Malware Analysis Report

2025-01-22 12:26

Sample ID 240516-a5z47acg46
Target 9169899925e2c9261b763fdac66394e83139ae9045a96b23e9d71fe6494d5f32
SHA256 9169899925e2c9261b763fdac66394e83139ae9045a96b23e9d71fe6494d5f32
Tags
aspackv2 persistence
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

9169899925e2c9261b763fdac66394e83139ae9045a96b23e9d71fe6494d5f32

Threat Level: Shows suspicious behavior

The file 9169899925e2c9261b763fdac66394e83139ae9045a96b23e9d71fe6494d5f32 was found to be: Shows suspicious behavior.

Malicious Activity Summary

aspackv2 persistence

ASPack v2.12-2.42

Adds Run key to start application

Enumerates physical storage devices

Program crash

Unsigned PE

Suspicious use of WriteProcessMemory

Modifies Internet Explorer settings

Suspicious use of FindShellTrayWindow

Suspicious use of SetWindowsHookEx

Modifies registry class

Suspicious use of AdjustPrivilegeToken

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-05-16 00:48

Signatures

ASPack v2.12-2.42

aspackv2
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-05-16 00:48

Reported

2024-05-16 00:51

Platform

win7-20240508-en

Max time kernel

119s

Max time network

131s

Command Line

"C:\Users\Admin\AppData\Local\Temp\9169899925e2c9261b763fdac66394e83139ae9045a96b23e9d71fe6494d5f32.exe"

Signatures

ASPack v2.12-2.42

aspackv2
Description Indicator Process Target
N/A N/A N/A N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Windows\CurrentVersion\Run\wmplayer = "C:\\MessengerPlus\\wmplayer.exe" C:\Users\Admin\AppData\Local\Temp\9169899925e2c9261b763fdac66394e83139ae9045a96b23e9d71fe6494d5f32.exe N/A

Enumerates physical storage devices

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Download C:\Users\Admin\AppData\Local\Temp\9169899925e2c9261b763fdac66394e83139ae9045a96b23e9d71fe6494d5f32.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{04F7A5A1-131E-11EF-BA28-C2931B856BB4} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "421982380" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Download\RunInvalidSignatures = "00000001" C:\Users\Admin\AppData\Local\Temp\9169899925e2c9261b763fdac66394e83139ae9045a96b23e9d71fe6494d5f32.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Download\CheckExeSignatures = "no" C:\Users\Admin\AppData\Local\Temp\9169899925e2c9261b763fdac66394e83139ae9045a96b23e9d71fe6494d5f32.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 901f18da2aa7da01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000760f6fb6d7365248881a38bcea68cf8b000000000200000000001066000000010000200000006fb6c4ed56881fa78f403008b808a3eb322e972637d4ffe79af740c972c28196000000000e8000000002000020000000e893ab0f6f6d7132bedd2447fa7ce16a6bdfb23786db02c7a4c4ba659d9e971390000000228f81463db22451bcae742db845916fdd9ab991227e83dba401a99f30374687504f9cf82cae2c9ff1fe07397675f80b7148883ad7840444ec1496d477d1306ddc986e1a1ff8b72f9d0e932db45a3acc0f4816520b037e73e68f303dc9bab1760bdc1d1aa04678972e713ef8cb89c135d4b45765085e8282b6a1f7c409b21296c5b7a15b868069aca8cba708875443a040000000afce00a74ce7a741e68f23279dc49b9ef0be66c92110778be5f1e6c5b910c8784fabd18c04d118e314ef07d8f5c66548c47e080303b06ef9261e660243de8575 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000760f6fb6d7365248881a38bcea68cf8b00000000020000000000106600000001000020000000cbe525e3a21bd87598f6184bed9f5a7acdaac3e05ac224f1ff61f1b7c0127bb5000000000e8000000002000020000000b629ac6d9ad40228d9e52e1269238964f00d527aa92f4d5ecb9d6040849be80820000000d44932459581f089e3e15f153505e591ace39e341832e833d26abaa9476080a34000000065f400bb09be334cfca4dd1bd9e0d2a55d0b4e6c0e05dcd8c1e7d35f87be2a75fdec029f4836cbfaedd61d37aef8cb1f37404f76bf7fb059604c26a50bd392b9 C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\9169899925e2c9261b763fdac66394e83139ae9045a96b23e9d71fe6494d5f32.exe

