Analysis Overview
SHA256
09767af85ac0de77db770fc1a7539b5537be04adc1465584b493b315d58a496c
Threat Level: Shows suspicious behavior
The file winhex.zip was found to be: Shows suspicious behavior.
Malicious Activity Summary
Loads dropped DLL
Legitimate hosting services abused for malware hosting/C2
Checks whether UAC is enabled
Malformed or missing cross-reference table in PDF
Command and Scripting Interpreter: JavaScript
System Location Discovery: System Language Discovery
Browser Information Discovery
Enumerates physical storage devices
Program crash
Unsigned PE
NSIS installer
Modifies data under HKEY_USERS
Suspicious use of SetWindowsHookEx
NTFS ADS
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Enumerates system info in registry
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
Suspicious behavior: EnumeratesProcesses
Modifies Internet Explorer settings
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-11-07 21:33
Signatures
Malformed or missing cross-reference table in PDF
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
NSIS installer
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Analysis: behavioral6
Detonation Overview
Submitted
2024-11-07 21:32
Reported
2024-11-07 21:35
Platform
win10v2004-20241007-en
Max time kernel
145s
Max time network
150s
Command Line
Signatures
Legitimate hosting services abused for malware hosting/C2
| Description | Indicator | Process | Target |
| N/A | camo.githubusercontent.com | N/A | N/A |
| N/A | camo.githubusercontent.com | N/A | N/A |
| N/A | camo.githubusercontent.com | N/A | N/A |
| N/A | camo.githubusercontent.com | N/A | N/A |
| N/A | camo.githubusercontent.com | N/A | N/A |
| N/A | camo.githubusercontent.com | N/A | N/A |
| N/A | camo.githubusercontent.com | N/A | N/A |
Browser Information Discovery
Enumerates physical storage devices
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Windows\System32\rundll32.exe
"C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL C:\Users\Admin\AppData\Local\Temp\$PROGRAMFILES\Dokan\DokanLibrary\README.url
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://github.com/dokan-dev/dokany/blob/master/README.md
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8a88c46f8,0x7ff8a88c4708,0x7ff8a88c4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2104,6216992767948018551,5791048826437961499,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2152 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2104,6216992767948018551,5791048826437961499,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2228 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2104,6216992767948018551,5791048826437961499,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2848 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,6216992767948018551,5791048826437961499,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3296 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,6216992767948018551,5791048826437961499,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3304 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2104,6216992767948018551,5791048826437961499,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5436 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2104,6216992767948018551,5791048826437961499,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5436 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,6216992767948018551,5791048826437961499,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4964 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,6216992767948018551,5791048826437961499,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4560 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,6216992767948018551,5791048826437961499,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5068 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,6216992767948018551,5791048826437961499,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5668 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2104,6216992767948018551,5791048826437961499,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2032 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 232.168.11.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | github.com | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 8.8.8.8:53 | 77.190.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 215.156.26.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 74.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | avatars.githubusercontent.com | udp |
| US | 8.8.8.8:53 | github.githubassets.com | udp |
| US | 185.199.108.133:443 | avatars.githubusercontent.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 8.8.8.8:53 | github-cloud.s3.amazonaws.com | udp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 8.8.8.8:53 | user-images.githubusercontent.com | udp |
| US | 8.8.8.8:53 | camo.githubusercontent.com | udp |
| US | 185.199.109.133:443 | camo.githubusercontent.com | tcp |
| US | 185.199.109.133:443 | camo.githubusercontent.com | tcp |
| US | 185.199.109.133:443 | camo.githubusercontent.com | tcp |
| US | 185.199.109.133:443 | camo.githubusercontent.com | tcp |
| US | 185.199.109.133:443 | camo.githubusercontent.com | tcp |
| US | 185.199.109.133:443 | camo.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | 133.108.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 154.108.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.109.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | collector.github.com | udp |
| US | 140.82.114.22:443 | collector.github.com | tcp |
| US | 8.8.8.8:53 | 22.114.82.140.in-addr.arpa | udp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 8.8.8.8:53 | api.github.com | udp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| US | 8.8.8.8:53 | 210.156.26.20.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 13.86.106.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.23.12.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | d22073dea53e79d9b824f27ac5e9813e |
| SHA1 | 6d8a7281241248431a1571e6ddc55798b01fa961 |
| SHA256 | 86713962c3bb287964678b148ee08ea83fb83483dff8be91c8a6085ca560b2a6 |
| SHA512 | 97152091ee24b6e713b8ec8123cb62511f8a7e8a6c6c3f2f6727d0a60497be28814613b476009b853575d4931e5df950e28a41afbf6707cb672206f1219c4413 |
\??\pipe\LOCAL\crashpad_4852_NRQXONEXKDWFTLVW
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | bffcefacce25cd03f3d5c9446ddb903d |
| SHA1 | 8923f84aa86db316d2f5c122fe3874bbe26f3bab |
| SHA256 | 23e7cbbf64c81122c3cb30a0933c10a320e254447771737a326ce37a0694d405 |
| SHA512 | 761dae5315b35ec0b2fe68019881397f5d2eadba3963aba79a89f8953a0cd705012d7faf3a204a5f36008926b9f614980e333351596b06ce7058d744345ce2e7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 970c9480c034a72f5601463cfb9e7e25 |
| SHA1 | 76b17cfe8bdae6a12d43cda70081322868ea0e3c |
| SHA256 | 05d7427eba54d69d2890d99e585979da86915d6d0a3ad4f128e60b5f403538e6 |
| SHA512 | 5792d9a2a999b5782b501c23468823b5695ba87ad5b883ebdd9bd57a718907a0d5b4d542fa5af820bcb63c96f27d5f0cfb7ccee8fd6c6b92eb94b6933b9d9f9f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | f970ee6e17e67459d72259aecf5a2c8a |
| SHA1 | 11c2ec11a9d2ba897cb098a17d7d21bfa7adc177 |
| SHA256 | b715172df28ad175c4579565f9fdfb1a7ae9d5d1a696d2885c8278aaf0d2ef05 |
| SHA512 | 420a6c925438ec3f4393ce1dd1192dc5ee7bc6b002425989e8796b2ae214c976d3e422fab612b3677b2ea0cecac0a6c8e0d255e5722d614bcbed614a1e513746 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | a4bb4fac5c7103c4233b0f58774bf1a5 |
| SHA1 | 53b6af6379b2162d698e20efa08dc6a0c5eb6f95 |
| SHA256 | 836a32e7388a416d5518956a8c7af855bff75eb75b41f109f4839206f51a4f6d |
| SHA512 | e8709aae01dab64d0bee47484623c18899c61147a47c36a54803fb9dc006ebd2f6f84e678d2c432a69af39033e7422aa8c63ce8886a8ebc34e016ef912471deb |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 35e5cf9a4d5c99de01aa29468bea16aa |
| SHA1 | 23ab1f077c29b237f9306fed23ba8decbeca9c10 |
| SHA256 | 21c18cf87989737f4f14fdcb8f30703dea91de5d8bd3c7d11517e3c4160fd85b |
| SHA512 | 720acc2602eccfb373b7c334f666d7186cf0c54d01cb3fea1328ece0b42b0e6b865ef70e589e26338edef9b275fe3266ec4fb771600cbb1de38f7078de40759c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | f41567987ed25b1e7255e9fd9f4ccc49 |
| SHA1 | 80dd0ffa5b7f7afdf7fd01e41ce5da5aa2a36213 |
| SHA256 | 194c2b6dea9e3ce80f3bf32b9a317d8a28b9eb997255d65cb703158587b6b1f2 |
| SHA512 | 05d12831e3cb8db4196a7a44c871216ea17448fe6c590fc6e275dbaf5648f0a44da4c456a9d891aaccaa16163a20a9f89a40d996b91d75112ebc4aa0f40e649b |
Analysis: behavioral15
Detonation Overview
Submitted
2024-11-07 21:32
Reported
2024-11-07 21:35
Platform
win7-20240903-en
Max time kernel
41s
Max time network
149s
Command Line
Signatures
Browser Information Discovery
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\$PROGRAMFILES\Dokan\DokanLibrary\sample\mirror\mirror.exe
"C:\Users\Admin\AppData\Local\Temp\$PROGRAMFILES\Dokan\DokanLibrary\sample\mirror\mirror.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef6bd9758,0x7fef6bd9768,0x7fef6bd9778
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1200 --field-trial-handle=1348,i,8209453240587778692,13793594980698871083,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1564 --field-trial-handle=1348,i,8209453240587778692,13793594980698871083,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1680 --field-trial-handle=1348,i,8209453240587778692,13793594980698871083,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2308 --field-trial-handle=1348,i,8209453240587778692,13793594980698871083,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2320 --field-trial-handle=1348,i,8209453240587778692,13793594980698871083,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1460 --field-trial-handle=1348,i,8209453240587778692,13793594980698871083,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3316 --field-trial-handle=1348,i,8209453240587778692,13793594980698871083,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3468 --field-trial-handle=1348,i,8209453240587778692,13793594980698871083,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3584 --field-trial-handle=1348,i,8209453240587778692,13793594980698871083,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3892 --field-trial-handle=1348,i,8209453240587778692,13793594980698871083,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=3924 --field-trial-handle=1348,i,8209453240587778692,13793594980698871083,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=2400 --field-trial-handle=1348,i,8209453240587778692,13793594980698871083,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=4016 --field-trial-handle=1348,i,8209453240587778692,13793594980698871083,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=2360 --field-trial-handle=1348,i,8209453240587778692,13793594980698871083,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=3860 --field-trial-handle=1348,i,8209453240587778692,13793594980698871083,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2444 --field-trial-handle=1348,i,8209453240587778692,13793594980698871083,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2448 --field-trial-handle=1348,i,8209453240587778692,13793594980698871083,131072 /prefetch:8
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | ogads-pa.googleapis.com | udp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| GB | 216.58.212.202:443 | ogads-pa.googleapis.com | tcp |
| GB | 216.58.201.110:443 | apis.google.com | tcp |
| GB | 216.58.212.202:443 | ogads-pa.googleapis.com | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| GB | 142.250.200.14:443 | play.google.com | tcp |
| GB | 142.250.200.14:443 | play.google.com | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 142.250.179.228:443 | www.google.com | udp |
| GB | 142.250.200.14:443 | play.google.com | udp |
| US | 8.8.8.8:53 | consent.google.com | udp |
| GB | 172.217.16.238:443 | consent.google.com | tcp |
| US | 8.8.8.8:53 | www.pornhub.com | udp |
| GB | 142.250.179.228:443 | www.google.com | udp |
| US | 66.254.114.41:443 | www.pornhub.com | tcp |
| US | 66.254.114.41:443 | www.pornhub.com | tcp |
| US | 66.254.114.41:443 | www.pornhub.com | tcp |
| GB | 142.250.187.227:80 | www.gstatic.com | tcp |
| US | 66.254.114.41:443 | www.pornhub.com | tcp |
| US | 66.254.114.41:443 | www.pornhub.com | tcp |
| US | 66.254.114.41:443 | www.pornhub.com | tcp |
| US | 8.8.8.8:53 | static.trafficjunky.com | udp |
| US | 8.8.8.8:53 | ei.phncdn.com | udp |
| GB | 64.210.156.22:443 | ei.phncdn.com | tcp |
| GB | 64.210.156.22:443 | ei.phncdn.com | tcp |
| GB | 64.210.156.16:443 | ei.phncdn.com | tcp |
| GB | 64.210.156.16:443 | ei.phncdn.com | tcp |
| GB | 64.210.156.16:443 | ei.phncdn.com | tcp |
| GB | 64.210.156.16:443 | ei.phncdn.com | tcp |
| GB | 64.210.156.16:443 | ei.phncdn.com | tcp |
| GB | 64.210.156.16:443 | ei.phncdn.com | tcp |
| GB | 64.210.156.16:443 | ei.phncdn.com | tcp |
| GB | 64.210.156.16:443 | ei.phncdn.com | tcp |
| GB | 64.210.156.16:443 | ei.phncdn.com | tcp |
| GB | 64.210.156.16:443 | ei.phncdn.com | tcp |
| GB | 64.210.156.16:443 | ei.phncdn.com | tcp |
| GB | 64.210.156.16:443 | ei.phncdn.com | tcp |
| GB | 64.210.156.16:443 | ei.phncdn.com | tcp |
| GB | 64.210.156.16:443 | ei.phncdn.com | tcp |
| US | 8.8.8.8:53 | media.trafficjunky.net | udp |
| US | 8.8.8.8:53 | cdn1-smallimg.phncdn.com | udp |
| GB | 64.210.156.16:443 | media.trafficjunky.net | tcp |
| GB | 64.210.156.16:443 | media.trafficjunky.net | tcp |
| GB | 64.210.156.16:443 | media.trafficjunky.net | tcp |
| GB | 64.210.156.16:443 | media.trafficjunky.net | tcp |
| GB | 64.210.156.16:443 | media.trafficjunky.net | tcp |
| US | 66.254.114.156:443 | cdn1-smallimg.phncdn.com | tcp |
| GB | 64.210.156.19:443 | media.trafficjunky.net | tcp |
| US | 8.8.8.8:53 | region1.analytics.google.com | udp |
| US | 8.8.8.8:53 | stats.g.doubleclick.net | udp |
| BE | 66.102.1.157:443 | stats.g.doubleclick.net | tcp |
| US | 216.239.34.36:443 | region1.analytics.google.com | tcp |
| US | 8.8.8.8:53 | www.google.co.uk | udp |
| GB | 216.58.204.67:443 | www.google.co.uk | tcp |
| US | 66.254.114.156:443 | cdn1-smallimg.phncdn.com | tcp |
| GB | 64.210.156.16:443 | media.trafficjunky.net | tcp |
| GB | 64.210.156.16:443 | media.trafficjunky.net | tcp |
| US | 66.254.114.156:443 | cdn1-smallimg.phncdn.com | tcp |
| GB | 64.210.156.16:443 | media.trafficjunky.net | tcp |
| GB | 64.210.156.16:443 | media.trafficjunky.net | tcp |
| GB | 64.210.156.16:443 | media.trafficjunky.net | tcp |
| GB | 64.210.156.16:443 | media.trafficjunky.net | tcp |
| GB | 64.210.156.16:443 | media.trafficjunky.net | tcp |
| GB | 64.210.156.16:443 | media.trafficjunky.net | tcp |
| US | 8.8.8.8:53 | ss.phncdn.com | udp |
| US | 8.8.8.8:53 | content-autofill.googleapis.com | udp |
| GB | 64.210.156.16:443 | ss.phncdn.com | tcp |
| GB | 64.210.156.22:443 | ss.phncdn.com | tcp |
| GB | 64.210.156.16:443 | ss.phncdn.com | tcp |
| GB | 64.210.156.16:443 | ss.phncdn.com | tcp |
