65-0x00000000025E0000-0x0000000002698000-memory.dmp
memory/576-64-0x00000000025E0000-0x0000000002698000-memory.dmp
memory/576-63-0x00000000025E0000-0x0000000002698000-memory.dmp
memory/576-62-0x00000000025E0000-0x0000000002698000-memory.dmp
memory/576-61-0x00000000025E0000-0x0000000002698000-memory.dmp
memory/576-60-0x00000000025E0000-0x0000000002698000-memory.dmp
memory/576-59-0x00000000025E0000-0x0000000002698000-memory.dmp
memory/576-58-0x00000000025E0000-0x0000000002698000-memory.dmp
memory/576-57-0x00000000025E0000-0x0000000002698000-memory.dmp
memory/576-56-0x00000000025E0000-0x0000000002698000-memory.dmp
memory/576-55-0x00000000025E0000-0x0000000002698000-memory.dmp
memory/576-54-0x00000000025E0000-0x0000000002698000-memory.dmp
memory/576-53-0x00000000025E0000-0x0000000002698000-memory.dmp
memory/576-52-0x00000000025E0000-0x0000000002698000-memory.dmp
memory/576-112-0x000000007EF40000-0x000000007EFA9000-memory.dmp
memory/576-114-0x0000000000400000-0x0000000000439000-memory.dmp