Malware Analysis Report

2025-06-15 22:16

Sample ID 241109-ygz2aa1ckc
Target 9a208ce9535e178e03f9afdaa5eb82f11e3db483cdad10f8ed209b172b1f9ca1N
SHA256 9a208ce9535e178e03f9afdaa5eb82f11e3db483cdad10f8ed209b172b1f9ca1
Tags
discovery persistence
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

9a208ce9535e178e03f9afdaa5eb82f11e3db483cdad10f8ed209b172b1f9ca1

Threat Level: Shows suspicious behavior

The file 9a208ce9535e178e03f9afdaa5eb82f11e3db483cdad10f8ed209b172b1f9ca1N was found to be: Shows suspicious behavior.

Malicious Activity Summary

discovery persistence

Loads dropped DLL

Executes dropped EXE

Adds Run key to start application

Suspicious use of NtSetInformationThreadHideFromDebugger

Drops file in Program Files directory

Unsigned PE

Program crash

System Location Discovery: System Language Discovery

Suspicious use of FindShellTrayWindow

Modifies Internet Explorer settings

Suspicious behavior: EnumeratesProcesses

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

Suspicious use of AdjustPrivilegeToken

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-11-09 19:46

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-11-09 19:46

Reported

2024-11-09 19:48

Platform

win7-20240903-en

Max time kernel

113s

Max time network

111s

Command Line

"C:\Users\Admin\AppData\Local\Temp\9a208ce9535e178e03f9afdaa5eb82f11e3db483cdad10f8ed209b172b1f9ca1N.exe"

