Analysis Overview
SHA256
b38150ba19809c027431ec9ac11e3f560d2bed0708c5f7332167c40032e9632b
Threat Level: Shows suspicious behavior
The file Lunar Client - Installer.exe was found to be: Shows suspicious behavior.
Malicious Activity Summary
ACProtect 1.3x - 1.4x DLL software
Enumerates connected drives
UPX packed file
Executes dropped EXE
Drops file in Windows directory
Loads dropped DLL
Browser Information Discovery
Enumerates physical storage devices
System Location Discovery: System Language Discovery
Command and Scripting Interpreter: JavaScript
Suspicious use of AdjustPrivilegeToken
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious behavior: EnumeratesProcesses
Suspicious use of SendNotifyMessage
Modifies Internet Explorer settings
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of SetWindowsHookEx
Suspicious behavior: AddClipboardFormatListener
Suspicious use of FindShellTrayWindow
Suspicious use of WriteProcessMemory
Enumerates system info in registry
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-10-22 19:48
Signatures
ACProtect 1.3x - 1.4x DLL software
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral6
Detonation Overview
Submitted
2024-10-22 19:48
Reported
2024-10-22 19:51
Platform
win10v2004-20241007-en
Max time kernel
145s
Max time network
141s
Command Line
Signatures
Browser Information Discovery
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\app\index.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff80d7746f8,0x7ff80d774708,0x7ff80d774718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2068,13445372195070304261,2855865091872055256,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2100 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2068,13445372195070304261,2855865091872055256,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2160 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2068,13445372195070304261,2855865091872055256,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2692 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,13445372195070304261,2855865091872055256,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3160 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,13445372195070304261,2855865091872055256,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3212 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2068,13445372195070304261,2855865091872055256,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5136 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2068,13445372195070304261,2855865091872055256,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5136 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,13445372195070304261,2855865091872055256,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5244 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,13445372195070304261,2855865091872055256,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5260 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,13445372195070304261,2855865091872055256,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5628 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,13445372195070304261,2855865091872055256,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3328 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2068,13445372195070304261,2855865091872055256,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1904 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | content.overwolf.com | udp |
| US | 3.165.148.127:443 | content.overwolf.com | tcp |
| US | 3.165.148.127:443 | content.overwolf.com | tcp |
| US | 8.8.8.8:53 | 196.249.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 127.148.165.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 71.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 22.10.230.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 67.204.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.242.123.52.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 55.36.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 217.106.137.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 53.210.109.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 101.11.19.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.156.103.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | ba6ef346187b40694d493da98d5da979 |
| SHA1 | 643c15bec043f8673943885199bb06cd1652ee37 |
| SHA256 | d86eec91f295dfda8ed1c5fa99de426f2fe359282c7ebf67e3a40be739475d73 |
| SHA512 | 2e6cc97330be8868d4b9c53be7e12c558f6eb1ac2c4080a611ba6c43561d0c5bb4791b8a11a8c2371599f0ba73ed1d9a7a2ea6dee2ae6a080f1912e0cb1f656c |
\??\pipe\LOCAL\crashpad_3876_SLQHPWFXGNUBBSXG
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | b8880802fc2bb880a7a869faa01315b0 |
| SHA1 | 51d1a3fa2c272f094515675d82150bfce08ee8d3 |
| SHA256 | 467b8cd4aacac66557712f9843023dcedefcc26efc746f3e44157bc8dac73812 |
| SHA512 | e1c6dba2579357ba70de58968b167d2c529534d24bff70568144270c48ac18a48ee2af2d58d78ae741e5a36958fa78a57955bd2456f1df00b781fc1002e123d2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | b6b42fd20de5396c7920e40921270061 |
| SHA1 | 324bc55d6b22c9a4ec171800cadb8bb85967d0e8 |
| SHA256 | a6d73935827411ca478a6b9e905bfced4382eaafcec6b2ecbaeee9edaf3e3e65 |
| SHA512 | 13a61fb0149b5574271337ed271ac35144a108c371e12cf0dadd69efa7c9ec2f20dc6561f353a2b47a1d133bfb2a19da1b26dd6dfe3ba2cbf78a91a42c79e788 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 6397e57a40aeac161d46374c03731f3b |
| SHA1 | 5b7f13efaccc26811cef4757fc196624803b8fff |
| SHA256 | 47242d311904e8c77b8ee7bf7e2c57b20ba3dd7f372a357b81add9232e2c9c0a |
| SHA512 | 4c5c9fa1c5f19ce41a54d648c115b870c9bd1fea2fee8303401d76c9529838b663133bd06c324fe3ee12ed59a8a0fc75d25d019bfd07113299ce658046d2f52e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 78f0a57166ebe3fb73309ea6345141f4 |
| SHA1 | 1d1d096d66ce1ffed3f3a6e3850e23e7b4347318 |
| SHA256 | d657579d0bbf0b4996413e369c812671dfa69a83308117124da0b28958a4088e |
| SHA512 | 7f0b525719649830ea9c880412f62e4a895d99d292ebcc782f97f8faf3cb22f732a97bd1f89d40c20bada30faa64c008dab3ba4b9f73a359bbd56550d670b76d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 52c37dd79a3f43f0017a8989114e689a |
| SHA1 | 9879d4e69273edc6467bb06377984cbccfa5f6ef |
| SHA256 | caa553dcad40358f410f167919ea85beaecbc344a4a7b20075614e427009a967 |
| SHA512 | 45b1969e65c0f67e416ed7facabadda7834c8dcdfc6f5a071b3c42252631c5537c97a8532b63863a52b70a64fa1dbe4a63298844425477361031920f232d3eed |
Analysis: behavioral26
Detonation Overview
Submitted
2024-10-22 19:48
Reported
2024-10-22 19:51
Platform
win10v2004-20241007-en
Max time kernel
130s
Max time network
150s
Command Line
Signatures
Command and Scripting Interpreter: JavaScript
Processes
C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\app\js\utils\strings-loader.js
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 28.118.140.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 150.171.27.10:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | 69.31.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 55.36.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.86.106.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 56.163.245.4.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 103.209.201.84.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 226.108.222.173.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 210.108.222.173.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 43.229.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 10.28.171.150.in-addr.arpa | udp |
Files
Analysis: behavioral28
Detonation Overview
Submitted
2024-10-22 19:48
Reported
2024-10-22 19:51
Platform
win10v2004-20241007-en
Max time kernel
149s
Max time network
150s
Command Line
Signatures
Command and Scripting Interpreter: JavaScript
Processes
C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\app\js\utils\utils.js
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 28.118.140.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 71.31.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.150.49.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 212.20.149.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 104.209.201.84.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 55.36.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 43.229.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 43.58.199.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 10.28.171.150.in-addr.arpa | udp |
| US | 8.8.8.8:53 | udp |
Files
Analysis: behavioral27
Detonation Overview
Submitted
2024-10-22 19:48
Reported
2024-10-22 19:51
Platform
win7-20241010-en
Max time kernel
11s
Max time network
19s
Command Line
Signatures
Command and Scripting Interpreter: JavaScript
Processes
C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\app\js\utils\utils.js
Network
Files
Analysis: behavioral2
Detonation Overview
Submitted
2024-10-22 19:48
Reported
2024-10-22 19:51
Platform
win10v2004-20241007-en
Max time kernel
138s
Max time network
108s
Command Line
Signatures
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\nsnB382.tmp\OWinstaller.exe | N/A |
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Lunar Client - Installer.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Lunar Client - Installer.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Lunar Client - Installer.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Lunar Client - Installer.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Lunar Client - Installer.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\nsnB382.tmp\OWinstaller.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\nsnB382.tmp\OWinstaller.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\nsnB382.tmp\OWinstaller.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\nsnB382.tmp\OWinstaller.exe | N/A |
Enumerates physical storage devices
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\Lunar Client - Installer.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\nsnB382.tmp\OWinstaller.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\nsnB382.tmp\OWinstaller.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\nsnB382.tmp\OWinstaller.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\nsnB382.tmp\OWinstaller.exe | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2412 wrote to memory of 4496 | N/A | C:\Users\Admin\AppData\Local\Temp\Lunar Client - Installer.exe | C:\Users\Admin\AppData\Local\Temp\nsnB382.tmp\OWinstaller.exe |
| PID 2412 wrote to memory of 4496 | N/A | C:\Users\Admin\AppData\Local\Temp\Lunar Client - Installer.exe | C:\Users\Admin\AppData\Local\Temp\nsnB382.tmp\OWinstaller.exe |
Processes
C:\Users\Admin\AppData\Local\Temp\Lunar Client - Installer.exe
"C:\Users\Admin\AppData\Local\Temp\Lunar Client - Installer.exe"
C:\Users\Admin\AppData\Local\Temp\nsnB382.tmp\OWinstaller.exe
"C:\Users\Admin\AppData\Local\Temp\nsnB382.tmp\OWinstaller.exe" Sel=0&Extension=jilehohlakeokncafogkgnicgndeecdiengddbcc&UtmSource=client-site&UtmMedium=download-page&UtmCampaign=direct&Referer=www.lunarclient.com&Browser=chrome -partnerCustomizationLevel 1 -customPromoPages --owelectronUrl=https://launcherupdates.lunarclientcdn.com/latest-ow.yml -AllowWindowsInsider --disable-change-location --disable-ow-shortcut-ui --disable-app-shortcut-ui --enable-app-shortcut --eula-url=https://www.lunarclient.com/terms --privacy-url=https://www.lunarclient.com/privacy --silent-setup --app-name="Lunar Client" --auto-close -exepath C:\Users\Admin\AppData\Local\Temp\Lunar Client - Installer.exe
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 217.106.137.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | analyticsnew.overwolf.com | udp |
| GB | 142.250.178.14:80 | www.google-analytics.com | tcp |
| GB | 54.230.10.87:443 | analyticsnew.overwolf.com | tcp |
| US | 8.8.8.8:53 | 14.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 87.10.230.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 71.31.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 150.171.27.10:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | 138.201.86.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 28.118.140.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 56.163.245.4.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 103.209.201.84.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 210.108.222.173.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.35.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 147.108.222.173.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\nsnB382.tmp\UserInfo.dll
