Analysis Overview
SHA256
cf5ffeef2fb5b04e02f7fcdd3d9e126c27594ac86de8d37ef04b32cf59afe40f
Threat Level: Likely malicious
The file 73d8a616f12e925c7b8f60d552256617_JaffaCakes118 was found to be: Likely malicious.
Malicious Activity Summary
Office macro that triggers on suspicious action
Suspicious Office macro
Command and Scripting Interpreter: JavaScript
Suspicious use of FindShellTrayWindow
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Enumerates system info in registry
Suspicious behavior: EnumeratesProcesses
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Modifies Internet Explorer settings
Suspicious use of SetWindowsHookEx
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-05-26 01:03
Signatures
Office macro that triggers on suspicious action
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Suspicious Office macro
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral22
Detonation Overview
Submitted
2024-05-26 01:03
Reported
2024-05-26 01:05
Platform
win10v2004-20240508-en
Max time kernel
149s
Max time network
153s
Command Line
Signatures
Command and Scripting Interpreter: JavaScript
Processes
C:\Windows\system32\wscript.exe
wscript.exe "C:\Users\Admin\AppData\Local\Temp\Sign in to your Microsoft account pass_files\boot.worldwide.2.mouse.js"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 204.79.197.237:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | 149.220.183.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 237.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 72.32.126.40.in-addr.arpa | udp |
| NL | 23.62.61.97:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 97.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 196.249.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.165.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.31.95.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 31.251.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 138.201.86.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 43.58.199.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 200.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 227.162.46.104.in-addr.arpa | udp |
Files
Analysis: behavioral23
Detonation Overview
Submitted
2024-05-26 01:03
Reported
2024-05-26 01:05
Platform
win7-20240221-en
Max time kernel
117s
Max time network
118s
Command Line
Signatures
Command and Scripting Interpreter: JavaScript
Processes
C:\Windows\system32\wscript.exe
wscript.exe "C:\Users\Admin\AppData\Local\Temp\Sign in to your Microsoft account pass_files\boot.worldwide.3.mouse.js"
Network
Files
Analysis: behavioral26
Detonation Overview
Submitted
2024-05-26 01:03
Reported
2024-05-26 01:05
Platform
win10v2004-20240426-en
Max time kernel
148s
Max time network
155s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\Sign in to your Microsoft account pass_files\prefetch.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff82abe46f8,0x7ff82abe4708,0x7ff82abe4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2296,12325942164141462552,11179207467890113778,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2284 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2296,12325942164141462552,11179207467890113778,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2368 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2296,12325942164141462552,11179207467890113778,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2760 /prefetch:8
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2296,12325942164141462552,11179207467890113778,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3224 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2296,12325942164141462552,11179207467890113778,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3252 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2296,12325942164141462552,11179207467890113778,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2168 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2296,12325942164141462552,11179207467890113778,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4736 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2296,12325942164141462552,11179207467890113778,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3404 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2296,12325942164141462552,11179207467890113778,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3404 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2296,12325942164141462552,11179207467890113778,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=180 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2296,12325942164141462552,11179207467890113778,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5448 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2296,12325942164141462552,11179207467890113778,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1320 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 196.249.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | r4.res.office365.com | udp |
| SE | 92.123.135.89:443 | r4.res.office365.com | tcp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 0.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 89.135.123.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 204.79.197.237:443 | g.bing.com | tcp |
| SE | 92.123.135.89:443 | r4.res.office365.com | tcp |
| SE | 92.123.135.89:443 | r4.res.office365.com | tcp |
| NL | 23.62.61.194:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 237.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 194.61.62.23.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| NL | 23.62.61.194:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 57.169.31.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 217.106.137.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.165.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.31.95.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 138.201.86.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 88.156.103.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.173.189.20.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 8b167567021ccb1a9fdf073fa9112ef0 |
| SHA1 | 3baf293fbfaa7c1e7cdacb5f2975737f4ef69898 |
| SHA256 | 26764cedf35f118b55f30b3a36e0693f9f38290a5b2b6b8b83a00e990ae18513 |
| SHA512 | 726098001ef1acf1dd154a658752fa27dea32bca8fbb66395c142cb666102e71632adbad1b7e2f717071cd3e3af3867471932a71707f2ae97b989f4be468ab54 |
\??\pipe\LOCAL\crashpad_1712_OOEKOMAVJYANSDLZ
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 537815e7cc5c694912ac0308147852e4 |
| SHA1 | 2ccdd9d9dc637db5462fe8119c0df261146c363c |
| SHA256 | b4b69d099507d88abdeff4835e06cc6711e1c47464c963d013cef0a278e52d4f |
| SHA512 | 63969a69af057235dbdecddc483ef5ce0058673179a3580c5aa12938c9501513cdb72dd703a06fa7d4fc08d074f17528283338c795334398497c771ecbd1350a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | dce9d219c19ff884d28a01daf77b112e |
| SHA1 | ae71a25d35ed821b9ac0ccb1a2bea6cf0520aac2 |
| SHA256 | c0b4f001ef9b6b687c11504d0a9de9a59e21d7a33a16b11d38449995f08807dd |
| SHA512 | e946dcfc8a4d650b7da98e3cb11d3a66d2ddfb6bfdcde206e6620349c111b7f2002d0056b7ea515f6fbef35d4bff359c3e4c7eedb8aed432498783cdbcef4ae8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 206702161f94c5cd39fadd03f4014d98 |
| SHA1 | bd8bfc144fb5326d21bd1531523d9fb50e1b600a |
| SHA256 | 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167 |
| SHA512 | 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 206df2a1bd9c08707b6dd75544e2d4e7 |
| SHA1 | dcb22fcf1ff22aaf7c47a5fff57768873fa63b36 |
| SHA256 | 1559dbd38d53b14132c033b7f449b50d12a013dbcb24138fdce8734198755b56 |
| SHA512 | 52afdaa3d87ddc52c156528a93c1b88f1bff35ca71ffe10bdcaf4f57e8b7b1f4e18d84ec568edfb307e94bfa4b6360d6eb773f914d8e8960de67f2d606e32dd0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 5d229a8a007201381a8437094e075542 |
| SHA1 | 6a8102d9769fba0d8c3e3bd300b0e33cf863f632 |
| SHA256 | f3e951aec9a2654bf5b2e1d2a13d2203863439cdec918a64c78740b449a5c2f3 |
| SHA512 | b7b5ec38f39905989864335c37d432b647997f69618abe9a89f504d66a43dcbf92a8136088551414fe8489c5fe15d123ef792432c26e6cd2093c654f2a50b76b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | ea2251a837fe69cb0fc810d5be987677 |
| SHA1 | e7de451ee86d0d3093d939b987769be9b6560e64 |
| SHA256 | 1d013ada09e9f20b03c3c8abcac4ddcbc5e877ac848956f8d67314b7c709aed2 |
| SHA512 | c48af445e4e45ee8f145835feb220f8a5fb96a26518200cdef5558ac0a2ca27dede01dbe491e9c5985f5e8b6fabe5be751fb664f7bf0c3dcf504b88c4d0af1cf |
Analysis: behavioral28
Detonation Overview
Submitted
2024-05-26 01:03
Reported
2024-05-26 01:05
Platform
win10v2004-20240508-en
Max time kernel
145s
Max time network
135s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\Sign in to your Microsoft account.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe40aa46f8,0x7ffe40aa4708,0x7ffe40aa4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2080,82292791300259090,8645076192841862680,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2100 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2080,82292791300259090,8645076192841862680,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2168 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2080,82292791300259090,8645076192841862680,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2692 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,82292791300259090,8645076192841862680,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3172 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,82292791300259090,8645076192841862680,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3220 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2080,82292791300259090,8645076192841862680,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5112 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2080,82292791300259090,8645076192841862680,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5112 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,82292791300259090,8645076192841862680,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5188 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,82292791300259090,8645076192841862680,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5176 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,82292791300259090,8645076192841862680,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5540 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,82292791300259090,8645076192841862680,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5544 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2080,82292791300259090,8645076192841862680,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4784 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 196.249.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | msagfx.live.com | udp |
| GB | 23.214.151.138:443 | msagfx.live.com | tcp |
| GB | 23.214.151.138:443 | msagfx.live.com | tcp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 0.159.190.20.in-addr.arpa | udp |
| GB | 23.214.151.138:443 | msagfx.live.com | tcp |
| US | 8.8.8.8:53 | 138.151.214.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | auth.gfx.ms | udp |
| GB | 23.214.151.138:443 | auth.gfx.ms | tcp |
| GB | 23.214.151.138:443 | auth.gfx.ms | tcp |
| US | 8.8.8.8:53 | r4.res.office365.com | udp |
| SE | 92.123.135.95:443 | r4.res.office365.com | tcp |
| GB | 23.214.151.138:443 | auth.gfx.ms | tcp |
| US | 8.8.8.8:53 | 95.135.123.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.35.223.20.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 217.106.137.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.165.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.31.95.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 439b5e04ca18c7fb02cf406e6eb24167 |
| SHA1 | e0c5bb6216903934726e3570b7d63295b9d28987 |
| SHA256 | 247d0658695a1eb44924a32363906e37e9864ba742fe35362a71f3a520ad2654 |
| SHA512 | d0241e397060eebd4535197de4f1ae925aa88ae413a3a9ded6e856b356c4324dfd45dddfef9a536f04e4a258e8fe5dc1586d92d1d56b649f75ded8eddeb1f3e2 |
\??\pipe\LOCAL\crashpad_60_AQOGLOKTGWASNYLM
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | a8e767fd33edd97d306efb6905f93252 |
| SHA1 | a6f80ace2b57599f64b0ae3c7381f34e9456f9d3 |
| SHA256 | c8077a9fc79e2691ef321d556c4ce9933ca0570f2bbaa32fa32999dfd5f908bb |
| SHA512 | 07b748582fe222795bce74919aa06e9a09025c14493edb6f3b1f112d9a97ac2225fe0904cac9adf2a62c98c42f7877076e409803014f0afd395f4cc8be207241 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 1037b9c6909734be758f30281ec5c373 |
| SHA1 | d7270859b05f7a464d6c982814b572bd50fa7beb |
| SHA256 | 93a53b587cf1876056fa138327d4e6887e150cd10e2a1469489f9dd3cd5bdd94 |
| SHA512 | 5dd50e0d96e60252bf30d705e9287214a97cc98a61d350d8bc9a01df10062f58969e0b2a665d767e634c6c19c607ac064bc748c12d0bd4b27e033580eb4b965a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | fe84c7181bb1d96016f9f16531d6698c |
| SHA1 | 45f09b3c806e3bdbebb52616d60805e7bfa61e11 |
| SHA256 | 4772d9e73609d27eb7483e1e54d1f0d4a46582b29af5b1da9e1de23365da5fb2 |
| SHA512 | 33f6355177cf93dda6bc91e7a95e991d663e734ae037186ef6bbd99fd68f34eda24b34cfa4987c46933e2fd48c82c29cec6b6587b12ea00158b423dc112866c4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | f9fd84f65cabe4de62dac2f2de38bf6b |
| SHA1 | 3d01fa5b9d041ad433913ee872c2bca655e65383 |
| SHA256 | 91cec5402a1905b3038a7dae8bdedf7d23608e9d5075b8a60bde333bc8035b1c |
| SHA512 | c57ad0c7b1769c33d86cea57a7222e37e48be357eb1dd02538a234bc53d5a0b3502fb463a8214f964d71e4b7e02ea625e02492102b32f7cfb49ebcd78e46e22f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 807419ca9a4734feaf8d8563a003b048 |
| SHA1 | a723c7d60a65886ffa068711f1e900ccc85922a6 |
| SHA256 | aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631 |
| SHA512 | f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | c66c2764a01a01f27d70f83c102bbe18 |
| SHA1 | 52a72b53a72b69b28d7c02ac81b81920b9dee5f9 |
| SHA256 | d3e0d3be5bfff1f93133c8085b20a39d50408d4f1beedd1d0428a3906e14f5e4 |
| SHA512 | a5b25a531dacf68600ad13c71d3211f3647ca57b1033b65463726b7b808b3c5cdfe9320162bcc81d4bd682a94c5320afd56806d51b87a34aaf06523c4c685cef |
Analysis: behavioral32
Detonation Overview
Submitted
2024-05-26 01:03
Reported
2024-05-26 01:05
Platform
win10v2004-20240426-en
Max time kernel
148s
Max time network
157s
Command Line
Signatures
Command and Scripting Interpreter: JavaScript
Processes
C:\Windows\system32\wscript.exe
wscript.exe "C:\Users\Admin\AppData\Local\Temp\Sign in to your Microsoft account_files\ConvergedLogin_PCore.js"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 232.168.11.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 4.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 209.205.72.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.165.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 72.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 205.47.74.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| NL | 23.62.61.97:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 97.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 85.65.42.20.in-addr.arpa | udp |
Files
Analysis: behavioral11
Detonation Overview
Submitted
2024-05-26 01:03
Reported
2024-05-26 01:05
Platform
win7-20240508-en
Max time kernel
119s
Max time network
123s
Command Line
Signatures
Command and Scripting Interpreter: JavaScript
Processes
C:\Windows\system32\wscript.exe
wscript.exe "C:\Users\Admin\AppData\Local\Temp\Sign in to your Microsoft account pass.js"
Network
Files
Analysis: behavioral16
Detonation Overview
Submitted
2024-05-26 01:03
Reported
2024-05-26 01:05
Platform
win10v2004-20240508-en
Max time kernel
149s
Max time network
153s
Command Line
Signatures
Command and Scripting Interpreter: JavaScript
Processes
C:\Windows\system32\wscript.exe
wscript.exe "C:\Users\Admin\AppData\Local\Temp\Sign in to your Microsoft account pass_files\ConvergedLogin_PCore.js"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 196.249.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 4.159.190.20.in-addr.arpa | udp |
| NL | 23.62.61.194:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 194.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 209.205.72.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.165.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.31.95.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.35.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.236.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 2.173.189.20.in-addr.arpa | udp |
Files
Analysis: behavioral17
Detonation Overview
Submitted
2024-05-26 01:03
Reported
2024-05-26 01:05
Platform
win7-20240215-en
Max time kernel
117s
Max time network
122s
Command Line
Signatures
Command and Scripting Interpreter: JavaScript
Processes
C:\Windows\system32\wscript.exe
wscript.exe "C:\Users\Admin\AppData\Local\Temp\Sign in to your Microsoft account pass_files\boot.worldwide.0.mouse.js"
Network
Files
Analysis: behavioral19
Detonation Overview
Submitted
2024-05-26 01:03
Reported
2024-05-26 01:05
Platform
win7-20240419-en
Max time kernel
117s
Max time network
121s
Command Line
Signatures
Command and Scripting Interpreter: JavaScript
Processes
