Analysis Overview
SHA256
b38150ba19809c027431ec9ac11e3f560d2bed0708c5f7332167c40032e9632b
Threat Level: Shows suspicious behavior
The file Lunar Client - Installer.exe was found to be: Shows suspicious behavior.
Malicious Activity Summary
ACProtect 1.3x - 1.4x DLL software
UPX packed file
Loads dropped DLL
Executes dropped EXE
Browser Information Discovery
Command and Scripting Interpreter: JavaScript
System Location Discovery: System Language Discovery
Enumerates physical storage devices
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of WriteProcessMemory
Modifies Internet Explorer settings
Enumerates system info in registry
Suspicious behavior: EnumeratesProcesses
Suspicious use of SetWindowsHookEx
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-10-22 19:51
Signatures
ACProtect 1.3x - 1.4x DLL software
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral13
Detonation Overview
Submitted
2024-10-22 19:51
Reported
2024-10-22 19:54
Platform
win7-20240903-en
Max time kernel
119s
Max time network
121s
Command Line
Signatures
Command and Scripting Interpreter: JavaScript
Processes
C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\app\js\libs\jquery-1.10.2.min.js
Network
Files
Analysis: behavioral18
Detonation Overview
Submitted
2024-10-22 19:51
Reported
2024-10-22 19:54
Platform
win10v2004-20241007-en
Max time kernel
135s
Max time network
126s
Command Line
Signatures
Command and Scripting Interpreter: JavaScript
Processes
C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\app\js\utils\analytics.js
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 104.219.191.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 73.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.35.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 209.205.72.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.150.49.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 212.20.149.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 101.11.19.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 249.108.222.173.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 10.28.171.150.in-addr.arpa | udp |
Files
Analysis: behavioral22
Detonation Overview
Submitted
2024-10-22 19:51
Reported
2024-10-22 19:54
Platform
win10v2004-20241007-en
Max time kernel
148s
Max time network
151s
Command Line
Signatures
Command and Scripting Interpreter: JavaScript
Processes
C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\app\js\utils\cookies.js
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 104.219.191.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.214.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 150.171.28.10:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | 71.31.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.35.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.28.171.150.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 154.239.44.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 209.205.72.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.23.12.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 75.209.201.84.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 31.243.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 88.65.42.20.in-addr.arpa | udp |
Files
Analysis: behavioral20
Detonation Overview
Submitted
2024-10-22 19:51
Reported
2024-10-22 19:54
Platform
win10v2004-20241007-en
Max time kernel
140s
Max time network
114s
Command Line
Signatures
Command and Scripting Interpreter: JavaScript
Processes
C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\app\js\utils\commands.js
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 104.219.191.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 226.108.222.173.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 134.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 209.205.72.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 196.249.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 154.239.44.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 53.210.109.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 101.11.19.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.35.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 29.243.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 10.27.171.150.in-addr.arpa | udp |
Files
Analysis: behavioral2
Detonation Overview
Submitted
2024-10-22 19:51
Reported
2024-10-22 19:54
Platform
win10v2004-20241007-en
Max time kernel
143s
Max time network
112s
Command Line
Signatures
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\nss9AE9.tmp\OWinstaller.exe | N/A |
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Lunar Client - Installer.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Lunar Client - Installer.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Lunar Client - Installer.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Lunar Client - Installer.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Lunar Client - Installer.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\nss9AE9.tmp\OWinstaller.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\nss9AE9.tmp\OWinstaller.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\nss9AE9.tmp\OWinstaller.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\nss9AE9.tmp\OWinstaller.exe | N/A |
Enumerates physical storage devices
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\Lunar Client - Installer.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\nss9AE9.tmp\OWinstaller.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\nss9AE9.tmp\OWinstaller.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\nss9AE9.tmp\OWinstaller.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\nss9AE9.tmp\OWinstaller.exe | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 3520 wrote to memory of 1216 | N/A | C:\Users\Admin\AppData\Local\Temp\Lunar Client - Installer.exe | C:\Users\Admin\AppData\Local\Temp\nss9AE9.tmp\OWinstaller.exe |
| PID 3520 wrote to memory of 1216 | N/A | C:\Users\Admin\AppData\Local\Temp\Lunar Client - Installer.exe | C:\Users\Admin\AppData\Local\Temp\nss9AE9.tmp\OWinstaller.exe |
Processes
C:\Users\Admin\AppData\Local\Temp\Lunar Client - Installer.exe
"C:\Users\Admin\AppData\Local\Temp\Lunar Client - Installer.exe"
C:\Users\Admin\AppData\Local\Temp\nss9AE9.tmp\OWinstaller.exe
"C:\Users\Admin\AppData\Local\Temp\nss9AE9.tmp\OWinstaller.exe" Sel=0&Extension=jilehohlakeokncafogkgnicgndeecdiengddbcc&UtmSource=client-site&UtmMedium=download-page&UtmCampaign=direct&Referer=www.lunarclient.com&Browser=chrome -partnerCustomizationLevel 1 -customPromoPages --owelectronUrl=https://launcherupdates.lunarclientcdn.com/latest-ow.yml -AllowWindowsInsider --disable-change-location --disable-ow-shortcut-ui --disable-app-shortcut-ui --enable-app-shortcut --eula-url=https://www.lunarclient.com/terms --privacy-url=https://www.lunarclient.com/privacy --silent-setup --app-name="Lunar Client" --auto-close -exepath C:\Users\Admin\AppData\Local\Temp\Lunar Client - Installer.exe
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 104.219.191.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | analyticsnew.overwolf.com | udp |
| GB | 54.230.10.73:443 | analyticsnew.overwolf.com | tcp |
| GB | 142.250.178.14:80 | www.google-analytics.com | tcp |
| US | 8.8.8.8:53 | 14.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 73.10.230.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 4.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 217.106.137.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 212.20.149.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 101.11.19.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 210.108.222.173.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 205.47.74.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 55.36.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\nss9AE9.tmp\UserInfo.dll
| MD5 | 1dd4ca0f4a94155f8d46ec95a20ada4a |
| SHA1 | 5869f0d89e5422c5c4ad411e0a6a8d5b2321ff81 |
| SHA256 | a27dc3069793535cb64123c27dca8748983d133c8fa5aaddee8cdbc83f16986d |
| SHA512 | f4914edc0357af44ed2855d5807c99c8168b305e6b7904dc865771ad0ee90756038612fe69c67b459c468396d1d39875395b1c8ec69e6da559fb92859204763e |
C:\Users\Admin\AppData\Local\Temp\nss9AE9.tmp\System.dll
| MD5 | 51bd16a2ea23ae1e7a92cedc6785c82e |
| SHA1 | a9fbaeb9a695b9f2ba8a3ed8f0d95d2bf6a3d36c |
| SHA256 | 4dbc79d2b1c7987cc64bb5d014db81bb5108bdd6d8bf3a5f820fac1ded62be33 |
| SHA512 | 66ffc18b2daf6c4cba01aef0e4af2f006a51aa218eab0f21dc66e47eea0389d2b1748ef0e30d2ec9f0123fd7f38ed3aee964dd6bde5779aaee19ebf55369af79 |
C:\Users\Admin\AppData\Local\Temp\nss9AE9.tmp\uac.dll
| MD5 | 861f7e800bb28f68927e65719869409c |
| SHA1 | a12bfcd2b9950e758ead281a9afbf1895bf10539 |
| SHA256 | 10a0e8cf46038ab3b2c3cf5dce407b9a043a631cbde9a5c8bcf0a54b2566c010 |
| SHA512 | f2bf24a0da69bbe4b4a0f0b1bfc5af175a66b8bcc4f5cc379ed0b89166fa9ffe1e16206b41fca7260ac7f8b86f8695b76f016bb371d7642aa71e61e29a3976eb |
C:\Users\Admin\AppData\Local\Temp\nss9AE9.tmp\utils.dll
| MD5 | c6b46a5fcdccbf3aeff930b1e5b383d4 |
| SHA1 | 6d5a8e08de862b283610bad2f6ce44936f439821 |
| SHA256 | 251ab3e2690562dcfcd510642607f206e6dcf626d06d94b74e1fa8297b1050a0 |
| SHA512 | 97616475ef425421959489b650810b185488fcb02a1e90406b3014e948e66e5101df583815fd2be26d9c4d293a46b02ba4025426f743e682ed15d228f027f55c |
C:\Users\Admin\AppData\Local\Temp\nss9AE9.tmp\OWInstaller.exe
| MD5 | 26ec6fdabe608b621f85d22b1985319d |
| SHA1 | 0b7dcc560ed2d7d2d0a614e88796b11aeea05311 |
| SHA256 | cb4fa684a847fcb467a738b5f50c0a385d76b91e711e0ce4b72d41cc597b9714 |
| SHA512 | 4818cae9887478afd432fe6c8b12c8baf184e93734a943fe00e552cf5875c97d96c819c7ebadf20a8cd43b3dbd1f3e559ee613da8a3d55b2b176b143e825d125 |
C:\Users\Admin\AppData\Local\Temp\nss9AE9.tmp\OWinstaller.exe.config
| MD5 | 82d22e4e19e27e306317513b9bfa70ff |
| SHA1 | ff3c7dd06b7fff9c12b1beaf0ca32517710ac161 |
| SHA256 | 272e4c5364193e73633caa3793e07509a349b79314ea01808b24fdb12c51b827 |
| SHA512 | b0fb708f6bcab923f5b381b7f03b3220793eff69559e895d7cf0e33781358ec2159f9c8276bf8ba81302feda8721327d43607868de5caaa9015d7bb82060a0b9 |
memory/1216-127-0x00007FF8148A3000-0x00007FF8148A5000-memory.dmp
memory/1216-129-0x000001A6BE0F0000-0x000001A6BE13C000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\nss9AE9.tmp\OverWolf.Client.CommonUtils.dll
| MD5 | cc208a83fdf244bf8bd73c163dac39f0 |
| SHA1 | 5ffdd23728051c20850cdce7cc4d5970b5321323 |
| SHA256 | 6bb4b0ec3d131f212d0f0ded7788feefa1dce1c312ae1aaceaa0db3e73acac79 |
| SHA512 | 6cb09449120bcf76e144dce74efd54f88fda7c1f7c25ed61e1bf4127607bb312bc020c0ba29fc70ab001a886949e0faa67bdd609fd38bba8e119e218e9fba46a |
memory/1216-133-0x000001A6BFED0000-0x000001A6BFF74000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\nss9AE9.tmp\CommandLine.dll