"C:\Users\Admin\AppData\Local\Temp\9169899925e2c9261b763fdac66394e83139ae9045a96b23e9d71fe6494d5f32.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" http://www.youtube.com/watch?v=tkFQS92d6gw

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2612 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 www.youtube.com udp
FR 142.250.74.238:80 www.youtube.com tcp
FR 142.250.74.238:80 www.youtube.com tcp
FR 142.250.74.238:443 www.youtube.com tcp
FR 142.250.74.238:443 www.youtube.com tcp
FR 142.250.74.238:443 www.youtube.com tcp
FR 142.250.74.238:443 www.youtube.com tcp
FR 142.250.74.238:443 www.youtube.com tcp
FR 142.250.74.238:443 www.youtube.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp

Files

memory/2140-1-0x0000000000400000-0x0000000000510000-memory.dmp

memory/2140-2-0x0000000000560000-0x00000000005A6000-memory.dmp

memory/2140-3-0x0000000000400000-0x0000000000510000-memory.dmp

memory/2140-7-0x0000000000400000-0x0000000000510000-memory.dmp

memory/2140-8-0x0000000000560000-0x00000000005A6000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MEFTDE7Q\favicon[2].ico

MD5 f2a495d85735b9a0ac65deb19c129985
SHA1 f2e22853e5da3e1017d5e1e319eeefe4f622e8c8
SHA256 8bb1d0fa43a17436d59dd546f6f74c76dc44735def7522c22d8031166db8911d
SHA512 6ca6a89de3fa98ca1efcf0b19b8a80420e023f38ed00f4496dc0f821cea23d24fb0992cee58c6d089f093fdefca42b60bb3a0a0b16c97b9862d75b269ae8463b

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\q7my5tn\imagestore.dat

MD5 1d475c9ed28cfab721e1845c9f4b8cd7
SHA1 d5058073e16cc47d09475bf2d032adda0a522e44
SHA256 220cf2782f2194bd85d1a8543f7f4397eaf491cb5fd0e9dff6dced679d3bedee
SHA512 650105e0ec8389465327989ffd62c3937a999ef23d9d8e9fdda8de12a551af183a3e4235aedec514293a6627d8304da0f99c4a5637bc887cca4e46610d093e88

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 639df6b21e1d73d7cf015dd0b70ee1f3
SHA1 dd1838f28d841ccde46074b4eec9c9dcafd36df9
SHA256 5ca3e33ba7e7ad4c4d271aa7ea1910f3b4caea69701fa1605b2e4cba5c655794
SHA512 3521fbb9a6f20af66cd07886a6df42b01853982bff4ae3d7f0bb92f1be3b4d3b4422810130b55c4598065bd1b72cc83f04dee001b37fd7962a47feadfd39d145

C:\Users\Admin\AppData\Local\Temp\Cab42FA.tmp

MD5 29f65ba8e88c063813cc50a4ea544e93
SHA1 05a7040d5c127e68c25d81cc51271ffb8bef3568
SHA256 1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184
SHA512 e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

C:\Users\Admin\AppData\Local\Temp\Tar42FD.tmp

MD5 435a9ac180383f9fa094131b173a2f7b
SHA1 76944ea657a9db94f9a4bef38f88c46ed4166983
SHA256 67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34
SHA512 1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 34c713dfb68e5ef65651d2349059a59d
SHA1 ddae004541468ae0ce2ddae6359c3b8ab2c0cb62
SHA256 d437e30b3b7953f423b13348deacb8529fee1f800ffe5a788557c5225e460739
SHA512 72531277003e8efd3b137bdda71ec1d59ecd9efce9cfeaace13376dcd542adc7d0f3463651d909c99743a8a12ab577946d3c6557b545b257f693ccf174483130

