Analysis Overview
SHA256
237ef7673a0f6438a7d52f1a127e0cca1a7665f27d8fd3f80258d6a3718a948f
Threat Level: Known bad
The file sevkanigger.zip was found to be: Known bad.
Malicious Activity Summary
Class file contains resources related to AdWind
AdWind
Adwind family
Adds Run key to start application
Suspicious use of WriteProcessMemory
Suspicious use of SetWindowsHookEx
Views/modifies file attributes
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-11-15 21:16
Signatures
Adwind family
Class file contains resources related to AdWind
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral3
Detonation Overview
Submitted
2024-11-15 21:16
Reported
2024-11-15 21:49
Platform
win11-20241007-en
Max time kernel
443s
Max time network
1166s
Command Line
Signatures
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 4304 wrote to memory of 688 | N/A | C:\Windows\system32\cmd.exe | C:\Windows\system32\chcp.com |
| PID 4304 wrote to memory of 688 | N/A | C:\Windows\system32\cmd.exe | C:\Windows\system32\chcp.com |
Processes
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\expensive 3.2 crack\start.cmd"
C:\Windows\system32\chcp.com
chcp 65001
Network
Files
Analysis: behavioral1
Detonation Overview
Submitted
2024-11-15 21:16
Reported
2024-11-15 21:47
Platform
win11-20241007-en
Max time kernel
1797s
Max time network
1802s
Command Line
Signatures
AdWind
Adwind family
Class file contains resources related to AdWind
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3587106988-279496464-3440778474-1000\Software\Microsoft\Windows\CurrentVersion\Run\Home = "C:\\Program Files\\Java\\jre-1.8\\bin\\javaw.exe -jar C:\\Users\\Admin\\AppData\\Roaming\\Microsoft\\.tmp\\1731705459427.tmp" | C:\Windows\system32\reg.exe | N/A |
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\7-Zip\7zFM.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeRestorePrivilege | N/A | C:\Program Files\7-Zip\7zFM.exe | N/A |
| Token: 35 | N/A | C:\Program Files\7-Zip\7zFM.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Program Files\7-Zip\7zFM.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\7-Zip\7zFM.exe | N/A |
| N/A | N/A | C:\Program Files\7-Zip\7zFM.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe | N/A |
Suspicious use of WriteProcessMemory
Views/modifies file attributes
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SYSTEM32\attrib.exe | N/A |
Processes
C:\Program Files\7-Zip\7zFM.exe
"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\AppData\Local\Temp\sevkanigger.zip"
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Desktop\expensive 3.2 crack\start.cmd" "
C:\Windows\system32\chcp.com
chcp 65001
C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe
java -jar expapasta.jar
C:\Windows\SYSTEM32\attrib.exe
attrib +H C:\Users\Admin\AppData\Roaming\Microsoft\.tmp\1731705459427.tmp
C:\Windows\SYSTEM32\cmd.exe
cmd.exe /c "REG ADD HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /v Home /d "C:\Program Files\Java\jre-1.8\bin\javaw.exe -jar C:\Users\Admin\AppData\Roaming\Microsoft\.tmp\1731705459427.tmp" /f"
C:\Windows\system32\reg.exe
REG ADD HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /v Home /d "C:\Program Files\Java\jre-1.8\bin\javaw.exe -jar C:\Users\Admin\AppData\Roaming\Microsoft\.tmp\1731705459427.tmp" /f
