Malware Analysis Report

2025-04-03 19:10

Sample ID 241121-kjhywszdqh
Target keystone-2_v2.0.4.zip
SHA256 933f41c4bedba7e39a2dba6bc25fe3eaedafd9e01e800381fed0d111a24b050e
Tags
discovery antivm execution
score
4/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral12

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral26

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral32

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral7

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral9

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral16

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral22

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral31

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral13

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral14

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral28

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral5

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral6

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral15

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral20

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral25

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral8

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral10

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral19

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral24

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral17

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral23

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral29

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral4

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral18

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral21

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral27

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral11

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral30

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
4/10

SHA256

933f41c4bedba7e39a2dba6bc25fe3eaedafd9e01e800381fed0d111a24b050e

Threat Level: Likely benign

The file keystone-2_v2.0.4.zip was found to be: Likely benign.

Malicious Activity Summary

discovery antivm execution

Checks CPU configuration

Reads CPU attributes

Reads runtime system information

Enumerates kernel/hardware configuration

Browser Information Discovery

Command and Scripting Interpreter: JavaScript

System Location Discovery: System Language Discovery

Command and Scripting Interpreter: JavaScript

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Modifies Internet Explorer settings

Suspicious use of FindShellTrayWindow

Suspicious use of SendNotifyMessage

Enumerates system info in registry

Suspicious behavior: EnumeratesProcesses

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-11-21 08:37

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-11-21 08:37

Reported

2024-11-21 08:40

Platform

win7-20240903-en

Max time kernel

133s

Max time network

129s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\custom\about.html

Signatures

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000303eef0e2cd1a9499efdd285a56ddc50000000000200000000001066000000010000200000007c02e5c7a08e820aa08cb8ad5b8533766d97504023f00938d77277852221a7c3000000000e8000000002000020000000cbd16343175a58fa4249de1f7cb78522bc14eef9f4128f136cd0cf71410c770f90000000c2450853a5ae3da43f6216fea351401532872989421725eaf6a398f63c49ea473793bc49d05f44812fcb96a294a53915f72710b04c703c2f6f5f59727fe8453e6272c3dbee3148fb96369271172c4494e457d364815b2af004c82119aca981d3cb3fee0007a7098c5c7bffe890266b87d3fef04c24ad90d50c663480d3fc78c5eac9d3cc7257e4c7ed20af61a21b4ffa400000008ec28f288189d6e0a024bbb215b990f4ce805af4b4612654d9b1cd5965eac9f2824d1c2fbfb5c1569db1c5bd41b1334b259835cb6eb6b7ca8f958766a29060c7 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 707116b8f03bdb01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "438340136" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{E3696A31-A7E3-11EF-AE85-F245C6AC432F} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000303eef0e2cd1a9499efdd285a56ddc5000000000020000000000106600000001000020000000945f829a14dc8ba1f91a3ab04acd090565203f6de81a7c2598cb46dd5bea6b4f000000000e8000000002000020000000de916a8c7e63876a746ce174fa8d1ab3103476ecd95ab0dec5d40a303123c3712000000047964eae9be5df74ca4b77e1e92c7b6f6e8170a17389acecc5829f731ae82e1440000000242cbb3de0d30474d60e0dd4dc732d5fca7af165db5c6b65639d0fd5b0be7488fb866386825d7ce1f24eccfc3a62a02a3f5b70a76af7237959d950fa875882ec C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\custom\about.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2900 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp

Files

C:\Users\Admin\AppData\Local\Temp\Cab7BC8.tmp

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\Local\Temp\Tar7C19.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0cd14fdebc5e4bbc322868d826da5d4b
SHA1 098ca1fe3acc91450b2b248d2cf33d0536c600a0
SHA256 ae5b0d229fc8d6515ca719dafbe6f0385cedd92c80d923184695d410f6428d7f
SHA512 6560efc3d18857bd211ee1d6d1e2b72945e60be06dcebf2aa9421a56317c8142ec31569512ab36e249d9b75ffabfb04496a6e0d6e0ded846e22324c644145ecb

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 28ab109f8acf16f31bfdaa33b7dc25f0
SHA1 4f39d2f67857d31c04ea4e2347d47f9dc95d02d7
SHA256 3646beb640036afa0e996b6f4cdbe1903b678c33ea94658eec226edd10251355
SHA512 20cb82b038a12980dca91a1a2eedc6658e805b47e32e8485ad2e7e3d14309d0f2f87c81017106cb88719500ac1ed7bc78a1bec30ebe7e5ced9c1e395b4735972

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0707de891c7ebf4a70189545125aec61
SHA1 842516c25cb581416d43ae6f1e6cf125419306e8
SHA256 061c2cbcf8885612271260e6359d5cb369306c481ca127db9e468fdc89fd77d5
SHA512 dbe864bafef61de094773039aeb1d6e3388494b597a870e203d3de8196dd1a112d84bd356823dd1ec153696f70f1429bd9204782d2724c10e8e54d5308dc7a88

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 90dc70f52b2c6c2f7aff8060909b59e6
SHA1 3dcd4e2c31892caf21edfc85a818ace8d58c29c8
SHA256 e4768b76eee3f7e294c71954e2e60b84f8957dcbe7f77732abaac390ec468805
SHA512 8c451c83c3979346c6287eca2e6aa81c2eb5f5c2f3cca874dfb51702fd5e1cdc720fccb78761d47c45be5839bae9b78d01b5bbe1e46eaec4a5f150fc98273c15

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b7be431d0edc6ddc19c34f7d13aaf725
SHA1 0fd52b75e2be445b4f366a7c059770ee68540e46
SHA256 ef18b128c8cbe93c4471898407bf6cd6a28abb985ca981270c0af11703b45de6
SHA512 cd5fe303926ecec7818d805ef3908d04343d143aefe8c0bd7c51c71abf88048166bb71443da88fbbd1089ff2e9f23a9db303d1289ee392ececacaff379f9ed30

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 02cf353311c07d2bb4cef3510e8158dd
SHA1 ed89e1349b43c46217fbc08e4abb0b698f6dd847
SHA256 8954b6b667b4ba2febd42a4aa4f475d3847575af72b8f473db8aa16c64eacaf5
SHA512 122efb2bc709b4404baf7340af099a4442f5feff2d2622536b3031165c43965daf3cd8f9e3720a021d855069d3e8b2f0f7d838ed53691454740e9b5fbf631ec1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0bcdd9f4b02b256b871b7c7b75b1acf8
SHA1 2b04e010d30fe447cbd5be74ceb02aaedc7d4325
SHA256 ccfb231e917e4336fa9decf22618ee7bcb94b3c2a4984dae75dbd509f3563ed4
SHA512 a4f3c246dcf74ac79bc8c81fbe905a5cd43aac280e09a92f04f80d85990bb36cb7f50b7199b75ebc0329c0376994cbb615e11ac2fbdd5aa458e8573ff6efe965

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ed9409e6ede2227efd1a64075f1a2b99
SHA1 f7f9ffa835b731917dc6445a7018f34799ea902a
SHA256 748de0c4d658a0fbbd0411f873609a11d0a924efeda37554acedf3c49b24b527
SHA512 25c458f08c21349b186e34c1c2e5911e45116d6b8dc4cc2393e9f5ded2bcf7dab70323666746032568bf8f3591d81198d3b955d0f2056213b114a30c0c25d3e4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9771191a0791797edad206335b248e2a
SHA1 e4e992ed488d8a44fdb4b064649079380778843f
SHA256 f9ffb5f8be7234c38b64eceaca58721a26a160a1ab2ad9a71a4979887f9db1cc
SHA512 e281ff32b65c6c4e6ebb1233b3587d138f1b95f87bc067775bf56fafe7e4a41a95211da34151e88816ee649418c7b5c69b63e1e2dbef8f94783e5b9f57200fc7

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e148e995351c8e3e612f6b85a89bf6a4
SHA1 e804e7b2b2e808b5aa5f5648c192a838287c42bf
SHA256 bb55af20ae7433f82cc96aeb8aa565fb26b83cd47576a56ec9c41460ccf5b197
SHA512 717adab05274becbc6b03c25c5a4ffaad44a6c88ef9bca2cc99ea8121f165479fe1a9626d393143704abe3c1cb57381c3474953a17edac198dc6d1585194b57a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 cc4e49124fd0d96bc79f6f9480000254
SHA1 7b85e567263265aad354564bf93f195265895c4f
SHA256 f276e76f2e674f4d168363fe0f27c27e3a6b2362e2887640dc1f9843db7273af
SHA512 44a1b0c2a5c981898ce04c458a9d9c16012252c533bd27dc37fba543ae35d8c575b594344a9403b513e806a2d327564405bf118325353159c1b2b409f0d052cf

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2812a22e30b160847dd3769412be21cc
SHA1 689e0f98e1997b7d806097f241576429683f24f5
SHA256 0f3a59208fa7f4d623e21d117f4da07b795ebbc6b355174981d6a680504874ee
SHA512 22cb623e431dbddedfe25fa1139b217852da6da97a1851ef88db53c8921457350761763e4c36679f0d86bff7f3e60098901eb6278656625bbf5e728b0a52bdb1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 520d87a629098023ebadcef0267873d3
SHA1 7f39bd1aa5a9dae7467a0c279ea153ffd0b15b00
SHA256 f58d1f5813df09e5505baddbeed26576a1c3864f8429aabf8ab444fa5777d465
SHA512 74e545ed298888bad1e0a6b2dc32f748847a2ba2310a489fed5b7c3e4cf9cd22ceeb594e5563d915004e7867d93cb86b12e5b4d7a6b601e8043711f51e80271d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2268a1410b489616ed0b8ce235d7c805
SHA1 f41446ab63dbadc16e873a7a34ec31ccac643323
SHA256 29c930c3c882ef04e9e1e47c9561a18cf293cfd9b669f7b978363c13839873a8
SHA512 bd457ceea2cdd582778897754fcb94bc334c3e4cd2ddb902f7cd1d89063781319401c805c71047ec4a9f0b5d81cd31974f35642d9a93de43d9e861d4a4dcae8f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2d164b345003a65648c7e5b240cf55dd
SHA1 c365dfec2a1432eef9373ba53e13093bb47e4ba8
SHA256 b4f40fc87dc8a4af6906829fc2f1983e6f8d228d97306adb4b52b500c1ecfa80
SHA512 0bf2dc2b39f32d552396df07a3c4fbea9c5be64714818bb041fa8a957c643640fcf2e1c6cdf3d711386143824ab61f39025d7d2f92b84c686e8e0fa1255039d2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 438b400bbb583228d940b22c84fa3ced
SHA1 2436238e804ff807171d2b7f8b6963e4c80dd5a5
SHA256 62352df23036a9a77c50465f82bcaba48e98450b6cdeba21815a29a7cf9821ca
SHA512 4d8d64368f13b9eb98942018d451d95ac57044745e898571eea04105296dcbfc1fa6c7a598183559c6189154223fefbdf4e514c1320791ba49fb0ff0f8342d09

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8a2594ee88b63362f54953f0163165ee
SHA1 a2b74e06d40f759e3ae35a136928f5e3724e365e
SHA256 b4f0f8cc7e9dba6af82a8cf8960e4ec4f823a7dfbd365d327284d614b83ad431
SHA512 2033734e1361c4d112d75f35fc5f4984951c079fff189b38c9927f9da1233b46336d7f0df2143337026478794a97631cc4cecee99dc52cc87cf1b86d6744fa73

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2fce979fdee2bbb086e5cce539028b1d
SHA1 16aa727fdc9efcabf75633ac75c78a4141b954fb
SHA256 35d13064ba611c3f68a793a5434980cf652983b7182290190e396f3acc4fd8c1
SHA512 cc3d28535fb6901b29ef939b09cf57f22e3b8875f74df205ea840df9f778b7cf22ac91697b2c00de96d7264d2c84e9ad9557e157b253af3f54f029e848cf256e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1ea888053b191765bc764e5e9b8de7b0
SHA1 5dfbd62182b56bc296cffac5f9dcd89912d95b3c
SHA256 6132f27123d81ceea0c371f2debbe19c537c22438793052b9a6f8a7b70c35a09
SHA512 c7c3daa481c3056171bd4fd4dfdd9d3d72844c4ba947fe0f7639161f98cf8b83df286951e298502b48c0cf0d907494ddc4412edf66b3eec6d6074552e9b95933

Analysis: behavioral12

Detonation Overview

Submitted

2024-11-21 08:37

Reported

2024-11-21 08:40

Platform

debian9-armhf-20240729-en

Max time kernel

4s

Command Line

[/tmp/node_modules/.bin/mkdirp]

Signatures

Checks CPU configuration

antivm
Description Indicator Process Target
File opened for reading /proc/cpuinfo /usr/bin/node N/A

Reads CPU attributes

discovery
Description Indicator Process Target
File opened for reading /sys/devices/system/cpu/online /usr/bin/node N/A

Command and Scripting Interpreter: JavaScript

execution
Description Indicator Process Target
N/A N/A /usr/sbin/node N/A
N/A N/A /usr/bin/node N/A
N/A N/A /usr/local/sbin/node N/A
N/A N/A /usr/local/bin/node N/A

Enumerates kernel/hardware configuration

discovery
Description Indicator Process Target
File opened for reading /sys/fs/cgroup/memory/memory.limit_in_bytes /usr/bin/node N/A

Reads runtime system information

discovery
Description Indicator Process Target
File opened for reading /proc/filesystems /bin/sed N/A
File opened for reading /proc/meminfo /usr/bin/node N/A