| US | 8.8.8.8:53 | beacons.gcp.gvt2.com | udp |
| GB | 216.58.213.3:443 | beacons.gcp.gvt2.com | tcp |
| GB | 216.58.213.3:443 | beacons.gcp.gvt2.com | tcp |
| GB | 216.58.213.3:443 | beacons.gcp.gvt2.com | udp |
Files
\??\pipe\crashpad_2156_HXFSBAXWBYOCVUZY
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000007.dbtmp
| MD5 | 18e723571b00fb1694a3bad6c78e4054 |
| SHA1 | afcc0ef32d46fe59e0483f9a3c891d3034d12f32 |
| SHA256 | 8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa |
| SHA512 | 43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1
| MD5 | f50f89a0a91564d0b8a211f8921aa7de |
| SHA1 | 112403a17dd69d5b9018b8cede023cb3b54eab7d |
| SHA256 | b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec |
| SHA512 | bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 7ebe0cb21aa007d4c304691d9819a832 |
| SHA1 | 41ea660d3b755b190cba90ee41a13c780d111bc5 |
| SHA256 | 5ea798a432a9890d7c4f22af59a543027a6a76f01bfd8a87e4027d04ab54ed5a |
| SHA512 | d32f9284c8cccbeea84f17f7d1ceaa373f597e1c505b00548fbf0871fcc49dea0b18a133d2a54b01ed38fe488f953ca1f3c11b0585d400b7496bda188424e557 |
C:\Users\Admin\AppData\Local\Temp\CabFBBF.tmp
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\TarFCBB.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 919a436a28ea84fa69e395f166864d3a |
| SHA1 | 494ea9e4807bdc11b47c9718af914c603e2b21f9 |
| SHA256 | ca0865ccd42bd44e4bbd0e25e76d408ae4bfdf4be53c62eea95e8d9c9d7b4da4 |
| SHA512 | c700f2e8c736cd7267dc4781602b8c4cd4417ebc8e8123e6a3cefed1d3381efc2ff5f102a4957b4853f8bd565eebc91cb1dd20207ee9c7d69c291cce0f0125ff |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 4c676043e04d09149d4a9a4e61b2965b |
| SHA1 | f9490cdbb0595f0f7aba6edc3f564f5dffadb7b4 |
| SHA256 | 416669bac6733c70f5c42771d6cb17dc103d16fb2373bbe4a2166515697d60ae |
| SHA512 | a6aa1ecbebe866c26cc5f1ac9736387e77cb609a0d4b8fb0fe72fd328da39aa23ff7cb60d6d98ac438a43d08dcf35a3b3c088e8d53d0561fec8798efb8d9456f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 08eec3d34533b238ea9e4c65fdc964c9 |
| SHA1 | b57df18513d2fdc36ce598cf270a2927b9efde7f |
| SHA256 | ebf557aea26981707cecaaed797c8aaf965db54ed37cdc940f76de9df4ba6534 |
| SHA512 | 2dc89a4ea98e0b15163a0598134e5b7fed6b6dbf436b9b646188dcf4db1ab31b101642c54809de9ee73e1c33798ea288bb0bbd7da51f4143189c4647aad34e00 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5d6902c3319a0a2d289be1a77d1d5bb4 |
| SHA1 | 83fb67e36031ce82b9f1b2af6724069b7d51ffad |
| SHA256 | 8cb92f946f49c4cd900c8d7a106e272fc2832ba181338296f28b8a4fe13abbc2 |
| SHA512 | 6ff845e310c21a4e334c60f11e8d7afa0fcaac7c273d989d0c281c95b1d831c81d608ff98210e250ed1828ae17495fabbadee59a7cd2cdf782377db033aa37da |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\94f2f4b3-4af7-4a50-be99-47beb49be05c.tmp
| MD5 | ffc91fa236f883d9c025ca43aa31b10a |
| SHA1 | d0a5f0aea33b6dbce5bba7828f904bbce7b0f57e |
| SHA256 | dcd6ac65b7a589d9957300f864ff7ddad7b3bd8ab7616cf97d72270d6633ca3a |
| SHA512 | 8f7fd87146506c38788978b98d8ea8ac705e9ce5a77514d7f8755b3b997bad6b3817bc64cb6db39b0753f48fcf806baf689344584a7f2145ede818622220885a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9e821dbbb99cd0efde07d0dfaac43432 |
| SHA1 | 58f9073dfa6c096f5c70a14b62f0be4cbdeb0d20 |
| SHA256 | c67c6b3df526618514f01b39bbadd64bdc5fb1b278c137725293f846db9afc42 |
| SHA512 | d2010d9aff0d3c62055cfbe5a0125a6658195d02dac9ee5d64dafa3b8572292afd85bf7ff3082fdf112c19b455ed3e30b05363ef080597517b7993a1563c0042 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7daf46878e0d9bd684ebc4026ee82a27 |
| SHA1 | e197d1f5bbc4e634a64af79d091a289cff347459 |
| SHA256 | 33e0db2a8f70e7f2e59c132a0cc546b18b3f805a3c819f3869fcbd59a4ba7445 |
| SHA512 | 4cb00c8dda52213330dff04cbce70dbcd9dd239b5103af86738627528b252f9b6a0f54c9742f612ba524b1a7855b2c02e6719e1dacd65135dbbe3eaaecbec8e5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4fa58d7699c6ab13f37611950409c4ff |
| SHA1 | ce21fcfcb5287c86e322f9625f46c47d635a66a4 |
| SHA256 | fc7328344d522d5705d09b155bac39d782003fa4bafa977516226aaf0d7022e9 |
| SHA512 | 0c1fb4de3463ba4e29881dbb5d56cd4c42d732c08c0848611ef6f0644d495335ea81d2e71a4baa60bccda1097a1626fab266254ef05fd77e26654a271f1b2f74 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f05b20ce22698c84719d7b752fb7884b |
| SHA1 | 13b001c5e6b818616d33fda7aaf28de4160d8e05 |
| SHA256 | c706f8c84733c626a7ee228d37dc988ae2eb1871c558d399d0c28bc87a379dc4 |
| SHA512 | e498c90f4a5e02f435edc873558b35d71882cba93fe7e5343bb453187db7699724a8e709693b6fdb141ce505b00dafc8b3e3ea0f080b45a4a4632a039ea54c04 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8c1424121d6b1d36ad77d9571010b664 |
| SHA1 | e14a5c06bb621289e315379262827768dc33e696 |
| SHA256 | 370e40701a292dcbc742dc2960d6b843100bfed2be1c0ca7d99d4ee2ea6ea715 |
| SHA512 | dc66cc6116f5a7635eb70c566a2c62f850d49f9ee1ce3539786fde6fc9aaeee6eb90ca2b82764c7d9dc39d87776c7b0826c344ac7255ae4c15de0a46cc58a407 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 31d5353749fc23b611988e958318f791 |
| SHA1 | f52513c04236261ac5117af110600ef87049552e |
| SHA256 | 4b10a3669b6194b1558850daaf66d983963ab747aa6923d05afd1c978c9687c4 |
| SHA512 | d701c347a3f4cd4e326fcb1425d758ad1e4eafcbeac948a961ad6423eab122734086bba200cc2722670f5c097eb330dd9d2ffecb28438b75af2d1e699fc5babf |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\8cfc89a0-281b-4d5d-8b1a-0e98988e93ce.tmp
| MD5 | 24bad796e220feb15d5d6c16377dd324 |
| SHA1 | 806d3fa2e3fdf4583d89074f875ee86533a7022c |
| SHA256 | 565292e0a8eb80cef2c89f41dd71fde97470c50aa4cdeab21e3ec77124fa5774 |
| SHA512 | 9e9b3f7723071b528dcf9d925902a37a1818f8820531246cba5a42836f711d933d18eff255d723d62990ce078446a030c94780f21c4fb29236eaeda7b2a9b7be |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | abb46e00c8efd3ecd16c28ce8e1e6d49 |
| SHA1 | b95f6d593212c988d827fec2427e8cb0bb1da8df |
| SHA256 | e5a719c7dc31d0496d81c477c78ce70399d0f5a0d1ce149765ed9e24bf411ae4 |
| SHA512 | 9f682d06b720450c8a76c307a9bc5425783f57169db698c1479d1d30fa9c60f389a3b7c828df4b32e48829d99d29b911b9106d4f89eac2da03680e4a07d76651 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | bb929ace940f64e230435ce2a36f221f |
| SHA1 | a9230c472d7ea48767ccdbf00aac63ede7158833 |
| SHA256 | d70aeca29ed79ea55a265a99ddbced359f07a8f270bebffddf2a88d1258e4a16 |
| SHA512 | d6104fcf4f5371edda502ffc9b0f813d98032734c2c4e463f9a16c3efc9c732242741e5705af10971dfb85a7f1c137631ce5cb62d892aabfee83c2e19ba8eaab |
Analysis: behavioral19
Detonation Overview
Submitted
2024-11-07 21:32
Reported
2024-11-07 21:35
Platform
win7-20241023-en
Max time kernel
122s
Max time network
124s
Command Line
Signatures
Processes
C:\Users\Admin\AppData\Local\Temp\$PROGRAMFILES64\Dokan\DokanLibrary\dokanctl.exe
"C:\Users\Admin\AppData\Local\Temp\$PROGRAMFILES64\Dokan\DokanLibrary\dokanctl.exe"
Network
Files
Analysis: behavioral32
Detonation Overview
Submitted
2024-11-07 21:32
Reported
2024-11-07 21:35
Platform
win10v2004-20241007-en
Max time kernel
99s
Max time network
138s
Command Line
Signatures
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\rundll32.exe | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 3732 wrote to memory of 2476 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
| PID 3732 wrote to memory of 2476 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
| PID 3732 wrote to memory of 2476 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\$SYSDIR\dokannp.dll,#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\$SYSDIR\dokannp.dll,#1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 79.190.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 196.249.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 20.160.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.150.49.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 56.163.245.4.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 75.209.201.84.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 19.229.111.52.in-addr.arpa | udp |
Files
Analysis: behavioral5
Detonation Overview
Submitted
2024-11-07 21:32
Reported
2024-11-07 21:35
Platform
win7-20240903-en
Max time kernel
121s
Max time network
134s
Command Line
Signatures
Checks whether UAC is enabled
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Windows\System32\rundll32.exe | N/A |
Legitimate hosting services abused for malware hosting/C2
| Description | Indicator | Process | Target |
| N/A | camo.githubusercontent.com | N/A | N/A |
| N/A | camo.githubusercontent.com | N/A | N/A |
| N/A | camo.githubusercontent.com | N/A | N/A |
| N/A | camo.githubusercontent.com | N/A | N/A |
| N/A | camo.githubusercontent.com | N/A | N/A |
| N/A | camo.githubusercontent.com | N/A | N/A |
| N/A | camo.githubusercontent.com | N/A | N/A |
| N/A | camo.githubusercontent.com | N/A | N/A |
| N/A | camo.githubusercontent.com | N/A | N/A |
| N/A | camo.githubusercontent.com | N/A | N/A |
| N/A | camo.githubusercontent.com | N/A | N/A |
| N/A | camo.githubusercontent.com | N/A | N/A |
| N/A | camo.githubusercontent.com | N/A | N/A |
| N/A | camo.githubusercontent.com | N/A | N/A |
| N/A | camo.githubusercontent.com | N/A | N/A |
| N/A | camo.githubusercontent.com | N/A | N/A |
| N/A | camo.githubusercontent.com | N/A | N/A |
| N/A | camo.githubusercontent.com | N/A | N/A |
| N/A | camo.githubusercontent.com | N/A | N/A |
| N/A | camo.githubusercontent.com | N/A | N/A |
| N/A | camo.githubusercontent.com | N/A | N/A |
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{E07E1801-9D4F-11EF-9DC4-5A85C185DB3E} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 10dc5db95c31db01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "437177097" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000a7e3310a2b0e6e498bd88e48ec67abf6000000000200000000001066000000010000200000009e0a076e7f443e0e697ab820b603e30bec0594e70a46877757c232097d80e8ee000000000e8000000002000020000000724636a2663f4e9c0ad65b442cd97e2e80f4978280f478e2547db47e2fc54dff20000000fbc65f05342c05d4bb665e126cb14eb3b079b28c2b965082ee3cafe86dcb32bc40000000ade620fd06ae4c6c8c302bfe4acc063c519565397c2c1ecb1ab9042aecde7ca053a654086f58b929fb900a542c7c05c01adf34371d43df3d9f236e1b6835247d | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000a7e3310a2b0e6e498bd88e48ec67abf600000000020000000000106600000001000020000000a04af800691d81a6d48e0ae85ad810ca845d82b366fa60a1736c781fbc6e64f9000000000e8000000002000020000000aaad53bc790f09715e3686935922af118302c6524dcf591edec904d9ac043dc8900000001eaa47a6ca7476a54604cc0a2bfbdb0c05db70884fbcf016a78cdde0df7b49064c84c043257b2a3654bee07335e45c21a3f5e4762fbec9baf899616ae3406a8f1a3287cdb53ad7a87a4f60ec8ec6aecd0c72ef99150091223aa8f7a8c8877aa979220a038168598fdb19fe9930eb57ebee050469cf30691b5151f9b562b91b04c4e914b75811339a338d926d9a7187c440000000100fcc989695b71cab8d70ff63ae5e99c894297106262e8a9a02895b8d4a41788a3a7dbb96de731bcb239e57f883a2493ba049fd21c16fb04a6a6b1d30b100b8 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
NTFS ADS
| Description | Indicator | Process | Target |
| File created | C:\Users\Admin\AppData\Local\Temp\$PROGRAMFILES\Dokan\DokanLibrary\README.url:favicon | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| File created | C:\Users\Admin\AppData\Local\Temp\wwwE644.tmp\:favicon:$DATA | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2656 wrote to memory of 2104 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2656 wrote to memory of 2104 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2656 wrote to memory of 2104 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2656 wrote to memory of 2104 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Windows\System32\rundll32.exe
"C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL C:\Users\Admin\AppData\Local\Temp\$PROGRAMFILES\Dokan\DokanLibrary\README.url
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2656 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | github.com | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 8.8.8.8:53 | avatars.githubusercontent.com | udp |
| US | 8.8.8.8:53 | user-images.githubusercontent.com | udp |
| US | 8.8.8.8:53 | github-cloud.s3.amazonaws.com | udp |
| US | 8.8.8.8:53 | github.githubassets.com | udp |
| US | 8.8.8.8:53 | github.githubassets.com | udp |
| US | 8.8.8.8:53 | camo.githubusercontent.com | udp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.133:443 | camo.githubusercontent.com | tcp |
| US | 185.199.108.133:443 | camo.githubusercontent.com | tcp |
| US | 185.199.108.133:443 | camo.githubusercontent.com | tcp |
| US | 185.199.108.133:443 | camo.githubusercontent.com | tcp |
| US | 185.199.108.133:443 | camo.githubusercontent.com | tcp |
| US | 185.199.108.133:443 | camo.githubusercontent.com | tcp |
| US | 185.199.108.133:443 | camo.githubusercontent.com | tcp |
| US | 185.199.108.133:443 | camo.githubusercontent.com | tcp |
| US | 185.199.108.133:443 | camo.githubusercontent.com | tcp |
| US | 185.199.108.133:443 | camo.githubusercontent.com | tcp |
| US | 185.199.108.133:443 | camo.githubusercontent.com | tcp |
| US | 185.199.108.133:443 | camo.githubusercontent.com | tcp |
| US | 185.199.108.133:443 | camo.githubusercontent.com | tcp |
| US | 185.199.108.133:443 | camo.githubusercontent.com | tcp |
| US | 185.199.108.133:443 | camo.githubusercontent.com | tcp |
| US | 185.199.108.133:443 | camo.githubusercontent.com | tcp |
| US | 185.199.108.133:443 | camo.githubusercontent.com | tcp |
| US | 185.199.108.133:443 | camo.githubusercontent.com | tcp |
| US | 185.199.108.133:443 | camo.githubusercontent.com | tcp |
| US | 185.199.108.133:443 | camo.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | crl.microsoft.com | udp |
| GB | 2.19.117.22:80 | crl.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
memory/2292-0-0x0000000000350000-0x0000000000360000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\CabD29B.tmp
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\TarD31C.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c5fcf669548f62901f77333f3c2cc7b0 |
| SHA1 | 6213823c214c44d863d15a8134c4b3e5f52dd2f7 |
| SHA256 | 7683b289dba068cbaf8da5d4727fa20b276851ffc228747e190cbc27dbd9c468 |
| SHA512 | 3a2c9a3627267bf05802ee6daf6260d8bba4c645e529d6753092a9d3e09100c5d3246ff025d8c63d8ae18d5f1525743d3a786a36529d65af85a9153ccccc2465 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a32dd2963cfd6a952990edab38b82c0d |
| SHA1 | 42d8bd00893218f1cf54796f67553dd04207234c |
| SHA256 | e363617cfa4ebcef65cd6e5415d27436b53c1e6088026bd3f1c562003de18689 |
| SHA512 | 87330ce4c9d591d17295ec85a53af9f59dae131a7db85c0b6c2aae8810a4f62afbd6f3bb1c1da2f5b9649cb64da0486b4b9f6ff0bd59f491d7d9ed1f102040c3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 91643bb1b7eaf5c68caf2559d636d1bc |
| SHA1 | 956e65d71392dff7408e687cbbb748bed694e4fe |
| SHA256 | 5751eb4255abd06c403190be778daa83cb7bca414acd060303f10f47bbe6f9bd |
| SHA512 | f893bbef411fec7dae7ccd664b618e9766aa6e010149d8cf80c9b9cf38b70fbf7b5576e264bdf2eb62dbbd8503a92866e72d3623ee94936efa7e00f37a81c338 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a230f14bb094eb31546c4d664cda6fc3 |
