Analysis Overview
SHA256
4f7c24c2bd0da18a84a9e02b1f13c331d129230d8a29b9d493c29554933df926
Threat Level: Likely benign
The file 7aeee72c9061e0ff91b3976675722e7e_JaffaCakes118 was found to be: Likely benign.
Malicious Activity Summary
Detected potential entity reuse from brand microsoft.
Suspicious use of FindShellTrayWindow
Suspicious use of WriteProcessMemory
Enumerates system info in registry
Suspicious behavior: EnumeratesProcesses
Suspicious use of SendNotifyMessage
Modifies Internet Explorer settings
Suspicious use of SetWindowsHookEx
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-05-27 23:33
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-05-27 23:33
Reported
2024-05-27 23:35
Platform
win7-20240508-en
Max time kernel
134s
Max time network
127s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000760f6fb6d7365248881a38bcea68cf8b00000000020000000000106600000001000020000000e16d5d98d044fd4f124b8a74bc09f250941ebd5314a00929f6f8e3a2a48619b8000000000e8000000002000020000000b47c5afe62b1be8a232f3554ea54fe64274163ef255a5fed9d1572e705bded4190000000f18d457de8edf851c030e10ff5c22ab3471cbc1fdc17a85293ee9296c7fc1e89ba570f40e837a890309ceb8a604e70ed8fc352b694fe90f6e2ba609b1a66dd121c807bb24abb7cbf1de459610484ac16e9044f867283c8966702b8df2404077b8eedaf00c2093b236679af79f7a8f952fa6cc25a9e979126f77d42acdc0a9860c07ce396be011307ff746c2095c08bbb400000005eefb42421faf39dc9592162bbebd38ea40a0c397358468617c19dee16ad63498a134c722af54e40756e15cb0c1896b56e8c432e8e7931afe91b47985fe36d31 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000760f6fb6d7365248881a38bcea68cf8b00000000020000000000106600000001000020000000dfa33d8a2d895aaf9c371836dd4438bc4b3ba2f7fb0bcf5f3b7d1dc292417444000000000e80000000020000200000004fff86ad734e354b50d001d684ef94e0404ebb5abffdecf69945f0eb3b442999200000003e691ea80cc001c0e774cd4c4ab269eba044de8a2b319b364f4739154a62ac534000000089f0ef3c2a6fd24a16fcffd69a06420e5637fd254d01463316e0dd2e58eaa50689d52bbc2d22ade8b80a9a050370428918b4dd88b13f0243031a70a19b3f05d9 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423014662" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{7CE08AC1-1C81-11EF-A5E3-DA219DA76A91} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 10a44c528eb0da01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2008 wrote to memory of 2560 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2008 wrote to memory of 2560 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2008 wrote to memory of 2560 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2008 wrote to memory of 2560 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\7aeee72c9061e0ff91b3976675722e7e_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2008 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | secure.aadcdn.microsoftonline-p.com | udp |
| US | 8.8.8.8:53 | aadcdn.msauth.net | udp |
| US | 8.8.8.8:53 | portal.microsoftonline.com | udp |
| US | 13.107.246.64:443 | aadcdn.msauth.net | tcp |
| US | 13.107.246.64:443 | aadcdn.msauth.net | tcp |