Processes

/tmp/node_modules/.bin/mkdirp

[/tmp/node_modules/.bin/mkdirp]

/bin/sed

[sed -e s,\\,/,g]

/usr/bin/dirname

[dirname /tmp/node_modules/.bin/mkdirp]

/bin/uname

[uname]

/usr/local/sbin/node

[node /tmp/node_modules/.bin/../mkdirp/bin/cmd.js]

/usr/local/bin/node

[node /tmp/node_modules/.bin/../mkdirp/bin/cmd.js]

/usr/sbin/node

[node /tmp/node_modules/.bin/../mkdirp/bin/cmd.js]

/usr/bin/node

[node /tmp/node_modules/.bin/../mkdirp/bin/cmd.js]

Network

N/A

Files

N/A

Analysis: behavioral26

Detonation Overview

Submitted

2024-11-21 08:37

Reported

2024-11-21 08:40

Platform

win10v2004-20241007-en

Max time kernel

149s

Max time network

152s

Command Line

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\node_modules\.bin\rimraf.cmd"

Signatures

N/A

Processes

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\node_modules\.bin\rimraf.cmd"

Network

Country Destination Domain Proto
US 8.8.8.8:53 97.17.167.52.in-addr.arpa udp
US 8.8.8.8:53 71.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 13.86.106.20.in-addr.arpa udp
US 8.8.8.8:53 154.239.44.20.in-addr.arpa udp
US 8.8.8.8:53 200.163.202.172.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 92.12.20.2.in-addr.arpa udp
US 8.8.8.8:53 217.72.21.2.in-addr.arpa udp
US 8.8.8.8:53 29.243.111.52.in-addr.arpa udp
US 8.8.8.8:53 13.179.89.13.in-addr.arpa udp

Files

N/A

Analysis: behavioral32

Detonation Overview

Submitted

2024-11-21 08:37

Reported

2024-11-21 08:40

Platform

win10v2004-20241007-en

Max time kernel

148s

Max time network

151s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\node_modules\balanced-match\README.js

Signatures

Command and Scripting Interpreter: JavaScript

execution

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\node_modules\balanced-match\README.js

Network

Country Destination Domain Proto
US 8.8.8.8:53 97.17.167.52.in-addr.arpa udp
US 8.8.8.8:53 120.250.22.2.in-addr.arpa udp
US 8.8.8.8:53 136.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 13.86.106.20.in-addr.arpa udp
US 8.8.8.8:53 200.163.202.172.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 92.12.20.2.in-addr.arpa udp
US 8.8.8.8:53 217.72.21.2.in-addr.arpa udp
US 8.8.8.8:53 43.229.111.52.in-addr.arpa udp

Files

N/A

Analysis: behavioral7

Detonation Overview

Submitted

2024-11-21 08:37

Reported

2024-11-21 08:40

Platform

win7-20240903-en

Max time kernel

120s

Max time network

129s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\dialog\dialog.html

Signatures

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "438340136" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = c0ff0ab8f03bdb01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000045c0dde48c11474f81d9a2c02be4ea220000000002000000000010660000000100002000000043dfd080681c3402846d5a6dd7599f22378701bf9ededad6ceaa70527ccc1ae6000000000e8000000002000020000000470058d96e3e42ca9d958a3555358b9fbe687d89cf14bfa1f29f9b0152e5a39790000000bbdb828b803fc4f3c495a04ae8703ea511a2ce240c9d87a708ca3703fa1251e5802b8ac3d5363b7968acd71f4ef2a850d992f383e35594d9856cf08da469bb5a2756282dee0b7ae37396958ecc992001f687fe099d63885e420ea505ae5b1b13aefdefec6c2e3162c57cd2475594e4755844b2a0e075a9a148013a59074950a8f765d4441a8214edd81d18399a65d71640000000c468f434da186199f0b80cb3371369bb3adb18ac2dc51afea3e1adc3e211bf10305214ababa11c76e2c9d56f597753fa2977be3c033f8b6e5ae7b61d8553b31d C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{E37A13D1-A7E3-11EF-87E3-523A95B0E536} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000045c0dde48c11474f81d9a2c02be4ea22000000000200000000001066000000010000200000002e288633fac0a98a74f2617e7ad78560d8a43f05005fc5166a739fcb04ed73c9000000000e8000000002000020000000357b3b7ba24d36400c16c1cb31a8c723f1d5a714c2f4e24366c3412f5efd75d120000000efa5458b1b5c9ee4183bd0f96d8e5642b6fd85866223a70a14f86ff7b30720a740000000d590e00bcfb27f6795c267a211ff0e0caa9e3ca21844751e7fe68265f3267095fb2eec152e8dfa888ae56719a7d308246d4abd25ade369ae09bd32d2e0ba0c1e C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\dialog\dialog.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2348 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp

Files

C:\Users\Admin\AppData\Local\Temp\CabE60D.tmp

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\Local\Temp\TarE6EC.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f1e345aae12d98274c7a27d311c903eb
SHA1 12e3aaa217216170d21de6740cd616f3b49b66f7
SHA256 b581bcc37520a73a8b41b1fa81fe4ec805fa2c41414474408705a611275e79d0
SHA512 4bf6d032ddd9e42740ef1549c74628f1a46822ffad0d809e9a7551608c6d9a26b1c0e0a8fd4b7421892d1e1eb4cc9c01d09485da634483faff6e8e83a71e2be3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 819edb3eea3841797e3ee21864965ed1
SHA1 252a47eedcfa64d95910b62ef0b4fbc99945d611
SHA256 2a489055c866deaa20198ef714c734b2e2b13995e4ab69f5f18834947ceefcc8
SHA512 296265cec3cd22852fa2ed910ee52cea067ef015a701a9e10220782eda3f0802b0c90b15154bde9fdd2bf9248722ed0fdb15b6782f7250fc0466efcbbbcd4ba1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a69c06c1781d38a9210eaf0b508d83c1
SHA1 7d35df7f49a65b58017be694bcd8af6dd98cfc06
SHA256 d6d784af4597d6229c33aa6f2cb5bfd69fadbdb1705216dfe5f46f0d969ed568
SHA512 61abded49432e24026affe3215e540af9fe5fd5dde815b6bec5989b99566068dc782cfee96e9ef5e93f7f665f1da076bd42e8a192284ecfa5566730f4dc036a6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0eccbbd6ffcf04c02e7af0d2958f2ba8
SHA1 2b6d94feaa107480ce30f5de1b62bd0e27d9415c
SHA256 d78758e26caf6ff7b42265cb4b6fefb2af69e210e442775689979a083df71535
SHA512 f397225c54d803905cb5f300fcf14998d79abb48e83b5aea5278cae74963f61f25fceac9099a95ccb0cac9a2766cc8cba0bb76f5ae344a113ad5aeca6986aa92

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 fca749100ddacb79f36890bb37d8f8e8
SHA1 9290e7ff69af2ddfbf0dfddfb64cf85b321491e4
SHA256 cfd29afe0a86be2974c27a27579e71d0bf03f09e5a1a073f1a6ca97c39f53b2d
SHA512 6d37780a9dc054a1e3b2c51debfd0f3266efc65c51774c510edde79120c9ea272aefedf5ce2970e20ce6cda9f815c5a5418e1354ba513d1b19f4f3215d0396fc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 12a02f332d50029697bfedf592c5c01d
SHA1 3174adb8c29064234bd914a7bcde3f4b28af682a
SHA256 c14574a064452983a6e8e6f8cb11ad56c25c33084a2e5cde94bbd0539d90bb1b
SHA512 74778485e3bf6c16ea15200d08a7cb7beec0653cf54d1f8d23c552fac638eb6d3c840ab84636cc34d49de6cfa2f515d73b028f44cae186da94acfb1c134734d4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4032bc66e530e3703691abbfa7accb78
SHA1 f1c528c277d7ec177209f4f8a25577cd09364fdc
SHA256 9077610f8f8bd8c861a3d348ebdde28c82bbcddf8c4d2afc7d460140f67fc243
SHA512 187681f5b420b893101f0d5fc4f6a7098d4be53ffd1370930fc0e1757aefb4bb54704c5926252f91379e37f0e3f54759f3b63f325f4f85e87186fc8ca5c14c1b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 58ceaee7e527b28e9dcde2eeb110d9b4
SHA1 f053219bc45eb18f5e9dddcc7f78ad59ccf1f133
SHA256 e81eab20f9d94b7e4ad09340460f1ea5eea9dbf4a88162bd2bff455f43892288
SHA512 14b3d0f75923f7069a2f596b77ade8abd24ab345e92b2dc43f94a904f9026134360dbeeda74aaf1aa8432ae726a6a227aa649e4d283db2ae63ffd8e13c89aa3d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 19de02c9124f74b8b1622abf9af30124
SHA1 f32bc9055eaf1259c19f3ff19880c82e5d3a4fc6
SHA256 4ea574fb1ef25618cc8b26ae2939cc2ed3f9ac65aa568f37f2cdc59aface499d
SHA512 3b4a98d28fcd4269f1b7f0bf09f1b751f08eeaeeeb21e8619aac7bb2798abdf5f07ebd9509ac21cbd77c89e5b6d4cd427d597688ae6c19b2b76e4f31673e5b07

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 06a8e98c852599d94877b6c11f1960ac
SHA1 881699aec7ccee9ece068e75bf8430b50ed3bd90
SHA256 8292376a27320de177d0119b0fb8e562aeb7b8a53e0e45501ca4a6b6b6514bde
SHA512 4f365d47ee2503aacf20de1858f247fb5b09dd252d2fbe675c6bc0d511ddc300a99fb6e1e6c341a724fade604e0b97c58743d0ad2697347d96f9d43add53a583

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c33e0cb7c343842eebbd60fed23b99ee
SHA1 7ec769651371588abfc47be85bebde0708e994db
SHA256 3d6abb4d4bc590cfc8f9599ba251a9498545c4233f88a473fe8e1c5c68609019
SHA512 58e97fb375a60751e6b0af52719b987af3ec77b0bb56f0a27317ff122665b1899afe142a86af020a379520bb939f1800d99ab0f2aeb74ca34902f0a3c4ff068c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f06742582f8cd3fdb3d3620262fba02c
SHA1 95fd1098f2f701fba885f920a608055416c40789
SHA256 7260b96f61477ad6cab46e4f83a24179b61bd1637d6892aa56928da700e6acbb
SHA512 0a698b09a20ab9e5f19e5dfd0baf5eddb076b31bd8b674a593bf3b7d1a2e87f20b281f744e2769925b079475aa8ead8fbc33821a5c6df5345fe23e62714f6839

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b43630f1979e353249e4ea013f7e5f7a
SHA1 c7f8d1da084e534d992cd4477b10527afeff9831
SHA256 b9385532173354939bd8814c74cf4767ed7a3b89740cdef236def8d5544a2c3d
SHA512 029d4f79bd425d1f17323279f24df588f8dfa0b54d855e92b6b826f96aa95aba51b292b4428ed95043b3746a7941fd20f6d88ca0ad8d4f01a07b48dcbcfa3aef

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 219c9f0b7f9f077d1fc2b8588f9ba0d7
SHA1 af8b87ca9bbf5d6790373d33a330eafa1ac72ccc
SHA256 153c86ce45684dff2f26fe69094f7de6b7d878cc8cebb59e44d85f45d47db7e5
SHA512 87a51995bd79e57ebb6e24f785e525f2a27fad960b3ba97781f77b5e60566673314a922df8b76083cf5cb1720980c80d4d67dca8702962c106a9690616cf1ce4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a6bfc5c5068db6918a92b2b5c835bbee
SHA1 f3def90bb7be17e91e69b4876d56b861e5ed0e55
SHA256 1bb3965c7f375f5b9dbbb28f661b19cc39403ff65f6999800487748fbd4518db
SHA512 7fa75ce225f23235afa32db116bae759c5eece21b2e05662997d98922e67c91cd0156508a5f2b77b244be02a766c74683f442b1f487db930ebedc317a0958472

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8840673edcf0114b3776f12f00b61e57
SHA1 760e5a613ddad1ad3481dc5b0772edf2a3195142
SHA256 52d2562bb0c960db467f1a8bb8f96bcae80510a1cea35420d82acd2635577ee8
SHA512 d40928a649fa17848b0acfb6e07f1e16f693571e887b99e5d0bc9cedf43ede791301498ccac67558eae3dd12bdc1cf8c24c81ece7fb6922de97feb2ac2c22238

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 59c3cca5eaf573f4e32d8f5cc10336cb
SHA1 064cb836df8a8e2ea9650eae8598964ecfb7630c
SHA256 6a6beb6dfde1e39527e60aecda98d798dbf279a5c929eb9b2e716f06dad55c0e
SHA512 f4b24f401bdd9006c1f7d5594083ecedc3d0084bc5492b599a8b2a1589678e85ba5e747eb4091315497c9d954cfc90f2109eefd50b64ba0ba951047f75ab7971

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ccd206f0f244c25a14738988cba5c127
SHA1 ca5c30893274aa25aec3621243f71d38b15eb8ba
SHA256 e3db61a73695145f42a28bdd166a8febc87255886908a8979382a2811e4a47de
SHA512 9666f4ccc8a6a508c50b2e6e17018c3e432bb25300f315684568a60c5a8bbc5c79b03f7e7bf05d22e579b082af3318b9e5c0004389d1d6fdebadbb59c9ae19d9

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 16c55a1e6e358a10595137a45bd6b0ee
SHA1 61b2cf959bcc3564abb7aaa62c6be6ea97783c18
SHA256 1429109f69e0f6d54972480eb7092d067b7489865c575b75f30df39c14e2699e
SHA512 70bf31b3ebdd67ff02f030f4cd69ea1e625249ef92713dfa92cafedaa505bf2e5649833851619529dcc431bf2850e8146f6c94967fda3a376e78a97d7515f716

