Malware Analysis Report

2025-04-03 13:54

Sample ID 241109-2eybfstenf
Target 3c5c5cac86b243b43abebf10ba60e8c8d96b535c2f381d5ff0701259d8a7ffefN
SHA256 3c5c5cac86b243b43abebf10ba60e8c8d96b535c2f381d5ff0701259d8a7ffef
Tags
discovery
score
6/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
6/10

SHA256

3c5c5cac86b243b43abebf10ba60e8c8d96b535c2f381d5ff0701259d8a7ffef

Threat Level: Shows suspicious behavior

The file 3c5c5cac86b243b43abebf10ba60e8c8d96b535c2f381d5ff0701259d8a7ffefN was found to be: Shows suspicious behavior.

Malicious Activity Summary

discovery

Looks up external IP address via web service

System Location Discovery: System Language Discovery

Browser Information Discovery

Modifies Internet Explorer settings

Suspicious use of FindShellTrayWindow

Enumerates system info in registry

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

Suspicious behavior: EnumeratesProcesses

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of SendNotifyMessage

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-11-09 22:30

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-11-09 22:30

Reported

2024-11-09 22:32

Platform

win7-20240903-en

Max time kernel

67s

Max time network

68s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\3c5c5cac86b243b43abebf10ba60e8c8d96b535c2f381d5ff0701259d8a7ffefN.html

Signatures

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{33F9B751-9EEA-11EF-848B-7694D31B45CA} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "437353288" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 900c9409f732db01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000045c0dde48c11474f81d9a2c02be4ea220000000002000000000010660000000100002000000057c727257b4d1885cf95cd2f2c4a7db7dd2a178d73a01b16a854e08fde8491f9000000000e800000000200002000000065f73b14c817d34c4bb0bda98ea5875745df4152559ef13b3951c590868151b090000000e91d34f97617129c9819fa428e45a3aede82bb89ff9b36ddc89163edf33d5ed573188b83870565b4a1132f305839fc2acb24f325158d882d4f531bbbb29317aa3195e8381e3a25262c345a70966dacab234f6763b675aafe020f791bbcad4dd80a9e3faf94acc24c881da8715c45fa585408afb377a75b2b1a90f130d0e0585411d30dd12755c76cfc81c2bf1219756c400000007e654b184b02b2d1130943c9b9dfbcd52aa5e9ea921a7ad50b24dc6ff88ee3a6fcf2b5127827f82d22d4cd03fc8c370f52f30f1fe3eebd1b2970fc5f6766377c C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000045c0dde48c11474f81d9a2c02be4ea2200000000020000000000106600000001000020000000c307f03a0c51e88de557cd2a6634e5c185adfbdbaff337d9969e5bf58cfbc924000000000e800000000200002000000047d6788f35fe2bc7253e7eebcbecb8381fcfe3937452ddafef87d045e742b56b200000004839d99eaa68a0758455951f5926119521d1b0ad7e3eacccdabe41d84652f69e400000001ac33ffe29b19b12a30930d4606e63e8089865793842c8ea86e443d24132192eb51ca0b54c1e1bd22bedc5935e4f47a99c237a9eb928f25274c5619b86ba2d0a C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\3c5c5cac86b243b43abebf10ba60e8c8d96b535c2f381d5ff0701259d8a7ffefN.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2300 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 blogger.googleusercontent.com udp
US 8.8.8.8:53 ajax.googleapis.com udp
US 8.8.8.8:53 img6.thuthuatphanmem.vn udp
US 8.8.8.8:53 www.blogger.com udp
US 8.8.8.8:53 maxcdn.bootstrapcdn.com udp
GB 142.250.187.202:443 ajax.googleapis.com tcp
GB 216.58.213.1:443 blogger.googleusercontent.com tcp
GB 142.250.187.202:443 ajax.googleapis.com tcp
US 104.18.10.207:443 maxcdn.bootstrapcdn.com tcp
GB 216.58.213.1:443 blogger.googleusercontent.com tcp
US 104.18.10.207:443 maxcdn.bootstrapcdn.com tcp
GB 142.250.178.9:443 www.blogger.com tcp
GB 142.250.178.9:443 www.blogger.com tcp
VN 103.82.21.90:443 img6.thuthuatphanmem.vn tcp
VN 103.82.21.90:443 img6.thuthuatphanmem.vn tcp
US 8.8.8.8:53 c.pki.goog udp
US 8.8.8.8:53 c.pki.goog udp
GB 142.250.187.195:80 c.pki.goog tcp
GB 142.250.187.195:80 c.pki.goog tcp
GB 142.250.187.195:80 c.pki.goog tcp
GB 142.250.187.195:80 c.pki.goog tcp
GB 142.250.187.195:80 c.pki.goog tcp
GB 142.250.187.195:80 c.pki.goog tcp
GB 142.250.187.195:80 c.pki.goog tcp
GB 142.250.187.195:80 c.pki.goog tcp
GB 142.250.187.195:80 c.pki.goog tcp
US 8.8.8.8:53 o.pki.goog udp
GB 142.250.187.227:80 o.pki.goog tcp
GB 142.250.187.227:80 o.pki.goog tcp
GB 142.250.187.227:80 o.pki.goog tcp
GB 142.250.187.227:80 o.pki.goog tcp
GB 142.250.187.227:80 o.pki.goog tcp
GB 142.250.187.227:80 o.pki.goog tcp
GB 142.250.187.227:80 o.pki.goog tcp
GB 142.250.187.227:80 o.pki.goog tcp
US 8.8.8.8:53 crl.microsoft.com udp
GB 2.19.117.22:80 crl.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 204.79.197.200:443 ieonline.microsoft.com tcp

