Analysis Overview
SHA256
3260c1e806429a61577901fcdf070a19d150730fbfc12c626279fd032d1b0d30
Threat Level: Known bad
The file 3260c1e806429a61577901fcdf070a19d150730fbfc12c626279fd032d1b0d30.exe was found to be: Known bad.
Malicious Activity Summary
Zloader family
Loads dropped DLL
Executes dropped EXE
Legitimate hosting services abused for malware hosting/C2
Checks installed software on the system
Enumerates processes with tasklist
Unsigned PE
Command and Scripting Interpreter: JavaScript
Command and Scripting Interpreter: PowerShell
Program crash
Browser Information Discovery
Enumerates physical storage devices
System Location Discovery: System Language Discovery
Suspicious use of SetWindowsHookEx
Enumerates system info in registry
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Modifies Internet Explorer settings
Suspicious use of FindShellTrayWindow
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-09-22 06:27
Signatures
Zloader family
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Analysis: behavioral28
Detonation Overview
Submitted
2024-09-22 06:26
Reported
2024-09-22 06:30
Platform
win7-20240903-en
Max time kernel
118s
Max time network
118s
Command Line
Signatures
Command and Scripting Interpreter: PowerShell
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
Processes
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe -ExecutionPolicy bypass -File C:\Users\Admin\AppData\Local\Temp\sqlite-autoconf-3440200\aclocal.ps1
Network
Files
memory/2756-4-0x000007FEF587E000-0x000007FEF587F000-memory.dmp
memory/2756-5-0x000000001B580000-0x000000001B862000-memory.dmp
memory/2756-6-0x00000000022C0000-0x00000000022C8000-memory.dmp
memory/2756-7-0x000007FEF55C0000-0x000007FEF5F5D000-memory.dmp
memory/2756-8-0x000007FEF55C0000-0x000007FEF5F5D000-memory.dmp
memory/2756-9-0x000007FEF55C0000-0x000007FEF5F5D000-memory.dmp
memory/2756-10-0x000007FEF55C0000-0x000007FEF5F5D000-memory.dmp
memory/2756-11-0x000007FEF55C0000-0x000007FEF5F5D000-memory.dmp
Analysis: behavioral1
Detonation Overview
Submitted
2024-09-22 06:26
Reported
2024-09-22 06:30
Platform
win7-20240729-en
Max time kernel
14s
Max time network
16s
Command Line
Signatures
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Programs\patcher\OGFnPatcher.exe | N/A |
Loads dropped DLL
Checks installed software on the system
Enumerates processes with tasklist
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\tasklist.exe | N/A |
Enumerates physical storage devices
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\3260c1e806429a61577901fcdf070a19d150730fbfc12c626279fd032d1b0d30.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\find.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\tasklist.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\3260c1e806429a61577901fcdf070a19d150730fbfc12c626279fd032d1b0d30.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\tasklist.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\tasklist.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Windows\SysWOW64\tasklist.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\3260c1e806429a61577901fcdf070a19d150730fbfc12c626279fd032d1b0d30.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\3260c1e806429a61577901fcdf070a19d150730fbfc12c626279fd032d1b0d30.exe
"C:\Users\Admin\AppData\Local\Temp\3260c1e806429a61577901fcdf070a19d150730fbfc12c626279fd032d1b0d30.exe"
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\system32\cmd.exe" /c tasklist /FI "USERNAME eq %USERNAME%" /FI "IMAGENAME eq OGFnPatcher.exe" /FO csv | "C:\Windows\system32\find.exe" "OGFnPatcher.exe"
C:\Windows\SysWOW64\tasklist.exe
tasklist /FI "USERNAME eq Admin" /FI "IMAGENAME eq OGFnPatcher.exe" /FO csv
C:\Windows\SysWOW64\find.exe
"C:\Windows\system32\find.exe" "OGFnPatcher.exe"
C:\Users\Admin\AppData\Local\Programs\patcher\OGFnPatcher.exe
"C:\Users\Admin\AppData\Local\Programs\patcher\OGFnPatcher.exe"
Network
Files
\Users\Admin\AppData\Local\Temp\nse89D9.tmp\System.dll
| MD5 | 0d7ad4f45dc6f5aa87f606d0331c6901 |
| SHA1 | 48df0911f0484cbe2a8cdd5362140b63c41ee457 |
| SHA256 | 3eb38ae99653a7dbc724132ee240f6e5c4af4bfe7c01d31d23faf373f9f2eaca |
| SHA512 | c07de7308cb54205e8bd703001a7fe4fd7796c9ac1b4bb330c77c872bf712b093645f40b80ce7127531fe6746a5b66e18ea073ab6a644934abed9bb64126fea9 |
\Users\Admin\AppData\Local\Temp\nse89D9.tmp\StdUtils.dll
| MD5 | c6a6e03f77c313b267498515488c5740 |
| SHA1 | 3d49fc2784b9450962ed6b82b46e9c3c957d7c15 |
| SHA256 | b72e9013a6204e9f01076dc38dabbf30870d44dfc66962adbf73619d4331601e |
| SHA512 | 9870c5879f7b72836805088079ad5bbafcb59fc3d9127f2160d4ec3d6e88d3cc8ebe5a9f5d20a4720fe6407c1336ef10f33b2b9621bc587e930d4cbacf337803 |
\Users\Admin\AppData\Local\Temp\nse89D9.tmp\SpiderBanner.dll
| MD5 | 17309e33b596ba3a5693b4d3e85cf8d7 |
| SHA1 | 7d361836cf53df42021c7f2b148aec9458818c01 |
| SHA256 | 996a259e53ca18b89ec36d038c40148957c978c0fd600a268497d4c92f882a93 |
| SHA512 | 1abac3ce4f2d5e4a635162e16cf9125e059ba1539f70086c2d71cd00d41a6e2a54d468e6f37792e55a822d7082fb388b8dfecc79b59226bbb047b7d28d44d298 |
\Users\Admin\AppData\Local\Temp\nse89D9.tmp\nsExec.dll
| MD5 | ec0504e6b8a11d5aad43b296beeb84b2 |
| SHA1 | 91b5ce085130c8c7194d66b2439ec9e1c206497c |
| SHA256 | 5d9ceb1ce5f35aea5f9e5a0c0edeeec04dfefe0c77890c80c70e98209b58b962 |
| SHA512 | 3f918f1b47e8a919cbe51eb17dc30acc8cfc18e743a1bae5b787d0db7d26038dc1210be98bf5ba3be8d6ed896dbbd7ac3d13e66454a98b2a38c7e69dad30bb57 |
\Users\Admin\AppData\Local\Temp\nse89D9.tmp\nsis7z.dll
| MD5 | 80e44ce4895304c6a3a831310fbf8cd0 |
| SHA1 | 36bd49ae21c460be5753a904b4501f1abca53508 |
| SHA256 | b393f05e8ff919ef071181050e1873c9a776e1a0ae8329aefff7007d0cadf592 |
| SHA512 | c8ba7b1f9113ead23e993e74a48c4427ae3562c1f6d9910b2bbe6806c9107cf7d94bc7d204613e4743d0cd869e00dafd4fb54aad1e8adb69c553f3b9e5bc64df |
C:\Users\Admin\AppData\Local\Temp\nse89D9.tmp\7z-out\chrome_100_percent.pak
| MD5 | 3c72d78266a90ed10dc0b0da7fdc6790 |
| SHA1 | 6690eb15b179c8790e13956527ebbf3d274eef9b |
| SHA256 | 14a6a393c60f62df9bc1036e98346cd557e0ae73e8c7552d163fa64da77804d7 |
| SHA512 | b1babf1c37b566a5f0e5f84156f7ab59872690ba0bdd51850525f86769bfebc245f83988a3508945cf7617d73cd25e8469228974dd2c38415388b6a378552420 |
C:\Users\Admin\AppData\Local\Temp\nse89D9.tmp\7z-out\chrome_200_percent.pak
| MD5 | 3969308aae1dc1c2105bbd25901bcd01 |
| SHA1 | a32f3c8341944da75e3eed5ef30602a98ec75b48 |
| SHA256 | 20c93f2cfd69f3249cdfd46f317b37a9432ecc0de73323d24ecf65ce0f3c1bb6 |
| SHA512 | f81ed1890b46f7d9f6096b9ef5daab5b21788952efb5c4dcd6b8fd43e4673a91607c748f31434c84a180d943928d83928037058493e7e9b48c3de1fc8025df7f |
C:\Users\Admin\AppData\Local\Temp\nse89D9.tmp\7z-out\d3dcompiler_47.dll
| MD5 | a7b7470c347f84365ffe1b2072b4f95c |
| SHA1 | 57a96f6fb326ba65b7f7016242132b3f9464c7a3 |
| SHA256 | af7b99be1b8770c0e4d18e43b04e81d11bdeb667fa6b07ade7a88f4c5676bf9a |
| SHA512 | 83391a219631f750499fd9642d59ec80fb377c378997b302d10762e83325551bb97c1086b181fff0521b1ca933e518eab71a44a3578a23691f215ebb1dce463d |
C:\Users\Admin\AppData\Local\Temp\nse89D9.tmp\7z-out\ffmpeg.dll
| MD5 | ed10fd2777a030b2895d2f555207f1b3 |
| SHA1 | 81448e7a72e49eff746abbedea503139b7eadbdd |
| SHA256 | 996aed5bb751d70e215bcc3e5be2ed28fb54412af05031c592df101b51232e0c |
| SHA512 | 435f33fd11fc25a495726401211ed87771c831eab8916b8bb9520bf0f799646f911b22716f090849bfc85e2372cd28aa1c9de46f9d613929993ef009955173e9 |
C:\Users\Admin\AppData\Local\Temp\nse89D9.tmp\7z-out\icudtl.dat
| MD5 | ffd67c1e24cb35dc109a24024b1ba7ec |
| SHA1 | 99f545bc396878c7a53e98a79017d9531af7c1f5 |
| SHA256 | 9ae98c06cbb0ea43c5cd6b5725310c008c65e46072421a1118cb88e1de9a8b92 |
| SHA512 | e1a865e685d2d3bacd0916d4238a79462519d887feb273a251120bb6af2b4481d025f3b21ce9a1a95a49371a0aa3ecf072175ba756974e831dbfde1f0feaeb79 |
C:\Users\Admin\AppData\Local\Temp\nse89D9.tmp\7z-out\libEGL.dll
| MD5 | e3f6c7b1316f7ca06ee178377ce16ff7 |
| SHA1 | f546da89ec0d3ef238892be8f2dd697d411518bb |
| SHA256 | ff6d4f18492a704b4b9d853abdcc73a4fa561b0c685619508e25afaf4e4800b9 |
| SHA512 | cad4026efc48192c4904a4b0ec583d2e24b94f8a5f91824716eddb32477512799b10a4f9cc7a2976a25ca0d333bb1c68bb98b1d0f9bd7020e0e31be7d950720b |
C:\Users\Admin\AppData\Local\Temp\nse89D9.tmp\7z-out\libGLESv2.dll
| MD5 | ac216b22cb7ca21d9803ae6b111792e5 |
| SHA1 | f6678626aa522628110315889ca744572549bb73 |
| SHA256 | 3cd10952ba73ba4a36f5ec92dcbb0893092bfc8d77a381f6f9f3090b0ecfbb50 |
| SHA512 | df344f79ff5d4e38b451bea948c234b63af0402565097082a082b44a4efb9e0ed367884875cbc817237b7ae7ac126fc7de0e8615504923b8db553c1a3a985a90 |
C:\Users\Admin\AppData\Local\Temp\nse89D9.tmp\7z-out\LICENSE.electron.txt
| MD5 | 4d42118d35941e0f664dddbd83f633c5 |
| SHA1 | 2b21ec5f20fe961d15f2b58efb1368e66d202e5c |
| SHA256 | 5154e165bd6c2cc0cfbcd8916498c7abab0497923bafcd5cb07673fe8480087d |
| SHA512 | 3ffbba2e4cd689f362378f6b0f6060571f57e228d3755bdd308283be6cbbef8c2e84beb5fcf73e0c3c81cd944d01ee3fcf141733c4d8b3b0162e543e0b9f3e63 |
C:\Users\Admin\AppData\Local\Temp\nse89D9.tmp\7z-out\LICENSES.chromium.html
| MD5 | f017c462d59fd22271a2c5e7f38327f9 |
| SHA1 | 7e1bbeea6ac2599bd0f08877aa5811d32f1aceb9 |
| SHA256 | 40f314c778851106918aae749d75b2d913984327602a1bfb7ef0cc6443ff2a37 |
| SHA512 | 72177281486f6ec26ccc743b43481c31470c7dd53f17b0a67ac087dded190c2e3dde5570260150c2e9650186a515740af7f81e31965c95bb762340f9ac100c07 |
C:\Users\Admin\AppData\Local\Temp\nse89D9.tmp\7z-out\resources.pak
| MD5 | d3fef960b0aac7b5d40e37b09f91f9ba |
| SHA1 | dc5093fecf59150877f439a04bdb3912f13ed905 |
| SHA256 | c2dad6a9f8bf1b552fa94a51cadb6ed6a4e5a6455bcebf3c2888f0a6a3d6c8c2 |
| SHA512 | 5be574b28b67ebd13acb764e15aaae6c3fb861a1cf16e4132fec8fe90b4fb70d49314609bd173c8de6299531f5520fe95ae080112efd2f7e89a6e174532bc458 |
C:\Users\Admin\AppData\Local\Temp\nse89D9.tmp\7z-out\snapshot_blob.bin
| MD5 | 7ad5356f81d38002220b82f64cebe230 |
| SHA1 | 11f047ffb7b90a40ca17c796b0a306d4b250ed7f |
| SHA256 | 31969e154d3cd857d14e9d8edb98118ad2d5e9e9f1b77f9085626bd500e34ce1 |
| SHA512 | 862d0027b13ef4527a45b010d35142583c1f02f7691b093774eb5bb066b623ba7b8c0bb65a2e75641381c8ffa6a24c7116d1a9a984143ad13d0a0d61adfa3c0c |
C:\Users\Admin\AppData\Local\Temp\nse89D9.tmp\7z-out\v8_context_snapshot.bin
| MD5 | 8b8485c02d1fb639085dcb2b1af02c6e |
| SHA1 | fe4e7115aef2c161c5995a621bf614a502f04910 |
| SHA256 | 98c18470926e12def4c39163c5389f29c5df7d2a41bf7353a75a7cdc41f1a90c |
| SHA512 | c2f24848a75c5330d1be5bde3213064f2b0feb13b8708d795249961605a09913aab1fc78b850f4ea3f7c76c74a8238816f5654a4fad5c11a78ce86b8b9cdd521 |
C:\Users\Admin\AppData\Local\Temp\nse89D9.tmp\7z-out\vk_swiftshader.dll
| MD5 | ed0ffde1854aa8b1dc64835b48833d32 |
| SHA1 | 5aa09092b982e8ae1ca73f713d6f51a30248b64a |
| SHA256 | 1a24356be288e742549a20c62de9259b2e1cf8bd560151ff7a24d4ae1a4652a2 |
| SHA512 | 59fd3b9153b2d777a707c7f2aedf2b7be701c18fb1b9e79d32381dacca22768c6461c575271aee960d7c41fadeba75f8cde41fc8a229c2e49823bbb5853b69a1 |
C:\Users\Admin\AppData\Local\Temp\nse89D9.tmp\7z-out\vk_swiftshader_icd.json
| MD5 | 8642dd3a87e2de6e991fae08458e302b |
| SHA1 | 9c06735c31cec00600fd763a92f8112d085bd12a |
| SHA256 | 32d83ff113fef532a9f97e0d2831f8656628ab1c99e9060f0332b1532839afd9 |
| SHA512 | f5d37d1b45b006161e4cefeebba1e33af879a3a51d16ee3ff8c3968c0c36bbafae379bf9124c13310b77774c9cbb4fa53114e83f5b48b5314132736e5bb4496f |
C:\Users\Admin\AppData\Local\Temp\nse89D9.tmp\7z-out\vulkan-1.dll
| MD5 | 8f939b8bbffc7e1083e938adc4b5aea7 |
| SHA1 | ce03fd0ec3c11fbbc51b6fef044bea7915991aa9 |
| SHA256 | 7d411fa0a615d0f67099fc3978b3f07e28565b9877cce02ec239eb228fa4d485 |
| SHA512 | bed9ac52e82dcf3e8233d90f1f0986ce6371338299a7efc490d89955d869e2b16874cd2258b4217971269f19fb1589530fe2d870d65610a878f2633f0cf4e0af |
C:\Users\Admin\AppData\Local\Temp\nse89D9.tmp\7z-out\locales\am.pak
| MD5 | 99f01e85f82f70b919f3de6a29bc2255 |
| SHA1 | bd229bbb9a15d128d3dafb107533ed2b74e0b778 |
| SHA256 | fdbbf59c2f6d4e9d6bf8bc7209511850bb337b0a49a25d39779bdd0e105f1682 |
| SHA512 | b3b7199f60af430bc98fc937e12b0a2c67b446f0217e01b543882313336f55def3cc6317cf1ef49766ceb1e171e70cbd78e8acecc3cc1c8409e76f4d98d347a6 |
C:\Users\Admin\AppData\Local\Temp\nse89D9.tmp\7z-out\locales\ar.pak
| MD5 | 5fbed215d9555f2be88e8a41407a0a72 |
| SHA1 | 744bd7b5276cd4e69a6610d35e3c9e5d62dbe49a |
| SHA256 | 5f1b06de1f8105ccebb79651781fc219013048951a6e1b15a2c4f567ee45e88f |
| SHA512 | 0c0d2d1d3d07528afecf1862011ce2ddd27c9c286b5edeb03cd80a9ffde584bf0a71ba6292c969e3261a958a9bfddd291746253268479c090f54559720dcac36 |
C:\Users\Admin\AppData\Local\Temp\nse89D9.tmp\7z-out\locales\bg.pak
| MD5 | 78209e3acd074e521b73382ec462e497 |
| SHA1 | b112c4ced00c140410a1faf8204772d1fd14abed |
| SHA256 | 086e2955bc5dbba52b0ab055bf788bd7852a851a29bf1249dbd134713f04e6f4 |
| SHA512 | 789f13ba6b98b0b181bbd75f3a099a39d33b43bd6a0172688da570c3087cdbc4975e36e5c40f0f3298648dfb777613b0b2001d6873a2c6bee41e82355d960fd9 |
C:\Users\Admin\AppData\Local\Temp\nse89D9.tmp\7z-out\locales\bn.pak
| MD5 | ea7cf62cd5373f016ee15773394cc33d |
| SHA1 | 582299514e86802707fd6e45a170da7a5b5f3da0 |
| SHA256 | dedf3a8c24b13eafd99d9bc44dfc4d7a74f01eda532e05c8d61b4457f348fd09 |
| SHA512 | 482ce2f374e5bba511e60843736811ab1f8d3aa52a020c78505e95b1ad0a924531a952ff792116ef7ef55cf027640ac88885f13513757c8883b37d7ae57c9a13 |
C:\Users\Admin\AppData\Local\Temp\nse89D9.tmp\7z-out\locales\cs.pak
| MD5 | bb1c4ba9859b0a43a42021f39b8b750d |
| SHA1 | 02b2505d3955f15b6655bee9c92d7bbfaad6ddc3 |
| SHA256 | 814990ab6af4acb4acd44b0f07fafd4375724facf4e3080014ce7b8b9e935fb9 |
| SHA512 | 941cf4d334dbea7cc790cb8ba11e959d5a45381e7efdbae1e659d27540fd80247bb71820a90af6164d76cabbb283dbf3b652c29e0ded3832dcc21e3a88f7d0b6 |
C:\Users\Admin\AppData\Local\Temp\nse89D9.tmp\7z-out\locales\de.pak
| MD5 | d847de7e4970ad17615f7a454be60d06 |
| SHA1 | e6cd24f4ca42499c12c92f90077977921a66e016 |
| SHA256 | 41e503b5e5638cccac6b0165d6c2d2b583e3a6190f3b1dd2e8dd25494d3bdf96 |
| SHA512 | ab782cdf2fcf20d24cb3cb3c70989901146709610809a3ecb0ba86b312f11c5b1fca3d66b04d6a6ad3f111f2f2c8749da9d1f8d1ead08c8e7635bd6f1f6a00f0 |
C:\Users\Admin\AppData\Local\Temp\nse89D9.tmp\7z-out\locales\et.pak
| MD5 | 96febc2a296af99758050eef3ed97712 |
| SHA1 | 26f8751ccfe0b1bed9db532dbac1034a02b7f48a |
| SHA256 | 678e50d9785c14f205baff60760decf64f765a98863e000abe44dcc6f22b5d0d |
| SHA512 | bfc8a9051360338c61dc46040b006808b57ee20ce170c4645bf5fd83a643c3107bbc1752fd2486a9ab8250a84ff0cf832f381c523cc49cd08486eae489c4d45e |
C:\Users\Admin\AppData\Local\Temp\nse89D9.tmp\7z-out\locales\gu.pak
| MD5 | cd212ed25482d2b5a246440b62c4fbbf |
| SHA1 | 197f3616dec4fb308e0ec5a17458ef8a2d027cd1 |
| SHA256 | 0e8762ac08963088c33b74ee790df95370bbfc298bae8abfb87eb1307ef46d37 |
| SHA512 | 207d3e9a6bfbd3eb19cf53a0a300eb0172ecb872496d627ac5b55b9ea11d52f24f01393893450fefaa3c42bb481129d54e552679f2f67a2af0e117d12464601d |
C:\Users\Admin\AppData\Local\Temp\nse89D9.tmp\7z-out\locales\it.pak
| MD5 | d26fd02972984599d1a60ebfce4ee7b0 |
| SHA1 | d1767c68628c8b1449b4670fc40c355d367b0a97 |
| SHA256 | 75e90045cdafecc013f62097e1aabae18362954cf993eb4f78ed1639e3468186 |
| SHA512 | 06722bae30ade4bae70130918e3d6f99e54d7fca37b3798f8ed3d269cf52c37e1280a08313c9f9dedac80da149446bd0414cd36e345bfea3a1b7409b7d2f3464 |
C:\Users\Admin\AppData\Local\Temp\nse89D9.tmp\7z-out\locales\pl.pak