Analysis: behavioral9

Detonation Overview

Submitted

2024-11-21 08:37

Reported

2024-11-21 08:40

Platform

win7-20240903-en

Max time kernel

119s

Max time network

121s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\dialog\js\dialog.js

Signatures

Command and Scripting Interpreter: JavaScript

execution

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\dialog\js\dialog.js

Network

N/A

Files

N/A

Analysis: behavioral16

Detonation Overview

Submitted

2024-11-21 08:37

Reported

2024-11-21 08:40

Platform

win10v2004-20241007-en

Max time kernel

93s

Max time network

147s

Command Line

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\node_modules\.bin\mkdirp.cmd"

Signatures

N/A

Processes

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\node_modules\.bin\mkdirp.cmd"

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 241.150.49.20.in-addr.arpa udp
US 8.8.8.8:53 120.250.22.2.in-addr.arpa udp
US 8.8.8.8:53 4.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 13.86.106.20.in-addr.arpa udp
US 8.8.8.8:53 50.23.12.20.in-addr.arpa udp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
US 8.8.8.8:53 200.163.202.172.in-addr.arpa udp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 14.227.111.52.in-addr.arpa udp

Files

N/A

Analysis: behavioral22

Detonation Overview

Submitted

2024-11-21 08:37

Reported

2024-11-21 08:40

Platform

debian9-armhf-20240729-en

Max time kernel

5s

Command Line

[/tmp/node_modules/.bin/rimraf]

Signatures

Checks CPU configuration

antivm
Description Indicator Process Target
File opened for reading /proc/cpuinfo /usr/bin/node N/A

Reads CPU attributes

discovery
Description Indicator Process Target
File opened for reading /sys/devices/system/cpu/online /usr/bin/node N/A

Command and Scripting Interpreter: JavaScript

execution
Description Indicator Process Target
N/A N/A /usr/local/sbin/node N/A
N/A N/A /usr/local/bin/node N/A
N/A N/A /usr/sbin/node N/A
N/A N/A /usr/bin/node N/A

Enumerates kernel/hardware configuration

discovery
Description Indicator Process Target
File opened for reading /sys/fs/cgroup/memory/memory.limit_in_bytes /usr/bin/node N/A

Reads runtime system information

discovery
Description Indicator Process Target
File opened for reading /proc/filesystems /bin/sed N/A
File opened for reading /proc/meminfo /usr/bin/node N/A

Processes

/tmp/node_modules/.bin/rimraf

[/tmp/node_modules/.bin/rimraf]

/bin/sed

[sed -e s,\\,/,g]

/usr/bin/dirname

[dirname /tmp/node_modules/.bin/rimraf]

/bin/uname

[uname]

/usr/local/sbin/node

[node /tmp/node_modules/.bin/../rimraf/bin.js]

/usr/local/bin/node

[node /tmp/node_modules/.bin/../rimraf/bin.js]

/usr/sbin/node

[node /tmp/node_modules/.bin/../rimraf/bin.js]

/usr/bin/node

[node /tmp/node_modules/.bin/../rimraf/bin.js]

Network

N/A

Files

N/A

Analysis: behavioral31

Detonation Overview

Submitted

2024-11-21 08:37

Reported

2024-11-21 08:40

Platform

win7-20240903-en

Max time kernel

117s

Max time network

119s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\node_modules\balanced-match\README.js

Signatures

Command and Scripting Interpreter: JavaScript

execution

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\node_modules\balanced-match\README.js

Network

N/A

Files

N/A

Analysis: behavioral13

Detonation Overview

Submitted

2024-11-21 08:37

Reported

2024-11-21 08:40

Platform

debian9-mipsbe-20240418-en

Max time kernel

1s

Command Line

[/tmp/node_modules/.bin/mkdirp]

Signatures

Command and Scripting Interpreter: JavaScript

execution
Description Indicator Process Target
N/A N/A /usr/sbin/node N/A
N/A N/A /usr/bin/node N/A
N/A N/A /sbin/node N/A
N/A N/A /bin/node N/A
N/A N/A /usr/local/sbin/node N/A
N/A N/A /usr/local/bin/node N/A

Reads runtime system information

discovery
Description Indicator Process Target
File opened for reading /proc/filesystems /bin/sed N/A

Processes

/tmp/node_modules/.bin/mkdirp

[/tmp/node_modules/.bin/mkdirp]

/bin/sed

[sed -e s,\\,/,g]

/usr/bin/dirname

[dirname /tmp/node_modules/.bin/mkdirp]

/bin/uname

[uname]

/usr/local/sbin/node

[node /tmp/node_modules/.bin/../mkdirp/bin/cmd.js]

/usr/local/bin/node

[node /tmp/node_modules/.bin/../mkdirp/bin/cmd.js]

/usr/sbin/node

[node /tmp/node_modules/.bin/../mkdirp/bin/cmd.js]

/usr/bin/node

[node /tmp/node_modules/.bin/../mkdirp/bin/cmd.js]

/sbin/node

[node /tmp/node_modules/.bin/../mkdirp/bin/cmd.js]

/bin/node

[node /tmp/node_modules/.bin/../mkdirp/bin/cmd.js]

Network

N/A

Files

N/A

Analysis: behavioral14

Detonation Overview

Submitted

2024-11-21 08:37

Reported

2024-11-21 08:40

Platform

debian9-mipsel-20240611-en

Max time kernel

26s

Command Line

[/tmp/node_modules/.bin/mkdirp]

Signatures

Command and Scripting Interpreter: JavaScript

execution
Description Indicator Process Target
N/A N/A /bin/node N/A
N/A N/A /usr/local/sbin/node N/A
N/A N/A /usr/local/bin/node N/A
N/A N/A /usr/sbin/node N/A
N/A N/A /usr/bin/node N/A
N/A N/A /sbin/node N/A

Reads runtime system information

discovery
Description Indicator Process Target
File opened for reading /proc/filesystems /bin/sed N/A

Processes

/tmp/node_modules/.bin/mkdirp

[/tmp/node_modules/.bin/mkdirp]

/bin/sed

[sed -e s,\\,/,g]

/usr/bin/dirname

[dirname /tmp/node_modules/.bin/mkdirp]

/bin/uname

[uname]

/usr/local/sbin/node

[node /tmp/node_modules/.bin/../mkdirp/bin/cmd.js]

/usr/local/bin/node

[node /tmp/node_modules/.bin/../mkdirp/bin/cmd.js]

/usr/sbin/node

[node /tmp/node_modules/.bin/../mkdirp/bin/cmd.js]

/usr/bin/node

[node /tmp/node_modules/.bin/../mkdirp/bin/cmd.js]

/sbin/node

[node /tmp/node_modules/.bin/../mkdirp/bin/cmd.js]

/bin/node

[node /tmp/node_modules/.bin/../mkdirp/bin/cmd.js]

Network

N/A

Files

N/A

Analysis: behavioral28

Detonation Overview

Submitted

2024-11-21 08:37

Reported

2024-11-21 08:40

Platform

debian9-armhf-20240729-en

Max time kernel

0s

Command Line

[/tmp/node_modules/.bin/rimraf.ps1]

Signatures

N/A

Processes

/tmp/node_modules/.bin/rimraf.ps1

[/tmp/node_modules/.bin/rimraf.ps1]

/usr/local/sbin/pwsh

[pwsh /tmp/node_modules/.bin/rimraf.ps1]

/usr/local/bin/pwsh

[pwsh /tmp/node_modules/.bin/rimraf.ps1]

/usr/sbin/pwsh

[pwsh /tmp/node_modules/.bin/rimraf.ps1]

/usr/bin/pwsh

[pwsh /tmp/node_modules/.bin/rimraf.ps1]

/sbin/pwsh

[pwsh /tmp/node_modules/.bin/rimraf.ps1]

/bin/pwsh

[pwsh /tmp/node_modules/.bin/rimraf.ps1]

Network

N/A

Files

N/A

Analysis: behavioral5

Detonation Overview

Submitted

2024-11-21 08:37

Reported

2024-11-21 08:40

Platform

win7-20240729-en

Max time kernel

134s

Max time network

131s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\custom\help.html

Signatures

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Set value (data) \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000a963765939a79f49a264d21ed5ee43fc00000000020000000000106600000001000020000000e718f6178fcd62586e82baa55bd52739a8817483468cac07a6338dbdfed2f0f8000000000e8000000002000020000000f57313a7d119d2365fcd7e1a51b9dacc2ec6c1ea8185f4d67469ca1b6cedb50a20000000d4ef491c7b69a5c5494d81ee9f3f411494d0835ff9c04a2735a9f61008975ae240000000497b897b60bc79417e71f94a41dc9bb70243a27b34a2f3d475586628c6a5f7edcf9a765acbf08d79ade8f535d42cf930456bbe7407752b0372c559a4aeaad2e7 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000a963765939a79f49a264d21ed5ee43fc00000000020000000000106600000001000020000000873a1543f9cfc875d66a6ad0902fc70db7611ec76f8b7fd48550a7799cf97d84000000000e8000000002000020000000e1552261cde94e064adec3f02c91b9a3d65b009e4f9b8f6170da7600da9ec09d90000000b3f9b811365e8d31391cea77f261ec613b21cbf58f696cdd2625018f0f5fdb936e65f8fe349db938d99855c1d6c8c66078b139782d3c4e7c1a109b5a2bd81b4fa6fa062c2ba35638e5cc0a7190a3969f8a3c55d55c6a14fb299cdec9f10d36cd69fd6ec3c068b6cad18533218c78a9d37c50a3e84420a97bfc72484ca8a9dd3a82f4bfc8f15552625f538d0a78e5200840000000b9d0512d9dbbfb6f401e3367f0445293c52be0d0b660eeacfbf10db4ff716826e4244ed7eb5579b596c4b044d30f6ea2e946b09d771bd1b86821dde183a87a43 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "438340140" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 40cb09aaf03bdb01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{E5D96091-A7E3-11EF-A5E9-FE7389BE724D} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\custom\help.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2628 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 romaincousin.gitbook.io udp
US 172.64.147.209:443 romaincousin.gitbook.io tcp
US 172.64.147.209:443 romaincousin.gitbook.io tcp
US 8.8.8.8:53 c.pki.goog udp
US 8.8.8.8:53 c.pki.goog udp
GB 142.250.200.3:80 c.pki.goog tcp
GB 142.250.200.3:80 c.pki.goog tcp
US 172.64.147.209:443 romaincousin.gitbook.io tcp
US 172.64.147.209:443 romaincousin.gitbook.io tcp
US 172.64.147.209:443 romaincousin.gitbook.io tcp
US 172.64.147.209:443 romaincousin.gitbook.io tcp
US 8.8.8.8:53 cdn.iframe.ly udp
FR 18.164.52.100:443 cdn.iframe.ly tcp
FR 18.164.52.100:443 cdn.iframe.ly tcp
FR 18.164.52.100:443 cdn.iframe.ly tcp
FR 18.164.52.100:443 cdn.iframe.ly tcp
FR 18.164.52.100:443 cdn.iframe.ly tcp
FR 18.164.52.100:443 cdn.iframe.ly tcp
FR 18.164.52.100:443 cdn.iframe.ly tcp
FR 18.164.52.100:443 cdn.iframe.ly tcp
US 8.8.8.8:53 1660550734-files.gitbook.io udp
US 104.18.40.47:443 1660550734-files.gitbook.io tcp
US 104.18.40.47:443 1660550734-files.gitbook.io tcp
US 8.8.8.8:53 www.microsoft.com udp
GB 184.25.193.234:80 www.microsoft.com tcp
US 8.8.8.8:53 crl.microsoft.com udp
GB 2.19.252.143:80 crl.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 204.79.197.200:443 ieonline.microsoft.com tcp

Files

C:\Users\Admin\AppData\Local\Temp\CabAEE7.tmp

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8B420DKQ\k2[1].png

MD5 987b7ee484247b9b8f963f876ebddeb1
SHA1 29a18d2224d6535b21cc831f8a8ca3140007e6a0
SHA256 85fd8dbf6a27fd691d8df7aab6eb0c2814eeb02b46bbdc3bfda4e24927c6faae
SHA512 2ed07bbca4bc7118ae0c1b931dea8641eaaf685e0a9291e609e6dcf3332e149c778e9a2be0eb46f53f433f79b86a4cdb21c52b139c09ba47bceb5ea808b0505c

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\pzrzu69\imagestore.dat

MD5 bcaf7caa9159fc4df06efbe02c75ce43
SHA1 9fcf5af9ba80cd8dc6ef589bafbd7fdcbe5b9155
SHA256 b5c45e0ebf0081bdc273ae134e5c32eb4d630792695b4f6df78ffc00977c26d7
SHA512 2af1c34fe409a337e28a945321c89fd8f71bde53494d22a0d9fc46dc4cf565bccf2cc5972bf17cfd38c5cc1ca858ffa915e4fe81c7e70999fd2be9e10c9f54a2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 fce219e7684c66a091390329cd7cc735
SHA1 3cb239645131332525620f6eaf3f31394d9ed825
SHA256 50d2f048f13088c7e1f9663128c3a902d0e110c4d6edf189a4c8e58da2c4ba69
SHA512 ff2c0595ec28e00498bca3284fd86bd14c4645164dafd6615164ff961ab770f5ad48744f61057c6de9af7229db8d13e6479b68676f6b10d0d58f837c79d7e851

