Malware Analysis Report

2025-08-10 21:46

Sample ID 240526-lx6sjsfa75
Target 751a70cc90b1fc3ffc82bbd548a66612_JaffaCakes118
SHA256 78b045e462c4938a0c51cb97e6d667020bdd2519d809f4bc04bb925aa7a19fe5
Tags
score
3/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral4

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral5

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral6

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral11

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral15

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral17

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral13

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral9

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral14

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral7

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral8

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral10

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral12

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral16

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral18

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
3/10

SHA256

78b045e462c4938a0c51cb97e6d667020bdd2519d809f4bc04bb925aa7a19fe5

Threat Level: Likely benign

The file 751a70cc90b1fc3ffc82bbd548a66612_JaffaCakes118 was found to be: Likely benign.

Malicious Activity Summary


Program crash

Unsigned PE

Suspicious use of FindShellTrayWindow

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

Checks processor information in registry

Suspicious use of SendNotifyMessage

Modifies Internet Explorer settings

Enumerates system info in registry

Suspicious behavior: EnumeratesProcesses

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-05-26 09:55

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Analysis: behavioral4

Detonation Overview

Submitted

2024-05-26 09:55

Reported

2024-05-26 09:58

Platform

win10v2004-20240508-en

Max time kernel

149s

Max time network

100s

Command Line

"C:\Users\Admin\AppData\Local\Temp\CCProxy\CCProxy.exe"

Signatures

Checks processor information in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\CCProxy\CCProxy.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\CCProxy\CCProxy.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Identifier C:\Users\Admin\AppData\Local\Temp\CCProxy\CCProxy.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\CCProxy\CCProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\CCProxy\CCProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\CCProxy\CCProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\CCProxy\CCProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\CCProxy\CCProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\CCProxy\CCProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\CCProxy\CCProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\CCProxy\CCProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\CCProxy\CCProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\CCProxy\CCProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\CCProxy\CCProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\CCProxy\CCProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\CCProxy\CCProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\CCProxy\CCProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\CCProxy\CCProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\CCProxy\CCProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\CCProxy\CCProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\CCProxy\CCProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\CCProxy\CCProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\CCProxy\CCProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\CCProxy\CCProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\CCProxy\CCProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\CCProxy\CCProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\CCProxy\CCProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\CCProxy\CCProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\CCProxy\CCProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\CCProxy\CCProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\CCProxy\CCProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\CCProxy\CCProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\CCProxy\CCProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\CCProxy\CCProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\CCProxy\CCProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\CCProxy\CCProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\CCProxy\CCProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\CCProxy\CCProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\CCProxy\CCProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\CCProxy\CCProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\CCProxy\CCProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\CCProxy\CCProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\CCProxy\CCProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\CCProxy\CCProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\CCProxy\CCProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\CCProxy\CCProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\CCProxy\CCProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\CCProxy\CCProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\CCProxy\CCProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\CCProxy\CCProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\CCProxy\CCProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\CCProxy\CCProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\CCProxy\CCProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\CCProxy\CCProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\CCProxy\CCProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\CCProxy\CCProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\CCProxy\CCProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\CCProxy\CCProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\CCProxy\CCProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\CCProxy\CCProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\CCProxy\CCProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\CCProxy\CCProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\CCProxy\CCProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\CCProxy\CCProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\CCProxy\CCProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\CCProxy\CCProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\CCProxy\CCProxy.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\CCProxy\CCProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\CCProxy\CCProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\CCProxy\CCProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\CCProxy\CCProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\CCProxy\CCProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\CCProxy\CCProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\CCProxy\CCProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\CCProxy\CCProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\CCProxy\CCProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\CCProxy\CCProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\CCProxy\CCProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\CCProxy\CCProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\CCProxy\CCProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\CCProxy\CCProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\CCProxy\CCProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\CCProxy\CCProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\CCProxy\CCProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\CCProxy\CCProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\CCProxy\CCProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\CCProxy\CCProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\CCProxy\CCProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\CCProxy\CCProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\CCProxy\CCProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\CCProxy\CCProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\CCProxy\CCProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\CCProxy\CCProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\CCProxy\CCProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\CCProxy\CCProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\CCProxy\CCProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\CCProxy\CCProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\CCProxy\CCProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\CCProxy\CCProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\CCProxy\CCProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\CCProxy\CCProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\CCProxy\CCProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\CCProxy\CCProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\CCProxy\CCProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\CCProxy\CCProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\CCProxy\CCProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\CCProxy\CCProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\CCProxy\CCProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\CCProxy\CCProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\CCProxy\CCProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\CCProxy\CCProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\CCProxy\CCProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\CCProxy\CCProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\CCProxy\CCProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\CCProxy\CCProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\CCProxy\CCProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\CCProxy\CCProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\CCProxy\CCProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\CCProxy\CCProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\CCProxy\CCProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\CCProxy\CCProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\CCProxy\CCProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\CCProxy\CCProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\CCProxy\CCProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\CCProxy\CCProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\CCProxy\CCProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\CCProxy\CCProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\CCProxy\CCProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\CCProxy\CCProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\CCProxy\CCProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\CCProxy\CCProxy.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\CCProxy\CCProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\CCProxy\CCProxy.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\CCProxy\CCProxy.exe

"C:\Users\Admin\AppData\Local\Temp\CCProxy\CCProxy.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 www.yahoo.com udp
GB 87.248.114.12:80 www.yahoo.com tcp
US 8.8.8.8:53 12.114.248.87.in-addr.arpa udp
N/A 127.0.0.1:8001 tcp
N/A 127.0.0.1:8001 tcp
US 8.8.8.8:53 154.239.44.20.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 23.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 58.55.71.13.in-addr.arpa udp
US 8.8.8.8:53 157.123.68.40.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 88.156.103.20.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 30.243.111.52.in-addr.arpa udp
US 8.8.8.8:53 www.yahoo.com udp
GB 87.248.114.11:80 www.yahoo.com tcp
US 8.8.8.8:53 11.114.248.87.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
NL 23.62.61.97:443 www.bing.com tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 97.61.62.23.in-addr.arpa udp

Files

memory/212-0-0x0000000003030000-0x0000000003043000-memory.dmp

Analysis: behavioral5

Detonation Overview

Submitted

2024-05-26 09:55

Reported

2024-05-26 09:58

Platform

win7-20240221-en

Max time kernel

117s

Max time network

127s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\CCProxy\web\accinfo.htm

Signatures

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000c21c5139d660e2489a347ff9a0a76ede000000000200000000001066000000010000200000006ce2700b410e8ffd98beb2637d61c6a517ba05424a24c5083be47fa701194dbc000000000e8000000002000020000000b6c81a423e3d6f122385bed3097aaf379b2bbcca7ceb57e93499f568d0dc2f58200000000fae3eec3d69e0b6bad524d6a8ace06bbb0014c2cfa819b52cc6fd3e1c7bed3c4000000033ef9309d6f1cc86179977c5f12a0ca0297a1c33fcad3e941ee7a4b52d83082b55a932d4096a442e6b39b0e3f822548147548786aff5d5c91cac64cfb5912808 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = a057daf452afda01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000c21c5139d660e2489a347ff9a0a76ede00000000020000000000106600000001000020000000ed54e9b5857dced1116583c48f8bd8103e02990982cc98a6458ae066d1dbff2a000000000e8000000002000020000000440bebc9e7b8998c6e5846e8a8b7e0ee772ae402e21124d524297051d04f0a77900000007d462bcb36fb79e523387253272205a23fdb5dcadbac03a337ee133d86241f0455a73a71e44868364e46a977571f6d075798f7a657b8a34e675adaa01d8dd1533a60b47c4b37f3a68ef457791e145ef11b54e22e56225553e54e684df1b4dafc0c403e7eb8253cf607b69236d0af735029f6aa03f1be3e5d2e5b83360e5c4b5ffe6387c42d9cbef04396666ba209241040000000a3b748e4b2989b7442c8d80346d2e88a9c348a85b930b7f8a81d5d124e16a6372bf260fb3e4272d10598f1a3d678a7caaf2f56d11fbfb2d2b0f0cfa195723d58 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{203508F1-1B46-11EF-A38F-E61A8C993A67} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "422879215" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\CCProxy\web\accinfo.htm

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2016 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp

Files

C:\Users\Admin\AppData\Local\Temp\Cab37D5.tmp

MD5 ac05d27423a85adc1622c714f2cb6184
SHA1 b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256 c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA512 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

MD5 29f65ba8e88c063813cc50a4ea544e93
SHA1 05a7040d5c127e68c25d81cc51271ffb8bef3568
SHA256 1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184
SHA512 e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

C:\Users\Admin\AppData\Local\Temp\Tar38B7.tmp

MD5 435a9ac180383f9fa094131b173a2f7b
SHA1 76944ea657a9db94f9a4bef38f88c46ed4166983
SHA256 67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34
SHA512 1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9c5daca3b0ff5cc8d33a093130d2ff9b
SHA1 15f7b1e5a74d3ce4f998f2e14959dc0492cf2adb
SHA256 1f605e5030e122d169786878786a2f96002d54c8f107da7d7db8ae8b04e61386
SHA512 0b252460b968e17de5c0dfcd628c2a158c81789abec54373b1ad60613628d0cf22f5b63775fd6ea2bdc7d3e39a7b205f1e709618396b10cf9bf0c8233b41328d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2f9d75cc27e26f719a41a250c1679e98
SHA1 635a6a20616b492637f0fd397304049933bc3531
SHA256 f9c71329408149ed68008afcb7fd327130fd6aefece9b1062a6f26141260ff76
SHA512 1754cd9f743606ea5ee00624b8957d11eb9b24470f5af744e7d81e6dfd25621b2a16a4a6e10912f697d1eb86def39145aef244df3e699c17e33a85150423dd1f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 243e6bfcc1a48ae3905226070c2c7ee4
SHA1 823bd69057771299daf1eb9cf5339656e1c05931
SHA256 6358332c0d152ce3a891919571500e2202b5d898c1e069e2ba3f22e44658eadf
SHA512 f3f9942fa54e15aaf5be9ca43c00d3827dec719eee16b5137d4f29913be6c9c650761ef03e880f6d2cd592380806940e83d7cdcaf711b78b7209aede8a53fad3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 531b3e535a753ba718dce7d966f947bf
SHA1 3b861195a3dfd2fa88412a3eb1473f6cc7e5ffa4
SHA256 5321139f2ec56ca4a6feafc9f922455afabd146b765fadde9da682081fe365b8
SHA512 850a1bd34a983d0f92fbd14b69380297d983011b2abd4406969b110112ab106762cd2d9aeda6a7067e6bd40df3ae949cb5b49ede3f5fb603587937fb088c5eb0

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 95e404e123a50770cd92610147ba184f
SHA1 c7f0368594053e754c6c4d2e4b589fc623e7bae2
SHA256 719f01ec9226f54a0458de7f23661c4c57ecce2bc7cc3df87c662ebc7f521c1c
SHA512 440ba28b060eaf4125111d12b5814f65f700e6f1a455e1044c17780a011c32bb356f2a628ccdf2c9df803fbee083ce37ac320af194095b922fa4e20758322a2d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2cd2d3848091a33658a334f90a0f3bd2
SHA1 0af705d1a86f814cf9e99b9613d8a0ed0fbaea46
SHA256 add74d828e5434e6e61af394ff4e4ae030e1b7d31839a8433c4a97c90760f2dd
SHA512 08087257ec943e7381d68ae24c89fb020ce432d7b67642c5d4d9ac8c7b3e81f09fd9e1501687cc24060c1d54182a22b5858561a2cd89ee75181ca981b9a91cb1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 44329849dd7b79053767c41c4d45d265
SHA1 e498347703626d8cacc59c3efa80237b39fda359
SHA256 6e3b1704f9cf0567d37a695dd94c1b53ab7a8722cef5a1326814dea2e575c941
SHA512 4caa97ccc90dcb37e08e6ff35af29bd0f916f575f8e764cc00e30879c9501749317befb7c20b0e819f0fb1da7cb248ee29e2f75d74d30ce223ff7b11f9ab3ad0

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9537c21449c4b78306b01d6379732bf1
SHA1 543bec1b8dd4e57e286940d2532e8ee5f76cbac9
SHA256 9fb3753bff6adf5e6b91a7e83852f5226158cc75d152a81a0cd4bb2ff0493703
SHA512 e19f161f2b1f7be9284ff0119172680cf5c5b7f9dcf3301dd4913249c0fcddd013cf95283505c3f8322217c19421f750272f2316dfce631923af97efc9a46f1f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a55ae962e2d6747431f3881b262ac5a5
SHA1 a2dbd47a922f4287c8e923af607a998e2803eecc
SHA256 5884a672d81fdcdecd38662dd5a570d0173f1d1cc98b51777e278e8193ca2194
SHA512 4353beb0976bf7f8bf861fd0733687e50a784abd5e6a23dda7b7aa4522dad0d038f7318ddfc9569fb76476ebad22e43198ba1cf7c52fa5aeddc0ffa0fbb4d825

