Analysis Overview
SHA256
1fe956812e6c3e33a66472d5a8cd9abc7f2d5d655b4f7ffae256592954835c6c
Threat Level: No (potentially) malicious behavior was detected
The file 755ef49acb3d1cf50485989560f965b3_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Enumerates system info in registry
Suspicious behavior: EnumeratesProcesses
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Modifies Internet Explorer settings
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-05-26 11:44
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-05-26 11:44
Reported
2024-05-27 12:14
Platform
win7-20240220-en
Max time kernel
134s
Max time network
128s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000049bf799ee6897447ae54e8dc11f209a300000000020000000000106600000001000020000000ad2e4d70c641ed82d204d83f4596b10c32a58b6d5397de8eb710ea76eb7e6bff000000000e80000000020000200000004a6e6092c601e95760d4f0f0d56b4b434b3a039d6f35d04b5d134b7a23e8798c20000000decad0a4c23aa99b46b49f7e1a343cb4cc78129ee68324b8f945e87fc9ea55754000000060016b989c9c9987e0ad0dbfcf028f64259b3a1198f3ebe157fc610f3880e1ca5a54395756dfe49293442c4aedccf8df6c6b9123aea47dad9996efb4ec43b9c5 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "422885815" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000049bf799ee6897447ae54e8dc11f209a30000000002000000000010660000000100002000000058a27c74478f12278deebf50512079e48884c846e49d4bc885d3222d17c1d983000000000e8000000002000020000000ed872ebc938f79ab1448399c14fcfbce724364381b400249ff1ac343a8c7d6c79000000065fd238cd3c02973b368fd0628c6e10cb3ec1a336d44c61d584f84c33f49685290c5245036889d773a272b832db692e615b2fb95d4a9203fc9571ab116e48ad7d1c635b69b9f2115d7ffb8dab6da2161b299e88eaa3990338adcdd9cdaf8476a8461d83a754fd2dc11716c5fb2de529ebdc94642299ba107cf0363057a317764f3c514574758b1e6c4251670318f2bd84000000001ad079e73874f2ff4bcfe6e2c31c38aa5e4daa8f2d3c3027fd6bacb6796c959c6960a12d1fa45514c3d37e243dcb30d62fca58b0fc4fdc0aed5106b73deca56 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{7E0EB571-1B55-11EF-A1AD-46837A41B3D6} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 1032085462afda01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2220 wrote to memory of 1804 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2220 wrote to memory of 1804 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2220 wrote to memory of 1804 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2220 wrote to memory of 1804 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\755ef49acb3d1cf50485989560f965b3_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2220 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | bicicletasforyou.com | udp |
| US | 8.8.8.8:53 | connect.facebook.net | udp |
| US | 8.8.8.8:53 | ajax.googleapis.com | udp |
| US | 8.8.8.8:53 | www.awin1.com | udp |
| US | 8.8.8.8:53 | images-eu.ssl-images-amazon.com | udp |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| US | 8.8.8.8:53 | www.dwin2.com | udp |
| GB | 163.70.151.21:80 | connect.facebook.net | tcp |
| GB | 163.70.151.21:80 | connect.facebook.net | tcp |
| FR | 142.250.179.74:80 | ajax.googleapis.com | tcp |
| FR | 142.250.179.74:80 | ajax.googleapis.com | tcp |
| GB | 163.70.151.35:443 | www.facebook.com | tcp |
| GB | 163.70.151.35:443 | www.facebook.com | tcp |
| BE | 104.68.67.19:443 | www.awin1.com | tcp |
| BE | 104.68.67.19:443 | www.awin1.com | tcp |
| BE | 104.68.67.19:443 | www.awin1.com | tcp |
| BE | 104.68.67.19:443 | www.awin1.com | tcp |
| BE | 104.68.67.19:443 | www.awin1.com | tcp |
| BE | 23.14.90.89:443 | images-eu.ssl-images-amazon.com | tcp |
