Analysis Overview
SHA256
6f90c61bad9eaf419d06e864e0e9722acfaa2069357deddee87431f8b77f2c61
Threat Level: Known bad
The file Installationshandbuch OXO Rel 4.0.exe was found to be: Known bad.
Malicious Activity Summary
ModiLoader, DBatLoader
Modiloader family
Modifies firewall policy service
ModiLoader Second Stage
Loads dropped DLL
Executes dropped EXE
Enumerates connected drives
Adds Run key to start application
Drops file in System32 directory
Drops autorun.inf file
Suspicious use of SetThreadContext
UPX packed file
Drops file in Windows directory
Drops file in Program Files directory
Unsigned PE
Enumerates physical storage devices
System Location Discovery: System Language Discovery
Suspicious use of WriteProcessMemory
Suspicious use of SetWindowsHookEx
Suspicious use of AdjustPrivilegeToken
Modifies Internet Explorer settings
Suspicious behavior: EnumeratesProcesses
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-11-17 08:56
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-11-17 08:56
Reported
2024-11-17 08:59
Platform
win7-20240903-en
Max time kernel
150s
Max time network
146s
Command Line
Signatures
ModiLoader, DBatLoader
Modifies firewall policy service
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AdobeARM.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\C:\Windows\system32\AdobeARM.exe = "C:\\Windows\\system32\\AdobeARM.exe:*:Enabled:Explorer" | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AdobeARM.exe | N/A |
Modiloader family
ModiLoader Second Stage
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Installationshandbuch OXO Rel 4.0.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AdobeARM.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AdobeARM.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\adobe.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\adoberun.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\adoberun.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\adobe.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\SystemProc\lsass.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\SystemProc\lsass.exe | N/A |
| N/A | N/A | C:\Windows\adobe.exe | N/A |
| N/A | N/A | C:\Windows\adobe.exe | N/A |
Loads dropped DLL
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup0 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP000.TMP\\\"" | C:\Users\Admin\AppData\Local\Temp\Installationshandbuch OXO Rel 4.0.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Windows\CurrentVersion\Run\Adobe Reader Updater = "C:\\Windows\\system32\\AdobeARM.exe" | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AdobeARM.exe | N/A |
Enumerates connected drives
Drops autorun.inf file
| Description | Indicator | Process | Target |
| File created | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\09011b02803b41b3-1114797003747\autorun.inf | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Installationshandbuch OXO Rel 4.0.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\09011b02803b41b3-1114797003747\autorun.inf | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Installationshandbuch OXO Rel 4.0.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\09011b02803b41b3-1114797003747\autorun.inf | C:\Users\Admin\AppData\Local\Temp\Installationshandbuch OXO Rel 4.0.exe | N/A |
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\SysWOW64\AdobeARM.exe | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AdobeARM.exe | N/A |
| File created | C:\Windows\SysWOW64\AdobeARM.exe | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AdobeARM.exe | N/A |
| File created | C:\Windows\SysWOW64\adoberun.exe | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AdobeARM.exe | N/A |
| File created | C:\Windows\SysWOW64\adobe.exe | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AdobeARM.exe | N/A |
Suspicious use of SetThreadContext
| Description | Indicator | Process | Target |
| PID 820 set thread context of 2108 | N/A | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AdobeARM.exe | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AdobeARM.exe |
| PID 1168 set thread context of 2468 | N/A | C:\Windows\SysWOW64\adoberun.exe | C:\Windows\SysWOW64\adoberun.exe |
| PID 556 set thread context of 2524 | N/A | C:\Windows\SysWOW64\adobe.exe | C:\Windows\SysWOW64\adobe.exe |
| PID 2888 set thread context of 2008 | N/A | C:\Users\Admin\AppData\Roaming\SystemProc\lsass.exe | C:\Users\Admin\AppData\Roaming\SystemProc\lsass.exe |
| PID 1408 set thread context of 2592 | N/A | C:\Windows\adobe.exe | C:\Windows\adobe.exe |
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\program files\limewire\shared\McAfee Total Protection 2010.exe | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AdobeARM.exe | N/A |
| File created | C:\program files\icq\shared folder\Twitter FriendAdder 2.1.1.exe | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AdobeARM.exe | N/A |
| File created | C:\program files\grokster\my grokster\Image Size Reducer Pro v1.0.1.exe | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AdobeARM.exe | N/A |
| File created | C:\program files\morpheus\my shared folder\Image Size Reducer Pro v1.0.1.exe | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AdobeARM.exe | N/A |
| File created | C:\program files\morpheus\my shared folder\Starcraft2 Oblivion DLL.exe | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AdobeARM.exe | N/A |
| File created | C:\program files\tesla\files\K-Lite Mega Codec v5.6.1 Portable.exe | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AdobeARM.exe | N/A |
| File created | C:\program files\tesla\files\Norton Internet Security 2010 crack.exe | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AdobeARM.exe | N/A |
| File created | C:\program files\winmx\shared\Absolute Video Converter 6.2.exe | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AdobeARM.exe | N/A |
| File created | C:\program files\winmx\shared\Starcraft2 Oblivion DLL.exe | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AdobeARM.exe | N/A |
| File created | C:\program files\emule\incoming\Starcraft2 Patch v0.2.exe | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AdobeARM.exe | N/A |
| File created | C:\program files\limewire\shared\Image Size Reducer Pro v1.0.1.exe | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AdobeARM.exe | N/A |
| File created | C:\program files\grokster\my grokster\Avast 4.8 Professional.exe | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AdobeARM.exe | N/A |