Signatures

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Adobe_Reader = "c:\\users\\admin\\appdata\\local\\temp\\\\wmpscfgs.exe" \??\c:\users\admin\appdata\local\temp\wmpscfgs.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Adobe_Reader = "c:\\users\\admin\\appdata\\local\\temp\\\\wmpscfgs.exe" C:\Users\Admin\AppData\Local\Temp\9a208ce9535e178e03f9afdaa5eb82f11e3db483cdad10f8ed209b172b1f9ca1N.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File created \??\c:\program files (x86)\microsoft office\office14\bcssync.exe C:\Users\Admin\AppData\Local\Temp\9a208ce9535e178e03f9afdaa5eb82f11e3db483cdad10f8ed209b172b1f9ca1N.exe N/A
File opened for modification \??\c:\program files (x86)\adobe\acrotray .exe \??\c:\users\admin\appdata\local\temp\wmpscfgs.exe N/A
File opened for modification \??\c:\program files (x86)\adobe\acrotray.exe \??\c:\users\admin\appdata\local\temp\wmpscfgs.exe N/A
File opened for modification \??\c:\program files (x86)\internet explorer\wmpscfgs.exe \??\c:\users\admin\appdata\local\temp\wmpscfgs.exe N/A
File created \??\c:\program files (x86)\adobe\acrotray .exe C:\Users\Admin\AppData\Local\Temp\9a208ce9535e178e03f9afdaa5eb82f11e3db483cdad10f8ed209b172b1f9ca1N.exe N/A
File created \??\c:\program files (x86)\adobe\acrotray.exe C:\Users\Admin\AppData\Local\Temp\9a208ce9535e178e03f9afdaa5eb82f11e3db483cdad10f8ed209b172b1f9ca1N.exe N/A
File created \??\c:\program files (x86)\internet explorer\wmpscfgs.exe C:\Users\Admin\AppData\Local\Temp\9a208ce9535e178e03f9afdaa5eb82f11e3db483cdad10f8ed209b172b1f9ca1N.exe N/A
File created C:\Program Files (x86)\259456167.dat \??\c:\users\admin\appdata\local\temp\wmpscfgs.exe N/A
File created \??\c:\program files (x86)\microsoft office\office14\bcssync.exe \??\c:\users\admin\appdata\local\temp\wmpscfgs.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language \??\c:\users\admin\appdata\local\temp\wmpscfgs.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Internet Explorer\wmpscfgs.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Internet Explorer\wmpscfgs.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language \??\c:\users\admin\appdata\local\temp\wmpscfgs.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\9a208ce9535e178e03f9afdaa5eb82f11e3db483cdad10f8ed209b172b1f9ca1N.exe N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Set value (int) \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000b3e8f15f634dfc43bfa5c3a2648d88c4000000000200000000001066000000010000200000001537769397b18a6c836145dba42511d7b2161dae2651bebc64f4187e963d851e000000000e8000000002000020000000e05b6238acf82b94ebdbd71c4902bfce9f913038909a9d6162c6b53bed4946e190000000f3e150621e56d3ce71e715693af22533d18ed0ff1ccdc8c504ba551caba77169119d16aad1ecfad3504a256ea209eb3816e0c98837fbc235fab9e2d56bf461ad1d5a3c7c5a6ba0d75414c6d8fa91efbe86c480878822691ab875a7bf4292889f56e3e344b91939329dd9f5f783d2344cfa8d2281d563f434be4e6efe55c7bf6547cae26652e36d73d74369c85ae61e7c400000007b07e3fe21b9baa78936621ee38ecae50aea3ffef177597de5df38ecd78e5419a3878f43ffc55cc99afbcd645a011fdaaba0335189551a5d14bb1a19ada1a284 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "437343464" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{53DE5331-9ED3-11EF-B656-D686196AC2C0} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000000000001000000ffffffffffffffffffffffffffffffff3d0000003d000000c3040000a2020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\MINIE C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\MINIE\TabBandWidth = "500" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000000000001000000ffffffffffffffffffffffffffffffff5600000000000000dc04000065020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000b3e8f15f634dfc43bfa5c3a2648d88c4000000000200000000001066000000010000200000007094521d2759c8beace78a72b8cdf70db867cdd6704ad1c3dd1b817b142623fc000000000e80000000020000200000007732966d4c6a7c2f06abe896de3b9f486e087593d246ed63ede6c97fc0193c8820000000c13a7d68c289df6d78f20a65b7b65a25bde27fc4bf2149c20f899018e855bd54400000007d810cb31f57d1c727cc0403395f3256a3ae28ee5925ca2e20693f8f02ffe5a3941e0dcbbe6fe7c1b897c66b022ae8bc9a75caa13c08c0e147b49d12a02e3c4c C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = f0c35d2be032db01 C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\9a208ce9535e178e03f9afdaa5eb82f11e3db483cdad10f8ed209b172b1f9ca1N.exe N/A