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 08bfa1f659563c068bd890a55deffd12
SHA1 348b77ef7e8a21e02669263a4563a53ea0e92e85
SHA256 4de6affaa6d2cb6f499f6abfa104b71e0a28611019dc90345eb816ba2c8546f2
SHA512 eb11f31f4800a3c4395c04b23e71c27c5f6185ddff9d61514ec0856faee03810c1ea79dc2be4fb247445586d3af8637ad049e38d603309ec9ad59f86525123bc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 fdadcfafcf56c0907a2457781f062a4a
SHA1 2a72fdaf7bf380d944343bf5924ca89bc30545d0
SHA256 5ef1059a9dd5673eb4c7c25fd41f1821570ac90d675b31a533e017f15f01e5db
SHA512 e826545b5490e037f25da77dab297be21ec09fe2b5646bfebfe1faeed4e59f4d7cead067472184dfe7a957a8ea130fd00d91b26d2d615c6becbc7a6845b68072

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 575771b9e0621b520428036c5107d556
SHA1 b9d27ac1927a5e2ecc102de37c6c4874a98048e9
SHA256 55ee418a6aa39b77c109a82d1e1038b7026dcac2bd723733168c49118e3766f3
SHA512 cc5ff1b18a2f986a5dce9e9c0442ef563aa462ff28893df8be4f6dd3f8bbe58f17923d7a9c6cc0504ea062f7325eef29f8539b044c6543b411e79f0a16830aee

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2d921df6c572585e5360143d866f1915
SHA1 ad214517e96021bb985fd71a9d479261a04c983f
SHA256 0c7d8a88b9f4fa7b5d217e8f21c613a689c0d01a5d3d59ba052d4cf47f9dd672
SHA512 35d038aca3d4a59853651808e73e87a6e22334c6f9dcc2b6b680391818ebaeaae425366e62479333ad502f8645163b6639034d8c3022bef6876794c31c331837

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b7f9fb449b826917ec3d989e34788cd7
SHA1 ae3d802d5b8a65fafc6d3633a04ffd09012583dc
SHA256 5b09d752f0e8682287c9f3e260f2cf2decf73cb7213e79f8ed47176401bee1bf
SHA512 44d5a17c81a253ef447be7b7b4beafebfd8eceb1acdbe7128115577e55dcaf5f397e45fa88d6fa93fcfc193f6983227d3ce5b4bb321e34c4091c1c816da2c8e6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 739685684cda1f7086e4f6ee20404709
SHA1 5e570d250042f0dfee24d0c96b0e200e3b7d6967
SHA256 f14fc50b32b1cdfd2facc51a1e3c76988f2555b0c5853c84ca340dfb037a4356
SHA512 0cdbf524cf4696c94a4566ac4e36b9cae8146ea14fefd44279777526618de6bef1378cd8aee25887207c2c9b9be2ec53f959903946ae6b165ca96a79dabc506f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ea70afa5ea4d1cdd8997b2218f58d010
SHA1 a6b6c74437cafc87eaec558834fea0695f4da4a4
SHA256 0f9fa6f5bc977e1bdade074f635eccc4e1fb535dad7d296cf0f4b7ed4dab2cec
SHA512 5bc6fbf13b809aba0b1f38841201ef19dc17e2b773b756e761df098e8d8a7f8ba0d30534bd79ff0208c703f29b04eaa2edfcfbdc1b0aa8ff24fe69e24add2d8b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 35f1f69484b505965f5d351d9e2c9467
SHA1 0bc0f99d0376560059e12401ce46c1f55db02f50
SHA256 a501c75030cdd28f4fa00c22220c3e1f89eabb04711fffacd9b7c4a4b7dfeed6
SHA512 11979f847ae57dea0d63cef4f393ebb02ed8d2896d87ad837574dbd6c22e0da4951056a78ad1d117fc14d6144cdb947c6da513f0ad97e4be59b2c1625474b520