| MD5 | 42b8558275c6838bf25616b05f5b1cc2 |
| SHA1 | 352cb161808e3cc360ef5ef67d3559d258f23448 |
| SHA256 | d98011873f275393db4810ca9ffe5a066c66cd157fa1c2d46a312824e86fa6f6 |
| SHA512 | 38266c98b3a86ef373298479c8b585ebbb66f52099812e29faf25a7e6e2d12b3896d69db72a9f65becbf8e2b643c2664a3c09275265a1e15622076de70d0afc7 |
memory/1216-135-0x000001A6BFDE0000-0x000001A6BFDF4000-memory.dmp
memory/1216-136-0x000001A6D8BD0000-0x000001A6D90F8000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\nss9AE9.tmp\log4net.dll
| MD5 | f15c8a9e2876568b3910189b2d493706 |
| SHA1 | 32634db97e7c1705286cb1ac5ce20bc4e0ec17af |
| SHA256 | ae9c8073c3357c490f5d1c64101362918357c568f6b9380a60b09a4a4c1ff309 |
| SHA512 | 805cd0a70aba2f1cf66e557d51ad30d42b32fbafcfbc6685ec204bc69847619479f653f4f33a4e466055707880d982eb1574ddab8edfa3c641e51cda950e2a0e |
memory/1216-138-0x000001A6D87A0000-0x000001A6D87E6000-memory.dmp
memory/1216-139-0x00007FF8148A0000-0x00007FF815361000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\nss9AE9.tmp\SharpRaven.dll
| MD5 | 96e7c0177c15bc7a157c51612f3369bf |
| SHA1 | 1e89f4bc3fdb3cb1724ab0c283195b6aebb1532e |
| SHA256 | 50532b392723aeff6f3e20c5196a8c4bb5865d1ff7d537fc9c27af6aa24d6e2e |
| SHA512 | 929b0b6b60bc0734a9858943af4645bb1bcf95a3f00fad01434997f89c7a2e816d5d8b612744dcb62fff354e5253abfe4c11c252e1fa825cef4a764559c0d432 |
memory/1216-143-0x000001A6BFE90000-0x000001A6BFEA8000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\nss9AE9.tmp\Newtonsoft.Json.dll
| MD5 | 98cbb64f074dc600b23a2ee1a0f46448 |
| SHA1 | c5e5ec666eeb51ec15d69d27685fe50148893e34 |
| SHA256 | 7b44639cbfbc8ddac8c7a3de8ffa97a7460bebb0d54e9ff2e1ccdc3a742c2b13 |
| SHA512 | eb9eabee5494f5eb1062a33cc605b66d051da6c6990860fe4fd20e5b137458277a636cf27c4f133012d7e0efaa5feb6f48f1e2f342008482c951a6d61feec147 |
C:\Users\Admin\AppData\Local\Overwolf\Settings\SettingsPageBasic.xml
| MD5 | 429b7b6661a5f41f5895151857b25d01 |
| SHA1 | c56e839d76206a7b18ac21d17189261bd942bde7 |
| SHA256 | 6d6b9f385cc162e4890ce7147cbea508f872d591dda84e008e7edbbbefc5a928 |
| SHA512 | add7140b8a72670e2192ef8a860858cbd65f646cb8976124da8bcbd223ef76f5725a8c22712db51362eaa24369fdbe75a84e6745101e81d28d1037d2df5d0dfb |
C:\Users\Admin\AppData\Local\Temp\nss9AE9.tmp\app\manifest.json
| MD5 | bd268881845661738233611c5abaa301 |
| SHA1 | 038b46a10a4af115c038d8474fe4080343985d65 |
| SHA256 | 398b7082f2aa42bba54fe2559e18e6b8f924413733e37dd6808ccc81b1d36a99 |
| SHA512 | 2b3650fd5a8061a84605ee5553a216094eaf7d9ac9404b012f4ce99482adf25dc18d40d207f4a7f9617abecae455be322d463666e4d92cbe5cc96dfbd2d6d693 |
memory/1216-154-0x000001A6D8A30000-0x000001A6D8AE0000-memory.dmp
memory/1216-172-0x000001A6D89B0000-0x000001A6D89D2000-memory.dmp
memory/1216-175-0x00007FF8148A0000-0x00007FF815361000-memory.dmp
memory/1216-177-0x00007FF8148A0000-0x00007FF815361000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\nss9AE9.tmp\app\images\icon.ico
| MD5 | af5a51fc5d3cf1861f2a470711355265 |
| SHA1 | bb6ef7a49986f46b1347f007a327b7b35d28e4c3 |
| SHA256 | 70e7e734171c8c32bcfe8967bb3d91fbe259952ec9c92b6562095614ff465a1b |
| SHA512 | c3de8de1db9177521e87cb099a15ab4897e5d3a9b8b4086a555689743d9945fc23bc5c9a2409f26b2d120031e355ec6949ead3017c3b44cff7b701ad72073b8b |
C:\Users\Admin\AppData\Local\Temp\nss9AE9.tmp\app\index.html
| MD5 | 423d2e2f7e21b856cb5f3ee3dcbfa5a0 |
| SHA1 | eda0e357387913daf57a0c683c34b4b8a5d7baf7 |
| SHA256 | cd59efa2fe7cbe222d03a946c34eaacdb3761e922763952d7be4555addf8572c |
| SHA512 | c403307549af9bf7cfd34295a8b1020e7b7489d104b5fdaf4320b495f85977134796774dbf4f20f8fd0b2d1f2188b881a1cc35cec56aa64a3dc84bf1c2d21b4b |
memory/1216-181-0x00007FF8148A0000-0x00007FF815361000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\nss9AE9.tmp\app\js\libs\jquery-1.10.2.min.js
| MD5 | 44e3f0db3e4ab6fedc5758c05cf27591 |
| SHA1 | 2d408aa1d35661019c95adcc60b78c0727ed25b4 |
| SHA256 | bc44d3631ffef1df7960e359f02002d3ada45ee05205c2cf1edd85da2f518144 |
| SHA512 | 4d4844e53e686fc59a52e86588f328dca3ed6fdad7195c58942a98c51755a24981b903ee7c7b27785375eaad5a7d9501cf74b999674b79f214e66103bad9efdc |
C:\Users\Admin\AppData\Local\Temp\nss9AE9.tmp\app\js\libs\cmp.bundle.js
| MD5 | 16fc087f1323fce759abc94f985f9dc0 |
| SHA1 | 4f9fcb398d19077ac5b39c107a9934d3d41c8d71 |
| SHA256 | 304f8a03efd2a1e65f08b0606dca97c66f4875a4d71a9e4ad7a83fbb36731ded |
| SHA512 | 37696e22931829c05f53b6a5fee734dd4631836e20eeff7186aa8a5b0a1b8bc765c7ed42af0ade2d403cb7020c6c9913be2caf25db6388524b48a773c4e334bb |
C:\Users\Admin\AppData\Local\Temp\nss9AE9.tmp\app\js\windows\cri\template.js
| MD5 | 76c1ef0cb437db144c2bed53a5a8a5d7 |
| SHA1 | aaab8fff649f8e46d1e9510018118ee9abe01498 |
| SHA256 | 505d3c4de7d9cf8f0155b5b1a3c8792bc0ca2eda6781b441bd85455f144be22e |
| SHA512 | 822bf9feda91c89539d263c6c9053163e8dfa3c511195bc61a9b608b4687fb4048733323f03dd30a7ab661a4be4acf6c8d8ae7bb6723771122540a9551899c3e |
C:\Users\Admin\AppData\Local\Temp\nss9AE9.tmp\app\js\utils\commands.js
| MD5 | a25b49d085333ece9aadd1f285795925 |
| SHA1 | 53341dcca297a969a8ff37265935488f1790307e |
| SHA256 | acbf59ce6aa668880f65aab2bfe62305415c76301b40bc7f72777f0b08840b71 |
| SHA512 | 0a2cb6f4e1af0c4205e38ba1e12c208e6ea4f8f8e3956c9d10b312aa9a6929b99ec967aee7aa1f54da97ca6ea354f8bd7f624359cfd05c6241a5f4bf59843b68 |
C:\Users\Admin\AppData\Local\Temp\nss9AE9.tmp\app\js\utils\analytics.js
| MD5 | 525281e9959af4c1c0d11b9243c798a1 |
| SHA1 | 237a84c5b57bd132f48446d718b20640cb28c263 |
| SHA256 | c37f0699cf8ba7d9e3e0f73f1b2af65f4bdc2a31f44594ffc8c73e98b6c2fd1d |
| SHA512 | fe5bafda7773e69c65dd63270e0306abcd39cb2d886b675ab8c714ae0833efde963b69623d468551a1ab37f1db1a1d457f1568f7a29d9cf0bb23bb0edcab5fc4 |
C:\Users\Admin\AppData\Local\Temp\nss9AE9.tmp\app\js\windows\progress\progress-1-controller.js
| MD5 | 82f0b997ed552c52a510a9f2ab29dc3a |
| SHA1 | 92aec3a656053c71eccdde610130f5d8008fa96f |
| SHA256 | 838bab990ce38372dfedb50eb0a270db705811729630ab8557c08bd1e9e8e105 |
| SHA512 | ecf67f877002d746eff8af3a50155aa381513ddafd17b6bff0188c85f0765579fea0112e82e1371f962b1f5decc94b65e6120f21fb516533dac35a2d541065bf |
C:\Users\Admin\AppData\Local\Temp\nss9AE9.tmp\app\js\windows\main\template.js
| MD5 | a118c7724c208f12083240cafccfd10b |
| SHA1 | f89c676a215b869626737862a08c9eb07d440211 |
| SHA256 | 63a43bb08403972d0f4b0e381bd264af14e826e0035242bc1baa9a815956b8fc |
| SHA512 | 9fede79044ae5de7baf5bfba0d5a515ce462a25420026ff45bcf1751e57510023cb40df42d08e880114f62b38ddb218355d5357b725df32a41ae4e6a18414cb3 |
C:\Users\Admin\AppData\Local\Temp\nss9AE9.tmp\app\js\app.js
| MD5 | de88fce9253d26e0c61daa1783baa775 |
| SHA1 | 07c5848354a247056baad369059aac9d3c940ecc |
| SHA256 | 993f140f9f4e5cdbdcc657a3c159328bf58b3483dbc27c451516a556763a79ba |
| SHA512 | 71ddd47ef7ed7c02fb31e8ffa2ea6d1b5178dbda2ab37bac208e088c8ba2127e0cf5eaa74ee7ad5809fa69e534853312c6c8775c68aeda63bf0e4a5caefa39b7 |
C:\Users\Admin\AppData\Local\Temp\nss9AE9.tmp\app\js\windows\main\main-controller.js
| MD5 | 15b665a5c915004e1aa7e9e11a710f7e |
| SHA1 | 7821924e42bb19d60c572ff80bbaaa04d7aaeefb |
| SHA256 | 84dc33e2eb3118fc77a38b0ca53af42c53f6eb85cfb1e8737dbe39fa03515653 |
| SHA512 | dd47f7bac0dbaac714e6d2fc91b4c24756ca4acb70bdbc4b54cd5216552d6bb85ba2e1c3c8445c5fb40d116dfab6569945cd74730bb7c8f3cf46e8d08f8afa02 |
C:\Users\Admin\AppData\Local\Temp\nss9AE9.tmp\app\js\windows\finish-with-recommended-app\finish-with-recommended-app-controller.js
| MD5 | eb6d6bd7e05d4477e2704dd87b57ca35 |
| SHA1 | f42672ec1e23a3f4bcc2952746d87ba8deff44be |
| SHA256 | 5ca97132a258ed1f36e401d70ccb95be2c9e18395e6010c40f61172914477de5 |
| SHA512 | 1402d611f910cf5078e804175fa4693b591348d3e7cf6d0a6bbe026c259eb9e0bc285233c80cb2f4690674c3e927bc72fbdcbe758826b98fd02ecb3ed82e339a |
C:\Users\Admin\AppData\Local\Temp\nss9AE9.tmp\app\js\windows\finish-with-recommended-app\template.js
| MD5 | d1cb34b57cef7e28b9286454b197b712 |
| SHA1 | f3a964b319bab82d4eda07e126bbfd6dec35c349 |
| SHA256 | b61dfc304b46e8cd95d7b15bb93c6160b30523a1a093397a84fc8b8bed00ac42 |
| SHA512 | 3a07de9c58134edbb7998f85e6d037a0cd066e32c4daa07594a949a7574f5693153bbcdb59739e1a92e847ab1128e2369fb30ba76a7b9cdfa9a37a409db691c1 |
C:\Users\Admin\AppData\Local\Temp\nss9AE9.tmp\app\js\windows\finish\finish-controller.js
| MD5 | 138240ea22084428e9e25583e9156568 |
| SHA1 | e8bef7eab5b6e7040b996ec9504436e073444bd9 |
| SHA256 | 4cb4e1aa25c15ae5f2e63fa4658a8acff0ce63e0f59cb6eb634df2dfe336e2ec |
| SHA512 | e97b81b0ecd964e6e909019353efe4f5582f65763ac4197d754f1c4eea19cfc249900ae597fd33e29f531bb0d1c7e0f010793c59a2b0099fa75ad0b7d01ce8a7 |
C:\Users\Admin\AppData\Local\Temp\nss9AE9.tmp\app\js\windows\finish\template.js
| MD5 | f092de7ea66d8e920b345f38537fa35d |
| SHA1 | 82d107a409f18878307ae0cefe24074db64937c4 |
| SHA256 | b05f111369e12ecb4cdc6526dd554061eb31097aa0de4bd126ddc185b69d922f |
| SHA512 | 14942c0122f216c07595cbaae498f9c4d37a2d0fd95f262c332502befdf4566c7a042c4d85702c1d82a111123dde677096195e9efeb1d74eb1dfd4df84d01a23 |
C:\Users\Admin\AppData\Local\Temp\nss9AE9.tmp\app\js\windows\progress\template.js
| MD5 | 92b145e6649ba0add3dee9a69d3fa91e |
| SHA1 | 4db1a45392ec973cc8a7eecf3a30a9a7ecc7a64d |
| SHA256 | a7128a08bca53dd919cab3e5cb4dab31ded7ae2dafc957209b9fdd23f3b944ab |
| SHA512 | 747a087dffdba5c92d9f4c8923615d388b9c4c79d3b71d3cb90487aa37c132290a4f5107eef3055c03eadcb9614e20d4655393dc9251fab7e0ee2438f0d95751 |
C:\Users\Admin\AppData\Local\Temp\nss9AE9.tmp\app\js\windows\privacy\privacy-controller.js
| MD5 | 10897b8f8e410b128258fd4fcb183bb3 |
| SHA1 | e8dbd5a9018a2183a43f30da503d10a91f104763 |
| SHA256 | 67556e333a57f50c62bb68f7bb08fbc619d7cb5342e05a75d5023d376c56d306 |
| SHA512 | 307bfdec5d5a1495be300f61f2c3a8477a9b08da607244f6f72de3238fdff6d6d095e9d05f5ccf2780b8e56d2b48835da82ce4519d329fdbd6aad28a2ee82d39 |
C:\Users\Admin\AppData\Local\Temp\nss9AE9.tmp\app\js\windows\privacy\template.js
| MD5 | cf8d2c26520d7c84e560dfa79e31dcd3 |
| SHA1 | 716f2ec17480d5cc9c145bc147833fbfc39d36f0 |
| SHA256 | 95c459eae0edccdb94702aea603a097e461daa0e5f37dcd0e30de7df665433a8 |
| SHA512 | d466dcf7e86a4295857020feea281fc89f519f6bf1e79c3b5e1046d0745c9c9010377b1941e06c9a9b2c78a4173ed9909332d5d6c39b05f460e8a863086c895b |
C:\Users\Admin\AppData\Local\Temp\nss9AE9.tmp\app\js\windows\settings\settings-controller.js
| MD5 | 378c18dd7d5cee6ca7c4ddd0396b535b |
| SHA1 | d5f81d4fab29201fd1629dc4d8e6f918c0c30479 |
| SHA256 | b5c5dc5e0684fd97eb4c45896dc1c2de8a6a6fdc63b6aa83a99103c15787ef35 |
| SHA512 | c29416b3f0245f4826d857dc8c52c969071d2410c945bda96f38f59a9bc7137ee534d84865e5ac55a1e3cea6bb705c5d592725af709cd97e7f38ff05dbaafe5b |
C:\Users\Admin\AppData\Local\Temp\nss9AE9.tmp\app\js\windows\settings\template.js
| MD5 | 28513de0830383a516028e4a6e7585a0 |
| SHA1 | d31fc3a6f4a3ce6c4afb82ff2342a1ed718809e5 |
| SHA256 | 8014a7c919da249ba2f2196d9c9b62639d20851be426f3ffaef161cbe477c45f |