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c354b2ed2ed4eb922c4e84c881395152
SHA1 31cec67353695674e943dd5f6a7fc9fa6cae1e91
SHA256 5320831c9f650dad0dcfcdeffdbb7888da1b320b12b518deabe0a93091537ac6
SHA512 150ca9b2aea703f659cbc2470d73f66d2f28cb6c2e5ece6941054906e147a5e1fa8ff7d817eed19a4c2f84b129d691cd0867b7ae86132d38f38223aeffb4c130

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3946ff756943f516ec34da01cb38bde2
SHA1 3bbfb89edc93354d7e3848a21b19fef538850de5
SHA256 712717a296dfbd2de84a3b013e58a25d5ba52ff66ffee778190ed5c2795ab74f
SHA512 685a0db45984f1f9e9e9c8199763c2a1b8a7ad807df7b30fdb5782eb97e0019bad6b261980ef47f0d625db281df8215033c02f0d6879029ac0bf74974374c037

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d53dbf4108ef3c65d100bbe84e88d270
SHA1 48a9003e17b7c820a79fbc1cd7af384e47bc0a8e
SHA256 fd4dfafb2beeaf0b3e4413b3d0b2ba0b1d59ba6fa1aecb8a97f57d2bf580c037
SHA512 d1f370810ee0702e212ffdadd7561345f7a7e3354f83d4aff1c75a1f9aa21f23356baee3d5ba4a1bef779fe36c6a43677cceea200326f4bd269b5382d0eb5c01

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 82e4bcaec7fc2a651903c28b5af4ce35
SHA1 2356f02ee9cbee540bdee2f8670d8b62fe3ea7f9
SHA256 6792d178fc2c57940693e790bc3aadfb1823b68894e79e99c76f6c375a62769f
SHA512 5aa56ee491bdec1b7cb71f499bcaf0cbc631f609651aa24589a8e1b08d7e5834fc7664b02c8ec021705f3ee14f783b8a7ee78a6ac9213609c2e96bd6f28acf39

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d1ddea5a40126f5215ccc46d47a12b7e
SHA1 25a7d198348fbfe9fea7532ee32025029cfb69b7
SHA256 90518fc23b2e3254cd984d9053abb299557b606fa33b21da8e827bb1ebcbc7b9
SHA512 1113e2dc422bc92c4d51d0fd4bb02bb6194ac21e67efcfdfad3327ac91b22bbc25390561c500899b3daf9a10ef5ee8d2f3c8387553d1f3217b58707a35e03736

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6be21b752c577c292d0f1f8d4db7bbe6
SHA1 9219301c408014d74f1be8ad0243fee4fc8d23db
SHA256 d7da3cf15cb9d91c99a02570fe5fb519247bfd8bef522288df8bcbaf443a56a1
SHA512 5bbe66c5670e1a31465827e931fb9eea8c1751305542380938ff7d9bd4ead4b0f95767c5da08a904d77d55b73a6d73b7ff707ae80ab9a569906d84a6e578be94

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d0771a826ab4d577d50cea6c81813e49
SHA1 023169fbf3770c4c0cafc30d41a88efa37959c36
SHA256 2407936bc5f6869c5301ead489197e7e15eaba3e10bd6412b176eb9062fa2398
SHA512 fa8d1a3dc120fe94eac7ab89e09348ca6916a9ac9733a980d7c8aa641717047a53b45e820a5adee0f193fa1484510e8b5016c4b93e630d58a1f72a272fa0e8c3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c7485511c8a2f2a956de2e84dc2db0a1
SHA1 e38f26c110893c1d58098d790c5630f93a443a93
SHA256 3bb3456308de6c17099a21f2e83ea0e416c536233d3f78bca805f025b75ba88d
SHA512 e2adc7319ca4680854a30af57daba8dc9120ed4d934953112ebdd9bf353b83af9b1fe768b9df1d31ea62fdaec23427e3ed822253cd3a13917526a2b21f0b610f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8cc3e44736c83e2426f9aef106972645
SHA1 b031c98b6c62a7e60779b2cb9654312a77908a35
SHA256 05b31dff5705a9b9e4f57274b65d10e3d91baacb4a998664476b438547f67563
SHA512 0ce04b6ac39ae61222370b08794c9fe69fa1de9d3ad0d7385400ab4cabcc392c09613ac8c781269d74fd02258c68584d297d48a38483389a0905c44edea599c9

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a382b96b21c46d666056f3e4abec98a6
SHA1 a3a340dd7097e5dfa05fc70e24a8a439286b9691
SHA256 5a645af9a93faf96fbca5bce43caea5d4d834244b3581ee41ea7a978d458a44d
SHA512 c97b5cd2dcc6e492e3710b6d3cb980e97173a562b19917904aa83f39ca36637a24bfcd4992b0769fee0131af821f66e7299a0cfff799e7b30ee7bf9cd3bd9c6a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9b0d50580c50b9d7bfc974bc7aa0149c
SHA1 c31f683cda70de07d37df444665feba76931c0f7
SHA256 cd9bde0c4d026c633454559ccfc2f0745c6081505e90edca685e078165de38b8
SHA512 e910dfb3b482dbfcb1bd51dbb80742a2b1268c1465f7a97bc59e0deca1a72008341c5b2dcb1f647b840c58b5679db272da878bb80d32f8a10470efdf1befeae7

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4810314a8e48af94f1cb0fd5d73ea1b8
SHA1 bf1c88f01b63c45fe4e17b030a20c6be3c5b045c
SHA256 617aab13f16930aaf1df19ddc5277f59639579e70588171331f16bd0855a20aa
SHA512 211c52d3ce021be2665c78ab3ed989890e2b9215664343fea5dbdc7d750223e795b87a3fe61f504871214960e6361a239468dbcee2564f7ad3f5d85f1c199880

Analysis: behavioral6

Detonation Overview

Submitted

2024-05-26 09:55

Reported

2024-05-26 09:58

Platform

win10v2004-20240508-en

Max time kernel

133s

Max time network

137s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\CCProxy\web\accinfo.htm

Signatures

N/A

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\CCProxy\web\accinfo.htm

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=16 --field-trial-handle=4064,i,15142778360084620907,1763097090506261076,262144 --variations-seed-version --mojo-platform-channel-handle=3992 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=15 --field-trial-handle=3632,i,15142778360084620907,1763097090506261076,262144 --variations-seed-version --mojo-platform-channel-handle=4816 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --field-trial-handle=4784,i,15142778360084620907,1763097090506261076,262144 --variations-seed-version --mojo-platform-channel-handle=5296 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=5364,i,15142778360084620907,1763097090506261076,262144 --variations-seed-version --mojo-platform-channel-handle=5320 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --no-appcompat-clear --field-trial-handle=5452,i,15142778360084620907,1763097090506261076,262144 --variations-seed-version --mojo-platform-channel-handle=5564 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --field-trial-handle=5888,i,15142778360084620907,1763097090506261076,262144 --variations-seed-version --mojo-platform-channel-handle=5912 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --no-appcompat-clear --field-trial-handle=5824,i,15142778360084620907,1763097090506261076,262144 --variations-seed-version --mojo-platform-channel-handle=5668 /prefetch:8

Network

Country Destination Domain Proto
US 8.8.8.8:53 api.edgeoffer.microsoft.com udp
US 8.8.8.8:53 api.edgeoffer.microsoft.com udp
IE 94.245.104.56:443 api.edgeoffer.microsoft.com tcp
US 8.8.8.8:53 business.bing.com udp
US 8.8.8.8:53 business.bing.com udp
US 13.107.6.158:443 business.bing.com tcp
US 8.8.8.8:53 bzib.nelreports.net udp
US 8.8.8.8:53 bzib.nelreports.net udp
US 2.17.251.21:443 bzib.nelreports.net tcp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
BE 2.21.17.194:443 www.microsoft.com tcp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
GB 51.140.242.104:443 nav-edge.smartscreen.microsoft.com tcp
GB 51.140.242.104:443 nav-edge.smartscreen.microsoft.com tcp
GB 51.140.242.104:443 nav-edge.smartscreen.microsoft.com tcp
US 8.8.8.8:53 www.microsoft.com udp
GB 51.140.242.104:443 nav-edge.smartscreen.microsoft.com tcp
US 8.8.8.8:53 56.104.245.94.in-addr.arpa udp
US 8.8.8.8:53 164.189.21.2.in-addr.arpa udp
US 8.8.8.8:53 154.239.44.20.in-addr.arpa udp
US 8.8.8.8:53 71.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 194.17.21.2.in-addr.arpa udp
US 8.8.8.8:53 21.251.17.2.in-addr.arpa udp
US 8.8.8.8:53 edgestatic.azureedge.net udp
US 8.8.8.8:53 edgestatic.azureedge.net udp
US 8.8.8.8:53 c.s-microsoft.com udp
US 8.8.8.8:53 c.s-microsoft.com udp
US 13.107.246.64:443 edgestatic.azureedge.net tcp
US 13.107.246.64:443 edgestatic.azureedge.net tcp
US 13.107.246.64:443 edgestatic.azureedge.net tcp
US 8.8.8.8:53 wcpstatic.microsoft.com udp
US 8.8.8.8:53 wcpstatic.microsoft.com udp
US 13.107.246.64:443 wcpstatic.microsoft.com tcp
US 13.107.246.64:443 wcpstatic.microsoft.com tcp
N/A 224.0.0.251:5353 udp
NL 23.62.61.194:443 www.bing.com tcp
US 8.8.8.8:53 55.36.223.20.in-addr.arpa udp
US 8.8.8.8:53 194.61.62.23.in-addr.arpa udp
NL 23.62.61.194:443 www.bing.com tcp
US 8.8.8.8:53 26.165.165.52.in-addr.arpa udp
US 8.8.8.8:53 18.31.95.13.in-addr.arpa udp
US 8.8.8.8:53 13.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 26.35.223.20.in-addr.arpa udp
NL 23.62.61.194:443 www.bing.com tcp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 200.197.79.204.in-addr.arpa udp

Files

N/A

Analysis: behavioral11

Detonation Overview

Submitted

2024-05-26 09:55

Reported

2024-05-26 09:58

Platform

win7-20240221-en

Max time kernel

135s

Max time network

133s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\CCProxy\web\en_acclistadmin.htm

Signatures

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "422879219" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000b59599e622874d478d17e9efef7fee0b000000000200000000001066000000010000200000005680c80fd4290e220f936a9d089cb96e70f22fd14cc4644a187835f539e0d92b000000000e80000000020000200000006e8fc0472eb948b3d1ecc9e73dcb5afdb827df136215ab234747c90fab76d285200000008a7b4028dbb48fbf6fc2946845fc3cf96000fe5708a16c39364d18818944df8b40000000ccd1441780218e16efebf3c77d7e5cc1f70e8232bf17ae8b3f01d8630365ee81c294574068f6d349cd59bdf65e53b5b970278da3f074cfae0bd35686e2d7e0e4 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{21C62871-1B46-11EF-8706-CEEE273A2359} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 402daef652afda01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000b59599e622874d478d17e9efef7fee0b000000000200000000001066000000010000200000000c0159809e28be89ec15a5770ef0cd1d3a12da923cf511a0b3f83ba70e45863e000000000e8000000002000020000000452f008fc35c445098696b0f7981e562f058e44cb99ced49a31dec5feafe84b090000000740bdc58822fd0ec1cb5616baceb34af264d3ddeeaee6bc6448bc4725f587f2f858a0b0e71fddf91df03fd85b42f100cc170f8cff8db33beeac211bfadfcacce23ed5fbdb919ed9fe0bf12a8feda6ceab60e59eaccbd885aeda6ec224c991078fd67bca3b37d73cb23dc82d17f0414581bc7ddf2aadada3c69f5a2c216672f2cd9e4154cec0f8f95842415b8835373fd400000003c288d22de64e6addfc573b19fe6bd388982eab31e5184f638afe66906f228993c5a560f11b12c35e66821b2a88a8624039efaaf22b1bbe43337be68f4088faa C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\CCProxy\web\en_acclistadmin.htm

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2032 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp

Files

C:\Users\Admin\AppData\Local\Temp\Cab9198.tmp

MD5 ac05d27423a85adc1622c714f2cb6184
SHA1 b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256 c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA512 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

MD5 29f65ba8e88c063813cc50a4ea544e93
SHA1 05a7040d5c127e68c25d81cc51271ffb8bef3568
SHA256 1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184
SHA512 e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

C:\Users\Admin\AppData\Local\Temp\Tar9306.tmp

MD5 435a9ac180383f9fa094131b173a2f7b
SHA1 76944ea657a9db94f9a4bef38f88c46ed4166983
SHA256 67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34
SHA512 1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 024faab662c60f70e2c4d5c38885a593
SHA1 51250480ca4cb26559204f00487d46769431cc17
SHA256 2d92c29e315d1017d9389a9e68de8a5fff94a99f6f8ac04097ce8913b4334049
SHA512 725dbeab94f240cd78e048c840e5b3438d4e4fd0b8cb805cfaf72a2800068a9c998faf87a48742ccd150facefbbd1f98f17b9dc191ddcb4aa333ef226197935e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7b4321c784d5557508491e7148e2afec
SHA1 c86154d21e6b24f9b178ccd8da3bdfbf4099b41e
SHA256 c43bbccc0e2d49dde92e465f9ac7483e66fca378e5b39a1f6e7636a90373f927
SHA512 e4692b66a9ddc3175a9b4c086c18f85e58eff393b03d14460dad253b55888d74047c2fe6bb4b9b94e00196e5973a90893835399f21f7c990bad29b2ebab1da27