Token: SeDebugPrivilege N/A \??\c:\users\admin\appdata\local\temp\wmpscfgs.exe N/A
Token: SeDebugPrivilege N/A \??\c:\users\admin\appdata\local\temp\wmpscfgs.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files (x86)\Internet Explorer\wmpscfgs.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2596 wrote to memory of 1000 N/A C:\Users\Admin\AppData\Local\Temp\9a208ce9535e178e03f9afdaa5eb82f11e3db483cdad10f8ed209b172b1f9ca1N.exe \??\c:\users\admin\appdata\local\temp\wmpscfgs.exe
PID 2596 wrote to memory of 1000 N/A C:\Users\Admin\AppData\Local\Temp\9a208ce9535e178e03f9afdaa5eb82f11e3db483cdad10f8ed209b172b1f9ca1N.exe \??\c:\users\admin\appdata\local\temp\wmpscfgs.exe
PID 2596 wrote to memory of 1000 N/A C:\Users\Admin\AppData\Local\Temp\9a208ce9535e178e03f9afdaa5eb82f11e3db483cdad10f8ed209b172b1f9ca1N.exe \??\c:\users\admin\appdata\local\temp\wmpscfgs.exe
PID 2596 wrote to memory of 1000 N/A C:\Users\Admin\AppData\Local\Temp\9a208ce9535e178e03f9afdaa5eb82f11e3db483cdad10f8ed209b172b1f9ca1N.exe \??\c:\users\admin\appdata\local\temp\wmpscfgs.exe
PID 2596 wrote to memory of 1372 N/A C:\Users\Admin\AppData\Local\Temp\9a208ce9535e178e03f9afdaa5eb82f11e3db483cdad10f8ed209b172b1f9ca1N.exe C:\Program Files (x86)\Internet Explorer\wmpscfgs.exe
PID 2596 wrote to memory of 1372 N/A C:\Users\Admin\AppData\Local\Temp\9a208ce9535e178e03f9afdaa5eb82f11e3db483cdad10f8ed209b172b1f9ca1N.exe C:\Program Files (x86)\Internet Explorer\wmpscfgs.exe
PID 2596 wrote to memory of 1372 N/A C:\Users\Admin\AppData\Local\Temp\9a208ce9535e178e03f9afdaa5eb82f11e3db483cdad10f8ed209b172b1f9ca1N.exe C:\Program Files (x86)\Internet Explorer\wmpscfgs.exe
PID 2596 wrote to memory of 1372 N/A C:\Users\Admin\AppData\Local\Temp\9a208ce9535e178e03f9afdaa5eb82f11e3db483cdad10f8ed209b172b1f9ca1N.exe C:\Program Files (x86)\Internet Explorer\wmpscfgs.exe
PID 1372 wrote to memory of 2948 N/A C:\Program Files (x86)\Internet Explorer\wmpscfgs.exe C:\Windows\SysWOW64\WerFault.exe
PID 1372 wrote to memory of 2948 N/A C:\Program Files (x86)\Internet Explorer\wmpscfgs.exe C:\Windows\SysWOW64\WerFault.exe
PID 1372 wrote to memory of 2948 N/A C:\Program Files (x86)\Internet Explorer\wmpscfgs.exe C:\Windows\SysWOW64\WerFault.exe
PID 1372 wrote to memory of 2948 N/A C:\Program Files (x86)\Internet Explorer\wmpscfgs.exe C:\Windows\SysWOW64\WerFault.exe
PID 1000 wrote to memory of 2528 N/A \??\c:\users\admin\appdata\local\temp\wmpscfgs.exe \??\c:\users\admin\appdata\local\temp\wmpscfgs.exe
PID 1000 wrote to memory of 2528 N/A \??\c:\users\admin\appdata\local\temp\wmpscfgs.exe \??\c:\users\admin\appdata\local\temp\wmpscfgs.exe
PID 1000 wrote to memory of 2528 N/A \??\c:\users\admin\appdata\local\temp\wmpscfgs.exe \??\c:\users\admin\appdata\local\temp\wmpscfgs.exe
PID 1000 wrote to memory of 2528 N/A \??\c:\users\admin\appdata\local\temp\wmpscfgs.exe \??\c:\users\admin\appdata\local\temp\wmpscfgs.exe
PID 1000 wrote to memory of 2556 N/A \??\c:\users\admin\appdata\local\temp\wmpscfgs.exe C:\Program Files (x86)\Internet Explorer\wmpscfgs.exe
PID 1000 wrote to memory of 2556 N/A \??\c:\users\admin\appdata\local\temp\wmpscfgs.exe C:\Program Files (x86)\Internet Explorer\wmpscfgs.exe
PID 1000 wrote to memory of 2556 N/A \??\c:\users\admin\appdata\local\temp\wmpscfgs.exe C:\Program Files (x86)\Internet Explorer\wmpscfgs.exe
PID 1000 wrote to memory of 2556 N/A \??\c:\users\admin\appdata\local\temp\wmpscfgs.exe C:\Program Files (x86)\Internet Explorer\wmpscfgs.exe
PID 1148 wrote to memory of 1264 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 1148 wrote to memory of 1264 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 1148 wrote to memory of 1264 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 1148 wrote to memory of 1264 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 1148 wrote to memory of 2276 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 1148 wrote to memory of 2276 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 1148 wrote to memory of 2276 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 1148 wrote to memory of 2276 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