| MD5 | 1dd4ca0f4a94155f8d46ec95a20ada4a |
| SHA1 | 5869f0d89e5422c5c4ad411e0a6a8d5b2321ff81 |
| SHA256 | a27dc3069793535cb64123c27dca8748983d133c8fa5aaddee8cdbc83f16986d |
| SHA512 | f4914edc0357af44ed2855d5807c99c8168b305e6b7904dc865771ad0ee90756038612fe69c67b459c468396d1d39875395b1c8ec69e6da559fb92859204763e |
C:\Users\Admin\AppData\Local\Temp\nsnB382.tmp\System.dll
| MD5 | 51bd16a2ea23ae1e7a92cedc6785c82e |
| SHA1 | a9fbaeb9a695b9f2ba8a3ed8f0d95d2bf6a3d36c |
| SHA256 | 4dbc79d2b1c7987cc64bb5d014db81bb5108bdd6d8bf3a5f820fac1ded62be33 |
| SHA512 | 66ffc18b2daf6c4cba01aef0e4af2f006a51aa218eab0f21dc66e47eea0389d2b1748ef0e30d2ec9f0123fd7f38ed3aee964dd6bde5779aaee19ebf55369af79 |
C:\Users\Admin\AppData\Local\Temp\nsnB382.tmp\uac.dll
| MD5 | 861f7e800bb28f68927e65719869409c |
| SHA1 | a12bfcd2b9950e758ead281a9afbf1895bf10539 |
| SHA256 | 10a0e8cf46038ab3b2c3cf5dce407b9a043a631cbde9a5c8bcf0a54b2566c010 |
| SHA512 | f2bf24a0da69bbe4b4a0f0b1bfc5af175a66b8bcc4f5cc379ed0b89166fa9ffe1e16206b41fca7260ac7f8b86f8695b76f016bb371d7642aa71e61e29a3976eb |
C:\Users\Admin\AppData\Local\Temp\nsnB382.tmp\utils.dll
| MD5 | c6b46a5fcdccbf3aeff930b1e5b383d4 |
| SHA1 | 6d5a8e08de862b283610bad2f6ce44936f439821 |
| SHA256 | 251ab3e2690562dcfcd510642607f206e6dcf626d06d94b74e1fa8297b1050a0 |
| SHA512 | 97616475ef425421959489b650810b185488fcb02a1e90406b3014e948e66e5101df583815fd2be26d9c4d293a46b02ba4025426f743e682ed15d228f027f55c |
C:\Users\Admin\AppData\Local\Temp\nsnB382.tmp\OWInstaller.exe
| MD5 | 26ec6fdabe608b621f85d22b1985319d |
| SHA1 | 0b7dcc560ed2d7d2d0a614e88796b11aeea05311 |
| SHA256 | cb4fa684a847fcb467a738b5f50c0a385d76b91e711e0ce4b72d41cc597b9714 |
| SHA512 | 4818cae9887478afd432fe6c8b12c8baf184e93734a943fe00e552cf5875c97d96c819c7ebadf20a8cd43b3dbd1f3e559ee613da8a3d55b2b176b143e825d125 |
C:\Users\Admin\AppData\Local\Temp\nsnB382.tmp\OWinstaller.exe.config
| MD5 | 82d22e4e19e27e306317513b9bfa70ff |
| SHA1 | ff3c7dd06b7fff9c12b1beaf0ca32517710ac161 |
| SHA256 | 272e4c5364193e73633caa3793e07509a349b79314ea01808b24fdb12c51b827 |
| SHA512 | b0fb708f6bcab923f5b381b7f03b3220793eff69559e895d7cf0e33781358ec2159f9c8276bf8ba81302feda8721327d43607868de5caaa9015d7bb82060a0b9 |
memory/4496-127-0x00007FFEC68C3000-0x00007FFEC68C5000-memory.dmp
memory/4496-129-0x000001CFA6A30000-0x000001CFA6A7C000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\nsnB382.tmp\OverWolf.Client.CommonUtils.dll
| MD5 | cc208a83fdf244bf8bd73c163dac39f0 |
| SHA1 | 5ffdd23728051c20850cdce7cc4d5970b5321323 |
| SHA256 | 6bb4b0ec3d131f212d0f0ded7788feefa1dce1c312ae1aaceaa0db3e73acac79 |
| SHA512 | 6cb09449120bcf76e144dce74efd54f88fda7c1f7c25ed61e1bf4127607bb312bc020c0ba29fc70ab001a886949e0faa67bdd609fd38bba8e119e218e9fba46a |
memory/4496-133-0x000001CFC0F40000-0x000001CFC0FE4000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\nsnB382.tmp\CommandLine.dll
| MD5 | 42b8558275c6838bf25616b05f5b1cc2 |
| SHA1 | 352cb161808e3cc360ef5ef67d3559d258f23448 |
| SHA256 | d98011873f275393db4810ca9ffe5a066c66cd157fa1c2d46a312824e86fa6f6 |
| SHA512 | 38266c98b3a86ef373298479c8b585ebbb66f52099812e29faf25a7e6e2d12b3896d69db72a9f65becbf8e2b643c2664a3c09275265a1e15622076de70d0afc7 |
memory/4496-135-0x000001CFA6E50000-0x000001CFA6E64000-memory.dmp
memory/4496-136-0x000001CFC1590000-0x000001CFC1AB8000-memory.dmp
memory/4496-137-0x00007FFEC68C0000-0x00007FFEC7381000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\nsnB382.tmp\log4net.dll
| MD5 | f15c8a9e2876568b3910189b2d493706 |
| SHA1 | 32634db97e7c1705286cb1ac5ce20bc4e0ec17af |
| SHA256 | ae9c8073c3357c490f5d1c64101362918357c568f6b9380a60b09a4a4c1ff309 |
| SHA512 | 805cd0a70aba2f1cf66e557d51ad30d42b32fbafcfbc6685ec204bc69847619479f653f4f33a4e466055707880d982eb1574ddab8edfa3c641e51cda950e2a0e |
memory/4496-139-0x000001CFC0FF0000-0x000001CFC1036000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\ow-electron\InstallerTrace_2024-10-22_19-49_4496.log
| MD5 | 4a21eaf09dfe2af8a749119da806cdb1 |
| SHA1 | 2ce1defa863acaba54dc7f0eecf2706ab392cd29 |
| SHA256 | 335e9809d1e38ff82309d9b8c0d9ce86b7ab4ffa08da480d4ab51f4544d2843f |
| SHA512 | 77ac9f276bac934049524477f7569e49bd9bb5fd09d453d3d9aa6740ee73b126206cbb82ecee9bdaea037730e54d102fb456fbee4f85e1da85585febff9a4409 |
memory/4496-143-0x000001CFA87C0000-0x000001CFA87D8000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\nsnB382.tmp\SharpRaven.dll
| MD5 | 96e7c0177c15bc7a157c51612f3369bf |
| SHA1 | 1e89f4bc3fdb3cb1724ab0c283195b6aebb1532e |
| SHA256 | 50532b392723aeff6f3e20c5196a8c4bb5865d1ff7d537fc9c27af6aa24d6e2e |
| SHA512 | 929b0b6b60bc0734a9858943af4645bb1bcf95a3f00fad01434997f89c7a2e816d5d8b612744dcb62fff354e5253abfe4c11c252e1fa825cef4a764559c0d432 |
memory/4496-153-0x000001CFC1390000-0x000001CFC1440000-memory.dmp
C:\Users\Admin\AppData\Local\Overwolf\Settings\SettingsPageBasic.xml
| MD5 | d931cf9b3e027a3e31074b42e5cddc5a |
| SHA1 | 40f7ade7f939ce39ed67a7321c5739baf20ff962 |
| SHA256 | 6062fa9b21d203a963be520b86d98979985fc9f8a04285bfcc2faa50d6f58737 |
| SHA512 | b6382b206ccb3ca0b0aa381822ff9c24271d5a912bb17ef2c2a9feb09e288eefa6796d8b58453971da1ac0b99bc4cb566c024a1f877d6ff2533b90705de8268e |
memory/4496-172-0x000001CFC11B0000-0x000001CFC11D2000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\nsnB382.tmp\app\manifest.json
| MD5 | bd268881845661738233611c5abaa301 |
| SHA1 | 038b46a10a4af115c038d8474fe4080343985d65 |
| SHA256 | 398b7082f2aa42bba54fe2559e18e6b8f924413733e37dd6808ccc81b1d36a99 |
| SHA512 | 2b3650fd5a8061a84605ee5553a216094eaf7d9ac9404b012f4ce99482adf25dc18d40d207f4a7f9617abecae455be322d463666e4d92cbe5cc96dfbd2d6d693 |
C:\Users\Admin\AppData\Local\Temp\nsnB382.tmp\Newtonsoft.Json.dll
| MD5 | 98cbb64f074dc600b23a2ee1a0f46448 |
| SHA1 | c5e5ec666eeb51ec15d69d27685fe50148893e34 |
| SHA256 | 7b44639cbfbc8ddac8c7a3de8ffa97a7460bebb0d54e9ff2e1ccdc3a742c2b13 |
| SHA512 | eb9eabee5494f5eb1062a33cc605b66d051da6c6990860fe4fd20e5b137458277a636cf27c4f133012d7e0efaa5feb6f48f1e2f342008482c951a6d61feec147 |
memory/4496-175-0x00007FFEC68C0000-0x00007FFEC7381000-memory.dmp
memory/4496-177-0x00007FFEC68C0000-0x00007FFEC7381000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\nsnB382.tmp\app\images\icon.ico
| MD5 | af5a51fc5d3cf1861f2a470711355265 |
| SHA1 | bb6ef7a49986f46b1347f007a327b7b35d28e4c3 |
| SHA256 | 70e7e734171c8c32bcfe8967bb3d91fbe259952ec9c92b6562095614ff465a1b |
| SHA512 | c3de8de1db9177521e87cb099a15ab4897e5d3a9b8b4086a555689743d9945fc23bc5c9a2409f26b2d120031e355ec6949ead3017c3b44cff7b701ad72073b8b |
C:\Users\Admin\AppData\Local\Temp\nsnB382.tmp\app\index.html
| MD5 | 423d2e2f7e21b856cb5f3ee3dcbfa5a0 |
| SHA1 | eda0e357387913daf57a0c683c34b4b8a5d7baf7 |
| SHA256 | cd59efa2fe7cbe222d03a946c34eaacdb3761e922763952d7be4555addf8572c |
| SHA512 | c403307549af9bf7cfd34295a8b1020e7b7489d104b5fdaf4320b495f85977134796774dbf4f20f8fd0b2d1f2188b881a1cc35cec56aa64a3dc84bf1c2d21b4b |
memory/4496-180-0x00007FFEC68C0000-0x00007FFEC7381000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\nsnB382.tmp\app\js\libs\jquery-1.10.2.min.js
| MD5 | 44e3f0db3e4ab6fedc5758c05cf27591 |
| SHA1 | 2d408aa1d35661019c95adcc60b78c0727ed25b4 |
| SHA256 | bc44d3631ffef1df7960e359f02002d3ada45ee05205c2cf1edd85da2f518144 |
| SHA512 | 4d4844e53e686fc59a52e86588f328dca3ed6fdad7195c58942a98c51755a24981b903ee7c7b27785375eaad5a7d9501cf74b999674b79f214e66103bad9efdc |
C:\Users\Admin\AppData\Local\Temp\nsnB382.tmp\app\js\libs\cmp.bundle.js
| MD5 | 16fc087f1323fce759abc94f985f9dc0 |
| SHA1 | 4f9fcb398d19077ac5b39c107a9934d3d41c8d71 |
| SHA256 | 304f8a03efd2a1e65f08b0606dca97c66f4875a4d71a9e4ad7a83fbb36731ded |
| SHA512 | 37696e22931829c05f53b6a5fee734dd4631836e20eeff7186aa8a5b0a1b8bc765c7ed42af0ade2d403cb7020c6c9913be2caf25db6388524b48a773c4e334bb |
C:\Users\Admin\AppData\Local\Temp\nsnB382.tmp\app\js\block_inputs.js
| MD5 | b5b52c92b90f4283a761cb8a40860c75 |
| SHA1 | 7212e7e566795017e179e7b9c9bf223b0cdb9ec2 |
| SHA256 | f8dbd6793b35f7a26806f4dabad157aaafdf6d66fad094b50c77d60f223fd544 |
| SHA512 | 16ad53ede5424ca1384e3caea25225589e9eec9e80e2d845948802db90fad222f709a7b651cd7601a34ba67a0627433f25764638fd542cbd4612871308e7b353 |
C:\Users\Admin\AppData\Local\Temp\nsnB382.tmp\app\js\utils\commands.js
| MD5 | a25b49d085333ece9aadd1f285795925 |
| SHA1 | 53341dcca297a969a8ff37265935488f1790307e |
| SHA256 | acbf59ce6aa668880f65aab2bfe62305415c76301b40bc7f72777f0b08840b71 |
| SHA512 | 0a2cb6f4e1af0c4205e38ba1e12c208e6ea4f8f8e3956c9d10b312aa9a6929b99ec967aee7aa1f54da97ca6ea354f8bd7f624359cfd05c6241a5f4bf59843b68 |
C:\Users\Admin\AppData\Local\Temp\nsnB382.tmp\app\js\utils\utils.js
| MD5 | a0952ebeab701c05c75710c33d725e7e |
| SHA1 | 1da8a2e889f1213d481ae3cd5571670c01e64adc |
| SHA256 | b4f0c48cbfeaf8141fd44b12031e3f0410cb0cdc313888ffdb14fdf1d2341246 |
| SHA512 | 5e5ae616d3fded7d2bf47a326242c4477ca3119fb52897bfb41de0be230ccbd6c3da2c00268b3973e9bf7b4f2886aba64fd9719b448662e4130ee66d87913389 |
C:\Users\Admin\AppData\Local\Temp\nsnB382.tmp\app\js\utils\strings-loader.js
| MD5 | 9c94eb933d8a43dd3825e67a7e30c980 |
| SHA1 | 7ec7b16af6f399219209ba5967d377040486a11b |
| SHA256 | 96445709fde2613af50f4b8908296d4bfccdccb2d9db9febc34a9bf4dcc70ecf |
| SHA512 | a662a299e31633f71a9b9675970359430fdac06dcc284fd7ce92919f244c7f921639f97a42356e993a95865e6c9f198dcba82c126f82065bf2009a31ec9b02f5 |
C:\Users\Admin\AppData\Local\Temp\nsnB382.tmp\app\js\utils\cookies.js
| MD5 | 6c60e675f8c8c68c0174b644d3a63a2a |
| SHA1 | 3635a3fe07ccc4a6f33a986ddb690522d0611abb |
| SHA256 | 9d3cb3822e20d6f5157faa02dc69bdaef44576c3fb5523e00aa152107ce30287 |
| SHA512 | 1dc9ec7b139bcf37107ecd673c01e4fcc606332ea1645a4a1b4e5d95f817d4c99d5964cd3d941a6a526689341d9623b17b4efc002cdf4c73404299d52b1be452 |
C:\Users\Admin\AppData\Local\Temp\nsnB382.tmp\app\js\utils\modal-events-delegate.js
| MD5 | 117e4fdbdb0ecf211c8bd909efd337d1 |
| SHA1 | 9f8684d856b7c95bdffb139217dfd89f41373187 |
| SHA256 | 267661f932a2ea78d8c7a98cc03d1b18d7cb8132deb84636772ecd1fcfbe4857 |
| SHA512 | f474ee20b59d3d0c11f9f6aee6b6e2b66f7025beaec9841f88455e60533dc96cb4e27910be0dae92b0028c5578932b7f459fdb91d594ad010f72a3b3af6addb1 |
C:\Users\Admin\AppData\Local\Temp\nsnB382.tmp\app\js\models\notifications.js
| MD5 | 85afdf9897bb1236eff3afa40d15ece6 |
| SHA1 | 4362bdd139458eaf4a2dcb34294b43e2d53f4a26 |
| SHA256 | 9dd03dfc92bcb74f3725aae60e904c0a56cc84f299bbb8e863a869719f6fdd32 |
| SHA512 | 4ab86c6bafba18f53f01ca913ceaa80f14900107069a1d5f65b108d35690bd8b50b1a6cdf1563fc5775909f69208dabebd139f3cf3d8576269d560d57cf9994c |
C:\Users\Admin\AppData\Local\Temp\nsnB382.tmp\app\js\utils\analytics.js
| MD5 | 525281e9959af4c1c0d11b9243c798a1 |
| SHA1 | 237a84c5b57bd132f48446d718b20640cb28c263 |
| SHA256 | c37f0699cf8ba7d9e3e0f73f1b2af65f4bdc2a31f44594ffc8c73e98b6c2fd1d |
| SHA512 | fe5bafda7773e69c65dd63270e0306abcd39cb2d886b675ab8c714ae0833efde963b69623d468551a1ab37f1db1a1d457f1568f7a29d9cf0bb23bb0edcab5fc4 |
C:\Users\Admin\AppData\Local\Temp\nsnB382.tmp\app\js\windows\cri\template.js
| MD5 | 76c1ef0cb437db144c2bed53a5a8a5d7 |
| SHA1 | aaab8fff649f8e46d1e9510018118ee9abe01498 |
| SHA256 | 505d3c4de7d9cf8f0155b5b1a3c8792bc0ca2eda6781b441bd85455f144be22e |
| SHA512 | 822bf9feda91c89539d263c6c9053163e8dfa3c511195bc61a9b608b4687fb4048733323f03dd30a7ab661a4be4acf6c8d8ae7bb6723771122540a9551899c3e |
C:\Users\Admin\AppData\Local\Temp\nsnB382.tmp\app\js\windows\main\main-controller.js
| MD5 | 15b665a5c915004e1aa7e9e11a710f7e |
| SHA1 | 7821924e42bb19d60c572ff80bbaaa04d7aaeefb |
| SHA256 | 84dc33e2eb3118fc77a38b0ca53af42c53f6eb85cfb1e8737dbe39fa03515653 |
| SHA512 | dd47f7bac0dbaac714e6d2fc91b4c24756ca4acb70bdbc4b54cd5216552d6bb85ba2e1c3c8445c5fb40d116dfab6569945cd74730bb7c8f3cf46e8d08f8afa02 |
C:\Users\Admin\AppData\Local\Temp\nsnB382.tmp\app\js\app.js
| MD5 | de88fce9253d26e0c61daa1783baa775 |
| SHA1 | 07c5848354a247056baad369059aac9d3c940ecc |
| SHA256 | 993f140f9f4e5cdbdcc657a3c159328bf58b3483dbc27c451516a556763a79ba |
| SHA512 | 71ddd47ef7ed7c02fb31e8ffa2ea6d1b5178dbda2ab37bac208e088c8ba2127e0cf5eaa74ee7ad5809fa69e534853312c6c8775c68aeda63bf0e4a5caefa39b7 |
C:\Users\Admin\AppData\Local\Temp\nsnB382.tmp\app\js\windows\main\template.js
| MD5 | a118c7724c208f12083240cafccfd10b |
| SHA1 | f89c676a215b869626737862a08c9eb07d440211 |
| SHA256 | 63a43bb08403972d0f4b0e381bd264af14e826e0035242bc1baa9a815956b8fc |
| SHA512 | 9fede79044ae5de7baf5bfba0d5a515ce462a25420026ff45bcf1751e57510023cb40df42d08e880114f62b38ddb218355d5357b725df32a41ae4e6a18414cb3 |