| SHA512 | 0f7321c2ae13145bb694368dae1b74e6fe20e6b09712da2178bc46e6aa65223ab84c38abbf0ed074c85b42dba1a238a5f3f8d1ae060a0af6df748c5befe11b61 |
C:\Users\Admin\AppData\Local\Temp\nss9AE9.tmp\app\js\windows\welcome\welcome-controller.js
| MD5 | 50f676754862a2ab47a582dd4d79ecf3 |
| SHA1 | 1cb2f4b11f9f8cfc8dc57ff29d0256dec4811158 |
| SHA256 | 6155691dbdd66290109afb91617f9cf68af6bd912991d5d27b922f5faa7f530b |
| SHA512 | ccfc89e08fd36f0a694fcda17efb84ca285b6c62afe2e3a794fdad19b6882a4b618645f4d9171673ba56fb4c55fce336d6b8d26dec3a5cc11293ae2b211f499f |
C:\Users\Admin\AppData\Local\Temp\nss9AE9.tmp\app\js\windows\welcome\template.js
| MD5 | 17f54fca6723b983875d940d931e0afb |
| SHA1 | 01774cd5cea36bd74c80a708d6f77567e8091024 |
| SHA256 | 42c546e9da748ef76fdab56b96fd511eb607617a9ba37b3dc420148b769d8acb |
| SHA512 | 401df9a54cd14c19227d91bd08b4775a7b437644b4ca0d1d636d3e07b04591f9c5516e80040ae6a79ba400457d15e3d80aa148a63de870a64664fc5a02f7a038 |
C:\Users\Admin\AppData\Local\Temp\nss9AE9.tmp\app\js\windows\cri\cri-controller.js
| MD5 | 4e4b4a9e2d86ae3c108105078db6d730 |
| SHA1 | 826946be793c999316af6c1db10523950b18ea2c |
| SHA256 | cee7fc5a36a01a439125be031923d7e7415ec56194255048098169a0108034b7 |
| SHA512 | 1420065cd000ce9b9c39d27b5dc5f4055f67146e06573a03184649851c9745f0c0af2b5e35b41b5923703dd74e32f9ed95fc59a43db25f854584e319950beffe |
C:\Users\Admin\AppData\Local\Temp\nss9AE9.tmp\app\js\windows\modal\modal-controller.js
| MD5 | b04bdfd1c7d09bdbdb94a2455fdd677b |
| SHA1 | f000ba4866ff16d75bfd6cf446763498e19b12b1 |
| SHA256 | 4565ee81ffe222b31982088b1c18850076e3acf59198ebce08118e12cbd87ea1 |
| SHA512 | 3cb6ef0a16309046e7f407e7321eb12212b0eec09ec1a04b1d813f6c7a04546714865c3b398a93985041f598156ed905ebd23a64260801281b29ada9bc19ec5c |
C:\Users\Admin\AppData\Local\Temp\nss9AE9.tmp\app\js\utils\modal-events-delegate.js
| MD5 | 117e4fdbdb0ecf211c8bd909efd337d1 |
| SHA1 | 9f8684d856b7c95bdffb139217dfd89f41373187 |
| SHA256 | 267661f932a2ea78d8c7a98cc03d1b18d7cb8132deb84636772ecd1fcfbe4857 |
| SHA512 | f474ee20b59d3d0c11f9f6aee6b6e2b66f7025beaec9841f88455e60533dc96cb4e27910be0dae92b0028c5578932b7f459fdb91d594ad010f72a3b3af6addb1 |
C:\Users\Admin\AppData\Local\Temp\nss9AE9.tmp\app\js\models\notifications.js
| MD5 | 85afdf9897bb1236eff3afa40d15ece6 |
| SHA1 | 4362bdd139458eaf4a2dcb34294b43e2d53f4a26 |
| SHA256 | 9dd03dfc92bcb74f3725aae60e904c0a56cc84f299bbb8e863a869719f6fdd32 |
| SHA512 | 4ab86c6bafba18f53f01ca913ceaa80f14900107069a1d5f65b108d35690bd8b50b1a6cdf1563fc5775909f69208dabebd139f3cf3d8576269d560d57cf9994c |
C:\Users\Admin\AppData\Local\Temp\nss9AE9.tmp\app\js\utils\cookies.js
| MD5 | 6c60e675f8c8c68c0174b644d3a63a2a |
| SHA1 | 3635a3fe07ccc4a6f33a986ddb690522d0611abb |
| SHA256 | 9d3cb3822e20d6f5157faa02dc69bdaef44576c3fb5523e00aa152107ce30287 |
| SHA512 | 1dc9ec7b139bcf37107ecd673c01e4fcc606332ea1645a4a1b4e5d95f817d4c99d5964cd3d941a6a526689341d9623b17b4efc002cdf4c73404299d52b1be452 |
C:\Users\Admin\AppData\Local\Temp\nss9AE9.tmp\app\js\utils\utils.js
| MD5 | a0952ebeab701c05c75710c33d725e7e |
| SHA1 | 1da8a2e889f1213d481ae3cd5571670c01e64adc |
| SHA256 | b4f0c48cbfeaf8141fd44b12031e3f0410cb0cdc313888ffdb14fdf1d2341246 |
| SHA512 | 5e5ae616d3fded7d2bf47a326242c4477ca3119fb52897bfb41de0be230ccbd6c3da2c00268b3973e9bf7b4f2886aba64fd9719b448662e4130ee66d87913389 |
C:\Users\Admin\AppData\Local\Temp\nss9AE9.tmp\app\js\utils\strings-loader.js
| MD5 | 9c94eb933d8a43dd3825e67a7e30c980 |
| SHA1 | 7ec7b16af6f399219209ba5967d377040486a11b |
| SHA256 | 96445709fde2613af50f4b8908296d4bfccdccb2d9db9febc34a9bf4dcc70ecf |
| SHA512 | a662a299e31633f71a9b9675970359430fdac06dcc284fd7ce92919f244c7f921639f97a42356e993a95865e6c9f198dcba82c126f82065bf2009a31ec9b02f5 |
C:\Users\Admin\AppData\Local\Temp\nss9AE9.tmp\app\js\block_inputs.js
| MD5 | b5b52c92b90f4283a761cb8a40860c75 |
| SHA1 | 7212e7e566795017e179e7b9c9bf223b0cdb9ec2 |
| SHA256 | f8dbd6793b35f7a26806f4dabad157aaafdf6d66fad094b50c77d60f223fd544 |
| SHA512 | 16ad53ede5424ca1384e3caea25225589e9eec9e80e2d845948802db90fad222f709a7b651cd7601a34ba67a0627433f25764638fd542cbd4612871308e7b353 |
memory/1216-212-0x000001AEDD1E0000-0x000001AEDD986000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\nss9AE9.tmp\app\assets\fonts\lato\LatoLatin-Regular.eot
| MD5 | 6cfad5881181ae658a6efdd68889a690 |
| SHA1 | 5b54f6ccc20ed3a078fbdf94d7a68ac80002624d |
| SHA256 | c6c970b103b3c3aa83f7a45172619a4451ea5f015f9f3ef4fd08c9a4aa895cbc |
| SHA512 | ddd3d43540eb3d4eef48d0834136de1e7bf23a52f286d0a666cf57c7d685aadf1cea6d37c88f9d7ce5ad6143d7c3213f54b16a11f616b7dce154bba50997bbe7 |
memory/1216-214-0x00007FF8148A0000-0x00007FF815361000-memory.dmp
Analysis: behavioral11
Detonation Overview
Submitted
2024-10-22 19:51
Reported
2024-10-22 19:54
Platform
win7-20241010-en
Max time kernel
11s
Max time network
19s
Command Line
Signatures
Command and Scripting Interpreter: JavaScript
Processes
C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\app\js\libs\cmp.bundle.js
Network
Files
Analysis: behavioral31
Detonation Overview
Submitted
2024-10-22 19:51
Reported
2024-10-22 19:54
Platform
win7-20240729-en
Max time kernel
63s
Max time network
17s
Command Line
Signatures
Command and Scripting Interpreter: JavaScript
Processes
C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\app\js\windows\cri\template.js
Network
Files
Analysis: behavioral6
Detonation Overview
Submitted
2024-10-22 19:51
Reported
2024-10-22 19:54
Platform
win10v2004-20241007-en
Max time kernel
145s
Max time network
139s
Command Line
Signatures
Browser Information Discovery
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\app\index.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffce88746f8,0x7ffce8874708,0x7ffce8874718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2060,14609003289803370135,2143596058717336362,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2072 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2060,14609003289803370135,2143596058717336362,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2284 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2060,14609003289803370135,2143596058717336362,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2664 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,14609003289803370135,2143596058717336362,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3224 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,14609003289803370135,2143596058717336362,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3248 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2060,14609003289803370135,2143596058717336362,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5136 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2060,14609003289803370135,2143596058717336362,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5136 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,14609003289803370135,2143596058717336362,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5240 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,14609003289803370135,2143596058717336362,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5256 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,14609003289803370135,2143596058717336362,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3224 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,14609003289803370135,2143596058717336362,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3392 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2060,14609003289803370135,2143596058717336362,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5304 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 154.239.44.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | content.overwolf.com | udp |
| US | 3.165.148.108:443 | content.overwolf.com | tcp |
| US | 3.165.148.108:443 | content.overwolf.com | tcp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 150.171.27.10:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | 10.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 108.148.165.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 71.10.230.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 67.204.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.27.171.150.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 196.249.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 212.20.149.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.42.69.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 71.209.201.84.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 55.36.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | a0486d6f8406d852dd805b66ff467692 |
| SHA1 | 77ba1f63142e86b21c951b808f4bc5d8ed89b571 |
| SHA256 | c0745fd195f3a51b27e4d35a626378a62935dccebefb94db404166befd68b2be |
| SHA512 | 065a62032eb799fade5fe75f390e7ab3c9442d74cb8b520d846662d144433f39b9186b3ef3db3480cd1d1d655d8f0630855ed5d6e85cf157a40c38a19375ed8a |
\??\pipe\LOCAL\crashpad_2132_VWSVGNSLAFJKAIOI
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | dc058ebc0f8181946a312f0be99ed79c |
| SHA1 | 0c6f376ed8f2d4c275336048c7c9ef9edf18bff0 |
| SHA256 | 378701e87dcff90aa092702bc299859d6ae8f7e313f773bf594f81df6f40bf6a |
| SHA512 | 36e0de64a554762b28045baebf9f71930c59d608f8d05c5faf8906d62eaf83f6d856ef1d1b38110e512fbb1a85d3e2310be11a7f679c6b5b3c62313cc7af52aa |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | b1e1d2fddd85211cfbda6be8a8f65c58 |
| SHA1 | a3350d61b581b35ccc3d42125938f4bcbc1d29a4 |
| SHA256 | 4ddcdbd112b08dd18cf229cc9035068ffd73e2a6f8d4435b5b33e48e92005f7e |
| SHA512 | 424bf0136b641d2c31dddbc3d6f48d1072d46efef70d882b768773fde04d6bbe34184268d822453cf478c22cde28d2c49bc631ed514fbcc0e5b423d37c356def |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | be915854bcfa303927c10cca38bfdf00 |
| SHA1 | 445713fbb9b02f125c3226ef425ea802c9ebfee3 |
| SHA256 | 90ea994f2504216ac491f4086ff85e79202d63c9a54fdb765ba5e5853318c153 |
| SHA512 | 05340db68de58cfdc8ae05e6261d70f9d2fba5e265b7ea1110237a297f69311eee481f78f5f2b240f6448a88785a8c87946d7a01a53536fba31c9f524c78f9b7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | e172a861d37974eb60e617ec5d7d2de8 |
| SHA1 | 8f36b4e45ecc1c7a7360be96c65de781d0b5fc15 |
| SHA256 | 2427e5bc5c591b729d9d9c7ad276ef1a390a81fa54f93f6f7f6b3a115c5af8ef |
| SHA512 | 81d13510df05a888f2c09f3a13a96bc3fb58506af3e3583ee62beed486239a9f9b580bf856082f582dca7bd157b69cea6336983080ffc56078f22af5f1aaab40 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | a70f55d20a5029c64247c25b3f91ddbe |
| SHA1 | bdddd3e54b3176b24799d267e04509044c2d7796 |
| SHA256 | 9e7498879a700b6c0b88b251afad4e08f2117095a4140b29e482b046f0d9d99d |
| SHA512 | 9db165f062f4820b5f63dc310fa6ee9735ceb6571e3065aeb02f7280f3567f0c10208049ed70c160d79c202363acc8c247b377661efba82708bc86606b6f7392 |
Analysis: behavioral7
Detonation Overview