C:\Windows\system32\wscript.exe
wscript.exe "C:\Users\Admin\AppData\Local\Temp\Sign in to your Microsoft account pass_files\boot.worldwide.1.mouse.js"
Network
Files
Analysis: behavioral30
Detonation Overview
Submitted
2024-05-26 01:03
Reported
2024-05-26 01:05
Platform
win10v2004-20240508-en
Max time kernel
134s
Max time network
132s
Command Line
Signatures
Command and Scripting Interpreter: JavaScript
Processes
C:\Windows\system32\wscript.exe
wscript.exe "C:\Users\Admin\AppData\Local\Temp\Sign in to your Microsoft account_files\ConvergedLoginPaginatedStrings.EN.js"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=3452,i,16710585221322798697,8586257254049248207,262144 --variations-seed-version --mojo-platform-channel-handle=4432 /prefetch:8
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 232.168.11.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 72.32.126.40.in-addr.arpa | udp |
| NL | 23.62.61.194:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 57.169.31.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 194.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 149.220.183.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.23.12.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.35.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
Files
Analysis: behavioral1
Detonation Overview
Submitted
2024-05-26 01:03
Reported
2024-05-26 01:05
Platform
win7-20240508-en
Max time kernel
121s
Max time network
129s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000760f6fb6d7365248881a38bcea68cf8b00000000020000000000106600000001000020000000d416b654da78687a402f4119af4acae8f1c7f645de1ef4ab1e7ef97724d30499000000000e8000000002000020000000fd0dd82d79aa5c330ef965de3532974a267774dbafd280fcf52134a3256a4707200000009b8c00f4d7548b19139619c612c9108a762074152b0765dc408ca0fad67602c540000000535ba7ad546be2700be278f5ecae17e750d9b19a0047665bcdcd83af26750e8033e1af019686549e75205f68d2e5901c57177fe52b41b23df1b7e1246af9b13a | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "422847256" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 00211c7f08afda01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000760f6fb6d7365248881a38bcea68cf8b0000000002000000000010660000000100002000000015b77ca847d787590e244462dcc742e6998de9fe1bc6f792cfba0f9fcdcd647b000000000e80000000020000200000002e286922128bf881b56242ced5e24493e777ba4523fa2ead031758b72274427c90000000c505b840d9c3ed04e3843ce23bd4695b3460b8aef1789c4c9be0cd2601e4d5807248b09046dce6af2064b2eef8d39ce4831b8643c35f2bbb8330a3d24b271c020a44cbc1433b1d5f317c35650ffdc58667217319487bc6b647611bc76fcda833ed7d4df9656bc95af6ae62032368b482395d507c50b1416338fb542165c4fad53d29d3352162669744112a78b7d9faf540000000ddff91005113f0a6cd35d28933b01e158ee346e4b623ffef62c06449de12442cc0091618893efcd18e427d33000c148c32eae818e6ab1920b8ad8375a28ef875 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{B7CE68F1-1AFB-11EF-9B88-D6B84878A518} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 788 wrote to memory of 2064 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 788 wrote to memory of 2064 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 788 wrote to memory of 2064 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 788 wrote to memory of 2064 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\Outlook.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:788 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | r1.res.office365.com | udp |
| SE | 92.123.135.95:443 | r1.res.office365.com | tcp |
| SE | 92.123.135.95:443 | r1.res.office365.com | tcp |
| US | 8.8.8.8:53 | auth.gfx.ms | udp |
| GB | 23.214.151.138:443 | auth.gfx.ms | tcp |
| GB | 23.214.151.138:443 | auth.gfx.ms | tcp |
| GB | 23.214.151.138:443 | auth.gfx.ms | tcp |
| GB | 23.214.151.138:443 | auth.gfx.ms | tcp |
| GB | 23.214.151.138:443 | auth.gfx.ms | tcp |
| GB | 23.214.151.138:443 | auth.gfx.ms | tcp |
| US | 8.8.8.8:53 | r4.res.office365.com | udp |
| GB | 23.214.151.138:443 | auth.gfx.ms | tcp |
| GB | 23.214.151.138:443 | auth.gfx.ms | tcp |
| SE | 92.123.135.89:443 | r4.res.office365.com | tcp |
| SE | 92.123.135.89:443 | r4.res.office365.com | tcp |
| GB | 23.214.151.138:443 | auth.gfx.ms | tcp |
| GB | 23.214.151.138:443 | auth.gfx.ms | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\Cab3B6D.tmp
| MD5 | 29f65ba8e88c063813cc50a4ea544e93 |
| SHA1 | 05a7040d5c127e68c25d81cc51271ffb8bef3568 |
| SHA256 | 1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184 |
| SHA512 | e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa |
C:\Users\Admin\AppData\Local\Temp\Tar3B7F.tmp
| MD5 | 435a9ac180383f9fa094131b173a2f7b |
| SHA1 | 76944ea657a9db94f9a4bef38f88c46ed4166983 |
| SHA256 | 67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34 |
| SHA512 | 1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 94935f26c7ce3caa0d1278fc0a0436e4 |
| SHA1 | cee589c4c44b025d02f9eaa3a9c88c45cadc18cb |
| SHA256 | fe8b314feae4e8b3a62dc4f91ba0e5766786d43d773a4453654c00e1c201dd09 |
| SHA512 | 6636d8a5e95adebdb3b1b9dd5310ce8e6da2d80b54ab748b26ba37c5fb9a7bfb1e434f0d248977ea2cbe92bda45af5a741db2e490f8bbb315ccbbc0ec605f3d1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2ced561f41e37b594b8622c1bcf8807f |
| SHA1 | ebf004aedb2801982b8762d8fef0b5e63ea9cb67 |
| SHA256 | 4337840a4fb7902b1bdf1ffa307889863460ddc8ad062500126ad41bae6a70e4 |
| SHA512 | 24fcad68cf0ea00661cd139f430a74f2f0e329e72da6b264ea76968057c993bceab9747d553976a91c1624762f75f7435bc1fd206524eb1ddb9d7c73d955e92c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0203c6c4e5ec12bf13d3177c1720eda6 |
| SHA1 | 7829e35b51dcb44592648f27aa15b2ec21b0d184 |
| SHA256 | 5fb3f4074c63e7b8709c1164f4d99e242b29e28d4ec6346d87984b9740fd4320 |
| SHA512 | d3b9e83319de0be6f203665cfcd9d41299c9f7a5c255d4081ec19e851fa0dff5e910fe6a704af7388472605b1f55d027eadf641d55a4aef0b8dfb080f0b66bd4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 57aadca51fe08f24379f5e792b94b2dc |
| SHA1 | b1b160c5faefea69fcef1004dd4d6c03ecd971e3 |
| SHA256 | 43f37414bbcc90a81f5f8a425b38f63f12963443500e241a9e4baeabffbb25dc |
| SHA512 | 8a5e5660b471f5e2afbb499427af73dff042dca38782e4d6bcac3688aca8cba829267d51bfb5e6e27e4d91985be7c77b4e257cd9b418dcaa348862841d83bd65 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f9de54eeb566246e1dce4bf453d5cab3 |
| SHA1 | 1d2d3e016c1d5dd7be5d117be972889481990eb8 |
| SHA256 | bc57cfb8e00fdea800e80081f8ad56d7c19af9e6edbf7f1f16d68e78dfcb02b5 |
| SHA512 | 1113034c2d3960d79f646a5abffe039cb1a80e0503827c0e7a03957f437fe6429398315e9fa2fe2fc35ea980037f30fdfc2eb7e099e0d5b37b827c7c057a3871 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 310cf8c7cedec971a5f44dd66129c71a |
| SHA1 | eb3ac1ba063d6e8c11f3c7e0f015e411a72c5875 |
| SHA256 | 3f1710fad24039e925f732ccd87a0412e502f8f20dcc05f0c802a491053a0f00 |
| SHA512 | 2c1f992c977e720820acfccb3fa5fb43db8799cac9778a1e6a84cf56573f60be1fea96ae4347a5fbbdda5683d8ec2742e064d74e32c9f5c2f93975dd4f0b5f04 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 947d99535a95f2ca2a5d61880123ae08 |
| SHA1 | 5049110f3464f73a139742f3a8590c9c8e2567c1 |
| SHA256 | 37554476ef00c6575e0fb6578bbba2d0bf86bd03ed2978f84808c3a3fa14eb67 |
| SHA512 | 95ae69f66d0faad58c34b763870d7e3df7475b5b0a9704aa5955aab7e170c21b816220bfeb5ffdfff83af659f1b7c0bb644839410efa14839d0bffa65c6dac31 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ca5030a2790b3012912e4f678e9966b3 |
| SHA1 | da23bad74c89619ed54980ffd0833483300f5196 |
| SHA256 | 7ee23c52ee3847c229e33a3442e0fd5c33ec999360cafd6d82ec9b004986b7ef |
| SHA512 | 2d3fa73328590bb5d01259be97908e78a23a20bb338bd0aa0b0b3201b74ca29272f8c50776b7aae444595c4f47c771bf0e9851744a90d7d774f9740b9757a465 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3a9f31deccbdbcc104b578773659194a |
| SHA1 | ae60fad919d3ce79fa5d20d22c6d71bc9693531c |
| SHA256 | 1734ea873e031cc79e7a3adda341d244b108160ce8109cde6084270c9b4e46b0 |
| SHA512 | b466e1c3479ab8f9472e0fdcf0517c6308bda6c1e6556097987ec9b2ec5aa66163a3c9539319abb758e1c753d3bf69032552e05fe59e065ed5f7c7fc0c17a9e3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b1f6c8b490522499a531182377c9410e |
| SHA1 | 1eb7489ac121f45601f60086cfcf307113a4f808 |
| SHA256 | 7992b74d27850a1cfec5a741dbdb407e9c48b29edc3f91492652fa49683ed555 |
| SHA512 | 892d6b4b4d93a6694fe185428a09f705be6316867a4f56bca7593af172fc5f9a84c679d786cf5f1964a08bc2dbb1314038e4f848ff786da0fd86b8dae967042b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 43a99bc98201db2e7e21793482e244de |
| SHA1 | cefe7fe958d8b2e5b9435bb351f792165ec44e1f |
| SHA256 | 97ba03d0cc22aa89ebd9c8cc763e79835efc899331d41fa8485bc38aa454af1b |
| SHA512 | b33dd3667fd04c513102203e22d5c2efe7c8fbba62bdcbaea2bf0260de98615d4972a5e65e2c6db444c0853f8f6f1879a689453c4a3028811c401c616bfd543b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ec32c646270c6ff7ebe02e325d7627ad |
| SHA1 | 2bffed362a5cd60fbc8d422bde63cae03772e8be |
| SHA256 | 4701d9b72d079383765998bf58671979b17c1af9c98cc4d43353356b2bcaedcd |
| SHA512 | acfda66c134e91bd4e211d7054226f3e90a91ce594674cbbaed9202760ebff059f800a8e86fa92573a080c00c4e35bf68edda30fec1d39188a9f9106a5db5bf5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6bf329b00feee4e45b439fab35fd82e0 |
| SHA1 | a1d781adc765be71ccd57bba396959aaad4ebc09 |
| SHA256 | e04baea7f5ab00239bb2c0f4ee81a7b34056c5e68fe00ee3082b07ff561aa714 |
| SHA512 | fc3333020ec148c47eade55b566f60cdbc22bd4a9611346018951086d3a76d834fc63095168300ffe6db1cf7b22f5a826d1fb16bc8253eea9e55aa4c82190990 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 71c80a0b6e1a2c9d5cb2bdca042450f1 |
| SHA1 | 10021deb79f9ce8c3b1cd52075f492ef96b2e2a7 |
| SHA256 | 6a98c55746f385475bac5af91cdb11b5be1ac421f37a198d42e085aa33cc4d45 |
| SHA512 | 780d297e3e1c97ce5b064a31e837f3f89f614291731f6a0912c95e94a8b6d5e0ce0ed43eb868783042646c2899ab17bf834612ebc1d56d611d6aa61a74359a5d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0f87105cbdff8e68f79bf9363cf8e4a4 |
| SHA1 | ff54671b2e64a55400df70b077f042d5313c7cd7 |
| SHA256 | 2c468f40f5b6631dcce811a989910134ebcf156bf8e46c5805b1ef470cf2e199 |
| SHA512 | fb1d486311c7fd460c5f49451f89a40c5da3dc01a191e9ed5d73ce036872b3f0662ff4d4019df20569f381ab51237e265c1c4e8afc0ac7b99c61f77ac1afb162 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 55fd66ce6e19c2a32d9923f7ae62d66f |
| SHA1 | 65e416a045eb317c576b2f43fbe5aa2cc658a0c2 |
| SHA256 | c3e0ed2dc8a255a16cc79b2e42d0e7a32a69fad8cf78628c1cecee61f4515cfd |
| SHA512 | 056e39f9cc2f06117fb46bc616d5a41accbeaa82b8e398b2462509d3b4109684e66083d49a0dc0ab47c3f5c4eda6d30df402731053a2a590c67b9b4a280f1cbd |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 494559fe961d87c49b9a848645c96d5f |
| SHA1 | f861e6eb3d8018c1346a98cb0c8b5082bb23c933 |
| SHA256 | 6f1328bd92732bd26a436da8b47c6fb91af906fc7ce36a8dc97b5bf910f1ac1c |
| SHA512 | 720965a42159023fc43eaa836ae31642d4fb80a166f64e4e9f324339f575bb528c81851d26e42f0b3d5fbbd73f087ea3425a865d4fb9846a19fb1872126a30a2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f23e6df4f155b74d3af45cfe3037af8c |
| SHA1 | 53037e05a21d66174bbc0ccfb541618ebaa135a6 |
| SHA256 | 3b4e1e6b4ee73918b30ec4d9baeae362203833fbc99654f15c36b7b754d21bd9 |
| SHA512 | a1bd90f3c573f8cdca0a7cf9eefe43295addccf24ca66e538e2e33260c8b245c4eaa150f591267ed0d69471e16744b28e668c8707ee12391d35257750d55223a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ad8b518921767a521033d85da41a2b19 |
| SHA1 | 3cc95e14042f698a4add62ef035707549535508d |
| SHA256 | 8ee0f676911607fb5970f332b1c93130143a0a0becbceee7812fb88f51ac4802 |
| SHA512 | a7e61e1f54ecd2c40642cdc5b0380c83520b258adc95013b3c0a3419aad575a6a5fc445350bf0833eb92886ff0692a4031d14c86eb1d0de7b6d3f7502dc18e51 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3cb1b39550a9eea8974915c574c58385 |
| SHA1 | 99e2b022689f19595dcefbd8a53337d3187b3493 |
| SHA256 | 06799b478e35d7178dc79383470994b0ba31fecfc826557228fa655e617e7075 |
| SHA512 | 1958cbef1c4a1ecd22f05364402cb8d55ce9b2fd333cf20a4302fa941e2388b91b6168b68b293f2f6093eed4183c394e24f34b31b3a89c043d003d4a6f579b35 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2f14d96634d4876c3d1ed7f7c49ec92d |
| SHA1 | 4cca5eee2c0f4a5ba20c35d111e99d4d012d40cf |
| SHA256 | b1736eeb55df550ed4c048882697ab4fe0fa429b52c3c906d364b355a8aa1839 |
| SHA512 | 2e4130db9a72b44bb89c7a47a3bc254f5069378de4f18444a20bc1d06b15e3e6403b0991b3f0ae0d7527f112ef33695af750c351bf14678bba69581f5963a7f2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c8dd533471a9441b453d104eab0a2027 |
| SHA1 | 57c7fb103402e4369935d241e4a3126aaf393391 |
| SHA256 | 0be6595b03ab0c3982bbe66c287e6c88967ef743df3787ff1cd2981772537ae0 |
| SHA512 | 38fcf16477f9831acde6d9fe5ba722d5f0d06deb846fad6681fffcbdfe34b821282cc95fc99fa8ec4779d3cbdcc692a7dfa78c0e2b9c8fffcc077c4e10d93a24 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7ce223f017e7cdafae9d4dbd6da3715d |
| SHA1 | 857b5138f90e23e4c8126175d6e94bd684c10afd |
| SHA256 | 5d9d2fa7dcc52e79ebbe4ad67fd85c50eff78c29ed83245af9fd924bab020e4f |
| SHA512 | 7a12adb76f106db99ea0e42eec2930241c695e4cd05abb38448802405fbfb0e2201b3f67beca3eed609d56146969ddfc808efc7b62d6b3055f9ee54c470a6c07 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2812d57a63261bef3f9ac849d7871be7 |
| SHA1 | 7093d7bb2b3a93f3f158d2ef7ce721580de192eb |
| SHA256 | 2b1d0b8d866e47e2fbe95dc080d57fc3224599cdc491997919ce3b4b982dfc9d |
| SHA512 | 66234bc83cf5db11a7bb61677bc292041cd265710a6a68bb9ae78bd45aa2aac0c4596c2fa475d453756cdac2c7632472435417fab60bff704c80aca1aeb89cd4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 999d03e017b0d407c66e47c4f0d14098 |
| SHA1 | e4683b6bc669a50e32825b0714df9c008843f021 |
| SHA256 | acf4304c1927e106fe2f214c87df77671027494230ffd7c2a16615ee5a9672bb |
| SHA512 | 468cf67941b457745f9e02b931429d7ff212972f92442d829b58c7c8d0aef61f2bae9c4e295208c00d3e391dac53e01489c96fef86b26dad4a664f4bc330bd16 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6fcf802e9e39c7d14a6e498b9b3405ab |
| SHA1 | 7c5ddc539e2800ddf93256044c6f5f8c856970b7 |
| SHA256 | fe6a5b009aca8679a5b3be1f40780530042cd4380b74a021c9ee238209d463a8 |
| SHA512 | 18aa00ab9aee92596b20db76038aaa7e125a27bdd31fbf229629bc2bac704438de3efe21aef11a8d401facb8b33a25253e866ac3f0c7109accbae076f0035eb3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 304830d572f5d698f821812d938d025b |
| SHA1 | b38873e3f84f117fff171a816fb71c4b1662d22f |
| SHA256 | def359ffb8ce2532db4e3ea7c2697a3df0c97bb1b863685986dc95bacaf47ea7 |
| SHA512 | 8a464b01afdde058e6d2daa7c75136ac9d0a4ac40a690482000b8ebee44f37ae7c0832183975bd72c919cc1c02cb92fd6eec147b1aa10ae4798fdd4700d7ff95 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4bb2cb7521fdf4c15f6427954ce1c788 |
| SHA1 | 0f340543e0ef3b5304e3c4bb244bbfa6e2758312 |
| SHA256 | 1a8e1df9e16fafba29fb080f4f438644cc56653b543b7fad3da49d7a1ddeba80 |
| SHA512 | fac33df0f5881d9051ecebcdbb066b1ec6a9755cc2cf3f98abcc89b2da84e8d059cafd3b410505a924e95b590b7200f48f8369da8d9ef9276146d015b17bffa4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0fcbbae39fb470ab48b1ed44d8a46125 |
| SHA1 | cc9894e18e83827c2eba9d53c98b37ed46170825 |
| SHA256 | f2b7edc6a0fd57385ebea29a3ec2d471fc8984983d789cd8b1e6446499e33c22 |
| SHA512 | 5d0da2a29e54bc3f064c937396ea4927f91c5b1ee653428bd3e8fac424fb0e367c3b3b1a684e0f15f8219e6debaa6ed4513bde4c52b5f9be0403cfffd7b2e985 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 45f23250e0d969d41663473ab510e752 |
| SHA1 | 142db7b8dbe214902868596d616b25b3b510096d |
| SHA256 | ae694fcc88a9928455fad5a423a15c34da34a903d7c6e7a6c63cd410e13536d6 |
| SHA512 | 151b9c69dd85bc58b386c5538bc31409a59fc8decd64281981ac5855ea2c6b6430ba55b7e993c1ce9e0bf56d23e39bce73068594361a7b36e41a4bdf382e3abc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ca0384f7c6ca9ef3ee71d671050ad89d |
| SHA1 | 77a4ae2f4cf2a102bc4d0572c5b5f7ec6a5f4937 |
| SHA256 | e2ddafe19e5a182b425a2af84e3cf8e670fac8dadb6df8d99b5029b3da4e71fe |
| SHA512 | 4eb51799f00848723fb01227b0d4b894557eee1695c789d8385b25f4bd0ce7fe3b63a089d5b45ea09b349a5bb0558204d1a89872d308eb0e890ce4a003db2645 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9f3125606dcaed8a4d25d78b80187786 |
| SHA1 | 2f5171ba16543539b8a79bea39ed9b0c1cc467b2 |
| SHA256 | 742f5a6ea9669e5717fab3bdf2e6adafc667fe903c73b8bfb280d0479b5e2e57 |
| SHA512 | 47a21d2547066e1c26f78a58bb4ba92980c7b7eafe151c26d5440fac8e2568550447c783a20d8bcdf2976e23b5dd2c6e8bd7eda464e8d204bc6e8fb5e21a5226 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 979cc437125e351b5617a119191101a8 |
| SHA1 | df9f08bc6cf9376fd7eabe9532e9181947689367 |
| SHA256 | da5096754c64f759bb38857baf1f12afebf8f8d1f903b47959a719480ccdd898 |
| SHA512 | 4d89da90080931713018c2d05facdcc7e42d6695e953e38ccd904cc828ebcfef1cfd9e4b48b1ebae02a03e6c4e23f2154865288d0d4766034f7cba90828c6b4d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f3969b532086e15f765bfedffe93cc83 |
| SHA1 | 18f4f8ef4095975e08ef2719b86b8970acb006cf |
| SHA256 | 519e905202dc8404cba77aee4ac175ac17260c90d59b1942ed404fcb0db6bc56 |
| SHA512 | 42662c4c6d1709f69b8b1b66031ed83c0b5d12ba2eb136493a5aeb4791844af03bb7d72a794181518af880994301db438605967cd4a7e833628ecd7ab9d7c28a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ad7e96c5132c747e334d406315c359b2 |
| SHA1 | 13d44c905aef8b620c7870d62c51f75ea74d44ba |
| SHA256 | 0117fd0c77436558aea4ead243f7c6b0a3b7559fad27b16e9fe65200c22d264e |
