Malware Analysis Report

2025-04-14 08:12

Sample ID 250316-xaftdsxsct
Target sample2.exe
SHA256 361411e6321c45c845669ac89e32feec0bdd97916b5d73f508c43576b8a15a20
Tags
raccoon vidar 651 discovery persistence spyware stealer
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

361411e6321c45c845669ac89e32feec0bdd97916b5d73f508c43576b8a15a20

Threat Level: Known bad

The file sample2.exe was found to be: Known bad.

Malicious Activity Summary

raccoon vidar 651 discovery persistence spyware stealer

Raccoon family

Vidar

Raccoon Stealer V1 payload

Vidar family

Raccoon

Vidar Stealer

Checks computer location settings

Executes dropped EXE

Reads local data of messenger clients

Loads dropped DLL

Reads user/profile data of web browsers

Reads user/profile data of local email clients

Adds Run key to start application

Looks up external IP address via web service

Accesses 2FA software files, possible credential harvesting

Checks installed software on the system

Legitimate hosting services abused for malware hosting/C2

Drops file in Windows directory

Drops file in Program Files directory

Unsigned PE

System Location Discovery: System Language Discovery

Enumerates physical storage devices

Browser Information Discovery

Modifies Internet Explorer settings

Suspicious use of FindShellTrayWindow

Runs .reg file with regedit

Suspicious use of SetWindowsHookEx

Modifies registry class

Modifies data under HKEY_USERS

Enumerates system info in registry

Checks processor information in registry

Suspicious use of WriteProcessMemory

Suspicious behavior: EnumeratesProcesses

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2025-03-16 18:38

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2025-03-16 18:38

Reported

2025-03-16 18:41

Platform

win7-20240903-en

Max time kernel

149s

Max time network

150s

Command Line

"C:\Users\Admin\AppData\Local\Temp\sample2.exe"

Signatures

Raccoon

stealer raccoon

Raccoon Stealer V1 payload

Description Indicator Process Target
N/A N/A N/A N/A

Raccoon family

raccoon

Vidar

stealer vidar

Vidar family

vidar

Vidar Stealer

stealer
Description Indicator Process Target
N/A N/A N/A N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\wotsuper\wotsuper\wotsuper.exe N/A
N/A N/A C:\Program Files (x86)\wotsuper\wotsuper\wotsuper1.exe N/A

Reads local data of messenger clients

spyware stealer

Reads user/profile data of local email clients

spyware stealer

Reads user/profile data of web browsers

spyware stealer

Accesses 2FA software files, possible credential harvesting

spyware stealer

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Windows\CurrentVersion\Run\Advanced SystemCare = "\"C:\\Program Files (x86)\\IObit\\Advanced SystemCare\\ASCTray.exe\" /Auto" C:\Windows\SysWOW64\regedit.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Windows\CurrentVersion\Run\wotsuper C:\Windows\SysWOW64\regedit.exe N/A

Checks installed software on the system

discovery

Legitimate hosting services abused for malware hosting/C2

Description Indicator Process Target
N/A iplogger.org N/A N/A
N/A iplogger.org N/A N/A
N/A iplogger.org N/A N/A
N/A iplogger.org N/A N/A
N/A iplogger.org N/A N/A
N/A iplogger.org N/A N/A

Looks up external IP address via web service

Description Indicator Process Target
N/A ip-api.com N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File opened for modification C:\Program Files (x86)\wotsuper\wotsuper\wotsuper1.exe C:\Users\Admin\AppData\Local\Temp\sample2.exe N/A
File opened for modification C:\Program Files (x86)\wotsuper\wotsuper\Uninstall.exe C:\Users\Admin\AppData\Local\Temp\sample2.exe N/A
File created C:\Program Files (x86)\wotsuper\wotsuper\Uninstall.ini C:\Users\Admin\AppData\Local\Temp\sample2.exe N/A
File opened for modification C:\Program Files (x86)\wotsuper\wotsuper\wotsuper.exe C:\Users\Admin\AppData\Local\Temp\sample2.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File opened for modification C:\Windows\wotsuper.reg C:\Users\Admin\AppData\Local\Temp\sample2.exe N/A

Enumerates physical storage devices

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\sample2.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\regedit.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\wotsuper\wotsuper\wotsuper.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\wotsuper\wotsuper\wotsuper1.exe N/A

Checks processor information in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files (x86)\wotsuper\wotsuper\wotsuper1.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Program Files (x86)\wotsuper\wotsuper\wotsuper1.exe N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "448312196" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000004b6590bd904c9c44818e1d6cc5aae84a00000000020000000000106600000001000020000000307b8c65c167a776f85ef17d72769ce8b98acf91e5c1bdcf411c8838284212e1000000000e800000000200002000000014fe51dee259c2743c7e7532ffa3b6cdaf24d9fe17fc13b1db461ada05fb859c90000000fc1ad446dd241ea068474421b14a6637fdf391272ae9574b6415c41d4c29029425ebf4cbcc2c3eef3521b7ec07df47d960ae7829e7693971cfdf2824f5073ae7f5e9533d4755640c10100a6f8d3d05d49e7426ee089a4cb30a16b09e099e930478eef5ebe18538c4e59779f5d1bb13020132ff6f9ae87632f1d2e079f28365d87f3aabb45a5216a6d89abc379b7974e1400000002b1e40d2110b6d9b2e66b8583b2b75225cb50280f52b7536a47f43fadc3c1f9142fab12843a92f8f333fe4888f9dc18b43b17a285a9cefb727f79dcfe418df3a C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000004b6590bd904c9c44818e1d6cc5aae84a000000000200000000001066000000010000200000004801588dbc63ecd41e302e4a5415da7878df170b65a3ea2a456a2b7301d63e08000000000e8000000002000020000000dade2f0df6ddb5368dc496e36e6f280e5639884892ac84a1f0c69a2dbaaf9cc520000000731defbca0a1951b242c81bbdffe193af8e47158acda3dc0c6a5ba60f64863db40000000d1a15afcf337d0acfc19a194b1a3e91bc4baa9e00d365bf32782f6253444713c0703477246929422206620ddb7af4e0d0768f53d7c9495ab597adcd5ef8860e1 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = e0fdc1bca296db01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{E6460301-0295-11F0-8AE4-465533733A50} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff3d0000003d000000c3040000a2020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{E632F801-0295-11F0-8AE4-465533733A50} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A