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 27e0de984e7ec6fa9aa99f45bb8987ea
SHA1 8f816446c0d35c2f94d1d0e50b3c57aa9bd42d5f
SHA256 ad0c32ffa034c45767040fe0d23695d61877e3875fb6b4c86b87fd389021e90e
SHA512 f6a5e3c882e2cbb048fca627bdce9346b7511e1e91256c3904fb9b3e5e0bb309d6fe0428b7cbe21a31c57bcc9aace4ea430c6b189503e1db301ee75b82e9766c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 333030b55e89709b9baeddcc6ec6ddef
SHA1 f03b81f684d7971c75b044be7bc2fd622ed7b4ba
SHA256 53593b77dd4b0cdc624a1c142e419bd816d7ee5130f23314e6e5d1636824a19e
SHA512 4c9c48b265ec9ad7e210b4e7e22c894dd7ed4750a41de8de42a6646f59bf0c2d50190a906700ee034aee44e3803f676cf7e3342c50cca69918f769e125134c15

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ac2aba1fdd0b04e2b16c0d7a01a6af52
SHA1 ef9e050469464c9188abdb1a209f942e5c41caa8
SHA256 8f52fcd11d4100d6eabe4ae1af279d5a37cf0ea6644b313a47ceb311fea5982a
SHA512 72a30831cd69289c2ebfa4109bcce3f60ed0ffab33b1d8b9101a0211fe2e1b3ad99d77b2f2186c4b4167b2e8972302768a23c0b0d2fd00c6e2fb9bb904f44cd0

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b2991f6f4c8a1710b5eaff75ea0d81cb
SHA1 ac72d2e7fe8c2adf9fc81dc03bc2c58e02eaf449
SHA256 73b39f42310ee2911f350199d9ad271e39aa64d2bca1b970e506ac4894cc40b7
SHA512 809ef151e8ecf720cb66a29d9457418297938ee9076ef15225a0b97418ba8dd3cfbb125a28f5a3e4244bc872875bc48f2ae4eb2218b76c5c20fd7db9ddca9d0a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5e09ccb641e8f07cc1f906ee039c9b0c
SHA1 b1df7e7fd528be7488554159766880278231a600
SHA256 8ed53c53b3740caff1732abf3d12606b6baae7bf3342127bcd917f0d572ea76c
SHA512 cf860ccc021e04772ed4cb89fdc463d6b9aaa6fdb6a788cb7ce81b3ecfb76d3baa6aa4d0761565f088d590367eea049a92eeb53714a4419bf6d29c77d5f91ca3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9afd7bb508638df7fc45bb26ca6e7426
SHA1 fb8b28a4104c169525009f604e57962a02d07ee3
SHA256 e0077c2795c353cb7fcefa2479c9067e3ba5485a078bb30b0fbaa5e1540647f4
SHA512 59e8007076707a8bf0eece1bda9a219216c5a517554c77825dac02fe74951bd39ae71e3e03fd92bac8f13f15938b75a9f04cea4de89aad91eb61e7a489606f62

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e3573a2587c63055bc3a5db6ad2c02dd
SHA1 18fdf6fdb05a8505fe6d3fbebc83d1b7f897390d
SHA256 e55c8154b1d650e564b443895df2892d3e7cf4c68e4edd1cb543e465d7b9a667
SHA512 ecf822d0438be51f50ce65fe9cbda6ce7e707c40bea7292303d1ab715c2368bcb37eca59c6368158feedd6c04d8dce14dc9f824048ad38f1822cc98a6b187496

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b82640deb106c884a7b0a61ef615fddb
SHA1 22125c2d6437e18c4daa186e2ccf0e92717cf3a4
SHA256 e4745e4eefa08a6d846d44b3b51d745062532c1f6053cc6a32afe97c68a82d78
SHA512 c96923b7e608e8380827132beb9fef40de42a88b15687b925edd1e32c88e3119b97d130bfb6ce2be2e8f589f3844c41e5f133356e1aeab13ea4479c00b1bf18c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 35944383ff934b03ab167ebe5a2fc077
SHA1 655539dffa55d4751ccdcf118169fff5b13bcfd2
SHA256 27c99ea5eabeb5796e2a3f205c791cb25a3acd8db423e3b69548dec1ca59db9b
SHA512 7176996f814cbf4e68ce67e26e08ad7e4d324b3918ad8ba3d4e2c78ca7725bb9b918172cc38c7c1062c5953872a8ee08a27cd097b33ea906b4cff82bd6f0284c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 14dd93ec8995bddcf4fec611fef2d177
SHA1 6c6e0d9f1486b69582cc219ec624f31d75681790
SHA256 a58c789ed5f7de164856fbbe37366f16c481e0e827bbae407cad7c68a52500de
SHA512 06aaf5c8bafb068ede841724ff96307144973dbd063acdbcacd0eb7ae7c493c1cf8912752eda2f36379de0e1f6d7401e321e8342a4238cde952f3d024c107575

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7bb834836df15089404876448c1aeb02
SHA1 22a6f1025beee194f3b95eb77de793bac2c211a1
SHA256 a9912c4994808f43665f1c918b6a01a501cfb1581345aebaedcb8413ba99746a
SHA512 0c71a25ed94ffe4a1634ca183acf1131aa9a919af1f8984014fe42617c8c9223e26e7a15e7f5df9095456a62ad4f00746effe378405b41d69a29c0833184f6ed

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 defadad2a34e3c63aa4b3979c77d9048
SHA1 ce5c11f908e2311c92e2101cb6146fa69014c74d
SHA256 6a841b3376d995f6373eaaea8112085ceb4889ab8dd6afa1b8a35741e173cf1d
SHA512 524a8bc040e394287c4f19ea014ba0bbd91eab028dfae5e2aeb373f26bc290c78d02e3105887a7f45397ad546d55c88e9ef626ccd3b7687277925a154a081ed1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5e8e8c666e8d6328ce1246cd3a39f505
SHA1 c8d962ccd15b1f9667b422e76f38bff8c98fe925
SHA256 f41612afae2883b831fec4a016d1e30e567efe6ff32cba7ab6402a939fffcb9b
SHA512 9915b057fb71396527b9cce6a6366004606c97a8313bc2c601c162dd31935b5cc077eeb7783df165e3e856c71e9e82e367795cbe7f54288751cf30c470033066

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e6fa8a1a64fc1e0a3bc5d72ad8a50a4d
SHA1 73904be1dbe0f24a1623c79ab81103390521b81a
SHA256 6cbc2e40f7ca7b3f206c374782031e6acf74d8c39182e8830175f555a0665566
SHA512 fbb607b36446253f26e5a90826352ef48d501f7441adb2692983d703acd23dc03656e80bba0665c39d8042a0b2fa976ef1c6ca7d452343c2ee71a2595207cc79

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e62a5422145963e85046a9dda398a97e
SHA1 18d51189356f0226cc7e9df60f034de186024826
SHA256 b860742936a6082cf8e3228135ca162fdf0d7742b32a91fab76cdbc622aa8201
SHA512 af9b53a1b014d8afc2f7f6fd7cae4e2121180532422b449eff409b985322593aae2f176021615fe0beb179f780f7f81264afe4702d672fd781f9c495e07347c0

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8c5f9505f2a7071f2fd40c8d47df8367
SHA1 b435e331383f2c556cea12c38d7eb8b6e7aa0c61
SHA256 2e0b32deff682344c05dd48ee67ad5f15e02543c5fe16c54f70f27c8c3de543e
SHA512 75ba9cc802ad02f09d3e7334f4d22cdc7c74ad78ce8f1e9267fbdff00bb892c56580c8716961ad2314b87eb5572f3853a80f90e4e6fe8a60acc0fe10259e4875

Analysis: behavioral15

Detonation Overview

Submitted

2024-05-26 09:55

Reported

2024-05-26 09:58

Platform

win7-20240215-en

Max time kernel

120s

Max time network

121s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\CCProxy\zlib1.dll,#1

Signatures

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\CCProxy\zlib1.dll,#1

C:\Windows\SysWOW64\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\CCProxy\zlib1.dll,#1

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 2804 -s 224

Network

N/A

Files

N/A

Analysis: behavioral17

Detonation Overview

Submitted

2024-05-26 09:55

Reported

2024-05-26 09:58

Platform

win7-20240221-en

Max time kernel

117s

Max time network

117s

Command Line

"C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL C:\Users\Admin\AppData\Local\Temp\易网时代绿软基地.url

Signatures

N/A

Processes

C:\Windows\System32\rundll32.exe

"C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL C:\Users\Admin\AppData\Local\Temp\易网时代绿软基地.url

Network

N/A

Files

memory/1964-0-0x0000000001EA0000-0x0000000001EA1000-memory.dmp

Analysis: behavioral13

Detonation Overview

Submitted

2024-05-26 09:55

Reported

2024-05-26 09:58

Platform

win7-20240220-en

Max time kernel

132s

Max time network

127s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\CCProxy\web\en_acclistuser.htm

Signatures

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "422879215" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000008ed0aa7a916d3b4797b7acc6442368af00000000020000000000106600000001000020000000d1d43724d6c97fa3030bf0cb273195c5b63ad034dff7001cb540a0f8923190ce000000000e8000000002000020000000c0caef446453dceef607f220c6882791545655adfa5c95a94a72d90fe314801220000000c65ef6929c9b45f641374fb3fe8b16d15515a13ee443d3396339a0f4db40b07040000000c726bbbcdbda21e1aac442e582af62ba0fc8dd40e167d2cad975b8901efc0d4ca4ccc955d2f78f5bcb9061cac5eb02fd6c64f08dfb9b053b308ff26037a0f722 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{2028B4B1-1B46-11EF-BB01-66D147C423DC} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = f03fc0f452afda01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000008ed0aa7a916d3b4797b7acc6442368af00000000020000000000106600000001000020000000e1387ad2511ca123d83f974844f8650895a4416ef135851ac7b7fe4a18f06a9a000000000e800000000200002000000076e37f89d9d15d0584fec9bee92ec42299bacacfa3a73d9c6a4b8db433507f6590000000d18766b6aed43ee9408cea995df310fc4e5f0d67a0f6b5db46fd3ca9c49435ebc647aa82b2d4a4ade37234afc6c18abde851710270e7e60e7902e0944a0a614b81482349c13890bc0e30221acb6d7ac7fc19be65cbc556d8995423795de50ec6a83a0cf9795e74725ad0c3e031016aa6d672cc48833126c9ba770ce96bd5685a8b3f8489050b054397682c859706012640000000f924f49530d1edf032a2a7125cc3168f6de22a5790192b71ae90ec1414c02c7b0e880d75b62e4eb77c57057c36bb8156c90c5a1274eac768da92a432daaea675 C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\CCProxy\web\en_acclistuser.htm

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1732 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp

Files

C:\Users\Admin\AppData\Local\Temp\Cab2963.tmp

MD5 ac05d27423a85adc1622c714f2cb6184
SHA1 b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256 c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA512 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

MD5 29f65ba8e88c063813cc50a4ea544e93
SHA1 05a7040d5c127e68c25d81cc51271ffb8bef3568
SHA256 1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184
SHA512 e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

C:\Users\Admin\AppData\Local\Temp\Tar2A36.tmp

MD5 435a9ac180383f9fa094131b173a2f7b
SHA1 76944ea657a9db94f9a4bef38f88c46ed4166983
SHA256 67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34
SHA512 1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b9022ca4345ba7544c7ee400b4eb3b80
SHA1 c1a3a8bfd8f54395c8d0ea2a7dc1073ce2b30d22
SHA256 1816173fe04f49b444395eb6a89eae0222b7c3a711d0e918d843663b9ec95ba3
SHA512 062fa76b4c75c480e04fbb884bbcaac0f2e46b84521e256ff33b8910d1c430e8e79c08a07fd94844288e63a18554946c9d8b5c45c667aaa3506cd21801e62e26

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a61f4c81e2b92f60377aa86a2def8b7d
SHA1 9aec9400dd216f1d59f81b743233dcea3edd1433
SHA256 f9ab54d4b7971a649a5248321c0003c554216a938bcb46b57ef59042a1e458b1
SHA512 31fec13673d95e5335448aaca28f882f0b6080fbc9fc8d3c72ce4229b3f5882b8afefcee3cd98a67962dead97e03710ad7957831e6a4ea6486bbc6049a5ef567

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5898b437d5413e51973471a90a248ee9
SHA1 6f5bc6d2e9181cb0a84c130f55a4dca1a20634bd
SHA256 47be5f79db4c72f51ee6a09dafb7c918ff0e2955fab3399d0bc1d93e22d6b976
SHA512 c6e7a9c61658f6c6e81b2e654498347c79d3c00b31aa92839ad2df13ab03942ae2d0968ff083cc6341a3fbbf1dc5a8d7e7e99ccb04b23777d27832cdb202b9cd

