Analysis Overview
SHA256
41f127af78fa1c2c451e20a4a19f4433552bea2e9edd38b3ae151b3919127d5f
Threat Level: Likely benign
The file 15165e99f522e6255ba56cfdfa7ee9d3_JaffaCakes118 was found to be: Likely benign.
Malicious Activity Summary
Detected potential entity reuse from brand microsoft.
Suspicious use of FindShellTrayWindow
Enumerates system info in registry
Suspicious behavior: EnumeratesProcesses
Modifies Internet Explorer settings
Suspicious use of WriteProcessMemory
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-05-05 00:06
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-05-05 00:06
Reported
2024-05-05 00:08
Platform
win7-20240221-en
Max time kernel
134s
Max time network
127s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = d05a1321809eda01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000e861098c19b4244d8627ee4664a9606900000000020000000000106600000001000020000000cef3d1d8a3a1aa09b95477e48f18e90e8b7b9f783cdfd37ba5a297a0be2a3316000000000e8000000002000020000000eee4ccd65fa5d98ff1c19da041219e27d1213e9aee28e2765b47cea4fe9d13a12000000000fef13094b6a0b29385db059687813a3f1767c43fb55e342fccbfff15ede12a40000000010fba4c3d85af06c89c2ca8449f0969ebe48df2c48804aa83c3c9ff3a1c989f9d50c80948c9f61c9fa66ee7a5926bd8bb8dbb94f32625054ea9a3dfde1f6a5b | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000e861098c19b4244d8627ee4664a96069000000000200000000001066000000010000200000006704da63768bff5af3e005c42b2637c3634583074cbfa78b6708315637b1d82b000000000e8000000002000020000000ea1add8c9d6de34194dde273537f3a659c39dee14d2478ff05c7aade96e82c40900000009d6d9f9f2c9efffb57ea7a0ad21aec6a17e253f33ab594ddf48c0485df861aee6f030cf8a0dfe784bb61fdd81a8e446e9c33129405a5f4d30c42bb930361c858c7a95f7aa1b370e6ef04f5100e14489b1788fd620e04f81f0478b7a2db7e8375073bc85f1313b9db0fd0b9a02c87d7fa70af265b6fcbb21875d527bfd0412905c591f19a4641b068740a317cac2dc4e64000000096d9a0d9e253e2ca7f7679ae7eb8b11a9d5c1294543d2f4b17e3506c1cafca9d4dd5c72660b9e5d1a74057d43c063d1a125abddb8cd72e65332e67587c274588 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{498330D1-0A73-11EF-9387-E25BC60B6402} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "421029442" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 1296 wrote to memory of 2544 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1296 wrote to memory of 2544 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1296 wrote to memory of 2544 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1296 wrote to memory of 2544 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\15165e99f522e6255ba56cfdfa7ee9d3_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1296 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | secure.aadcdn.microsoftonline-p.com | udp |
| US | 8.8.8.8:53 | aadcdn.msauth.net | udp |
| US | 13.107.246.64:443 | aadcdn.msauth.net | tcp |
| US | 13.107.246.64:443 | aadcdn.msauth.net | tcp |
| US | 13.107.246.64:443 | aadcdn.msauth.net | tcp |
| US | 13.107.246.64:443 | aadcdn.msauth.net | tcp |
| US | 13.107.246.64:443 | aadcdn.msauth.net | tcp |
| US | 13.107.246.64:443 | aadcdn.msauth.net | tcp |
| US | 8.8.8.8:53 | portal.microsoftonline.com | udp |
| US | 8.8.8.8:53 | ajax.aspnetcdn.com | udp |