Files

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 609f23b3d5625fc9cd529dc19e98d260
SHA1 fa76380f6e4c2493ddb8a9d78492548ee4113a1b
SHA256 a956f90c903bc66d6251010c73f5c28a6ea22ec227941e13e5607735c7babff3
SHA512 9c85f7b84cce9bff8c9e6aea823d35a47d7622609d28d0b375e8b106635fb89bafdb9f446f2248e6dd30913a023b102e84843f306d4ded110c59c36f73ee6839

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 2c1d922733d76606a06523e4e60cf07a
SHA1 5ccf1e159fa4d295bae011b41023f9b27ebbb728
SHA256 561e2a21f0db2a385befb2e666f070278772bbe332b44f23e1204693cdec7c30
SHA512 109ef0edd73d8fcf01eb7558162cb0a1f07e45179e8a8a62fb237f668a0bce8c485ed70a6e81adf0d2182f37b9afbc97c64749a7fa5033c07a315d436516088d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 cf34c53e5019a77091a3606b944b5a94
SHA1 36d796d59c8cd90efa7a8da11e2932aa028aba7f
SHA256 fbe40dad9bdd05aa6d1c529cf9b4bc445874c7dc9225ac58b8a1ca6f51ef09df
SHA512 2deefbd5b74757cb04209a84d27e44d4cc776233eccc837ea6cdb5dbaef35da7428279ee3f5a39b4a93936e3ced157cdb5a6392409346cb26d1ddaf465af7355

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\05DDC6AA91765AACACDB0A5F96DF8199

MD5 0ec6fc9c0f3270764fcc525d7eae3151
SHA1 5b5aabee9d2931d8b52b765d1a70cd6ca26c7836
SHA256 6b2533f50600c0c16cf0466588ddb4a666d98666189620c609587d21f51fbb9c
SHA512 f15c199ea1a698b2933c57dcadeff168aea3aedeba50ac393ef6697aa18793eb33793d6fa0948788c4681bbd3c822d2439680bad71eca329b8d7fc8366bc4047

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\05DDC6AA91765AACACDB0A5F96DF8199

MD5 e935bc5762068caf3e24a2683b1b8a88
SHA1 82b70eb774c0756837fe8d7acbfeec05ecbf5463
SHA256 a8accfcfeb51bd73df23b91f4d89ff1a9eb7438ef5b12e8afda1a6ff1769e89d
SHA512 bed4f6f5357b37662623f1f8afed1a3ebf3810630b2206a0292052a2e754af9dcfe34ee15c289e3d797a8f33330e47c14cbefbc702f74028557ace29bf855f9e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\05DDC6AA91765AACACDB0A5F96DF8199