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c50d1f7fef6e2a81a2f08bba134109c2
SHA1 0d39e88f55ef5c605f4ea53b6a4d466982137a4e
SHA256 8c11068fe563f491945ce7500b31e2ec112729ec99ade5bf2efe1abf0e4875cb
SHA512 62b92cc106ed95aa861762f6a00222333448da2f0e987724531606b8d6484a493d22cd21748e6cbef5811e5f464dcc2eb3e5d00c6d08be3011d2d8d4f500db0e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1b4061f5868e7a1f634dbe82f1eb6b7d
SHA1 0d7ad940d6434164a647fc2973e45e9e3781fdb5
SHA256 3ca79843e208fa1821f77ae176a60ae28b79a7498a07150a60f3b62df9bc47d1
SHA512 843fb15f84161d3ca025c91ff5d16b293a54eeb87ba823730e0df5c16f432420fde55c54ecbc8b3e3be4a75006e9ad415c10aebd34056b3a995b30d529643e53

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a8d793d8c138ff806cddd0cdd80ef090
SHA1 86433f2840fad42ebca86e6dbff684357e717d7b
SHA256 89dcf10d2c6fcc56621544fa1ad998ba4ba8df9770c5a4054a56155d64ec7655
SHA512 4af28a8c6a307ec39a583b70e03222fed70d6fbd51ff30bad36dfb94e43f939480b75d74e21afc11d03234a0fc344bc0c3858c4d3c96816c20e471fff7bd3b6f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 cddfd3c570259d2ca131f5c03d661711
SHA1 844c548f344b69d988cdc1f2b1887ff12d7553fa
SHA256 281c26ab45f697a1c8f9d004781f4609ee3eae34014bc39d9e44c338d110e254
SHA512 f9577e2fd5f367eb0abdb6c6724f91d9e68b2416d73d74e434df9881e03b237ea5d293a8555d1b315f9d828d0f21de1f8e0b6ae3fb5fe331c4fb8eccbb112b59

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 72f787863f17732e051ff0883c210663
SHA1 9ef6c3104f4c0e7e20c5a79052c46e09aa72cb45
SHA256 209459d97f55e667c70855240d16063f4859c791a78182aa127ea4d1786574ab
SHA512 e5e7fb593ef484f07769ede210aa06b425fb85b4c9d708aa376b96448d1d51325b345e34414d8ee67743e68764d33841be85fba8feb999467327b5ab11b70d90

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 136b988fa3ca893f01726789c70a0c96
SHA1 cf9c4773e7c6f50e5dc14378276145ec75730710
SHA256 0f6d8437f2875ccc90bd268abeb19e7be40d844604a721b39c5bc94cc7e48370
SHA512 49a0c1002a4c32fb84937fc30ec928d10adc811de80cd79920d9c43068813d595b551c3cdb76898399bebb11dba8c412928637ba04ee4c56c598340ae4cf6f22

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5a4f690b644b8e9d45ae37e511dd8fc9
SHA1 d8e0aa4d32ad9fba2814836e4b068dec5993d560
SHA256 8b2fee2c1d722b42f97f81687e3666af9a1f8e56155922f9f8fa5cfd8f4c0784
SHA512 d477a7e1f202fe6098012ad28a2d84ef6bbf78378eff7851ec38820d7072a8885dd0efd90c97cc184f90aefb42d617c4a952d3fe21796d140c2f17405c6d5de9

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 654dff5b4eaaec096378dc51f63dd2a1
SHA1 03cc499070c630f643842931076fd20da754d6af
SHA256 0f33f9a13d3e02346e0ab44e83e623598092cc46d3a3c71e9b613d87c481b015
SHA512 9f132f7780af84f3e9d8b379873fa775ca4af21ad0fff34f7b2841880ae0d2c0d228a91471f06a97f290ae2d4d303be9bebc97ffa40a79384ba7aecc5f18d718

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ab7bf968bcc0fb1ccf8fbbb80814d572
SHA1 54a9d4de28c8d0d8a5bf676414ed5cf927819a3a
SHA256 df4c68cb9bc1bdbfc6a848bde876277a6500071901277cf5ae281fc5590bd117
SHA512 9e256f3db272e5cdd2c1e92bc3f22cf4c939dfe74caed90b619e70836dc3c0e762468fd696d3d9a6820a9f0341f0903ab84c02402ff754fb2a14214e29adece3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 17268d06994015e0f5adbf52ed709229
SHA1 2d7152908dc5ca806cdb3f4dbacc894865c5cab7
SHA256 88a4f4d6593aafbc33ab0fd137a7acb17e3bea4e846c6ad12f53f81283d27e42
SHA512 ed9f91e99d455e27e15cbc0b48242f7a2054a34b7a1bb2ea929f0e1a05bdccee6ee2211df70015984cbd6188763daae7e4b58bda24ed659fe985723f3817832b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c0800f7617d659e39b8e9d8f02e444b3
SHA1 a42f672dd7065279271edf6d53c2b04717c34c30
SHA256 e72427e9749d5d902723898e35a50ea2433de77773078568f3098f25addcbe24
SHA512 20a99863f8a03e8ad05c0b3056721fc74e63381d3515f2d9315c9018a48dea10f9a35610eeb0b0e70577513f9a8418aabc7efc33d42ee55f932ccf446efa28b6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 38b6fed6ccdd99e01ce0a027c79d68b4
SHA1 76654f0f4c04a33498f8edcc4822eaad8b91e458
SHA256 263b7db7cdc90b50c9c7362db352a5ff1966af161690e0d3a062caea6bb5cc66
SHA512 8105d6c121f7eca2800bb1305970df8f3660252520c2880a80260e4069bb4b21995f0c1ab4be41933cdac431972ebc2092921612662784148fb50b4f69ffacbb

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 fcecf8c59d46857302f8539fa3d31bb8
SHA1 ad99b195017fad8c6f841abd1c6b5dc042836821
SHA256 ead339b4075bbd23f40d78ee0293297ec8a34d94a68464c1c5cbd68a7b5bedcd
SHA512 79843af1bbcef346107759ecbda0d02ad6a43ec36d8fa39f65993fff684a55de6838271f426028cd4031af533b006457705ec8de571a37a2a09783004e9a41c4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f7e37ec661f6b6429e6aa6571655d93f
SHA1 2f8ef01b33da0f6c56b8edcaa10cd8727c9193ac
SHA256 3ea455c804e7eb0be70644c0d210112c04846a474be16c2f21ff7924529b2d25
SHA512 26357a0a986a684fea10bbe41c8883edb02b7c87b405b229c24a1fff5674ee34e10e4ca78e04bcb32d246b867e1ca64be85c47505f8eac394864812c6c889cb5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 458e236f77f8e67bf3153560f03c32bd
SHA1 e4d1a2a681f1b338c52b6dc1f292409cd99e8d5c
SHA256 85392bd505de7c1ee47fb9a80ca72b17abd3b1fd49946500e86d7e23de6086d3
SHA512 89004a1f3d1a4b18d6e12b856e4679682a181473a940b97c07bf3707f196f14ec7e6a4502d4783debd150bc0e134452ba632a27d4ce261623ad588131c765965

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 85f69b392ff7889fb5ffaf7b6215b874
SHA1 c191eb1467c18363ca332ea8872477ad541df49c
SHA256 e1985179cf4648c5e5e66638f2492a12c1240f756546230421c4349b4a5d8040
SHA512 3d37027d6fe3ab6e7b521c351fedc5d5aebf0ac33efc90ca33c87c17c91f9a6ebc7f40ee5062826f46e90c297736767c60e368a8a6f908cb1a3225abad9ec6a8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a2821bb6e84f00afd56ae5a132730406
SHA1 715e9b8ce10dfaf2752b7ca5e4147b5e0630629d
SHA256 0d525c3ac4f3563d70207ee091b5ad174f466544d2211e3fd8056d02e95524ee
SHA512 4e77269587986a55320a9247003fd5907fc681cb8e21bcdec69a671a2ff4030948f490b90f02968c8edd5d6a64d8f67ee6a6340059324e83dd2a0dfff40a87b9

Analysis: behavioral1

Detonation Overview

Submitted

2024-05-26 09:55

Reported

2024-05-26 09:58

Platform

win7-20240508-en

Max time kernel

121s

Max time network

122s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\CCProxy\CCProxy.dll,#1

Signatures

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\CCProxy\CCProxy.dll,#1

C:\Windows\SysWOW64\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\CCProxy\CCProxy.dll,#1

C:\Windows\SysWOW64\rundll32.exe

"C:\Windows\SysWOW64\rundll32.exe" -service

Network

N/A

Files

memory/1712-0-0x0000000000130000-0x0000000000143000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-05-26 09:55

Reported

2024-05-26 09:58

Platform

win10v2004-20240508-en

Max time kernel

148s

Max time network

152s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\CCProxy\CCProxy.dll,#1

Signatures

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1732 wrote to memory of 4856 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe
PID 1732 wrote to memory of 4856 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe
PID 1732 wrote to memory of 4856 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\CCProxy\CCProxy.dll,#1

C:\Windows\SysWOW64\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\CCProxy\CCProxy.dll,#1

C:\Windows\SysWOW64\rundll32.exe

"C:\Windows\SysWOW64\rundll32.exe" -service

Network

Country Destination Domain Proto
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.237:443 g.bing.com tcp
US 8.8.8.8:53 154.239.44.20.in-addr.arpa udp
US 8.8.8.8:53 237.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
NL 23.62.61.97:443 www.bing.com tcp
US 8.8.8.8:53 73.31.126.40.in-addr.arpa udp
US 8.8.8.8:53 58.55.71.13.in-addr.arpa udp
US 8.8.8.8:53 97.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 183.59.114.20.in-addr.arpa udp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
US 8.8.8.8:53 91.90.14.23.in-addr.arpa udp
US 8.8.8.8:53 23.236.111.52.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 205.47.74.20.in-addr.arpa udp
US 8.8.8.8:53 200.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 226.162.46.104.in-addr.arpa udp

Files

memory/4856-0-0x00000000003E0000-0x00000000003F3000-memory.dmp

Analysis: behavioral9

Detonation Overview

Submitted

2024-05-26 09:55

Reported

2024-05-26 09:58

Platform

win7-20231129-en

Max time kernel

117s

Max time network

127s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\CCProxy\web\cn_acclistuser.htm

Signatures

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000006ed07ab84e8c458ed932723a98f98300000000020000000000106600000001000020000000d331078212409dba121cad9c27fbdd4b281128fb3bbf86ac90acaa9ea757f0cd000000000e800000000200002000000064b275c2cb86550dd11a88e1cb0e7f6512e92902aa3977b824ac549639e2752e90000000704885e08440004856ff5ffb9a08a52585b481d46b50cf011f4ae3cad92f1530190ecf1f8726b5144b7298c7382f5a32427a48e0a297a3aa43116f3b52d423ac685ac674505db37a39ab6591078c850e90d110a78b399922b7633ba84ffbf6b5b3c8389aa1b17809d8a358bbe08e1db7b48d3d680250007bfa392860c369c5d35ade56026327bfaea8e52a9f682164be4000000038bfd14d628320e7125a88e6266476b0b503f9aa5514257e94f368a4cce3583a4e5ad940fd9258c2f260e92deafb21a486ef1a5bf4c7ff89efeb444ac4ad20e3 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{1F9F1A21-1B46-11EF-8A74-66F723737CE2} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000006ed07ab84e8c458ed932723a98f98300000000020000000000106600000001000020000000bf69316faaa17711c81a63bba9a533e737462e131a7b1fe4a3b7e93dfb0213c0000000000e8000000002000020000000ea6632d591bb419f0935b402f446829758698b3275b5f2dec655ddafafee35d720000000576fad86b2bc6dff5be8bb32cd9ffe664e5cfdaa55d43d84e729b2e4abec76c34000000050aab22777d8ce3a2c0919490a29b7ad1dd263b583032a9d94696e69640331c7f96675a3f831d70d2b459e90b5664cc4c4d3e717e1723a7092fb7de5bdb62f5c C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\FaviconPath = "C:\\Users\\Admin\\AppData\\LocalLow\\Microsoft\\Internet Explorer\\Services\\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "422879214" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\International\CpMRU C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 30ca46f452afda01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\CCProxy\web\cn_acclistuser.htm

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2352 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
NL 23.62.61.97:80 www.bing.com tcp
NL 23.62.61.97:80 www.bing.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp

Files

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

MD5 29f65ba8e88c063813cc50a4ea544e93
SHA1 05a7040d5c127e68c25d81cc51271ffb8bef3568
SHA256 1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184
SHA512 e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

C:\Users\Admin\AppData\Local\Temp\Tar1AD7.tmp

MD5 435a9ac180383f9fa094131b173a2f7b
SHA1 76944ea657a9db94f9a4bef38f88c46ed4166983
SHA256 67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34
SHA512 1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 fabf5be1ba1a17b7a1884a84d6411f3c
SHA1 6be52be4141e75716dd128e8fb102a1da00b4ab5
SHA256 c948891cd6a3d583a64ad5d8584498955927ce0f437725ac02f84fa63c02ba23
SHA512 b241e3b907782f96022fc5d48122272b78e99fe28f77c7202e4482ba029c2208110b61131caf0d932e67230278594060b05e1125da4e7a68845055eee450abec