Processes

C:\Users\Admin\AppData\Local\Temp\9a208ce9535e178e03f9afdaa5eb82f11e3db483cdad10f8ed209b172b1f9ca1N.exe

"C:\Users\Admin\AppData\Local\Temp\9a208ce9535e178e03f9afdaa5eb82f11e3db483cdad10f8ed209b172b1f9ca1N.exe"

\??\c:\users\admin\appdata\local\temp\wmpscfgs.exe

c:\users\admin\appdata\local\temp\\wmpscfgs.exe

C:\Program Files (x86)\Internet Explorer\wmpscfgs.exe

C:\Program Files (x86)\Internet Explorer\wmpscfgs.exe

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 1372 -s 272

\??\c:\users\admin\appdata\local\temp\wmpscfgs.exe

c:\users\admin\appdata\local\temp\\wmpscfgs.exe

C:\Program Files (x86)\Internet Explorer\wmpscfgs.exe

C:\Program Files (x86)\Internet Explorer\wmpscfgs.exe

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" -Embedding

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1148 CREDAT:275457 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1148 CREDAT:275476 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 www.supernetforme.com udp
NL 37.48.65.145:80 www.supernetforme.com tcp
NL 37.48.65.145:80 www.supernetforme.com tcp
US 8.8.8.8:53 ww1.supernetforme.com udp
US 199.59.243.227:80 ww1.supernetforme.com tcp
US 199.59.243.227:80 ww1.supernetforme.com tcp
NL 94.75.229.248:80 tcp
NL 94.75.229.248:80 tcp
NL 94.75.229.248:80 tcp
NL 94.75.229.248:80 tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 8.8.8.8:53 www.superwebbysearch.com udp
US 162.210.196.166:80 www.superwebbysearch.com tcp
US 162.210.196.166:80 www.superwebbysearch.com tcp
US 8.8.8.8:53 ww1.superwebbysearch.com udp
US 199.59.243.227:80 ww1.superwebbysearch.com tcp
US 199.59.243.227:80 ww1.superwebbysearch.com tcp

Files

memory/2596-0-0x0000000000400000-0x0000000000DBB000-memory.dmp

memory/2596-1-0x000000007EBD0000-0x000000007EFA1000-memory.dmp

memory/2596-2-0x0000000010000000-0x0000000010010000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\wmpscfgs.exe

MD5 0c4f4f9df7c9bf92e4b72039dce35b73
SHA1 534e66ff4a3f8f0b05a969ec254bac872fa96a08
SHA256 2b3763ed4958e2a592f1842cf5d24c5671f1a811ea16e3db143f1dd9bcb0b054
SHA512 e3dbb76a83d998eb8767e3c717511a839a9fe2b8546e4da461d73f1d2e13d58b8c45f372d4e703d0b6a0c724fd9b3c932faefb551ac7245990d5e0293f73a106

\Program Files (x86)\Internet Explorer\wmpscfgs.exe

MD5 94ccb4e3f5a57e7fc34de12723754a8b
SHA1 7533db5af66cc0e766a5490862647ab5e82baf6b
SHA256 0372575f1e4629169db351c9bff539846261059f4a09926c917f4567d7f2a234
SHA512 47e68f9290e2398695e6c4df8aeedd38080d43d808a1dfb20cfa0e143920e1848979e436ec4919e1d058e8f26b43f64b71d76994468c9ec91cb3a208bc692e6e

memory/2596-23-0x0000000005160000-0x0000000005B1B000-memory.dmp

memory/2596-28-0x0000000005160000-0x0000000005B1B000-memory.dmp

memory/1372-31-0x0000000000400000-0x0000000000DBB000-memory.dmp

memory/1000-30-0x0000000000400000-0x0000000000DBB000-memory.dmp

memory/2596-26-0x0000000000400000-0x0000000000DBB000-memory.dmp

memory/2596-24-0x000000007EBD0000-0x000000007EFA1000-memory.dmp

memory/1000-33-0x0000000010000000-0x0000000010010000-memory.dmp

memory/1372-40-0x0000000000400000-0x0000000000DBB000-memory.dmp

memory/1000-42-0x0000000000400000-0x0000000000DBB000-memory.dmp

memory/1000-41-0x0000000000400000-0x0000000000DBB000-memory.dmp

\??\c:\program files (x86)\microsoft office\office14\bcssync.exe

MD5 44392bc041f053f042b444572ed3fefc
SHA1 cf59411a74cbee6381c30fc6ca52d8141d8d5893
SHA256 efd21ffba64b1215a417135ee1686e9121a8248d565ee3dd6a0aa1b07d6eee98
SHA512 d85552ae3d1a24011bc086f8f9d6d3df50ada32c50740351d4c6eaae56a95aa4a27b99d36aecaa459939d794a7d7fe636c7fcd2a239d0848627de67480cddc86