| US | 13.107.6.156:443 | portal.microsoftonline.com | tcp |
| US | 13.107.6.156:443 | portal.microsoftonline.com | tcp |
| US | 152.199.19.160:443 | ajax.aspnetcdn.com | tcp |
| US | 152.199.19.160:443 | ajax.aspnetcdn.com | tcp |
| US | 8.8.8.8:53 | aadcdn.msftauth.net | udp |
| US | 152.199.23.37:443 | aadcdn.msftauth.net | tcp |
| US | 152.199.23.37:443 | aadcdn.msftauth.net | tcp |
| US | 13.107.246.64:443 | aadcdn.msauth.net | tcp |
| US | 13.107.6.156:443 | portal.microsoftonline.com | tcp |
| US | 13.107.246.64:443 | aadcdn.msauth.net | tcp |
| US | 13.107.246.64:443 | aadcdn.msauth.net | tcp |
| US | 13.107.246.64:443 | aadcdn.msauth.net | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\Cab1096.tmp
| MD5 | ac05d27423a85adc1622c714f2cb6184 |
| SHA1 | b0fe2b1abddb97837ea0195be70ab2ff14d43198 |
| SHA256 | c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d |
| SHA512 | 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d |
C:\Users\Admin\AppData\Local\Temp\Tar10AA.tmp
| MD5 | 9c0c641c06238516f27941aa1166d427 |
| SHA1 | 64cd549fb8cf014fcd9312aa7a5b023847b6c977 |
| SHA256 | 4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f |
| SHA512 | 936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
| MD5 | db1d00c8d4aed9e23477029535924cda |
| SHA1 | 2c65908ad49ae34035a3212c7c8c32072be706b2 |
| SHA256 | 72c791b342a217d83eb625194c430bc6778ecffa8fdf0f5a9dc0e72a71d33241 |
| SHA512 | d350043d9e26fbf5ce31de0b929201fdb00195da2ce25a1f8778c728adca9530f2c5f111fbe1d44e55078ac89fab5b07394b30e175898a71e54e3b51c3a46dff |
C:\Users\Admin\AppData\Local\Temp\Cab1D70.tmp
| MD5 | 29f65ba8e88c063813cc50a4ea544e93 |
| SHA1 | 05a7040d5c127e68c25d81cc51271ffb8bef3568 |
| SHA256 | 1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184 |
| SHA512 | e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 43976b9d7e5cbcb96a37784c9b640991 |
| SHA1 | aff88fb3686bf7df111310a476787185b3c5b869 |
| SHA256 | cd2edec5c967fd800ac7135bcfb7be14018611f20b779651521dd512d15addce |
| SHA512 | 3925e2e747a58e97a56daa86b5795f8963f488cec6d68027ea531a250798e5513f56d0341ce78462818c090f2356df0ba2c51e73c6f3cd0f2b585a64f3248dac |
C:\Users\Admin\AppData\Local\Temp\Tar1D85.tmp
| MD5 | 435a9ac180383f9fa094131b173a2f7b |
| SHA1 | 76944ea657a9db94f9a4bef38f88c46ed4166983 |
| SHA256 | 67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34 |
| SHA512 | 1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 637b9ff5d14d84992382a577b17f9c89 |
| SHA1 | 585b48c14d02bd51436c162412270ec135c1afb2 |
| SHA256 | fe52891161d62cf97f28f1b9bb17270a47591b4b9c171cbe0813b23626611b53 |
| SHA512 | 484fe8cb914cc5247d5b1846fa7b6fe8b598da41dce88ffd4f0a47c30f905d0137f854cc71b719528c3d05d0c9895a831becd183caa267af58a5b00a9ad49b41 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 544999afa256d12a1570ec0037f93cf9 |
| SHA1 | ec7936d81dcc81e35d338e345a4334898c5e52de |
| SHA256 | 5b77684aac2407ecb951cb19fd15c19f884f080d9100ced80ac13d3372ed7724 |
| SHA512 | 7974e82d025a03c20c2cd642010b31c830b9c39e81e982f296586f5b811fed8ea04ef97fe5ceeb01083f85873da7f05af6ad5e2c3ffd134b69962e778e15ef83 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8093fc280c1897aa745e1e04f5bcb8f5 |
