Analysis Overview
SHA256
ffd902ff33b4c5ab5c2365320ba4b436f8fb7b2dbe039d5ffc0af7da409a8f63
Threat Level: Likely benign
The file counter-strike-2-hacks was found to be: Likely benign.
Malicious Activity Summary
Browser Information Discovery
System Location Discovery: System Language Discovery
Suspicious use of WriteProcessMemory
Enumerates system info in registry
Modifies registry class
Suspicious use of SendNotifyMessage
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
Modifies Internet Explorer settings
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-11-05 18:07
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-11-05 18:07
Reported
2024-11-05 18:10
Platform
win7-20240708-en
Max time kernel
134s
Max time network
127s
Command Line
Signatures
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000004eb8598f23aa9c4cbc37a7686417a4b000000000020000000000106600000001000020000000676ee734365f2001abe0a5a141bd69c1374874136b13084e9473dd0e0f211870000000000e80000000020000200000006d1f8e2754c4bbace7b43759c6423bb63607c1f43294d9d1b61078d1983d9a6e200000001308cd1090868209eae9dd575bdb0ea395931906e704332bea25e7c8078cad5e4000000089861b733d5e2cc40858bbf42f29259b5c62880b1a23c376a9ca5a36238c5dfe6543d387403bd42a67cf6b4683456ed7f4b35c99895629000214b7004ae89b33 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 2091f1bbad2fdb01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000004eb8598f23aa9c4cbc37a7686417a4b00000000002000000000010660000000100002000000090a8f278f0266d6a01aafd2986602a2f24c2e22a594c2a8fbc51d245f30e3895000000000e800000000200002000000080364600d035988c60dba1633e1edefce10132a8740c2cc15a953c432a0253bc9000000042a4f18e28916407463aca237733140f26f7c500267a9519e984f232a1a909805f4aa7e7a312c1806654907ca1d7a16e328ae997dddc8f13c719be24cc90162bd41d67c938834b646e357f0899df96329fb9384df285965ad81d688357cfe6d9dc72a6d2113e53fb515f9615e7aaf3245a9e38e37b0fa888ef61f7f266191d0f1d8f409482429d867df540891de2322c40000000b2ab86489e2f468835df844b8a292d2b08fdbdd1dde92b3ffc5af41c5b8d8048b0a28d0f4a37885297e3b5cc56e00f48cf18e47a9e4281a9387d26f465821f8a | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "436991953" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{E781F871-9BA0-11EF-916E-DECC44E0FF92} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2080 wrote to memory of 2872 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2080 wrote to memory of 2872 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2080 wrote to memory of 2872 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2080 wrote to memory of 2872 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\counter-strike-2-hacks.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2080 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\Cab3508.tmp
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\Tar3597.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7f96bcd2433e22aa1854f59fd266f0ab |
| SHA1 | bf4d7544349b758be0f8aa0ebf37e30ae50abedf |
| SHA256 | b520bca24bcbbae8f8ce092311ff46ea8c63c1050135771b2b208d3432ea2b8b |
| SHA512 | 841fe701c6918b2160e0d1574e5ed28a141064774377b62c7ff9a3bc6806770de8e0a1e0e6092bd54838c8ec5f88775f690415184b6cc435cd408d8af581cfd9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1d2ec89476e24d4e0db1aeaa34d5b49e |
| SHA1 | 4acbbe9699ad3ccbe7ac32d4de6ec77fe93108bd |
| SHA256 | d5a70d4edad3483b8285c574e7d0df559c076a4059198e3add531eb0e8571258 |