| MD5 | 8cea9672f132573e143fc742ff1f7d00 |
| SHA1 | 2eda91defa08ac7d27c082e4b85120d347dd39ca |
| SHA256 | 6257145654f4e47c21ef2b91fe69fc386c1e228a89a658418532a2934433cd7b |
| SHA512 | 25579e0535569f0a2855d02df0e2b36dc391a0d3cc54d2ee2b23184836caf8a3ec4c590704a9604666307e1e6e01d72311f76bff7210cecf18ab20d4f3c309f0 |
C:\Users\Admin\AppData\Local\Temp\nse89D9.tmp\7z-out\locales\sw.pak
| MD5 | b49abf12ae1a019f170dbe514a9341f0 |
| SHA1 | a17d7ce05d6e75563d364e8e97be70bbed5b2ab6 |
| SHA256 | d85642b0783e1999fadf82aedfcaaf03a35572ca15a9e4f9eb8e1fcaca2ce29c |
| SHA512 | 147e80cd5c521bdba44778a6f605e330a589482625d4229bc6b0754edb1b41e8e1ebfa7dffe4c0ffb9d9342a95fef8f9109935a9b9d111e21af1e70b0806fa70 |
C:\Users\Admin\AppData\Local\Temp\nse89D9.tmp\7z-out\locales\zh-TW.pak
| MD5 | fb25eb737df0e863cd83b0472249b64f |
| SHA1 | 3f9d0d847bb9eea9bc5c89371fd4665da1a485f0 |
| SHA256 | f1bd51245e56bcf324a8a94c4a572be031f2fd0db4d828471e563f64d8ecc79d |
| SHA512 | 075bb8edd2743e980cb842ad359a16023a3280c560ccdd17150e7cdc179fbcd0de3415ab591d7877ac3a8dad84fe8defb0059fa0d3468553230d27b7d1bd7c03 |
C:\Users\Admin\AppData\Local\Temp\nse89D9.tmp\7z-out\locales\zh-CN.pak
| MD5 | 6e7c237143cc765ac3abbe0685fa2afe |
| SHA1 | 40166c23aa75b8079ca16db2f5bcc938dfac312a |
| SHA256 | 9cda0f5736ab40650d10dd93f35316c45d5db9c596b270a9476cdd19d624c7d1 |
| SHA512 | 2c2b6c50e52e1613f1976c86670dab5c4a7b06ff1746da0737bcc72271fe7531d8d909de2064cc2086c4b04352325fafb9c8bb181bc074dd62ba0e7a607fe011 |
C:\Users\Admin\AppData\Local\Temp\nse89D9.tmp\7z-out\locales\vi.pak
| MD5 | 8f8a783772b0b3ed9e1858074a3106c4 |
| SHA1 | fdfa166ddfc0e9101bdcf5e76d422b29444d4772 |
| SHA256 | ad778e5e76648700192dfb6a27c6be743935de00e3a75f208f3c1d3f6d3fd1c9 |
| SHA512 | 690a006b94cc8a34ac0fa904b2c175688cd1468385537bd3927a91550c137086a8ce75a2794be0126bc0eb44a498b01bf94c05237895a82125016c7463b4f161 |
C:\Users\Admin\AppData\Local\Temp\nse89D9.tmp\7z-out\locales\ur.pak
| MD5 | bb7d36ea38a066f9939b858ca3bba8d8 |
| SHA1 | 78a18e7d6e82ebe9f99161432ac0363928d2c2d1 |
| SHA256 | 8ab35f7d357a38922acc42c663089ef4e0ef42ce56e212c26507bd110c8e8967 |
| SHA512 | 1b4a82c5065170c551de28812f6c99cd47a22209d97cf0723197bad15872d98fffba0cdf4db87440a84fc9cd0d2a3cd771074b254f12fd7658e7f9aad732a854 |
C:\Users\Admin\AppData\Local\Temp\nse89D9.tmp\7z-out\locales\uk.pak
| MD5 | 7d6b378c369e8a132a1134ffb3921d26 |
| SHA1 | 1c3c9c67613a4798ab2d4bdaaa0fe5ad80eee876 |
| SHA256 | e8ffe116ebbdaace51d9e62fe3c119eb354b244a8395f82d61b67dc8e3b3abb7 |
| SHA512 | edc526149fef6530c25a13725f33f7a4e9bb56b1b28fb1936609edc4c195153d5276d4ff61d7be9c2cf99835273809502168d7c8b0049c6b670ee226eab8e6ff |
C:\Users\Admin\AppData\Local\Temp\nse89D9.tmp\7z-out\locales\tr.pak
| MD5 | d03ea83a0ed60cdd6607d16cfbaadb7a |
| SHA1 | 8463e4a4985ce85efb7b7b1b54e384f7043dced9 |
| SHA256 | 5fba0fce51cc3f9767d2cfdaef1192507f18b83235879aacc8f63b30880c8f00 |
| SHA512 | 3c7c7e6b98372bff436acbb31f4e0205c8b797221162f969464dad88fcace1d5f445b57beef96526c1610cfb3a589aa5c120fa6cceb06dc6bdaeddefe8de72e2 |
C:\Users\Admin\AppData\Local\Temp\nse89D9.tmp\7z-out\locales\th.pak
| MD5 | b60a9df804f0f3b0f1c11f1d6bd9ba7e |
| SHA1 | 104970e408e1a138cac373d2938691f82ee8e52b |
| SHA256 | 6cf15aee57658d55ea0ff07dae2fbad7981093e7acf54014347307e3bd1aad08 |
| SHA512 | ebd852b91b37b53f40f0e7e987d3814a3f7f273a6291ba18b4c6df9def01c9ec879e067bf542f0ad2efb1755af1180ac5a51d772ec61529eddd1d1e80c3c2e82 |
C:\Users\Admin\AppData\Local\Temp\nse89D9.tmp\7z-out\locales\te.pak
| MD5 | 352b392c6e074a1b77a833b3534cc710 |
| SHA1 | 49465bb9bfd3b82ceacda34e81be8e04f20e275e |
| SHA256 | 4f565637cf197a38c3f2a650cdfac05995fee8da2b9216998ab3ef7937ce7e74 |
| SHA512 | b9115987bef17dc05ff4c434d5dcee3e36c706015cf02592c154b60910bf86de578becf8470967bfcc7a28063155be6934f0d26713bd6f14ae4e3d637b4df69c |
C:\Users\Admin\AppData\Local\Temp\nse89D9.tmp\7z-out\locales\ta.pak
| MD5 | d23049c7d1e0f829ad88274784927547 |
| SHA1 | efaa69205c4811af251d7ccaaa9c7cf81c10d6c2 |
| SHA256 | 9e3e0c909becc8bdf9c7cc1f9e401c464e7756e30369d40c709ea2dd942660c9 |
| SHA512 | 839b2323bc02ca605354d7f23474b9de1a9525fdfc9814d5773984090d1dee8dbd925078687bfdfffb416666701e42513e3bdee8aedfc3281194aa18e9e33ad7 |
C:\Users\Admin\AppData\Local\Temp\nse89D9.tmp\7z-out\locales\sv.pak
| MD5 | 69fc76751f44f10e32009b09268f2e38 |
| SHA1 | 66d31349c8f5acedfe384f9525b6db4bed9acd4e |
| SHA256 | a851c7537b895145f45f395c92ca273610f19f109c959b368672a5a92175aa83 |
| SHA512 | c9912382da93d3669832a77c66a64232b438eb6fa4ca6bc2243b0c11dbedef940f45d290fc6934312e3a1ce396f7b14821ce433388132e0e8634c1fa7400dad0 |
C:\Users\Admin\AppData\Local\Temp\nse89D9.tmp\7z-out\locales\sr.pak
| MD5 | 6f327ce1d0e7131c483be9ee0c6a1c21 |
| SHA1 | 26da43c4b16b6b0e2de9a8ed85cd63c202acf00a |
| SHA256 | 068c3f92a20c5202b592e26078d6aca908d39e2fc325a605166e7235a73366b2 |
| SHA512 | f36b99a76130f08d8c3f2c98add812f6a1a0815d4f895c697486a195bf04b8f43e591c73da34cfb40c07d9153466ea727dc644b9f9424cd4fc4b021d1a98f215 |
C:\Users\Admin\AppData\Local\Temp\nse89D9.tmp\7z-out\locales\sl.pak
| MD5 | 4072bad3315b78fd05787a9fb97e9af6 |
| SHA1 | 267209a3bde1b362351ea473874d5d40d9ef30ed |
| SHA256 | 10676c91bac7b80d314a1d7a934bebc5104ed730bd4eb78d84c497f7e07b5510 |
| SHA512 | 9a858d4d11f7476b030f3c9bb852a70ae501f34afa0eae2756f2ad59d8dab9983a4b5dffa11b9b7eb578fd52b3ed72094b807b82b93b4c4536ce59309fc0fab3 |
C:\Users\Admin\AppData\Local\Temp\nse89D9.tmp\7z-out\resources\app.asar
| MD5 | feba07fa3221979f9961c5d5c24e508d |
| SHA1 | b316be8390e8558fd607ffa3d08acfa65c0be008 |
| SHA256 | 7f7b8986bfcf882d8d13d299db2bdf4b971084202d499d77a070d13ad8b20f85 |
| SHA512 | 2ff94d45be7239563ac9fca3a62a2ebea59e39c0451e114b9e291b228cf573116eb1e9049cf966382c172b79c215f00fcc0d97841641d54ef6ff8475e4ac61e3 |
C:\Users\Admin\AppData\Local\Temp\nse89D9.tmp\7z-out\resources\app.asar.unpacked\node_modules\sqlite3\src\threading.h
| MD5 | f2a075d3101c2bf109d94f8c65b4ecb5 |
| SHA1 | d48294aec0b7aeb03cf5d56a9912e704b9e90bf6 |
| SHA256 | e0ab4f798bccb877548b0ab0f3d98c051b36cde240fdf424c70ace7daf0ffd36 |
| SHA512 | d95b5fda6cb93874fe577439f7bd16b10eae37b70c45ae2bd914790c1e3ba70dfb6bda7be79d196f2c40837d98f1005c3ed209cab9ba346ada9ce2ed62a87f13 |
C:\Users\Admin\AppData\Local\Temp\nse89D9.tmp\7z-out\resources\app.asar.unpacked\node_modules\sqlite3\src\statement.h
| MD5 | 0b81c9be1dc0ff314182399cdc301aea |
| SHA1 | 7433b86711d132a4df826bae80e58801a3eb74c9 |
| SHA256 | 605633ba0fb1922c16aa5fbfffed52a097f29bf31cee7190d810c24c02de515b |
| SHA512 | 9cf986538d048a48b9f020fc51f994f25168540db35bdb0314744fdec80a45ba99064bc35fe76b35918753c2886d4466fdd7e36b25838c6039f712e5ac7d81b3 |
memory/2524-686-0x0000000002DB0000-0x0000000002DB2000-memory.dmp
\Users\Admin\AppData\Local\Temp\nse89D9.tmp\WinShell.dll
| MD5 | 1cc7c37b7e0c8cd8bf04b6cc283e1e56 |
| SHA1 | 0b9519763be6625bd5abce175dcc59c96d100d4c |
| SHA256 | 9be85b986ea66a6997dde658abe82b3147ed2a1a3dcb784bb5176f41d22815a6 |
| SHA512 | 7acf7f8e68aa6066b59ca9f2ae2e67997e6b347bc08eb788d2a119b3295c844b5b9606757168e8d2fbd61c2cda367bf80e9e48c9a52c28d5a7a00464bfd2048f |
C:\Users\Admin\AppData\Local\Temp\nse89D9.tmp\7z-out\resources\app.asar.unpacked\node_modules\sqlite3\src\macros.h
| MD5 | b60768ed9dd86a1116e3bcc95ff9387d |
| SHA1 | c057a7eebba8ce61e27267930a8526ab54920aa3 |
| SHA256 | c25be1861bd8e8457300b218f5fa0bba734f9d1f92b47d3b6ab8ee7c1862ccbe |
| SHA512 | 84e0670128f1d8712e703b6e4b684b904a8081886c9739c63b71962e5d465ac569b16cb0db74cb41dc015a64dcc1e3a9a20b0cf7f54d4320713cc0f49e0f7363 |
C:\Users\Admin\AppData\Local\Temp\nse89D9.tmp\7z-out\resources\app.asar.unpacked\node_modules\sqlite3\src\gcc-preinclude.h
| MD5 | 55a9165c6720727b6ec6cb815b026deb |
| SHA1 | e737e117bdefa5838834f342d2c51e8009011008 |
| SHA256 | 9d4264bb1dcbef8d927bb3a1809a01b0b89d726c217cee99ea9ccfdc7d456b6f |
| SHA512 | 79ed80377bfb576f695f271ed5200bb975f2546110267d264f0ab917f56c26abf6d3385878285fe3e378b254af99b59bdb8bbcab7427788c90a0460eb2ee5b77 |
C:\Users\Admin\AppData\Local\Temp\nse89D9.tmp\7z-out\resources\app.asar.unpacked\node_modules\sqlite3\src\database.h
| MD5 | de31ab62b7068aea6cffb22b54a435bb |
| SHA1 | 7fd98864c970caa9c60cfc4ce1e77d736b5b5231 |
| SHA256 | 8521f458b206ed8f9bf79e2bd869da0a35054b4be44d6ea8c371db207eccb283 |
| SHA512 | 598491103564b024012da39ac31f54cf39f10da789cd5b17af44e93042d9526b9ffd4867112c5f9755cb4ada398bf5429f01dda6c1bbc5137bea545c3c88453b |
C:\Users\Admin\AppData\Local\Temp\nse89D9.tmp\7z-out\resources\app.asar.unpacked\node_modules\sqlite3\src\backup.h
| MD5 | 29dd2fca11a4e0776c49140ecac95ce9 |
| SHA1 | 837cfbc391c7faad304e745fc48ae9693afaf433 |
| SHA256 | 556ba9af78010f41bc6b5b806743dc728bc181934bf8a7c6e5d606f9b8c7a2e9 |
| SHA512 | 5785667b9c49d4f4320022c98e0567a412b48a790c99569261c12b8738bde0b4949d3998e2b375540ede2ff1d861cad859780ade796b71d4d1d692e1ed449021 |
C:\Users\Admin\AppData\Local\Temp\nse89D9.tmp\7z-out\resources\app.asar.unpacked\node_modules\sqlite3\src\async.h
| MD5 | e8c5e5c02d87e6af4455ff2c59c3588b |
| SHA1 | a0de928c621bb9a71ba9cf002e0f0726e4db7c0e |
| SHA256 | cce55c56b41cb493ebd43b232ff8ffc9f5a180f5bab2d10372eca6780eb105f6 |
| SHA512 | ed96889e0d1d5263fb8fed7a4966905b9812c007fbb04b733cadbe84edc7179015b9967ff5f48816ff2c97acf4a5b4792a35cee1f8fce23e5fdc797f8ee0c762 |
C:\Users\Admin\AppData\Local\Temp\nse89D9.tmp\7z-out\resources\app.asar.unpacked\node_modules\sqlite3\lib\trace.js
| MD5 | e5c2de3c74bc66d4906bb34591859a5f |
| SHA1 | 37ec527d9798d43898108080506126b4146334e7 |
| SHA256 | d06caec6136120c6fb7ee3681b1ca949e8b634e747ea8d3080c90f35aeb7728f |
| SHA512 | e250e53dae618929cbf3cb2f1084a105d3a78bdfb6bb29e290f63a1fd5fbb5b2fab934ad16bc285e245d749a90c84bdc72fdc1a77af912b7356c18b0b197fbe5 |
C:\Users\Admin\AppData\Local\Temp\nse89D9.tmp\7z-out\resources\app.asar.unpacked\node_modules\sqlite3\lib\sqlite3.js
| MD5 | 275019a4199a84cfd18abd0f1ae497aa |
| SHA1 | 8601683f9b6206e525e4a087a7cca40d07828fd8 |
| SHA256 | 8d6b400ae7f69a80d0cdd37a968d7b9a913661fa53475e5b8de49dda21684973 |
| SHA512 | 6422249ccd710973f15d1242a8156d98fa8bdea820012df669e5363c50c5d8492d21ffefcdfa05b46c3c18033dde30f03349e880a4943feda8d1ee3c00f952b0 |
C:\Users\Admin\AppData\Local\Temp\nse89D9.tmp\7z-out\resources\app.asar.unpacked\node_modules\sqlite3\lib\sqlite3-binding.js
| MD5 | 8582b2dcaed9c5a6f3b7cfe150545254 |
| SHA1 | 14667874e0bfbe4ffc951f3e4bec7c5cf44e5a81 |
| SHA256 | 762c7a74d7f92860a3873487b68e89f654a21d2aaeae9524eab5de9c65e66a9c |
| SHA512 | 22ec4df7697322b23ae2e73c692ed5c925d50fde2b7e72bfc2d5dd873e2da51834b920dea7c67cca5733e8a3f5e603805762e8be238c651aa40290452843411d |
C:\Users\Admin\AppData\Local\Temp\nse89D9.tmp\7z-out\resources\app.asar.unpacked\node_modules\sqlite3\deps\sqlite3.gyp
| MD5 | 0e4d1d898d697ec33a9ad8a27f0483bf |
| SHA1 | 1505f707a17f35723cd268744c189d8df47bb3a3 |
| SHA256 | 8793f62b1133892ba376d18a15f552ef12b1e016f7e5df32ffb7279b760c11bd |
| SHA512 | c530aba70e5555a27d547562d8b826b186540068af9b4ccd01483ec39f083a991ac11d0cc66f40acaa8b03d774080f227ee705a38995f356a14abe6e5f97b545 |
C:\Users\Admin\AppData\Local\Temp\nse89D9.tmp\7z-out\resources\app.asar.unpacked\node_modules\sqlite3\deps\sqlite-autoconf-3440200.tar.gz
| MD5 | c02f40fd4f809ced95096250adc5764a |
| SHA1 | 8398dd159f3a1fd8f1c5edf02c687512eaab69e4 |
| SHA256 | 1c6719a148bc41cf0f2bbbe3926d7ce3f5ca09d878f1246fcc20767b175bb407 |
| SHA512 | 59ad55df15eb84430f5286db2e5ceddd6ca1fc207a6343546a365c0c1baf20258e96c53d2ad48b50385608d03de09a692ae834cb78a39d1a48cb36a05722e402 |
C:\Users\Admin\AppData\Local\Temp\nse89D9.tmp\7z-out\resources\app.asar.unpacked\node_modules\sqlite3\deps\extract.js
| MD5 | f0a82a6a6043bf87899114337c67df6c |
| SHA1 | a906c146eb0a359742ff85c1d96a095bd0dd95fd |
| SHA256 | 5be353d29c0fabea29cfd34448c196da9506009c0b20fde55e01d4191941dd74 |
| SHA512 | d26879f890226808d9bd2644c5ca85cc339760e86b330212505706e5749464fafad1cb5f018c59a8f034d68d327cd3fa5234ceac0677de1ac9ae09039f574240 |
C:\Users\Admin\AppData\Local\Temp\nse89D9.tmp\7z-out\resources\app.asar.unpacked\node_modules\sqlite3\deps\common-sqlite.gypi
| MD5 | 0ad55ae01864df3767d7b61678bd326e |
| SHA1 | ffedcc19095fd54f8619f00f55074f275ceddfd6 |
| SHA256 | 4d65f2899fb54955218f28ec358a2cad2c2074a7b43f862933c6a35e69ae0632 |
| SHA512 | aaee895d110d67e87ed1e8ed6557b060a0575f466a947a4f59cc9d111381e1af6aa54d432233716c78f146168d548a726fed1eab2b3f09bb71e0ae7f4fdc69e3 |
C:\Users\Admin\AppData\Local\Temp\nse89D9.tmp\7z-out\resources\app.asar.unpacked\node_modules\sqlite3\build\Release\node_sqlite3.node
| MD5 | 66a65322c9d362a23cf3d3f7735d5430 |
| SHA1 | ed59f3e4b0b16b759b866ef7293d26a1512b952e |
| SHA256 | f806f89dc41dde00ca7124dc1e649bdc9b08ff2eff5c891b764f3e5aefa9548c |
| SHA512 | 0a44d12852fc4c74658a49f886c4bc7c715c48a7cb5a3dcf40c9f1d305ca991dd2c2cb3d0b5fd070b307a8f331938c5213188cbb2d27d47737cc1c4f34a1ea21 |
C:\Users\Admin\AppData\Local\Temp\nse89D9.tmp\7z-out\resources\app.asar.unpacked\node_modules\sqlite3\package.json
| MD5 | 174bf28fccd7fdb6f0766f31fac3060d |
| SHA1 | 655f465658957fbdf935fcb7df0b97c93807147b |
| SHA256 | 91008a93e604674024bd65569670af5b01f1e4caf86cde50835ee58f59a5dc61 |
| SHA512 | fa1be386a3d74767731aa5ad44ff4d89fb456e7feabde2a6e6f238ed4608a80962cadd6b7ff96f15e306a8e819221b66051fa5a7b0658ad52a2efb488492ff83 |
C:\Users\Admin\AppData\Local\Temp\nse89D9.tmp\7z-out\resources\app.asar.unpacked\node_modules\sqlite3\LICENSE
| MD5 | 79558839a9db3e807e4ae6f8cd100c1c |
| SHA1 | ae3dbcee04c86fbc589fcf2547d4aaaeb41db3c2 |
| SHA256 | 7686f81e580cd6774f609a2d8a41b2cebdf79bc30e6b46c3efff5a656158981c |
| SHA512 | b42c93f2b097afa6e09d79ed045b4dd293df2c29d91dda5dda04084d3329b721a6aa92a6ad6714564386a7928e9af9195ac310deecd37a93bb04b6a6f744be46 |
C:\Users\Admin\AppData\Local\Temp\nse89D9.tmp\7z-out\resources\elevate.exe
| MD5 | 792b92c8ad13c46f27c7ced0810694df |
| SHA1 | d8d449b92de20a57df722df46435ba4553ecc802 |
| SHA256 | 9b1fbf0c11c520ae714af8aa9af12cfd48503eedecd7398d8992ee94d1b4dc37 |
| SHA512 | 6c247254dc18ed81213a978cce2e321d6692848c64307097d2c43432a42f4f4f6d3cf22fb92610dfa8b7b16a5f1d94e9017cf64f88f2d08e79c0fe71a9121e40 |
C:\Users\Admin\AppData\Local\Temp\nse89D9.tmp\7z-out\locales\sk.pak
| MD5 | f987110e03dff6a6104d3c9767139439 |
| SHA1 | 0817884ab9064978de99909e7e376d067019e1b9 |
| SHA256 | 4fabe714236712d691908751b42e947fb03a4b1a439e7a84335e7f18f87625e3 |
| SHA512 | 91a609fa129394ae23590c72a6007bb6591e4e08342ff0d6ba184c8eb09413ed294ca15f13b92f7558823523a0272f5af6841d7e426177c803be1062f9842d9b |
C:\Users\Admin\AppData\Local\Temp\nse89D9.tmp\7z-out\locales\ru.pak
| MD5 | 8243216c5cf42451a8705fdc0a5b8b5c |
| SHA1 | 76decf1dfffdc775c5b285436573c8583f214119 |
| SHA256 | f6538645321dfa0f2ee3f17284ff72800f6a678df3f5b7d729d02a4496adcce1 |
| SHA512 | 508c9b4d81b9d09a1306dfe707faaac9072d2c194ccddccbad2bed871c68a78a3e8f527fd8f9ee67d08f6147def43ac2dc43deed9797a98cb5d80c0486fbf8ad |
C:\Users\Admin\AppData\Local\Temp\nse89D9.tmp\7z-out\locales\ro.pak
| MD5 | 5d5a27c52ae905fd85f5d50cb793e7ca |
| SHA1 | b858bba1ef66c4d3943be19a4bf8a508c23e6671 |
| SHA256 | 9ff47f6890b3f543bc51015f263e791d8a3bc332098f8cd8199852fa131fa579 |
| SHA512 | f4754951ff0dd3f1ec2c0859a93422330145f9e4e3407bb7f95863c85227b96d3f8af449c0a051b60f333df3695eea5df70fd5f7fe4916e60eb6f7c4c21aa5e2 |