| BE | 23.14.90.89:443 | images-eu.ssl-images-amazon.com | tcp |
| BE | 23.14.90.89:443 | images-eu.ssl-images-amazon.com | tcp |
| BE | 23.14.90.89:443 | images-eu.ssl-images-amazon.com | tcp |
| BE | 23.14.90.89:443 | images-eu.ssl-images-amazon.com | tcp |
| BE | 23.14.90.89:443 | images-eu.ssl-images-amazon.com | tcp |
| CZ | 65.9.95.60:443 | www.dwin2.com | tcp |
| CZ | 65.9.95.60:443 | www.dwin2.com | tcp |
| GB | 163.70.151.21:443 | connect.facebook.net | tcp |
| HK | 156.254.173.189:80 | bicicletasforyou.com | tcp |
| HK | 156.254.173.189:80 | bicicletasforyou.com | tcp |
| HK | 156.254.173.189:80 | bicicletasforyou.com | tcp |
| HK | 156.254.173.189:80 | bicicletasforyou.com | tcp |
| HK | 156.254.173.189:80 | bicicletasforyou.com | tcp |
| HK | 156.254.173.189:80 | bicicletasforyou.com | tcp |
| US | 8.8.8.8:53 | d2a54pfih9ionq.cloudfront.net | udp |
| CZ | 65.9.95.84:443 | d2a54pfih9ionq.cloudfront.net | tcp |
| CZ | 65.9.95.84:443 | d2a54pfih9ionq.cloudfront.net | tcp |
| CZ | 65.9.95.84:443 | d2a54pfih9ionq.cloudfront.net | tcp |
| CZ | 65.9.95.84:443 | d2a54pfih9ionq.cloudfront.net | tcp |
| CZ | 65.9.95.84:443 | d2a54pfih9ionq.cloudfront.net | tcp |
| CZ | 65.9.95.60:443 | www.dwin2.com | tcp |
| CZ | 65.9.95.60:443 | www.dwin2.com | tcp |
| CZ | 65.9.95.60:443 | www.dwin2.com | tcp |
| CZ | 65.9.95.60:443 | www.dwin2.com | tcp |
| HK | 156.254.173.189:80 | bicicletasforyou.com | tcp |
| HK | 156.254.173.189:80 | bicicletasforyou.com | tcp |
| CZ | 65.9.95.60:443 | www.dwin2.com | tcp |
| CZ | 65.9.95.60:443 | www.dwin2.com | tcp |
| GB | 163.70.151.21:443 | connect.facebook.net | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\CabD1D.tmp
| MD5 | ac05d27423a85adc1622c714f2cb6184 |
| SHA1 | b0fe2b1abddb97837ea0195be70ab2ff14d43198 |
| SHA256 | c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d |
| SHA512 | 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d |
C:\Users\Admin\AppData\Local\Temp\TarDFA.tmp
| MD5 | 9c0c641c06238516f27941aa1166d427 |
| SHA1 | 64cd549fb8cf014fcd9312aa7a5b023847b6c977 |
| SHA256 | 4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f |
| SHA512 | 936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B398B80134F72209547439DB21AB308D_A4CF52CCA82D7458083F7280801A3A04
| MD5 | 8c7fa52eccb6d45a1f5a3ef82f8ee60d |
| SHA1 | 345f733de1b4b6a4f286dda0df1d9cc289e748e4 |
| SHA256 | 8d3fc6099be4e146b92821c8d862c0203b633bf61ebcf1aaca2c6a72364d3507 |
| SHA512 | 0454fe8adf39bca3e8d878d8d9926a79fc6b5143300df6836e56863fcd4ac5874a60cdad71d6456210dc1ee66fc937af91305c353f970626c39eb9c282d5930b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B398B80134F72209547439DB21AB308D_A4CF52CCA82D7458083F7280801A3A04
| MD5 | b24487d3cac0df10c0a39e7f97eba6fb |
| SHA1 | fd44d86a254b7a314c53ad4d3ce2de47c90743ba |
| SHA256 | 2f39ad0af77d2292a5e1e12dc5710e00a592c7fc50fde13918db01361fd686de |
| SHA512 | 6628583445f44d039cba5e5bddfcb7386f27be360c17b7625b7bb57ce8eaa4995ea0f8acdbaee7011a45c8511fae6d7338f776703c5ee1ec452c0e2fe97c4ac2 |
C:\Users\Admin\AppData\Local\Temp\CabE3A.tmp
| MD5 | 29f65ba8e88c063813cc50a4ea544e93 |
| SHA1 | 05a7040d5c127e68c25d81cc51271ffb8bef3568 |
| SHA256 | 1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184 |
| SHA512 | e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6fdcac5a77b3823d814d1987fc9a0f7f |
| SHA1 | f73c625bdf858216d9de67a6cfc8adbe88f78348 |
| SHA256 | 8377e98263cae5e08beb8307dbf54c52b980d9e19661424d6700ecfbccd91f74 |
| SHA512 | abcd6d8ab54a657d83636925542845d23c1c69335266f76e00d833751e54e7df76fca77834b41b61ddbf17fc6189d7a73976b1a569fd9f07bdb1781afa963380 |