MD5 b6760cf16e43feabf8af7c6cd5582435
SHA1 ec97a951dec4f226be49d61bf4fb005c4ba60923
SHA256 4a847389684d83df7dbb8eaf15d07ce2c4c6c4f2ee24c58670926d89280656c8
SHA512 3527768657ff71d95c7420bf9ae84c3e8760d11ca117f9a5ecd5cdf28a2683b66794d4969c00380f68d07d8a10897417383400b5f425296313e1a9500cc954c2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c6e62941457bb35d49092a992e11887d
SHA1 8b683558b8490752ca79df21462b5026564c987f
SHA256 54356beb06669bc1294cd4a523caac673d2e7c894db9c4df49ebdb337ed1ae8c
SHA512 2f7e2f8f2401eef541aad227943d4e674ba6b67bd516c7f40cb425a0615ced20f80dc9732c324a86bc0aaa1e079ccf47f3adf6b3cd88f79de99ee1c9c552489c

C:\Users\Admin\AppData\Local\Temp\Cab8181.tmp

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\Local\Temp\Tar8183.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6e6536a179d0cd1afe85faef70f42a36
SHA1 21130fdc7d17e40cf3434d30d5b0e931cbc270de
SHA256 8ced1a682518c893160c68079a4a5991587a2d0babb72b7c4d2702e71c745529
SHA512 1be7e062be92a6356a34e397a586faae884d42c01175df7e138dce418d9ed8ceb937a00d1f9b33a2b217c75ca1681216755d5ba0ef16985910d3740715dca842

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ef02bff25302534b79ba73cee7713149
SHA1 7ea2a57d04924a360e77da1665a1154f484fe505
SHA256 8d91a5d26fcf5259e3b6fb0e9190f8783ed933decea2e0226b60b72a8ef34be1
SHA512 f2c7030a406548802ff88c237765fa98e1f11070b0fbc12526b39849e8e526b3b0d8985d2c69dd267deb851030ab71eb7a2c866dee7f1363f8883c1bf94f4c6f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 234fb55d95e48cebe35695dd1794a98b
SHA1 ea3293f216893668ef784282bb7fbf6ccbd70dee
SHA256 da9e266ec0239907a8c3b19978048a075ddeb691c5af5560418c9020512f7080
SHA512 84037dd7c7387822627294434285e3dd909a6bd9b95de7d0d64c8f901e059daa42f5e63af423b44ddf58222835424a4aa9bf27e40ad606f5f2ff488273156a1b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e446f4a69ee69396f3ab87c4bb74c733
SHA1 59d6526ea367889faf25785c0510c5ffd4d63a0d
SHA256 ce276390cdb6aa010a0f525280f12cb174ad1bc0e21c9757607579dfe0b0b0d2
SHA512 392f3fdef80ce92ca9c5eb8420032bff98f84c383fdf8c39608a7ee928524c441bce4f5b7f650c23af082322a596ac44d3804f10245aa878ccb5460e3c885f30

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f6dcf2706c52e1464ca9f6ae6fb34b4a
SHA1 6d963ff2940b685660f86cf10bd5f53332a7c687
SHA256 068ea12e2981495c5dedb88e8f0027434c9a0856cc4de46a5fb087cbb5803004
SHA512 1f824b9974971498ead203f39e7d908d0699686a2b8e56a8c8a92895e747050502064964e705ace683a4c07ec6e7225212e22a12d3b02d6cf5ee13380756798e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 fc988ab606d31a6bc691cf272a2acbfb
SHA1 e5f58ccb7d8185d88162af0fa1aad1a6a1938494
SHA256 3f35af41c473645858d1c73f8ac1c341c311634030168677f14d756ba5e76b76
SHA512 3253bca6c6250b2bae525f3037a40d3138a2589717d4fa83f00e3fcd6291f9a7b625f3c47272d86630b88c32781d49d740e1005f3d932f217869d7ed2c262126

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0965567616c2ac966b0f1f9daf946144
SHA1 ca5d087ded07e510cadd6c76eb7cee81377145da
SHA256 c2af1934220e9d6018cdbf993a3f3697d14d2fee29b8ee23752006af201d19a5
SHA512 51fedcb5305d6e9bb686e2192ff41b8ef4dc04c30ba6d94781f4a28e2e3bdd1d78ff1879d1c5cb07ddfc9f1b188bf0a756bc580d654c8aa641232bff157a2f37