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | budget-compiled.gl.at.ply.gg | udp |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 147.185.221.22:61672 | budget-compiled.gl.at.ply.gg | tcp |
| US | 147.185.221.22:61672 | budget-compiled.gl.at.ply.gg | tcp |
| US | 147.185.221.22:61672 | budget-compiled.gl.at.ply.gg | tcp |
| US | 147.185.221.22:61672 | budget-compiled.gl.at.ply.gg | tcp |
| US | 147.185.221.22:61672 | budget-compiled.gl.at.ply.gg | tcp |
| US | 147.185.221.22:61672 | budget-compiled.gl.at.ply.gg | tcp |
| US | 147.185.221.22:61672 | budget-compiled.gl.at.ply.gg | tcp |
| US | 147.185.221.22:61672 | budget-compiled.gl.at.ply.gg | tcp |
| US | 147.185.221.22:61672 | budget-compiled.gl.at.ply.gg | tcp |
| US | 147.185.221.22:61672 | budget-compiled.gl.at.ply.gg | tcp |
| US | 147.185.221.22:61672 | budget-compiled.gl.at.ply.gg | tcp |
| US | 147.185.221.22:61672 | budget-compiled.gl.at.ply.gg | tcp |
| US | 147.185.221.22:61672 | budget-compiled.gl.at.ply.gg | tcp |
| US | 147.185.221.22:61672 | budget-compiled.gl.at.ply.gg | tcp |
| US | 147.185.221.22:61672 | budget-compiled.gl.at.ply.gg | tcp |
| US | 147.185.221.22:61672 | budget-compiled.gl.at.ply.gg | tcp |
| US | 147.185.221.22:61672 | budget-compiled.gl.at.ply.gg | tcp |
| US | 147.185.221.22:61672 | budget-compiled.gl.at.ply.gg | tcp |
| US | 147.185.221.22:61672 | budget-compiled.gl.at.ply.gg | tcp |
| US | 147.185.221.22:61672 | budget-compiled.gl.at.ply.gg | tcp |
| US | 147.185.221.22:61672 | budget-compiled.gl.at.ply.gg | tcp |
| US | 147.185.221.22:61672 | budget-compiled.gl.at.ply.gg | tcp |
| US | 147.185.221.22:61672 | budget-compiled.gl.at.ply.gg | tcp |
| US | 147.185.221.22:61672 | budget-compiled.gl.at.ply.gg | tcp |
| US | 147.185.221.22:61672 | budget-compiled.gl.at.ply.gg | tcp |
| US | 147.185.221.22:61672 | budget-compiled.gl.at.ply.gg | tcp |
| US | 147.185.221.22:61672 | budget-compiled.gl.at.ply.gg | tcp |
| US | 147.185.221.22:61672 | budget-compiled.gl.at.ply.gg | tcp |
| US | 147.185.221.22:61672 | budget-compiled.gl.at.ply.gg | tcp |
| US | 147.185.221.22:61672 | budget-compiled.gl.at.ply.gg | tcp |
| US | 147.185.221.22:61672 | budget-compiled.gl.at.ply.gg | tcp |
| US | 147.185.221.22:61672 | budget-compiled.gl.at.ply.gg | tcp |
| US | 147.185.221.22:61672 | budget-compiled.gl.at.ply.gg | tcp |
| US | 147.185.221.22:61672 | budget-compiled.gl.at.ply.gg | tcp |
| US | 147.185.221.22:61672 | budget-compiled.gl.at.ply.gg | tcp |
| US | 147.185.221.22:61672 | budget-compiled.gl.at.ply.gg | tcp |
| US | 147.185.221.22:61672 | budget-compiled.gl.at.ply.gg | tcp |
| US | 147.185.221.22:61672 | budget-compiled.gl.at.ply.gg | tcp |
| US | 147.185.221.22:61672 | budget-compiled.gl.at.ply.gg | tcp |
| US | 147.185.221.22:61672 | budget-compiled.gl.at.ply.gg | tcp |
| US | 147.185.221.22:61672 | budget-compiled.gl.at.ply.gg | tcp |
| US | 147.185.221.22:61672 | budget-compiled.gl.at.ply.gg | tcp |
| US | 147.185.221.22:61672 | budget-compiled.gl.at.ply.gg | tcp |
| US | 147.185.221.22:61672 | budget-compiled.gl.at.ply.gg | tcp |
| US | 147.185.221.22:61672 | budget-compiled.gl.at.ply.gg | tcp |
| US | 147.185.221.22:61672 | budget-compiled.gl.at.ply.gg | tcp |
| US | 147.185.221.22:61672 | budget-compiled.gl.at.ply.gg | tcp |
| US | 147.185.221.22:61672 | budget-compiled.gl.at.ply.gg | tcp |