C:\Users\Admin\AppData\Local\Temp\TarE6E.tmp
| MD5 | 435a9ac180383f9fa094131b173a2f7b |
| SHA1 | 76944ea657a9db94f9a4bef38f88c46ed4166983 |
| SHA256 | 67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34 |
| SHA512 | 1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2dee010ce6f941c403e947c6b928a9f3 |
| SHA1 | 0a061c98482841f82c95183bf349c570e3b31b2b |
| SHA256 | d973beb17cbb4bca7d8b85038bc72368ab0c0f686fd35af51a7e5434cc1dd869 |
| SHA512 | d9002129fe1315f867280ccf41d4311e660c59554d4e3456897aca20ba42fac1d070aee51a2996c59da8d3e096690b6da2fe48c8e707fc1ec425f4b252691626 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\070E0202839D9D67350CD2613E78E416
| MD5 | 55540a230bdab55187a841cfe1aa1545 |
| SHA1 | 363e4734f757bdeb89868efe94907774a327695e |
| SHA256 | d73494e3446b02167573b3cde3ae1c8584ac26e15e45ac3ec0326708425d90fb |
| SHA512 | c899cb1d31d3214fd9dc8626a55e40580d3b2224bf34310c2abd85d0f63e2dedaeae57832f048c2f500cb2cbf83683fcb14139af3f0b5251606076cdb4689c54 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5e2e35d2d654b06d9c0c11d89db71d1e |
| SHA1 | b4b2dafd97bd121669d5cfab5ced7086cc342d2c |
| SHA256 | 501062ca215590a9483f8a9900aeabd7b7dcb77d43a0a653b04713fd5a4eb731 |
| SHA512 | da1bce900234c7615047d4d23ceae655d5f089170828107fe8fef8bf5b4d6d991dc76d6d67af894f258b730f0673d60487d8c96cb64c18e404e0a5548fbd8cb8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 164e9bf9ca7ba8c90323b2393ab418d5 |
| SHA1 | 9d5d368cdd436a637b794266bf01162e9e6de4a1 |
| SHA256 | 3b0c7c8953ae6f243168c1106c19ccc38481da23861ef97fba47be9fe5537b55 |
| SHA512 | b7c093a2ff8b89295ea6c7b667a490b975986a11a3825104a56d119061edfe3f5e37fb6c9f6aad774437d617445ffd6e8b2cbaaf34092e7396a83cb770e80dd5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\070E0202839D9D67350CD2613E78E416
| MD5 | 7a5567c47ab3d89ab9ea5a9298474b01 |
| SHA1 | eafb509e6752e1cccad99f631c8b9df89eb2b615 |
| SHA256 | fec1365ab8d93efa3bda4e9013a4d73a723973e58d3feb48640f170bb7e58692 |
| SHA512 | 6217ef115606ad6aebd6c17c03362ecd3f45cfed695fa3b10800a7a5b38f47bad6e43ebfed6abac36acf035f859375ed77dde364613d68ce192f5f05325cd55f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ede2ed662fe6a786edff3071bb4afa64 |
| SHA1 | 413f0cb9de3a23ed2b1ccef82aa5aa3977ffe426 |
| SHA256 | 5b053541db87e4db329391bb49891e585123379454c052465f6de8c09d0eee7b |
| SHA512 | 9cd38655185c3e5747fe9b447988ac37b0ccdaf97ca74eedf531670bebe85c1859a12134a1435042e76a8c16fe353571c17b248d5b674710d715134857d3fa81 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 141b4a3dfdb93df5be68995f18feda53 |
| SHA1 | 91416d69d1843e4b7bfdfbb0d51887660575e7d8 |
| SHA256 | b0e20d0165da71fcf7fdde9c5073655501fb0168576cab09b567ddc3a14a275b |
| SHA512 | 36efef5b46ca3347e4ad456f55ed995d0e2fa01e0af968629bd8bc07ff27fe73df906f598731713cf57924713bfd1f98e2e20cadadf781c984862bde833f9f47 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c123da43e62b63bbadc07524c35c7028 |
| SHA1 | 2a92d5b225ad905135b891d55072ec0f177766b7 |
| SHA256 | 7c00165b8fcfefd960a344fa07a3312ca81d6dce77b4ce9d89488943c41bb270 |
| SHA512 | 1850fabe51c791235a45aabbac9675c25d365d3db995832c6af7b6e726f7f6cf918d43e491ff2fab0e9e2c84be9d0ece183018f390b2050d0fea1cc0a9dfbc78 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\BAD725C80F9E10846F35D039A996E4A8_88B6AE015495C1ECC395D19C1DD02894
| MD5 | b2c59c5351caf5672c3c3c95a06e23b0 |
| SHA1 | e85b56563a61b34cbe895a2a9d693967836f3b09 |
| SHA256 | 271b2f7c1145807acc82d74da0340faea85fde744124ea869dd1ff4b1057812f |