| US | 8.8.8.8:53 | ajax.aspnetcdn.com | udp |
| US | 13.107.246.64:443 | aadcdn.msauth.net | tcp |
| US | 13.107.246.64:443 | aadcdn.msauth.net | tcp |
| US | 13.107.246.64:443 | aadcdn.msauth.net | tcp |
| US | 13.107.246.64:443 | aadcdn.msauth.net | tcp |
| US | 13.107.6.156:443 | portal.microsoftonline.com | tcp |
| US | 13.107.6.156:443 | portal.microsoftonline.com | tcp |
| US | 152.199.19.160:443 | ajax.aspnetcdn.com | tcp |
| US | 152.199.19.160:443 | ajax.aspnetcdn.com | tcp |
| US | 8.8.8.8:53 | aadcdn.msftauth.net | udp |
| US | 152.199.23.37:443 | aadcdn.msftauth.net | tcp |
| US | 152.199.23.37:443 | aadcdn.msftauth.net | tcp |
| US | 13.107.246.64:443 | aadcdn.msauth.net | tcp |
| US | 13.107.246.64:443 | aadcdn.msauth.net | tcp |
| US | 13.107.246.64:443 | aadcdn.msauth.net | tcp |
| US | 13.107.6.156:443 | portal.microsoftonline.com | tcp |
| US | 13.107.246.64:443 | aadcdn.msauth.net | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\Cab1113.tmp
| MD5 | 29f65ba8e88c063813cc50a4ea544e93 |
| SHA1 | 05a7040d5c127e68c25d81cc51271ffb8bef3568 |
| SHA256 | 1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184 |
| SHA512 | e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa |
C:\Users\Admin\AppData\Local\Temp\Tar1116.tmp
| MD5 | 435a9ac180383f9fa094131b173a2f7b |
| SHA1 | 76944ea657a9db94f9a4bef38f88c46ed4166983 |
| SHA256 | 67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34 |
| SHA512 | 1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d93bc25e20107f805a779f92959a0341 |
| SHA1 | a532b783a99e8dd7681895003cd9488123a787c7 |
| SHA256 | ea05c34f06ebbf3df796fd77a1954db6e3c60a50f95f9a8b6dd3d47ccfb6ce5a |
| SHA512 | 043aa1c02962027738786341caae1732919d820e1383ef3832d6e2d86046d3bbf152092541fd64db3d5acea2897cb3ef650ce4fcbe5745b773f1ee12a31663f1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4c22613045d1db2f55ee9caac8b1d8c2 |
| SHA1 | c169f7e6d523b0683d7bda0abf3b977de6808d90 |
| SHA256 | de6bdc51334887adf0e5c40c439fc121c92ee304bcb193f30f16318a44a18993 |
| SHA512 | cad2f15722e33b7cf02c27b4971e2b2a98486d930e245ae2907495b8b76bad87f200081a06a087019de255b99fcff559905c9171f9b7b35b500c9784f6cf126d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 002e6bc6af4909b72e15b6306014d170 |
| SHA1 | 1ff5488182eab3b96fcccdd734a65999753a9449 |
| SHA256 | 68a9d7d400bc8271b5d42be4fba2fc41e70f557bc8ff69ede165ebe7ccba1073 |
| SHA512 | c741feb49ef68a2e56f47ca8cd412f6739228d797e16544f8f082cb776cae4929598293872b0ec5b918f06b87fbae471acec5a3232b289b8070d480fd94df70b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c416386cf59062a7d17622ea40e087e2 |
| SHA1 | 7f98c00e158026b5c728c7edaea2425558656ce0 |
| SHA256 | 064d445d6187ec7f5874a2716fb98e2d432217ed6a21b5d47914d33e933eb6fd |
| SHA512 | 82a90fea77d3da839e96dbde930e3221056784b9cdba84bbfd7ed142e9d3b43b390f62efc8e7ce0954856149e77e73e68171b58dcfbd8ace17d83922e9b5ecc6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ac07d069acace0a31fae141dca4e24bf |