| SHA512 | e5757bf26262b455a34c7a42fdc3165c58f56db23dc557cdf7d0699ea9987811e18f441b86023a22898dd01357b182140e29294fbc075ff2add74933d870fc40 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 61bf125eb703ec410e7c021dc5a44a2e |
| SHA1 | c1d58405223713a232f81f6fed1b2ca2215a13f2 |
| SHA256 | ec462824abe5a412c9e6c181ff45ee1b055c549ef100193392024ec65d5de564 |
| SHA512 | 69ddbcbc791cc6a892fd83ffbc1747098bd0e1887d1cf420f15e9dbf5dea6aef22317b241be06e0843ddb93783d334f6f569cb0884dea199d239c748b896ab4d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f75e73aaca56bd32423d6e63583d0c2c |
| SHA1 | 8585fe81587eefe770cd802d65c4c59bed007fe5 |
| SHA256 | 13972e99256a1ea2bac3fb5432f807646404207f7c08e1b97e1d4b5a6897e998 |
| SHA512 | 1cb1ea18fb92d0d4e98b477bbef40a443c6243dbbfd078321ad6ccb744fb87450315da76ef98bdd1b6f0907a9413abb0a4c6aeb5f862959a884a1ced84415067 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b589680d995bf2d3919282ac1e34fc84 |
| SHA1 | 90d91772541d528aa7f32077fe816d066dee965e |
| SHA256 | 94cf045f6023dba963fe0115b58e3e1acdf9c182cb380525575b87c1faa67d73 |
| SHA512 | 600a144f3a861246b3077dd67d37b00ffb033272c5e5f6a59c07571bcce1d603a0c2989375bb6dc9cc8a647c4f5ea311139d75135e4b991b5b0025010bdf02b4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c1379434eef55fa6fd4fafdedce141fe |
| SHA1 | 3a0bc25c99dd3dc3e028a9d0272db7b4ba4d094e |
| SHA256 | 5d05dc165f0e315a442929573f82ade0746e51698c8cfca53bca0df54667900b |
| SHA512 | c3b7bf5db16a0a2656e0360bcb03fbbf9ebba14138cac848ade044d006b4cdd673565823c70b9a698cae48464acdfc6f40fa9761a6b63f3df6589fe648b192d8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0a8a65f6046c71ae2d1fc7cbd8e202b5 |
| SHA1 | 7c163ab6da5ca96b0407bf54306e0417fed3d3e4 |
| SHA256 | 5e32a9f70c2da8445d640697c7415123b8ad2f5f857053958bf0b0821232a710 |
| SHA512 | 64ad3f479284fc38470c7dff69c1503150d4eedda988efd72994842a4c2a246de006058edf578d5148130d8088a96eed71e1d40014584e3cafd4960819598ba8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 85d8f0388f2528c30849a079776a78ef |
| SHA1 | 2bc5a0069244e20e09bab794174c61dfb924b167 |
| SHA256 | 3bd00a274d16134054cb8e7d51ecd62bda12453d98ae2c64bbca49ac3a4e6e2f |
| SHA512 | c3476e52c2ef7596bbb510b357aef6000a00a01998e93532b9186d6846b400bb7eb67abfb0d8b80c4f54b9e6d01e0147b0a28c9c184062d963c9c94f9f6ec445 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 97a8c81af8d603a6caf7afb43a6d1a39 |
| SHA1 | 1067253527d94170d2248c3593ed95e1e39469ca |
| SHA256 | a38c6225aa88661981ac270180ab75a19e227e5e23ae7df026ed7556223d79c0 |
| SHA512 | 583f72406d0d7e707dafc160d591f431e23fa681ec9b92d4d27cffd368394c3bc3e1fb915e06bc680c2d2272cb87a76fe208806b7f15b5dd1cff1c586b830621 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ee12a9a0bc369e86c32ca2ae1e5f9ac8 |
| SHA1 | e77f41bf439282ea2c5c323f87dceccd44fa478a |
| SHA256 | 827c09ea5f21e319acf2f747e986a962859b2bb5b82a7e5269f9a10eabccb635 |
| SHA512 | 73aaeaef2b240f2edbe4673b3958c36b2b28b1f1824e9f76a67800d82679d741d72e2195ed794b44b1d99cb55d3224143725f0e165be02195e60e4408198bee2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 88b9cb4438bc981ae780d62e6de0fb03 |
| SHA1 | 95c97411f8daba96310c57f10f126e2f6a355f8c |
| SHA256 | 2b0ac8cc50ae1d2676da752e5385e6dd959beeedb32453cb1e5ac3d180c6f1db |
| SHA512 | 2ffa0d08cc48e0e3483f0c0b92f61ae8535394ce2c59c6aad67f10280575fdae81e32e3fea49908dd4d6544dace7fbda1441af14c83eb3d90ae3007df24411e1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | eb80ba8ca984b9684c809caf48c7848f |
| SHA1 | 9c3bc66a33817b40100bb427353db1fb345bfd62 |