| SHA1 | 1d95b1abd2687853f3bdb1b2e54b22b1634c69ac |
| SHA256 | e46070eb29532024684ca9fbcaba7eada7d572ff90fa88c49f6613467c9c51aa |
| SHA512 | 1a7b389ebe83535d20de3d9d0e7c34278733d9e2caa50d4ff2a9ee422f79a8fa75d02c5ac651e1af9a975936fd331ad9c1bf51a5e56a13cd9c51961553d89dfc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f481688689188e3f87300b8acddc83f1 |
| SHA1 | 73c5b0dc17f6fb313397717fd80e8b382c367c59 |
| SHA256 | 9ecda2208521f63587748cc43ee614f4c0a585d347b338720609cd4216b76845 |
| SHA512 | e34c519ac1e3053391ccea3c90fb1010ea382ae4b49c3d82a512e2ff45fe57342de33f1fd44b016734eb4004b09a09762d44089550d9273c66dcee3982c6abd0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 62b7a6b834b3cb4af563a5827a04bc6f |
| SHA1 | 47aee99edbd2696250645d5da272e22c6d6e3322 |
| SHA256 | 9fef997add875fc7e8bdaafe7785f47e5d7044416ab24bf7563fbc8287b72e13 |
| SHA512 | 738c7666799afb21d547be693ffb8bec0ecc770d1cfc5d4f5b900704ede2a185f2233ef17007ec8339b978f740054740e78460acd8148415eaee28653b99eeff |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b9653e83f06705bf6e4a3818e4fae3d3 |
| SHA1 | d12aafe702587aaebe99d9097bb4a1ec6a6d9cc9 |
| SHA256 | 0a0b8ad8f0118d01e8f5479565a3b234bb871cba4cb1736f5eff3e931df18a9b |
| SHA512 | 6a7d462ae8d62b816888968a5fe8d5d92c00c0b0da78737921c0174150793eeeb5ae94e9ef6be2f7b7d761726ee56426de82db9797f7f12e23d504ee9e1a47e1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d6ecae4be7506ba02bd713fdd02ea70b |
| SHA1 | 290dcea9437d984976e6d556f7c9892535141840 |
| SHA256 | 77c014f18f16273e58399ba9a38e0d6c6189a7ca010e9a7b297433fecc3ce6e7 |
| SHA512 | 0eae1baa27105dd3b1194e1862de344db96a2cb9548fcc18bd9a65d5087e098b341cf7a4832827f80731463b4078d49a68d473c1327f7364b6990dccabe80dab |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d47e16666c36ef100045a836e3a6e4dd |
| SHA1 | b73f94525bc6acd371dd438fe4bb2fbe9162c326 |
| SHA256 | 8df30caab9610b17257a2b983957f25734a6edc168a67bee6b98c1b6fb8fac4b |
| SHA512 | 10b6bb727ae77fde5fa1b44c5794780412ad918091aebb2157428a080c017f037071b9680807fada8b9d7113bfa895521bf06b9c406ff4c676f6e749f229e49e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9accb7402e80366135e034cf209a86cc |
| SHA1 | d0deb74b3ffb95e496bd31b606789ed45fcfd5c6 |
| SHA256 | ae6c024b5d9add8df88c10773d782a3db7e5efc43d7bf1b99534e528896d2ab0 |
| SHA512 | 26a6d0ea34c1e16d16f6aa395dbc4927cfee1883efb2736a18d19f85a843ab99c1291ab9b014c8bc87dcf18c395041e8b6f680bde41989bab398d5a50729917d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7bec2b4adc980d79c973eae1435ac61c |
| SHA1 | 463cb591d83acc7ec8f708065f21a1b482ed9d7d |
| SHA256 | c49f46f6232e9785e1d62600d1e189873967de94f00235bafed07750e220619d |
| SHA512 | 94b148ed9cbc82c11e39d1d83d2a40b09b336795c35e897c2e1c81cd178c11fd4bfc13f88cdfc49deeae1e7a39c49a918c356e7784175b6f4767987aeec22207 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 508ee2471c1697682c6908b91a34db91 |
| SHA1 | 8fe224ad2650e14d2b494879a5325eded2931935 |
| SHA256 | 8bd6120b90ddc2c6c236181f5f974dd81ef2dd6f940687b084f7f6fdc58144ab |
| SHA512 | 85d3a0fc3ce7350c8da390743e0308669be628f8e686848d1b99f0666b2ab93a8927ffcaa399d14df4acd8794627b99ca2faa3b7c4968f9a8de2a231bb343b77 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1333ebdc22c0e3bebb8efc0230d74015 |
