Analysis Overview
SHA256
de1d6924206bd8acd89e986160d0ca8466ef016fa881071dff8abce56a643919
Threat Level: Known bad
The file 7b92eb5e17c2c0d276e8303327ed38e9_JaffaCakes118 was found to be: Known bad.
Malicious Activity Summary
Socgholish family
SocGholish
Browser Information Discovery
System Location Discovery: System Language Discovery
Suspicious use of WriteProcessMemory
Enumerates system info in registry
Suspicious behavior: EnumeratesProcesses
Suspicious use of SendNotifyMessage
Modifies Internet Explorer settings
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-10-29 02:56
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-10-29 02:56
Reported
2024-10-29 02:59
Platform
win7-20240903-en
Max time kernel
145s
Max time network
147s
Command Line
Signatures
SocGholish
Socgholish family
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = c07e4841ae29db01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{670BDA31-95A1-11EF-9CC3-FA59FB4FA467} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "436332460" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000b8d48fc8adfa6b4a805f1a4a681aaa6f000000000200000000001066000000010000200000004c66d058e0d40823b3f8a104452915d6641ef721f43de01f2eac11dc9ab4342c000000000e8000000002000020000000a365433a1c37d40aa4965b1a8426fca7700cb4bd51dc7c9f45f30305cfed80fb200000009d3aaabd214015d79ef4cec6b3dd79b759425aeca4d57c0108efd32835dd4e65400000008644db461347949471730cecd3341f6f6df4aafecf12679de8160a867f8e9a84dd4775314cd0092d529009be67583602d35c98fd14875e9a2a66ca0875eaf6db | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000b8d48fc8adfa6b4a805f1a4a681aaa6f0000000002000000000010660000000100002000000076187f1e50711be2bc3c624573643d9925f99bd2ed9acbcc5ce12093f292cd14000000000e80000000020000200000005fad4f1ec4f961fbac482e193ab5ff5aa6adefd9210150b415a8a3133485688890000000e1552f5848de1ad57d7d77a26769840f1a902e7209a51ef4441b1a5e3e8e292aa08083bf57dade14aaf34c4da81d84ba1d6f5b9b2dca48d50f0b18d7bce443aa6d16a08e395213e15938a02f390d64622b3099192ddaf654cfe1e0bcaef41c8f1f6b83c31cdeef18617c5b98c4ae8fe5a3d2b2c71927bb53e97cabf3ca3d8d441480134bad972efc35005b0d368846ea400000004950e168e1592cbfe7e117fec50346a0e8f18a395b0acc18b7c224275714f3151893dd7ba0c4f72a2399ba293126c7a3a4e11a8e9bdb40ba81b38c6547fa85c1 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 1628 wrote to memory of 452 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1628 wrote to memory of 452 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1628 wrote to memory of 452 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1628 wrote to memory of 452 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\7b92eb5e17c2c0d276e8303327ed38e9_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1628 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | resources.blogblog.com | udp |
| US | 8.8.8.8:53 | www.blogger.com | udp |
| US | 8.8.8.8:53 | ajax.googleapis.com | udp |
| US | 8.8.8.8:53 | img407.imageshack.us | udp |
| US | 8.8.8.8:53 | 4.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | yourjavascript.com | udp |
| US | 8.8.8.8:53 | www.ashadee.com | udp |
| US | 8.8.8.8:53 | soalantemuduga.com | udp |
| US | 8.8.8.8:53 | www.linkwithin.com | udp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| GB | 142.250.187.202:443 | ajax.googleapis.com | tcp |
| GB | 142.250.187.202:443 | ajax.googleapis.com | tcp |
| GB | 142.250.178.9:443 | www.blogger.com | tcp |
| GB | 142.250.178.9:443 | www.blogger.com | tcp |
| GB | 142.250.187.202:80 | ajax.googleapis.com | tcp |
| US | 38.99.77.16:80 | img407.imageshack.us | tcp |
| GB | 142.250.178.10:80 | fonts.googleapis.com | tcp |
| GB | 142.250.178.9:443 | www.blogger.com | tcp |
| US | 38.99.77.16:80 | img407.imageshack.us | tcp |