C:\Users\Admin\AppData\Local\Temp\nsnB382.tmp\app\js\windows\finish-with-recommended-app\finish-with-recommended-app-controller.js
| MD5 | eb6d6bd7e05d4477e2704dd87b57ca35 |
| SHA1 | f42672ec1e23a3f4bcc2952746d87ba8deff44be |
| SHA256 | 5ca97132a258ed1f36e401d70ccb95be2c9e18395e6010c40f61172914477de5 |
| SHA512 | 1402d611f910cf5078e804175fa4693b591348d3e7cf6d0a6bbe026c259eb9e0bc285233c80cb2f4690674c3e927bc72fbdcbe758826b98fd02ecb3ed82e339a |
C:\Users\Admin\AppData\Local\Temp\nsnB382.tmp\app\js\windows\finish-with-recommended-app\template.js
| MD5 | d1cb34b57cef7e28b9286454b197b712 |
| SHA1 | f3a964b319bab82d4eda07e126bbfd6dec35c349 |
| SHA256 | b61dfc304b46e8cd95d7b15bb93c6160b30523a1a093397a84fc8b8bed00ac42 |
| SHA512 | 3a07de9c58134edbb7998f85e6d037a0cd066e32c4daa07594a949a7574f5693153bbcdb59739e1a92e847ab1128e2369fb30ba76a7b9cdfa9a37a409db691c1 |
C:\Users\Admin\AppData\Local\Temp\nsnB382.tmp\app\js\windows\finish\finish-controller.js
| MD5 | 138240ea22084428e9e25583e9156568 |
| SHA1 | e8bef7eab5b6e7040b996ec9504436e073444bd9 |
| SHA256 | 4cb4e1aa25c15ae5f2e63fa4658a8acff0ce63e0f59cb6eb634df2dfe336e2ec |
| SHA512 | e97b81b0ecd964e6e909019353efe4f5582f65763ac4197d754f1c4eea19cfc249900ae597fd33e29f531bb0d1c7e0f010793c59a2b0099fa75ad0b7d01ce8a7 |
C:\Users\Admin\AppData\Local\Temp\nsnB382.tmp\app\js\windows\progress\progress-1-controller.js
| MD5 | 82f0b997ed552c52a510a9f2ab29dc3a |
| SHA1 | 92aec3a656053c71eccdde610130f5d8008fa96f |
| SHA256 | 838bab990ce38372dfedb50eb0a270db705811729630ab8557c08bd1e9e8e105 |
| SHA512 | ecf67f877002d746eff8af3a50155aa381513ddafd17b6bff0188c85f0765579fea0112e82e1371f962b1f5decc94b65e6120f21fb516533dac35a2d541065bf |
C:\Users\Admin\AppData\Local\Temp\nsnB382.tmp\app\js\windows\finish\template.js
| MD5 | f092de7ea66d8e920b345f38537fa35d |
| SHA1 | 82d107a409f18878307ae0cefe24074db64937c4 |
| SHA256 | b05f111369e12ecb4cdc6526dd554061eb31097aa0de4bd126ddc185b69d922f |
| SHA512 | 14942c0122f216c07595cbaae498f9c4d37a2d0fd95f262c332502befdf4566c7a042c4d85702c1d82a111123dde677096195e9efeb1d74eb1dfd4df84d01a23 |
C:\Users\Admin\AppData\Local\Temp\nsnB382.tmp\app\js\windows\privacy\template.js
| MD5 | cf8d2c26520d7c84e560dfa79e31dcd3 |
| SHA1 | 716f2ec17480d5cc9c145bc147833fbfc39d36f0 |
| SHA256 | 95c459eae0edccdb94702aea603a097e461daa0e5f37dcd0e30de7df665433a8 |
| SHA512 | d466dcf7e86a4295857020feea281fc89f519f6bf1e79c3b5e1046d0745c9c9010377b1941e06c9a9b2c78a4173ed9909332d5d6c39b05f460e8a863086c895b |
C:\Users\Admin\AppData\Local\Temp\nsnB382.tmp\app\js\windows\settings\template.js
| MD5 | 28513de0830383a516028e4a6e7585a0 |
| SHA1 | d31fc3a6f4a3ce6c4afb82ff2342a1ed718809e5 |
| SHA256 | 8014a7c919da249ba2f2196d9c9b62639d20851be426f3ffaef161cbe477c45f |
| SHA512 | 0f7321c2ae13145bb694368dae1b74e6fe20e6b09712da2178bc46e6aa65223ab84c38abbf0ed074c85b42dba1a238a5f3f8d1ae060a0af6df748c5befe11b61 |
C:\Users\Admin\AppData\Local\Temp\nsnB382.tmp\app\js\windows\welcome\welcome-controller.js
| MD5 | 50f676754862a2ab47a582dd4d79ecf3 |
| SHA1 | 1cb2f4b11f9f8cfc8dc57ff29d0256dec4811158 |
| SHA256 | 6155691dbdd66290109afb91617f9cf68af6bd912991d5d27b922f5faa7f530b |
| SHA512 | ccfc89e08fd36f0a694fcda17efb84ca285b6c62afe2e3a794fdad19b6882a4b618645f4d9171673ba56fb4c55fce336d6b8d26dec3a5cc11293ae2b211f499f |
C:\Users\Admin\AppData\Local\Temp\nsnB382.tmp\app\js\windows\welcome\template.js
| MD5 | 17f54fca6723b983875d940d931e0afb |
| SHA1 | 01774cd5cea36bd74c80a708d6f77567e8091024 |
| SHA256 | 42c546e9da748ef76fdab56b96fd511eb607617a9ba37b3dc420148b769d8acb |
| SHA512 | 401df9a54cd14c19227d91bd08b4775a7b437644b4ca0d1d636d3e07b04591f9c5516e80040ae6a79ba400457d15e3d80aa148a63de870a64664fc5a02f7a038 |
C:\Users\Admin\AppData\Local\Temp\nsnB382.tmp\app\js\windows\cri\cri-controller.js
| MD5 | 4e4b4a9e2d86ae3c108105078db6d730 |
| SHA1 | 826946be793c999316af6c1db10523950b18ea2c |
| SHA256 | cee7fc5a36a01a439125be031923d7e7415ec56194255048098169a0108034b7 |
| SHA512 | 1420065cd000ce9b9c39d27b5dc5f4055f67146e06573a03184649851c9745f0c0af2b5e35b41b5923703dd74e32f9ed95fc59a43db25f854584e319950beffe |
C:\Users\Admin\AppData\Local\Temp\nsnB382.tmp\app\js\windows\modal\modal-controller.js
| MD5 | b04bdfd1c7d09bdbdb94a2455fdd677b |
| SHA1 | f000ba4866ff16d75bfd6cf446763498e19b12b1 |
| SHA256 | 4565ee81ffe222b31982088b1c18850076e3acf59198ebce08118e12cbd87ea1 |
| SHA512 | 3cb6ef0a16309046e7f407e7321eb12212b0eec09ec1a04b1d813f6c7a04546714865c3b398a93985041f598156ed905ebd23a64260801281b29ada9bc19ec5c |
C:\Users\Admin\AppData\Local\Temp\nsnB382.tmp\app\js\windows\progress\template.js
| MD5 | 92b145e6649ba0add3dee9a69d3fa91e |
| SHA1 | 4db1a45392ec973cc8a7eecf3a30a9a7ecc7a64d |
| SHA256 | a7128a08bca53dd919cab3e5cb4dab31ded7ae2dafc957209b9fdd23f3b944ab |
| SHA512 | 747a087dffdba5c92d9f4c8923615d388b9c4c79d3b71d3cb90487aa37c132290a4f5107eef3055c03eadcb9614e20d4655393dc9251fab7e0ee2438f0d95751 |
C:\Users\Admin\AppData\Local\Temp\nsnB382.tmp\app\js\windows\privacy\privacy-controller.js
| MD5 | 10897b8f8e410b128258fd4fcb183bb3 |
| SHA1 | e8dbd5a9018a2183a43f30da503d10a91f104763 |
| SHA256 | 67556e333a57f50c62bb68f7bb08fbc619d7cb5342e05a75d5023d376c56d306 |
| SHA512 | 307bfdec5d5a1495be300f61f2c3a8477a9b08da607244f6f72de3238fdff6d6d095e9d05f5ccf2780b8e56d2b48835da82ce4519d329fdbd6aad28a2ee82d39 |
C:\Users\Admin\AppData\Local\Temp\nsnB382.tmp\app\js\windows\settings\settings-controller.js
| MD5 | 378c18dd7d5cee6ca7c4ddd0396b535b |
| SHA1 | d5f81d4fab29201fd1629dc4d8e6f918c0c30479 |
| SHA256 | b5c5dc5e0684fd97eb4c45896dc1c2de8a6a6fdc63b6aa83a99103c15787ef35 |
| SHA512 | c29416b3f0245f4826d857dc8c52c969071d2410c945bda96f38f59a9bc7137ee534d84865e5ac55a1e3cea6bb705c5d592725af709cd97e7f38ff05dbaafe5b |
memory/4496-212-0x000001D7C57A0000-0x000001D7C5F46000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\nsnB382.tmp\app\assets\fonts\lato\LatoLatin-Regular.eot
| MD5 | 6cfad5881181ae658a6efdd68889a690 |
| SHA1 | 5b54f6ccc20ed3a078fbdf94d7a68ac80002624d |
| SHA256 | c6c970b103b3c3aa83f7a45172619a4451ea5f015f9f3ef4fd08c9a4aa895cbc |
| SHA512 | ddd3d43540eb3d4eef48d0834136de1e7bf23a52f286d0a666cf57c7d685aadf1cea6d37c88f9d7ce5ad6143d7c3213f54b16a11f616b7dce154bba50997bbe7 |
memory/4496-214-0x00007FFEC68C0000-0x00007FFEC7381000-memory.dmp
Analysis: behavioral8
Detonation Overview
Submitted
2024-10-22 19:48
Reported
2024-10-22 19:51
Platform
win10v2004-20241007-en
Max time kernel
139s
Max time network
124s
Command Line
Signatures
Command and Scripting Interpreter: JavaScript
Processes
C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\app\js\app.js
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 150.171.28.10:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | 217.106.137.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 23.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 226.108.222.173.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 55.36.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 28.118.140.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.86.106.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 53.210.109.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 101.11.19.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.156.103.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
Files
Analysis: behavioral21
Detonation Overview
Submitted
2024-10-22 19:48
Reported
2024-10-22 19:51
Platform
win7-20240903-en
Max time kernel
117s
Max time network
118s
Command Line
Signatures
Command and Scripting Interpreter: JavaScript
Processes
C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\app\js\utils\cookies.js
Network
Files
Analysis: behavioral23
Detonation Overview
Submitted
2024-10-22 19:48
Reported
2024-10-22 19:51
Platform
win7-20240903-en
Max time kernel
122s
Max time network
123s
Command Line
Signatures
Command and Scripting Interpreter: JavaScript
Processes
C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\app\js\utils\modal-events-delegate.js
Network
Files
Analysis: behavioral3
Detonation Overview
Submitted
2024-10-22 19:48
Reported
2024-10-22 19:51
Platform
win7-20240903-en
Max time kernel
117s
Max time network
129s
Command Line
Signatures
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = d0d99a8abb24db01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "435788418" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{B4DB0AD1-90AE-11EF-9DE0-EE9D5ADBD8E3} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000b3e8f15f634dfc43bfa5c3a2648d88c4000000000200000000001066000000010000200000005553e52f41b41895fbc761245de322b56c271a60f495401c5aeafed4a7ac6ece000000000e8000000002000020000000a26b11181f306a558998c87f34e99d1ff024a6fdce5c6a027a1f15a538c24b589000000004dfc1b2459027e3d77565d21f294b1dabe8403e59e98f98ba42bed8702a0b9552e1925bbbd4b84f65ed64339d503eec5c509bd0912287f0ab6370d1b6514600b49950a6bce7aba08475ef2984e17bffaecb184fc71043ee59a643352cddd045166fc988ffbfb4738ae0f174acb73e1bd1e6b7580f78d45122c9040bd7e80d4876eee50d20fbce64c1ef92a38ec9f6c34000000008cb146e8812820780904d05a7d653720a88a1e5c68c81aad7a55ae8ad99d316f24c96e2887e24e2f27112e8deed0992cd9bf54dc008c01eed2badcff6faf5b4 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000b3e8f15f634dfc43bfa5c3a2648d88c40000000002000000000010660000000100002000000085ac94a5f14548e6d2bde8e0e1177871868107dd3ea41b370a478eb774fcb5ed000000000e80000000020000200000007b373a512cd46cc442a37f034adc32371f8d67ca93ab2be34409dd53ef9621cc20000000603f7024e6720d6cc92fb32583f06b90d868618bc5c0e4a115d2490695cf5a01400000009354a2937a6daad0719c952d8137fb1dc9772e55a529cb4dcba37bd289e305368a41aaf6b348bbd11b68921a5f4a7e6251834e1a19b6127c3a79655ce07c6411 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 3020 wrote to memory of 2308 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 3020 wrote to memory of 2308 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 3020 wrote to memory of 2308 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 3020 wrote to memory of 2308 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\app\cmp.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3020 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | content.overwolf.com | udp |
| US | 3.165.148.127:443 | content.overwolf.com | tcp |
| US | 3.165.148.127:443 | content.overwolf.com | tcp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| GB | 142.250.187.227:80 | c.pki.goog | tcp |
| GB | 142.250.178.3:80 | c.pki.goog | tcp |
| US | 8.8.8.8:53 | o.pki.goog | udp |
| US | 8.8.8.8:53 | o.pki.goog | udp |
| GB | 142.250.178.3:80 | o.pki.goog | tcp |
| GB | 142.250.178.3:80 | o.pki.goog | tcp |
| GB | 142.250.178.3:80 | o.pki.goog | tcp |
| US | 8.8.8.8:53 | ocsp.rootca3.amazontrust.com | udp |
| GB | 52.84.143.44:80 | ocsp.rootca3.amazontrust.com | tcp |
| GB | 52.84.143.44:80 | ocsp.rootca3.amazontrust.com | tcp |
| US | 8.8.8.8:53 | crl.microsoft.com | udp |
| GB | 2.18.190.135:80 | crl.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\CabB6E3.tmp
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\TarB734.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d62bbfc3de2f1488f6abc574956453c1 |
| SHA1 | 411401822295b324a208f2513b20ee2cd1040f6e |
| SHA256 | ee4f5d940b9b7da1381a08ea164520861cde8275fe7779c7a8b3516122070a79 |
| SHA512 | c2b79631b699dd9a7dda7182d7a747a61380d5f28f0160a944973fa9a99db2c40ee67188c63aa15271003fb20db8deb422c1a6b35ed861258d02cf5244789cf5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1d2d596d1ecf009b2e09285dca96177e |
| SHA1 | 941f7a22bd79267d7d5e56cc0fd426536a9573a2 |
| SHA256 | 88624de0c27cebb68a7b1fefb04cf17ede58f0a1ba430220d9354490ec2a50a2 |
| SHA512 | 5ee7a97f85b25d0a23e35b8e03bb8634872eef35416cefde0fb255910e88183ae709a46cd932390fd566748aad5264f559f89c964fce8697366345e1c305a92c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\070E0202839D9D67350CD2613E78E416
| MD5 | 55540a230bdab55187a841cfe1aa1545 |
| SHA1 | 363e4734f757bdeb89868efe94907774a327695e |
| SHA256 | d73494e3446b02167573b3cde3ae1c8584ac26e15e45ac3ec0326708425d90fb |
| SHA512 | c899cb1d31d3214fd9dc8626a55e40580d3b2224bf34310c2abd85d0f63e2dedaeae57832f048c2f500cb2cbf83683fcb14139af3f0b5251606076cdb4689c54 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\070E0202839D9D67350CD2613E78E416
| MD5 | a7395ae50028364d3697143677c2dc3d |
| SHA1 | 32fcab4ca4de6ed2abc5d44651feb276d6dbd011 |
| SHA256 | 602bdab2b85134f250835e94204c13ff2c764efd879e616b56687f9e5fc89725 |