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 be45ef98278934fd25f27792dd43a62e
SHA1 03473b17d192819e8291e1ec5cdbb9f921982906
SHA256 2cb2573f7955b3c0cd57a999d4ff973b4e087254c745c0ed548e74c57a2d32d6
SHA512 7fd27c51d66540e4b522ef692ed78092a7b5aa7fb1a2ec03be007bdc794a45dbe8d980481f8b8dec7ac1fd0cd67f4fe91200970d2fa59dcc5a636eee3da36975

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d51d7fad2d851e05dd6cbf6c93480b1d
SHA1 5f6fbaef41f88241d5d6cea3dc0c64b2aa254a68
SHA256 3aae97f57ddd8504e8f2e0f395dc668dcceb1c63fb7e438377231e42b954b0e2
SHA512 5b1afa4987ed75df9777b8ed31e1bff1e1ec2e9645d10b79f6f7f1f500c54b9a878bc087ef0df432f73c0d66392f8b36ac3a7caa400115e237fa2e632825102a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9261b8da38e247e795920f43506a9e71
SHA1 8f9ebf0393b2f7df6deca617c089324f1827ebc2
SHA256 389038df890b6b225fe819c78c4ed170572a380f13fc8e238c7183e0fac62310
SHA512 a773c90355beac300bd79955e814b104d177fe7edb25105b9bbed8fffec57bd48886f3907187950a4d64411c8744159406292783adc3c76d82574e1ac2f31ef7

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 49f5dd68d2459fbca7d746ee296f8402
SHA1 72c663456f1b123cbfbd9e3766ce293399a93b0e
SHA256 393ccd2b635afe8a638267a591bbf6bd4436d8a34a46349c3d779ff3de9bc807
SHA512 f3ab1df3ec2bc16e2d9267105e3478bb6bab25153621b4f5a3138f555ab27f2f11b4eb6a7781f0269cf1ac51917b8da8d1129251c66e7cb36f6e7225fdd6cd53

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 16875a33137adac304b633bd2d68270e
SHA1 8545e900a18d1d838ec9e938e8f1cbfe08927175
SHA256 df1b3886360ef18c2a4aba291a2e0eee7778bec254ee3314e756642f6407187a
SHA512 60427363a7ba11921b06b16813969eff43f3e3a2951f5175285d9adad2172c22c035a9f10018365dd2ba011f1e7bdeb12e4b63a13e4cf1b79aacbc9d876583e7

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9c327d85d2ee6624e75943d7dcd7758f
SHA1 b5acc13b4367640ca7427b4c43d76c3579325d9f
SHA256 156e0f68599d7e8caccde42153c24607dd7fb0dc48dcd25ffa3d4ccfe2d07b71
SHA512 4ddb8064068cf08073b66f9a0d06749cca158264779e99070b418be6156402d4fab9fb75ba68adb0303dd48d167c3d5c2dee585f7be96e37bd69f41d0d3075e1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ff6ac1414e9c762257aff61876d867cd
SHA1 bd9c4bf23c2b30938fa2bab546bc875be7c22bc8
SHA256 d846dcb0fa962f2749f9f6b432cb8307ab0476a70a0573e19495f85bdd0f02c3
SHA512 297d985f6c5db13fc6b92c3ab86cea991233d5af8ac2630df9269df380382b47d35445b5758a33ef1868473aa7de870bea0cfb894bdebb9190a88e4b3c5e75b3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c00e1f0a88645d20dcf007356e2c92ee
SHA1 d9b58c835f783373e148cad338f09abd45088890
SHA256 150f78d205403ebcff1fb0297efe6ad1a8e217c920873014994a0d7a9657fb85
SHA512 0ec06f4b3084ea848746d97254f125dd312f426dde8523f763ffb5e652caa16838497c4597efbc9471032d5f6e2db872d0d785fd0e4342d7afe7bdcc87b3aa12