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 d1ece896d5cf0cf8e2d05432ad19bc8c
SHA1 ff6dbccacfb70b03cc68bbb968fa385eb22ab261
SHA256 401b3f0678aed5d0c01f93386654821ad594d6bbb1553d2a07bc30104ef2862a
SHA512 0f6d1be339eef3db65ecec635da51923fba81d3bfc4bfe7f9b40841540815d67b74ce510eb8364935e7ffe9ed5da2ebfc13c81c931fc76df64a50e0e2dd45c7a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 a266bb7dcc38a562631361bbf61dd11b
SHA1 3b1efd3a66ea28b16697394703a72ca340a05bd5
SHA256 df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e
SHA512 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8dea0690a729ea135adc416778491a0d
SHA1 81afa30794124d4aa0f12bffc9729718f3cef3e1
SHA256 a3afafec66e2e0324d0d0076858e31d397e5e8acb5389d175632b5bbee9b0a48
SHA512 e86d74ca39f6090f4894ebd5c6ac5e31cdfcb395008819782162463c525c27306d01a5a4a1db015eff4477c203c4304e9233fb44bb6ae7e3be131524c0e2af71

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 dbef6ea848b32e5fe2d4e8766fd1a790
SHA1 eb78d9eb8fd20126c5fe5535675697f859136917
SHA256 58f7183285cb6b64c3bd44163300108a5a31d18f1035af63413fad0e844e8086
SHA512 64b0ed81c4fb19e88508eb4a13944e7be85b3f7f56640612d762414f411952ea9cab82d9cb54b537063464901eb98e25c6ff596fc5cd8b108a6e00190c4b6bd2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 bf7799dfc90f8ccc9e9ed20d4e95d918
SHA1 d6655c1d94fa04350a745ae5e8dfebfdaf76a2f2
SHA256 6dcc0a798892c30243f3485fafe1b216c462d4953117426903c1d6d01cf242ef
SHA512 934353f1466fd4844e618ac35f39ce3417ca4015c1fadacf7433b5adfade64955c581db77aeec5849120958ef9da693756e5b10400cfbca230ec00dafbbcb4e2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 aba950e9c3f197164c9c45fbe4f36efc
SHA1 fe6094930be8b908c0940e20fb5d3fc80e8984ab
SHA256 20ad0f5d1d61bef046730a716fc0c7df4cefd26e4f324721455fd4c325e2d7e8
SHA512 a0d1096e4f471385eb2b309875850a127d1404346c9a7522d4d30e7db9259c66d90bc78e4891fc3ee7ed1c88e84c991fe6b6373e800fcd50ab9bb64d0fef9b83

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 e4a68ac854ac5242460afd72481b2a44
SHA1 df3c24f9bfd666761b268073fe06d1cc8d4f82a4
SHA256 cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f
SHA512 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 80ca4058731ea1b43a58d9bbb788cb28
SHA1 650381190ff6db3def8fbf6ee8fe3ba2060eda76
SHA256 5cad3d7e9a3afdee63778fde596de7921eef84a44c5acdff393513f5c62d63a5
SHA512 e8b758f3d6f4c7f7719bd32bef39a4df1d38ff65376aa06fc7c4b8fb25abf6a17e2f2b6c0c78ff8e771eb525136096daf040107969553ffdb28af7d4ff852994

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ee8d874bdcf54ebaae6dd993e7a058d7
SHA1 d7e072cbb54076fb32835c881133581386a7ddd6
SHA256 7a7f5434fa1736b07ba5e6651c8498acfa5cd08de9c08018186e7639171c44df
SHA512 94b0e2dae60c6e7d8110347512529b998ac0824bf81f55bda835a9075e45b81305229b497e44d9f70218d2708a703b37d5d4b9b0e6fdd25eb204c3849913d167

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 775913b5f2aa2d9d42311d0c142e9c0b
SHA1 1d735f2e15aa1764af4b47fac031696516335659
SHA256 5c68af1de52ecb9d1871f4caf22786b8d81a57add836e9f80f14428785e451d5
SHA512 71ad420abcfbffc53badb4e41682e753624a1b6b999cdcdc4d8a957ef6d3b28fd26f3195fc626964ea5a96157e3961a8f8eeb8a15e234bb5a41d8cbc2def6185

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 c1e5ff254b056c23c5728d4f8526c625
SHA1 6939bbb8ea9f8dd001706c672bfbb947855da4de
SHA256 38eac4f6b0537efe041056fd10cecd23cf6bfde0e0e68599d561ae123c846b0a
SHA512 04ae0740f8111fe88d64164db719bba46a11a3d5748ae7ffdb3eb0c3022bc6111978767f0f66d5dd1bd0142f0e93672d2fd150c23f0f38acc7888e386ab718ad

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c68b1960293728f1c2130f4795e29858
SHA1 cfad7f3a087cd281fa08db38d34079176bf432ce
SHA256 e8ec2bd0f7aef0ee0de55ccd9767d05259db244870978e9db21bf53f2f2c3e9b
SHA512 48ec0c24232e626f0ec53a87d953d78e90bdf0efed7eae6b2bb7b32616264172c0d56c609dd675e87fbed512d04ea98a31a925b63087e5ec3ebf70ab26ae375b

C:\Users\Admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico

MD5 da597791be3b6e732f0bc8b20e38ee62
SHA1 1125c45d285c360542027d7554a5c442288974de
SHA256 5b2c34b3c4e8dd898b664dba6c3786e2ff9869eff55d673aa48361f11325ed07
SHA512 d8dc8358727590a1ed74dc70356aedc0499552c2dc0cd4f7a01853dd85ceb3aead5fbdc7c75d7da36db6af2448ce5abdff64cebdca3533ecad953c061a9b338e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c61b45cab62700ad1fc356d95cb73716
SHA1 5ef559d27d29767e13aac4d57c94c6b98dcb6d7d
SHA256 93e4277965045dbdbc18add6c19e7044ccec6902288d40a95e4b43580c76cada
SHA512 ff9d91b7a08560c0420ee469d7821ef1b7b1b792596f8f39c3ea07c3497ab258cf0ee9686eb4865c05a53ccfb4d031a060f035892565cfc0fd16ff86a5d0ba1a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 392c8e9090b3c2bdeb65688bab1e742c
SHA1 aaa93b86d54fabeff65f1d0efed02bfee0d96f3d
SHA256 ce669acb0e543bf60048a0c4b847d323c159e49b7770c27398d7b4d86037d984
SHA512 b638aaaafa36de437eaeebb46572a11341bc5ee45f52b5c170eea95dea9f45045eecbc0d6de3de447c79b904b79afd54c09dc67a2d85ae6962a67bfa5365e619

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e34a346ebcf26adb55a3c14305268cbe
SHA1 0c1052b1fc9b9d88a22d929a6e8ec38fd9b53656
SHA256 2a37895f2bf1f9bb11cfe0634f8cd4d37e3d89617baa061724755aa456262f17
SHA512 3de90b8f2e1ef1efc6159dadfbad196a80c33fd9bd5fa2eb312f1b8cefccd8f1bfa7ccd0219cad26b1c5d90fd15abe2c45fc38e51b652efce042cd02b46d1347

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e16554e27d828d1a7a7267aa982506ae
SHA1 a331ac6d7b6fdd99978ac37f719de5dc3750b53e
SHA256 46d8e242fd7d0937792fb6738f5be042441621dd424b1288ec2c46568b0e6508
SHA512 2b53899221fa204e79fbb71b39fbc67dab7d500bb4763bdc974af58f3f5169bfba5192c46ee090f4cdc30658f08f1ac2d180e439b1e42ac075a7a8e2c0fe63b9

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9d464b2394f8e899abddb38b52e83534
SHA1 a09c6a514cc3c6cc2fe0646f7948e7b9044b3fa1
SHA256 9477d3b2db5e15fc2996109c6b3fc8b15ac474da5a79fa45f4f6756787ca2c75
SHA512 5514e9b3be50860ae5b18c0aa510d9f599b08a6669d8decd8ac35263d0553d4aa64efb5152719dbb632bc4d092c51c9873b0cff8987c9db708c46d59cee2253e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6c82cacd3d6c83a8f5f91f646e9ffb3f
SHA1 69668ecc6ef0e49acdee29f24b779508a9ea1e3d
SHA256 896861dc7380f31d7552980afc6ad66dbdd393db76e9bdaf7a24d136b993a651
SHA512 de184472278008680e879a9b85fb020c068e3a4703552d911c012c3e7119e8c71e0b301f251f3d4ac6e811e8bf774044f0c60e991456efa4f468f57d7df7ad22

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f7c2a71f9177a4147efd27ab619aedfd
SHA1 a652fd40a68ac49bd96f1f3d7b55060750f614b9
SHA256 7681c586d76be043411384cb2b1854fa76456f9ad473bcd62c9606f81a4e7982
SHA512 dbc29a536b5b3971050617345a460f2b2e201322b9ff04a31756fccb32c1ab4da144288f136ec7a6c53e5b77d4228df2ebf7c43bdea5453a415a87345be7af51

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4cbd2fd977233ccc27f795bd75dffc8d
SHA1 331564b1fa97b1fee617b0ff6f3fa0db8e486cdd
SHA256 8fa5345d3ef405a6043d2089f6da876de88800e0d00995298b78141296656d0e
SHA512 6962e2fff96e7d6164651e4514cb5f84bef4aa883b8d97f117a2c2833ebbbd8b8a83fa2c12b92375e9b40c2370ba61e020cf6cbde721aee4d2e03fc7313a7864

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0ee19a30da4858a88eaa0b726ee506f7
SHA1 ae5ff7462dfca473216b0972caf444e65bb19140
SHA256 5a2dfdf14d9be5f43a834007bdf4b4a7321f3865ed0365bd60c38a55bae99c9e
SHA512 7eae98445fe8245426ca93db21c142d174ba69e79f62af02835acb00129d6d0dfab6673d96dad4bb3f0e857f55099f9f15e79a2192203775bab37c26b5fccfd6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 320ceba41c263273e8d14f10a7f904ca
SHA1 e805010ea32c8d3de29935f5b5abb76ae5208389
SHA256 e2261cda1720bf813d716909df5e727b05bf96dfbe69853769aea66100831976
SHA512 77e8d7e94fd4799dcbe63c65019ad5c0dd41db415821f228f03ece57e05f69ffc5b09e6efa4606a4d9326ae5e087d16e482f9db4001da85e74e229a1581bbc4d

Analysis: behavioral14

Detonation Overview

Submitted

2024-05-26 09:55

Reported

2024-05-26 09:58

Platform

win10v2004-20240426-en

Max time kernel

145s

Max time network

131s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\CCProxy\web\en_acclistuser.htm

Signatures

Enumerates system info in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3012 wrote to memory of 5068 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3012 wrote to memory of 5068 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3012 wrote to memory of 1088 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3012 wrote to memory of 1088 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3012 wrote to memory of 1088 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3012 wrote to memory of 1088 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3012 wrote to memory of 1088 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3012 wrote to memory of 1088 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3012 wrote to memory of 1088 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3012 wrote to memory of 1088 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3012 wrote to memory of 1088 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3012 wrote to memory of 1088 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3012 wrote to memory of 1088 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3012 wrote to memory of 1088 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3012 wrote to memory of 1088 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3012 wrote to memory of 1088 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3012 wrote to memory of 1088 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3012 wrote to memory of 1088 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3012 wrote to memory of 1088 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3012 wrote to memory of 1088 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3012 wrote to memory of 1088 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3012 wrote to memory of 1088 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3012 wrote to memory of 1088 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3012 wrote to memory of 1088 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3012 wrote to memory of 1088 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3012 wrote to memory of 1088 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3012 wrote to memory of 1088 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3012 wrote to memory of 1088 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3012 wrote to memory of 1088 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3012 wrote to memory of 1088 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3012 wrote to memory of 1088 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3012 wrote to memory of 1088 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3012 wrote to memory of 1088 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3012 wrote to memory of 1088 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3012 wrote to memory of 1088 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3012 wrote to memory of 1088 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3012 wrote to memory of 1088 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3012 wrote to memory of 1088 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3012 wrote to memory of 1088 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3012 wrote to memory of 1088 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3012 wrote to memory of 1088 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3012 wrote to memory of 1088 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3012 wrote to memory of 4672 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3012 wrote to memory of 4672 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3012 wrote to memory of 5020 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3012 wrote to memory of 5020 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3012 wrote to memory of 5020 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3012 wrote to memory of 5020 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3012 wrote to memory of 5020 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3012 wrote to memory of 5020 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3012 wrote to memory of 5020 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3012 wrote to memory of 5020 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3012 wrote to memory of 5020 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3012 wrote to memory of 5020 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3012 wrote to memory of 5020 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3012 wrote to memory of 5020 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3012 wrote to memory of 5020 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3012 wrote to memory of 5020 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3012 wrote to memory of 5020 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3012 wrote to memory of 5020 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3012 wrote to memory of 5020 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3012 wrote to memory of 5020 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3012 wrote to memory of 5020 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3012 wrote to memory of 5020 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\CCProxy\web\en_acclistuser.htm

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8426246f8,0x7ff842624708,0x7ff842624718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2072,9442345266453787581,15107275289672228352,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2084 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2072,9442345266453787581,15107275289672228352,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2468 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2072,9442345266453787581,15107275289672228352,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2692 /prefetch:8