| GB | 142.250.178.9:443 | www.blogger.com | tcp |
| GB | 142.250.178.9:443 | www.blogger.com | tcp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| GB | 142.250.180.3:80 | c.pki.goog | tcp |
| GB | 142.250.180.3:80 | c.pki.goog | tcp |
| US | 8.8.8.8:53 | o.pki.goog | udp |
| US | 8.8.8.8:53 | o.pki.goog | udp |
| GB | 142.250.180.3:80 | o.pki.goog | tcp |
| GB | 142.250.180.3:80 | o.pki.goog | tcp |
| US | 76.223.54.146:80 | www.ashadee.com | tcp |
| US | 76.223.54.146:80 | www.ashadee.com | tcp |
| GB | 142.250.180.1:80 | 4.bp.blogspot.com | tcp |
| GB | 142.250.180.1:80 | 4.bp.blogspot.com | tcp |
| SG | 118.139.179.30:80 | www.linkwithin.com | tcp |
| US | 76.223.54.146:80 | www.ashadee.com | tcp |
| SG | 118.139.179.30:80 | www.linkwithin.com | tcp |
| US | 76.223.54.146:80 | www.ashadee.com | tcp |
| GB | 142.250.200.46:443 | apis.google.com | tcp |
| GB | 142.250.200.46:443 | apis.google.com | tcp |
| SG | 151.106.123.220:80 | soalantemuduga.com | tcp |
| SG | 151.106.123.220:80 | soalantemuduga.com | tcp |
| SG | 151.106.123.220:443 | soalantemuduga.com | tcp |
| US | 76.223.54.146:80 | www.ashadee.com | tcp |
| GB | 142.250.187.227:80 | fonts.gstatic.com | tcp |
| GB | 142.250.187.227:80 | fonts.gstatic.com | tcp |
| GB | 142.250.187.227:80 | fonts.gstatic.com | tcp |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| US | 8.8.8.8:53 | 2.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | 3.bp.blogspot.com | udp |
| GB | 142.250.180.3:80 | o.pki.goog | tcp |
| GB | 163.70.147.35:80 | www.facebook.com | tcp |
| GB | 163.70.147.35:80 | www.facebook.com | tcp |
| GB | 142.250.180.1:80 | 3.bp.blogspot.com | tcp |
| GB | 142.250.180.1:80 | 3.bp.blogspot.com | tcp |
| GB | 142.250.180.1:80 | 3.bp.blogspot.com | tcp |
| GB | 142.250.180.1:80 | 3.bp.blogspot.com | tcp |
| GB | 163.70.147.35:443 | www.facebook.com | tcp |
| GB | 142.250.187.227:80 | fonts.gstatic.com | tcp |
| GB | 142.250.187.227:80 | fonts.gstatic.com | tcp |
| GB | 142.250.187.227:80 | fonts.gstatic.com | tcp |
| US | 76.223.54.146:443 | www.ashadee.com | tcp |
| US | 76.223.54.146:443 | www.ashadee.com | tcp |
| US | 76.223.54.146:443 | www.ashadee.com | tcp |
| US | 76.223.54.146:443 | www.ashadee.com | tcp |
| US | 76.223.54.146:443 | www.ashadee.com | tcp |
| US | 76.223.54.146:443 | www.ashadee.com | tcp |
| US | 8.8.8.8:53 | crl.microsoft.com | udp |
| GB | 2.18.190.80:80 | crl.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\CabD0D8.tmp
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
| MD5 | 3ee8cdca8546f2607eac34bbc0bf23bd |
| SHA1 | 257a941458af4c9e9afd1a352a97722d4ca24ea7 |
| SHA256 | ed5a4d9a5ecee1ca6001d5f70d6dcd833e30dd693a99a4246a33e5a8e3fd70f8 |
| SHA512 | b61eb659d70659ed99fd3032e85bd35362e792a799bd6716ffde255f3f8adb753305570d4aa1242dab792e7084aa5b969d1169a898c9d32f03211097de846820 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
| MD5 | cd269657b317820cfafb0d05fa93abbc |
| SHA1 | 57459fc73b6b036b250bf21e9b2143c5f534a01d |
| SHA256 | 4eb7d061b819b73af819364b382f3aef214452dbf4a8e9700c7f07dee7790105 |
| SHA512 | ec75190efe53435f814299c47551ec1cce2bc4b4b659ec21358c28ae1a17943884854f479f536f7937bca7ffca6e59732de1299562dfba037050988ec419ce29 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Q4648X1K\728x90[2].htm
| MD5 | e89f75f918dbdcee28604d4e09dd71d7 |
| SHA1 | f9d9055e9878723a12063b47d4a1a5f58c3eb1e9 |
| SHA256 | 6dc9c7fc93bb488bb0520a6c780a8d3c0fb5486a4711aca49b4c53fac7393023 |
| SHA512 | 8df0ab2e3679b64a6174deff4259ae5680f88e3ae307e0ea2dfff88ec4ba14f3477c9fe3a5aa5da3a8e857601170a5108ed75f6d6975958ac7a314e4a336aed0 |
C:\Users\Admin\AppData\Local\Temp\TarDC7F.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 39c10c4bfc0db0cd98c9e87cff593535 |
| SHA1 | bbedd0c7ac29129babe8b1dbbe5d6a83c2a2bfee |
| SHA256 | 0c56e5829f150cb17c08c694207afb2351179839fd2de7d7c9ce46a74ef97ab0 |
| SHA512 | f6571b73cbb49a1012b0239c05f02cee3fa729d9bac9fa5a7f1cb48d632c15f442db77499b9f7e1c4a8551e801dc8b599c13d458a85827463c56bae4e7948370 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e1d47550e19a877dafc87581356d2ca2 |
| SHA1 | 9aaf9001882617c99a1eb1255d7dcebf3b0b310b |
| SHA256 | 3db2820b9853ada76a19d2fe03378b2e2de5a46ad3702aab02e5aba34cff15e1 |
| SHA512 | f9fc57d5a8e4f925154f032bcd5833e5c16f23de0dbd5f82396a493dfe7ae69ea5ed453aa9092619ca56e3d3ef93a14eb26e184534c3feba543e6a25dcc91e08 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c6d5ac503783fa797e9473080573e26f |
| SHA1 | e12b5e26ed65a53c112f40b73eb423305f22bd28 |
| SHA256 | 34931a9c4a1da7d756957f998a6bcbddb47d961e21a5dcff53be1b1b146849ef |
| SHA512 | 48ff4fe24241ebf9c5168232ebdf3334772fc181998609d0a6b4d04de965ab2042e41c13e7444a5d63494dbf18a5f5faf37679cb8e6eb4f2316bc0f3e47d3521 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 201f8320edec26a2c4df1358185d1227 |
| SHA1 | 552e6905ae6e8c50d49fef7c9d2a6e1a3f36d1dd |
| SHA256 | 95117ec400233794fb19503831f7607162c5ac6230e5e51bf7f5a9198ba019d8 |
| SHA512 | 638b6ef9107509d370f25280d887726236fb2bc96b4fcb5d1ddb29d46d6019808b812fce3b054b1eb6d0478198c95618431e02d2c48775c76fee1a768e5d5ca5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8f3f226e0d4bf004c4e3676e8cb50eaf |
| SHA1 | 4e059473c6fe15c8303293a2ec24e0248edf9f64 |
| SHA256 | 7f18c81e6397fbd67cce3af9e3732444a82210ebf06e6e4bb9481920e908f0cc |
| SHA512 | a811b69cc01d3b1187434f1b35147c1b328d7f842aeb825f713c9517083c782590dd139de63a8b545fecf52eaf437750e9d4c9e058a7f77cf0ddad8233ed25db |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2cf861fc4b98ef4711254c5dfb929fe7 |
| SHA1 | 0b3fcd3c57ee66839475d323b2e6758bc7b61d9f |
| SHA256 | 7a2cd77a43b6700505440793bb08ac7748bc4fdbdf6227ee286c734d10a4277e |
| SHA512 | d72f3492cdeb60f69243e5bddd8dc43738719aa477ae4abc6359a3a3a5490b3897d69f4ff81560d3b65f00b3c15bfa95ca206af017a76e736216a7e86d996489 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d6945e2fcca4338d8c2a69e817c6dd15 |
| SHA1 | d07774032eca070070a2e2b51a3aecea18f5615f |
| SHA256 | 91bdd217a58595d46d7c0474e8924f886fd8ae875a1f3de8c2059c9aa5ed4c55 |
| SHA512 | 1d6203856d6a8c628bfb1d40cefaceeb50cc14f919adeb585138f323a4b38315dffaee128cef4c83c771a5813c74d056ea118eaacc8b36d30e58a14e75fc7426 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1c504b9599be5e3f0a48ae826eb52530 |
| SHA1 | cd7029b592caea490c84f09f7a4ad15d5d45479e |
| SHA256 | 2eb1f4198b570048d6f796024f6f86a31fdb5522045939bf4b470d5da5a684ba |
| SHA512 | 0edfb9d395feeec83608555e6c73d6a1351f128e17cb613ded515aacd01ef5142d8cf03b3d0ab505ad8dca5a011359a26ac64b8207ca5c265c47f434da1440f7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | da03832b7f0eb112c5648380788eb527 |
| SHA1 | b4d6ccab733be4dae6cbe943f05e0a57bbc06ec2 |
| SHA256 | 160cdfe98c8fe31afa2f2a07db3d5a9ba70729b01635b022ae64c74625e9c0f5 |
| SHA512 | e401e34febdd1682bf4a5466dbe588e1b3c902475cff44d5d264a770a98e0908422af4db69ebd21ac4088c78d3f0159a2facfc48250e4ca49b413b8a835d9477 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e918bc5734c9e7c73c5224535b51451f |
| SHA1 | c73ca4e74fefd08da568ec4eaf746178bb92eacd |
| SHA256 | b93ab3fd343497d92ad7da2511ce3adc446790ce5b501102b00b1f0b5eeebe04 |
| SHA512 | b579e8de6f222b83789bdc9272222b7c07bb55d66e4d2688752e69dfc1a7af652a4af672f6cf2d97991fe26881b9916b71ee5a345395e1698068ffb85d69adbe |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | be1ff361276bf9798abaf8bc49b0b8e1 |
| SHA1 | 78b6723333c82182742453b3242163f14867f965 |
| SHA256 | eb561e881e949a75cecbd654be62be9cdf7b0a657248c51f2405fc162d92a6cb |
| SHA512 | 33686938e7791e9e660be764131f683b6bb44c4faed191a754ba4e320905625241eefad0d1c37cb3fc9787b9c12e254ee10f9215c3b5b0d69e7249d3582f681c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6de6d61a52338df93625a27ca8bb0ea2 |
| SHA1 | 3792b56872eab11a8a58c6d0c2723a11e9a82088 |
| SHA256 | a4b1f41c233d504aba0ae6a3f480a87aaa53fa864b0b9120a3309e750c7886b0 |
| SHA512 | 94fd13a643fcc1f912f6f08fd660ec64946db272f45e21aad5b40ce9022985256fb3d5e3db07f4a55105d19bea25ed4c5aa7bbabc9b4affd2371df9285eb25ea |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 647f70829f0497f42a8642841a55c3e7 |
| SHA1 | c8e3ba8798ebc3a10438315a79def0e6c6740801 |
| SHA256 | ea91418842fad670424db3e2445e666d07bd57f719c1bba96dea022b7b3b3a2a |
| SHA512 | c351df300559f7b1848ce54b174888ff18c5f93ea7637d662a2a448de34078fe582b9fb2d386e620f735e5eeea46bdf94c8a1e5a6e8dcdb140d909985361e9dc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 089e29753f98d96d364033c95ebaf713 |
| SHA1 | 2c9658e909f3e3a6a3937285371b8a7b20aae654 |
| SHA256 | f2c67b9c128c186c526cd8e315c300a586b2e1062d65cdd634baec9eb884aecc |
| SHA512 | 79fe1ca5d7c59c5b31fc07c9df73ea99a7572c9de0928934b6ebf729c294988e99af2c3ea045c43cfe9f0994b9b793f3287703178003aba73f52ff506e6b0450 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 76115e2ee102a0ba27ab18731872e2ac |
| SHA1 | ae3ffd176c0e30405a412e31390acf01d0e79480 |
| SHA256 | 13b32fe6045666120404e75ab6b777c5098c6dfc2011f2b8ddf0f080220b8dd2 |
| SHA512 | 80701a59dce09ff7bdd2f99e66a638ff021f7b71108da2610139ca5d59d6baf57f16e50a809fba950189d6068ab144ff81a3fd9c21a6665125a4525a4aa51b55 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 857137c783ddb6b752e385edd70c8278 |
| SHA1 | 20c0d0dbc6e99a96481f50eee787f6319c6f9c19 |
| SHA256 | 6749475713e8a999a4fdf491d7931e43983dd5d11bd725652fc7176bc0dc1bea |
| SHA512 | adc10564e6ea88655f3a07564e165d86f17d21de876255c723d22b5d04dd282a9904e2de7eb535ea090e02dc7aa2a52b7a85ce0b11eebfd19da8bf7499ffa5c3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6d4a0ee825be39bfb77ed496e2df3ed2 |
| SHA1 | e9b25b3216aebfb02e33bcebfab064958174b58c |
| SHA256 | bd006e2732ef35d9c206ba73edc4cdd3031b437a58f6d247ea0130073244ad1f |
| SHA512 | 0244359b441fa986059b171345b7a44912aada981869d0527c5d55692dbc6fe6ba36340117da052d3bc82a9f10cca9b2cc245e7ed2dd763b28bb466443d8102a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f95a5c88f3534cd15b563a2e0cc5c11a |
| SHA1 | 359c7034e98a10fee11cd9f0675909b06728537f |
| SHA256 | f21854f0c26ea7949a65deb6ed8cd978cf7420dd4dfd18f3c0fb2c63dead71b5 |
| SHA512 | 43782c12cb5ff0a5832010e6718bbf6d4018689665a109f6f2ee4d6be8b18d7d0af7c576bc7103efcb42044fc576429863f321e07a83fe902ed405f92fc73465 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d566dcccf88fd382a135eaf1087fba00 |
| SHA1 | 9ccc9054abbd9331b3c670ea70077236d8af9d12 |
| SHA256 | 22314ce8b5048771793ae532811ae8f66399ebd5502c567284e4d897136f1f3d |
| SHA512 | ab511e53f67e17082c5f3fd126d769c6d042c46da56690bdce92324b066786990b0a0f3e19f543938eb064c0aa5287b5d4fb9f177e659f627c17c7684a0f6b03 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 32083a425e999d5ca7fdc10074ed94e6 |
| SHA1 | 6bff76df510f427d63b46c2c7da21a8e2ee09b36 |
| SHA256 | a01a792c3763bbb69634c02a3881fe9be7fc96323eb4b587326953b3b6c8db90 |
| SHA512 | 70ee5d17eb221e1d9c91f0ef81cc49946117b465b8c7cfe6e559a1fddbb65c18b2ef37ed68db554032f44c3dda361fe9878af58984ee097494ab7ec34d7974e2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a9a1b7ad2903de9aecdc8a9778b1f200 |
| SHA1 | f6ae1cc7e1a325d312e161434b1b666cd73326b5 |
| SHA256 | a6af08da7b4dc7ba02288b27a67e8497c5597f073974a30f22f5351b12ea5fc7 |
| SHA512 | fa6a341e0b442921361f0bf12b9d68429c3e0a0e74f269a6208d32d3f97b15b329487aea18c102859d8cd288b73e0d889f33dca027ba8d74a6cc773896103376 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0dbff2f6b482a63a8a27d1b886589c54 |
| SHA1 | 9a432ba4326cf7004f88bd9fbd7c6894e839398b |
| SHA256 | 9464a0399c20e96b3171718c3ff49beb970877a639f5170d3feb536514fd9b03 |
| SHA512 | 9f6760bdf0fb04e2bde898d5fe85a1b0ba9cde3147c95353769859b7e0ea3f5798a5816899204acb95df1b098770285166e3d29b765e5dbc6669c89b7eead405 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0265f3b7f5b104f1e4bf6d8198330337 |
| SHA1 | 3cc11216f7a3aa59a690b3e5182f30da2fe7c659 |
| SHA256 | 0af26d9d905bcd101198de5796018ce3301fdd5e0eb4afb8e2c3eae540bbd090 |
| SHA512 | 310ac2e671d6b213a9645a594bd4b7c831f961b4183f9f07272d3ad0979f04485f2d1ebe3fdbb90fa0129bb954cf36b0e5ff2d3dd429bed01a855ef1e8140d0b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a7f478c481c40ca794165eec0dcfabda |
| SHA1 | a3fe71b9f79d655eee78edc90d4ace4e0d40ddcc |
| SHA256 | 85f114cc9af4022a376e04d867f8156143df43b31d5cf0f91c38b3b8b9c781e3 |
| SHA512 | 8d1806a8b0dc7c4bfddc460e90747f9940e8a250b2f5eed89fd832b12c3a766220447ce796dcb44e59565729fcbd005f1aa5122ff6e48c390447ea9001e3d4e2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | be20fc23b89969d1f01998680885bb40 |
| SHA1 | 2ea8ebef0defbaa59d91c7050b2ab9406e455b6f |
| SHA256 | bff61f8090c4230b725a29566204453d9c7167cdc2e168188ce4440484584e82 |
| SHA512 | 62043021a9109da8813e24dd1068b9275353f0e67ebc134a1a543dc3156ffec3c4b727b0a534759810993762e62b2c621156b805fd0cd6dbd228ebd20719d270 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | a266bb7dcc38a562631361bbf61dd11b |
| SHA1 | 3b1efd3a66ea28b16697394703a72ca340a05bd5 |
| SHA256 | df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e |
| SHA512 | 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c31b239d86ed8b02924b72d444cb8a9c |
| SHA1 | 7f0a20e842d4cf73cb027e45bdb87a8069238512 |
| SHA256 | f216ba86414eabbfd9b8fb9e2b583f398bc87978cd903b1105a76a86a83abbb8 |
| SHA512 | 2df3acc2514004e7ff4a6a75cf43c8c4f43c52faacc546f0648ef465ee71c80773ee78f1bf58d01a4689d1c7aaf4901a7985672708dede33a578f64ceb56e498 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b47b9d978ad684f62b70bf1939b57386 |
| SHA1 | 963380751c4f5a7b7a5f6088c992f973370fa343 |
| SHA256 | 5d149494a1f4320e2ffb0ca1b87f3998a47405f5e7a4ac27e9e5dd5c564e9198 |
| SHA512 | 8a34c92d3583fce4d3cdb83f6c97f8d9cb8efa146d2e6d9da147212b15cd2fe146fdbc39a0da3664bccb31c99288097475e97ef34808c0f149123aada81d62e7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 82c78a65f8b5ed9207ea26b153b7ddfe |
| SHA1 | ce560783132b010c4012fdfe14809a344ed44706 |
| SHA256 | bd9b247b53572eaaf8a8fd61012d4e2eaa61e4753a88ff6fda6e7b4fac9bf7da |
| SHA512 | 9e41bf8fddacb2aa5184df3f18fae839479222e40d741b7b9e400ef806a2192ed53415f390b7a1be4f5b0b809771c9071e7dabbaa0971dee2894bc33072f7c1b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 639410759c5f31df7cdee7e32a04af20 |
| SHA1 | a3a948186c47e9e60af51694f2478c8905ea8c6e |
| SHA256 | 261ef4c7b7451e38c01cf73bbfc5aa8980f2166dfa504a1d2dea1fd98235aa2c |
| SHA512 | aadd0c46c9cd854e415b327f64730a76e0fed7cc7e8805732e3e23207435dfdd349bfeede0438554a28c46da5b7e726dd8d8ec6bb1fadb8f8215884718b413db |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | e4a68ac854ac5242460afd72481b2a44 |
| SHA1 | df3c24f9bfd666761b268073fe06d1cc8d4f82a4 |
| SHA256 | cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f |
| SHA512 | 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 379a9c41112be0123512b1b8b6b8038d |
| SHA1 | b01d52c7eb7cc705179594cd33d34909ba7b5d08 |
| SHA256 | a2d625bee1cee141d907fab0a10d7404610dbaca2c4044234550565facea99f9 |
| SHA512 | 4558c14a8e0896ed86308115ef5e3db46f6881538d409db15fcd5d4073843ec1c20a4a4802fd84828e3e0768b09b20a9f4187f39cf07e2b523de793c92caaf04 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | f9b4424fed9b382a272d479d32ddb799 |
| SHA1 | 79f3b693c0322c846c8055ffeb3048079eb2da71 |
| SHA256 | c68079ddb0f965048fc063919b80c8b2e8b39ae531baef5f76e4179c3fd609f2 |
| SHA512 | edfc8cc2f71e6c9c3c72a58530ff27e367ae6a0478ae70fe06a953292e86bb7492b5ffe0259cfc25978b9e417c617536d1b341e5061c7ad5df4d1b1cb8c72a8c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 42e0883859934e626b122af3f951d965 |
| SHA1 | 97c9416fadfcb8091674503965d2e4a05bcffc3c |
| SHA256 | ec99c023625a6a62d3f777233fd91e1592815f6682b5941c2a1aa48e2f6e5695 |
| SHA512 | 164168f52a55c17231a569190ea6f953681ad9ab5ec644eb6b4f6f8c52836f7b77b70fd9724e9bf0f247e14648591f9febe91772ecb50708b61d2ce08905736c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 532646994fb85f3ccea85065ff8ed518 |
| SHA1 | 460a7bdd2122ed3696a49491354ab5d2915e238a |
| SHA256 | 46ed4782b92a00ece8e2eb423f6e7296c04ebe85a076e2c2f3c23d5c52fece19 |
| SHA512 | 44a0496f12c01947ff4d76138f07e3ee52b8243e1ec60b4f0ff05fc0690f755722fe36543f3cfa5ced200b7cb9a0829f92b561d9f7c9910a8be93b07ef2a6815 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | fa4d30a80a71b3d9b75e3b1845d03948 |
| SHA1 | be50e9c2791300dda56cd044f2d0fb6ddce15861 |
| SHA256 | 1e6f79b30f4d5b720413f396027eaa50c0ccfff3f39389403254f797fb8abe9e |
| SHA512 | 7d0afa1f611d041e82e53599ed377597e49ec830ca0a3caa8f29964c37a38c9796bfdd6d84222340e6595a0aa3f9f6976b46b917a9011498921984a2051f41db |
Analysis: behavioral2
Detonation Overview
Submitted
2024-10-29 02:56
Reported
2024-10-29 02:58
Platform
win10v2004-20241007-en
Max time kernel
148s
Max time network
149s
Command Line
Signatures
Browser Information Discovery
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\7b92eb5e17c2c0d276e8303327ed38e9_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffda90946f8,0x7ffda9094708,0x7ffda9094718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2196,11158053161912251782,6403782056340188941,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2208 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2196,11158053161912251782,6403782056340188941,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2356 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2196,11158053161912251782,6403782056340188941,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2668 /prefetch:8
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,11158053161912251782,6403782056340188941,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3240 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,11158053161912251782,6403782056340188941,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3252 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,11158053161912251782,6403782056340188941,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4696 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,11158053161912251782,6403782056340188941,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5236 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,11158053161912251782,6403782056340188941,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3136 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,11158053161912251782,6403782056340188941,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4720 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,11158053161912251782,6403782056340188941,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5976 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2196,11158053161912251782,6403782056340188941,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6892 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2196,11158053161912251782,6403782056340188941,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6892 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,11158053161912251782,6403782056340188941,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4960 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,11158053161912251782,6403782056340188941,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5908 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,11158053161912251782,6403782056340188941,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4040 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,11158053161912251782,6403782056340188941,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6896 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2196,11158053161912251782,6403782056340188941,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5076 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 196.249.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 79.190.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.blogger.com | udp |
| US | 8.8.8.8:53 | ajax.googleapis.com | udp |
| GB | 142.250.178.10:80 | fonts.googleapis.com | tcp |
| GB | 142.250.178.9:443 | www.blogger.com | tcp |
| GB | 172.217.169.42:443 | ajax.googleapis.com | tcp |
| US | 8.8.8.8:53 | yourjavascript.com | udp |
| US | 13.248.169.48:80 | yourjavascript.com | tcp |
| US | 8.8.8.8:53 | www.linkwithin.com | udp |
| GB | 172.217.169.42:80 | ajax.googleapis.com | tcp |
| GB | 142.250.178.9:443 | www.blogger.com | udp |
| SG | 118.139.179.30:80 | www.linkwithin.com | tcp |
| SG | 118.139.179.30:80 | www.linkwithin.com | tcp |
| US | 8.8.8.8:53 | www.ashadee.com | udp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| US | 8.8.8.8:53 | resources.blogblog.com | udp |
| US | 13.248.169.48:80 | www.ashadee.com | tcp |
| US | 13.248.169.48:80 | www.ashadee.com | tcp |
| US | 13.248.169.48:80 | www.ashadee.com | tcp |
| US | 8.8.8.8:53 | soalantemuduga.com | udp |
| GB | 142.250.178.9:443 | resources.blogblog.com | tcp |
| US | 8.8.8.8:53 | 4.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | img407.imageshack.us | udp |
| GB | 142.250.200.46:443 | apis.google.com | tcp |
| GB | 142.250.180.1:80 | 4.bp.blogspot.com | tcp |
| US | 38.99.77.17:80 | img407.imageshack.us | tcp |
| SG | 151.106.123.220:80 | soalantemuduga.com | tcp |
| SG | 151.106.123.220:80 | soalantemuduga.com | tcp |
| US | 13.248.169.48:80 | www.ashadee.com | tcp |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| GB | 163.70.151.35:445 | www.facebook.com | tcp |
| GB | 142.250.200.46:443 | apis.google.com | udp |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| US | 8.8.8.8:53 | 3.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | kiambang.info | udp |
| US | 8.8.8.8:53 | 2.bp.blogspot.com | udp |
| GB | 163.70.147.35:80 | www.facebook.com | tcp |
| GB | 142.250.180.1:80 | 2.bp.blogspot.com | tcp |
| GB | 142.250.180.1:80 | 2.bp.blogspot.com | tcp |
| GB | 172.217.169.66:445 | pagead2.googlesyndication.com | tcp |
| GB | 163.70.147.35:443 | www.facebook.com | tcp |
| US | 8.8.8.8:53 | 138.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 9.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 42.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 46.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 48.169.248.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.180.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 30.179.139.118.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 220.123.106.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 17.77.99.38.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 35.147.70.163.in-addr.arpa | udp |
| SG | 151.106.123.220:443 | soalantemuduga.com | tcp |
| US | 13.248.169.48:443 | www.ashadee.com | tcp |
| GB | 142.250.187.227:80 | fonts.gstatic.com | tcp |
| US | 8.8.8.8:53 | 227.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.godaddy.com | udp |
| GB | 23.211.96.23:443 | www.godaddy.com | tcp |