Submitted
2024-10-22 19:51
Reported
2024-10-22 19:54
Platform
win7-20240708-en
Max time kernel
117s
Max time network
121s
Command Line
Signatures
Command and Scripting Interpreter: JavaScript
Processes
C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\app\js\app.js
Network
Files
Analysis: behavioral23
Detonation Overview
Submitted
2024-10-22 19:51
Reported
2024-10-22 19:54
Platform
win7-20240903-en
Max time kernel
118s
Max time network
121s
Command Line
Signatures
Command and Scripting Interpreter: JavaScript
Processes
C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\app\js\utils\modal-events-delegate.js
Network
Files
Analysis: behavioral25
Detonation Overview
Submitted
2024-10-22 19:51
Reported
2024-10-22 19:54
Platform
win7-20240708-en
Max time kernel
120s
Max time network
124s
Command Line
Signatures
Command and Scripting Interpreter: JavaScript
Processes
C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\app\js\utils\strings-loader.js
Network
Files
Analysis: behavioral27
Detonation Overview
Submitted
2024-10-22 19:51
Reported
2024-10-22 19:54
Platform
win7-20240903-en
Max time kernel
121s
Max time network
122s
Command Line
Signatures
Command and Scripting Interpreter: JavaScript
Processes
C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\app\js\utils\utils.js
Network
Files
Analysis: behavioral28
Detonation Overview
Submitted
2024-10-22 19:51
Reported
2024-10-22 19:54
Platform
win10v2004-20241007-en
Max time kernel
149s
Max time network
153s
Command Line
Signatures
Command and Scripting Interpreter: JavaScript
Processes
C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\app\js\utils\utils.js
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 241.150.49.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 150.171.27.10:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | 10.27.171.150.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 71.31.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 209.205.72.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 154.239.44.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 53.210.109.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 104.209.201.84.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 8.8.8.8:53 | 57.169.31.20.in-addr.arpa | udp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 88.65.42.20.in-addr.arpa | udp |
Files
Analysis: behavioral30
Detonation Overview
Submitted
2024-10-22 19:51
Reported
2024-10-22 19:54
Platform
win10v2004-20241007-en
Max time kernel
149s
Max time network
157s
Command Line
Signatures
Command and Scripting Interpreter: JavaScript
Processes
C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\app\js\windows\cri\cri-controller.js
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 154.239.44.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.156.103.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.150.49.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 212.20.149.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 75.209.201.84.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 29.243.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 14.179.89.13.in-addr.arpa | udp |
Files
Analysis: behavioral32
Detonation Overview
Submitted
2024-10-22 19:51
Reported
2024-10-22 19:54
Platform
win10v2004-20241007-en
Max time kernel
135s
Max time network
106s
Command Line
Signatures
Command and Scripting Interpreter: JavaScript
Processes
C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\app\js\windows\cri\template.js
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 241.150.49.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 75.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 57.169.31.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 154.239.44.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 209.205.72.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 53.210.109.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 67.209.201.84.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.236.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.35.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 10.28.171.150.in-addr.arpa | udp |
Files
Analysis: behavioral8
Detonation Overview
Submitted
2024-10-22 19:51
Reported
2024-10-22 19:54
Platform
win10v2004-20241007-en
Max time kernel
139s
Max time network
130s
Command Line
Signatures
Command and Scripting Interpreter: JavaScript
Processes
C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\app\js\app.js
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 196.249.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 210.108.222.173.in-addr.arpa | udp |
| US | 150.171.28.10:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 0.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 217.106.137.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.156.103.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 212.20.149.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 101.11.19.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 195.108.222.173.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 57.169.31.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.27.171.150.in-addr.arpa | udp |
Files
Analysis: behavioral10
Detonation Overview
Submitted
2024-10-22 19:51
Reported
2024-10-22 19:54
Platform
win10v2004-20241007-en
Max time kernel
150s
Max time network
152s
Command Line
Signatures
Command and Scripting Interpreter: JavaScript
Processes
C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\app\js\block_inputs.js
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 241.150.49.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 150.171.27.10:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 73.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.27.171.150.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 209.205.72.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 197.87.175.4.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.42.69.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 110.11.19.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 11.173.189.20.in-addr.arpa | udp |
Files
Analysis: behavioral16
Detonation Overview
Submitted
2024-10-22 19:51
Reported
2024-10-22 19:54
Platform
win10v2004-20241007-en
Max time kernel
149s
Max time network
152s
Command Line
Signatures
Command and Scripting Interpreter: JavaScript
Processes
C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\app\js\models\notifications.js
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 217.106.137.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 226.108.222.173.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 76.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 209.205.72.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 104.219.191.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 212.20.149.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.42.69.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 101.11.19.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 201.108.222.173.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 57.169.31.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.173.189.20.in-addr.arpa | udp |
Files
Analysis: behavioral24
Detonation Overview
Submitted
2024-10-22 19:51
Reported
2024-10-22 19:54
Platform
win10v2004-20241007-en
Max time kernel
140s
Max time network
112s
Command Line
Signatures
Command and Scripting Interpreter: JavaScript
Processes
C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\app\js\utils\modal-events-delegate.js
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 209.205.72.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 71.31.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 196.249.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 101.11.19.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 195.108.222.173.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 147.108.222.173.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 57.169.31.20.in-addr.arpa | udp |
Files
Analysis: behavioral1
Detonation Overview
Submitted
2024-10-22 19:51
Reported
2024-10-22 19:54
Platform
win7-20241010-en
Max time kernel
24s
Max time network
157s
Command Line
Signatures
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Lunar Client - Installer.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Lunar Client - Installer.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Lunar Client - Installer.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Lunar Client - Installer.exe | N/A |
Browser Information Discovery
Enumerates physical storage devices
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\Lunar Client - Installer.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\Lunar Client - Installer.exe
"C:\Users\Admin\AppData\Local\Temp\Lunar Client - Installer.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef8119758,0x7fef8119768,0x7fef8119778
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1156 --field-trial-handle=1220,i,12351759750770800536,8431059082784890722,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1504 --field-trial-handle=1220,i,12351759750770800536,8431059082784890722,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1536 --field-trial-handle=1220,i,12351759750770800536,8431059082784890722,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2284 --field-trial-handle=1220,i,12351759750770800536,8431059082784890722,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2316 --field-trial-handle=1220,i,12351759750770800536,8431059082784890722,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1236 --field-trial-handle=1220,i,12351759750770800536,8431059082784890722,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=2248 --field-trial-handle=1220,i,12351759750770800536,8431059082784890722,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3424 --field-trial-handle=1220,i,12351759750770800536,8431059082784890722,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3544 --field-trial-handle=1220,i,12351759750770800536,8431059082784890722,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3628 --field-trial-handle=1220,i,12351759750770800536,8431059082784890722,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=3856 --field-trial-handle=1220,i,12351759750770800536,8431059082784890722,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=2456 --field-trial-handle=1220,i,12351759750770800536,8431059082784890722,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=2400 --field-trial-handle=1220,i,12351759750770800536,8431059082784890722,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=3904 --field-trial-handle=1220,i,12351759750770800536,8431059082784890722,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=3784 --field-trial-handle=1220,i,12351759750770800536,8431059082784890722,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=1932 --field-trial-handle=1220,i,12351759750770800536,8431059082784890722,131072 /prefetch:8