| SHA512 | 03285f628617cddcff0f53bb60b733607f05808c70ea54c865f48ffd3785f3d034c0070b16d1b6e96c71c0103289d969064f302b63db610d12dcb2541dfc1e2d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3a277658bde67dbdc865c17dcce516e0 |
| SHA1 | 1d542188193466cd54500cb5cea1a63d09fcb2b8 |
| SHA256 | 651f06963161575c6cc86ccc70aebb17de86c3478f48f7534f3654e5bb6a042e |
| SHA512 | 8ea6d725cf2dc589923d795e0bcad6f0b61984ca84702e92a5e1a59a1374fce99fadd4513bdeb35e3d4fe34203da838ad10f1cfca1d5fba768374c77b19fee27 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3b0101d800ab04bfbc916bc7d5480efc |
| SHA1 | 77fe52da076fb29419ccbb9021a244efaf42dc6e |
| SHA256 | bc347f2d99608d0f7af64c73cbb3c7d31fd730a61790e300d3f474557d71264b |
| SHA512 | 7b1f910e249140b0d2a990b7adee1a25dd0da99346c9925c72a692cd98ba642fb33428f72cd860148309cecba66fc52b04f3bd001bbef067deb6535e2f07e843 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e7a752a19044eac37f699d3958d7403b |
| SHA1 | 8695aad4217dbf6cb29a69941b3910489c2f83bd |
| SHA256 | 744d7e7048ed0c0697ccf4dcde66e9fef7cc6c602317c50143ed758aea59a2d5 |
| SHA512 | 08e49ea83e8aa18554168aae57ccbfa6e83ae8562b42ed92fd446b5e356bb17530c3c0e7a854bdee6b0af940bbcf2d5e561514ded3648e92f7a9a39467c889d3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ed78900568e6fd6fd1cca9418fea242b |
| SHA1 | 8621f9a194c23220c4dd4705ebf6acdd5e775b55 |
| SHA256 | dae54051ca303b09a2e2fae6519c30fe47182bf07775a30c8ce5021d99ee439a |
| SHA512 | 3c7993d0dbb8386cfc2d9333c6130c37b05728117240ad1082ce5723602aedb70d2319753cd18ae51817fe4029b49c21dd60fff3f52f14905e096c8bd0865bd0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | acba566612363171f08276243082bc44 |
| SHA1 | c1419bb745bc9fe7f32e913a7c68a33a36aa0162 |
| SHA256 | 5e2b4fb7525454d068bdfbf8eb3b973906472fbc99a62e64c8b4d84a63aef0e5 |
| SHA512 | fe38fe40adb777c3b78e290bfd1eabb01e025efe499e5a8c85ae4d324e241a49b9543bc07196d937a948369672975bad8a08a68f3a5f3045d1fcf868938fd126 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 61b9f52db3a749fe4fabf7a9274557d5 |
| SHA1 | c0c10b0fe400a74cead46d7a22498567c74a6623 |
| SHA256 | a2c6f8742b5a113720ce9ade564ee1aaa664b6ae9828bb52d5d355ef0a96a08a |
| SHA512 | 0d5abde7ba09fdd818889ffe6bfc9b773dc0c1ab7f1f7ff0c3166e312b46bb6c789cd00b069205ce1a736b8757e56bc94916b5c09e9c55c7a1fa381b77576072 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 844e19d69123094d2b49780829a9c88c |
| SHA1 | 7540e5a1d67f9eee95e9558a9f65bdfe7df8f194 |
| SHA256 | 8b291483ea1caecea1f8e4ed53c10c69bae396028f1c15d818e987a297a24114 |
| SHA512 | 85d5ba88346a90a6565bab80832a3a182f1f5422db76ffc78bc67cfc2778ff644fa0d91a1ca7960a77a08b1422082f6bd408eb965daefdb1088140035ccbf87b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7880f0b1c2bada9674bb7317a8a8ac86 |
| SHA1 | 92f6260ef3d4cb027bc5c96723b4d31581a3916e |
| SHA256 | 7b72698201977a6e7dc31625b35fc2d7edb9a1ab5079037fb0dbbaca6d21c6a0 |
| SHA512 | 13d284319e7fcf8b52cbeb469d0343e16b4af87a8f3c32f9cb5ec7930d37179c801cd759a8bd0ab0495e95931fad734e158a7990e0dcb6d754e207224b4e0cd0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 15dbc63bef255aeb2e8977abe66e92e5 |
| SHA1 | 3d85ae2258ac09016f4f9bae4d2208c36aee149a |
| SHA256 | b1af4db350a1b5e5fa800325a5f3c53b91d8a448190026689416a0867e9aeb25 |
| SHA512 | bbf489e4c6b7f52a6d21175762fd1064c812da1f16d051216ee7e401831c1b3418c15ab833a6259b10dc57b788fbe5d5ef581c4346ec68561cfc1c8e4b4fa560 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | bd92a4e8c49a59e0236eefa674d31644 |
| SHA1 | 1df305a6119b86ccd260761968b015d4ef88d851 |
| SHA256 | 219914848b3d3748310582872cbbe7bdfeafad768b4418d97b0c313154641041 |
| SHA512 | bb58ddc31fc1286035608c237bc2bbe60d02e6eccd5af21b85fd8ad75c0553990c6abe06cdf3d7e3bf86816edaa48a04d5d0f35ac4f1aa0f5d81fd4f2c081294 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b2346d2edd811b19e181486e1da50258 |
| SHA1 | 1d5abc02eb7c6e1d0e03f4b3bdd62a4e19175ca1 |
| SHA256 | 03299643d37464f63675bb3abda08c777d854a26773617ad4804bc2f454cbd96 |
| SHA512 | d3ff082e46a9080a88883731869c17da38ee3e77cbd12560bee7a1ac7b1d5115c3b3b88aaa5192996359e47a2252e8cc4cf5101e1dfecb8b8b93607fd2ac6579 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 96c4f27ecbc7b1c581bd4fddf7853b50 |
| SHA1 | 3db2c63dd5ff90314f77bdaf4f485408d30c6f9a |
| SHA256 | 827924527c0ee452c2048bfa91c27407e88414eb78593181455fde10080a9e53 |
| SHA512 | e7031f8fe84ffe42e53a1523689e8a9365624973d238900f335b1bdb1f65c61d8a40d2d82ae586421995346c7da9ca4cd0ad09b59adcadab363c71245230a026 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8a56566ff41a6f37b58c91e63beaf64b |
| SHA1 | 513ebc00881620e07052834859db50b706b25d81 |
| SHA256 | 17b0e34c16f0136c6c2211296ce7194c069121d193055d1a4f29491f8018f866 |
| SHA512 | 46517724276364cd0a4a21de8e675593c69558648c93a375b240c5eb4cc61f79c1a40d58541bf82d7381bbdba6fd14978c6ea348b324a95f13d7fefd6a3cd14d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1fc4f3fbc504eead87eeb489b0b20572 |
| SHA1 | 0ad7d47d963f4373e2a480126d8f2242267b69d2 |
| SHA256 | 1288ead335fedc24ed65e169a554e47bc5fc134d8e6ef84af4285dded36cd111 |
| SHA512 | 4e849f6c432307284c4bd330e5fc4d128909776f97e076c566255c6c5befed1d0390f823356a714334cb37bff829945392c0143f8be3f991012a3cdd7b461b4a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | fea0d59be2f3cde3ecf43e22aab2d72b |
| SHA1 | 6c4c248b60302876fab49b11c0c9d85c1d368c56 |
| SHA256 | 52bb7b6ee3f118f0567e5bf888a409c403a39c1f22bfe00e520cb713feb9c703 |
| SHA512 | b2d23d50262541fbb968e74e2a27a4b96128dd879c9d94f0faf0a2499e5477e9918210d90099f6eba25dcd9725ec83e5bc71b6021bff524f09f1d17a9dc50a92 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9f56aabff978cbaaf9fbc2cae2fce040 |
| SHA1 | e3b84883c35669aa15a5ca6f94e35878a41f2fdb |
| SHA256 | 816b50a374f99f6fb45bb9bb4c52f5a277882892f9861a358e8c9060d671f09b |
| SHA512 | 804b14008e7c3108e198ac80b43665b56cabf2b7a4e548e997e44f643265cd1a7189cdc5580e56859e9b75800a0b9675bd8ba747158b37e9f69e13dbad95c327 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b24cb362e85938495a2cc21899a6bd8c |
| SHA1 | 2f505fdc5c9c8e3410328a127152a58c03d7ed1b |
| SHA256 | af0ef0715ae8a64a2cf0ee68d6e773d56c25b18a9698c88397a0701b4ee26281 |
| SHA512 | 04ba504b801a04d43e06dbbb50d735907713fefdebe5c1a33ee0b4651916537377e3c1a8d93e8713bf8dca7e9923ee47065c7809f94726035c310286d43907d9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | eea00d567f664c8dcd4bd5fdd52a0c00 |
| SHA1 | 68671122f35db7355f11e8fdaa350189ca0655b9 |
| SHA256 | ead4d9ba36b23682dcccebe33c00bb768b0dfe41a28ee7b7fe5d206689155325 |
| SHA512 | 8c07725f4eea386900bf47774084e399e36bb3f808915cd22a1714c8535710c6d37da132490dbf610289b8adf540d77ac581ef16aa38f009b16282bc8c5a7299 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 04803110c1f4d666fcc246016bc0a160 |
| SHA1 | f45437c9f77f86ef447e5161e2978ae7c268efda |
| SHA256 | fc06fb59cee6e252938a41804e304b4a74f9794edc1eebc1ecfa677e24bc34b5 |
| SHA512 | 595c14bef41bb0ef66aa442f279e9cbc25a1f38816ac8e09588314c254f1406669b6249bd0a728202cb8cd555c3db3245215c43f47df6eb5aef3f4777951282b |
Analysis: behavioral2
Detonation Overview
Submitted
2024-05-26 01:03
Reported
2024-05-26 01:05
Platform
win10v2004-20240426-en
Max time kernel
145s
Max time network
146s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\Outlook.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd7e2546f8,0x7ffd7e254708,0x7ffd7e254718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2012,7193505111289498997,7705698579530228164,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2100 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2012,7193505111289498997,7705698579530228164,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2188 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2012,7193505111289498997,7705698579530228164,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2712 /prefetch:8
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,7193505111289498997,7705698579530228164,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3220 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,7193505111289498997,7705698579530228164,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3248 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2012,7193505111289498997,7705698579530228164,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5040 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2012,7193505111289498997,7705698579530228164,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5040 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,7193505111289498997,7705698579530228164,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4108 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,7193505111289498997,7705698579530228164,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5108 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,7193505111289498997,7705698579530228164,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3856 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,7193505111289498997,7705698579530228164,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3328 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2012,7193505111289498997,7705698579530228164,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3936 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 196.249.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | r1.res.office365.com | udp |
| SE | 92.123.135.95:443 | r1.res.office365.com | tcp |
| US | 8.8.8.8:53 | 68.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.135.123.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | outlook.live.com | udp |
| GB | 52.98.207.146:443 | outlook.live.com | tcp |
| US | 8.8.8.8:53 | 146.207.98.52.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | msagfx.live.com | udp |
| GB | 23.214.151.138:443 | msagfx.live.com | tcp |
| GB | 23.214.151.138:443 | msagfx.live.com | tcp |
| US | 8.8.8.8:53 | auth.gfx.ms | udp |
| GB | 23.214.151.138:443 | auth.gfx.ms | tcp |
| GB | 23.214.151.138:443 | auth.gfx.ms | tcp |
| US | 8.8.8.8:53 | r4.res.office365.com | udp |
| SE | 92.123.135.95:443 | r4.res.office365.com | tcp |
| US | 8.8.8.8:53 | 138.151.214.23.in-addr.arpa | udp |
| GB | 23.214.151.138:443 | auth.gfx.ms | tcp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 204.79.197.237:443 | g.bing.com | tcp |
| NL | 23.62.61.194:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 194.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 237.197.79.204.in-addr.arpa | udp |
| NL | 23.62.61.194:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 57.169.31.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 157.123.68.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 88.156.103.20.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 4dc6fc5e708279a3310fe55d9c44743d |
| SHA1 | a42e8bdf9d1c25ef3e223d59f6b1d16b095f46d2 |
| SHA256 | a1c5f48659d4b3af960971b3a0f433a95fee5bfafe5680a34110c68b342377d8 |
| SHA512 | 5874b2310187f242b852fa6dcded244cc860abb2be4f6f5a6a1db8322e12e1fef8f825edc0aae75adbb7284a2cd64730650d0643b1e2bb7ead9350e50e1d8c13 |
\??\pipe\LOCAL\crashpad_2344_UGCOVFCLNNNVNKJD
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | c9c4c494f8fba32d95ba2125f00586a3 |
| SHA1 | 8a600205528aef7953144f1cf6f7a5115e3611de |
| SHA256 | a0ca609205813c307df9122c0c5b0967c5472755700f615b0033129cf7d6b35b |
| SHA512 | 9d30cea6cfc259e97b0305f8b5cd19774044fb78feedfcef2014b2947f2e6a101273bc4ad30db9cc1724e62eb441266d7df376e28ac58693f128b9cce2c7d20d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 340a0769fae0f2c35f4e35b0eb8b1015 |
| SHA1 | 5f473ad670ba84b7120412a16f069f5e530385bf |
| SHA256 | 98fe26b8ba7c8c1f17d9790de556070ac1c1f6e1891f4f61ddb593cd75386613 |
| SHA512 | eca185c145be72c02cf5177b750031b311b7cd32479999389e7944bf1f39ccb471ddd03e90b7ea0ebb323157239a73a4b77a620b2fde52243f42d2913db39e8f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 206702161f94c5cd39fadd03f4014d98 |
| SHA1 | bd8bfc144fb5326d21bd1531523d9fb50e1b600a |
| SHA256 | 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167 |
| SHA512 | 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | bae8feef35ad36e47cd6a6a5694d0a01 |
| SHA1 | bcc9dad74d51eae7fc4671d1142ed10004a9b5b7 |
| SHA256 | 13cb9406b9a88aeab45b3285922d7cd389b33ea9242787722945dd2d9bc3cee5 |
| SHA512 | 03e4e759ac6fb86d5394583974539f0c41727621e0d710478cdb646fea4d28d399a3c0de26c624314716ef8e6e09bdc99ea1d8eb64c5faeecb97afc4ff93e3ae |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 633e6206dcb20fc82b83f3904d1b9f20 |
| SHA1 | 7cf8b051e50b91f4684ae42ccfe9a2f1c36782da |
| SHA256 | cec38cc8eeb76ebf9fbd2d2fd0c5a17875f3fedb78b2f345056c204dacdcb0f4 |
| SHA512 | 1fb0898d34e4aa94dfecf1295681edded6b087b18e99d5b33b924a97dbe9b02192b045a8b1faee51fae2ac0d5ba5a81666f419daf8ccb8aaa758c9803ef160c1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 2f6293b7a9b3b857b122ccece6c26cf1 |
| SHA1 | 2845aa369fcbd2c4d4a70da2f53d7d421cb3b7a0 |
| SHA256 | 38283fa45cbcb3a99f5346f50acc2e3611995e65a0cd80db77ad3c359e347ce0 |
| SHA512 | db3721a540f0160cd203774938a7cc716e2b4b7b6dec6e3f6f534a8b58b4256c99c18727cedb3eec48cd979dbb7f9ae4eafe2595b7d2cd1bbe4ae433ad1eb10f |
Analysis: behavioral15
Detonation Overview
Submitted
2024-05-26 01:03
Reported
2024-05-26 01:05
Platform
win7-20240508-en
Max time kernel
121s
Max time network
125s
Command Line
Signatures
Command and Scripting Interpreter: JavaScript
Processes
C:\Windows\system32\wscript.exe
wscript.exe "C:\Users\Admin\AppData\Local\Temp\Sign in to your Microsoft account pass_files\ConvergedLogin_PCore.js"
Network
Files
Analysis: behavioral13
Detonation Overview
Submitted
2024-05-26 01:03
Reported
2024-05-26 01:05
Platform
win7-20240221-en
Max time kernel
120s
Max time network
125s
Command Line
Signatures
Command and Scripting Interpreter: JavaScript
Processes
C:\Windows\system32\wscript.exe
wscript.exe "C:\Users\Admin\AppData\Local\Temp\Sign in to your Microsoft account pass_files\ConvergedLoginPaginatedStrings.EN.js"
Network
Files
Analysis: behavioral14
Detonation Overview
Submitted
2024-05-26 01:03
Reported
2024-05-26 01:05
Platform
win10v2004-20240426-en
Max time kernel
149s
Max time network
161s
Command Line
Signatures
Command and Scripting Interpreter: JavaScript
Processes
C:\Windows\system32\wscript.exe
wscript.exe "C:\Users\Admin\AppData\Local\Temp\Sign in to your Microsoft account pass_files\ConvergedLoginPaginatedStrings.EN.js"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 232.168.11.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 204.79.197.237:443 | g.bing.com | tcp |
| NL | 23.62.61.194:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 0.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 237.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 194.61.62.23.in-addr.arpa | udp |
| NL | 23.62.61.194:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 196.249.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 183.59.114.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 43.58.199.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 48.229.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 26.35.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 209.143.182.52.in-addr.arpa | udp |
Files
Analysis: behavioral18
Detonation Overview
Submitted
2024-05-26 01:03
Reported
2024-05-26 01:05
Platform
win10v2004-20240508-en
Max time kernel
133s
Max time network
132s
Command Line
Signatures
Command and Scripting Interpreter: JavaScript
Processes
C:\Windows\system32\wscript.exe
wscript.exe "C:\Users\Admin\AppData\Local\Temp\Sign in to your Microsoft account pass_files\boot.worldwide.0.mouse.js"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=4004,i,1999448010053300448,1112699187621658374,262144 --variations-seed-version --mojo-platform-channel-handle=4180 /prefetch:8
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 217.106.137.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 4.159.190.20.in-addr.arpa | udp |
| NL | 23.62.61.194:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 194.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 196.249.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 157.123.68.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.35.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 168.117.168.52.in-addr.arpa | udp |
Files
Analysis: behavioral20
Detonation Overview
Submitted
2024-05-26 01:03
Reported
2024-05-26 01:05
Platform
win10v2004-20240426-en
Max time kernel
134s
Max time network
154s
Command Line
Signatures
Command and Scripting Interpreter: JavaScript
Processes
C:\Windows\system32\wscript.exe
wscript.exe "C:\Users\Admin\AppData\Local\Temp\Sign in to your Microsoft account pass_files\boot.worldwide.1.mouse.js"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 196.249.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 204.79.197.237:443 | g.bing.com | tcp |
| NL | 23.62.61.97:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 237.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 97.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 68.159.190.20.in-addr.arpa | udp |