| SHA256 | 954ae1085971aaa6c87863260272f280f07d7f0cda95daad075a03f680e04b93 |
| SHA512 | 4d1aa56376151b29c7f3255c8a6d49e2a25d3ed26454af020ce7357141b14c52e8463824cfb60bf7670a5f215863b28eb5bb0042fd6f9539777e8d8d504953ff |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 90ac0cb8e928375c9b4b1b43854336dd |
| SHA1 | ede615557423215f632681397c33dd79a849c8ab |
| SHA256 | 059ac979abd223b29fd81abc90a02dfbe2dc7f94cc945420dfb8250e2b67283e |
| SHA512 | 9a15095cd95c32a64ef76639a04989aacd5742316f33aa137743948e24f473d3a668478e2b46d5599838dd45cc41b95d562bf3b894c6feceeabee35de54c7f9c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 01dba2bbb4bbe4fdff9f9b1917f08610 |
| SHA1 | 876daac6ac253547500a6e47ca83e5043c553d81 |
| SHA256 | 49a079ebbb57bca474a1acf2b76ce511edfe8dc3e43c64be79e2164e0ab3dd07 |
| SHA512 | 3b57bd29eaa454fa4c6321fbcd9e487b3f61c232da39b831d8a42f8f4b0cea7e201b6db54840281f12869cfa7d1afd97878826906aed363bb505f6466d562b64 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 459b385eb219ff8b3bd14c7cbe11d991 |
| SHA1 | 0e9f46ffe4cabb89232f104e1806fe819c2b6888 |
| SHA256 | 0c962b4720a49bbc85ee22d3bad12cc6c2e0fece20805cb2faaf362ce060d7c6 |
| SHA512 | 2fb27f155ba4645adfb6e70fd423d883a5156c46673a27d248d1d37ff87b944b3986a0da0d8507aa92642a4bf7e901e9203fe907da08a4ac67786b5172321c12 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1c7f106bc72ee907b3aabd9dba7a171c |
| SHA1 | 6bbb1234053e6e46d5b5f31f1dbf68c3db3c9e3b |
| SHA256 | e912c676dded91ddda65cbdcacf04556c8e6d8ff3adad10db2d6306a2d3f8ed5 |
| SHA512 | 7d178e9d577b2ddb6bb141379bd71e058c68201e1d03dce1df1938727f5f2f57c4449afa930622c29a7f200cea3adeee2e897d4ed56f7cbe44911c13d6520806 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3cf729b106b3975dc9b13e69b52aef67 |
| SHA1 | ac8434da0d4533370c8dbf5e338bcd1b4c3071dc |
| SHA256 | 658b3fb0bbdaf789de2f426bc6fc3002e9736da9d8f396772a3f956c25487f17 |
| SHA512 | 7e133a926c71e1fb07b1ad12d47c3d9a5635a7e7b273433d8768f8fa93cef0141d8128271856a4779a1736dae0dcfee92ab05898afd36b746d544f4a7e4583d9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 00efb4c7f9524e6a77ffea8298fd6695 |
| SHA1 | b9d19a0784bae7f16ff03314a45b9d5f510af795 |
| SHA256 | 242372e14134b42c0e65bff3069698b8874c69fbd56953fb751381fe6ef13658 |
| SHA512 | e7bf94767871d3a47701fc0995940986c950d083d48780c77cda65d30879df755aa8e4fe2bce7161d7ae84444682023eeca9abecc4c8b118163a1d719133fa35 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e603da5eaf803ac1dcfc993ba5c57afc |
| SHA1 | b2c0095a2bdaa1b7f599ca9899f6d96934cd7f33 |
| SHA256 | 4f4b4122ca12d9b5ff066044226e931275e382268411755c186454dc6dfbd10e |
| SHA512 | 5248332ec3261cd9e60ac3f75ec4b65fceba12209b447eb69c7e55efd1cbfb72f90d4a822ae1eb35e0fd80c727906592f867cac5dd05fff52c110419f0f07bb2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6c08e4f78b82560d683b60076fa8eea5 |
| SHA1 | d261b46e47ba55f0653e2cca9dac1461d8979c9f |
| SHA256 | 5f0d9a6dca2fda74e8d4053f5955023655536f750530921b83ade1f5091bb93d |
| SHA512 | 5acf6b998f268748b4ae529a3037e9ddd1f838045800d0328f980c7a23a309c0b4a4215458a0e88b2b0cb4fcc50e78fdff23d7eb424f93b6c270f74b01cc3cb5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 82a69b655a19b3a0a1b66c4058e21e92 |
| SHA1 | b3efd95d0b659aa89f2aa4439a3a34aeb49b6d45 |
| SHA256 | cae02b25c2a15991a2610da81d55254c2261f4819d63b28a247430447bf8a502 |
| SHA512 | d36ef46d1034e74d5b3ccf088e21349e59d0bb170d1dddd12eac98ca49b22a801cdbcd7710860c7187ae593e4afb61c1ff76ff5536470e93c9ff80e6ffb75df7 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-11-05 18:07
