Analysis Overview
SHA256
373d88d1ab491fccbe6c9c96a84dd4af92c35d05811f499fe61bdc8e3c0fd1f8
Threat Level: No (potentially) malicious behavior was detected
The file 791c4b118aedb3900c9dab1dc4a025f3_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Enumerates system info in registry
Suspicious behavior: EnumeratesProcesses
Suspicious use of SendNotifyMessage
Modifies Internet Explorer settings
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-05-27 12:11
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-05-27 12:11
Reported
2024-05-27 12:14
Platform
win7-20240221-en
Max time kernel
144s
Max time network
149s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000f78fdbfc1c89324a9b7a559ba977f5c900000000020000000000106600000001000020000000b8ae48c57fee5955247dc912f503d3e6ecfd947a4bf78cba9b7307d60d840ca7000000000e8000000002000020000000a57324041c45f726774a31803bfb348c5abd0c8e03960d7cb9a3359cc00b29d390000000b4f249ba63600b08f9de729b173c09ebb392a1889cd4c49adaa39f7407cabfd01fe354e7613299435b2bbe674fe57af021abc2b040d0f9d766eeb4e46d5edee77a28a96c8fea82013939972078e411af78dfb8b2d7bb293b9a844fbb4b9343e19e7641c02f8266af3788272fdbc8271c8125fe329ffce8bbe6f70e45aeb948d95226952603968b7679b0dd7273f9d5bf4000000079343e04698c8b84350ebd449860b861b094774332a46b2d1607168ea493ca39b09f6b1e7c04a624e2215946f4d5a0435f92a6adeaa19c3c94c0baffc32887f6 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "422973780" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000f78fdbfc1c89324a9b7a559ba977f5c9000000000200000000001066000000010000200000007691af863df25891184801ba39079c44fbcac4c1cbce24fc8d00d9106de8f7ad000000000e8000000002000020000000affb69cd639394cd8176dd25247c65d4e2f44ab5d04a56e23f17a949c92e8d51200000009209ab976cbc218f8ce59501569b107723c7883164b4f554e98e392d2a2625c14000000051e1c0ab58ce8e3dea1079a0770263db57ab79231b7d4c1dccd1dd968ef55c4b8ad49ef46448fb4d0baa48d734a672c3925ff32ca752ef0bbb0bd03571c2fc20 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{4D559981-1C22-11EF-878B-CAFA5A0A62FD} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 3009752c2fb0da01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2128 wrote to memory of 1960 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2128 wrote to memory of 1960 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2128 wrote to memory of 1960 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2128 wrote to memory of 1960 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\791c4b118aedb3900c9dab1dc4a025f3_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2128 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.conscience-et-meditation.com | udp |
| US | 8.8.8.8:53 | sg-autorepondeur.com | udp |
| DE | 51.89.27.164:80 | www.conscience-et-meditation.com | tcp |
| FR | 185.177.46.200:80 | sg-autorepondeur.com | tcp |
| DE | 51.89.27.164:80 | www.conscience-et-meditation.com | tcp |
| DE | 51.89.27.164:80 | www.conscience-et-meditation.com | tcp |
| DE | 51.89.27.164:80 | www.conscience-et-meditation.com | tcp |
| DE | 51.89.27.164:80 | www.conscience-et-meditation.com | tcp |
| FR | 185.177.46.200:80 | sg-autorepondeur.com | tcp |
| DE | 51.89.27.164:80 | www.conscience-et-meditation.com | tcp |
| DE | 51.89.27.164:443 | www.conscience-et-meditation.com | tcp |
| DE | 51.89.27.164:443 | www.conscience-et-meditation.com | tcp |