| US | 147.185.221.22:61672 | budget-compiled.gl.at.ply.gg | tcp |
| US | 147.185.221.22:61672 | budget-compiled.gl.at.ply.gg | tcp |
| US | 147.185.221.22:61672 | budget-compiled.gl.at.ply.gg | tcp |
| US | 147.185.221.22:61672 | budget-compiled.gl.at.ply.gg | tcp |
| US | 147.185.221.22:61672 | budget-compiled.gl.at.ply.gg | tcp |
| US | 147.185.221.22:61672 | budget-compiled.gl.at.ply.gg | tcp |
| US | 147.185.221.22:61672 | budget-compiled.gl.at.ply.gg | tcp |
| US | 147.185.221.22:61672 | budget-compiled.gl.at.ply.gg | tcp |
| US | 147.185.221.22:61672 | budget-compiled.gl.at.ply.gg | tcp |
| US | 147.185.221.22:61672 | budget-compiled.gl.at.ply.gg | tcp |
| US | 147.185.221.22:61672 | budget-compiled.gl.at.ply.gg | tcp |
| US | 147.185.221.22:61672 | budget-compiled.gl.at.ply.gg | tcp |
| US | 147.185.221.22:61672 | budget-compiled.gl.at.ply.gg | tcp |
| US | 147.185.221.22:61672 | budget-compiled.gl.at.ply.gg | tcp |
| US | 147.185.221.22:61672 | budget-compiled.gl.at.ply.gg | tcp |
| US | 147.185.221.22:61672 | budget-compiled.gl.at.ply.gg | tcp |
| US | 147.185.221.22:61672 | budget-compiled.gl.at.ply.gg | tcp |
| US | 147.185.221.22:61672 | budget-compiled.gl.at.ply.gg | tcp |
| US | 147.185.221.22:61672 | budget-compiled.gl.at.ply.gg | tcp |
| US | 147.185.221.22:61672 | budget-compiled.gl.at.ply.gg | tcp |
| US | 147.185.221.22:61672 | budget-compiled.gl.at.ply.gg | tcp |
| US | 147.185.221.22:61672 | budget-compiled.gl.at.ply.gg | tcp |
| US | 147.185.221.22:61672 | budget-compiled.gl.at.ply.gg | tcp |
| US | 147.185.221.22:61672 | budget-compiled.gl.at.ply.gg | tcp |
| US | 147.185.221.22:61672 | budget-compiled.gl.at.ply.gg | tcp |
| US | 147.185.221.22:61672 | budget-compiled.gl.at.ply.gg | tcp |
| US | 147.185.221.22:61672 | budget-compiled.gl.at.ply.gg | tcp |
| US | 147.185.221.22:61672 | budget-compiled.gl.at.ply.gg | tcp |
| US | 147.185.221.22:61672 | budget-compiled.gl.at.ply.gg | tcp |
| US | 147.185.221.22:61672 | budget-compiled.gl.at.ply.gg | tcp |
| US | 147.185.221.22:61672 | budget-compiled.gl.at.ply.gg | tcp |
| US | 147.185.221.22:61672 | budget-compiled.gl.at.ply.gg | tcp |
Files
C:\Users\Admin\Desktop\expensive 3.2 crack\start.cmd
| MD5 | 01b8ed92434e95a011e8e8dacba2fd68 |
| SHA1 | d1f538dfbab7a19c792b8325b2e9cbcc3cd9937d |
| SHA256 | 59a12fd47b56fa697512484117f37bd4a69b733c44614c13153e955581eb6799 |
| SHA512 | ce14085421d4902b300370896048a3e901508def1bdd5158a7df286cbc9de32163e3ef67afe416a5879816915ec75badf6604adaf19218b6343467c9391d1f9a |
C:\Users\Admin\Desktop\expensive 3.2 crack\expapasta.jar
| MD5 | adc85420c269bf5e808f6f703611d57c |
| SHA1 | 6b899a737504a4568bd7cd4f7dc5fef7a039958f |
| SHA256 | fba508fae28635f44b9933b276e85e2618f7d05dc7fef1282ff49af32d454a02 |
| SHA512 | 739b900f29da1c2503781048240f7c73367390a2a55fb2e5be204291c7db941a27f65c77ed8c67b0e5c68e2e35e046a8a51ad3f12a46ff72aaa17887c7408fa9 |
memory/484-8-0x00000220B0B70000-0x00000220B0DE0000-memory.dmp
memory/484-29-0x00000220AF2F0000-0x00000220AF2F1000-memory.dmp
memory/484-34-0x00000220AF2F0000-0x00000220AF2F1000-memory.dmp
memory/484-36-0x00000220B0B70000-0x00000220B0DE0000-memory.dmp
memory/484-39-0x00000220AF2F0000-0x00000220AF2F1000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2024-11-15 21:16
Reported