Reported
2024-11-05 18:09
Platform
win10v2004-20241007-en
Max time kernel
86s
Max time network
87s
Command Line
Signatures
Browser Information Discovery
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\Temp1_undetek-v7.5.zip\undetek-v7.5\undetek-v7.5.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\cr.sb.cdmf5200eafd3ad904629cbb0f87a78a3c7211081fe\Children | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949\DisplayName = "Chrome Sandbox" | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949\Children | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\cr.sb.cdmf5200eafd3ad904629cbb0f87a78a3c7211081fe | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-4050598569-1597076380-177084960-1000\{B7DED891-9EF4-4A6F-BC5B-4B30A7DAAF66} | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\Local Settings | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949 | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949\Moniker = "cr.sb.cdmf5200eafd3ad904629cbb0f87a78a3c7211081fe" | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: 33 | N/A | C:\Windows\system32\AUDIODG.EXE | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\system32\AUDIODG.EXE | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\counter-strike-2-hacks.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc1d5946f8,0x7ffc1d594708,0x7ffc1d594718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2184,12116322240796680349,11865501789872708894,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2420 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2184,12116322240796680349,11865501789872708894,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2768 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2184,12116322240796680349,11865501789872708894,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2784 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,12116322240796680349,11865501789872708894,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3260 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,12116322240796680349,11865501789872708894,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2184,12116322240796680349,11865501789872708894,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5148 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2184,12116322240796680349,11865501789872708894,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5148 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,12116322240796680349,11865501789872708894,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4020 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,12116322240796680349,11865501789872708894,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4732 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,12116322240796680349,11865501789872708894,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3976 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,12116322240796680349,11865501789872708894,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4712 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,12116322240796680349,11865501789872708894,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5636 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,12116322240796680349,11865501789872708894,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4732 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2184,12116322240796680349,11865501789872708894,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3416 /prefetch:8
