Category | Machine | Started | Completed |
---|---|---|---|
FILE | s1_win7_x6402 | March 22, 2021, 6:38 p.m. | March 22, 2021, 6:42 p.m. |
-
-
4vAYzzZecewY7zkMr7EiwgUR.exe "C:\Users\test22\Documents\4vAYzzZecewY7zkMr7EiwgUR.exe"
668 -
qJJJ5PjC2OdKiUWQLp469ttl.exe "C:\Users\test22\Documents\qJJJ5PjC2OdKiUWQLp469ttl.exe"
5860 -
-
ScKRrxLE7CjrRCRzkCjU1Fnn.exe "C:\Users\test22\Documents\ScKRrxLE7CjrRCRzkCjU1Fnn.exe"
6688
-
-
-
4DcEhngDii9jWa300VqydC7E.exe "C:\Users\test22\Documents\4DcEhngDii9jWa300VqydC7E.exe"
1432
-
-
ygI0QLcrBImRDyNapFSUIXac.exe "C:\Users\test22\Documents\ygI0QLcrBImRDyNapFSUIXac.exe"
7000 -
g48buoQfafbTYKRsRvLFhkSV.exe "C:\Users\test22\Documents\g48buoQfafbTYKRsRvLFhkSV.exe"
3944 -
-
-
taskkill.exe taskkill /f /im chrome.exe
7120
-
-
xcopy.exe xcopy "C:\Users\test22\AppData\Local\Google\Chrome\User Data" "C:\Users\test22\AppData\Local\Temp\cghjgasaaz99\" /s /e /y
1240 -
chrome.exe "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --window-position=-50000,-50000 --user-data-dir="C:\Users\test22\AppData\Local\Temp\cghjgasaaz99" https://www.facebook.com/ https://www.facebook.com/pages/ https://secure.facebook.com/ads/manager/account_settings/account_billing/
3568-
chrome.exe "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=crashpad-handler --user-data-dir=C:\Users\test22\AppData\Local\Temp\cghjgasaaz99 /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\test22\AppData\Local\Temp\cghjgasaaz99\Crashpad --metrics-dir=C:\Users\test22\AppData\Local\Temp\cghjgasaaz99 --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=86.0.4240.111 --initial-client-data=0xb8,0xbc,0xc0,0x8c,0xc4,0x7fef23a6e00,0x7fef23a6e10,0x7fef23a6e20
8164
-
-
-
1dQ3IWYgjVIIBuNVqOAUOdYX.exe "C:\Users\test22\Documents\1dQ3IWYgjVIIBuNVqOAUOdYX.exe"
3004 -
8TQPHIQ9bFjdlAY5aKlWh2Xb.exe "C:\Users\test22\Documents\8TQPHIQ9bFjdlAY5aKlWh2Xb.exe"
3292 -
8qwycjgOGj3uIj9CDxTRd249.exe "C:\Users\test22\Documents\8qwycjgOGj3uIj9CDxTRd249.exe"
7824 -
R9dJ2GRjtUDM4kOUAhgCSabA.exe "C:\Users\test22\Documents\R9dJ2GRjtUDM4kOUAhgCSabA.exe"
1388
-
IP Address | Status | Action |
---|---|---|
103.124.106.203 | Active | Moloch |
103.155.92.58 | Active | Moloch |
103.155.92.70 | Active | Moloch |
104.21.66.169 | Active | Moloch |
104.23.99.190 | Active | Moloch |
108.167.143.77 | Active | Moloch |
141.136.39.190 | Active | Moloch |
144.202.76.47 | Active | Moloch |
164.124.101.2 | Active | Moloch |
172.217.25.14 | Active | Moloch |
179.43.158.179 | Active | Moloch |
188.225.87.175 | Active | Moloch |
188.93.233.223 | Active | Moloch |
45.144.30.78 | Active | Moloch |
5.101.110.225 | Active | Moloch |
88.99.66.31 | Active | Moloch |
91.200.41.57 | Active | Moloch |
Suricata Alerts
Suricata TLS
Flow | Issuer | Subject | Fingerprint |
---|---|---|---|
TLSv1 192.168.56.102:49807 88.99.66.31:443 |
C=GB, ST=Greater Manchester, L=Salford, O=Sectigo Limited, CN=Sectigo RSA Domain Validation Secure Server CA | CN=*.iplogger.org | 55:1e:13:99:46:1c:67:40:a3:48:7f:38:0d:16:e7:51:f4:c4:43:cb |
TLSv1 192.168.56.102:49809 104.23.99.190:443 |
C=US, O=Cloudflare, Inc., CN=Cloudflare Inc RSA CA-2 | C=US, ST=CA, L=San Francisco, O=Cloudflare, Inc., CN=sni.cloudflaressl.com | ce:69:3b:0c:23:1f:bf:e1:a4:87:d2:44:26:54:a5:e4:bd:26:2f:7a |
TLSv1 192.168.56.102:49839 88.99.66.31:443 |
C=GB, ST=Greater Manchester, L=Salford, O=Sectigo Limited, CN=Sectigo RSA Domain Validation Secure Server CA | CN=*.iplogger.org | 55:1e:13:99:46:1c:67:40:a3:48:7f:38:0d:16:e7:51:f4:c4:43:cb |
TLSv1 192.168.56.102:49840 88.99.66.31:443 |