2024-11-15 21:48
Platform
win11-20241023-en
Max time kernel
1785s
Max time network
1798s
Command Line
Signatures
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4248760313-3670024077-2384670640-1000\Software\Microsoft\Windows\CurrentVersion\Run\Home = "C:\\Program Files\\Java\\jre-1.8\\bin\\javaw.exe -jar C:\\Users\\Admin\\AppData\\Roaming\\Microsoft\\.tmp\\1731705504161.tmp" | C:\Windows\system32\reg.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 4112 wrote to memory of 4208 | N/A | C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe | C:\Windows\SYSTEM32\attrib.exe |
| PID 4112 wrote to memory of 4208 | N/A | C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe | C:\Windows\SYSTEM32\attrib.exe |
| PID 4112 wrote to memory of 988 | N/A | C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe | C:\Windows\SYSTEM32\cmd.exe |
| PID 4112 wrote to memory of 988 | N/A | C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe | C:\Windows\SYSTEM32\cmd.exe |
| PID 988 wrote to memory of 3164 | N/A | C:\Windows\SYSTEM32\cmd.exe | C:\Windows\system32\reg.exe |
| PID 988 wrote to memory of 3164 | N/A | C:\Windows\SYSTEM32\cmd.exe | C:\Windows\system32\reg.exe |
Views/modifies file attributes
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SYSTEM32\attrib.exe | N/A |
Processes
C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe
java -jar "C:\Users\Admin\AppData\Local\Temp\expensive 3.2 crack\expapasta.jar"
C:\Windows\SYSTEM32\attrib.exe
attrib +H C:\Users\Admin\AppData\Roaming\Microsoft\.tmp\1731705504161.tmp
C:\Windows\SYSTEM32\cmd.exe
cmd.exe /c "REG ADD HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /v Home /d "C:\Program Files\Java\jre-1.8\bin\javaw.exe -jar C:\Users\Admin\AppData\Roaming\Microsoft\.tmp\1731705504161.tmp" /f"
C:\Windows\system32\reg.exe
REG ADD HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /v Home /d "C:\Program Files\Java\jre-1.8\bin\javaw.exe -jar C:\Users\Admin\AppData\Roaming\Microsoft\.tmp\1731705504161.tmp" /f
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | budget-compiled.gl.at.ply.gg | udp |
| US | 147.185.221.22:61672 | budget-compiled.gl.at.ply.gg | tcp |
| US | 147.185.221.22:61672 | budget-compiled.gl.at.ply.gg | tcp |
| US | 147.185.221.22:61672 | budget-compiled.gl.at.ply.gg | tcp |
| US | 147.185.221.22:61672 | budget-compiled.gl.at.ply.gg | tcp |
| US | 147.185.221.22:61672 | budget-compiled.gl.at.ply.gg | tcp |
| US | 147.185.221.22:61672 | budget-compiled.gl.at.ply.gg | tcp |
| US | 147.185.221.22:61672 | budget-compiled.gl.at.ply.gg | tcp |
| US | 147.185.221.22:61672 | budget-compiled.gl.at.ply.gg | tcp |
| US | 147.185.221.22:61672 | budget-compiled.gl.at.ply.gg | tcp |
| US | 147.185.221.22:61672 | budget-compiled.gl.at.ply.gg | tcp |
| US | 147.185.221.22:61672 | budget-compiled.gl.at.ply.gg | tcp |
| US | 147.185.221.22:61672 | budget-compiled.gl.at.ply.gg | tcp |
| US | 147.185.221.22:61672 | budget-compiled.gl.at.ply.gg | tcp |
| US | 147.185.221.22:61672 | budget-compiled.gl.at.ply.gg | tcp |
| US | 147.185.221.22:61672 | budget-compiled.gl.at.ply.gg | tcp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 147.185.221.22:61672 | budget-compiled.gl.at.ply.gg | tcp |
| US | 147.185.221.22:61672 | budget-compiled.gl.at.ply.gg | tcp |