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3c1ba1cc075d9d0c3efb43fee58365a3
SHA1 532ea3f94c790509de5ced4fda06dfe3b33846a6
SHA256 0952eb1b290a2c34c611f2ef14abc738f402564fcd9b69ae820ff63d0f8b9294
SHA512 662f7e205bdd476c8743fccee3e0144fd4715df0e227314326438f1c08d90ceff3af8638c4175aecf5b46aa9d334fa829a9668d60a4fc9a52dee9e107543b694

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3a9e5ccbbac832e126455b2e7198203d
SHA1 a6340b91ab96a6d5b3028b96e9fa6653fe57e83a
SHA256 8b5cbdb47c30050246bb52a53c9ab2e1c86326e80fb19f8b93b286a8b76e2f6b
SHA512 e0ad257edf8aebe59aa2cfbaec64e8c9a94114c2f830a4b698e0feae674731243d5c76f9040f7c53079f1752c8703b33a03c87a8aa03e5fb45eac7c8d5e6168b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 212f0b4c1ac7abda478eff50eaace75e
SHA1 cb980553a1d34dc4148ca17b89b0b6d97e01cac8
SHA256 c8d236d0e5dff8f8cba15f1b62e4c4dcaa3c24215c68bd0b4ffb1b10b3dd0ccb
SHA512 6af0d9bfeceb02e4d984c2992fc84bbd1a5fdcc6604e18cdbc3dc90369543a88bb2f330c9ba5d84d632c92edf5d6a5c1635039e5707b33c8ed808ffe83200183

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 18bd061079ff77850ecd0a7e68f1da49
SHA1 30ce40fd7405b149b8ebcf94c2869ce886ad9e98
SHA256 a4264aeaa772ebf5e2cb4d564f95253b96abacf578e375a5a56c843c87f6bdd4
SHA512 7aaeb6fa2cbcddcc4167cc7ffe5f614c4815b66871bc1cdf5be05177aaec935a873d25fb921210d526f54eb1e4ae5e8d99e3fe8bc207aff2efa57cd3acbaf653

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 a266bb7dcc38a562631361bbf61dd11b
SHA1 3b1efd3a66ea28b16697394703a72ca340a05bd5
SHA256 df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e
SHA512 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 79057bba5b2d8c1d1faf9d277896e786
SHA1 c1342d741a7deedeb2b7645541e335c668ed6dc2
SHA256 60a6cb472d52d12cce3ad9a494017452c1e8c9918e7d3ed541e0a5b1b90627f9
SHA512 bb211bae2dd413d8d8b79472b05f2534f03cd2d2a067e0175332b95087414b9204b96bf4dbb0ff0c8bac21cf65a028f170dd66c62d5ad02460b5005fe2c572f7

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c70d7fcfc6affa8ce69f31719087503f
SHA1 5ebc3ace44e2319b0501ef4f1d6c3f1a77dec9e4
SHA256 d6b10d660468b6742eb5455479f3a18117c3cbdaa282b84a15338d8976f3bb6a
SHA512 da0cbd2de2995cd28f682ca60bab433ef184eff5340e0d4a33c8f51d68ece1681ee24840ab35b6117189401b81113e20876f8d5735b219235b540bcfef4ba4f4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c797c69a8b83eb34f062924168af2f70
SHA1 cee1aa268ccda96b5631006cdd9378e244ae8322
SHA256 afad9157a8eabec5d953b89a4a82d0008bb82bac8bbb49b988441a55df6f0749
SHA512 f5572071ef81bba113782bd57db16e57713d5a1bd371e43eccfe32409e882caa4c1ecb521d44273c820366d888d9881594b8282c75300f55d3f524558cfbfb20