| DE | 51.89.27.164:443 | www.conscience-et-meditation.com | tcp |
| DE | 51.89.27.164:443 | www.conscience-et-meditation.com | tcp |
| DE | 51.89.27.164:443 | www.conscience-et-meditation.com | tcp |
| DE | 51.89.27.164:443 | www.conscience-et-meditation.com | tcp |
| DE | 51.89.27.164:443 | www.conscience-et-meditation.com | tcp |
| DE | 51.89.27.164:443 | www.conscience-et-meditation.com | tcp |
| DE | 51.89.27.164:443 | www.conscience-et-meditation.com | tcp |
| DE | 51.89.27.164:80 | www.conscience-et-meditation.com | tcp |
| DE | 51.89.27.164:443 | www.conscience-et-meditation.com | tcp |
| DE | 51.89.27.164:443 | www.conscience-et-meditation.com | tcp |
| DE | 51.89.27.164:443 | www.conscience-et-meditation.com | tcp |
| DE | 51.89.27.164:443 | www.conscience-et-meditation.com | tcp |
| DE | 51.89.27.164:443 | www.conscience-et-meditation.com | tcp |
| DE | 51.89.27.164:443 | www.conscience-et-meditation.com | tcp |
| DE | 51.89.27.164:443 | www.conscience-et-meditation.com | tcp |
| DE | 51.89.27.164:443 | www.conscience-et-meditation.com | tcp |
| DE | 51.89.27.164:443 | www.conscience-et-meditation.com | tcp |
| DE | 51.89.27.164:443 | www.conscience-et-meditation.com | tcp |
| DE | 51.89.27.164:443 | www.conscience-et-meditation.com | tcp |
| DE | 51.89.27.164:443 | www.conscience-et-meditation.com | tcp |
| DE | 51.89.27.164:80 | www.conscience-et-meditation.com | tcp |
| DE | 51.89.27.164:80 | www.conscience-et-meditation.com | tcp |
| DE | 51.89.27.164:443 | www.conscience-et-meditation.com | tcp |
| DE | 51.89.27.164:443 | www.conscience-et-meditation.com | tcp |
| DE | 51.89.27.164:443 | www.conscience-et-meditation.com | tcp |
| DE | 51.89.27.164:443 | www.conscience-et-meditation.com | tcp |
| DE | 51.89.27.164:443 | www.conscience-et-meditation.com | tcp |
| DE | 51.89.27.164:443 | www.conscience-et-meditation.com | tcp |
| FR | 142.250.75.238:80 | www.google-analytics.com | tcp |
| FR | 142.250.75.238:80 | www.google-analytics.com | tcp |
| DE | 51.89.27.164:443 | www.conscience-et-meditation.com | tcp |
| DE | 51.89.27.164:80 | www.conscience-et-meditation.com | tcp |
| DE | 51.89.27.164:443 | www.conscience-et-meditation.com | tcp |
| DE | 51.89.27.164:443 | www.conscience-et-meditation.com | tcp |
| DE | 51.89.27.164:80 | www.conscience-et-meditation.com | tcp |
| DE | 51.89.27.164:443 | www.conscience-et-meditation.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OORQXHVT\jquery.fancybox-buttons[1].htm
| MD5 | 4f8e702cc244ec5d4de32740c0ecbd97 |
| SHA1 | 3adb1f02d5b6054de0046e367c1d687b6cdf7aff |
| SHA256 | 9e17cb15dd75bbbd5dbb984eda674863c3b10ab72613cf8a39a00c3e11a8492a |
| SHA512 | 21047fea5269fee75a2a187aa09316519e35068cb2f2f76cfaf371e5224445e9d5c98497bd76fb9608d2b73e9dac1a3f5bfadfdc4623c479d53ecf93d81d3c9f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\103621DE9CD5414CC2538780B4B75751
| MD5 | f62137b723f4096eb692bcb039e06cdf |
| SHA1 | 265534cff1bffe75fd77ee4d746fda678f7b0377 |
| SHA256 | c6a249ce685b9aaaa644ab58e32f1bcbad77da8627b12d94c04cccadb482dc58 |
| SHA512 | 38b93cfe8a2e0f05b7e70719d3c3797bf53c008808b1431065c730d69e5113a91dddb4fb583ddc59ae2135d5e2065a3909c6535d185baba681e88b4debe9118a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\103621DE9CD5414CC2538780B4B75751
| MD5 | 822467b728b7a66b081c91795373789a |
| SHA1 | d8f2f02e1eef62485a9feffd59ce837511749865 |
