Analysis Overview
SHA256
9017b0323e89da60572ff1297494cae4fd5d386512b1abed64c0e0d6dde56b5a
Threat Level: Shows suspicious behavior
The file 9017b0323e89da60572ff1297494cae4fd5d386512b1abed64c0e0d6dde56b5aN was found to be: Shows suspicious behavior.
Malicious Activity Summary
Drops startup file
Loads dropped DLL
Executes dropped EXE
Checks installed software on the system
Sets desktop wallpaper using registry
System Location Discovery: System Language Discovery
Enumerates physical storage devices
Browser Information Discovery
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of SetWindowsHookEx
Enumerates system info in registry
Modifies Control Panel
Suspicious use of WriteProcessMemory
Modifies Internet Explorer settings
Suspicious behavior: EnumeratesProcesses
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-10-20 18:20
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-10-20 18:20
Reported
2024-10-20 18:22
Platform
win7-20241010-en
Max time kernel
119s
Max time network
126s
Command Line
Signatures
Drops startup file
| Description | Indicator | Process | Target |
| File created | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Wallpapers Every Day.lnk | C:\Users\Admin\AppData\Roaming\WallpapersEveryDay\WE.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\WallpapersEveryDay\WE.exe | N/A |
Loads dropped DLL
Checks installed software on the system
Sets desktop wallpaper using registry
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\Pictures\\Wallpaper.bmp" | C:\Users\Admin\AppData\Local\Temp\9017b0323e89da60572ff1297494cae4fd5d386512b1abed64c0e0d6dde56b5aN.exe | N/A |
Enumerates physical storage devices
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\9017b0323e89da60572ff1297494cae4fd5d386512b1abed64c0e0d6dde56b5aN.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Roaming\WallpapersEveryDay\WE.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Modifies Control Panel
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Control Panel\Desktop\WallpaperStyle = "2" | C:\Users\Admin\AppData\Local\Temp\9017b0323e89da60572ff1297494cae4fd5d386512b1abed64c0e0d6dde56b5aN.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Control Panel\Desktop\TileWallpaper = "0" | C:\Users\Admin\AppData\Local\Temp\9017b0323e89da60572ff1297494cae4fd5d386512b1abed64c0e0d6dde56b5aN.exe | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "151" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "119" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\DOMStorage\wallpaperseveryday.com\Total = "119" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\DOMStorage\wallpaperseveryday.com\ = "151" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000004ecf3e4259aa05419b9c0951a15b13190000000002000000000010660000000100002000000049ca9e8931b62497a75c3c897b18936598d65308a7753dc6ae2418ae5a9483a9000000000e80000000020000200000002ac85cca9314b1ac3418ef122b38ac44e03c298d5822c96afd4dd04a31112fcd20000000a169034cabb47149c37a31cc07595e74077a028be483e5f7492de6b9de79075f400000003877098d67ceeab9613a3d71cd72260ac1c0cc2c0c732660ffa6b777007d018b98b833448bb43a658796ce69fa28641ae02f56e5e2309df41b5fbe001a26e4cd | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "105" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\DOMStorage\wallpaperseveryday.com\ = "979" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\DOMStorage\wallpaperseveryday.com | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "9" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\DOMStorage\wallpaperseveryday.com\Total = "41" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "1068" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000004ecf3e4259aa05419b9c0951a15b13190000000002000000000010660000000100002000000040a58a83372074ced7131d9184230b8e5a1fa401f49d89ea4f76817e2d325ad8000000000e8000000002000020000000c286a6137eee07caf9621c529302dc0437b3c071cc1f4560517d72f66611ab7190000000de4457cba5472e583a6857c85cc2e9dcf813d67bec461ba4cdeeadbea785e717097476efc3b7a821803f777162894667cfb292738e33706003bf4262b1db9523a0eb9aac228c69328afa0f28ea82cc591befeeeabeb1c3393f075b8730d84b382f5f8424f172854e87e5ae117cc62fdcd4fd696397b2d64b3f1c24615a89ba64b9f572421488278266768f8e350cf20140000000b442cd7d149bb16384a92a6a70832f6725c44e4c8b461f87e9cd058d98c58d44bfda48baae1e12d761ac00d35eeadcbcfa28011538a8fcf1a98954c6947ab46e | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000000000001000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\DOMStorage | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "12" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\DOMStorage\wallpaperseveryday.com\ = "12" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\DOMStorage\wallpaperseveryday.com\ = "62" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = b0a779df1c23db01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\DOMStorage\wallpaperseveryday.com\Total = "62" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\DOMStorage\wallpaperseveryday.com\ = "119" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{037D9811-8F10-11EF-A5FC-C670A0C1054F} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\DOMStorage\wallpaperseveryday.com\Total = "979" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "62" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\DOMStorage\wallpaperseveryday.com\ = "1068" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\DOMStorage\wallpaperseveryday.com\Total = "1068" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "0" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\DOMStorage\wallpaperseveryday.com\NumberOfSubdomains = "1" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\DOMStorage\wallpaperseveryday.com\Total = "9" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\DOMStorage\wallpaperseveryday.com\ = "41" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\DOMStorage\wallpaperseveryday.com\ = "105" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\DOMStorage\wallpaperseveryday.com\Total = "151" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\DOMStorage\wallpaperseveryday.com\ = "0" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\DOMStorage\wallpaperseveryday.com\Total = "0" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\DOMStorage\wallpaperseveryday.com\Total = "105" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "435610311" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "41" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\DOMStorage\wallpaperseveryday.com\ = "9" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "90" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\DOMStorage\wallpaperseveryday.com\ = "90" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\9017b0323e89da60572ff1297494cae4fd5d386512b1abed64c0e0d6dde56b5aN.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\WallpapersEveryDay\WE.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SendNotifyMessage
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\WallpapersEveryDay\WE.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\9017b0323e89da60572ff1297494cae4fd5d386512b1abed64c0e0d6dde56b5aN.exe
"C:\Users\Admin\AppData\Local\Temp\9017b0323e89da60572ff1297494cae4fd5d386512b1abed64c0e0d6dde56b5aN.exe"
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" http://wallpaperseveryday.com/ThankYou?v=2.0.2&key=c2cb35504b9cf539262fbbd793f34b27
C:\Users\Admin\AppData\Roaming\WallpapersEveryDay\WE.exe
C:\Users\Admin\AppData\Roaming\WallpapersEveryDay\WE.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3024 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | WallpapersEveryDay.com | udp |
| CA | 192.99.62.48:80 | WallpapersEveryDay.com | tcp |
| US | 8.8.8.8:53 | wallpaperseveryday.com | udp |
| CA | 192.99.62.48:80 | wallpaperseveryday.com | tcp |
| CA | 192.99.62.48:80 | wallpaperseveryday.com | tcp |
| CA | 192.99.62.48:443 | wallpaperseveryday.com | tcp |
| US | 8.8.8.8:53 | r10.o.lencr.org | udp |
| GB | 2.23.210.82:80 | r10.o.lencr.org | tcp |
| CA | 192.99.62.48:443 | wallpaperseveryday.com | tcp |
| CA | 192.99.62.48:443 | wallpaperseveryday.com | tcp |
| CA | 192.99.62.48:443 | wallpaperseveryday.com | tcp |
| CA | 192.99.62.48:443 | wallpaperseveryday.com | tcp |
| US | 8.8.8.8:53 | s7.addthis.com | udp |
| CA | 192.99.62.48:443 | wallpaperseveryday.com | tcp |
| GB | 23.44.66.45:443 | s7.addthis.com | tcp |
| GB | 23.44.66.45:443 | s7.addthis.com | tcp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| GB | 142.250.178.3:80 | c.pki.goog | tcp |
| GB | 142.250.178.3:80 | c.pki.goog | tcp |
| US | 8.8.8.8:53 | o.pki.goog | udp |
| US | 8.8.8.8:53 | o.pki.goog | udp |
| GB | 142.250.178.3:80 | o.pki.goog | tcp |
| GB | 142.250.178.3:80 | o.pki.goog | tcp |
| GB | 142.250.178.3:80 | o.pki.goog | tcp |
| US | 8.8.8.8:53 | bat.bing.com | udp |
| US | 8.8.8.8:53 | connect.facebook.net | udp |
| US | 8.8.8.8:53 | mc.yandex.ru | udp |
| GB | 163.70.151.21:443 | connect.facebook.net | tcp |
| GB | 163.70.151.21:443 | connect.facebook.net | tcp |
| RU | 87.250.251.119:443 | mc.yandex.ru | tcp |
| RU | 87.250.251.119:443 | mc.yandex.ru | tcp |
| US | 8.8.8.8:53 | t1.softonicads.com | udp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| GB | 142.250.200.34:443 | googleads.g.doubleclick.net | tcp |
| GB | 142.250.200.34:443 | googleads.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.200.36:443 | www.google.com | tcp |
| GB | 142.250.200.36:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | www.google.co.uk | udp |
| GB | 172.217.16.227:443 | www.google.co.uk | tcp |
| GB | 172.217.16.227:443 | www.google.co.uk | tcp |
| US | 150.171.28.10:443 | bat.bing.com | tcp |
| US | 150.171.28.10:443 | bat.bing.com | tcp |
| US | 8.8.8.8:53 | mc.yandex.com | udp |
| RU | 77.88.21.119:443 | mc.yandex.com | tcp |
| RU | 77.88.21.119:443 | mc.yandex.com | tcp |
| US | 150.171.28.10:443 | bat.bing.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
memory/2344-0-0x00000000003C0000-0x00000000003C1000-memory.dmp