| SHA1 | 64a4606554d43c1a956285b95a9f44ad2297f490 |
| SHA256 | 07232e9a08329e3d3bd5045bc51b8b952c12ef49121547223929b9bdba0618c4 |
| SHA512 | fedef0ffde9cfc978807a6655b30ad66b6ac8c071d8979b4f81f3baa8dfaebcc39a73d714603acf6c1148804bf0dc95d9ab072dfc8bf44f8b85a241b9b707bf1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B2FAF7692FD9FFBD64EDE317E42334BA_D7393C8F62BDE4D4CB606228BC7A711E
| MD5 | 7194820cc46c7516fb0c7b7c4fb99060 |
| SHA1 | f5f7a0000ed9f8a3fbfb01f55f2cb080b14a13bd |
| SHA256 | c7498628b06e8b53daac1f2fcff44b618e596a8803318ddb8fd14ea7cb5befdb |
| SHA512 | 6908548f7038790c2d651e61a68918a99132d7946003f2a3947f50b247f580d8f3973f098ddd49ffaa6bd9ed67a2069bf82921f19d460b636aa640f2847990a3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\07CEF2F654E3ED6050FFC9B6EB844250_3431D4C539FB2CFCB781821E9902850D
| MD5 | 93847704ac7bc10b582febfee396a094 |
| SHA1 | 2347aff853144cfdf42b935243c538fe79c4b142 |
| SHA256 | 1fbbe28e10eefab3e7bdf78807f4c89e1db2dd2588cfd7f4eaa6c26ea10cfc63 |
| SHA512 | 7f852757796c411cf1c6dafe9b22d12795292ea33a4b1525801ef4c645a362598542a82ad9322a9e8cbed105003959ffbbd335dd57a82f616dd6ceb9b1253a04 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e95aef1ea0b7a94ccc3c4b55ab3f9340 |
| SHA1 | 7a4a6b3003a27239542aee591168d64ba98ad4ff |
| SHA256 | 35e1a461c4bf8a45178d3614713169fd26460f16f813061804af005615a45860 |
| SHA512 | ea1a6f16d7dcf6b202d74f8cbb4a9e6b6bc046f63cfa3c8d5473c3550bc1d0aef7868ee1c7962d045d9e3414e90103b9b7afaf3e712403e5396a2d5cac9353a1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c4da9901b61eaf4998216c70b26e80de |
| SHA1 | 0202ec39826deba9fa58820e60baeefa902a2616 |
| SHA256 | 712fcf006ec982a02ef1400f92be9b6af81a487ca45baa762bdc9eda1d65bc26 |
| SHA512 | 1eb6400662569cd0d837ce62e85f39ed73429469e7d754890ebd1d21fa3e4d4983069a549aa183178f369a59f5cfd685962e4c7d57cff7913080aaef3c8f79b5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 22a566e1b9d9f5f732004e2ca18b7726 |
| SHA1 | 8815a2294536df47b116f60db652130b4a9e5030 |
| SHA256 | 4e8f95b13f41d55180766ab85e4792e28b6360a959e61e34ca9adea38498e96a |
| SHA512 | 5fc8e90ef3e05b6084077c738aed4b58bd39d9befc033c95711bce367e5cc2249079c492e5b65c9895d158b42f59bf7f3158e0da0eec5b4a676a11b19380e9d4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d629a13eab7b0bb74a06c7d8f572635c |
| SHA1 | 345428e806ae72c50983c138bd5b2a0b4847409c |
| SHA256 | 2c5d4d13a82596c6d034eb23e72e36e46e55a00173c4fd79e4680477eeae2f04 |
| SHA512 | 2d0af60a47ef78896196b6835a3301bbb49ac3118f03c398a3ded577749e67840f039f617dcfebbe0e976c2e3498b77b58be8406f5e46787f818108efb28ff4c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | dda41c931165919445e8fef93e1abf32 |
| SHA1 | c273a9b3c8c8830eae7dfefb1d5a4429b0017a6a |
| SHA256 | e702e97c269055bc6f1b40679168a47c8f63f46f0bc1dc12c712d3d6f7d078df |
| SHA512 | be9361adb8f11c11cbc93c6d3a36bb085ecaa0fda0404fd4edae23b9a160f75936e73cabf63c513e760a8f2017102965ea185771897207597173bd2eb45f9fc7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7b1ef68ed075384a885c98663a1cc440 |
| SHA1 | 39cb5848a762e406fee4ec9b6d8391729f318ac7 |
| SHA256 | 41f86ad86e13fd1f6b61ea2cde8f768218433dd1fb675c8d7d74a49dd2c44f0e |
| SHA512 | e11f2a873ec80db9c14ad0d84808a107adb3a716cfaf71e66e1176221d9322160d18e4e2adaef8628d6337ea276ddf7287c721f49adb3c7d8431dc891045c879 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4255536a730ad15619222de219f00a3d |
| SHA1 | b2f3c2f9a8d9724f1ddd671e9f19b2549e0c80c2 |
| SHA256 | 9cb422e74eee25c777a7be74d43afe0391f7f2e29d4e3da026b532f23dade521 |
| SHA512 | 5acbfaaa594fabc45b16d2328c242d3ab440589593e0f283469decc4351318245e46ff30e5979740138b49534645b033672945860800f2233b4df4dd391b98e7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e76788b1cd0f2767c1b5896f493baa92 |
| SHA1 | e278176c338ff77e8a2aa084ee810e89990bc420 |
| SHA256 | 5f346cb4bb165b9b05d44fe219e12892eaf2733926c88d17fb55efe75a09e682 |
| SHA512 | 6966b5b14250dd449daddb6ce5d61fad6c5cc59a1206661e3bfcca154419859ad19370ddceef70f005518110502d053f4ed7ba5b67ff37bf33a28291d2efb236 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a16a8b33f9e1075114d6262aef9dcad5 |
| SHA1 | 064cbcde1d4d22587a58420c0c977dd97518dcf7 |
| SHA256 | b2eb1817a808850c8cb2f5f7927f9f144555433422f44f958701df9aebb7071e |
| SHA512 | 32639e67942c490875275cce09cf3003c951783fff78b1d0f2eaccb7a754d3f016551d79750f6dbec973ddb608815711d1f92ab4372799f9da9da2c418b236e6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ad06684d58fb045ea87ba5c48f182bf7 |
| SHA1 | 23ed71e1eb00246f41ee7dbd9ca82e9c6391e4a3 |
| SHA256 | ea6f2d9880afe218c782e412a8ba0c49487a3d449ea12bf68c63cdad2f92e1c5 |
| SHA512 | 9a77b8d76e068c6f07c665268a2f04199eb51a8c101c8fbed8e00a16c1f0ceffc98e356923d9c73825fff311e69d3049396e225c4ee2acef8b340ee0f82d7c77 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a97beaa1d45fc24613b8e05289974e81 |
| SHA1 | d7f65ccc35e4b2946cf53628a6c95669e3e0e4b7 |
| SHA256 | ae2aaa4bd7e2b3db879534a203bca7ac847a00565561291688942adbfa996991 |
| SHA512 | 3385a5d281d9049a50bfa9440c4676d5bae8321d38b6827e76134c41b2507d63e5f72e3ffb7ba100ec301b627e969eca17ac1de371038b7b5097bbf3670f5ae4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f595a040d3edff80dac5b1b9c89f0c35 |
| SHA1 | 038dac224eedd7bb17d8e7c87f2050333025d7bb |
| SHA256 | ecea86c8848a7fdafd65bbddb0fd19afcc7803dbb46e4946a6dbc0d2d7bf0b9a |
| SHA512 | 162fac623c79320ca44aac57b252fda33d7f25bd7fce7dd5cf32123df2e5dc008c4817184ac377048b33ebd6d6009d2eb570c4998c63b189abc11ac43e7fac67 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | aeb0eb79b159de7c0daee99a1e286026 |
| SHA1 | aa93f040c022fb9947065d257ee2ccf968f31715 |
| SHA256 | 174728e1d2446dd41b2e0e2094ed28258f3319cd5fcb830c700e9a11cabd6d92 |
| SHA512 | 46da33cc1bbfbd634e5ff3ee820e3f0c880157a5c61ae261e50ac9b0d9522a9e88f5208b44d86897af2654596207083099c3c63b9fae641cb5cc45d6f1d7b4ea |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9ea07d5db24f4daf32ef41622e90a438 |
| SHA1 | 228cf91e27e1ec235bcff42f8c87f40c323a8b83 |
| SHA256 | c8c54428cae238a9a509003e06c5584f668c11bcba890f15d41461f8f933f4b4 |
| SHA512 | c3f98040e59d9bccc6f3ddb16794f380a298f776722ecb1c6e80ed9d11dbf25b4c8156a713382c5385a84b6e611c93eeb7aa613663227d83598fe9aad1176e92 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7e4c09f2aec327a0ea29d76b6603dcca |
| SHA1 | 5ac0f25c914c4e7b4559d3d62db3aeb1b15c3ce9 |
| SHA256 | c3a30fbe8684d18ad9aae45fca82135644ce5a7f4fc61417126184ee0583fe99 |
| SHA512 | 9a5e90048f01c44093ed5f037797d55fd324ff3135b960e4b6b828f5b7c3f5b2518608e9446cb323c0d7d89c41979dcc818327f0dfbd62ffaa2af6f78bd8a4c3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3507d86fc740720c17d7d6f5d37a5fe6 |
| SHA1 | d12679810e825eb928c7f92e45dd251ae4b47056 |
| SHA256 | b9056a46971cf50a64133607a01b53c222e4269c6a94e6da681d04d0d9980d89 |
| SHA512 | fe476759d7fd53587af579a0acba8250f4ee9c269f469f979a7803537113b4e9421a861bcbac8289f6b8c1f63386ac4bd448921a2da0e3136641a888b566677e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ee36a2752c18cdcc2c2d77357887a36e |
| SHA1 | 56ce1e9efcf042dd6f8548fa6b10874f4b352c0f |
| SHA256 | 3e871f4a3517d8cd051c20add658a170c77dca014cceb0fae1a506b0fbbe6f3b |
| SHA512 | b76fe1200a61d5b05b687cf3ed97cfe5b5df4d3d552b37545b200a843f3aae0d4b7ed856140364a0807150ee3dcba3f3f902a01dc22af1ed22af3834bf3551ac |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f31a7d3657e226bf1939858d25f742f1 |
| SHA1 | 7786c2836d9671c9838cf1f292db5a7b3eff8fc4 |
| SHA256 | 8240093cae76bc9f01a8c17c9234c9ee89b66cc19a0cb0c617831099a9c93d77 |
| SHA512 | 26cf89f474f2d1a2ebd25b6fd06e42c15accb41630b2ec74415b848bff5e2b98a41df41ff984d2a8e967a20266b42762d58e43534f56634c7084be1068fc0616 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3362399994ea23f7834d646d097ba582 |
| SHA1 | 7e692f15ba745c7ac843cd97c8c5a253a5c99472 |
| SHA256 | b2d27606f298d34c3a3e656e60c283ee39e15c3e5a6870deb796c2fbb09e72ce |
| SHA512 | 892e27b790dafd7c0b3a7c826029eb017a0f0a2ed2eb22fbb51cb3e0df87559ed3fd1229af7f3bf26911be6048cc60137e4ee60d5bdbc5c6d564ec476fd3e2d6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f8ec2c7efb5081e4f3ec8790bbe551e9 |
| SHA1 | 89a6fb65f0bfe286270a2ef403a6ebfbc4c9f2f8 |
| SHA256 | fc6ce459c16f2500ab9d4fe86058959e1ccf2c1aef7bd5d02804c95fc0db0c90 |
| SHA512 | 44bcfe4b02f76f741b95d95a69fe0de7138b0fa3ebb6df77460f71522c65885b746b324de421db0ede07f0522cfcc91aa44d56215dd317a279adcf002bd83882 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5f700b239878e4232d5399f6a82158d7 |
| SHA1 | 8464a631a4459e56fdebf7a3245c1ec81d1e14f2 |
| SHA256 | b4dc02d695f0b47160df0a719e5e1b533bf279daf0cf3cc95bff65629847ea58 |
| SHA512 | 9069eb47f0db2b704d24643a6fd97b1ee4bd4449dd406643eb32b86e60cc83e4b35cf1c2a9350e04c55a96fbdfbaba88509791a0bb2f2f0c4b58527571636525 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3d35ab87e3704896f6129d05bfa9acb4 |
| SHA1 | 52c67f856dda9ed955482e11c4c8ee9df4fa3913 |
| SHA256 | ac262d347fe347ed445875a34cef5c48d065f4b6caf9acf6b72bc2aa3d5f1672 |
| SHA512 | 4abeddd1b134ff0730f07192b9e1d704621e9c6e7c82838af3d3667778ba15060ed2fe58787413896b911adb393ca98fd8cd0e31ae42c098b9becb72cc338de9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | eaab3899a75a1129bcbb0e60f5b00f84 |
| SHA1 | 3609fe4c564a2bb7a64ffa9620481a066a9fcb5e |
| SHA256 | a483249e6e185d2cdab131ccc461ee0ce85ac34725f190446712c58939c8880f |
| SHA512 | cca068628d1b8770181903aeb9a13036428a1ff58276a66d1e4179eb83c267db7f0dc55d704d715b5a20c5f631b53bb9db1d5e97aa704abb0abcb1445628071e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | add1cc8e19a4d03b2e16c1daf4f2b149 |
| SHA1 | cb32f6715cf171d048ab15f16d357bd641822baa |
| SHA256 | acbd787435ce7b5e73dd9a1698bde598dd24afd23e5d4ae727a52c4018555d69 |
| SHA512 | ffe6c6f99a0604fa29fdc3c8650046b19e314973047f85c66273e241e2794417aafb882b20f315af55b39b8300c35354dddbed9c2b10f3e58f09b4984e3fc258 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 611e8eaf3fa5828651fe49d023d8cb05 |
| SHA1 | e49615ab7e29247d14a3ca21ed1ea81d2f85afaa |
| SHA256 | 37568e2f957a58fd07e68c5508b3fa6610c34f2d9f7ec67ac8643992c99d82e6 |
| SHA512 | f3f9032c9540e25dcdd9925886e09a6d3a316e625728df61b87d028370a7b036fba401f31a1e1e526a0e92b5acea971c352804d57b60a739c9bde0a7f0a57181 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8452S9S3\favicon[1].png
| MD5 | 346e09471362f2907510a31812129cd2 |
| SHA1 | 323b99430dd424604ae57a19a91f25376e209759 |
| SHA256 | 74cf90ac2fe6624ab1056cacea11cf7ed4f8bef54bbb0e869638013bba45bc08 |
| SHA512 | a62b0fcc02e671d6037725cf67935f8ca1c875f764ce39fed267420935c0b7bad69ab50d3f9f8c628e9b3cff439885ee416989e31ceaa5d32ae596dd7e5fedbd |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\gsz3hkd\imagestore.dat
| MD5 | fee1c32be501ed5851acf14fb4084894 |
| SHA1 | b1f7b9f1d47d703f584e4b2450fc52cc1827486b |
| SHA256 | 31c2b029088b3a0f9b0630bfcbab0dfd5637ded0c3163180b9b29320ef523c8e |
| SHA512 | 5cfb461b6877f428917195313ff9f1a4317467ae71e20828eab4ab13e67b40e12d32b2ca6facca53d73eca4419b0322727d59bc48899acc2b8a95bed76a249eb |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2275a75218c083b612abedfd791c9adc |
| SHA1 | c4e575870735ad59aeef5c758c1e363500ce5ed7 |
| SHA256 | 1b67d5e012f45e5e3c48ee7c05dbec77fdfd8b269b3498be5051e8993433d618 |
| SHA512 | cc1b3ddda97dcd391af9b87b0a071456c95b2adb05ba89d80f9a7b1160670df9c9e7dabbfb2b94cb2cd426a8f84ce2e1da1b61955e7cc743e1c7bbe07429583d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2745e78bc34dc0ff8bfd970c747f4502 |
| SHA1 | 0cb8ddb3e9794c30431dc9b329b3ad354d25e72b |
| SHA256 | d8bba22c19c3b23e894660e8bce3abcd6feb9b2b05d6fdda34d1f4ed7b637b2a |
| SHA512 | 71323aa295e8ea38b30231102627d5d8cb6a30ecdded831b7ea6c43f664a29c586ec4b53efbdd25ff6f7bb279f72057adf84d1ad2ef96749ac42c27945ac208f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7fd4889bfc48a46b6a560f6394aa3077 |
| SHA1 | 86e0b5f84fe22f80c025063ac21bd0015e9ed769 |
| SHA256 | 98bff66a2e81bbd0ffb148ba2075f7bf654ab75cd102adaf25c9078350a15153 |
| SHA512 | 26153f867719c081105df92dbc4005c80725fc4b3525f0d75cf2c378e12d8a3427ac7b60f425cbe364d8b0fdbc89586982c3c35a7f7bfe4cf7677024f29a28d5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 25f0ff364c71b20e4e03061576779800 |
| SHA1 | 12fe49cb519db0bb00fbb02472b748c59c333cb5 |
| SHA256 | 719081d3260147ae8866b471ac9755a397a9ad41dbaa60d1998047cd6e730664 |
| SHA512 | f8b02f076ce620b59b51f7682cac1f79024408a2dbf1d9211664db927e68c13278148b5e3909d316e8375fac7648ed55faa954ecf25288a63aa7b99c79a4c5b8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a6466f4f31943a21bfcd555178681e07 |
| SHA1 | b587f40f6a9d07576c5f6556626630b888aa9518 |
| SHA256 | ec5ad47bbf92a23d1b83191e69367a600401e15f62041e79f0db8b013d49bbb5 |
| SHA512 | f0c18b528e650654dc4091ce528e9f662523ea7b4501ba7a89adbe15152b50aad90f0a224d4f7e1b749bd3d8b3be93f41787a660ce4cd38c99ccfc8315a75d06 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 04c2856e512d16beb83c92d5bc0cbc62 |
| SHA1 | 134378249241e9db0cd3419c6aae1389e576f7dd |
| SHA256 | d37a4c16c5c710e22ead0c3e01603bccada2300b6a3c2a3334e09c53f83902c6 |
| SHA512 | 69a28a7df63783a277f41297b4a9fbccec52a7f9b9846c77cea5ff6b9101bba7e78701d2447cec497502b5f7014ce38185b01a99ec9b75c72f0b7782d860d4de |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ebe6bbbda7ac004431501bcd8a474739 |
| SHA1 | 72c8a3068f6bbe26f35a55ddb38b9c0b8853456a |
| SHA256 | bdab39be6556cba6a931d6b690795f50fb50940ed62f48158fd5b94f0ccfeae6 |
| SHA512 | 89fa330e5e7beca3fa743d401ecfd4399dc44dc7e008e22ab14dae934c37c647e87180688c556c5ea408c3691e0f094f2dcf470ff33ec3f59bf7e263d3501838 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4c7cc42e9fc66d6d4436e4ddb5050a5e |
| SHA1 | 55a24405db947a663eed2cbffe34e991a43db4b5 |
| SHA256 | 3296542a7ba6ef0d003b10f862077096af796fd5f537585b300cec5a6baf84b5 |
| SHA512 | 05d4ff79cdc6cac13180c6cb655a828918e38157ec29ac83311ce53ffceacb701ae9ca89fa8f627d9a09d4f71a4cd3da648062c77ac0027e996928eb9e015b2e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2b1ae41bf33fabc483f0b3c79c8567bd |
| SHA1 | cb6f1e73af49a42c3c216640fa66a291777e4bee |
| SHA256 | 0de6fab0f9e2468ca5d13aca7e8a0a68c78cc47fea054e9535327f804182f84a |
| SHA512 | 64e0076f69e237d5d812a25416cfea6e0b80b786fd91a111197e797cf7963c01c2fe6201330c8ab7ffcc342b12d80dd86d9fe69c5a7ff867d1dd70a5d60108ed |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1a2ba0dee4537183d051dfea59b52c96 |
| SHA1 | 02689cd902ecad34b5b9d4aa7599b6ad8bb1e32c |
| SHA256 | 3c9ab59585f0a744afc8eb02c5d8751527870449b98641341d73ab3de00e5de0 |
| SHA512 | b832d2659acae0c31c1470dd5da58f68e810da98eb76f4741192eb055399b878a42eff5cfcc7f50344794c94621c4c2a36a3eb8e16f0361ab4e62fb6acf25b3b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | af2d213b7d5901c8cef08037ae6a52df |
| SHA1 | 910b3a69c5517e11342f34e187359df5ec0a4dd5 |
| SHA256 | d52c0d4778d8fb3caefecdd98ff33fb51dae73cb1280be6e5a687479b734ce1e |
| SHA512 | b4d20b10718df1814d626bb74e0cfd9fb588babf3e78a56415a86884d3c27fc81fbf4f631f6141e2b2ab59086c03395b311c1c2ffe844ca47e45827d0338965c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e52a3132a55cf7b82ba983ed5ea1d073 |
| SHA1 | 56a6f52eab0ee13620bca23aaaf4c51a4364422f |