C:\Users\Admin\AppData\Local\Temp\TarC0E1.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a21292577c0d40861a4059acd9066c5b
SHA1 c77d674ae843548ea2fa8a7bae443f4f3c32862b
SHA256 f6865c080d8ed5dc9b3cf2971cf017b912701af8d185c554661e434ad6fd2da4
SHA512 4a639e4e59837ef01986121d696959f7196c8433bc6e0ba652176b13063c437ed29c169370851f72026eaf47118b5b0adbf255ae63e831d91076f6bf87b9dc11

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 91e2f0ec4d585260079cb0cc461fe841
SHA1 dbb2d0f42ea5311fe224bf37741ba3d375af4b77
SHA256 b14ced10b6697dfd276b32838cf6e4ed1f0b2b70d66186031b1ae7f63fbd3bb1
SHA512 30189f216979163f4d7cbafbb245dcebc22fa21e4f546f518649fb24035b1ddd38832497979f093af5178db41ba36058897c257f404c634f5378115f6cc7f18b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 988adfcdfeec739826004239a15c1cbe
SHA1 4e4d868b4b767bbdc0494693e09990e566a77039
SHA256 d5129a34f4e58730cd4ad43c93d562299b455452e7af6ba374c4706a3890debf
SHA512 1c67edc1df6b3bde859d542d0e545c5dc9264ff08fe68f2303111f5c0fd2740a39293024bab8aad649c28e6a3b3343a90bea353cac3cc0392daed17427e78b2d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c6053c8d107830421adacaba7349df66
SHA1 d8e33a16c227a17f3f5b342ae0723b1258abddb2
SHA256 c5aa2e8fc3779dcf63adc92bb988e3c6fda652fa7d9a78bcdd00b370a4ddc0a2
SHA512 372b8bb266f4af6ea114c853aa42b49448ae09387a1bcd584cad2205793270b742f2febcd1fe52a6a3a9cb1e7e464042b189f293505f0a110909424fe8688981

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a82fac521035ed7177f0108492cc728c
SHA1 cc08bde6c682a7a03551ad066a4f06483f4d7eb5
SHA256 fa8220c1d54527adb575081cdce3587c9229392536ac703ec0617de4141dcd84
SHA512 3284b820da244acb9ac2d8fb9b6747eb6c8112e7d942d36cfc3247a5156ad40eaaa6e2bb809f4adafa39d65deed06968cf6314b6a1ee53659d0b62c439427e9b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9e81991f0270b6d9ab08097496ce6f17
SHA1 2c4aa5758c89439a06afad995651c479122171cf
SHA256 3e7df357dd2f9c616684d95643cdd768d0d906416a69e15265e24fd6eccc4382
SHA512 3a0e1b9bd4ec3ac6bd049b3315cecf7a7a1dbd46dfc3b5b90f1289c58ac96da69a8e997a6af7805449d24eaca743e1988ad3d4d94d1564cf4d65dce603ef8a73

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 de4a4f980f979c68434c9778cd02c2c6
SHA1 79bcc4a276fb32bbf62f7cea5c21a63ebe4a4d6c
SHA256 14acece7b3627c8da994425733c53409e50453f1c18ccbe7e6766c964c6b7788
SHA512 322aff8da0f0dd58411dc53149cbbf12ca1ba4e6715b2b8f3930830742700d14952f814e6d3175f5a5a51fad7f3a9d5553a6ecd85c0e34926f078a98522d54d3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b0e9045570b90307e6df82e5d8b59b19
SHA1 7887e87f85fcf911653c7aae869286290d1152f6
SHA256 7746825a2c876c4efa6493d5ff2a03d9effa1162edb8e9f82e3fc09ad6248f4b
SHA512 660fd35df53f893e055b1de27a20b82f54ca2dbe48f03fefd4121d07410d8ef18c8de86556b5dc56148b5adbebd88e8b70e59e88c042c2085e8214befcbf9c98

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 591e9cd9a5e27834660283a987452040
SHA1 0ff2b8859b63659b9af8f5e8dcc7b94de9a51154
SHA256 b0a78e38e9e3e5beb153ec4fc0a7777bf048e396bb0908113bbf1c653e4bef07
SHA512 407c401c100b35d3d3966131d3c52a8957d9f8af2d1b9d51def966c011ac6caf0d1c0d9ccf93ec5be67a3562622f204d4403fa805ed5fd72d4ddee9bd5bbed15

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9ddd75e505f2e92fc0a9ac97c448d339
SHA1 9fdc4fd61cace7591962da4c6944be489d912e38
SHA256 f48c8d888e695dff3573e9d8125568a8c9e7ab94d71fe85f7db6c106731c1f20
SHA512 46ecea53af898c9fa70ed627441b471800cb74622d6736df621b679f33d067c2d51d30e333ba67513e966a430c072d837b4404ac16ac2718ff77b0748f2d7289

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 51a98419e9672284747a66cdb642b3ec
SHA1 ff6576baf2a54c3293477e31f1f2f37d120959a3
SHA256 58d77c991f985b0798c1d98ba4f303f3e0064c6efd7d808c76c3081da7811763
SHA512 55e59a0b797bfb26a35aa17cfcacf5dbec80993c6f5076d9e422ebe58c8f1c39a2754591b3a2b6b6647bcf7d40735791edc9194b186616e5d346032fc2b0b1cc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0ae3e78d8cf99074e6415e59f368ccd3
SHA1 d772a4a69db59915e9f4176a8f8a7484459b4862
SHA256 81cc6d721755356bbc4cf9fec1885ee754789f5e25dbee024d64c330f403a56a
SHA512 d4f3589fc76edfa9bdf193f68adc9aff28c81245fe818e67588e42e4cee94212efe48366282d8651bd78333c11829439f8e702a0613401cf8f2e3ed03a2afcc1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 a266bb7dcc38a562631361bbf61dd11b
SHA1 3b1efd3a66ea28b16697394703a72ca340a05bd5
SHA256 df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e
SHA512 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 4d603d236f5a69d790c55ee13c04e097
SHA1 969d7679f2cf20f6a5e751f32bc52e1d9a271817
SHA256 6f61c0aee2754d1898780ca7c8f59ce334181dc8cbf787e785672e8c27931c4c
SHA512 5e50d8c5e5df417f64b8748e1590129987afa5b4c9ec6b5e6775ba0d6e2845d0013a0b5cc1f167300f285506ce829833f35b8f32f7ab6505f411f1aa598a6ad4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 786ef6c9260a0b513bb2f5444326e4f7
SHA1 cac7177534abc5e7a946a865de8745c92be24ce3
SHA256 d0da1bdb4bead709ac3cabc95553e7e3e4623f34869db30d9977094a7fc2c274
SHA512 7d3cf2b6836ebdaca1cf438695aaaaf105cfa3292c95a6730290ed365a8de5131364a57ff52fe4dbea75a0f618f241ae8bee87c62bac878ebbbff8e6598564a8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1e67f7bb6b94b078083c85ad03ca9be1
SHA1 71f356188d6511c19944b88a948e49ee7df6629b
SHA256 be89d682e2459b6fa59675119876956f4817e6d4aecdd07c78e6e9599121b017
SHA512 34260255e9d6e076b15262731307a8511533e4f19316f4016d95c8be79f7c5ee32e3265bf2f765cdef407fd44747e736aac4f6d65efd709fe0a64692178ffe37

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4edb66dd5c5aaebb7f4934e3bbaca25b
SHA1 13eb98c5f55f747bb3470f85cb1e9ee497cd641e
SHA256 ac21006003da29ab8defbf5da0100ee52206de88c11c8096660d287b4b67177b
SHA512 73a3efe116548a6e285a927656226cd9d5a70963aebd9d0d725d664d28b1b69a325b71ee081b724c3cd1fda337d31c343a816a9ecf4821ae5d75d0f84c3c1c52

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c85abfe226f762ebd148eb4115899414
SHA1 4bf7b7df62dce011a751caad3361736fe446f65d
SHA256 4cc93075e915c2fa909494fe2c8559c030320e0c0183b85e2dd819e0f9e44889
SHA512 3780e9a81b8f30978d9556604f15550db0669f9bd60e65b45db1b38442680b131b9645e952a2a1b4c677d0fff98834d7ec6e48e9d5f63d2cabf8f5b0b5cf5e24

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ab59e4df4b36b557d9a3bcf453fcba9b
SHA1 f6b9d2f19348ae123e48e3c70914a93427657462
SHA256 710e388dc3329faeb240015eb74b4248318675edc7c9749267f2070ebbc080b6
SHA512 ac51076e433356f05ba0236f9bfd82ea1600a073528a23c4945c83570fdd09bc90b19bccaba8f7fcfe294d93932cf5369507406434c3a17b09a93878bfed541d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 6e3f3515b4de92aee999edc3db1c8585
SHA1 a6c10df54ffd21715171078420be107cde256f4a
SHA256 f31b180e3281b486594a5df56c4a6a31eb74fb09b5486facecc00bb3120bca70
SHA512 c465c24b1785d1694ea5ee2cf7fcbb62c20b0f58beff6faa7fc46c91272c882b1dc1650b8db2544413afc9e0ec659006439f14771ad8dec48238a308e64c4c3e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 e4a68ac854ac5242460afd72481b2a44
SHA1 df3c24f9bfd666761b268073fe06d1cc8d4f82a4
SHA256 cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f
SHA512 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a5e4b8ecfbdb5d4ea4d680ea7280f4b7
SHA1 529a57aa281967001e20e2c2285eabc836a8217c
SHA256 c94b3cc706ea9d6023f15b17ceca49f7887aab47fde5fe586d95bd37715d6d0c
SHA512 b0d7147431aa087d592a85532ffe8b3511c0ccf98f519e99ac3dd4a3799fccb1034bf9926a390ab3c438b13e7a1e442c481dd4ad38700ec6b19b2e70615b1048

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d66b790f13b6f66b231347e5be38855a
SHA1 2b163ab5bfc128acf128bd1b76e94a09cd87c6f9
SHA256 be2e7ab56926832613f41b6150e35373092bbf1e9fffa250c28259129f8c7c65
SHA512 bb13cbce6e88530301acf8c1d33680f782df6320c830b4e817cb898c4be95e2ae3257427292580b5b5eb5a1e6f3683dfc9a528a0342ef3c294afa8f2c1753a4d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e31ccef380cbf163de290dc4da46a06c
SHA1 326b980482f33a0a4c5a76b062b13053537dbddd
SHA256 4b4f396093fac76aa2d812d1af2cc3c3440fadd0b057822b0d9f911748e325cf
SHA512 32813772cb7d446b03015bacccb1c88bf324654e2955231c76031d0f58d95b8155453dff2c41ef8bd9abd4737600f8af1a933bdaad91667c088a53c8779b3370

Analysis: behavioral6

Detonation Overview

Submitted

2024-11-21 08:37

Reported

2024-11-21 08:40

Platform

win10v2004-20241007-en

Max time kernel

145s

Max time network

145s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\custom\help.html

Signatures

Browser Information Discovery

discovery

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 872 wrote to memory of 3552 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 872 wrote to memory of 3552 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 872 wrote to memory of 4716 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 872 wrote to memory of 4716 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 872 wrote to memory of 4716 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 872 wrote to memory of 4716 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 872 wrote to memory of 4716 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 872 wrote to memory of 4716 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 872 wrote to memory of 4716 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 872 wrote to memory of 4716 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 872 wrote to memory of 4716 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 872 wrote to memory of 4716 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 872 wrote to memory of 4716 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 872 wrote to memory of 4716 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 872 wrote to memory of 4716 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 872 wrote to memory of 4716 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 872 wrote to memory of 4716 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 872 wrote to memory of 4716 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 872 wrote to memory of 4716 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 872 wrote to memory of 4716 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 872 wrote to memory of 4716 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 872 wrote to memory of 4716 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 872 wrote to memory of 4716 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 872 wrote to memory of 4716 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 872 wrote to memory of 4716 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 872 wrote to memory of 4716 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 872 wrote to memory of 4716 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 872 wrote to memory of 4716 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 872 wrote to memory of 4716 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 872 wrote to memory of 4716 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 872 wrote to memory of 4716 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 872 wrote to memory of 4716 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 872 wrote to memory of 4716 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 872 wrote to memory of 4716 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 872 wrote to memory of 4716 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 872 wrote to memory of 4716 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 872 wrote to memory of 4716 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 872 wrote to memory of 4716 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 872 wrote to memory of 4716 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 872 wrote to memory of 4716 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 872 wrote to memory of 4716 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 872 wrote to memory of 4716 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 872 wrote to memory of 2252 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 872 wrote to memory of 2252 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 872 wrote to memory of 4812 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 872 wrote to memory of 4812 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 872 wrote to memory of 4812 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 872 wrote to memory of 4812 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 872 wrote to memory of 4812 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 872 wrote to memory of 4812 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 872 wrote to memory of 4812 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 872 wrote to memory of 4812 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 872 wrote to memory of 4812 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 872 wrote to memory of 4812 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 872 wrote to memory of 4812 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 872 wrote to memory of 4812 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 872 wrote to memory of 4812 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 872 wrote to memory of 4812 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 872 wrote to memory of 4812 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 872 wrote to memory of 4812 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 872 wrote to memory of 4812 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 872 wrote to memory of 4812 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 872 wrote to memory of 4812 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 872 wrote to memory of 4812 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\custom\help.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9b00e46f8,0x7ff9b00e4708,0x7ff9b00e4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2016,16142727514046641646,7048788689045205722,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1984 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2016,16142727514046641646,7048788689045205722,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2148 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2016,16142727514046641646,7048788689045205722,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2764 /prefetch:8