Runs .reg file with regedit

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\regedit.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1996 wrote to memory of 2692 N/A C:\Users\Admin\AppData\Local\Temp\sample2.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1996 wrote to memory of 2692 N/A C:\Users\Admin\AppData\Local\Temp\sample2.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1996 wrote to memory of 2692 N/A C:\Users\Admin\AppData\Local\Temp\sample2.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1996 wrote to memory of 2692 N/A C:\Users\Admin\AppData\Local\Temp\sample2.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1996 wrote to memory of 2912 N/A C:\Users\Admin\AppData\Local\Temp\sample2.exe C:\Program Files (x86)\wotsuper\wotsuper\wotsuper.exe
PID 1996 wrote to memory of 2912 N/A C:\Users\Admin\AppData\Local\Temp\sample2.exe C:\Program Files (x86)\wotsuper\wotsuper\wotsuper.exe
PID 1996 wrote to memory of 2912 N/A C:\Users\Admin\AppData\Local\Temp\sample2.exe C:\Program Files (x86)\wotsuper\wotsuper\wotsuper.exe
PID 1996 wrote to memory of 2912 N/A C:\Users\Admin\AppData\Local\Temp\sample2.exe C:\Program Files (x86)\wotsuper\wotsuper\wotsuper.exe
PID 1996 wrote to memory of 2752 N/A C:\Users\Admin\AppData\Local\Temp\sample2.exe C:\Program Files (x86)\wotsuper\wotsuper\wotsuper1.exe
PID 1996 wrote to memory of 2752 N/A C:\Users\Admin\AppData\Local\Temp\sample2.exe C:\Program Files (x86)\wotsuper\wotsuper\wotsuper1.exe
PID 1996 wrote to memory of 2752 N/A C:\Users\Admin\AppData\Local\Temp\sample2.exe C:\Program Files (x86)\wotsuper\wotsuper\wotsuper1.exe
PID 1996 wrote to memory of 2752 N/A C:\Users\Admin\AppData\Local\Temp\sample2.exe C:\Program Files (x86)\wotsuper\wotsuper\wotsuper1.exe
PID 1996 wrote to memory of 2828 N/A C:\Users\Admin\AppData\Local\Temp\sample2.exe C:\Windows\SysWOW64\regedit.exe
PID 1996 wrote to memory of 2828 N/A C:\Users\Admin\AppData\Local\Temp\sample2.exe C:\Windows\SysWOW64\regedit.exe
PID 1996 wrote to memory of 2828 N/A C:\Users\Admin\AppData\Local\Temp\sample2.exe C:\Windows\SysWOW64\regedit.exe
PID 1996 wrote to memory of 2828 N/A C:\Users\Admin\AppData\Local\Temp\sample2.exe C:\Windows\SysWOW64\regedit.exe
PID 1996 wrote to memory of 2876 N/A C:\Users\Admin\AppData\Local\Temp\sample2.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1996 wrote to memory of 2876 N/A C:\Users\Admin\AppData\Local\Temp\sample2.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1996 wrote to memory of 2876 N/A C:\Users\Admin\AppData\Local\Temp\sample2.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1996 wrote to memory of 2876 N/A C:\Users\Admin\AppData\Local\Temp\sample2.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2692 wrote to memory of 2980 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2692 wrote to memory of 2980 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2692 wrote to memory of 2980 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2692 wrote to memory of 2980 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2876 wrote to memory of 2028 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2876 wrote to memory of 2028 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2876 wrote to memory of 2028 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2876 wrote to memory of 2028 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

Processes

C:\Users\Admin\AppData\Local\Temp\sample2.exe

"C:\Users\Admin\AppData\Local\Temp\sample2.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" https://iplogger.org/1Ldta7.html

C:\Program Files (x86)\wotsuper\wotsuper\wotsuper.exe

"C:\Program Files (x86)\wotsuper\wotsuper\wotsuper.exe"

C:\Program Files (x86)\wotsuper\wotsuper\wotsuper1.exe

"C:\Program Files (x86)\wotsuper\wotsuper\wotsuper1.exe"

C:\Windows\SysWOW64\regedit.exe

"C:\Windows\System32\regedit.exe" \s C:\Windows\wotsuper.reg

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" https://iplogger.org/1smEq7.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2692 CREDAT:275457 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2876 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 iplogger.org udp
US 8.8.8.8:53 telete.in udp
US 8.8.8.8:53 iplogger.org udp
US 199.59.243.228:443 telete.in tcp
US 199.59.243.228:443 telete.in tcp
US 8.8.8.8:53 manillamemories.com udp
US 8.8.8.8:53 ip-api.com udp
US 104.26.2.46:443 iplogger.org tcp
US 104.26.2.46:443 iplogger.org tcp
US 104.26.2.46:443 iplogger.org tcp
US 104.26.2.46:443 iplogger.org tcp
US 208.95.112.1:80 ip-api.com tcp
US 8.8.8.8:53 c.pki.goog udp
US 8.8.8.8:53 c.pki.goog udp
US 8.8.8.8:53 c.pki.goog udp
US 8.8.8.8:53 c.pki.goog udp
GB 142.250.200.35:80 c.pki.goog tcp
GB 142.250.200.35:80 c.pki.goog tcp
GB 142.250.200.35:80 c.pki.goog tcp
GB 142.250.200.35:80 c.pki.goog tcp
US 199.59.243.228:443 telete.in tcp
US 199.59.243.228:443 telete.in tcp
US 199.59.243.228:443 telete.in tcp
US 199.59.243.228:443 telete.in tcp
US 199.59.243.228:443 telete.in tcp
US 199.59.243.228:443 telete.in tcp
US 199.59.243.228:443 telete.in tcp
US 199.59.243.228:443 telete.in tcp
US 199.59.243.228:443 telete.in tcp
US 199.59.243.228:443 telete.in tcp
US 199.59.243.228:443 telete.in tcp
US 199.59.243.228:443 telete.in tcp
US 8.8.8.8:53 crl.microsoft.com udp
GB 2.19.252.143:80 crl.microsoft.com tcp
US 8.8.8.8:53 www.microsoft.com udp
GB 23.192.18.101:80 www.microsoft.com tcp
US 199.59.243.228:443 telete.in tcp
US 199.59.243.228:443 telete.in tcp
US 199.59.243.228:443 telete.in tcp
US 199.59.243.228:443 telete.in tcp
US 199.59.243.228:443 telete.in tcp
US 199.59.243.228:443 telete.in tcp
US 199.59.243.228:443 telete.in tcp
US 199.59.243.228:443 telete.in tcp
US 199.59.243.228:443 telete.in tcp
US 199.59.243.228:443 telete.in tcp
US 199.59.243.228:443 telete.in tcp
US 199.59.243.228:443 telete.in tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 199.59.243.228:443 telete.in tcp
US 199.59.243.228:443 telete.in tcp
US 199.59.243.228:443 telete.in tcp
US 199.59.243.228:443 telete.in tcp
US 199.59.243.228:443 telete.in tcp
US 199.59.243.228:443 telete.in tcp
US 199.59.243.228:443 telete.in tcp
US 199.59.243.228:443 telete.in tcp
US 199.59.243.228:443 telete.in tcp
US 199.59.243.228:443 telete.in tcp
US 199.59.243.228:443 telete.in tcp
US 199.59.243.228:443 telete.in tcp
US 199.59.243.228:443 telete.in tcp
US 199.59.243.228:443 telete.in tcp
US 199.59.243.228:443 telete.in tcp
US 199.59.243.228:443 telete.in tcp
US 199.59.243.228:443 telete.in tcp
US 199.59.243.228:443 telete.in tcp
US 199.59.243.228:443 telete.in tcp
US 199.59.243.228:443 telete.in tcp
US 199.59.243.228:443 telete.in tcp
US 199.59.243.228:443 telete.in tcp
US 199.59.243.228:443 telete.in tcp
US 199.59.243.228:443 telete.in tcp
US 199.59.243.228:443 telete.in tcp
US 199.59.243.228:443 telete.in tcp
US 199.59.243.228:443 telete.in tcp
US 199.59.243.228:443 telete.in tcp
US 199.59.243.228:443 telete.in tcp
US 199.59.243.228:443 telete.in tcp
US 199.59.243.228:443 telete.in tcp
US 199.59.243.228:443 tcp

Files

C:\Program Files (x86)\wotsuper\wotsuper\wotsuper.exe

MD5 7b20f5c61780fe383f45ca6e18ed5a6a
SHA1 bc9bfd59f0cde312cd9a0d20784887fed9b8c836
SHA256 26ccbcb079b3f0cc183293351c40da3146d2ddec9b4d6cd314090cfab94834df
SHA512 8a63f6ad20fe18bd49d055ae05bc81fe30d0ebfb25a37428b17b43569b53bf2560f0de8f993f62a2f5d458db78e6d24ad71fca8d7fd1133d3cb499dff356e68b

C:\Program Files (x86)\wotsuper\wotsuper\wotsuper1.exe

MD5 b8181cb72764c24e73c7b6204b16bed6
SHA1 c430cc4776ff5e21d08bca9a0d73cfaf29108fa4
SHA256 fdb5a0d4e97ee36d2b23605b0d8a2785d08d046058f07a8714e4908e8a2485a2
SHA512 bd63970b846bfdc6990b803e12028c692bc3f3125df03c3b9ec4626e1ce56dc43313d37c71337868ade0e4da31a5eca971b453242829b7312eb7efd2a407de1d

memory/1996-38-0x0000000000400000-0x0000000000433000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{E632F801-0295-11F0-8AE4-465533733A50}.dat