| SHA512 | d56519162ba64df3e2b139fa2067aa4a962a0afd52f750397e57a8adf28d90ce85de8a783328153ca6253267008ac11158c157b0c08430d7edd848e3cee77de9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\75CA58072B9926F763A91F0CC2798706_B5D3A17E5BEDD2EDA793611A0A74E1E8
| MD5 | 16844b232ce13697a2b8ef34cf637253 |
| SHA1 | 3c13212a7aa27e12ead06f62f8a36ae736e85b92 |
| SHA256 | b8d505448ee294c3a20489ad12c4a75fd1c093049088f63afe7ce409e56d3bac |
| SHA512 | fd99ccb8265aee8c6c7ed58d809f79bd65a4b6442ce3304745deb890eb8262241df6aafaed74fc98a4d6530b35bf461c6ed35508863bbcb648c08fa1bfb30576 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RSAB58HZ\250[4].png
| MD5 | 98e865e8ac02b4fe35ef59f78adc759d |
| SHA1 | acdc81477a78b58e03d966876127ba7d8e5feb96 |
| SHA256 | 2253f0f78b128489c46028a2ff487669a793a4bf4f8b1ad1c28c351dbf009427 |
| SHA512 | 6c5fb47e710b3538a58ec4bc9d92cef299661b14327b3e049d0cb12383b4800a05c1d53832b4bac184f980b6ebebde6d474d6a6844500634d84646e25c39882d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 63abc235f5cec65dba2bc63b39ac228c |
| SHA1 | a3e4908354aa0ff3b91c27ba824939858b88485f |
| SHA256 | f6a605bbb8ed2e7a6652df81aa51a67d87b0c3e2deaaf976dc0157c0554db259 |
| SHA512 | 8f0c1aebb31d780affded443a6f9a11d3a2e7c46449f4299ffa4dc06153ec484a16d4b5bd9db82c2906e32ba178c038aba0bedf7653b0fabee42588b40160c92 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d18fef138f108dfdde2ece22525a5037 |
| SHA1 | 89f24f8c81e76f9d08644700f6e599dbab8c866c |
| SHA256 | d0784d4a39f03e57fa546638f92b45928fc1d8bcafffa5801808f322cb825a43 |
| SHA512 | baf8376c9a7f1c73e1b20ea3a7f534d9739ebfd06ac762f077b4d406a90be225536d6c568245f8fbfbc567d57a4ac406c7bb8fd6ae7ea7c8b87d8e8bbae69254 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1ab5a31cda3dc5ecfd06ca946f1df975 |
| SHA1 | 469bcdece53ddc6d6960ffcc1962bcee3093d39d |
| SHA256 | c53bcaee27630e491bd9a342e9a0a67f438b03096c268f06211af171ba16274e |
| SHA512 | 83270b431046a1903034ef7c7959a2250bd339ae91ff10d61d189bf19b2fe973fe8a2a7e6816bc7fbb997839e2d4c0f0bc33ebfd0c269829d0016f011f7b5b87 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 37268917b5e55c9fd44d0f76c2c9fdcb |
| SHA1 | da852715cc3fa7db811cb0e4ae4fac49118da7f2 |
| SHA256 | 2114a939ee3b927c73e5d711ed15743f60375466dca2e4d6ec9af3e6e5df3889 |
| SHA512 | 77ab3fd408be7a5dcc28699f0d71ced520489e8cb56811c81130cc5ba0b74d9d5e8f8cfdb37a136ab297b09fc9c88463c9c2bc280ecdd6036a21006c9f34a3d3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 78c5138d2ec4b919a4a86c46feb6021a |
| SHA1 | 281565f3d1b2a847f15fc70547f4d8ed8ed30e8f |
| SHA256 | 7a7cfdc7b9275f97fe81539959caba1b76d03f408006bdf94f80dceeabb67e79 |
| SHA512 | 6bc79afd8203b0d325d0c99eed3bc53201d36734a44484d0bfa4e83213d0d7027bafed48dff1066a0befeafc7e0be31f40f3a65263000e8e3e2d25f7f8b1eb87 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 92398fed9aed157e169d14534c7215e0 |
| SHA1 | 538e740e2bd1be622dc52228c149db43593d8483 |
| SHA256 | 44c85d33ce84969b20b0ebd6f2830d635cbef288cc775931e0f8e6e38e90d893 |
| SHA512 | ef9f6c9a38ddc875ab904ea31e86440268865616ff96e67f9eacbc85d96efd28079a1843adf6605021b6823d5dfca73149fc3437f68cc749a370d713b164b692 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0506e5c7cc73f5a0930ce41e7f40eb36 |
| SHA1 | cf229ce1cdfeb3d91db887e9f548b1b7f198e259 |
| SHA256 | eadd792f375792be4ae7edfe6395d0103c969d97e0de6a6e72e5ce51843d14b1 |
| SHA512 | 33a25bb97771e4f9d23525465c52c575c93ed2899df14470a8a760f0383586f92d1043e9f9fe417d7abb612a0d1583ee6aedcc69d8b6229e3cc6e672ef4563df |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 52c303799900b4fab299a9231e0702c6 |
| SHA1 | 358e2080d15876ef87c4223caf08a0ca645225b2 |