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,16142727514046641646,7048788689045205722,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,16142727514046641646,7048788689045205722,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,16142727514046641646,7048788689045205722,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4128 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,16142727514046641646,7048788689045205722,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5000 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,16142727514046641646,7048788689045205722,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4840 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,16142727514046641646,7048788689045205722,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5272 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,16142727514046641646,7048788689045205722,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4124 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,16142727514046641646,7048788689045205722,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5516 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,16142727514046641646,7048788689045205722,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6120 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,16142727514046641646,7048788689045205722,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6136 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2016,16142727514046641646,7048788689045205722,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4276 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2016,16142727514046641646,7048788689045205722,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4276 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,16142727514046641646,7048788689045205722,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5160 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,16142727514046641646,7048788689045205722,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5192 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2016,16142727514046641646,7048788689045205722,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5808 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 romaincousin.gitbook.io udp
US 172.64.147.209:443 romaincousin.gitbook.io tcp
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 58.55.71.13.in-addr.arpa udp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp
US 8.8.8.8:53 136.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 209.147.64.172.in-addr.arpa udp
US 172.64.147.209:443 romaincousin.gitbook.io tcp
US 8.8.8.8:53 api.gitbook.com udp
US 8.8.8.8:53 cdn.iframe.ly udp
US 172.64.146.167:443 api.gitbook.com tcp
FR 18.164.52.61:443 cdn.iframe.ly tcp
US 8.8.8.8:53 crt.rootg2.amazontrust.com udp
FR 18.164.52.61:443 cdn.iframe.ly tcp
US 8.8.8.8:53 167.146.64.172.in-addr.arpa udp
US 8.8.8.8:53 75.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 61.52.164.18.in-addr.arpa udp
FR 18.164.52.61:443 cdn.iframe.ly tcp
US 8.8.8.8:53 app.gitbook.com udp
FR 3.164.163.87:80 crt.rootg2.amazontrust.com tcp
US 104.18.41.89:443 app.gitbook.com tcp
US 172.64.146.167:443 app.gitbook.com tcp
US 8.8.8.8:53 player.vimeo.com udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 89.41.18.104.in-addr.arpa udp
US 8.8.8.8:53 87.163.164.3.in-addr.arpa udp
US 8.8.8.8:53 50.201.222.52.in-addr.arpa udp
US 162.159.138.60:443 player.vimeo.com tcp
US 8.8.8.8:53 f.vimeocdn.com udp
US 8.8.8.8:53 i.vimeocdn.com udp
US 8.8.8.8:53 fresnel.vimeocdn.com udp
US 151.101.192.217:443 i.vimeocdn.com tcp
US 151.101.194.109:443 f.vimeocdn.com tcp
US 8.8.8.8:53 csp-reporting.cloudflare.com udp
US 34.120.202.204:443 fresnel.vimeocdn.com tcp
US 151.101.194.109:443 f.vimeocdn.com tcp
US 151.101.194.109:443 f.vimeocdn.com tcp
US 104.18.21.157:443 csp-reporting.cloudflare.com tcp
US 8.8.8.8:53 60.138.159.162.in-addr.arpa udp
US 8.8.8.8:53 154.239.44.20.in-addr.arpa udp
US 8.8.8.8:53 217.192.101.151.in-addr.arpa udp
US 8.8.8.8:53 109.194.101.151.in-addr.arpa udp
US 8.8.8.8:53 204.202.120.34.in-addr.arpa udp
US 8.8.8.8:53 157.21.18.104.in-addr.arpa udp
US 8.8.8.8:53 133.194.101.151.in-addr.arpa udp
US 8.8.8.8:53 player-telemetry.vimeo.com udp
US 34.120.202.204:443 player-telemetry.vimeo.com tcp
US 8.8.8.8:53 1660550734-files.gitbook.io udp
US 8.8.8.8:53 3.178.250.142.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 241.150.49.20.in-addr.arpa udp
US 8.8.8.8:53 197.87.175.4.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 217.72.21.2.in-addr.arpa udp
US 8.8.8.8:53 43.229.111.52.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 ba6ef346187b40694d493da98d5da979
SHA1 643c15bec043f8673943885199bb06cd1652ee37
SHA256 d86eec91f295dfda8ed1c5fa99de426f2fe359282c7ebf67e3a40be739475d73
SHA512 2e6cc97330be8868d4b9c53be7e12c558f6eb1ac2c4080a611ba6c43561d0c5bb4791b8a11a8c2371599f0ba73ed1d9a7a2ea6dee2ae6a080f1912e0cb1f656c

\??\pipe\LOCAL\crashpad_872_JMLEHAOGOKCBVMLL

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 b8880802fc2bb880a7a869faa01315b0
SHA1 51d1a3fa2c272f094515675d82150bfce08ee8d3
SHA256 467b8cd4aacac66557712f9843023dcedefcc26efc746f3e44157bc8dac73812
SHA512 e1c6dba2579357ba70de58968b167d2c529534d24bff70568144270c48ac18a48ee2af2d58d78ae741e5a36958fa78a57955bd2456f1df00b781fc1002e123d2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 2d3ba8c86c62cca9385ec4748df921d2
SHA1 331c4ca7e8a21f859abd79bd8630bca00c5da606
SHA256 c3156b7fda24f8eb97c26bb5f97c3a8cc01d87edebf5c60541d03d7c03e3ab88
SHA512 df676a10c01cc408afe47a10436ee5207f80b7daa6f902d48ddeb272b5b3993c9f0bae86dca7a7670bba9fd2a778afc968b236d8bbf1bcdca36b538bf369c776

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 206702161f94c5cd39fadd03f4014d98
SHA1 bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA256 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA512 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 04815a5d00c904d3d59b82d31bb8bcec
SHA1 f6c7b133e4df138a4cdf9a177d656784b4b6fa31
SHA256 923ab238b1f27ee1570d0053ae6b67d86d9426a4c45186b21add75cd9ca6692f
SHA512 0ce4a55822274854de5c08470a8c4640d28ea67132a324d8406552df21f815fc1ef1cbbb408ce360da9a1b91006379f403d5217e4cadcc2e508e7043877d075b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 4d57ab875b58ec92a91e612b1a9e76fd
SHA1 f867489c2f845431ebf0318b21108afc544c6f1b
SHA256 568bdcc3aaffc358ff829560d19b3cf01269573282593c7cf5ae51f8b841816f
SHA512 b6bd2d4d59ba48561de0f09eb3eafffe1112b4665ed5ed9035181a5ce66c3c9d14ce3dd08334b3efaa0342a1575bad6cf040de0969805d4f557095b49902a608

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 1ee38022f2ce85dfae408e4ce01670ae
SHA1 6434dea398c3abaa938385eb4fe4a3822ab37f54
SHA256 73d0c2a18911eae525ad4c748013a15d463a98ee3dc6b71fb5aff717eded81ad
SHA512 92c93953b9365c53570d5c2b3f539f40a7fd2486d4a6cd7238bf780ae48f348f57acf33ea9713b51cc6e4109ca322c0cf287042f509f551346b5781b0aea3a0f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 665d13f7e37c48c787a0fcb618677b78
SHA1 501b0986dd493ce0c7081df943056109fb20594c
SHA256 941349af146261a2d031c1d836d4f3c0f1d97562b1df10164ce9f5aec0a7e159
SHA512 0a1412adb9012b5d47e6105c25163fc9e66eaaa70aba4eebf99ba5302de0651e6d4c776c1457dd6e0854ab9e85d5c0822b176f4fe2572fef86faf487d4b67125

Analysis: behavioral15

Detonation Overview

Submitted

2024-11-21 08:37

Reported

2024-11-21 08:40

Platform

win7-20241023-en

Max time kernel

119s

Max time network

122s

Command Line

cmd /c "C:\Users\Admin\AppData\Local\Temp\node_modules\.bin\mkdirp.cmd"

Signatures

N/A

Processes

C:\Windows\system32\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\node_modules\.bin\mkdirp.cmd"

Network

N/A

Files

N/A

Analysis: behavioral20

Detonation Overview

Submitted

2024-11-21 08:37

Reported

2024-11-21 08:40

Platform

debian9-mipsel-20240418-en

Max time kernel

0s

Command Line

[/tmp/node_modules/.bin/mkdirp.ps1]

Signatures

N/A

Processes

/tmp/node_modules/.bin/mkdirp.ps1

[/tmp/node_modules/.bin/mkdirp.ps1]

/usr/local/sbin/pwsh

[pwsh /tmp/node_modules/.bin/mkdirp.ps1]

/usr/local/bin/pwsh

[pwsh /tmp/node_modules/.bin/mkdirp.ps1]

/usr/sbin/pwsh

[pwsh /tmp/node_modules/.bin/mkdirp.ps1]

/usr/bin/pwsh

[pwsh /tmp/node_modules/.bin/mkdirp.ps1]

/sbin/pwsh

[pwsh /tmp/node_modules/.bin/mkdirp.ps1]

/bin/pwsh

[pwsh /tmp/node_modules/.bin/mkdirp.ps1]

Network

N/A

Files

N/A

Analysis: behavioral25

Detonation Overview

Submitted

2024-11-21 08:37

Reported

2024-11-21 08:40

Platform

win7-20240903-en

Max time kernel

120s

Max time network

121s

Command Line

cmd /c "C:\Users\Admin\AppData\Local\Temp\node_modules\.bin\rimraf.cmd"

Signatures

N/A

Processes

C:\Windows\system32\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\node_modules\.bin\rimraf.cmd"

Network

N/A

Files

N/A

Analysis: behavioral8

Detonation Overview

Submitted

2024-11-21 08:37

Reported

2024-11-21 08:40

Platform

win10v2004-20241007-en

Max time kernel

145s

Max time network

146s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\dialog\dialog.html

Signatures

Browser Information Discovery

discovery

Enumerates system info in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3080 wrote to memory of 1708 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3080 wrote to memory of 1708 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3080 wrote to memory of 4560 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3080 wrote to memory of 4560 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3080 wrote to memory of 4560 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3080 wrote to memory of 4560 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3080 wrote to memory of 4560 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3080 wrote to memory of 4560 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3080 wrote to memory of 4560 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3080 wrote to memory of 4560 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3080 wrote to memory of 4560 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3080 wrote to memory of 4560 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3080 wrote to memory of 4560 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3080 wrote to memory of 4560 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3080 wrote to memory of 4560 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3080 wrote to memory of 4560 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3080 wrote to memory of 4560 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3080 wrote to memory of 4560 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3080 wrote to memory of 4560 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3080 wrote to memory of 4560 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3080 wrote to memory of 4560 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3080 wrote to memory of 4560 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3080 wrote to memory of 4560 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3080 wrote to memory of 4560 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3080 wrote to memory of 4560 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3080 wrote to memory of 4560 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3080 wrote to memory of 4560 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3080 wrote to memory of 4560 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3080 wrote to memory of 4560 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3080 wrote to memory of 4560 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3080 wrote to memory of 4560 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3080 wrote to memory of 4560 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3080 wrote to memory of 4560 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3080 wrote to memory of 4560 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3080 wrote to memory of 4560 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3080 wrote to memory of 4560 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3080 wrote to memory of 4560 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3080 wrote to memory of 4560 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3080 wrote to memory of 4560 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3080 wrote to memory of 4560 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3080 wrote to memory of 4560 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3080 wrote to memory of 4560 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3080 wrote to memory of 1612 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3080 wrote to memory of 1612 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3080 wrote to memory of 2976 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3080 wrote to memory of 2976 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3080 wrote to memory of 2976 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3080 wrote to memory of 2976 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3080 wrote to memory of 2976 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3080 wrote to memory of 2976 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3080 wrote to memory of 2976 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3080 wrote to memory of 2976 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3080 wrote to memory of 2976 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3080 wrote to memory of 2976 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3080 wrote to memory of 2976 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3080 wrote to memory of 2976 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3080 wrote to memory of 2976 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3080 wrote to memory of 2976 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3080 wrote to memory of 2976 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3080 wrote to memory of 2976 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3080 wrote to memory of 2976 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3080 wrote to memory of 2976 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3080 wrote to memory of 2976 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3080 wrote to memory of 2976 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\dialog\dialog.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe1a8f46f8,0x7ffe1a8f4708,0x7ffe1a8f4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1380,7452446756705426381,14519056970763498264,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2196 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1380,7452446756705426381,14519056970763498264,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2248 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1380,7452446756705426381,14519056970763498264,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2908 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1380,7452446756705426381,14519056970763498264,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3252 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1380,7452446756705426381,14519056970763498264,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1380,7452446756705426381,14519056970763498264,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5240 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1380,7452446756705426381,14519056970763498264,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5240 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1380,7452446756705426381,14519056970763498264,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5236 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1380,7452446756705426381,14519056970763498264,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5372 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1380,7452446756705426381,14519056970763498264,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4160 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1380,7452446756705426381,14519056970763498264,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3472 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1380,7452446756705426381,14519056970763498264,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3084 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 97.17.167.52.in-addr.arpa udp
US 8.8.8.8:53 120.250.22.2.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 0.159.190.20.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 50.23.12.20.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 92.12.20.2.in-addr.arpa udp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp
US 8.8.8.8:53 14.227.111.52.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 f426165d1e5f7df1b7a3758c306cd4ae
SHA1 59ef728fbbb5c4197600f61daec48556fec651c1
SHA256 b68dfc21866d0abe5c75d70acc54670421fa9b26baf98af852768676a901b841
SHA512 8d437fcb85acb0705bf080141e7a021740901248985a76299ea8c43e46ad78fb88c738322cf302f6a550caa5e79d85b36827e9b329b1094521b17cf638c015b6