| NL | 23.62.61.97:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 26.35.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 86.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 55.36.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 145.83.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 57.169.31.20.in-addr.arpa | udp |
Files
Analysis: behavioral21
Detonation Overview
Submitted
2024-05-26 01:03
Reported
2024-05-26 01:05
Platform
win7-20240221-en
Max time kernel
117s
Max time network
125s
Command Line
Signatures
Command and Scripting Interpreter: JavaScript
Processes
C:\Windows\system32\wscript.exe
wscript.exe "C:\Users\Admin\AppData\Local\Temp\Sign in to your Microsoft account pass_files\boot.worldwide.2.mouse.js"
Network
Files
Analysis: behavioral25
Detonation Overview
Submitted
2024-05-26 01:03
Reported
2024-05-26 01:05
Platform
win7-20231129-en
Max time kernel
119s
Max time network
131s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = e09a718e08afda01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\FaviconPath = "C:\\Users\\Admin\\AppData\\LocalLow\\Microsoft\\Internet Explorer\\Services\\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005d4ab114c47c1540aba37fda79f5292000000000020000000000106600000001000020000000b187e5e498b8fa816793e00cfacaac0ea205ea62f4737129c7a85bfe21112043000000000e8000000002000020000000a36c4287253db745d00faa423280eed2ebbd44cfffba3b00a663d081cac2a1be200000000f5d54658520e8bf2894a7625f35f0bff2fb6eab5c4c356f6668ab2f3c4f2f3e4000000078e5350e5cd7e599c158722d28ae9fccebd6dcdc5dcf490f21bb2deb199eeed84bccd45555d80e84ddd4da535f59bf699f295c5565187be64393e5646933a83a | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005d4ab114c47c1540aba37fda79f5292000000000020000000000106600000001000020000000544a32edf73efad43c38cb449255ed0ad0b08c5169c1b1af27098a16e1098424000000000e8000000002000020000000a9b93a9add6bf716688d986f192672ef26f24cbffa4527b0c14264bdb95db71e90000000c8bade5801734b7a0f559f0ddcdcad413b37da6e0ca879c8d6dd4f1163f02795111c90eb387e4660585d813b3f689cc21389f1576f66e5018e807f71b686e51d977931d8898a31f686d0325e4fff69852cc9ed6da46d694800c9ae50085071e78afd944327950edf0b693c95a9cfd83c715c5c1f13dc35c98a20ac3c5960ac4779e2fd9bf04f03e729b946b00615a8bd40000000e51b98e62fe1a471d13050dfb46ede5b371476f54fc77113f07db865dc08f4df2eef5af149b159a2ed19aca2c38cf1f02f2f0552895e286816a69ac9bfe0cb0c | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "422847258" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{B8715011-1AFB-11EF-A140-5ABF6C2465D5} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 3060 wrote to memory of 2520 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 3060 wrote to memory of 2520 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 3060 wrote to memory of 2520 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 3060 wrote to memory of 2520 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" "C:\Users\Admin\AppData\Local\Temp\Sign in to your Microsoft account pass_files\prefetch.html"
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3060 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | r4.res.office365.com | udp |
| SE | 92.123.135.95:443 | r4.res.office365.com | tcp |
| SE | 92.123.135.95:443 | r4.res.office365.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| NL | 23.62.61.194:80 | www.bing.com | tcp |
| NL | 23.62.61.194:80 | www.bing.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\Cab1FFF.tmp
| MD5 | 29f65ba8e88c063813cc50a4ea544e93 |
| SHA1 | 05a7040d5c127e68c25d81cc51271ffb8bef3568 |
| SHA256 | 1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184 |
| SHA512 | e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa |
C:\Users\Admin\AppData\Local\Temp\Tar2216.tmp
| MD5 | 435a9ac180383f9fa094131b173a2f7b |
| SHA1 | 76944ea657a9db94f9a4bef38f88c46ed4166983 |
| SHA256 | 67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34 |
| SHA512 | 1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 378e6149dc3b73f2de951a5f60565118 |
| SHA1 | 353e4a207c95f3105f9992ee84a34982ba7c01a5 |
| SHA256 | b5eca5ab43da042fea046515aa6664b0f43b2f0ce50fa5397f9e01dabf5b2675 |
| SHA512 | 056ee002bfee13e2ea99ab66d89df45d8baec959f5bad8f140977fe3c1b32c72f09f202a03bb5efb4e63a9f0e81725967632013bc22d29a130aec0d1c793d052 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | fb68ca336110d6fc650dd92738c9160f |
| SHA1 | 7430b69f55aa6d0e456f572b52665e09ada985f8 |
| SHA256 | 542ff5789dd78c412a7dee1d2546a57db9851ec03acb5fb72fa5f0662988fb18 |
| SHA512 | c5806f6edfa609be344aa671a97f8dbc869de7dcaf5412264f38876cb39e2d9f990e0c9c49a03ae21e71582939aa020549c635ffcdea746c823cc8a799898aa0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | a266bb7dcc38a562631361bbf61dd11b |
| SHA1 | 3b1efd3a66ea28b16697394703a72ca340a05bd5 |
| SHA256 | df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e |
| SHA512 | 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | bdceafff617d3a742f35ecfcce0846a4 |
| SHA1 | 27799fb18107595afadb1a34aa835ece7f96f7a1 |
| SHA256 | 8a66f171b4fd332aef128ad6ef26721303176e1bf32fa4db527ce3808599524f |
| SHA512 | 946f8dd48fad2f9137f1906724e26e343ca5e22661954c41c5fc7122fe8cfa759095c221f82d17fb5f5ae7f3c96a3e07d5d9d4af78789de8ef74bf194ddde2fd |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c339d99ad2b97a72c2301928b47c950e |
| SHA1 | 425d440bbd51095fc64c937b483fed14635c2e55 |
| SHA256 | 5dacf3b656c9e8adee5db88c003632d7f6c1f6e60434713b6a301e6648bfc248 |
| SHA512 | cf1c4ef12edb08f3307f4c0ead08584145eaba87d1c627cd604d7fd630c787f2353b504aad7133e2634ca2fbcb3a7c00d160f70b2c3850a4601c1cf611fb75ae |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 68ee460eaa20f9c441f75a98aa825780 |
| SHA1 | f289e086c7cf6104cfca5296e40229cba6b6313e |
| SHA256 | 93fc9e36e811ccc1d65342e07e088370e2ba4a4b36ea47732b721d601e88e028 |
| SHA512 | 2c7d7ad9efa6a301b21f63e288dace2e55ad16a72c191c8f0ca75c032c2527718d36acffbce16d2416a0535861f9359096f556448126fec26cf511092070ad50 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 49574b33cc9739480f4480422a41ee7c |
| SHA1 | db60e5eca67a6cc079ac79d37290308162c75814 |
| SHA256 | 9b5d5c2496f661a75a7bb325e07d83f73c97e6814a9bfe094f2778517b6b443d |
| SHA512 | f8c69600677560c31d648bfce82d300cbdff9f02d4ff9415d1cc8931f900000d147d581e30db4e0154600b24f09ee948de77fe64c878132e21b33daa293aa4de |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 925432915ce8a6ec8d374d1b3999e464 |
| SHA1 | a77b9825db1f107285e3f53b3fc889ed7521de4f |
| SHA256 | 35969bd1f007ecc24f73dcb5e301a8017101f6fa9fb2894518f8a4a905d83973 |
| SHA512 | e909aa69e80ad4f2a2e17d998c85c562a23438bf5cd945a119b1fda5b0f418727f25d9de5b84d73dff3d5cc8eccac456294107e738f9dbebc42b4178a4ea73cd |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 84c055d4090f8fc93107497dec5e8931 |
| SHA1 | f0d884542e2ae418f372c472a1e032cf510bb7a7 |
| SHA256 | a51f0831a9d9dfca0bf6e16204ba78da818baefa3c98e72435682a30e5539102 |
| SHA512 | 0a5d4d5544ee432176ebc923fe5ab45de02a4fe1c165acc2f5e1a260fb472e7652eae1291af201fdde739dd3f5e4151738a39e674b9749fa5620283d69481b4c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | 26f9adb76309195da2ebfc369705d010 |
| SHA1 | 02e4db488aa3057846b0860a8f378b0b2355da6b |
| SHA256 | 8b6ac6c93255d530427d5d78ad6d2c3bd6c676e5b27bf0ab6601c0106e51ac11 |
| SHA512 | be1aafea88e545f1c798d406c24df816a1b2ccce619fab2269f75c299b80befb935c01073978e2b378a08e3a7d940840532e6502c4545e0bcc1dc6c231376ffd |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | e4a68ac854ac5242460afd72481b2a44 |
| SHA1 | df3c24f9bfd666761b268073fe06d1cc8d4f82a4 |
| SHA256 | cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f |
| SHA512 | 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 264721e61c4537871df1b3e356422b05 |
| SHA1 | 99317dcc1ab8ca62bcc6e2317d36f2d91e951d22 |
| SHA256 | b4db46ddab53b4e3ebb0e065295f7b709ee4db1c3848e9487a0437acc9493436 |
| SHA512 | 1a07d7453c2d2788e9bf6c608d419d4e02e1237fb56d67005cd2da0254daf4f9203cbefef7b87d3f919807114de55e000ac2433995235bd703db358237158989 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f5b66d988c694aef0cc3f09273897600 |
| SHA1 | 5cfce1f368b19c484cfc7765b3ec81ca7c134641 |
| SHA256 | 3866180a758258bc49fbd14380fde8c9e822d32deb03c9c331cfd5ac5c0322a8 |
| SHA512 | d3da9931505f80e17f78ecd949a72998ff0855145dee933e6b1eeff0400b443b492bb8db24bd0f43bd03d3af841080335f768e26114a2f801dbc294f34edcc9c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a83a3e06b4bfb079f092349085fa96de |
| SHA1 | a696e448a897aa9b642546b848dce25afacad4a1 |
| SHA256 | 7399480976ecfdca1f6c997c9e133d7609e64c985af105c918a1523965baed02 |
| SHA512 | 96332713b7a5963bd4e483373b8fb9471769b970ed013e8f9d704a5365c3d05c07b5b54661a41ef31a27b2a6b92304493dd31f510f9edc1f2c5334964df8d0cc |
C:\Users\Admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico
| MD5 | da597791be3b6e732f0bc8b20e38ee62 |
| SHA1 | 1125c45d285c360542027d7554a5c442288974de |
| SHA256 | 5b2c34b3c4e8dd898b664dba6c3786e2ff9869eff55d673aa48361f11325ed07 |
| SHA512 | d8dc8358727590a1ed74dc70356aedc0499552c2dc0cd4f7a01853dd85ceb3aead5fbdc7c75d7da36db6af2448ce5abdff64cebdca3533ecad953c061a9b338e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 51d9e1b4e80bbca338d89bd99bac9fab |
| SHA1 | 12c99580c93ccccf48c901eb1ef0dd8d08a6db6a |
| SHA256 | 95434c3eeeef90b46f665bf024bec588b0ae02833d97de32cf9f075d44f6d7ca |
| SHA512 | 10f7d021558150ce9dea246699fa579f693ebdab3aac0c6cb7aa21df79f4265b7eecfcf7d30f73594d3e1850e8a4cc3454927552b0be05e97ffae8bf27f9c58f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 15d802a871b90be09439f7f333133211 |
| SHA1 | a4367b464619dcb59b202f41e95359094f621b94 |
| SHA256 | a4536bdda8489e07e48ae2368ac2cacb8d35816db4aa1201682cec8d619fbd26 |
| SHA512 | 48370e852aeae9b217db99802fcca2b905debd5a7349999abe34d5b8536409d36efbd94a750a260e45ca76482d4ad08d9b43e9a65d9df3bb71869be9cbafdfd2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e35dec5b2f830daeb6c816475ebb2b1d |
| SHA1 | f8df1d84b2941cfcdd6a4197b31f371901d9d0ea |
| SHA256 | d28238103f4c9b3f1ef45d75a4ee45f17b3a22e78f11a686e7d91b776833d21a |
| SHA512 | 4850ca47150d7c7f50c11b9ab96cb0dbe890342e5aa0d2621da2a63c16465da581b9ed35022a68e629bfaa73e03992f542c0350bfaff925fb4f9e165f059298c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b506051d3bd70809dbbe7e1877a2b275 |
| SHA1 | d3c9d461df3f945e328c2488f2a8d201c51154ca |
| SHA256 | 91c7228c81a85379a71e90a4cfe149da628baa8f016dad316e8d5dffaf40ccb2 |
| SHA512 | 7fbf1465a6ba49faa8fbe5714abd9216216a8348b40977bf0eaa9b38d6e6d7b6c975b0bb5e79d015f49391a2d5eafe50bfdd01465880eae8aa60baa113fec24e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f663b8f5270d948bae1d8524f70777c5 |
| SHA1 | 25b98376deb3410ae76e30b6218e33edf9d949f4 |
| SHA256 | 476ef8598aa8ffa6c26238bc65a86e797cc81507c19440db7283f9f17671c730 |
| SHA512 | 560b88ecc1585439d7f1bdb99574375a3c179f9dfbefb51d13011cb60a3787fd0930b4fa94de9fffd0d389866dbf6eba897cf89288371f98b1730d0ab33d2c64 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | fe75ec7a56647e3628527e0c5c515ab5 |
| SHA1 | fa631cb00f5be5af1afa449bcca4f1e02766c135 |
| SHA256 | 3f5330b777e5b4641bcff0378b4a92366633e4d1a43cc381404d4181a0ad5b6e |
| SHA512 | 190d372b43f8069bfb691b3f88d871dc39eaae340eb54e05db266dc69b0e9f4060c3d46aff1e4409ed126fb1d8208103e39cb806e312ab89a28b24c29eb184e1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | db83dbdf136158ee9e78465254e73df2 |
| SHA1 | 8d3edee41890a612f300546e6e86f2d91f7c7a6f |
| SHA256 | 2162d6ee7d763e83affbe8a1bce5f06fb8ae5fe353302ffe0f44b0ecf35b4ef1 |
| SHA512 | eb733bb7ad630e7f77a2fa7ba0fc48d6c00595145d0b9ae1000268720937d8683e320e550d93ef57ccdde52296dbbf67d1e4d39872a9c19754316c6297e20baa |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7314680e75545751c99517e942251e95 |
| SHA1 | 2b9fc2271a9ad47b14316cf854365fcdb957c146 |
| SHA256 | bf64f0b0df1f3f04f32f6f97d770872d43e1a81c736f92d0ee7afca01efd5f00 |
| SHA512 | 1e817851f85eba53bf7f6affeb2f3ee0513571a691eecbc690d9f68279ffb3f63d9c5323379c7602a6db3f7c44bc60d88ed2f61192f301a22f6ee938c1cf22e8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6664b5b42495995604484eba901ff0f4 |
| SHA1 | 61baa7251bd5e9cb79602c1c1c2c5fe45bf13c10 |
| SHA256 | 31e6d6089e39a5c6d8f8b21dbbc6c3fa3f8fae5d672697f47c1a337e62e347a7 |
| SHA512 | c8d0cf3c35767bbe8931fb5003c9e499e591ca4a01b4547bacc9fe099d49d11ece2771851cf7a36d8bb435566190aadf58c89ee4e6d750ab7f019d07842a994b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c9e7b60e5540aea146d61b799783e93a |
| SHA1 | 196696ff948ffe405035d0b81ddc2058e1b87cb9 |
| SHA256 | a3d051deea8b4cbc47586620b1c4986eaff3d8299d1c17db2dcf0dbfa1a7cf1e |
| SHA512 | 08e2ee15ff920e192e9121c5776aed95da03aa17fb2897242151f32a7f5f26eee7d1f2d4eaee6544bd1ea94c109c7c5d4be34f6448d0aaceda84f808164a8c04 |
Analysis: behavioral31
Detonation Overview
Submitted
2024-05-26 01:03
Reported
2024-05-26 01:05
Platform
win7-20240508-en
Max time kernel
121s
Max time network
123s
Command Line
Signatures
Command and Scripting Interpreter: JavaScript
Processes
C:\Windows\system32\wscript.exe
wscript.exe "C:\Users\Admin\AppData\Local\Temp\Sign in to your Microsoft account_files\ConvergedLogin_PCore.js"
Network
Files
Analysis: behavioral5
Detonation Overview
Submitted
2024-05-26 01:03
Reported
2024-05-26 01:05
Platform
win7-20240419-en
Max time kernel
121s
Max time network
125s
Command Line
Signatures
Command and Scripting Interpreter: JavaScript
Processes
C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\Outlook_files\boot.worldwide.1.mouse.init.js
Network
Files
Analysis: behavioral7
Detonation Overview
Submitted
2024-05-26 01:03
Reported
2024-05-26 01:05
Platform
win7-20240221-en
Max time kernel
133s
Max time network
131s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{B7DB51A1-1AFB-11EF-87C3-6E6327E9C5D7} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 90cb7e8c08afda01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "422847257" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000009163ff215c6e5b4392ec43ca92885af800000000020000000000106600000001000020000000bcbfe37160f4bc1a3e0eed21bdd7e43a2db6731c69ea7cbd06d8a7e7e420f762000000000e80000000020000200000003a8c9b7ada5b1ebe068b4b550567f3102c4c5d82ee90224ffb74d4a4b49b8bf2900000009c8d36efa3d60a8f26294b8af3cc26c12f5008851947db0af83b5b9a94f166960ebe22585cd60bafffe6f284afbde394f62b71658bf9b4cc93d58b589aa2a02810d12fa040b2991c8c7b04e4c9a431e42e0632e6a9a9105f475f89a79c6973322836b3afc157a9bfc84ff45104f1c850a904c2b97eb6b7f7023fed037b19ba5d09f8f2c9589df2351e8b78c4d7f77d54400000006ce8713ebbd05fdba637dc5a0cdc0ffb378cc3ffba346f624d8c79621b27773c5db639aa5b910e3d2921bb24e800c1fce6a41958b388954a3d36d25365745d46 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000009163ff215c6e5b4392ec43ca92885af80000000002000000000010660000000100002000000034e14169e4a41e09917f83dde8fe3d4656ca2c527d86f0207ec68e84d981c9fe000000000e8000000002000020000000f233b228d88ad9f669ebea7b3a840b6498d173fedc3b35aff8d25392c6e9692d200000000971b53970ddd19d21bd2876944c0f600ecdc45b286e54e891d0c6544353f72c40000000eedf6701ea2fbfffd27c4331d854c6488ed1629fdee71e2125b632ad27e3835c2ca89179d4e634a5a15b05d77d7fd147cd021c430b775db7e2077826579d5fd5 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 1032 wrote to memory of 1664 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1032 wrote to memory of 1664 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1032 wrote to memory of 1664 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1032 wrote to memory of 1664 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\Outlook_files\saved_resource.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1032 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\Cab38B0.tmp
| MD5 | ac05d27423a85adc1622c714f2cb6184 |
| SHA1 | b0fe2b1abddb97837ea0195be70ab2ff14d43198 |
| SHA256 | c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d |
| SHA512 | 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
| MD5 | 29f65ba8e88c063813cc50a4ea544e93 |
| SHA1 | 05a7040d5c127e68c25d81cc51271ffb8bef3568 |
| SHA256 | 1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184 |
| SHA512 | e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa |
C:\Users\Admin\AppData\Local\Temp\Tar39B0.tmp
| MD5 | 435a9ac180383f9fa094131b173a2f7b |
| SHA1 | 76944ea657a9db94f9a4bef38f88c46ed4166983 |
| SHA256 | 67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34 |
| SHA512 | 1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e9fc87c4f58b2e8d1f33acc491019985 |
| SHA1 | cf870f6f520ac73f80cc7684665b1f1fb1c25421 |
| SHA256 | 3b5a18c44f6d6cd7c18615f2eec8831d78c1462a4e919a3fb192a4b897f86897 |
| SHA512 | bba19131c6ad468a0a3153ebf03a3995cc8d7dabae5adb8bdb2edcde44fa51a92720eadf07e684c64d45dc2d0fefd704b175fcfdc341292081baa3c655d0242e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 43198eecbcd9c5c57bb252ece98834fa |
| SHA1 | 8bb675ef3a8e59da43396bef79c9a5a688744158 |
| SHA256 | 462b4368cb126e07f66d39dc3ec820853f42c3a264e10890ca71d028e5c9a517 |
| SHA512 | 82435b7a0bb3fe11f9fcccfa204e50251a33ed8147ab004d8519160c59b95c5e6395df554916a05e4ca039e79879c8984c7a3b024730127da080e385576f63c3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1e01d7c6b17027b68548a2f0e4b04a23 |
| SHA1 | 2462bae8ac4d739d8da3984f129d9fac9eaa443f |
| SHA256 | 1fe688baf82f85ba3d3f212efc35b896d4eaf26195495e2cbbe23a723cb835b0 |