| SHA1 | 87f7f9a71149816cd72384b0084ba32304dfe0a4 |
| SHA256 | 5502d0107410d95ed44b50e0d82a3cad09c3e392b92af0d8cfff6a051dd56ece |
| SHA512 | 863c6b668c8baec348785863a1f246665de4621fa9e15c67be6532ae0eeb13016ebcbd5d6f395ffe71f760640b782dad1edd56ae29b3768d70c3a42071aeb258 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6bdfb70ff9e8de511415e533a369a51e |
| SHA1 | edee6e4e10c3aa00a34836ad39618b25ae93373f |
| SHA256 | 68cba4fd82828512bd49cff40e8dd68aa4a3628cc3e1fcf1a86f2760abf065dc |
| SHA512 | 73163d4592b39e6c95b117ae751ed6961f4fc0888845d34cf7d59f4aee2a5707a6bc489331c6c2a8a82046c25452de7e4eabf479f38b6fad516765436f3f23b7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 27f5336cc63d736696eb09a05c3fcc3b |
| SHA1 | 260bc02cbbef42f8fe8634cd8f0f4f894712ed17 |
| SHA256 | a10e49848966ed1d6e69c54bdda3ab7c10acb1d3f2ec9e109a92187aed74a204 |
| SHA512 | 17c365e6ff744ca4515b91306e91f943c6b22ddfc46564b6e1c2059dbbcbe631dae0a5c65cc8291f99d740924fb17e4c2d23de5c8119f86fb9672f2ddf33890e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 44833aa8077da53ca29ad5541ab863ab |
| SHA1 | c8eaf7a4013de55a5333b9dd49f05b9186a128e6 |
| SHA256 | 2c7367de1cb9cad302afbe8c82783a77c9cba34e385544f57a406ba98f8b1779 |
| SHA512 | d13c4cbbb86eb24b7396fd82b2c23bdebce4b3a1b723d25a910ab9ad4229a59e137a82f3a696e34182ac30e2ccda4e14d9a90a2b8e885a53e3498f1cbd76c80c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f17166be3136dbd5507e1986bd30cd48 |
| SHA1 | 69d7d05b4d5d538869c3f4365da6a400e043d783 |
| SHA256 | c256cb7b44a2dcd037615f9d71f44d897f5b37526ae430b554e2bc3b54206db7 |
| SHA512 | 29edec3b2352f9958724b8124538ac511c820617a55764fe31527f2969c1f0ef6230b0c3939e4cb388fed93806d600d8240d040c7beec006f7c71a138d390360 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ece6e7e71b6026def8a55bc890bfe3c2 |
| SHA1 | fae41d64a138a59324d51beba956d0f7c6a7571b |
| SHA256 | 1eb5c67b4bff379b6983e69883626c6ff07069cdfa9dbce6f93ceb6a913f16ba |
| SHA512 | 6e5e9e9cadfccf2b32adbb8e066219ae07f113d442b2ac2752ee03abe8c9f86f1ed167c6f7a7a920820effcdcde8d50f383f844c34537f5d377296c9be142e71 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d8ff379c75c24c61c4e76f3b672fea5d |
| SHA1 | c26f296ab5fd983f35d415fdca0f11d673105737 |
| SHA256 | 760f14df75ccf627dd98d413cfeed147183455a2108cfd34fb7bd57f4730c166 |
| SHA512 | 4a4265baacfc13f236f4e3e5dea92601084218a876cd06626511d0821216a1616fef5b219767a26060cfc0f9c2593f88bcffc68c1b2832c2089a097b981a48dc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7abb919563a57e0028a647badbd938e9 |
| SHA1 | 0ff5ecbc814623d716225714e6fed1304c4ae470 |
| SHA256 | 5d5176652d36b3fe29fc472a180ed701ef308ceccecb2e5dbe9e3b616c78c189 |
| SHA512 | dce485e57f9b92be88ee01c67fecdae37bcc3cf55ef2174103361d3038330195b6c7b77cee37f377dc88b2f43e1b1f8f7536ea9fb727ac695d3bd74426d7ce45 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0c5c9efdec02bc48ee8c6de6586de591 |
| SHA1 | db63451d4009624a396a5979f8dc2b98a2a8d565 |
| SHA256 | dde8bba9e1bdab8fbaae35ebb3081bf8d6159d80be5f8c1b5dbaa5e9670fd37b |
| SHA512 | 4d60a06e05d70a8026ab165df7ba2f4d457e733f6bb5858d919f286099cfa2817fe63eba6a71c6c7d413de563efeb263ff10215de4e2497f4970d32f93290a9c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5993ea0398b420ab0132afb7e1f6d5fc |