C:\Users\Admin\AppData\Local\Temp\nse89D9.tmp\7z-out\locales\pt-PT.pak
| MD5 | 62071f5b1b93161b03b66faa3e0ec71a |
| SHA1 | 969d82d8d0b2b82e7cb9af7f59825ba211b0ca8f |
| SHA256 | 953f8245585ebb637b2d2134b24118f2baa9c28211ea007a8605fa57c7df21f5 |
| SHA512 | b463844e7d620076a4cc11d5ad3e9aae52f0375f5eea16f5621a30043ba570baaf3c42050bff7d740eb9bd8274c190787a9d7d57bcffddba62eaaa8b7c4523bb |
C:\Users\Admin\AppData\Local\Temp\nse89D9.tmp\7z-out\locales\pt-BR.pak
| MD5 | 75d9da45b6a34aed360c0897dc956418 |
| SHA1 | 90f15ceb5cf0cbaef021de42acaae323c9023cb8 |
| SHA256 | 77d29b746b4028ae7072d5f74ffe1cbdc66b180a36eeed71e52ef1f7b824cddf |
| SHA512 | df2d0ef49e4f836d5209f53254cb58b76d13a36eee14ae559f6fbe0be6b8421cde4152f48d44997c81ffb32e089ea46bd4a9de85e1bbd12dfcdcb356f1798629 |
C:\Users\Admin\AppData\Local\Temp\nse89D9.tmp\7z-out\locales\nl.pak
| MD5 | f4c35847247ff2c58a68c35718e3f358 |
| SHA1 | 17f8af1473eb3bf8bdb3d16711bb359b59cbaf4a |
| SHA256 | a400121adbb26c97a95e3f573f370ec2c37fd435132828c04b467dac47352904 |
| SHA512 | 6179e275c71a9df4a7da517944048a782a2cb3f16c164ead8c788efc5c56e155c9770530a4fea9360ab478b78c233e183ee8afdf17c8cb871848b09a609c1f12 |
C:\Users\Admin\AppData\Local\Temp\nse89D9.tmp\7z-out\locales\nb.pak
| MD5 | bc18e28f676138795d19d95e73e3f246 |
| SHA1 | f4ae51b49a69b4a32f2dd8c09784ebde1e6d018a |
| SHA256 | 1df78fd35431f167def5c496e441775a265d3eb1e64a4cc0fb7fe0201c1ce8b8 |
| SHA512 | 3620554d7e614373038c278a7bc6a9388fb66abbeba28d0935f2a2f7203a8510b264a6df85e70e3b82e08588611e48a64e4e1c91470f72c95c05cfb8649e8c52 |
C:\Users\Admin\AppData\Local\Temp\nse89D9.tmp\7z-out\locales\ms.pak
| MD5 | 04f12811567c0f00bb35b488f4579425 |
| SHA1 | 64f43b7b172e392daf1fe48e22324fd8dc2a3924 |
| SHA256 | 1af4b9a66ca413dc3a0785f2b1527c237bdd05ba5768fe077aaf8af0f1c50dff |
| SHA512 | a03fd120e9f31aab03fece30032f84b63060d5dd264e0bf04c85eb92a392d36a0c4122817b0d414a266305ad70efb067319aba38e100aa8c37ab65c3604c4ea6 |
C:\Users\Admin\AppData\Local\Temp\nse89D9.tmp\7z-out\locales\mr.pak
| MD5 | af7c7d72a968e1936f26a3c755157f6b |
| SHA1 | 2ec71950847f5fb4b85697b6acd05224c28bb092 |
| SHA256 | e5702b9578435abbbcc922f1d4ff8c5a345856926c2174c329e228987c3ac7d5 |
| SHA512 | d265eeee96adafc3ced76901c9263bc1cb349caf925a02d5deb010c02843fb653a17e1e8a4e942c9912f654316c4a7a1776e6a7eda56ab82ae9d4d077a58a929 |
C:\Users\Admin\AppData\Local\Temp\nse89D9.tmp\7z-out\locales\ml.pak
| MD5 | 265d7fbee9a021895d51209dc0181f90 |
| SHA1 | 30e37013971bacd3ee93ad2fca01cb59a26d6a87 |
| SHA256 | 682463d4a0221711e565ecf409893536d727650efd2ed0563c722cceab66b1ad |
| SHA512 | 028e1ad499b20ff7cda822b91f9b8d1cbb1efe108b7236d817b73a6f8e518b5f4a8ae77d653ae5c9d799842eaee3915250ef56f634f847fc5fc8a3b36eea176c |
C:\Users\Admin\AppData\Local\Temp\nse89D9.tmp\7z-out\locales\lv.pak
| MD5 | df9985ecfc958f343ab7e56e71149d71 |
| SHA1 | fc0d2c4a194d500a1f4cfafcd9102186016ba5a3 |
| SHA256 | 7e17246e23ca2d0241d56d91b5d5e6bfb3ff4e08f1a3734f9d032b4191282fa2 |
| SHA512 | 0dd65eed7a5bccee0ac5e2826f0cceed848dff0d0d41904e00d35cec9d96fc0b91a4eb54fbcf0bbba61f89848562a606f9f7aa827cb180abe7e97a2e77a29309 |
C:\Users\Admin\AppData\Local\Temp\nse89D9.tmp\7z-out\locales\lt.pak
| MD5 | b02bf54687716b5d5f18aee02411a980 |
| SHA1 | 4cf766077382c49fb89d59d861de0f482f989798 |
| SHA256 | 0b0e3fcb82ddca52f9eb1ff9e1ee224639ff81f1c0af6ded4e21944811babc0b |
| SHA512 | aea879ac96a5719e8988011a7b82726bf51a24e170e260182146191f43914cd50991928d2283277d173ad650f7cfb1246fad9445260e9ca0769052079d431f25 |
C:\Users\Admin\AppData\Local\Temp\nse89D9.tmp\7z-out\locales\ko.pak
| MD5 | f0805980b4bba19fd7cecdae6d6ed77d |
| SHA1 | fee432cc162890c5c8d22f6028f9086c8f47267d |
| SHA256 | 11f4f99e5f7d04b263f615d9d0716c0852b8c63a07212d14604373853aa78588 |
| SHA512 | 03a97e36dbcae88b0fa9fec326bd99bf5c454889ca3bcf151b34003fac161001c1e08082b07974b6c8e01cc54f6b20f810c3bbe446494356403288e24e6b46df |
C:\Users\Admin\AppData\Local\Temp\nse89D9.tmp\7z-out\locales\kn.pak
| MD5 | e4865513d7c57bd48171ade28bc4aaa4 |
| SHA1 | 1791131c3fc654bc0aef00927f41672f700720d7 |
| SHA256 | a1b23f794547f06510adf767b23a47df68ae864b059f8657bb78dd8b352de232 |
| SHA512 | c7487fb37ebb2108218021b6a93e62d6836248d1602e7847864cc0ebe7fcd87554220bd3fff0c7bd6fa6f7bd200811b8d30e421b76717e37c7e110f88cc40d15 |
C:\Users\Admin\AppData\Local\Temp\nse89D9.tmp\7z-out\locales\ja.pak
| MD5 | 946afe803f1bd37cac8cefb9892e8387 |
| SHA1 | 6a5ab4129843129ff926735acc4be53028a8d5bd |
| SHA256 | 91084c3d2709fed5c912fd55b2499c394b3a8ebba5032d03056845f88a141ffa |
| SHA512 | 4bbc76a738b9639d4a2fda9e1dc87c84bff660c84a01e3a54f544ec2421d20d9eee4c951a59ff8ed5950a00359bfb63ef1afe953b5cf5910923428a4d864ad71 |
C:\Users\Admin\AppData\Local\Temp\nse89D9.tmp\7z-out\locales\id.pak
| MD5 | ee466128c7bd5f01d518d0c3c9202f39 |
| SHA1 | 74b7cb96c1e495885651e50907efe56d2567955f |
| SHA256 | 6f86ea779e49c8eb24ed6ba416ad67d5e08f8a3673c68e4cfad19475e12a2911 |
| SHA512 | 9d88780e52c1cca9f89ed0ead244a763209848d1315f7177c1db3251214d363e78b32d439328304976804beb781fd07a0cc9f9e300431aca16ae6afaa6f57be6 |
C:\Users\Admin\AppData\Local\Temp\nse89D9.tmp\7z-out\locales\hu.pak
| MD5 | 1744609aa48694daf1058e6da1157696 |
| SHA1 | a97ba8118e91bb952c24adf19104ca54d4eb8694 |
| SHA256 | 89c47beea85d50c88af6f94597f827bfa657ec73570cb4b3ffbc3ff91164ba89 |
| SHA512 | f64c8fd18f877283bef39c999f754ddc212fc8ba981d282f66443c6fea51e89a5c4a2aa37aae7b69c35a60bdf9b8f5698d2cc72e28e10d70747ce0f7d665ce8d |
C:\Users\Admin\AppData\Local\Temp\nse89D9.tmp\7z-out\locales\hr.pak
| MD5 | 62bda7cc99b6dc1503332e752f87423f |
| SHA1 | 0187ca29d12971ce201d5513e45648898806d701 |
| SHA256 | 4171bbd2229ed5a7638b74e32d7aa0e643cbc99051d92a80e7da5a31400ae69c |
| SHA512 | 6acdc6618bfb1d2ba7ce912f959c25a48f987dc6c6507c8c5bac22988ddb8b2cbb8aca8fc3d40b2e8b7b6fbd417bde2de34b91b8fc778ba78c182aedb722be06 |
C:\Users\Admin\AppData\Local\Temp\nse89D9.tmp\7z-out\locales\hi.pak
| MD5 | cbf1e19ed157d39bfe70a17805ea3cc3 |
| SHA1 | e37f6f428e8478f50999899ce70f49e60d2fd758 |
| SHA256 | 00670d07269facbd70e3949f3da5a73f584e08a6e901ac8a3b1767fc439c975a |
| SHA512 | 84f8af3ef49c8f970e7ac2ad61ec92fc21057767afb93116fbc11837b6d7130901245bcfcae53f158f6f09f3a8e59900a6444a5ba9364b2c38196631c5244258 |
C:\Users\Admin\AppData\Local\Temp\nse89D9.tmp\7z-out\locales\he.pak
| MD5 | 41227774510c0d2ea4637dbffe500000 |
| SHA1 | 3d8a20158dee92d5b5ce1a2c852352a50ae62282 |
| SHA256 | 90f11a1c09fcc4a5fd5d6f753bea04af93ff8ddf4372a5f84a15fc2ccb444c95 |
| SHA512 | 40e8a5d8c3e1b481074da9bb48ad82a64849386d9512ecee8fd426d6def32a8930fab316e3c5d686d7706b6bc975913d7d75e69a0c150b74dc8bb45620e82140 |
C:\Users\Admin\AppData\Local\Temp\nse89D9.tmp\7z-out\locales\fr.pak
| MD5 | 1904b22bbb5d52255f80c541253971ba |
| SHA1 | 0ead9bd15bd115775728a6cada2136367fe34b87 |
| SHA256 | 25eb9ea0d0007b5d4c5065fb77486c723d718a1496aa52013d1ea098987f44d0 |
| SHA512 | 6d4f4a9dde7d22624ef3c28e4cf4a8de8255125aca0c5efca0bae69f040aed2651649f415acdf491593634adce0e4d88ee6439705115bfec25caae34a57f1003 |
C:\Users\Admin\AppData\Local\Temp\nse89D9.tmp\7z-out\locales\fil.pak
| MD5 | 4462eeada117fea1198a3a9cc370e8df |
| SHA1 | c8b6f588ab35f485b88480e58db59c7a34c4ef0b |
| SHA256 | db27ebc5b34d14be370e7068b4bab4fe12fdf090bc1a4f0bad81740aee974695 |
| SHA512 | 8a69a11f33ce1fdccb3aa7b1dac981f9d6c9d64669e3f97265bef5862e20bbc62d568b8e64fa33cae3143096b009ecb904f0f32f6dc593a8702f94d4e3f52d20 |
C:\Users\Admin\AppData\Local\Temp\nse89D9.tmp\7z-out\locales\fi.pak
| MD5 | 15b4ed60de11e5fb956d624032e8b242 |
| SHA1 | 94e7f2b7a62c4164511be53d59769299b8a02185 |
| SHA256 | f040febcc899b194a6908419b4bc225ed3d53ec478988ed7a50e8438c80d9606 |
| SHA512 | c67e22f75820b921f8519ddf064a0fd7d93abf0539b06a62592ad00ba9cc237b1297acf5eba15f7e1444916e90c9dc89e116704866d242d1bdcf0c90cb8c0058 |
C:\Users\Admin\AppData\Local\Temp\nse89D9.tmp\7z-out\locales\fa.pak
| MD5 | 99ce096115521566ffc685703f9cdbfd |
| SHA1 | 27cccf6b8f6939d17da4b884998e577392b97221 |
| SHA256 | 645a43a0101eea39dc6b29ffd71a4836a03ebd7070e61aa962025257aea59375 |
| SHA512 | 42df640778ae722b82a62e527711a57c883e9d315d54ea7e484d7a8f631abf3f5ea1498d6c5cbd004fe971fd357a0b8d40ab4934fc84e03565da3fb0b23184c8 |
C:\Users\Admin\AppData\Local\Temp\nse89D9.tmp\7z-out\locales\es.pak
| MD5 | 070cbd6f42db1cb9b6a2f74e03d6b124 |
| SHA1 | f8830e1c8a601123d85fd75188ed01833f910691 |
| SHA256 | 91de93a4dc9c9276b9ee3ae498bdafaa55fd464c1f20fdaca84c4b79842327d4 |
| SHA512 | 2ebee4e289eb2a19a97c86d1abdc1ad53c6a76b8c1dc28fc89cfde236c4abfbb823bf52573cc0848fd76ed9e0ab2d49def542837bc5c474ca1593fb5ed10a390 |
C:\Users\Admin\AppData\Local\Temp\nse89D9.tmp\7z-out\locales\es-419.pak
| MD5 | 76c82bd947c7d32febb2aeed079de39f |
| SHA1 | e4b8238dcb0d3ffdedbb8a4fdc62ada21b03c659 |
| SHA256 | 89df263a85ccce719cf2b1a5bfb3b2bec5f6f48d0cf1b7ad190b34992aa8309f |
| SHA512 | 5179f1cc0be2a4ad441c08102cbabdd3026ae07f430dfeac2f451863235947d9ff1ef78a8c72ef503085c8daf831b401a58ca6e6b077c7584c50b50005c7c868 |
C:\Users\Admin\AppData\Local\Temp\nse89D9.tmp\7z-out\locales\en-US.pak
| MD5 | d47cded365a28d27906414035c1cb3ca |
| SHA1 | 429123c86f6ca48a89bedc9a26027e01508e6db9 |
| SHA256 | 46958caf9847e33a11593ad024d5a95cc696edcd4620cf07e7b2b78c72b9c00c |
| SHA512 | 1a16d784913fead116460c9ff42e21ae482865cfe2d6ed1b1296496e46a05e513f8d048fa4d245e7a82ef61de4c4130696d5b1c647c918995f6877a888bd0853 |
C:\Users\Admin\AppData\Local\Temp\nse89D9.tmp\7z-out\locales\en-GB.pak
| MD5 | 513c735f8821cd5b8beee4f1c9f976d9 |
| SHA1 | 2552ec0b813aa12b464d813d450e8b6bbc640555 |
| SHA256 | d86bc52d844b9706cf9fc50e7c123ab9a6372dd3190a65a88bff7d57f64af362 |
| SHA512 | 9482f73155c0a838615ddeb4ea5e2db86f12d973c2288922f361de27025f49f714cb6db6eca09a4ef6abaab6b849800850fc72e5bd1314ad3262da66d4dc6b5b |
C:\Users\Admin\AppData\Local\Temp\nse89D9.tmp\7z-out\locales\el.pak
| MD5 | 14f52763959d29febddbe25c86336e70 |
| SHA1 | dbde678a721d4fba97d5bf2703faac230794128c |
| SHA256 | 7134776724c07c2df17f6ba0c3c26a2a536d512e913d1d9c5585e600895e695a |
| SHA512 | 1f49a299a9fe76ab93a30ac17e1bbf3eddb20c6278740d7739e0044f867f35e65a0cd98654ab0ed60a43e268eb7258768cb8f35a254fbf31bf22ff4af7c3f96d |
C:\Users\Admin\AppData\Local\Temp\nse89D9.tmp\7z-out\locales\da.pak
| MD5 | 96bbef1eee0b0a197ec834839c00e11c |
| SHA1 | 35adba0aafbb4d19015e11dde1f37de87292252d |
| SHA256 | 600e02877374dc083b21deb3cc3bf6a4e3e2b2c581a631955494b0591c56289c |
| SHA512 | e1ae7ad30735b6c42f81d30d50162330603753b0ce7705506918d0bf3bf9a52ac60f8fca570cdfe87f0d6dd46cfa3064d5a1526d39d81a053571b434b1cbffe1 |
C:\Users\Admin\AppData\Local\Temp\nse89D9.tmp\7z-out\locales\ca.pak
| MD5 | d4f81d8d816d93e8e6ec3f82cd8f12c4 |
| SHA1 | 2cc552022a6963f6bab97e41ecd78bb945a2ec34 |
| SHA256 | 50657071f311dc06c746346a25d10642f182519c1eb3ab898421722271bf2c66 |
| SHA512 | b344d5b336699f5efa4e235c7f67ea43278b348df9942f7a86ac52e29172794672d71e80501987867900ca075be0e47228f6cb898a39b66c80acbd0d9b14b371 |
C:\Users\Admin\AppData\Local\Temp\nse89D9.tmp\7z-out\locales\af.pak
| MD5 | 09455048c30cecbb17d6e0e95e4c01da |
| SHA1 | 6572850b07df45933ed57754f72c44895a7ef662 |
| SHA256 | e973763dcc0ffd7a5afe0a62ec9651c4c3db7fe29a23797fafc34b83512d03aa |
| SHA512 | f59b68c213815ad81379c964abe6597b900b9fac5fe17e2cb378d015c4803f96b598ef70333d594599b3283a88a9ca9cb2475afc2590eda2ddf7b041ba2368e3 |
Analysis: behavioral9
Detonation Overview
Submitted
2024-09-22 06:26
Reported
2024-09-22 06:30
Platform
win7-20240903-en
Max time kernel
120s
Max time network
132s
Command Line
Signatures
Program crash
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Windows\SysWOW64\rundll32.exe |
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\rundll32.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\WinShell.dll,#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\WinShell.dll,#1
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2776 -s 224
Network
Files
Analysis: behavioral10
Detonation Overview
Submitted
2024-09-22 06:26
Reported
2024-09-22 06:30
Platform
win10v2004-20240910-en
Max time kernel
139s
Max time network
155s
Command Line
Signatures
Program crash
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Windows\SysWOW64\rundll32.exe |
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\rundll32.exe | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 3928 wrote to memory of 3264 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
| PID 3928 wrote to memory of 3264 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
| PID 3928 wrote to memory of 3264 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\WinShell.dll,#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\WinShell.dll,#1
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 444 -p 3264 -ip 3264
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3264 -s 612
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 196.249.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 83.210.23.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 136.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 55.36.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 217.106.137.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.86.106.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.23.12.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 48.229.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 10.27.171.150.in-addr.arpa | udp |
Files
Analysis: behavioral24
Detonation Overview
Submitted
2024-09-22 06:26
Reported
2024-09-22 06:30
Platform
debian9-mipsbe-20240729-en
Max time kernel
0s
Command Line
Signatures
Processes
/tmp/sqlite-autoconf-3440200/Makefile.fallback
[/tmp/sqlite-autoconf-3440200/Makefile.fallback]
Network
Files
Analysis: behavioral30
Detonation Overview
Submitted
2024-09-22 06:26
Reported
2024-09-22 06:30
Platform
win7-20240708-en
Max time kernel
120s
Max time network
123s
Command Line
Signatures
Processes
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\sqlite-autoconf-3440200\configure.vbs"
Network
Files
Analysis: behavioral11
Detonation Overview
Submitted
2024-09-22 06:26
Reported
2024-09-22 06:30
Platform
win7-20240708-en
Max time kernel
133s
Max time network
132s
Command Line
Signatures
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{DAC60531-78AB-11EF-9FF1-E28DDE128E91} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000a3d5a058b71c4645a1a6b8b9d2c7fb47000000000200000000001066000000010000200000001b8eaaffde17a1fa2746b34cd11fea8618d87133f98954dac6b4ff3a9d12500c000000000e800000000200002000000046feb396b8771ff5c5bb5f5c9e22827fedc70fe04de957f99f32a26e6a56cb2b9000000044fc5c621bda835066987e643d9e4759e1ecdbf52dca423572295a379c69b323a71bfe4ffd397926b5e42a8f6037a090e5b73616a76c6c0ba5d687bc5794f2de24d910724dcccb8667d1f21e108bcad77be18901905837dd7a235baafed9b597b28e2f2a4c7be4de08f32a2ad673fad46388ad0451945a39688748f760921f9302ff71da745fc12f452cc0b954b651b4400000005dd126ddb927bd218eca022219a9246fac1ad86d1af388aa61425a014a172304a62e59b31c9b6b84dd2515af96b0aa76ebca746037d20e75a2452e932b093a0f | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = d0b393afb80cdb01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "433148365" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000a3d5a058b71c4645a1a6b8b9d2c7fb47000000000200000000001066000000010000200000000b0a0921b7689b647fcf8e973d08dcc1cc1b12dc909f7b05fb036db43580f4fb000000000e8000000002000020000000fdc5697ee4f92de839fe5d5985ee896633882c5870eb99bbd3dc34674d2d8db320000000c7c4c6526da90f67176e377aa57e3590b2753d3356572b4d4cd9e01aa539648640000000b69d1b5c609d84d59493f7c897e58df7ae62b3cd8f4b7244337a88f3e8623ab179b91b7f8d0598f04cd004a3d2e7e7e6a450287cd3951e260e0d9161f2d4f87a | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2020 wrote to memory of 2360 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2020 wrote to memory of 2360 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2020 wrote to memory of 2360 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2020 wrote to memory of 2360 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\LICENSES.chromium.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2020 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\Cab30D3.tmp