MD5 80ce6bad60bf35de314b34b972cbc678
SHA1 89585191ab09d2fd9a993aad65e598e6834fa5f2
SHA256 eab18f5f00426ea8d4f75381f99a6c6b5f719f5df24a395495eb09559c7b165f
SHA512 8e835ec6b9bdf5443b7856b7feb0b97449036116857a7b479d92e4d1567e36859ce9f2843a7786fd782eca1cfdfdaf952565558dbc2367ef81f9af066a7529a8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8B2B9A00839EED1DFDCCC3BFC2F5DF12

MD5 c9be626e9715952e9b70f92f912b9787
SHA1 aa2e946d9ad9027172d0d321917942b7562d6abe
SHA256 c13e8d22800c200915f87f71c31185053e4e60ca25de2e41e160e09cd2d815d4
SHA512 7581b7c593785380e9db3ae760af85c1a889f607a3cd2aa5a2695a0e5a0fe8ee751578e88f7d8c997faeda804e2fc2655d859bee2832eace526ed4379edaa3f5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\8B2B9A00839EED1DFDCCC3BFC2F5DF12

MD5 c42153768139ce41cfced5f664942f9f
SHA1 f563b04dc6d03a60ce125ad2e2a45e9b9fb90153
SHA256 a273db4f5252376df74b76284a44ab7973f8a2f3eb641e999618a943ed50df30
SHA512 a051bb7c6a037ed89add0026602588b21caeb130987c1eaf45714cf7c82dbf15e40328223e3886601ce4ae9a1c356e3d933c5e26cd2531b8674a21a1ee53be77

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\8B2B9A00839EED1DFDCCC3BFC2F5DF12

MD5 5aab70cae4a642565bef50eec1be5b87
SHA1 1991a40b8df90b01958f9e62e5330fe917f1bf6c
SHA256 6f26d5d7783869b5a5bdb7913b43c5ae9977b42136a737690313860f4ae00032
SHA512 ed76cad6b0e815d0084c6829167c0c38be7ecb13ef24893b34506bb7cb116dc58a662f609cd9ca212248a6354cd26d5a6bc66d280d25c7421ea161513fd93587

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B46811C17859FFB409CF0E904A4AA8F8

MD5 971c514f84bba0785f80aa1c23edfd79
SHA1 732acea710a87530c6b08ecdf32a110d254a54c8
SHA256 f157ed17fcaf8837fa82f8b69973848c9b10a02636848f995698212a08f31895
SHA512 43dc1425d80e170c645a3e3bb56da8c3acd31bd637329e9e37094ac346ac85434df4edcdbefc05ae00aea33a80a88e2af695997a495611217fe6706075a63c58

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B46811C17859FFB409CF0E904A4AA8F8

MD5 395469b771e309651c3b76ddb37d9606
SHA1 2068842711097bf80a186d3e10a982055deab4f9
SHA256 0d921c881d4e7bef9f72c14e197ee3abc68d6cfed17e79ee072c1781702b8bf8
SHA512 75593ed122b73ae619818bf574e516827936352691bef7efa2e283c4c0d447d1925ab050df82280b0e1a2a97a6a4e3d647dbe955d3726be42601b46412a2e2c9

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B46811C17859FFB409CF0E904A4AA8F8

MD5 8ba79e85694d5edf9ef6a50983e72c5d
SHA1 aa90384585fb65e982ed56d89102a2215cb35e84
SHA256 8b20d7d65f90f831b32d2ed79b9b55432d312d499c9e7201d38b7afcd5472bd1
SHA512 6eeff86e2c042b552a4e809be0dee16c23f15f02217d839604d9f315f6bc560a90891151512f77be4001bacdbd959d9c1b9e17aa2d3f0cf35663505ee4ff0e08

C:\Users\Admin\AppData\Local\Temp\TarB09B.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

C:\Users\Admin\AppData\Local\Temp\CabB09A.tmp

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\4AEV6ITC.txt

MD5 2bbf321527de3160501c37976e44b08b
SHA1 6a8a0a178c7b408da728e911bef44fcdaca47c94
SHA256 0398acc4cef775f5b4980185c2daae4c7c9baa0ff42b9d0400529eddb3efea19
SHA512 3ea4ce262e7fd99add25616d21dcd5b785f29ff2c70f122598673ae5ebcb0957d0fcc84c2d3482151f8ef8e16c1ef510ca2daf557c5bd149095dd313d2e77295

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\PYMYE5K5.txt

MD5 3fdbeb743092ab5d2b7cd54d05230be5
SHA1 3fc42e87d2a2531bb045c515760977344180ba2f
SHA256 5cd43ad1659427a62dd3f59c8940660693d0a470788fb0c8999e86fa0c5b5240
SHA512 3c485467dfe51c3ef421a78d202e4db1ba39064281aa64542e4b93157230318db6dece022e6f9334ffe4302a019df2d3d6cbc3eb4ae0185022686f3147d43781

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DJB1KT77\favicon[1].png

MD5 18c023bc439b446f91bf942270882422
SHA1 768d59e3085976dba252232a65a4af562675f782
SHA256 e0e71acef1efbfab69a1a60cd8fadded948d0e47a0a27c59a0be7033f6a84482
SHA512 a95ad7b48596bc0af23d05d1e58681e5d65e707247f96c5bc088880f4525312a1834a89615a0e33aea6b066793088a193ec29b5c96ea216f531c443487ae0735

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\yiu0yt6\imagestore.dat

MD5 746cd9da627e02ae17cea11da8f7969c
SHA1 d48a3ab03be92ec35c68daabc36d01d1d98f80dc
SHA256 4b85f1eb24d61c2278f095d05c7c5412d4ab70736328d46b3cfa04b377858329
SHA512 afeb9068eeb6c9128f36aa98a951c0f484ba134155a2a2c0d257a7ae6924394c928aad63eaf352696f1c7b942caa9e2cedd21b34df78420d610526c3843cd781

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

MD5 83142242e97b8953c386f988aa694e4a
SHA1 833ed12fc15b356136dcdd27c61a50f59c5c7d50
SHA256 d72761e1a334a754ce8250e3af7ea4bf25301040929fd88cf9e50b4a9197d755
SHA512 bb6da177bd16d163f377d9b4c63f6d535804137887684c113cc2f643ceab4f34338c06b5a29213c23d375e95d22ef417eac928822dfb3688ce9e2de9d5242d10

C:\Users\Admin\AppData\Local\Temp\TarC76E.tmp

MD5 109cab5505f5e065b63d01361467a83b
SHA1 4ed78955b9272a9ed689b51bf2bf4a86a25e53fc
SHA256 ea6b7f51e85835c09259d9475a7d246c3e764ad67c449673f9dc97172c351673
SHA512 753a6da5d6889dd52f40208e37f2b8c185805ef81148682b269fff5aa84a46d710fe0ebfe05bce625da2e801e1c26745998a41266fa36bf47bc088a224d730cc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ebafc7962994716459633a83a5e373ac
SHA1 9230bf25c37e43c02f290086de95f7baea2ac0ad
SHA256 cf1a9868d6c410350cae55641f973def8c5a042a585f80dbc6ac35f4afe8e52c
SHA512 22f68bf59906e3ef6f42cd9db75ec312a5400f7bc65bfb940b81f6d62db9f53346c371fcf2225a34247132412e4ac36ab649c3fb486062083a9ce9755f1a9e5d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1e45b76845df54aebe46d3bf8569bac0
SHA1 bd7e86205c0730ae82d9b2e612cab8a6f8506a55
SHA256 1c9247def2c476d25ea91fd6bd79dd9c978d01a8978152fba087111608351692
SHA512 c783f0e5783c8f6768ebe088005b83e22363ec5d1b9078bea590ba133e27cb5708f190278ca64ea47bcf37d7f4a48b77e393a3da930ce9e1bd4b4f6db4418213