| SHA1 | 906d7013516f7eb5333c1834cb6e0a6c07a365ac |
| SHA256 | 996288655ad00e91a15cc61b79c99d2109418ae37e54ebdabb08d1dd5d9f578c |
| SHA512 | 558de7aff3ac091c3a8075c9d6c736ca08cdf270feb4bff8adcc7df42a5acd9b04ab1af019b4a13e23a52352feb21507426315b3046fb49c1b7745018bb030b3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1b52dac785727c8fcf152bfbda073c41 |
| SHA1 | 7a9a2bb5021360188e6ceab1154cb91ab11f974a |
| SHA256 | bca7880055b43f80b60a4692a824b16c065e8ec3ad5c049df197c22968f5a542 |
| SHA512 | 749557f3a19c3587493fe4a7a2367f4050c9b8e3a32195ab80dfa7746d079ce9bbd02972deee73ec582cd694d983fac486e3872af06e7618c1dc2388e8a168be |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 122a15cdd80db0197179e3fd3805e59b |
| SHA1 | 259cd17002513d271d6f040469df833a5b0d9cff |
| SHA256 | 4894f6e3a757c3f76e5d98fd846b89d10104edaed78733a57db2aabb4a7ff084 |
| SHA512 | a9355e5c61cfeea1bb768eaf0d66966076a3396c22953befc1d92274c5b1c0c9f53ec81e0e1ecf89082b1c688716e8b55093244f4004276d29a71f27eb9ec926 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6b888a4f8505a0994c759304050f09b5 |
| SHA1 | d5737518cc99817fb359d5012c1141f222e33e3e |
| SHA256 | 98c5b2e0a1d20f70a3a4e0703e1bbd0b970287b024316ba1a333042e096273b2 |
| SHA512 | 4e2f725738ff4c2ab02705bc7a1bc58ffab3f6f82ca99841656a6e160409701fab29c20daae002943fbf72622d2fd42a1b2e768355a9ade7cf40868d65338c4b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8cb03dfe39d704cae04090ecda251e08 |
| SHA1 | f19251515d978b9b9ba73901adfd9edf62277728 |
| SHA256 | e6bf4b18c5e639cf8005b3a33f187f85e9b54608492af93c0067937025f93865 |
| SHA512 | 4fe9bb47340e883c66f8c7469c2c21c5cef2c44001512d271561eff6dce99fe35d53949c3a8944fe27fc6915c6b640d9d433aa4b98b4e788b95f22e56c94bfd1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7a5fc3cd3fa24f75fa3e5dcbf96f4b34 |
| SHA1 | 6e823ea0a0b661b43eb9341d0b6bdd67e0c3b854 |
| SHA256 | 61cfb1ac5f3ff6acc059e99c8fbcf89698b0f287d639738ff908aa0b08566791 |
| SHA512 | 59a7565e9f97569749f47d0c48062372913896896e2b5ac2498997af8594a297f2256334fe0a63192b882f2ce3d9a79ef44d541971a38563fb899c833bcb98c2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6b5581a87177796d161c4997ea376a28 |
| SHA1 | 097f7db4d9044600fab0d952bb4ee4258ac1e017 |
| SHA256 | 639f4e914bf5f9b7b4c68c7cd9e039db721030f1fa1c9ed317f2ac023b7fa770 |
| SHA512 | 04a378103bede59abc3ea8bbd85a4c724661c488c41db6abad63e9b1298fe06eafa12c81fb2438373e6b6b8b9eda7327c79e1104606c50fd6a65f5165c9a8a68 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | a266bb7dcc38a562631361bbf61dd11b |
| SHA1 | 3b1efd3a66ea28b16697394703a72ca340a05bd5 |
| SHA256 | df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e |
| SHA512 | 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | 8ac842f161cecc53305a7fe09a5ea7e8 |
| SHA1 | e336da273e52f2b0f56c01c674b6fb7d94a16403 |
| SHA256 | 54c30e1539fdb586e924d6a594c21f99fc21310aba6749df2ad8f346110a8fc9 |
| SHA512 | 659a8c7d6f8a4b5b2490ea15931571bc7acf633c7c0bfdd1bb6cf02194bba796bf07ba79bf95220f54e94cc8e94c9bda05bb6ef5deb83f52fa99b7faede85052 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 33e33888879ea7e88e7bf7d34b53a220 |
| SHA1 | 86004f50958b66a543fd979635b9b692888f481b |