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8497f445f1409958f1a03d5b63dd644e
SHA1 6c84428ae71a252b7a5c6a40b7fb5b6213341651
SHA256 0045242c176211190c37352f820c273c8e61cdc1f2a21d3d3eb2ad797f3770c0
SHA512 ede4c859cc56ab957a57adff3ef5e545d5701a05f3ca2dbe016c04dfe27b736a5a8fc830b416273b949831e2015723d0af317978201f4a7f9aa66969cb85050c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 85d618066d27230480db491ed4a9bcec
SHA1 88f00343e3145f5aba131be8ab3b434959144b55
SHA256 727f38be9122dfa919ad67855604a3806a5ac54b6499bc3ad75d02ff0b6cc309
SHA512 c7af33e787bd444a3a7ae108ffea1581c2c57464bbed5d5b4fbafb8a2bc4370f444b583ead20aeef053eeddf940b239c844db3980f2d1b1c5c3257f3bfef4caa

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 e4a68ac854ac5242460afd72481b2a44
SHA1 df3c24f9bfd666761b268073fe06d1cc8d4f82a4
SHA256 cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f
SHA512 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 656bc68580785af9c9d0c6b9e7b28515
SHA1 fa51022dcc8e3b5c09b3467ae34fe6b05bc7db05
SHA256 2869ee8fc07a72a7720899a4abd479d23e72fbe49d4847930efe33ca8ae0ee63
SHA512 146543da6e1eb05bc228d392a49e68078a44efb4dd54f14f4d6b1b7207f28a7fc1bb9b7f26f8daa880d4845c3d8044c0a797a831131c16880e4a8b74657345a2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6860245773a4535cd7af62568862ae1e
SHA1 50100951f03b9915217db69cdda0d6a939861de1
SHA256 868fe0abd1f5409db4821a321c3ac0b11d0ec920be0b476e54bd60b7bf54f3e2
SHA512 a7e554ab102183421850aa4ca738eb544b449abaf6bba3e06f82365012e9feca7dd2a35baa56f968296cf5d346f83fb8bdc65f7f99d1021881e5d0bf6fc991a1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7b7d58d499d9a81895cb3f3ed6f50886
SHA1 fa6a1b93899252fc0595435ec259ef097b6b60f1
SHA256 2d688a47e927c7cddf15a0c0da12e50be64797327d47722a9852d50d05157eeb
SHA512 b0f534aabf9087e8ae5d2903b68ccc1575b176f627d7caec40edfc3f48a8345c4db3a1f0d872baf8d2a7e414747521ba228caa011928d5b98fcba06118a09ecb

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 41dd2de7fe7f73521be957e8147efcac
SHA1 cdcb4f363e03e11668d5019ca434e5611180ce76
SHA256 efa45cd2acc7dfa8d41f77be51eaad9dee1ca0cc369b1e9369861452d9be1ea8
SHA512 41453b4d30780353480d0cfec88c36d95f10afc9f8ed033c4f273a379572c5083c1a850a35ded8732e4c621e7a25979b70e90e66b8a376fe045e2aaa4625c386

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f9b940f45c0a5291bdb92b7ead06d573
SHA1 b0a402872d7b340acd2c9b4f39611118dc07a5d0
SHA256 cf46ce0b4ad2bc947d3c02282fe0350da2d3e531f5ba561186ea8109dc4e2a3f
SHA512 b1aaa26f175fe3073e170df4719fe5d57fa6c08b6f9a7d994b994b264d5cc9337e4f0981cbff06728aefa6f6c9ea7c76a152f97ca69484068c83ab0d6d2e38a1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 af0616f843a715ce37fbdf0b33140662
SHA1 950c52345d7396464eb6e95b18507639a7260b0c
SHA256 7dd7f710807e09590e9fbebfb422c4051fe783fffb3eab355b43601b172b9d27
SHA512 9613470f37e44178eed5d458102ccb5a337833039804f71f7f46636e7eb2aad09dbc17c686edc22b1e07ef12218fdaf9207f77ae9db2be40dd96d048e9e50238

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8ff9960ae2428207a67c24402c366193
SHA1 84fb9be52ca3345c0288e53c6f5d6d0534f96ed5
SHA256 439c110677b9f1135a7f6c2127a46938695c7fd9fb61af48352fc99e3785ff9a
SHA512 0a834cb46cc852ade8b5e1b2fe36ae7224e4217a8bfb3ebb64a541b6e75e5037711c6f69f468f7f1efc15d30e65ef9f05a56f71f4aac5e569ff30237042f76d3