C=GB, ST=Greater Manchester, L=Salford, O=Sectigo Limited, CN=Sectigo RSA Domain Validation Secure Server CA | CN=*.iplogger.org | 55:1e:13:99:46:1c:67:40:a3:48:7f:38:0d:16:e7:51:f4:c4:43:cb |
registry | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\MachineGuid |
file | C:\Program Files (x86)\Google\Chrome\Application\86.0.4240.111\Locales |
registry | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome |
suspicious_features | GET method with no useragent header | suspicious_request | GET http://whatitis.site/dlc/mixinte | ||||||
suspicious_features | Connection to IP address | suspicious_request | GET http://103.124.106.203/cof4/inst.exe | ||||||
suspicious_features | Connection to IP address | suspicious_request | GET http://188.93.233.223/proxy1.exe | ||||||
suspicious_features | POST method with no referer header | suspicious_request | POST http://www.fjzbqb.com/Home/Index/lkdinl | ||||||
suspicious_features | GET method with no useragent header | suspicious_request | GET https://iplogger.org/1ixtu7 | ||||||
suspicious_features | GET method with no useragent header | suspicious_request | GET https://iplogger.org/1iPtu7 | ||||||
suspicious_features | GET method with no useragent header | suspicious_request | GET https://pastebin.com/raw/mH2EJxkv |
request | GET http://whatitis.site/dlc/mixinte |
request | GET http://103.124.106.203/cof4/inst.exe |
request | GET http://188.93.233.223/proxy1.exe |
request | GET http://www.yzxjgr.com/askhelp28/askinstall28.exe |
request | GET http://file.ekkggr3.com/iuww/jvppp.exe |
request | GET http://mytoolsprivacy.site/downloads/privacytools3.exe |
request | GET http://aretywer.xyz/Corepad092.exe |
request | GET http://www.yzxjgr.com/askinstall28.exe |
request | GET http://www.cncode.pw/ |
request | GET http://www.fddnice.pw/ |
request | POST http://www.fjzbqb.com/Home/Index/lkdinl |
request | GET https://iplogger.org/1ixtu7 |
request | GET https://iplogger.org/1iPtu7 |
request | GET https://pastebin.com/raw/mH2EJxkv |
request | GET https://iplogger.org/1hVa87 |
request | GET https://iplogger.org/1Gbzj7 |
request | POST http://www.fjzbqb.com/Home/Index/lkdinl |
domain | jg3.3uag.pw | description | Palau domain TLD | ||||||
domain | www.fddnice.pw | description | Palau domain TLD | ||||||
domain | www.cncode.pw | description | Palau domain TLD |
description | cVI5v4hgahjKJBO4qaFks3SD.exe tried to sleep 151 seconds, actually delayed analysis time by 151 seconds |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\Safe Browsing\UrlSoceng.store |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\recovery\101.3.34.11\manifest.json |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.19.0_0\_locales\pt_PT\messages.json |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\LOG |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.5_0\_locales |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\CertificateTransparency\1256\_platform_specific\all\sths\a4b90990b418581487bb13a2cc67700a3c359804f91bdfb8e377cd0ec80ddc10.sth |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG.old |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.10_0\_locales\fil |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.3_0\_locales\de |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.2_0\_locales\fil |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extensions |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\Subresource Filter\Unindexed Rules\9.18.0\_metadata\verified_contents.json |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.google.com_0.indexeddb.leveldb\LOG.old |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\fil\messages.json |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\CertificateTransparency\1256\_platform_specific\all\sths\c652a0ec48ceb3fcab170992c43a87413309e80065a26252401ba3362a17c565.sth |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.2_0\_locales\fi\messages.json |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\pnacl\0.57.44.2492\_platform_specific\x86_64\pnacl_public_pnacl_json |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\JumpListIconsRecentClosed\2ddb697a-187a-48b1-a298-fa511059acaa.tmp |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\000003.ldb |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.5_0\_locales\es_419\messages.json |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\CertificateTransparency\1256\_platform_specific\all\sths |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\CertificateTransparency\1256\_platform_specific\all\sths\5ea773f9df56c0e7b536487dd049e0327a919a0c84a112128418759681714558.sth |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.3_0\_locales\el\messages.json |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Session Storage\LOCK |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.3_0\_locales\ja |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\LOCK |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Code Cache\wasm |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\Subresource Filter\Unindexed Rules\9.18.0\manifest.json |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extension State\LOCK |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.3_0\_locales\fil |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\no |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.5_0\_locales\it\messages.json |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.10_0\_locales\ca |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.5_0\_locales\ca |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\8620.824.0.0_0\_locales\el\messages.json |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.5_0\_locales\tr\messages.json |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\28da9c56fde4021055a681112c092453f74d8dd8\86db32f4-11be-40e4-83e8-b602b85321c3\a461a5be400b28fc_0 |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.5_0\_locales\cs |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.10_0\_locales\cs |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\pt_PT\messages.json |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.10_0\_locales\ru |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.10_0\_metadata\computed_hashes.json |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\ZxcvbnData\1\english_wikipedia.txt |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.19.0_0\_locales\en_GB |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\8620.824.0.0_0\_metadata\computed_hashes.json |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.19.0_0\_locales\gu\messages.json |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.3_0\_locales\da |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\SwReporter\86.247.200\em004_64.dll |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.19.0_0\_locales\fr |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\pt_PT |
file | C:\Users\test22\Documents\HOGmAMDANZnxIS4lGc3upJEm.exe |
file | C:\Users\test22\Documents\bqvKADEDA8tOHRj85nhTbqxE.exe |
file | C:\Users\test22\Documents\tXPPcJstVV4xCsh8inDOTxzE.exe |