| File created | C:\program files\morpheus\my shared folder\K-Lite Mega Codec v5.6.1 Portable.exe | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AdobeARM.exe | N/A |
| File created | C:\program files\limewire\shared\Starcraft2 Patch v0.2.exe | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AdobeARM.exe | N/A |
| File created | C:\program files\winmx\shared\Starcraft2 Crack.exe | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AdobeARM.exe | N/A |
| File created | C:\program files\icq\shared folder\VmWare keygen.exe | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AdobeARM.exe | N/A |
| File created | C:\program files\grokster\my grokster\K-Lite Mega Codec v5.6.1 Portable.exe | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AdobeARM.exe | N/A |
| File created | C:\program files\grokster\my grokster\PDF-XChange Pro.exe | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AdobeARM.exe | N/A |
| File created | C:\program files\icq\shared folder\PDF-XChange Pro.exe | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AdobeARM.exe | N/A |
| File created | C:\program files\grokster\my grokster\Twitter FriendAdder 2.1.1.exe | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AdobeARM.exe | N/A |
| File created | C:\program files\limewire\shared\WinRAR v3.x keygen RaZoR.exe | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AdobeARM.exe | N/A |
| File created | C:\program files\limewire\shared\Alcohol 120 v1.9.7.exe | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AdobeARM.exe | N/A |
| File created | C:\program files\limewire\shared\Divx Pro 7 + keymaker.exe | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AdobeARM.exe | N/A |
| File created | C:\program files\tesla\files\Windows 7 Ultimate keygen.exe | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AdobeARM.exe | N/A |
| File created | C:\program files\winmx\shared\CleanMyPC Registry Cleaner v6.02.exe | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AdobeARM.exe | N/A |
| File created | C:\program files\emule\incoming\Adobe Illustrator CS4 crack.exe | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AdobeARM.exe | N/A |
| File created | C:\program files\morpheus\my shared folder\Windows2008 keygen and activator.exe | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AdobeARM.exe | N/A |
| File created | C:\program files\limewire\shared\Motorola, nokia, ericsson mobil phone tools.exe | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AdobeARM.exe | N/A |
| File created | C:\program files\limewire\shared\Absolute Video Converter 6.2.exe | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AdobeARM.exe | N/A |
| File created | C:\program files\tesla\files\AnyDVD HD v.6.3.1.8 Beta incl crack.exe | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AdobeARM.exe | N/A |
| File created | C:\program files\winmx\shared\Mp3 Splitter and Joiner Pro v3.48.exe | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AdobeARM.exe | N/A |
| File created | C:\program files\grokster\my grokster\PDF to Word Converter 3.0.exe | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AdobeARM.exe | N/A |
| File created | C:\program files\morpheus\my shared folder\Grand Theft Auto IV (Offline Activation).exe | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AdobeARM.exe | N/A |
| File created | C:\program files\grokster\my grokster\Tuneup Ultilities 2010.exe | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AdobeARM.exe | N/A |
| File created | C:\program files\emule\incoming\Avast 4.8 Professional.exe | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AdobeARM.exe | N/A |
| File created | C:\program files\icq\shared folder\Starcraft2 keys.txt.exe | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AdobeARM.exe | N/A |
| File created | C:\program files\tesla\files\Adobe Photoshop CS4 crack.exe | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AdobeARM.exe | N/A |
| File created | C:\program files\morpheus\my shared folder\Starcraft2.exe | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AdobeARM.exe | N/A |
| File created | C:\program files\winmx\shared\Adobe Photoshop CS4 crack.exe | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AdobeARM.exe | N/A |
| File created | C:\program files\grokster\my grokster\Trojan Killer v2.9.4173.exe | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AdobeARM.exe | N/A |
| File created | C:\program files\morpheus\my shared folder\Tuneup Ultilities 2010.exe | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AdobeARM.exe | N/A |
| File created | C:\program files\grokster\my grokster\Power ISO v4.2 + keygen axxo.exe | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AdobeARM.exe | N/A |
| File created | C:\program files\grokster\my grokster\Absolute Video Converter 6.2.exe | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AdobeARM.exe | N/A |
| File created | C:\program files\tesla\files\Starcraft2.exe | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AdobeARM.exe | N/A |
| File created | C:\program files\morpheus\my shared folder\Blaze DVD Player Pro v6.52.exe | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AdobeARM.exe | N/A |
| File created | C:\program files\grokster\my grokster\Blaze DVD Player Pro v6.52.exe | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AdobeARM.exe | N/A |
| File created | C:\program files\grokster\my grokster\BitDefender AntiVirus 2010 Keygen.exe | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AdobeARM.exe | N/A |
| File created | C:\program files\icq\shared folder\K-Lite Mega Codec v5.5.1.exe | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AdobeARM.exe | N/A |
| File created | C:\program files\winmx\shared\Adobe Illustrator CS4 crack.exe | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AdobeARM.exe | N/A |
| File created | C:\program files\tesla\files\Alcohol 120 v1.9.7.exe | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AdobeARM.exe | N/A |
| File created | C:\program files\morpheus\my shared folder\Internet Download Manager V5.exe | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AdobeARM.exe | N/A |
| File created | C:\program files\tesla\files\Twitter FriendAdder 2.1.1.exe | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AdobeARM.exe | N/A |
| File created | C:\program files\morpheus\my shared folder\Magic Video Converter 8 0 2 18.exe | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AdobeARM.exe | N/A |