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\Tar3183.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1cab9d3d3dcc36a073c577917c4a8346 |
| SHA1 | baaaadf42ddb69fa802e6f7e8504c25ba5110ef0 |
| SHA256 | b02774f85ca787e2ae9afee4bae8bad5f33414e50fc9e39ac3910d4d0961dee2 |
| SHA512 | 5366b9ade9d2fb7b143e31ff2d11908ffaaf2b75d6886ddb35a59128b2dd11fc8fe14c0ef9101eebba62a572765c026a237af0c70927f8d0e6b0247f8dbeffaf |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4b0fca3f44b7d2473673815c062ee1b8 |
| SHA1 | 5d558cd51d2e96f68371237492832d9e742e3df1 |
| SHA256 | c0b71a69771d15b0e008897630076f1d58d5fae6fd92ffbdc7fd59d8bc217e2b |
| SHA512 | 94ec7ebec8dd718befb804d5e0a798b582277d50e60ccd95848488aa07e10e34013989a599760026fca30b28aae39a002c3bba9b694733142cdc908982eb3c13 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | dce5eaf768c1bee33dac611bdffe64d0 |
| SHA1 | 089f1157b4d11d7d2d323a29102d07da27c4c11b |
| SHA256 | 213b97740ee1093f59837d9b21feeadc9211ee8cc50f79238ccd6cf659cdfb04 |
| SHA512 | 7fe20e725738c89d059197c04fc9b719a5540984e59a701db1882388277ad3335eb37bc5711c5f03351714f538f0e43a76e91c2b601f48224ef200bec7196fb4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b88d1ad2c71eb1187dd4f4a8a9e662a0 |
| SHA1 | 2520876bc4a583e0f0d2e4bb6091eb2539c04571 |
| SHA256 | aebc54f7cfa103e4672d8fe9ac2214f31983f040bfce3dc71f620e57a8c2f705 |
| SHA512 | ec37be7d547181cf355e04032be0a2d47f500ef9f5f3ab9cb782f490c3ca3aef269e4ecabeed69e2dd00af1e4a8874de755029c193e972ad4da165ae9bfa5e9d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 442736630b134f74f040596dfa34ba2e |
| SHA1 | 97d35a36234984ad2e239e9a766822c82f268e39 |
| SHA256 | af568769ceadb7c1f2456477ef15e4ff68752f3f98edcd411a64a933cd42ab9a |
| SHA512 | 4bb2460eb19e4079c9a3c26455c16837300e986a6b962c3bc24546844452bb52d46dbc3b1bbd061bfff86cd2acc691a4e1f042db13498dc836083dd1a9c24d4e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 78f8a1d68c0bb6d0327016c593198b25 |
| SHA1 | 0edbd64fa30aa9fcb3744ce4163047b720d30590 |
| SHA256 | 59ba420278185aeaa54d7842bba99661e7472f55801ed94daf8a28fa5d2e393c |
| SHA512 | 6d6172eaa34173e622cbd73633d674dcb51fc752cdbfa468f319736e9f3c30424f6ed6b08f27d50ad1fa941353b825107c7c66270f69e31bbaf26c4c4b3dc017 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b46477eb118ebf393f857b3f47b1e2f3 |
| SHA1 | a0654eeb7449aae8f09c2448fba66d9ae7471f04 |
| SHA256 | 2f650620c1a474edfef0dc8ead8989f18008f21e6deee151cc105d426c02f249 |
| SHA512 | 7deb1e4705a269a7894955542330294360241c3d9548f88327e13c9f3e8a37526624676408adcef185da52cc5f8c6dce6a4201ef8e1ff9d40fb1f3879826ae7b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c9b88d7e7c14e60889e5e74a9ed60c6f |
| SHA1 | e96d635bea18b562ea07f889e7bb6631b894473e |
| SHA256 | 69e3c155beff3e31862799dbe1f2856b6b1fd5701ba4b63d5b8594f52507aa98 |
| SHA512 | d17a9eb42321f0ca24982952ed5dc4c5a6e72d085981a7406d1835f033e57071768be3823be3026bbaa746f49933a45c35af7d5737b7ae27858ef4d2fa1732fd |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e8bb4b85fa29adafcbbc58eb92af8623 |
| SHA1 | f7c52f8c27a411a81efcaf5e72a8dcbe9aa02c54 |
| SHA256 | b17ae5e425c780f34c1afee30cdfe511acc102911bf78b40e0d2f8d5cdfeb1b2 |
| SHA512 | 51cc1dc02a8ff2f9592fdeda009c7fd40d567db4faf189bc0b092ce1881e2618e22d0f90dd5e73646b6629033af3f56ab8098096664660f177e478fe29d263ef |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 586e0f5fff3f32ab0999efc3c7c9d97f |
| SHA1 | d46616b9de420a431eddc8a782af6ddda97e4e75 |
| SHA256 | 2befbddf015938644be393a7f8e4bbf3cc05b7fd0b41375f8c8bf4a6c12e302f |
| SHA512 | 57cb2a08e0657457ff9b5fd5acefdaf0a3a1c39f602ca7e14bc14c30950eb7aa1a7cf0a0515bc6fcabc8ba3042898e2b432e9f0621475ea05d1f6326f98f44b8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3d275509d34446e7b30402722b9d52f4 |
| SHA1 | 2e151fced41aa6812aa4ecc6e1decdd962b99198 |
| SHA256 | 1061961b7506739307f4938a869b8a923c45522557f92b9da35683721381be82 |
| SHA512 | 16c330af0f3ebf0d242e3773e7f37bff62bb6fb54c89bfc860579c1e0f046a4047af527514890493f2a26ab0b98dc6fcd04ff7a34e25161c102a7692bd0adcfe |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 94d2eb4b53f0326a9b85996ebc08caf9 |
| SHA1 | 06756bdcfef513f587428f481fcecc532435d5d3 |
| SHA256 | 4cd650939bb1501ed022e16962f1f77cc13b8dfbad7b2d926083f44406bc8d00 |
| SHA512 | e1a9b3864f0af2746d1c7c8594822cc9e290d8fcef863e05faa593fac5835ac22f83f64fc1bef7b48d9560f3f035e4048d4acc30361ced4bdcc68a5fe14a32da |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 781b6cb61ce522372c98724014a5d77d |
| SHA1 | bca7745d6ab138e3f91333c8ac6b18a8aae7247e |
| SHA256 | a7de2534ca920a78dd4e6ee0e05cf7e3133a1a7181b772901f0a65bcaa043c73 |
| SHA512 | 018d385a20b811c16588859e3d77f1cd74c0540521094ced3d9895cc32cbf08c55cf85bfef66ac1b74cc61933f0a56b0349ba6ae293d824df78689fe2ccadb5d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a6f8af285d7f267300fef0ba72b66c43 |
| SHA1 | e64c7011cf01a69a63fcd9f6696b99d46a6888bc |
| SHA256 | 7e007ac7bcaedc61a08eb1cbec44ab6e14e5687be3147b4e4b6a46813e42af97 |
| SHA512 | 62a5ea8353e2214f8cae68f321cf31d8e5f19b3c51a4abb353628a9527722a98d6777cf62ecd83db777daa4d19f3abd4fc7a8b6fba17e9411540dff5cf38613b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 060437f5d7d7a58c2ad79489c25528d2 |
| SHA1 | 986c3975eb4911bcd16d96f88b6669aae186ec24 |
| SHA256 | e62743c1f2546292a86af2822d79072dbe04bdd0bee090fa489383c425e8ce6c |
| SHA512 | d63947c3aed4af97e5ff4d7098b5abf1304708fe4346e086431aab289188b9e5fb835cb605c36d5732996c8f97b3f302cd8de10a6048ecb0c128760045bed9fb |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 16be948f1478fb63705192d13950b888 |
| SHA1 | b91a6e1389bef255c7b5375658c2ae7b41e21005 |
| SHA256 | 2c9c28290ac7424b6717c99cd8d60e68a92e3039e6b2c94a9f5beeac7dc0f5a3 |
| SHA512 | b655f1412bb09c32a81955fb89ff325751ef2fcdeed6646ffcd3d96d658b544bbb28cf6df3c341782dc74a38f083ae0f84dcfad67e8fdc648155c4dd731a9195 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b0786e587b496c8084e78a411036c48d |
| SHA1 | 301061c7c8495628e1b6ca9729c942eabd3ff616 |
| SHA256 | 7557fa9e48d1ed9928c216444b6fae5b26e39fe4d63895a5e01ca0eb880a148e |
| SHA512 | 83d9c233e6f2206dcd2e7a355d6183eb49554fdf1004f39f09b7784622f08eb7c380b3be901bb6faf9767562f99853e9062fca4ddbe24bc6ed86cc5e68508204 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 812be55f9549c03e442ca06065c40ce2 |
| SHA1 | e6f8b812ac0464732dcb53966a0074fd083113ed |
| SHA256 | 6e9f5d2b5b745d890e790d2b587b021656af6d56bfa01798d39d0c807060a0ec |
| SHA512 | 7ef77163692d16c4a0a5635ba01715bd75c8a9ab489f70b078ea7aac551a4f7717cc9def08393ac26cc0d00a54f64b7ab318de6cd146c4f5ecfa803f30561d19 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 18b1dfd4e07e14b4190c57d54057c4b8 |
| SHA1 | 7b683179e54720aff537540dc80254bc0a807bec |
| SHA256 | 5efba5c6cc702949843de884ffca878ec16ff2c10f9990688e4dc9d157df5421 |
| SHA512 | 0f45dfe948aa012f24969434d11fa2706ee3257b5c95679522264b9d3aee5437899798a30aecd60fdb91bd86930aa978dfe995d2be32c0aceac437e4aae4f46c |
Analysis: behavioral14
Detonation Overview
Submitted
2024-09-22 06:26
Reported
2024-09-22 06:30
Platform
win10v2004-20240802-en
Max time kernel
124s
Max time network
154s
Command Line
Signatures
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\d3dcompiler_47.dll,#1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 232.168.11.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.143.123.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 134.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.23.12.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.31.95.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.238.56.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 48.229.111.52.in-addr.arpa | udp |
Files
Analysis: behavioral23
Detonation Overview
Submitted
2024-09-22 06:26
Reported
2024-09-22 06:30
Platform
debian9-armhf-20240418-en
Max time kernel
0s
Command Line
Signatures
Processes
/tmp/sqlite-autoconf-3440200/Makefile.fallback
[/tmp/sqlite-autoconf-3440200/Makefile.fallback]
Network
Files
Analysis: behavioral26
Detonation Overview
Submitted
2024-09-22 06:26
Reported
2024-09-22 06:30
Platform
win7-20240903-en
Max time kernel
121s
Max time network
121s
Command Line
Signatures
Command and Scripting Interpreter: JavaScript
Processes
C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\sqlite-autoconf-3440200\Replace.js
Network
Files
Analysis: behavioral8
Detonation Overview
Submitted
2024-09-22 06:26
Reported
2024-09-22 06:30
Platform
win10v2004-20240802-en
Max time kernel
92s
Max time network
103s
Command Line
Signatures
Program crash
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Windows\SysWOW64\rundll32.exe |
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\rundll32.exe | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 3224 wrote to memory of 3380 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
| PID 3224 wrote to memory of 3380 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
| PID 3224 wrote to memory of 3380 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\System.dll,#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\System.dll,#1
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 496 -p 3380 -ip 3380
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3380 -s 612
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.86.106.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.210.23.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 217.106.137.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 197.87.175.4.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.39.242.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.214.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.236.111.52.in-addr.arpa | udp |
Files
Analysis: behavioral22
Detonation Overview
Submitted
2024-09-22 06:26
Reported
2024-09-22 06:30
Platform
ubuntu1804-amd64-20240611-en
Max time kernel
0s
Max time network
132s
Command Line
Signatures
Processes
/tmp/sqlite-autoconf-3440200/Makefile.fallback
[/tmp/sqlite-autoconf-3440200/Makefile.fallback]
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 185.125.188.62:443 | tcp | |
| GB | 185.125.188.62:443 | tcp | |
| US | 151.101.193.91:443 | tcp | |
| US | 151.101.193.91:443 | tcp | |
| GB | 195.181.164.21:443 | tcp |
Files
Analysis: behavioral4
Detonation Overview
Submitted
2024-09-22 06:26
Reported
2024-09-22 06:30
Platform
win10v2004-20240802-en
Max time kernel
148s
Max time network
151s
Command Line
Signatures
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\rundll32.exe | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 1876 wrote to memory of 212 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
| PID 1876 wrote to memory of 212 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
| PID 1876 wrote to memory of 212 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\SpiderBanner.dll,#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\SpiderBanner.dll,#1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 217.106.137.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 64.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.23.12.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.39.242.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 35.56.20.217.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 48.229.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 24.73.42.20.in-addr.arpa | udp |
Files
Analysis: behavioral17
Detonation Overview
Submitted
2024-09-22 06:26
Reported
2024-09-22 06:30
Platform
win10v2004-20240802-en
Max time kernel
88s
Max time network
158s
Command Line
Signatures
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\libGLESv2.dll,#1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.86.106.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 17.160.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 217.106.137.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.23.12.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.39.242.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
Files
Analysis: behavioral18
Detonation Overview
Submitted
2024-09-22 06:26
Reported
2024-09-22 06:30
Platform
win7-20240903-en
Max time kernel
119s
Max time network
125s
Command Line
Signatures
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2192 wrote to memory of 2936 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\system32\WerFault.exe |
| PID 2192 wrote to memory of 2936 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\system32\WerFault.exe |
| PID 2192 wrote to memory of 2936 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\system32\WerFault.exe |
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\sqlite3\build\Release\node_sqlite3.dll,#1
C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -u -p 2192 -s 80
Network
Files
Analysis: behavioral21
Detonation Overview
Submitted
2024-09-22 06:26
Reported
2024-09-22 06:30
Platform
win10v2004-20240802-en
Max time kernel
132s
Max time network
157s
Command Line
Signatures
Command and Scripting Interpreter: JavaScript
Processes
C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\sqlite3\deps\extract.js
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 196.249.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 25.140.123.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 22.160.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.86.106.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.23.12.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.31.95.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.214.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 19.229.111.52.in-addr.arpa | udp |
Files
Analysis: behavioral29
Detonation Overview
Submitted
2024-09-22 06:26
Reported
2024-09-22 06:30
Platform
win10v2004-20240802-en
Max time kernel
92s
Max time network
94s
Command Line
Signatures
Command and Scripting Interpreter: PowerShell
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
Processes
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe -ExecutionPolicy bypass -File C:\Users\Admin\AppData\Local\Temp\sqlite-autoconf-3440200\aclocal.ps1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 217.106.137.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 23.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 232.168.11.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.42.69.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.23.12.20.in-addr.arpa | udp |