| SHA1 | 62d401171ad336724eee7effb253a93086782319 |
| SHA256 | 9fbed27099ec2a474a471e4f36f950362167d195733822b230988b39cb7dc4dd |
| SHA512 | 8dc6d9618241b6c90a66d4ff1ff333371bd8eeb6f3036ef30436ec2011092b35f9ffced4523a12ae15f2f9728f1a9c7493c34a817808547f8be2f830068c6551 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 04c6dca6f889ce3d6c0457ee3c636504 |
| SHA1 | c0bfc4f289f058aa882ed9654e7d176d0414335e |
| SHA256 | b6f7b7138cbd9719400ba5370c393e315e6efab0b99c342f089c28e01653cdfa |
| SHA512 | 921ad688d0bda27bee3f71211a2002a865c600fc9dc040c438af235eafdd4d83a3f8acbc454666ad93a3cb61cebc7d23cec9790979ab3595d12b357636ca9ba5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 70e4abb0d7b2063c845f12ccb58486a5 |
| SHA1 | bad86f2a3820ebf43dccb1492db3b4d92c2e70c0 |
| SHA256 | fb962b5f14552f900a85ad25c3d4d890e1827f181fa6eec526efaecbf0369196 |
| SHA512 | 457e0560de105dadee6db9ee135180a3838c27f680b43048e80fb559f5885812370f4ac9cafaa1bbe335aeab40bde15c9e71ab4b24af93aa13147dbbb499ecb7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 94b0fc5513106b32a3656fc6ce5e8e62 |
| SHA1 | 34045f2591720522618b6e6405c58c4bb85e7b0d |
| SHA256 | 5381e64676cc760aa250c7f48b261733638b0e07a969f171d608c7de80520829 |
| SHA512 | 0bf26bada8d5df32d9855885637c32884d109701ac169de87ca558d228f17def43d1d3e7bd57ba949db37074d534c1925ad0b53acc55c128732af470ffec4c9c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 10b8b7103352b1d1ecc557b78cdab044 |
| SHA1 | 1d44326cb98f74bdee4f26f66cd23fad3e70cc5e |
| SHA256 | 3a16b5f65f85cdb4d258826565807573ecb48c2c3fc504fedcbaef65b4c0f49f |
| SHA512 | ef0699641e80da100679ac61f1ed59dbdd9ad7ba6b28de70fa7751086d21ab413c14c8166a9b6dad0d6aedfc804d8fc7e780e7a74dfb233d8c695f9c04811dab |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 255693973be19be952fc6df3d2d0de6a |
| SHA1 | b7e66d40b96f712373cdcfa97a50a92726d22713 |
| SHA256 | fcf35b2ae9e5d2d6282f9fbcc045b8c185281a43a580bffb4fbf3d1ed9b0c875 |
| SHA512 | cbe0203bac480e249a63b4d352effbaa9ec7c0d170c23b348472e79746f0e98a8d8369dab449e4b2c15f4f66c3be7b4b760034da155595d082f96bce7d35d924 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7a1337d97a00f71ea95214ec78f6ee4c |
| SHA1 | 675ed55452dffdfab83e494b29bbf2f5279c699f |
| SHA256 | c6241bb48d14d65ef4d233954aebe4a9a36fa5456ab85d8650a64783d04426c6 |
| SHA512 | 5a3fd5f04a197a3ac75a9782952e73ce05ef861072ebc7ef9ab7466ae04668591a67560e990bf804ef27a53db3465af7569f269d3441775754fd3d4164b23122 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b8042196cc9be71545c90b6d6bdde9cf |
| SHA1 | ed99f055285d0d4486c52b42dcdf9dcf5f96021f |
| SHA256 | 82b0cf67993635f30a33f1024d4460c5b20e3c644299e2b0ac4861aa138ff9fc |
| SHA512 | 59968449fc7deab9df420c5f2c3e2d3156ba17bff17d06bd057697bae1be39ee1c89718b4a5759ad32e0b5dcc731b41dd1f2b42bbc535d7edeb62f118e585e98 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d8748b9ed265ecc1ae734c70a8bbd44e |
| SHA1 | 1aa579a74b57eff5808f514a337b1ecaaf41958e |
| SHA256 | 4d868a695db04f5ab70efdba3b4ac720b23bd93e64900073db7ba51611d55de5 |