| SHA256 | d8c90531ca7cd848fa2a22abdcf40384ccfcdea07a5c79119963bb534bd4e87d |
| SHA512 | 603244cc9e735471899839a8c8fca23cabe6752f472d5fcbaa4a446bb19cd2079a910970834ec18170625a6036dd19c42cb27162287b0ed31a4732d13691ef01 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f86967309e59c3e43497ef0f686a0fb8 |
| SHA1 | 740fafb1d6f4b29bc57c9da06fe8e3312b596245 |
| SHA256 | 7cb7fccffd4945852cbd22c8cb088df7d3c267b8a467055b3e8130b7b6ae9272 |
| SHA512 | d4618af436aaae4bc0382b087f4766e54a655b2f81aa0ba0573173f575838408ec1143c448d76e80da8df782e511aa049aed7d89fde2689edcc7394f0572e540 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 33b5d94e80281454e490638fd9348296 |
| SHA1 | 2c330a36776acd4e87553676acb7daa4ff9b7c64 |
| SHA256 | aef76fb2f22a83435c1d8d3e84f2ab6a39e44407a5b25ab04916e63b42708b2e |
| SHA512 | 10985e5cdf1b6d8548ab005d8ccd2c1df99d1e3093d9b1ede9a370b3cbf9363bc0d2000142b6cc0338fc773f0d7be979da3ee462d778baa0a3c403f78589b71f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | a266bb7dcc38a562631361bbf61dd11b |
| SHA1 | 3b1efd3a66ea28b16697394703a72ca340a05bd5 |
| SHA256 | df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e |
| SHA512 | 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0fc9579e3256742c328d390a55b0b2b2 |
| SHA1 | 5d1ed29915fffb076d442f70dc26859b3cee0748 |
| SHA256 | 5b8ed64d996e30ead38beb51cceb8dccaf6a25627296666a99f07508a0ded639 |
| SHA512 | 1387afe980f56971658ff07c6daeb1959ac16184b2e8d22f1c555484e8261a48f768877807b8301e7a0417d49e9a3ffb4064f5ef88e3f83d5797cb43c86f0a00 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | 6d7de3b97aecfbba1695c84d16b4c487 |
| SHA1 | 3d378dffc5b014e9872fdf1162103b6b01585aee |
| SHA256 | ba75ead57a180b8a39b1602a4150677fbacec72a509c391a104704dd80be0af4 |
| SHA512 | 1938d4b7cfe15fddcdb8beac30942431ed626521d7bee9b8d84ee038703f11c0da4b9c19a0d580c0fff3127dab8b1c94d4e8208f9dcf33351f6327922859688d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 10228dfb01e61ed09fad451a67806aca |
| SHA1 | 3335a69c5dfba9d25a1724e583aa3b8f87224a24 |
| SHA256 | 33360f885aab664a4df3f6d2339d889963437a6c99717c85200dc477b35390cb |
| SHA512 | 4ab7e8eecb1163dfa03a90efada79b5fd20e201efd16a7ef86e678d570a45fd510258488e7ce42f353d74044852f6222713e3d236716727cef5fc8f5edb52d30 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7c78c9f82715d368f162fbd4e062999c |
| SHA1 | 975e600dc62fcc191b3089fe7e5dd43c3e709022 |
| SHA256 | 2ae03ab04c2174bd5045b1831b0ecb492c67564de1897adda68d6b94aee9a6c6 |
| SHA512 | a489e0690af2d4c75dc24277d4c0ab455076fe3e3f4d30375faadb0bacb97df868559f114a7f100975a771f969d981d8e39b19221689de1b2a641a7a60a72845 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 332e6289c45e13aa2b22afb78ace550a |
| SHA1 | 41cfb5ee33b114fab793bd985257457a8972e6ad |
| SHA256 | ab3df3c4b5d07f513a45ac89d0ad8fbe9986ba0976ad6d5a7164d528ae682645 |
| SHA512 | 6643a79a234653f6df78840d79c83f32baa90d5eea7a5204f3f38c049996c87a57888bb8cc083946e0b46c8e525b339e3ece338af4fa4ac4aec7f4dfae53e019 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6a5bee9e7b62d7db6e22a5ea2ebe7601 |
| SHA1 | 25553798dc22fa8ea1105462906f8fa263707937 |
| SHA256 | a489377b11db4f1c1542e1f464d63fd57f2817e76ceb40595009d22afd492348 |
| SHA512 | 2aadcc2af125d6f38cd0d8f1ce422a3d8e845b717b8c1e1b560b244fb87cce53df72f08e8a13939aaaad8e2e253a96406bb2b186dd02a94fd5a041ec457a425c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | e4a68ac854ac5242460afd72481b2a44 |
| SHA1 | df3c24f9bfd666761b268073fe06d1cc8d4f82a4 |
| SHA256 | cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f |
| SHA512 | 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 997822e3e7688cdd9587d526b8d6d6cb |
| SHA1 | 61cba8f0f668af9f529c2f486fbfa636e9327506 |
| SHA256 | 0a953f5669a5195793ddb9cf03375a875e9b85cc8109ad4df3c4de090bf28e32 |
| SHA512 | f5815f325a75931c88c3d4bae47216e177b30be983a08458eb6b6ae5a36682e98e5fa8d6249227df5140dae2cf6b8826279d252e3bd9f2c37e5f4ae2ccc3b27e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | 054004d4351530f78453bf29cc22f08b |
| SHA1 | 5e4f0284f6cd7367660f50fe429868ae0b933ec5 |
| SHA256 | 923997f66e3d58aa3498b47386ddc349fbd29bddafccc53578c199f1907f968e |
| SHA512 | 0e38fe3bcd32bd5e0efc47e4879449c63f2bd386d5ecdaa00840bc23392b3d99682e3abb5c1de778c1e42f598f66163aa77815e7b878a64b131bc069246e6d31 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0daceb5c2212a5e7493f6e79214061cc |
| SHA1 | ea380a1695148801e25398f7238a5c3faf1e1f8b |
| SHA256 | fe507c0083a9a5fd8fbb90d395c9a15fff658fe88eaf5e6304a4c4881b7e516f |
| SHA512 | 0e4a9d1acc8411033910dc5c2792d62f6e79fea193049ae52aac770c3527e4ce20b276890d4be161baf78d267050a02ff8c2a89f362acaf19764b4024c794472 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 35d888ab3f3bfc9ebbe2e6d2f91cbac7 |
| SHA1 | cf068caf9fbd1f68c693c7ddf07725ef7fe88717 |
| SHA256 | e056fcfbc15404b89140346be926947479e5468f08acfb62af76e63097c8be9b |
| SHA512 | 09fa881ea73efddd732a42e8928417dbdebb3f1eb448b226d3a15172737c74788e63a0aab9f52eee2c8bdf880b62c1bab5ccd370e1b20dac323a08b24765341e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | dfaad36247e52e2ba29002e3f1e8e0a1 |
| SHA1 | b2f0728b017a62a06f55b28c82eea10228873055 |
| SHA256 | c3da855b1848f23bd94346cd847ce2791f5327eb6b4f755244d83b3d367122df |
| SHA512 | d19039bcab9ba9a6a468a0dc9432d6d14e25f99aee56cc73ba0bd50027ff944247ce6008cf0f6d78fa83c5d4627b6747f8b5b8bab397e839c8bfb62e49d4e054 |
Analysis: behavioral8
Detonation Overview
Submitted
2024-11-07 21:32
Reported
2024-11-07 21:35
Platform
win10v2004-20241007-en
Max time kernel
148s
Max time network
150s
Command Line
Signatures
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\$PROGRAMFILES\Dokan\DokanLibrary\dokanctl.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\$PROGRAMFILES\Dokan\DokanLibrary\dokanctl.exe
"C:\Users\Admin\AppData\Local\Temp\$PROGRAMFILES\Dokan\DokanLibrary\dokanctl.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 77.190.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 196.249.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 22.160.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.86.106.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 53.210.109.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.31.95.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 69.190.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 79.190.18.2.in-addr.arpa | udp |
Files
Analysis: behavioral18
Detonation Overview
Submitted
2024-11-07 21:32
Reported
2024-11-07 21:35
Platform
win10v2004-20241007-en
Max time kernel
145s
Max time network
141s
Command Line
Signatures
Legitimate hosting services abused for malware hosting/C2
| Description | Indicator | Process | Target |
| N/A | camo.githubusercontent.com | N/A | N/A |
| N/A | camo.githubusercontent.com | N/A | N/A |
| N/A | camo.githubusercontent.com | N/A | N/A |
| N/A | camo.githubusercontent.com | N/A | N/A |
| N/A | camo.githubusercontent.com | N/A | N/A |
| N/A | camo.githubusercontent.com | N/A | N/A |
| N/A | camo.githubusercontent.com | N/A | N/A |
Browser Information Discovery
Enumerates physical storage devices
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Windows\System32\rundll32.exe
"C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL C:\Users\Admin\AppData\Local\Temp\$PROGRAMFILES64\Dokan\DokanLibrary\README.url
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://github.com/dokan-dev/dokany/blob/master/README.md
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff8f76146f8,0x7ff8f7614708,0x7ff8f7614718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2008,10759098031813185326,16011515183545476662,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2024 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2008,10759098031813185326,16011515183545476662,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2124 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2008,10759098031813185326,16011515183545476662,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2580 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,10759098031813185326,16011515183545476662,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3352 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,10759098031813185326,16011515183545476662,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3372 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2008,10759098031813185326,16011515183545476662,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5532 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2008,10759098031813185326,16011515183545476662,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5532 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,10759098031813185326,16011515183545476662,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5200 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,10759098031813185326,16011515183545476662,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3988 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,10759098031813185326,16011515183545476662,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5572 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,10759098031813185326,16011515183545476662,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5688 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2008,10759098031813185326,16011515183545476662,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3120 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 232.168.11.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 79.190.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | github.com | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 8.8.8.8:53 | 215.156.26.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 134.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | avatars.githubusercontent.com | udp |
| US | 8.8.8.8:53 | github.githubassets.com | udp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.133:443 | avatars.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | github-cloud.s3.amazonaws.com | udp |
| US | 8.8.8.8:53 | user-images.githubusercontent.com | udp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 8.8.8.8:53 | camo.githubusercontent.com | udp |
| US | 185.199.110.133:443 | camo.githubusercontent.com | tcp |
| US | 185.199.110.133:443 | camo.githubusercontent.com | tcp |
| US | 185.199.110.133:443 | camo.githubusercontent.com | tcp |
| US | 185.199.110.133:443 | camo.githubusercontent.com | tcp |
| US | 185.199.110.133:443 | camo.githubusercontent.com | tcp |
| US | 185.199.110.133:443 | camo.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | 154.108.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.108.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.110.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | collector.github.com | udp |
| US | 140.82.113.22:443 | collector.github.com | tcp |
| US | 8.8.8.8:53 | 22.113.82.140.in-addr.arpa | udp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 8.8.8.8:53 | api.github.com | udp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| US | 8.8.8.8:53 | 210.156.26.20.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 241.150.49.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 200.163.202.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 69.190.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 19.229.111.52.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | d22073dea53e79d9b824f27ac5e9813e |
| SHA1 | 6d8a7281241248431a1571e6ddc55798b01fa961 |
| SHA256 | 86713962c3bb287964678b148ee08ea83fb83483dff8be91c8a6085ca560b2a6 |
| SHA512 | 97152091ee24b6e713b8ec8123cb62511f8a7e8a6c6c3f2f6727d0a60497be28814613b476009b853575d4931e5df950e28a41afbf6707cb672206f1219c4413 |
\??\pipe\LOCAL\crashpad_808_RTSAKVMOKSDANTXF
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | bffcefacce25cd03f3d5c9446ddb903d |
| SHA1 | 8923f84aa86db316d2f5c122fe3874bbe26f3bab |
| SHA256 | 23e7cbbf64c81122c3cb30a0933c10a320e254447771737a326ce37a0694d405 |
| SHA512 | 761dae5315b35ec0b2fe68019881397f5d2eadba3963aba79a89f8953a0cd705012d7faf3a204a5f36008926b9f614980e333351596b06ce7058d744345ce2e7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | bd8c8e79cc5c6cd1bd39c0cb23547fa0 |
| SHA1 | 43100cb68176c608a45bf4f7935290201f8bb31a |
| SHA256 | a088282ae875ceb234da04b8cc8d8d852f04be1e25cd8002222708890c24bd96 |
| SHA512 | 48d30b8bd7c13a6a9227fd6dfb4c4932545d6f571eed9099e87ce671358bbb16817215d18051ee8f7210116de468b91d298a11e96b61a466ed04f2489ed2518b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 206702161f94c5cd39fadd03f4014d98 |
| SHA1 | bd8bfc144fb5326d21bd1531523d9fb50e1b600a |
| SHA256 | 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167 |
| SHA512 | 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | df3588c4a0fb9a7c86f178559a5abaea |
| SHA1 | 55339328eeb48f39c67e83efb0e9b3c951ca5dfa |
| SHA256 | 2c6d11b17da9f57595aa13c9307f7acf5aeb0defed9d559743787a36ef971157 |
| SHA512 | 37b42b7d0a19d133d038097df0f18ae55afa786875457f2dfddb77c6a5b75646e1eb12650a5f75257cf467e90f6d28295b0970205b557a8dda566fe77953267b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 6fe7ec2b798cea1c17f40aa6ba116fa7 |
| SHA1 | 04ad3067d9947fde3d50d84676e0d3c0a8466a96 |
| SHA256 | c72da040ddf172bc5f34fcdd8165608ffbe20291323d08b9fbf6ce09c087fd1a |
| SHA512 | 76371fb63c7cad08e60d5bd269b6389a296b27a8679061efe9c20619177a8bf0429d94ee5fa0669bae4216c11607becfb20653e68c932b8879d854e55ce8f710 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 807419ca9a4734feaf8d8563a003b048 |
| SHA1 | a723c7d60a65886ffa068711f1e900ccc85922a6 |
| SHA256 | aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631 |
| SHA512 | f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 4f19b1928e6059cefc83519bc42b9d66 |
| SHA1 | 48bbfb6bf98878c466dee7470e2f9b70519ce878 |
| SHA256 | a62b27e2757231c88933c0254a2923cd4b6130216012b4e135f0025d6589eb62 |
| SHA512 | 943edab6d717ed83822e9b8e78e4e19b5ee290757b3228dc9cc901b08c67285db57709fc5d4fa562707ae1fb61196dbd413fbb9cf7479d59b4e1c514617d277d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 7c28ef72e422066d48d2dc53cee8c260 |
| SHA1 | de61e0b5f65ae0ef408f892f63474543b989d921 |
| SHA256 | 053a98ef15b90e0be5238bed3646feb37cbdbda2e3e65bed88effcb9d360721c |
| SHA512 | 79b76413758b2eb5dbdade384fd39d7f69ad0dfd3a41e797674efa4783d785663a2f4bf3bbcbdf0529623251f193ac8b9ee469f15620058eb0a39186e1b88c62 |
Analysis: behavioral9
Detonation Overview
Submitted
2024-11-07 21:32
Reported
2024-11-07 21:35
Platform
win7-20240903-en
Max time kernel
122s
Max time network
124s
Command Line
Signatures
Command and Scripting Interpreter: JavaScript
Processes
C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\$PROGRAMFILES\Dokan\DokanLibrary\include\fuse\ScopeGuard.js
Network
Files
Analysis: behavioral13
Detonation Overview
Submitted
2024-11-07 21:32
Reported
2024-11-07 21:35
Platform
win7-20240903-en
Max time kernel
118s
Max time network
119s
Command Line
Signatures
Processes
C:\Users\Admin\AppData\Local\Temp\$PROGRAMFILES\Dokan\DokanLibrary\mounter.exe