\Users\Admin\AppData\Roaming\WallpapersEveryDay\uninstall.exe
| MD5 | 821787959ddc1f39fbfce591b39ad432 |
| SHA1 | fb06254891629fed38977644a7015b69f696ddf1 |
| SHA256 | 41a5cde10a7f4888e457ed582dcc8a35ac2158bb714a3d24ebbd5fe08d5b196f |
| SHA512 | 680818f38c6a431b01d0601db7c5fa5ee71884ff5b7f665c22b20c19a8594a23f7a05879b6249c7653648912946875c0de87154cab5ca40318a68cd388f75962 |
C:\Users\Admin\AppData\Roaming\WallpapersEveryDay\WE.exe
| MD5 | 1d3a57cbf9c81e9862e847faa0351192 |
| SHA1 | 6a1a5b4b9d0acb13d733053269eaca8e7b7a6ba9 |
| SHA256 | 1565cb1da2f45dacf7107d062ac3184f34429898b81ba95884b7f90bdb81085c |
| SHA512 | 65652f01d1087b69d7286ae7c73bc7c965c145cb3adbbbe8a43ef61b6eba5ab30d003b89ccde18bfc2d81586f46a3b5b64a6a8b3c566ec071f082dc01deb36a2 |
memory/2344-22-0x00000000003C0000-0x00000000003C1000-memory.dmp
memory/2344-21-0x0000000000400000-0x0000000000757000-memory.dmp
memory/2344-25-0x0000000000400000-0x0000000000757000-memory.dmp
memory/2344-31-0x0000000000400000-0x0000000000757000-memory.dmp
memory/2720-32-0x0000000000220000-0x0000000000221000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DUME8XYE\f[1].txt
| MD5 | b54aec6a313fb192fd48aba4e7dcb8b5 |
| SHA1 | e62c25ab3bdc8cb970d09a0e5c2fd453bd1c25b6 |
| SHA256 | 2bbfd2f7f254ec3306f2be0a16ea51d12446ca04cd88354808ab950d6ab6b1a2 |
| SHA512 | d0aac0cd2a08a3df8109961031337db3525fce402d7c640c070030fbede4f8d217a203f7c92fa219d0ac01ef504983676009b76088c735eda74d9afe0b22da31 |
C:\Users\Admin\AppData\Local\Temp\Cab6EAD.tmp
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\Tar6F7A.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a8e39893674c7c2d97c2fa964b79d9fa |
| SHA1 | cd21068cfe10982ffc3bf17758c9bb3541ca4330 |
| SHA256 | 00267c5858510686f8e81f85957270fa7aa2a092bf3d7e33f9d5dcd715587b28 |
| SHA512 | 297a59f70d78b4544db61e959456f2df93a95dea5cec08c23e94db52b77cfa0efeb9761686a02b6ce7919d3e86dcfb11a9cd7c06c11227fcbe8cce05846f6315 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 93f2403a15d77de74d6ecb21ff07eb06 |
| SHA1 | bb7d63a1d4e6455cde7b87a710787af349c62305 |
| SHA256 | 2b8a68b21aee1e152a810e2ee66d62d36e3e6b9eacf426da7d9be55b42c8af1c |
| SHA512 | 34402c76bdba02a348badf3e5540e1198091395fd50498fed048eb37abf5790efa52890cb631c02393f7599ae33d3cd3c3f5323eb3b1bd3fedce0273e9117d6d |
memory/2720-321-0x0000000000220000-0x0000000000221000-memory.dmp
memory/2720-302-0x0000000000400000-0x000000000054B000-memory.dmp
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4c0ae14133666bb0918042475b2651aa |
| SHA1 | 7f52ee1e47f313e9582324351b05ae5d27a6a32a |
| SHA256 | 5c66dcedf49de0d9340df1b1162758fceb42dcc807620bb36f0aa7bdd07b3c3d |
| SHA512 | d4ab154137ba464c6a59d5618e47eeb666e5858842ee41a4014c74fd28ce97a128e0a2da098c1041f5e525f24c658bca7562ddc7c017d30a3c63c63419d46ad7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9d92226649a7d5098eefa4f75e392f93 |
| SHA1 | d1ed63d10fb843ebca2705b2299442ab67936993 |
| SHA256 | 7b73357ba08983fab1c153ee71b4f603839896f6a0fa0ef0487f29de357033fe |
| SHA512 | 92a67c066448f825dd1955fdd99b074ae3461dcf06464f37d7357b8178d6d1fa4a67af9e31a9ac4c6a93c1056b5ea51e916a2fa9094e8fdf029bdd93f9347b3a |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\V84MBGA0\wallpaperseveryday[1].xml
| MD5 | b8d010a0886796d494316857d3066c09 |
| SHA1 | 0c2b4079014e69b39145026b06d590fcfe564480 |
| SHA256 | 4d8e0decf77718ad4483cf91cdf8abc30057951ea35a6a5dff7790878c348349 |
| SHA512 | f5eea0e648ea1556cdca94fd4e6069ad6957a5372de5a6d9433cfaa21bf3beef099e81bc6d2aae8f301771e4e50a8db72cad918ef82f3dc7381255a1c01cca98 |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\V84MBGA0\wallpaperseveryday[1].xml
| MD5 | eed1879f7357c7ea49a438693961d54a |
| SHA1 | 09c4a684e9ce7782e1bee05390b51952a3ad3a6d |
| SHA256 | acc2bffadf1841d674917491c87ee0df08d463961d3071b68cf2cb1501eb0b52 |
| SHA512 | 09409c2a70a0c577bbeeb774185e947d9dfea56adf1019296ec4862112f67105e5de3ec8b3772be0c19fc12f08579708e9482cc250cc2c04ff43a86354a55958 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | cb60b158be5540777682a0d16734ac09 |
| SHA1 | afb8a5296231e9a58e3abb017d246af7f48b3e76 |
| SHA256 | 4ccf8143ad993171b0cc188201a5318d6dbddf548f239e0ca8eddcbfe0899394 |
| SHA512 | 9c5b2ee2669ff3db187fe9ae13ec86372e346d36e258115dab40f6cf2b5f5b306fd2106e23b54152c1c066a27823e27e81eb3a57b049732910b8cc6b5f5b8af8 |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\V84MBGA0\wallpaperseveryday[1].xml
| MD5 | e0728c0a8e0cdc1023e7972aede1cfb8 |
| SHA1 | 14f9b1f6d60cbf3c2aef095bd46fe431d39536e4 |
| SHA256 | e4009128e4c649b5b8d3d06c576be3b0897f42875a97d7387e2fd2253ce70154 |
| SHA512 | faa518ea92981a15fbd3f096032ea55f3364aed1b4ac2aff01a61b9d3705a7f933cd1d22117a3f7d16c8d74a58e6799d6db3b124635229300aef2e44bcfbf7b1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | db9cde25623fdbcb4d26debde10572bf |
| SHA1 | 2cfe9fff30373103bd0844b844a33ac990f0f04f |
| SHA256 | af775faabf38e7c4ffdead76c8681995c87b32d0675f992dd09e57e10f07330d |