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 bad236917f71d7cf223f551cce47fc9b
SHA1 b6152dc39073caab57d455ac756a50e4f3802b2d
SHA256 27669e7f20b98c0b3d7457869f19aa27cba499e959378b7ceea72ccd7cf9433f
SHA512 c35a1e940ac9dade63ad5bdd9310904dd6d3ba4cc447166c4c4a9d981d851fc7d238c1df883f4f28ea6c8ae9527be6a21ae0a2909e0fdf9110d09ece0405eb08

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2a89a69f5168021a295759518ceb1e37
SHA1 3a307e263a51405599bb17bc62272d763ed0a5d4
SHA256 e34c3d1fbd94af8c7b2b3bc9bf578dcabcf131aa2808c1f604e1ebca988c83cb
SHA512 24a6694267b86144a2f5fdbebd5e1ba5cbc0dff801453250d02f35e8576cd6e5cd07c4f29cdd67d155879b6d080f408ec2fc1e8e6e38966aefbd448d1bc70a99

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 efad7a44a66074fab4932b9190f4efde
SHA1 e1298e05f9c3f90816cd01a68028ab658ca0647f
SHA256 7b6ec099c39a1430109ec29dac4ed480a23e1b502ed346b6651e52ad948ab5a3
SHA512 512955433aa073088b5b9036f4a7faa560cbd924a9db1a329095a9aaaace614b2bb63cfa997bb515176bf550b75edd6cf80e5fa01da03bfe7968ca378e7a16d5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6001e1f2d172cb6fccbbae72a807817f
SHA1 82c836162ef9aa406bdcf84e519d3e5bb58981c6
SHA256 1384eae4237bb6c7b1567ce01ed335f7573c6564dc796199c46ad8ac4900ef48
SHA512 d7449dbeaa73d2dae4a393c67374a5c824cc3dbef45d369a65c95b0b66d6a100cb494a7975797dd49b26ef9c4754d9d627bb721be6b680a14aa085634445ba0f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b4e93ce4c0a21e203e06746eb83c5319
SHA1 d915e05ba91b126f4ecab2b794c2568fc18f7fd0
SHA256 d317cf09fd5833bdea27433e84611a7cd687457ecd04493551ac00961a4107bf
SHA512 3a2bc1efd16cdf15df6f5ac52440ebc41295bc3dad5ba4f2ce81bfe12a70f626f839748683d4d8d321acd4905251f96c60b2966c09a75b1ebc0c00923a14224e

memory/2912-607-0x0000000000400000-0x00000000032DB000-memory.dmp

C:\Windows\wotsuper.reg

MD5 42f073434559fb6b9c67aba86de89d1b
SHA1 9b969de41fc717353619068e46f21ec1db093ab5
SHA256 03ac69047bce954fdce3d00af881161a073f921d73ff79369e9ee96a109f9eed
SHA512 b1ae4fb02d7e629f824e084c5cd81e17be3bb37937eed7a1bfcd6aec0fd1cfe9a7299ecfc35958a5d98d11941fc6478e653b69140de02cbec28c4bf0647bd547

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 79eafc7ece3592c994aefbd87f2abf60
SHA1 38e2b72dde22dd179856a824e1d71bfe835c621e
SHA256 54ea280c59aac2f48772ada214c61838295a0ba5038b8344f2c479717fb1bca7
SHA512 1cf1ed1dd62d96685dd0cd4b959e02c215df8c21bbd96fef00f1125080204b5c6fabe4a0b412b1a04ff1284a1703cad1105db1674d33c42a3275a5a53539b7aa

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 a266bb7dcc38a562631361bbf61dd11b
SHA1 3b1efd3a66ea28b16697394703a72ca340a05bd5
SHA256 df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e
SHA512 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3a420ab5395bc867e3479b9650a63734
SHA1 70c2d2d4196c7d000a6888d1ad7969d8ea6bf987
SHA256 8689e3e0a48bcb6619af2c25b02ce8d17e7c99cd8cfb355118e1c5bb0058ebbf
SHA512 5b5f66835264012bbc5604b7b6cf2b73b4b75282b8aab3365768609cfe2a704e1e74f9dfcf88990b87b0541dc41a5f3d8267b26e77a3939c54a5a8cda29ab25f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 c2d0414da5493c22224a2a1c1dca76ff
SHA1 000b6c4f9bc2a1230df875946fef1534eb52c460
SHA256 1220b811aa5fdff258a6cbee4d6316361b8ee816c5bb3d96a307b02be5632161
SHA512 bd88af27a04d45f22152c2124f210ba091307ded329404bb4f46fc21ebe67650276f379f58fc694218d81e9da80dfd79159d7344598b530d948fd0c0294455b0

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0c5dec3499f6fb5e1e46bb3d3d78af22
SHA1 9861bf90ea31fd7190766cb27aeeee7f9511d57a
SHA256 d89185dab0a2945f21a71f080d39f4840d82b5dc5452b4f32c3c2b77bad898d2
SHA512 212cbd78395bdb168e454a9ab0accfaf9bf7ef8e4179bb0c59708742f1580786114f4a957b9ab3eb74d833b8c0c9dd2596edb1fdfa01b61aa26ebb0a078ddf74

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 08b9bcc68f7edd59856cdaed74e4be96
SHA1 f24ccfae5c63f0defa4932d24b8b38691dc39986
SHA256 ad1473258fba056d6e8c966150ddc0badf1fb9448051c9d68f9bd6fb396aef15
SHA512 11321b6e274bd032adc6b58914441fced9e7312101a08c77837c543f1472222008e738a687a8f40a4e72a63e2fb4cfb87b3fb868562482ef8def827072ef699e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c106b3320b241ff3fa35a009a988c0a3
SHA1 1c49f6e839c26918d7ea1ef3d07fc0b920d03c0b
SHA256 8e325f6250d0a755b4ec2bbe199b788491763fc44629925384fc5f7bc0f297b4
SHA512 e09aea747eae055dbd441b218ba5d0ec82e787ef3cbe0f3fe6784604bff93962af411030b4211ee279e633e3cf3572c347ba81f5a2b3fe18a5e822206af4449b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a2861953a9f311b27f58b0ec8b319856
SHA1 5f8ca71c4d637d1317720e11a050a66a96b92df9
SHA256 343b9979b22526cc02fbf9388b589812892969da4a249accc1085aac7ac47d04
SHA512 63e3dcd240edd89016fead042fbcda3b1de0cd6ec6b9628ca94c44a5c5324636f7f45711706669e19c5ff0f042905e8198e77fa7e749eb35a70671b00de98636

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 e4a68ac854ac5242460afd72481b2a44
SHA1 df3c24f9bfd666761b268073fe06d1cc8d4f82a4
SHA256 cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f
SHA512 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5f864537b8e0151cfd44b1db9a726e96
SHA1 522fb4f482ca45fa1cbcb40d1cddef37c336417e
SHA256 813ec9a1c38ed1c0e4dc1870c4817347a1c04d2b57554ae799bf4257bd925577
SHA512 a3b46d3780c29370a43e8f4d51ffd6f906835f978d690270c021060f3ad118d89634343345c8daab7ca8a06d64edb077f6b79f1abb515f5ffdb1ec4fbb1d23d0

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 65e9b8481fed17e53971c952b61bcd79
SHA1 292828bc019cfba086232d79ece4de4501e0ab42
SHA256 b818172ee26e70909215dbad1ede555e0626e4ef4c11e517bd3d691e7de366f4
SHA512 fc180ac4bf1be788a776b118de59d2f383335bc84d83fd28a9cc59be841849b3aa0ab4c9440a73bf2cbb694c22dc07f0f0429e5e46f9f9c1f518a98bf618e166

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 d999c60e7cdf85d136199783c55a64ae
SHA1 1d981cbe2c1dfab63438088469404800f14908c0
SHA256 9e1c20b4d9e5f7ffe7ef1a14587ab1ac3146e6e4011bef7ddf8f4370a4fda440
SHA512 d4f1f1d1bca9be0f3b7d8f8b25ba98d4453a31ce289155a03e1bcbe89627bac1d37ad2e385fefd6256bbe64733b0d95d5dc12d18d45af49c43ce29ca6a59b766