\??\pipe\LOCAL\crashpad_3080_NYYIYBXSHVAGFUZN

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 6960857d16aadfa79d36df8ebbf0e423
SHA1 e1db43bd478274366621a8c6497e270d46c6ed4f
SHA256 f40b812ce44e391423eb66602ac0af138a1e948aa8c4116045fef671ef21cd32
SHA512 6deb2a63055a643759dd0ae125fb2f68ec04a443dbf8b066a812b42352bbcfa4517382ed0910c190c986a864559c3453c772e153ee2e9432fb2de2e1e49ca7fe

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 6c732e1019fc41159736fe2d984757b6
SHA1 d280ae9f30afbef4fc5dea7dff3db75594f094a8
SHA256 a14f81af511902dc6c810edf3888af122a19114a04d7d1360085a3df47006cf5
SHA512 d294c64404a0865c99902950e8fdcd259cf306085b4e9a06ad9dfdce14b8e7313c4cbb1d78549d48fc52526a0f9270a3f045c00fa42d52115721aabed010db5d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 01c01d30b35658a5c098bafcbe2114a1
SHA1 7ba07f2954dcd64f4c8d65a97a72337dd6106f66
SHA256 cf0835fd5727ca7d625ecf836d083538a592c6caf4f9bfbb0c4ed04eb78aba20
SHA512 98a3c4fe732992459a93e479d68b5c4d7babe14972d70f5b7bd58c006cd916149203cf38ab3888df3fc025f67e967d8e2123a161ffd2e9ca6e8688de69125663

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 1968e6d38743c5d8b5e81e89ab655404
SHA1 1137f14bd964e21d4e7e9021456e2b61520bcd67
SHA256 48ca47a1aa365757f2c6b8e8a91fbc1c8a0a79948ec373bb7cc4f570ddec1044
SHA512 a9e1a051af8c9bf2c36c75dcee493660dfdd58e1c216d5c3db811f493a94a731b1a2f17c26edc8211a874545751d7adf6d0a47b6e74f8036577db41cf64c9a80

Analysis: behavioral10

Detonation Overview

Submitted

2024-11-21 08:37

Reported

2024-11-21 08:40

Platform

win10v2004-20241007-en

Max time kernel

94s

Max time network

145s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\dialog\js\dialog.js

Signatures

Command and Scripting Interpreter: JavaScript

execution

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\dialog\js\dialog.js

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 97.17.167.52.in-addr.arpa udp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 154.239.44.20.in-addr.arpa udp
US 8.8.8.8:53 209.205.72.20.in-addr.arpa udp
US 8.8.8.8:53 50.23.12.20.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 200.163.202.172.in-addr.arpa udp
US 8.8.8.8:53 92.12.20.2.in-addr.arpa udp
US 8.8.8.8:53 120.250.22.2.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 14.227.111.52.in-addr.arpa udp

Files

N/A

Analysis: behavioral19

Detonation Overview

Submitted

2024-11-21 08:37

Reported

2024-11-21 08:40

Platform

debian9-mipsbe-20240611-en

Max time kernel

0s

Command Line

[/tmp/node_modules/.bin/mkdirp.ps1]

Signatures

N/A

Processes

/tmp/node_modules/.bin/mkdirp.ps1

[/tmp/node_modules/.bin/mkdirp.ps1]

/usr/local/sbin/pwsh

[pwsh /tmp/node_modules/.bin/mkdirp.ps1]

/usr/local/bin/pwsh

[pwsh /tmp/node_modules/.bin/mkdirp.ps1]

/usr/sbin/pwsh

[pwsh /tmp/node_modules/.bin/mkdirp.ps1]

/usr/bin/pwsh

[pwsh /tmp/node_modules/.bin/mkdirp.ps1]

/sbin/pwsh

[pwsh /tmp/node_modules/.bin/mkdirp.ps1]

/bin/pwsh

[pwsh /tmp/node_modules/.bin/mkdirp.ps1]

Network

N/A

Files

N/A

Analysis: behavioral24

Detonation Overview

Submitted

2024-11-21 08:37

Reported

2024-11-21 08:40

Platform

debian9-mipsel-20240611-en

Max time kernel

1s

Command Line

[/tmp/node_modules/.bin/rimraf]

Signatures

Command and Scripting Interpreter: JavaScript

execution
Description Indicator Process Target
N/A N/A /usr/local/sbin/node N/A
N/A N/A /usr/local/bin/node N/A
N/A N/A /usr/sbin/node N/A
N/A N/A /usr/bin/node N/A
N/A N/A /sbin/node N/A
N/A N/A /bin/node N/A

Reads runtime system information

discovery
Description Indicator Process Target
File opened for reading /proc/filesystems /bin/sed N/A

Processes

/tmp/node_modules/.bin/rimraf

[/tmp/node_modules/.bin/rimraf]

/bin/sed

[sed -e s,\\,/,g]

/usr/bin/dirname

[dirname /tmp/node_modules/.bin/rimraf]

/bin/uname

[uname]

/usr/local/sbin/node

[node /tmp/node_modules/.bin/../rimraf/bin.js]

/usr/local/bin/node

[node /tmp/node_modules/.bin/../rimraf/bin.js]

/usr/sbin/node

[node /tmp/node_modules/.bin/../rimraf/bin.js]

/usr/bin/node

[node /tmp/node_modules/.bin/../rimraf/bin.js]

/sbin/node

[node /tmp/node_modules/.bin/../rimraf/bin.js]

/bin/node

[node /tmp/node_modules/.bin/../rimraf/bin.js]

Network

N/A

Files

N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-11-21 08:37

Reported

2024-11-21 08:40

Platform

win10v2004-20241007-en

Max time kernel

145s

Max time network

150s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\custom\about.html

Signatures

Browser Information Discovery

discovery

Enumerates system info in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4236 wrote to memory of 4280 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4236 wrote to memory of 4280 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4236 wrote to memory of 4984 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4236 wrote to memory of 4984 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4236 wrote to memory of 4984 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4236 wrote to memory of 4984 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4236 wrote to memory of 4984 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4236 wrote to memory of 4984 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4236 wrote to memory of 4984 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4236 wrote to memory of 4984 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4236 wrote to memory of 4984 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4236 wrote to memory of 4984 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4236 wrote to memory of 4984 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4236 wrote to memory of 4984 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4236 wrote to memory of 4984 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4236 wrote to memory of 4984 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4236 wrote to memory of 4984 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4236 wrote to memory of 4984 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4236 wrote to memory of 4984 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4236 wrote to memory of 4984 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4236 wrote to memory of 4984 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4236 wrote to memory of 4984 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4236 wrote to memory of 4984 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4236 wrote to memory of 4984 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4236 wrote to memory of 4984 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4236 wrote to memory of 4984 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4236 wrote to memory of 4984 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4236 wrote to memory of 4984 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4236 wrote to memory of 4984 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4236 wrote to memory of 4984 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4236 wrote to memory of 4984 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4236 wrote to memory of 4984 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4236 wrote to memory of 4984 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4236 wrote to memory of 4984 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4236 wrote to memory of 4984 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4236 wrote to memory of 4984 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4236 wrote to memory of 4984 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4236 wrote to memory of 4984 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4236 wrote to memory of 4984 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4236 wrote to memory of 4984 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4236 wrote to memory of 4984 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4236 wrote to memory of 4984 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4236 wrote to memory of 208 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4236 wrote to memory of 208 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4236 wrote to memory of 1388 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4236 wrote to memory of 1388 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4236 wrote to memory of 1388 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4236 wrote to memory of 1388 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4236 wrote to memory of 1388 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4236 wrote to memory of 1388 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4236 wrote to memory of 1388 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4236 wrote to memory of 1388 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4236 wrote to memory of 1388 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4236 wrote to memory of 1388 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4236 wrote to memory of 1388 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4236 wrote to memory of 1388 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4236 wrote to memory of 1388 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4236 wrote to memory of 1388 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4236 wrote to memory of 1388 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4236 wrote to memory of 1388 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4236 wrote to memory of 1388 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4236 wrote to memory of 1388 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4236 wrote to memory of 1388 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4236 wrote to memory of 1388 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\custom\about.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc30df46f8,0x7ffc30df4708,0x7ffc30df4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2052,6481203900733066411,171316712013850517,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2084 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2052,6481203900733066411,171316712013850517,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2476 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2052,6481203900733066411,171316712013850517,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2972 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,6481203900733066411,171316712013850517,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3352 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,6481203900733066411,171316712013850517,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3356 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2052,6481203900733066411,171316712013850517,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5236 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2052,6481203900733066411,171316712013850517,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5236 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,6481203900733066411,171316712013850517,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4856 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,6481203900733066411,171316712013850517,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4952 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,6481203900733066411,171316712013850517,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4824 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,6481203900733066411,171316712013850517,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5496 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2052,6481203900733066411,171316712013850517,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2876 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 97.17.167.52.in-addr.arpa udp
US 8.8.8.8:53 67.31.126.40.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 241.150.49.20.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 200.163.202.172.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 217.72.21.2.in-addr.arpa udp
US 8.8.8.8:53 29.243.111.52.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 37f660dd4b6ddf23bc37f5c823d1c33a
SHA1 1c35538aa307a3e09d15519df6ace99674ae428b
SHA256 4e2510a1d5a50a94fe4ce0f74932ab780758a8cbdc6d176a9ce8ab92309f26f8
SHA512 807b8b8dc9109b6f78fc63655450bf12b9a006ff63e8f29ade8899d45fdf4a6c068c5c46a3efbc4232b9e1e35d6494f00ded5cdb3e235c8a25023bfbd823992d

\??\pipe\LOCAL\crashpad_4236_UQDUZWNYTLWJGDIX

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 d7cb450b1315c63b1d5d89d98ba22da5
SHA1 694005cd9e1a4c54e0b83d0598a8a0c089df1556
SHA256 38355fd694faf1223518e40bac1996bdceaf44191214b0a23c4334d5fb07d031
SHA512 df04d4f4b77bae447a940b28aeac345b21b299d8d26e28ecbb3c1c9e9a0e07c551e412d545c7dbb147a92c12bad7ae49ac35af021c34b88e2c6c5f7a0b65f6a8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 7c0993ec2750a6af99967312da2b43c1
SHA1 da2d63528e21debd59f4363f145c2c4282b2c268
SHA256 c6a0c6b56eb20035fb25393756aa060cc9b2ff1add46a4f747df86fb2eff02bc
SHA512 a1e53f093e9ff647397d915e2bc7e150a93a43b1f3f3cee86c3ecc29e19c5dcaed6141413cf7a22c15a356086f9c1e4b95eb351cf6a44c4bfd201e9b3aa5b3bc

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 206702161f94c5cd39fadd03f4014d98
SHA1 bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA256 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA512 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\53393ab7-c62b-41d9-ba3a-6ab3bb0c9ce2.tmp

MD5 0def06cedb5df719389482eafbcf07f1
SHA1 4d36944d937af5181d944574fe8088aadf6fed0a
SHA256 428e0778a6e3a158dd33f9059934a636fa70deb005eb97cd6920e46740daebb6
SHA512 9b9c3c241af6e27d5fa9e95b52d9dbd896a6a835737d0ba0f61f828a39f0e5d839e3cf9bfe144ca56a8c41fc63a97dd10aa276f3bd7e551c2da432d4811e690d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 d6a60aef9f267985d4512e2f0e17f69f
SHA1 fbcd1f4317606fe8c1201cb4031109adab0913c7
SHA256 b78f879a72c6ee60440b6ca9472bdb1b16f530acc03aaf68c18b179fbe225341
SHA512 0c597767ab6cd58945c48d60c253c72aecb9c209c5df8d1b7e635c3d29edbd35cb4545eaa01b34cdf28e1803045ca081e1316ea0ead1afcdbe8f7952106bb0bd

Analysis: behavioral17

Detonation Overview

Submitted

2024-11-21 08:37

Reported

2024-11-21 08:40

Platform

ubuntu1804-amd64-20240611-en

Max time kernel

0s

Max time network

132s

Command Line

[/tmp/node_modules/.bin/mkdirp.ps1]

Signatures

N/A

Processes

/tmp/node_modules/.bin/mkdirp.ps1

[/tmp/node_modules/.bin/mkdirp.ps1]

/usr/local/sbin/pwsh

[pwsh /tmp/node_modules/.bin/mkdirp.ps1]

/usr/local/bin/pwsh

[pwsh /tmp/node_modules/.bin/mkdirp.ps1]

/usr/sbin/pwsh

[pwsh /tmp/node_modules/.bin/mkdirp.ps1]

/usr/bin/pwsh

[pwsh /tmp/node_modules/.bin/mkdirp.ps1]

/sbin/pwsh

[pwsh /tmp/node_modules/.bin/mkdirp.ps1]

/bin/pwsh

[pwsh /tmp/node_modules/.bin/mkdirp.ps1]

/snap/bin/pwsh

[pwsh /tmp/node_modules/.bin/mkdirp.ps1]

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 185.125.188.62:443 tcp
GB 185.125.188.62:443 tcp
US 151.101.1.91:443 tcp
US 151.101.1.91:443 tcp
GB 195.181.164.15:443 tcp
US 1.1.1.1:53 1527653184.rsc.cdn77.org udp
US 1.1.1.1:53 1527653184.rsc.cdn77.org udp
GB 89.187.167.38:443 1527653184.rsc.cdn77.org tcp

Files

N/A

Analysis: behavioral23

Detonation Overview

Submitted

2024-11-21 08:37

Reported

2024-11-21 08:40

Platform

debian9-mipsbe-20240418-en

Max time kernel

1s

Command Line

[/tmp/node_modules/.bin/rimraf]