Analysis: behavioral2

Detonation Overview

Submitted

2024-11-09 22:30

Reported

2024-11-09 22:32

Platform

win10v2004-20241007-en

Max time kernel

112s

Max time network

97s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\3c5c5cac86b243b43abebf10ba60e8c8d96b535c2f381d5ff0701259d8a7ffefN.html

Signatures

Looks up external IP address via web service

Description Indicator Process Target
N/A ipinfo.io N/A N/A
N/A ipinfo.io N/A N/A

Browser Information Discovery

discovery

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4676 wrote to memory of 4256 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4676 wrote to memory of 4256 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4676 wrote to memory of 516 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4676 wrote to memory of 516 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4676 wrote to memory of 516 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4676 wrote to memory of 516 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4676 wrote to memory of 516 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4676 wrote to memory of 516 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4676 wrote to memory of 516 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4676 wrote to memory of 516 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4676 wrote to memory of 516 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4676 wrote to memory of 516 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4676 wrote to memory of 516 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4676 wrote to memory of 516 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4676 wrote to memory of 516 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4676 wrote to memory of 516 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4676 wrote to memory of 516 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4676 wrote to memory of 516 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4676 wrote to memory of 516 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4676 wrote to memory of 516 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4676 wrote to memory of 516 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4676 wrote to memory of 516 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4676 wrote to memory of 516 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4676 wrote to memory of 516 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4676 wrote to memory of 516 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4676 wrote to memory of 516 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4676 wrote to memory of 516 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4676 wrote to memory of 516 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4676 wrote to memory of 516 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4676 wrote to memory of 516 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4676 wrote to memory of 516 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4676 wrote to memory of 516 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4676 wrote to memory of 516 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4676 wrote to memory of 516 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4676 wrote to memory of 516 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4676 wrote to memory of 516 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4676 wrote to memory of 516 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4676 wrote to memory of 516 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4676 wrote to memory of 516 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4676 wrote to memory of 516 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4676 wrote to memory of 516 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4676 wrote to memory of 516 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4676 wrote to memory of 2796 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4676 wrote to memory of 2796 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4676 wrote to memory of 4548 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4676 wrote to memory of 4548 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4676 wrote to memory of 4548 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4676 wrote to memory of 4548 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4676 wrote to memory of 4548 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4676 wrote to memory of 4548 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4676 wrote to memory of 4548 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4676 wrote to memory of 4548 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4676 wrote to memory of 4548 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4676 wrote to memory of 4548 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4676 wrote to memory of 4548 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4676 wrote to memory of 4548 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4676 wrote to memory of 4548 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4676 wrote to memory of 4548 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4676 wrote to memory of 4548 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4676 wrote to memory of 4548 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4676 wrote to memory of 4548 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4676 wrote to memory of 4548 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4676 wrote to memory of 4548 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4676 wrote to memory of 4548 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\3c5c5cac86b243b43abebf10ba60e8c8d96b535c2f381d5ff0701259d8a7ffefN.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffdcccc46f8,0x7ffdcccc4708,0x7ffdcccc4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2128,4705093130576987313,12997270697194827866,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2156 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2128,4705093130576987313,12997270697194827866,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2208 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2128,4705093130576987313,12997270697194827866,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2776 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,4705093130576987313,12997270697194827866,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,4705093130576987313,12997270697194827866,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3292 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2128,4705093130576987313,12997270697194827866,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5152 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2128,4705093130576987313,12997270697194827866,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5152 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,4705093130576987313,12997270697194827866,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5228 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,4705093130576987313,12997270697194827866,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5244 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,4705093130576987313,12997270697194827866,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5624 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,4705093130576987313,12997270697194827866,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3496 /prefetch:1