| SHA512 | bcd190b2a702ec532dffda80f3a8e5aeb1b66791d58052fd584b2bb34ab8908ae70ca240dd71a5545ca2de9be92b5dd3a3a127888a7e8b3a9b64ccb8bd3fa37c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8972db1d5c42c481e002c16fc25fccd1 |
| SHA1 | 57dab75a0cd07a2caa5f896836107b09a889be33 |
| SHA256 | 4dbcad2688c0d2520293d8f56e342b459adfdb390d95b695f706d0d681c01fbd |
| SHA512 | ac3ccf75978eb9cd04270b490dce0eae02cf4cf363b54fc845d6e21cf9349e0d95798d42afa42e6cf977fe5f35bce1a24457d668dc0fde412fc19435f30312c8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 01e1809e8b76704ee8e858540746ed99 |
| SHA1 | ae4724a9124ad80993653b9e5dba62a48a0b7482 |
| SHA256 | 2461ccf532d2a8c41a64e3b64692a72b6d85c74a3a6d530d2f5788a048f7c550 |
| SHA512 | 6b7762f65ee05725e54a2abfc7a91ece54710cfa357a64678e490c47cec5fc1a3496f5796e2d5b0ee3190b8b18771e9cffefe789dc88c8aaaa90cc3491455c85 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 44a90fc214642e221630a16b698d4670 |
| SHA1 | 2ebfbfa24f55f425370262cc90c9ccc78fc6a5c6 |
| SHA256 | d89790bcca4deecc0547985ed903322695fe18e8de01bbc25e468cb845ca761f |
| SHA512 | 4e8d960bd6b40b0d3567d66d55829d37e76e05c11b866c0664f69eea7bebc496a6343ce4b4200e4f66eebababa929d700772b634e5aa79f51de886e7cc159e7f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 67330e0502b4ab0b22c39a07bef257e1 |
| SHA1 | 9fb846e8427860dcf0da393932f7b62f9979ca0d |
| SHA256 | 4d503d050498ac5f4b4338c7d7c58746845e418575f8479497a5fee1736d8937 |
| SHA512 | f93945933b68a2ca147af11519be703e680959383274b1b3710a2f1e8340ff9238aed3f9d59f70cb859736e395b1393d0499b50d7c6fc628668d5e2d3e1a6225 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0a3a1402b4e45e0596f4892cb83196c0 |
| SHA1 | a76ea24956c48143794e8ce6487b52f34e4fc29e |
| SHA256 | a2c9771f313037f7e657904acf9ee3e2ba4bf9e3e6effc35f02bdc4a83a9b013 |
| SHA512 | c691fbc3c2d5448ff6c972490f1f27e5b8763fc3274d57c40fca27f188f0e32648f38950a8d904d2d3a11e24be446dd4c357824e4da5b3e5d63e4f4b77b6e489 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2d06680b836e1dea774b1c3f9b183a63 |
| SHA1 | 4ee620fd1b9e3fc2fe15b986b04ac43750d7a614 |
| SHA256 | bd5b0efeb86aec762f92437f59380e3958ef01c10726771c4ac7dc99f60fb76f |
| SHA512 | 051f1e481c83e88cf9570de903c999a0e25de0eff38e8f2af60e54d85cc85ef969c393bbc5df502942c5bdbbbcdb186c23986a7f4a45f9ae2731d1f935f6809f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b379d23cfd56777c07c1c39f433cc467 |
| SHA1 | 235abaf4233658ad1755c810659a4ca0ce786c44 |
| SHA256 | 80870a1d30c696dbc16b8f8043367910bf364d6263b4ff64e7e827565c306e9e |
| SHA512 | 42b45281452f5b3bc58e22611adc93efe8ea09d7bcc77cb776e37b0f434d58ed2ec0876a30a8ba0f8f391c40f3ebb1f59dc72e25e0da55507e5fc140f7b34e2f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3389dbbd087011e96dff379220f8d8d5 |
| SHA1 | 7a429053f4779d09e056f4f9c92024df1f0624f5 |
| SHA256 | 8591ffb0f5b7b0f9aee4bd430466a99b7b56190c70e72cb8f781d7e05c44ea9f |
| SHA512 | d555321cbf44ec98763b61d06ad20e75018b5c4e36a19b7366f7ca8fede6d198127c279f7a0af4aaecbc8c7d696000f9e2fa040ea66f66d913d2a984ed08706e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4c033d97c3746caec9a00845cd0166ee |