| SHA256 | af2343382b88335eea72251ad84949e244ff54b6995063e24459a7216e9576b9 |
| SHA512 | bacea07d92c32078ca6a0161549b4e18edab745dd44947e5f181d28cc24468e07769d6835816cdfb944fd3d0099bde5e21b48f4966824c5c16c1801712303eb6 |
C:\Users\Admin\AppData\Local\Temp\Cab2DE6.tmp
| MD5 | ac05d27423a85adc1622c714f2cb6184 |
| SHA1 | b0fe2b1abddb97837ea0195be70ab2ff14d43198 |
| SHA256 | c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d |
| SHA512 | 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | afb43e4f93df55a9314673ce57302d03 |
| SHA1 | 527180daad046387d9dc56c7749b46ea17328e27 |
| SHA256 | 0d7e79cbf3631d8446e2a77ee3d99b39cfd86a821f5508d785b97c8efd273d0c |
| SHA512 | c7bebaf6caf22694cfcefe4612aec0f0aefc4631c7fc015cfaea93e69f9085da297e836b055bd7da7ae5c214fc056680de131dd8f39b97480a1132d309e3d835 |
C:\Users\Admin\AppData\Local\Temp\Tar846E.tmp
| MD5 | 9c0c641c06238516f27941aa1166d427 |
| SHA1 | 64cd549fb8cf014fcd9312aa7a5b023847b6c977 |
| SHA256 | 4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f |
| SHA512 | 936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
| MD5 | 29f65ba8e88c063813cc50a4ea544e93 |
| SHA1 | 05a7040d5c127e68c25d81cc51271ffb8bef3568 |
| SHA256 | 1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184 |
| SHA512 | e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa |
C:\Users\Admin\AppData\Local\Temp\Tar856F.tmp
| MD5 | 435a9ac180383f9fa094131b173a2f7b |
| SHA1 | 76944ea657a9db94f9a4bef38f88c46ed4166983 |
| SHA256 | 67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34 |
| SHA512 | 1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9c8f6c436e077511cb9f658c2bcfc8d0 |
| SHA1 | 16bc3ade055b4a21a332667c9b083467dde94066 |
| SHA256 | b607b934bdcdc269af315604aa2d54cdbe7b05d4e0e9247da0b9df92c66ccedb |
| SHA512 | 883a1c9b9fd1cb50558e6f01713301f33a5f088719b3b2452b7e5082d21f8d3709c63bf01fc2db45bc0a3dd24c513ff03d85d4594daddf122dfa874192b742dd |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ad31ec520f0aa7f6f457b332e03e0f39 |
| SHA1 | cf83d265de6d7ea7d455105996378a15baa86003 |
| SHA256 | 4617815b1101fbe3e7df216f7f1e969c10c34af330958c954400a62374a408b9 |
| SHA512 | 4cc8a1dd8674b19c9c2d9d606867e8dbf4d758a847c18c88b54f36085fa992ba514ecb02d1098b1201d0554a1e01bcff7f1dda5902ea471880098158815b63f0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8e6c07a9f26235637fe4d6a85cdf95db |
| SHA1 | 4500f842a78d271ba2018c5c6c612bd06ce9b365 |
| SHA256 | 485cefc59a248f73ed8b65c6d9023d6bbaad7bf2d8fdf2588cb45fa1e176e021 |
| SHA512 | 1a624c2dd86a43166c8ef4f6f414a3b9a0f97e32a90fefa70d56458db17b25b26d4d2aeb4f3b7569d4e21bb218a6adeeb5bbe73aca9340234f0fbd896874a81a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6bac9aa3b3ce421a70028d13d1cf91a5 |
| SHA1 | b37dac711882e4b3ad03a30d3eb6c0572ed8b530 |
| SHA256 | 1a386d3d5f917961fd24e6cdd1a938379d9d675294d27b0ec28bd42761661f32 |
| SHA512 | eeef2fd741a6eaf9de299e4371349ec5a46659a8a330ced8a27a5e5e774f4bcbf44927605c835231892d5b0e5f8fba3a741f496f6549e3921638319ed053036a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8e4f5334788fa71eb6338a81c43cfd5e |
| SHA1 | 6d3aedfb831ff4008e7f699a57984cbbaf0ba361 |
| SHA256 | 1422620f773e8d0ead36720fd37366a280baa3cf37c2d5fe8127360a9fdf659c |
| SHA512 | e81d4a1e11d12907634718f61d4acf2a7fed1230772e7f74eade67858e7da215da526f5a502e728f1471618b4fb92fa4c37e2db4e3b210e5b70c78ee197676cc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 733c85aa32d3fb6470484753e88c8456 |