file | C:\Users\test22\Documents\CJTLtVrY9pl2vg6JdqcBVgpr.exe |
file | C:\Users\test22\Documents\A1UCk79NXlI1MxlnlV5l2sWm.exe |
file | C:\Users\test22\Documents\SYmVezGpRuvx7olCcsErg6lA.exe |
file | C:\Users\test22\Documents\xocDuXDs99iMTiElHM0rXry0.exe |
file | C:\Users\test22\Documents\05nPlc3zLWJg84zqghsOI23p.exe |
file | C:\Users\test22\Documents\DRYfmb99nDMQV4ipkY6oUBAY.exe |
file | C:\Users\test22\Documents\KLgHLVaBSv11GPbvcyL3XBGY.exe |
file | C:\Users\test22\Documents\WpBTjeDynjXAJ0BoDDmTunJc.exe |
file | C:\Users\test22\Documents\dodbcFSneVmSJfeLIPGHFaUm.exe |
file | C:\Users\test22\Documents\a9V0EBg9pEG87dLfeUADE4Cr.exe |
file | C:\Users\test22\Documents\rDV4bWrShuAEmB0QOe1YZ3Fx.exe |
file | C:\Users\test22\Documents\5xFv04qroScZuxTgNzNTD4WK.exe |
file | C:\Users\test22\Documents\t6Sg9HLaQkwK0MmYJG3SY9mG.exe |
file | C:\Users\test22\Documents\ku5vAJFa9k47IjO7GGeR9w2O.exe |
file | C:\Users\test22\Documents\KxpAoY4H4KDl2hbPVfLpm2BG.exe |
file | C:\Users\test22\Documents\RWypmf2DGbs1knu7w0eDqq2Q.exe |
file | C:\Users\test22\Documents\Md6SChfIv3WZZvyKED6rBLgC.exe |
file | C:\Users\test22\Documents\3Xqq4P1ULYeboOLDr0coFXmY.exe |
file | C:\Users\test22\Documents\IlwlEmLTKmKwc68XuY6VxG0j.exe |
file | C:\Users\test22\Documents\I00kFDhCw0eMafub4SyUWxa0.exe |
file | C:\Users\test22\Documents\HEZE5HVhq4bKHgasDGZUP5mn.exe |
file | C:\Users\test22\Documents\xG5hB5hhI3T9NRTYLrxLZGNn.exe |
file | C:\Users\test22\Documents\AVDdjDDlDZDCCscboK23FUEW.exe |
file | C:\Users\test22\Documents\xQD3xesCKONxAjvMfmziEDTP.exe |
file | C:\Users\test22\Documents\MIIheAfhzgQPTEmTBx9DHdC7.exe |
file | C:\Users\test22\Documents\S4UOlxJhnwqiOB2gPqrd0chI.exe |
file | C:\Users\test22\Documents\vI23JALhtFIqyifcOMZGyxZT.exe |
file | C:\Users\test22\Documents\R9uuJLpPq7Xyu1NuwWaNiiUH.exe |
file | C:\Users\test22\Documents\4y7sO7xj2ZadLzWGxlOrQrx7.exe |
file | C:\Users\test22\Documents\Rp805Cl9Me41mMVdaqX8f4TB.exe |
file | C:\Users\test22\Documents\s6bwaEj5DFvxNeY2vr6EtoPq.exe |
file | C:\Users\test22\Documents\7lUQCLfxlGujJNIDCL8L3AbP.exe |
file | C:\Users\test22\Documents\qViR5JVjOPFDqT82hGOGrBe8.exe |
file | C:\Users\test22\Documents\nF75FOpAJmdS2FftDUaXVZoU.exe |
file | C:\Users\test22\Documents\YhazMZMB7V4d4wu23RWpgjgQ.exe |
file | C:\Users\test22\Documents\bLjxH4qtH7lAe4tKtkbm3QSQ.exe |
file | C:\Users\test22\Documents\ZiiTHHFqlIUwp8AINj2L9kN4.exe |
file | C:\Users\test22\Documents\YgbHfJNx7w2Xuag6iUw9MIdg.exe |
file | C:\Users\test22\Documents\dUEmqGpCjlvNM4CXc9F4ZnXY.exe |
file | C:\Users\test22\Documents\Koi0ubOuCoixz88twLNNpfMg.exe |
file | C:\Users\test22\Documents\0Kwz1mXFCCIUxEtexrQNS8gM.exe |
file | C:\Users\test22\Documents\j6VjHvG0lzxl8POO7aN0ve04.exe |
file | C:\Users\test22\Documents\8v3nZvQY29XbqqAyHhj1XKzM.exe |
file | C:\Users\test22\Documents\LmLrqujiZQlcbrZz3DPX19K7.exe |
file | C:\Users\test22\Documents\bGSPSFWWvTcy452FceGLys4N.exe |
file | C:\Users\test22\Documents\ZDkCZAdKZtXez8xdnpPWbgzq.exe |
file | C:\Users\test22\Documents\DVwHBBNKbzuCUOekyLgTp95N.exe |
cmdline | cmd.exe /c taskkill /f /im chrome.exe |
file | C:\Users\test22\Documents\4vAYzzZecewY7zkMr7EiwgUR.exe |
file | C:\Users\test22\Documents\ScKRrxLE7CjrRCRzkCjU1Fnn.exe |
file | C:\Users\test22\Documents\g48buoQfafbTYKRsRvLFhkSV.exe |
file | C:\Users\test22\Documents\8TQPHIQ9bFjdlAY5aKlWh2Xb.exe |
file | C:\Users\test22\Documents\8qwycjgOGj3uIj9CDxTRd249.exe |
file | C:\Users\test22\Documents\R9dJ2GRjtUDM4kOUAhgCSabA.exe |
file | C:\Users\test22\Documents\fjog8iMALo8SHlwDwsItN6oy.exe |