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,9442345266453787581,15107275289672228352,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3260 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,9442345266453787581,15107275289672228352,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2072,9442345266453787581,15107275289672228352,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5184 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2072,9442345266453787581,15107275289672228352,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5184 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,9442345266453787581,15107275289672228352,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5276 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,9442345266453787581,15107275289672228352,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5264 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,9442345266453787581,15107275289672228352,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5556 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,9442345266453787581,15107275289672228352,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5540 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2072,9442345266453787581,15107275289672228352,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3012 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 97.17.167.52.in-addr.arpa udp
US 8.8.8.8:53 91.90.14.23.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.237:443 g.bing.com tcp
US 8.8.8.8:53 237.197.79.204.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
NL 23.62.61.194:443 www.bing.com tcp
US 8.8.8.8:53 194.61.62.23.in-addr.arpa udp
NL 23.62.61.194:443 www.bing.com tcp
US 8.8.8.8:53 149.220.183.52.in-addr.arpa udp
US 8.8.8.8:53 183.59.114.20.in-addr.arpa udp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 26.35.223.20.in-addr.arpa udp
US 52.111.227.14:443 tcp
US 8.8.8.8:53 30.243.111.52.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 57.169.31.20.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 f53207a5ca2ef5c7e976cbb3cb26d870
SHA1 49a8cc44f53da77bb3dfb36fc7676ed54675db43
SHA256 19ab4e3c9da6d9cedda7461efdba9a2085e743513ab89f1dd0fd5a8f9486ad23
SHA512 be734c7e8afda19f445912aef0d78f9941add29baebd4a812bff27f10a1d78b52aeb11c551468c8644443c86e1a2a6b2e4aead3d7f81d39925e3c20406ac1499

\??\pipe\LOCAL\crashpad_3012_NZOLBWXLVSJJEQBK

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 ae54e9db2e89f2c54da8cc0bfcbd26bd
SHA1 a88af6c673609ecbc51a1a60dfbc8577830d2b5d
SHA256 5009d3c953de63cfd14a7d911156c514e179ff07d2b94382d9caac6040cb72af
SHA512 e3b70e5eb7321b9deca6f6a17424a15b9fd5c4008bd3789bd01099fd13cb2f4a2f37fe4b920fb51c50517745b576c1f94df83efd1a7e75949551163985599998

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\428ede9c-743c-4c3c-9c8a-997ba816d153.tmp

MD5 e58e07d33b0df93f53e41a98cb63eb2e
SHA1 31d6f8680c7710eb593ecca8d7f1ef0c870b954a
SHA256 a5d0db6a7b4539e6e8e95d100c1f3d879b318465d1957f91494bbf77872409db
SHA512 73d3e0863ab14d6a908892e4eaec9a836e3558fe3cb00bc7893a825c05241d06f1b3c1a08c892abc8214d82c012750d126ffbb47d0ab6f6891ad1cb7e54ca63a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 ad2bf002475cbc99fd27471e4966e54e
SHA1 1bef980a57cf616af3752a0cd999a4684bc4a5bb
SHA256 3479b5184a0a5c91c171bbbd299edda98e481f1b2999d3b18fa9e43c8b9f6a65
SHA512 8e11bb19457caba2ff47e65078a85fd73b97ff8bce367d2136f4a3b1dbd0eb65c94bea87a2ad5c6fd441f3b20085a1010ad55a6fe5a8bc85551a6387855876c2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 6ac14f03ea6fc00a4bcd66f57e6f7342
SHA1 7af35fd3ebc86879bf676fe0ddcb48060a307c20
SHA256 2c36ca6627ff0d3acbcea6108ed12e7e76eacf939098bb304284ecb0c2f83eaf
SHA512 5c61778581c39b33993e4d43a9346c6f3882cdd1b1dd313f43a7a1a4f984dc195edb46ecdf6d4e1fd0851121ba5dfc829dd34bfdae5125bb63a7f1ef90706c99

Analysis: behavioral3

Detonation Overview

Submitted

2024-05-26 09:55

Reported

2024-05-26 09:58

Platform

win7-20240221-en

Max time kernel

149s

Max time network

121s

Command Line

"C:\Users\Admin\AppData\Local\Temp\CCProxy\CCProxy.exe"

Signatures

Checks processor information in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\CCProxy\CCProxy.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\CCProxy\CCProxy.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Identifier C:\Users\Admin\AppData\Local\Temp\CCProxy\CCProxy.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\CCProxy\CCProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\CCProxy\CCProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\CCProxy\CCProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\CCProxy\CCProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\CCProxy\CCProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\CCProxy\CCProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\CCProxy\CCProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\CCProxy\CCProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\CCProxy\CCProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\CCProxy\CCProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\CCProxy\CCProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\CCProxy\CCProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\CCProxy\CCProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\CCProxy\CCProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\CCProxy\CCProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\CCProxy\CCProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\CCProxy\CCProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\CCProxy\CCProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\CCProxy\CCProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\CCProxy\CCProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\CCProxy\CCProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\CCProxy\CCProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\CCProxy\CCProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\CCProxy\CCProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\CCProxy\CCProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\CCProxy\CCProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\CCProxy\CCProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\CCProxy\CCProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\CCProxy\CCProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\CCProxy\CCProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\CCProxy\CCProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\CCProxy\CCProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\CCProxy\CCProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\CCProxy\CCProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\CCProxy\CCProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\CCProxy\CCProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\CCProxy\CCProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\CCProxy\CCProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\CCProxy\CCProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\CCProxy\CCProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\CCProxy\CCProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\CCProxy\CCProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\CCProxy\CCProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\CCProxy\CCProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\CCProxy\CCProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\CCProxy\CCProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\CCProxy\CCProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\CCProxy\CCProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\CCProxy\CCProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\CCProxy\CCProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\CCProxy\CCProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\CCProxy\CCProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\CCProxy\CCProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\CCProxy\CCProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\CCProxy\CCProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\CCProxy\CCProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\CCProxy\CCProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\CCProxy\CCProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\CCProxy\CCProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\CCProxy\CCProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\CCProxy\CCProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\CCProxy\CCProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\CCProxy\CCProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\CCProxy\CCProxy.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\CCProxy\CCProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\CCProxy\CCProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\CCProxy\CCProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\CCProxy\CCProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\CCProxy\CCProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\CCProxy\CCProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\CCProxy\CCProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\CCProxy\CCProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\CCProxy\CCProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\CCProxy\CCProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\CCProxy\CCProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\CCProxy\CCProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\CCProxy\CCProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\CCProxy\CCProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\CCProxy\CCProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\CCProxy\CCProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\CCProxy\CCProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\CCProxy\CCProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\CCProxy\CCProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\CCProxy\CCProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\CCProxy\CCProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\CCProxy\CCProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\CCProxy\CCProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\CCProxy\CCProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\CCProxy\CCProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\CCProxy\CCProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\CCProxy\CCProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\CCProxy\CCProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\CCProxy\CCProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\CCProxy\CCProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\CCProxy\CCProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\CCProxy\CCProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\CCProxy\CCProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\CCProxy\CCProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\CCProxy\CCProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\CCProxy\CCProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\CCProxy\CCProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\CCProxy\CCProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\CCProxy\CCProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\CCProxy\CCProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\CCProxy\CCProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\CCProxy\CCProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\CCProxy\CCProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\CCProxy\CCProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\CCProxy\CCProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\CCProxy\CCProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\CCProxy\CCProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\CCProxy\CCProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\CCProxy\CCProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\CCProxy\CCProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\CCProxy\CCProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\CCProxy\CCProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\CCProxy\CCProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\CCProxy\CCProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\CCProxy\CCProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\CCProxy\CCProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\CCProxy\CCProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\CCProxy\CCProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\CCProxy\CCProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\CCProxy\CCProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\CCProxy\CCProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\CCProxy\CCProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\CCProxy\CCProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\CCProxy\CCProxy.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\CCProxy\CCProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\CCProxy\CCProxy.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\CCProxy\CCProxy.exe

"C:\Users\Admin\AppData\Local\Temp\CCProxy\CCProxy.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 www.yahoo.com udp
GB 87.248.114.12:80 www.yahoo.com tcp
N/A 127.0.0.1:8001 tcp
N/A 127.0.0.1:8001 tcp
US 8.8.8.8:53 www.yahoo.com udp
GB 87.248.114.12:80 www.yahoo.com tcp

Files

memory/2692-0-0x00000000003D0000-0x00000000003E3000-memory.dmp

Analysis: behavioral7

Detonation Overview

Submitted

2024-05-26 09:55

Reported

2024-05-26 09:58

Platform

win7-20240508-en

Max time kernel

134s

Max time network

127s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\CCProxy\web\cn_acclistadmin.htm

Signatures

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000760f6fb6d7365248881a38bcea68cf8b0000000002000000000010660000000100002000000028b25cc717d66a38e879a2ef452322904ab0d528d1e3ffb98f51a51ec7a78851000000000e8000000002000020000000035f61e443ad2d6d65e3b9af2a000fc28fca35e9bc7302dbdfc5590ad0f609c190000000c559a42019c0294f43ed247836120ede84769d6ca9ac80e636f84f713017143e8f6e3f360925350f3a88f2181820e39fdca8c2874ae8849e111267c4f2d8692d1e205bc0033884e893f1ff484d7399369cadc74a8d5c990723113a236c3ccd4ceaf44c34e3ace92c395035efe34855cd274769e40df57751a77c43f99973fe36b7c18e84627811b43b48f7e4140608634000000060b90f0f70e725e73a36206d7cf2367a132ec530ab81dc6c43d3991ae121bd1c1a2b106b4d2b87ab5fc9e3d200e5b941d333b5bfcd3384ed81527e187d92d5ea C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{1F96DCC1-1B46-11EF-8C89-6200E4292AD7} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000760f6fb6d7365248881a38bcea68cf8b00000000020000000000106600000001000020000000cea708b9d6ad90034ec83bfad79bfaefb117554cd60f8f25600554be600fd845000000000e8000000002000020000000732a768e876116c8508f85151c4d9728eeaa48d86fc912f7412b6786884fc70b20000000302ed45e176a35d49b318d6e5f7f83caf2ca3830b4f91ce09c5cf5fbc6ba33ed40000000fe1cc6cf0b4612200e2b0fabed85a844372f87cfc0688425be0657a43d516dd6f57996f0708abe3c20ef35ce10d242b65090f650431ea4f655cac261fb77201a C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "422879214" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = a08f2af452afda01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\International\CpMRU C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\CCProxy\web\cn_acclistadmin.htm

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2232 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp

Files

C:\Users\Admin\AppData\Local\Temp\Cab3A74.tmp

MD5 29f65ba8e88c063813cc50a4ea544e93
SHA1 05a7040d5c127e68c25d81cc51271ffb8bef3568
SHA256 1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184
SHA512 e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

C:\Users\Admin\AppData\Local\Temp\Tar3AC5.tmp

MD5 435a9ac180383f9fa094131b173a2f7b
SHA1 76944ea657a9db94f9a4bef38f88c46ed4166983
SHA256 67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34
SHA512 1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d1310b8ef8f1e0c8071f1cefb6622bf4
SHA1 094699f002a533f56be82131b12c8136dad1a783
SHA256 6c68028fbddc55b550e24719b31d4301bb0eb36b8578f7ff4a0a07274daa0e21
SHA512 7b994fb62f19a36666c830244d4c91cbde280392a1061f79dd26031a3c99ee00774dcd59302249f6b7238f00a606ab9f5d0c9176f4a90dbcc0aebb70c7f8fb36

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8fa9e298117ae718c514964f589b93cc
SHA1 c205c0aae9f4738a5c7bd90baa46aaf95cb8c40a
SHA256 678388a9f47e249f27e6650669cfa47a9e0d27315298dde35f16fabd64c06620
SHA512 2269a1e2fc281b2939cdb9b9fb1941fd303e955e1be750d396150ee68ad204822cc689379e60e8c055aa242a92f8f32960d58598e4d2bf75e977da4348f5744b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6d917a8c04fecd3bfced4dde5b1a1e22
SHA1 e4cae964f0a63958bb8bc40144ffac7a0c3f2c15
SHA256 22731aa16da74a961b0eb8cf70dd567fbb4989e8b253f6aa83406350b68c250e
SHA512 70e73fc6e717fb8f51bfb17a96ce2c29dd73b1fac9efe3b54762dc55a7f76e7bbebf969e754748f77cbdbcda565ec2295e64ad54ff44391a0da23ea0105348d1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c5188e4f7bb5eb615169f062e43b4ce0
SHA1 b006c1a5f84a88d1c7a297c553017ce7a4b7f21e
SHA256 81b761d9fb6e79bcc462fd1b011820ef7016921dd633ffe9a1e5fbcceef3fee8
SHA512 848465e82a47b4b1c576d88149943023fd2dbd6025534f5816976d92d77fff3a6e7d586c7e125be2f9fa0049ad96720b64ea4e050ed2876c6e0bdceadaa3561a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 dda81f035486d7eead5dec03cc85becd
SHA1 1e33c2ba5401bdb60b019726e0e284063111d3b0
SHA256 c701c7a9c18bcff331f48dee255cdf0da569e0659e54fa4d01171c86031b4532
SHA512 0cc7a9845b09b319cded85ed2a12ca1fb5fff2ec23e2c89a6cbb5c86b2508df1803f57e690565bd2b3b4ab754c782b053989ab1cd10a9badf49d38b679a5fd5e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1613549be26c6e3065ba53d5af7bb4f7
SHA1 447688fb180d763d5bd030e2b5409ea0cf50f0ea
SHA256 ba47a4ce856b4eff933fe01512527c4704744ffea89f9410c559477d30b0b0ff
SHA512 76ec5e8ab7c777c9a78151d2ee944dda56b07d8b459473c0accc533951cdc1a94ac916d142cc0a9a1845801d4d6454d52cf0e7d498272da6e33f16453ff8eee7