| SHA1 | fe3ae9643e89bbaa9a91678ae7963d3d60cfcbea |
| SHA256 | 1f8435ccc7a6384dbfe063e66ca74195617cccaae3d61d1d21baace49b9e1070 |
| SHA512 | c14439bbb6e6880f58f615e32c40cd19619810640575afc039054ab0207f3e8cf5770acd09f0786dc44d3191ce00e86f51871f575b9b20aaea4c329bd06b16ea |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 81f58b3dc82f20bc92dd649cdb5f7284 |
| SHA1 | e484f3b8819e7aa8b0b3e24f63193c562b05e0fa |
| SHA256 | 30d4ba002986b17cc422faf0657c207d400da5197805c3f5e73f5a480b2dbe2b |
| SHA512 | 616f4f7d1ac30eeea2938ed3db9f7774cad21a475364d96c5ebcebbd3a97cdfdc24893186ea3da048cb811b4b8528d80f2b1140bdc1d41272c42c1d7efdb9869 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 03b0adb3901ec6998f61be32f7ca18a2 |
| SHA1 | d7096dffe69471ed17f7d50fd44aec459d4f8e1e |
| SHA256 | 9833b174733aa361471b297684d402cbbfa2f0fcd0b908eb26ccc99ddfa32fcc |
| SHA512 | 56ec6ad5b427c9b79833c2c3632a93a3a7b801ace9d619c735e341a8ade883cd9e10d26fadb3aaa9ad25381eaa983235e3a3be3642d3c3bf4cdef42f37dcebd1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 41b4005279b6cc5b403e351b2615e26a |
| SHA1 | 50f88bc1c1e0c187cdb68eedf244b4ef96f43994 |
| SHA256 | ad0871f681a517d5483a1eb2728077061bf26500287ee963df1b3f01c2ce4918 |
| SHA512 | 572aa405828b9c44101512c46593001346bea6d43eb11b430c0a786fea9f6b0e25588573176feb32948122a5a6e5df0165008d75e72f4c01009ccf839557451f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 753197ed536d74cda5f014eb2ee0b930 |
| SHA1 | 3b7e81f54c4c2f4ba1effe6b3d004979e2120cff |
| SHA256 | eebf7f3b14bcb17d7b20edab58376d63a56b828fe0eb86c44b70ff67c361d9ac |
| SHA512 | 418b8af5dd2286a66a6a3731ba0fccafb92323db6c7edd8959776a884cb13a356f7459ba0eb9f4072f37251b97006c4fcdc7fe030d6d4df25c0ff14a1fc786ae |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 30ff5900926b14e8199b1af1410dedf6 |
| SHA1 | a747a164f577892373d5214ceda84ae3d472ab3c |
| SHA256 | 857d2e290ed929bb804bf3272d9ef0f432f7e959d4d6226a5d148dabb30fc34a |
| SHA512 | af5e763f768544965fec3e4427a2472f63b5e2e199d09f06a36109319e2c8180fd7428611e9e863ad94705730b8323aac5068e0e950e717ffe80c23c54cefba3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1a02cd93ba573b1368f5483346761962 |
| SHA1 | 0b0d4d4967d754c6ad1bdbde236ccc0a54b5e58b |
| SHA256 | bd0cf911eef88a58b6d2385f1982f2dad848c87a2e8e6cd28a19cc14084c3cef |
| SHA512 | 0a9651dbcc44b0af19e6e66d46e2ea40e90fd6ec5af3988ed120ff2493031688bcd43fdf8684629d26aec4fd91b600ca078eba573094fcd2a50db3c827cc816f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | 89a361f54fa9913429b923eb06b6e870 |
| SHA1 | 4355240d971f2b6bdb7ba831d7b7d747c3f45e71 |
| SHA256 | 952bc7ae89677f26d1aa396945c24abe126f3f748629a754b0019853c84b63af |
| SHA512 | d14b48c09710c5301617d69e7c79275aee71354484e25c4563270a88a0e06284e30da8324fbf55efc3d1eba33d3e0c393a2c336175c9d95cb8ea622dd1e1e5b1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | a266bb7dcc38a562631361bbf61dd11b |
| SHA1 | 3b1efd3a66ea28b16697394703a72ca340a05bd5 |
| SHA256 | df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e |
| SHA512 | 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 993e2f958c6a863a90f50c095484b381 |
| SHA1 | 831e37fd0a224737e048d637c92210c7c11000d6 |
| SHA256 | 5ab8856bab4313e74a3d24cf004df9191086f39a6f17b2638a271ed3cd350861 |