| File created | C:\program files\tesla\files\Windows 2008 Enterprise Server VMWare Virtual Machine.exe | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AdobeARM.exe | N/A |
| File created | C:\program files\grokster\my grokster\Starcraft2 Patch v0.2.exe | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AdobeARM.exe | N/A |
| File created | C:\program files\morpheus\my shared folder\Total Commander7 license+keygen.exe | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AdobeARM.exe | N/A |
| File created | C:\program files\emule\incoming\K-Lite Mega Codec v5.5.1.exe | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AdobeARM.exe | N/A |
| File created | C:\program files\emule\incoming\Google SketchUp 7.1 Pro.exe | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AdobeARM.exe | N/A |
| File created | C:\program files\morpheus\my shared folder\LimeWire Pro v4.18.3.exe | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AdobeARM.exe | N/A |
| File created | C:\program files\winmx\shared\Ashampoo Snap 3.02.exe | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AdobeARM.exe | N/A |
| File created | C:\program files\icq\shared folder\Norton Anti-Virus 2010 Enterprise Crack.exe | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AdobeARM.exe | N/A |
| File created | C:\program files\grokster\my grokster\Norton Anti-Virus 2010 Enterprise Crack.exe | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AdobeARM.exe | N/A |
| File created | C:\program files\emule\incoming\Adobe Acrobat Reader keygen.exe | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AdobeARM.exe | N/A |
| File created | C:\program files\limewire\shared\Internet Download Manager V5.exe | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AdobeARM.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\adobe.exe | C:\Windows\SysWOW64\adobe.exe | N/A |
| File opened for modification | C:\Windows\adobe.exe | C:\Windows\SysWOW64\adobe.exe | N/A |
Enumerates physical storage devices
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\adobe.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\Installationshandbuch OXO Rel 4.0.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AdobeARM.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\adobe.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\adobe.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Roaming\SystemProc\lsass.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Roaming\SystemProc\lsass.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\adobe.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Installationshandbuch OXO Rel 4.0.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AdobeARM.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\adoberun.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\adoberun.exe | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Installationshandbuch OXO Rel 4.0.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\SystemProc\lsass.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\adobe.exe | N/A |
| N/A | N/A | C:\Windows\adobe.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Roaming\SystemProc\lsass.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Installationshandbuch OXO Rel 4.0.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Installationshandbuch OXO Rel 4.0.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Windows\Explorer.EXE
C:\Windows\Explorer.EXE
C:\Users\Admin\AppData\Local\Temp\Installationshandbuch OXO Rel 4.0.exe
"C:\Users\Admin\AppData\Local\Temp\Installationshandbuch OXO Rel 4.0.exe"
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Installationshandbuch OXO Rel 4.0.exe
"C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Installationshandbuch OXO Rel 4.0.exe"
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AdobeARM.exe
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AdobeARM.exe
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AdobeARM.exe
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AdobeARM.exe
C:\Windows\SysWOW64\adoberun.exe
"C:\Windows\system32\adoberun.exe"
C:\Windows\SysWOW64\adobe.exe
"C:\Windows\system32\adobe.exe"
C:\Windows\SysWOW64\adoberun.exe
C:\Windows\SysWOW64\adoberun.exe
C:\Windows\SysWOW64\adobe.exe
C:\Windows\SysWOW64\adobe.exe
C:\Users\Admin\AppData\Roaming\SystemProc\lsass.exe
"C:\Users\Admin\AppData\Roaming\SystemProc\lsass.exe"
C:\Users\Admin\AppData\Roaming\SystemProc\lsass.exe
C:\Users\Admin\AppData\Roaming\SystemProc\lsass.exe
C:\Windows\adobe.exe
"C:\Windows\adobe.exe"
C:\Windows\adobe.exe
C:\Windows\adobe.exe
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.whatismyip.com | udp |
| US | 104.27.207.92:80 | www.whatismyip.com | tcp |
| US | 8.8.8.8:53 | unicode.org | udp |
| US | 8.8.8.8:53 | alt3.aspmx.l.google.com | udp |
| FI | 142.250.150.26:25 | alt3.aspmx.l.google.com | tcp |
| US | 8.8.8.8:53 | microsoft.com | udp |
| US | 8.8.8.8:53 | microsoft-com.mail.protection.outlook.com | udp |
| US | 52.101.40.26:25 | microsoft-com.mail.protection.outlook.com | tcp |
| US | 8.8.8.8:53 | apple.com | udp |
| US | 8.8.8.8:53 | mx-in-hfd.apple.com | udp |
| NL | 17.57.165.2:25 | mx-in-hfd.apple.com | tcp |
| US | 8.8.8.8:53 | alt1.aspmx.l.google.com | udp |
| NL | 142.250.153.27:25 | alt1.aspmx.l.google.com | tcp |
| US | 8.8.8.8:53 | microsoft.com | udp |
| US | 20.112.250.133:25 | microsoft.com | tcp |
| US | 8.8.8.8:53 | mx-in-sg.apple.com | udp |
| SG | 17.23.14.18:25 | mx-in-sg.apple.com | tcp |
Files
\Users\Admin\AppData\Local\Temp\IXP000.TMP\Installationshandbuch OXO Rel 4.0.exe
| MD5 | 65a76ae556bdbbf759d3ae9981a1255d |
| SHA1 | c88e943d07eb61e1a0a87a505a6b14956c08338d |
| SHA256 | d96a35768196686d08b0b1fee0b524963de44f32cee4871e4871ad74fd68429b |
| SHA512 | b9e251e2384144f960499e3413bbbb4774221379fb6cd5445611e604a93edba31402069683e0699ea6d6e909dbfcf3a59ac848b16260e12956526de6f47eecce |
memory/2096-6-0x0000000000190000-0x00000000001B4000-memory.dmp
memory/2228-9-0x0000000000400000-0x0000000000424000-memory.dmp
memory/2228-13-0x0000000000240000-0x0000000000264000-memory.dmp
memory/2228-15-0x0000000000240000-0x0000000000264000-memory.dmp
memory/2096-25-0x0000000000190000-0x00000000001B4000-memory.dmp
memory/2228-110-0x0000000000400000-0x0000000000424000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\09011b02803b41b3-1114797003747\alcatel\content\g09011b02801807b7.jpg
| MD5 | ee729ca423a649abc447f2c146afce6e |
| SHA1 | e832851cffa04d72a2464e0bf6a5a0693bbb9508 |