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7b49cd91e8faa904760262ad9d46c360
SHA1 5b59f3a1d1f43a93b50833b29fe026e8aa0bb0bd
SHA256 b999f67885413fff41ac29852e513caf8cdaa15fcb15d9d172145988a7f2c39b
SHA512 feac771005b5a409d0e06695b446a0b3b1a187ef3378a04222027b9e005df0aa1c74bfeab3a14863dc2c9fd3c004c7e740363c055d9417a5574272b679a26b52

Analysis: behavioral2

Detonation Overview

Submitted

2024-05-16 00:48

Reported

2024-05-16 00:51

Platform

win10v2004-20240508-en

Max time kernel

139s

Max time network

145s

Command Line

"C:\Users\Admin\AppData\Local\Temp\9169899925e2c9261b763fdac66394e83139ae9045a96b23e9d71fe6494d5f32.exe"

Signatures

ASPack v2.12-2.42

aspackv2
Description Indicator Process Target
N/A N/A N/A N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\wmplayer = "C:\\MessengerPlus\\wmplayer.exe" C:\Users\Admin\AppData\Local\Temp\9169899925e2c9261b763fdac66394e83139ae9045a96b23e9d71fe6494d5f32.exe N/A

Enumerates physical storage devices

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\Software\Microsoft\Internet Explorer\Download C:\Users\Admin\AppData\Local\Temp\9169899925e2c9261b763fdac66394e83139ae9045a96b23e9d71fe6494d5f32.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\SOFTWARE\Microsoft\Internet Explorer\Download\CheckExeSignatures = "no" C:\Users\Admin\AppData\Local\Temp\9169899925e2c9261b763fdac66394e83139ae9045a96b23e9d71fe6494d5f32.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\SOFTWARE\Microsoft\Internet Explorer\Download\RunInvalidSignatures = "00000001" C:\Users\Admin\AppData\Local\Temp\9169899925e2c9261b763fdac66394e83139ae9045a96b23e9d71fe6494d5f32.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1181767204-2009306918-3718769404-1000\{F1079652-A201-4995-AD3E-CB0165DC0BD6} C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: 33 N/A C:\Windows\system32\AUDIODG.EXE N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\system32\AUDIODG.EXE N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\9169899925e2c9261b763fdac66394e83139ae9045a96b23e9d71fe6494d5f32.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\9169899925e2c9261b763fdac66394e83139ae9045a96b23e9d71fe6494d5f32.exe

"C:\Users\Admin\AppData\Local\Temp\9169899925e2c9261b763fdac66394e83139ae9045a96b23e9d71fe6494d5f32.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 2760 -ip 2760

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 2760 -s 388

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.youtube.com/watch?v=tkFQS92d6gw

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=16 --field-trial-handle=3644,i,18168883380598738769,14202261231630113808,262144 --variations-seed-version --mojo-platform-channel-handle=4088 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=15 --field-trial-handle=4312,i,18168883380598738769,14202261231630113808,262144 --variations-seed-version --mojo-platform-channel-handle=4552 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --field-trial-handle=5276,i,18168883380598738769,14202261231630113808,262144 --variations-seed-version --mojo-platform-channel-handle=5304 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=5424,i,18168883380598738769,14202261231630113808,262144 --variations-seed-version --mojo-platform-channel-handle=5428 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --no-appcompat-clear --field-trial-handle=5448,i,18168883380598738769,14202261231630113808,262144 --variations-seed-version --mojo-platform-channel-handle=5508 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --field-trial-handle=5444,i,18168883380598738769,14202261231630113808,262144 --variations-seed-version --mojo-platform-channel-handle=5860 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=21 --field-trial-handle=6100,i,18168883380598738769,14202261231630113808,262144 --variations-seed-version --mojo-platform-channel-handle=6072 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=22 --field-trial-handle=6112,i,18168883380598738769,14202261231630113808,262144 --variations-seed-version --mojo-platform-channel-handle=4920 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=6284,i,18168883380598738769,14202261231630113808,262144 --variations-seed-version --mojo-platform-channel-handle=5252 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --no-appcompat-clear --field-trial-handle=4340,i,18168883380598738769,14202261231630113808,262144 --variations-seed-version --mojo-platform-channel-handle=5124 /prefetch:8