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.200.36:443 | www.google.com | udp |
| GB | 142.250.200.36:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | ogads-pa.googleapis.com | udp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| GB | 216.58.204.74:443 | ogads-pa.googleapis.com | udp |
| GB | 142.250.179.238:443 | apis.google.com | udp |
| GB | 216.58.204.74:443 | ogads-pa.googleapis.com | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | play.google.com | udp |
| GB | 216.58.201.110:443 | play.google.com | udp |
| US | 8.8.8.8:53 | consent.google.com | udp |
| GB | 216.58.201.110:443 | consent.google.com | tcp |
| US | 8.8.8.8:53 | www.pornhub.com | udp |
| US | 66.254.114.41:443 | www.pornhub.com | tcp |
| US | 66.254.114.41:443 | www.pornhub.com | tcp |
| GB | 142.250.178.3:80 | www.gstatic.com | tcp |
| US | 8.8.8.8:53 | www.xvideos.com | udp |
| NL | 185.88.181.7:443 | www.xvideos.com | tcp |
| NL | 185.88.181.7:443 | www.xvideos.com | tcp |
| US | 8.8.8.8:53 | static-ss.xvideos-cdn.com | udp |
| NL | 69.55.53.168:443 | static-ss.xvideos-cdn.com | tcp |
| NL | 69.55.53.168:443 | static-ss.xvideos-cdn.com | tcp |
| NL | 69.55.53.168:443 | static-ss.xvideos-cdn.com | tcp |
| US | 8.8.8.8:53 | cdn77-pic.xvideos-cdn.com | udp |
| US | 8.8.8.8:53 | gcore-pic.xvideos-cdn.com | udp |
| FR | 138.199.26.18:443 | cdn77-pic.xvideos-cdn.com | tcp |
| FR | 138.199.26.18:443 | cdn77-pic.xvideos-cdn.com | tcp |
| FR | 138.199.26.18:443 | cdn77-pic.xvideos-cdn.com | tcp |
| NL | 93.123.17.254:443 | gcore-pic.xvideos-cdn.com | tcp |
| NL | 93.123.17.254:443 | gcore-pic.xvideos-cdn.com | tcp |
| FR | 138.199.26.18:443 | cdn77-pic.xvideos-cdn.com | tcp |
| FR | 138.199.26.18:443 | cdn77-pic.xvideos-cdn.com | tcp |
| FR | 138.199.26.18:443 | cdn77-pic.xvideos-cdn.com | tcp |
| NL | 93.123.17.254:443 | gcore-pic.xvideos-cdn.com | tcp |
| US | 8.8.8.8:53 | a.orbsrv.com | udp |
| FR | 185.93.2.11:443 | a.orbsrv.com | tcp |
| US | 8.8.8.8:53 | content-autofill.googleapis.com | udp |
| GB | 142.250.180.10:443 | content-autofill.googleapis.com | tcp |
| FR | 185.93.2.11:443 | a.orbsrv.com | tcp |
| NL | 185.88.181.7:443 | www.xvideos.com | tcp |
| FR | 138.199.26.18:443 | cdn77-pic.xvideos-cdn.com | tcp |
| US | 8.8.8.8:53 | cdn77-vid.xvideos-cdn.com | udp |
| FR | 138.199.26.58:443 | cdn77-vid.xvideos-cdn.com | tcp |
| GB | 142.250.180.10:443 | content-autofill.googleapis.com | udp |
| US | 8.8.8.8:53 | s.orbsrv.com | udp |
| NL | 95.211.229.245:443 | s.orbsrv.com | tcp |
| US | 8.8.8.8:53 | vast.livejasmin.com | udp |
| LU | 93.93.51.191:443 | vast.livejasmin.com | tcp |
| LU | 93.93.51.191:443 | vast.livejasmin.com | tcp |
| NL | 95.211.229.245:443 | s.orbsrv.com | tcp |
| US | 8.8.8.8:53 | s3t3d2y8.afcdn.net | udp |
| DE | 37.19.194.80:443 | s3t3d2y8.afcdn.net | tcp |
| DE | 37.19.194.80:443 | s3t3d2y8.afcdn.net | tcp |
| NL | 95.211.229.245:443 | s.orbsrv.com | tcp |
| LU | 93.93.51.191:443 | vast.livejasmin.com | tcp |
| US | 8.8.8.8:53 | galleryn3.vcmdiawe.com | udp |
| LU | 93.93.51.190:443 | galleryn3.vcmdiawe.com | tcp |
| NL | 185.88.181.7:443 | www.xvideos.com | tcp |
| NL | 185.88.181.7:443 | www.xvideos.com | tcp |
| US | 8.8.8.8:53 | beacons.gcp.gvt2.com | udp |
| GB | 172.217.169.3:443 | beacons.gcp.gvt2.com | tcp |
| US | 8.8.8.8:53 | cdn77-vid.xvideos-cdn.com | udp |
| FR | 143.244.57.45:443 | cdn77-vid.xvideos-cdn.com | tcp |
| GB | 172.217.169.3:443 | beacons.gcp.gvt2.com | udp |
Files
\Users\Admin\AppData\Local\Temp\nso391B.tmp\System.dll
| MD5 | 51bd16a2ea23ae1e7a92cedc6785c82e |
| SHA1 | a9fbaeb9a695b9f2ba8a3ed8f0d95d2bf6a3d36c |
| SHA256 | 4dbc79d2b1c7987cc64bb5d014db81bb5108bdd6d8bf3a5f820fac1ded62be33 |
| SHA512 | 66ffc18b2daf6c4cba01aef0e4af2f006a51aa218eab0f21dc66e47eea0389d2b1748ef0e30d2ec9f0123fd7f38ed3aee964dd6bde5779aaee19ebf55369af79 |
\Users\Admin\AppData\Local\Temp\nso391B.tmp\UserInfo.dll
| MD5 | 1dd4ca0f4a94155f8d46ec95a20ada4a |
| SHA1 | 5869f0d89e5422c5c4ad411e0a6a8d5b2321ff81 |
| SHA256 | a27dc3069793535cb64123c27dca8748983d133c8fa5aaddee8cdbc83f16986d |
| SHA512 | f4914edc0357af44ed2855d5807c99c8168b305e6b7904dc865771ad0ee90756038612fe69c67b459c468396d1d39875395b1c8ec69e6da559fb92859204763e |
\Users\Admin\AppData\Local\Temp\nso391B.tmp\uac.dll
| MD5 | 861f7e800bb28f68927e65719869409c |
| SHA1 | a12bfcd2b9950e758ead281a9afbf1895bf10539 |
| SHA256 | 10a0e8cf46038ab3b2c3cf5dce407b9a043a631cbde9a5c8bcf0a54b2566c010 |
| SHA512 | f2bf24a0da69bbe4b4a0f0b1bfc5af175a66b8bcc4f5cc379ed0b89166fa9ffe1e16206b41fca7260ac7f8b86f8695b76f016bb371d7642aa71e61e29a3976eb |
\Users\Admin\AppData\Local\Temp\nso391B.tmp\utils.dll
| MD5 | c6b46a5fcdccbf3aeff930b1e5b383d4 |
| SHA1 | 6d5a8e08de862b283610bad2f6ce44936f439821 |
| SHA256 | 251ab3e2690562dcfcd510642607f206e6dcf626d06d94b74e1fa8297b1050a0 |
| SHA512 | 97616475ef425421959489b650810b185488fcb02a1e90406b3014e948e66e5101df583815fd2be26d9c4d293a46b02ba4025426f743e682ed15d228f027f55c |
\??\pipe\crashpad_884_SUIVUWJHJVKOTMGZ
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000007.dbtmp
| MD5 | 18e723571b00fb1694a3bad6c78e4054 |
| SHA1 | afcc0ef32d46fe59e0483f9a3c891d3034d12f32 |
| SHA256 | 8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa |
| SHA512 | 43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1
| MD5 | f50f89a0a91564d0b8a211f8921aa7de |
| SHA1 | 112403a17dd69d5b9018b8cede023cb3b54eab7d |
| SHA256 | b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec |
| SHA512 | bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 3f967ecc6729e08c386cfdcc3633c878 |
| SHA1 | 2f9c58c7afd487bb8901cc8dc11b8061434cd6a2 |
| SHA256 | b9b36a5f951f81b9eeb13a5bc0eaba89c932bd7288c48476aeef2ae2a862bd07 |
| SHA512 | adffc866ce44e41ac8829231ff35d8db6ae82e44929618ec90aeaaa942e4c43ef63d5f307630ee189b7c359426632a25d24ee0c7d8337b192657f3b62631f89a |
C:\Users\Admin\AppData\Local\Temp\CabAF73.tmp
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\TarB070.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 90d351c049fa17c68478cd1aa0be757b |
| SHA1 | 1be3c20dc6f66c4c3bb4f9b5b66cfb3a5cab9d76 |
| SHA256 | 71436627eba4902e82903dadbbc8ef21c9c68bb6d711847cbea72fd91ef45c89 |
| SHA512 | 97f8138e22b71cfc612108de9f55f11a54c9f584aa6c691eb879823ae3603d306a4278e9e579d53fdbc6f031ec6e28e2a5fcfc9796bdb1e48050cf6be37c9ac1 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 35e4a4ebf779233233b87839f7bb977a |
| SHA1 | 7307c873f4e7b1fef28287c0887cff91067b81cb |
| SHA256 | f9600e97590f47a18b639f3bc5d51d118e6becf452f87845343bcb120f9aa5d9 |
| SHA512 | 6d6a8783067cc2c70b0a89ce5c0c83c61e0ae1e5b5e6d087568cf2545de52a32d0dd35f374a23831c408185799434e54a852ba9d9f4f0a6532f54647417a3478 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.xvideos.com_0.indexeddb.leveldb\CURRENT~RFf77e2e0.TMP
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | b024b18618b181f63ec1329d9bc9cd44 |
| SHA1 | 942b6b293a6e26d0569cac7181fcd5190998e8e2 |
| SHA256 | e51ff10ea1fef05af052a6228afbd3c742bd0632db479d51ad66a4eb836a2577 |
| SHA512 | 242617ca5c78535da676a5539a6e22877ef11e25da36372e4c32d889cc78bdd479e0ae862343c3b3885e43e1988ad7cffccd28d3161e28457e5619dd026c2395 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | bf67153d6b2cc2dd6a9b4f2a2f560ad2 |
| SHA1 | 2ff368a3c2ec6539f092a9f5ca539cec072150e9 |
| SHA256 | c7edce6f4c0670e544e0fd63000f1abcad7977fd764dfb1ffc2ff815752d1aa0 |
| SHA512 | d1c42ff20a4b05dd3a874a2ce4c3c075405e7d898e3b9b944cc499d3a3812a9f2d2feafccf38047b37dab7ac2a09aa6cfc8aa91d57c85c9a0299a9bbd8854dfd |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000011
| MD5 | d9f9cd5a6dc6cde367e03292a5530455 |
| SHA1 | ef8613e9114aace9a2e4907979b4dcee673a44bc |
| SHA256 | 01a750dbed8727486e4581c35d610dc71736961f55dd83b4abdd99578d35713d |
| SHA512 | e4a5e968028db8d898bb840c10d8e52ed92776e57b0f82cfd6117662294cd5126f0fe75e41faae2c342f142c829f3e7eb87497aec297a531366f3481d026ed35 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | e423745a85ce0bb956852f2448777464 |
| SHA1 | 56b237157cda44a95d4314f1f64ddaf7e73bf723 |
| SHA256 | 07dc42d5b99900064107c23664e273d6e3d73c119570dedc45e17871f68acea5 |
| SHA512 | 09c18409feb28da44561ef0e9d22e0037d43a3b661d0bbbdeea9550c11e6997f717561168b04abd826d3491dc2443ceb4f8510f0363226593302c150b96ba7a8 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 71ead9e9a6ef28fe9055cbc0920dd571 |
| SHA1 | dacf6919a9e17de7e6e006252e85affe970ca129 |
| SHA256 | 8fdcbe149dda57b781b58d9f2accc1fdce76bc2f624c515c1a0394fdcddde696 |
| SHA512 | c075386354ac30df70139c7458f3b8d448a6ab52505383a7976ac6cc750fcbcdfda201987f437a6a2a8b2cf834f8ef71214689d525ec7e66e4809bfb6b9b5d6b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 37a521722df2bfec568d675ef2883c73 |
| SHA1 | 2de1b07d15c4a3de60ca455019d28c7002924b3e |
| SHA256 | aea7f7c15d70fc0cd780ea97da567a79d2ea4b8b2be8271251406b656da888a7 |
| SHA512 | 6dd5089a5991a9214f0bc5d98bb73cdb7e2ddaf328a000fea6b62d15d52ebdeeda99c82e661a169878ffa02e1389b1990606004d07fc64eeaeb76bc0a0fd0c65 |
Analysis: behavioral5
Detonation Overview
Submitted
2024-10-22 19:51
Reported
2024-10-22 19:54
Platform
win7-20240903-en
Max time kernel
122s
Max time network
141s
Command Line
Signatures
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{1DCADF71-90AF-11EF-B939-7ED3796B1EC0} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 609479f2bb24db01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000953bd8210872ea40aad5946cc0771cd3000000000200000000001066000000010000200000000713ac4e80f6c56dc8bcaf9d76739871006546eb3aa113f8e2170024bb2b7f6c000000000e800000000200002000000011e1fc47ad9cb14202001406ac7411e091fbd071b32acfd49451f39f7647057f200000008539cefb5ff598686a61536ef59141d6d6159905afa63d0f89bda3dbe5d7ce2e400000007524627b650f36e318b33791e46029b95d1fe346fa5a983ac6493c7c8e03282ba2d04cc3a9677624cbd40e22939797caeb9acd209b6faef852bc28bb06193d2f | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "435788603" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000953bd8210872ea40aad5946cc0771cd3000000000200000000001066000000010000200000008358f0bb47570b7580021774b80ee0b3492680b244e1f7bbfb5c98017ec55f2e000000000e8000000002000020000000134fb1004cc36723be66a4c0383562e40ca7983a39a902e86366373800eae95f90000000f6be27e54b105e65db32a6ef261922d3dc6f312acf1c845f7679d037c3dd28460126ac473919419f9930831aed2a116b0085237a140ed95a446b0409f16c45a41a6898b8d29a4d5844adc5ccbf9f5490efdac04a6da61c0c38585d82828667f4c32e44e5b32ff5e4ab0cf1ae1f2b078cfca51167e15a361514bac83c6f61963de72a80e073e0ba2f74e7339589d6dca340000000bd9ba91fc55111086721029b4d14de9a22793a4d86620a16aed0602df4e514a6dc9f415b3485f13ce7dd91131452f0e62263a90be32f3e6c43b244431933a51a | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 1508 wrote to memory of 2692 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1508 wrote to memory of 2692 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1508 wrote to memory of 2692 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1508 wrote to memory of 2692 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\app\index.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1508 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | content.overwolf.com | udp |