"C:\Users\Admin\AppData\Local\Temp\$PROGRAMFILES\Dokan\DokanLibrary\mounter.exe"
Network
Files
Analysis: behavioral23
Detonation Overview
Submitted
2024-11-07 21:32
Reported
2024-11-07 21:35
Platform
win7-20240729-en
Max time kernel
120s
Max time network
122s
Command Line
Signatures
Processes
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\$PROGRAMFILES64\Dokan\DokanLibrary\include\fuse\fuse_opt.vbs"
Network
Files
Analysis: behavioral3
Detonation Overview
Submitted
2024-11-07 21:32
Reported
2024-11-07 21:35
Platform
win7-20240903-en
Max time kernel
122s
Max time network
123s
Command Line
Signatures
Program crash
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Windows\SysWOW64\rundll32.exe |
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\rundll32.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\System.dll,#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\System.dll,#1
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3008 -s 224
Network
Files
Analysis: behavioral4
Detonation Overview
Submitted
2024-11-07 21:32
Reported
2024-11-07 21:35
Platform
win10v2004-20241007-en
Max time kernel
93s
Max time network
149s
Command Line
Signatures
Program crash
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Windows\SysWOW64\rundll32.exe |
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\rundll32.exe | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 1112 wrote to memory of 2176 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
| PID 1112 wrote to memory of 2176 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
| PID 1112 wrote to memory of 2176 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\System.dll,#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\System.dll,#1
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 2176 -ip 2176
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2176 -s 620
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 196.249.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 79.190.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 73.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.23.12.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.31.95.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 73.190.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 77.190.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 48.229.111.52.in-addr.arpa | udp |
Files
Analysis: behavioral16
Detonation Overview
Submitted
2024-11-07 21:32
Reported
2024-11-07 21:35
Platform
win10v2004-20241007-en
Max time kernel
150s
Max time network
151s
Command Line
Signatures
Browser Information Discovery
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\$PROGRAMFILES\Dokan\DokanLibrary\sample\mirror\mirror.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133754888873669940" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\$PROGRAMFILES\Dokan\DokanLibrary\sample\mirror\mirror.exe
"C:\Users\Admin\AppData\Local\Temp\$PROGRAMFILES\Dokan\DokanLibrary\sample\mirror\mirror.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffeaae3cc40,0x7ffeaae3cc4c,0x7ffeaae3cc58
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1836,i,18070705579693006872,14751315974878417339,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1832 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2192,i,18070705579693006872,14751315974878417339,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2396 /prefetch:3
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2220,i,18070705579693006872,14751315974878417339,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2424 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3156,i,18070705579693006872,14751315974878417339,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3176 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3300,i,18070705579693006872,14751315974878417339,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3312 /prefetch:1
C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3704,i,18070705579693006872,14751315974878417339,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4584 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4592,i,18070705579693006872,14751315974878417339,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4728 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4612,i,18070705579693006872,14751315974878417339,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4700 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4388,i,18070705579693006872,14751315974878417339,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4536 /prefetch:8
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5104,i,18070705579693006872,14751315974878417339,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4736 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=5168,i,18070705579693006872,14751315974878417339,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5236 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4916,i,18070705579693006872,14751315974878417339,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4536 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5160,i,18070705579693006872,14751315974878417339,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5344 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5204,i,18070705579693006872,14751315974878417339,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5476 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5464,i,18070705579693006872,14751315974878417339,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5452 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=5556,i,18070705579693006872,14751315974878417339,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5460 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 77.190.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.86.106.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 20.160.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 232.168.11.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 53.210.109.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.42.69.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 73.190.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.214.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | 3.180.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 228.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 227.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | clients2.google.com | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | ogads-pa.googleapis.com | udp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| GB | 216.58.204.74:443 | ogads-pa.googleapis.com | tcp |
| GB | 216.58.201.110:443 | apis.google.com | tcp |
| GB | 142.250.178.14:443 | clients2.google.com | tcp |
| GB | 216.58.204.74:443 | ogads-pa.googleapis.com | udp |
| US | 8.8.8.8:53 | clients2.googleusercontent.com | udp |
| US | 8.8.8.8:53 | 110.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 74.204.58.216.in-addr.arpa | udp |
| GB | 216.58.213.1:443 | clients2.googleusercontent.com | tcp |
| US | 8.8.8.8:53 | play.google.com | udp |
| GB | 142.250.200.14:443 | play.google.com | tcp |
| GB | 216.58.213.1:443 | clients2.googleusercontent.com | tcp |
| US | 8.8.8.8:53 | 14.200.250.142.in-addr.arpa | udp |
| GB | 142.250.179.228:443 | www.google.com | udp |
| US | 8.8.8.8:53 | content-autofill.googleapis.com | udp |
| GB | 142.250.179.234:443 | content-autofill.googleapis.com | tcp |
| US | 8.8.8.8:53 | 1.213.58.216.in-addr.arpa | udp |
| GB | 142.250.179.234:443 | content-autofill.googleapis.com | tcp |
| US | 8.8.8.8:53 | 234.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 35.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | dns-tunnel-check.googlezip.net | udp |
| US | 8.8.8.8:53 | tunnel.googlezip.net | udp |
| US | 8.8.8.8:53 | ogads-pa.googleapis.com | udp |
| US | 216.239.34.157:443 | tunnel.googlezip.net | tcp |
| GB | 172.217.169.74:443 | ogads-pa.googleapis.com | udp |
| US | 216.239.34.157:443 | tunnel.googlezip.net | tcp |
| US | 8.8.8.8:53 | 226.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 157.34.239.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 74.169.217.172.in-addr.arpa | udp |
| GB | 142.250.200.14:443 | play.google.com | tcp |
| US | 8.8.8.8:53 | consent.google.com | udp |
| GB | 172.217.16.238:443 | consent.google.com | tcp |
Files
\??\pipe\crashpad_4216_WXPYGKLHFWDYVHWZ
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
| MD5 | d751713988987e9331980363e24189ce |
| SHA1 | 97d170e1550eee4afc0af065b78cda302a97674c |
| SHA256 | 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945 |
| SHA512 | b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState
| MD5 | 13410596120b90a034d38d535ec0aba2 |
| SHA1 | 641e2f49456046a68556de1bec3ffd5d49484657 |
| SHA256 | feb81cf0841a53db18bd45bcfbf2bfc01c635a1cca218e7c5dc5bae3e16065e3 |
| SHA512 | 7227f667dff9990b402f79fcc4d35a847cf4a69d5c3ee286d5dd2855164800d933917499c57864417af26e0674e6e98a59fe059fbed39cc49cba368f34f3d37f |
C:\Users\Admin\AppData\Local\Temp\scoped_dir4216_816449490\4707dd69-375f-4b39-b282-bc2b2d5d7d85.tmp
| MD5 | da75bb05d10acc967eecaac040d3d733 |
| SHA1 | 95c08e067df713af8992db113f7e9aec84f17181 |
| SHA256 | 33ae9b8f06dc777bb1a65a6ba6c3f2a01b25cd1afc291426b46d1df27ea6e7e2 |
| SHA512 | 56533de53872f023809a20d1ea8532cdc2260d40b05c5a7012c8e61576ff092f006a197f759c92c6b8c429eeec4bb542073b491ddcfd5b22cd4ecbe1a8a7c6ef |
C:\Users\Admin\AppData\Local\Temp\scoped_dir4216_816449490\CRX_INSTALL\_locales\en_CA\messages.json
| MD5 | 558659936250e03cc14b60ebf648aa09 |
| SHA1 | 32f1ce0361bbfdff11e2ffd53d3ae88a8b81a825 |
| SHA256 | 2445cad863be47bb1c15b57a4960b7b0d01864e63cdfde6395f3b2689dc1444b |
| SHA512 | 1632f5a3cd71887774bf3cb8a4d8b787ea6278271657b0f1d113dbe1a7fd42c4daa717cc449f157ce8972037572b882dc946a7dc2c0e549d71982dcdee89f727 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.83.1_0\dasherSettingSchema.json
| MD5 | 4ec1df2da46182103d2ffc3b92d20ca5 |
| SHA1 | fb9d1ba3710cf31a87165317c6edc110e98994ce |
| SHA256 | 6c69ce0fe6fab14f1990a320d704fee362c175c00eb6c9224aa6f41108918ca6 |
| SHA512 | 939d81e6a82b10ff73a35c931052d8d53d42d915e526665079eeb4820df4d70f1c6aebab70b59519a0014a48514833fefd687d5a3ed1b06482223a168292105d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.83.1_0\_locales\en_CA\messages.json
| MD5 | 07ffbe5f24ca348723ff8c6c488abfb8 |
| SHA1 | 6dc2851e39b2ee38f88cf5c35a90171dbea5b690 |
| SHA256 | 6895648577286002f1dc9c3366f558484eb7020d52bbf64a296406e61d09599c |
| SHA512 | 7ed2c8db851a84f614d5daf1d5fe633bd70301fd7ff8a6723430f05f642ceb3b1ad0a40de65b224661c782ffcec69d996ebe3e5bb6b2f478181e9a07d8cd41f6 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | b1e3de3a9f3b8cb2ca36c56a84d483cb |
| SHA1 | 9f09141941b3cc015c9039dccf42763dff85d446 |
| SHA256 | 0f6e9176f2cb73094766b57e4fa188920cf66294f6a80ec7ab4c9dfd288171ca |
| SHA512 | dddf75e4fea1d0965a2817f632032ac8c3122c4e7bdbfc77d59a2f254569548735fb27d7655b220ad7028814f2ef62ad4853988bc0a2503a63789b5afa4e9b06 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 90509acab01a211a2077f8f86fce6bbe |
| SHA1 | f8bbabb0efca4f08dfb11393d45dce68b7fce194 |
| SHA256 | c7ce7f9aa8c5b04469bba82235061d64169e9c1589ada2f00fdc34cb0f473067 |
| SHA512 | cdf104615ff81c557e6d9ca3013f70350929c1bda5089f6da95a31a6bbc7361807af6d95452c5fdcb5158e84b84aeafe29140d3fb163e9d41c71df2d4c030644 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000008
| MD5 | e579aca9a74ae76669750d8879e16bf3 |
| SHA1 | 0b8f462b46ec2b2dbaa728bea79d611411bae752 |
| SHA256 | 6e51c7866705bf0098febfaf05cf4652f96e69ac806c837bfb1199b6e21e6aaf |
| SHA512 | df22f1dff74631bc14433499d1f61609de71e425410067fd08ec193d100b70d98672228906081c309a06bcba03c097ace885240a3ce71e0da4fdb8a022fc9640 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 035a4b79d3efed97f6e08e7816c238bb |
| SHA1 | 692b97fe6a44da0cf18faf4c90cac50bb1f40699 |
| SHA256 | 6ab97b8f81d25447b32d066b5548c92d8741c33d65e5635cc3746219bf887000 |
| SHA512 | 7ac604eadaaa53348f4827da8766853150a1b05fb1b80e4ffcc46b348341e84b92ca66a5ad03e6717fb0201a4acf5f78861286a066ffbfebef509f5126c2427c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
| MD5 | 02df381b4bacfcdce7be8fa8df9a3f78 |
| SHA1 | 40d28d0335670920334130980ba927dbda498340 |
| SHA256 | cad7f5c1a04adc9cedd1a205bc2648732ca11f614a6fbc284b0cfff87d284140 |
| SHA512 | 0e623cdda5baa7421f3abec8bafd8035c496f257422615831bdec82657c7e43fff753f914a027cd74ef3a3c5df887101a12c3cf143587fe835cf569307eaa5d2 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 5e663ede4575dea4b86fc461e383f742 |
| SHA1 | dcce24a5b221e13c36da66061285975c4b67c3c3 |
| SHA256 | c7addff64fbf421060ce0a6c8d90d1ddc968891f1d73cd929514509efc66d6c0 |
| SHA512 | 68aaf44481fa169f352213fe7767dd22e0995020d46f715b306fe81449ecbedfa0dd1f931bfce3c479cbf8ac004ff9bfb5dcd5948ecae50f968f9cd4d1137b28 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
| MD5 | 597dcbf87ac45c66545609bfa90d14e3 |
| SHA1 | bd0a507c410daf3a34375e2c0888a53a8d4393b0 |
| SHA256 | c4a4dcfd31724e7ae55c2f7b5375e7bbdcf0f390b4f8a14211e0c12be2c2535a |
| SHA512 | 468e259ee2010ad8c0d5da44d2547c8d7c33d93c3542ad7f91ec606f7a2c25794a8a503ccac27e5d24044c698c24a6364d6f2078237d49ddfa6e5228f4c810f4 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | cb0894e5509d76b4baf8560e74cb34ee |
| SHA1 | d54ad4a6cf381141d38bfe75cf66b1e83b386d45 |
| SHA256 | b74e92fa23159df1b2272df1ce8152602d2138613fd90060e11be7168ca7c144 |
| SHA512 | 68e7852fbc112fa7fdb07a78fbdc6134bafda17c87a72e8d775c421d76398e7c7b0bf6c3805afdc43a67eee535bb65b06cd6ee9bc755a82abeb2ff357db4a813 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 99555fb6baf9fc19c0372999f99f1759 |
| SHA1 | e26822adebdc7b07276533b70702bf6537758f29 |
| SHA256 | 7b55e88323cba4c0506e239a81c85a0696d0cf46e7f0959ef362cb9223da34e0 |
| SHA512 | b2ebc3408cc2856874ad8914131dbce1098aeb1f96a0d367d3d9ed9cd0b01c0e13e573789a8f2921f6c6a6d3187980cf91b1137129695fb090d2cbfac280e905 |
Analysis: behavioral24
Detonation Overview
Submitted
2024-11-07 21:32
Reported
2024-11-07 21:35
Platform
win10v2004-20241007-en
Max time kernel
91s
Max time network
135s
Command Line
Signatures
Processes
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\$PROGRAMFILES64\Dokan\DokanLibrary\include\fuse\fuse_opt.vbs"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 232.168.11.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 79.190.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 20.160.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 196.249.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 200.163.202.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.42.69.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 69.190.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 77.190.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.214.232.199.in-addr.arpa | udp |
Files
Analysis: behavioral25
Detonation Overview
Submitted
2024-11-07 21:32
Reported
2024-11-07 21:35
Platform
win7-20240903-en