file | C:\Users\test22\AppData\Local\Temp\4DD3.tmp |
file | C:\Users\test22\AppData\Local\Temp\cghjgasaaz99\recovery\101.3.34.11\ChromeRecovery.exe |
wmi | SELECT Caption FROM Win32_OperatingSystem |
wmi | SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "chrome.exe") |
description | (no description) | rule | DebuggerCheck__GlobalFlags | ||||||
description | (no description) | rule | DebuggerCheck__QueryInfo | ||||||
description | (no description) | rule | DebuggerHiding__Thread | ||||||
description | (no description) | rule | DebuggerHiding__Active | ||||||
description | (no description) | rule | ThreadControl__Context | ||||||
description | (no description) | rule | SEH__vectored | ||||||
description | Bypass DEP | rule | disable_dep | ||||||
description | (no description) | rule | DebuggerCheck__GlobalFlags | ||||||
description | (no description) | rule | DebuggerCheck__QueryInfo | ||||||
description | (no description) | rule | DebuggerHiding__Thread | ||||||
description | (no description) | rule | DebuggerHiding__Active | ||||||
description | (no description) | rule | ThreadControl__Context | ||||||
description | (no description) | rule | SEH__vectored | ||||||
description | Bypass DEP | rule | disable_dep |
cmdline | cmd.exe /c taskkill /f /im chrome.exe |
cmdline | taskkill /f /im chrome.exe |
cmdline | C:\Users\test22\Documents\46Ox7KjWEjGeYBlPa54R2Dir.exe |
cmdline | C:\Users\test22\Documents\opbxum1Uei5Q8Le8UFdeDOSc.exe |
cmdline | C:\Users\test22\Documents\I0irPLnGAexs5gpMZYOJCwSC.exe |
cmdline | C:\Users\test22\Documents\U6z5hV9kkxQp1DfyGYFpf1sc.exe |
cmdline | C:\Users\test22\Documents\KuFin9LNme4M605oEDOoAAAt.exe |
host | 103.124.106.203 | |||
host | 172.217.25.14 | |||
host | 188.93.233.223 |
registry | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\msCurSQ3ykJOCOtr4ZsRYuLSXI2ZwcTR |
reg_key | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\HtGaMJh0Qom33zaFPd812ID6RCNRQNvX | reg_value | C:\Users\test22\Documents\4vAYzzZecewY7zkMr7EiwgUR.exe | ||||||
reg_key | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\sVtS4dz7TRYjzIXrWFb8NITNmCG2ic96 | reg_value | C:\Users\test22\Documents\asRFt8RT75ITMqT1h8TShcY9.exe | ||||||
reg_key | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\ZhbjfRIYYf1Q5wbDSNk4SvYkCgp2X7Z1 | reg_value | C:\Users\test22\Documents\qJJJ5PjC2OdKiUWQLp469ttl.exe | ||||||
reg_key | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\J0g9mQBaFA8dmJWeBg6QMqSAO0RUYF9N | reg_value | C:\Users\test22\Documents\ScKRrxLE7CjrRCRzkCjU1Fnn.exe | ||||||
reg_key | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\Z6m4GF4XE3XOX7v5EmrgS47f7RCcST05 | reg_value | C:\Users\test22\Documents\ygI0QLcrBImRDyNapFSUIXac.exe | ||||||
reg_key | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\lnByBVZVkDOexCVUAPA42wCe8G7zCbFu | reg_value | C:\Users\test22\Documents\hgvv8qC9AupFAgNzEPOEDB6Z.exe | ||||||
reg_key | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\Dbnt573tNW5Opcr46scCS5Dzlhz4XjSJ | reg_value | C:\Users\test22\Documents\n0oSwoEaFqSuaqsUFmRSJHZJ.exe | ||||||
reg_key | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\8ebWZlYDWRrf1xzgZD3T9CcHYyIYH9Wn | reg_value | C:\Users\test22\Documents\1dQ3IWYgjVIIBuNVqOAUOdYX.exe | ||||||
reg_key | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\DwQLAVfUUZqBOh7xsSfTq9J5BU8lcA5X | reg_value | C:\Users\test22\Documents\g48buoQfafbTYKRsRvLFhkSV.exe | ||||||
reg_key | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\mUJqX42TdTGLF3PEwcvH9jjlaHuHUH32 | reg_value | C:\Users\test22\Documents\4DcEhngDii9jWa300VqydC7E.exe | ||||||