Files
memory/3288-0-0x00007FFFC5D63000-0x00007FFFC5D65000-memory.dmp
memory/3288-1-0x0000022DA6D30000-0x0000022DA6D52000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_hgwwul20.h02.ps1
| MD5 | d17fe0a3f47be24a6453e9ef58c94641 |
| SHA1 | 6ab83620379fc69f80c0242105ddffd7d98d5d9d |
| SHA256 | 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7 |
| SHA512 | 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82 |
memory/3288-11-0x00007FFFC5D60000-0x00007FFFC6821000-memory.dmp
memory/3288-12-0x00007FFFC5D60000-0x00007FFFC6821000-memory.dmp
memory/3288-13-0x00007FFFC5D60000-0x00007FFFC6821000-memory.dmp
memory/3288-16-0x00007FFFC5D60000-0x00007FFFC6821000-memory.dmp
Analysis: behavioral31
Detonation Overview
Submitted
2024-09-22 06:26
Reported
2024-09-22 06:30
Platform
win10v2004-20240802-en
Max time kernel
92s
Max time network
93s
Command Line
Signatures
Processes
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\sqlite-autoconf-3440200\configure.vbs"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 217.106.137.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.214.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 134.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 56.163.245.4.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.39.242.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
Files
Analysis: behavioral15
Detonation Overview
Submitted
2024-09-22 06:26
Reported
2024-09-22 06:30
Platform
win10v2004-20240802-en
Max time kernel
147s
Max time network
155s
Command Line
Signatures
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\ffmpeg.dll,#1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 232.168.11.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 22.160.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 196.249.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.23.12.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
Files
Analysis: behavioral19
Detonation Overview
Submitted
2024-09-22 06:26
Reported
2024-09-22 06:30
Platform
win10v2004-20240802-en
Max time kernel
136s
Max time network
160s
Command Line
Signatures
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\sqlite3\build\Release\node_sqlite3.dll,#1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 13.86.106.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 134.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 217.106.137.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.23.12.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.214.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.236.111.52.in-addr.arpa | udp |
Files
Analysis: behavioral25
Detonation Overview
Submitted
2024-09-22 06:26
Reported
2024-09-22 06:30
Platform
debian9-mipsel-20240611-en
Max time kernel
0s
Command Line
Signatures
Processes
/tmp/sqlite-autoconf-3440200/Makefile.fallback
[/tmp/sqlite-autoconf-3440200/Makefile.fallback]
Network
Files
Analysis: behavioral27
Detonation Overview
Submitted
2024-09-22 06:26
Reported
2024-09-22 06:30
Platform
win10v2004-20240802-en
Max time kernel
95s
Max time network
99s
Command Line
Signatures
Command and Scripting Interpreter: JavaScript
Processes
C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\sqlite-autoconf-3440200\Replace.js
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 232.168.11.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.214.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 22.160.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.86.106.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 197.87.175.4.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.39.242.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.238.56.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.227.111.52.in-addr.arpa | udp |
Files
Analysis: behavioral2
Detonation Overview
Submitted
2024-09-22 06:26
Reported
2024-09-22 06:30
Platform
win10v2004-20240802-en
Max time kernel
150s
Max time network
157s
Command Line
Signatures
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Programs\patcher\OGFnPatcher.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Programs\patcher\OGFnPatcher.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Programs\patcher\OGFnPatcher.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Programs\patcher\OGFnPatcher.exe | N/A |
Loads dropped DLL
Checks installed software on the system
Legitimate hosting services abused for malware hosting/C2
| Description | Indicator | Process | Target |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
Enumerates processes with tasklist
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\tasklist.exe | N/A |
Enumerates physical storage devices
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\tasklist.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\3260c1e806429a61577901fcdf070a19d150730fbfc12c626279fd032d1b0d30.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\find.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\3260c1e806429a61577901fcdf070a19d150730fbfc12c626279fd032d1b0d30.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\3260c1e806429a61577901fcdf070a19d150730fbfc12c626279fd032d1b0d30.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\tasklist.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\tasklist.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Programs\patcher\OGFnPatcher.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Programs\patcher\OGFnPatcher.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\3260c1e806429a61577901fcdf070a19d150730fbfc12c626279fd032d1b0d30.exe
"C:\Users\Admin\AppData\Local\Temp\3260c1e806429a61577901fcdf070a19d150730fbfc12c626279fd032d1b0d30.exe"
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\system32\cmd.exe" /c tasklist /FI "USERNAME eq %USERNAME%" /FI "IMAGENAME eq OGFnPatcher.exe" /FO csv | "C:\Windows\system32\find.exe" "OGFnPatcher.exe"
C:\Windows\SysWOW64\tasklist.exe
tasklist /FI "USERNAME eq Admin" /FI "IMAGENAME eq OGFnPatcher.exe" /FO csv
C:\Windows\SysWOW64\find.exe
"C:\Windows\system32\find.exe" "OGFnPatcher.exe"
C:\Users\Admin\AppData\Local\Programs\patcher\OGFnPatcher.exe
"C:\Users\Admin\AppData\Local\Programs\patcher\OGFnPatcher.exe"
C:\Users\Admin\AppData\Local\Programs\patcher\OGFnPatcher.exe
"C:\Users\Admin\AppData\Local\Programs\patcher\OGFnPatcher.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\patcher" --gpu-preferences=UAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=2256,i,1323587297793053087,13612989601608600129,262144 --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version --mojo-platform-channel-handle=2248 /prefetch:2
C:\Users\Admin\AppData\Local\Programs\patcher\OGFnPatcher.exe
"C:\Users\Admin\AppData\Local\Programs\patcher\OGFnPatcher.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\patcher" --field-trial-handle=2756,i,1323587297793053087,13612989601608600129,262144 --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version --mojo-platform-channel-handle=2752 /prefetch:3
C:\Users\Admin\AppData\Local\Programs\patcher\OGFnPatcher.exe
"C:\Users\Admin\AppData\Local\Programs\patcher\OGFnPatcher.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --user-data-dir="C:\Users\Admin\AppData\Roaming\patcher" --gpu-preferences=UAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAhAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=2884,i,1323587297793053087,13612989601608600129,262144 --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version --mojo-platform-channel-handle=1084 /prefetch:8
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 13.86.106.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.210.23.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 196.249.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | raw.githubusercontent.com | udp |
| US | 185.199.111.133:443 | raw.githubusercontent.com | tcp |
| US | 185.199.111.133:443 | raw.githubusercontent.com | tcp |
| US | 185.199.111.133:443 | raw.githubusercontent.com | tcp |
| US | 185.199.111.133:443 | raw.githubusercontent.com | tcp |
| US | 185.199.111.133:443 | raw.githubusercontent.com | tcp |
| US | 185.199.111.133:443 | raw.githubusercontent.com | tcp |
| US | 185.199.111.133:443 | raw.githubusercontent.com | tcp |
| US | 185.199.111.133:443 | raw.githubusercontent.com | tcp |
| US | 185.199.111.133:443 | raw.githubusercontent.com | tcp |
| US | 185.199.111.133:443 | raw.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | 232.168.11.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.111.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.23.12.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.39.242.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.214.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.227.111.52.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Temp\nsxB372.tmp\System.dll
| MD5 | 0d7ad4f45dc6f5aa87f606d0331c6901 |
| SHA1 | 48df0911f0484cbe2a8cdd5362140b63c41ee457 |
| SHA256 | 3eb38ae99653a7dbc724132ee240f6e5c4af4bfe7c01d31d23faf373f9f2eaca |
| SHA512 | c07de7308cb54205e8bd703001a7fe4fd7796c9ac1b4bb330c77c872bf712b093645f40b80ce7127531fe6746a5b66e18ea073ab6a644934abed9bb64126fea9 |
C:\Users\Admin\AppData\Local\Temp\nsxB372.tmp\StdUtils.dll
| MD5 | c6a6e03f77c313b267498515488c5740 |
| SHA1 | 3d49fc2784b9450962ed6b82b46e9c3c957d7c15 |
| SHA256 | b72e9013a6204e9f01076dc38dabbf30870d44dfc66962adbf73619d4331601e |
| SHA512 | 9870c5879f7b72836805088079ad5bbafcb59fc3d9127f2160d4ec3d6e88d3cc8ebe5a9f5d20a4720fe6407c1336ef10f33b2b9621bc587e930d4cbacf337803 |
C:\Users\Admin\AppData\Local\Temp\nsxB372.tmp\SpiderBanner.dll
| MD5 | 17309e33b596ba3a5693b4d3e85cf8d7 |
| SHA1 | 7d361836cf53df42021c7f2b148aec9458818c01 |
| SHA256 | 996a259e53ca18b89ec36d038c40148957c978c0fd600a268497d4c92f882a93 |
| SHA512 | 1abac3ce4f2d5e4a635162e16cf9125e059ba1539f70086c2d71cd00d41a6e2a54d468e6f37792e55a822d7082fb388b8dfecc79b59226bbb047b7d28d44d298 |
C:\Users\Admin\AppData\Local\Temp\nsxB372.tmp\nsExec.dll
| MD5 | ec0504e6b8a11d5aad43b296beeb84b2 |
| SHA1 | 91b5ce085130c8c7194d66b2439ec9e1c206497c |
| SHA256 | 5d9ceb1ce5f35aea5f9e5a0c0edeeec04dfefe0c77890c80c70e98209b58b962 |
| SHA512 | 3f918f1b47e8a919cbe51eb17dc30acc8cfc18e743a1bae5b787d0db7d26038dc1210be98bf5ba3be8d6ed896dbbd7ac3d13e66454a98b2a38c7e69dad30bb57 |
C:\Users\Admin\AppData\Local\Temp\nsxB372.tmp\nsis7z.dll
| MD5 | 80e44ce4895304c6a3a831310fbf8cd0 |
| SHA1 | 36bd49ae21c460be5753a904b4501f1abca53508 |
| SHA256 | b393f05e8ff919ef071181050e1873c9a776e1a0ae8329aefff7007d0cadf592 |
| SHA512 | c8ba7b1f9113ead23e993e74a48c4427ae3562c1f6d9910b2bbe6806c9107cf7d94bc7d204613e4743d0cd869e00dafd4fb54aad1e8adb69c553f3b9e5bc64df |
C:\Users\Admin\AppData\Local\Programs\patcher\chrome_100_percent.pak
| MD5 | 3c72d78266a90ed10dc0b0da7fdc6790 |
| SHA1 | 6690eb15b179c8790e13956527ebbf3d274eef9b |
| SHA256 | 14a6a393c60f62df9bc1036e98346cd557e0ae73e8c7552d163fa64da77804d7 |
| SHA512 | b1babf1c37b566a5f0e5f84156f7ab59872690ba0bdd51850525f86769bfebc245f83988a3508945cf7617d73cd25e8469228974dd2c38415388b6a378552420 |
C:\Users\Admin\AppData\Local\Temp\nsxB372.tmp\7z-out\chrome_200_percent.pak
| MD5 | 3969308aae1dc1c2105bbd25901bcd01 |
| SHA1 | a32f3c8341944da75e3eed5ef30602a98ec75b48 |
| SHA256 | 20c93f2cfd69f3249cdfd46f317b37a9432ecc0de73323d24ecf65ce0f3c1bb6 |
| SHA512 | f81ed1890b46f7d9f6096b9ef5daab5b21788952efb5c4dcd6b8fd43e4673a91607c748f31434c84a180d943928d83928037058493e7e9b48c3de1fc8025df7f |
C:\Users\Admin\AppData\Local\Temp\nsxB372.tmp\7z-out\d3dcompiler_47.dll
| MD5 | a7b7470c347f84365ffe1b2072b4f95c |
| SHA1 | 57a96f6fb326ba65b7f7016242132b3f9464c7a3 |
| SHA256 | af7b99be1b8770c0e4d18e43b04e81d11bdeb667fa6b07ade7a88f4c5676bf9a |
| SHA512 | 83391a219631f750499fd9642d59ec80fb377c378997b302d10762e83325551bb97c1086b181fff0521b1ca933e518eab71a44a3578a23691f215ebb1dce463d |
C:\Users\Admin\AppData\Local\Temp\nsxB372.tmp\7z-out\ffmpeg.dll
| MD5 | ed10fd2777a030b2895d2f555207f1b3 |
| SHA1 | 81448e7a72e49eff746abbedea503139b7eadbdd |
| SHA256 | 996aed5bb751d70e215bcc3e5be2ed28fb54412af05031c592df101b51232e0c |
| SHA512 | 435f33fd11fc25a495726401211ed87771c831eab8916b8bb9520bf0f799646f911b22716f090849bfc85e2372cd28aa1c9de46f9d613929993ef009955173e9 |
C:\Users\Admin\AppData\Local\Temp\nsxB372.tmp\7z-out\icudtl.dat
| MD5 | ffd67c1e24cb35dc109a24024b1ba7ec |
| SHA1 | 99f545bc396878c7a53e98a79017d9531af7c1f5 |
| SHA256 | 9ae98c06cbb0ea43c5cd6b5725310c008c65e46072421a1118cb88e1de9a8b92 |
| SHA512 | e1a865e685d2d3bacd0916d4238a79462519d887feb273a251120bb6af2b4481d025f3b21ce9a1a95a49371a0aa3ecf072175ba756974e831dbfde1f0feaeb79 |
C:\Users\Admin\AppData\Local\Temp\nsxB372.tmp\7z-out\libEGL.dll
| MD5 | e3f6c7b1316f7ca06ee178377ce16ff7 |
| SHA1 | f546da89ec0d3ef238892be8f2dd697d411518bb |
| SHA256 | ff6d4f18492a704b4b9d853abdcc73a4fa561b0c685619508e25afaf4e4800b9 |
| SHA512 | cad4026efc48192c4904a4b0ec583d2e24b94f8a5f91824716eddb32477512799b10a4f9cc7a2976a25ca0d333bb1c68bb98b1d0f9bd7020e0e31be7d950720b |
C:\Users\Admin\AppData\Local\Temp\nsxB372.tmp\7z-out\libGLESv2.dll
| MD5 | ac216b22cb7ca21d9803ae6b111792e5 |
| SHA1 | f6678626aa522628110315889ca744572549bb73 |
| SHA256 | 3cd10952ba73ba4a36f5ec92dcbb0893092bfc8d77a381f6f9f3090b0ecfbb50 |
| SHA512 | df344f79ff5d4e38b451bea948c234b63af0402565097082a082b44a4efb9e0ed367884875cbc817237b7ae7ac126fc7de0e8615504923b8db553c1a3a985a90 |
C:\Users\Admin\AppData\Local\Temp\nsxB372.tmp\7z-out\LICENSE.electron.txt
| MD5 | 4d42118d35941e0f664dddbd83f633c5 |
| SHA1 | 2b21ec5f20fe961d15f2b58efb1368e66d202e5c |
| SHA256 | 5154e165bd6c2cc0cfbcd8916498c7abab0497923bafcd5cb07673fe8480087d |
| SHA512 | 3ffbba2e4cd689f362378f6b0f6060571f57e228d3755bdd308283be6cbbef8c2e84beb5fcf73e0c3c81cd944d01ee3fcf141733c4d8b3b0162e543e0b9f3e63 |
C:\Users\Admin\AppData\Local\Temp\nsxB372.tmp\7z-out\LICENSES.chromium.html
| MD5 | f017c462d59fd22271a2c5e7f38327f9 |
| SHA1 | 7e1bbeea6ac2599bd0f08877aa5811d32f1aceb9 |
| SHA256 | 40f314c778851106918aae749d75b2d913984327602a1bfb7ef0cc6443ff2a37 |
| SHA512 | 72177281486f6ec26ccc743b43481c31470c7dd53f17b0a67ac087dded190c2e3dde5570260150c2e9650186a515740af7f81e31965c95bb762340f9ac100c07 |
C:\Users\Admin\AppData\Local\Temp\nsxB372.tmp\7z-out\resources.pak
| MD5 | d3fef960b0aac7b5d40e37b09f91f9ba |
| SHA1 | dc5093fecf59150877f439a04bdb3912f13ed905 |
| SHA256 | c2dad6a9f8bf1b552fa94a51cadb6ed6a4e5a6455bcebf3c2888f0a6a3d6c8c2 |
| SHA512 | 5be574b28b67ebd13acb764e15aaae6c3fb861a1cf16e4132fec8fe90b4fb70d49314609bd173c8de6299531f5520fe95ae080112efd2f7e89a6e174532bc458 |
C:\Users\Admin\AppData\Local\Temp\nsxB372.tmp\7z-out\v8_context_snapshot.bin
| MD5 | 8b8485c02d1fb639085dcb2b1af02c6e |
| SHA1 | fe4e7115aef2c161c5995a621bf614a502f04910 |
| SHA256 | 98c18470926e12def4c39163c5389f29c5df7d2a41bf7353a75a7cdc41f1a90c |
| SHA512 | c2f24848a75c5330d1be5bde3213064f2b0feb13b8708d795249961605a09913aab1fc78b850f4ea3f7c76c74a8238816f5654a4fad5c11a78ce86b8b9cdd521 |