Network

Country Destination Domain Proto
US 8.8.8.8:53 www.blogger.com udp
GB 142.250.178.9:443 www.blogger.com tcp
GB 142.250.178.9:443 www.blogger.com udp
US 8.8.8.8:53 maxcdn.bootstrapcdn.com udp
US 8.8.8.8:53 ajax.googleapis.com udp
US 8.8.8.8:53 img6.thuthuatphanmem.vn udp
US 8.8.8.8:53 blogger.googleusercontent.com udp
US 104.18.11.207:443 maxcdn.bootstrapcdn.com tcp
US 104.18.11.207:443 maxcdn.bootstrapcdn.com tcp
VN 103.82.21.90:443 img6.thuthuatphanmem.vn tcp
GB 142.250.179.234:443 ajax.googleapis.com tcp
GB 216.58.213.1:443 blogger.googleusercontent.com tcp
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 133.211.185.52.in-addr.arpa udp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp
US 8.8.8.8:53 68.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 9.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 200.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
VN 103.82.21.90:443 img6.thuthuatphanmem.vn tcp
US 8.8.8.8:53 207.11.18.104.in-addr.arpa udp
US 8.8.8.8:53 1.213.58.216.in-addr.arpa udp
US 8.8.8.8:53 234.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 ipinfo.io udp
US 34.117.59.81:443 ipinfo.io tcp
US 8.8.8.8:53 238.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 81.59.117.34.in-addr.arpa udp
US 8.8.8.8:53 90.21.82.103.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 53.210.109.20.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 68.209.201.84.in-addr.arpa udp
US 8.8.8.8:53 48.229.111.52.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 a0486d6f8406d852dd805b66ff467692
SHA1 77ba1f63142e86b21c951b808f4bc5d8ed89b571
SHA256 c0745fd195f3a51b27e4d35a626378a62935dccebefb94db404166befd68b2be
SHA512 065a62032eb799fade5fe75f390e7ab3c9442d74cb8b520d846662d144433f39b9186b3ef3db3480cd1d1d655d8f0630855ed5d6e85cf157a40c38a19375ed8a

\??\pipe\LOCAL\crashpad_4676_CHZSAYBODOZGLCLA

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 dc058ebc0f8181946a312f0be99ed79c
SHA1 0c6f376ed8f2d4c275336048c7c9ef9edf18bff0
SHA256 378701e87dcff90aa092702bc299859d6ae8f7e313f773bf594f81df6f40bf6a
SHA512 36e0de64a554762b28045baebf9f71930c59d608f8d05c5faf8906d62eaf83f6d856ef1d1b38110e512fbb1a85d3e2310be11a7f679c6b5b3c62313cc7af52aa

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 e6d14408d6fb3263479762aed0c24f08
SHA1 728c4cb23e732299895b5572d74b0dfbb95d9ba7
SHA256 daa3db3fe5921b74782c932db9a651c9a43664a8c94043206b851a6fe9a6c472
SHA512 7f9daef219291fe59308222dbfe65417e223bf66e1978a90d337648678274fd333aebd32d6b9c4843d4f7b6d77b9db20d0cbfa402cab47a605df3033d8d257c4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 c54d0c3ac510883726b6659aed1f7377
SHA1 b36d37e69f4b19656f3a2893a076bb4589a20eef
SHA256 f8287a84bbe5512679a9f8c79ff33ba6c41954e2f2372e59e69b0dbd9cb7cb52
SHA512 b64cf98fbab149d97a4b839607520026ec4266424119bba053e708d2eb1eb91afb35c611bc24e8f1c8d8340afb7dc0eb7473abd35c52edafbdb73ec5fd91472a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 353bac4ec1f2357b15ab6cb494cc77e2
SHA1 e3b683df0234553a84946e04476c332d19171673
SHA256 e57dac023faed942dc07c1caab5f6928d993a6804e80677744363edf51d383ec
SHA512 bb495e68605ff44d8d1d1d6cf4acec7b8cad2068a2eb181c2296b9bb368be041c81064d31cff87cf08d2de43ef3ac24f6ea5f95caa436f2861102adc3294a41d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 6d549f712cca06770698f52c35da7710
SHA1 fe4ffdb9c1d5e4577d4913f0b20a5f6013ab5ac1
SHA256 d5958d15e732f433bf668cc6d19c4748c2a423213367e15deb57dc797a61f352
SHA512 6cd75ca389a8f550c34a86a717d42b7e1d7a1fd2811e2e98f1269f9c848b6ea75077399bc526550fa2219c35de27558062b45483e8a47a70a13b0314f31a4945