| SHA1 | 743831089131f85a053363594855a8392d4812d9 |
| SHA256 | c736c6f91144a7f1d67d79371bb6f8b2ccb83163d739246745e81e65563236db |
| SHA512 | 74f609116f19ce4b4f4c79d6e304903d5debd2666a7699d52eceaa1efc535fc5ecf7bd10813d57580c75fbaae6e4e8b2cecbf535953c207fa1b2e7022a1c6952 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d2d7690d87d42356f12e78584c3525de |
| SHA1 | ad8b9e4dfa4838b3e114a8381d2c3ec781cd3c1f |
| SHA256 | 44dce3bbccc0f457dba52714031ab8467f5895f06b598af7724e7ca9c98f1b17 |
| SHA512 | 37ea269aa6c4527f211712bfd3e6a097132286f3bfefc9165a55c7c535de0e1bd5c5fdcb54a036122e95fd1f1ec52dffb9f6dbd47a6a210a42dffb1df165de06 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4e1db1310fcaaf61937aa726811e6570 |
| SHA1 | 4d5e0764ad992efb85c53e1401090130ad0ed957 |
| SHA256 | 51c311d3e607de81a309d829b30e3ccc46853dba66898f63da63faf58359a7f2 |
| SHA512 | ef9b345d82010868f04e09b02c654af4b6e7f880238df28543e4ec921123ac69af98f0103fd5b3cbf70f57c514518504ae4b7929b9281b4446ecea686e01490d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 98fd36382c353e0925478cce19d3052c |
| SHA1 | 2af8c52a9c1949ebcdeb0b117b9c66749496fcab |
| SHA256 | 2723d049542a10a1c83c0b2215fd3120dfb2ef20e9f9d162f68146c6d6328a7a |
| SHA512 | e430e760385dff010985982d39b3f78c6faaa15dd8f5e3351801d37f0d7e9ec49fd73b0bf0f63dc26bebad52ae3279eedf677a6ca8ad6d8eefa958689129658b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 432a96130ebac101ef10e2dee69f9dfe |
| SHA1 | fad459d095697906f76a09c1784af5bf7bc5f09d |
| SHA256 | 271fcad1dd63e070c49a80b4cc538f22fd7c09782779b51ccd58b91d711423f6 |
| SHA512 | 2f9b5ea7b4bde6bb12565a681353c6ba07f0d5ce2a037861bd5670a2ba5d03e5c947392065f1305dc8f32a60776e4a73e1f4f163e929cafd5f01c5c321273eab |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d00553f4cd4b74830765e097b94e70d0 |
| SHA1 | cd01a6d07baa492a03783ee0d1e2745e6a9a0056 |
| SHA256 | 0dc69b89cb2ed05291a7cf86a0f14a08ca5c72a63dba15a0dd64465eea15abef |
| SHA512 | 3b6b657508bce80f365bf9502f9f81cf52ab89d90880330a7344278f624c83ee5663bda5a5a0ce6f42d4b784f64679d089ea87e204b2abb198d8e9fad731eab3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 413eda10e18f4abfc182ab3795258aed |
| SHA1 | 394b7b82450c1634d3016a7abed43f74ff27743d |
| SHA256 | 6019d1524829b4c3bd06f81d796ca73727de95d8a3644f34ac38d93a2faca833 |
| SHA512 | 314226fe703d926c6f2a27e7160c24688e76bcc486cde502ed3fd3c634b831a1f1b47e3db6c287bcbbc48587376ad335465e34a2f199217536812330284876b1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a785b142a5621b0b10de9bbb04c55c2e |
| SHA1 | 5e0363c4cb9af6d9273de76d4e3419f91a757289 |
| SHA256 | b9c953841a8755b351d37d92167b1af39cb34c072c07f1d6054eec990f6652bf |
| SHA512 | 6c909a708c9fe478e762d3b740d96e6393213b60d08466d1460b9f176a2a81d97a4ee8e6dfd039249bb7735826cd5505242535e7885acbeb4b54adedba14f9d6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | beffa6a8d547b020d9c1d88a04a92ad8 |
| SHA1 | aeef45c1589bf0056f7c47507a93f39894689f0a |