C:\Users\Admin\AppData\Local\Temp\nsxB372.tmp\7z-out\snapshot_blob.bin
| MD5 | 7ad5356f81d38002220b82f64cebe230 |
| SHA1 | 11f047ffb7b90a40ca17c796b0a306d4b250ed7f |
| SHA256 | 31969e154d3cd857d14e9d8edb98118ad2d5e9e9f1b77f9085626bd500e34ce1 |
| SHA512 | 862d0027b13ef4527a45b010d35142583c1f02f7691b093774eb5bb066b623ba7b8c0bb65a2e75641381c8ffa6a24c7116d1a9a984143ad13d0a0d61adfa3c0c |
C:\Users\Admin\AppData\Local\Temp\nsxB372.tmp\7z-out\vk_swiftshader_icd.json
| MD5 | 8642dd3a87e2de6e991fae08458e302b |
| SHA1 | 9c06735c31cec00600fd763a92f8112d085bd12a |
| SHA256 | 32d83ff113fef532a9f97e0d2831f8656628ab1c99e9060f0332b1532839afd9 |
| SHA512 | f5d37d1b45b006161e4cefeebba1e33af879a3a51d16ee3ff8c3968c0c36bbafae379bf9124c13310b77774c9cbb4fa53114e83f5b48b5314132736e5bb4496f |
C:\Users\Admin\AppData\Local\Temp\nsxB372.tmp\7z-out\vk_swiftshader.dll
| MD5 | ed0ffde1854aa8b1dc64835b48833d32 |
| SHA1 | 5aa09092b982e8ae1ca73f713d6f51a30248b64a |
| SHA256 | 1a24356be288e742549a20c62de9259b2e1cf8bd560151ff7a24d4ae1a4652a2 |
| SHA512 | 59fd3b9153b2d777a707c7f2aedf2b7be701c18fb1b9e79d32381dacca22768c6461c575271aee960d7c41fadeba75f8cde41fc8a229c2e49823bbb5853b69a1 |
C:\Users\Admin\AppData\Local\Temp\nsxB372.tmp\7z-out\vulkan-1.dll
| MD5 | 8f939b8bbffc7e1083e938adc4b5aea7 |
| SHA1 | ce03fd0ec3c11fbbc51b6fef044bea7915991aa9 |
| SHA256 | 7d411fa0a615d0f67099fc3978b3f07e28565b9877cce02ec239eb228fa4d485 |
| SHA512 | bed9ac52e82dcf3e8233d90f1f0986ce6371338299a7efc490d89955d869e2b16874cd2258b4217971269f19fb1589530fe2d870d65610a878f2633f0cf4e0af |
C:\Users\Admin\AppData\Local\Temp\nsxB372.tmp\7z-out\locales\af.pak
| MD5 | 09455048c30cecbb17d6e0e95e4c01da |
| SHA1 | 6572850b07df45933ed57754f72c44895a7ef662 |
| SHA256 | e973763dcc0ffd7a5afe0a62ec9651c4c3db7fe29a23797fafc34b83512d03aa |
| SHA512 | f59b68c213815ad81379c964abe6597b900b9fac5fe17e2cb378d015c4803f96b598ef70333d594599b3283a88a9ca9cb2475afc2590eda2ddf7b041ba2368e3 |
C:\Users\Admin\AppData\Local\Temp\nsxB372.tmp\7z-out\locales\da.pak
| MD5 | 96bbef1eee0b0a197ec834839c00e11c |
| SHA1 | 35adba0aafbb4d19015e11dde1f37de87292252d |
| SHA256 | 600e02877374dc083b21deb3cc3bf6a4e3e2b2c581a631955494b0591c56289c |
| SHA512 | e1ae7ad30735b6c42f81d30d50162330603753b0ce7705506918d0bf3bf9a52ac60f8fca570cdfe87f0d6dd46cfa3064d5a1526d39d81a053571b434b1cbffe1 |
C:\Users\Admin\AppData\Local\Temp\nsxB372.tmp\7z-out\locales\cs.pak
| MD5 | bb1c4ba9859b0a43a42021f39b8b750d |
| SHA1 | 02b2505d3955f15b6655bee9c92d7bbfaad6ddc3 |
| SHA256 | 814990ab6af4acb4acd44b0f07fafd4375724facf4e3080014ce7b8b9e935fb9 |
| SHA512 | 941cf4d334dbea7cc790cb8ba11e959d5a45381e7efdbae1e659d27540fd80247bb71820a90af6164d76cabbb283dbf3b652c29e0ded3832dcc21e3a88f7d0b6 |
C:\Users\Admin\AppData\Local\Temp\nsxB372.tmp\7z-out\locales\en-US.pak
| MD5 | d47cded365a28d27906414035c1cb3ca |
| SHA1 | 429123c86f6ca48a89bedc9a26027e01508e6db9 |
| SHA256 | 46958caf9847e33a11593ad024d5a95cc696edcd4620cf07e7b2b78c72b9c00c |
| SHA512 | 1a16d784913fead116460c9ff42e21ae482865cfe2d6ed1b1296496e46a05e513f8d048fa4d245e7a82ef61de4c4130696d5b1c647c918995f6877a888bd0853 |
C:\Users\Admin\AppData\Local\Temp\nsxB372.tmp\7z-out\locales\ml.pak
| MD5 | 265d7fbee9a021895d51209dc0181f90 |
| SHA1 | 30e37013971bacd3ee93ad2fca01cb59a26d6a87 |
| SHA256 | 682463d4a0221711e565ecf409893536d727650efd2ed0563c722cceab66b1ad |
| SHA512 | 028e1ad499b20ff7cda822b91f9b8d1cbb1efe108b7236d817b73a6f8e518b5f4a8ae77d653ae5c9d799842eaee3915250ef56f634f847fc5fc8a3b36eea176c |
C:\Users\Admin\AppData\Local\Temp\nsxB372.tmp\7z-out\locales\ms.pak
| MD5 | 04f12811567c0f00bb35b488f4579425 |
| SHA1 | 64f43b7b172e392daf1fe48e22324fd8dc2a3924 |
| SHA256 | 1af4b9a66ca413dc3a0785f2b1527c237bdd05ba5768fe077aaf8af0f1c50dff |
| SHA512 | a03fd120e9f31aab03fece30032f84b63060d5dd264e0bf04c85eb92a392d36a0c4122817b0d414a266305ad70efb067319aba38e100aa8c37ab65c3604c4ea6 |
C:\Users\Admin\AppData\Local\Temp\nsxB372.tmp\7z-out\locales\pl.pak
| MD5 | 8cea9672f132573e143fc742ff1f7d00 |
| SHA1 | 2eda91defa08ac7d27c082e4b85120d347dd39ca |
| SHA256 | 6257145654f4e47c21ef2b91fe69fc386c1e228a89a658418532a2934433cd7b |
| SHA512 | 25579e0535569f0a2855d02df0e2b36dc391a0d3cc54d2ee2b23184836caf8a3ec4c590704a9604666307e1e6e01d72311f76bff7210cecf18ab20d4f3c309f0 |
C:\Users\Admin\AppData\Local\Temp\nsxB372.tmp\7z-out\resources\app.asar.unpacked\node_modules\sqlite3\lib\trace.js
| MD5 | e5c2de3c74bc66d4906bb34591859a5f |
| SHA1 | 37ec527d9798d43898108080506126b4146334e7 |
| SHA256 | d06caec6136120c6fb7ee3681b1ca949e8b634e747ea8d3080c90f35aeb7728f |
| SHA512 | e250e53dae618929cbf3cb2f1084a105d3a78bdfb6bb29e290f63a1fd5fbb5b2fab934ad16bc285e245d749a90c84bdc72fdc1a77af912b7356c18b0b197fbe5 |
C:\Users\Admin\AppData\Local\Temp\nsxB372.tmp\7z-out\locales\zh-TW.pak
| MD5 | fb25eb737df0e863cd83b0472249b64f |
| SHA1 | 3f9d0d847bb9eea9bc5c89371fd4665da1a485f0 |
| SHA256 | f1bd51245e56bcf324a8a94c4a572be031f2fd0db4d828471e563f64d8ecc79d |
| SHA512 | 075bb8edd2743e980cb842ad359a16023a3280c560ccdd17150e7cdc179fbcd0de3415ab591d7877ac3a8dad84fe8defb0059fa0d3468553230d27b7d1bd7c03 |
C:\Users\Admin\AppData\Local\Temp\nsxB372.tmp\7z-out\locales\zh-CN.pak
| MD5 | 6e7c237143cc765ac3abbe0685fa2afe |
| SHA1 | 40166c23aa75b8079ca16db2f5bcc938dfac312a |
| SHA256 | 9cda0f5736ab40650d10dd93f35316c45d5db9c596b270a9476cdd19d624c7d1 |
| SHA512 | 2c2b6c50e52e1613f1976c86670dab5c4a7b06ff1746da0737bcc72271fe7531d8d909de2064cc2086c4b04352325fafb9c8bb181bc074dd62ba0e7a607fe011 |
C:\Users\Admin\AppData\Local\Temp\nsxB372.tmp\7z-out\locales\vi.pak
| MD5 | 8f8a783772b0b3ed9e1858074a3106c4 |
| SHA1 | fdfa166ddfc0e9101bdcf5e76d422b29444d4772 |
| SHA256 | ad778e5e76648700192dfb6a27c6be743935de00e3a75f208f3c1d3f6d3fd1c9 |
| SHA512 | 690a006b94cc8a34ac0fa904b2c175688cd1468385537bd3927a91550c137086a8ce75a2794be0126bc0eb44a498b01bf94c05237895a82125016c7463b4f161 |
C:\Users\Admin\AppData\Local\Temp\nsxB372.tmp\7z-out\locales\ur.pak
| MD5 | bb7d36ea38a066f9939b858ca3bba8d8 |
| SHA1 | 78a18e7d6e82ebe9f99161432ac0363928d2c2d1 |
| SHA256 | 8ab35f7d357a38922acc42c663089ef4e0ef42ce56e212c26507bd110c8e8967 |
| SHA512 | 1b4a82c5065170c551de28812f6c99cd47a22209d97cf0723197bad15872d98fffba0cdf4db87440a84fc9cd0d2a3cd771074b254f12fd7658e7f9aad732a854 |
C:\Users\Admin\AppData\Local\Temp\nsxB372.tmp\7z-out\locales\uk.pak
| MD5 | 7d6b378c369e8a132a1134ffb3921d26 |
| SHA1 | 1c3c9c67613a4798ab2d4bdaaa0fe5ad80eee876 |
| SHA256 | e8ffe116ebbdaace51d9e62fe3c119eb354b244a8395f82d61b67dc8e3b3abb7 |
| SHA512 | edc526149fef6530c25a13725f33f7a4e9bb56b1b28fb1936609edc4c195153d5276d4ff61d7be9c2cf99835273809502168d7c8b0049c6b670ee226eab8e6ff |
C:\Users\Admin\AppData\Local\Temp\nsxB372.tmp\7z-out\locales\tr.pak
| MD5 | d03ea83a0ed60cdd6607d16cfbaadb7a |
| SHA1 | 8463e4a4985ce85efb7b7b1b54e384f7043dced9 |
| SHA256 | 5fba0fce51cc3f9767d2cfdaef1192507f18b83235879aacc8f63b30880c8f00 |
| SHA512 | 3c7c7e6b98372bff436acbb31f4e0205c8b797221162f969464dad88fcace1d5f445b57beef96526c1610cfb3a589aa5c120fa6cceb06dc6bdaeddefe8de72e2 |
C:\Users\Admin\AppData\Local\Temp\nsxB372.tmp\7z-out\locales\th.pak
| MD5 | b60a9df804f0f3b0f1c11f1d6bd9ba7e |
| SHA1 | 104970e408e1a138cac373d2938691f82ee8e52b |
| SHA256 | 6cf15aee57658d55ea0ff07dae2fbad7981093e7acf54014347307e3bd1aad08 |
| SHA512 | ebd852b91b37b53f40f0e7e987d3814a3f7f273a6291ba18b4c6df9def01c9ec879e067bf542f0ad2efb1755af1180ac5a51d772ec61529eddd1d1e80c3c2e82 |
C:\Users\Admin\AppData\Local\Temp\nsxB372.tmp\7z-out\locales\te.pak
| MD5 | 352b392c6e074a1b77a833b3534cc710 |
| SHA1 | 49465bb9bfd3b82ceacda34e81be8e04f20e275e |
| SHA256 | 4f565637cf197a38c3f2a650cdfac05995fee8da2b9216998ab3ef7937ce7e74 |
| SHA512 | b9115987bef17dc05ff4c434d5dcee3e36c706015cf02592c154b60910bf86de578becf8470967bfcc7a28063155be6934f0d26713bd6f14ae4e3d637b4df69c |
C:\Users\Admin\AppData\Local\Temp\nsxB372.tmp\7z-out\locales\ta.pak
| MD5 | d23049c7d1e0f829ad88274784927547 |
| SHA1 | efaa69205c4811af251d7ccaaa9c7cf81c10d6c2 |
| SHA256 | 9e3e0c909becc8bdf9c7cc1f9e401c464e7756e30369d40c709ea2dd942660c9 |
| SHA512 | 839b2323bc02ca605354d7f23474b9de1a9525fdfc9814d5773984090d1dee8dbd925078687bfdfffb416666701e42513e3bdee8aedfc3281194aa18e9e33ad7 |
C:\Users\Admin\AppData\Local\Temp\nsxB372.tmp\7z-out\locales\sw.pak
| MD5 | b49abf12ae1a019f170dbe514a9341f0 |
| SHA1 | a17d7ce05d6e75563d364e8e97be70bbed5b2ab6 |
| SHA256 | d85642b0783e1999fadf82aedfcaaf03a35572ca15a9e4f9eb8e1fcaca2ce29c |
| SHA512 | 147e80cd5c521bdba44778a6f605e330a589482625d4229bc6b0754edb1b41e8e1ebfa7dffe4c0ffb9d9342a95fef8f9109935a9b9d111e21af1e70b0806fa70 |
C:\Users\Admin\AppData\Local\Temp\nsxB372.tmp\7z-out\locales\sv.pak
| MD5 | 69fc76751f44f10e32009b09268f2e38 |
| SHA1 | 66d31349c8f5acedfe384f9525b6db4bed9acd4e |
| SHA256 | a851c7537b895145f45f395c92ca273610f19f109c959b368672a5a92175aa83 |
| SHA512 | c9912382da93d3669832a77c66a64232b438eb6fa4ca6bc2243b0c11dbedef940f45d290fc6934312e3a1ce396f7b14821ce433388132e0e8634c1fa7400dad0 |
C:\Users\Admin\AppData\Local\Temp\nsxB372.tmp\7z-out\locales\sr.pak
| MD5 | 6f327ce1d0e7131c483be9ee0c6a1c21 |
| SHA1 | 26da43c4b16b6b0e2de9a8ed85cd63c202acf00a |
| SHA256 | 068c3f92a20c5202b592e26078d6aca908d39e2fc325a605166e7235a73366b2 |
| SHA512 | f36b99a76130f08d8c3f2c98add812f6a1a0815d4f895c697486a195bf04b8f43e591c73da34cfb40c07d9153466ea727dc644b9f9424cd4fc4b021d1a98f215 |
C:\Users\Admin\AppData\Local\Temp\nsxB372.tmp\7z-out\locales\sl.pak
| MD5 | 4072bad3315b78fd05787a9fb97e9af6 |
| SHA1 | 267209a3bde1b362351ea473874d5d40d9ef30ed |
| SHA256 | 10676c91bac7b80d314a1d7a934bebc5104ed730bd4eb78d84c497f7e07b5510 |
| SHA512 | 9a858d4d11f7476b030f3c9bb852a70ae501f34afa0eae2756f2ad59d8dab9983a4b5dffa11b9b7eb578fd52b3ed72094b807b82b93b4c4536ce59309fc0fab3 |
C:\Users\Admin\AppData\Local\Temp\nsxB372.tmp\7z-out\locales\sk.pak
| MD5 | f987110e03dff6a6104d3c9767139439 |
| SHA1 | 0817884ab9064978de99909e7e376d067019e1b9 |
| SHA256 | 4fabe714236712d691908751b42e947fb03a4b1a439e7a84335e7f18f87625e3 |
| SHA512 | 91a609fa129394ae23590c72a6007bb6591e4e08342ff0d6ba184c8eb09413ed294ca15f13b92f7558823523a0272f5af6841d7e426177c803be1062f9842d9b |
C:\Users\Admin\AppData\Local\Temp\nsxB372.tmp\7z-out\locales\ru.pak
| MD5 | 8243216c5cf42451a8705fdc0a5b8b5c |
| SHA1 | 76decf1dfffdc775c5b285436573c8583f214119 |
| SHA256 | f6538645321dfa0f2ee3f17284ff72800f6a678df3f5b7d729d02a4496adcce1 |
| SHA512 | 508c9b4d81b9d09a1306dfe707faaac9072d2c194ccddccbad2bed871c68a78a3e8f527fd8f9ee67d08f6147def43ac2dc43deed9797a98cb5d80c0486fbf8ad |
C:\Users\Admin\AppData\Local\Temp\nsxB372.tmp\7z-out\locales\ro.pak
| MD5 | 5d5a27c52ae905fd85f5d50cb793e7ca |
| SHA1 | b858bba1ef66c4d3943be19a4bf8a508c23e6671 |
| SHA256 | 9ff47f6890b3f543bc51015f263e791d8a3bc332098f8cd8199852fa131fa579 |
| SHA512 | f4754951ff0dd3f1ec2c0859a93422330145f9e4e3407bb7f95863c85227b96d3f8af449c0a051b60f333df3695eea5df70fd5f7fe4916e60eb6f7c4c21aa5e2 |
C:\Users\Admin\AppData\Local\Temp\nsxB372.tmp\7z-out\locales\pt-PT.pak
| MD5 | 62071f5b1b93161b03b66faa3e0ec71a |
| SHA1 | 969d82d8d0b2b82e7cb9af7f59825ba211b0ca8f |
| SHA256 | 953f8245585ebb637b2d2134b24118f2baa9c28211ea007a8605fa57c7df21f5 |
| SHA512 | b463844e7d620076a4cc11d5ad3e9aae52f0375f5eea16f5621a30043ba570baaf3c42050bff7d740eb9bd8274c190787a9d7d57bcffddba62eaaa8b7c4523bb |
C:\Users\Admin\AppData\Local\Temp\nsxB372.tmp\7z-out\locales\pt-BR.pak
| MD5 | 75d9da45b6a34aed360c0897dc956418 |
| SHA1 | 90f15ceb5cf0cbaef021de42acaae323c9023cb8 |
| SHA256 | 77d29b746b4028ae7072d5f74ffe1cbdc66b180a36eeed71e52ef1f7b824cddf |
| SHA512 | df2d0ef49e4f836d5209f53254cb58b76d13a36eee14ae559f6fbe0be6b8421cde4152f48d44997c81ffb32e089ea46bd4a9de85e1bbd12dfcdcb356f1798629 |
C:\Users\Admin\AppData\Local\Temp\nsxB372.tmp\7z-out\locales\nl.pak
| MD5 | f4c35847247ff2c58a68c35718e3f358 |
| SHA1 | 17f8af1473eb3bf8bdb3d16711bb359b59cbaf4a |
| SHA256 | a400121adbb26c97a95e3f573f370ec2c37fd435132828c04b467dac47352904 |
| SHA512 | 6179e275c71a9df4a7da517944048a782a2cb3f16c164ead8c788efc5c56e155c9770530a4fea9360ab478b78c233e183ee8afdf17c8cb871848b09a609c1f12 |
C:\Users\Admin\AppData\Local\Temp\nsxB372.tmp\7z-out\locales\nb.pak
| MD5 | bc18e28f676138795d19d95e73e3f246 |
| SHA1 | f4ae51b49a69b4a32f2dd8c09784ebde1e6d018a |
| SHA256 | 1df78fd35431f167def5c496e441775a265d3eb1e64a4cc0fb7fe0201c1ce8b8 |
| SHA512 | 3620554d7e614373038c278a7bc6a9388fb66abbeba28d0935f2a2f7203a8510b264a6df85e70e3b82e08588611e48a64e4e1c91470f72c95c05cfb8649e8c52 |
C:\Users\Admin\AppData\Local\Temp\nsxB372.tmp\7z-out\locales\kn.pak
| MD5 | e4865513d7c57bd48171ade28bc4aaa4 |
| SHA1 | 1791131c3fc654bc0aef00927f41672f700720d7 |
| SHA256 | a1b23f794547f06510adf767b23a47df68ae864b059f8657bb78dd8b352de232 |
| SHA512 | c7487fb37ebb2108218021b6a93e62d6836248d1602e7847864cc0ebe7fcd87554220bd3fff0c7bd6fa6f7bd200811b8d30e421b76717e37c7e110f88cc40d15 |
C:\Users\Admin\AppData\Local\Temp\nsxB372.tmp\7z-out\locales\mr.pak
| MD5 | af7c7d72a968e1936f26a3c755157f6b |
| SHA1 | 2ec71950847f5fb4b85697b6acd05224c28bb092 |
| SHA256 | e5702b9578435abbbcc922f1d4ff8c5a345856926c2174c329e228987c3ac7d5 |
| SHA512 | d265eeee96adafc3ced76901c9263bc1cb349caf925a02d5deb010c02843fb653a17e1e8a4e942c9912f654316c4a7a1776e6a7eda56ab82ae9d4d077a58a929 |
C:\Users\Admin\AppData\Local\Temp\nsxB372.tmp\7z-out\locales\lv.pak
| MD5 | df9985ecfc958f343ab7e56e71149d71 |
| SHA1 | fc0d2c4a194d500a1f4cfafcd9102186016ba5a3 |
| SHA256 | 7e17246e23ca2d0241d56d91b5d5e6bfb3ff4e08f1a3734f9d032b4191282fa2 |
| SHA512 | 0dd65eed7a5bccee0ac5e2826f0cceed848dff0d0d41904e00d35cec9d96fc0b91a4eb54fbcf0bbba61f89848562a606f9f7aa827cb180abe7e97a2e77a29309 |
C:\Users\Admin\AppData\Local\Temp\nsxB372.tmp\7z-out\locales\lt.pak
| MD5 | b02bf54687716b5d5f18aee02411a980 |
| SHA1 | 4cf766077382c49fb89d59d861de0f482f989798 |
| SHA256 | 0b0e3fcb82ddca52f9eb1ff9e1ee224639ff81f1c0af6ded4e21944811babc0b |
| SHA512 | aea879ac96a5719e8988011a7b82726bf51a24e170e260182146191f43914cd50991928d2283277d173ad650f7cfb1246fad9445260e9ca0769052079d431f25 |
C:\Users\Admin\AppData\Local\Temp\nsxB372.tmp\7z-out\locales\ko.pak
| MD5 | f0805980b4bba19fd7cecdae6d6ed77d |
| SHA1 | fee432cc162890c5c8d22f6028f9086c8f47267d |
| SHA256 | 11f4f99e5f7d04b263f615d9d0716c0852b8c63a07212d14604373853aa78588 |
| SHA512 | 03a97e36dbcae88b0fa9fec326bd99bf5c454889ca3bcf151b34003fac161001c1e08082b07974b6c8e01cc54f6b20f810c3bbe446494356403288e24e6b46df |
C:\Users\Admin\AppData\Local\Temp\nsxB372.tmp\7z-out\locales\ja.pak
| MD5 | 946afe803f1bd37cac8cefb9892e8387 |
| SHA1 | 6a5ab4129843129ff926735acc4be53028a8d5bd |
| SHA256 | 91084c3d2709fed5c912fd55b2499c394b3a8ebba5032d03056845f88a141ffa |
| SHA512 | 4bbc76a738b9639d4a2fda9e1dc87c84bff660c84a01e3a54f544ec2421d20d9eee4c951a59ff8ed5950a00359bfb63ef1afe953b5cf5910923428a4d864ad71 |
C:\Users\Admin\AppData\Local\Temp\nsxB372.tmp\7z-out\locales\it.pak
| MD5 | d26fd02972984599d1a60ebfce4ee7b0 |
| SHA1 | d1767c68628c8b1449b4670fc40c355d367b0a97 |
| SHA256 | 75e90045cdafecc013f62097e1aabae18362954cf993eb4f78ed1639e3468186 |
| SHA512 | 06722bae30ade4bae70130918e3d6f99e54d7fca37b3798f8ed3d269cf52c37e1280a08313c9f9dedac80da149446bd0414cd36e345bfea3a1b7409b7d2f3464 |
C:\Users\Admin\AppData\Local\Temp\nsxB372.tmp\7z-out\locales\id.pak