| SHA512 | 4c3074ede10ca466953d7e5e36a6cc350271cd976c1c50ec5250d661ad1868c647618e7a6f4e210f8cb1c5fa787611eae00efbbd6c60ded73c063b1467bc5dea |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5c8b4f61c93893719603bb1b483f8207 |
| SHA1 | 80303dd26f2621fd7adfcdb09cae39f8dc91ead5 |
| SHA256 | 9b7023c0a2a5b627960d51ce5562d9f0e3dee6c8854938c1bc303c871888278b |
| SHA512 | 1c7d4f36575d027bd031be4e73bc5a24a0068a4b2bf53eed51a40b7b068b03ed1afaedccd6b8783c7ff6e916c3f146780d458068ac47bb4bd450d90787b3986e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7cdf74cd71c28933368a1f4943b0c989 |
| SHA1 | 7a687a6489f1231f2c653ff8aa91fb907d1d26af |
| SHA256 | 6274d49ff08652687b5aa48c8747136ea4b696f08f8bbb6ae3432afd176599d5 |
| SHA512 | b48f158bf8e5743652c2358e08d9834999f93b838b42aa90bb6c6407ab4138e34bc85e7d890ec7879e3099fef1195c0390333af50d1b2a2ac216323931c326e7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 82fec533778f61f00103e271fe459e63 |
| SHA1 | 8981610e1003ef9bd3dbfdc9c4da528ac6236bd8 |
| SHA256 | c958cceeab02b855d71e51b984ea3d54750389b721308185021abba34ab743ec |
| SHA512 | bd26e213e9ba3478c74810c0827989753588b302c17c9f8ff1984ec6f7702d46ed53e1a84dae2a981f4c4e083af9307a106117ec3cf646cb297d0771d883e208 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1ab4015f1807d1daed4afd2baa2149c1 |
| SHA1 | 0b4f4034d0e799ca9c77e8d786afcdcc9bd6247a |
| SHA256 | 24c26534e155636374ee6895199f0facbcd97f83d5ea1ad54c1944d38f4fa4f0 |
| SHA512 | 57ef6b860cf5b1fa1e1f6b7d1af1ae0c262577527edfea7a43a2fb6d65e0ae8876a84e79cedf849f987813e79ff6fdc665fb59cf9f503956b3ea66e1ecd1f809 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 28c6c90df48612e7d6686c170c558005 |
| SHA1 | 401ce48243727fee9429f7fcc1ab47c8f9814966 |
| SHA256 | 2dc2e1c9513a8750048cc2fa13fb2ab3c712b0a35cfcf41785850ea31d61d2fb |
| SHA512 | b8b21b1925f17615ce8fbe1d59ecf3173650f240560f3b67567d448116fd32822f62361a296cd868b4048af3b020308631afb28289d92276985ec62c08518a01 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2943de6eac7ba4a525ec4001ee679c52 |
| SHA1 | 438f88f10e846c78574b149294bb2651a846c04e |
| SHA256 | da88be55efb4529e565cc4d6312ca2c42108c64d46fe89277b69b55e3556a362 |
| SHA512 | c45d87d8ac46af759197bdbb3b68c3f201cdf030135ba8d02948a29084388d25cce4ee29fc0bed80fa8764f50d52ecb3f7ceff1e5f8de4e9d957d6a5bb8660f7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 53cf52ecd554781ef1fda087e0375823 |
| SHA1 | 04701d2c29b3c0f8bbe302fe847d628e98c0b1e3 |
| SHA256 | d8f8b672880d4a2d575ad301bacae4ccbab38fcbcd40a7cf108f0598df7e8146 |
| SHA512 | dfcd145c7841d8909b8840edc84bc594ad4ea99db387308fb0fc680b9c346245962a0cbd25377336707aa2b93241c30fd3a8d2d8d802f9f5d9c83c3cc9e5a499 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f00d79d688a9f160697313dfeebe782e |
| SHA1 | ae3363af2e6cd9b2d9e896255418760802db2871 |
| SHA256 | aeaafd555d5c0f0dccd60e9dfe18a545edc0d0c85408a1ceb28bb99e064b3d80 |
| SHA512 | f0e71ab76244908e82c3e06cb3f495e702fd70dd15708a9652440768eed848bf9132add8a2c12503b264f499aab5c571be729a7e4b96af85b171861c3de75d50 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a7203b7f592f5e656ada9b53db9f424e |
| SHA1 | 7539981e3f9724b9c4b87f18f6783c44aa45bf77 |
| SHA256 | 0eb12d451e720ff0fef343ce85f93b330aee526b8bb54217d447aba0e947ecdb |
| SHA512 | 7c43bcbc4c21ef2e01960d281dfe876dea25b9b4ca5f1f9464dab58b42a7a473b7677f14921ed634c43e9db56897ebb7d37e060708be1bf808ce3fcd8b9add6f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5a9a62113b81109140ed091e81d2bcbf |
| SHA1 | aae933d93de7bff16c70475c044eeb8dda827869 |
| SHA256 | ddce45070c3f84e1a91d5eb7d2a549a7c7380f8baff4884211da7d35a3ae5ac2 |
| SHA512 | d68a9f8db1bdb15ffba60a828cde9b2c4625a59725fddab11031246737d1d2c8995ea667634e39e6ba1118ff70f876e9ed5bd9613ed25bb0584ae3364119ad6d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0e6f4ff203e39b99baaf452e35445283 |
| SHA1 | faa15979ccd89f15a79409857f0a92c1ab880519 |
| SHA256 | ae89709cb86d44390589dd0882f5e9f82b4d0297f7a0e8a0dda8841d980948fc |
| SHA512 | 7e9b6dd4e7afcfa3974bface8f40f8240a539b41d7ed4b178ac1d3c28a6f5ca1325a027086c3c306ca06c990a40df2671bcf0d00f1e9530554c9d800cffc18a8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1398ad5a14ee6874b9bed267d14fee3a |
| SHA1 | 51349deefd2cc35b09902a5a3f8817ac05588869 |
| SHA256 | dbd039bff6d04791f0c8d626164d9d676cb4ade89b70e9ea158dd5a2f3c3f37f |
| SHA512 | fabaf564a36a529aa6815142f36c84ccc7558cfddd7236680b862c513281e7b5a94f66b9fd6b4ef90d53a7cc33d33940cf5627d901b58a233ee63c6fe36530d1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 278abafaf2d03659e5134c3225a37899 |
| SHA1 | 08466d63a182d3eaaa49d4df80a6d3821c65b680 |
| SHA256 | 287ecdffc4546370a1cef67a8d6e14b6d8a77fb879a33d4a353f1c3dd84b216b |
| SHA512 | ccedae61fb5228e508e3a157f233ae5752e6b729ed1bae9a61a5b1b7784cad3a3a174a8e99527c78c2f889db1957ed2e1ba318279861af7dec53d9cfa710b98b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 635ab98f4c84cb39d10d359da5de5cdf |
| SHA1 | d5e64e46586aa37f14930b4603d99a628392e933 |
| SHA256 | 43e00cac715602372258289cf8614b714c63c2ee1e8af0e885ec31a6aa7ba00a |
| SHA512 | 1c8003aaaf55c9b5a3ea17e1e96d54430eb57433d1a93b869fabe2c278b4a49a0eb572e362f8d447223e0d839862bb8d6e8078d966e00f1df38f76c558eb5eb0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c5586ff45810e6d8febbab064ca4a03c |
| SHA1 | 6023306d34fef71aef2b83fa4bc8c8330791b79a |
| SHA256 | 2e5f8afb3b6bce882b065fa00cfaf03bf9f91b41ce2c46f4f57fc3d121ad2237 |
| SHA512 | c94fde57351ef44b460715da5286eb857f73e9719b6cb5958792b3d5c0d168a55fada6496accfea151698c750b7ac2e7097fc753a40388684602ed4692359e45 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 443882077fd0112d63ca1b48563c148b |
| SHA1 | 8472ede2ddf4d0529f26280dd580baa52e802a61 |
| SHA256 | 07bb383ee76e8d42d16598c6b87f860a3f1dfad6b5af5ee2524f829c2caa51a0 |
| SHA512 | 04d0c26c65ef2198db02426d158e18e510be0045c249aef453d36e3b41121dd7a7468b929192c185a5c0cfa73def9fef8b5ac58d31583bdeb311037ae36dea20 |
Analysis: behavioral10
Detonation Overview
Submitted
2024-05-26 01:03
Reported
2024-05-26 01:05
Platform
win10v2004-20240426-en
Max time kernel
145s
Max time network
136s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\Sign in to your Microsoft account pass.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd9d0c46f8,0x7ffd9d0c4708,0x7ffd9d0c4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,9817992910271128702,15664138245674230501,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2096 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2092,9817992910271128702,15664138245674230501,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2192 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2092,9817992910271128702,15664138245674230501,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2812 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,9817992910271128702,15664138245674230501,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3260 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,9817992910271128702,15664138245674230501,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2092,9817992910271128702,15664138245674230501,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4944 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2092,9817992910271128702,15664138245674230501,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4944 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,9817992910271128702,15664138245674230501,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5248 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,9817992910271128702,15664138245674230501,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5264 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,9817992910271128702,15664138245674230501,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5464 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,9817992910271128702,15664138245674230501,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5728 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,9817992910271128702,15664138245674230501,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3004 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 217.106.137.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | msagfx.live.com | udp |
| GB | 23.214.151.138:443 | msagfx.live.com | tcp |
| GB | 23.214.151.138:443 | msagfx.live.com | tcp |
| GB | 23.214.151.138:443 | msagfx.live.com | tcp |
| US | 8.8.8.8:53 | 0.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 138.151.214.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | auth.gfx.ms | udp |
| GB | 23.214.151.138:443 | auth.gfx.ms | tcp |
| GB | 23.214.151.138:443 | auth.gfx.ms | tcp |
| US | 8.8.8.8:53 | r4.res.office365.com | udp |
| SE | 92.123.135.95:443 | r4.res.office365.com | tcp |
| US | 8.8.8.8:53 | 95.135.123.92.in-addr.arpa | udp |
| GB | 23.214.151.138:443 | auth.gfx.ms | tcp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 204.79.197.237:443 | g.bing.com | tcp |
| NL | 23.62.61.194:443 | www.bing.com | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 43.58.199.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 237.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 194.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 200.197.79.204.in-addr.arpa | udp |
| NL | 23.62.61.194:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 209.205.72.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 196.249.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 183.59.114.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.23.85.13.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | b2a1398f937474c51a48b347387ee36a |
| SHA1 | 922a8567f09e68a04233e84e5919043034635949 |
| SHA256 | 2dc0bf08246ddd5a32288c895d676017578d792349ca437b1b36e7b2f0ade6d6 |
| SHA512 | 4a660c0549f7a850e07d8d36dab33121af02a7bd7e9b2f0137930b4c8cd89b6c5630e408f882684e6935dcb0d5cb5e01a854950eeda252a4881458cafcc7ef7c |
\??\pipe\LOCAL\crashpad_2572_YZPTCJETLQQFCTPD
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 1ac52e2503cc26baee4322f02f5b8d9c |
| SHA1 | 38e0cee911f5f2a24888a64780ffdf6fa72207c8 |
| SHA256 | f65058c6f1a745b37a64d4c97a8e8ee940210273130cec97a67f568088b5d4d4 |
| SHA512 | 7670d606bc5197ecb7db3ddaecd6f74a80e6decae92b94e0e8145a7f463fa099058e89f9dfa1c45b9197c36e5e21994698186a2ec970bbdb0937fe28ca46a834 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | bac0acadc5a806c660b9bb60319dee0c |
| SHA1 | 9c66d454f90b3ca3f0e0c5de16c7322c01a7e99b |
| SHA256 | 9897bac28afcbd1dc6de615cc216636a79d4c193c17723fcb827d1eb062ac817 |
| SHA512 | 15a5da91e71775808a0a9a251505578b0e0d09190d19f35a978e63ac33a5423b80bd2921afb157d7c6f9d3efc7335ca1b256bf24519bf52a1413c6d0c0be20fa |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 65234a0cb3e48b8232342e7f1a8cecd2 |
| SHA1 | d0f5828a3b3a624062fed69fe4004dc1f3b5d476 |
| SHA256 | bbf54e81219c35f9a5f73f86068e79b78eae580dbce80ec30faf7c9bee44528a |
| SHA512 | 6957a848480157227d0664b0474605e66f12186dcc410584cd349338ce83bfc69cb11ffd90ff36f32fad68198ca7ca0f9896071352b5826a190d877fd2161615 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | affa3385d43d8c5c2c74bc6cab4fa4b9 |
| SHA1 | 1d3816e8d95b0c2ac908e4d9b1220acd1839bc33 |
| SHA256 | 258a72bbdbe6238174f8f922262cf201ed33c9134ee0e5525ce7ef4d4f33a6b9 |
| SHA512 | ae98a4f3b0a5b83f0d786aee2974c8c5fefb9589e9c17399589ccbe85a27aa3b20f03d94b8af252b9177445429fe792cbb6df23983086d601522cdb5e79b3428 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 285252a2f6327d41eab203dc2f402c67 |
| SHA1 | acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6 |
| SHA256 | 5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026 |
| SHA512 | 11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | ea2251a837fe69cb0fc810d5be987677 |
| SHA1 | e7de451ee86d0d3093d939b987769be9b6560e64 |
| SHA256 | 1d013ada09e9f20b03c3c8abcac4ddcbc5e877ac848956f8d67314b7c709aed2 |
| SHA512 | c48af445e4e45ee8f145835feb220f8a5fb96a26518200cdef5558ac0a2ca27dede01dbe491e9c5985f5e8b6fabe5be751fb664f7bf0c3dcf504b88c4d0af1cf |
Analysis: behavioral6
Detonation Overview
Submitted
2024-05-26 01:03
Reported
2024-05-26 01:05
Platform
win10v2004-20240508-en
Max time kernel
130s
Max time network
102s
Command Line
Signatures
Command and Scripting Interpreter: JavaScript
Processes
C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\Outlook_files\boot.worldwide.1.mouse.init.js
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 196.249.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 4.159.190.20.in-addr.arpa | udp |
| NL | 23.62.61.97:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 43.58.199.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 97.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.23.12.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 31.251.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 200.197.79.204.in-addr.arpa | udp |
Files
Analysis: behavioral24
Detonation Overview
Submitted
2024-05-26 01:03
Reported
2024-05-26 01:05
Platform
win10v2004-20240508-en
Max time kernel
93s
Max time network
99s
Command Line
Signatures
Command and Scripting Interpreter: JavaScript
Processes
C:\Windows\system32\wscript.exe
wscript.exe "C:\Users\Admin\AppData\Local\Temp\Sign in to your Microsoft account pass_files\boot.worldwide.3.mouse.js"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 196.249.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 72.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 209.205.72.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.165.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.31.95.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 145.83.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 43.229.111.52.in-addr.arpa | udp |
Files
Analysis: behavioral27
Detonation Overview
Submitted
2024-05-26 01:03
Reported
2024-05-26 01:05
Platform
win7-20240220-en
Max time kernel
121s
Max time network
136s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000009849c3c6dd05284b9f49b38c2627752e00000000020000000000106600000001000020000000e6d37cd772dc04b48c7c67c8921570659827e7caa002297002109e3d0a273ab2000000000e8000000002000020000000230ddff1953ad28542e211271bbb94fef25c0024fa17ce1262170ffffa50247690000000e5ef6b276ccc969404d227ea3c76ef89e9b44266f6aa24f65b2e3985e3bcc596010a9f797b3ed62cd6f8392303c12e4ea822a65c7f99fb2452bf3f5662b9a36c1bb018878d46b3b5da55d83448ce2574f7f2bf97813f5f9af73de34542524a1784c31fe91957ea82592070c1bf0ffd652527f9ae1d735024ab69066defbf15dc2464843e1ccb089182f8862ee204bfc64000000063c40a4c4588eb97f7e5a71232dc2a7e92731a787c3d1679f090ce1272052a4b33d04a4307aaf30b2fad6dc735ab4c3a9e1bf562074e529053253e8555e0d6a3 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "422847262" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{BADA12B1-1AFB-11EF-85B9-4A8427BA3DB8} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000009849c3c6dd05284b9f49b38c2627752e000000000200000000001066000000010000200000000a6156d6d311b2e6d55f89e2093602bd472b155f5dcadcafee6381ce858a8299000000000e8000000002000020000000920725a067e2074e87b2109edfc27b017e639ae22bf74ca20dfa838f429cc96020000000f767ba1b851a9e710574238ab317b0be4e07c577cc8c27e596c1511a43cb83654000000084bcc721363a46258e501693aa98c036bf7a47f28cd3a16fe30df604a5fdb170fb2be48f536b03a68f7b0d95e496d558b2dbce152194a4178fbd66dce046ca77 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 90a4999308afda01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2368 wrote to memory of 2988 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2368 wrote to memory of 2988 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2368 wrote to memory of 2988 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2368 wrote to memory of 2988 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" "C:\Users\Admin\AppData\Local\Temp\Sign in to your Microsoft account.html"
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2368 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | auth.gfx.ms | udp |
| GB | 23.214.151.138:443 | auth.gfx.ms | tcp |
| GB | 23.214.151.138:443 | auth.gfx.ms | tcp |
| GB | 23.214.151.138:443 | auth.gfx.ms | tcp |
| GB | 23.214.151.138:443 | auth.gfx.ms | tcp |
| GB | 23.214.151.138:443 | auth.gfx.ms | tcp |
| GB | 23.214.151.138:443 | auth.gfx.ms | tcp |
| US | 8.8.8.8:53 | r4.res.office365.com | udp |
| GB | 23.214.151.138:443 | auth.gfx.ms | tcp |
| GB | 23.214.151.138:443 | auth.gfx.ms | tcp |
| SE | 92.123.135.89:443 | r4.res.office365.com | tcp |
| SE | 92.123.135.89:443 | r4.res.office365.com | tcp |
| GB | 23.214.151.138:443 | auth.gfx.ms | tcp |
| GB | 23.214.151.138:443 | auth.gfx.ms | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\Cab1C28.tmp
| MD5 | ac05d27423a85adc1622c714f2cb6184 |
| SHA1 | b0fe2b1abddb97837ea0195be70ab2ff14d43198 |
| SHA256 | c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d |
| SHA512 | 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d |
C:\Users\Admin\AppData\Local\Temp\Cab1D16.tmp
| MD5 | 29f65ba8e88c063813cc50a4ea544e93 |
| SHA1 | 05a7040d5c127e68c25d81cc51271ffb8bef3568 |
| SHA256 | 1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184 |
| SHA512 | e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3a4c18284f07ed593be32d0fe3762464 |
| SHA1 | 1a1769fcd280c5afd1e8daf6ab3a132b60941911 |
| SHA256 | caa6ac4f5d4d5c4fb877473f2446d44730ab4bb612e03583202a6e8d1367aecb |