| US | 3.165.148.63:443 | content.overwolf.com | tcp |
| US | 3.165.148.63:443 | content.overwolf.com | tcp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| GB | 142.250.178.3:80 | c.pki.goog | tcp |
| GB | 172.217.16.227:80 | c.pki.goog | tcp |
| US | 8.8.8.8:53 | o.pki.goog | udp |
| US | 8.8.8.8:53 | o.pki.goog | udp |
| GB | 142.250.178.3:80 | o.pki.goog | tcp |
| GB | 142.250.178.3:80 | o.pki.goog | tcp |
| GB | 142.250.178.3:80 | o.pki.goog | tcp |
| US | 8.8.8.8:53 | ocsp.rootca3.amazontrust.com | udp |
| US | 8.8.8.8:53 | ocsp.rootca3.amazontrust.com | udp |
| GB | 52.84.143.44:80 | ocsp.rootca3.amazontrust.com | tcp |
| GB | 52.84.143.44:80 | ocsp.rootca3.amazontrust.com | tcp |
| US | 8.8.8.8:53 | crl.microsoft.com | udp |
| GB | 2.18.190.147:80 | crl.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\CabEE28.tmp
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\TarEEB7.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 72eefe855177d6a7f0584827846fe383 |
| SHA1 | ea7f93b6a87c9bf783acb4a5930feb958218561a |
| SHA256 | 8773bf47ae2259710a4f2a83ac8d9026ba549a359ade4e95be6867b49678d5b5 |
| SHA512 | 15df6e7911eb7d4ba8fc66da4fefea719944df9bdbc38eb863514f070583de9f06fd28400f68e817aa8839abe196e8c307db10bcf40aaf3af399ae834e94ab7e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3362224ada00dd8fa1ee902e8de44fdb |
| SHA1 | dd8a8c747ef07945bc0b19b036844b83c0aad261 |
| SHA256 | d6a8133d7cbc8bda2e161366e965d36bc3966671a7e456e6f5aa82df2e5c0ec1 |
| SHA512 | b900a6d9a5c5347914eedba009d98bcd627ee693202e8de6f1af0ea42e85fa8ab54f671656618dfde5c23371e427843af1a4b3db4e7f8c38155b17d1ec83d723 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\070E0202839D9D67350CD2613E78E416
| MD5 | a81feaad614b67ebb6f84f33cd8452de |
| SHA1 | c96bdb298e52abf32624e0289284a135f791edf0 |
| SHA256 | 0378a61aa9992f242f84bdc018e3e229f71b6ca30dade94cec7f13989257e969 |
| SHA512 | 4e83b4b4c5cc5a67fa1f5a71fc1102fc97337deb97eff3a38109cb983bf85d721de034895b9eacb6c8bb0eecbdcb783f9d3df92938c9886fb74eb12b29034848 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\070E0202839D9D67350CD2613E78E416
| MD5 | 55540a230bdab55187a841cfe1aa1545 |
| SHA1 | 363e4734f757bdeb89868efe94907774a327695e |
| SHA256 | d73494e3446b02167573b3cde3ae1c8584ac26e15e45ac3ec0326708425d90fb |
| SHA512 | c899cb1d31d3214fd9dc8626a55e40580d3b2224bf34310c2abd85d0f63e2dedaeae57832f048c2f500cb2cbf83683fcb14139af3f0b5251606076cdb4689c54 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e5e64f127721052aa6b33bba861206c6 |
| SHA1 | b8218a9df92feda68943a05a93b42f67624aa248 |
| SHA256 | f802ea594701b951bf10f7b7ccbd249a79eeef50c4a1b12233089f0d8d60797e |
| SHA512 | ed7528640d5c2c00ca99ae08b26ee54c41d63be72e557517e655c4a0301a52de37df59dc474e3839d1cf97d6de2f25d9263d5185f17300db911861be2faf3c53 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b4c53a74567cd4450360417822ebfe1d |
| SHA1 | 2eb4fc6e661b6feb449f311f0e3021da39b407ba |
| SHA256 | 586d36bbb1077a8f5b8c2cb078fb5a266bb15d1438165df99c99d1c92cbbf2b7 |
| SHA512 | 9402447c3d9c19f8a76a3d9010de6a6cd4b3722440d3a316ad1e7824e3971400e6f61fe9735d11aef8250d0c59141fd7f4b93ccbfa302224347563e59054752f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5c16960ccf3f0a7fecbcc301c9b45c36 |
| SHA1 | 88e2d7125bc08902322cba57b01aa093d24c2047 |
| SHA256 | df110adc6f08cdd5a6b32e992a4fd9b95ac227a95ffbbd8e62cfe525eaae62cb |
| SHA512 | 97fdb05e75ef86e0bbfc5db901665717712bd6023918fd230ec40c31047f51665083a2812b3f218af6280efa72f98b70cdb28fcc472233c5da396eabae3b0feb |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 649b05a5b236efcd915b50ee228eb5ad |
| SHA1 | 39bbcdd4c6de5965b3fa434455f68c0099966ad1 |
| SHA256 | 2cb5cb868e1f812f80ae1a168b51d4ba1bc3c635fa167787dbc7261aa4444a66 |
| SHA512 | d5cd5e1594ec51facea9328d576beae31cc3cf70af8c9a01a2c7cdbe97201c9b3ad9edc6e4bee4bdaa785e9a22ca0631a150fc7c7471d6d075e891506bea0dc0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2432b977138f5634b06c17fab37d0b4e |
| SHA1 | 6f12cf04bf0764ee8596671da98aaa2fb80eab21 |
| SHA256 | 98ded51d35e47c3daafb94cbdbc3c7da14f6fe2221cab26333cf79f696472063 |
| SHA512 | f8ca8659039fc9f89cfa655935e693eeef7f31ac900fe7b10241d30ba11acafda442bb356eb28bc3e0ae3e749c09ae1d40c7b52771b2777981fa080a4b70de35 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a44faf8a194f893f9cfc82a1c87723cf |
| SHA1 | 0db22cb623cbadee537d19d2257df88f26cc21e2 |
| SHA256 | 00e81ae20946b6839cce2ab35a15c0b53751392101d078859f551771b3a16e82 |
| SHA512 | f90c27e8d0df3fe94fac5af47b2801e995874cfc2d540c51eb03c01711848c5a50b78d5f1de968c9baa0f2a7807f836ffb4cf2fd38a0657d755da1ef3c150f6e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0e65ea5fbce5e564dc092bf81c380f8f |
| SHA1 | 558a5f9848cb887854bacca7183b327203c62161 |
| SHA256 | f692f5c8e7d48119d64aebc97072ae19e72f975a80d472a4efbed202ad92c094 |
| SHA512 | a421129365e3557f6e1d5f8200fea87fc3cac2e706a733874b5a1b06241dda3e290bfe3df88ed562408ed1f44b2f5a197aa88e85c6db03c4916c3c246c8f442f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 07006ba609ff4aee98a039e1d3105d9c |
| SHA1 | 52355bab64a8ff848d84625e4f84d40757c140c6 |
| SHA256 | 08abd6d47581c8d5a1dad82db8f3c08b5668576527a2904471169002fea11df9 |
| SHA512 | c211b707c27adad258c433f1b00d8427f92e10ee3a072c55215c17a31fa2b2b60c871f3ae728745b9f75a673e52b249bb859499f4d8f86fc4ad5a77e760f3163 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4c247bf5eca9ce7868cc3f09ccea6e23 |
| SHA1 | 91769c82d34d2e86d01e9af38327dd864c1c6bcf |
| SHA256 | 8d6e8f2fe4123e44d99e1e6dbc757fd87198c8d38d850ac8b619a43d58beee96 |
| SHA512 | 8557bd1baac56dcda1db9920fc8d799402c25910d51aa3a72cc14aed3d0d2fdc99259400ed5d04071164a807cd4676a32c1d38f80881424f1b4214eba9e71df4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4999960241213dfd1c8b140a66e42861 |
| SHA1 | a23c658a2274ae3f4f8bb4a2e2ef7b7bb7c2ab0b |
| SHA256 | 6b6adb8db857531fceca1820cec6a49be595ec7e4651618526841e62602d7c8d |
| SHA512 | dbc84e1518e9aaa113c139405c60d3758e66b1cd8eeaa8e293db98acfdfa3b2e96202e78ebaf816986afface61628e774eab4824fab64c1ecd0797f384e834af |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b29bd07c133783ab1d4d21b315fa5983 |
| SHA1 | c298a55c457f4e3db14e07702b190ec728893676 |
| SHA256 | 585630c5b38105f4e2f51d9d4c235579462aebc3e02e7142fe1d9d965e485e43 |
| SHA512 | c36bafd2890b844986ec5b1c6683af7a277d3fa0b155cacbd7402c9f7983973edc24acfa2d5d5bdcaabba0231c91152e412519f87a75601c7de7be2f1772c6f4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7d5ead057eeafc8320db05bfcda49642 |
| SHA1 | 04df8c030e1cd26f4bfb82bcbac29b373792db77 |
| SHA256 | af928cc42957f7c57d8267657b8a19e4e07c04c457768b67016bfab35367c238 |
| SHA512 | d5f91044e1cc38682360786277f0265a84974e7b48d17681a8c33c9c1173e24f13f07115ae92bffd52287295813d78818f95251247d8a8f72f885ad1f37ed3e9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c14f606cf6c6140816a4c75406a7dc51 |
| SHA1 | 42fe2a9b20c8f759f8e3b78576a436a9dd121d1d |
| SHA256 | ba81bf22ce2076eeada51cd363f8a3289933fd79db604d8703f5bed31dc6f7b9 |
| SHA512 | 17f6d3669ff7742598ee165bb733388c1a85f4b8297942bb7bf22c77884c49752373121e7a3a49436b4c5278013f4f578791760b9121b3ad6a00d3f62b733bc8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | 86135d4dff0bfb8479916466c932968c |
| SHA1 | d5f92eafd0103df76898a8b8a47b009464dbe426 |
| SHA256 | 18073009b27f49125ed62ce469bd249377c3e7c46ee7b1a6fc3ed25371efa44c |
| SHA512 | 98c8fef4781acb54eea0b4d2bb9a99067648a57afa02f676822215824737593e0cb257cbed25569cbad197098983d4de0b166d2fb680397cd7e8a61cc2dafb0b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | a266bb7dcc38a562631361bbf61dd11b |
| SHA1 | 3b1efd3a66ea28b16697394703a72ca340a05bd5 |
| SHA256 | df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e |
| SHA512 | 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | e4a68ac854ac5242460afd72481b2a44 |
| SHA1 | df3c24f9bfd666761b268073fe06d1cc8d4f82a4 |
| SHA256 | cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f |
| SHA512 | 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | bb868be9aaa363bafbd9f61b1fc739db |
| SHA1 | d83d78a2b69f7ffd085a6a86303c0402c052883b |
| SHA256 | 93146c99cd96a264d8b682526f9f57109ebcab4976ca02b8a9db97799a8e0dd3 |
| SHA512 | ea3c14d23c43b37d2652bd55680f4c677dcf4a87fb2dce304f8afb725eae1bf0abad783ac8535adcd3f5023ce046aa4d6c6119a8dbb93abca3bed3cc15234e11 |
Analysis: behavioral15
Detonation Overview
Submitted
2024-10-22 19:51
Reported
2024-10-22 19:54
Platform
win7-20240903-en
Max time kernel
117s
Max time network
119s
Command Line
Signatures
Command and Scripting Interpreter: JavaScript
Processes
C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\app\js\models\notifications.js
Network
Files
Analysis: behavioral21
Detonation Overview
Submitted
2024-10-22 19:51
Reported
2024-10-22 19:54
Platform
win7-20240903-en
Max time kernel
122s
Max time network
123s
Command Line
Signatures
Command and Scripting Interpreter: JavaScript
Processes
C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\app\js\utils\cookies.js
Network
Files
Analysis: behavioral26
Detonation Overview
Submitted
2024-10-22 19:51
Reported
2024-10-22 19:54
Platform
win10v2004-20241007-en
Max time kernel
136s
Max time network
109s
Command Line
Signatures
Command and Scripting Interpreter: JavaScript
Processes
C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\app\js\utils\strings-loader.js
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 196.249.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 140.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 57.169.31.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 53.210.109.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.42.69.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 101.11.19.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 205.47.74.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
Files
Analysis: behavioral3
Detonation Overview
Submitted
2024-10-22 19:51
Reported
2024-10-22 19:54
Platform
win7-20241010-en
Max time kernel
140s
Max time network
140s
Command Line
Signatures