| MD5 | ee466128c7bd5f01d518d0c3c9202f39 |
| SHA1 | 74b7cb96c1e495885651e50907efe56d2567955f |
| SHA256 | 6f86ea779e49c8eb24ed6ba416ad67d5e08f8a3673c68e4cfad19475e12a2911 |
| SHA512 | 9d88780e52c1cca9f89ed0ead244a763209848d1315f7177c1db3251214d363e78b32d439328304976804beb781fd07a0cc9f9e300431aca16ae6afaa6f57be6 |
C:\Users\Admin\AppData\Local\Temp\nsxB372.tmp\7z-out\locales\hu.pak
| MD5 | 1744609aa48694daf1058e6da1157696 |
| SHA1 | a97ba8118e91bb952c24adf19104ca54d4eb8694 |
| SHA256 | 89c47beea85d50c88af6f94597f827bfa657ec73570cb4b3ffbc3ff91164ba89 |
| SHA512 | f64c8fd18f877283bef39c999f754ddc212fc8ba981d282f66443c6fea51e89a5c4a2aa37aae7b69c35a60bdf9b8f5698d2cc72e28e10d70747ce0f7d665ce8d |
C:\Users\Admin\AppData\Local\Temp\nsxB372.tmp\7z-out\locales\hr.pak
| MD5 | 62bda7cc99b6dc1503332e752f87423f |
| SHA1 | 0187ca29d12971ce201d5513e45648898806d701 |
| SHA256 | 4171bbd2229ed5a7638b74e32d7aa0e643cbc99051d92a80e7da5a31400ae69c |
| SHA512 | 6acdc6618bfb1d2ba7ce912f959c25a48f987dc6c6507c8c5bac22988ddb8b2cbb8aca8fc3d40b2e8b7b6fbd417bde2de34b91b8fc778ba78c182aedb722be06 |
C:\Users\Admin\AppData\Local\Temp\nsxB372.tmp\7z-out\locales\hi.pak
| MD5 | cbf1e19ed157d39bfe70a17805ea3cc3 |
| SHA1 | e37f6f428e8478f50999899ce70f49e60d2fd758 |
| SHA256 | 00670d07269facbd70e3949f3da5a73f584e08a6e901ac8a3b1767fc439c975a |
| SHA512 | 84f8af3ef49c8f970e7ac2ad61ec92fc21057767afb93116fbc11837b6d7130901245bcfcae53f158f6f09f3a8e59900a6444a5ba9364b2c38196631c5244258 |
C:\Users\Admin\AppData\Local\Temp\nsxB372.tmp\7z-out\locales\he.pak
| MD5 | 41227774510c0d2ea4637dbffe500000 |
| SHA1 | 3d8a20158dee92d5b5ce1a2c852352a50ae62282 |
| SHA256 | 90f11a1c09fcc4a5fd5d6f753bea04af93ff8ddf4372a5f84a15fc2ccb444c95 |
| SHA512 | 40e8a5d8c3e1b481074da9bb48ad82a64849386d9512ecee8fd426d6def32a8930fab316e3c5d686d7706b6bc975913d7d75e69a0c150b74dc8bb45620e82140 |
C:\Users\Admin\AppData\Local\Temp\nsxB372.tmp\7z-out\locales\gu.pak
| MD5 | cd212ed25482d2b5a246440b62c4fbbf |
| SHA1 | 197f3616dec4fb308e0ec5a17458ef8a2d027cd1 |
| SHA256 | 0e8762ac08963088c33b74ee790df95370bbfc298bae8abfb87eb1307ef46d37 |
| SHA512 | 207d3e9a6bfbd3eb19cf53a0a300eb0172ecb872496d627ac5b55b9ea11d52f24f01393893450fefaa3c42bb481129d54e552679f2f67a2af0e117d12464601d |
C:\Users\Admin\AppData\Local\Temp\nsxB372.tmp\7z-out\locales\fr.pak
| MD5 | 1904b22bbb5d52255f80c541253971ba |
| SHA1 | 0ead9bd15bd115775728a6cada2136367fe34b87 |
| SHA256 | 25eb9ea0d0007b5d4c5065fb77486c723d718a1496aa52013d1ea098987f44d0 |
| SHA512 | 6d4f4a9dde7d22624ef3c28e4cf4a8de8255125aca0c5efca0bae69f040aed2651649f415acdf491593634adce0e4d88ee6439705115bfec25caae34a57f1003 |
C:\Users\Admin\AppData\Local\Temp\nsxB372.tmp\7z-out\locales\fil.pak
| MD5 | 4462eeada117fea1198a3a9cc370e8df |
| SHA1 | c8b6f588ab35f485b88480e58db59c7a34c4ef0b |
| SHA256 | db27ebc5b34d14be370e7068b4bab4fe12fdf090bc1a4f0bad81740aee974695 |
| SHA512 | 8a69a11f33ce1fdccb3aa7b1dac981f9d6c9d64669e3f97265bef5862e20bbc62d568b8e64fa33cae3143096b009ecb904f0f32f6dc593a8702f94d4e3f52d20 |
C:\Users\Admin\AppData\Local\Temp\nsxB372.tmp\7z-out\locales\fi.pak
| MD5 | 15b4ed60de11e5fb956d624032e8b242 |
| SHA1 | 94e7f2b7a62c4164511be53d59769299b8a02185 |
| SHA256 | f040febcc899b194a6908419b4bc225ed3d53ec478988ed7a50e8438c80d9606 |
| SHA512 | c67e22f75820b921f8519ddf064a0fd7d93abf0539b06a62592ad00ba9cc237b1297acf5eba15f7e1444916e90c9dc89e116704866d242d1bdcf0c90cb8c0058 |
C:\Users\Admin\AppData\Local\Temp\nsxB372.tmp\7z-out\locales\fa.pak
| MD5 | 99ce096115521566ffc685703f9cdbfd |
| SHA1 | 27cccf6b8f6939d17da4b884998e577392b97221 |
| SHA256 | 645a43a0101eea39dc6b29ffd71a4836a03ebd7070e61aa962025257aea59375 |
| SHA512 | 42df640778ae722b82a62e527711a57c883e9d315d54ea7e484d7a8f631abf3f5ea1498d6c5cbd004fe971fd357a0b8d40ab4934fc84e03565da3fb0b23184c8 |
C:\Users\Admin\AppData\Local\Temp\nsxB372.tmp\7z-out\locales\et.pak
| MD5 | 96febc2a296af99758050eef3ed97712 |
| SHA1 | 26f8751ccfe0b1bed9db532dbac1034a02b7f48a |
| SHA256 | 678e50d9785c14f205baff60760decf64f765a98863e000abe44dcc6f22b5d0d |
| SHA512 | bfc8a9051360338c61dc46040b006808b57ee20ce170c4645bf5fd83a643c3107bbc1752fd2486a9ab8250a84ff0cf832f381c523cc49cd08486eae489c4d45e |
C:\Users\Admin\AppData\Local\Temp\nsxB372.tmp\7z-out\locales\es.pak
| MD5 | 070cbd6f42db1cb9b6a2f74e03d6b124 |
| SHA1 | f8830e1c8a601123d85fd75188ed01833f910691 |
| SHA256 | 91de93a4dc9c9276b9ee3ae498bdafaa55fd464c1f20fdaca84c4b79842327d4 |
| SHA512 | 2ebee4e289eb2a19a97c86d1abdc1ad53c6a76b8c1dc28fc89cfde236c4abfbb823bf52573cc0848fd76ed9e0ab2d49def542837bc5c474ca1593fb5ed10a390 |
C:\Users\Admin\AppData\Local\Temp\nsxB372.tmp\7z-out\locales\es-419.pak
| MD5 | 76c82bd947c7d32febb2aeed079de39f |
| SHA1 | e4b8238dcb0d3ffdedbb8a4fdc62ada21b03c659 |
| SHA256 | 89df263a85ccce719cf2b1a5bfb3b2bec5f6f48d0cf1b7ad190b34992aa8309f |
| SHA512 | 5179f1cc0be2a4ad441c08102cbabdd3026ae07f430dfeac2f451863235947d9ff1ef78a8c72ef503085c8daf831b401a58ca6e6b077c7584c50b50005c7c868 |
C:\Users\Admin\AppData\Local\Temp\nsxB372.tmp\7z-out\locales\en-GB.pak
| MD5 | 513c735f8821cd5b8beee4f1c9f976d9 |
| SHA1 | 2552ec0b813aa12b464d813d450e8b6bbc640555 |
| SHA256 | d86bc52d844b9706cf9fc50e7c123ab9a6372dd3190a65a88bff7d57f64af362 |
| SHA512 | 9482f73155c0a838615ddeb4ea5e2db86f12d973c2288922f361de27025f49f714cb6db6eca09a4ef6abaab6b849800850fc72e5bd1314ad3262da66d4dc6b5b |
C:\Users\Admin\AppData\Local\Temp\nsxB372.tmp\7z-out\locales\el.pak
| MD5 | 14f52763959d29febddbe25c86336e70 |
| SHA1 | dbde678a721d4fba97d5bf2703faac230794128c |
| SHA256 | 7134776724c07c2df17f6ba0c3c26a2a536d512e913d1d9c5585e600895e695a |
| SHA512 | 1f49a299a9fe76ab93a30ac17e1bbf3eddb20c6278740d7739e0044f867f35e65a0cd98654ab0ed60a43e268eb7258768cb8f35a254fbf31bf22ff4af7c3f96d |
C:\Users\Admin\AppData\Local\Temp\nsxB372.tmp\7z-out\locales\de.pak
| MD5 | d847de7e4970ad17615f7a454be60d06 |
| SHA1 | e6cd24f4ca42499c12c92f90077977921a66e016 |
| SHA256 | 41e503b5e5638cccac6b0165d6c2d2b583e3a6190f3b1dd2e8dd25494d3bdf96 |
| SHA512 | ab782cdf2fcf20d24cb3cb3c70989901146709610809a3ecb0ba86b312f11c5b1fca3d66b04d6a6ad3f111f2f2c8749da9d1f8d1ead08c8e7635bd6f1f6a00f0 |
C:\Users\Admin\AppData\Local\Temp\nsxB372.tmp\7z-out\locales\ca.pak
| MD5 | d4f81d8d816d93e8e6ec3f82cd8f12c4 |
| SHA1 | 2cc552022a6963f6bab97e41ecd78bb945a2ec34 |
| SHA256 | 50657071f311dc06c746346a25d10642f182519c1eb3ab898421722271bf2c66 |
| SHA512 | b344d5b336699f5efa4e235c7f67ea43278b348df9942f7a86ac52e29172794672d71e80501987867900ca075be0e47228f6cb898a39b66c80acbd0d9b14b371 |
C:\Users\Admin\AppData\Local\Temp\nsxB372.tmp\7z-out\locales\ar.pak
| MD5 | 5fbed215d9555f2be88e8a41407a0a72 |
| SHA1 | 744bd7b5276cd4e69a6610d35e3c9e5d62dbe49a |
| SHA256 | 5f1b06de1f8105ccebb79651781fc219013048951a6e1b15a2c4f567ee45e88f |
| SHA512 | 0c0d2d1d3d07528afecf1862011ce2ddd27c9c286b5edeb03cd80a9ffde584bf0a71ba6292c969e3261a958a9bfddd291746253268479c090f54559720dcac36 |
C:\Users\Admin\AppData\Local\Temp\nsxB372.tmp\7z-out\locales\am.pak
| MD5 | 99f01e85f82f70b919f3de6a29bc2255 |
| SHA1 | bd229bbb9a15d128d3dafb107533ed2b74e0b778 |
| SHA256 | fdbbf59c2f6d4e9d6bf8bc7209511850bb337b0a49a25d39779bdd0e105f1682 |
| SHA512 | b3b7199f60af430bc98fc937e12b0a2c67b446f0217e01b543882313336f55def3cc6317cf1ef49766ceb1e171e70cbd78e8acecc3cc1c8409e76f4d98d347a6 |
C:\Users\Admin\AppData\Local\Temp\nsxB372.tmp\7z-out\locales\bn.pak
| MD5 | ea7cf62cd5373f016ee15773394cc33d |
| SHA1 | 582299514e86802707fd6e45a170da7a5b5f3da0 |
| SHA256 | dedf3a8c24b13eafd99d9bc44dfc4d7a74f01eda532e05c8d61b4457f348fd09 |
| SHA512 | 482ce2f374e5bba511e60843736811ab1f8d3aa52a020c78505e95b1ad0a924531a952ff792116ef7ef55cf027640ac88885f13513757c8883b37d7ae57c9a13 |
C:\Users\Admin\AppData\Local\Temp\nsxB372.tmp\7z-out\locales\bg.pak
| MD5 | 78209e3acd074e521b73382ec462e497 |
| SHA1 | b112c4ced00c140410a1faf8204772d1fd14abed |
| SHA256 | 086e2955bc5dbba52b0ab055bf788bd7852a851a29bf1249dbd134713f04e6f4 |
| SHA512 | 789f13ba6b98b0b181bbd75f3a099a39d33b43bd6a0172688da570c3087cdbc4975e36e5c40f0f3298648dfb777613b0b2001d6873a2c6bee41e82355d960fd9 |
C:\Users\Admin\AppData\Local\Temp\nsxB372.tmp\7z-out\resources\app.asar.unpacked\node_modules\sqlite3\lib\sqlite3.js
| MD5 | 275019a4199a84cfd18abd0f1ae497aa |
| SHA1 | 8601683f9b6206e525e4a087a7cca40d07828fd8 |
| SHA256 | 8d6b400ae7f69a80d0cdd37a968d7b9a913661fa53475e5b8de49dda21684973 |
| SHA512 | 6422249ccd710973f15d1242a8156d98fa8bdea820012df669e5363c50c5d8492d21ffefcdfa05b46c3c18033dde30f03349e880a4943feda8d1ee3c00f952b0 |
C:\Users\Admin\AppData\Local\Temp\nsxB372.tmp\7z-out\resources\app.asar.unpacked\node_modules\sqlite3\src\threading.h
| MD5 | f2a075d3101c2bf109d94f8c65b4ecb5 |
| SHA1 | d48294aec0b7aeb03cf5d56a9912e704b9e90bf6 |
| SHA256 | e0ab4f798bccb877548b0ab0f3d98c051b36cde240fdf424c70ace7daf0ffd36 |
| SHA512 | d95b5fda6cb93874fe577439f7bd16b10eae37b70c45ae2bd914790c1e3ba70dfb6bda7be79d196f2c40837d98f1005c3ed209cab9ba346ada9ce2ed62a87f13 |
C:\Users\Admin\AppData\Local\Temp\nsxB372.tmp\WinShell.dll
| MD5 | 1cc7c37b7e0c8cd8bf04b6cc283e1e56 |
| SHA1 | 0b9519763be6625bd5abce175dcc59c96d100d4c |
| SHA256 | 9be85b986ea66a6997dde658abe82b3147ed2a1a3dcb784bb5176f41d22815a6 |
| SHA512 | 7acf7f8e68aa6066b59ca9f2ae2e67997e6b347bc08eb788d2a119b3295c844b5b9606757168e8d2fbd61c2cda367bf80e9e48c9a52c28d5a7a00464bfd2048f |
C:\Users\Admin\AppData\Local\Temp\nsxB372.tmp\7z-out\resources\app.asar.unpacked\node_modules\sqlite3\src\statement.h
| MD5 | 0b81c9be1dc0ff314182399cdc301aea |
| SHA1 | 7433b86711d132a4df826bae80e58801a3eb74c9 |
| SHA256 | 605633ba0fb1922c16aa5fbfffed52a097f29bf31cee7190d810c24c02de515b |
| SHA512 | 9cf986538d048a48b9f020fc51f994f25168540db35bdb0314744fdec80a45ba99064bc35fe76b35918753c2886d4466fdd7e36b25838c6039f712e5ac7d81b3 |
C:\Users\Admin\AppData\Local\Temp\nsxB372.tmp\7z-out\resources\app.asar.unpacked\node_modules\sqlite3\src\macros.h
| MD5 | b60768ed9dd86a1116e3bcc95ff9387d |
| SHA1 | c057a7eebba8ce61e27267930a8526ab54920aa3 |
| SHA256 | c25be1861bd8e8457300b218f5fa0bba734f9d1f92b47d3b6ab8ee7c1862ccbe |
| SHA512 | 84e0670128f1d8712e703b6e4b684b904a8081886c9739c63b71962e5d465ac569b16cb0db74cb41dc015a64dcc1e3a9a20b0cf7f54d4320713cc0f49e0f7363 |
C:\Users\Admin\AppData\Local\Temp\nsxB372.tmp\7z-out\resources\app.asar.unpacked\node_modules\sqlite3\src\gcc-preinclude.h
| MD5 | 55a9165c6720727b6ec6cb815b026deb |
| SHA1 | e737e117bdefa5838834f342d2c51e8009011008 |
| SHA256 | 9d4264bb1dcbef8d927bb3a1809a01b0b89d726c217cee99ea9ccfdc7d456b6f |
| SHA512 | 79ed80377bfb576f695f271ed5200bb975f2546110267d264f0ab917f56c26abf6d3385878285fe3e378b254af99b59bdb8bbcab7427788c90a0460eb2ee5b77 |
C:\Users\Admin\AppData\Local\Temp\nsxB372.tmp\7z-out\resources\app.asar.unpacked\node_modules\sqlite3\src\database.h
| MD5 | de31ab62b7068aea6cffb22b54a435bb |
| SHA1 | 7fd98864c970caa9c60cfc4ce1e77d736b5b5231 |
| SHA256 | 8521f458b206ed8f9bf79e2bd869da0a35054b4be44d6ea8c371db207eccb283 |
| SHA512 | 598491103564b024012da39ac31f54cf39f10da789cd5b17af44e93042d9526b9ffd4867112c5f9755cb4ada398bf5429f01dda6c1bbc5137bea545c3c88453b |
C:\Users\Admin\AppData\Local\Temp\nsxB372.tmp\7z-out\resources\app.asar.unpacked\node_modules\sqlite3\src\backup.h
| MD5 | 29dd2fca11a4e0776c49140ecac95ce9 |
| SHA1 | 837cfbc391c7faad304e745fc48ae9693afaf433 |
| SHA256 | 556ba9af78010f41bc6b5b806743dc728bc181934bf8a7c6e5d606f9b8c7a2e9 |
| SHA512 | 5785667b9c49d4f4320022c98e0567a412b48a790c99569261c12b8738bde0b4949d3998e2b375540ede2ff1d861cad859780ade796b71d4d1d692e1ed449021 |
C:\Users\Admin\AppData\Local\Temp\nsxB372.tmp\7z-out\resources\app.asar.unpacked\node_modules\sqlite3\src\async.h
| MD5 | e8c5e5c02d87e6af4455ff2c59c3588b |
| SHA1 | a0de928c621bb9a71ba9cf002e0f0726e4db7c0e |
| SHA256 | cce55c56b41cb493ebd43b232ff8ffc9f5a180f5bab2d10372eca6780eb105f6 |
| SHA512 | ed96889e0d1d5263fb8fed7a4966905b9812c007fbb04b733cadbe84edc7179015b9967ff5f48816ff2c97acf4a5b4792a35cee1f8fce23e5fdc797f8ee0c762 |
C:\Users\Admin\AppData\Local\Temp\nsxB372.tmp\7z-out\resources\app.asar.unpacked\node_modules\sqlite3\lib\sqlite3-binding.js
| MD5 | 8582b2dcaed9c5a6f3b7cfe150545254 |
| SHA1 | 14667874e0bfbe4ffc951f3e4bec7c5cf44e5a81 |
| SHA256 | 762c7a74d7f92860a3873487b68e89f654a21d2aaeae9524eab5de9c65e66a9c |
| SHA512 | 22ec4df7697322b23ae2e73c692ed5c925d50fde2b7e72bfc2d5dd873e2da51834b920dea7c67cca5733e8a3f5e603805762e8be238c651aa40290452843411d |
C:\Users\Admin\AppData\Local\Temp\nsxB372.tmp\7z-out\resources\app.asar.unpacked\node_modules\sqlite3\deps\sqlite3.gyp
| MD5 | 0e4d1d898d697ec33a9ad8a27f0483bf |
| SHA1 | 1505f707a17f35723cd268744c189d8df47bb3a3 |
| SHA256 | 8793f62b1133892ba376d18a15f552ef12b1e016f7e5df32ffb7279b760c11bd |
| SHA512 | c530aba70e5555a27d547562d8b826b186540068af9b4ccd01483ec39f083a991ac11d0cc66f40acaa8b03d774080f227ee705a38995f356a14abe6e5f97b545 |
C:\Users\Admin\AppData\Local\Temp\nsxB372.tmp\7z-out\resources\app.asar.unpacked\node_modules\sqlite3\deps\sqlite-autoconf-3440200.tar.gz
| MD5 | c02f40fd4f809ced95096250adc5764a |
| SHA1 | 8398dd159f3a1fd8f1c5edf02c687512eaab69e4 |
| SHA256 | 1c6719a148bc41cf0f2bbbe3926d7ce3f5ca09d878f1246fcc20767b175bb407 |
| SHA512 | 59ad55df15eb84430f5286db2e5ceddd6ca1fc207a6343546a365c0c1baf20258e96c53d2ad48b50385608d03de09a692ae834cb78a39d1a48cb36a05722e402 |
C:\Users\Admin\AppData\Local\Temp\nsxB372.tmp\7z-out\resources\app.asar.unpacked\node_modules\sqlite3\deps\extract.js
| MD5 | f0a82a6a6043bf87899114337c67df6c |
| SHA1 | a906c146eb0a359742ff85c1d96a095bd0dd95fd |
| SHA256 | 5be353d29c0fabea29cfd34448c196da9506009c0b20fde55e01d4191941dd74 |
| SHA512 | d26879f890226808d9bd2644c5ca85cc339760e86b330212505706e5749464fafad1cb5f018c59a8f034d68d327cd3fa5234ceac0677de1ac9ae09039f574240 |
C:\Users\Admin\AppData\Local\Temp\nsxB372.tmp\7z-out\resources\app.asar.unpacked\node_modules\sqlite3\deps\common-sqlite.gypi
| MD5 | 0ad55ae01864df3767d7b61678bd326e |
| SHA1 | ffedcc19095fd54f8619f00f55074f275ceddfd6 |
| SHA256 | 4d65f2899fb54955218f28ec358a2cad2c2074a7b43f862933c6a35e69ae0632 |
| SHA512 | aaee895d110d67e87ed1e8ed6557b060a0575f466a947a4f59cc9d111381e1af6aa54d432233716c78f146168d548a726fed1eab2b3f09bb71e0ae7f4fdc69e3 |
C:\Users\Admin\AppData\Local\Temp\nsxB372.tmp\7z-out\resources\app.asar.unpacked\node_modules\sqlite3\build\Release\node_sqlite3.node
| MD5 | 66a65322c9d362a23cf3d3f7735d5430 |
| SHA1 | ed59f3e4b0b16b759b866ef7293d26a1512b952e |
| SHA256 | f806f89dc41dde00ca7124dc1e649bdc9b08ff2eff5c891b764f3e5aefa9548c |
| SHA512 | 0a44d12852fc4c74658a49f886c4bc7c715c48a7cb5a3dcf40c9f1d305ca991dd2c2cb3d0b5fd070b307a8f331938c5213188cbb2d27d47737cc1c4f34a1ea21 |
C:\Users\Admin\AppData\Local\Temp\nsxB372.tmp\7z-out\resources\app.asar.unpacked\node_modules\sqlite3\package.json
| MD5 | 174bf28fccd7fdb6f0766f31fac3060d |
| SHA1 | 655f465658957fbdf935fcb7df0b97c93807147b |
| SHA256 | 91008a93e604674024bd65569670af5b01f1e4caf86cde50835ee58f59a5dc61 |
| SHA512 | fa1be386a3d74767731aa5ad44ff4d89fb456e7feabde2a6e6f238ed4608a80962cadd6b7ff96f15e306a8e819221b66051fa5a7b0658ad52a2efb488492ff83 |
C:\Users\Admin\AppData\Local\Temp\nsxB372.tmp\7z-out\resources\app.asar.unpacked\node_modules\sqlite3\LICENSE