| SHA512 | 10b8fa9a692f1470fc5c6188bed594846d7af684050fcada5a81d9c5e30736f1fba24b0de2aad72e6de0375d737d8caac3e78b61b3575f6fbb4dc6a8dfddb37b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 625b23d33d3f1f8b87c6568d09b7a212 |
| SHA1 | 9b234988518676bb63b326188219248b4316e497 |
| SHA256 | 4f48c87dcecd44d80b3748cf4332a01309e2907888d97a50acaa3e1da617807b |
| SHA512 | 231dcf4fd23091a08af13e65e6e9656ab9357a9704da8106a7d0df120d4d282ebd3c14f3dac4ba82b779814323ab711c737e326008a9e7a41b8665c436ea83f7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f4a5f2e33ccbf3fa346fec06b6613031 |
| SHA1 | c789010bb8fa8a417a53189ac7188a073027a3b7 |
| SHA256 | 1d02a36e4388d4e081fa3886d23d50d53969780189b706bd21a7356f19c6cd15 |
| SHA512 | b4deb28f4f58e4b2146c003afe32120ae7b7e20b0dae9e3a39e86efb0a25af4f6a97a3ffaecc16c7f4b64c19bd58c2fcb2e3083dea2a5a826b9f0fde471b412f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9ffbc1ed2357a064787d56061f770e0b |
| SHA1 | 0c152ce798e084f1d4d3035d3729880fb4cafd28 |
| SHA256 | 1ac8dd6cdac4a8d12e3fbd74788dbcb7d9b2314aefd58985bba6568e657f2ef9 |
| SHA512 | 80fa1cc0b28c24fb1a9841c0fa08d1997e490768991de66666170546e503ee4b0f85e5cee636c9355a3d53dc600d60da9f71cb4ff1fbb39d9ee1d684a9508a8b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | dae3e4257a707840661d01ef0d186d14 |
| SHA1 | b13b85d3a0f9dd32be1cb1e2d6c8368148d2ffc6 |
| SHA256 | 2026eb052af08e47ebde6ff1aea8d53d5eff603e9f4f87ac0ec44d9b568e9d57 |
| SHA512 | 240a6a341adfacbbf6e49142a63fa334607c662f8a3a8cf296c3b52e64b1167ade2a22ab1819cf7adcedbabb766bfafff35a7430eb2e36a340e4e5675184fdf7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4c01a98bfbd20c65eed3346fc042df3d |
| SHA1 | 133dbab017852c27f00076797322bde759aa0bcd |
| SHA256 | 7ed3f5f6296ecb4f8ae34056d8dd43689696081610f24035bce705670f602aed |
| SHA512 | b5f7f3896ee016372fdda290a02e455d4621423b6a565921446df782580fc5cc0093f16775909a1ebd87ef3906c9cee76402963b1aed4a3c05a1ad34852fd043 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | e4a68ac854ac5242460afd72481b2a44 |
| SHA1 | df3c24f9bfd666761b268073fe06d1cc8d4f82a4 |
| SHA256 | cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f |
| SHA512 | 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | 73a2038a8f4604894368ea1551f712bc |
| SHA1 | 5cdc2fcb8535504fe2b3b1f7e63ada9cb9530fa0 |
| SHA256 | f0bddb3544619e726c2f19bf62d5be852646434e366320edbf45bdcf4507111d |
| SHA512 | 5dccae4b0c2d6510f545c88fcc0205b97391a355becd0475f7f698832ddd90649236cd9f5bb958139badf57dbe1de9a6fc1ff23d49cfc78f5f41b9a9d1150a0f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ded7c78cd50b66fc38f97eb07f955047 |
| SHA1 | e5d89ccc78d597b1853c6bbd376a312c773e3206 |
| SHA256 | 1c70fea1811bf4582f0500d41a304b795ad8be6c29462c5b1c0e8de8062e9764 |
| SHA512 | b081bd88b8704ff9d40595356c4bb1b1cd11988646576d6f223b2b2ae7e34c5dde6f4cf021c7081f1db9b4e857b9afb82154a3f2c5d304f4c3f21af9ab27c882 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4449bdf935eb79f1e6f1983cb618d0a6 |
| SHA1 | c3d8d91f904b3f473f29fc36ad1a2f03e2293a3b |
| SHA256 | 2b225f2577bfe2a8b4936c55ea6d34b67f2b5b5a75f5b049a6336d65bf0077c2 |
| SHA512 | b2eb981d250a6417d4ca8e4701ce8401fe970fc7b840dbd80f95cabd32fb761606134ae04b9366409cb01012aae6a97e6cb1217dbdbd0f3abdd308243e75518a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 20acc842ea22484a937b7a9822432218 |
| SHA1 | 8a7b6bdd46adfcf18f79486f10f93c6f3383adfb |
| SHA256 | 3ab24c49b8d3cb3c820f934b32c68367601fb5ed7c884a2cd0b740b9709c5ec6 |