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 46f56e97cc34884044d1964b48098a08
SHA1 0a245dc260fff61f6321335d88fcbdbca4583b1e
SHA256 25f91cfd3275899208fc51288b1e50e61ca82ac0a1e5912968ff51356a1569e1
SHA512 e58927fc28ff89ee2a1f61a647750d02fe1ca82395382a339804ec9daf7f38d55e11bbab7c36ffe274f94107d2f2e149ff5545fd8e3a904841b898ddb575ea42

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 67b83ffcbc260b0359933a5e5d6c4128
SHA1 d69ea858606158a287f2a59e62c328c6decc6a8a
SHA256 9196efb9ab7dfe78b78faf685b138e81c5dd14ef9cc3d4f134d3f949aed254ca
SHA512 25df5d136e8d5a0668ede0fd193a5a5862302887e96970a14f70f287e5863cae1d87a4fdaf56bc7bf4e278700baaaa0b93cfebb5ecfadaa5602ea748fb3df511

Analysis: behavioral2

Detonation Overview

Submitted

2025-03-16 18:38

Reported

2025-03-16 18:41

Platform

win10v2004-20250314-en

Max time kernel

146s

Max time network

147s

Command Line

"C:\Users\Admin\AppData\Local\Temp\sample2.exe"

Signatures

Raccoon

stealer raccoon

Raccoon Stealer V1 payload

Description Indicator Process Target
N/A N/A N/A N/A

Raccoon family

raccoon

Vidar

stealer vidar

Vidar family

vidar

Vidar Stealer

stealer
Description Indicator Process Target
N/A N/A N/A N/A

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-1062200478-553497403-3857448183-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\sample2.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\wotsuper\wotsuper\wotsuper.exe N/A
N/A N/A C:\Program Files (x86)\wotsuper\wotsuper\wotsuper1.exe N/A

Reads local data of messenger clients

spyware stealer

Reads user/profile data of local email clients

spyware stealer

Reads user/profile data of web browsers

spyware stealer

Accesses 2FA software files, possible credential harvesting

spyware stealer

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-1062200478-553497403-3857448183-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Advanced SystemCare = "\"C:\\Program Files (x86)\\IObit\\Advanced SystemCare\\ASCTray.exe\" /Auto" C:\Windows\SysWOW64\regedit.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1062200478-553497403-3857448183-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\wotsuper C:\Windows\SysWOW64\regedit.exe N/A

Checks installed software on the system

discovery

Legitimate hosting services abused for malware hosting/C2

Description Indicator Process Target
N/A iplogger.org N/A N/A
N/A iplogger.org N/A N/A
N/A iplogger.org N/A N/A
N/A iplogger.org N/A N/A
N/A iplogger.org N/A N/A
N/A iplogger.org N/A N/A

Looks up external IP address via web service

Description Indicator Process Target
N/A ip-api.com N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\chrome_Unpacker_BeginUnzipping1128_1649976610\manifest.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping1128_941252646\manifest.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping1128_941252646\manifest.fingerprint C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping1128_959423359\crs.pb C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping1128_1649976610\manifest.fingerprint C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping1128_959423359\kp_pinslist.pb C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping1128_959423359\manifest.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping1128_433801132\LICENSE C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping1128_433801132\sets.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping1128_959423359\ct_config.pb C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping1128_959423359\manifest.fingerprint C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File opened for modification C:\Program Files (x86)\wotsuper\wotsuper\wotsuper.exe C:\Users\Admin\AppData\Local\Temp\sample2.exe N/A
File opened for modification C:\Program Files (x86)\wotsuper\wotsuper\wotsuper1.exe C:\Users\Admin\AppData\Local\Temp\sample2.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping1128_433801132\manifest.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping1128_1649976610\data.txt C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping1128_941252646\typosquatting_list.pb C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File opened for modification C:\Program Files (x86)\wotsuper\wotsuper\Uninstall.exe C:\Users\Admin\AppData\Local\Temp\sample2.exe N/A
File created C:\Program Files (x86)\wotsuper\wotsuper\Uninstall.ini C:\Users\Admin\AppData\Local\Temp\sample2.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping1128_433801132\_metadata\verified_contents.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping1128_433801132\manifest.fingerprint C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File opened for modification C:\Windows\wotsuper.reg C:\Users\Admin\AppData\Local\Temp\sample2.exe N/A

Browser Information Discovery

discovery

Enumerates physical storage devices

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\sample2.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\wotsuper\wotsuper\wotsuper.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\wotsuper\wotsuper\wotsuper1.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\regedit.exe N/A

Checks processor information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Program Files (x86)\wotsuper\wotsuper\wotsuper1.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files (x86)\wotsuper\wotsuper\wotsuper1.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133866239344316012" C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1062200478-553497403-3857448183-1000\{2BFC9212-1914-4A2A-A688-BFAAC73DB0CB} C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Runs .reg file with regedit

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\regedit.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1508 wrote to memory of 1128 N/A C:\Users\Admin\AppData\Local\Temp\sample2.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1508 wrote to memory of 1128 N/A C:\Users\Admin\AppData\Local\Temp\sample2.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1508 wrote to memory of 4460 N/A C:\Users\Admin\AppData\Local\Temp\sample2.exe C:\Program Files (x86)\wotsuper\wotsuper\wotsuper.exe
PID 1508 wrote to memory of 4460 N/A C:\Users\Admin\AppData\Local\Temp\sample2.exe C:\Program Files (x86)\wotsuper\wotsuper\wotsuper.exe
PID 1508 wrote to memory of 4460 N/A C:\Users\Admin\AppData\Local\Temp\sample2.exe C:\Program Files (x86)\wotsuper\wotsuper\wotsuper.exe
PID 1128 wrote to memory of 4500 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1128 wrote to memory of 4500 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1508 wrote to memory of 4576 N/A C:\Users\Admin\AppData\Local\Temp\sample2.exe C:\Program Files (x86)\wotsuper\wotsuper\wotsuper1.exe
PID 1508 wrote to memory of 4576 N/A C:\Users\Admin\AppData\Local\Temp\sample2.exe C:\Program Files (x86)\wotsuper\wotsuper\wotsuper1.exe
PID 1508 wrote to memory of 4576 N/A C:\Users\Admin\AppData\Local\Temp\sample2.exe C:\Program Files (x86)\wotsuper\wotsuper\wotsuper1.exe
PID 1508 wrote to memory of 6016 N/A C:\Users\Admin\AppData\Local\Temp\sample2.exe C:\Windows\SysWOW64\regedit.exe
PID 1508 wrote to memory of 6016 N/A C:\Users\Admin\AppData\Local\Temp\sample2.exe C:\Windows\SysWOW64\regedit.exe
PID 1508 wrote to memory of 6016 N/A C:\Users\Admin\AppData\Local\Temp\sample2.exe C:\Windows\SysWOW64\regedit.exe
PID 1128 wrote to memory of 4868 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1128 wrote to memory of 4868 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1128 wrote to memory of 4884 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1128 wrote to memory of 4884 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1128 wrote to memory of 4888 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1128 wrote to memory of 4888 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1128 wrote to memory of 4884 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1128 wrote to memory of 4884 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1128 wrote to memory of 4884 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1128 wrote to memory of 4884 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1128 wrote to memory of 4884 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1128 wrote to memory of 4884 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1128 wrote to memory of 4884 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1128 wrote to memory of 4884 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1128 wrote to memory of 4884 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1128 wrote to memory of 4884 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1128 wrote to memory of 4884 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1128 wrote to memory of 4884 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1128 wrote to memory of 4884 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1128 wrote to memory of 4884 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1128 wrote to memory of 4884 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1128 wrote to memory of 4884 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1128 wrote to memory of 4884 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1128 wrote to memory of 4884 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1128 wrote to memory of 4884 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1128 wrote to memory of 4884 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1128 wrote to memory of 4884 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1128 wrote to memory of 4884 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1128 wrote to memory of 4884 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1128 wrote to memory of 4884 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1128 wrote to memory of 4884 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1128 wrote to memory of 4884 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1128 wrote to memory of 4884 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1128 wrote to memory of 4884 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1128 wrote to memory of 4884 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1128 wrote to memory of 4884 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1128 wrote to memory of 4884 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1128 wrote to memory of 4884 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1128 wrote to memory of 4884 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1128 wrote to memory of 4884 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1128 wrote to memory of 4884 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1128 wrote to memory of 4884 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1128 wrote to memory of 4884 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1128 wrote to memory of 4884 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1128 wrote to memory of 4884 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1128 wrote to memory of 4884 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1128 wrote to memory of 4884 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1128 wrote to memory of 4884 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1128 wrote to memory of 4884 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1128 wrote to memory of 4884 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1128 wrote to memory of 4884 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Users\Admin\AppData\Local\Temp\sample2.exe