| SHA256 | c20d26a9f3007bf90749444622dcca3dfd51a5dfd28f7c3919f0d60c60be85db |
| SHA512 | 16c799683664948fcdd9b014162905b6b57972c9acf3a530f882c4bc3f8698ecff03cb28209f9721f245712e4e82340be67a0c966f23c675dc800abb4c72d783 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d983ca8013330f258144ff9d010dadbd |
| SHA1 | 4410fcfa299fd29524d8d7098a14f9f78e34cd7a |
| SHA256 | 29384b527bd273e95f424879c3593acadc36696853671f11260d2b4e22664863 |
| SHA512 | ed6ca401dd11d702098153a7a6acf81911f24380d4ab04807cb1c2a89f63d135b06fbf362a7f8cc2fd83fd2e9352f56f61c3d02256f81451be110c373d7ac3ad |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c804ed6d1020c9f09f5bc86e3f799250 |
| SHA1 | b088d6457b68d72a46d93aa81459410422ea3d42 |
| SHA256 | 3c8b738a2280b18b06e8426fddd97c1d229d89e99722f7bf4a2e08ee1d573030 |
| SHA512 | 63b66d4dfe0c921a69a5caf8a3247112ad8b9b2452742bcbadf2a1567a15463a4e666dd556f9414d5e2e977adbeb53b50f4a014f9a05579a5812900cc0fb7a6b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9556f0a090cdd6dc44f770c27cdd1bf2 |
| SHA1 | 5ccdac0d07a1d9595f9b012388324169097c0c2a |
| SHA256 | eaa00b5adff5325597f83d3ae03fbd303fcb225e15bc10c9d5312c51f8abfb06 |
| SHA512 | d374f9c5c889b87f1a54fde94c6e258c71e8ef12dd2fabccddceadd485a34888a0fdef61cfcafcafeb5d3374a4d6e060694337acac8b523713c66aedd155801b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | a266bb7dcc38a562631361bbf61dd11b |
| SHA1 | 3b1efd3a66ea28b16697394703a72ca340a05bd5 |
| SHA256 | df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e |
| SHA512 | 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | f08217314026c1bd09c3f16f4645992b |
| SHA1 | e13a66ee85a296160fa109b348370d033333372a |
| SHA256 | 55e298f95937d74a549f4ed304f709822574f1caa4a9e0e6eff2b72e2d791bc0 |
| SHA512 | 52c5d07a0d96522f958641436f1d57fb399fea6f2d1a01e0431e7700ce14976641d5a7f3b2f7245e76d09480e295448c2c097dfeddfd0aee4aa0f5f6a693c548 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 61af53ceb0de2abfd83bab6ab12087dd |
| SHA1 | f577fea9b477cd252240320002c6c0c111a61abb |
| SHA256 | 5082a4cf4678a60b1d9d70469816e5af12c531a347f1414ff695e68b98187c1b |
| SHA512 | 48249780a5b16c78217456e017a9d5de487087a184d32d32a6157123d984d6d1515bb946f71559b21328ee7d2de2a9b4ae64906e7a3c61a76a9043215f60c7d9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 97abc0e05d27378ff6b49e6dc90a4cc1 |
| SHA1 | a65b63688e46653901d19d211920898f035dafdb |
| SHA256 | 83763cd7a21553afa70f78319d396a8924093ad6cd0923999b014b6cb214a0a8 |
| SHA512 | c4b7b8b0c9ff343cecc183f68acc237974c3e8c155f07cc11934bcc507a0c516b8dacd323c01f91be00f543cf7af8a1aa90b080877e151659c8e3e593eccb4b0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 519162a0098e23f70a169fa69aaf226b |
| SHA1 | cc9e59280b908cfbce13f674f6955f63aca32f83 |
| SHA256 | 1dbd040758a5f6c2cec9bb9d7cd2c82a23d14c8e4d88cda951f3d81805901a6a |
| SHA512 | f4c5c9539097db5fee1a91b5376094bf633811434999575fc013a772a41d6377401248ceb771a636c2f4d430735c0b303098ea11108879f3af0ab41a972462a8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | bcb9b4b394a5723ee9c1fb4ddd473c9e |
| SHA1 | d9d848a49d6e6b4b5f209e441b479a13654e3df4 |
| SHA256 | d4f6e41dbd5ea5c6cfbf419982783628b89d2b425a22e65dddd5d592c7adb13a |
| SHA512 | fa4510df8ddac8adf482f836433a7ac4b78487382b6d145fd2d34157a99b2d3e165ff520629ea0806c7320cfbf2700613e8a98d0038f43d3da70fbc0d0cad579 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b0915afdb2d0f74238d8fc2aeca251d2 |
| SHA1 | cb73d607201f0e0ffa8d4ea233add0552ce57407 |
| SHA256 | 4f20fa8e36547f05b73845fe13f6eddfba21419e6357871adaf6b06394b0e371 |