| SHA512 | f54cef3b7967d760076bdf74d73aa83c9722e3549982cc7790b175dc3a9077575916e090d3dfde5cbec9dee64bf3e888a649b464cf0ddfa245649414b7d4e5d3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 31b8bfbf5e3862213e2339c6e0c67173 |
| SHA1 | d45f32f6806c7c09bbdfcf65e73a30dc03396d52 |
| SHA256 | 79c780e945202768d3c98d579444f1204f32f89de500ccc8b6a53461fe64feae |
| SHA512 | 605dc35e1f5f9fa36fe09fcb202e093182d4d5fab5cfa2548dd8211bd816cd1c70e60b217e772b2426a619d81dbc77c167063463fe5007dc2d630d26319a1634 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | cb1eab4bd43ace3b679ecc7bffdcf1df |
| SHA1 | 0665e6119cc24b2f4053529d6fa658a29236b56c |
| SHA256 | 5928ac57877eaa3ad7a4206f4b08edc579b37b573b095b0462421a1dcee96a21 |
| SHA512 | 2b58682459160ad42474418153fa47853f40406370f1d1e1f774c13c95cf2b22a20ef159f95456bafd0acdde644088f2afa855f8cb8b692d5a29ef1e78714894 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | fbde4477c704e1f4fb782fffd4608210 |
| SHA1 | 259054699c92d71634bb5c5737bbbcbba355ebb8 |
| SHA256 | 4b617e03ccef6c63690b55666ce2c0698766e7cda131bf51b16303afba73a01b |
| SHA512 | e73e748d5856a60445b61c7fc870a9bca6f9f941c6e78172dc98e1fde717af55d4186b09d1a2edb0e48e95fe1ac0e7af59bb5921696682a98e2aa162e2e70d71 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 34ebe9050038f200ecb7810d893659ea |
| SHA1 | 3afb98928acd699c9b8538c700f5ee4956ba09ce |
| SHA256 | faa0c002fd44bce0db427363856cdfa6902101e78365bef544d6f2c8107eb95b |
| SHA512 | d48a7dd6fe0866d69f0f7dccba2284441f1eb209263cc23996a5ab66b59c9db745cc6fadabc6d1f6a4774d06e0535a9f025da919da73d2c4b4b8f1886d536972 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 21db92795b4b946a612df771ed0a72ea |
| SHA1 | 772cfbbc22aaf9e51e59213d673514a24aec37ca |
| SHA256 | 3ca71d969561fc072b214922998925ca5967f5845712f68a5bca59aedb2430ea |
| SHA512 | aacea2434825366b3ab9a247904d264708f5569af7f86302749aeb9411b0d856b56e92e10380252de8cfe5d4e607837cf31ad058db930d9f17510b4be8ee5a42 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 21c20431f5c86d3a87a7457ee8ead149 |
| SHA1 | 985c0d76e24f78e14f11f336f78d346fa153e648 |
| SHA256 | 8c17ea6742a08f90aa670ada6ebffee5ea51f7fc79310be1a61bb040e6db1fdf |
| SHA512 | 8de90a0d26366a435a6a22a3f4f9109b3d356f03c6dfae4992fcad948b674f502e937f05ca9c610ef37081900a70be67556c2540f6308d44ad6fbde3fd621ed2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c2c115c8450befd10407e39328d9df79 |
| SHA1 | 36ba60c580ab6327acac391e13101c8d4383f0be |
| SHA256 | 10cf57280819b9c4892c4163aaa114c88b82f8312902750d671c377ff57a6465 |
| SHA512 | 0dc9d5bf194faabea945db892ba7dcb558b9ddf104f9eeecb2a0a87b74642200f9f84edb5c52d29c7294431736809dc2865f3b2524a1b5e02155ddc18dd65f1f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 25aecddd13b603aa05cf3350da71c394 |
| SHA1 | 1c9e45e35ede1f27a386f9d82ece681f7855b119 |
| SHA256 | 1daf6403a555bf12e404084de4c0c08bfa80564dd3ee90c40bb080758e1a88a2 |
| SHA512 | d88f3e43aab00de57f61775061e5e93b35ba635df43727f685e59af6de80ea40a43b179cc7990ced6e98962f8a143fe1c106adcac109720be1f10b62505ba131 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5298b3a9604dca942517460c59d87c02 |
| SHA1 | a0f0e6545468f4c1127c7a5e831d42e8313013d3 |
| SHA256 | 74821a68313149a89e90173fefa3c0e1fd52bb7559fca15ba3609000b3838c5a |
| SHA512 | a57a667a6cbf6d5001a681880adbe599f738201c80df431d8728f2465267ceaf4a19a11a57308a33f6279c5461707246f700e80e8ec599484173b3d5080bae0f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8ce063c22d8aae8654cb61393923a01f |
| SHA1 | 4ad6fefc896b0fbc4559a73686f1caa2ac364832 |
| SHA256 | 9fb3e2f43f2c0a9465f553f806377c2fe51c61f8b1becb85c65f4897cc80b756 |
| SHA512 | 6cb39fb6a9fee1928cf2c3275b24a73dc312052cffbab0b67a2c3538a3130b142795dcfb4f99921d0a421b885b59fe6bddb8e753980986ca8e10ed7d79cbc334 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 938f880428cafc2e6162e9c682ea7063 |
| SHA1 | 7feac2b7c4c525029e3bb3b257e8d651ba2b061d |
| SHA256 | 35ac20b478b931ac4d19c84ff5ce54809215a5cf69e11f61d9d535963a88a014 |
| SHA512 | 116639d6d7b2d0264883538ee567f65b62a2ca3751550e9873a6848126a1de86d76ad5afd893ffac5c20102b9e0f78294f13de97072487dc43c4442026e9a0e6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 78b8606293bd61b14c530d7215a08fff |
| SHA1 | 381a613b839e1e1df2a06853551e9a265a6eef6d |
| SHA256 | 71f8ddb781d9693ba6c00a26d1335a8df88b1dcf26089be78ed85856bc92a865 |
| SHA512 | 33be5d74c5b91ae7e3f677ecca8317d225e2df4adfa66347dee4c94c2177cd4cf4feb00b2365a60237aef8a916078caa4ad42cb5473e484caeea7fe8bc670a48 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2b89d15f7a1f4cad11ed085275f7c116 |
| SHA1 | 6b820aee7a96c64e97b4da4475258944ad94bd56 |
| SHA256 | f8801332eb5a52f1d8e400f938bc5540019d1300780af20450447b3a8b8cbeac |
| SHA512 | 477184e0a687e0b709d766655bf9596e475f06430f3dbfe095d98abbd58e55e595f12f1feb6ef067d140127e91ec667e9b33da78661cd3bf50daf58aadc1210c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e485450aef49a647ec4fab6ea7063708 |
| SHA1 | e2c8cd84cb9498b6dc5990967ec22a417ce40da9 |
| SHA256 | 9bcca7ed570ccdab492b5d2dae74da89de3e7ec7dc2c7fcbc14c478bf8bda47c |
| SHA512 | c4ff9607fec17521437d4b512bacd3209257f7a123e86e0a641a802d805a79889867304b78b56252690fd0e7c84f23afad218cedc1ce2683805599ad318f03ac |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1c7aad91896adf8cf6fe418004dd95d5 |
| SHA1 | 7f18dbb73779a261c002fb72a950862a982a4035 |
| SHA256 | 8e8cf5864d14d3dd07e65d7dbc4c58ebef9bc8e4aafd63493d8593d9c332dbde |
| SHA512 | 230825ad3fc7ae50e0d0797287174f8f46ce8912f08c14097bad2228dd801ff133d61c6314dbaeb2135866ca419ef95dd2fea92881fd4ac07fdf88e7ac097d57 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 08980246130674f493362fc1cf24df76 |
| SHA1 | 259eb7d21107a45c482c337a443b7d3160513772 |
| SHA256 | ebaa40a76b46a6a1f9b1dbc3e84c7deba2d0c93ba515c899de2aa3fc2a69b4b3 |
| SHA512 | 9eb90842f226bf6608ba12ed18ffa1262dfea9a4d9cf747dbfd7ce86c6d1d9ca1c2b5f8b9e5823536aa11f0f4e1fa2b56727a67d54debc7d974a78f6b465b67d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | a266bb7dcc38a562631361bbf61dd11b |
| SHA1 | 3b1efd3a66ea28b16697394703a72ca340a05bd5 |
| SHA256 | df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e |
| SHA512 | 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | 629bfc1030278076b58a8c2413b3edaf |
| SHA1 | d52987e87a9ba8eff7caf67b10d17a514075b254 |
| SHA256 | 46d52753646bd1b89bb43e98ff6e98ba15735fa1515a89687996cd1d8118780a |
| SHA512 | a80bcfd8ce2ad16f3b559d7eae12fb84ae28c1fbc3d7e29c161aaefb481601e586faf3494a2186e5b5171a4a16546629b40959230defb54e7abe21b76fc4e0ba |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6173e03f5f86e83d3d9dcbd7920681c6 |
| SHA1 | 1211a1aba3561a656f1ebb7e8a84a78cccac7aa2 |
| SHA256 | 2e7f05b3b60b85246a70913e46688871eb92b4536209adcacdd5ca5eeabc8145 |
| SHA512 | f9e5bfd668c1bc978a086f882e7eb4fdea4034e9aef895f4b8bd8b8f48a617ac45c5418d100ffc786007067eb9e7bebe67f65291a51c21eb238f68c31fc8e5c2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 72d7acf42b1fae2ca6ab0b0dcaa694ce |
| SHA1 | f01966b21ee14018c4adbbeafe076810077012e2 |
| SHA256 | a66b36a66c60e77abc00923e93ab1986cdc86e61be4c34ee305db302bfbcbe9b |
| SHA512 | 54d63c814d44428ba729e76bbb93b104b3eceffbc5cd31d4177efca5507b464c2bbd842b24e70e24798600d803f42b6aa9e5c03f00861758ed3a999a9c4502e9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3d662439efb51ee94028fc9bba7d537d |
| SHA1 | 1fa48d110645fe2af1b1cace8e9fc06ae03d9854 |
| SHA256 | 40bd21c2edfd9ca27704be1467cd8e1e50c15c1680fd1fa436fa3986f3535f23 |
| SHA512 | 640bc8feeadc92810965494a43d0bf0c435b4f165cb96c4db2186424172fa77fbabe479b467807f1d12ed017702c9ce548c9ded4dee374b3c0f67b92f4357bc6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 22aae640fb80f48dc596d3be36eed11c |
| SHA1 | b0ec6724d19cb65fb3ec0636ee11094f815fe399 |
| SHA256 | c7265caf0e67b07af6b7a5845c0f445dd70082dd420dd9c0158e2d9d2877cce5 |
| SHA512 | cb2368c302482752403276cad598a1378addde009102b89eae0db074226f122c9497a1092ef609a7be95e77aafa841fe027b8bc680608405d52d7ff31ea0552c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | dcc3000d34bae0dbca3a81362fecf0db |
| SHA1 | d3a0326837deb7a8edb392bd9aa31d1b02c2405a |
| SHA256 | eb8b8586e79b10f14817db5f3b1e18c8fd3eb26579ec526a1455755e9c31f06a |
| SHA512 | ff05212bb5bbef99b05c0dceb77cb9431c327cbc0435cf3cc20e34897719acbdd172fad55b02ece4b24941f54791db0d54ae7680df54b9ff8ff500b3ac8bcf60 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 40e2c2b3c290714f5c5dd8a8a05e18f9 |
| SHA1 | d46794cfe96c0f0ae2889b174c342e564436b8a3 |
| SHA256 | 4acbab2cf56dd40ec86494fbd2ab54b87bc32052a91fb344c6feb9db04711764 |
| SHA512 | 6794952d72c3a1a9474e1bfa7660053b9e743865357c578ae1c8ddf2eb4d8b3badad5bea7de2a17f9fb6db7cbb7a994e17fd14835ea4fb27c2fc4340295d9d04 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | e4a68ac854ac5242460afd72481b2a44 |
| SHA1 | df3c24f9bfd666761b268073fe06d1cc8d4f82a4 |
| SHA256 | cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f |
| SHA512 | 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | fbf9f05939b46ebcc889f2cf1b42e431 |
| SHA1 | bd3cf105548bedb0c594befc5fdf480868f2af5b |
| SHA256 | 3c0b1a92cc9c9ed51280ca852ea0a8d2c43d5f8d73172b24627cce3535b9639b |
| SHA512 | 5d9e68e73188e4f3385e2798e75ee1dbcc29f8f16fa5a7219b312e4662bc16698079724ee644f92fa392cb4f2ba42a25a1113a1eb53e3721e3240cc6bacc373e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ba40a0f4ea28deaadc7decff9ad20b07 |
| SHA1 | 6ef1d9aa8ee83f1d4be9d0b3483a8b628683b710 |
| SHA256 | 67c5bd4ed205f418253baaa6121924ec429239a72ad7587898f3677221843d2d |
| SHA512 | 24c697bbf5284d03349f24a96c9ecb4ca49c5bd15c64d432f241dd60c2a881cd2aaa114692fb9bb171d495845bd3aa6de1659141d38da5343b11ff4de84d618f |
Analysis: behavioral4
Detonation Overview
Submitted
2024-10-22 19:48
Reported
2024-10-22 19:51
Platform
win10v2004-20241007-en
Max time kernel
149s
Max time network
153s
Command Line
Signatures
Browser Information Discovery
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\app\cmp.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8cc2246f8,0x7ff8cc224708,0x7ff8cc224718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2176,3281766835199754996,7601057244065973876,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2200 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2176,3281766835199754996,7601057244065973876,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2304 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2176,3281766835199754996,7601057244065973876,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2900 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,3281766835199754996,7601057244065973876,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3380 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,3281766835199754996,7601057244065973876,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3392 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2176,3281766835199754996,7601057244065973876,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5252 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2176,3281766835199754996,7601057244065973876,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5252 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,3281766835199754996,7601057244065973876,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5304 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,3281766835199754996,7601057244065973876,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5324 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,3281766835199754996,7601057244065973876,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3452 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,3281766835199754996,7601057244065973876,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3432 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2176,3281766835199754996,7601057244065973876,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1852 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 28.118.140.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | content.overwolf.com | udp |
| US | 3.165.148.127:443 | content.overwolf.com | tcp |
| US | 3.165.148.127:443 | content.overwolf.com | tcp |
| US | 8.8.8.8:53 | 243.108.222.173.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.242.123.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 75.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 127.148.165.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 71.10.230.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 67.204.58.216.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 241.150.49.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 197.87.175.4.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 71.209.201.84.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 210.108.222.173.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 43.58.199.20.in-addr.arpa | udp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 10.27.171.150.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 211.143.182.52.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 61cef8e38cd95bf003f5fdd1dc37dae1 |