| SHA512 | cedad6cf0fbeab4fd5bcc4f916fcddc0a921ed17382d2d1d457c6ca99f5b2f692a966eb8dabcb8f0129e2e2d306e30c80ce4e7ba60e40d9870dec8b63f4acb8f |
C:\Users\Admin\AppData\Local\Temp\Tar1D3A.tmp
| MD5 | 435a9ac180383f9fa094131b173a2f7b |
| SHA1 | 76944ea657a9db94f9a4bef38f88c46ed4166983 |
| SHA256 | 67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34 |
| SHA512 | 1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d4332af152b6209e6454242bfef7d6dd |
| SHA1 | ca2edb8bb279f618fca365402c97b2240bc7de9d |
| SHA256 | 8e5ef14eda724923ea92787dc34fe01a639206b00ff3906a699701385ce2a3af |
| SHA512 | 8df26c933857c3fa756daf041909134684b5ed930718c1504667d3e1494f29bac6d367efd6ecdde2b8a6abec3b41555de342e7217fdd779b156c707bea974062 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7f40ff34823686bf10f03d19442c8bbb |
| SHA1 | 4ba2e84ec34aed2214abdb239adb2ef9dec3ce6c |
| SHA256 | 1ba00a84dfe7524a1a01bc77cfa80fc85fd041925e1f9a20e6b26a7f5aed8832 |
| SHA512 | 738d195938b7d35cdd855a8e9b60d59a999102bc9614c21d814985f48b7fd42dabe7ee9179c9513634fc9f737cdc1ed6fc7adda9d172e8a28d2b996ae2930b39 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 83b5e585d18b702ed726198fa7dc63c1 |
| SHA1 | f73027fd27044be47968ec90a71f3fc634b67c18 |
| SHA256 | 7f94a82a79352eb301d22efc42d3e5b522b86ec20c96c8a5118b17dab2ec8081 |
| SHA512 | b577c4cf429782525cce427e595eb9411aaddc0571e55d102861420ce321b3012e100c46233b08458dd742beda42600f2264d8f0c358345f53fee63f37e13954 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c5c556263964098e8fb43fa0ad37f916 |
| SHA1 | 0a825889a84210fc0391aa775919377d40026e09 |
| SHA256 | 5edc6f8b839d2bbe144c76e118fa4b2e0034ba91041ed787767be1d0eb0afcd4 |
| SHA512 | 41c19e2804b0da3bbbcc8942db68ccf4ac26fc544dccedb14254e4c915ad280c702345bdf6834042a2bc5d800f97772a6f7466902d4627daa882992ac5ebf598 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a4d4f6bc062e2bf2903318265a1bb983 |
| SHA1 | 38f5835fdfc23e4ec2a15cb0ebbcfd06ac505c06 |
| SHA256 | 8857d4e177df5d6852c8f990e6ec9c0565af37d954d0a1435e790801765d501d |
| SHA512 | 42242cd698e3dd31674dc463442859d8c1421df1f3bb4a3a50aa40515a0204447eb77fadf12be9739f7d7d653fdf9ef3c955f5b03e1a5f8c9680bdb1b5b2af0d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1927eef3ccd9b5c9a4d4086b8bfe945f |
| SHA1 | 3cc6e73e71bbfc24d743eb33370ce00486d8a23e |
| SHA256 | a4e7ce99f99d286536d264595d9810a53453b5ef7966d8cc8cc15362fc87f9d8 |
| SHA512 | d93df2367e6052d13e4fa530fb038cd5f79e7e7e3e0abd880f05d2582679d2a48241dbc222cba8e73aa9803eddf8f8f4c96aae21e01d5873cdf0e711219e10d8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 720b74cbfc6cede45ebf5352e97ae087 |
| SHA1 | 9fb2919f562d6b29f2e92edf53268336dc358481 |
| SHA256 | 22f53d0fca1003292a337907869b0073fbc10d92b0274219618fca68bd31b822 |
| SHA512 | 51650da6584bb218d7b442ec80e10140257e05082b048bcdf5b7d6a94975f5801787921dac8e77daf661e5079344beadb23692fbeca59fc1cd250c737349c61c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | abd57a5c273c3b1554f487fc0e9732ca |
| SHA1 | 2718abeb9bc0067b65f6ab9fcb643a9703eaf48e |
| SHA256 | bd2b462d8bd0b55dbb4ab61b2f5ec20f398340a8787c973997ff37032c80b198 |
| SHA512 | b132315e166d006323ad458c29cc14d4ca922ce4992dd26a0bec4ffe4570c715c2587cae92d6b8d49061e729782e49fce02aa3bb8a2de55420216477da575b29 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7eb7172e1ff27b6abc8f0c4cd7e5b69c |
| SHA1 | 1ef9090d085c3a2dfb0dfa110d4d2863b3904542 |
| SHA256 | 784a05ad710a345575fbbc3e8d0901a39817199a4fbecdb551a909fef85964dd |
| SHA512 | f8c8eaa28bed9ed6d1d5753b7f9c7b169877c8144221c13360879feabcdc6385a1963703dd5fb2dbafbcf32351cafa3a8660f5ede8d95f766274305ae7b0a422 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 57d48ab95148288c833ae323b00beb50 |
| SHA1 | c3355810ffa05a9c801ed1eda6b237c52ea91827 |
| SHA256 | a7a66a74b97149b37981e74ff6990bf02806e688cff6cc6b0a64113294f9d26f |
| SHA512 | 888938ce6fa02cafcb243f0b3cb1d42295de6e160335c467866d177baeb478317ef2aecbf6334e30fdb812b8d96a8fd242df19d5bb9a79e22499fb06ce7ace84 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 209d546129067a1f0c52e7c3a3a71f37 |
| SHA1 | 10e9a3100012bb177371727f4e10c02ffd973c3a |
| SHA256 | 751f89612653a76ff131e8256a416614aee56948bcb9f5c19cbec778f492bb66 |
| SHA512 | 6b610d61e511d71862e2260503179412a2491561c9cc37df08c1788a9cee227328268b9f0fcc354c8111735a63c68b328a8aec7c00302a0f057fcf93069fb337 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d6909f35ec3802d7995d34e886e931f8 |
| SHA1 | 9c7dc69dd660dc4080deace6c9fe8283e1b62205 |
| SHA256 | cd90b6530d6fc1dc3757e50a6237fc77d3357f8e7b23e56a59073e16926621d8 |
| SHA512 | 67069dc739e304c9251c8f0669aecc72e8648c59d00a26b70544bf88d4b159ba0360f2331459c03e12ffca9bc6560b6980026e5cb20618fdbec4904c939f9cd1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2495b85a5ad2bfbc912d6a760d39f16b |
| SHA1 | eeabe301e58e506e6d40ac7984424a39099b70b7 |
| SHA256 | 8079056a96b27b2596a8451cba14266377d314de30469bd92a3fb88fdb60c22a |
| SHA512 | 9da51257a6a33e50c153ef87f3a3dabee51c7fc132e15419d804fcc6f0da35a16cbe7a6b33e1703ceb719dbb10451ccda2c3627f43ee9a08da263a62cb4ff3f0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 70d6a38c02fb42c7a73b2c711d50fa48 |
| SHA1 | f9d7e38a734490c764ed60c49fd839813b00dc53 |
| SHA256 | cc99f88436630ecffffa099f9ae6bb080a1e71593300cc57c8560220cfc9faf0 |
| SHA512 | 9042a51b6693453cebbe1fdd8eaec84fd24c012bc50ebd1b0ff2537d097d4bf2c622fa0509789e0a5da29a1703c3a2190d74d427bc0c5c4d30251bcb4827423c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6dfce49916ca827b4a2aaf2bbdb5cfa0 |
| SHA1 | ffbc151e70f3b83319bea661657baf2ffd02a73f |
| SHA256 | 7cb4a511cb8a378c2858e6416f882ff7bf03de2a1ab17acc9357f1f268c8d79f |
| SHA512 | 222019208a3e16eea307df7e5be1754601c32acd4afa455cb5a5bc71c91037426991553f66cc2e20dfb86a968f7663494afc12bd1f8a665e3c50ed3e68961cb1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3736b13e0a98c8affd728d2ea824cdfb |
| SHA1 | 913cbaa4f438d3daf5aaad102e986809b161e87a |
| SHA256 | 313c8496564bf3d8d9d3c09dd78658282dddb4bee6ea7075bbf4763d53abd5a6 |
| SHA512 | e6a17b797a939c18d6ccb880c43e77141b2b22881f74919c315f4d48b70a55f2cdd683b8cb452f387874de642bbe4e181d665fad30ff49f09a35893eed3ef6d5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2887cf44ea031d7facc20cadeb69ad0c |
| SHA1 | 30f11247dcd3b63d098d1f1dd96f51a63af790ca |
| SHA256 | b5ac3417b2895d16f5049972c1797fddd67dd73e348a19686037eef811c3c2df |
| SHA512 | 375dd59991b3fe80de48091343bd0b459b92bf294af0010030e80d205449f8fcc5fbd0c28b86fee5db365c68a35e0d83ee2da232a8cdcba2b4978111f103e8e7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 90ea7a89b06c369284e2c4f9844641d2 |
| SHA1 | ce4a83cfb38fe87483d698297a9916282d508f64 |
| SHA256 | 185676fdefe949256dcc267609d71fa78dc4d1e7c9fd910e4bfc1b88d97ea8b2 |
| SHA512 | e44aed1e07e43962a0464d4143d8bb57d993c1baf81abe75120c5d0b292833f0bba33b08fe27b664c834c8ec722fca5bbbda6eccb28930961c1d32c86b1db818 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 09b009b5747dc521852d7af65e1c6b38 |
| SHA1 | 674c956ee1e99c30403734f65214b58825724911 |
| SHA256 | 381d5e5689e0d46f875df84df50bb2f54c1fa45e7221b959fee9458088c30e6d |
| SHA512 | 69a3479eff984abb9500a2d44e9fb0ee9d262483a7d20900ff57b297f362593fcad74bc65a7ae06c05e500a087f0ac374466f4cceae5c829c42354135b79d7d0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | abc8b246aa1b68e352e29d788dc4dd8e |
| SHA1 | 95b7fcc537c2549be9f86dd8006e12af9d2a6a90 |
| SHA256 | 5768d2942824a1ffe779a31f4e132ea5d2f3e4e40c0943d3c0117d6d26382582 |
| SHA512 | 82b801de50b16b2cbc993bea595b9f85bfc01191322a9830c7ac6c142d73e79aaa82b9b840e332ca62d974592e4a975285cd6afbd0c54f69df6d9ac7771aaa8b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 09286bdf68b70fc96f85c6615e228e19 |
| SHA1 | 4d250f12ca00ed2ec9a609c322728a44d5a54d84 |
| SHA256 | c2576ec8a39e95dab682e81eac21837b0f8b49cb5ada6039adfb3674be0e1dd0 |
| SHA512 | b5cde9f3a768e9d4be7ddb65a52d4945bbb0fe6d3507685d615e3f9dc269923282cb1a5b020ba98d9e31c647ad440c4356a12c4659f72d8e5d0fdce1de2dba3f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0cb0b46d3c80a047324e4fad8e108ce2 |
| SHA1 | ca479c3b1dea4ab748d73ec4fa6b474baba6c759 |
| SHA256 | 09a4798dfb0a12f30fef4b0d1ea6c44af18a18f09cf6153732ad64aa347ab78a |
| SHA512 | 905bc7adffeffd1b3195a5d1be4c9bd97feb1d7baae3cdef8eb40a45aefef5386cbd3907ebf9e38eadd5da9720c31f51e6b72567599cfb41055ecee3947be0ed |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ba76d9b85a03af4ec7207e1bdad9238a |
| SHA1 | b9b43fa916d71848ccc8e16045eb312e018e9b9a |
| SHA256 | f64afac84c104948a7406af50d6581931fedc30c054e1d5545682eb1f0a4f2a7 |
| SHA512 | d7f8be37d3597b91fb6da96664c077c078dffe55ec074694b4f48b1f06658267f97f951f4bc76791d97b3d4943abc7861da56a003ba5195a3a60829886ecd2a8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 98fa0c44a41325600d67d4f5ec547e44 |
| SHA1 | dae84ee73c856fb05aa68aa4a1df9c7ac3aa99f5 |
| SHA256 | 633ea6285e10513f361fd006c3cee3659e9625674ee52f6115af684a40c5fb79 |
| SHA512 | 811dd79c04214029554700e9e9858155a16a88dd40a9daaf6dcf7d01bfdf079f588f5cafb94c8aff18044535f5bd989c6f7de71f8320baf1268478d8e9ae15f3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2be9d6df0a9e45b129fffd72de96ca2e |
| SHA1 | 2ecc99208dafcb5179f0901f77cbabbaf2d31a86 |
| SHA256 | a77d34bbe75bcf92a522344acda9498d1fb050c12476243a76ca0acde94bf637 |
| SHA512 | 65f899d33eee9d9e020fe822d368dcb63df23a05207fb4ef1889275f0ccd53fe1b9bdcac00ccea20376ad85da9d73340e464b449e3ee80ee3725d5736ed29ebe |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e10fff078af575681df5597776119cda |
| SHA1 | a3b186e1fbbc54f311329fc622221d1921cfe0c8 |
| SHA256 | 16072bc8104b1dc5d386255e1f50d7b8b7b55dd86a660088a8cd4819ad713a0c |
| SHA512 | cb57164777cad41adf09e31e05bd4224c0ba9452cb032d2b86faa64ac7bf433a191677e7e91784f97c0998d0f1e2c936fd5ca43532a7af8e62736da413a94512 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b5919b781f2a9941f29df1287a10b3cf |
| SHA1 | 9f6ba23f2d42ebeb5b4e16c8a6730fddac770e59 |
| SHA256 | b5ff8db3fd44d767c548bfaaea326d87518abaae1b9a79524aaacd8505573c5e |
| SHA512 | 8efc40e56cbb9a113cc7459f4c68de023a8ef5578d37b35bbbf37a8b216db155b7d11ba1661efff66070b8c1453b705933179c7192b29766693941784350986b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2b61c8ae4b141376d59276fb88f0223b |
| SHA1 | 1d98537bbeb36e698f0496741fa151904381696b |
| SHA256 | 156eb2efd925685f39cd36d1fa79483f5dfb7112f4bf0fe3eeb00b66979b77b1 |
| SHA512 | d96c069777b54e382c0eae97bc915a2a57d0408877cf004ebda96b78996881738a136a5daee0b1bc1f6d91cf237669645e31762eba0647054e9ebcc5c67dd8c4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 78c61d776fac06a533f5497982d08cad |
| SHA1 | 2e3c4ceccb09168647c0cecf7a2648bab7f5ddb2 |
| SHA256 | ea7dcb430e92f2d8281f752f3b4293191b1b32f7435a47e466b0fbefe71abc23 |
| SHA512 | 0acc57dc83a97f21499f030e2204e7198962f45392fc55dc801ebc0dc3aed1473f933771c30bbd88e58e06b89ecc59eb8ac7f5e0c8e287d7ec65e21391ebad50 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 449e283dd9b3aa32ff0344e97ad909b3 |
| SHA1 | 72b4c5436f58a1ba01d62efa6c39d26f807902c5 |
| SHA256 | 83f9a6c20a83c159f5c3cdd8b7c687bc0355f305ed5868dff52c1edfaf175f1f |
| SHA512 | 9353890471cc9e7fa68e6d5b54a9dd4b9cf6bc21ce7a5e4d4cf5cf83c98c5edb9fa348993e31c2fef5a4e1999676a59d6624b4fbd0c3517a223dce6a915a86c7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0bf8bb557d7d4bb3100170c9f2200671 |
| SHA1 | f06d8811ee22d91d6b6fbb09b545a27068d3d5a7 |
| SHA256 | 4eb1bfa848d7676ac8be41a0501d76f06e9c81e5d73a4ce570267e00cae08d00 |
| SHA512 | dc95fda2d9e4bd6bb184466b808ebdfb982d4d5c1634db1017da903d651223ce0fd56cbb24ff7502a3108cef192486ffdea83b0fa9f7c8b5e842a012ce731cde |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 002fcca49dd807660b513ec25bfcfc2f |
| SHA1 | 9e7568a02736dfcc03425689ce7fd614d0ecdec5 |
| SHA256 | 5600b9002e4f7ce4af22dec4ed992abc4962e57e974a3c37b14386d6c0ad05cf |
| SHA512 | d0b27006d5c06893b6be75a609d9a9ef5eb8bab64f61ae68bfe5ee3864db3f9e25bf078d86e5be8b9879935b5f212a933a21bc1b399ae3a760cd48472626590b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3ad7f1fd621ce515c2d2f70d473fca4c |
| SHA1 | 528f5cf5b12f91b91b3af591403644f5623eeef5 |
| SHA256 | 1edf417d274884807cd7fd683cf9ff923061b9b6bf493e4cef074166ce690c6e |
| SHA512 | d3ace0b4866826f62e4d4682de379fcd807de2e4ad8e2c09ee4034d7a63708415462afa4514972c70e315ffc141fc92091e71a69fe645797f00f6beeb9771470 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2a6b5b863766012906519a80543ee8a8 |
| SHA1 | 3aada5d104a17c466630ec773aa082d402b1e340 |
| SHA256 | 00d4ffd6cb3fdec531a72c7619ce38dd38e7d6cb9154172c28cc2d1b271f9439 |
| SHA512 | 91d01928ee050f6e7b52d0268a8aa0b5ca2ba5bdb872e5e2a9f5b6cddeaba2b20cf8920cf5770bebe7f29f8a346c4ca1ad7e5a251847dae525fa9e0caea1f1e2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 15abeea3db882e06417a99d00cb8ce44 |
| SHA1 | e70fa29dab8b24a3940120ae9d5ef5aca6d3c3d0 |
| SHA256 | 729bdb823ab97572aaed03d5f2ecb0e86945d90dbcb2302691f038716b87d74e |
| SHA512 | 5a2cf0795fccfd96719dc4f9bdba4b5515383d4a1e95a82fca57aa4a1e3ae65556760d0c3a2bbf6fd5cc595d9de94c438cecd3435cd0a780582fc0c45431147d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 634b4a8a64a104cf8584b4127a43b320 |
| SHA1 | 623425671f6d8653b4bafa245e06359984624f3d |
| SHA256 | 96aaf3c701183fd7a4c8da7f5e7b3faff162b1fd069ef07376293c1545627ec8 |
| SHA512 | 7d1201ccc394fc85f01925ae8b6a3c81336d2825beb46ec8ef135c51c695aa49b1dfa1a0a196e5f4453f7b685811646b8c8280543b8c64a8f34e889bbc4ba5fa |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5f04563c222f8f67a35c923061b095cc |
| SHA1 | 8b1d44724e401e93dd72bb2429b4a8d8bc173c52 |
| SHA256 | 192aa3ad43abb1261d49382184740a53014e55f07c7cb866c53d0e451e0df88f |
| SHA512 | dc5fa314b4610221980586e7181bbbd4d4402d828fe1c909c1ba9b21589f7ddd526ecda594258411db76c8426ff9cb15229242c30245969a0abc272a727a3dc8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e13b2c4b456276ebc18475ac60557d15 |
| SHA1 | c2a151888624510c98dec8652efa91de721146cc |
| SHA256 | 419a058121f59fce6545afc3d919cb8a7d6540d0831ad898b97d76a9fa0d3342 |
| SHA512 | 35a8a92bbb0675cc60105d859229a701a4affc560600cbb682b8729150e38501875e84c3f83a533d5b2118a82a585c24f91a7178d73ccae78ed55a2efe87c2bc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d54228488240f32a1382df4b34c8ee5e |
| SHA1 | 65a6ee4a67d1e9aa748d90125453ee0eff8d1fe0 |
| SHA256 | 95c5bb042a2dfe8aa421607ff502da945ff60df6bc8af23f311f59e9c3e1fb03 |
| SHA512 | 4d5e78d79ae7802aaef6282766b195d1a769de5201e23c0aee56c8cd0cdaff982326aac5be72f383d978c6f7221c5e4eb5df6b4071730901074e28cb21c647a0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f7508826eeac643f91bb413f9c8e4504 |
| SHA1 | 6549742a335844d226fc46b2a427eea126b0662f |
| SHA256 | 51bca6f6ce7b9cf91f7555dc8946c0f77ec0b16c544564481c2b9491da9c372a |
| SHA512 | ec3fb616c9612faa91fb4c5972f569ee3c3ce442fe9600d497debeb2b602eab977494bcc241ba9bae0845332a9805a19d393fb7d58e55101e7786068811f15b1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | 22b424ec4cf67358bf2e0da065f1346e |
| SHA1 | 6368e278dbc28c92e24a037ad6f1571a3a9bae27 |
| SHA256 | ad49883354d4fb7c4892ab62c5497ea3a25d9c92b7549bcf304762984d1a96eb |
| SHA512 | ca00373d553a2caaa22328df4ea4b96ac7b991d847da447af1856fb03876ae8c6e2feb01d7774ac5d8472b6e1fbd9758e0af14401ffa49f1c79f2c18e3b44e48 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | a266bb7dcc38a562631361bbf61dd11b |
| SHA1 | 3b1efd3a66ea28b16697394703a72ca340a05bd5 |
| SHA256 | df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e |
| SHA512 | 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 69f9ccef11077ceb7e5286d0d8f77c87 |
| SHA1 | c02db04291742fe75ddd4a55fc040296073a2c2d |
| SHA256 | e93378dc022ddfd1607cba452ec8f6bb0e29fd89c4236a4f68e5bb65a3a4767f |
| SHA512 | 0fcee2f1d6064d8f17d1c29809bb101cfde20da267e2dcd1cd846e03c6cd3d9cc291ef4d15c20bec466d74f9167abd335e5071d51d0b9fc1fbda553f583635f6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6b0638c6b5b72e34aa3727a38d00e577 |
| SHA1 | b1c9922b8b3a75a1adefdc115b82e8e9e569cb76 |
| SHA256 | 7bd59fc308ea1e54550a4334297e0eb0247b6b13d0674fc629b88d31f5695190 |
| SHA512 | 39b6ba803175df6c8ccc4ab7f5ebe2a1c187a695545590c1a6168e8a8edf3b5023e4dc86c4cb4eaa86af08e0502c484c24843a014677efd1df6ed5080782f7ee |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5950fd9ac8dabb5ff6860e8bc7cf9821 |
| SHA1 | 4c3456064ec65662f238920804a7ac75076fcbd3 |
| SHA256 | 210eacfdb715fb1b65c73abbfa2afc2857c1fd7d9dbef08b5f205788c1756f97 |
| SHA512 | 11fe95183686cf11f0ab4ed8ae209567a14ed14f531a09aba02924af4cb10151036b89baddc743e1807ca1768645c8d1dac2e0020883370065fa79609bcab782 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 01f3ad2300f0291e64ac8a11e3e46636 |
| SHA1 | f7174646ff5483515cdeb75703a007c7c08ef835 |
| SHA256 | 19b608cbf00592bb64bcb8049109fc5563a727995ffa0b19c9bb0ebeb88005b6 |
| SHA512 | 579178d4221d6b88830f4e916958e748440036e9bca824dd367c9525cd4990086fe1596565868c8f49c2f62b5c8304260d080f098d860d21e87ae2ba5dfd2aff |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | 951e8a5963b5b20695cb4945d342dfe2 |
| SHA1 | 3b667b45b200f7a165de685d958cbde7954f0e18 |
| SHA256 | 7b3d2544996c5b7438353407d468c9d6c5f20c6b5e378add251eec2279bb96e8 |
| SHA512 | 9355fcc9786744dffe9b4e80862d61296fb4a061890bb0f898b808cec1a0d2b3d15ba59cd53b7215639e4b3dcf47f82af09ff4f21863c09bc4c575a43e7ad13d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e84aadfd6e62683ce2e7fd30293887b9 |