| MD5 | 79558839a9db3e807e4ae6f8cd100c1c |
| SHA1 | ae3dbcee04c86fbc589fcf2547d4aaaeb41db3c2 |
| SHA256 | 7686f81e580cd6774f609a2d8a41b2cebdf79bc30e6b46c3efff5a656158981c |
| SHA512 | b42c93f2b097afa6e09d79ed045b4dd293df2c29d91dda5dda04084d3329b721a6aa92a6ad6714564386a7928e9af9195ac310deecd37a93bb04b6a6f744be46 |
C:\Users\Admin\AppData\Local\Temp\nsxB372.tmp\7z-out\resources\elevate.exe
| MD5 | 792b92c8ad13c46f27c7ced0810694df |
| SHA1 | d8d449b92de20a57df722df46435ba4553ecc802 |
| SHA256 | 9b1fbf0c11c520ae714af8aa9af12cfd48503eedecd7398d8992ee94d1b4dc37 |
| SHA512 | 6c247254dc18ed81213a978cce2e321d6692848c64307097d2c43432a42f4f4f6d3cf22fb92610dfa8b7b16a5f1d94e9017cf64f88f2d08e79c0fe71a9121e40 |
C:\Users\Admin\AppData\Local\Temp\nsxB372.tmp\7z-out\resources\app.asar
| MD5 | feba07fa3221979f9961c5d5c24e508d |
| SHA1 | b316be8390e8558fd607ffa3d08acfa65c0be008 |
| SHA256 | 7f7b8986bfcf882d8d13d299db2bdf4b971084202d499d77a070d13ad8b20f85 |
| SHA512 | 2ff94d45be7239563ac9fca3a62a2ebea59e39c0451e114b9e291b228cf573116eb1e9049cf966382c172b79c215f00fcc0d97841641d54ef6ff8475e4ac61e3 |
memory/4388-909-0x000002EEC3D00000-0x000002EEC3D01000-memory.dmp
memory/4388-908-0x000002EEC3D00000-0x000002EEC3D01000-memory.dmp
memory/4388-907-0x000002EEC3D00000-0x000002EEC3D01000-memory.dmp
memory/4388-913-0x000002EEC3D00000-0x000002EEC3D01000-memory.dmp
memory/4388-916-0x000002EEC3D00000-0x000002EEC3D01000-memory.dmp
memory/4388-919-0x000002EEC3D00000-0x000002EEC3D01000-memory.dmp
memory/4388-918-0x000002EEC3D00000-0x000002EEC3D01000-memory.dmp
memory/4388-917-0x000002EEC3D00000-0x000002EEC3D01000-memory.dmp
memory/4388-915-0x000002EEC3D00000-0x000002EEC3D01000-memory.dmp
memory/4388-914-0x000002EEC3D00000-0x000002EEC3D01000-memory.dmp
Analysis: behavioral6
Detonation Overview
Submitted
2024-09-22 06:26
Reported
2024-09-22 06:30
Platform
win10v2004-20240802-en
Max time kernel
94s
Max time network
151s
Command Line
Signatures
Program crash
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Windows\SysWOW64\rundll32.exe |
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\rundll32.exe | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 712 wrote to memory of 3616 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
| PID 712 wrote to memory of 3616 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
| PID 712 wrote to memory of 3616 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\StdUtils.dll,#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\StdUtils.dll,#1
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 404 -p 3616 -ip 3616
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3616 -s 628
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 217.106.137.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 76.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.86.106.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.23.12.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.31.95.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.227.111.52.in-addr.arpa | udp |
Files
Analysis: behavioral5
Detonation Overview
Submitted
2024-09-22 06:26
Reported
2024-09-22 06:30
Platform
win7-20240903-en
Max time kernel
120s
Max time network
123s
Command Line
Signatures
Program crash
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Windows\SysWOW64\rundll32.exe |
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\rundll32.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\StdUtils.dll,#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\StdUtils.dll,#1
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 264 -s 220
Network
Files
Analysis: behavioral12
Detonation Overview
Submitted
2024-09-22 06:26
Reported
2024-09-22 06:30
Platform
win10v2004-20240802-en
Max time kernel
146s
Max time network
154s
Command Line
Signatures
Browser Information Discovery
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\LICENSES.chromium.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa58d746f8,0x7ffa58d74708,0x7ffa58d74718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2228,13076092139821655061,10637341019561090733,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2252 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2228,13076092139821655061,10637341019561090733,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2300 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2228,13076092139821655061,10637341019561090733,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2652 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2228,13076092139821655061,10637341019561090733,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2264 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2228,13076092139821655061,10637341019561090733,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3336 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2228,13076092139821655061,10637341019561090733,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5424 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2228,13076092139821655061,10637341019561090733,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5424 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2228,13076092139821655061,10637341019561090733,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4760 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2228,13076092139821655061,10637341019561090733,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5032 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2228,13076092139821655061,10637341019561090733,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3580 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2228,13076092139821655061,10637341019561090733,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5028 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2228,13076092139821655061,10637341019561090733,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1868 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 13.86.106.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 74.32.126.40.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 217.106.137.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.23.12.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.39.242.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 43.56.20.217.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 24.73.42.20.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 27304926d60324abe74d7a4b571c35ea |
| SHA1 | 78b8f92fcaf4a09eaa786bbe33fd1b0222ef29c1 |
| SHA256 | 7039ad5c2b40f4d97c8c2269f4942be13436d739b2e1f8feb7a0c9f9fdb931de |
| SHA512 | f5b6181d3f432238c7365f64fc8a373299e23ba8178bcc419471916ef8b23e909787c7c0617ab22e4eb90909c02bd7b84f1386fbc61e2bdb5a0eb474175da4bd |
\??\pipe\LOCAL\crashpad_556_CXKMKDPCEAYSFGEW
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 9e3fc58a8fb86c93d19e1500b873ef6f |
| SHA1 | c6aae5f4e26f5570db5e14bba8d5061867a33b56 |
| SHA256 | 828f4eacac1c40b790fd70dbb6fa6ba03dcc681171d9b2a6579626d27837b1c4 |
| SHA512 | e5e245b56fa82075e060f468a3224cf2ef43f1b6d87f0351a2102d85c7c897e559be4caeaecfdc4059af29fdc674681b61229319dda95cb2ee649b2eb98d313e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\b0035aff-da0a-4516-8b9e-577fa50b1a62.tmp
| MD5 | 8a9c71eab45794566fdd22f94c43012a |
| SHA1 | f695df9f203f4abdee4d912ef5552fe9103370bc |
| SHA256 | 96d6db820045121d39c0975e4528f996a249b60fba492b03ef6dad8ee3e9818a |
| SHA512 | ed585d0f4e0b274c1c31f511b3d6ee2ada32ef5166f8646f3b598a373c88ad2ccf03afa1b7a92db9918150e70e0a6b63c99fe9b0a9dbdb247b62a1a482941bf5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | bab9d72801c22a381ab083248cf67177 |
| SHA1 | c41fe8aa793aa5db99348c89695344e40a619551 |
| SHA256 | 5cf13fc9f6dbbb584575e01ab27bdf5f01e6b02e2f7137677fddd653ddd20280 |
| SHA512 | 3bb2fe8be41185f5eab091437a198f168b26a5e4e47f2f71fc7e9b391a2c0757623853f3c3bbb43e428e24cc67dcdddd99aea0b7cc04ffeb4d3a70acaa934a6b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 28c3b209fec329d4c4e6fd238a78e42a |
| SHA1 | 26e2d13ed8dbdb59a9a517cb524992f438f27870 |
| SHA256 | ee65820c2cdf73fc8c9c76489d1d15bf2cebf3a4935eeb313c8639aa19c1868f |
| SHA512 | c2ef079615045ce3b4b92eb5aebb11a842c9d4fd73f1e315eb346e7769c51f40c615b7ac130081a809e64cafdfd7513470972499e4ee12a09824bc76f078af8c |
Analysis: behavioral16
Detonation Overview
Submitted
2024-09-22 06:26
Reported
2024-09-22 06:30
Platform
win10v2004-20240802-en
Max time kernel
119s
Max time network
158s
Command Line
Signatures
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\libEGL.dll,#1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 232.168.11.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.214.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 17.160.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 154.239.44.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.23.12.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.31.95.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 29.243.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.73.50.20.in-addr.arpa | udp |
Files
Analysis: behavioral20
Detonation Overview
Submitted
2024-09-22 06:26
Reported
2024-09-22 06:30
Platform
win7-20240903-en
Max time kernel
121s
Max time network
129s
Command Line
Signatures
Command and Scripting Interpreter: JavaScript
Processes
C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\sqlite3\deps\extract.js
Network
Files
Analysis: behavioral32
Detonation Overview
Submitted
2024-09-22 06:26
Reported
2024-09-22 06:30
Platform
ubuntu1804-amd64-20240611-en
Max time kernel
0s
Max time network
128s
Command Line
Signatures
Processes
/tmp/sqlite-autoconf-3440200/install-sh
[/tmp/sqlite-autoconf-3440200/install-sh]
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 185.125.188.61:443 | tcp | |
| GB | 185.125.188.61:443 | tcp | |
| US | 151.101.65.91:443 | tcp | |
| US | 151.101.65.91:443 | tcp | |
| GB | 195.181.164.19:443 | tcp |
Files
Analysis: behavioral3
Detonation Overview
Submitted
2024-09-22 06:26
Reported
2024-09-22 06:30
Platform
win7-20240903-en
Max time kernel
122s
Max time network
125s
Command Line
Signatures
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\rundll32.exe | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2916 wrote to memory of 2132 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
| PID 2916 wrote to memory of 2132 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
| PID 2916 wrote to memory of 2132 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
| PID 2916 wrote to memory of 2132 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
| PID 2916 wrote to memory of 2132 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
| PID 2916 wrote to memory of 2132 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
| PID 2916 wrote to memory of 2132 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\SpiderBanner.dll,#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\SpiderBanner.dll,#1
Network
Files
Analysis: behavioral7
Detonation Overview
Submitted
2024-09-22 06:26
Reported
2024-09-22 06:30
Platform
win7-20240729-en
Max time kernel
119s
Max time network
123s
Command Line
Signatures
Program crash
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Windows\SysWOW64\rundll32.exe |
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\rundll32.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\System.dll,#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\System.dll,#1
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2732 -s 220
Network
Files
Analysis: behavioral13
Detonation Overview
Submitted
2024-09-22 06:26
Reported
2024-09-22 06:30
Platform
win10v2004-20240802-en
Max time kernel
150s
Max time network
157s
Command Line
Signatures
Legitimate hosting services abused for malware hosting/C2
| Description | Indicator | Process | Target |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\OGFnPatcher.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\OGFnPatcher.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\OGFnPatcher.exe
"C:\Users\Admin\AppData\Local\Temp\OGFnPatcher.exe"
C:\Users\Admin\AppData\Local\Temp\OGFnPatcher.exe
"C:\Users\Admin\AppData\Local\Temp\OGFnPatcher.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\patcher" --gpu-preferences=UAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=2148,i,6678758150453344440,3695750415835227491,262144 --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version --mojo-platform-channel-handle=2140 /prefetch:2
C:\Users\Admin\AppData\Local\Temp\OGFnPatcher.exe
"C:\Users\Admin\AppData\Local\Temp\OGFnPatcher.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\patcher" --field-trial-handle=2364,i,6678758150453344440,3695750415835227491,262144 --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version --mojo-platform-channel-handle=2216 /prefetch:3
C:\Users\Admin\AppData\Local\Temp\OGFnPatcher.exe
"C:\Users\Admin\AppData\Local\Temp\OGFnPatcher.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --user-data-dir="C:\Users\Admin\AppData\Roaming\patcher" --gpu-preferences=UAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAhAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=1052,i,6678758150453344440,3695750415835227491,262144 --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version --mojo-platform-channel-handle=2336 /prefetch:8
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 217.106.137.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 69.31.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | raw.githubusercontent.com | udp |
| US | 185.199.109.133:443 | raw.githubusercontent.com | tcp |
| US | 185.199.109.133:443 | raw.githubusercontent.com | tcp |
| US | 185.199.109.133:443 | raw.githubusercontent.com | tcp |
| US | 185.199.109.133:443 | raw.githubusercontent.com | tcp |
| US | 185.199.109.133:443 | raw.githubusercontent.com | tcp |
| US | 185.199.109.133:443 | raw.githubusercontent.com | tcp |
| US | 185.199.109.133:443 | raw.githubusercontent.com | tcp |
| US | 185.199.109.133:443 | raw.githubusercontent.com | tcp |
| US | 185.199.109.133:443 | raw.githubusercontent.com | tcp |
| US | 185.199.109.133:443 | raw.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | 133.109.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 154.239.44.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.86.106.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 56.163.245.4.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 48.229.111.52.in-addr.arpa | udp |
Files
memory/2348-5-0x000002311C300000-0x000002311C301000-memory.dmp
memory/2348-7-0x000002311C300000-0x000002311C301000-memory.dmp
memory/2348-6-0x000002311C300000-0x000002311C301000-memory.dmp
memory/2348-11-0x000002311C300000-0x000002311C301000-memory.dmp
memory/2348-14-0x000002311C300000-0x000002311C301000-memory.dmp
memory/2348-17-0x000002311C300000-0x000002311C301000-memory.dmp
memory/2348-16-0x000002311C300000-0x000002311C301000-memory.dmp
memory/2348-15-0x000002311C300000-0x000002311C301000-memory.dmp
memory/2348-13-0x000002311C300000-0x000002311C301000-memory.dmp
memory/2348-12-0x000002311C300000-0x000002311C301000-memory.dmp