| SHA256 | 2992a3c552d2b74c8657e5bec272c4cb9c8bb94ebda135ddabef23106f69c117 |
| SHA512 | 1f35e0511f979116cdfc9106aa10aa3d08baba9638c8e5f951f87ca471cbd70e03af2c1fe84dd41519c50fa3ef00fa1bf3a7c2a0e6dd10b2edf43637da96522f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b4dbb62aab58a76b388bb60ec78ef53a |
| SHA1 | 79790b025abdeacc61b1ab40b88c30f099af2b5c |
| SHA256 | 243ccd4179533fd9d49c65074b636ecc26cef22592907aff1f475f3906513e2e |
| SHA512 | 55677d4425323c6aae4f0d6e26f0bfcbbb6a882b4de3657bb74041a293607c9474cd8059e73cb411303b4b7cdfdfcd30d14f94c8177bfeb15933d998df7fecb0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c31f85c8b4519b8afdae84fe1860aad7 |
| SHA1 | 58de2bf3659b214e72afcb212f1d1fcf2fec6a3c |
| SHA256 | f7d672cbada42d16544529c103e06b8a0e86794fcb0307b2d29cfec025a07314 |
| SHA512 | 5dc14f03ceabe7c504acc392f2e498afcd2dda54a91adecf9a0b10b72e316077e1600d248da005e4753bb21d0bb6ffae7aa7f404fe8129c1511c83d76cff3474 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5809ad4d1767ebfdca636ae020bfa57f |
| SHA1 | e95d0644e50a843989ea1282c79499e46f4a07f8 |
| SHA256 | 10c54459819720f0933a587967edabe2a54bc01d669772781f792ce8e57cf317 |
| SHA512 | 01338eca218c420bc9fcb2272f344ca09d0408db68c56cc894b0411bc26af73aa8bc226ab15688ef7bae5333694410f05de8384876aae8b8d555bca4d93ef907 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b3e2be96ad1721a6e482be0688bc881a |
| SHA1 | ee0f143729f12e2d99b9ee17c8213a68a0f7b8bd |
| SHA256 | 0f93fea8a6ccb2bdc184b7c7e2aa7bc6bdadb3074d8a074b766ebf74f0fc2568 |
| SHA512 | de8222aa71a7cc4d497f9f2bd72117ab891219fd523569a6c79ccc1de18dad250f563f50237acb5d729f63b7cdcaabcb13829514a0d0236bab988fd8741300b7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | 969d2a8e0449fced658d237e451cb9ff |
| SHA1 | de73cfe58d4db3e7ce5497f99da52317b5233152 |
| SHA256 | 02811689448ee23daea7148bf4cf3165f0e6a284fc45a2d1223912f1bc4b2459 |
| SHA512 | 4b3cf8a0eb9d1a2ea634ff6a801d5fcb5ec07191d8ded52069519ed77f797848dbb14afd8c86623c9c4da8acde1f7b1d42b380303717e53f4301629accd367ac |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | e4a68ac854ac5242460afd72481b2a44 |
| SHA1 | df3c24f9bfd666761b268073fe06d1cc8d4f82a4 |
| SHA256 | cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f |
| SHA512 | 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5c00d064bd2291db97637fbd251f2c21 |
| SHA1 | 94e66fedccecdb42bc2be0a4c867af48f6ea2d75 |
| SHA256 | dd01854749f2c1a4d563b02dba1ec08d29f71bb6ce37156d18b345f7ed4ff0b9 |
| SHA512 | 8b925d123e621ad860cd0d450eb901ae75f561c1dd1ca0f158ed04333b07263463abee94150544d42006148a2432d38de39fc9f7e422fbbe5129b5d34428d989 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f79e65cf311e2aee7a26db3b6a56312a |
| SHA1 | 19a7a1d0dba23113e5461d0c183f844979f009f8 |
| SHA256 | a88a18b1638782eaef7e16e1c3261a761051b4302734e5576bfdf9735f0e2607 |
| SHA512 | 05932647013e0cb2449ee315cf8e025713481aa9f187e211309e4b1c76b5fd8e9e62df6f4d0e5f1af52c81ea36be826aec1baad20921cdfe266db821cdd83313 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b05bf5e35d4907bc13f91401553a2757 |
| SHA1 | bde375c9a73da6f26b46d778e94c635a79ec6683 |
| SHA256 | 51f86ceb72a70678f2df152e65ec8fed3aacba2ca9bb4b779204cade61dcbb0b |