reg_key | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\viPQJv9WZNFraCk5wHbUdfQsVxBsE2lP | reg_value | C:\Users\test22\Documents\FXcNe0poqpGDUrv7FlCBQzFC.exe | ||||||
reg_key | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\Rg4VtRRhm0ZAkoUXlgou2KGSQ7r7nb1h | reg_value | C:\Users\test22\Documents\Sab5lZf5ptnGmDgDBGOJYuiP.exe | ||||||
reg_key | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\ZmEwjT4K82IYAQ2cVPSwqUoufUMv39aD | reg_value | C:\Users\test22\Documents\1MoEeJLYbFevngcWv1h2GyXG.exe | ||||||
reg_key | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\vxH0JLPDCyyUTiplQbsIf32DyiKZtwhz | reg_value | C:\Users\test22\Documents\zho2EZyHLTxvXDVf9Fh1gkaE.exe | ||||||
reg_key | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\rlaV8DhF6yQbWbh2iVWBGnx1LjTuiG8G | reg_value | C:\Users\test22\Documents\8TQPHIQ9bFjdlAY5aKlWh2Xb.exe | ||||||
reg_key | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\0JpjUqsXFT8Szdhm3reGYzl24DCkB0TP | reg_value | C:\Users\test22\Documents\8qwycjgOGj3uIj9CDxTRd249.exe | ||||||
reg_key | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\iwoQnIWP9sB09Yuwa4XDwY8TzsjdTR70 | reg_value | C:\Users\test22\Documents\R9dJ2GRjtUDM4kOUAhgCSabA.exe | ||||||
reg_key | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\yVa5i25svKSgwoUY7wE8MwtbW6qjpjyK | reg_value | C:\Users\test22\Documents\hdlFbB6l8xMLjYVmxumYCXOJ.exe | ||||||
reg_key | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\l9ilLWCMVHQUYOx6u8GrVUVgGiJbIi29 | reg_value | C:\Users\test22\Documents\PcQGkBCG2eaZGz0IZNaPSP7C.exe | ||||||
reg_key | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\oCfmNlDwPRzJtLeTDlPHQW7ly8BpDi0O | reg_value | C:\Users\test22\Documents\eOelca4fbOE8iftLadfTIPqR.exe | ||||||
reg_key | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\E4xOjYtrakmgOEYvTZ68nq5Ohxq1RTO8 | reg_value | C:\Users\test22\Documents\hN7Z5SS0LRtRpkbO8MQhAjBR.exe | ||||||
reg_key | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\8irwr2ZHWoTitWQPIJbly0QmxwCwEoUK | reg_value | C:\Users\test22\Documents\MpVBeDQwhC1E7493yfOknCoY.exe | ||||||
reg_key | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\SE84znCrTJhwUV3oDw8EH7BWmlhGM0j7 | reg_value | C:\Users\test22\Documents\B7C5WeFpmusTkbKbO8bekDjI.exe | ||||||
reg_key | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\ClRNF5fdkjYZrlI269VG7kcPeoAZZu32 | reg_value | C:\Users\test22\Documents\X4nSfKz9sAAb3XG3FxayEfAU.exe | ||||||
reg_key | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\ICsa5GEzqgfZVO9UFjlatIQydgu12xsA | reg_value | C:\Users\test22\Documents\4SP43l3wfg1U8qLeoi2FJ3Xc.exe | ||||||
reg_key | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\w47ZVN62yfdidJbmsM8rdynqXUSUxIt8 | reg_value | C:\Users\test22\Documents\5xv02c1YcBobKwIZih9kR6sA.exe | ||||||
reg_key | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\RQBA4mEpwfesEdHQJtnrL7YxY3OaQnAD | reg_value | C:\Users\test22\Documents\EuE8fcDOEwnpSk6ZGX1F7Ag7.exe | ||||||
reg_key | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\2OmAYoZIeae7x3zHZK9NDlrLjlKprwpZ | reg_value | C:\Users\test22\Documents\OHqOaCUcr73wGNUmPl5NXywU.exe | ||||||
reg_key | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\hbbwduaruEmchnrFG6pRTBbMwy338ckw | reg_value | C:\Users\test22\Documents\UVVLaTEDivSptWzWvyyNziRQ.exe | ||||||
reg_key | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\9P9o0htSezYc9sMyW16tHwbZAvvOVr3D | reg_value | C:\Users\test22\Documents\DFo92RkyVk4ouXyIHtG22A6f.exe | ||||||