| SHA1 | 11f2f79ecb349344c143eea9a0fed41891a3467f |
| SHA256 | ae671613623b4477fbd5daf1fd2d148ae2a09ddcc3804b2b6d4ffcb60b317e3e |
| SHA512 | 6fb9b333fe0e8fde19fdd0bd01a1990a4e60a87c0a02bc8297da1206e42f8690d06b030308e58c862e9e77714a585eed7cc1627590d99a10aeb77fc0dd3d864d |
\??\pipe\LOCAL\crashpad_4324_EATNKHWFAYVIYSVO
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 0a9dc42e4013fc47438e96d24beb8eff |
| SHA1 | 806ab26d7eae031a58484188a7eb1adab06457fc |
| SHA256 | 58d66151799526b3fa372552cd99b385415d9e9a119302b99aadc34dd51dd151 |
| SHA512 | 868d6b421ae2501a519595d0c34ddef25b2a98b082c5203da8349035f1f6764ddf183197f1054e7e86a752c71eccbc0649e515b63c55bc18cf5f0592397e258f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | f7b155a6a435c88e70687e59ce1e41f9 |
| SHA1 | ebdb9469ef53476aeaf0d4d82a888c885c7621d3 |
| SHA256 | 6b9516c143f150972a0761def61c2123a0d69521298a2dc1b9a9898b81e93b6e |
| SHA512 | df1fd02688e271a9de4e9c0d236ac83dafcd13efb5bee015323d5b7fb1fc3ace0a9da890aab904a730554e7e633e0c61b7661197aa149f028bf943dd8b834f46 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | cba0a4bb07f7c7803116e9f55a25460d |
| SHA1 | 7e4c8f17e3afa361e87c344b543052a5ee212aa7 |
| SHA256 | 35e445fd9f521955f253ddecc59bb901f730f7fc84833ea0a1dffcbacb5fc93f |
| SHA512 | eff4ef152b2d576cb39393559dbb8964262cd936587ee9fca5ed6f9a0bf72955d13c9522005bf677852926ec98f38addbdf2f91a20e4dfff67a4791cbbec384d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | a59355b8ec9cd1b80bd95bbd75f3f078 |
| SHA1 | 47664b0b355dfe34a7848219c3e3e93953388880 |
| SHA256 | ef1cf866c438b63217583dd93d8bc75a1143064b1e755d1ab742a977aadfcc32 |
| SHA512 | aa73514029b9e05ce6c2ffbffde340ec69bb7d61e103e2a8aa0711ff5c60666a5018230ae523d3588e89a53b3dbf19d7a76d02543eff09e6eb68e233f1bb24bd |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 1b7bc6d067fcf269baf90044675a3a8d |
| SHA1 | d12ec292320845e3e3a57fcc2a9d71997942b6a8 |
| SHA256 | dedf8826032fd347eee467bb851dc460a0720a6a9acbf4021273851ad22560a9 |
| SHA512 | 426dc15cbca1d0aeeec0710f103217275885e7b2fbc451391bb39719b298b696cfde7e25ff0f58ffd3f25482a823fee31445f95ba88e415e17bd6ac5f244561b |
Analysis: behavioral7
Detonation Overview
Submitted
2024-10-22 19:48
Reported
2024-10-22 19:51
Platform
win7-20240903-en
Max time kernel
121s
Max time network
123s
Command Line
Signatures
Command and Scripting Interpreter: JavaScript
Processes
C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\app\js\app.js
Network
Files
Analysis: behavioral10
Detonation Overview
Submitted
2024-10-22 19:48
Reported
2024-10-22 19:51
Platform
win10v2004-20241007-en
Max time kernel
148s
Max time network
151s
Command Line
Signatures
Command and Scripting Interpreter: JavaScript
Processes
C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\app\js\block_inputs.js
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 28.118.140.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 193.108.222.173.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 71.31.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 55.36.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.86.106.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 197.87.175.4.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 72.209.201.84.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.108.222.173.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 43.58.199.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 10.27.171.150.in-addr.arpa | udp |
Files
Analysis: behavioral13
Detonation Overview
Submitted
2024-10-22 19:48
Reported
2024-10-22 19:51
Platform
win7-20241010-en
Max time kernel
119s
Max time network
121s
Command Line
Signatures
Command and Scripting Interpreter: JavaScript
Processes
C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\app\js\libs\jquery-1.10.2.min.js
Network
Files
Analysis: behavioral22
Detonation Overview
Submitted
2024-10-22 19:48
Reported
2024-10-22 19:51
Platform
win10v2004-20241007-en
Max time kernel
140s
Max time network
143s
Command Line
Signatures
Command and Scripting Interpreter: JavaScript
Processes
C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\app\js\utils\cookies.js
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 249.108.222.173.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 196.249.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 138.201.86.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.86.106.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 212.20.149.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 69.209.201.84.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.214.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 48.229.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 10.27.171.150.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.73.42.20.in-addr.arpa | udp |
Files
Analysis: behavioral24
Detonation Overview
Submitted
2024-10-22 19:48
Reported
2024-10-22 19:51
Platform
win10v2004-20241007-en
Max time kernel
149s
Max time network
153s
Command Line
Signatures
Command and Scripting Interpreter: JavaScript
Processes
C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\app\js\utils\modal-events-delegate.js
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 217.106.137.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 150.171.28.10:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | 64.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.28.171.150.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 57.169.31.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 196.249.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 212.20.149.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 103.209.201.84.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.214.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 19.229.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 43.58.199.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.179.89.13.in-addr.arpa | udp |
Files
Analysis: behavioral18
Detonation Overview
Submitted
2024-10-22 19:48
Reported
2024-10-22 19:51
Platform
win10v2004-20241007-en
Max time kernel
133s
Max time network
102s
Command Line
Signatures
Command and Scripting Interpreter: JavaScript
Processes
C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\app\js\utils\analytics.js
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 196.249.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 150.171.27.10:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | 73.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.108.222.173.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.27.171.150.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 55.36.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 217.106.137.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 28.118.140.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 212.20.149.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 73.209.201.84.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.214.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 43.58.199.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.35.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
Files
Analysis: behavioral29
Detonation Overview
Submitted
2024-10-22 19:48
Reported
2024-10-22 19:51
Platform
win7-20240903-en
Max time kernel
117s
Max time network
118s
Command Line
Signatures
Command and Scripting Interpreter: JavaScript
Processes
C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\app\js\windows\cri\cri-controller.js
Network
Files
Analysis: behavioral1
Detonation Overview
Submitted
2024-10-22 19:48
Reported
2024-10-22 19:51
Platform
win7-20240708-en
Max time kernel
118s
Max time network
120s
Command Line
Signatures
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Lunar Client - Installer.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Lunar Client - Installer.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Lunar Client - Installer.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Lunar Client - Installer.exe | N/A |
Enumerates physical storage devices
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\Lunar Client - Installer.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\Lunar Client - Installer.exe
"C:\Users\Admin\AppData\Local\Temp\Lunar Client - Installer.exe"
Network
Files
\Users\Admin\AppData\Local\Temp\nsoD52B.tmp\UserInfo.dll
| MD5 | 1dd4ca0f4a94155f8d46ec95a20ada4a |
| SHA1 | 5869f0d89e5422c5c4ad411e0a6a8d5b2321ff81 |
| SHA256 | a27dc3069793535cb64123c27dca8748983d133c8fa5aaddee8cdbc83f16986d |
| SHA512 | f4914edc0357af44ed2855d5807c99c8168b305e6b7904dc865771ad0ee90756038612fe69c67b459c468396d1d39875395b1c8ec69e6da559fb92859204763e |
\Users\Admin\AppData\Local\Temp\nsoD52B.tmp\System.dll
| MD5 | 51bd16a2ea23ae1e7a92cedc6785c82e |
| SHA1 | a9fbaeb9a695b9f2ba8a3ed8f0d95d2bf6a3d36c |
| SHA256 | 4dbc79d2b1c7987cc64bb5d014db81bb5108bdd6d8bf3a5f820fac1ded62be33 |
| SHA512 | 66ffc18b2daf6c4cba01aef0e4af2f006a51aa218eab0f21dc66e47eea0389d2b1748ef0e30d2ec9f0123fd7f38ed3aee964dd6bde5779aaee19ebf55369af79 |
\Users\Admin\AppData\Local\Temp\nsoD52B.tmp\uac.dll
| MD5 | 861f7e800bb28f68927e65719869409c |
| SHA1 | a12bfcd2b9950e758ead281a9afbf1895bf10539 |
| SHA256 | 10a0e8cf46038ab3b2c3cf5dce407b9a043a631cbde9a5c8bcf0a54b2566c010 |
| SHA512 | f2bf24a0da69bbe4b4a0f0b1bfc5af175a66b8bcc4f5cc379ed0b89166fa9ffe1e16206b41fca7260ac7f8b86f8695b76f016bb371d7642aa71e61e29a3976eb |
\Users\Admin\AppData\Local\Temp\nsoD52B.tmp\utils.dll
| MD5 | c6b46a5fcdccbf3aeff930b1e5b383d4 |
| SHA1 | 6d5a8e08de862b283610bad2f6ce44936f439821 |
| SHA256 | 251ab3e2690562dcfcd510642607f206e6dcf626d06d94b74e1fa8297b1050a0 |
| SHA512 | 97616475ef425421959489b650810b185488fcb02a1e90406b3014e948e66e5101df583815fd2be26d9c4d293a46b02ba4025426f743e682ed15d228f027f55c |
Analysis: behavioral14
Detonation Overview
Submitted
2024-10-22 19:48
Reported
2024-10-22 19:51
Platform
win10v2004-20241007-en
Max time kernel
149s
Max time network
150s
Command Line
Signatures
Enumerates connected drives
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\UPnP Device Host\upnphost\udhisapi.dll | C:\Windows\system32\svchost.exe | N/A |
| File opened for modification | C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\UPnP Device Host\upnphost\udhisapi.dll | C:\Windows\system32\svchost.exe | N/A |
Command and Scripting Interpreter: JavaScript
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\unregmp2.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\mshta.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\mshta.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Windows Media Player\wmplayer.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeShutdownPrivilege | N/A | C:\Windows\system32\unregmp2.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\system32\unregmp2.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Program Files (x86)\Windows Media Player\wmplayer.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Program Files (x86)\Windows Media Player\wmplayer.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Windows Media Player\wmplayer.exe | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 3344 wrote to memory of 896 | N/A | C:\Program Files (x86)\Windows Media Player\wmplayer.exe | C:\Windows\SysWOW64\unregmp2.exe |
| PID 3344 wrote to memory of 896 | N/A | C:\Program Files (x86)\Windows Media Player\wmplayer.exe | C:\Windows\SysWOW64\unregmp2.exe |
| PID 3344 wrote to memory of 896 | N/A | C:\Program Files (x86)\Windows Media Player\wmplayer.exe | C:\Windows\SysWOW64\unregmp2.exe |
| PID 896 wrote to memory of 344 | N/A | C:\Windows\SysWOW64\unregmp2.exe | C:\Windows\system32\unregmp2.exe |
| PID 896 wrote to memory of 344 | N/A | C:\Windows\SysWOW64\unregmp2.exe | C:\Windows\system32\unregmp2.exe |
Processes
C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\app\js\libs\jquery-1.10.2.min.js
C:\Program Files (x86)\Windows Media Player\wmplayer.exe
"C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /Play -Embedding