| SHA512 | 9f393e59eb0e90715cea24db1701f515092bfe3fc5c2c3eda489974bca0c34f8e8bd61859e33665ea28971276941222173afa18ba2d4e3d1d784e641e872b2f6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | e4a68ac854ac5242460afd72481b2a44 |
| SHA1 | df3c24f9bfd666761b268073fe06d1cc8d4f82a4 |
| SHA256 | cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f |
| SHA512 | 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7897db6fd4abedc596eea812f326be75 |
| SHA1 | b7aca1fb8d579043269c03f3e36d013c74847cb5 |
| SHA256 | a1898138ab60e6dc34f59098f35f3f38577499d1555c28ff61bba8702cb1749f |
| SHA512 | 6bc6805f362e5ba5076f70a1aa12c636c92a0e6b4659d86e16929f586e31d9c2df836a6e11cf227a7f51a9b5519d7084ad38a0c725397040c7907a5d8e81e62d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | 366eb7f0fe9b011978804d0fd03a8212 |
| SHA1 | a58ee0d3a6b83f1bd608fb6101fde8a2155041a6 |
| SHA256 | 8da837920b31671d93abc833a7fb0c10c2d28f53c6fad87633ce2e6685edf0c3 |
| SHA512 | 77b2c6dd32bd01837ded3dfd7c898066b73701a88829244b9ad826d6331e335faccdf4fa92ec43ce3512116bca01234389f65901a20873208bdf0bd5cc622657 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 077b4be7efa8adbbbe6bb4fb42eadca3 |
| SHA1 | 5af25424fa45684b1d757d4d44e68a2faf55b006 |
| SHA256 | bafa46213858d4f41492c2210bc2ee63ef5b4ebcb1bc1566c2b764daaa1b8b8d |
| SHA512 | d9fabecaf06abf2c304ad9ae50f26fd679125bfa47a6d8f74a329337461755940ed234b984eafef564635968dbb4c32823f20a18de6b59fe9c0518694532246f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4e4f520d3cd4fd90671cc35d1fd88ff8 |
| SHA1 | eaa66bf167822125b91b48b1111ad669ea6ca06f |
| SHA256 | d205314fc398ec4b60c2a934bce8ead82838d0026390e2c036c7fb481a722247 |
| SHA512 | 89709469866a86dbdda2c3e3e3d052fa66993019b3fd5bdf13be7cc9841be91783cf2525b469eca87b4f4d54d73285c34a18283d4a9c9a516113daccff66c98f |
Analysis: behavioral2
Detonation Overview
Submitted
2024-05-26 11:44
Reported
2024-05-26 11:47
Platform
win10v2004-20240426-en
Max time kernel
150s
Max time network
151s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\755ef49acb3d1cf50485989560f965b3_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd329346f8,0x7ffd32934708,0x7ffd32934718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1996,14451651650655195688,310573300461661869,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2036 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1996,14451651650655195688,310573300461661869,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2320 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1996,14451651650655195688,310573300461661869,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2932 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,14451651650655195688,310573300461661869,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3228 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,14451651650655195688,310573300461661869,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3252 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,14451651650655195688,310573300461661869,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4204 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1996,14451651650655195688,310573300461661869,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5692 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1996,14451651650655195688,310573300461661869,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5692 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,14451651650655195688,310573300461661869,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5488 