\??\c:\program files (x86)\adobe\acrotray .exe

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

\Program Files (x86)\Internet Explorer\wmpscfgs.exe

MD5 0b6ca4d7c6813ff41fbd18291fecc131
SHA1 811a6f5c8c7b319f1ece2232a8dde57687e515ec
SHA256 95d80a30c4bc2aecd03d2904a13111328eacd14892abe4b7c427f5025939289b
SHA512 b6e7b65b0e348ae52a4259b3c069da89035881acfaa1996bb82fdb27338cdfa93d6b3c7ad3b8f1da38800fb4175116bdb3fc5d589746d86424618e366c018b4e

memory/1000-64-0x0000000004DC0000-0x000000000577B000-memory.dmp

memory/1000-65-0x0000000004DC0000-0x000000000577B000-memory.dmp

memory/1000-67-0x0000000000400000-0x0000000000DBB000-memory.dmp

memory/1000-68-0x00000000003F0000-0x00000000003F2000-memory.dmp

memory/2528-72-0x0000000000400000-0x0000000000DBB000-memory.dmp

memory/2556-76-0x0000000000400000-0x0000000000DBB000-memory.dmp

memory/1000-87-0x0000000000400000-0x0000000000DBB000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\Cab33FF.tmp

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\Local\Temp\Tar3451.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0fc90f363f01fa6630aeb7c33b69d0f2
SHA1 d7fbd9566150a17881a83d8cc06ceefd126c21f3
SHA256 80b3bd3ea85ffb20bc1675095b0be16bf5061f1de447b15179ff23916cfe3506
SHA512 0aa8a0e151fce08ebfe568335651a5f365bbe706f690f27224d08b95939f8ff4bb3e36bc3f6791d7c18e05fba1834f390bf3e727f71daa451893892671153e7e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f96d33f233ffa5b5d8d9facdac168332
SHA1 93f464de2c9262880f75b507bca1e8ed790c1345
SHA256 a005dfade825eb8364553bc37cdf833a12359d664e43e890dbb9ea77b980892b
SHA512 932da611ecd245fb60c2d57ba9abc3f6c89a3f125e60104140895a22ff64fa7bc000ff42b8626ea4d8215dc321445ae04d3d9a4b26a74ee594120a3aa9c7d117

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2fa25b1aa2db30912e80d4d88e664544
SHA1 30ee0152ced8aeebf9f37d57ca9b807c337d7ef0
SHA256 455b330969873d1dd3835e29f3df55e264be2384f1641f52dd7a3635492c148e
SHA512 794ecc522e893c1eee275e31eee7348ba471fc14d0bac968bb0ccb7acb6710f22c4ba2f31f4f1fb8adf175b0b6eb2dcda728648ad9d118893e1f077be99b8045

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5b0e8aaedf2d9c81b860a1349542f65d
SHA1 922f8d6b1a4da2564045bd2354313d4d4db7e781
SHA256 f5c7e1a37847bbcf58d7b028d2cb8f4574985874059dc0af8b3b2cfec1d129c0
SHA512 2f86001aa4e8c9784a10ed2e621b4cad4b3288e9e304ba2f902d4cc113788684ab39ea894776a8430d43dfafe701ae00636dee8b1a298f1e869048ecba765277

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 674942af285c09b7ce9e44d24cb333ee
SHA1 2070623588d1e4f88adf3d209a14ce2fbd109674
SHA256 8d8b0f9f4410618ff3183a727506b1495e43335108dc4b134fc2c3865017f6a7
SHA512 b5f4419c284a6c9e2e1e15e7ccd9f19798a2620c8b57ebf0e1275a8a208cf59157a6498f539f4a99f450d4d5eab4c2f8f9a631a1c5e8b86ddb521ed45a3d388d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7bb055a78537b0eb46ed09aab755d4c8
SHA1 71c312e03584b6d0a9037e41d41800fbd573f8d6
SHA256 93ce1e5eaef8c013f1f481eef45a9e4831162c999b537509072d9d022df56df5
SHA512 b8a43bd16fa79cbbdeade6c3fb886e6b6c2cbc892bb3fbdcaec77a6ed66b7253a8f59bb28c9cf279d5df028b427829779326c3b2ade9a26ab2ba55dd8367baec