| SHA256 | 5a5d802136be99f98c41416e04987bfea4a905f648df2c1b4a9b7a1ed82cef2a |
| SHA512 | 694f2127ac78ad37d3dd3c89dc5ea6ba6683738875f1759053d59c3e01dc8083a12504a9bd5620fb21a21ab2d9aa741307836a50663c17c0bb6e1df2f0becd38 |
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\09011b02803b41b3-1114797003747\alcatel\content\g09011b028039aed8.jpg
| MD5 | df0a51228e264066582afe456285a950 |
| SHA1 | d80ff1f89da34a572355883e2e512eabc0dd14bf |
| SHA256 | ccc1a53de768c7335605e23752b363dce27303b80ee9be7d26cc3d07f8ce02ea |
| SHA512 | 6ed76b22bd64f90e3eb8ebc48a07654936155dc0f4799d613c5632c87ab054a436720a7b8a05ba1e89ea3cd4317642eb4ae5d9ba629bc645e3d5dd4e1f30eb41 |
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\09011b02803b41b3-1114797003747\alcatel\content\g09011b028039b4f0.jpg
| MD5 | 7aa3108a7d59d9efc9d4cb7af0b047e9 |
| SHA1 | a9b30b814e577bacf35d3147e1055d9aa4cdad99 |
| SHA256 | 5eaccb48a65376794f6eae538ccf90a84c7a76d51a4fad5124fd1faff5d8815f |
| SHA512 | 8cab9be3b0e05b41943dace55607dac750c672a2be11b05909564fda15f0a2feb93c479d6340f733027352e5b74ee008a05c105a957b22ffc35f4563c23f4dc2 |
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\09011b02803b41b3-1114797003747\alcatel\content\g09011b02803aa058.jpg
| MD5 | 863059eafa07e5f7cced2080fbb89f51 |
| SHA1 | 32df8b290f920206f2e06f66bb5453b088b605f5 |
| SHA256 | 8df0823079382a95bba0e5c15e5bad94b2495be9471d2347ef2ad439fd167e4e |
| SHA512 | 18fb0ce5c64eaaa24300ab0fb99be4a1af065b4f36745d27f945caf335a3ee6bed3b273f9052bc82c9840a926098bbc9465868575446bc9e470668d64e347ad5 |
memory/2228-901-0x0000000000240000-0x0000000000264000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\09011b02803b41b3-1114797003747\alcatel\img\LogRight.gif
| MD5 | 1cb26e700baaf1f8d6ff6e4561b48b3c |
| SHA1 | 0e0bbc1e3b62cd4a3e8d2894856c9bb5f7e7a086 |
| SHA256 | f0de11d8ba1ef557be2dd419dec4717f072a6af7ba7298af6169e171ac2494f8 |
| SHA512 | 3218baf9f42c250565b498f8e27184e9a8fdd5a9e8d07fc74b40b361fee6b0d8144aeb6d7e1a22214547e6fc2e9e095ec88a6ea401355aeba7f61aabec33660c |
memory/2228-1204-0x0000000000400000-0x0000000000424000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\09011b02803b41b3-1114797003747\alcatel\tmpl\help\es\images\nav_cd2.gif
| MD5 | 21814a1ce2c2bdf9317047fc2206812b |
| SHA1 | 65859f777f0af0d5eef7e89b249b3c7a795ccb68 |
| SHA256 | 1a5fb54be022870ecf1ee1c445186e60e7c07efac73b9322a71f2ec6178f0bd7 |
| SHA512 | 23e228e220b3f3c3a865768b3a9d255091a0678f25371b6baa0e37f29e9f1971191229a224121a1a5f312e025dbd65ef0c1b89d38cf4dcc51b5c9e784848cfbc |
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\09011b02803b41b3-1114797003747\alcatel\tmpl\help\fr\images\rech_applic.gif
| MD5 | 4eedef61affbac4d783c75786290653f |
| SHA1 | 6439a9cb971176ce7c304e482036f3402c07a617 |
| SHA256 | 0309b886db1525bb88c108c5417346698c0299a6fad1e62b686f5784cf737871 |
| SHA512 | 803c56a2c88ec35b2a02368afb959b7cd5f54e4aa08219ef21d304d324327cac0e4a86f666d1a8fe8a4f60b9fad100c6c14521e7791c3c6f740540391b8db5c2 |
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\09011b02803b41b3-1114797003747\alcatel\tmpl\help\fr\images\rech_certif_fr.jpg
| MD5 | 655b94fcd8a0a65108942ea7eb10d21c |
| SHA1 | c468af35cd5645fbec102e49552a9c9b61beb2e8 |
| SHA256 | e547f7d70265057096fe2ad7a49ab523a2afe8be321b0da1947671c8f68d3504 |
| SHA512 | 1627a92c1648a341f2360627764684855cc774d41379fb882f6f5cc6b4249f286e022d4390d0e77fb2d3efff7432e640a6d5e880be99afebdbb1c29b2ffd827a |
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\09011b02803b41b3-1114797003747\alcatel\tmpl\menu-images\f_pdf_16.gif
| MD5 | f3003d5441362be4f833b6b51563b0fa |
| SHA1 | e96148b0dfb15c653badeff3898f409aac290b4c |
| SHA256 | 00a5dce56b919a2e71685e5ddf06c4b8d23670ccd0675e1cd043f9f13e30c2e7 |
| SHA512 | 5c491b9c9dcdf8d0efb7a06a7b74e0b14cc134c161f3748d5bb8780bb65dcace080a49cfa4212d8a06b531de4e4df9368573b455552cf9ffa6ffdf74d994bb58 |
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\09011b02803b41b3-1114797003747\Apache\conf\access.default.conf
| MD5 | 5f547acb494b0c790d2817c0c2acd830 |
| SHA1 | 6faaf52d4e005d237fd0a94476e9ec8261207ad1 |
| SHA256 | 2b7a2e7545d1232e7cabae55f09ad05e4d6552e52ca0d8a51f877c0e66f66bd1 |
| SHA512 | d89568570bc1ab42bc727c1e0974951cf47ed9578164f59310217ee1355597d9c229acb15c514c48f84a271d2a2178ac6af31c2bb8fd07600da5877870a382f3 |
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\09011b02803b41b3-1114797003747\Apache\conf\srm.default.conf
| MD5 | 8281618e7af66343c912d63b2664fcb8 |
| SHA1 | d23ba82133f344ae24c036a51f6cd94d964856f9 |
| SHA256 | c6a5bd4083f00e5b7042962f693f98b593a434666f909393f3bdbe7062534633 |
| SHA512 | 8f7c4af81c9a3efb873447cd5385b9ed10f7b184786e06ce17217ac5de1b58bf6f2ee774adf2b7979e9d8ef826ca242bc57d35dad67977d2d60e04fa6af0f07c |
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\09011b02803b41b3-1114797003747\Perl\site\lib\auto\zlib\extralibs.ld
| MD5 | 2f8f3230bbc42e379a1554ca3419d46d |
| SHA1 | 48ba89d52c74a8305673d502a342c390ba0c5511 |
| SHA256 | 3efe94e50d33a368dca95d1b612243aec88ddbd1353245769c79b82fc857ae09 |
| SHA512 | 46258013b5450494eedb16dcfc2142f54876b86048210a7b102096cc42502a28879fba3e193ce1116c8f1046d1178a60a2436270e94cc5002593b82f2d57156d |
memory/2228-3463-0x0000000000400000-0x0000000000424000-memory.dmp
\Users\Admin\AppData\Local\Temp\IXP000.TMP\AdobeARM.exe
| MD5 | a2d32455fe6eae45237b90eff61046f0 |
| SHA1 | aaac8b736cd055f6afa3560351a0920a73087456 |
| SHA256 | bd869ae2e244fb93c1a6c80e42cbc8ad1a400a799a4f9455cc47f5d27550e695 |
| SHA512 | 16ebe982903e8e1420a49930a206a0f4a8b78dc2c105084c9e5e9e42ae2345e5516ed2f7c6a9d65f6de233ab89f82beabe804854fb61cae9aa050fea974f469d |
memory/2108-3476-0x0000000000400000-0x0000000000483000-memory.dmp
memory/2108-3478-0x0000000000400000-0x0000000000483000-memory.dmp
memory/2108-3496-0x0000000000400000-0x0000000000483000-memory.dmp
memory/820-3510-0x0000000000400000-0x000000000049A000-memory.dmp
memory/2108-3508-0x0000000000400000-0x0000000000483000-memory.dmp
memory/2108-3505-0x0000000000400000-0x0000000000483000-memory.dmp
memory/2108-3504-0x0000000000400000-0x0000000000483000-memory.dmp
memory/2108-3503-0x0000000000400000-0x0000000000483000-memory.dmp
memory/2108-3502-0x0000000000400000-0x0000000000483000-memory.dmp
memory/2108-3501-0x0000000000400000-0x0000000000483000-memory.dmp
memory/2108-3500-0x0000000000400000-0x0000000000483000-memory.dmp
memory/2108-3499-0x0000000000400000-0x0000000000483000-memory.dmp
memory/2108-3498-0x0000000000400000-0x0000000000483000-memory.dmp
memory/2108-3497-0x0000000000400000-0x0000000000483000-memory.dmp