"C:\Users\Admin\AppData\Local\Temp\sample2.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://iplogger.org/1Ldta7.html

C:\Program Files (x86)\wotsuper\wotsuper\wotsuper.exe

"C:\Program Files (x86)\wotsuper\wotsuper\wotsuper.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.99 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.69 --initial-client-data=0x2d0,0x2d4,0x2d8,0x2cc,0x360,0x7ffb5eb3f208,0x7ffb5eb3f214,0x7ffb5eb3f220

C:\Program Files (x86)\wotsuper\wotsuper\wotsuper1.exe

"C:\Program Files (x86)\wotsuper\wotsuper\wotsuper1.exe"

C:\Windows\SysWOW64\regedit.exe

"C:\Windows\System32\regedit.exe" \s C:\Windows\wotsuper.reg

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --always-read-main-dll --field-trial-handle=1816,i,9355764129004521216,2440258947216947658,262144 --variations-seed-version --mojo-platform-channel-handle=2396 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=2368,i,9355764129004521216,2440258947216947658,262144 --variations-seed-version --mojo-platform-channel-handle=2360 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --always-read-main-dll --field-trial-handle=2236,i,9355764129004521216,2440258947216947658,262144 --variations-seed-version --mojo-platform-channel-handle=2408 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://iplogger.org/1smEq7.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --always-read-main-dll --field-trial-handle=3444,i,9355764129004521216,2440258947216947658,262144 --variations-seed-version --mojo-platform-channel-handle=3488 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --always-read-main-dll --field-trial-handle=3452,i,9355764129004521216,2440258947216947658,262144 --variations-seed-version --mojo-platform-channel-handle=3560 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --always-read-main-dll --field-trial-handle=4320,i,9355764129004521216,2440258947216947658,262144 --variations-seed-version --mojo-platform-channel-handle=4344 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4944,i,9355764129004521216,2440258947216947658,262144 --variations-seed-version --mojo-platform-channel-handle=5192 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4960,i,9355764129004521216,2440258947216947658,262144 --variations-seed-version --mojo-platform-channel-handle=5224 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=PooledProcess2 --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5824,i,9355764129004521216,2440258947216947658,262144 --variations-seed-version --mojo-platform-channel-handle=5708 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5960,i,9355764129004521216,2440258947216947658,262144 --variations-seed-version --mojo-platform-channel-handle=5608 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5960,i,9355764129004521216,2440258947216947658,262144 --variations-seed-version --mojo-platform-channel-handle=5608 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6168,i,9355764129004521216,2440258947216947658,262144 --variations-seed-version --mojo-platform-channel-handle=6108 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6304,i,9355764129004521216,2440258947216947658,262144 --variations-seed-version --mojo-platform-channel-handle=5880 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6152,i,9355764129004521216,2440258947216947658,262144 --variations-seed-version --mojo-platform-channel-handle=6212 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5572,i,9355764129004521216,2440258947216947658,262144 --variations-seed-version --mojo-platform-channel-handle=5324 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5924,i,9355764129004521216,2440258947216947658,262144 --variations-seed-version --mojo-platform-channel-handle=5396 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5372,i,9355764129004521216,2440258947216947658,262144 --variations-seed-version --mojo-platform-channel-handle=6308 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5876,i,9355764129004521216,2440258947216947658,262144 --variations-seed-version --mojo-platform-channel-handle=856 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --string-annotations --gpu-preferences=UAAAAAAAAADoAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAABCAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=6320,i,9355764129004521216,2440258947216947658,262144 --variations-seed-version --mojo-platform-channel-handle=6268 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5524,i,9355764129004521216,2440258947216947658,262144 --variations-seed-version --mojo-platform-channel-handle=6200 /prefetch:8

Network

Country Destination Domain Proto
US 8.8.8.8:53 manillamemories.com udp
US 8.8.8.8:53 edge.microsoft.com udp
US 8.8.8.8:53 edge.microsoft.com udp
US 8.8.8.8:53 iplogger.org udp
US 8.8.8.8:53 iplogger.org udp
US 8.8.8.8:53 edge.microsoft.com udp
US 8.8.8.8:53 edge.microsoft.com udp
US 150.171.28.11:80 edge.microsoft.com tcp
US 172.67.74.161:443 iplogger.org udp
US 204.79.197.239:443 edge.microsoft.com tcp
US 172.67.74.161:443 iplogger.org tcp
US 172.67.74.161:443 iplogger.org tcp
US 8.8.8.8:53 api.edgeoffer.microsoft.com udp
US 8.8.8.8:53 api.edgeoffer.microsoft.com udp
IE 94.245.104.56:443 api.edgeoffer.microsoft.com tcp
US 8.8.8.8:53 telete.in udp
IE 94.245.104.56:443 api.edgeoffer.microsoft.com tcp
US 204.79.197.239:443 edge.microsoft.com tcp
US 199.59.243.228:443 telete.in tcp
US 172.67.74.161:443 iplogger.org udp
US 8.8.8.8:53 ip-api.com udp
US 208.95.112.1:80 ip-api.com tcp
US 8.8.8.8:53 g.bing.com udp
US 150.171.28.10:443 g.bing.com tcp
US 204.79.197.239:443 edge.microsoft.com tcp
US 204.79.197.239:443 edge.microsoft.com tcp
GB 95.100.153.170:443 www.bing.com tcp
US 8.8.8.8:53 edge.microsoft.com udp
US 8.8.8.8:53 edge.microsoft.com udp
US 150.171.28.11:443 edge.microsoft.com tcp
US 8.8.8.8:53 edgeassetservice.azureedge.net udp
US 8.8.8.8:53 edgeassetservice.azureedge.net udp
US 13.107.246.64:443 edgeassetservice.azureedge.net tcp
N/A 224.0.0.251:5353 udp
US 13.107.246.64:443 edgeassetservice.azureedge.net tcp
GB 95.100.153.170:443 www.bing.com udp
US 199.59.243.228:443 telete.in tcp
US 199.59.243.228:443 telete.in tcp
US 199.59.243.228:443 telete.in tcp
US 199.59.243.228:443 telete.in tcp
US 199.59.243.228:443 telete.in tcp
US 8.8.8.8:53 edge-consumer-static.azureedge.net udp
US 8.8.8.8:53 edge-consumer-static.azureedge.net udp
US 13.107.246.64:443 edge-consumer-static.azureedge.net tcp
US 199.59.243.228:443 telete.in tcp
US 199.59.243.228:443 telete.in tcp
US 199.59.243.228:443 telete.in tcp
US 199.59.243.228:443 telete.in tcp
US 199.59.243.228:443 telete.in tcp
US 199.59.243.228:443 telete.in tcp
US 8.8.8.8:53 static.edge.microsoftapp.net udp
US 8.8.8.8:53 static.edge.microsoftapp.net udp
US 13.107.246.64:443 static.edge.microsoftapp.net tcp
US 150.171.28.11:443 edge.microsoft.com tcp
US 172.67.74.161:443 iplogger.org udp
US 8.8.8.8:53 c.pki.goog udp
GB 142.250.200.35:80 c.pki.goog tcp
US 199.59.243.228:443 telete.in tcp
US 8.8.8.8:53 msedge.b.tlu.dl.delivery.mp.microsoft.com udp
US 199.232.210.172:80 msedge.b.tlu.dl.delivery.mp.microsoft.com tcp
GB 95.100.153.164:443 www.bing.com udp
US 199.59.243.228:443 telete.in tcp
US 8.8.8.8:53 edge.microsoft.com udp
US 8.8.8.8:53 edge.microsoft.com udp
US 199.59.243.228:443 telete.in tcp
US 199.59.243.228:443 telete.in tcp
US 199.59.243.228:443 telete.in tcp
US 8.8.8.8:53 manillamemories.com udp
US 199.59.243.228:443 telete.in tcp
US 199.59.243.228:443 telete.in tcp
US 199.59.243.228:443 telete.in tcp
US 199.59.243.228:443 telete.in tcp
US 199.59.243.228:443 telete.in tcp
US 199.59.243.228:443 telete.in tcp
US 8.8.8.8:53 iplogger.org udp
US 8.8.8.8:53 iplogger.org udp
US 104.26.3.46:443 iplogger.org udp
US 199.59.243.228:443 telete.in tcp
US 199.59.243.228:443 telete.in tcp
US 8.8.8.8:53 msedge.b.tlu.dl.delivery.mp.microsoft.com udp
US 199.59.243.228:443 telete.in tcp
US 8.8.8.8:53 edge.microsoft.com udp
US 8.8.8.8:53 edge.microsoft.com udp
US 199.59.243.228:443 telete.in tcp
US 199.59.243.228:443 telete.in tcp