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6eb71c3185a67aa2a9c2cd86df8ef1a4
SHA1 d5134159fddbc55292d6f88b7bf32ee51487531d
SHA256 6bf19e2e31eef170fe653dc8a3e123d9413b1f36ed2dfb6d7d0932d4dde1a8a2
SHA512 833b4896045690e672941c6010ec87e63da2cf9cf99903084d2cc60770d2c10734a29621b38651728fc9ba088cca9e08b1d3a851abe8223f0709d39f55bd8594

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ba1356efc8b912dcaa85684a02291db1
SHA1 d57542aba2c8919c2452154c74713fb9cacbaf87
SHA256 fe8b284cc4bec8e74ea91561cb584edcb4ae88d83ccde13c6c1f229d7821c98e
SHA512 d1403a3757a7064be3f6b5f59de6826e7c9992981fe1d606daab758c4817cfb1e016cc9e407af6b58ae847c8ee18399a58014e1c23d7b3e08de410e47245ecf5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6d4306fb92210a032ae71f55274420a6
SHA1 900926193e28a5fd605fd13a87b9b3f39f60e185
SHA256 55b6ccd2109be55e3b3d64b7ebf26275aa6da2548fc789029d9ca49bdfd4ee53
SHA512 a52e1a3c29165a369331d80aba089e47d863f6a3b9e152dd52d0f830872d7fd4aadc5cb069fff09cd5a7bb0d15b2c7373b3a7c6ac7f4cb3d5a393aec2ffbfaec

memory/1000-516-0x0000000000400000-0x0000000000DBB000-memory.dmp

memory/1000-521-0x0000000000400000-0x0000000000DBB000-memory.dmp

memory/1000-522-0x0000000000400000-0x0000000000DBB000-memory.dmp

memory/1000-524-0x0000000000400000-0x0000000000DBB000-memory.dmp

memory/1000-525-0x0000000000400000-0x0000000000DBB000-memory.dmp

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0004d5919d1fd48598082a657eeca25d
SHA1 589ab3ef912d82f3111db1cac0644a7de6b135b9
SHA256 de32e1847945076015d746cdebebfffd9b726bf600dc7085a0c1ae53bce62643
SHA512 1d94f00ff6fffca50d8b90c3c254fefb307595a25325fcb660bebaf3665b750d27b26a27e0e847945b595d22a05541c91b33364b4be8d5c4001bf2146aba7388

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6b5067f1547747a7146404d6a8d30198
SHA1 467ef98f64222b23f70f329afae341db6dcab83d
SHA256 d7094b2cfdf4a465fa9517bbba8ef21743585990addd617c0f234fa5f5c56e59
SHA512 c54f63ea3d91ba9e688f6e62e8a506e2dc6be41f5071173abd9666fc14c5341d35fc6a2b6222491a7deb5a69ca3608dcef641858c05930b53aee90e902d3bdba

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 74258ff3ebab1b02429ff7f1b313cac7
SHA1 79d83a191abf35e6c954d496a89696c7d4ee2467
SHA256 51562e879f2045585a152f0aaa8d2c5493f2897d75de28b8f111d3f8ce7f7fda
SHA512 370f89046e130c1909be253790699943cdb6efa60a1bdc9ded306d0c7883626ea3c460ec0c69bf643d525b59aeba085056c3bd1de08460a797e32734fc1913e5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 56b38781f1a7951f1783e2062c583d10
SHA1 bba9087c498e7131d44723a7daceaf7d5d19ee82
SHA256 9a3d9e5a0230c847e65ccd57b05ca4c7e55af7dd0d234551de056ddd2f3183c0
SHA512 440882ecbf488058eff88cb8bb7a5dbd7f0a1af296c562bbb3eab5e1fb54c28b581a5f62d790d23a1dc8fc0fc71be56c3bc611d45a8ad4af27697f21cbfc9c67

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5d2d873b34e9b26411006ba90cc1d05e
SHA1 de55c2dda713d72de22fadf83bfeda3f3f7a052e
SHA256 54e21b2785c083420958f53b069d5549e1196ca8092c94f8e55fb5eecd049223
SHA512 910cbd9a8276db130b01172bba571bc67924dda95e9a9c892cbc658d0e773b336bb0358b80ff7d50a2965dcc027bb1ddb3a4e1fedd3a5927af91657c675f9c61