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x3fc 0x424
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=media.mojom.MediaFoundationService --field-trial-handle=2184,12116322240796680349,11865501789872708894,131072 --lang=en-US --service-sandbox-type=mf_cdm --mojo-platform-channel-handle=5308 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2184,12116322240796680349,11865501789872708894,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=2060 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,12116322240796680349,11865501789872708894,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6084 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2184,12116322240796680349,11865501789872708894,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5772 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,12116322240796680349,11865501789872708894,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5832 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2184,12116322240796680349,11865501789872708894,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2496 /prefetch:8
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Local\Temp\Temp1_undetek-v7.5.zip\undetek-v7.5\Install Guide.txt
C:\Users\Admin\AppData\Local\Temp\Temp1_undetek-v7.5.zip\undetek-v7.5\undetek-v7.5.exe
"C:\Users\Admin\AppData\Local\Temp\Temp1_undetek-v7.5.zip\undetek-v7.5\undetek-v7.5.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 232.168.11.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 67.209.201.84.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 73.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 150.171.27.10:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | 209.205.72.20.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 92.123.128.146:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 146.128.123.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 212.20.149.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | icheat.io | udp |
| US | 104.21.25.33:80 | icheat.io | tcp |
| US | 104.21.25.33:80 | icheat.io | tcp |
| US | 104.21.25.33:443 | icheat.io | tcp |
| US | 8.8.8.8:53 | cdn.jsdelivr.net | udp |
| US | 8.8.8.8:53 | 33.25.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 200.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | region1.google-analytics.com | udp |
| US | 216.239.32.36:443 | region1.google-analytics.com | tcp |
| US | 8.8.8.8:53 | 36.32.239.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 92.12.20.2.in-addr.arpa | udp |
| US | 216.239.32.36:443 | region1.google-analytics.com | udp |
| US | 8.8.8.8:53 | embed.tawk.to | udp |
| US | 104.22.44.142:443 | embed.tawk.to | tcp |
| US | 8.8.8.8:53 | 142.44.22.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | va.tawk.to | udp |
| US | 104.22.44.142:443 | va.tawk.to | tcp |
| US | 8.8.8.8:53 | vsa107.tawk.to | udp |
| US | 104.22.44.142:443 | vsa107.tawk.to | tcp |
| US | 151.101.129.229:443 | cdn.jsdelivr.net | tcp |
| US | 8.8.8.8:53 | www.premiumvertising.com | udp |
| GB | 84.17.50.9:443 | www.premiumvertising.com | tcp |
| US | 8.8.8.8:53 | premiumvertising.com | udp |
| US | 8.8.8.8:53 | c.adsco.re | udp |
| US | 162.252.214.11:443 | premiumvertising.com | tcp |
| US | 104.17.166.186:443 | c.adsco.re | tcp |