reg_key | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\xjoFve6w6UUzskga4H3fmhaolVsDL294 | reg_value | C:\Users\test22\Documents\IJ9mS57y0mK49VJZgSgBDNYM.exe | ||||||
reg_key | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\JAeZw2lDUZE4uxKCFhzOjvnSowRFvDk1 | reg_value | C:\Users\test22\Documents\uxzsQ1CVpX8oBTr6vFH6U3jQ.exe | ||||||
reg_key | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\XLv9kgSQyMrLO4pc7CcobBE2kTKqNxy2 | reg_value | C:\Users\test22\Documents\NijQXmjxw4UlOwL85E0wDUqX.exe | ||||||
reg_key | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\H3YRWlDAYyTCBdkY0NCWNCxljJRy9xAz | reg_value | C:\Users\test22\Documents\2L2L1jMPmExBF9tAZYyB2C6W.exe | ||||||
reg_key | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\FxrNUOBlyexeYlN5TCVbag52JVAimVzp | reg_value | C:\Users\test22\Documents\PgE8K43ABwmQpr95yaKp9jIE.exe | ||||||
reg_key | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\1zD9Od8doIGYs0snWjqYEt9oyxVW92br | reg_value | C:\Users\test22\Documents\YA2XNqpwuBcL3ehMNPV7Oroj.exe | ||||||
reg_key | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\0YLbHmdvrZCZVU9rBZWFMOQpT8zRRwqG | reg_value | C:\Users\test22\Documents\WTfXnphRC8huYIdWhskoAPeI.exe | ||||||
reg_key | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\HgHJwMe5s5k7wvM5Q5kaLRiO7miXIGMZ | reg_value | C:\Users\test22\Documents\yXhOeGJafvD8GEBNs3nk3Y6l.exe | ||||||
reg_key | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\73MKnGwmsKg0oO7QRRIDBXu3MlrbvPl5 | reg_value | C:\Users\test22\Documents\b5H78AnTRHQKeDa7qrU7yfaz.exe | ||||||
reg_key | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\IS8BZV0dilVWO2cyl7sX5aWmSPqrjEiI | reg_value | C:\Users\test22\Documents\fRAFxdpLVnbTgjTbuEphXWyk.exe | ||||||
reg_key | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\6VtKpJ4eDM4y57S7Ltk7paZWCxFrIIeB | reg_value | C:\Users\test22\Documents\ca6efow9x7v5N6N2l15Zoaor.exe | ||||||
reg_key | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\6WI1ENV4s2DqZICjY64ZiYUn0aIJ3jLF | reg_value | C:\Users\test22\Documents\vOiK5mUnDQ2ACY7oi8O50qCf.exe | ||||||
reg_key | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\CeAnFLBJr7eW4dF5XFelFKSkLsNOCRUj | reg_value | C:\Users\test22\Documents\MCNidcjz47SJVQPa6pg3vn7h.exe | ||||||
reg_key | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\MacX8wGZn5RO7FdbVvp7s4ySMuobvoas | reg_value | C:\Users\test22\Documents\Epf9c5us6IcXv2fckkgpIWb1.exe | ||||||
reg_key | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\lJKNHoo9fiATSb77Bf4pK7r5QKUqTCBt | reg_value | C:\Users\test22\Documents\OoxCdXuJCCu0kQeeHEUXqeJR.exe | ||||||
reg_key | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\bO77U8qcgRywAnuedhSZmppE7oi5q0IB | reg_value | C:\Users\test22\Documents\ffaUMgBXXuVBQLMqHXWLkdHn.exe | ||||||
reg_key | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\j29qZuwqIwXNuw4Zf3VuKrrh8FTxIG0q | reg_value | C:\Users\test22\Documents\Yw27jDCYE2f8WZpdm2rCKrBv.exe | ||||||
reg_key | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\KbsUb8iC5rcoYOVJ3BoW1HfgVd00ijTe | reg_value | C:\Users\test22\Documents\vGYqEW9TGyzkCctz7ShRWRl1.exe | ||||||
reg_key | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\5M87IsdWX7I1stfPIgGEdLfQCH3KL81Q | reg_value | C:\Users\test22\Documents\fgfmno2HQxoUAFbt6YXVmOAD.exe | ||||||
reg_key | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\qs5BySKYF2UQDEjNhhuLNdTcGqRDwvHk | reg_value | C:\Users\test22\Documents\gcqbp59iUR7C6kAM2IMGI6ju.exe |
file | C:\Users\test22\Documents\Fomp1MNqT1qoOalppNOTVqqq.exe |