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 84d05800b89ce0a3b7781dd4ce1e0eff
SHA1 5372e0c0d97b37d0d1763cbbadccee783720a509
SHA256 a87c888045f52cc4b95730f33c6c8190231a11e760f56f6bac4e8e48d4c88d20
SHA512 64e8435c06bd70a9f62044f8dc46b1c2d928ef320ab44bb5fca8c8cab61624e07e2f338445828389aabdeacc605c58e7b78fdd768e7df7dc4a8ceaf2874b4f2f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2d8c0719f97a65d5c706dccd69756001
SHA1 a0c85872bd58d40e01dec65c7adab74aa296e94a
SHA256 42931e56b7f2f8b5638b5ae33e1b66061fb38a03e8afcafef3eec0d3f84c5495
SHA512 361a801d8fb695f498e399c3f93ba324afe7e77e6c5833829c1caecfd86dfd3b2200b75e52be00fdd9ba3137129f16960740dd6535655c613af3240a3e0ded81

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3acc94c59f22a5aacfd226b2a1f49737
SHA1 6f5a4c947dcd70897167214075118b2087877c02
SHA256 50599542ef4adce767002f60559fbc8640908b5c51ce8503d12893a98658302f
SHA512 f5d791d85e58ecece9adeb52fae47c8cd5d618f4808b64d1074f2184174dca60ed3b0a5fed56a79d29a5bdb9094718a72228289de1d798a1ed77da41616176af

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b35d38f8a1ce056bd14df1160b506d68
SHA1 a0816afea380c99f0ab699e93842f0edf6d8f253
SHA256 6c14c4d9fde334f1d78596c81963d348c97e75fa6272c9da6d637176e8255fe4
SHA512 edf5577c83c3fd673e250abe31f010e03e451b7ce26cc7c551016b784422320934323ae8c6bb507847fb9f2f36540612319dd1b88ff99e31fc266cea87fa7d7c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1c776d2d08c75575438845513fc5a9b6
SHA1 2ca3be30eff4f51d3853d1b938e1ab22aa0cb75f
SHA256 78cd179e9c806596ae9e12b474cce8cd6def8d2d3faafa1adba4c16984bd6b33
SHA512 7aa2e25cee76b6bcf617bfde397279b56f103001774a858e3d5a3c3062b8daf0a8b42bf56234b0cf2e84b49f35e431c4748941911be9fda1dc90c5a1bd2ae059

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f952ddec65bba211cfce0eaf2c0d8935
SHA1 95824f3024a7783a00851b05e8554ce371d1de33
SHA256 b94268dfe84190d7a29d49cec055207e43a930abe55faab72bcb9b9b6287eb98
SHA512 be3e1a5ac643a34e7c0d534567d99a30e6512e9abf37b45348dfa5ce089e4eeef0049a92aa35768d03e5d08627ed5268f8d6d9102f34ef131c6dab868ad8baee

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e1f3da0dc82893c3a88fa42ebc70bbe4
SHA1 7897e4f51e2f58f6e51c0473323518363af65d01
SHA256 0af6700df4bf24dbfc71d5b2548cc57fb93fa444ec25c185652be047134a5c25
SHA512 3b41163e9737383720531929894aaca274f1f3761a2a1650fc625979073fc823762e2d38155a3780c3e4c7836ce93338e052f6a3ff3077358781bf68d1d9decc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4fbcec88df276e5686197b743851c774
SHA1 824ee149ecbcfb396f473580c581dc50dd2f7c2d
SHA256 1ed835ba415bb5afdbaa3cf95bff5cbd8471dfbd939de6c149a10e4ceea9f722
SHA512 022fb55be4a9dd73696ab9b32b454e2ae7e7bb70b2e63e2bb64b39314a0280e5c257cb965ee6eae22b5a063a64ce48513b4c3a4f68028b15da5728eb5c0a464b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 68b7dcddec231d119c1070585b63aa08
SHA1 9aa22fa63c7f232aa654e3d3f282a1dedaab2cf4
SHA256 2a6fb4013550f9273f9c96fb401d967d7ffd0655e41ee599fbf9f45dddf8df14
SHA512 1106dde0361d8f1e3b724dd65be4b2f8415947b750740c3fd6d1db70a55b88171db23779591676b78bac15fa58ad9ea0e72f9ad427ace4b36959d60e363956c3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 900b9d5ec5a4901011fe731a4b3f0800
SHA1 1bab398cd2609ac5775f015314f06acaeac90654
SHA256 e2f07a81e9eafb90ae875ff9ce5b179157e7834dcaac97433f62cb7e7f59f42c
SHA512 7f356826638dad96f27dee51165cd67dc56ee21e33cd2faf7ae4592daa6af35e9e2c5d5caf76d4a4aa6d28dddba637b26697cc50f71717b6c210005a21601b71

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0b146a8e54c89965ce2d83360d784840
SHA1 986a70841198978f04c34ca7ebc458bb2073871d
SHA256 9b5ecb8d0169b3e91b78a7e8fc1ffcf4670e1bf573b1f660e781885c401dcc82
SHA512 7cae99f3e3d833e723ea976dd34a974484f17fc72cd6efab1268fb70b99aef80f33a3bf228457e58e288497f2a08da2ee78b6c54f3abaf5a8b4b81171d9c92c1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 10780782de00fb72aa53a845bbd3f85d
SHA1 fb3db07ce1833f398698a0cfc27365b155a9154c
SHA256 3277b9e4a5635c8e345d9219386384a274281dd87f5125645b785518d0562f31
SHA512 925abec2d52eaf9478594834b9ef3cf11682205f863265aa22d391c3142aceb77375673e3f4125c52bfb4321aef9c1fc8313822aab1cc9ffa2ba0f3f79102d59

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 172b26775f4ea21decf670d090ba5f71
SHA1 d4ce8a524a05cd7618963516d6237198a7fecb2b
SHA256 a9df6a49f99988a3387db5aeafe5c4f78aeb882ca860cd2da387c34e91eaa630
SHA512 084d2d5ecd6eae02a85f5ce59e1877a836e060b8a512e31337d4e01312f958c97958844f3fda893b5219030cd139f4b13fa2320729e96b36f0832ceaafa35938

Analysis: behavioral8

Detonation Overview

Submitted

2024-05-26 09:55

Reported

2024-05-26 09:58

Platform

win10v2004-20240426-en

Max time kernel

145s

Max time network

137s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\CCProxy\web\cn_acclistadmin.htm

Signatures

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4196 wrote to memory of 724 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4196 wrote to memory of 724 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4196 wrote to memory of 3148 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4196 wrote to memory of 3148 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4196 wrote to memory of 3148 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4196 wrote to memory of 3148 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4196 wrote to memory of 3148 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4196 wrote to memory of 3148 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4196 wrote to memory of 3148 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4196 wrote to memory of 3148 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4196 wrote to memory of 3148 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4196 wrote to memory of 3148 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4196 wrote to memory of 3148 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4196 wrote to memory of 3148 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4196 wrote to memory of 3148 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4196 wrote to memory of 3148 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4196 wrote to memory of 3148 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4196 wrote to memory of 3148 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4196 wrote to memory of 3148 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4196 wrote to memory of 3148 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4196 wrote to memory of 3148 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4196 wrote to memory of 3148 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4196 wrote to memory of 3148 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4196 wrote to memory of 3148 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4196 wrote to memory of 3148 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4196 wrote to memory of 3148 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4196 wrote to memory of 3148 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4196 wrote to memory of 3148 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4196 wrote to memory of 3148 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4196 wrote to memory of 3148 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4196 wrote to memory of 3148 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4196 wrote to memory of 3148 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4196 wrote to memory of 3148 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4196 wrote to memory of 3148 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4196 wrote to memory of 3148 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4196 wrote to memory of 3148 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4196 wrote to memory of 3148 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4196 wrote to memory of 3148 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4196 wrote to memory of 3148 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4196 wrote to memory of 3148 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4196 wrote to memory of 3148 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4196 wrote to memory of 3148 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4196 wrote to memory of 4484 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4196 wrote to memory of 4484 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4196 wrote to memory of 3412 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4196 wrote to memory of 3412 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4196 wrote to memory of 3412 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4196 wrote to memory of 3412 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4196 wrote to memory of 3412 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4196 wrote to memory of 3412 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4196 wrote to memory of 3412 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4196 wrote to memory of 3412 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4196 wrote to memory of 3412 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4196 wrote to memory of 3412 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4196 wrote to memory of 3412 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4196 wrote to memory of 3412 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4196 wrote to memory of 3412 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4196 wrote to memory of 3412 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4196 wrote to memory of 3412 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4196 wrote to memory of 3412 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4196 wrote to memory of 3412 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4196 wrote to memory of 3412 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4196 wrote to memory of 3412 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4196 wrote to memory of 3412 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\CCProxy\web\cn_acclistadmin.htm

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa006e46f8,0x7ffa006e4708,0x7ffa006e4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2188,9200644793503488290,1958784788890471682,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2200 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2188,9200644793503488290,1958784788890471682,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2312 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2188,9200644793503488290,1958784788890471682,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2836 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,9200644793503488290,1958784788890471682,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3240 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,9200644793503488290,1958784788890471682,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2188,9200644793503488290,1958784788890471682,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5216 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2188,9200644793503488290,1958784788890471682,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5216 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,9200644793503488290,1958784788890471682,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4816 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,9200644793503488290,1958784788890471682,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4796 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,9200644793503488290,1958784788890471682,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5460 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,9200644793503488290,1958784788890471682,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5344 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2188,9200644793503488290,1958784788890471682,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1764 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 71.31.126.40.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.237:443 g.bing.com tcp
US 8.8.8.8:53 28.118.140.52.in-addr.arpa udp
US 8.8.8.8:53 91.90.14.23.in-addr.arpa udp
US 8.8.8.8:53 237.197.79.204.in-addr.arpa udp
NL 23.62.61.97:443 www.bing.com tcp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 97.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 88.156.103.20.in-addr.arpa udp
NL 23.62.61.97:443 www.bing.com tcp
US 8.8.8.8:53 58.55.71.13.in-addr.arpa udp
US 8.8.8.8:53 149.220.183.52.in-addr.arpa udp
US 8.8.8.8:53 86.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
US 8.8.8.8:53 14.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 57.169.31.20.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 8b167567021ccb1a9fdf073fa9112ef0
SHA1 3baf293fbfaa7c1e7cdacb5f2975737f4ef69898
SHA256 26764cedf35f118b55f30b3a36e0693f9f38290a5b2b6b8b83a00e990ae18513
SHA512 726098001ef1acf1dd154a658752fa27dea32bca8fbb66395c142cb666102e71632adbad1b7e2f717071cd3e3af3867471932a71707f2ae97b989f4be468ab54

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 537815e7cc5c694912ac0308147852e4
SHA1 2ccdd9d9dc637db5462fe8119c0df261146c363c
SHA256 b4b69d099507d88abdeff4835e06cc6711e1c47464c963d013cef0a278e52d4f
SHA512 63969a69af057235dbdecddc483ef5ce0058673179a3580c5aa12938c9501513cdb72dd703a06fa7d4fc08d074f17528283338c795334398497c771ecbd1350a

\??\pipe\LOCAL\crashpad_4196_TTVOKICISKCSEUBT

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 67ebeeed8c9903af02cb506d59f82d2b
SHA1 6ee6939cbb55d27ac893965f3364eff184027de7
SHA256 5bea13b416640b7a297224dfdf092c074b6473904b3e73078f43240b883ab7e6
SHA512 052f3ef6137e570e8c78cc18e3ed9ba1c5dd49629d54ff2797d4ab93f4c0389ffc741609a93b760f8f241fd7fe2520cc24af7f43cd2e6c56accfdd76124d9e45

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 5be8b7648e62cddf6cc0e9e0c87d56d8
SHA1 c646e323989e7ef1b9c19850e590d3ba228380b9
SHA256 6d21ce955b80216d619283fdcb42f71c55a25960b1bf3bdaa27af4c534f6cd92
SHA512 d507c94307d74c89208725225eeaf2e9f039be5eefdfbc542e91740ac3f76dcf48a5b2d20a08e3e3cc7204530804c52372162dae8c0bf2903dfd6b8349cdcaa7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 e6512c76bf4f1b5feb625df9de75ecf5
SHA1 09a79f1b9197ca63021fcddfb62faba23a43dacc
SHA256 f7841c81372c5a5a2db0992dcce463dc155cc11e0f66a9d4b1ecd0219615a594
SHA512 019201c7644a78d8a0649531ba93dfe7bbb8732111588ceb9541a0428df34ad9ce9e9377a75b12d66d7ea5c6b732b9ef74a5592d0d008471b27095bb095034dc