| US | 147.185.221.22:61672 | budget-compiled.gl.at.ply.gg | tcp |
| US | 147.185.221.22:61672 | budget-compiled.gl.at.ply.gg | tcp |
| US | 147.185.221.22:61672 | budget-compiled.gl.at.ply.gg | tcp |
| US | 147.185.221.22:61672 | budget-compiled.gl.at.ply.gg | tcp |
| US | 147.185.221.22:61672 | budget-compiled.gl.at.ply.gg | tcp |
| US | 147.185.221.22:61672 | budget-compiled.gl.at.ply.gg | tcp |
| US | 147.185.221.22:61672 | budget-compiled.gl.at.ply.gg | tcp |
| US | 147.185.221.22:61672 | budget-compiled.gl.at.ply.gg | tcp |
| US | 147.185.221.22:61672 | budget-compiled.gl.at.ply.gg | tcp |
| US | 147.185.221.22:61672 | budget-compiled.gl.at.ply.gg | tcp |
| US | 147.185.221.22:61672 | budget-compiled.gl.at.ply.gg | tcp |
| US | 147.185.221.22:61672 | budget-compiled.gl.at.ply.gg | tcp |
| US | 147.185.221.22:61672 | budget-compiled.gl.at.ply.gg | tcp |
| US | 147.185.221.22:61672 | budget-compiled.gl.at.ply.gg | tcp |
| US | 147.185.221.22:61672 | budget-compiled.gl.at.ply.gg | tcp |
| US | 147.185.221.22:61672 | budget-compiled.gl.at.ply.gg | tcp |
| US | 147.185.221.22:61672 | budget-compiled.gl.at.ply.gg | tcp |
| US | 147.185.221.22:61672 | budget-compiled.gl.at.ply.gg | tcp |
| US | 147.185.221.22:61672 | budget-compiled.gl.at.ply.gg | tcp |
| US | 147.185.221.22:61672 | budget-compiled.gl.at.ply.gg | tcp |
| US | 147.185.221.22:61672 | budget-compiled.gl.at.ply.gg | tcp |
| US | 147.185.221.22:61672 | budget-compiled.gl.at.ply.gg | tcp |
| US | 147.185.221.22:61672 | budget-compiled.gl.at.ply.gg | tcp |
| US | 147.185.221.22:61672 | budget-compiled.gl.at.ply.gg | tcp |
| US | 147.185.221.22:61672 | budget-compiled.gl.at.ply.gg | tcp |
| US | 147.185.221.22:61672 | budget-compiled.gl.at.ply.gg | tcp |
| US | 147.185.221.22:61672 | budget-compiled.gl.at.ply.gg | tcp |
| US | 147.185.221.22:61672 | budget-compiled.gl.at.ply.gg | tcp |
| US | 147.185.221.22:61672 | budget-compiled.gl.at.ply.gg | tcp |
| US | 147.185.221.22:61672 | budget-compiled.gl.at.ply.gg | tcp |
| US | 147.185.221.22:61672 | budget-compiled.gl.at.ply.gg | tcp |
| US | 147.185.221.22:61672 | budget-compiled.gl.at.ply.gg | tcp |
| US | 147.185.221.22:61672 | budget-compiled.gl.at.ply.gg | tcp |
| US | 147.185.221.22:61672 | budget-compiled.gl.at.ply.gg | tcp |
| US | 147.185.221.22:61672 | budget-compiled.gl.at.ply.gg | tcp |
| US | 147.185.221.22:61672 | budget-compiled.gl.at.ply.gg | tcp |
| US | 147.185.221.22:61672 | budget-compiled.gl.at.ply.gg | tcp |
| US | 147.185.221.22:61672 | budget-compiled.gl.at.ply.gg | tcp |
| US | 147.185.221.22:61672 | budget-compiled.gl.at.ply.gg | tcp |
| US | 147.185.221.22:61672 | budget-compiled.gl.at.ply.gg | tcp |
| US | 147.185.221.22:61672 | budget-compiled.gl.at.ply.gg | tcp |
| US | 147.185.221.22:61672 | budget-compiled.gl.at.ply.gg | tcp |
| US | 147.185.221.22:61672 | budget-compiled.gl.at.ply.gg | tcp |
| US | 147.185.221.22:61672 | budget-compiled.gl.at.ply.gg | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 147.185.221.22:61672 | budget-compiled.gl.at.ply.gg | tcp |
| US | 147.185.221.22:61672 | budget-compiled.gl.at.ply.gg | tcp |
| US | 147.185.221.22:61672 | budget-compiled.gl.at.ply.gg | tcp |
| US | 147.185.221.22:61672 | budget-compiled.gl.at.ply.gg | tcp |
| US | 147.185.221.22:61672 | budget-compiled.gl.at.ply.gg | tcp |