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x464 0x3e0

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5464,i,18168883380598738769,14202261231630113808,262144 --variations-seed-version --mojo-platform-channel-handle=6548 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=5628,i,18168883380598738769,14202261231630113808,262144 --variations-seed-version --mojo-platform-channel-handle=5428 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --no-appcompat-clear --field-trial-handle=5608,i,18168883380598738769,14202261231630113808,262144 --variations-seed-version --mojo-platform-channel-handle=5660 /prefetch:8

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 149.220.183.52.in-addr.arpa udp
US 8.8.8.8:53 79.190.18.2.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.237:443 g.bing.com tcp
BE 2.17.107.105:443 www.bing.com tcp
BE 2.17.107.105:443 www.bing.com tcp
US 8.8.8.8:53 74.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 237.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 55.36.223.20.in-addr.arpa udp
US 8.8.8.8:53 196.249.167.52.in-addr.arpa udp
US 8.8.8.8:53 105.107.17.2.in-addr.arpa udp
US 8.8.8.8:53 api.edgeoffer.microsoft.com udp
US 8.8.8.8:53 api.edgeoffer.microsoft.com udp
IE 94.245.104.56:443 api.edgeoffer.microsoft.com tcp
US 8.8.8.8:53 www.youtube.com udp
US 8.8.8.8:53 www.youtube.com udp
FR 142.250.74.238:443 www.youtube.com tcp
US 8.8.8.8:53 www.youtube.com udp
US 8.8.8.8:53 www.youtube.com udp
US 8.8.8.8:53 www.youtube.com udp
US 8.8.8.8:53 www.youtube.com udp
FR 142.250.74.238:443 www.youtube.com tcp
US 8.8.8.8:53 business.bing.com udp
US 8.8.8.8:53 business.bing.com udp
US 8.8.8.8:53 www.youtube.com udp
US 8.8.8.8:53 www.youtube.com udp
US 13.107.6.158:443 business.bing.com tcp
FR 142.250.74.238:443 www.youtube.com tcp
US 8.8.8.8:53 bzib.nelreports.net udp
US 8.8.8.8:53 bzib.nelreports.net udp
NL 96.16.53.149:443 bzib.nelreports.net tcp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
BE 23.55.97.181:443 www.microsoft.com tcp
FR 142.250.74.238:443 www.youtube.com udp
US 8.8.8.8:53 i.ytimg.com udp
US 8.8.8.8:53 i.ytimg.com udp
US 8.8.8.8:53 rr5---sn-aigl6nsk.googlevideo.com udp
US 8.8.8.8:53 rr5---sn-aigl6nsk.googlevideo.com udp
FR 142.250.179.86:443 i.ytimg.com tcp
FR 142.250.179.86:443 i.ytimg.com tcp
GB 74.125.105.106:443 rr5---sn-aigl6nsk.googlevideo.com tcp
GB 74.125.105.106:443 rr5---sn-aigl6nsk.googlevideo.com tcp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
GB 51.11.108.188:443 nav-edge.smartscreen.microsoft.com tcp
GB 51.11.108.188:443 nav-edge.smartscreen.microsoft.com tcp
GB 51.11.108.188:443 nav-edge.smartscreen.microsoft.com tcp
GB 51.11.108.188:443 nav-edge.smartscreen.microsoft.com tcp
US 8.8.8.8:53 56.104.245.94.in-addr.arpa udp
US 8.8.8.8:53 238.74.250.142.in-addr.arpa udp
US 8.8.8.8:53 76.234.34.23.in-addr.arpa udp
US 8.8.8.8:53 158.6.107.13.in-addr.arpa udp
US 8.8.8.8:53 181.97.55.23.in-addr.arpa udp
US 8.8.8.8:53 86.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 106.105.125.74.in-addr.arpa udp
US 8.8.8.8:53 163.20.217.172.in-addr.arpa udp
US 8.8.8.8:53 138.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 149.53.16.96.in-addr.arpa udp