| SHA512 | 1346b2744fe986f1c7e6fe759fa765b6167da28a66a9de48ad8fc3b5c3066e122ee416a519daddb4c82dc1b9e0845be83021395f7b8a11fb2aecf3b4d25b127e |
Analysis: behavioral2
Detonation Overview
Submitted
2024-05-05 00:06
Reported
2024-05-05 00:08
Platform
win10v2004-20240419-en
Max time kernel
145s
Max time network
137s
Command Line
Signatures
Detected potential entity reuse from brand microsoft.
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\15165e99f522e6255ba56cfdfa7ee9d3_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc325346f8,0x7ffc32534708,0x7ffc32534718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2116,11301185683651944596,18284027331731833884,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2196 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2116,11301185683651944596,18284027331731833884,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2268 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2116,11301185683651944596,18284027331731833884,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2604 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,11301185683651944596,18284027331731833884,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3260 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,11301185683651944596,18284027331731833884,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,11301185683651944596,18284027331731833884,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4656 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2116,11301185683651944596,18284027331731833884,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5296 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2116,11301185683651944596,18284027331731833884,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5296 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,11301185683651944596,18284027331731833884,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5332 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,11301185683651944596,18284027331731833884,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=180 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,11301185683651944596,18284027331731833884,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4720 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,11301185683651944596,18284027331731833884,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5516 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2116,11301185683651944596,18284027331731833884,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3092 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | portal.microsoftonline.com | udp |
| US | 13.107.6.156:443 | portal.microsoftonline.com | tcp |
| US | 8.8.8.8:53 | secure.aadcdn.microsoftonline-p.com | udp |
| US | 8.8.8.8:53 | ajax.aspnetcdn.com | udp |
| US | 8.8.8.8:53 | aadcdn.msauth.net | udp |
| US | 13.107.246.64:443 | aadcdn.msauth.net | tcp |
| US | 13.107.246.64:443 | aadcdn.msauth.net | tcp |
| US | 13.107.246.64:443 | aadcdn.msauth.net | tcp |
| US | 13.107.246.64:443 | aadcdn.msauth.net | tcp |
| US | 152.199.19.160:443 | ajax.aspnetcdn.com | tcp |
| US | 13.107.246.64:443 | aadcdn.msauth.net | tcp |
| US | 8.8.8.8:53 | aadcdn.msftauth.net | udp |