| SHA1 | c35d486f0a9f5b5e147ea32f09352403997b80e9 |
| SHA256 | 508241f7ae0d943f556a1302fc44f6cc240c523611794eeaa26534500d714ef5 |
| SHA512 | 355789aaacfe85e24aefbd84661375a6ebe83634523c1dc4e5df25cbc567be200d8e72c2a9bb9a377f569a8f9b960f059577b73a2e8ecb668f834434ca7f2e73 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | e4a68ac854ac5242460afd72481b2a44 |
| SHA1 | df3c24f9bfd666761b268073fe06d1cc8d4f82a4 |
| SHA256 | cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f |
| SHA512 | 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4564cf066ff6e22e7da1243c2f473c0e |
| SHA1 | f640e0bcf5bd6e21dc15a4d66212ec65ea7f8c08 |
| SHA256 | e48f18309dc0b1697a7de0322dd1ede29189204f52fb46f2eeb257ddbcf8f899 |
| SHA512 | 4e16c28319373551c592fd9480eda289a72344e9ae0b4c3d66c0d5837bbe33f89dc5bc1fd6ec858acfa7eb8cad9adadcbe775e5f4f584d8a9364cf348bc520ca |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b47826fc04d8bb6f0393e07f882849a3 |
| SHA1 | 6acec9fded5c0e35e1e27126da3b12df85411a17 |
| SHA256 | 328877515e80c5317b2026d70d2c96c49ab2bf6dd0dd7c3030adfe543a33476f |
| SHA512 | 96180bdd115e0837636e1c3c2f9de8fafbc86cb916623050459e28db92979f70e7410154c0e16e6b04d921614a419210078567da938e2413a5d00a66613bd813 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d2a4788ef78829460d531109667626da |
| SHA1 | 9527f1aedd261e9f4d6da3dc81c16c73bc8227d7 |
| SHA256 | 2e8c7fd60bcc41c212cbc602a16ad2198c2967a5716d873c198936f2d1f48def |
| SHA512 | fe993a36d67752ec097e41dfacb45dde491e37a372500c68a235159047d04441aa60d9393e681efd633aec64223438b9626a1373c24c6b21dc6459150dafd3c4 |
Analysis: behavioral4
Detonation Overview
Submitted
2024-05-26 01:03
Reported
2024-05-26 01:05
Platform
win10v2004-20240508-en
Max time kernel
93s
Max time network
98s
Command Line
Signatures
Command and Scripting Interpreter: JavaScript
Processes
C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\Outlook_files\boot.worldwide.0.mouse.init.js
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 149.220.183.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 4.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 217.106.137.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.165.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.31.95.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.227.111.52.in-addr.arpa | udp |
Files
Analysis: behavioral9
Detonation Overview
Submitted
2024-05-26 01:03
Reported
2024-05-26 01:05
Platform
win7-20231129-en
Max time kernel
118s
Max time network
130s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000031cff2ebb57c114eb3982db21de4fb260000000002000000000010660000000100002000000048c482ea420d52125fa64b6e81cab74b20b246ed07396d4d59ee6afb1b600391000000000e800000000200002000000076f516ffe3d74a370dcfe9433e6541b1fccc2d973654ddf409f6a1e4009f67a490000000d6fcb4a8a7b826d320e15bdb0eba398da616f6abed053faf8fb4ae682d7ed2a23aed943938bf805413a2b563c554c750776ade0f3fc6fad4f30105b2116e96837af6bf97e3001b2235fbff9aa04fe0c8d4079a496d9eb96ebd4478f9abdf7cd238d4869ffab1b899b87fb314c597fcaca1c4cfd94ae7efcb5f6070fc233f1839da816f56096ad246438eb266aa8c3097400000000155692170130ead73eb2fa82471237eaa7c23b6956d63b5caa2645537bd7534ca384b85d32bed19941ef165dfb7e52b60f86a6650bddbdc785e04d43ce14748 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "422847257" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000031cff2ebb57c114eb3982db21de4fb2600000000020000000000106600000001000020000000252b5578537dab01f1af8b4b4475a0abac4048f73a0cc6d6aa59fe7a7a113442000000000e800000000200002000000068a93959b395f5309335ec3ec35c626fbfe1bcc528738849cb2b30e10abd48e520000000ddd8465fe33051c9474b21aa2a740d01028c1868679eaab770625ed1320b663a40000000b14ae24419c4684b9c0b6141385017b39b96dc1c864ed1e260faee375215c5ef6eead3504553e8aade5c26ba5600f2e0242e7fc69aba91d53ed62229d247cf73 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{B7D2B681-1AFB-11EF-B7D6-72515687562C} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\FaviconPath = "C:\\Users\\Admin\\AppData\\LocalLow\\Microsoft\\Internet Explorer\\Services\\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 6064c38e08afda01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2344 wrote to memory of 1692 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2344 wrote to memory of 1692 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2344 wrote to memory of 1692 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2344 wrote to memory of 1692 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" "C:\Users\Admin\AppData\Local\Temp\Sign in to your Microsoft account pass.html"
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2344 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | auth.gfx.ms | udp |
| GB | 23.214.151.138:443 | auth.gfx.ms | tcp |
| GB | 23.214.151.138:443 | auth.gfx.ms | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| GB | 23.214.151.138:443 | auth.gfx.ms | tcp |
| GB | 23.214.151.138:443 | auth.gfx.ms | tcp |
| GB | 23.214.151.138:443 | auth.gfx.ms | tcp |
| GB | 23.214.151.138:443 | auth.gfx.ms | tcp |
| US | 8.8.8.8:53 | r4.res.office365.com | udp |
| GB | 23.214.151.138:443 | auth.gfx.ms | tcp |
| GB | 23.214.151.138:443 | auth.gfx.ms | tcp |
| SE | 92.123.135.89:443 | r4.res.office365.com | tcp |
| SE | 92.123.135.89:443 | r4.res.office365.com | tcp |
| GB | 23.214.151.138:443 | auth.gfx.ms | tcp |
| GB | 23.214.151.138:443 | auth.gfx.ms | tcp |
| NL | 23.62.61.194:80 | www.bing.com | tcp |
| NL | 23.62.61.194:80 | www.bing.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\Cab1111.tmp
| MD5 | 29f65ba8e88c063813cc50a4ea544e93 |
| SHA1 | 05a7040d5c127e68c25d81cc51271ffb8bef3568 |
| SHA256 | 1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184 |
| SHA512 | e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa |
C:\Users\Admin\AppData\Local\Temp\Tar126D.tmp
| MD5 | 435a9ac180383f9fa094131b173a2f7b |
| SHA1 | 76944ea657a9db94f9a4bef38f88c46ed4166983 |
| SHA256 | 67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34 |
| SHA512 | 1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | a266bb7dcc38a562631361bbf61dd11b |
| SHA1 | 3b1efd3a66ea28b16697394703a72ca340a05bd5 |
| SHA256 | df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e |
| SHA512 | 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4c43504da2cf393eeed117cc9f475710 |
| SHA1 | 439a8a83648219485a0e86fd0cc5676481484458 |
| SHA256 | 78939755308c610159cc9b3beca121050a3b654c44f9916a8c3cf904e1691bda |
| SHA512 | 03df4be9f7d15327a450079944d1c46fe1673c6158d15b8766f7af3409aece0d490f30f224687ce86ed0fac60777647a5c8dc67842184b00476fe5f2d1f5c447 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | ebad6e4bf0d3dcd4ca16c06f1a9eb3c8 |
| SHA1 | c3dfb0719c8e55a78d6dff4f5f145ba0340bb639 |
| SHA256 | 0f089585bad11c88112442f5300172cfe8306c15c113c83106ee0c71072fda16 |
| SHA512 | de9daa311021e33b13c4f11e86a0cdac58a1ea5b59cf6c79204e8b94271f2637ee277c038b7003fd6a2f74736bc950fb893eb4e99f61a691ff4dbefc34e04f0c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 83736e6b89b8e752dacbe51bdfdda487 |
| SHA1 | 63efd21a5af2e110e1ba65cfdd2680776b8e3994 |
| SHA256 | 5928aa5708768c9b2fb2d91d7f55a26c265cdb686762b939e014a3d9334330e5 |
| SHA512 | 0f692581f870e2b1f94fe395e5c497b36892333346cd5ea085786a80e012f86a1a66068d6bb07e55d165ebf1ff49df8e08af196234d4cb93699aa43195ff4a68 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c3406972e2ee1742bfba47b4c28f0738 |
| SHA1 | 5ea1c0dc66248457f6eb00be2f3f0a7a91d60e1c |
| SHA256 | 9332b4cade55766332264d0257fb6132b66b4ee1891846b6f501e811a4a0e5a1 |
| SHA512 | b4673c7ddde42f9f378d7948a4e6ba08c35b021ed54c2d37c5b4368cb7d89d536347227fdc9d2b0afd23cb731c333c73c85650d56fc11ff42eb0449218cfe286 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 42dc7f3e2e66e09b86af3d103301c4f6 |
| SHA1 | 82f8c55428f7becf189a1429da6b17ad86b5a059 |
| SHA256 | f3d30caa2978b9a2fd528e3cda079920112442bf572777fe63fba99688b99d9b |
| SHA512 | ba964b03cf01c98adc0b1cd97c43dc1a1823de90ffe112e136d3b975115f7fd6475229ab48ef3e142c37b88082a056b18eac2903ccfa01087d061f46dc72cee2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2df0eb10cc4c6fbfc7691c20828891ae |
| SHA1 | f2dcbda3be3f71c3e7948e8d74df54ac326c39ff |
| SHA256 | 8867e4fa08932ce7842763e4e4ed29828c4f0c5ccb47f7c6d1b39599e8fbebaa |
| SHA512 | 93f330972a0b0d32266d7a7185df388d44ad0430fadaed86a7b0a6ee6b025b71fa720499528fe2839e9a6dd2160b41f01381665b960f1c6174004587f7e758ba |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 007f0d81ce525fde2d5d3b527d1cb5d6 |
| SHA1 | 165e4fae472f6df12eff0131769820c45323f45a |
| SHA256 | fc20dcd597ce78a811dbc308886becd8d7558dc89d3ce614858b3bb4facf31fc |
| SHA512 | c5a0fe8842bd6c51501fd3993979c5cccc04901dd169a199c369d817cc0bdae99a79398ebb0ea81ea809965258f5d247de1f116dcd727424b142db21324d0314 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5f5e822a867056788d92eac1a471f0be |
| SHA1 | 2d8e5eca3e0fb720959e8c8158070e4d44018d4f |
| SHA256 | 0478bc7932efd666d94d80496e4f4580eb533e90b093d662629033f88c10fcf2 |
| SHA512 | 3bcb3519c109f07c7b5c29c573d4e2760ccac8bb715e92fc729b533faea92a4afc9f4768e4dcbc7f352206ec6ca16c346e57130f665b297ff40a3131ccc09d51 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 04dea772925aa7d96a3cecc3ae49d403 |
| SHA1 | 19e293b34be2de61745fe1b6041bece206615c7a |
| SHA256 | 558489ea9021ed4329aa69467a60cde3455b29a44f448cfaf7ebf9bb092ca29f |
| SHA512 | 3a45cbd64b8a2566d46f92a056f2414359ae7ca46c2e74f5cf71bc239bbcfd8973da40126c31237dc86f914b3a864709e78f4af5cfedbf261e8c98f18474ee0b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8a58f05abbb3859fd5e8ccc7c43287fd |
| SHA1 | 573001d0d9666fd2a0f36482d3771941c4b9cd71 |
| SHA256 | 0ca7817ca622b2c88a740152326f5263878455e4935295dd245881a4e0967aab |
| SHA512 | 55f392d84117fda0d51cf8ab8dfed1a9844c2401b63a5008727a9ed47b614651b572745ded949249f02c3c1856e70dd8861fc173d607cf9d8d23c62be8e96688 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3013d8a905d04fc78e77986f754beef7 |
| SHA1 | 0768ccb2fa173ff1a1f1203b439d741627593b5b |
| SHA256 | b99d1e4da2e0507af6cdfaf82d4f319e864f815ea78678f7923397f136fa3b16 |
| SHA512 | b1edeb8231609d1e941c347d7a8e9fd48253d3db05eb041ee7a46a6ba13f7096d77214cb91b6369e25232ae13662bc24dbfe7fedca1eeab188960919bfa7e17f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 290e0b7dd17fddde2ab8e593693065f1 |
| SHA1 | a8a1083e14280d17141b3958e874e230213568f8 |
| SHA256 | 5cbf67afa61e310e0e01a2aa2ac928ff1545e01d316c3b8ce8691c5ea8b011f5 |
| SHA512 | dadf08eb9af4e516d88632c612c689f5ebe046abdb9f3cdd9b3322c56a520b7f913d3ade37edb2ee2590aca040f80f34f5a2bd5b10450de56cb5aa775340e42b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 858bf857215b3191be000742efd5bb09 |
| SHA1 | 8a99175b2406abbd748c527e9b4e4cc8119aa8ce |
| SHA256 | 0fb0a3d2565929fc99fa5df5c1091004387232f45aa6fb3bc858d9094288906f |
| SHA512 | 18bcb36e0e1f9fca7b2e6aea9c3e1462106bcc87b5699528a3edc5382a1c9990343b0f06732ee4c3d820bcacc4f1f188978e551e45a7ba805dd14221ad0ede94 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1b8bcf7eadf13f39634dd3eb4f996958 |
| SHA1 | b2f11ab4a88602f282645e4183e032b49dce531a |
| SHA256 | df202a9e48f9a265490c33ae797746ca3383e0f8f1bcc2d545f98e76ac1ccdf0 |
| SHA512 | 4e2ee2df572171f66bd265a9c36e8c367ca1cdca7b90b9d5dbb3ab4431c83d430787d79c07a1a99daa831ee6cbe6470508053391793472d8361a92714c0faa61 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b06f8a1bf9f8ed33eeceac05fcd43804 |
| SHA1 | 125e60c5735f5540a141a4a66907bfc97a9cc32b |
| SHA256 | 1d58741df29562458ee7e6e1191e9df2980120d9a94ce1a7263331f6401bdb18 |
| SHA512 | f523244e549e45ba06dfe2fa427c96a6461193c31617dce4a0262f9516cb32def8854e63af40025aabf8b188662d4014078f15b53b14704f7b67916b245b4feb |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 53aec33baf5a6f1716e93f2acc27e3b3 |
| SHA1 | c7977c9ed36f9ec573272eac18400327fc5d121c |
| SHA256 | 405474d06f8c728bb3214afdd329db27af7f610017a473a84e997e43f0c7fade |
| SHA512 | dad0e01cc11055762b53bd657f14d9fb3e7193f5173e61277a7f562e0db6af291b630dae5608a9bd9d7114201f6224d305afd3031ecd83dac641a60f96df56cc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a1e94433876bc233243c34cc2f6f8156 |
| SHA1 | 947caf756f9afff2e8f05cb07676d13af56a86db |
| SHA256 | 80b02bc588a986b6f6277262778c1fce48c9c8629488a935bc2d0ef818850fd7 |
| SHA512 | e56c45eba679229404ca36c7b18f36f13d30adee2d6a53299cd54f1cc0312ca7337226a90b1a0ef20ae535f7cb8ec64af6a9e0a32179ccdd39bdc8e47d977c44 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7e64eb349029d40747d753ccd1bef8e3 |
| SHA1 | 5b1fb5856d4f6ef051594763469efb096ba50480 |
| SHA256 | 049e0105769ab031b10636eba75b808abdfa8fb0b11b10513e205532021a98fb |
| SHA512 | 99d696db54c8d01e6be10e3dd8ee067334c29fe786a6619bdfe264e492892fc736f7d807b7bbb5f072cd0962375b43d2d792126ea079eb32f9eb093cb9c8f731 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d247d7ee69e395e3b3cf5d89259c0e44 |
| SHA1 | 7ef40ae7293bbd298274ea63a26ccbfd9dcf7780 |
| SHA256 | 616180cccddc770778a14a804ff15c1f004f21ddf046d71910c3c393caddef2a |
| SHA512 | b3401d3da80f21aa5c1a70a15549600ee8daef624a238179a4911e4c11d2935355e0f0697ce48d624ff2580f8712282965712e5f91ae1ff53b8f97d44cd534a4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2e964a356c3afc9403d26dc0fd3b6256 |
| SHA1 | af5fabfc040d47cf1ae550ff89713415a50e88e1 |
| SHA256 | 3a1a16d5694b79e91cb519060f4221108ed42dc6b88c4642bfe901012ebcb3f8 |
| SHA512 | 4e2a92ec0d6009e56dacd6b9e9cd6eb4e326bb01f86b0e7d22e77ca24b78d58d3dff0542ee1d9da0c04a62ee932a9f38c086372e200a34c4cfc47f4a45145709 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 229ded0c2adab7c741198e15d5f149b4 |
| SHA1 | c58aa3be2789ace1801e92553e4745aa5537644c |
| SHA256 | 763d07d904a08c267fec9af3e3139b3628ca4255d9e363d621475a2c433df866 |
| SHA512 | 28a77c100f43920a5fa8c1dc7313314eb8c4aef5cbcdebc1a02e1566d8e70f90bff3c21766798de88d281b4222440805ec72a2b11ea272704f923f06e5819188 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8faa113fbb2e403265145cee8bc83e76 |
| SHA1 | 5be5f644b0368e594e63d36c61f5cadbb0054d44 |
| SHA256 | e7fbae8c21abc393df385129259a1dd96702b283f8150bb62d237e2dc5a980a3 |
| SHA512 | b9f69b6e4a84a103b1cf2cb8910be5a6638f3e772e4331d266dbdec40c75dc43fde34bc2a7af5bba210e78341151cc9d4132c46865616e2e7f7e8c16897b9529 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f7b912a873758b12d6a6f9d3123cd39d |
| SHA1 | a40c79bee0010ffb2a00684705f7258905df07f4 |
| SHA256 | b4d464d1943c26e383b87b3b91b703549ee27d1f2704d4ac443a1a33844dee65 |
| SHA512 | 998f6d762b10decfc60e46adf74c5a4fff050ed95a290ff6f946851a73e13f04c49fe765459d6ff1b5ab4f856c3866becf4c54d937df400063e53c2aeea8e2a3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 758dab9d8a0d859a1640db448e18e0fb |
| SHA1 | 34646bf614aeae81fe2afd174e0fd7451a93dcee |
| SHA256 | 43fb21efed5712ef6ff3b435374b74a8cbc98d08ff5a03b4c1190a5a4b7c83c8 |
| SHA512 | 516d3055fc0c33025ceb9e31c496f0712be2186341a9c84dd2b9c9f7c1de36fb6f04694739ba22c1d14975932543f7f388295600ebcc6dd17cc3aced49c032a7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 101f4bb5a7dcad1b28dc62f7a2aa0241 |
| SHA1 | d610302ef0202c0c9dcf6d18fdd58f89e4acba94 |
| SHA256 | 2a1a024efd01c6cc7c9145f8cdf04a50c2c30ec8425a60a50b77fae7a729bd1e |
| SHA512 | e59c938e4150f871dfc171d2b5c4c7b90e56034c38b25696b38e952a1ff8cebb0058d36697bf68d3d2df3135e8af9e89195ca1bbf39df728679b7472820f39f2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6ec092023dd926991fdead564486b6e3 |
| SHA1 | c518446092f446ba55e95e0200f7dd687b0e91c8 |
| SHA256 | 761c6ee43d90b500db2bfdd93c270496a288b2aeeadb93ef1bfc10b29eed2a03 |
| SHA512 | 2df2ed9fb35defc84d230e29ced467234addab8a6602aae9f135c9a7014b514bc0cc334995c1853012b8826a24bb0f513ea9f2f87cfa9f4cb91aca64153874fc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b13a830baa6890200fe45f972998c7cf |
| SHA1 | 235b322e6846824cdb39e48b6c558d9da39ddf30 |
| SHA256 | 52b184baccfb3ca55e55a9d256c7b7227d0e4f34006b1dfa8cca96d588a93f3a |
| SHA512 | cbb0a4a5e0111cf40ddfde37621ae01f3168925abdac58be1cf15a968c9b385a811875a246796ae8bc7d8c1858f5d1e3c149f680455b7b6b047559e810570ac3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 66ab498e50eda41deeb4c047c210b630 |
| SHA1 | 688afa79e0cc60711c7e94629eaed71a78a8476a |
| SHA256 | 2bc17d226e6e611bfb5bc7bdb93557d5d97646bdee7bc8e4a63c3ee71794f77b |
| SHA512 | 6ebc13178d77f07ca2a390cce9845f1c7b46708a7b1988333641b2d538bd68914c370679a24ec88643b62e34326ff88378bb7f78f61ca105031bda87a1764560 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 98fb587fcfad72b28c70312d8cdd5a87 |
| SHA1 | 1a347539de4c91ca3792edc19804ef9bccae3020 |
| SHA256 | 112c440ab3189387b4441857a8f288640f32541f5bc29b109402bc5adc071de7 |
| SHA512 | 4cbed837298b915b3433a978527d19872c59773b3a228b02f7cb57fb032d2f5a5c06cdd5eae32b08ebcdd56b0d3fcdc0f2f9319b03ed60d311d6d4d53322e757 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0ecdb0c36f010fb5e0aba10edd6ed7b0 |
| SHA1 | 546fd2461267b1a6c0f8bc3a287c4041e389ae72 |
| SHA256 | 6cb3581ca55fd240b7901bfcbddf05ef4e5cc649dfff932e83e579df7b66d24e |
| SHA512 | 4da8f3a149d0d68e71e4109c66c07ffd9963d76f37e0b4d30564df0a005f1b6ef3a9b89f737eae5edec16543b32adf5aae9484b01be9f3ab6e1cb49888e893f3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4d8605ba1a40c180ff129d1b0a73cc06 |
| SHA1 | be5070381f378d50bc808d60bc47748e1875dbfa |