GB 51.11.108.188:443 nav-edge.smartscreen.microsoft.com tcp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 rr1---sn-aigl6nzr.googlevideo.com udp
US 8.8.8.8:53 rr1---sn-aigl6nzr.googlevideo.com udp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 www.youtube.com udp
GB 74.125.175.134:443 rr1---sn-aigl6nzr.googlevideo.com udp
NL 173.194.69.84:443 accounts.google.com tcp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
FR 172.217.20.170:443 jnn-pa.googleapis.com tcp
BE 2.17.107.105:443 www.bing.com tcp
US 8.8.8.8:53 sploit-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 sploit-edge.smartscreen.microsoft.com udp
NL 173.194.69.84:443 accounts.google.com udp
GB 20.162.145.158:443 sploit-edge.smartscreen.microsoft.com tcp
FR 172.217.20.170:443 jnn-pa.googleapis.com udp
US 8.8.8.8:53 edgestatic.azureedge.net udp
US 8.8.8.8:53 edgestatic.azureedge.net udp
US 8.8.8.8:53 c.s-microsoft.com udp
US 8.8.8.8:53 c.s-microsoft.com udp
US 13.107.246.64:443 edgestatic.azureedge.net tcp
US 13.107.246.64:443 edgestatic.azureedge.net tcp
US 13.107.246.64:443 edgestatic.azureedge.net tcp
US 8.8.8.8:53 188.108.11.51.in-addr.arpa udp
US 8.8.8.8:53 134.175.125.74.in-addr.arpa udp
US 8.8.8.8:53 84.69.194.173.in-addr.arpa udp
US 8.8.8.8:53 170.20.217.172.in-addr.arpa udp
US 8.8.8.8:53 67.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 158.145.162.20.in-addr.arpa udp
FR 142.250.179.86:443 i.ytimg.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 www.google.com udp
FR 142.250.178.132:443 www.google.com udp
US 8.8.8.8:53 132.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 yt3.ggpht.com udp
US 8.8.8.8:53 yt3.ggpht.com udp
US 8.8.8.8:53 youtube.com udp
US 8.8.8.8:53 youtube.com udp
FR 216.58.214.174:443 youtube.com tcp
US 8.8.8.8:53 yt3.ggpht.com udp
US 8.8.8.8:53 yt3.ggpht.com udp
FR 142.250.179.97:443 yt3.ggpht.com tcp
US 8.8.8.8:53 174.214.58.216.in-addr.arpa udp
US 8.8.8.8:53 97.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 wcpstatic.microsoft.com udp
US 8.8.8.8:53 wcpstatic.microsoft.com udp
US 13.107.246.64:443 wcpstatic.microsoft.com tcp
US 13.107.246.64:443 wcpstatic.microsoft.com tcp
BE 2.17.107.105:443 www.bing.com udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 13.86.106.20.in-addr.arpa udp
US 8.8.8.8:53 86.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 139.53.16.96.in-addr.arpa udp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 play.google.com udp
FR 142.250.179.78:443 play.google.com tcp
FR 142.250.179.78:443 play.google.com udp
US 8.8.8.8:53 78.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 29.243.111.52.in-addr.arpa udp
US 8.8.8.8:53 77.190.18.2.in-addr.arpa udp
FR 142.250.74.238:443 www.youtube.com udp
US 8.8.8.8:53 26.35.223.20.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 43.58.199.20.in-addr.arpa udp
FR 142.250.74.238:443 www.youtube.com udp

Files

memory/2760-0-0x00000000001C0000-0x00000000001C1000-memory.dmp

memory/2760-1-0x0000000000400000-0x0000000000510000-memory.dmp

memory/2760-2-0x00000000007A0000-0x00000000007E6000-memory.dmp

memory/2760-3-0x0000000000400000-0x0000000000510000-memory.dmp

memory/2760-8-0x00000000007A0000-0x00000000007E6000-memory.dmp

memory/2760-7-0x0000000000400000-0x0000000000510000-memory.dmp