| SHA512 | c4ab17281a298bcea679e9fa2499288ca21c99a2dd254812e6fe8587dccfef534540c17ed3e487d9d1d78dcc970a64f498944a150e9ead8ec6a3c5b8dc3975e1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ce8b496a98c4348834f852061fddd821 |
| SHA1 | a8b50f6d048e0edca614e094d2164f174f33e195 |
| SHA256 | 640172ea10e494f90dea41c8c0cbb78df2bf58aa99a064d05a375e39f7dac7e3 |
| SHA512 | 786ca80f1e2204b06b0ef3995eb4415d95a2db8eb29bec221c05488814aed58204bc22f74cfdc7a1b52bb200b4b1f1256244135d85dd3fe3afb172a945c55aac |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 659fc986360d826b8a119534c7187f0f |
| SHA1 | ed542bc7af1e17bb814a3b4e02ec4963f6f055a7 |
| SHA256 | eecb57bb376162447b5d1501599cdf8047965e44e01445d966426a4898cf141d |
| SHA512 | 1f5565a499469415b336cdba33fa6b52a1d201d0fd9cdcf778d389dfa0b4b4f91077dc5086e1c89eba0b40ad5d27e217c331f44d44568286cdd6b4e9dac30280 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ae4c27a290a4dfbad4092b1fc1d79d5a |
| SHA1 | eb1d45e6dc2f3b7f1eb3f31782314b73d021c145 |
| SHA256 | f53db4ff63caba3539db07dce396ab6666139917c4b7b545d4de8a3038947d6e |
| SHA512 | 2c75e5872afd05dc91f04d21461e58f5ee42ca5fd68f722fad53205d2d55d09b13ee3af17dff4f8bb8724e82cc2c50ce63f1de41ebf0ecabb09e3d2dbcafbea1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7f663940d22ce52f9625ece74c2532f9 |
| SHA1 | ea3cf46ca15891b893fcb7792e91ab882ff731f4 |
| SHA256 | e271123df76d144838e65103c3b39197f197943aa5d43a03f39988c97013a561 |
| SHA512 | f183ea13764a59cf4815b05a88799d44e8b7eb22af619136d210ddcef79d275ace212169937c78868b8395ab3c78f0ea86c38a0f6aeb51d4b9b45d6da606e12d |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\V84MBGA0\wallpaperseveryday[1].xml
| MD5 | 1bc1c43ab3380c474c4ca9e174ce5b15 |
| SHA1 | c09b1a0b4e23a2a8427b2b41be733965cdf6cc9a |
| SHA256 | ad1d82978ced462cec5a7e6a920332800ff64ec6335db4e5c1865348c035f3b2 |
| SHA512 | 68c0bb8a603762d7e8fa22bf9bcfaf6678652ff41704f7f61f337dfcde8125e79e696b6202000b67cd927d361bddfc22959ac688bd6b227e6bfb3935258416f5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1ec614d298b103fc79d4a3ba3813e907 |
| SHA1 | b309376713c31eb3de9245057aaed1aef7ee5b26 |
| SHA256 | 21067d1d3fce54fe6f3d0e6a97d909c8d514767db62e6040f90a8744ab289fbf |
| SHA512 | abda1eba1569f8e817545bab35c51b778059faadd3ab1712cd19689790d8516d7a29c1024153b2d69c623d486734f46ffbf7b2636bfcec9164d607aadb6fbf2b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | fb1b6e85b64a4cae3b5f1712760162cb |
| SHA1 | 4ced57b1af05cb62e5d60ef8b82865aa81045955 |
| SHA256 | eecdc370ff0e3411c867f3ae5a859ead5d0748d8c48eda00e7bea6489d1817df |
| SHA512 | ea50b46ebeb2daf7c4234c3eaed84e2b67059c7ac6982f0cbd39f2e7f4e7ed559190937ae9060d1d6f7de98cd870cf375aec0303bc90560b4cffcb38508072e8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2f29622094c86305db13e7e50c2932c1 |
| SHA1 | bc7ccb3aad2f35f95c5cba3fc5ebab069e5a8c15 |
| SHA256 | 1dd01cba452b5af7c3ce0d3b78d6392b1dd0b3c717aea332a29dd6dd9ae4065e |
| SHA512 | 0d0e4417d657c78620561b89b4f549103f7604f24f41389f1ead21992178c2156cfe2505c3ed89dfb66c9cea206013d0021697bbd05ea335fed6d82d9e1ede84 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2bd74db254e91c2c69a26aa2332eef67 |
| SHA1 | 7953d0770a230a4cfd663de6723598b39213b1c6 |
| SHA256 | 0c75424ad1c3286b52bd061567b43d7eceeafa10fc67920b2dba9d82ec1b7b77 |
| SHA512 | 83fd161a7d9d50dcd18fafb9a5292febdf7c63579dd4ed91d514f9f0c0e8997c1f95e593bd5c09867d23c483ebbf3a69b08c2cfcec60d8f2c760e776d75d6b84 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DUME8XYE\favicon[1].ico
| MD5 | f4a01b76c88f3cd921ccaddb1f120acc |
| SHA1 | e8cac4efa390845ee57cd62bf23ae110f6e60f8c |
| SHA256 | db694ac8625d8621782ddbf58a97d957d39b6b1bae403f9176b6afc18602c7ec |
| SHA512 | 77dea0d1d5482ffb03207eaf05f392174b09bdc21bf99a1fa258d21c6a93d2c24d313ec94ec9ed11186208c2bd5f8230775d7447809269b898d15030e6437a8a |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\melo7gx\imagestore.dat
| MD5 | 79570d0137a8d1bc7b2d8efd4304ed99 |
| SHA1 | 8e2f58e17b66da0febc98e33cf71e3b9ae5a5269 |
| SHA256 | 3ae3b54bc05724c385eaf841a96ea4ccca52e15c9d7715dcd5b964a81b60514e |
| SHA512 | 176c492e1c82f54d9d025de8264cf0f3e74e8b066a16673c1943c15c895c35c1ab762560863fad712152353ad5530dbc720c067e6b4544c1845330417bdc8027 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6ab923bddda6ce6cc85b89d35c8629c4 |
| SHA1 | 5ad448e9420105f767bb21884f3a5f1f28379b67 |
| SHA256 | 5f7aa6a4880ff9a4681ea6e71fe2638d19ae5fe0386bf0dbe6e7777b3c284d27 |
| SHA512 | cc5eb2455321c60c2d8b04b3f4ce182ad4609a7c64e482ddc935f91a50ff3f04aa59d1a11e3d40d33ab30596e2c3d18913768d012ca9e0f0baf634e9ea55ebe6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b2725099566ec02d2e9ade9336b74f43 |
| SHA1 | 2b80cba5a8b03415abc9f182cd7b4e005edcdcbf |
| SHA256 | cc82c672902b6397c04b03b1dbfbf27a2de073e4dd69284879863bfc2fc7ce33 |
| SHA512 | 87ca8a8ec57b7398448cbe33c5ccce900679e1c43d8939b12e8562e3729c659793b1ae0b5879e30f5bbf17fbe871d2a55be7db9820579575c530b75db59c9593 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 49054cd8d42e67491942532523ca3b06 |
| SHA1 | 263948acb76027636bd4f60ad9d9b15a669c482d |
| SHA256 | 630bf38048b4defda5d6461d75443a3e7281dfb55c3ed864419c25f9a7dac55b |