C:\Windows\SysWOW64\unregmp2.exe
"C:\Windows\System32\unregmp2.exe" /AsyncFirstLogon
C:\Windows\system32\unregmp2.exe
"C:\Windows\SysNative\unregmp2.exe" /AsyncFirstLogon /REENTRANT
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation -p -s upnphost
C:\Windows\SysWOW64\mshta.exe
"C:\Windows\SysWOW64\mshta.exe" "C:\Users\Admin\Desktop\OutConvertTo.hta" {1E460BD7-F1C3-4B2E-88BF-4E770A288AF5}{1E460BD7-F1C3-4B2E-88BF-4E770A288AF5}
C:\Windows\SysWOW64\mshta.exe
"C:\Windows\SysWOW64\mshta.exe" "C:\Users\Admin\Desktop\OutConvertTo.hta" {1E460BD7-F1C3-4B2E-88BF-4E770A288AF5}{1E460BD7-F1C3-4B2E-88BF-4E770A288AF5}
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 217.106.137.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 150.171.28.10:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | 10.28.171.150.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 23.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 138.201.86.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 28.118.140.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 196.249.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 53.210.109.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 99.209.201.84.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 226.108.222.173.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.156.103.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 31.243.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 26.35.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 203.33.253.131.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Windows Media\12.0\WMSDKNS.DTD
| MD5 | 90be2701c8112bebc6bd58a7de19846e |
| SHA1 | a95be407036982392e2e684fb9ff6602ecad6f1e |
| SHA256 | 644fbcdc20086e16d57f31c5bad98be68d02b1c061938d2f5f91cbe88c871fbf |
| SHA512 | d618b473b68b48d746c912ac5fc06c73b047bd35a44a6efc7a859fe1162d68015cf69da41a5db504dcbc4928e360c095b32a3b7792fcc6a38072e1ebd12e7cbe |
C:\Users\Admin\AppData\Local\Microsoft\Windows Media\12.0\WMSDKNS.XML
| MD5 | 5433eab10c6b5c6d55b7cbd302426a39 |
| SHA1 | c5b1604b3350dab290d081eecd5389a895c58de5 |
| SHA256 | 23dbf7014e99e93af5f2760f18ee1370274f06a453145c8d539b66d798dad131 |
| SHA512 | 207b40d6bec65ab147f963a5f42263ae5bf39857987b439a4fa1647bf9b40e99cdc43ff68b7e2463aa9a948284126ac3c9c7af8350c91134b36d8b1a9c61fd34 |
C:\Users\Admin\AppData\Local\Microsoft\Media Player\CurrentDatabase_400.wmdb
| MD5 | 987a07b978cfe12e4ce45e513ef86619 |
| SHA1 | 22eec9a9b2e83ad33bedc59e3205f86590b7d40c |
| SHA256 | f1a4a978ce1c4731df1594043135cf58d084fdf129dd1c8e4507c9e06eac5ea8 |
| SHA512 | 39b86540e4d35c84609ef66537b5aa02058e3d4293f902127c7d4eac8ffc65920cb5c69a77552fc085687eed66e38367f83c177046d0ecb8e6d135463cc142aa |
C:\Users\Admin\AppData\Local\Temp\wmsetup.log
| MD5 | 850c3a082ccdac56b751f528d6a703cf |
| SHA1 | 8ca18642f863ff5111720e97fa5d3e9d3027dea1 |
| SHA256 | 6ea924895c28ae5d8aaefa6748e487a80c79ed0f6262df28bd755b215bf01af3 |
| SHA512 | ffcf9b0000c117163b6a7961488cbf3f41f4441de8178462bdb2e590e4ce28f26f053ffc83cf0b554501971ddaa50a1bf94a59034a8dbc4a0e084b285d4cd579 |
C:\Users\Admin\AppData\Local\Microsoft\Windows Media\12.0\WMSDKNS.XML.bak
| MD5 | 7050d5ae8acfbe560fa11073fef8185d |
| SHA1 | 5bc38e77ff06785fe0aec5a345c4ccd15752560e |
| SHA256 | cb87767c4a384c24e4a0f88455f59101b1ae7b4fb8de8a5adb4136c5f7ee545b |
| SHA512 | a7a295ac8921bb3dde58d4bcde9372ed59def61d4b7699057274960fa8c1d1a1daff834a93f7a0698e9e5c16db43af05e9fd2d6d7c9232f7d26ffcff5fc5900b |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\74d7f43c1561fc1e.customDestinations-ms
| MD5 | 37bd2c57d991d73310e4f2de2cf67fc6 |
| SHA1 | 937ad6bfaa583513cfbd180d8119a366f8c67d7f |
| SHA256 | 2d624d9d62a141e47ca2e68f6cd37624719e48ff92bba517eb7fbaab758d21ae |
| SHA512 | d966cfcc8574580a535f2992237e04f1acc7ee25117ff08229827f068106800b873a0c217b5bee55eebaa6fa896a39715a66842bb34c27907f550a390e41f703 |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\74d7f43c1561fc1e.customDestinations-ms
| MD5 | 0d0d27256b45a5655259b95359af0055 |
| SHA1 | 51bff56944ed8df695b19d790f651b91da462952 |
| SHA256 | 393cf676da125538fedcfcdc6d32e593ba55819bcff8c7c270f36fab0183cca5 |
| SHA512 | c36cb201a37fabd1e8029f2c1109e9760392510f61f762097aca714c8bee961133eb9e87ac7d2c208654855f5fb0395dfcd8f30352888cc6f96be4983c50465f |
C:\Users\Admin\AppData\Local\Microsoft\Media Player\CurrentDatabase_400.wmdb
| MD5 | 2b1039cf0b6d90ed67b37999ad9c4a88 |
| SHA1 | dd33ad9c1f8e60455eff5267b687079b12373da4 |
| SHA256 | e69afb87d5e91ce354e732dcecbbf7f5566cda14d2041e3316e9cc8045c8ee72 |
| SHA512 | 0ee8491ff174bb41a1410b4bec57a1b8d38feb9ad18f3a1aaab35b092a0193f20b640af0c16c3eb3755f0e6642d7c5baae3a35c3c07e3869a66b96935857fa33 |
Analysis: behavioral31
Detonation Overview
Submitted
2024-10-22 19:48
Reported
2024-10-22 19:51
Platform
win7-20240903-en
Max time kernel
120s
Max time network
122s
Command Line
Signatures
Command and Scripting Interpreter: JavaScript
Processes
C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\app\js\windows\cri\template.js
Network
Files
Analysis: behavioral15
Detonation Overview
Submitted
2024-10-22 19:48
Reported
2024-10-22 19:51
Platform
win7-20240903-en
Max time kernel
119s
Max time network
121s
Command Line
Signatures
Command and Scripting Interpreter: JavaScript
Processes
C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\app\js\models\notifications.js
Network
Files
Analysis: behavioral16
Detonation Overview
Submitted
2024-10-22 19:48
Reported
2024-10-22 19:51
Platform
win10v2004-20241007-en
Max time kernel
131s
Max time network
102s
Command Line
Signatures
Command and Scripting Interpreter: JavaScript
Processes
C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\app\js\models\notifications.js
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 241.150.49.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 210.108.222.173.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 64.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 28.118.140.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 212.20.149.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 71.209.201.84.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 43.58.199.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.156.103.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
Files
Analysis: behavioral17
Detonation Overview
Submitted
2024-10-22 19:48
Reported
2024-10-22 19:51
Platform
win7-20240903-en
Max time kernel
119s
Max time network
121s
Command Line
Signatures
Command and Scripting Interpreter: JavaScript
Processes
C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\app\js\utils\analytics.js
Network
Files
Analysis: behavioral20
Detonation Overview
Submitted
2024-10-22 19:48
Reported
2024-10-22 19:51
Platform
win10v2004-20241007-en
Max time kernel
130s
Max time network
123s
Command Line
Signatures
Command and Scripting Interpreter: JavaScript
Processes
C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\app\js\utils\commands.js
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 150.171.28.10:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | 2.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 28.118.140.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 55.36.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 212.20.149.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 72.209.201.84.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 43.229.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 10.27.171.150.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.35.223.20.in-addr.arpa | udp |
Files
Analysis: behavioral30
Detonation Overview
Submitted
2024-10-22 19:48
Reported
2024-10-22 19:51
Platform
win10v2004-20241007-en
Max time kernel
148s
Max time network
150s
Command Line
Signatures
Command and Scripting Interpreter: JavaScript
Processes
C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\app\js\windows\cri\cri-controller.js
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 150.171.28.10:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | 28.118.140.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.108.222.173.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.28.171.150.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 23.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 57.169.31.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 196.249.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 53.210.109.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 73.209.201.84.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.214.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 43.58.199.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 48.229.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
Files
Analysis: behavioral11
Detonation Overview
Submitted
2024-10-22 19:48
Reported
2024-10-22 19:51
Platform
win7-20241010-en
Max time kernel
101s
Max time network
145s
Command Line
Signatures
Browser Information Discovery
Command and Scripting Interpreter: JavaScript
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\DllHost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key opened | \REGISTRY\MACHINE\Hardware\Description\System\FloatingPointProcessor | C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious behavior: AddClipboardFormatListener
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\app\js\libs\cmp.bundle.js
C:\Windows\SysWOW64\DllHost.exe
C:\Windows\SysWOW64\DllHost.exe /Processid:{06622D85-6856-4460-8DE1-A81921B41C4B}
C:\Windows\explorer.exe
"C:\Windows\explorer.exe"
C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE
"C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE" /dde
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef5759758,0x7fef5759768,0x7fef5759778
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef5759758,0x7fef5759768,0x7fef5759778
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef5759758,0x7fef5759768,0x7fef5759778
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef5759758,0x7fef5759768,0x7fef5759778
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef5759758,0x7fef5759768,0x7fef5759778
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef5759758,0x7fef5759768,0x7fef5759778
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1128 --field-trial-handle=1340,i,671227895314507632,17208167179386801086,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1516 --field-trial-handle=1340,i,671227895314507632,17208167179386801086,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef5759758,0x7fef5759768,0x7fef5759778
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1608 --field-trial-handle=1340,i,671227895314507632,17208167179386801086,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2312 --field-trial-handle=1340,i,671227895314507632,17208167179386801086,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2344 --field-trial-handle=1340,i,671227895314507632,17208167179386801086,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef5759758,0x7fef5759768,0x7fef5759778
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xbc,0xc0,0xc4,0x90,0xc8,0x7fef5759758,0x7fef5759768,0x7fef5759778
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1188 --field-trial-handle=1304,i,13715678743604898495,548327436213917664,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1176 --field-trial-handle=1308,i,8404292342028250539,8935159293413786840,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1452 --field-trial-handle=1308,i,8404292342028250539,8935159293413786840,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1476 --field-trial-handle=1304,i,13715678743604898495,548327436213917664,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1096 --field-trial-handle=1276,i,13582988745156910068,7859148202701055354,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1468 --field-trial-handle=1276,i,13582988745156910068,7859148202701055354,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=284 --field-trial-handle=1300,i,9471709968794295913,4652398350703095027,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1132 --field-trial-handle=1320,i,9118646080121590876,4041583092815661156,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1448 --field-trial-handle=1320,i,9118646080121590876,4041583092815661156,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1460 --field-trial-handle=1300,i,9471709968794295913,4652398350703095027,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1412 --field-trial-handle=1340,i,671227895314507632,17208167179386801086,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3636 --field-trial-handle=1340,i,671227895314507632,17208167179386801086,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3860 --field-trial-handle=1340,i,671227895314507632,17208167179386801086,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3880 --field-trial-handle=1340,i,671227895314507632,17208167179386801086,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3936 --field-trial-handle=1340,i,671227895314507632,17208167179386801086,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3972 --field-trial-handle=1340,i,671227895314507632,17208167179386801086,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3912 --field-trial-handle=1340,i,671227895314507632,17208167179386801086,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3936 --field-trial-handle=1340,i,671227895314507632,17208167179386801086,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3916 --field-trial-handle=1340,i,671227895314507632,17208167179386801086,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3972 --field-trial-handle=1340,i,671227895314507632,17208167179386801086,131072 /prefetch:8