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = b0c0a1f3bb24db01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "435788600" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000004ecf3e4259aa05419b9c0951a15b13190000000002000000000010660000000100002000000042be64dd2ef86f37bf83f132b4d44fbe6a5f573bda19f74845f2a8abe4558691000000000e80000000020000200000006600e4d671e5e2ff53aa7d91685904a05d41bd8e7345aa9399d71e522832187c200000005d02c6809b30075ee275d76e914995266a36ceb36196414ae37288274653598840000000271e22d97918ce3477da1d0233e350b6dddba67bfaa0cba408ed9f1f0ccf7089b4343e058228ea00e942e121bb836ca022505a58314fb312a575785baf8bfad2 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000004ecf3e4259aa05419b9c0951a15b131900000000020000000000106600000001000020000000ac478ff43f2f1054338cf6d68d667621311822419bee2b07c23de973a0bb0692000000000e800000000200002000000097e7412caff3774b0e0a7f3574348fcdbd701d886749f7d125fe77df7ea526f8900000006647e2a7a36b577288cd7f80341380b9984e08e99e582d738b22b0e8125308a3eaac76a2f979a30abe24c08244a8e9fc0afa88ce13e941251dda03b50f56e0a3c5d215c39fd5956a8f1f837e781f87f47b29f4460cb445799a732b1bb2572f71ea4061d4964cdfba80262157020417f730bfffb2760e6ecfe79e371f2f09057b551550ae8c8df86fbb3d9e17940a267a40000000a4323be00d2422d1000bcc6c7fbd06438f41ca93049eb90089b673502ac4d808099870fb8d0e72d2daab06eca861daa8e6f60f59ea0921f826a5b84002bc0295 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{1E914C51-90AF-11EF-AAD8-6AD5CEAA988B} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2448 wrote to memory of 2980 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2448 wrote to memory of 2980 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2448 wrote to memory of 2980 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2448 wrote to memory of 2980 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\app\cmp.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2448 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | content.overwolf.com | udp |
| US | 3.165.148.108:443 | content.overwolf.com | tcp |
| US | 3.165.148.108:443 | content.overwolf.com | tcp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| GB | 142.250.178.3:80 | c.pki.goog | tcp |
| US | 8.8.8.8:53 | o.pki.goog | udp |
| GB | 142.250.178.3:80 | o.pki.goog | tcp |
| GB | 142.250.178.3:80 | o.pki.goog | tcp |
| GB | 142.250.178.3:80 | o.pki.goog | tcp |
| US | 8.8.8.8:53 | ocsp.rootca3.amazontrust.com | udp |
| GB | 52.84.143.44:80 | ocsp.rootca3.amazontrust.com | tcp |
| GB | 52.84.143.44:80 | ocsp.rootca3.amazontrust.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\CabF50B.tmp
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\TarF607.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e78acc5ddc4482fa01f17fb39f932c38 |
| SHA1 | 6082fb65346fdc93521db89f52761df11df24433 |
| SHA256 | 3ade6349e207ee3a58c04c4f1526b8e3cc975f7efd837e23fb40ccf2aef1c0af |
| SHA512 | 1a252c2e9f9ba88eeba89a69e1324007bafa863bb9a42b6a5c7fd063566cbcc5c9b5c9e9642ad402f1ecd2920bb0e0659793491be87db93c4f8c76fd6bc2654c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 47ca45ff6385286ec9786c93894f0e6b |
| SHA1 | ed9a52329c4c3dca4eec198e5e77bd492a25ec96 |
| SHA256 | 85d2084fbe3d543afad715fdccc18abf0d658f28b4576ba6e4a2dc04a24bf9d4 |
| SHA512 | 1636652f67250675f93044c850c120189ac5a4cdfad17f504ea47d8b19aa37661d53c63d0c41a11887ae0804d12cd277278c10391504e4f6dcdfa69a9a7653da |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\070E0202839D9D67350CD2613E78E416
| MD5 | 300349f8a037832caa62c93646ac0d06 |
| SHA1 | a916656c6bb51817256303c07f333319a37763a1 |
| SHA256 | 0bbc96b796dd4d1b8a445124aa10be924b2ea32f31dbef807f843f2c172d66ca |
| SHA512 | ae40ef89ad0b0781a1b29bd6f41dccd211bb926d1bb39e52ad9c9e17c32d4d19af8fc065aec680dd29d8498d5cbf353bcdb0b6e697e0c86f85104f355277cff7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\070E0202839D9D67350CD2613E78E416
| MD5 | 55540a230bdab55187a841cfe1aa1545 |
| SHA1 | 363e4734f757bdeb89868efe94907774a327695e |
| SHA256 | d73494e3446b02167573b3cde3ae1c8584ac26e15e45ac3ec0326708425d90fb |
| SHA512 | c899cb1d31d3214fd9dc8626a55e40580d3b2224bf34310c2abd85d0f63e2dedaeae57832f048c2f500cb2cbf83683fcb14139af3f0b5251606076cdb4689c54 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5eaf579229b577d153abc51e5feb5806 |
| SHA1 | ea4b91a59df3b859c2ea03511034cb5ffb71d128 |
| SHA256 | cd014d5dd6ccefc1ee544365d4b55ef03c3a2bfec77f72778688467353c2ebd9 |
| SHA512 | 9697cae2f7e642edff8cfa603f0c424da91b0f9bad7f8fc56c885dd725ef2b729b2a00a0ced79a906382b9667735ffeee1ab023612cc87aa7c880cf02a3b7010 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 63f38cae8c4221a1906c76e212ab8de5 |
| SHA1 | 34b6bfcafb57c294bfcadf6798529c39cd801fa4 |
| SHA256 | f7daeaa81eaf05a8cbc9b8239db5ffd44019e85e64115fb2ece6fe76661b7dfa |
| SHA512 | c0d563ef7924c969f6822e145b6d6d49e6f64f3e05be43d13465aa9709dd58a858f0b9ef01fb8f98bf314a56ff1428fae17994689dc0669bf79c76671b537f98 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b0bd96653f48f4b60a673be3c726e4ec |
| SHA1 | 81f39ffd64d3522216ebee1910d2fd5514da7eac |
| SHA256 | a49098bfd0166014866e3e9fffb2ed9607ee1664e545358ca0ef35c5b8f7533f |
| SHA512 | 681c8b7c674f90708a57cee8a72bff4ec3516edf3d0c8f33612fdc95cea3d74a9b72442fbb8eb515ff516b407e13c8c03a1c0cbeaa1317707ccc697b4e64234a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a79a0aac169a688485d979e2a0886fbd |
| SHA1 | 9db29d61c990c4db6efaecf2a625265cf526fde4 |
| SHA256 | a452e53afb1ffa7842181e0d510746f785d33c506f0b9adf492f1b7a7d4d8680 |
| SHA512 | 77ecad63ea0da943df5426eceb041188de4a4fb4e92821128a65eaba4a49fabf05715c88f41cd785e700b5034882c1661a3f8c336de15a092d4de05026030cc9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 32a8cdb3d66b420f64bddff956eaccd9 |
| SHA1 | c01b5c75d3b1c1f5189d262234bd9c1675dd875a |
| SHA256 | d89fc70e0c2c14c8264a0c0e13eaea28382efb4b9445d58cfa3fbcfbd0751c4f |
| SHA512 | 0001cc39242d43b1e54cdb4416669e7abac4cc33977c08503dafaeb0cf8a046191f52c822336146d6caa9988476ebc3602890d0edc0cf5555c51aef3914bf01e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | caa9597ba367ddfde088c6a854d0206b |
| SHA1 | 23353da10d96ee8501863e12bf972f37f9b23623 |
| SHA256 | ba74c9f9895183268a3ff7ebef9210bdd2c2476275aefbd2184d4c3a6953a321 |
| SHA512 | c1799afb84df30b62e8c1031c4e1055dc8371dad8609e9c0723a3abd418a7d648b189941ca9508d0f70a32dd1f36ba4c635170ae75953b0ae1b7d16158705d7d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8552f4242ef62279fb766c1bc7042c22 |
| SHA1 | e795ccef39c5ab1a9a643523a28147503c083798 |
| SHA256 | 22f12b06719ded030c17ac03654878925627d7333a60c7eef452252bc1fe588c |
| SHA512 | c57197224560db9c7e9ea886699f2aab512046fa69575f8e97da539c0005cfa4b788234a94a93b11437434ba90c15aa34727280c3a9d9d749bab4965c6ee7d84 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | bbe9272419eb43e0c94631f44033af17 |
| SHA1 | 0378981150e206c233ed033903376fee7b52206c |
| SHA256 | 89f1088083222599d3bbb9155dd71b00f84642a5bb6e6f2dde710fb75545c571 |
| SHA512 | 499577e21d7ec1b341173cda0d8b47afdef35b48b3a15d28561ab8b29f946f9637dc85cb65f31665d9b90fef70838ac4a164f30407620f2a1727a3558022ecd1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6cbd94d560854d533e459f5f8374f806 |
| SHA1 | 97a55cc6ce95b77b4ed0db16e1ae5bb9bfe905a8 |
| SHA256 | 285498ead916fcdff91537ae79839af2b8e3d35b44e533f0a23732363a585aa4 |
| SHA512 | 95b409fb4469e092f5418240f37fabc2b73d7b8c81efdff59dd03c64085ec81fedd5b86463f6a7dc8f207c228b81cfbca8adba061fe3e6df2578155e28cca087 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 73e09c32e87b617049e4f4c6cc955d10 |
| SHA1 | e2e6a5eecb0f7acacabffcda3651061baaf748d3 |
| SHA256 | fdaff7388bac8ecb3efca9e4d2afa825f9cb9888fb25369f24a44088681b3f7a |
| SHA512 | 39fbb3826a43d8d48cdeb98cadfb9252c62b3ce4b98ac026d761690ded02c212a04ab185c9cbecb8ce5838c5693efeb97728a0db9a5fe9667590d9d8fb8fe58d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0f266d2491d77e4f67f061f8b4c6dc1c |
| SHA1 | c32e6b6bdde9188c951bd0d0df65c0355f9e4357 |
| SHA256 | 8c7a5c3f2dd68677107cec81c9974679dc92c77e37ece297236719dab92f81c0 |
| SHA512 | bdc8ab9d965ceaa09216c8e0e0beb7c6b8df38dad3861ee1bc962fb69d850efc319845b37c3c520f6ffeae549052faccca52ec6901359f8e83d02ed75be21f42 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | acf06f0da4e37fac19fdfdfa26dbb62d |
| SHA1 | c4cc071d268ab22751aa86ea80c717f39743d0af |
| SHA256 | bf044575af9110001ad041d9c93d6d59988046a9d72cc02ea483725d86ea57f7 |
| SHA512 | a222542e7764a1f554bcdf719d3477ebb260553c6c866e502250d9f8e5b59114219cff54ce299bb3a835a8abbbccba66549062d8788747725eb50a08dd165a62 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ea72d4d094064db43e29fb1e6356026c |
| SHA1 | 26c61b203569d47f3fd7dca8d23b27af01d4d4c5 |
| SHA256 | 1ffeb02daf9a2da47a9ee6bd81c24bd369c2d1cc495ca89029bb1abe8e7b7ef3 |
| SHA512 | eea57470a6628c04b0885b9c30f60370d76367ed69d9a2d27085bb281a179d032740f72911afe61306037574973bcbf8f6bcc851ffebbaa4b69c862dbefdaab7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ce7f4ccba57dacbb4b0436234c8e1c8e |
| SHA1 | 6616935401cf4615e78454d63ea8ba18151f4263 |
| SHA256 | 80269c0f48b280afcc874ac6a93d7f2c76f9677694f01aff386ca0c58cd42029 |
| SHA512 | 69877ed61a0761567dda3759903652493eecdd8ea9c45b742194237db943bcd4ea966577c245db9c521cafe6a7d99f6c1a826c4aa4034d8ed68a1947bd99afe5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2af581e4ff4e9db7c280f972d2690ee9 |
| SHA1 | a14d05a2b2bc8a768b320e76868fe8d8e7585908 |
| SHA256 | 6454e2b0c9b031cd19db9f95e1ff913b964e08c889bd73ed433bf271e8f1f23d |
| SHA512 | b399282499aa1ae44360f20f3aa09bb080528b5e789d43ceba34b8e8395b0ea639b4a6cc16cc3c6b1cecfe7f539dc69274ab3f7dec1fe5730494fc38ea41dc8f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 10ddef700533b304cf0e2cd2d276fba4 |
| SHA1 | a274ef7a0c988e232153c890d24b251e1484a3c5 |
| SHA256 | bc2d0e0298aa38dfd7a435c637dd4b04e55ca1adff734501abc5cacf8299f4da |
| SHA512 | 0eb3775f18a3d1d75ff589d685e91cab16f13683fa8e92f94e565f73f7aabd551695e43dfa2fea50ad61e1eb914af2501f885db6b8611cd9e12cdd5d948e780a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | efe7d9e524e49f4e13b9dc7f1f184232 |
| SHA1 | 57c3f7cb51591eb2ebfcf8b432570be3e55b2aa6 |
| SHA256 | 8d569c2f296185bcc7d3e8558e0247157caa3a60761ac6e2d8d76a9ae01eb239 |
| SHA512 | 3822b4befb8920f800b118d52d529207b3a7158112e8aac102d76d8b9ec07a264d0c20919337606cd9a6918b83e0523f85f38bc2aceb141a8dc72353bc055edc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e7a9d28508f0dd4578e4a9b775c49cd7 |
| SHA1 | 4942b4f4a4627f16221358836097b2084dbc56d9 |
| SHA256 | 97d5055d8b2e31c819faecdab0e786fc3c5e279cedbe4a6786200db290592d45 |
| SHA512 | 1e14cccf95bec8b3ac03e853b06a189e1f29c9d1a7dc4b8746fb8f618a85c8d5250884fc413347b9e798e3969bba361c90676b6af58ea5a1f053e82d7bc7a0c8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c4a6536adac55097763718bab23a01d1 |
| SHA1 | da20e00e402e88d05b649a4c3d821a4e8fe5b949 |
| SHA256 | 7c7dc480864ca234442c4cd654daee0dd5e6da304c0492c32ed9e6abe9819e3f |