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,14451651650655195688,310573300461661869,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5252 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,14451651650655195688,310573300461661869,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4164 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,14451651650655195688,310573300461661869,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5148 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1996,14451651650655195688,310573300461661869,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1296 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | s.w.org | udp |
| US | 8.8.8.8:53 | bicicletasforyou.com | udp |
| US | 8.8.8.8:53 | connect.facebook.net | udp |
| US | 8.8.8.8:53 | ajax.googleapis.com | udp |
| GB | 163.70.151.21:80 | connect.facebook.net | tcp |
| FR | 142.250.179.74:80 | ajax.googleapis.com | tcp |
| GB | 163.70.151.21:443 | connect.facebook.net | tcp |
| GB | 163.70.151.21:443 | connect.facebook.net | tcp |
| US | 8.8.8.8:53 | 154.239.44.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.151.70.163.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.160.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 91.90.14.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 74.179.250.142.in-addr.arpa | udp |
| GB | 172.217.169.66:445 | pagead2.googlesyndication.com | tcp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 204.79.197.237:443 | g.bing.com | tcp |
| HK | 156.254.173.189:80 | bicicletasforyou.com | tcp |
| HK | 156.254.173.189:80 | bicicletasforyou.com | tcp |
| HK | 156.254.173.189:80 | bicicletasforyou.com | tcp |
| HK | 156.254.173.189:80 | bicicletasforyou.com | tcp |
| HK | 156.254.173.189:80 | bicicletasforyou.com | tcp |
| HK | 156.254.173.189:80 | bicicletasforyou.com | tcp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 237.197.79.204.in-addr.arpa | udp |
| NL | 23.62.61.97:443 | www.bing.com | tcp |
| FR | 172.217.18.194:139 | pagead2.googlesyndication.com | tcp |
| US | 8.8.8.8:53 | 189.173.254.156.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 97.61.62.23.in-addr.arpa | udp |
| NL | 23.62.61.97:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 55.36.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| US | 8.8.8.8:53 | www.dwin2.com | udp |
| GB | 163.70.151.35:443 | www.facebook.com | tcp |
| CZ | 65.9.95.117:443 | www.dwin2.com | tcp |
| GB | 163.70.151.35:443 | www.facebook.com | tcp |
| US | 8.8.8.8:53 | 35.151.70.163.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 117.95.9.65.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.95.9.65.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | www.awin1.com | udp |
| BE | 104.68.67.19:443 | www.awin1.com | tcp |
| BE | 104.68.67.19:443 | www.awin1.com | tcp |
| US | 8.8.8.8:53 | d2a54pfih9ionq.cloudfront.net | udp |
| CZ | 65.9.95.84:443 | d2a54pfih9ionq.cloudfront.net | tcp |
| US | 8.8.8.8:53 | 19.67.68.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | images-eu.ssl-images-amazon.com | udp |
| BE | 23.14.90.104:443 | images-eu.ssl-images-amazon.com | tcp |
| BE | 23.14.90.104:443 | images-eu.ssl-images-amazon.com | udp |
| US | 8.8.8.8:53 | 104.90.14.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 84.95.9.65.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 232.168.11.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 97.17.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.213.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | z-na.amazon-adsystem.com | udp |
| US | 8.8.8.8:53 | www.amqcdbles.com | udp |