| SHA512 | 8a5c244aea23b1ff7029b5c26cf653790af2bcd2d1e0d90f30ab63091c24f165d82abaa570f0c66ea44ac37cfa493f363ec4dec1efe7dbf9fcdd9d2404ae44a0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e3e8bd2345d64a7c49efb03f8668f70e |
| SHA1 | 1c68953e81ce58225ed7dce553aa9650b411651d |
| SHA256 | 6e0b22255bd24b725ec5dc2bfa2bd18bb9acc6c9ab88016d43c94ce89c809ec5 |
| SHA512 | 5409b6b153ea7a951538b4b932de2673a6570f1fc6dc53de1b89cdba7e7006568d568496003d1f7959854c31207eeb2cb67644c526a2a4dfcc2c229a05a5c95c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a00d7c3f75f7c2f6e39cae0bfd415e20 |
| SHA1 | d37eae073682ddc690c40972a1b4c373842a1930 |
| SHA256 | 843265028e22977964fe758cb57e172dc337069eb5bc835a677ce34f7e36540c |
| SHA512 | d62b61a442bcf5922a916d201bc27f59db928ae1fe31e9cd2acff42ad5e96b2fca8642fb97bb4342acfbf67e83810a0a58f49a04209e3863138e9f781cdfb652 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 640879762a9c8f35d8c28a19de332d2b |
| SHA1 | e0ebf6fbf82bfeab85d769b855478c448a02b8de |
| SHA256 | 34e5fe52ffd112ab019d7a1d87cd635d946716cb17bc79cefa7baecfa1680882 |
| SHA512 | 24687afff3aa8b814450181f26364d42be3ce16eccf020febdd724e54aab8a94427645385519a75c5efd6fadeea1feae5a6917683e6a541b52ee529869493415 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 05baf298b4e3d15b66431422d0b205a0 |
| SHA1 | 5d78dc1d29d667611d846cc3ba3cbec826258486 |
| SHA256 | b591c413e0a9a2da37123a8c42ca6aa451593d15ecc4178e93f3807ca9614626 |
| SHA512 | fcae399628a1ec3fb8b670b2b0378857fcbc1afb158863c99b871c4b262a7f12d7c62861b2cfb378a2a30fcddfcb1f1a99a81edc92b8b5fadeda5c88e1a2a6d5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7268e61cbc79d03d6b70b98c4d374d01 |
| SHA1 | 232b205b551e72509d1c2bdaa9a6910942d8ddc3 |
| SHA256 | d4f29bf0f47394fb26fbbb3662b6ad9e76bf42286239ff52235d454e28d9fc7f |
| SHA512 | 07ecd6f146b611cba01f6025937e15ce190ef6d3327b2b73f97c0e8c512586e9cba6a2803b51a2f0654185e9c2cc090f5acb465c01ec739f554dddf5daf7929b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f68195dcc0c5b03a7bc94f9ed52043b5 |
| SHA1 | 3fe6f7cc320a1d3605666619e34444e7301d6fc0 |
| SHA256 | d9a08756c5ea1312259c17a950b0f50adcdb871dfcd80057503322c1fa610213 |
| SHA512 | 77dc3791b25be0286b77e4136e0a4675e3c48522ffc6b32a09a9fcdf3aeb0d68e6347ec16d29b433fa1f6466884d8e3d460f609a57ad1b1f30c5bef101667772 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3d125a3b1a5976dd1b37d362fd8f0b16 |
| SHA1 | 2d292bf05d69cafd5d5974364a7d57b445729a9a |
| SHA256 | f4a2b0dd8a772f7f1eefe98b938c9eee4f178bb7a6c1317f9c06c5ef979e5993 |
| SHA512 | 8aa99270b11fff5fc84df06f5438d82e5a4e89f23a2ac289b9a446ee1f6b1c39b662524d34c50222c9c51768773dd002f725e19a651de40909129cb837538d5f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8ff36d5e749bd0ea18f08d07d557a3f3 |
| SHA1 | 5824b697d068f4f91944d678f5d3729fc5f92bfb |
| SHA256 | 6d1dd1e3ef9abc736e44cf12dce9cde4d36442f702430d623631cedeba94a51e |
| SHA512 | b013325c94fe6a4ccbb3a15ec4c9f97fff8db1009850072a8f9a6fb0d27a4585fbbd8bc11ad88760642480a6cea530e8d7322ac1217ae4ae2316ac6f5750401f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 979a3e41a3c94374cbe002abd54c4ad2 |
| SHA1 | 636c79b2469b9aab569088a324d0d0ed1242c532 |
| SHA256 | c9eb887d35a174af8f389d1cf9be55965ab4cf258d3547173389219e7767d49c |
| SHA512 | 3a0eadc131dbb2709fb96d9c3e2e402a2cc50dc1cb1cec86c5909fd3d70f29736a8e69e1a9bef0012978a410aaad1b36e343bc7ac749a90f9c70b44739f01a5e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 15f5b22b5f2549e39b0ac9f9a34559b8 |
| SHA1 | d4105827fc1f141aec5895169ba73c65e916f0a0 |
| SHA256 | e88a83caa44f3514d92e336a93321537e58e496f962d888f124c551dc76efbc8 |
| SHA512 | 2c2008ebd9423d0d469e4b7b736254a6c8535dbd37eb5f980e36de09074229fbe1f1585c6b1332a738f05e4a437f0314eb147f99f9e2a205d441e692813e7cf3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | aa1a671f938db37bf418d272d3b57c38 |
| SHA1 | b17716915c1c0f6ba82756a2b326cc5bade8e2aa |
| SHA256 | c48758038d3c6e7a01545bbb1f18d865bb3b798244fe4598f37474d434ece9f2 |
| SHA512 | 7512d0cddc2776eaf7abf7c6d2d561190720566be762f4123f7014dd4b0bb1051894ae877c649048d4af559e02e6a837797abb0b00bbeb73ef3c8762d62b69da |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\V84MBGA0\wallpaperseveryday[1].xml
| MD5 | 035bf52ebd36fdfd95b8a0643aa45c3b |
| SHA1 | 402fe1440e849a019eb6d8729dc64c9db8010696 |
| SHA256 | d59ac707febdc67169db3eed4d011539e06119ddf8ce257feab3a4f010deac0b |
| SHA512 | 4fa1e31df9ebc209f16b4cb25a82c6a9e259a06c4e8d672607ff2440f33fff034637dd673c5cfd787e26f30c5f04530c40fe224bc504645297b4499f24cff93e |
memory/2720-1243-0x0000000000400000-0x000000000054B000-memory.dmp
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9a515eaf8f02715ce84b515a2b65a0ef |
| SHA1 | c61dcc65bea0041dac3d1fc439a1d1e0c4a9639f |
| SHA256 | f8d0db572f31295c6c70c88d836e2f2d45507e8474f0b9ef8fa9a5e43a3b7554 |
| SHA512 | e33adbce5ee276ef3d3f2186c93f709f52debd215c7b40a3d04a34cfacede5acbd8eb5c6c60f09acb067fa2388d83089c28079483a62d9992a662476434f2e2d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | fa52bec3e58d6b6eb4a1526bba29544f |