| US | 147.185.221.22:61672 | budget-compiled.gl.at.ply.gg | tcp |
| US | 147.185.221.22:61672 | budget-compiled.gl.at.ply.gg | tcp |
| US | 147.185.221.22:61672 | budget-compiled.gl.at.ply.gg | tcp |
| US | 147.185.221.22:61672 | budget-compiled.gl.at.ply.gg | tcp |
| US | 147.185.221.22:61672 | budget-compiled.gl.at.ply.gg | tcp |
| US | 147.185.221.22:61672 | budget-compiled.gl.at.ply.gg | tcp |
| US | 147.185.221.22:61672 | budget-compiled.gl.at.ply.gg | tcp |
| US | 147.185.221.22:61672 | budget-compiled.gl.at.ply.gg | tcp |
| US | 147.185.221.22:61672 | budget-compiled.gl.at.ply.gg | tcp |
| US | 147.185.221.22:61672 | budget-compiled.gl.at.ply.gg | tcp |
| US | 147.185.221.22:61672 | budget-compiled.gl.at.ply.gg | tcp |
| US | 147.185.221.22:61672 | budget-compiled.gl.at.ply.gg | tcp |
| US | 147.185.221.22:61672 | budget-compiled.gl.at.ply.gg | tcp |
| US | 147.185.221.22:61672 | budget-compiled.gl.at.ply.gg | tcp |
Files
memory/4112-2-0x0000019727E70000-0x00000197280E0000-memory.dmp
memory/4112-14-0x0000019727E50000-0x0000019727E51000-memory.dmp
memory/4112-16-0x00000197280E0000-0x00000197280F0000-memory.dmp
memory/4112-18-0x00000197280F0000-0x0000019728100000-memory.dmp
memory/4112-20-0x0000019728100000-0x0000019728110000-memory.dmp
memory/4112-22-0x0000019728110000-0x0000019728120000-memory.dmp
memory/4112-24-0x0000019728120000-0x0000019728130000-memory.dmp
memory/4112-26-0x0000019728130000-0x0000019728140000-memory.dmp
memory/4112-29-0x0000019728140000-0x0000019728150000-memory.dmp
memory/4112-32-0x0000019728150000-0x0000019728160000-memory.dmp
C:\Users\Admin\AppData\Roaming\Microsoft\.tmp\1731705504161.tmp
| MD5 | adc85420c269bf5e808f6f703611d57c |
| SHA1 | 6b899a737504a4568bd7cd4f7dc5fef7a039958f |
| SHA256 | fba508fae28635f44b9933b276e85e2618f7d05dc7fef1282ff49af32d454a02 |
| SHA512 | 739b900f29da1c2503781048240f7c73367390a2a55fb2e5be204291c7db941a27f65c77ed8c67b0e5c68e2e35e046a8a51ad3f12a46ff72aaa17887c7408fa9 |
memory/4112-37-0x0000019728160000-0x0000019728170000-memory.dmp
memory/4112-36-0x0000019727E70000-0x00000197280E0000-memory.dmp
memory/4112-38-0x0000019727E50000-0x0000019727E51000-memory.dmp
memory/4112-39-0x00000197280E0000-0x00000197280F0000-memory.dmp
memory/4112-41-0x00000197280F0000-0x0000019728100000-memory.dmp
memory/4112-42-0x0000019728100000-0x0000019728110000-memory.dmp
memory/4112-43-0x0000019728110000-0x0000019728120000-memory.dmp
memory/4112-44-0x0000019728120000-0x0000019728130000-memory.dmp
memory/4112-45-0x0000019728130000-0x0000019728140000-memory.dmp
memory/4112-46-0x0000019728140000-0x0000019728150000-memory.dmp
memory/4112-47-0x0000019728150000-0x0000019728160000-memory.dmp
memory/4112-48-0x0000019728160000-0x0000019728170000-memory.dmp
memory/4112-51-0x0000019728170000-0x0000019728180000-memory.dmp
memory/4112-52-0x0000019727E50000-0x0000019727E51000-memory.dmp
memory/4112-53-0x0000019728170000-0x0000019728180000-memory.dmp
memory/4112-55-0x0000019728180000-0x0000019728190000-memory.dmp
memory/4112-59-0x0000019728190000-0x00000197281A0000-memory.dmp
memory/4112-60-0x0000019728190000-0x00000197281A0000-memory.dmp
memory/4112-64-0x00000197281A0000-0x00000197281B0000-memory.dmp
memory/4112-66-0x00000197281A0000-0x00000197281B0000-memory.dmp
memory/4112-68-0x00000197281B0000-0x00000197281C0000-memory.dmp