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.200.36:443 | www.google.com | udp |
| GB | 142.250.200.36:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | ogads-pa.googleapis.com | udp |
| GB | 216.58.212.202:443 | ogads-pa.googleapis.com | udp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| GB | 216.58.212.202:443 | ogads-pa.googleapis.com | tcp |
| GB | 142.250.179.238:443 | apis.google.com | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| GB | 216.58.212.206:443 | play.google.com | udp |
Files
memory/2916-1-0x00000000718CD000-0x00000000718D8000-memory.dmp
memory/2916-0-0x000000005FFF0000-0x0000000060000000-memory.dmp
memory/2916-3-0x000000005FFF0000-0x0000000060000000-memory.dmp
memory/2916-4-0x00000000718CD000-0x00000000718D8000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat
| MD5 | 9b1c99d5245940563e9e81e95c4832ec |
| SHA1 | 1bc5970a797d7160879f1ab93559a23b736a2ce7 |
| SHA256 | 5e5e2d6ab15529a13c5f6fddf4908f82199df64cd0fff65ec624e324f6f20a45 |
| SHA512 | 6d270d67927d391ddb39f5f2c3bbcbe36add45dc5cbf35099b0876b1b1c91f7ff23389e564bdf583fb4245984cd0a8af8f75ef87695296a8dc1d91269763b957 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations
| MD5 | 961e3604f228b0d10541ebf921500c86 |
| SHA1 | 6e00570d9f78d9cfebe67d4da5efe546543949a7 |
| SHA256 | f7b24f2eb3d5eb0550527490395d2f61c3d2fe74bb9cb345197dad81b58b5fed |
| SHA512 | 535f930afd2ef50282715c7e48859cc2d7b354ff4e6c156b94d5a2815f589b33189ffedfcaf4456525283e993087f9f560d84cfcf497d189ab8101510a09c472 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations
| MD5 | 16b7586b9eba5296ea04b791fc3d675e |
| SHA1 | 8890767dd7eb4d1beab829324ba8b9599051f0b0 |
| SHA256 | 474d668707f1cb929fef1e3798b71b632e50675bd1a9dceaab90c9587f72f680 |
| SHA512 | 58668d0c28b63548a1f13d2c2dfa19bcc14c0b7406833ad8e72dfc07f46d8df6ded46265d74a042d07fbc88f78a59cb32389ef384ec78a55976dfc2737868771 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations
| MD5 | e9e365607374115b92e4abe4b9628101 |
| SHA1 | d5054ea9b22317dca83801eb3586017bfcc0e2a8 |
| SHA256 | 5cd2c4d9f13524923046198c92213691539407e04fa520cdae9eade1bad3d91d |
| SHA512 | a84d65ed53e43883e5ecb7848fbd48f5305a63e6975e6af480cf85532879720061106be54f2a5888ebc3569f7123081a0e6eb48ccb8d7dba3e1da1c8a3c50401 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations
| MD5 | cdddc745a8c954dc438c931889999bdb |
| SHA1 | 7908f975b6815460caa2bc3438efbd8fc8d36211 |
| SHA256 | 3dc9043838386f5363ac96a01477cf3163b5118b80191576a11b32ce9894314c |
| SHA512 | 3d2d4852aa2ac6cb0b9b6cbca9f04366afd48d362d869be877ef324c16d72ff119b5842891baa2b6b99df2de2db8d3be5c23f0f97f8943bd74195996bcb66a0a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations
| MD5 | 67408267ef01ed6b9372f04c029b602a |
| SHA1 | 8b7c489754731f399077b899abfe55475ac2abe7 |
| SHA256 | b5aa30b0d3e08f80f60effa00fe335d2295fa494b36f33a2e8d8c66e0a34234a |
| SHA512 | c980c28555803b9043f863d21427aba9611bfe49296a8409e4d15759631dea613f40d860d6600dddce2610ab7654a69ffb2abde0867ab2e17b547e34897e1a41 |
\??\pipe\crashpad_2224_OQCSLUPKZLDHKIOD
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000007.dbtmp
| MD5 | 18e723571b00fb1694a3bad6c78e4054 |
| SHA1 | afcc0ef32d46fe59e0483f9a3c891d3034d12f32 |
| SHA256 | 8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa |
| SHA512 | 43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations
| MD5 | 265db1c9337422f9af69ef2b4e1c7205 |
| SHA1 | 3e38976bb5cf035c75c9bc185f72a80e70f41c2e |
| SHA256 | 7ca5a3ccc077698ca62ac8157676814b3d8e93586364d0318987e37b4f8590bc |
| SHA512 | 3cc9b76d8d4b6edb4c41677be3483ac37785f3bbfea4489f3855433ebf84ea25fc48efee9b74cab268dc9cb7fb4789a81c94e75c7bf723721de28aef53d8b529 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations
| MD5 | 8549c255650427d618ef18b14dfd2b56 |
| SHA1 | 8272585186777b344db3960df62b00f570d247f6 |
| SHA256 | 40395d9ca4b65d48deac792844a77d4f8051f1cef30df561dacfeeed3c3bae13 |
| SHA512 | e5bb8a0ad338372635c3629e306604e3dc5a5c26fb5547a3dd7e404e5261630612c07326e7ebf5b47abafade8e555965a1a59a1eecfc496dcdd5003048898a8c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\58d909fa-fd72-4aa4-af7e-1bb28c2a28f0.tmp
| MD5 | fe45b5ee8d8da16eb238f640ef6a11eb |
| SHA1 | b77b7ab985c5ab4c592b8c08170b1183bf1b2ebe |
| SHA256 | 4590e23951da48b89d28dec4f1dd6a11c82f0ea58277d1ae1b3be417d2c0f0b1 |
| SHA512 | e06244adcd5c581789aaa6242836633ebf32f5bcab947c787e3e3365d849480cde79130f6061bd000d0f7e764b8fed71309403fa6d281fe6220b0e26468079f1 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\7c9796d0-dea6-4ac0-9b9a-2bf664f68005.tmp
| MD5 | 96b1a6fd3ff38b106fd00aa05346370b |
| SHA1 | f70103161bcdf2e9663c446b1739c4e4dc0f88eb |
| SHA256 | 0f37dfdb063d725448826c673f6c6259242e2c05472f57d7b4f487d9e64aba8d |
| SHA512 | c20ddd36842af32869f6a8aef50c14170305a289b8fd8c465bba10f27e23286ac45ec93c386e6d3aa05e9bbf89e70fecd654a15d831a4775ba249f28c99231ce |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations
| MD5 | 0e16444393cd322124146935ab837ecc |
| SHA1 | aa1a3e9571e3e067421d940601965220711f24ad |
| SHA256 | 1b5de2bf736e2bb182cf64bd8a72bbbd6538a9f33dc8020223b2257bad6f7d82 |
| SHA512 | 26c461b0493c5e0f26aa196ce94c0c9ea5d892220ebe882af4bf2892469515e9b13056ef7ae0f9c429f45c14f334299ccffa5bab1547b3da0e2fce45131630a0 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\94ea3419-9d33-42a0-a204-e94161305834.tmp
| MD5 | 87815cfe67ae72743f25d9a44a770e58 |
| SHA1 | dbc63504f9fe12caa23d150e8790370c7440baf5 |
| SHA256 | bdcb4946e0af78f55c3bf2357e41f831b21c40152234f335e507c881d557454e |
| SHA512 | d1a5ee8eb6caa964a94498570e164bbb65958dfb17ea1b754cea1ab3d75a07a720edd4aa4d642a96928ea49da04e53526b82b62205d76d3e4e33a3bdba047e3c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1
| MD5 | f50f89a0a91564d0b8a211f8921aa7de |
| SHA1 | 112403a17dd69d5b9018b8cede023cb3b54eab7d |
| SHA256 | b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec |
| SHA512 | bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations
| MD5 | 916d4f5f8e2c8885224d1575807f6676 |
| SHA1 | bdf182d48eb1c332d8438a30e19146ec1b5b1012 |
| SHA256 | 35b72abbb267230a52eb2fe73a32485fbf6dab0e4dcb5a9f56a5b67ff476973e |
| SHA512 | 89fde148ce52b52c8bdd8f321cfad0cdcff6f265d3d5c722b577bc8d70e7e6baf4809c5a5d394fda20ffc8d3ddaf5ab3bd84e11dc0c9933dabe037180ede661d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 7ced7b999b0919184cb0592b58f96fbc |
| SHA1 | 7cdb33fc9389a3a690c6af535736b9b753fccf33 |
| SHA256 | 5ff1fd309b37134ac80fd714b5d33d47291e7a5354521dcd191f59758ed3eecb |
| SHA512 | a784cb8a991c42edd31c3719b55334684cd1e7b6c7d43810d487d7330ad837d1f3e49cbab3dbbafd6c1e98f9c1ffcd5448d9e61bb4c7d4cb2ddc0eda7efd1e24 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ec50bd23-1a68-46ed-a68e-8098084e97ca.tmp
| MD5 | 864d9e69001dcdf7fdbb949f2bbab586 |
| SHA1 | f4854e5942470a1e0fe12b68a53979549d8a9972 |
| SHA256 | 2446cc080ec6c7a7d937673bf8c245681076bad6ab2ad260e8cd943d1d5ddb94 |
| SHA512 | 999d0e1ab8d2da395253724be7b1a726a98e08758ded0874eee7013d0362faf1647107964361ebb1cc64768a449329d1e8a286c57ef960de72cfc412c5bec452 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000009
| MD5 | d4586933fabd5754ef925c6e940472f4 |
| SHA1 | a77f36a596ef86e1ad10444b2679e1531995b553 |
| SHA256 | 6e1c3edffec71a01e11e30aa359952213ac2f297c5014f36027f308a18df75d2 |
| SHA512 | 6ce33a8da7730035fb6b67ed59f32029c3a94b0a5d7dc5aa58c9583820bb01ef59dd55c1c142f392e02da86c8699b2294aff2d7c0e4c3a59fce5f792c749c5ce |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | cea6d4cbe2b00cc7579c5f14068f8cdf |
| SHA1 | 80e5ce2af5b7e62b064f8fe9f262068f84c71991 |
| SHA256 | 8e1da30c4d170599ba9b01e67debde82c6ac4f20e3f3366996543ca0f5288caa |
| SHA512 | ad58d5fda6bf4259baee6a79a397a903067ec59717ab3a6c48ba21430aa52e4f3630b63df60758c7fb7cb191f89d56e7dc37bc96e3516151de83cf22dc90e55c |
Analysis: behavioral12
Detonation Overview
Submitted
2024-10-22 19:48
Reported
2024-10-22 19:51
Platform
win10v2004-20241007-en
Max time kernel
135s
Max time network
126s
Command Line
Signatures
Command and Scripting Interpreter: JavaScript
Processes
C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\app\js\libs\cmp.bundle.js
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 28.118.140.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 150.171.28.10:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 71.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 43.58.199.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 196.249.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 212.20.149.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 100.209.201.84.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 48.229.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 8.8.8.8:53 | 58.99.105.20.in-addr.arpa | udp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
Files
Analysis: behavioral25
Detonation Overview
Submitted
2024-10-22 19:48
Reported
2024-10-22 19:51
Platform
win7-20240729-en
Max time kernel
90s
Max time network
17s
Command Line
Signatures
Command and Scripting Interpreter: JavaScript
Processes
C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\app\js\utils\strings-loader.js
Network
Files
Analysis: behavioral5
Detonation Overview
Submitted
2024-10-22 19:48
Reported
2024-10-22 19:51
Platform
win7-20240903-en
Max time kernel
134s
Max time network
128s
Command Line
Signatures
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000a7e3310a2b0e6e498bd88e48ec67abf600000000020000000000106600000001000020000000cc7c4114a26125257ab6c12138e348fe0219ab703493ef90055e6bde067c4eac000000000e80000000020000200000008bac746dbbe39fa37c67e34a77cdeaf15e0b879df8003522ae429835347ea3889000000011dc89968d26d0201fb6052cce6cd216b68bb294f6fe0e5d3248b8713bda8d906212df5f71578ca45e88893d2fc6cf2091f705de65bd056b7bac4b13a77d0ff470e75d09ce9c8d451c2c728f3a570284a95e0e3a66c71d26d4f7d932de53b9003565ffbe1e019bd216da94e789d604eba0bdecd4a76adebf931d9dafe509b01c1a9c23172d2488ea9b91d00dc2418fc840000000a94532b21a0795272ced433b0901f2e1c7a9f34317f3d76278f75707c70d2a35f1ee68bf9099283d53a0624dbc5f3f09dca446739746aeb3ee0b747f868a0cb3 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = f01e5e8abb24db01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{B44D78A1-90AE-11EF-A6EB-D60C98DC526F} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "435788417" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000a7e3310a2b0e6e498bd88e48ec67abf600000000020000000000106600000001000020000000305a0c945be1a2c360a423bb8240c4ee74de36dfeef6160a5d9f67541aa64991000000000e8000000002000020000000bf6cbc96f4262a8c4130a0fa53cd635a5db7f4aa2df2ad16ebe666e3272781c820000000218b96e0598fab2a687a122ec846bfa013c639946ccc1911ff611fc4bfea1f7b40000000e914317533d1616bb311c2a39584a13fc3eff4592be93100d618ef91f49910d3336752decc0c1ed215a0e17a7a0cdb1970cd91848fbcc9687eacdc168985726a | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 1984 wrote to memory of 1932 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1984 wrote to memory of 1932 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1984 wrote to memory of 1932 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1984 wrote to memory of 1932 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\app\index.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1984 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | content.overwolf.com | udp |