| SHA1 | 9010256ddca0faa587a004602ab16f3cba5d8b00 |
| SHA256 | bf0ff273b4c4ec66096e44fe6d0aac8ba577aee9e2382600ad22409e0cea9750 |
| SHA512 | 8f74ab7dc056de8a447e79b95e76e66a76365be5d19832fc5c9a9b77da8450c09c622ae98d4bc01e1b1ba8fd4c99ac7f6d450de6200176fe323b5602ec5fb202 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e5631580e3f87dc6048ccecadc0af451 |
| SHA1 | be9a694e3985f4d2936a3cbeb982f828568cd6a9 |
| SHA256 | 7ee7120e014715e77d68ed06ee548b7f56fc082dbb84a590c2b31059ae807c8d |
| SHA512 | d66bc8ac02357ecadf964e0fccf010c02bb8e5d6ef8bbf1f18c915e4d246b3bf2d94e01b5b2bbeff99e310899a165d87841eae3c33ee6bb84975d8cfcf41d3fa |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | bc47b782741e0d92226ffab982ef473b |
| SHA1 | 4b756d4bf53bfbe47dd554a7869c01adc8d866d7 |
| SHA256 | f1c7ada1c5cff596860776193300c4081fc70c5834765483a135b26c147bbca8 |
| SHA512 | 7a5e22a1e94cd2cc14d6c3e3e7fc99644ccdb4287c409b34cb3c492a1bdb0de2fca9edaab76b2f57e1f795ea50c122a741cddbdcd6d483d8c2fa0ec0a00af7a8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ddcdc8d389252780acf9aada7b4592fb |
| SHA1 | 1aa2e7190568190dc12cc6373b3656b49ca09f38 |
| SHA256 | 25ab41c5084747cb4aee5184cc6234c8608370d032a7abc69486291e36d1be3f |
| SHA512 | 21479e105520c9dec9a7f13e448a58850b8d183da325c0000f5fa4f05bf67941c05f8699a5f15f929d1d67ee10dccfea93dcdf592ac311f161d4589a20321083 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ba21cd592676880de09397c68c4071c2 |
| SHA1 | 5629515179bc099cd2b8aab849055564674fd304 |
| SHA256 | 69c722a3388ea6025e9b82b899fb214e68bd5e83d9ecd0cd8578df447f3d8acf |
| SHA512 | 0d230377ee3604b1dc697f4f97215aed399b3b5f31ac6ab7528678d9917bfe72eb78eae8cec9a356adb8c899f72a573fcc8e9458b8d068076952bc3af036f432 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b1f492b48fb985a1376d61a161d49583 |
| SHA1 | 33314a46dc55eb5d16403947161c21a10887164c |
| SHA256 | 7ebfcdac112cd324594b68c6cabaacf25c6c324decf944f902a2d5e63626054a |
| SHA512 | 21e1097382dfa8fc943fbd85dd0df3c38d2a12218eb6900eb899a63613b619548f464b498bc10cb50b5b3b5f9e727e502e13f1b17d89919a8882b9b7d1f90c0d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 115f243eefc15a9eff20d11c6c23d92d |
| SHA1 | 2b600ea647fe867dae02ce661357e78599652580 |
| SHA256 | 397997b82d812d2b851e343b281512047d27b36c3f018d7125f76a035e9cb755 |
| SHA512 | 4ac79028493c6e39ddea859fdf826faee508c9391912e1b42727ea49464aaba810f3a1763bc136297a66ced01bf155bcd51d7b5978133701571557a272e14b85 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ed70d79893403c112e71ff4e555200b7 |
| SHA1 | 2ea8eebcfeff0a869269b3a4016999798344bca8 |
| SHA256 | 344d51785f00ad16fb01f3bba1f1790b96ae0354d3876dd78ba905160aeec001 |
| SHA512 | 21f90fc0b68716eac8f9b600666991e9b00336949a2d174ebbfd05353c024ea89ff7774f4bf8f6b6ed34fc5bb998c3f00445c478657c6e8369aac41091fc0140 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 59087db7d1817c3b2baec46d4aac4eef |
| SHA1 | b6b6417136eb68b1457ef67dc951df207857ed31 |
| SHA256 | b680d90c9fa9728ddbab7920a63913746d519ae0bcf618022b1f4019faca5faa |
| SHA512 | 806f1e3fc2b21be73dca97962d3342ba50635322f51a53ebe94fae14e600b60f6c0f8c3f14a43450750bea6061cd2b35d4226f44c76f600788d563484c1bdc6d |
Analysis: behavioral2
Detonation Overview
Submitted
2024-10-20 18:20
Reported
2024-10-20 18:22
Platform
win10v2004-20241007-en
Max time kernel
114s
Max time network
114s
Command Line
Signatures
Drops startup file
| Description | Indicator | Process | Target |
| File created | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Wallpapers Every Day.lnk | C:\Users\Admin\AppData\Roaming\WallpapersEveryDay\WE.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\WallpapersEveryDay\WE.exe | N/A |
Checks installed software on the system
Sets desktop wallpaper using registry
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\Pictures\\Wallpaper.bmp" | C:\Users\Admin\AppData\Local\Temp\9017b0323e89da60572ff1297494cae4fd5d386512b1abed64c0e0d6dde56b5aN.exe | N/A |
Browser Information Discovery
Enumerates physical storage devices
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\9017b0323e89da60572ff1297494cae4fd5d386512b1abed64c0e0d6dde56b5aN.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Roaming\WallpapersEveryDay\WE.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Modifies Control Panel
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000\Control Panel\Desktop\WallpaperStyle = "2" | C:\Users\Admin\AppData\Local\Temp\9017b0323e89da60572ff1297494cae4fd5d386512b1abed64c0e0d6dde56b5aN.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000\Control Panel\Desktop\TileWallpaper = "0" | C:\Users\Admin\AppData\Local\Temp\9017b0323e89da60572ff1297494cae4fd5d386512b1abed64c0e0d6dde56b5aN.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\9017b0323e89da60572ff1297494cae4fd5d386512b1abed64c0e0d6dde56b5aN.exe
"C:\Users\Admin\AppData\Local\Temp\9017b0323e89da60572ff1297494cae4fd5d386512b1abed64c0e0d6dde56b5aN.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://wallpaperseveryday.com/ThankYou?v=2.0.2&key=3fa9c064cfcd88a34c84a01971f632a4