Max time kernel
119s
Max time network
122s
Command Line
Signatures
Processes
C:\Users\Admin\AppData\Local\Temp\$PROGRAMFILES64\Dokan\DokanLibrary\mounter.exe
"C:\Users\Admin\AppData\Local\Temp\$PROGRAMFILES64\Dokan\DokanLibrary\mounter.exe"
Network
Files
Analysis: behavioral27
Detonation Overview
Submitted
2024-11-07 21:32
Reported
2024-11-07 21:35
Platform
win7-20240708-en
Max time kernel
121s
Max time network
122s
Command Line
Signatures
Processes
C:\Users\Admin\AppData\Local\Temp\$PROGRAMFILES64\Dokan\DokanLibrary\sample\mirror\mirror.exe
"C:\Users\Admin\AppData\Local\Temp\$PROGRAMFILES64\Dokan\DokanLibrary\sample\mirror\mirror.exe"
Network
Files
Analysis: behavioral28
Detonation Overview
Submitted
2024-11-07 21:32
Reported
2024-11-07 21:35
Platform
win10v2004-20241007-en
Max time kernel
116s
Max time network
136s
Command Line
Signatures
Processes
C:\Users\Admin\AppData\Local\Temp\$PROGRAMFILES64\Dokan\DokanLibrary\sample\mirror\mirror.exe
"C:\Users\Admin\AppData\Local\Temp\$PROGRAMFILES64\Dokan\DokanLibrary\sample\mirror\mirror.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.86.106.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 79.190.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 140.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 232.168.11.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 53.210.109.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.42.69.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 73.190.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 77.190.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.227.111.52.in-addr.arpa | udp |
Files
Analysis: behavioral7
Detonation Overview
Submitted
2024-11-07 21:32
Reported
2024-11-07 21:35
Platform
win7-20240729-en
Max time kernel
119s
Max time network
120s
Command Line
Signatures
Processes
C:\Users\Admin\AppData\Local\Temp\$PROGRAMFILES\Dokan\DokanLibrary\dokanctl.exe
"C:\Users\Admin\AppData\Local\Temp\$PROGRAMFILES\Dokan\DokanLibrary\dokanctl.exe"
Network
Files
Analysis: behavioral12
Detonation Overview
Submitted
2024-11-07 21:32
Reported
2024-11-07 21:35
Platform
win10v2004-20241007-en
Max time kernel
91s
Max time network
144s
Command Line
Signatures
Processes
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\$PROGRAMFILES\Dokan\DokanLibrary\include\fuse\fuse_opt.vbs"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 196.249.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 77.190.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.86.106.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 200.163.202.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.36.159.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 79.190.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 53.210.109.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 75.209.201.84.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.227.111.52.in-addr.arpa | udp |
Files
Analysis: behavioral17
Detonation Overview
Submitted
2024-11-07 21:32
Reported
2024-11-07 21:35
Platform
win7-20241010-en
Max time kernel
121s
Max time network
131s
Command Line
Signatures
Checks whether UAC is enabled
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Windows\System32\rundll32.exe | N/A |
Legitimate hosting services abused for malware hosting/C2
| Description | Indicator | Process | Target |
| N/A | camo.githubusercontent.com | N/A | N/A |
| N/A | camo.githubusercontent.com | N/A | N/A |
| N/A | camo.githubusercontent.com | N/A | N/A |
| N/A | camo.githubusercontent.com | N/A | N/A |
| N/A | camo.githubusercontent.com | N/A | N/A |
| N/A | camo.githubusercontent.com | N/A | N/A |
| N/A | camo.githubusercontent.com | N/A | N/A |
| N/A | camo.githubusercontent.com | N/A | N/A |
| N/A | camo.githubusercontent.com | N/A | N/A |
| N/A | camo.githubusercontent.com | N/A | N/A |
| N/A | camo.githubusercontent.com | N/A | N/A |
| N/A | camo.githubusercontent.com | N/A | N/A |
| N/A | camo.githubusercontent.com | N/A | N/A |
| N/A | camo.githubusercontent.com | N/A | N/A |
| N/A | camo.githubusercontent.com | N/A | N/A |
| N/A | camo.githubusercontent.com | N/A | N/A |
| N/A | camo.githubusercontent.com | N/A | N/A |
| N/A | camo.githubusercontent.com | N/A | N/A |
| N/A | camo.githubusercontent.com | N/A | N/A |
| N/A | camo.githubusercontent.com | N/A | N/A |
| N/A | camo.githubusercontent.com | N/A | N/A |
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000e78a69453f00554b9c7935775bae7b9600000000020000000000106600000001000020000000b19dd83fd94ed2efb4c641a859a3434951e419b82617a222686a370760e9542b000000000e8000000002000020000000ab77d5f0ab5976171139877a0b74d9b5b548e9f416c1e29f4083322de830692d90000000d97c364cb25a2539840ab4cd7241afa678e7b2a1175760e27187e335a140c4e3e8877ff924f2e566c122e4cf8c0d711691490f8709f96eef82963239a4b2e309f3a7e27108a1fdc6ca48e89b57cdaf7c296837742f4f6e2dfd008b887c592b7ef6b4779b099034ffc5965d94e35ef3c36be029ad5886721bd903b03408443819a6e8ff07661175bac860b1460f0483434000000089a7391040a9c5ead43e2d830dd7681a96e7a7612fe3d3b9b61315efe87457b70c72725ba19387da084072ebbf788c0c290aba56728ef3dcd0a2549ddac20f76 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{E0652931-9D4F-11EF-AB56-7227CCB080AF} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "437177057" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000e78a69453f00554b9c7935775bae7b96000000000200000000001066000000010000200000000554b0ead6098d53f87b5c865b0697fefca7330f7a70d4679116fe6387769ce3000000000e8000000002000020000000644e70d536a70bdd5bfd5e2b01d39da943272f9b7f424794b25ffb9f975b3f7e20000000653da4c564b7de6018c312953e01fb376965566b78720a32dca63ed384b7f4ae40000000bc7262923c97ac927aef714e1cc3fbf712f6c1c8ced54f5fa8853f7f3ae7260a379fd444bcb96f6e3a2e52fde20265bb788a52d5d196753277d575c75d63460b | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 50fbdab95c31db01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
NTFS ADS
| Description | Indicator | Process | Target |
| File created | C:\Users\Admin\AppData\Local\Temp\$PROGRAMFILES64\Dokan\DokanLibrary\README.url:favicon | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| File created | C:\Users\Admin\AppData\Local\Temp\wwwF86C.tmp\:favicon:$DATA | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| File created | C:\Users\Admin\AppData\Local\Temp\$PROGRAMFILES64\Dokan\DokanLibrary\README.url\:favicon:$DATA | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2544 wrote to memory of 2520 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2544 wrote to memory of 2520 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2544 wrote to memory of 2520 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2544 wrote to memory of 2520 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Windows\System32\rundll32.exe
"C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL C:\Users\Admin\AppData\Local\Temp\$PROGRAMFILES64\Dokan\DokanLibrary\README.url
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2544 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | github.com | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 8.8.8.8:53 | avatars.githubusercontent.com | udp |
| US | 8.8.8.8:53 | github.githubassets.com | udp |
| US | 8.8.8.8:53 | user-images.githubusercontent.com | udp |
| US | 8.8.8.8:53 | github-cloud.s3.amazonaws.com | udp |
| US | 8.8.8.8:53 | github.githubassets.com | udp |
| US | 8.8.8.8:53 | camo.githubusercontent.com | udp |
| US | 185.199.109.154:443 | github.githubassets.com | tcp |
| US | 185.199.109.154:443 | github.githubassets.com | tcp |
| US | 185.199.109.154:443 | github.githubassets.com | tcp |
| US | 185.199.109.154:443 | github.githubassets.com | tcp |
| US | 185.199.109.154:443 | github.githubassets.com | tcp |
| US | 185.199.109.154:443 | github.githubassets.com | tcp |
| US | 185.199.109.133:443 | camo.githubusercontent.com | tcp |
| US | 185.199.109.133:443 | camo.githubusercontent.com | tcp |
| US | 185.199.109.133:443 | camo.githubusercontent.com | tcp |
| US | 185.199.109.133:443 | camo.githubusercontent.com | tcp |
| US | 185.199.109.133:443 | camo.githubusercontent.com | tcp |
| US | 185.199.109.133:443 | camo.githubusercontent.com | tcp |
| US | 185.199.109.154:443 | github.githubassets.com | tcp |
| US | 185.199.109.154:443 | github.githubassets.com | tcp |
| US | 185.199.109.133:443 | camo.githubusercontent.com | tcp |
| US | 185.199.109.133:443 | camo.githubusercontent.com | tcp |
| US | 185.199.109.133:443 | camo.githubusercontent.com | tcp |
| US | 185.199.109.133:443 | camo.githubusercontent.com | tcp |
| US | 185.199.109.133:443 | camo.githubusercontent.com | tcp |
| US | 185.199.109.133:443 | camo.githubusercontent.com | tcp |
| US | 185.199.109.133:443 | camo.githubusercontent.com | tcp |
| US | 185.199.109.133:443 | camo.githubusercontent.com | tcp |
| US | 185.199.109.133:443 | camo.githubusercontent.com | tcp |
| US | 185.199.109.133:443 | camo.githubusercontent.com | tcp |
| US | 185.199.109.133:443 | camo.githubusercontent.com | tcp |
| US | 185.199.109.133:443 | camo.githubusercontent.com | tcp |
| US | 185.199.109.133:443 | camo.githubusercontent.com | tcp |
| US | 185.199.109.133:443 | camo.githubusercontent.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
memory/2292-0-0x0000000000150000-0x0000000000160000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\CabE428.tmp
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\TarE4E8.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | cbf2bdf408b69d6ad4e658bb6e1a38f0 |
| SHA1 | 3f767625e4a74ffbfede27b441430f4cfda07b79 |
| SHA256 | 6d163be88716e736490be8e0a91806b96845fe56b8272acd3c80993a763daa09 |
| SHA512 | 69bd6b1796407c0029161fc0f55f2f656a27f0be5dee110dddf9278dbf0860a3bd4096d1703e155e372e9b4e291701d3e96d7978034fde95654070ced2e9824e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 607ded6ec976856d2eeb36fdc8e700cc |
| SHA1 | 2b453af65c3ae50a5cc871ce49058450143236ae |
| SHA256 | 2bff20ca5352abac756f00a2dd0ff06c0a189ec9f5ef231cc4a35fb1b93742e3 |
| SHA512 | dce70293e7a48a555b257a5562853256f4d2418c60e84a7204aef2d30f24780fbbae9932219575ebfae795c769f814ae7d5f5ad27f4c30525f9acc916ddc9487 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 29c5827d419a677efc0a1a4e28132f12 |
| SHA1 | 25d290b0876108e3bec30b3a770fe1bf8236252e |
| SHA256 | 09bf6a2dae7d335336561cfbe9c10cb150f4d07c57b4b9c71a1a38d80cf14ba4 |
| SHA512 | 44f005ebb4f446d7f89e26d63e109c8e7a2603f370ba8b2af8610c8cedfeb252cf7faaebb52a444c9679fb0dda55f3d1363e91f04e298f237d042da60e6b2bf2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 505fd05345d9f29a5ce34787f7b1958f |
| SHA1 | 5d65c49d98b1feea3aebb918279db77eab923570 |
| SHA256 | 5b29096fb2f665afa72c7edaae7aa2bcaeaac8641abb16e4d07416cfb50e5c7c |
| SHA512 | c7810a802209c2197728a8d7a7c0e5e3bc0b40ec08049f423b1dc7d216bbaa6048a6025deb9f52d1a93e5628f66a5b251226ed1597c338d8d04138308928aa7a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B2FAF7692FD9FFBD64EDE317E42334BA_D7393C8F62BDE4D4CB606228BC7A711E
| MD5 | 7194820cc46c7516fb0c7b7c4fb99060 |
| SHA1 | f5f7a0000ed9f8a3fbfb01f55f2cb080b14a13bd |
| SHA256 | c7498628b06e8b53daac1f2fcff44b618e596a8803318ddb8fd14ea7cb5befdb |
| SHA512 | 6908548f7038790c2d651e61a68918a99132d7946003f2a3947f50b247f580d8f3973f098ddd49ffaa6bd9ed67a2069bf82921f19d460b636aa640f2847990a3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 07426019af467915efa3d01f4b7e4429 |
| SHA1 | 210cd180c513283f7cbb309593429d585c2bfbcc |
| SHA256 | af3714b35411b49279e1f681d49355f817bf00cdbd358e5202b15991073bfdf0 |
| SHA512 | e002eca669bf04976e385d9bfe9230daa9801a3fc9992f0805ec8c813bf2521ad850d811af679f68ddd5fb1e1d998f0b863bc7a4678517e294620da350ddb62a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 16ca7fdafefe0e1e7afb0911e0049503 |
| SHA1 | 259300383e3fafe412421fc3af9977f72966c6ca |
| SHA256 | 1f20a1a2103d771f5bf76b8a7ce1d829c4d06f2f33d73ca3d92a016005dd53c8 |
| SHA512 | 60f564cc84c666d9b352a947fb68cf947cf157ed05a15324bbbf86bbb93721d4cdf55080d544d8e7ec2863bc2887c92dcc4a583b524b4824dada12d27037c55b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\07CEF2F654E3ED6050FFC9B6EB844250_3431D4C539FB2CFCB781821E9902850D
| MD5 | 855cb0cba6b740ef9c84cb4b39b57617 |
| SHA1 | b36cc2161efbbfa5463803b090876e6f6f288528 |
| SHA256 | aa823f03a3b9983740fccd773ca20d8ec15e8a85f9e44c6d6700ca0436687270 |
| SHA512 | 60d390164b1c21ed4f3250beb7f6c1e004596c38373064c6d5f0c3b441604560627fde6886647b40b4a35c205fa6e377199dd4f11b545b89011c0e792b569faa |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\D5D208E26D1070E328FBB39C86EDFB3C
| MD5 | 35b8805650d14ba02f63c83053a82c77 |
| SHA1 | b8199bb44463cdd3babfa7e2d13f6704a9fb574e |
| SHA256 | a60e5d37fbcd07891b291a9867aef2f6dc0eb55d5bce74adbd0b90150235e62e |
| SHA512 | 771867c625d789228b2dd47ffa0f65996e6ee7e5d8533380d24244fa83f72da498edb947609991d2b9b65e9b6643cdaf16cc62bb49232cd8e0eb8135cece0e05 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8e808617c084414a1b3fdcf6ba2a548b |
| SHA1 | 42374d7943554c4767a5819e76bc9cee738a3ecc |
| SHA256 | a64b9ade09f68320cd91856fa9645e2a7fa5148fb0d74383e9fac27482c9a155 |
| SHA512 | f7ab4593ac2a14a143bf21c76a3d4129a73883be8de5ef13dc387694b5d736cdc0cde00960fa4fd7a082c619e047b6b07fbcf70b99c0f33d8bae5d9523d7ae1f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\D5D208E26D1070E328FBB39C86EDFB3C
| MD5 | 10fec865ee24f0a0dcca7ea8b7dd04a8 |
| SHA1 | b18a17f950669e79831c6143148885acdcb75392 |
| SHA256 | 10a3907a2e2743346c0768e64dc9fbc161fe54f29462380317ae7a41f1fce5e2 |
| SHA512 | 2c8216aa8fc686456e0b360e965e037334c960b7534a4bc33d9f94c756497bf417ce792df0045edce4473c4b4e85a876d39244a000e5afe2b1995d6e283738cd |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | cf38b3954509995709da5d0961a64fbc |
| SHA1 | 6e58596ce41aff19debf4adeaea8471738afe5dd |
| SHA256 | c87da38f9cb75869f6e870ac2c7238f449b8171cc470b4122c4ef8a89682d455 |
| SHA512 | bb8f9ca82d85082f00bea42eb9f42767d406aa2e6f8090353ae59297ff23a84e510f14c769335fc510093b36a1362453db4eed5b518075cf7369af5a06455b75 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | df315536c1bc6da5cbf56a56ff2df58e |
| SHA1 | 441ec26d18a239b7bee396c11ea364f79c5e2993 |
| SHA256 | 052ff1ed5cc8a7e956fa6585c9121b8b8f26132883f84599e802910c9ac910e7 |
| SHA512 | 1ff2bd5a1344aa1b35a2592ad3c70ba04f6e23ee613296e860944f10db228ce6551a3be49de5733c03469a5857aadb685552d54615c87f11e951835919684533 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f069cd8cfaa6ca4710b116cb18c15725 |
| SHA1 | 73174bc5214db893c760ba45c6214f206a59d532 |
| SHA256 | 8be70a5e047613d2080c5f62fb2f6be7cf6ad693c7b64f3a03cbe42b99dc398d |
| SHA512 | b5d43b662c21e1191bcb249f9eb9cbaf1d830dac1784fd18f8b63711c7bf4cade348d0a0c90c20848e2b2bdb68e53b40e2a346814d6e166120e75270794d856c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b7144becf834d8ab7a21f78bebe012dd |
| SHA1 | 2ebd5ecee3c3f12e390d1c6ecd17bc81082ee058 |
| SHA256 | aedc799bc9baf4b742102b93d8afd7d96e7a610d1c9ffca8cf2c0e99a3691f6c |