| SHA256 | e9082d5c173ace98b054344702039dd254c08364160e40f56c137c1c7f9bff69 |
| SHA512 | 0d24045379e0aa555199a6d11f2b278aeafb2765da26a95f4597debc365c8de7ae5612ce141130f92c190457e2e9a2c11664e897f217c4adddf89d4a132a7fbf |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 40998fc33dc31aed14486971005a70b2 |
| SHA1 | d9eecc8e53b2e72ce674375e74e1982ee4e4374a |
| SHA256 | 263334fed30490c26196a55ef3f5f1b23299d0ec87a33de5c3d5331773338ce3 |
| SHA512 | ffe6ccb59ae80ae2aab870107a097b0f7b73e8ec3ba02268410e96956d5fd6d5f469beb35ca07cac4a192ea3f0bb2f67b9b6bd40df24180743ad2b07d428b56a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b36f84b7c2cb12668e5772cf6c614857 |
| SHA1 | 7eff93f79bd46eb8a9486d4527eddd3824a4175e |
| SHA256 | d936a80c3e5085f334197c293b691804305f10a5977f3304a07c94dbfb831e1e |
| SHA512 | b9e14a522e02f9c95372e8ae0bb94f97be20cca55cb73765053f27a8b4386d6e1ce391a96a791c19351d19ff159bbe0125519f88865bedf374470cf74a272ac9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 65d94a1ad3405b07193383d2e608854e |
| SHA1 | 4cde522eace1bcb95af46c035d2bef4d1f67448e |
| SHA256 | 70973b58f1e270193f73a1948b5c8ab88c1258ecf2daaa783755765a56fe2ab4 |
| SHA512 | 3dabd89608f30f6c94f135b6ca75a89afa3674a949b16c8d5aa0fe6c1b3039fee300d847f42e7e31a94f79eeb2d489a0a16aec4de4f5fc58b825404e9b91cbc1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 12cb88d1e18dcbd4de64c58da37dbd32 |
| SHA1 | 648f0117db59f5d2df738bca79b6098cf3c8e5f7 |
| SHA256 | 0091d485ca9d53809abc30dda47d5bb0b07a93a9f806c45c5b42c24912fc7bc2 |
| SHA512 | 953e35ee33e5c6bd16f28ea14fac9929fbf8ec21f4c9ade8b12229bae4e10d1484bf75ff979449f4cf5caa1b9850ba61d9e18d440d3f57b4819f21c105608db1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9bf7e6077ebe935cf4edb61d2fedd9c9 |
| SHA1 | a3c321d8eca330385b96da869669369bba83a702 |
| SHA256 | f59542ac2f046fea979858b5296172345263c4593ad79d3159a346665c219ac1 |
| SHA512 | 066cca7de1d39ccbee14a1818a82c62c8ebb2e43ad884a1a36281b1c3957f21cfe43751ad998c6526a9b2de96963adc4427c8940edfe8dc73c08e6fb11450d79 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8f2ab497cdfcb6745a73bbaeab563123 |
| SHA1 | 05db3cf07bd56b065979f542f54a2f91f55110ba |
| SHA256 | dfd771410ab46c974396af3cc4fe2906b68bbc0319d405aa621d3278be37bda5 |
| SHA512 | 09f9c67328718b0a32f0e5252d5478c50946f5478aa4b0b45c88665e503cc954b85532a5319d6cd9c55732ac78874ed22a9e347daad72e2f1aef23497f59f1f4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | fbcb895c12f069d4bf03ffcf842cacd6 |
| SHA1 | 8dadb13a05a9e8001d647294017564d6eeed8f5a |
| SHA256 | 99d1f0583cf73590534653cc99b5c5fd0fcc25cb38fa6574db6de9568b8c98fc |
| SHA512 | b745ae028532715d06e9f61168aa7abdcbe28350d2f7da6925658952a3fb4a4e5bff307608852857a6e2337325b9d3ef8dcf4cc052b208a48c377e0b2186696b |
Analysis: behavioral2
Detonation Overview
Submitted
2024-05-27 23:33
Reported
2024-05-27 23:35
Platform
win10v2004-20240426-en
Max time kernel
150s
Max time network
150s
Command Line
Signatures
Detected potential entity reuse from brand microsoft.