C:\Users\Admin\AppData\Roaming\WallpapersEveryDay\WE.exe
C:\Users\Admin\AppData\Roaming\WallpapersEveryDay\WE.exe
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x100,0xd8,0x104,0xfc,0x108,0x7ffdbe5546f8,0x7ffdbe554708,0x7ffdbe554718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2116,8058835614416483853,16846419160800205005,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2160 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2116,8058835614416483853,16846419160800205005,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2216 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2116,8058835614416483853,16846419160800205005,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2784 /prefetch:8
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,8058835614416483853,16846419160800205005,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,8058835614416483853,16846419160800205005,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,8058835614416483853,16846419160800205005,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4036 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,8058835614416483853,16846419160800205005,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5208 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2116,8058835614416483853,16846419160800205005,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5588 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2116,8058835614416483853,16846419160800205005,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5588 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,8058835614416483853,16846419160800205005,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5116 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,8058835614416483853,16846419160800205005,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3928 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,8058835614416483853,16846419160800205005,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4700 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,8058835614416483853,16846419160800205005,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5656 /prefetch:1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 150.171.28.10:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | 228.249.119.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 74.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 83.210.23.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.35.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | WallpapersEveryDay.com | udp |
| CA | 192.99.62.48:80 | WallpapersEveryDay.com | tcp |
| US | 8.8.8.8:53 | 48.62.99.192.in-addr.arpa | udp |
| CA | 192.99.62.48:80 | WallpapersEveryDay.com | tcp |
| CA | 192.99.62.48:80 | WallpapersEveryDay.com | tcp |
| CA | 192.99.62.48:443 | WallpapersEveryDay.com | tcp |
| CA | 192.99.62.48:443 | WallpapersEveryDay.com | tcp |
| CA | 192.99.62.48:443 | WallpapersEveryDay.com | tcp |
| CA | 192.99.62.48:443 | WallpapersEveryDay.com | tcp |
| CA | 192.99.62.48:443 | WallpapersEveryDay.com | tcp |
| CA | 192.99.62.48:443 | WallpapersEveryDay.com | tcp |
| US | 8.8.8.8:53 | s7.addthis.com | udp |
| GB | 23.44.66.45:443 | s7.addthis.com | tcp |
| US | 8.8.8.8:53 | 58.55.71.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | 45.66.44.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 66.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | bat.bing.com | udp |
| US | 8.8.8.8:53 | mc.yandex.ru | udp |
| US | 8.8.8.8:53 | connect.facebook.net | udp |
| US | 150.171.28.10:443 | bat.bing.com | tcp |
| RU | 87.250.250.119:443 | mc.yandex.ru | tcp |
| GB | 163.70.151.21:443 | connect.facebook.net | tcp |
| US | 8.8.8.8:53 | t1.softonicads.com | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | fundingchoicesmessages.google.com | udp |
| GB | 172.217.169.78:443 | fundingchoicesmessages.google.com | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.200.36:443 | www.google.com | tcp |
| GB | 142.250.200.36:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | www.google.co.uk | udp |
| GB | 172.217.16.227:443 | www.google.co.uk | tcp |
| GB | 172.217.16.227:443 | www.google.co.uk | tcp |
| GB | 172.217.169.78:443 | fundingchoicesmessages.google.com | udp |
| US | 8.8.8.8:53 | mc.yandex.com | udp |
| US | 8.8.8.8:53 | lh3.googleusercontent.com | udp |
| GB | 142.250.180.1:443 | lh3.googleusercontent.com | tcp |
| US | 8.8.8.8:53 | 21.151.70.163.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 119.250.250.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 78.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 36.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 227.16.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.180.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| GB | 163.70.151.35:443 | www.facebook.com | tcp |
| US | 8.8.8.8:53 | static.xx.fbcdn.net | udp |
| US | 8.8.8.8:53 | scontent.xx.fbcdn.net | udp |