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 49633691df643ccf49c24895c2950348
SHA1 2a59aeaa0a2fefb49bcc4f03cb86eeeba29fe10c
SHA256 f4a442bc3355463838988a3e30ce90c231cbe00f54eafabf9182fbe718a1a77b
SHA512 b3f78a9d9731ee1f5b3b1ac4c2f06b8edb689ea6bf2a14e0de10a1574d6ef4c3cb4bfb973bbecbf020d9e7f1df5401506c57cb280b943fcfa9028608cba7e4d8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f404f5bb46703b20fab3f52aa6e37042
SHA1 5a7e3793b296e5f2a2d890055c83f01053ea586c
SHA256 d98565581522cab759a2d5aaf850176dc474fa7bebe85ee98113ba374ae2d65f
SHA512 d16f0971aa4b5eb4eb89f88db19ada849e579fe2ac4d905ee4d93223e0d804023826b626300c683afa911dc891940d14983b079a0078c956b7531835fe8a005e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 18fa8b530432b9815b6b149887b30950
SHA1 f222a1b9f089fd204a12edd6ce62e394d8e64c64
SHA256 2091fe817e20b31441356120e36d88a236ca8e2e56830da927e044488ac728b1
SHA512 cb6ab88dc553a10ea62b29787e4cbc282cbc2457e493b66beab6c52ac588ba9c2a72a33fd107c47dc6598a72fb7877d43cb9b244db014399d42bdb3b9d6c282d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9796a308f52aac4682ec32c38dc95a4d
SHA1 412b43274ec72203cbd9f40ee04130b6d024756b
SHA256 b8a17ed0686ed4c7059dd7b4d96390cba4e1a4feaeeee9941c1f38757e56f983
SHA512 e3e66c409aa937b02336aed47b083ff1e0bbbd9e89c308fd8b32c0e87e5bee78e7f6d8283e898fd9c22db2431ee35873cda053b385acb3176c4794abf60e00ba

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c88cd3c4835da5ab57aac87ea978751c
SHA1 43b2a6cce9334bd3922b9dd1983d9663b91c2dfe
SHA256 35ecddf8ffa7fc2bb4d4e75229c15e5cf8dcf5585b5681c19ebe7aab879a947f
SHA512 fa24d99d4e557aeead8cb51907697f34d94e6ed69e000e61feee483435097e6c9a8f58146249f8e692ba809914ec039ee705c8a7b550f36de24be15be081a277

memory/1000-965-0x0000000000400000-0x0000000000DBB000-memory.dmp

memory/1000-966-0x0000000000400000-0x0000000000DBB000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AS91FDNI\blarGlPiE[1].js

MD5 ce07affa04803b8889da4add31fd43dc
SHA1 0fb5a8fcee96a30571493eab29d0e2a6555a16ff
SHA256 8c1495c44aec0fa67b5ea6caf921a72de269aff5387ae21fc97e22f94f4f7f3f
SHA512 f79974074d4f5f991d2acb486189d8c8668dc854c40dc586836359fc20d38c66d0f98303962c072e119a4ca0daf1156cb8ff476c9b3cebf785f37ae73b88567f

memory/1000-982-0x0000000000400000-0x0000000000DBB000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-11-09 19:46

Reported

2024-11-09 19:48

Platform

win10v2004-20241007-en

Max time kernel

94s

Max time network

95s

Command Line

"C:\Users\Admin\AppData\Local\Temp\9a208ce9535e178e03f9afdaa5eb82f11e3db483cdad10f8ed209b172b1f9ca1N.exe"