Files

C:\Program Files (x86)\wotsuper\wotsuper\wotsuper.exe

MD5 7b20f5c61780fe383f45ca6e18ed5a6a
SHA1 bc9bfd59f0cde312cd9a0d20784887fed9b8c836
SHA256 26ccbcb079b3f0cc183293351c40da3146d2ddec9b4d6cd314090cfab94834df
SHA512 8a63f6ad20fe18bd49d055ae05bc81fe30d0ebfb25a37428b17b43569b53bf2560f0de8f993f62a2f5d458db78e6d24ad71fca8d7fd1133d3cb499dff356e68b

C:\Program Files (x86)\wotsuper\wotsuper\wotsuper1.exe

MD5 b8181cb72764c24e73c7b6204b16bed6
SHA1 c430cc4776ff5e21d08bca9a0d73cfaf29108fa4
SHA256 fdb5a0d4e97ee36d2b23605b0d8a2785d08d046058f07a8714e4908e8a2485a2
SHA512 bd63970b846bfdc6990b803e12028c692bc3f3125df03c3b9ec4626e1ce56dc43313d37c71337868ade0e4da31a5eca971b453242829b7312eb7efd2a407de1d

\??\pipe\crashpad_1128_ZTNIUCNPEUKHINOA

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 78f57f8be2b3a30d3ec91e923c0ff351
SHA1 c636f2a4b46e78befd09d1fe5a7993f4b4a88838
SHA256 9cf07a94ad0c338d11b231f3139c60bd85b112b22a165647f54df087ee535dbd
SHA512 01f80d286742ca4379f6c0d1da44328a9e9280c2e24756df4179bd137b310a1a5866529a63e38d57a44018dfd884ba5abad2194c7194ffc0caf691062e6b5460

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 690f9d619434781cadb75580a074a84d
SHA1 9c952a5597941ab800cae7262842ab6ac0b82ab1
SHA256 fc2e4954dbe6b72d5b09e1dc6360ea699437a2551355c2950da0b3d3a4779fc1
SHA512 d6b1da8e7febf926e8b6c316164efbbac22c7c3d9e4933a19fffba3d1667e1993cdeb5064aa53816c0c53f9d2c53e204772de987eb18adbb094a0fb84ae61fa9

memory/1508-67-0x0000000000400000-0x0000000000433000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 61c6a16afae91b0e42a2d6c1076eb3a0
SHA1 4eb65d1c918457feedadfcea37ee7a0036423d5c
SHA256 8b416de76023c4213d7e7f39be16d9fe17e2cd2a21dbbe072251363630c23b8b
SHA512 d14d398681be43589942fd4700a4e0dbe044899cf4245343d7ec1d4c15f70c71680e47a39c860fcc79c160853d3d9a6934606a82081893cb0da1f5a1b7c648db

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports

MD5 d751713988987e9331980363e24189ce
SHA1 97d170e1550eee4afc0af065b78cda302a97674c
SHA256 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512 b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\5a2a7058cf8d1e56c20e6b19a7c48eb2386d141b.tbres

MD5 a31e23d3d0133c6382dbf7ef12eed4cb
SHA1 ce5d15c978f4bac384a0ff5a342f8f81fb11a0f3
SHA256 28a26777cf6bf3637a3d86567bd683f40b7f3f5d947117bf1ea29ba4abcd2369
SHA512 518943580ab0d3bd2b5bed0aff1bb7bc411f6cec860a19cc1c15f3a12d0d6767a56c5e447b2c4a7e9e14abb01e76f46853d71539995bab7ec4d4817a2e3bb586

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\Logs\sync_diagnostic.log

MD5 a6abe42d5f2cd85cec119a391212591d
SHA1 f9c3a62ddfbcbb584aade467ef233dae8ff4053b
SHA256 87ead92030b38b11ba92c0d01a8c553348408c3a5edd71a74e5e12efe1110653
SHA512 e8e8ee9f75a5a692a973e25a660add15b221ecd49276d47f27fa9b7c0dc28e6721ac80e92d0fce815488ebcf102bbadc4610839a6afbf1cc47170777fd4a347e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\DualEngine\SiteList-Enterprise.json

MD5 99914b932bd37a50b983c5e7c90ae93b
SHA1 bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA256 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA512 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\HubApps

MD5 40e2018187b61af5be8caf035fb72882
SHA1 72a0b7bcb454b6b727bf90da35879b3e9a70621e
SHA256 b3efd9d75856016510dd0bdb5e22359925cee7f2056b3cde6411c55ae8ae8ee5
SHA512 a21b8f3f7d646909d6aed605ad5823269f52fda1255aa9bb4d4643e165a7b11935572bf9e0a6a324874f99c20a6f3b6d1e457c7ccd30adcac83c15febc063d12

memory/4460-203-0x0000000000400000-0x00000000032DB000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 08ab5b34ef541bb1039678c139b34853
SHA1 70c24eb2e1c43dfa97d5ebedfbe0ac50c985cf04
SHA256 a012862344cdfd46708c7676d21180632924947467f7896795033a3c6d1eaeae
SHA512 5c749c9bd790a8658bc6aea30a8320bf81fa4dea777c70218589ce64c0858fc2fe784a0f749b8f20057e3ca7e2f4f33d52c7ef40b9b1d5523d20e26e8ac3fd03

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 fe3fb6b4de436c98071607700923ad3d
SHA1 fb345fc9185f169cb566bf69636e9956e5fca964
SHA256 0dd713eaf31b6dafc878bf6f9f043421be2f103bc8d2320cabd2d38b3b6fcacb
SHA512 31c78b6ae0f2da1a2d0a95b670a27620621f5a70de6c6ccada67b9a5a7095fc91d1ab4b1e286482effca6fbe3277ed50ab945f3deb8e7ef101be8903f14955d5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries

MD5 20d4b8fa017a12a108c87f540836e250
SHA1 1ac617fac131262b6d3ce1f52f5907e31d5f6f00
SHA256 6028bd681dbf11a0a58dde8a0cd884115c04caa59d080ba51bde1b086ce0079d
SHA512 507b2b8a8a168ff8f2bdafa5d9d341c44501a5f17d9f63f3d43bd586bc9e8ae33221887869fa86f845b7d067cb7d2a7009efd71dda36e03a40a74fee04b86856