memory/2108-3495-0x0000000000400000-0x0000000000483000-memory.dmp
memory/2108-3494-0x0000000000400000-0x0000000000483000-memory.dmp
memory/2108-3490-0x0000000000400000-0x0000000000483000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\09011b02803b41b3-1114797003747\alcatel\alcatel.conf
| MD5 | c7df842c9c96ee9fec5a613feaec2c0d |
| SHA1 | e52c0137de31f7fc8bbd5d8bfcf832eb36ee38a5 |
| SHA256 | dc7ca51b062ab49aa5605ccf0afc66ec82ad09625d8045ac03ec4c0f8a855237 |
| SHA512 | e2ce197f46871591fb93f154d220c5c32915ef431003aa8bdc17ec93edd95a57dc302256825a86c9befc6cba248d2014d7617e4135850713764180bdb339ef6f |
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\09011b02803b41b3-1114797003747\alcatel\alcatel.index.prop
| MD5 | 710b4ffa2a7276cbde53d42a1a5885e7 |
| SHA1 | bc67871d756018655e763d044492e862b5ec21dd |
| SHA256 | 5a39f6bd0e491566abf575cc897fc53a0865c211a31f8ff099a3dc9f3959cb4e |
| SHA512 | bdc5ed55ae0470a977ddb97dda62035cb685276a2dde3f4ed331906afe21b991564fc716c44e493b70d455517074b96532f7e523b1b41f371f3a8f297bccaf80 |
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\09011b02803b41b3-1114797003747\alcatel\alcatel.index
| MD5 | 97ec1963b4a6288f1e048d361791b545 |
| SHA1 | 091e53cba23031e0baa7e87281f55dee29bdfe8b |
| SHA256 | 212d13edeb36e257919a475a92195e8f707a6de91cf389ff0584aa3ded444367 |
| SHA512 | 253340da669fa8cc853179aa6f05de69d85474d3cafb4967f0448a9331b275a1aefa73b5dc6f13360d036667e20f47c8c6fdd2afafdcc4045d927768460ef64c |
memory/2108-3488-0x0000000000400000-0x0000000000483000-memory.dmp
memory/2108-3486-0x0000000000400000-0x0000000000483000-memory.dmp
memory/2108-3484-0x0000000000400000-0x0000000000483000-memory.dmp
memory/2108-3482-0x0000000000400000-0x0000000000483000-memory.dmp
memory/2108-3480-0x0000000000400000-0x0000000000483000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\09011b02803b41b3-1114797003747\alcatel\config\strings\km\custom\component\toc\TocNlsProp_es_ES.properties
| MD5 | 37c1b572585207abc822237b85910644 |
| SHA1 | 1917d359f7d9c64ad20bb14246af4ac892b8105c |
| SHA256 | c26699691054880ed2cb2918822dc8dea08a0415e0e9f8f045d9799fe26fd76e |
| SHA512 | 97a4c97a306cc48cb8babc24346f0139c6caccf679dc2f0500055263b4ccb1ab279d60826ab3aa4da60ee485187034cd490bef2056363a318e4915ba878ad6d8 |
C:\Windows\SysWOW64\adobe.exe
| MD5 | 4ec2782feb0d7e6fa02844f98250f160 |
| SHA1 | f06fb3cc062552171338f2fee353e41099dd1a62 |
| SHA256 | 86f77af6b4a245050fe4a27183f457ba582c455b61a0788f099fd981520fe329 |
| SHA512 | 2d6976146a799c7fdd63a3286588adb002aa213a8348ec02b19ea3cfbf770470c35d75bfde53e11da09edd775a5c83b3ae45730994fb4da20f6e59bb9226b171 |
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\09011b02803b41b3-1114797003747\alcatel\config\strings\km\custom\component\toc\TocNlsProp_de_DE.properties
| MD5 | 922c817601cc902e954ec18dd0850270 |
| SHA1 | 62ef60cfd4dff4c2e6c5e6aad32eba98062a89f2 |
| SHA256 | 88a190d48a732cc8eea11910bd02d003ca38fa67a7febf445a6e9596550ebf39 |
| SHA512 | 651e27be2394b226340e84004f0fd65f7739da5f8fcafa14977df1eeae8091f0d3b90aed494ee7eaa3fe7126babbb5b98bc3ef55ba07da9269491cc2e2e839d7 |
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\09011b02803b41b3-1114797003747\alcatel\config\strings\km\custom\component\toc\TocNlsProp.properties
| MD5 | 0ac42c217ffa41414e6c7d114eacf364 |
| SHA1 | bb24aaa20b4285965effe254066ace3d834c3f20 |
| SHA256 | 1ea9b38be2d5b8afeca38e92e71c493464003a34a5513b600e627178f3af8814 |
| SHA512 | 4789d84580fe3894f57816c5772a6f4a0d13159a3b76d8ba219d58ba866910f7cd7ad9e288f5ad9cf31ccd9e2bb883c5be64ac376691a638cb31dc31dc300833 |
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\09011b02803b41b3-1114797003747\alcatel\config\strings\km\custom\component\message\MessageNlsProp_fr_FR.properties
| MD5 | 722a14b78379d504bbd7ceca09e6afa2 |
| SHA1 | 18253f0a20dc1eae4df208d62df98ef3ff5621b4 |
| SHA256 | b3531c59138dcba0b1bd06f89edad0af5a909d5038dceddf16e6a4c4710ef966 |
| SHA512 | 33dc82693eb1c6e2fcb2ac320fe617a88af530756f33090ea565f6c83cf1ec0b61b176edab3d1ee386fff082d766ad8a7eefcbc08b879bc6000095a142c11443 |
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\09011b02803b41b3-1114797003747\alcatel\config\strings\km\custom\component\message\MessageNlsProp_es_ES.properties
| MD5 | f8b3593b7e92d41bea56a4c447700eb8 |
| SHA1 | 85266e9850103e13ac9299dba3ae05e0c77ece8d |
| SHA256 | d95ac483a43507a159cebea49f0d7c72fa34b91a14979b71d67c84bd3b8868c9 |
| SHA512 | 82ade11e5717d5d57985f7db2ceaec0dc8c3ac39dd48d05289ccc653efc803810546886b4b33f4c666f160491464392c10da62399cd141a62c61fb72925bc6b0 |
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\09011b02803b41b3-1114797003747\alcatel\config\strings\km\custom\component\message\MessageNlsProp_de_DE.properties
| MD5 | 3084ca7a24e1828e6bc8b2f60ddc87b0 |
| SHA1 | a1746b4411c41e873ae56169a2629e81ddd571c1 |
| SHA256 | efaca4e429be5b8d5599c15f5d64e141c08543db10f6b322f88d3f82f46f8516 |
| SHA512 | 1d60ea35080374d571ebfc5466e864f91d4c255a6983c1fe8a469e8002bd4337c868d6892b1be6ee4a3352ab44c579b50f74e8029a0401db4fcf8779c0a72d88 |
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\09011b02803b41b3-1114797003747\alcatel\config\strings\km\custom\component\message\MessageNlsProp.properties
| MD5 | ee88bb6283b8dad8cccb01fedd72e187 |
| SHA1 | 1d102c3b8ddb5b6e534c0692972087d480a00cf3 |
| SHA256 | e40947c140da2b122007d181e6c68d4d0b0c88ca7a4cc9f7bae5b89b2bafbaee |
| SHA512 | e002f9716f0d9047b11b1bc6d5bc4bac02890cfaafcfabf1ac20b63e12daba01d5dad712a9038b752c37960eb92bb1d0d823475ad9e07dbd8fe14fca2dda26d3 |
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\09011b02803b41b3-1114797003747\alcatel\config\strings\km\custom\component\header\HeaderNlsProp_fr_FR.properties
| MD5 | 2835b3035b4eae7cedb1a593f665efd1 |
| SHA1 | 80a0bdfd9df7e5b5e76e732c9b36b66bdd1959b8 |
| SHA256 | 81593e24e7d449e45ae86d3179daf40f4e8c46c6e170e545049472ed6dd6e4f9 |
| SHA512 | e204a93a7301854cfc0bf27a67e021dc68559ec541b08faa8f044f8d45a3795dc94889c94beb1ff0dbca8017e80074c44b65596f26cc08d2ec9e6567c49c28c3 |
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\09011b02803b41b3-1114797003747\alcatel\config\strings\km\custom\component\header\HeaderNlsProp_es_ES.properties
| MD5 | a08bf6f9bbd8bca0f2228e833b8ba0ef |
| SHA1 | d10d4757a20710f6de66061808218d5c1d4bafb0 |
| SHA256 | 20b971fa4c927ac9dd80593785b9dfa4e7d7e14df19a51c37c62860121f675b7 |
| SHA512 | 9e0c084315bb5413295861280bac86bed3e768a7c2472dc50bccdf02cb96d690971328bb3f933d3a2fc795de9e65dd7f6320375f12bc5272b8d97c5925d62f1f |