| US | 8.8.8.8:53 | adsco.re | udp |
| US | 8.8.8.8:53 | 4.adsco.re | udp |
| US | 8.8.8.8:53 | 6.adsco.re | udp |
| US | 162.252.214.5:443 | 4.adsco.re | tcp |
| US | 162.252.214.5:443 | 4.adsco.re | tcp |
| US | 104.17.167.186:443 | 6.adsco.re | tcp |
| US | 8.8.8.8:53 | 229.129.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 226.21.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 9.50.17.84.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.214.252.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 186.166.17.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 5.214.252.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 186.167.17.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 233.38.18.104.in-addr.arpa | udp |
| US | 162.252.214.5:2087 | 4.adsco.re | tcp |
| US | 104.17.167.186:2087 | 6.adsco.re | tcp |
| US | 8.8.8.8:53 | sw210s9t0utl.l4.adsco.re | udp |
| GB | 185.200.118.62:443 | sw210s9t0utl.l4.adsco.re | tcp |
| US | 162.252.214.5:2087 | 4.adsco.re | tcp |
| US | 104.17.167.186:2087 | 6.adsco.re | tcp |
| US | 8.8.8.8:53 | sw210s9t0utl.n4.adsco.re | udp |
| US | 162.252.214.5:443 | 4.adsco.re | tcp |
| US | 8.8.8.8:53 | sw210s9t0utl.s4.adsco.re | udp |
| US | 38.132.109.126:443 | sw210s9t0utl.n4.adsco.re | tcp |
| US | 38.132.109.126:443 | sw210s9t0utl.n4.adsco.re | tcp |
| US | 162.252.214.5:443 | 4.adsco.re | tcp |
| US | 8.8.8.8:53 | 62.118.200.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 126.109.132.38.in-addr.arpa | udp |
| SG | 185.200.116.60:443 | sw210s9t0utl.s4.adsco.re | tcp |
| US | 8.8.8.8:53 | 60.116.200.185.in-addr.arpa | udp |
| US | 104.17.167.186:2087 | 6.adsco.re | tcp |
| US | 8.8.8.8:53 | 83.210.23.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | vip.timezonedb.com | udp |
| US | 104.21.93.68:80 | vip.timezonedb.com | tcp |
| US | 8.8.8.8:53 | 68.93.21.104.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | e443ee4336fcf13c698b8ab5f3c173d0 |
| SHA1 | 9bf70b16f03820cbe3158e1f1396b07b8ac9d75a |
| SHA256 | 79e277da2074f9467e0518f0f26ca2ba74914bee82553f935a0ccf64a0119e8b |
| SHA512 | cbf6f6aa0ea69b47f51592296da2b7be1180e7b483c61b4d17ba9ee1a2d3345cbe0987b96f4e25de1438b553db358f330aad8a26e8522601f055c3d5a8313cdd |
\??\pipe\LOCAL\crashpad_3480_WCOUUBXVWRQKSVXO
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 56a4f78e21616a6e19da57228569489b |
| SHA1 | 21bfabbfc294d5f2aa1da825c5590d760483bc76 |
| SHA256 | d036661e765ee8fd18978a2b5501e8df6b220e4bca531d9860407555294c96fb |
| SHA512 | c2c3cd1152bb486028fe75ab3ce0d0bc9d64c4ca7eb8860ddd934b2f6e0140d2c913af4fa082b88e92a6a6d20fd483a1cb9813209f371a0f56374bc97d7f863b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\bfdf910d-1cd2-4605-b0f8-0295182feb3d.tmp
| MD5 | 53aa21bd8821c32451bec08a67eb30b1 |
| SHA1 | a1b3c8e4aad14cd64d3662eb4842acdf11c5e1d2 |
| SHA256 | d760823a713e173c16f10c225a5ee18bacb43f51c3abc66ceb97234c2df79414 |
| SHA512 | 7d0d157d67b1b50457e26b98995ac4ba96406ccd71cf6d532ad784b69bcb130f0dae07cc2a14ec032eb93174890a0411de7a109ff2261d2369f3f4a0c8071c5e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 206702161f94c5cd39fadd03f4014d98 |
| SHA1 | bd8bfc144fb5326d21bd1531523d9fb50e1b600a |
| SHA256 | 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167 |
| SHA512 | 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | b1acb37901c94a8f12f111c7a7d3cf01 |
| SHA1 | 6b5341a25d0aaaf965e65f81aa464a2370329846 |
| SHA256 | f53a2380b448a20054778d8ca58673c5e326105181c7b4c15ec2a3099950f6e8 |