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

MD5 03e42ae1e514da117074673ab399bd25
SHA1 066f6cc9a11ad05b3923b20dbc98fa9868d318a4
SHA256 19612c7cd1c3195169652e4b681c1f94b1b8a5a16ff933fd0c07aed99032fda6
SHA512 9c35f266835e2c49e698bc008764caac779b79681391f573f9c5a954441ce083533b737f3b86d69002ea81cc8613fe77b24efcd6215922daf737a3b75f63457c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 6901a6dea1486406729f6413f42e7e94
SHA1 b0157ac1317400fb31066b885e214d353e7bf635
SHA256 c203815239a9ccbe6ec292072c96dfebfa09098e53fbebc9f07524e9f3989e51
SHA512 723ae9ce9977b7bbe35405c4288a8d5eb5914b007901687a9b7dae14a7ee32fbabdf543e949bd29f679e5ec1cb43e9fc959dc3ddb6b50c30134c3c4dd905b2ce

C:\Windows\wotsuper.reg

MD5 42f073434559fb6b9c67aba86de89d1b
SHA1 9b969de41fc717353619068e46f21ec1db093ab5
SHA256 03ac69047bce954fdce3d00af881161a073f921d73ff79369e9ee96a109f9eed
SHA512 b1ae4fb02d7e629f824e084c5cd81e17be3bb37937eed7a1bfcd6aec0fd1cfe9a7299ecfc35958a5d98d11941fc6478e653b69140de02cbec28c4bf0647bd547

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog

MD5 99f52045276fd25f4e74427e76b25408
SHA1 10c8da6d967280f9dd07930e741268db55e7f101
SHA256 f684ebc21ecaaee6f2e6c5bdeba5d9a412c8cccf80c3b362b71b2d86f0924dcb
SHA512 68fa9aa55777e179a080f470f97f9e56ddd5aaf6411a04c22aa6a3deee5972c265a1effb3dc1072802914d9a12bed31bf9f5e0fb5d54a2b235328d9f134c4b2f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 d79049d11327b65c73f08f7e6ae1cf5f
SHA1 1e7ef840dd8b7267bc0fd1205c909b8e1e4c88ce
SHA256 fbf494e0f8d8b359684728d3bb4512f411c26f2441babc0003326de56d7c0bfb
SHA512 5294fe030a967c05b753d5e279ba0a61243fafcde114227305db2dcff608e5908751a94ca67fa8c85524dd1a6a2d9cbe4893d660666e4fed44ea2a5ad3761c5c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

MD5 0d82554838d50743110c6ebee0bb39e9
SHA1 622dd4748d095e01376d9323b19d5ad270ac8799
SHA256 4bdcd3465e47faaf932336ef21795dfa3cf56aeffdc465c191e2032cc2b704db
SHA512 826b6ef113ce2f11fabc9f9a145405a978b65791e5505f466e0d1b7ac0eb681bae6285437df68db9b0c7fd35af066fa68d3c487799446f8bc14721083c4b37a7

C:\Program Files\chrome_Unpacker_BeginUnzipping1128_1649976610\data.txt

MD5 fd8717bad7cd0f60163e7c2b05210aaa
SHA1 1dd620b2a4b49d16a63d3b73495bbb0388cbdbc9
SHA256 d5facea6ed705ea08962d52a30ebf38f6d42aea50a7af21b103d0388b7dae34a
SHA512 7b3d3867977b04efce86c5cce45ae0125d25344fa85347a83977faaa9ecd205774a976be63d6af48b953b4ca355405aa090d6db482073f77d71607c948acb5ad

C:\Program Files\chrome_Unpacker_BeginUnzipping1128_1649976610\manifest.json

MD5 8c32b9f390fcc4f061885661dbe797bd
SHA1 c681595df03f9f74ec600e70069c879daf2ca923
SHA256 1431c36e66b4fc53ca74e9b10ea0213245631ad7543fef183a8dd2720a5b4ab4
SHA512 e8bbde18d5de7fe2a8162951d3fe75460efbee71afffb4c0c22f2088dee146fb6bfcccae18d4955608e60a7df716eeb47c0687f45344b45130b368eeaf316418

C:\Program Files\chrome_Unpacker_BeginUnzipping1128_941252646\manifest.json

MD5 ffa5fcfeb00002903f6cf667e9fe6a3c
SHA1 ad765ea344c8cfd95a591da8259fe412e52d13b0
SHA256 dd0679c622258bad2e2ddaec3470297259dc68b55b8c4f4d7f2f28a378826217
SHA512 8da9b780e9bc6785efbd56b51a4decc8703c9f1d41b33469153cc0aea8190c1b6a9001128c6022756a66ee539086ad6f787da84b6b7082dc51939077365e7beb

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Typosquatting\2025.3.16.1\typosquatting_list.pb

MD5 c3ec8bf0a625c2583833a3340825f1cb
SHA1 582054710a312897117128ed59ddadc983525eb6
SHA256 7d10e035e0b2e152a1fe32a92b0b34295a979f7db2269cfba69d4aaf3401b77f
SHA512 175125259eb39225d0584fa4e3c5cbfc66bd22646cf32677f0eb7514a0abeb2c08118375210a69207be85e6e7ebdd9b6fa9a967d3c4ecd40ecd514e306873c6e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 4752e64826481d2adf6757678093fdc2
SHA1 155b193ebcc0d7ddc79bf0eac8eb10cc6f64a2f9
SHA256 2c0186564244cc73ad95162f001eea14636a23c3a8bd2703b8695dc8fb3e1f41
SHA512 15639d8fbc50c836d5c317dba08e5a678344d35f2270bd9bfb77e8c1a8d6b556a574ad76eca2f4b6f755d23667268c4e49a507bdac3c500ef1a6d638ae336561

C:\Program Files\chrome_Unpacker_BeginUnzipping1128_959423359\manifest.json

MD5 a64e2a4236e705215a3fd5cb2697a71f
SHA1 1c73e6aad8f44ade36df31a23eaaf8cd0cae826d
SHA256 014e9fc1219beefc428ec749633125c9bff7febc3be73a14a8f18a6691cd2846
SHA512 75b30c0c8cef490aaf923afbdb5385d4770de82e698f71f8f126a6af5ef16f3a90d0c27687f405274177b1a5250436efddd228a6d2949651f43bd926e8a1cc99

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\PKIMetadata\22.0.0.0\ct_config.pb

MD5 811b65320a82ebd6686fabf4bb1cb81a
SHA1 c660d448114043babec5d1c9c2584df6fab7f69b
SHA256 52687dd0c06f86a2298a4442ab8afa9b608271ec01a67217d7b58dab7e507bdf
SHA512 33350cce447508269b7714d9e551560553e020d6acf37a6a6021dc497d4008ce9e532dd615ad68872d75da22ac2039ef0b4fa70c23ec4b58043c468d5d75fd81

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\PKIMetadata\22.0.0.0\kp_pinslist.pb

MD5 0779206f78d8b0d540445a10cb51670c
SHA1 67f0f916be73bf5cffd3f4c4aa8d122c7d73ad54
SHA256 bf0945921058b9e67db61e6a559531af2f9b78d5fbedb0b411384225bdd366ec
SHA512 4140b2debe9c0b04e1e59be1387dca0e8e2f3cbc1f67830cbc723864acc2276cde9529295dcb4138fa0e2e116416658753fe46901dfa572bdfe6c7fb67bd8478

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\PKIMetadata\22.0.0.0\crs.pb

MD5 2b59269e7efdd95ba14eeb780dfb98c2
SHA1 b3f84cbc37a79eeecb8f1f39b615577d78600096
SHA256 ff2ced650772249abb57f6f19c5d0322d6df22c85c7cf2be193b6134e1b95172
SHA512 e4b454db2248021e0d198805ea54f1c0cfd84b9716a9348b1d0e0acb7c6fb5dd0839e532a5eb6d4410ab759d6688dd6cce8375ad55a150d738d280993142e9d7