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\09011b02803b41b3-1114797003747\alcatel\config\strings\km\custom\component\header\HeaderNlsProp_de_DE.properties
| MD5 | f29d48c49a6df1aa443b2aa232926d76 |
| SHA1 | f736501113968621eb8d9ce4e745ef603fe2307b |
| SHA256 | cf1fb45eeb9a825b40b312a5a273f646520feb42c9eba105b26b6a6ee8985d79 |
| SHA512 | b25c5f9f77326a66dc42c8eb069e1240bc008af089a8c13e87ce4783ff3fc2d687eee469c2d484e85e0a621b3aa1feb64f4ba8c80fd28387cdc2ae5f16b70019 |
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\09011b02803b41b3-1114797003747\alcatel\config\strings\km\custom\component\header\HeaderNlsProp.properties
| MD5 | c54f9ddd97cd0a745fe87f86ffd90a8d |
| SHA1 | e1762e4b93bd8fb1ded953ddd2875e2a5fa68bcc |
| SHA256 | a04c9d9b888930a1ad4bb674ede9dcbc049fae832629bf94f503b561096284d7 |
| SHA512 | 8e9b8eabc23e94c08bb86042af5a2dc2256016fb74b8bc7e198966890b37f8d1a20ec5f6b9328b879d7c53a396df1f345d96f988c505c25b1717dd15e28201e7 |
C:\Windows\SysWOW64\adoberun.exe
| MD5 | 7cda210bd77ef1f050d84a9a07f936f2 |
| SHA1 | 2ba12697251cab69b1d2f19aa1fb4fe9e7774db0 |
| SHA256 | db8a3b31f81dcb29b97f4bb1febc01f75f906ae89777432841f12b92552ba60e |
| SHA512 | 492538ced6b54e476f78a13d80f990f19bec92ccef72f7621d1b54be364d9b79bcf32d6facb3e0cb0ff306d6b39ae2edc13923781a070e772fb9b643121157e9 |
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\09011b02803b41b3-1114797003747\alcatel\config\strings\km\custom\library\search\SearchNlsProp_es_ES.properties
| MD5 | 09cdf29dcf88ff7a91ee5bd8eb9e4ebd |
| SHA1 | fa3d7d2acdc21bd9de559c21710d4133510edd0b |
| SHA256 | ac4cb6d6c1e3b4fb401b269fe205e7e9416ade1a5bff5c2fc8193132a6abe617 |
| SHA512 | 74bd067a2675c1bcb6e169858cf605607a995418ebae8db926410dc183bcea66a9bcafa12cc8fa95d1bd37d2579bf7072d54210588b133dde52e52bc22b2126b |
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\09011b02803b41b3-1114797003747\alcatel\config\strings\km\custom\component\consultation\content\test.html
| MD5 | 5167109290296aa9877b5835a13854dd |
| SHA1 | 77809ae3ea225af60a5dfdb89996116805898712 |
| SHA256 | 2df8ddf3a73ebd492742a46e8210603a4e387c5dd24b049b915a15c2d2293b69 |
| SHA512 | 985c79ad8a3e3c145e13f120c34040fecafb2121b6dac280d97942516cf79a0ef385ff12f5d6cc6b4dbd0393828ca793073ceb58465bda5168bbd5a53f91cb0e |
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\09011b02803b41b3-1114797003747\alcatel\config\strings\km\custom\component\consultation\content\ConsultationContentNlsProp_fr_FR.properties
| MD5 | 6ac3ed34c359b4318647991c628d92cb |
| SHA1 | aed0e56ceacd50bc83b4ca6e7f09f092d9336980 |
| SHA256 | ef17e3a3b16e84a75cdc4b1c3e1e5e688ab7c319bd0fbb2a69c811e2d4ef3469 |
| SHA512 | eb0ec92b8e40d9415e534cf31519566ed872a3af8a692d36c73f22a9e943dd2f121d3070c4d59b862e1ff2f06e548f56d80bc3c51469486fa895d088a1d25127 |
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\09011b02803b41b3-1114797003747\alcatel\config\strings\km\custom\component\consultation\content\ConsultationContentNlsProp_es_ES.properties
| MD5 | c66944c697c3e7a9c082ad4cd705f247 |
| SHA1 | bef815cc8cd48ac04d649b5dadf5241e82471c54 |
| SHA256 | 68a4fe9e057b1f1b026b1fa633b08fb05c1ce3d4051677c8f0923361fb63b007 |
| SHA512 | 240d0a9433e92b18c56384d573666c2e8190110c0ae35229ca6998fd10188ca8d09fc2099148fc7f7cf38563d3fd7706d726db15dcc1c18435d6b90694cba9a6 |
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\09011b02803b41b3-1114797003747\alcatel\config\strings\km\custom\component\consultation\content\ConsultationContentNlsProp_de_DE.properties
| MD5 | 9aade023fad742ea3c36982f9e246ef9 |
| SHA1 | 53a3337c3fc66ff6e9dc7eaacee100f27bac6b08 |
| SHA256 | 80422585456c16a3c320cdb64d1e47e35eaa233b2c501996405489a8c550c04b |
| SHA512 | 334baac116a0a96685e3b115bd88a4ed2066f8a9c8578e657f6a4f1491def616ced05d54642e80084379cb994106b981593601c4dccf3e7a2169cf7267acf171 |
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\09011b02803b41b3-1114797003747\alcatel\config\strings\km\custom\component\consultation\content\ConsultationContentNlsProp.properties
| MD5 | d001d845541881dc76b012cb2f37dfb0 |
| SHA1 | bc414671294770d77a4f62b73616c46d2eda693f |
| SHA256 | c17812618c783782571066ae3fce4494149fca1db3ea5c2d87d59963ed6a41fd |
| SHA512 | 47a8764d1693aa54e1b64b4105bfab83dca32a8da52bf5e147a7b2980dd2faad7c71b2f97128b64d13f3633081311e7319edec646b335538c38981d20f351483 |
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\09011b02803b41b3-1114797003747\alcatel\config\strings\km\custom\component\browse\BrowseNlsProp_fr_FR.properties
| MD5 | 0975f4b8160ebd6da1a676dc6da9889a |
| SHA1 | f3edbf918d2aa2c87591c16a38bc1cfd4334bca8 |
| SHA256 | ce644c5b7ba0545e332ae05abd30866ac2539dd4f747204f2a655254395108c2 |
| SHA512 | bfd9713fb9fc81665d45a02f21780025689a44a621a6f40e1bcda3f167132b00d8b2cd3376e7a34dd1074fbc46de98b777303bddf7af211f68ca5e7bf4bc75b8 |
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\09011b02803b41b3-1114797003747\alcatel\config\strings\km\custom\component\browse\BrowseNlsProp_es_ES.properties
| MD5 | ef44eca9ecb3c21860bc4a33e7783c67 |
| SHA1 | 30409a7caa20a95db14366ae1d44897af2ecaedc |
| SHA256 | 26f493af006aefce74775ac7db6f3a68eeadfbf5269e011898142455920a4c16 |
| SHA512 | 6f256f54ccd16c4631f0f6d045d9b9b58f5e85324eac3690d678cad09767a63a08ad50350b10d8b74660e91d64045501ec9a883f310fce47ca3df39652ca9bb9 |
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\09011b02803b41b3-1114797003747\alcatel\config\strings\km\custom\component\browse\BrowseNlsProp_de_DE.properties
| MD5 | 57a7c8f0dffbb21c3dd23f686afb21f6 |
| SHA1 | 39b7c995921d2d85b03fe8b83756973062937cd7 |
| SHA256 | a4806ef77299c30fe75c9ed6b13e2f6a29f8bd96b51b01a9dd94ea182afb6dd6 |
| SHA512 | 6d22efd9b5090e97bbb865dc097ee8443641be4fa30f01c214b2f4e7f8553c395bfe81a5c482c3a2672d4ae8d437bcafea988b1ab72390b99d597845f46c1e87 |
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\09011b02803b41b3-1114797003747\alcatel\config\strings\km\custom\component\browse\BrowseNlsProp.properties
| MD5 | 9bf33f210e51b21ca425164566f45738 |
| SHA1 | 4c31b3054d0099c18338be1e5af7955fe9148a3b |
| SHA256 | b3b566e30620c59b795f4d37dc88b466eeeeb2c2fded237ef31371e0a314a41a |
| SHA512 | 25b7db959acd6913292f9f7ac615b6c42c52e0605b8f15b631c2844905fbf9fbfddc9a70f959a833767aa72c88a36b0da92863ee4d9d3e8ee52d6d6c641bbc7e |
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\09011b02803b41b3-1114797003747\alcatel\config\km_products.xml
| MD5 | 7b8f02c3ec8da3ca9f848b566ceb98f1 |
| SHA1 | ae9cfb42e69154077dad857048bd53e598037496 |
| SHA256 | d79206a262001efbf9964db15642f98c2b16be087a26ca80bb0aaf1ad2d91da6 |
| SHA512 | cc03e8dadfabfa5b89dc4464632268c5afca359e4b5bf161ca2323fe97611a3cd9404fc1b1106a52ba89c59f6f29fcc0ffff850c86bcae85bf3a5dd99ca658fa |
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\09011b02803b41b3-1114797003747\alcatel\config\km_config_oxo.xml
| MD5 | b92c5222573479c8d62ac138bd7bbf84 |
| SHA1 | a5c7ea6dc835d3b534c93d94a0e152662210dddf |
| SHA256 | e9a0eecf19bcfe6a73121611eaa49eaf12fbf782f28b7af76c38d034da64acb7 |
| SHA512 | c74248f5aec424ca91b7a110fca65ca7f65f54427da74e239e3de1f94ece482a3c3f6b561cc28b14207ba3f3696e646054ba9ab8f40b090ddc611759b09b6976 |
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\09011b02803b41b3-1114797003747\alcatel\config\kmcfg.dtd
| MD5 | fcdc011075509b94dbb01cc3b7c74a83 |
| SHA1 | 73b008496b87375fb8795f7e2f2e7f76e476042d |
| SHA256 | cb11ee4888bfddf6e1c0c353ca5953c1f82b9146e431bc7e1101d3daf4c17104 |
| SHA512 | c4ba733ddd692cb62900479d75ac3d4651cc3e45ab7a6d906a3d0fea6e0bb0049fde007c5108712aeee4119699a600d00cbf80e53e032794f526f776cdb1149f |
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\09011b02803b41b3-1114797003747\alcatel\config\default.lng
| MD5 | 9cfefed8fb9497baa5cd519d7d2bb5d7 |
| SHA1 | 094b0fe0e302854af1311afab85b5203ba457a3b |
| SHA256 | dbd3a49d0d906b4ed9216b73330d2fb080ef2f758c12f3885068222e5e17151c |
| SHA512 | 41dd75307a2e7c49caf53fff15aada688275ef4d7950bedf028612b73f343ed45cf51fe1d4d27f58ed12e93e0fd0ae7f69428db169211554d1b380c91aa5cd01 |
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\09011b02803b41b3-1114797003747\alcatel\config\cover.xml
| MD5 | e4eb82e81a259154c290e8abb04fbb60 |
| SHA1 | 076c2bf53a89f4561e60786b77fbebfcb208c48b |
| SHA256 | 5600f439132184fc95ce565726dbee3a3287fd15829bb278a1720f0abdf0d57d |
| SHA512 | 6ef0a9c0069e1d9654b923ed939f63a13388c53fc2797de7ae721a0777bae5a11d8692bfc94bfb5073be85a7506a537bbb2117b26ed02882c78ec6f1d1de389a |
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\09011b02803b41b3-1114797003747\alcatel\config\09011b02803b41b3-1114797003747.xml
| MD5 | d73a600ed644396f16597c9e4af4da33 |
| SHA1 | e12d39af00724c7a2502216d45570a7950cfb0e3 |
| SHA256 | 5daa5b60c9835d643b946f69b113bc129474d419405df8dc042ee4438ca60f63 |
| SHA512 | 73a5d6592494441b85aae549d78585c825e9d9340759622858e60d8fade85a55495eded6358ab25c808eb6411e3b9d50cdb41b9c3975cec5effef95896e46078 |
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\09011b02803b41b3-1114797003747\alcatel\config\strings\km\custom\library\search\SearchNlsProp_de_DE.properties
| MD5 | 5d07a674ba1fcb288820a09049705de2 |
| SHA1 | c7308efd5f045c79c6d0d26981a0444d4248ffcf |
| SHA256 | 88c2fc6d460bdc04b37af0d8906892aaf4ab7194b706631dc7578ee265c1f942 |
| SHA512 | 35dead9766c77d475096cccf9cefa05470556fb93a3169c7ee643d3bfcbd6e19de9fdf6416c2ff8b45479cde33a063203c6fd52559576eef5f2d778bdbdfceda |
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\09011b02803b41b3-1114797003747\alcatel\config\strings\km\custom\library\search\SearchNlsProp.properties
| MD5 | 744469188dc851813ff8ca9a36ff3b8b |
| SHA1 | 0e4a4507e7752dcdf0b32215aaa6708718a3cda0 |
| SHA256 | 5d2823988347b1e99d3d4c31fe49858366720a76fd8e05964d2fa21f7266f352 |
| SHA512 | 11983ab6de46e89e95f0b5b508020fabe2fae607929aeaf7c81073c0f988d6babac16d8ee8674d686e76158afdaacd3a8d0794cfe4a00bc3f70bafcf06a289c5 |
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\09011b02803b41b3-1114797003747\alcatel\config\strings\km\custom\library\profile\profileNlsProp_fr_FR.properties
| MD5 | d56d71f5391e35feba201b8f22987853 |
| SHA1 | b1932a3057ecab18a66abd8bdd1af9fc57e6dec7 |
| SHA256 | ea35cb3170e3c0d1a715446058c5e6f0c560a4d6fe5942d9bc7bf76ddda92bf0 |
| SHA512 | bf51cfc0890549e470d67e8f81445c38a57d9eea93af263c4bacfcefefd85f71c699e32d1a049fc5001021f0e04c3afaa9d6c8834b657217f64d1302e4a5e1ff |
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\09011b02803b41b3-1114797003747\alcatel\config\strings\km\custom\library\profile\ProfileNlsProp_es_ES.properties
| MD5 | 2a3efc70bcb7e27ea2d79f039efb4e96 |
| SHA1 | d0c555fd233fa5af7159d06c48ce3c2bad165e5e |
| SHA256 | a55144fa8a211b8efde4877e0d257ed7ad914e6a20f6b8c76a2cbb0e15e0b8fc |
| SHA512 | 20fa62f15c4020ed736256c87a426d4240e37e82b289a101d7f8c268b463348402f4a0fba2db1231bb0f3ba0cc43340488dcdb09dafedcee01c984e39844c41b |
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\09011b02803b41b3-1114797003747\alcatel\config\StringsCDROM\MessageNlsProp.properties
| MD5 | 03fcc70c14f4fa50fff8b9caa0a2d0e5 |
| SHA1 | 3b3c2b259ff3f2ed9f7939a3b9aba98192952359 |
| SHA256 | b9039ea83ca74060929652b07b270d5d2ee79648c518b6736adb2b47cb533e23 |
| SHA512 | a585a5ba66b99a998df63eacdd9a48ecc9521c64a9cd0179b113398f78b23965fe6ee5a87c6cffe538b85a613c7066e745d20b96bc9a468147e87e3174033a57 |
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\09011b02803b41b3-1114797003747\alcatel\config\strings\km\custom\library\search\SearchNlsProp_fr_FR.properties
| MD5 | c897569250c3d5d572930e326db55c5f |
| SHA1 | a33c79ce1b15b25df98a736dbc3524c17e2e5e88 |
| SHA256 | 35928b1979aca2136f90ea4fef657985541e91eec052b5c21e1d5c25b4c496fb |
| SHA512 | 751e281b7decf4a67b19be290782ec1f49e431c3c72740b3ad9381a81b447d37cc26b55f15cb670546740a9abda7049d50f7e0daf456455e481e3c68cb2b217c |
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\09011b02803b41b3-1114797003747\alcatel\config\strings\km\custom\library\profile\ProfileNlsProp_de_DE.properties
| MD5 | 701cca7db43e767cd9dac49f10de9f74 |
| SHA1 | 162e43599482041909c439004b9910c9011c1c26 |
| SHA256 | 58dfd58c080becffe69fba3976046912898b4585cbf2f7bdfadc06d7f2f45cb6 |
| SHA512 | 8e5cbaee34b90d94bb90b470ff01b4f422015477306f5e5e6c14facce673851ef7bc9d3bc4f2ef61122d212272bc1f31fa32a4462211b8339d99ec527ab4417f |
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\09011b02803b41b3-1114797003747\alcatel\config\strings\km\custom\library\profile\profileNlsProp.properties
| MD5 | f3afd3e586ef97e5cbefc7e1c1083616 |
| SHA1 | d52a5603769da5c7cafa99323bc4d932cbaf02a5 |
| SHA256 | f6920f42bb3bfe6e331ca876c15b03225c47a098e478a89a342aaa36bf0d5aaa |
| SHA512 | 0565cb526781470c6dd905aebbbf5c28d42c76af849dc2dca7bada626d5776497e6f102e0a0db4b96f69988b4ea652e108131092b7839888de87e3e2a807aced |
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\09011b02803b41b3-1114797003747\alcatel\config\strings\km\custom\library\login\SSOLoginNlsProp_fr_FR.properties
| MD5 | 4d014caf500adcd715127088b594303e |
| SHA1 | 694b64f18c45b39c3f4e4e68f990ad0da0551887 |
| SHA256 | 8a8e37743f8b17b13167baaa917c837f72966954c2e3a1769e4aad6759f28c96 |
| SHA512 | 18e47e83b342bf796e0a51b85fa93b3fb15b30e0ccbeac887976994cdbe0de64598dd94a8d256b4f571a6df61a5d78f820882c2e3ae8d10598b4efb5d5a741ea |
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\09011b02803b41b3-1114797003747\alcatel\config\strings\km\custom\library\login\SSOLoginNlsProp_es_ES.properties
| MD5 | 0a9dfc96c63b17a2ffa9df17f21f004c |
| SHA1 | c9998975901b3bfdd0c6206c7037d68995208051 |
| SHA256 | 7c618d1f803b5211b40d94eba19030903ebe7915635e53c136e452f82629f5cf |
| SHA512 | ea32827045d8cfa9468e72f88691032785db9bb88265835b8c401dc7e613c6d41207362b55d0a2b000ef54c40bca208c2633421c3d2c31fed56695b82189305d |
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\09011b02803b41b3-1114797003747\alcatel\config\strings\km\custom\library\login\SSOLoginNlsProp_de_DE.properties
| MD5 | 18a72a760695b4047765b2da9d41c9d9 |
| SHA1 | cbae9f3ba959ebb6ff61f817fc726da350eac1fa |
| SHA256 | 045a671d2ac4b80b338909b359df2f27b160a1c0c4638cca30f57250c3a89ee4 |
| SHA512 | f339c10f26c27eeb7771d8d65355fc8c0b1243152986359f12c9efffdd397f537b38e901de5d767ec04970eb6cd6b5a793b0840397764e85b69dcebd1c7ddaef |
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\09011b02803b41b3-1114797003747\alcatel\config\strings\km\custom\library\login\SSOLoginNlsProp.properties
| MD5 | 3cde5e6151e0b3f4d2e8f2cdc1207d35 |
| SHA1 | 91798b33a68d8e0fd38620f79abb0f3e3ffb1df5 |
| SHA256 | 9b5ed9778e1e5507c12835388c25c2c0b549fccde8b86a1c15443b7cef43c600 |
| SHA512 | ff15eb2ada04cc94a877638c3f79545e7556bbf5ecbe3f54fa3cbe3d31aacfc5bb18eedf2d6a95d41f3c975868f8cfa323ac3017003ef6e5992d39851a023b42 |
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\09011b02803b41b3-1114797003747\alcatel\config\strings\km\custom\component\toc\TocNlsProp_fr_FR.properties
| MD5 | 0b4f504fe78fdda31dd6c77a174392e2 |
| SHA1 | 07b6e8d051743dca0dc001f933cd363b12e1d458 |
| SHA256 | 3d56f03683c2983499942f4725c6e995add4d09041bfdd55928872b01aa175d9 |
| SHA512 | d6d924de45e0bb612e728cf45616279bcebc97aa4cad060fe45a7dfe1107d2c03473741e144d2150f5448b55c48a22729ac26d61cc0be93d318922fbbaabce5c |
memory/2468-3577-0x0000000000400000-0x0000000000420000-memory.dmp
memory/2468-3575-0x0000000000400000-0x0000000000420000-memory.dmp
memory/2468-3573-0x0000000000400000-0x0000000000420000-memory.dmp
memory/2468-3571-0x0000000000400000-0x0000000000420000-memory.dmp
memory/2468-3569-0x0000000000400000-0x0000000000420000-memory.dmp
memory/2468-3567-0x0000000000400000-0x0000000000420000-memory.dmp
memory/2108-3566-0x0000000000400000-0x0000000000483000-memory.dmp
memory/1168-3578-0x0000000000400000-0x000000000043A000-memory.dmp
memory/2524-3595-0x0000000000400000-0x000000000042C000-memory.dmp
memory/2468-3582-0x0000000000400000-0x0000000000420000-memory.dmp
memory/2468-3581-0x0000000000400000-0x0000000000420000-memory.dmp
memory/2468-3580-0x0000000000400000-0x0000000000420000-memory.dmp
memory/2524-3602-0x0000000000400000-0x000000000042C000-memory.dmp
memory/2524-3601-0x0000000000400000-0x000000000042C000-memory.dmp
memory/2524-3600-0x0000000000400000-0x000000000042C000-memory.dmp
memory/556-3596-0x0000000000400000-0x0000000000441000-memory.dmp
memory/2524-3593-0x0000000000400000-0x000000000042C000-memory.dmp
memory/2524-3591-0x0000000000400000-0x000000000042C000-memory.dmp
memory/2524-3589-0x0000000000400000-0x000000000042C000-memory.dmp
memory/2524-3587-0x0000000000400000-0x000000000042C000-memory.dmp
memory/2524-3585-0x0000000000400000-0x000000000042C000-memory.dmp
memory/2524-3583-0x0000000000400000-0x000000000042C000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2024-11-17 08:56
Reported
2024-11-17 08:59
Platform
win10v2004-20241007-en
Max time kernel
149s
Max time network
153s
Command Line
Signatures
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Installationshandbuch OXO Rel 4.0.exe | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup0 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP000.TMP\\\"" | C:\Users\Admin\AppData\Local\Temp\Installationshandbuch OXO Rel 4.0.exe | N/A |
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\Installationshandbuch OXO Rel 4.0.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Installationshandbuch OXO Rel 4.0.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Installationshandbuch OXO Rel 4.0.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Installationshandbuch OXO Rel 4.0.exe | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 4508 wrote to memory of 2060 | N/A | C:\Users\Admin\AppData\Local\Temp\Installationshandbuch OXO Rel 4.0.exe | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Installationshandbuch OXO Rel 4.0.exe |
| PID 4508 wrote to memory of 2060 | N/A | C:\Users\Admin\AppData\Local\Temp\Installationshandbuch OXO Rel 4.0.exe | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Installationshandbuch OXO Rel 4.0.exe |
| PID 4508 wrote to memory of 2060 | N/A | C:\Users\Admin\AppData\Local\Temp\Installationshandbuch OXO Rel 4.0.exe | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Installationshandbuch OXO Rel 4.0.exe |
Processes
C:\Users\Admin\AppData\Local\Temp\Installationshandbuch OXO Rel 4.0.exe
"C:\Users\Admin\AppData\Local\Temp\Installationshandbuch OXO Rel 4.0.exe"
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Installationshandbuch OXO Rel 4.0.exe
"C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Installationshandbuch OXO Rel 4.0.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 209.205.72.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.214.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 22.160.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 104.219.191.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 58.55.71.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 212.20.149.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.49.80.91.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 83.210.23.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.236.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 175.117.168.52.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Installationshandbuch OXO Rel 4.0.exe
| MD5 | 65a76ae556bdbbf759d3ae9981a1255d |
| SHA1 | c88e943d07eb61e1a0a87a505a6b14956c08338d |
| SHA256 | d96a35768196686d08b0b1fee0b524963de44f32cee4871e4871ad74fd68429b |
| SHA512 | b9e251e2384144f960499e3413bbbb4774221379fb6cd5445611e604a93edba31402069683e0699ea6d6e909dbfcf3a59ac848b16260e12956526de6f47eecce |
memory/2060-6-0x0000000000400000-0x0000000000424000-memory.dmp
memory/2060-8-0x0000000000400000-0x0000000000424000-memory.dmp