| US | 8.8.8.8:53 | www.ooaihyyrvflmz.com | udp |
| US | 8.8.8.8:53 | 50.23.12.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.31.95.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 48.229.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 200.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 8b167567021ccb1a9fdf073fa9112ef0 |
| SHA1 | 3baf293fbfaa7c1e7cdacb5f2975737f4ef69898 |
| SHA256 | 26764cedf35f118b55f30b3a36e0693f9f38290a5b2b6b8b83a00e990ae18513 |
| SHA512 | 726098001ef1acf1dd154a658752fa27dea32bca8fbb66395c142cb666102e71632adbad1b7e2f717071cd3e3af3867471932a71707f2ae97b989f4be468ab54 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 537815e7cc5c694912ac0308147852e4 |
| SHA1 | 2ccdd9d9dc637db5462fe8119c0df261146c363c |
| SHA256 | b4b69d099507d88abdeff4835e06cc6711e1c47464c963d013cef0a278e52d4f |
| SHA512 | 63969a69af057235dbdecddc483ef5ce0058673179a3580c5aa12938c9501513cdb72dd703a06fa7d4fc08d074f17528283338c795334398497c771ecbd1350a |
\??\pipe\LOCAL\crashpad_4080_YUSRVZLDMTDASVTM
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 7b92cd9d075133009691dad5f0265fa6 |
| SHA1 | 306fb170c566d3f846a5fd4159e55a03566169a4 |
| SHA256 | 7a83ad5dd9710d9c583ad404284dee7889631966b8ffabb506551c034c408eef |
| SHA512 | 0fe6c44ee5b7f7ffd5f7497e1eeb44a87637f9f584764c57868ee7775c7f66b34a7c0557a71c58493286a53cfa713b151c6ff00fd477bec0e1abbdb9a49f8b2e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 4952dc544d371d0e0fe4cdaf181e3936 |
| SHA1 | c27f6cc2abe8c9066951528397fdaef226f43f9b |
| SHA256 | f90df4427577836a72ac4373e1d2b7f9c98738a1dbe96cd23603c2aba992215e |
| SHA512 | 996047b61929fc0d2718621a377f094064f320f429916bf635ca3ed7b618faad56ee676dd6f6e6a9568d048ff83f52dab3dbba70a226618a303c1a2a99164812 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | a8c461a6b0f351f9e8c7d3ba3fc8ea3f |
| SHA1 | 7532b4d19b7fcf328250e0fa32a4167d32b62c75 |
| SHA256 | 7255f3d1555fd9b72eec072be223aee16199c0154246f22fe6bada7cc1fa7e80 |
| SHA512 | 93da92f4ceb4a56a71dd22a14b1a96f5c84c802455b25bdb274d0c530b1121fe1ca74016718762e3c195311076bd2d175dd2609d31be031bd888e7c3e16c2724 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 4933d08c8804d99ad10e64f03c091f30 |
| SHA1 | d67f40840d08920e8b5e6870a9748a681382a85e |
| SHA256 | 7a2a3e3e2d862b150ac4b54288196053e1990788a117694828e360e050abf00c |
| SHA512 | fa1bd5f0745a1e70fd8429157ce38a799de43b3d88a0d3e5d5df835a088cced8cdc2ae7a7f73988c499e3ea3a8647fdcbc0af5d861a37b2556137ccbe740549b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe578136.TMP
| MD5 | 0b00e97d5a211428a53deeaf7faee7dc |
| SHA1 | 0e621f44efeccdb00c4055af8009ccdb589b8644 |
| SHA256 | c39c6f9a5f37a87fa6f985a0c9a908f54965302aa0d83a6f716ec5a02be0fced |
| SHA512 | f14d3a74679b092861b21d56c30e96e2c872ad5281c9af0417b90b7406ed38ef246f162adaaef015411307bc23a6b8b7a6ed8b890952891f76a86bdb4855cc21 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 8cd095ddc265e87c225884822eef8f55 |
| SHA1 | 55f69b22ec6b35e76385ec24af3f0b02d65b3599 |
| SHA256 | 50c4a535d890f8c7be1d3164f084eceeab69e5fbeb0d3b3b097d4e0e1f9b377f |
| SHA512 | 7746ca1abd76fc6769dfe30b9cbc9535d8a658d340a1eb6f955899dc823c2dfaa6f552d25296c2f21a11dde55bc29a7308c629dcf84e0fb9b8bbd8379571906e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | a1648b71287d12bcf65f48e7c23367f9 |
| SHA1 | 928f4e803b844e5d85a44cf6d10f9374041a9ba0 |
| SHA256 | 79a3d21feb84681db49364c3d4dc8c21c96978ba2ba1c0b3f331b3b33e4ac410 |
| SHA512 | 98c972e6405c14ae8481f50f2ac3d53e4c475996664f6e632969ea95d16626d40765106a6f762a93de70e4de81c7eea5c282be976aa47ce79badb0ee2499483f |