Analysis: behavioral10

Detonation Overview

Submitted

2024-05-26 09:55

Reported

2024-05-26 09:58

Platform

win10v2004-20240508-en

Max time kernel

145s

Max time network

132s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\CCProxy\web\cn_acclistuser.htm

Signatures

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3392 wrote to memory of 3012 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3392 wrote to memory of 3012 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3392 wrote to memory of 648 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3392 wrote to memory of 648 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3392 wrote to memory of 648 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3392 wrote to memory of 648 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3392 wrote to memory of 648 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3392 wrote to memory of 648 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3392 wrote to memory of 648 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3392 wrote to memory of 648 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3392 wrote to memory of 648 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3392 wrote to memory of 648 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3392 wrote to memory of 648 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3392 wrote to memory of 648 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3392 wrote to memory of 648 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3392 wrote to memory of 648 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3392 wrote to memory of 648 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3392 wrote to memory of 648 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3392 wrote to memory of 648 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3392 wrote to memory of 648 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3392 wrote to memory of 648 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3392 wrote to memory of 648 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3392 wrote to memory of 648 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3392 wrote to memory of 648 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3392 wrote to memory of 648 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3392 wrote to memory of 648 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3392 wrote to memory of 648 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3392 wrote to memory of 648 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3392 wrote to memory of 648 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3392 wrote to memory of 648 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3392 wrote to memory of 648 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3392 wrote to memory of 648 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3392 wrote to memory of 648 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3392 wrote to memory of 648 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3392 wrote to memory of 648 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3392 wrote to memory of 648 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3392 wrote to memory of 648 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3392 wrote to memory of 648 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3392 wrote to memory of 648 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3392 wrote to memory of 648 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3392 wrote to memory of 648 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3392 wrote to memory of 648 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3392 wrote to memory of 1224 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3392 wrote to memory of 1224 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3392 wrote to memory of 1584 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3392 wrote to memory of 1584 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3392 wrote to memory of 1584 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3392 wrote to memory of 1584 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3392 wrote to memory of 1584 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3392 wrote to memory of 1584 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3392 wrote to memory of 1584 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3392 wrote to memory of 1584 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3392 wrote to memory of 1584 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3392 wrote to memory of 1584 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3392 wrote to memory of 1584 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3392 wrote to memory of 1584 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3392 wrote to memory of 1584 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3392 wrote to memory of 1584 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3392 wrote to memory of 1584 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3392 wrote to memory of 1584 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3392 wrote to memory of 1584 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3392 wrote to memory of 1584 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3392 wrote to memory of 1584 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3392 wrote to memory of 1584 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\CCProxy\web\cn_acclistuser.htm

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8517946f8,0x7ff851794708,0x7ff851794718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,13001304975034234465,17997322621098542799,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2112 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2100,13001304975034234465,17997322621098542799,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2188 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2100,13001304975034234465,17997322621098542799,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2936 /prefetch:8

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,13001304975034234465,17997322621098542799,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3320 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,13001304975034234465,17997322621098542799,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3352 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,13001304975034234465,17997322621098542799,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5100 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,13001304975034234465,17997322621098542799,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5100 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,13001304975034234465,17997322621098542799,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5160 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,13001304975034234465,17997322621098542799,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5176 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,13001304975034234465,17997322621098542799,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3376 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,13001304975034234465,17997322621098542799,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3416 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,13001304975034234465,17997322621098542799,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2016 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 154.239.44.20.in-addr.arpa udp
US 8.8.8.8:53 71.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
NL 23.62.61.194:443 www.bing.com tcp
US 8.8.8.8:53 43.58.199.20.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 194.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 58.55.71.13.in-addr.arpa udp
US 8.8.8.8:53 28.118.140.52.in-addr.arpa udp
US 8.8.8.8:53 26.165.165.52.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 91.90.14.23.in-addr.arpa udp
US 8.8.8.8:53 82.90.14.23.in-addr.arpa udp
US 8.8.8.8:53 26.35.223.20.in-addr.arpa udp
US 8.8.8.8:53 30.243.111.52.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 205.47.74.20.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 4158365912175436289496136e7912c2
SHA1 813d11f772b1cfe9ceac2bf37f4f741e5e8fbe59
SHA256 354de4b033ba6e4d85f94d91230cb8501f62e0a4e302cd4076c7e0ad73bedbd1
SHA512 74b4f7b24ad4ea395f3a4cd8dbfae54f112a7c87bce3d286ee5161f6b63d62dfa19bb0d96bb7ed1c6d925f5697a2580c25023d5052c6a09992e6fd9dd49ea82b

\??\pipe\LOCAL\crashpad_3392_GWTNOFGAODBMLPTR

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 ce4c898f8fc7601e2fbc252fdadb5115
SHA1 01bf06badc5da353e539c7c07527d30dccc55a91
SHA256 bce2dfaa91f0d44e977e0f79c60e64954a7b9dc828b0e30fbaa67dbe82f750aa
SHA512 80fff4c722c8d3e69ec4f09510779b7e3518ae60725d2d36903e606a27ec1eaedbdbfac5b662bf2c19194c572ccf0125445f22a907b329ad256e6c00b9cf032c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 2d95d062c053d76eb6e51ca4988b2153
SHA1 6e94a96b3a7a5fe2ca8bd0285c6b29ab881781f6
SHA256 a35f7f3daccf3b240ed0b86796fa354b51bb1965d73d5a06f487dc56ad735baf
SHA512 1e867d256937846f2621d86a556ff261de914148dfec7f90a0cd4df7828000065ad2cd444e10f6454d3be234e89095da254199ea943c10e9f9dfc3f81e8c3378

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 206702161f94c5cd39fadd03f4014d98
SHA1 bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA256 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA512 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 5873a68fdf3f29461f9a9ec8026a73fa
SHA1 abe618aecaa2ed2aa1c5a149478075a074e19790
SHA256 458fd146fb604a81e6468a2997578853f8787b980fd0d1be73894b87d5ba647f
SHA512 01f37f5be24e485597d97ceb6314927605e9594a03e447312bebff2db8999abc93cb8c59d023a1af84e7ed2d71dbee3e5987cafc0e25728dbfcda8a3a436db3c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 9e98bd9fda09f2ca05bced2e913caa2b
SHA1 471c51aa89b42530425a7c4374774563455a7024
SHA256 2ea0537e45acc1d943858e4d63cc5351099609c2a9788d1a67641b630745f200
SHA512 b75c7ec4bf531ea3e4904df448b7a5ba935cf39e35dbcf7407df188a32b234f10c3a33ef1f91b465c289164371272cade9484b5c73e1ae482ce078108ee30864

Analysis: behavioral12

Detonation Overview

Submitted

2024-05-26 09:55

Reported

2024-05-26 09:58

Platform

win10v2004-20240226-en

Max time kernel

143s

Max time network

149s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\CCProxy\web\en_acclistadmin.htm

Signatures

N/A

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\CCProxy\web\en_acclistadmin.htm

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --mojo-platform-channel-handle=4924 --field-trial-handle=2248,i,10247514684337323751,15511974759131734137,262144 --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=18 --mojo-platform-channel-handle=5732 --field-trial-handle=2248,i,10247514684337323751,15511974759131734137,262144 --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=5856 --field-trial-handle=2248,i,10247514684337323751,15511974759131734137,262144 --variations-seed-version /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --mojo-platform-channel-handle=4052 --field-trial-handle=2248,i,10247514684337323751,15511974759131734137,262144 --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --no-appcompat-clear --mojo-platform-channel-handle=5904 --field-trial-handle=2248,i,10247514684337323751,15511974759131734137,262144 --variations-seed-version /prefetch:8

Network

Country Destination Domain Proto
US 8.8.8.8:53 business.bing.com udp
US 8.8.8.8:53 business.bing.com udp
US 13.107.6.158:443 business.bing.com tcp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
GB 51.140.244.186:443 nav-edge.smartscreen.microsoft.com tcp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 bzib.nelreports.net udp
US 8.8.8.8:53 bzib.nelreports.net udp
GB 51.140.244.186:443 nav-edge.smartscreen.microsoft.com tcp
BE 2.21.17.194:443 www.microsoft.com tcp
US 2.17.251.4:443 bzib.nelreports.net tcp
US 8.8.8.8:53 164.189.21.2.in-addr.arpa udp
US 8.8.8.8:53 158.6.107.13.in-addr.arpa udp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 186.244.140.51.in-addr.arpa udp
US 8.8.8.8:53 194.17.21.2.in-addr.arpa udp
US 8.8.8.8:53 4.251.17.2.in-addr.arpa udp
US 8.8.8.8:53 97.17.167.52.in-addr.arpa udp
US 8.8.8.8:53 edgestatic.azureedge.net udp
US 8.8.8.8:53 edgestatic.azureedge.net udp
US 8.8.8.8:53 c.s-microsoft.com udp
US 8.8.8.8:53 c.s-microsoft.com udp
US 13.107.246.64:443 edgestatic.azureedge.net tcp
US 13.107.246.64:443 edgestatic.azureedge.net tcp
US 13.107.246.64:443 edgestatic.azureedge.net tcp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 wcpstatic.microsoft.com udp
US 8.8.8.8:53 wcpstatic.microsoft.com udp
US 13.107.246.64:443 wcpstatic.microsoft.com tcp
US 13.107.246.64:443 wcpstatic.microsoft.com tcp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 71.31.126.40.in-addr.arpa udp
US 20.231.121.79:80 tcp
US 8.8.8.8:53 nw-umwatson.events.data.microsoft.com udp
US 20.42.73.29:443 nw-umwatson.events.data.microsoft.com tcp
US 8.8.8.8:53 58.55.71.13.in-addr.arpa udp
US 8.8.8.8:53 29.73.42.20.in-addr.arpa udp
US 8.8.8.8:53 26.165.165.52.in-addr.arpa udp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
US 13.107.246.64:443 wcpstatic.microsoft.com tcp
US 8.8.8.8:53 13.86.106.20.in-addr.arpa udp
NL 23.62.61.194:443 www.bing.com tcp
US 8.8.8.8:53 194.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 31.243.111.52.in-addr.arpa udp
NL 23.62.61.97:443 www.bing.com tcp
US 8.8.8.8:53 97.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 226.162.46.104.in-addr.arpa udp

Files

N/A

Analysis: behavioral16

Detonation Overview

Submitted

2024-05-26 09:55

Reported

2024-05-26 09:58

Platform

win10v2004-20240426-en

Max time kernel

131s

Max time network

101s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\CCProxy\zlib1.dll,#1

Signatures

Program crash

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\rundll32.exe

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1908 wrote to memory of 2712 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe
PID 1908 wrote to memory of 2712 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe
PID 1908 wrote to memory of 2712 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\CCProxy\zlib1.dll,#1

C:\Windows\SysWOW64\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\CCProxy\zlib1.dll,#1

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 192 -p 2712 -ip 2712

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 2712 -s 600

Network

Country Destination Domain Proto
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.237:443 g.bing.com tcp
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 58.55.71.13.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 237.197.79.204.in-addr.arpa udp
NL 23.62.61.97:443 www.bing.com tcp
US 8.8.8.8:53 71.159.190.20.in-addr.arpa udp
NL 23.62.61.97:443 www.bing.com tcp
US 8.8.8.8:53 97.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 55.36.223.20.in-addr.arpa udp
US 8.8.8.8:53 149.220.183.52.in-addr.arpa udp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
US 8.8.8.8:53 26.165.165.52.in-addr.arpa udp
US 8.8.8.8:53 91.90.14.23.in-addr.arpa udp
US 8.8.8.8:53 88.156.103.20.in-addr.arpa udp
US 8.8.8.8:53 23.236.111.52.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 200.197.79.204.in-addr.arpa udp

Files

N/A

Analysis: behavioral18

Detonation Overview

Submitted

2024-05-26 09:55

Reported

2024-05-26 09:58

Platform

win10v2004-20240508-en

Max time kernel

132s

Max time network

104s

Command Line

"C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL C:\Users\Admin\AppData\Local\Temp\易网时代绿软基地.url

Signatures

N/A

Processes

C:\Windows\System32\rundll32.exe

"C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL C:\Users\Admin\AppData\Local\Temp\易网时代绿软基地.url

Network

Country Destination Domain Proto
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.237:443 g.bing.com tcp
US 8.8.8.8:53 154.239.44.20.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 237.197.79.204.in-addr.arpa udp
NL 23.62.61.194:443 www.bing.com tcp
US 8.8.8.8:53 194.61.62.23.in-addr.arpa udp
NL 23.62.61.194:443 www.bing.com tcp
US 8.8.8.8:53 58.55.71.13.in-addr.arpa udp
US 8.8.8.8:53 86.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 88.156.103.20.in-addr.arpa udp
US 52.111.229.43:443 tcp
US 8.8.8.8:53 23.236.111.52.in-addr.arpa udp
US 8.8.8.8:53 91.90.14.23.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 55.36.223.20.in-addr.arpa udp
US 8.8.8.8:53 200.197.79.204.in-addr.arpa udp

Files

N/A