| SHA512 | faa9ea07c979006ea1eb511d0dfdaffbfe462ad10afd4a3e7337ef5f5ba024903817909038fcb8c1ea20283c96f8c47f9f6b84a7140c802256b8c28392dabf7d |
Analysis: behavioral2
Detonation Overview
Submitted
2024-05-27 12:11
Reported
2024-05-27 12:14
Platform
win10v2004-20240508-en
Max time kernel
149s
Max time network
151s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\791c4b118aedb3900c9dab1dc4a025f3_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fffffe346f8,0x7fffffe34708,0x7fffffe34718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2116,16393003111066389865,1921207070621509672,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2136 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2116,16393003111066389865,1921207070621509672,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2320 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2116,16393003111066389865,1921207070621509672,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2616 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,16393003111066389865,1921207070621509672,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3208 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,16393003111066389865,1921207070621509672,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3236 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2116,16393003111066389865,1921207070621509672,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5280 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2116,16393003111066389865,1921207070621509672,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5280 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,16393003111066389865,1921207070621509672,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4756 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,16393003111066389865,1921207070621509672,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4976 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,16393003111066389865,1921207070621509672,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5448 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,16393003111066389865,1921207070621509672,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5504 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2116,16393003111066389865,1921207070621509672,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1372 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 149.220.183.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.conscience-et-meditation.com | udp |
| DE | 51.89.27.164:80 | www.conscience-et-meditation.com | tcp |
| DE | 51.89.27.164:80 | www.conscience-et-meditation.com | tcp |
| DE | 51.89.27.164:80 | www.conscience-et-meditation.com | tcp |
| DE | 51.89.27.164:80 | www.conscience-et-meditation.com | tcp |
| DE | 51.89.27.164:80 | www.conscience-et-meditation.com | tcp |
| DE | 51.89.27.164:80 | www.conscience-et-meditation.com | tcp |
| DE | 51.89.27.164:443 | www.conscience-et-meditation.com | tcp |
| DE | 51.89.27.164:443 | www.conscience-et-meditation.com | tcp |
| DE | 51.89.27.164:443 | www.conscience-et-meditation.com | tcp |
| DE | 51.89.27.164:443 | www.conscience-et-meditation.com | tcp |
| DE | 51.89.27.164:443 | www.conscience-et-meditation.com | tcp |
| DE | 51.89.27.164:443 | www.conscience-et-meditation.com | tcp |