| SHA512 | 101000ef04131103155d7d847c03f1d5c7201da556a334c0f50e8dbca6ac37a5257d163243d2f87a05061a2b21ac622acea6b57ad13ad61f2eee1be3e33a8351 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 2a8e7a6cb38eebc9fbd7850c901ef422 |
| SHA1 | 19c2dfdcd02d5b8ba1a7f2c76d2e21a6e3912149 |
| SHA256 | c7ec8cef61d65e77378911fa003ddb7f8f380163a3ac1742f8950908d59ddeef |
| SHA512 | 9f316882958012688ca1fc893ce7050b898948dd5cfaaab03ed2a2e9743cebbfe18f3223e6ec943b2d5baa1eb2ddaff683af3045b4b16d0a234527151c4314a3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006
| MD5 | 03b1cfaa7d36337d472a96c4375e612d |
| SHA1 | 11dc55047e35bf5de4cd9355d63dfb260134fc8c |
| SHA256 | ee0a54330955c4516f7f57f9cd56eee28900863f7de6598458bd88866b7e40ca |
| SHA512 | 7d7750b8622f0a6c3c9cabc582956602c531ff8568f18ea088d267454cf25a0dbbb1f5a43215fec995e9aeaa379976fe044d3ea3234db56a7ab4a5444273a437 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000019
| MD5 | 307cc9c90b07960982452fd122fa89ca |
| SHA1 | d3f42e1a37b7a5e959c39a58d2a0a0e052b49961 |
| SHA256 | c6d11eb819da4a0881a7a97e06c203056dad988b7e2b7408c937956a1e454718 |
| SHA512 | ab10518151cbda16a00281e1788421e3755c252feec398ed68311cb7d72d9d2b7cb199b542d108c396212d01d194aba61de8626e4f8208421ab5dd9926ef8b8f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | f3ced5a715e69aaffe187d0ee26c9f4b |
| SHA1 | 23d1a4b904e8765b396301f4f57d593ab4dd6b34 |
| SHA256 | 250777126448dad086038066434c3038e2eae594a973022e770039d1d6503dce |
| SHA512 | f5dd4f1337e4924478d266f30eb9ecca7069dd99ae21d4595ab7c7ccc0d2ccfefb29903c02df5bc4220b759ac9075517599ccaf1c8ccb5266b778f2cc3a55632 |
C:\Users\Admin\Downloads\undetek-v7.5.zip
| MD5 | 8def5e2fd03961dd14b0a89d1b6f2a61 |
| SHA1 | 8611936ba749041a202dd88bc6ce722e55f2ef9f |
| SHA256 | d5c89a4b9ad6b0fcbd9692a2b444878630a23a1dabac11a28ee2445a3093280b |
| SHA512 | ef33163bf2081153811d2d433050b8bc882b8647743c15336aa0529e40323b2a175f77e7b4a5799f558206e82b044cc3989afe19d9410a1f526829c94e595a72 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 91069e65552d998d18acfbe3a30c85e2 |
| SHA1 | 22421e1a16dd4d6febf33b57eb12f211df43440c |
| SHA256 | 5d4cab6c8b25df9eba2a01d9d4e234123dc2b81322cd6696b06ef5c821276b20 |
| SHA512 | 7e64590570e886fcaa202d6cfff74e12ea2bad2d4e5b98ccd6635dcbb81094082ad4206966219cd852a5167da44eb9b3d261b9bbe7978f9acef50d46b5c0c7ae |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | fb171e0fabe6b686311d7e534a6775cb |
| SHA1 | be193ea8fd375e2b7d44ea19942921dfa2c56ac6 |
| SHA256 | 33ad3a3205349f1f59c4867f034bf6e2c2728cbbb6eec7634128e7b82512e5cf |
| SHA512 | 53030a402cad60b4a3d365f47b34b6097d07eba189f2d2b867b484584e5df2db7bc8d0600a25f11c4dfe2aca73dd024c7933e1fbec72e6650db88bd1e9947294 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | e65d2dd4091204f563671be1a19cce79 |
| SHA1 | bfebb685dcf5107210c38236256e9d95488ff844 |
| SHA256 | 8c6956c3e08d0c78f35e67436a552617e063a7cbf85d34e04fbb45a2e7b6f472 |
| SHA512 | 15137661345c15335afe06e91c9be7810d260c20dc7692512b96d5ff69230b72242d27e262ba90a68d365c526da749dbde11392d5a0b728cc92802eedbdfd375 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | a7cba42beaf8d94b2eea907a3af4059f |
| SHA1 | 573e0a819cb163e8230e618d639f8b0c71bdfa72 |
| SHA256 | 2d071858eb4c2407292dbae6219657995ccdc8d7ec7c6fd976ba96adf73f01a4 |
| SHA512 | f9cec0d50ac0267b49119bc4b5f86c375fbac1eddf147f9cd11d27d608c953b6209b18995ef94eae87561599302df8974c71dbb80eaee59b531e0121358cc4cb |