Signatures

Command and Scripting Interpreter: JavaScript

execution
Description Indicator Process Target
N/A N/A /usr/bin/node N/A
N/A N/A /sbin/node N/A
N/A N/A /bin/node N/A
N/A N/A /usr/local/sbin/node N/A
N/A N/A /usr/local/bin/node N/A
N/A N/A /usr/sbin/node N/A

Reads runtime system information

discovery
Description Indicator Process Target
File opened for reading /proc/filesystems /bin/sed N/A

Processes

/tmp/node_modules/.bin/rimraf

[/tmp/node_modules/.bin/rimraf]

/bin/sed

[sed -e s,\\,/,g]

/usr/bin/dirname

[dirname /tmp/node_modules/.bin/rimraf]

/bin/uname

[uname]

/usr/local/sbin/node

[node /tmp/node_modules/.bin/../rimraf/bin.js]

/usr/local/bin/node

[node /tmp/node_modules/.bin/../rimraf/bin.js]

/usr/sbin/node

[node /tmp/node_modules/.bin/../rimraf/bin.js]

/usr/bin/node

[node /tmp/node_modules/.bin/../rimraf/bin.js]

/sbin/node

[node /tmp/node_modules/.bin/../rimraf/bin.js]

/bin/node

[node /tmp/node_modules/.bin/../rimraf/bin.js]

Network

N/A

Files

N/A

Analysis: behavioral29

Detonation Overview

Submitted

2024-11-21 08:37

Reported

2024-11-21 08:40

Platform

debian9-mipsbe-20240418-en

Max time kernel

0s

Command Line

[/tmp/node_modules/.bin/rimraf.ps1]

Signatures

N/A

Processes

/tmp/node_modules/.bin/rimraf.ps1

[/tmp/node_modules/.bin/rimraf.ps1]

/usr/local/sbin/pwsh

[pwsh /tmp/node_modules/.bin/rimraf.ps1]

/usr/local/bin/pwsh

[pwsh /tmp/node_modules/.bin/rimraf.ps1]

/usr/sbin/pwsh

[pwsh /tmp/node_modules/.bin/rimraf.ps1]

/usr/bin/pwsh

[pwsh /tmp/node_modules/.bin/rimraf.ps1]

/sbin/pwsh

[pwsh /tmp/node_modules/.bin/rimraf.ps1]

/bin/pwsh

[pwsh /tmp/node_modules/.bin/rimraf.ps1]

Network

N/A

Files

N/A

Analysis: behavioral3

Detonation Overview

Submitted

2024-11-21 08:37

Reported

2024-11-21 08:40

Platform

win7-20240729-en

Max time kernel

133s

Max time network

129s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\custom\header.html

Signatures

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000001f2c456c20e79f48a04a617814c15f5000000000020000000000106600000001000020000000a5502ae68c471e02004ea5283007af59a0dbd7955b5e5b17575e48ecb4ac442f000000000e80000000020000200000006445db637663bae1792924b6cdeaed6f06d5a07a9b6a5f65b4cdaf21365a32a020000000a2ba415b9e2b42424f469356ecd462ad075630bddbec58c930d9472c99a00d0140000000bf731177fdf6daa6d5f078807af60309faa10fd2048b9e17910230bfbd67d9f7c50af91795ada2fd4e8b5adbb62832ffc217e34467fb5b74be5eeb7d9766ebdc C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 800482b8f03bdb01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "438340137" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000001f2c456c20e79f48a04a617814c15f5000000000020000000000106600000001000020000000e82e221e84d1a5983674b94e33a5e7599e32b425f12f08e4d48883b7a6d500a8000000000e80000000020000200000008c96408033d2969115b32358673209ed61bd8926868f46569840a284b6e3583d90000000c1664f770bbcc306c28a6858678062646ad898ec36deaa023f993b8efc251465b8b4ba2cf83a996428d1e9d2b8afe96278ae50ffd604e6c04a7641800158498a66f824266eddc64d5e578a6152edd1a18c40183f57b2b7f997feaf6ae7d661baeb0bc9ab744a34740aabaf22fa6d08446c1be88e4fcba0361d10a402fba473a634da1f8a524280789ef3f90fd3a2671940000000dfbec0de64ca3c87ab4818bcbbabb396cb648cae957799301fe270525a3a332ccd92f892e1859e3fb92ac5443da6b89a3329dbdcb52ef6bccb6513d1692367b8 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{E4091D01-A7E3-11EF-8B64-E6B33176B75A} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\custom\header.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2464 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp

Files

C:\Users\Admin\AppData\Local\Temp\Cab9263.tmp

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\Local\Temp\Tar92E3.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 274bba4f6586f7ce767a8f308e30133c
SHA1 803bcbb9defdc674a03459b5ab843c3a10611046
SHA256 fdaa0713581f07fbc80307bc680d0d2ea918c99fb18670cae89d516d47dd971e
SHA512 8b6f2bea447b9c9223521b1931290190bd1cb887529ff66083b60ecb7859a0bbc4d1c3a9fbb418013ceb58e1a04366e222fd65feffcb3aa9a27d887b87bfadf5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9b4a68bc40435e0452e9ef11f1ee50f4
SHA1 7e7b34193d7a9c253e7a62412fc9fcef49138981
SHA256 cec473b6976129f9f14b95a3ebba37f9f775bc8ade75749976567b3d42048557
SHA512 455e7ded677f1743b9f58c45942ae9881437963a96153709a61ff21cafd3421189df61f67169d5d0e86206a28956f18e6257a40a79be9abd3094c887b17b2fe7

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 cb8a94dc8f78d4196d2e8cb565064662
SHA1 cb1f93a8ccc8aaeedbb641bb8531f53f115c30aa
SHA256 bfcf4d2574f975f4e2ae610d97fa065c16028199797f2140c982d5431ac6d380
SHA512 0901c680d4f2c6902ee0101a1da4f4010ce15c47caa3e10d2ebbb9a18cb805c3c2ebab800a92f2a9eb8359db1855584289b8246d25f48c3d55add05d3191fee1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7afba214d15b0fbfe83acbbec4e44d6f
SHA1 e8eb0f38c35364a5cce20903870734a484603719
SHA256 5ec45c2cdcaa44bf2b2c067cfaf7dabf310e1660d62fd36d8bea4d2196904692
SHA512 e0051fad3cc9ed4f826306fb2fd310cdde66e96f960b6b24f16e625a6780ca7fb81931bbd1c4f56662ee04a57008d16d3fbcacdee09b82159cde0eb279d44956

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9c6fb13230df0856c8be70a65f703dd5
SHA1 c5a9d620bbf7545607f8e28be975572e95b9885f
SHA256 52b83e55542bff8c2eb1200bb944bd2c3d47430de0888b1574582960a34fc9b9
SHA512 326d0d309bfe280bca0564edd09fd17a4ef82e463f00fa230fe154aff92f220a5259f6e7439600ce0121d440f42f22d31bf7c6fb5bb1ef159a9f5732c4783495

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 afdd21f2a1b819309cab067ae5d6f687
SHA1 8980ef69b582516ef5152a38eb17589755d8c5d0
SHA256 e21d84316f854dad82ae121e100e2c96baec3d1f6f7b1af1fa85b5dfedfe4305
SHA512 cf2acb8c6ddd308e217cdabebb277faa6ad08179387cdfdaa2f1d0c269107bd5855018ccc9bc90b61590291ce200fbeab4a44d72996ffaae31b79368d774cdeb

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 eba9a5ce022f0b823c75afc2b161c6c7
SHA1 8361797fd40fd29fe59920b00a92b2802257b839
SHA256 c371c28400ed3ea7aa91e6234b99b3913eb2a4081582fe3e13a5041c9d96cce4
SHA512 eb1fb3d5624ecc0efd502d6d3e0cb2627fcc9e4581597d01d9a909d4f58328d9067b16c39b76142bb8dbb308c76f4a4017e0ebc84ee704badcbfcc7b968ca321

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 700c1f36cefb6a7c2c3c8822a3a59bb9
SHA1 b344736e7d80751ae8d7ce1acf721717b51c27c7
SHA256 c5c710747fd08639e615f839453626220aa501a647b7cf9e05fa91f28a801f07
SHA512 6fb3dee6f3230b2ec2c2532f9ed6e989c17aa81bd40345d972cc35ec01e4168ae1095164b02d3751f6897f746a216c4a5ef4ffb517fea93326385e95536fcf19

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6bccd701b24cb4e8529a7c39d98f4754
SHA1 585477015ae70c278e1602755da24b585619331f
SHA256 87f6ad37c56c2097a9fd851e03147be6aba37ae53e5cf14bf6ace38d86497909
SHA512 e9182b3f0a8f5b44c8dd27b00de613353e6e5891620d1bd2963198dc697ef5292c4d7f3ae9d741140f8b359a6810720afbc5e096355e77e582af89c68476ec15

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a294c0a0d8c6595aba7d58fa3caa8169
SHA1 a31eff77cd279fec13f0dcddcd8cae0634233ed5
SHA256 96d7a4f23ccbef8baf33d30841853100f5f141337636449e9f196512bb418113
SHA512 cd134a91476400c1e5378ac40e0e2220d335ceed0c2a3bac7b13c632ebba69c64d048d1da57a32092f8ccdaec73b3690c66472f18a7408bd2344f7f985093678

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9ba0e62030212ee14e1a17ad9788836e
SHA1 2babf01b32d367810697a862f0d502d8967de867
SHA256 b6adb4c9480aef1d6606c320b35bf4bb7a799e5db134f809e1385e32954ea8f3
SHA512 16573b2ce22a74067c9bc1a19bc59f1944d5567a9b468a16c48922495770f8e5c086449e54ba7147f5d27a6f3473af7d4c6b109c5703942dd7f44daf88197f4f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c808dbe2c84cb96f66c59f0690d60484
SHA1 14321519dba2eb16c959d3ef0106c10d2e51eeb7
SHA256 095415d3b1721401861307755bfc34abaf412187532cd7fad52a335e75c35886
SHA512 44180e0a04d3659bee50cf27bbaf34c54a2acb09f749d3e72b86e4c4f8517173239fbea4734115b051e5283b60ea93796af3aeb9a4f48baac3778dd69ed55018

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5441485b92b9d54cdb864c71e3fc0e4e
SHA1 305f6427bf8a3c3b3095760dd75da220065c92da
SHA256 ba01049e781d51ec441cfc90611afbad6d83cff236820245788e6e3aca0ffa17
SHA512 adea5e82377cc396a8507bf4c530df42d709ddd5b46bd00386ef3d45352318359f633a81dc39bc30c6c3629e2099bd7eedc9bfed7141a2f1c41c8d2e58c0052a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4b92980bdf0bc7bb7cdd5fcb2bc499b9
SHA1 7f8700dc9a284e4aad49c93a8fdda8ce991e42de
SHA256 0bc28a32df7efdb6b1123ac6bd8bb0b7d4852038c2216612a961b1781991140f
SHA512 fa50f3ff946a855af110930cbbd6d4104dc1641924847595ab022f6d9eaf56f4499f67c9b5853a6c0f0fa36cfbf1ba21fe271d8f5d64c40c2462852cda26f3b9

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 00cb829bcfb54bd82358d1016d5ad310
SHA1 f8929b38bf536aba6ab901f1f1720d763fee9dc2
SHA256 aa1646ae2f2c05c71f096db32472c9b394c561098e023d82b33790a0e13d16be
SHA512 ea4aad2f1f901b1b383dc4153fa5fb919a270358bf7f29ebad1d23e8d54e8b3d9345b3f3adece22531f607d352b17a102d165098e2d38ba9f4e384c6b98d077e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1a8bf1006a5301e15fe8a33755ce3bf6
SHA1 d3f08de07b76befd86830416fb8ec343b53394e8
SHA256 d4e1cbd0071a409ef3ed8ebb023b1a1cf76a33ebbdfb25556e5f59b42a93ee29
SHA512 c94bc2a36362fa95f7579eb57eec695532c275ec7ff78961c2cbf3e9328a54f0f8818f7a7cd1771ca73448347f60882b9a20b5269fa81b8dae9c47702d5ec8ba

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5ba957a1911dcd0e6fedbc9e3451eac1
SHA1 fe73f95dbc17a7d5157d707f9840a8539d5352f6
SHA256 e8e56654ac400002e90918450e1190bc62aad12a1505e722ef051ed9d4f8a7a4
SHA512 ef0f43a5dd5e608bbbd31900b8c59aae0ac5873c5ad301e988a60d11a50951b3048a9ad5fa4c82c3b0c0527917a364ec79bd1e01fb64c78b96abaf05c444d5b3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e76fa33bd8cace75f42f53d7649b63b0
SHA1 4f4ceaa442356d2035bea07723064be3e5458c62
SHA256 84d5993f7e08e8f698ef64ee4e86cb4b747be6e0de5703670062848a7d1b1e79
SHA512 e550cf487a2c388ba1673a95df61d5f88ff0707ea314934baa3a6ac1af982304252ea9dedb1189f3c0339d09d2508c62b9d87236760dd6faa730f968d02c4d2e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 fae4df1cc69bb3b8996c1b378e924a93
SHA1 327ad53c5483feb2393f30db608766b5d7fae001
SHA256 7d3ab8d0fd6d617e53b8461771ede23d850549745b767be65a1d2f28fa8f0e16
SHA512 f5242598a77b4c8040cfd96aced89a315a21409418fa30f513fc8c02a617404194b9af18695e3e8f93af23a97d6a2951e81692505c83e91a163315a53cd87f26