| SHA512 | 43e5c9cff131627551bc153ed2092587a7fccf752b3afbd53ca923fa7bd24171399a36d8ed06dfd011ffc34d4d5e663e2e2b3163d5b66aec4b2b6d0d3a6f66f1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b1d1cb9351f71de0b927265bf99c7344 |
| SHA1 | 4e8dab1fba13905140c8c98aed2ce06f346aec9f |
| SHA256 | 027accc48e17f456619c7609d43204600944f6e7902da523419975bd8e4b396e |
| SHA512 | f61cd2c1ed0f8d8da106d816e6960090c7de760df0ba4f42830a9b3e8baa8c05734abe74773007e5cc8b5be2b86e2ddd6f41254183f77b2b02afe7cd494299ce |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b18d21e171569f4d753e5d1ce0808c11 |
| SHA1 | 768443cb237e88f12b7467613911c2ba9834a2aa |
| SHA256 | 2b544798de24962d87a6843b610e657f47cacae728619490c44a4ac1492165eb |
| SHA512 | d4005e6e2207db8a80d39bcba0869a37d88c80af0b90433d982b4fe86a596eb35bb12f41e911d0844a17a6d4530e889f2deec9915dcca2f2899bcfee12c5ed87 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3c8d613a5efa760502dc0828f874d47f |
| SHA1 | 54f4fb47aa9f07c5135e842e40bd9f20315b6aa4 |
| SHA256 | 4be1d1671ee671fa04c4efbb280ff9535f58d633a61bb4d4fddf7fd30bb22951 |
| SHA512 | 9651091b4a5a1798c239aeb26799f595d68605ee02c5eaa7c04fc6a7322465d4a6067dce6dc3162104de908b15a9ee06dcfe917e444a390bfc03cc92405e406e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c7a811df4bd0ca4642dc6dfdb6808c8a |
| SHA1 | 1be8308c99b5e781e57d6636bb9df00bf5278ad4 |
| SHA256 | 9b37a1bace278c9f1237b81bc14357f4ba466607b6ce812338c6e652d0ee5f4c |
| SHA512 | 47ce785134f113d63cac119f005b00f224cc023a68e28a760e35c40849b6cb3394cc26102750ee63291caf1cd0f0da31588b4b221c027ca8150789957172c3a3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0190fbcef76627f09d933967ec13ae24 |
| SHA1 | 2885952ccb1d3a9a20804fb27215dddd71752f8d |
| SHA256 | 7e600974e5df67157a023a6c3e11e23b96b7c6b428a99358873bf5137b9c7793 |
| SHA512 | 01a9f4c7ed399b9c3087747377c0405b3cec68c9e3bdd3e9264dc76cc3fc9cda18b623c495e673bc6f8795f9915d4751428002768c1170d1e76ac61b2185772a |
Analysis: behavioral17
Detonation Overview
Submitted
2024-10-22 19:51
Reported
2024-10-22 19:54
Platform
win7-20240708-en
Max time kernel
119s
Max time network
123s
Command Line
Signatures
Command and Scripting Interpreter: JavaScript
Processes
C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\app\js\utils\analytics.js
Network
Files
Analysis: behavioral29
Detonation Overview
Submitted
2024-10-22 19:51
Reported
2024-10-22 19:54
Platform
win7-20240903-en
Max time kernel
121s
Max time network
124s
Command Line
Signatures
Command and Scripting Interpreter: JavaScript
Processes
C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\app\js\windows\cri\cri-controller.js
Network
Files
Analysis: behavioral9
Detonation Overview
Submitted
2024-10-22 19:51
Reported
2024-10-22 19:54
Platform
win7-20240708-en
Max time kernel
16s
Max time network
17s
Command Line
Signatures
Command and Scripting Interpreter: JavaScript
Processes
C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\app\js\block_inputs.js
Network
Files
Analysis: behavioral14
Detonation Overview
Submitted
2024-10-22 19:51
Reported
2024-10-22 19:54
Platform
win10v2004-20241007-en
Max time kernel
137s
Max time network
123s
Command Line
Signatures
Command and Scripting Interpreter: JavaScript
Processes
C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\app\js\libs\jquery-1.10.2.min.js
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 154.239.44.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 71.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 104.219.191.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 217.106.137.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.23.12.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.42.69.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 110.11.19.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 210.108.222.173.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 205.47.74.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 31.243.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 26.35.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.27.171.150.in-addr.arpa | udp |
Files
Analysis: behavioral19
Detonation Overview
Submitted
2024-10-22 19:51
Reported
2024-10-22 19:54
Platform
win7-20240903-en
Max time kernel
122s
Max time network
127s
Command Line
Signatures
Command and Scripting Interpreter: JavaScript
Processes
C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\app\js\utils\commands.js
Network
Files
Analysis: behavioral4
Detonation Overview
Submitted
2024-10-22 19:51
Reported
2024-10-22 19:54
Platform
win10v2004-20241007-en
Max time kernel
145s
Max time network
140s
Command Line
Signatures
Browser Information Discovery
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\app\cmp.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x104,0x108,0x10c,0xd8,0x110,0x7ff80d7746f8,0x7ff80d774708,0x7ff80d774718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1532,2375100632851802814,3363737533203632660,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2080 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1532,2375100632851802814,3363737533203632660,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2472 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1532,2375100632851802814,3363737533203632660,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2900 /prefetch:8
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1532,2375100632851802814,3363737533203632660,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1532,2375100632851802814,3363737533203632660,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1532,2375100632851802814,3363737533203632660,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5184 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1532,2375100632851802814,3363737533203632660,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5184 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1532,2375100632851802814,3363737533203632660,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5276 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1532,2375100632851802814,3363737533203632660,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5292 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1532,2375100632851802814,3363737533203632660,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3408 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1532,2375100632851802814,3363737533203632660,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3444 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1532,2375100632851802814,3363737533203632660,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2460 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 154.239.44.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | content.overwolf.com | udp |
| US | 8.8.8.8:53 | 73.159.190.20.in-addr.arpa | udp |
| US | 3.165.148.127:443 | content.overwolf.com | tcp |
| US | 3.165.148.127:443 | content.overwolf.com | tcp |
| US | 8.8.8.8:53 | 10.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 127.148.165.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 46.10.230.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 67.204.58.216.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 241.150.49.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 53.210.109.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.42.69.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 104.209.201.84.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 205.47.74.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 31.243.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 57.169.31.20.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | ba6ef346187b40694d493da98d5da979 |
| SHA1 | 643c15bec043f8673943885199bb06cd1652ee37 |
| SHA256 | d86eec91f295dfda8ed1c5fa99de426f2fe359282c7ebf67e3a40be739475d73 |
| SHA512 | 2e6cc97330be8868d4b9c53be7e12c558f6eb1ac2c4080a611ba6c43561d0c5bb4791b8a11a8c2371599f0ba73ed1d9a7a2ea6dee2ae6a080f1912e0cb1f656c |
\??\pipe\LOCAL\crashpad_3092_ERESJLJRBGOWZTNB
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | b8880802fc2bb880a7a869faa01315b0 |
| SHA1 | 51d1a3fa2c272f094515675d82150bfce08ee8d3 |
| SHA256 | 467b8cd4aacac66557712f9843023dcedefcc26efc746f3e44157bc8dac73812 |
| SHA512 | e1c6dba2579357ba70de58968b167d2c529534d24bff70568144270c48ac18a48ee2af2d58d78ae741e5a36958fa78a57955bd2456f1df00b781fc1002e123d2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 2dcc844ac5e83837f06b4879a8e28d09 |
| SHA1 | 4ba4d156cf6437fd0ba557c604390776a835a6ac |
| SHA256 | b6e1c0fa992c9f7901f9ca679071797a2f4abedfb1a1de5d55360142e7409568 |
| SHA512 | a6afb31614a36e333ed94b187912da0f2a1a35dec7311fb0574f97546306e33ed630d88b8fba31ef3004c9c6b53256190ca619dccc31a5e9f00a71501dd06d72 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 40881090ca170f6a162e2c6d8d9f1b2d |
| SHA1 | 664ad0ad4175387bb72bd925d61d0c5898398594 |
| SHA256 | 1599011f01480990058b96a7921d2680fc7ac92da52a5cca9a915da7661375ea |
| SHA512 | ed6e6922fb47baa9024ef842d9ada5e4267b8a3c7da00c8df9de06f78fe88f0975cc719ed3a2b1aa6cb9004ebd4a869a6c07387b3d93a47bbb061b67c57e661c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\dd401494-5372-4d88-bd43-e8acb434a951.tmp
| MD5 | 90ecd3631f66972787ddf767cf5d6ddb |
| SHA1 | eaf57ba2019619fb0bbf27afb9a66004e49bcc6c |
| SHA256 | 6fbe6b5972b11575c6610d0b96a27d438b18581c9f3fef331f709d767216a42c |
| SHA512 | 9526458a3829804e7c7c9187afc5974bf080f62b492933ed14fd639e2ae63c787ace6627c0ba4f4408b52edc1bba3b577365cfb0de02d4bedf704d67c2f14e0a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | a6e62d92966d2cec9e2ce9c547a26ca4 |
| SHA1 | 5cc549ffd873c8fdba614b4e8202f75ef03dc746 |
| SHA256 | 10b590e92c429ffcebc2d936287618aae846af40364c2a42893b0b5f1370475a |
| SHA512 | 19785429917ee2a91473896e579299e0c86b796ba7d6ddf3476dc1f74253eae79d8e4e41966d7730841feb48ee12bd354ec7a6b85e4c9bd08752667af97d1095 |
Analysis: behavioral12
Detonation Overview
Submitted
2024-10-22 19:51
Reported
2024-10-22 19:54
Platform
win10v2004-20241007-en
Max time kernel
138s
Max time network
113s
Command Line
Signatures
Command and Scripting Interpreter: JavaScript
Processes
C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\app\js\libs\cmp.bundle.js
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 196.249.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 226.108.222.173.in-addr.arpa | udp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 150.171.28.10:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | 17.160.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.28.171.150.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 217.106.137.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 212.20.149.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.42.69.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 101.11.19.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |