Analysis Overview
SHA256
1e33e8ac11065f7194b551dc406c4646dcc4c81f87832e693d5fc6ba14f30be9
Threat Level: Likely benign
The file sample was found to be: Likely benign.
Malicious Activity Summary
Detected potential entity reuse from brand STEAM.
Browser Information Discovery
System Location Discovery: System Language Discovery
Enumerates system info in registry
Suspicious use of SendNotifyMessage
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Modifies Internet Explorer settings
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-11-02 22:39
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-11-02 22:39
Reported
2024-11-02 22:59
Platform
win7-20240903-en
Max time kernel
904s
Max time network
842s
Command Line
Signatures
Detected potential entity reuse from brand STEAM.
Browser Information Discovery
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "436749046" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{57AE1E91-996B-11EF-B40F-EAF82BEC9AF0} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\MINIE\TabBandWidth = "500" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000303eef0e2cd1a9499efdd285a56ddc5000000000020000000000106600000001000020000000e5e2610ab6f8d86e41ec81874acf4650ff50b4637eed0449456a6d2a8eaaa6a6000000000e800000000200002000000082f44d9aef24d9e6e69b5b9ce0fd3d569c1a110ee863f73cdcabc87cef0e1e6290000000cab2c3feb98935937527adec1904f1834950ff395cd9990baf2cae7a8654c07079107a989cd10810019ddfc7898e377a8b47bf79709ba79698b41ba086e549522619b43f71626968c1dbb69deb6d73a14393669470b4f52f8eb8777f67be3d971e807921d4da0cbed398e63563faac30a733c36754160822b51ec32467968b498a943e3d524d1fee507605ed950a44bf400000008a1b9f05cd1f350102be4d3c5cc124128213d229540b6483f2a26dfc76e737c0d5b391d8f6f1aff7e2392336e98bbdfc6d1a4ff5f9498b90bb53ac144e190301 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\MINIE | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000303eef0e2cd1a9499efdd285a56ddc5000000000020000000000106600000001000020000000fd29554191d63ea008160f56b269edabb3bdba3ea4d34f448aca7f0e3147bd24000000000e8000000002000020000000d07e30123d0a40a18a8639b52154410e646b61a9af6bc9f5c9e63947531d85a7200000008d2f03935bcd2616e168a1eb9c7ca8477a041aef9174b3db78468d7536fc3a19400000004e8797215dc5e863a76bc1c0675a53d7f6c35175e087f98bcd1cbfa4c83017447f7cdffddeaa91f37663790fbdd745f73ad3f9d844841f5d7d5de1ba8fb0719b | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 30ee372c782ddb01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\sample.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2348 CREDAT:275457 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef69a9758,0x7fef69a9768,0x7fef69a9778
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1168 --field-trial-handle=1336,i,2457801350221002269,14713770567771425049,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1552 --field-trial-handle=1336,i,2457801350221002269,14713770567771425049,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1592 --field-trial-handle=1336,i,2457801350221002269,14713770567771425049,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2272 --field-trial-handle=1336,i,2457801350221002269,14713770567771425049,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2280 --field-trial-handle=1336,i,2457801350221002269,14713770567771425049,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1136 --field-trial-handle=1336,i,2457801350221002269,14713770567771425049,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=2084 --field-trial-handle=1336,i,2457801350221002269,14713770567771425049,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3168 --field-trial-handle=1336,i,2457801350221002269,14713770567771425049,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3556 --field-trial-handle=1336,i,2457801350221002269,14713770567771425049,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3108 --field-trial-handle=1336,i,2457801350221002269,14713770567771425049,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=4004 --field-trial-handle=1336,i,2457801350221002269,14713770567771425049,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=3720 --field-trial-handle=1336,i,2457801350221002269,14713770567771425049,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2612 --field-trial-handle=1336,i,2457801350221002269,14713770567771425049,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=2600 --field-trial-handle=1336,i,2457801350221002269,14713770567771425049,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=3996 --field-trial-handle=1336,i,2457801350221002269,14713770567771425049,131072 /prefetch:1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.180.4:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | ogads-pa.googleapis.com | udp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| GB | 216.58.201.106:443 | ogads-pa.googleapis.com | tcp |
| GB | 216.58.201.110:443 | apis.google.com | tcp |
| GB | 216.58.201.106:443 | ogads-pa.googleapis.com | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| GB | 142.250.187.206:443 | play.google.com | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 142.250.180.4:443 | www.google.com | udp |
| GB | 142.250.187.206:443 | play.google.com | udp |
| US | 8.8.8.8:53 | consent.google.com | udp |
| GB | 172.217.16.238:443 | consent.google.com | tcp |
| US | 8.8.8.8:53 | content-autofill.googleapis.com | udp |
| US | 8.8.8.8:53 | encrypted-tbn1.gstatic.com | udp |
| US | 8.8.8.8:53 | encrypted-tbn2.gstatic.com | udp |
| GB | 142.250.200.46:443 | encrypted-tbn2.gstatic.com | tcp |
| GB | 142.250.200.46:443 | encrypted-tbn2.gstatic.com | tcp |
| GB | 142.250.200.46:443 | encrypted-tbn2.gstatic.com | tcp |
| GB | 142.250.200.46:443 | encrypted-tbn2.gstatic.com | tcp |
| US | 8.8.8.8:53 | encrypted-tbn0.gstatic.com | udp |
| US | 8.8.8.8:53 | encrypted-vtbn0.gstatic.com | udp |
| GB | 142.250.180.14:443 | encrypted-vtbn0.gstatic.com | tcp |
| US | 8.8.8.8:53 | steamcommunity.com | udp |
| GB | 23.214.143.155:443 | steamcommunity.com | tcp |
| GB | 23.214.143.155:443 | steamcommunity.com | tcp |
| US | 8.8.8.8:53 | community.fastly.steamstatic.com | udp |
| US | 151.101.67.52:443 | community.fastly.steamstatic.com | tcp |
| US | 151.101.67.52:443 | community.fastly.steamstatic.com | tcp |
| US | 151.101.67.52:443 | community.fastly.steamstatic.com | tcp |
| US | 151.101.67.52:443 | community.fastly.steamstatic.com | tcp |
| US | 151.101.67.52:443 | community.fastly.steamstatic.com | tcp |
| US | 151.101.67.52:443 | community.fastly.steamstatic.com | tcp |
| US | 151.101.67.52:443 | community.fastly.steamstatic.com | tcp |
| US | 8.8.8.8:53 | shared.steamstatic.com | udp |
| US | 151.101.3.52:443 | shared.steamstatic.com | tcp |
| US | 8.8.8.8:53 | store.steampowered.com | udp |
| US | 23.192.21.216:443 | store.steampowered.com | tcp |
| US | 23.192.21.216:443 | store.steampowered.com | tcp |
| US | 8.8.8.8:53 | store.fastly.steamstatic.com | udp |
| US | 151.101.67.52:443 | store.fastly.steamstatic.com | tcp |
| US | 151.101.67.52:443 | store.fastly.steamstatic.com | tcp |
| US | 151.101.67.52:443 | store.fastly.steamstatic.com | tcp |
| US | 151.101.67.52:443 | store.fastly.steamstatic.com | tcp |
| US | 151.101.67.52:443 | store.fastly.steamstatic.com | tcp |
| US | 151.101.67.52:443 | store.fastly.steamstatic.com | tcp |
| US | 151.101.67.52:443 | store.fastly.steamstatic.com | tcp |
| GB | 172.217.169.42:443 | content-autofill.googleapis.com | udp |
| US | 8.8.8.8:53 | login.steampowered.com | udp |
| GB | 23.214.143.155:443 | login.steampowered.com | tcp |
| US | 8.8.8.8:53 | api.steampowered.com | udp |
| GB | 23.214.143.155:443 | api.steampowered.com | tcp |
| GB | 142.250.187.206:443 | play.google.com | udp |
| GB | 172.217.16.238:443 | encrypted-tbn1.gstatic.com | udp |
| GB | 142.250.200.46:443 | encrypted-tbn0.gstatic.com | udp |
| GB | 142.250.200.46:443 | encrypted-tbn0.gstatic.com | udp |
| US | 8.8.8.8:53 | encrypted-tbn3.gstatic.com | udp |
| GB | 142.250.180.14:443 | encrypted-tbn3.gstatic.com | udp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
\??\pipe\crashpad_2812_QLNIJNERBJYUAMGZ
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000007.dbtmp
| MD5 | 18e723571b00fb1694a3bad6c78e4054 |
| SHA1 | afcc0ef32d46fe59e0483f9a3c891d3034d12f32 |
| SHA256 | 8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa |
| SHA512 | 43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1
| MD5 | f50f89a0a91564d0b8a211f8921aa7de |
| SHA1 | 112403a17dd69d5b9018b8cede023cb3b54eab7d |
| SHA256 | b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec |
| SHA512 | bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58 |
C:\Users\Admin\AppData\Local\Temp\CabC1CC.tmp
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\TarC27B.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a5c390e076dabbbf279c694325231abe |
| SHA1 | 5fe5ed2a9547b842f3c3332394e9f9143e70acbe |
| SHA256 | 38f8e62d19f4a15684ab1b1433638bd16d50a52b51a0da2129fc6b23914932d3 |
| SHA512 | 14690120f86afb0ba1ba479ef62ac67ad9ef6c8e28d7a86d975b139c27c8636de0e2eb39e7de31b2409a0818b298265e23f1d519795a359d862b0fdcb68b63ba |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 09315d4c64fdcec4b910ac3108354948 |
| SHA1 | f0830fec34370f7f74b3bceb78c169e0c30565f9 |
| SHA256 | 435a60e1aaca72ceaf231643a1ee0b0e4608a259e230562620a646451bdf9e33 |
| SHA512 | f57338dfc4da679196f1dd8e4c9084979755b2e2ae38075bbc00ed9da59ef7e7ff12645c26cf089a4167a280a324780e1a3414dd14e8db3e11a21d0ac46e4c6d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ac34e2f5b42f48b42e3b4289a882c777 |
| SHA1 | ebd3f59ab083666ffbbadd8f328f73fb93caeedf |
| SHA256 | c607c7f5aa2f0d791c7c4b6fdeced66f06ef4183ef7f267f3d7bb4183cb2b31b |
| SHA512 | fef057603c17cf5c69c776c07383b2581937ac7008b6515c4cd68bed6b17f7a8a4ac7aa8bb99bd9060ca672f365c18ebb004461695d1a83937a7f1ca12570eea |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | afe8ca8ce929baa75e493fc10720da1d |
| SHA1 | b0781844f933faa253aa5d0ce26cc0b89cec550b |
| SHA256 | 195ecbdd54c48de950eb4fa6d804d94a5d82ba09c773c94e465354784efaa32c |
| SHA512 | 6b0996f6b10bc262e906a4c50b6860610f4817ea3d6ded001b8815c1ae7b01dbb372bd0b1010b248f4fd71ce8a2e0edddafd20c5d421264240f0ce64e795b8c0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | bad1c22c70abc30fbe2540bb4aadfd96 |
| SHA1 | 97ebaed8dadb2a393403926a657e89057f438628 |
| SHA256 | 5063ece240af8ce5a5b9061a5c3145422067b05334deec9da7d7a915fb1095b3 |
| SHA512 | 58c71cbaa60c8f81eb6f133e030093b7e1a3c67095afe6e1daa57cab942a61d78f78699aaf9a2e89c52d425f56dd51d8b7571ad48deaa37d8b6e83531099a336 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ee63d261fcf5b7b766ce237475719787 |
| SHA1 | bf42b030284834924b63043c7da68948527bb9d0 |
| SHA256 | 97370714cbd86c43b1693a62c1bd75a18fd33f8190d94f9488d796591c816228 |
| SHA512 | ddd39e467379a8f8d53b9118ba9e1db22470095c29d17ae27a02680667bb833dfe2fab4f1e7b7967de0fc32747496884d8dfc7d432b934d38a2d1dca4d82e6d1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 712a84451aa622f134912050cc7d1da8 |
| SHA1 | 4c5bd3e20111d203ffb4af4079ec95dc204667b0 |
| SHA256 | fdc5168af3a4e2339a30636928339388300c068c9a05a5c1a10e9508087b985f |
| SHA512 | 5d59b07233dbfb59b6907f254d90f7657a6bcd94b022fb1c0334c9712140f96174df53c2aed5f34f95b1aa2761a6fd33e8d890b781d7c84b2e9f66d7c32091fe |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2bfdb6cce97572f77cb009ee85c1b229 |
| SHA1 | 455be4ad6ab096bef30df8b34f6b8bff48346027 |
| SHA256 | 734f15e5152e43af1a0561671a521e1436b85af63a39861b13c0e2eb6e174f6b |
| SHA512 | 3c718194b61655422aeeb423fed50e1aabd504860f6d33ca129a64c07eb777ff899629e716b1d77198349c22c341a54a4accd7a39093abb24dc3f6e6e50b0423 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 99639a6d8c2a7a1c18280c8505e79ba7 |
| SHA1 | 484da95d77057d2f3ca102b7de4354a009adcaa0 |
| SHA256 | 63d6b0867a63bd1d821ff6a9658bbf7992a030d621c9e97fb2eddff884503544 |
| SHA512 | e4f003df1e7a58603b795e0fb7a2bffc6bca13fa8b013d855864523ee5b64839373bce8a511d0b4fa6b7219fdc1d0bb06d04e8faa9d2144445dce4bed4626880 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7d4fbea2de631c59d046ffc57dfc4699 |
| SHA1 | a5a60eadbcc351e7c126745e790053803dfbd7bd |
| SHA256 | 798ed11bf353cedd89f2c628dd7d8aaba38b0306602d77464b67d5231bb9af73 |
| SHA512 | 8599db0cd102e66fef3890a8a25cc5bf93786fa9776694d554f583c4a1223913911fad24ad6b211d143c7f3b747ad6296635cf1cdc7dd1065006820fa30a24f8 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\000006.dbtmp
| MD5 | aefd77f47fb84fae5ea194496b44c67a |
| SHA1 | dcfbb6a5b8d05662c4858664f81693bb7f803b82 |
| SHA256 | 4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611 |
| SHA512 | b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | f54df62b2e524338b0678da801121242 |
| SHA1 | 01ea916747f271e4ac9b38a610685b0b0509796a |
| SHA256 | 0002f4fc40a7c0e38e4e13c4b37a905ba994f78b6ad6e8b3d6400b1cf8c9a97d |
| SHA512 | aa4d26033e9a52db268d90a6eacb689fbec8989e47a4fdf81d7713a51c27f1c1bb62d5908bab7a0da81d06d0c16f0856580dc60c2a39babb58032cc735fa3ee1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8ff6b50858c66f71cdf6e5ca1ba2b4c3 |
| SHA1 | ae6bbb9ef4d45d94313f5e030df5d77292c20e88 |
| SHA256 | 2a7cc685191521c2da53a633a491f0b5bae04b2003b242625ef4826ed3b464f8 |
| SHA512 | 195b0fd2a22c4fc619d400a7949c6995c8cbd6ac3ed0ca24a883793605975c0e3b0b1585fc67f59045fbb0a3ca5e8849e2707416a30c7ebb92d28a63009a50d5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a77b4b2a6ccfd1ecd58c7d82a176be60 |
| SHA1 | 9b11c85fdde7eaeb5d942d16a0a4115c41ebfaef |
| SHA256 | fbe144bd746135473a805c7af743ec0cfd70617ee505fc025ba2bccf4ad14f5a |
| SHA512 | 7bac39ea745f658957372d2535ed9ec8039162b1d4f532a526db5b6b9c32aa959bda89c7f181444db9e1700af8ad27539324332e3ce1d51b42d3849de8e4f7ec |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | a5625b03d438e044a181fb9f970114c2 |
| SHA1 | 3eafa3ae75fb80d82abd73c3e36e6fa2aafacb60 |
| SHA256 | 625ebbfbc95eaf30742b1be8d61c2bbffc9aec5d1bcd30dfc362a48b2d39022e |
| SHA512 | fc513d72621ca336bfbd7991d678e83a4f0bf89b1e1f70aaf6ec84d116be29a5190f84035319a1db651eb30945a595a2aed7c3bb933064f5208cdf40c3888123 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 13e693ead0310840677f47d19be6de4b |
| SHA1 | 878c7b5dcf8ffe888595dfb824b4b08f832fd057 |
| SHA256 | 2c1f97ba2a317c00f0051550fd8697c91a69e0e2dc080d954122f20c7e157549 |
| SHA512 | aa303109f2329ceb23c2f9396331506dda855785d7c1be17441efd129819c6d791d4a8a0ac124a38b1f9e6c3b9646a1a57670bf98f47a71687d3c5fe89fa9ad1 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | d1016c3ce46d60757710cfc25065586c |
| SHA1 | 67cdd150e2d7edd6fe592e01db1ecdef2c0bd807 |
| SHA256 | 1f548aaa900f8acf2029a7562c4039a628f9ee731fb54abe09d650d695d3c88d |
| SHA512 | 1aef90051061cafdf1d462b2dc95fb97f6c745e2d7799c8a2bf0acba9f95637087c26f451572b792c74b39ead5421790e5a0000e0128bf7e75176f348db41419 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 8e437f2e65ca27f831d2f1f71adbf346 |
| SHA1 | 41be100c63cd8b239dd05f5537112b86970a49bd |
| SHA256 | 4ef8d04974fb1cbb29eb23e32edeee8100310265af25ed0dfd9d3edbe5d63c11 |
| SHA512 | ec6e1708e280bd86c75f21f38f049fe5942ce55b9ed16ce166bce6cf093c3a96e88360951d080b834f0d7ef51c48f40eea7056e66187a8ae18fea647faf53129 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\a7c38a15-a180-498c-bd25-dab1d7991340.tmp
| MD5 | 3d1d49f1cee997bcc7fac4d6cac5d916 |
| SHA1 | 10e8857e8c54003a212f68044810f2b9d74e73b3 |
| SHA256 | 04a65a3873b05caaba1b470b28f4804b5f716ad1cf57f02a2f040f618d89cf32 |
| SHA512 | 0451144e1455ee25dd770c5bfd5645d98b12d1e748b78257d7f716e879824beb799de01a74689c11de1d2ff847f12fbec35cad55e5a1e4b1e3aa22406322ae2b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | e30835761ed9f3918cf505f20b365874 |
| SHA1 | 72458fb86ac525f23c80b65dc235b8a84c6dd17c |
| SHA256 | 5468f9eb47ea0884bacdec2517f99e2dfd169b00a9d243004a4cccaa4edbfc96 |
| SHA512 | 9686b36e9a197cadb6528056056522dd4341738c0dac63ca22ce1a1b8b496efc9964cffbf573b942d8fb7e397d6c392fe904fe672a186efd61a84d387ef91cf5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 977bdde74eb87012fdee175ace5df486 |
| SHA1 | 9f84d1a15a666c362e867fb7223e93a5608f2c1c |
| SHA256 | 0cb0c15742fab0acd0b67b0a9885beefd4016a30328980f789bfcb8918e64304 |
| SHA512 | 3e9217ebf2b96f0d1c2bc44a0463e99a6ed214e65a42aacd1aabc072901441971c81ed010105438dd858f4f9964d73d956f078adc775aba5be0064c92b35576d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7fe24df993e598f35c61e682a97326a6 |
| SHA1 | 07847bb8b7f6c14a5e7254475fcad14a65555a7c |
| SHA256 | c9e34e3b71c17ce372379bfb216197c3ce837349372359f1e84c1f4dd0ddcbe4 |
| SHA512 | db50c1c16a5f58e269a0b3a47a2c305726f318bedd18788a9cfce3d9c0cee30c499d39a15024df926a28a42ffa50d3dd119eed6ca84aafcdb4b0a467105f9c8d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 417e9a9f487c42b0afa8f81c265fbd9d |
| SHA1 | eb41e8d21dfc2438730d0ad467f12214cbc598e0 |
| SHA256 | 0c0326c1cd596193cad5a0c80ceb01a0a60bd26d47c1f627b10d33ab4cb365e3 |
| SHA512 | 4f4db01730478349acd3546e98e4a6b0a2637bba53a5bccb244cd56ce8105bfb4101217801c919ff6c5b0cf9ca50c35dc37d9e71360bca6456866d27749ecdf5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 17dcf5509a400f5fccf95e26c73426ac |
| SHA1 | bd358e1b28bf8a2ebc9e67ccc44004c920e08854 |
| SHA256 | 87ee220e544fad27790516c50c75deb3b4d5494b1556f7eb8ca060b763af99fb |
| SHA512 | 5da3ab02c8e8d23f61f7279d0e008122abc8c45c3020cb8675e9d1051b69ef8656905aaeeea7db8db1a1b48d7daef4e21924c2eb9eaac04cc06789f879fa0d42 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 84fc4283b4455a91404ecea07f3ab75b |
| SHA1 | 1de9c18877bd938629647cadcd05443a17b48588 |
| SHA256 | 08fd6607a51c45f5601f30e6886d7af4f3387319fda6aec34a8b69e3a0e824d6 |
| SHA512 | f8fcf1eb1828ae9e2bc6f7e0a0eac4727ddedda2b6fcf52c8bcc2cf54d831f6237970af7ae929ff2283460d9b4cfbc9e5c449b0dbda80ad484277bc6e3ad3246 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0aafb401d6773fe0c745f82bf98ccb14 |
| SHA1 | 54d5cd1db4288a34b86337320c0786720516256d |
| SHA256 | e9a8bb00b141cb5606ad75037e9a71aef70dd6cbca14ab0596ad19f649c5f893 |
| SHA512 | 7d162d22c49e6d5ddee454187803b70b0412fe4cb89e556fe807d278c70aef5c20e82cd02b29c0de9be5f6f1e49775577bbc562e3bda00fb849d06e1da5a7809 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e244ea4cd9d550a5377cf1d0bc9184cd |
| SHA1 | 7444a3612588498099204ef9cf8ede6897d4c083 |
| SHA256 | 6149bcae18919507c622266133ada6864fa8197860599807893eec78342c4b33 |
| SHA512 | e11b7f37632a69eee5d80f144441e7b6c010ad838c3ced283366bc1a9beb4a0b541b63f754f9c4713e68dd3dd3f4e5d7c9e1852b4fcc9856cb9a3e2eaca09b40 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 496ade1f5db7e0d4ece82047d8e93cdf |
| SHA1 | a97cafa1585c01d001deb7935a4bc6dab6117037 |
| SHA256 | 16c6cfcd55b9c983f8ca01559179d40807f753fdf4e84fd653050415b7ea4505 |
| SHA512 | 6ae936df0581656a36a7b913fc5b967f0664e95001e852f8257dccbea918e8103b9239211d7aeb1f767b12ab0c115596136fe8cc1cb973df7a61d73672f19511 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9d399aff1629d4c454ed4c116a61a55f |
| SHA1 | dcba1d6f1156d7fd0c1fcb962888e39e29fe5640 |
| SHA256 | fc62effd125494bdd7991e4f2e1bb598de0883b26b42c3ab354fd5b09d5a2f3c |
| SHA512 | b8a8cd9791081d7cac6fb2ff6cedb5adf949f46d280c23095e87ec6445ca43d9ac2c73f887150709780334da06ac3d31eea44df8338de56b3835d5d964e1b07a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 194f9371c8123f6bdaa322e8cc009127 |
| SHA1 | 8acd05401ec316992786cb159586d5c01f337618 |
| SHA256 | e5c16d8233ee23e56485087c7d151a727d479ae33df51e89d82f41c6d892ad41 |
| SHA512 | 18b780d39f6095072f5226d753b85a2c81625b37359e4008458219f50a9ed9514f46cb9ef17a88306091c1c4fcdf973a8b7272778815bd8345b67eacc4cf6802 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-11-02 22:39
Reported
2024-11-02 22:59
Platform
win10v2004-20241007-en
Max time kernel
1150s
Max time network
1153s
Command Line
Signatures
Browser Information Discovery
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\sample.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe67f346f8,0x7ffe67f34708,0x7ffe67f34718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2088,1932829423613823967,2526769646320553799,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2080 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2088,1932829423613823967,2526769646320553799,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2244 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2088,1932829423613823967,2526769646320553799,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2692 /prefetch:8
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,1932829423613823967,2526769646320553799,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,1932829423613823967,2526769646320553799,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2088,1932829423613823967,2526769646320553799,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5088 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2088,1932829423613823967,2526769646320553799,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5088 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,1932829423613823967,2526769646320553799,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5168 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,1932829423613823967,2526769646320553799,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5184 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,1932829423613823967,2526769646320553799,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3412 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,1932829423613823967,2526769646320553799,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3408 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2088,1932829423613823967,2526769646320553799,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3140 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 209.205.72.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.214.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 76.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 150.171.27.10:443 | g.bing.com | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 57.169.31.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 228.249.119.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 212.20.149.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 81.144.22.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 23.236.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 10.28.171.150.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.179.89.13.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | a0486d6f8406d852dd805b66ff467692 |
| SHA1 | 77ba1f63142e86b21c951b808f4bc5d8ed89b571 |
| SHA256 | c0745fd195f3a51b27e4d35a626378a62935dccebefb94db404166befd68b2be |
| SHA512 | 065a62032eb799fade5fe75f390e7ab3c9442d74cb8b520d846662d144433f39b9186b3ef3db3480cd1d1d655d8f0630855ed5d6e85cf157a40c38a19375ed8a |
\??\pipe\LOCAL\crashpad_3208_NIIEFHPGWMGOQWZD
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | dc058ebc0f8181946a312f0be99ed79c |
| SHA1 | 0c6f376ed8f2d4c275336048c7c9ef9edf18bff0 |
| SHA256 | 378701e87dcff90aa092702bc299859d6ae8f7e313f773bf594f81df6f40bf6a |
| SHA512 | 36e0de64a554762b28045baebf9f71930c59d608f8d05c5faf8906d62eaf83f6d856ef1d1b38110e512fbb1a85d3e2310be11a7f679c6b5b3c62313cc7af52aa |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 4e03db2dab3045420fd60d23b9b4ab76 |
| SHA1 | 68984d8e747678438db3ad3a7771de8e4a926921 |
| SHA256 | 6471a618e65ebf546cbca2e48c3d6e854743e0507587df4bec8176fabaa62983 |
| SHA512 | 70f14c6a78cfb41d72de58efede19cf626be11d6cfac6c14128e0fc6d51ffe438c52f6c371366e0e0cf95ad9a0556bc83486320f3044742f9c69a380bb01eb58 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 18fe28d9e978c287be88b63d2ecd6be0 |
| SHA1 | be8c623278fc92aa01a80e2483e7253c00837476 |
| SHA256 | 80a794b60a0566dadd8d7dcadc5229e584ec6853a11c8f6796b07120b390f15c |
| SHA512 | 6ac789b59b5b0b78d245310d887a8fb9fb8cc6899aa8c4930784305aa121b445f093db076f7d346bf114878fc1b832bc7ec9b263d57214ea75f080b347962660 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | d1df4c6aaef6a63d5657dcb6cbd5e0c0 |
| SHA1 | 733f414c62a1fbdeb7ccf682ddebf4608d30ce43 |
| SHA256 | 3a7ba984507aa8304fc4fae2a014077281679cbc6482677343ca2b141d8aa612 |
| SHA512 | 70f6ce43984a3b3efcb3ffec61135373cb4752596e22bec0df35798b48d352102a0bdde580a18a57636249c9b7c7ee969831791076abf22306bd66633c566ed2 |