| SHA256 | 424220361a99d114249594371f4fbfa831dae9ff97c9e3f103690b01ddd54c65 |
| SHA512 | fa8bfda46febb203e0ecd761806bfb3a2f59a865786e56373c022ce5b9d44fe0ee76474104ecd57ec52dd89ae0bf3fe12424bff0f05beaa6d8b0c0d33706a667 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 30e04a02fcb242f07105b2723374e756 |
| SHA1 | 5cd3bd4d21ce6414c97b63cf251cec2c0a83e2d9 |
| SHA256 | 2afc7930232a4acd0bf5d6486aa7fd7ca711bcf124edb6f01b7d0cff68678493 |
| SHA512 | 322e83939896fb158810e4796a28bb1a4b92e09c9ce44b96157750af0ff246b7099fcf147f6353828c96bcf8a60c2289789178053ebd84e7141a4e09240a742a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 758e83d029f4ac1e17b23d8ceac16a87 |
| SHA1 | dc2f3769d654ce4f4b9230a55985bbed519df6d3 |
| SHA256 | 9cecec331a3af244be18c85acfc65bf50cb5bcbda8c8f1b342fa9ae2fbfe645c |
| SHA512 | 251f0841c6951004d94c1c2a87845d084a5590e40dee4c647e509f18b0b18d06da3268826dce1534f0b143f6a2d3c439e93f9595b4e68bfdba820f04cf632e03 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | bdf69e93b543264e7bae924b12b2e0aa |
| SHA1 | 10e7d32e302a9e84c8548b5f88001d857d020c13 |
| SHA256 | 551a6f5d926a380a53197db9808c158b48d0cbe2e6a869a33f4e922d2ee97dc5 |
| SHA512 | 52a7b784c3de800b2bd89f0f28091763037f1c1b467305ddd4403ef02b0ce44722e5ce95e1c49701182d8c5974f7eae987d61b8f51347e437379870884c87945 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2e145a3ed6569611da6d0190cf26a005 |
| SHA1 | 73041070a28b0451a4532eb117445ad689f4f307 |
| SHA256 | efe87ecf81595551a90fa1434ff2dff143e85aab44706d8fd95f3908e115072c |
| SHA512 | daa01f97c1adac44430ea058f2defc234fb2307839e9ca9254ffc2224ce4992f2e877f610d9b21679a9d8b14c694639b2c3af381815220e6c7ac8156fcfadd5e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | fa8ea77cd74643701fd104fba4b46506 |
| SHA1 | 21f187a6ebd25e53ba00d745201d48f6d64a37c5 |
| SHA256 | 92ba57dd2c432756d5de233c74e0861aa1b9a3a145dff117f689277cbe243673 |
| SHA512 | 69ed9ec467a18ee23dba2a451f0e301beb6d08565a25191e55f244d3184bdd953bd780902bbf56d1208da102014c8f13e44fb7321a5f8d22d5e3aaebf628f731 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 151f4375ebe8c048d358d85bcbc77e65 |
| SHA1 | 48b397c195beadf18ea6286b4342bf9b7538db15 |
| SHA256 | 6157379d82af03625b82d8a2c62c59183657bcd1ea8afecef5fc928a0e5a5f44 |
| SHA512 | b47bb331d3fd10f4c543cc886eacf1dcba192b05f59cb9d90bd4b410880203da569f6569a44e8ce0e85a5e4ef762b5c1c92ad6ffa6aca87e41a8161415ea81de |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0b2c0fddc3ed28a67d2330001b155bd9 |
| SHA1 | be3667049491e2d470b6544c46340a03d5222e23 |
| SHA256 | 8e1fece20626b23fdc6559c11d304dbff14518988bc03c1eda4d48c65c80320a |
| SHA512 | 1ab81e6de813190403dbdb37e352277b886b470e0a8bf2e39477422e211787b6a079640ea6e449afad90161778fd38f03e7554bba25325be735d0aa737326c7a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f82be83cbf5a56232e88fe92b853cd1a |
| SHA1 | 4cbdbf222c99f48e4a2f8c55ea06703728ad6dd6 |
| SHA256 | c5b37ef74ebf4ab225a784ecde8c1aa0b13d81f3b54417065371d84c6249cde8 |
| SHA512 | c6c497aaaa1ce79d6b9ff05cd8ae382b3d27c7e4231e54d5920459aec46f26337bd041bc977e129b2a6930a2b7f5b1ae6678a5f82a0a7d2c119d395a9d8add74 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 498442ac9ea5008ab722b87d15032a5a |
| SHA1 | a0012dd99fd672d73afc8610cd091fc2e3e5ec4f |
| SHA256 | dc2f63cdc536a01cf7fceb5d26d8af4e6a2f55b4bfe252dc30d19cd371e5e620 |
| SHA512 | 355683683b34038e5f647202826714d0f3092d2dc7cc4828405df3de51974ffc747424f152e1819b048136f68c4d936b1d902e403813d5c3e11a751b02c0837c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 401c95143cea6d80a3bd278cfe129d5e |
| SHA1 | a23ced74ac2ae7b438471aad09fd18bac60f6da1 |
| SHA256 | 7bbf34bab2404cf0434012ebf45c63966e794c6f8b04c7c9d0fae6c77cc11476 |
| SHA512 | c89957d8b9f3583e73adf71be38aa3200de29536cf254f14a1e89fcc34e5e379ed3e4d9421583447241e536f4d2e88d66aacbda94a9e0c688917ab8121be5fda |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a6c2cc18e473f87500e7f3e0ba049a24 |
| SHA1 | c79c03b15e9ffae98935ca79e647c9bf756369bb |
| SHA256 | 6aa36a0efa249cc2bff0ee358512d50a4551da26a78f773bee157b1240f7f1a9 |
| SHA512 | 6aa7dbdbdbac6b0fb789e3d4c3de625b359c85a56c73c4a79d33aa278cccf37278b18344ed51c55e0e8b71abb7ec7948ae5f818ab3dbd24fed0c9fbe66500b46 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 48b4bad63f63ad6937443445c1035e7a |
| SHA1 | f937ad0ac3c7851c151bd970b9e47d7c7738d18b |
| SHA256 | 3563c8a57ade2e5f4705c42d069e663d25e0ad789ca72cdb63a45a8dda621e08 |
| SHA512 | 4ba5d319879f03782095ccc53b48b4dd70b278adc2815ef351aa7195ba4e4ddb0f5d5104ea083dfefb69965461435df8cf728397ebf61f62a553ee5d86574afd |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | e4a68ac854ac5242460afd72481b2a44 |
| SHA1 | df3c24f9bfd666761b268073fe06d1cc8d4f82a4 |
| SHA256 | cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f |
| SHA512 | 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f39d3a71debd955468ee3392ce38e02f |
| SHA1 | c9d1e654680c84a02e8ba2cbb433185e3fc8ea9c |
| SHA256 | 49bb3493ac88d8498d9b4c3d1246eb988a52355eca2add26dadc9e61ceacbdf1 |
| SHA512 | bb915a8d44056bb31cbf576cd86cfdec9d6d3b50c2436157740ba58454d286d7148474bca4f89d8c1995864880418e0647bec41299ce5350a6825da10888a1ca |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | 47eb1e3205ca802b323b3386f7c99b93 |
| SHA1 | 67b2b9d96bb086c163aeb78fc36d8d77fcac3922 |
| SHA256 | 1368d2b720a118c9e3403d6dd6a241b67951ce0e629181f9c636f3b419be04dd |
| SHA512 | 56b6246da79de7876074cab669a852549678f8747d34de3a7720cc1872e8385e70a831c04bcf8517d92dd9d631e14c818dc3c3c1f884903b9e3040c3d6d2d3ee |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 24c127e134c1a9b23d88544b53b8b792 |
| SHA1 | 9d1569259ce5669768ad155d03b9fadb9b71eabe |
| SHA256 | 867ccad1debfa53fa16527b1a20e3b09bac0319ad81c4395013697aa08e54ff7 |
| SHA512 | cad6a08a61c7f1ef6554cf804db61084a10e408373850b8891504d8226c950ddd0e768471e51e8c43c7fad8b8f00617c2d3a255e18f3bc57550ebd36be726180 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3edb665fcb507e595fd7ed22dfc2e709 |
| SHA1 | 2264b5bf675573b81643637e8998d337df05c453 |
| SHA256 | df6b7a42a66f613e92834f8de008e80e4fb622c35b978824b60e7b452b2fb51b |
| SHA512 | a1795c0a85374009d88fdbbcc2ecffd22f4cef7ecc10da590ed90f3e7bc88904aa22e3c0b0a3c17b69291c7418aa9b1fa32bb2e1b507875cff124378bd455d50 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d889ac6f4fe2a058697df302190c0e89 |
| SHA1 | 6c6d02d1be7543d0d60bca064dada4e1b34489fa |
| SHA256 | 0288b496dc648df1e2c82af2a42898d41058f4c6d3624bc43fac575d29de22a2 |
| SHA512 | 5947a54778b323daab83e32abd56b1d1e147161963ecc4880385092d052dc738ec0b12c4877ef449ab4b8c4144ae0f49c30dbc8dfcac6f0f0d875fa26a3be47d |
C:\Users\Admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico
| MD5 | da597791be3b6e732f0bc8b20e38ee62 |
| SHA1 | 1125c45d285c360542027d7554a5c442288974de |
| SHA256 | 5b2c34b3c4e8dd898b664dba6c3786e2ff9869eff55d673aa48361f11325ed07 |
| SHA512 | d8dc8358727590a1ed74dc70356aedc0499552c2dc0cd4f7a01853dd85ceb3aead5fbdc7c75d7da36db6af2448ce5abdff64cebdca3533ecad953c061a9b338e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4ec5143dd45b50724d2c6d17ddcbcf7d |
| SHA1 | e240e0b316619eb9388f102f540ccbf121f2bbc0 |
| SHA256 | 12cc0faa7aa993bd557677bace420217f26f3c951f5396bc29e05ee2dd929b60 |
| SHA512 | df20c6caebb1f0804aa22f9ef15463b3110e3e80741c432008b341b34bd204e19893b28c4864ecd6394ae543b89bdc9e036d334097d81bb06b16e9236ccbbba3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | cf59db2565df812a664fbdda2d4f9e8c |
| SHA1 | a9da948d9e42600d619b3088cbc07732902f482e |
| SHA256 | b568cbeb5cd06d178d342a258cee37b5d7cc9de4f759d27623f728bb703ab9d3 |
| SHA512 | 2f33b789222ab63584bafbc84eec7968dc8094bd2bcb73b61c069a587252708ebdc84c429b63a36fcc1ce7c5a3a416a356645bc757f82869030862988066810d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a39c6893990542e75e580fabbe8a2c97 |
| SHA1 | f53c16a30939595d08a344e569132c6f7af65111 |
| SHA256 | 3a95da7936ac8734f3bb7f588bc4050e0d91e4dcd1f9171343bb2bfabc7a2833 |
| SHA512 | a6706d28089f38bdc734f4d9926c9cd653694b243d0b90eede5e2d1b8fbb181e222f5dd9f1f413d56bf054cd4da5fcd8f5795522ca78b44948bde33b609f1b5f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b0439c2c844ab834e2134a0cb966c933 |
| SHA1 | 6e9602507fd3c9d4a9fb291a1e273e86fa4645d9 |
| SHA256 | e1af1e7da8511ac547aaeede4da1cb2f18ec8713775a7995142d40c94c0c260f |
| SHA512 | 38c1f5ad9c7ce5b827f9725b75c321e9a1a8886ecf7f9e89b0ec506d05f44a06bf9a8a780ba881c97bedc1e095887463443d1a99e6fc0bcc0477cf46e649ecb1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9d73a02ace78caaf1ea2fda737e4a4fc |
| SHA1 | 3ad47b770d4ab7cf2c4deb68087119612ff78a9b |
| SHA256 | 36ba36062de764dbbad0cc1af5b22df84ae57351de1e9b3ff94c688473dc544c |
| SHA512 | eca743f9c2f377c24b58adec4dfdae5002f794ee0dfbc90f9118d1cd5228eebaf0fa3d55095d3bd4d9b7acee1bc4e2016c5498f415e5b606c51cf99bf0172a1f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8eb35e77096932eb64b609444fad82c7 |
| SHA1 | 01798a01e8ff734c6e7cb2a9f4f84d9c3107803d |
| SHA256 | 9dae15cfb458a4fd22b61010e02cae1b50c43423ff0f0aa5752170cda43bfe29 |
| SHA512 | ae48e2f550703b69829482844564011c105e64b80fb6b3f9648107ecca3ad236944caa9f3950bfcc13826b22ed30dc9a2dd8a4184649ccd9d72a3cf73070dd1e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9780199bf5c41c87b6ae3af84f708cf7 |
| SHA1 | 9d9bfbf491432ca53bd7c3633d2efb4569b99366 |
| SHA256 | a80ea3a32f52f2e8657fef7ebae607d64c7874f5c76b7a39a0afe168fb55ab18 |
| SHA512 | 8fd88e0a648cb2778692130b7503b2ae94e5fe17bc69c3a8bb4b668052424bac69fcb204b0ba8e12e95468176f6713fdae536a13526c0fdd26fdf20648c7e196 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f4abe0fc4cf0bc9a132454925a9827e4 |
| SHA1 | 2224eea3c26148439f00887d39db458b87d4d69a |
| SHA256 | 5582fb919227a74acc4a957641d350836f6693a0f4f0c7eae9733dd59cecba04 |
| SHA512 | 0701cb15f251077fbc9528d34f12d1495bfc5187f9827904982859de1483e538d3038d32756799915c23b6528cf284fe20561ea6db46913777fadc7abc466822 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 046cea3e24896d7afdacfe23960cac05 |
| SHA1 | 772355433f5b4c8fcfc2764257a2d35bbffdad6c |
| SHA256 | 1075f07189ed259a4fe9eac08a9ed0354cd88b9dc7526e87ab05268b3b3018a7 |
| SHA512 | af742fd14de8c8377cb9483e4a44deb2b522b97bdd0bbde13183cda61ed19acff1fbf5cb8f0c7ffe67139b0af887ae56f5fec2f00c6d73fcbf5b8a3d0f72519e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 23351b9f8250d606ed9c0f9b3e6703a9 |
| SHA1 | 2eaa7bcc9f100d7b80f2822cd24d30d7683d5487 |
| SHA256 | 02a48573b5d6667718e525a716e5ec3d6ec198310db53ff7ac2685af83d6617a |
| SHA512 | 853a4d3f334f377ae63a0d2c7972f4fd2e2464fb5ddb26c05e2094adde46676636991f341aee0bd16474727f6f7e3a7a9c5df5a435614b4f07c03aad61f6cabf |
Analysis: behavioral29
Detonation Overview
Submitted
2024-05-26 01:03
Reported
2024-05-26 01:05
Platform
win7-20231129-en
Max time kernel
121s
Max time network
124s
Command Line
Signatures
Command and Scripting Interpreter: JavaScript
Processes
C:\Windows\system32\wscript.exe
wscript.exe "C:\Users\Admin\AppData\Local\Temp\Sign in to your Microsoft account_files\ConvergedLoginPaginatedStrings.EN.js"
Network
Files
Analysis: behavioral3
Detonation Overview
Submitted
2024-05-26 01:03
Reported
2024-05-26 01:05
Platform
win7-20240508-en
Max time kernel
121s
Max time network
126s
Command Line
Signatures
Command and Scripting Interpreter: JavaScript
Processes
C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\Outlook_files\boot.worldwide.0.mouse.init.js
Network
Files
Analysis: behavioral8
Detonation Overview
Submitted
2024-05-26 01:03
Reported
2024-05-26 01:05
Platform
win10v2004-20240508-en
Max time kernel
149s
Max time network
155s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\Outlook_files\saved_resource.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8e73846f8,0x7ff8e7384708,0x7ff8e7384718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2084,3635352399113061865,2082434024094927836,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2100 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2084,3635352399113061865,2082434024094927836,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2184 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2084,3635352399113061865,2082434024094927836,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2820 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,3635352399113061865,2082434024094927836,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3248 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,3635352399113061865,2082434024094927836,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2084,3635352399113061865,2082434024094927836,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5172 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2084,3635352399113061865,2082434024094927836,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5172 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,3635352399113061865,2082434024094927836,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4736 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,3635352399113061865,2082434024094927836,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4732 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,3635352399113061865,2082434024094927836,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5460 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,3635352399113061865,2082434024094927836,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5484 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2084,3635352399113061865,2082434024094927836,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3024 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 196.249.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 68.159.190.20.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 209.205.72.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.165.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.31.95.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 205.47.74.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| NL | 23.62.61.97:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 43.58.199.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 97.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 200.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 85.65.42.20.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 87f7abeb82600e1e640b843ad50fe0a1 |
| SHA1 | 045bbada3f23fc59941bf7d0210fb160cb78ae87 |
| SHA256 | b35d6906050d90a81d23646f86c20a8f5d42f058ffc6436fb0a2b8bd71ee1262 |
| SHA512 | ea8e7f24ab823ad710ce079c86c40aa957353a00d2775732c23e31be88a10d212e974c4691279aa86016c4660f5795febf739a15207833df6ed964a9ed99d618 |
\??\pipe\LOCAL\crashpad_3420_HQGJJFSROMTYPHHD
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | f61fa5143fe872d1d8f1e9f8dc6544f9 |
| SHA1 | df44bab94d7388fb38c63085ec4db80cfc5eb009 |
| SHA256 | 284a24b5b40860240db00ef3ae6a33c9fa8349ab5490a634e27b2c6e9a191c64 |
| SHA512 | 971000784a6518bb39c5cf043292c7ab659162275470f5f6b632ea91a6bcae83bc80517ceb983dd5abfe8fb4e157344cb65c27e609a879eec00b33c5fad563a6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 7428a34b6feb1e34d775f995b2791952 |
| SHA1 | 10de6edca8e1e5264ff3c78adc181c43494833bd |
| SHA256 | 7573c7504f074546286655015fa7e1fea0140c0836b806febcdef6c1c2671b15 |
| SHA512 | 07de4365cf645aac9835a7f72d9309eaef73ed4dbfe5a6a481aec1559dd1e828482a2b9c3c69cc273b28c6613f3aceecb8a5ae03fc42d4172655d891331f35df |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 512f3c1b2578a2a60b2a68fc10bc5877 |
| SHA1 | 17b90c58e10f5894cc30c096c4647b2b3a0e39b4 |
| SHA256 | 4d28c5ffcf71d5308fb58d7eb1304222486b5975e29ede030792a4a821f70e17 |
| SHA512 | 1ee8a3be0c08a3190e4b90b3763039d7f278abd5cf4e1d9c9020ce8c497d235e654eb57b68e69d9ee3516846b13eacbcb8770f210254754883f657e37e86abe2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | eb2ff885611301ca51dcea96f248ca0d |
| SHA1 | b2870b8fdcc2ac2eaab6a47b6afea03e6af828ae |
| SHA256 | 599777f7d800666cd7b54453ec89fa98c40c3583d9739dcfc77c7e2866b3159d |
| SHA512 | c385de9c1fea602205e79854ebf9ab1857eb9cd10b54ae5c9f9cbc8f61dc9d251bfb147636453831210bae4e2aaaeb95f73fd2bb03674e302312c2e2c5430f73 |
Analysis: behavioral12
Detonation Overview
Submitted
2024-05-26 01:03
Reported
2024-05-26 01:05
Platform
win10v2004-20240226-en
Max time kernel
142s
Max time network
149s
Command Line
Signatures
Command and Scripting Interpreter: JavaScript
Processes
C:\Windows\system32\wscript.exe
wscript.exe "C:\Users\Admin\AppData\Local\Temp\Sign in to your Microsoft account pass.js"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4136 --field-trial-handle=2692,i,8678872182442199182,12502579059484928042,262144 --variations-seed-version /prefetch:8
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 232.168.11.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 68.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 209.205.72.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 196.249.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.23.12.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | chromewebstore.googleapis.com | udp |
| US | 8.8.8.8:53 | chromewebstore.googleapis.com | udp |
| GB | 216.58.212.202:443 | chromewebstore.googleapis.com | tcp |
| US | 8.8.8.8:53 | 202.212.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 209.143.182.52.in-addr.arpa | udp |