| SHA512 | afed25f1e4c981c53cc6851d75737be37dff3dc062633e80e8846b2b087bbf5ec3baeb3e045677e1530bb31f621733325a875d5c302c0f466c11e766c7575391 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | bb5565e9b752f6d30a8be9c890a15aa5 |
| SHA1 | 4e37283e4fcc3c53b91c5524dcf76b55e8976688 |
| SHA256 | 6849a5db61497d7ef4e80c0dd80fa4bc170963b13fe04e04e22f57870aabecac |
| SHA512 | d0a0db957cae913c3dd9f865ea65112b991158cf15ec4277104d98d7b52b9e7d840472433b5b628fd5acf39231ce2174d52bdfacd73759971de39d06a592c5d9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9adad96ec200f030c6def64d81de3aa2 |
| SHA1 | be32a85823697b690bba820fd536e0d2a09ba299 |
| SHA256 | 1b72af33563db720818bcdb4051c2140089d335c2541b61f130ecc2d7864a399 |
| SHA512 | c60ec85a5b19aa22a918d6de6ebcf103a9b4e7d8e33b061379dabadb2ade837d14f3633dce4685b46674843bff5cec5dd09c760a085b48e08fc92e1a5acb6848 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d13177009a1e2f4744698df789c38c67 |
| SHA1 | e2398b23ecb7d215d483be19ffa120491f85a225 |
| SHA256 | 6a49e883701bfbb4314fd0ab008f0fd2353957da2c3dc86cadf8f82536e4af17 |
| SHA512 | 0b2d70c3d85407cb2ccca0d1d323dbfe5add2852490be01371996d2dd7585d006b50c5b707dfa1da06832760119b7893f1dfab465115fcb8db919a437dc9ad3b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a0c770d0530c61421d2a7a688a441006 |
| SHA1 | 94402a9dbbab5126c230fe6129041165d6ea6ce9 |
| SHA256 | b5c8b10fcc32cf24eb4ae289b19f76e2e3551d9a13c8fe3e2a7bb8f8a05735b9 |
| SHA512 | 5e05e7006d060b95f81fab8fad0cc59b3b9808b1202d3a2feab77ceb75c38680e20709609e55475f3b5e50a2d0c725b6a4746079f3d6ae9200e1ee3ed6515b4b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3e569707a167018c062a3f45b82b18b5 |
| SHA1 | 1b6556d3c076d8616bdd64f9c8fa82d40244eb51 |
| SHA256 | 263fd649e78b5cf42fab7ad1e25f92cba7335ea9813cd56a72c290774c9f9802 |
| SHA512 | 410e78887812bc7db8aef30dc5567a16b5816ff0302dc2bced1df57e1ec9afccd59200205f50161d3f90803cab210aaf3a196c7c345af27c0b86cd6bf80bd173 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0e180d11af1bcd52854323a3b3c086b8 |
| SHA1 | d988ec611a20f582ee8ab225c5cd14605a052d9b |
| SHA256 | 4ff3b2890060ab2420c2f29a4aa9c187339bed4027ed61d830eede15ad819971 |
| SHA512 | cff00d81592a356672765324bbb4c8527ad8b794c3ad8f4fdabb5455aedb60a19ff1a4f83425063489733ab28092d58ce332718b70a1b2d0c960a4b8ee2b27eb |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3ae04008822fe5cc188f86d9d1b95b30 |
| SHA1 | 7277402ea2b144597b9311b1b3c4026d064dbbcb |
| SHA256 | 422a4a195cfae9a3ee21552afe0b82341419ccb04aeb7e0b6ef9e7cc18b0b611 |
| SHA512 | fa84494c83992ce9146aa9c1640d3bd1c9abc290578a3f33095cd43a2e19e0de16f167c03e75ce327a6d187c9c899fdf9bf549bb786f25631fb0d8aefc73067e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 77a2c7d7ac5ca881bc622e3cd2e19e61 |
| SHA1 | 195c55427a41d3797e43aa43946d38be9c688bce |
| SHA256 | 15db75d402386555c4e0dad2bd177f2d43fab64be85fdafff44aedead5779351 |
| SHA512 | 6b97361aadf783baad4a8049716f091b734e5ca789bfa2a706a3391ef3ddb67d6437640d8033c69b0aa0eecefc7e4b123fe333649a1a9a3610467d2b23cb5d64 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f83f35245dc97318450e78de871bbdb7 |
| SHA1 | 45c6d1db993b80d96542e79fef6420709bc21ae5 |
| SHA256 | fe71654ca69b45648e177463c3d79ace33e01194bfbe0e7698befe513a2e1e11 |
| SHA512 | f6bccd56c99bdde1d51a69688919a913b8f62a8d23eccc7c83a421f7a42e395ea4c070bdf72b392d7842d107deee76d67be081d5e43b4af08217cfe9bd560071 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a09a19368e25e7718d5c8062d4a38b49 |
| SHA1 | ecde02aad9604ec94f9b3bc862d97149aed9285b |
| SHA256 | e1fa1b449fe83a5417b94e406fc8bba1e5928536835513bdeabde11b11ca8bf1 |
| SHA512 | 540dfbe0bc3737dd2f864383be9c9c15398ed38aa9e71e4a517e1470335be8916d1ae1f8fc4a9f4ebe5c3ca40c0a36a949adc72ff220fc1551e507078c2b38a9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 697bd5706099b4c13f799fec4037695a |
| SHA1 | 36e8c4aa638d43c62b702ca2d5642770de19cbb3 |
| SHA256 | 34cca53278ab770eea48ef8b121a93c97c6e98af441d9e611a16e6d044068047 |
| SHA512 | 252ef2d9682207e2a40abc537ed87c1d3d9b3892611f68a38f0d2aa3b629aa988af3a71e69c15e3df32245f3ab2b78cbabd7a5f2a670af77a571f4b367d3d3eb |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 94747d64c68acc96c1788903be0e8efe |
| SHA1 | d14a0c941ac032b2529ba5ca981b92a8a2014d4d |
| SHA256 | d41b75a6417b60259704e6d3bb6b6ff2db771ad88ddb182d1f3691587f679085 |
| SHA512 | 956aa51de651893d27f34571469bb7d05f28deb9b87e7b544922d8532f5b6668938e76c3610e76a2b876982354667ccd112dc826e07cde25eb545eefe0c39510 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6378c8ddf591d50af01281b34d3de315 |
| SHA1 | 173025e71ecd574f89963bc701e821b6533394e8 |
| SHA256 | 3f6eadc8d75cb48d55d525f2ba425f1389c48a56f1d37d61724594fef70fe3b2 |
| SHA512 | 8f122070a3b1242e22f90e9553daa16ee7d0565c88c267806b67a7523fdc566bc2ddcc1769111834d62437d5f7cd6c781e3ec183f051da3afc73654042288261 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 997029ed25a7d16956c8d88059759e48 |
| SHA1 | 8d33e296377899fd5615d62ef8ee0fc70cbaf881 |
| SHA256 | f66ef9ef94659890435cb361d1d93ca8d3e8654f0ec3671652aae532ced31a5e |
| SHA512 | 8cc741919fb70c095a6152cae8452343362f04d74cc3a71c67f8eff2f6a6dd3af040e848c5fd433d2fe277996906b7444b1fb093f5e9fee10ba1fbd9ecc11fa4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9c38687dcef37518cffab6166415d2e4 |
| SHA1 | dd1e51ecb77d1006ecfe4b53ae8320f8e801d3e1 |
| SHA256 | 33186993b0454a6ec42940cfb1f5b6f8949c85593a156fad3594fa71590e8ac0 |
| SHA512 | b1847a0c37d41ae1e18ad772de55e7ce24e4eb0ba7c6d9f5423cf219de8f1e6754e6b691574c6e12d445baf5addf40bd41286d9ddd99a5301847d15657f660cf |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3817781b9ac36ba8ab21cd2033ee05f8 |
| SHA1 | b8f9921c668a73a3d38137cd8b7e74c641877573 |
| SHA256 | 69b7a8a18e12d555214df6bdedc6b2f3bc796bcbdcda2d7a9c3ad6484a95cf62 |
| SHA512 | 43d50ea6ff7beba885803814f019a354f7d99846b49820fcdbc534b343ee9dc5eff51f4687c459fcfbbf3e2481f254f1f0e9054b4d91c2ce401fb2c8bc0386be |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d0b112fe520b6c1709407438e06cf0e6 |
| SHA1 | e0de80b90f92641a197fc480d1300832c92eabe7 |
| SHA256 | 42a4706909947d5ef032af5aa0df09cb8f71d4596b7095695b7492451c3a1329 |
| SHA512 | ace87f52591551e7dff7c65782c8c03afd7d7bc68e4017d52cbc7bd10c3c297815cd67612e1a3cef37c29ca5b4de54134083fcc8489b3876513a38c7dd507c9c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9670e04bb448fbdec37a5ad8bd8f559a |
| SHA1 | 17d7c834c1a425d2e179c86d9e0a9cf194b2af14 |
| SHA256 | b7e65c04ce61b6019227e8701404499ac6dbc4110bc9bc2ffa216cdccf006686 |
| SHA512 | 6cfa27e8d8d895d56c9cb214f506e3e9b1843452da9dabda5e43be005f0c62ce0e50bf23f170a0450fab911e925fe37183334bc4e310d09de2000acce7789d62 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 27bbbc3ebc82cd37c3690373fc482813 |
| SHA1 | f9816bc04b3b203b4947222c7f7e7427115148e2 |
| SHA256 | 441a0ee8c1af48e8a2d6926246b7a0c659aeda20d6f2fa2a5da619e2c5feb86a |
| SHA512 | 6b1de3749ecfa7017329759f46af813e31858e1ead49fd0ce5f0c92fe4cfbc5e479797ea775fc5f612ff11d97515dc8e11911c221c47c0921f395082beb0ea30 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 574db660422995a1c1692c994cb31fe8 |
| SHA1 | a7479bcc3547cfd5e6a699d80aacbaf0da01ba40 |
| SHA256 | 1905421f3d4bca9514ccb209d9aab9ebfa45d9cee91c04c4a2b7d82ec9c042e0 |
| SHA512 | 427ddba4cd272bec4a9f5b59f004f05947bcfeea81d88aa975792a1dd65d60f36b90846d4508a2e72546fe26a7e3be7f09132d53eccf186c7b80f16c4fb852bb |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c829e0db1d6ea3652daf414c06fa82a7 |
| SHA1 | c1ac7f6d6742534c6d2d82c06e3f57bd37192da9 |
| SHA256 | 4b8aa02fd299f43e24d10f3caa9d33899d5d1934c45659456c6ef9d0882cb89e |
| SHA512 | 358dcb55733fb1472f8cba0c2457295efe324b16f9133c71ef7eae68a561ef42b65cf7960697cfa4fbcc09572e8b9f497432c1cabc388078540f5dd2aca415e4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c338cdaf835c1483e9fe9d2f8b1dc3c1 |
| SHA1 | 647638a3262547b9c9ce2cf4ae24dcf7e6c65491 |
| SHA256 | ba625bf01784039a99d6b55626078c9327c6796bb642493519f4438debfc74ea |
| SHA512 | 358713cd6a3485123be2c918a15587a4dd66c876e76696c12cc30e9ad0eebd6474ef4bc6c0eaa273a7af095a2004a43eb69281745015ed1cb34ddf63a30a1453 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f8bf0019a9c4281a1bb65dbb85e4ef3e |
| SHA1 | 8ca9d34d9a30305625cc842a28ca874708c4242b |
| SHA256 | f6bce6bbcbb26742bd0ff171cf3d44ab72dba6d0c180e2dcc2527fe6d3808a91 |
| SHA512 | 82ef6785a59f54be013538ca750d301ec5e3f65f1792aa98be37a6a04334b83bc22fa227b901f089a65793cf978798e4cd51fbf5b6422e041b4df5c04ee2a08c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c2a4cbd41c078447b8073daa8130776d |
| SHA1 | b3a15538ee6078b9837a339ccb4a3ce2172d98ff |
| SHA256 | 7418156de8ee1fdbe45b43ffd2eb622dc14d98b93501ba6064720137ec70f00d |
| SHA512 | e7dab1e5aed3863ed2b1a074471d47f3608eda2973c5718b757201113429e8a2511d06abab1ee2672634c9d42153f9bb98ae21657d479ea00c50a9b654d3575f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | fee66910fb5d9f9d73f1af674ca2c26a |
| SHA1 | 8c0bcc2867330d559e1f4fa55416cacccb33e54a |
| SHA256 | e84d5ef2cf6f42a0d5380858d4f47ecff1c59128066f1b9e169704ca9fd4dfb9 |
| SHA512 | 00dd371329a840ce82c2bc5dbd4eb8fbdb5a8e65a8eb6c48a90fd9c6254daf3f878e6f4dd09ed7f38d0252104c5061afb70c9b8148d6652246e862a86a958f3e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3b9fd7e2db60a9fb183ca2e2aad88bc1 |
| SHA1 | 2a5b3c0d4ab9d137937dbc20fe236cc983d67b39 |
| SHA256 | 6421106738b8b6de6a5387f8950fd8254ce7245ad69fdd2d2dac5a0de848be8b |
| SHA512 | f8cba17b36f0442a3ab1ba5282d7429aee148d8c9ae5083c902865aa920f4170719f229d3bbd221d705f988b246a39b60dd33e42d69ffc102b1a413049ec2950 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 26d759652c5997e0e5c35781831e6902 |
| SHA1 | 70ba15578abd9e0b98403386773fa1440afb2a26 |
| SHA256 | 04fd176b2e2a3e27fbb696584035b5d4efc9a37d4eee5c3c7876d12929a6300f |
| SHA512 | a6d20b83363a49e9ccf5b0d2357541e1b3030f769ee8c5992b782d9671a47313ad6561d19ee85a72c9506aeb7c68a631f4dcf8466b9f5309424a59c6a5e75fc7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d41c567205ffa6c2ec7bb554cf0837cf |
| SHA1 | 2a96671e4265301e41d7648c2149a071aba87552 |
| SHA256 | c303140106b4cfa29f9edf3fc8bb3a85db0cfb0771c1d53bd92c37851c668d05 |
| SHA512 | b38dd4f6b1176edec0e53dc4c03388bffa61c638e4c277d04788db447a4d0b6380e935e31e9e3b36b5b405eadea5c5018fdf93b767230faae6707f449b0f82b9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 81f9551b0d991d97b691010cd7cec308 |
| SHA1 | 9348d7bfe990bcfd79f5c4edd9510d9365895072 |
| SHA256 | 516d39eed8b34f0c76a7d0d5acae2bb8931c91b3deec0e878346e3b47d5751f1 |
| SHA512 | 60f9b6795bbdf29780d36becd51f81ae2521edb86e2110019d3b05024756e721bdada330e0eabd77462c949f2dc90cf351fb24872f1f7376504b0332b7f0fd17 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\K0PVW9XR\favicon[1].png
| MD5 | 346e09471362f2907510a31812129cd2 |
| SHA1 | 323b99430dd424604ae57a19a91f25376e209759 |
| SHA256 | 74cf90ac2fe6624ab1056cacea11cf7ed4f8bef54bbb0e869638013bba45bc08 |
| SHA512 | a62b0fcc02e671d6037725cf67935f8ca1c875f764ce39fed267420935c0b7bad69ab50d3f9f8c628e9b3cff439885ee416989e31ceaa5d32ae596dd7e5fedbd |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\z8d0nzh\imagestore.dat
| MD5 | 56ad8a7f2cd65ccfbd8fa24734c291d2 |
| SHA1 | 38ea171b8c9fd2b0e0976cfa093a930f03e740f4 |
| SHA256 | af74995c1c32a4b8bcf319d82945c52e0eb391846ea7b86e8e90283a9425dc46 |
| SHA512 | e353f8f11061917fa9bb279076b3ffb223f2d400435976d789a8e49f349cddb9ef22e12b5c1869288da2fe06a370299991719541bcca9f5e5ebf63ca59c687d9 |
C:\Users\Admin\AppData\Local\Temp\$PROGRAMFILES64\Dokan\DokanLibrary\README.url
| MD5 | c99685e2d25845afae9440d1e9d80151 |
| SHA1 | 0926b58eca2eeb7a22eb132e83ff8683b45c239d |
| SHA256 | 78792c381463c72f9d055b5dd9fb21acdafd45f0f1594f0992668d85c9b90fdf |
| SHA512 | ec75b53520ac9d903c683eae8ca37cdb67b01692211e0ac641997c34f2802b7f5fe5b6462f804530a0b121ccbc7d8cdf46b6046b8f36dd542b27e7d466495bad |
C:\Users\Admin\AppData\Local\Temp\wwwF86C.tmp
| MD5 | d73e2ea707a98bce24b1970c91d82f6c |
| SHA1 | 958c538cbf96d06dd81f014fe4ac0c90137c5d40 |
| SHA256 | 64bdc2e022158e93eefb2f1473f419ae9f135bc193a846300d95be39a0a4237d |
| SHA512 | 0201be70496c4961219b5063c95461dba01e03961e1aa3170518de615c1337551c2fc78b3e957817e534d431e0c71781492967688b3ee95ab3ab664f6ee9a658 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b14e43427a2ed9768ebe05a935a5e821 |
| SHA1 | 251d2bd92fe2e256f2852d19aebb0bd4fc17b590 |
| SHA256 | 8ab77c5beb7c0d2b8011abdef575d0eabfae88f63c8e0bc16f4dea4d212d9bd5 |
| SHA512 | 501fa2af15a618a2ecea15e754ac4ad63785ab17b5cb166b94835684ab23c148d3d97c4ed86f4e1c10e091a2458af6076a19992d980d2491e3529f3a35ed8217 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | acfbc64c1d8d6a8f07c2c2611783e659 |
| SHA1 | e674aba3fa04b3c58346c516f6ddd09e22ef7c3e |
| SHA256 | ac44bf2b0448486f540e84ea5688da5c5dac1dec0caa93abbf0d671d2740e392 |
| SHA512 | 3e09fc34bb45ef962b93679e7510cbbbe6a374e9ed0195dc7e70864183014749299553447e17c8675e51f5bab9e7f20e07be665f88c6eecbd778ce296bf68b51 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3bcab404340880b0f0c76edda760f21a |
| SHA1 | e0ee3f8622633421ba73034164ac28eca7fa4a9f |
| SHA256 | 74b54545c1fd2b80d261b42104b732e420719f89771e52539aa6a5124c88052d |
| SHA512 | 7c72f8fb1665a873fd68879ba7cbc720ae53951656f89c3495df7e0c119639d1979cb909ccb0d86b863a82bf433d399752f2ac5b340b016714c4a23307dc2c27 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 41a61327668b76f6dfb84c718ff5a809 |
| SHA1 | c8b2415aca91224dd68f96ddfcbf1be0cc1e0a74 |
| SHA256 | 99360e6f3954bfc9b1f681f17fff1f3169139ffcb2bdcf5874b4c15114c87d8c |
| SHA512 | 79103e020c634a451e03fffd4605c5f6eaac4b775f6efa40533de65363aebb4bb8281e1cd8d7d9bfc955b86813cac7f72b1c121f99c8001b0df317e7078cf7c6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 55655e4ec66a85b2f417d076185ac085 |
| SHA1 | 27be81e54aa78743f1c444252cdfbf43455ce73a |
| SHA256 | e5b1d962882921024643b8a9109f62785af1ffb4a1a6d05520f3df0e26c3ab97 |
| SHA512 | 597c1bf4c52e895bb7d58829f29e44fb8567f2f977a1755502e479bc7e02924b64f0d53c6815a0fd4c70cea7eea0639fd34e1bc2379987e8f16ce3516a5cfb63 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d61c4127281314cb8ef4ba98bcd57c83 |
| SHA1 | be4051429ff2b96dfaeb563f52db1156e32f6577 |
| SHA256 | bc703c3dc528977e55207f3bed6f7bdfe9a46208da1545abf5f23498b53383b4 |
| SHA512 | f93c21e50a96989729c875ffcd11c2f2b1df74f6ae0b4ad5d759678d3a996d8f67554c3f622e7bdb6cfa6f56b75eef30fb76aa8d618e6bab8591402a8941410e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ee89fc7f205a6edb9be98898d1641040 |
| SHA1 | 5aa1b91e65d010381b92ff9e904d03d6a82bc412 |
| SHA256 | 2e12cdf606c153ce8b4990399a4bff3a8063e004b101ab905f2cda3bbdc3604d |
| SHA512 | 28713c52c4f38307a3e8002175678aa2f3a74d7d20d9c5466023c583275f4fc7a11763fd23b38e81afd8f4c3803e6f4ab7ef8dc73bd2e51e7c277ac280999f21 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ecc21f24e8bf9cce88c023aee58ba37d |
| SHA1 | ce5ebde8b65b6d5acc5a579964c61845bb180c19 |
| SHA256 | dd4d118abc2e02c396a08430998a73795ee4bb0b3bbeeceadf90766d72f3bc21 |
| SHA512 | 3b84cf6d5ee74320f7346a5dec22600264799a3f08651ca66f0bcfd818249c896c10bdd7450f593ff2b179839fbfc7f0b47da13946f3283410e89afa18864c88 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 62f826b45881644e72a4e0cb66d37323 |