Analysis: behavioral4

Detonation Overview

Submitted

2024-11-21 08:37

Reported

2024-11-21 08:40

Platform

win10v2004-20241007-en

Max time kernel

149s

Max time network

151s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\custom\header.html

Signatures

Browser Information Discovery

discovery

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3312 wrote to memory of 2776 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3312 wrote to memory of 2776 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3312 wrote to memory of 4172 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3312 wrote to memory of 4172 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3312 wrote to memory of 4172 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3312 wrote to memory of 4172 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3312 wrote to memory of 4172 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3312 wrote to memory of 4172 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3312 wrote to memory of 4172 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3312 wrote to memory of 4172 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3312 wrote to memory of 4172 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3312 wrote to memory of 4172 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3312 wrote to memory of 4172 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3312 wrote to memory of 4172 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3312 wrote to memory of 4172 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3312 wrote to memory of 4172 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3312 wrote to memory of 4172 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3312 wrote to memory of 4172 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3312 wrote to memory of 4172 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3312 wrote to memory of 4172 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3312 wrote to memory of 4172 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3312 wrote to memory of 4172 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3312 wrote to memory of 4172 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3312 wrote to memory of 4172 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3312 wrote to memory of 4172 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3312 wrote to memory of 4172 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3312 wrote to memory of 4172 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3312 wrote to memory of 4172 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3312 wrote to memory of 4172 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3312 wrote to memory of 4172 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3312 wrote to memory of 4172 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3312 wrote to memory of 4172 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3312 wrote to memory of 4172 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3312 wrote to memory of 4172 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3312 wrote to memory of 4172 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3312 wrote to memory of 4172 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3312 wrote to memory of 4172 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3312 wrote to memory of 4172 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3312 wrote to memory of 4172 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3312 wrote to memory of 4172 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3312 wrote to memory of 4172 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3312 wrote to memory of 4172 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3312 wrote to memory of 4856 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3312 wrote to memory of 4856 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3312 wrote to memory of 2996 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3312 wrote to memory of 2996 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3312 wrote to memory of 2996 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3312 wrote to memory of 2996 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3312 wrote to memory of 2996 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3312 wrote to memory of 2996 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3312 wrote to memory of 2996 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3312 wrote to memory of 2996 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3312 wrote to memory of 2996 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3312 wrote to memory of 2996 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3312 wrote to memory of 2996 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3312 wrote to memory of 2996 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3312 wrote to memory of 2996 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3312 wrote to memory of 2996 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3312 wrote to memory of 2996 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3312 wrote to memory of 2996 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3312 wrote to memory of 2996 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3312 wrote to memory of 2996 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3312 wrote to memory of 2996 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3312 wrote to memory of 2996 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\custom\header.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x104,0x108,0x10c,0xd8,0x110,0x7ffb91b646f8,0x7ffb91b64708,0x7ffb91b64718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,6964397209465136235,5943078694917793751,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2152 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2124,6964397209465136235,5943078694917793751,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2272 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2124,6964397209465136235,5943078694917793751,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2824 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,6964397209465136235,5943078694917793751,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3160 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,6964397209465136235,5943078694917793751,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3196 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2124,6964397209465136235,5943078694917793751,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5116 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2124,6964397209465136235,5943078694917793751,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5116 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,6964397209465136235,5943078694917793751,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4684 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,6964397209465136235,5943078694917793751,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5208 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,6964397209465136235,5943078694917793751,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5196 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,6964397209465136235,5943078694917793751,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4668 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,6964397209465136235,5943078694917793751,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2268 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 97.17.167.52.in-addr.arpa udp
US 8.8.8.8:53 23.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 154.239.44.20.in-addr.arpa udp
US 8.8.8.8:53 50.23.12.20.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 107.12.20.2.in-addr.arpa udp
US 8.8.8.8:53 101.209.201.84.in-addr.arpa udp
US 8.8.8.8:53 23.236.111.52.in-addr.arpa udp
US 8.8.8.8:53 109.116.69.13.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 e443ee4336fcf13c698b8ab5f3c173d0
SHA1 9bf70b16f03820cbe3158e1f1396b07b8ac9d75a
SHA256 79e277da2074f9467e0518f0f26ca2ba74914bee82553f935a0ccf64a0119e8b
SHA512 cbf6f6aa0ea69b47f51592296da2b7be1180e7b483c61b4d17ba9ee1a2d3345cbe0987b96f4e25de1438b553db358f330aad8a26e8522601f055c3d5a8313cdd

\??\pipe\LOCAL\crashpad_3312_HMPOKAIKCRKQDSDK

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 56a4f78e21616a6e19da57228569489b
SHA1 21bfabbfc294d5f2aa1da825c5590d760483bc76
SHA256 d036661e765ee8fd18978a2b5501e8df6b220e4bca531d9860407555294c96fb
SHA512 c2c3cd1152bb486028fe75ab3ce0d0bc9d64c4ca7eb8860ddd934b2f6e0140d2c913af4fa082b88e92a6a6d20fd483a1cb9813209f371a0f56374bc97d7f863b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 b28488ac991017557ffa3a35dc868dd7
SHA1 dcbcbcc704c1475ae698312783ae134f7e565b40
SHA256 7fa4f9b75b4ebf1647fd6d9b32b460b365dd87fbf0512ea73660cbcec350363a
SHA512 d9bfc6cb8c111e13c46bbdcf0ef4727587fab3bf06a5f9cd1a2f99f442647ee20dcd90501000a6eb102d038b400a98da09c18140553ac8f39bc691cb4b11aa16

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 206702161f94c5cd39fadd03f4014d98
SHA1 bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA256 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA512 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 d29b6574514f1dc5df5849c4c8a8e6f7
SHA1 0e478471ec9d593213a102de86ef8f525f303073
SHA256 a40b20e8e90441892e9b969d3229aa54503993708efdf1ef82057abf969ad3d7
SHA512 a508a5c840ddf8b6bc2ff5c49a36410626ce06e31d74a67ccd47ed18678974eda95ee2a74548fb9fdbbc1ed26ef620e1162c5ca188402a3e727f58e7125d757e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 7482a5862a05894c349557c3cc38f601
SHA1 beae87de5dda1e43a090509026c11bba6529e404
SHA256 71787f5c2b7bd473dad47c1d12c2906577c78e2d594d9196e9e46276fb91fc79
SHA512 c09efd563a9cfebb69b2bb510ac732df7d83677b0895cd967bc702b072756708d20d5875677702638bf8ca46352332dc8e87a91309e2030c5b619b4d309efbaf

Analysis: behavioral18

Detonation Overview

Submitted

2024-11-21 08:37

Reported

2024-11-21 08:40

Platform

debian9-armhf-20240729-en

Max time kernel

0s

Command Line

[/tmp/node_modules/.bin/mkdirp.ps1]

Signatures

N/A

Processes

/tmp/node_modules/.bin/mkdirp.ps1

[/tmp/node_modules/.bin/mkdirp.ps1]

/usr/local/sbin/pwsh

[pwsh /tmp/node_modules/.bin/mkdirp.ps1]

/usr/local/bin/pwsh

[pwsh /tmp/node_modules/.bin/mkdirp.ps1]

/usr/sbin/pwsh

[pwsh /tmp/node_modules/.bin/mkdirp.ps1]

/usr/bin/pwsh

[pwsh /tmp/node_modules/.bin/mkdirp.ps1]

/sbin/pwsh

[pwsh /tmp/node_modules/.bin/mkdirp.ps1]

/bin/pwsh

[pwsh /tmp/node_modules/.bin/mkdirp.ps1]

Network

N/A

Files

N/A

Analysis: behavioral21

Detonation Overview

Submitted

2024-11-21 08:37

Reported

2024-11-21 08:40

Platform

ubuntu1804-amd64-20240611-en

Max time kernel

0s

Max time network

132s

Command Line

[/tmp/node_modules/.bin/rimraf]

Signatures

Command and Scripting Interpreter: JavaScript

execution
Description Indicator Process Target
N/A N/A /usr/local/bin/node N/A
N/A N/A /usr/sbin/node N/A
N/A N/A /usr/bin/node N/A
N/A N/A /usr/local/sbin/node N/A

Enumerates kernel/hardware configuration

discovery
Description Indicator Process Target
File opened for reading /sys/fs/cgroup/memory/memory.limit_in_bytes /usr/bin/node N/A

Reads runtime system information

discovery
Description Indicator Process Target
File opened for reading /proc/filesystems /bin/sed N/A
File opened for reading /proc/meminfo /usr/bin/node N/A

Processes

/tmp/node_modules/.bin/rimraf

[/tmp/node_modules/.bin/rimraf]

/bin/sed

[sed -e s,\\,/,g]

/usr/bin/dirname

[dirname /tmp/node_modules/.bin/rimraf]

/bin/uname

[uname]

/usr/local/sbin/node

[node /tmp/node_modules/.bin/../rimraf/bin.js]

/usr/local/bin/node

[node /tmp/node_modules/.bin/../rimraf/bin.js]

/usr/sbin/node

[node /tmp/node_modules/.bin/../rimraf/bin.js]

/usr/bin/node

[node /tmp/node_modules/.bin/../rimraf/bin.js]

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 185.125.188.62:443 tcp
GB 185.125.188.62:443 tcp
US 151.101.1.91:443 tcp
US 151.101.1.91:443 tcp
GB 195.181.164.14:443 tcp
US 1.1.1.1:53 1527653184.rsc.cdn77.org udp
US 1.1.1.1:53 1527653184.rsc.cdn77.org udp
GB 84.17.50.8:443 1527653184.rsc.cdn77.org tcp

Files

N/A

Analysis: behavioral27

Detonation Overview

Submitted

2024-11-21 08:37

Reported

2024-11-21 08:40

Platform

ubuntu1804-amd64-20240611-en

Max time kernel

0s

Max time network

131s

Command Line

[/tmp/node_modules/.bin/rimraf.ps1]

Signatures

N/A

Processes

/tmp/node_modules/.bin/rimraf.ps1

[/tmp/node_modules/.bin/rimraf.ps1]

/usr/local/sbin/pwsh

[pwsh /tmp/node_modules/.bin/rimraf.ps1]

/usr/local/bin/pwsh

[pwsh /tmp/node_modules/.bin/rimraf.ps1]

/usr/sbin/pwsh

[pwsh /tmp/node_modules/.bin/rimraf.ps1]

/usr/bin/pwsh

[pwsh /tmp/node_modules/.bin/rimraf.ps1]

/sbin/pwsh

[pwsh /tmp/node_modules/.bin/rimraf.ps1]

/bin/pwsh

[pwsh /tmp/node_modules/.bin/rimraf.ps1]

/snap/bin/pwsh

[pwsh /tmp/node_modules/.bin/rimraf.ps1]

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 185.125.188.62:443 tcp
GB 185.125.188.62:443 tcp
US 151.101.193.91:443 tcp
US 151.101.193.91:443 tcp
GB 195.181.164.14:443 tcp

Files

N/A

Analysis: behavioral11

Detonation Overview

Submitted

2024-11-21 08:37

Reported

2024-11-21 08:40

Platform

ubuntu1804-amd64-20240611-en

Max time kernel

0s

Max time network

129s

Command Line

[/tmp/node_modules/.bin/mkdirp]

Signatures

Command and Scripting Interpreter: JavaScript

execution
Description Indicator Process Target
N/A N/A /usr/local/sbin/node N/A
N/A N/A /usr/local/bin/node N/A
N/A N/A /usr/sbin/node N/A
N/A N/A /usr/bin/node N/A

Enumerates kernel/hardware configuration

discovery
Description Indicator Process Target
File opened for reading /sys/fs/cgroup/memory/memory.limit_in_bytes /usr/bin/node N/A

Reads runtime system information

discovery
Description Indicator Process Target
File opened for reading /proc/filesystems /bin/sed N/A
File opened for reading /proc/meminfo /usr/bin/node N/A

Processes

/tmp/node_modules/.bin/mkdirp

[/tmp/node_modules/.bin/mkdirp]

/bin/sed

[sed -e s,\\,/,g]

/usr/bin/dirname

[dirname /tmp/node_modules/.bin/mkdirp]

/bin/uname

[uname]

/usr/local/sbin/node

[node /tmp/node_modules/.bin/../mkdirp/bin/cmd.js]

/usr/local/bin/node

[node /tmp/node_modules/.bin/../mkdirp/bin/cmd.js]

/usr/sbin/node

[node /tmp/node_modules/.bin/../mkdirp/bin/cmd.js]

/usr/bin/node

[node /tmp/node_modules/.bin/../mkdirp/bin/cmd.js]

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 185.125.188.62:443 tcp
GB 185.125.188.62:443 tcp
US 151.101.1.91:443 tcp
US 151.101.1.91:443 tcp
GB 195.181.164.14:443 tcp

Files

N/A

Analysis: behavioral30

Detonation Overview

Submitted

2024-11-21 08:37

Reported

2024-11-21 08:40

Platform

debian9-mipsel-20240611-en

Max time kernel

0s

Command Line

[/tmp/node_modules/.bin/rimraf.ps1]

Signatures

N/A

Processes

/tmp/node_modules/.bin/rimraf.ps1

[/tmp/node_modules/.bin/rimraf.ps1]

/usr/local/sbin/pwsh

[pwsh /tmp/node_modules/.bin/rimraf.ps1]

/usr/local/bin/pwsh

[pwsh /tmp/node_modules/.bin/rimraf.ps1]

/usr/sbin/pwsh

[pwsh /tmp/node_modules/.bin/rimraf.ps1]

/usr/bin/pwsh

[pwsh /tmp/node_modules/.bin/rimraf.ps1]

/sbin/pwsh

[pwsh /tmp/node_modules/.bin/rimraf.ps1]

/bin/pwsh

[pwsh /tmp/node_modules/.bin/rimraf.ps1]

Network

N/A

Files

N/A