| US | 152.199.23.37:443 | aadcdn.msftauth.net | tcp |
| US | 8.8.8.8:53 | 228.249.119.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 64.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 156.6.107.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 64.246.107.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 160.19.199.152.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 37.23.199.152.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| NL | 23.62.61.97:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 97.61.62.23.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 26.165.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.39.242.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 0.205.248.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 0.204.248.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.35.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 49.15.97.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 31.243.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 919c29d42fb6034fee2f5de14d573c63 |
| SHA1 | 24a2e1042347b3853344157239bde3ed699047a8 |
| SHA256 | 17cd6de97a0c020cb4935739cfef4ec4e074e8d127ac4c531b6dc496580c8141 |
| SHA512 | bb7eadd087bbcec8b1b8a49b102b454333f2f9708d36b6ffc3c82fdc52e46873398d967238c3bfe9ac6caef45b017a5fe3938ebf5f3053e4ef9be7b2752b563d |
\??\pipe\LOCAL\crashpad_4344_ESMDBIECHCVKUYRU
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 8b2290ca03b4ca5fe52d82550c7e7d69 |
| SHA1 | 20583a7851a906444204ce8ba4fa51153e6cd494 |
| SHA256 | f9ff4871fc5317299de907489d466e630be63d698c8f7cb77cc81faddbecc6d2 |
| SHA512 | 704ec8122cc1c263dff67ddbb5c20ee0db8a438674d716bc3be5b266ee5629a219b0049d721f9eb2dd8f2d8fda0163659eaa4d3e1f0a6e9072a8ffb92bb2b25d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 24081a1006ca605d1577717c31ae39d7 |
| SHA1 | 530e4456aad9925fed543e5889bfedb3cd4b08cf |
| SHA256 | a2598de8a1c9ef5f01e6cd6fd1d94e0485304465eec488db1e5c954bc85aa639 |
| SHA512 | 2714b04ede71583ab629cbc70adc85a832a1b2b24daed027874c17410942299d497e994a004d86e3a20c80e3ab44cc66b6ff839100eeeba39d6d278be8e0fde7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 41dcbec64320d7c9c648983840ca5273 |
| SHA1 | 59c5226e1b9988871be78f4b199aa998990dc04b |
| SHA256 | ab7ee72dbd50091a67c9a152fd9ee0490a79d7f87d5194512311ced1fba25ffd |
| SHA512 | f3d62cb49e46be66ae4afc907a8554fbef58b4dd66a8da4c05e9e946b8d23c2c9c67a283823b49111c4372e8fbd465e551c8d9dc92842703527ae3e49617b81d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | cb332c5a6f03a6552bfae74d5c510e8d |
| SHA1 | aefd8126c9341ea38334644c1ab7758b4b3ef115 |
| SHA256 | 1cb8019214b5eb4369c7fd8f1bb3c8128e643f436a220673853c6f033f9d2bdc |
| SHA512 | 0614a09936aa9a7a3746d5b7647ea620f22ae907f7b7ae1ead0c6974afce290fb414d27a87a76af8c67ec554ca3caebdb3acadb561a7e527546046c7d357fec6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 50a6e812f7a58e0ba42f8b0025418074 |
| SHA1 | 4c2832cf9517d252e2c5e29442642367d46510d0 |
| SHA256 | c7af8882f6587df1c6e0a523be1eb3ee5844426fa46f72df4d659b78e034d360 |
| SHA512 | 034130155dd642aff5ef1001c71954072c31695ecd5b92e4f360a848489fcc12e46b03d56fdab788945fda46c0ca39ec7c33efa50bff7ef127ea53975de6f0aa |