| SHA1 | bf8986bda793f16488ef3994208eeb5ad76ded0b |
| SHA256 | aeab8a8bfe16a56d68819a4e7c304df58ffc7a6def7e0a1d85e33c53c86fe694 |
| SHA512 | 25a99e1edb8d79eff6a92acb4fd8bbd4d66702dfa4f86cefc3d97d77a0cb81c2d64da3a241b9e9efe26a3966f3a4ac6bfbee99ffb4c851f1ad60c8c905456c4b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 420e7b1a8f9f56d015e8df9948232b9b |
| SHA1 | 1389862786a56a3b66c19a89a52a327cce528b55 |
| SHA256 | 467b900b4d2b6e0d0b79f7f61373c0b0336fc22ac4c94b595a4d185c4b32f978 |
| SHA512 | 9d877f41789ac33085193b327e217cc4686243d8a8f8f438af7b7c6cfff1b2ac51c8caa1170952a0b816bdd785ca74398a365da836c1f999ca15105ebe68e40b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d154e7d1103ca5073bebcaa4adbb28c2 |
| SHA1 | 7c2b8b5a9bc19d247456c1fe745f3137366e0b3c |
| SHA256 | c81298adf42052d8607ab0246743f49bf23eb7fefc54b6611088e21c5290b592 |
| SHA512 | 625bbebaf9bfd1765c8aec8deac283c81b1b05882f75acc44c31b854787134861aed0363be7e42d638d933b1b2e42d3ec9096f3e149a52cb35269b6767d49445 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | a266bb7dcc38a562631361bbf61dd11b |
| SHA1 | 3b1efd3a66ea28b16697394703a72ca340a05bd5 |
| SHA256 | df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e |
| SHA512 | 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | d6481e0f486406996e7cd94a1cddd407 |
| SHA1 | 44a7693fef7baea361a51666dea070550c5c56e3 |
| SHA256 | da7e8a9fcd67153f819d48d2b75dfe801f8589e12d72eec2619f434ea9f5c35c |
| SHA512 | 20baae4a55a498d389f4ad9ce1db2384c978bf50862f34247bc6b4220cf72972cd9f18079e40a6bfce15c2a25e7e13e63a6f6c074c2ac7fe2baf101ebc539a68 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1c8eeebc08728f5950b19575f201cdea |
| SHA1 | e21fb76be80286eb9bed5451e499c8b0c0990134 |
| SHA256 | f6efe9e711eb8e8fa15bc3cb47f20968a3bf348ab2e89a05156c9d374ac138e2 |
| SHA512 | b984e77b0160b9bc7176d3d3e881ac3d69210e1cf2f0f9d3ae3439ad1fa66c3c5bef22ad2f5c0bdea1e89cfc43f9118791e9702ebb80818629e070e8765e356c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c47dbd28ea7d131d8bbb8c6e412ae539 |
| SHA1 | 655b69e4e69eadabc09398c821feef5087e05e33 |
| SHA256 | 5a6f016a9b790cf8cb9a22176a06f3f122ea863e98e6fe8e3aa41f78c4568df9 |
| SHA512 | d075690614ec0bb3aeef7f8e0f8578204792a90f8dc68c13392bcce4e99289f6a919d2c9a934e48a9d7a27db4ea0a75bc5c2db30cef45d664035cbcc816ec81a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3f9b2766e80b5bbf15a116de69c53a65 |
| SHA1 | 27ca11031e4e1358642bf325a7ddea7ecf335b8a |
| SHA256 | 92de6fcdb1e5b548fe270d8527592d6eea2a126041709070f6af649957f88d6d |
| SHA512 | 7adf58e18ab103eff4ba4e09a39ce80c10711998599fe002277266e6ed3b355f4a715d41904cf4fb61678d17f007bd3eabc506384416d565450c7b6b3ba48a9a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e0c66ce8d0321d45c323d0984a1d435e |
| SHA1 | 1538ab6f35461156d57bbc29c356ecc01c1fab36 |
| SHA256 | d9e149f36420fa5fe4cc1a58912c3913998a60a0b89a870ed501f2013b3aa625 |
| SHA512 | 6925a5720a2dec76b536bef86bc4b9f09de7c10829678310039d5eb9d0af0d93b243e1888a36e93f5fbdf27224d5e690ff875e1e3b6bb76ef290f48944502765 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | e4a68ac854ac5242460afd72481b2a44 |
| SHA1 | df3c24f9bfd666761b268073fe06d1cc8d4f82a4 |
| SHA256 | cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f |
| SHA512 | 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | d1df1a9d41b225dd03078be32b7bed08 |
| SHA1 | 86477bd1b28fbc5d3b5256f608c3543b5dfe67b7 |
| SHA256 | b00d627697e79387bd6a7ceae17cdf80b9fd37f4f3103d7b7e31c7bf22dd0560 |
| SHA512 | 4bef0e92bf0d8f17ddc76ba3e1501503bb133f8966bf26618cedb0b8eb0b1323d8e92218b8d2a94a3dab6cc912357a16ae7b621cc9b71d8a4e42bdabac15eb68 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 754adb661f4bc430bc0148630ee062a2 |
| SHA1 | c01a9a660424668a52188b02a8b77639f5c984b4 |
| SHA256 | f7602a07fd9f4d75798b8b5f7ba5d5e941cb0dd93fe34283513275f874a883f8 |
| SHA512 | fee94d7d93ae414342f03d1672800bd2d89327fae31e28a28383f4b9e0480cf81b815e33b02d95228cc2a5ecedd6f7ca9b30c02690780bc8194cefd8a46c119e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e84e0282275c442115dfa56ccad5f250 |
| SHA1 | e8ef63d8c08296e7e7d771b7b24b8b311962b039 |
| SHA256 | 9c021b5bcfac26c36e0eeec896e9d4cef59ac42da99eb123114325395e7e817d |
| SHA512 | 9eb64de91fb2ca951499b415dcaaa4824702cf14fa9e180d78b294cc21260cb02a84df5b431a60c35ee0d8535632dd293306ad1a837497b9db952ff1dfef2398 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7651844f69ddca1861d58c782c47985b |
| SHA1 | 691af7563074877204725aef2016f1f3c4c0a3a1 |
| SHA256 | cf70e37c4d6de3aeaf93794d7c5e0abf60b8a53a3324a4428b0321a284e3a845 |
| SHA512 | fd49cf00203783590619d902835ce9bd2e614dca98648acd63e2794e710c57ad868be8fc65ef6657650fd230510494819827c6b356e422d7ab8727bf43aeb901 |
Analysis: behavioral21
Detonation Overview
Submitted
2024-11-07 21:32
Reported
2024-11-07 21:35
Platform
win7-20240903-en
Max time kernel
121s
Max time network
121s
Command Line
Signatures
Command and Scripting Interpreter: JavaScript
Processes
C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\$PROGRAMFILES64\Dokan\DokanLibrary\include\fuse\ScopeGuard.js
Network
Files
Analysis: behavioral29
Detonation Overview
Submitted
2024-11-07 21:32
Reported
2024-11-07 21:35
Platform
win7-20240903-en
Max time kernel
120s
Max time network
121s
Command Line
Signatures
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\rundll32.exe | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 1044 wrote to memory of 2272 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
| PID 1044 wrote to memory of 2272 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
| PID 1044 wrote to memory of 2272 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
| PID 1044 wrote to memory of 2272 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
| PID 1044 wrote to memory of 2272 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
| PID 1044 wrote to memory of 2272 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
| PID 1044 wrote to memory of 2272 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\$SYSDIR\dokan.dll,#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\$SYSDIR\dokan.dll,#1
Network
Files
Analysis: behavioral31
Detonation Overview
Submitted
2024-11-07 21:32
Reported
2024-11-07 21:35
Platform
win7-20241023-en
Max time kernel
122s
Max time network
122s
Command Line
Signatures
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\rundll32.exe | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 772 wrote to memory of 1124 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
| PID 772 wrote to memory of 1124 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
| PID 772 wrote to memory of 1124 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
| PID 772 wrote to memory of 1124 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
| PID 772 wrote to memory of 1124 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
| PID 772 wrote to memory of 1124 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
| PID 772 wrote to memory of 1124 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\$SYSDIR\dokannp.dll,#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\$SYSDIR\dokannp.dll,#1
Network
Files
Analysis: behavioral11
Detonation Overview
Submitted
2024-11-07 21:32
Reported
2024-11-07 21:35
Platform
win7-20241010-en
Max time kernel
120s
Max time network
121s
Command Line
Signatures
Processes
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\$PROGRAMFILES\Dokan\DokanLibrary\include\fuse\fuse_opt.vbs"
Network
Files
Analysis: behavioral14
Detonation Overview
Submitted
2024-11-07 21:32
Reported
2024-11-07 21:35
Platform
win10v2004-20241007-en
Max time kernel
149s
Max time network
151s
Command Line
Signatures
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\$PROGRAMFILES\Dokan\DokanLibrary\mounter.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\$PROGRAMFILES\Dokan\DokanLibrary\mounter.exe
"C:\Users\Admin\AppData\Local\Temp\$PROGRAMFILES\Dokan\DokanLibrary\mounter.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 196.249.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 79.190.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.86.106.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 53.210.109.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.42.69.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 73.190.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 77.190.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 89.16.208.104.in-addr.arpa | udp |
Files
Analysis: behavioral20
Detonation Overview
Submitted
2024-11-07 21:32
Reported
2024-11-07 21:35
Platform
win10v2004-20241007-en
Max time kernel
95s
Max time network
136s
Command Line
Signatures
Processes
C:\Users\Admin\AppData\Local\Temp\$PROGRAMFILES64\Dokan\DokanLibrary\dokanctl.exe
"C:\Users\Admin\AppData\Local\Temp\$PROGRAMFILES64\Dokan\DokanLibrary\dokanctl.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 79.190.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.150.49.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.86.106.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.23.12.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 69.190.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 77.190.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 48.229.111.52.in-addr.arpa | udp |
Files
Analysis: behavioral22
Detonation Overview
Submitted
2024-11-07 21:32
Reported
2024-11-07 21:35
Platform
win10v2004-20241007-en
Max time kernel
100s
Max time network
137s
Command Line
Signatures
Command and Scripting Interpreter: JavaScript
Processes
C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\$PROGRAMFILES64\Dokan\DokanLibrary\include\fuse\ScopeGuard.js
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 196.249.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 79.190.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 68.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.86.106.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.23.12.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 22.236.111.52.in-addr.arpa | udp |
Files
Analysis: behavioral26
Detonation Overview
Submitted
2024-11-07 21:32
Reported
2024-11-07 21:35
Platform
win10v2004-20241007-en
Max time kernel
94s
Max time network
135s
Command Line
Signatures
Processes
C:\Users\Admin\AppData\Local\Temp\$PROGRAMFILES64\Dokan\DokanLibrary\mounter.exe
"C:\Users\Admin\AppData\Local\Temp\$PROGRAMFILES64\Dokan\DokanLibrary\mounter.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 241.150.49.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 102.209.201.84.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 17.160.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 56.163.245.4.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 69.190.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 77.190.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 48.229.111.52.in-addr.arpa | udp |
Files
Analysis: behavioral30
Detonation Overview
Submitted
2024-11-07 21:32
Reported
2024-11-07 21:35
Platform
win10v2004-20241007-en
Max time kernel
148s
Max time network
150s
Command Line
Signatures
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\rundll32.exe | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 676 wrote to memory of 3432 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
| PID 676 wrote to memory of 3432 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
| PID 676 wrote to memory of 3432 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\$SYSDIR\dokan.dll,#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\$SYSDIR\dokan.dll,#1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.150.49.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 79.190.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 140.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.23.12.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 73.190.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 77.190.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.227.111.52.in-addr.arpa | udp |
Files
Analysis: behavioral1
Detonation Overview
Submitted
2024-11-07 21:32
Reported
2024-11-07 21:35
Platform
win7-20240903-en
Max time kernel
117s
Max time network
118s
Command Line
Signatures
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Dokan.exe | N/A |
Enumerates physical storage devices
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\Dokan.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\Dokan.exe
"C:\Users\Admin\AppData\Local\Temp\Dokan.exe"
Network
Files
\Users\Admin\AppData\Local\Temp\nsoFAA5.tmp\System.dll
| MD5 | 883eff06ac96966270731e4e22817e11 |
| SHA1 | 523c87c98236cbc04430e87ec19b977595092ac8 |
| SHA256 | 44e5dfd551b38e886214bd6b9c8ee913c4c4d1f085a6575d97c3e892b925da82 |
| SHA512 | 60333253342476911c84bbc1d9bf8a29f811207787fdd6107dce8d2b6e031669303f28133ffc811971ed7792087fe90fb1faabc0af4e91c298ba51e28109a390 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-11-07 21:32
Reported
2024-11-07 21:35
Platform
win10v2004-20241007-en
Max time kernel
148s
Max time network
150s
Command Line
Signatures
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Dokan.exe | N/A |
Enumerates physical storage devices
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\Dokan.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\Dokan.exe
"C:\Users\Admin\AppData\Local\Temp\Dokan.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 232.168.11.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 79.190.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 134.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 196.249.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 56.163.245.4.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.31.95.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.227.111.52.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Temp\nsj760C.tmp\System.dll
| MD5 | 883eff06ac96966270731e4e22817e11 |
| SHA1 | 523c87c98236cbc04430e87ec19b977595092ac8 |
| SHA256 | 44e5dfd551b38e886214bd6b9c8ee913c4c4d1f085a6575d97c3e892b925da82 |
| SHA512 | 60333253342476911c84bbc1d9bf8a29f811207787fdd6107dce8d2b6e031669303f28133ffc811971ed7792087fe90fb1faabc0af4e91c298ba51e28109a390 |
Analysis: behavioral10
Detonation Overview
Submitted
2024-11-07 21:32
Reported
2024-11-07 21:35
Platform
win10v2004-20241007-en
Max time kernel
93s
Max time network
137s
Command Line
Signatures
Command and Scripting Interpreter: JavaScript
Processes
C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\$PROGRAMFILES\Dokan\DokanLibrary\include\fuse\ScopeGuard.js
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 196.249.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 79.190.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 232.168.11.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 53.210.109.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 73.190.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 77.190.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 48.229.111.52.in-addr.arpa | udp |