| GB | 142.250.187.194:139 | pagead2.googlesyndication.com | tcp |
| US | 8.8.8.8:53 | 23.96.211.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 55.36.223.20.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 228.249.119.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | infojawatankosong2014.blogspot.com | udp |
| GB | 172.217.16.225:80 | infojawatankosong2014.blogspot.com | tcp |
| US | 8.8.8.8:53 | 225.16.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 56.163.245.4.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.31.95.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 73.190.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 71.209.201.84.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 43.229.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 205.47.74.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | ba6ef346187b40694d493da98d5da979 |
| SHA1 | 643c15bec043f8673943885199bb06cd1652ee37 |
| SHA256 | d86eec91f295dfda8ed1c5fa99de426f2fe359282c7ebf67e3a40be739475d73 |
| SHA512 | 2e6cc97330be8868d4b9c53be7e12c558f6eb1ac2c4080a611ba6c43561d0c5bb4791b8a11a8c2371599f0ba73ed1d9a7a2ea6dee2ae6a080f1912e0cb1f656c |
\??\pipe\LOCAL\crashpad_704_FSODSRTSAPTEAGBG
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | b8880802fc2bb880a7a869faa01315b0 |
| SHA1 | 51d1a3fa2c272f094515675d82150bfce08ee8d3 |
| SHA256 | 467b8cd4aacac66557712f9843023dcedefcc26efc746f3e44157bc8dac73812 |
| SHA512 | e1c6dba2579357ba70de58968b167d2c529534d24bff70568144270c48ac18a48ee2af2d58d78ae741e5a36958fa78a57955bd2456f1df00b781fc1002e123d2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 009a156ad5e0d3340c08b6113a5b5fb6 |
| SHA1 | 22b008ad1af8773b93a4f67ce75af50cecd3619d |
| SHA256 | d652db1d0195a882c5479bc57bd45c04077e51d21f173da71849dfc75dcacc46 |
| SHA512 | e8835e2010e31ec819e136b93fb328500ee76c0fbdfbe0e01323edd81dd457ff32c6d07fd5e5895086f348c9620971fdc0df53246ec6aaa778583ba4add0fff0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 6b5ea9d25ec4334bbe725eed1f1d5a10 |
| SHA1 | 5b1d42a17c573a9a1132525fd5bbf87aca1672c9 |
| SHA256 | 9a3b881ba5a16aa1304c826bdfbbd377241406c1c550874b278e65b7a5ed347c |
| SHA512 | 47f2a9b2667992706f4cc47d5117f0e741ab302d7de5625e1a59c5ce480c882c451e9cde51431b0cd5e444784b4f17e1d3317df243c9452898e512b56cf56a77 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 00956e46857181e2f4b1367c857ecf45 |
| SHA1 | 5937f0963a5ce794c4511225966027a43fc2a9af |
| SHA256 | 3061d600130228071a7cc044065232a1da2b5b9112a6251378e1e4c4d7a6d2c5 |
| SHA512 | 19fff43c5ac38fa9795764c94f2463e4ddc04135760cf1a9c5e4e9b782ff894f6d77cafb7f53d2deef0e13cd3e3fb1dae4770de22717e1c7859c447c530192fc |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | fe5b6d0fbf0e124fb2555619690333af |
| SHA1 | d912491757e6f0a93f8975ee4c936100d82f50d5 |
| SHA256 | b12c7e93d07b280393473e0dff08e3890643e53f0dccd39a148e09480e058415 |
| SHA512 | 58089aaf07bbd76bbfe741b65feef95b0c5a63e492620ead5fdeba5697c2953513f5432096b05a081bbb2d4dd4f8161f534b95b5d26c6e9821134b676970aafa |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 5031c0429890a77f61955f7597121c54 |
| SHA1 | 4ea9a216ec5113e48c82b67801712078b725585b |
| SHA256 | aade7623aa16c69de9887bb8b0285ffbb9fc72cfd232174a160960f5b8b0666b |
| SHA512 | a0269ab0facead8fb6646eceec59da5725f759318ad673c9fa9777da94a4cd97f004ae6d1a5907ebd19b5da8355479f4dd90b7a3b9381db84a3ca3439cb14dbf |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 61381dc1c5db78c21f96863e02c75d81 |
| SHA1 | cdd49b5d1876259fea684d56b96c6b6caf0d2792 |
| SHA256 | d4086328e5828d4ffb620a79d4f17e1f5b305d70ed15e176ae17c13422b55d1c |
| SHA512 | 3d0cd0c15422aab68ffbea3732c97bf2b47d0bb6633d33e3810c63beebffa07606cbd2acef98e89bfe6d6df4b7079a1b99d5b27ecfa6855a60ddd055af6de0a3 |