Analysis Overview
SHA256
f33ddb2defd451bf77cc1ddd762e57f2a770a18035ecf6d9fb4dc6af10e04de6
Threat Level: Known bad
The file Final.7z was found to be: Known bad.
Malicious Activity Summary
Modifies visibility of file extensions in Explorer
Modifies visiblity of hidden/system files in Explorer
Disables taskbar notifications via registry modification
Event Triggered Execution: Image File Execution Options Injection
System Location Discovery: System Language Discovery
Unsigned PE
Enumerates system info in registry
Modifies data under HKEY_USERS
Suspicious use of AdjustPrivilegeToken
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-11-17 15:12
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-11-17 15:12
Reported
2024-11-17 15:14
Platform
win10ltsc2021-20241023-en
Max time kernel
91s
Max time network
71s
Command Line
Signatures
Modifies visibility of file extensions in Explorer
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1669812756-2240353048-2660728061-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "0" | C:\Users\Admin\AppData\Local\Temp\Loader.exe | N/A |
Modifies visiblity of hidden/system files in Explorer
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1669812756-2240353048-2660728061-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ShowSuperHidden = "1" | C:\Users\Admin\AppData\Local\Temp\Loader.exe | N/A |
Disables taskbar notifications via registry modification
Event Triggered Execution: Image File Execution Options Injection
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FortniteClient-Win64-Shipping.exe\PerfOptions\GPU Priority = "8" | C:\Users\Admin\AppData\Local\Temp\Loader.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FortniteClient-Win64-Shipping.exe\PerfOptions\GpuMaxPerformance = "256" | C:\Users\Admin\AppData\Local\Temp\Loader.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FortniteClient-Win64-Shipping.exe\PerfOptions\DisableRenderingPreemption = "1" | C:\Users\Admin\AppData\Local\Temp\Loader.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FortniteClient-Win64-Shipping.exe\PerfOptions\Affinity = "0" | C:\Users\Admin\AppData\Local\Temp\Loader.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FortniteClient-Win64-Shipping.exe\PerfOptions\MinPerformance = "256" | C:\Users\Admin\AppData\Local\Temp\Loader.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FortniteClient-Win64-Shipping.exe\PerfOptions\GpuBackgoundTaskPriority = "0" | C:\Users\Admin\AppData\Local\Temp\Loader.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FortniteClient-Win64-Shipping.exe\PerfOptions\GpuClockSpeed = "65536" | C:\Users\Admin\AppData\Local\Temp\Loader.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FortniteClient-Win64-Shipping.exe\PerfOptions\Throttle Rate = "1" | C:\Users\Admin\AppData\Local\Temp\Loader.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FortniteClient-Win64-Shipping.exe\PerfOptions\DisableRenderingContextPreemption = "1" | C:\Users\Admin\AppData\Local\Temp\Loader.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FortniteClient-Win64-Shipping.exe\PerfOptions\PowerSavingVsyncOn = "0" | C:\Users\Admin\AppData\Local\Temp\Loader.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FortniteClient-Win64-Shipping.exe\PerfOptions\UnlimitedPerformance = "1" | C:\Users\Admin\AppData\Local\Temp\Loader.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FortniteClient-Win64-Shipping.exe\PerfOptions\GpuRenderingPriorityForBackgoundTask = "0" | C:\Users\Admin\AppData\Local\Temp\Loader.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FortniteClient-Win64-Shipping.exe\PerfOptions\GpuMax = "256" | C:\Users\Admin\AppData\Local\Temp\Loader.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FortniteClient-Win64-Shipping.exe\PerfOptions\EnableGpuTempData = "0" | C:\Users\Admin\AppData\Local\Temp\Loader.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FortniteClient-Win64-Shipping.exe\PerfOptions\TVSupportEnabled = "0" | C:\Users\Admin\AppData\Local\Temp\Loader.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FortniteClient-Win64-Shipping.exe\PerfOptions\RenderingOverTargetPriority = "80" | C:\Users\Admin\AppData\Local\Temp\Loader.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FortniteClient-Win64-Shipping.exe\PerfOptions\GpuRenderingPriority = "3" | C:\Users\Admin\AppData\Local\Temp\Loader.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FortniteClient-Win64-Shipping.exe\PerfOptions\EnableLatencyTimer = "0" | C:\Users\Admin\AppData\Local\Temp\Loader.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FortniteClient-Win64-Shipping.exe\PerfOptions\IOPriorityClass = "0" | C:\Users\Admin\AppData\Local\Temp\Loader.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FortniteClient-Win64-Shipping.exe\PerfOptions\SleepStudyDeviceAccountingLevel = "4" | C:\Users\Admin\AppData\Local\Temp\Loader.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FortniteClient-Win64-Shipping.exe\PerfOptions\EnableRenderingSlowDown = "0" | C:\Users\Admin\AppData\Local\Temp\Loader.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FortniteClient-Win64-Shipping.exe\PerfOptions\IsLowPriority = "0" | C:\Users\Admin\AppData\Local\Temp\Loader.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FortniteClient-Win64-Shipping.exe\PerfOptions\CpuUtilization = "256" | C:\Users\Admin\AppData\Local\Temp\Loader.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FortniteClient-Win64-Shipping.exe\PerfOptions\LatencyPerformance = "256" | C:\Users\Admin\AppData\Local\Temp\Loader.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FortniteClient-Win64-Shipping.exe\PerfOptions\PerformancePriority = "8" | C:\Users\Admin\AppData\Local\Temp\Loader.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FortniteClient-Win64-Shipping.exe\PerfOptions\CpuThreadCount = "8" | C:\Users\Admin\AppData\Local\Temp\Loader.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FortniteClient-Win64-Shipping.exe\PerfOptions\MinimumPerformanceEnabled = "0" | C:\Users\Admin\AppData\Local\Temp\Loader.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FortniteClient-Win64-Shipping.exe\PerfOptions\GpuStutter = "0" | C:\Users\Admin\AppData\Local\Temp\Loader.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FortniteClient-Win64-Shipping.exe\PerfOptions\EnableRenderingCache = "0" | C:\Users\Admin\AppData\Local\Temp\Loader.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FortniteClient-Win64-Shipping.exe\PerfOptions\EnableGpuSlowDown = "0" | C:\Users\Admin\AppData\Local\Temp\Loader.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FortniteClient-Win64-Shipping.exe\PerfOptions\GpuIdleEnabled = "0" | C:\Users\Admin\AppData\Local\Temp\Loader.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FortniteClient-Win64-Shipping.exe\PerfOptions\RenderingStutterEnabled = "0" | C:\Users\Admin\AppData\Local\Temp\Loader.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FortniteClient-Win64-Shipping.exe\PerfOptions\GpuRenderingClockSpeed = "65536" | C:\Users\Admin\AppData\Local\Temp\Loader.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FortniteClient-Win64-Shipping.exe | C:\Users\Admin\AppData\Local\Temp\Loader.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FortniteClient-Win64-Shipping.exe\PerfOptions\RenderThrottlingOff = "1" | C:\Users\Admin\AppData\Local\Temp\Loader.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FortniteClient-Win64-Shipping.exe\PerfOptions\GpuPriority = "42" | C:\Users\Admin\AppData\Local\Temp\Loader.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FortniteClient-Win64-Shipping.exe\PerfOptions\CpuPrioritySeperation = "0" | C:\Users\Admin\AppData\Local\Temp\Loader.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FortniteClient-Win64-Shipping.exe\PerfOptions\Priority = "6" | C:\Users\Admin\AppData\Local\Temp\Loader.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FortniteClient-Win64-Shipping.exe\PerfOptions\UseReferenceRasterizer = "0" | C:\Users\Admin\AppData\Local\Temp\Loader.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FortniteClient-Win64-Shipping.exe\PerfOptions\EnableGpuPowerControl = "0" | C:\Users\Admin\AppData\Local\Temp\Loader.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FortniteClient-Win64-Shipping.exe\PerfOptions\RMHdcpKeyGlobZero = "1" | C:\Users\Admin\AppData\Local\Temp\Loader.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FortniteClient-Win64-Shipping.exe\PerfOptions\LatencySpread = "0" | C:\Users\Admin\AppData\Local\Temp\Loader.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FortniteClient-Win64-Shipping.exe\PerfOptions\EnableGpuCashing = "0" | C:\Users\Admin\AppData\Local\Temp\Loader.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FortniteClient-Win64-Shipping.exe\PerfOptions\MaximumPerformanceEnabled = "1" | C:\Users\Admin\AppData\Local\Temp\Loader.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FortniteClient-Win64-Shipping.exe\PerfOptions\PerformanceSpread = "0" | C:\Users\Admin\AppData\Local\Temp\Loader.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FortniteClient-Win64-Shipping.exe\PerfOptions\GpuIdleLatencyEnabled = "0" | C:\Users\Admin\AppData\Local\Temp\Loader.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FortniteClient-Win64-Shipping.exe\PerfOptions\PowerThrottlingOff = "1" | C:\Users\Admin\AppData\Local\Temp\Loader.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FortniteClient-Win64-Shipping.exe\PerfOptions\WatchdogSleepTimeout = "300" | C:\Users\Admin\AppData\Local\Temp\Loader.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FortniteClient-Win64-Shipping.exe\PerfOptions\GpuSpeed = "256" | C:\Users\Admin\AppData\Local\Temp\Loader.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FortniteClient-Win64-Shipping.exe\PerfOptions\CpuSpread = "0" | C:\Users\Admin\AppData\Local\Temp\Loader.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FortniteClient-Win64-Shipping.exe\PerfOptions\GpuRenderingPriority = "8" | C:\Users\Admin\AppData\Local\Temp\Loader.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FortniteClient-Win64-Shipping.exe\PerfOptions\IsRenderingLowPriority = "0" | C:\Users\Admin\AppData\Local\Temp\Loader.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FortniteClient-Win64-Shipping.exe\PerfOptions\SmoothStutterEnabled = "0" | C:\Users\Admin\AppData\Local\Temp\Loader.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FortniteClient-Win64-Shipping.exe\PerfOptions\UseBestResolution = "0" | C:\Users\Admin\AppData\Local\Temp\Loader.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FortniteClient-Win64-Shipping.exe\PerfOptions\GpuThrottleRate = "0" | C:\Users\Admin\AppData\Local\Temp\Loader.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FortniteClient-Win64-Shipping.exe\PerfOptions\EnablePowerSlowDown = "0" | C:\Users\Admin\AppData\Local\Temp\Loader.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FortniteClient-Win64-Shipping.exe\PerfOptions\PowerSavingBackgoundTaskEnabled = "1" | C:\Users\Admin\AppData\Local\Temp\Loader.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FortniteClient-Win64-Shipping.exe\PerfOptions\GpuThrottleRate = "65536" | C:\Users\Admin\AppData\Local\Temp\Loader.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FortniteClient-Win64-Shipping.exe\PerfOptions\BootmgrUserInputTime = "0" | C:\Users\Admin\AppData\Local\Temp\Loader.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FortniteClient-Win64-Shipping.exe\PerfOptions\RenderingSpread = "0" | C:\Users\Admin\AppData\Local\Temp\Loader.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FortniteClient-Win64-Shipping.exe\PerfOptions\RenderingBasePriority = "130" | C:\Users\Admin\AppData\Local\Temp\Loader.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FortniteClient-Win64-Shipping.exe\PerfOptions\SpeedMode = "1" | C:\Users\Admin\AppData\Local\Temp\Loader.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FortniteClient-Win64-Shipping.exe\PerfOptions\SpreadPriority = "1" | C:\Users\Admin\AppData\Local\Temp\Loader.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FortniteClient-Win64-Shipping.exe\PerfOptions\GpuAccelerating = "256" | C:\Users\Admin\AppData\Local\Temp\Loader.exe | N/A |
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\Loader.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemVersion | C:\Users\Admin\AppData\Local\Temp\Loader.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Users\Admin\AppData\Local\Temp\Loader.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Users\Admin\AppData\Local\Temp\Loader.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\MaxConnectionsPer1_0Server = "10" | C:\Users\Admin\AppData\Local\Temp\Loader.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\MaxConnectionsPerServer = "10" | C:\Users\Admin\AppData\Local\Temp\Loader.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\Loader.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\crak\KeyAuthEmulator.exe
"C:\Users\Admin\AppData\Local\Temp\crak\KeyAuthEmulator.exe"
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Users\Admin\AppData\Local\Temp\Loader.exe
"C:\Users\Admin\AppData\Local\Temp\Loader.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 228.249.119.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 83.210.23.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 20.160.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | checkappexec.microsoft.com | udp |
| GB | 13.87.96.169:443 | checkappexec.microsoft.com | tcp |
| US | 8.8.8.8:53 | 169.96.87.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 149.220.183.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 56.163.245.4.in-addr.arpa | udp |
| US | 8.8.8.8:53 | fd.api.iris.microsoft.com | udp |
| IE | 20.223.36.55:443 | fd.api.iris.microsoft.com | tcp |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 22.49.80.91.in-addr.arpa | udp |
Files
memory/772-0-0x0000000074D5E000-0x0000000074D5F000-memory.dmp
memory/772-1-0x0000000000C90000-0x0000000000D8C000-memory.dmp
memory/772-2-0x0000000007CD0000-0x0000000007E56000-memory.dmp
memory/772-3-0x000000000B550000-0x000000000BAF6000-memory.dmp
memory/772-4-0x0000000074D50000-0x0000000075501000-memory.dmp
memory/772-5-0x000000000B120000-0x000000000B1B2000-memory.dmp
memory/772-6-0x00000000017B0000-0x00000000017C2000-memory.dmp
memory/772-7-0x0000000005820000-0x000000000582A000-memory.dmp
memory/772-8-0x0000000074D50000-0x0000000075501000-memory.dmp
memory/772-9-0x00000000095C0000-0x0000000009672000-memory.dmp
memory/772-10-0x0000000009980000-0x00000000099A2000-memory.dmp
memory/772-11-0x00000000099B0000-0x0000000009D07000-memory.dmp
memory/772-13-0x0000000009D70000-0x0000000009DAC000-memory.dmp
memory/772-14-0x0000000074D5E000-0x0000000074D5F000-memory.dmp
memory/772-15-0x0000000074D50000-0x0000000075501000-memory.dmp
memory/772-16-0x0000000074D50000-0x0000000075501000-memory.dmp
memory/772-18-0x000000000A820000-0x000000000AA34000-memory.dmp
memory/772-19-0x0000000074D50000-0x0000000075501000-memory.dmp
memory/772-20-0x0000000074D50000-0x0000000075501000-memory.dmp
memory/772-21-0x0000000074D50000-0x0000000075501000-memory.dmp
memory/772-22-0x0000000074D50000-0x0000000075501000-memory.dmp