Signatures

Executes dropped EXE

Description Indicator Process Target
N/A N/A \??\c:\users\admin\appdata\local\temp\wmpscfgs.exe N/A
N/A N/A C:\Program Files (x86)\Internet Explorer\wmpscfgs.exe N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Adobe_Reader = "c:\\users\\admin\\appdata\\local\\temp\\\\wmpscfgs.exe" C:\Users\Admin\AppData\Local\Temp\9a208ce9535e178e03f9afdaa5eb82f11e3db483cdad10f8ed209b172b1f9ca1N.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File created \??\c:\program files (x86)\adobe\acrotray .exe C:\Users\Admin\AppData\Local\Temp\9a208ce9535e178e03f9afdaa5eb82f11e3db483cdad10f8ed209b172b1f9ca1N.exe N/A
File created \??\c:\program files (x86)\adobe\acrotray.exe C:\Users\Admin\AppData\Local\Temp\9a208ce9535e178e03f9afdaa5eb82f11e3db483cdad10f8ed209b172b1f9ca1N.exe N/A
File created \??\c:\program files (x86)\internet explorer\wmpscfgs.exe C:\Users\Admin\AppData\Local\Temp\9a208ce9535e178e03f9afdaa5eb82f11e3db483cdad10f8ed209b172b1f9ca1N.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\9a208ce9535e178e03f9afdaa5eb82f11e3db483cdad10f8ed209b172b1f9ca1N.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language \??\c:\users\admin\appdata\local\temp\wmpscfgs.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Internet Explorer\wmpscfgs.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\9a208ce9535e178e03f9afdaa5eb82f11e3db483cdad10f8ed209b172b1f9ca1N.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\9a208ce9535e178e03f9afdaa5eb82f11e3db483cdad10f8ed209b172b1f9ca1N.exe

"C:\Users\Admin\AppData\Local\Temp\9a208ce9535e178e03f9afdaa5eb82f11e3db483cdad10f8ed209b172b1f9ca1N.exe"

\??\c:\users\admin\appdata\local\temp\wmpscfgs.exe

c:\users\admin\appdata\local\temp\\wmpscfgs.exe

C:\Program Files (x86)\Internet Explorer\wmpscfgs.exe

C:\Program Files (x86)\Internet Explorer\wmpscfgs.exe

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 420 -p 3968 -ip 3968

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 412 -p 4216 -ip 4216

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 3968 -s 676

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 4216 -s 672

Network

Country Destination Domain Proto
US 8.8.8.8:53 104.219.191.52.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 134.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 53.210.109.20.in-addr.arpa udp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
US 8.8.8.8:53 75.117.19.2.in-addr.arpa udp
US 8.8.8.8:53 83.210.23.2.in-addr.arpa udp
US 8.8.8.8:53 69.208.201.84.in-addr.arpa udp
US 8.8.8.8:53 30.243.111.52.in-addr.arpa udp

Files

memory/452-0-0x0000000000400000-0x0000000000DBB000-memory.dmp

memory/452-1-0x000000007FA70000-0x000000007FE41000-memory.dmp

memory/452-2-0x0000000010000000-0x0000000010010000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\wmpscfgs.exe

MD5 9d8d229e4429d2fdf97a158fae93e09d
SHA1 2fb04ca0c4e0434620640a59d8a3c36dceb017f2
SHA256 b7cf1cc40af12aaf9e528833267d04c03b962bca7f44e94a3ec9504043a97550
SHA512 b57e7c0b5123c33a88d0a2d3dea1f76109803d99cb2ad25025e157f7cc9b1920cf391656f5aa2f627e976d3df71b6b42cc5787765eb280879f3cf042e11dc534

C:\Program Files (x86)\Internet Explorer\wmpscfgs.exe

MD5 d1584ac9e9ae113486d1638be086b44e
SHA1 15261c6ae05e646642aaf01ff2ccda27ffb62c26
SHA256 d02f31fb436c183ac8c664fc4973537ce559c75e80b33b42b8757b58155fca89
SHA512 d3f5d171e5c1bdf4d74673ea2f55a5e7515d53a33e30f0facee10831429f4ebb35033423d1213a61a57d3c6049e3d160298664af7f6403fde209087902c7561a

memory/3968-16-0x0000000000400000-0x0000000000DBB000-memory.dmp

memory/452-18-0x000000007FA70000-0x000000007FE41000-memory.dmp

memory/4216-19-0x000000007FA70000-0x000000007FE41000-memory.dmp

memory/3968-20-0x000000007FA70000-0x000000007FE41000-memory.dmp

memory/452-17-0x0000000000400000-0x0000000000DBB000-memory.dmp

memory/4216-21-0x0000000000400000-0x0000000000DBB000-memory.dmp

memory/4216-22-0x000000007FA70000-0x000000007FE41000-memory.dmp

memory/3968-24-0x0000000000400000-0x0000000000DBB000-memory.dmp

memory/3968-25-0x000000007FA70000-0x000000007FE41000-memory.dmp