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\7aeee72c9061e0ff91b3976675722e7e_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe344246f8,0x7ffe34424708,0x7ffe34424718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2056,3048484502389638106,5873249110088555855,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2072 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2056,3048484502389638106,5873249110088555855,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2116 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2056,3048484502389638106,5873249110088555855,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2156 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,3048484502389638106,5873249110088555855,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3292 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,3048484502389638106,5873249110088555855,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3328 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,3048484502389638106,5873249110088555855,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4652 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2056,3048484502389638106,5873249110088555855,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5100 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2056,3048484502389638106,5873249110088555855,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5100 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,3048484502389638106,5873249110088555855,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5232 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,3048484502389638106,5873249110088555855,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5272 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,3048484502389638106,5873249110088555855,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5852 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,3048484502389638106,5873249110088555855,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5816 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2056,3048484502389638106,5873249110088555855,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5556 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 196.249.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | portal.microsoftonline.com | udp |
| US | 8.8.8.8:53 | secure.aadcdn.microsoftonline-p.com | udp |
| US | 8.8.8.8:53 | ajax.aspnetcdn.com | udp |
| US | 8.8.8.8:53 | aadcdn.msauth.net | udp |
| US | 13.107.6.156:443 | portal.microsoftonline.com | tcp |
| US | 13.107.246.64:443 | aadcdn.msauth.net | tcp |
| US | 152.199.19.160:443 | ajax.aspnetcdn.com | tcp |
| US | 13.107.246.64:443 | aadcdn.msauth.net | tcp |
| US | 13.107.246.64:443 | aadcdn.msauth.net | tcp |
| US | 13.107.246.64:443 | aadcdn.msauth.net | tcp |
| US | 13.107.246.64:443 | aadcdn.msauth.net | tcp |
| US | 8.8.8.8:53 | aadcdn.msftauth.net | udp |
| US | 152.199.23.37:443 | aadcdn.msftauth.net | tcp |
| US | 8.8.8.8:53 | 91.90.14.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 22.160.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 156.6.107.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 64.246.107.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 160.19.199.152.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 37.23.199.152.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 26.165.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 29.243.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 8b167567021ccb1a9fdf073fa9112ef0 |
| SHA1 | 3baf293fbfaa7c1e7cdacb5f2975737f4ef69898 |
| SHA256 | 26764cedf35f118b55f30b3a36e0693f9f38290a5b2b6b8b83a00e990ae18513 |
| SHA512 | 726098001ef1acf1dd154a658752fa27dea32bca8fbb66395c142cb666102e71632adbad1b7e2f717071cd3e3af3867471932a71707f2ae97b989f4be468ab54 |
\??\pipe\LOCAL\crashpad_1644_FAYUTMGXDYJTFHYD
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 537815e7cc5c694912ac0308147852e4 |
| SHA1 | 2ccdd9d9dc637db5462fe8119c0df261146c363c |
| SHA256 | b4b69d099507d88abdeff4835e06cc6711e1c47464c963d013cef0a278e52d4f |
| SHA512 | 63969a69af057235dbdecddc483ef5ce0058673179a3580c5aa12938c9501513cdb72dd703a06fa7d4fc08d074f17528283338c795334398497c771ecbd1350a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 792cb43ec631d585397eeff7c63a3654 |
| SHA1 | 454e241da5f0824b7d3d52ca1087e03943ffbfbe |
| SHA256 | 058920f1e11927582a4c5d173fc34c48e67ce44d4b5560b74a5b785594e09146 |
| SHA512 | 89cc23b649b2156e386351f6a01d28e4cded836ba4873190929861d55e934793c92f4613c913b1c135289e95e9b2309ac70cb2e822d46487a2b215d9e9d32e0e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 63275daa6d972a12bcd5da3a50ada11a |
| SHA1 | e11249eefffc82e46e333b00d503c552b337e814 |
| SHA256 | 97339efcf42d0ccc6d7bc54c7fddc4c4947d442dda61d3cd221bc99491b02540 |
| SHA512 | a15b583f4667ef8cabc4bd37050facdf83846334c87fd837e929a7f8dd228a82b2e2d277c47d8a7adcf4d50942a5b8b441eb39864589648d42fb42595def2526 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | a0a82b906666b3b124b18e252cccab1f |
| SHA1 | e4ad1f903f7097dabc16f402da78ec7199ce8fe6 |
| SHA256 | 01eee427f6171075f3ae19080fd2be524d2009f4135b097abee838dbc4db6e85 |
| SHA512 | 5e29f4f7bff7f082eb16fecb252cb5531bd4c0039c8ef6332d512eec89cfc2881e32fd53887c07a9238b2c49a2efe69eabdab1e88b4fe1a42ebd87f92a671dd4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 4664c21086f63fc4a7a2d7cdfe3af7a3 |
| SHA1 | 8c74b72b9e0e190ee659cbef8f60734ac9c89d4b |
| SHA256 | 15d2029a1db3d04b1e7e4ea6b000859566e49a366a3ada15df9b48559ef60dc1 |
| SHA512 | aa4a8de79a1570f56a7b2a2aef39bbd4121fa8fbabbd8848059fe80fcd45554322ae51afce010152bd8cf8ffb4dc802082f45ce24a6852d105a57212317cffee |