| US | 3.165.148.127:443 | content.overwolf.com | tcp |
| US | 3.165.148.127:443 | content.overwolf.com | tcp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| GB | 142.250.187.227:80 | c.pki.goog | tcp |
| GB | 142.250.178.3:80 | c.pki.goog | tcp |
| US | 8.8.8.8:53 | o.pki.goog | udp |
| GB | 142.250.178.3:80 | o.pki.goog | tcp |
| GB | 142.250.178.3:80 | o.pki.goog | tcp |
| GB | 142.250.178.3:80 | o.pki.goog | tcp |
| US | 8.8.8.8:53 | ocsp.rootca3.amazontrust.com | udp |
| US | 8.8.8.8:53 | ocsp.rootca3.amazontrust.com | udp |
| GB | 52.84.143.44:80 | ocsp.rootca3.amazontrust.com | tcp |
| GB | 52.84.143.44:80 | ocsp.rootca3.amazontrust.com | tcp |
| US | 8.8.8.8:53 | crl.microsoft.com | udp |
| GB | 2.18.190.147:80 | crl.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\Cab9668.tmp
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\Tar96D8.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 44168f2a2f39a06f7aec040fb6ee89ed |
| SHA1 | 3b0b7ff9b7d88f49c0eca7b5257aadf05cf35ea2 |
| SHA256 | d125f9952780d5243bd6d0bad1db66097f385161ac9d71d8a4eac2b5ae5b4fd0 |
| SHA512 | b51f8238b534ba571865f44ffefcab5fac24b061e583588f10ddaf396e2bdf6f0fe90c1a4f9db8d498289f8470ac471456b5d46b4a6688bcb1017373f563b78e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\070E0202839D9D67350CD2613E78E416
| MD5 | 55540a230bdab55187a841cfe1aa1545 |
| SHA1 | 363e4734f757bdeb89868efe94907774a327695e |
| SHA256 | d73494e3446b02167573b3cde3ae1c8584ac26e15e45ac3ec0326708425d90fb |
| SHA512 | c899cb1d31d3214fd9dc8626a55e40580d3b2224bf34310c2abd85d0f63e2dedaeae57832f048c2f500cb2cbf83683fcb14139af3f0b5251606076cdb4689c54 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ed37eb9866796832df79e41d68ef6036 |
| SHA1 | 2ad382b1a5bc10c2dd9639a58fcc8e762ea56b26 |
| SHA256 | aaedaaa2eac8ad18690ba3b674f7e0fb00699394584a9d766eb5fb9499662c1c |
| SHA512 | 765cf9ca9aa6cc2cd8981a3091bd7ff08104b75fe27a80343e424586e142c41efc9aaf0f585e64a7ee985e522f9fb308b2e5bd6922b946b54d3352276e54f493 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\070E0202839D9D67350CD2613E78E416
| MD5 | c155f09e51f103984000b4cd65219a07 |
| SHA1 | 19bf3c5ae3f4123433764430728ea3f2073de713 |
| SHA256 | c69207f5e8231adaaf8eb65a562038f6534404d638e6d94da480c7b1aca2d765 |
| SHA512 | 11912c65a9cf304ee911750449ac73715cec7e31b4bd000c3d9075e28e472ed2b33f75cbd1b6b9f1f38f20045d37beb6140e8bf60e9d5984cb5f4816a79eb348 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b51ee3376455ca8d7ca8e32560b4a710 |
| SHA1 | 3e428d4616aefd008ebc51891f722b713631c258 |
| SHA256 | 63e2dcb2ebbed1facc3fe1e7e9487b09e327636ff76489b3c654ae6ead86888c |
| SHA512 | b0467b5896549cfdca860aba3da3b61ab21f174edd8e6d89c89da608759cca435ea4b7329da9eef71a03674856c4163817eb2d87307b5efb509730db70c8d8d7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | dcb10e7a4065aca8ea6a839ec971af74 |
| SHA1 | 4da1b1ed095df1a2c509cb30e13a1d520fcd4d8e |
| SHA256 | f8132927923ad94a7a0e747d846d3c71c88b9a4e238829ac8b9540b8cb55632c |
| SHA512 | e9d0b061617cb361b28faf656d6a54baac661a2165593441fbebe12b63ca21aef3d1a1d5e73d502f79769fcd7a29891b1d2a4be8263df04beaa505ebc72129ca |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4b5213b5f8e61c0f93e0b829205a8a51 |
| SHA1 | 0f888abfb45eba209fc924621e6f936f942ee0e7 |
| SHA256 | fd7bcde0e7f0d49b3c1fb047db3e0493e96e2c8ddb031a4762fc0d0ff33d895b |
| SHA512 | 2446ec566bf66d53d158aa1fbb0d47eeb43c0b669d9b95b37bc31fa4e81f0ea51383d577e6d911731dd7cca19c22322da2202f4293c6a4fe3e1f42f8196130e2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f0554d8c667d0e116717e661a87879f3 |
| SHA1 | 776b35c5f4ad5c55ba477d4d00fa2c624a7989a8 |
| SHA256 | d55416488dea8df83bb5f52756656cb212fc5274818060b07e6e4e2ae64da7cd |
| SHA512 | 1e73f2199ad412f949fd30993378c07fbc22ce1e17031cb478b4686e801470e60a387278b60c79e048eebf741a3e779d68858fafc317a3955e8c9b331b81da98 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5ea231fcd149626a33cabe8ebaab5a09 |
| SHA1 | c371f6f1060e88b5a73bc1fb0edefac266d42617 |
| SHA256 | ddc97e052c6e693adda0c2d58729e321dda364501745efea5b77362c778d887f |
| SHA512 | fc8e641aa28191e111c59b496b2ed6332cd97ed1168574848706bd3fcf8952f7fd0e062d750aa34fe947f12d9c57a9be7c278b6c0b4782f2e42fe5b804903521 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 952dd367bb8f6647584a8496c0f81131 |
| SHA1 | a5b1dc83e0f1e1578e5c7f10f81aab61004f1ce8 |
| SHA256 | 4ad3b9f42b6df978039ff42481b408bc11b140261bc1c8edae9b66b8f58f73c8 |
| SHA512 | afb5900002a4fc0fba7a0c9a121797239030cafb477b80f56d0da159d4357b2b2b5acb06a8294dc6ca041e8465dc2a870e8af7b4b1ac7ec1c4d0326989a45dc3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f1c526499a7d7befe217b8cffb7cd46d |
| SHA1 | 6821018ccd1bde0d74de1ae392d4b872647a3e13 |
| SHA256 | 4e2b4ec8f986ee51fab74a68aae4f2d982faa2bb0f011cc6ab680404c5ed89ef |
| SHA512 | 030bef363c433f3bde6b3ab90ce5f2bb6afdcf5fba9227412aee8fee9b74317a5b8339ef6c57ee59d94962e71980341fd1560f046275623a73f452abfd7d7ed8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 47b9c543661e427bd52791939e988264 |
| SHA1 | 503a8f303be415a06b14fcbf81ee1ec544152a52 |
| SHA256 | 71586618d3f5e29a9e2c8d9e249d8695432d9a2dec6bcb4cc13bd83b0755212b |
| SHA512 | 507b947b2b0e94265884769430362aea5a4870fd5ea2938e7a92adce1a9641b3c508407fcc9e4e88e8ee365bac2c6525195077ed709ddbcb346f2addfd05ade3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5c45dce74afb3d4230cfff6ea47a9d89 |
| SHA1 | 9800f3cb77e4878077bcc0ff2ed6c129d982420b |
| SHA256 | b1f537351b0cf37dfa2fd368c1df01f37fc63222669a3e3d620d2a5bffa1945a |
| SHA512 | aac1526610b262d304e3755d70bdfcdae3604e27fd63665951c2af8c6689d46be9569dee8ecd04d9c1e21e05a3c394779b2a8bd7ae27f9986d39beeb931956da |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f8fae7172cfafd599aff8d2f100b9d2f |
| SHA1 | 44f47d500e55df7286f6b172c117b9a66754a9d7 |
| SHA256 | 7c76c60919bcecd4b5680a1c438249c8438e48d4463ec0e86dc6ffaf8bdec776 |
| SHA512 | 0bc9c502a9ee02903db4c164685fabdc14908e8f764e9a984e4cd7c30b0ee1c93073c905fecd71de51ba73945a4aa6630faff88f41d92a70e24d31c493c941fb |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 48eef34b42c5decfc49367faa3657a66 |
| SHA1 | 4a2547d050273ea2d04e2a3a3f71b04ed35eddd0 |
| SHA256 | d18875d83f24ebaf3723960b7df5dbee4c357c40f9feda620309dc51e7771ee0 |
| SHA512 | 274290f2823b6004797f86625dca45418c3ada79e874551aa0f4437cc17217a7f4e4da34e6c0d3bfb957e7b08f8ba4ccfa5977ccb39bf6a84c33116a600058f3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 64458291dbbc87ce0c3b8b6a78d4f6f1 |
| SHA1 | 3995aa0478e46826818da86f1e919caa83fac53d |
| SHA256 | a5b0e140e5480014b39fc26898709c80b5be829a63063bbd4374c69210adadfc |
| SHA512 | b3eb7b1c3ecad2e68b120b12c1ce2903eaf61eae68d473a6dbebb6348dd95201410c4f1d73fcf0a1c23b3abd9911c63dd94ea1a6ffcbed54fcb60dc22db63efa |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1449f3d6e73205da5068fc2f0e71013f |
| SHA1 | 94cc5f0cc3180fb9cefa9dd8d0c7c2d187ed2a82 |
| SHA256 | 0636f128bd73da132653641dadf40ac9dde47d15c0b747028707560ba4f155f9 |
| SHA512 | c1c23896a6fa8a2f8e76c50e0922d1bfa4e7bb89c8fd08237127c4d787cabe1d5ec7b17041cb82a44d33503ccaea5d337deed7527da93c9e71dc7a0cdb9f1a82 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | 0f9d8e1451cf386d80ad7b38724cb9aa |
| SHA1 | b5cfa4a2b076371ef5064bf9beae364801f63242 |
| SHA256 | 299e713cd892a38c72fb324921932a3c3ce0341b5c2833abe3c9ca3a95449d3e |
| SHA512 | bebc2e4e7e71f99783f403ef8dbfca8d2eb6b34b4e2cb234b64ca89f55aa4c14d11b8a8bf848c0b5a739ec3b4edd39f86ba266c3d16b8269628d39abe857f511 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | a266bb7dcc38a562631361bbf61dd11b |
| SHA1 | 3b1efd3a66ea28b16697394703a72ca340a05bd5 |
| SHA256 | df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e |
| SHA512 | 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8d319daebc015d691bb861613a0d67d4 |
| SHA1 | e588f733d682f8f1443b49e87d7773157fe05f62 |
| SHA256 | 23a4ec7a649e50986ef8fe9b5e235b43657a268c50d8163572b25100c0c04dcb |
| SHA512 | fd8e8dd17d5105ffca32b7388c076c53b6a1fffbd5f59b46959155d31d88fa7b1519f8003f082ef24350562ca03e071b5dbb422752d64f0ab5607593af61edd1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 875ec2882e6b187ac01d691ace64edfc |
| SHA1 | 1e6ac07022c4b87895ad31ecb04dabcea0f7b55d |
| SHA256 | babfcca9d2fd5e50fb2a8fdfc1dfae3480bc21a7954aed4eb62742a46550ffcf |
| SHA512 | 4bde03053603edb50c01936bd20a56a02f682a54959cd14f2b63c022914a6c6cdacfc88453b95eb974e31e258ddf3249a85326aa119c100346eb2bf842654662 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b3369cd9c6d561b658dc4ec4742bb0be |
| SHA1 | 75de6e0a9c190bd5d21e2722cc6dedc91bd94dbb |
| SHA256 | 95de9c471c3e1c2076098027b5189eb69b7d5898b5eca80a28874fbb10736623 |
| SHA512 | 3b7226cb1e34c4150cf39821dfaae830c716345a803275acd36b869a4f3abff2e5815db6cf28670d8c214a592391ec5776c2aa78952f84c297f873eb3d10143b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 682b84a51eed4d562ef818f0c9210f4a |
| SHA1 | 25efc3961b7a93d074ea333c67a6e1773b8107b7 |
| SHA256 | 8d899b7fa59aba938fe771581f01b3732a3fa935b25dc03cc3b813f29669dbbc |
| SHA512 | ba890424ad827371610bef19c18650d3535bd0972e9991c038ec2fad44ff07fbca69c1c548225af868a62e369b7274e16bc8db9834db38b4719200770dbb6935 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4e28cc30b92607d43ca0045a4956b6b8 |
| SHA1 | d963071da8232142c00f03c7fe5eea645cc40d3d |
| SHA256 | 76fc25e7aee102ba6ca3fe5c16070aaab90001373104ee78ffa32c5127af82d1 |
| SHA512 | 52bbfc6962bc717799e1c4552d91becde75aa75799041f83bc96535a295dbddc01605cd7a959b7b900fccd253b5cc5225fa86e48766bfefd4075168571019b6b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | 5916ddc36881fe0bae3772031ad7718e |
| SHA1 | 9cc1e4c32a8b6b39bf0a557ec5abde177be52b19 |
| SHA256 | 8b097b581361c3d547fff800332d18db83c7e7cca191da51ba0a20e0135940a0 |
| SHA512 | a0942f9501749a8215e2ed1a0168f5e0bae6751d72efa1aebf66978202489a899c260299e5ff2bfa38b83de2a71e09f042fc5867150cbbaf8fd37fa9002ede11 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | e4a68ac854ac5242460afd72481b2a44 |
| SHA1 | df3c24f9bfd666761b268073fe06d1cc8d4f82a4 |
| SHA256 | cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f |
| SHA512 | 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0e743b89ac0193dbd5986bffc42c1e87 |
| SHA1 | db392c478137a3a1238252745b86e3e04791ba07 |
| SHA256 | e074c41901cf72812687d4a4afec1aaa9fbbe52f4feaf89c83bd0629453284e1 |
| SHA512 | f1d00df39c9ae563655dffee0c592d7c13f72b34fc6d6eed392eccc03d656fed41c97057ea1ab072a71b8b62143b88226c7463ea3666b88bd60040ffc3f397ac |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8eebdce791337f6115b95388d4b839f7 |
| SHA1 | 72439b21906ec5b6f60470ea916c0ec0de09e44a |
| SHA256 | af8cef0a13f9eeb586dc8d440671c8fa267d50c0f4978813b2bdb333d49abf05 |
| SHA512 | 7f742f4fac508ecf7a1257a1cc8ca88114da162633c0fb2c3e241895f53d7dd2dd853622086e9b18132ba0026042ae458978904a25a21732abec0c8aa7941aa4 |
Analysis: behavioral9
Detonation Overview
Submitted
2024-10-22 19:48
Reported
2024-10-22 19:51
Platform
win7-20240708-en
Max time kernel
122s
Max time network
124s
Command Line
Signatures
Command and Scripting Interpreter: JavaScript
Processes
C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\app\js\block_inputs.js
Network
Files
Analysis: behavioral19
Detonation Overview
Submitted
2024-10-22 19:48
Reported
2024-10-22 19:51
Platform
win7-20240903-en
Max time kernel
117s
Max time network
119s
Command Line
Signatures
Command and Scripting Interpreter: JavaScript
Processes
C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\app\js\utils\commands.js
Network
Files
Analysis: behavioral32
Detonation Overview
Submitted
2024-10-22 19:48
Reported
2024-10-22 19:51
Platform
win10v2004-20241007-en
Max time kernel
149s
Max time network
153s
Command Line
Signatures
Command and Scripting Interpreter: JavaScript
Processes
C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\app\js\windows\cri\template.js
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 217.106.137.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 4.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.156.103.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.150.49.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 212.20.149.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.39.242.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 103.209.201.84.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.214.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 48.229.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 43.58.199.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.179.89.13.in-addr.arpa | udp |