| US | 8.8.8.8:53 | 35.151.70.163.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 53.210.109.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.42.69.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 68.209.201.84.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.210.23.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 57.169.31.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
Files
memory/3684-0-0x0000000002530000-0x0000000002531000-memory.dmp
C:\Users\Admin\AppData\Roaming\WallpapersEveryDay\WE.exe
| MD5 | 1d3a57cbf9c81e9862e847faa0351192 |
| SHA1 | 6a1a5b4b9d0acb13d733053269eaca8e7b7a6ba9 |
| SHA256 | 1565cb1da2f45dacf7107d062ac3184f34429898b81ba95884b7f90bdb81085c |
| SHA512 | 65652f01d1087b69d7286ae7c73bc7c965c145cb3adbbbe8a43ef61b6eba5ab30d003b89ccde18bfc2d81586f46a3b5b64a6a8b3c566ec071f082dc01deb36a2 |
memory/3684-20-0x0000000002530000-0x0000000002531000-memory.dmp
memory/3684-19-0x0000000000400000-0x0000000000757000-memory.dmp
memory/3684-24-0x0000000000400000-0x0000000000757000-memory.dmp
memory/556-25-0x00000000020B0000-0x00000000020B1000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 36988ca14952e1848e81a959880ea217 |
| SHA1 | a0482ef725657760502c2d1a5abe0bb37aebaadb |
| SHA256 | d7e96088b37cec1bde202ae8ec2d2f3c3aafc368b6ebd91b3e2985846facf2e6 |
| SHA512 | d04b2f5afec92eb3d9f9cdc148a3eddd1b615e0dfb270566a7969576f50881d1f8572bccb8b9fd7993724bdfe36fc7633a33381d43e0b96c4e9bbd53fc010173 |
\??\pipe\LOCAL\crashpad_5004_BWVKQPOPUJADHWCK
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | fab8d8d865e33fe195732aa7dcb91c30 |
| SHA1 | 2637e832f38acc70af3e511f5eba80fbd7461f2c |
| SHA256 | 1b034ffe38e534e2b7a21be7c1f207ff84a1d5f3893207d0b4bb1a509b4185ea |
| SHA512 | 39a3d43ef7e28fea2cb247a5d09576a4904a43680db8c32139f22a03d80f6ede98708a2452f3f82232b868501340f79c0b3f810f597bcaf5267c3ccfb1704b43 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\File System\000\t\Paths\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
memory/556-129-0x00000000020B0000-0x00000000020B1000-memory.dmp
memory/556-128-0x0000000000400000-0x000000000054B000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 46306bb892f4cfdf0e0df1146acaf893 |
| SHA1 | e59177dc4f38d17d61054ab45a070e3632bf2303 |
| SHA256 | daf61a8eac1deebc17fec95c7704a8b75a37b947afd37dc9e132286625bd40d6 |
| SHA512 | 4304d9d15774512edca23b24161ba84fb9c16600ab1b47976703700e8345e2d1c475cc31ff7e40b133f24b4cf2884d48bba7e9cc5c52ffa49441fd6545685fb7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 3a36647eb795af60a16dc5688ccaaed9 |
| SHA1 | c748a80c9ce4d446464438d35287704e63f281f4 |
| SHA256 | 35e0d390b492fc58a47fdf81056e29f142528ff200c07005d6325085707c7b51 |
| SHA512 | 75b86588e14e05d8a573a305046bae8a7d3e1cfb8582134ee1cfc8e72a5e1ca3bda79a415b311eaccbd5cd82b4011a89f7ab496635befaf3668cc2ea97daec67 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | c479f1d8ef4a8b8efe5b59ced96ff2d5 |
| SHA1 | 73531302bbea9dfe28a46b67f40aff89e58129ee |
| SHA256 | be2248e48386d75dcfd002446a713bbbe1ca0688712c3ec35d67ea1460f73073 |
| SHA512 | afb3e7b40be3407a8e7754969cc957721374b19bf9cfd0682f16dbfe28a6f532ab9fc0b2111a0a69d4446027ffc140648e09505ff2f71b847628111703d1ab68 |
C:\Users\Admin\Desktop\Wallpapers Every Day.lnk
| MD5 | 901dbbd060c9d03fd2068ba512aa0287 |
| SHA1 | e19cd876793a594b0ab9e9babe8560a1e765783e |
| SHA256 | c1002bf77b907b8e382b019b4cb32cee7276d541d1626472285c2a05ce4b4401 |
| SHA512 | c22de2a738b01adca4e2ca926a6760b0e73d78d450f654797caa23556f97dddba06b960e3a965928dedd1814adf6a0a79efbdfdceebc059702491fa57d3102bd |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | fed8094d359744fb45d67560917ab5b2 |
| SHA1 | 988ac72693d95a925a3bbd0c92bc43d4f4bc7f6b |
| SHA256 | ca8cafec5b1776382831475e753972ac51284402255c6af5adc5cd3ed2bbf8f5 |
| SHA512 | 8c7adbe4a0cdfefba0dfdf4dad9f61147a67d074760105216a7470ed5654cd3232992a4c4bbb0661761fa8126d3f45e623698f5fd445a14ce0fe0dc0e2200b1c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | d2cecf3445263b08ef1f18d5d65fa7c9 |
| SHA1 | 44257de5b776068420e5afe907ab9c1b5b37c7ec |
| SHA256 | e905c6061bb7fe61dc34c9e86377d1a8fff3d9a091dc0dfc969f35e78aeaa539 |
| SHA512 | b9d61b3dc46253a96554eb4d97e16f5664cb75928d010eb43d164d2acd782f8ad4f689e1eb1c57cb77dc3a346cb30fd82b2aebb6fca88fa17124dd7862af0ecf |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe582e6e.TMP
| MD5 | aa0da6c2c02b8d75ffe6866817a5eaa1 |
| SHA1 | ca6de3dd358164e93e7b5650d2c3f59e90322beb |
| SHA256 | 7261f170adddfde3e25b1e885e76da4972e9c8e4fc93d75f3b4cadf10bc6e7d7 |
| SHA512 | d63a2c42e444e01cb8b4a09678a7508ba2e3b12665ef271d3e8f8d8264e241faca3b4e2b37800353b62e6bacccfa073def79cd0c1c45fa55028ea2152303bbf2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 332111bfd41817ecab12b4ba96fe2ee6 |
| SHA1 | 82c970ee8c6c3d62da092bb1605f409621a1a28d |
| SHA256 | 522df487ed60a8666e165ad052c66445d3dc928c3c1a986b656168da69dde56f |
| SHA512 | 2887c5c7e972a9bbc8f78252af2f573dbbca87088db924cfa6aa04ef4c05d7176e275a1ded0d4cd79254a6da3fd39540e2895a4537fa89bd49327fe062410c61 |