| US | 8.8.8.8:53 | 18.24.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 136.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 164.27.89.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 204.79.197.237:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | 217.106.137.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 237.197.79.204.in-addr.arpa | udp |
| NL | 23.62.61.113:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 57.169.31.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 113.61.62.23.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | sg-autorepondeur.com | udp |
| FR | 185.177.46.200:80 | sg-autorepondeur.com | tcp |
| US | 8.8.8.8:53 | 200.46.177.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.39.242.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 103.169.127.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | s.w.org | udp |
| FR | 142.250.75.238:80 | www.google-analytics.com | tcp |
| US | 8.8.8.8:53 | 238.75.250.142.in-addr.arpa | udp |
| FR | 142.250.75.238:445 | www.google-analytics.com | tcp |
| FR | 142.250.75.238:139 | www.google-analytics.com | tcp |
| US | 8.8.8.8:53 | 26.35.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 23.236.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 2.173.189.20.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 4158365912175436289496136e7912c2 |
| SHA1 | 813d11f772b1cfe9ceac2bf37f4f741e5e8fbe59 |
| SHA256 | 354de4b033ba6e4d85f94d91230cb8501f62e0a4e302cd4076c7e0ad73bedbd1 |
| SHA512 | 74b4f7b24ad4ea395f3a4cd8dbfae54f112a7c87bce3d286ee5161f6b63d62dfa19bb0d96bb7ed1c6d925f5697a2580c25023d5052c6a09992e6fd9dd49ea82b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | ce4c898f8fc7601e2fbc252fdadb5115 |
| SHA1 | 01bf06badc5da353e539c7c07527d30dccc55a91 |
| SHA256 | bce2dfaa91f0d44e977e0f79c60e64954a7b9dc828b0e30fbaa67dbe82f750aa |
| SHA512 | 80fff4c722c8d3e69ec4f09510779b7e3518ae60725d2d36903e606a27ec1eaedbdbfac5b662bf2c19194c572ccf0125445f22a907b329ad256e6c00b9cf032c |
\??\pipe\LOCAL\crashpad_8_NSEFFDESOIRPZKDR
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 2e4700e731d1a54e0343159cb74e3fbb |
| SHA1 | 77fb0db8145f050b581204a3ae745a7b264761c7 |
| SHA256 | 5d5b1904ca123562017e1a82cd81b5e4fe3c91628b15269a746f2d59cba6d4b3 |
| SHA512 | da63c019bb54f05be6999a470588c9e1315020ca7287fc55e20dafbaa63e34d6e58ab2cc3a457fa7ef72a604989e4a04251b65fa5c0924aca21b5232fb7240f4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | d666c70264bb25dafbd7c6765e0bc9a8 |
| SHA1 | d26e7db6c5b32edc41d8864f3d3f9aadbe7caaff |
| SHA256 | 909e98a483bd728d1227c5f367f95dc569325c7c50de3e90947ac7fc14abb44f |
| SHA512 | c3433441a6dc4c8a1194a3dfffa649cbc35ea7f0a9bbba9b8123636129a20a6e6ad709c248dc3e4ddf0288c749b3c27cc03a9adb0579f1b3da32743e5099c3df |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\0e2507e6-6193-4d20-9f60-71dad8531bb2.tmp
| MD5 | f44674dad574407646667deb9ad4ff5f |
| SHA1 | 150ed8f2e4a7d21c1e2889c0948ef940c1f429c3 |
| SHA256 | 4258e41356289d14e203c1d049945958935b3c8a0fe3c0458730dec0db9e43d0 |
| SHA512 | 9d038c16db4faafb998d032f5402191a70ed04644eee2de993d7e6eb37a901fa8851cf8efcb91835da82304a981b2d5ec3ddcdeae28597430660c06466a2b134 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 10a77c739b1db0761015025522455490 |
| SHA1 | 5f637138a5309dcfe7c230be6847465c88c8f47d |
| SHA256 | ecd63beeb6453d044a19bef47277ebabdeb6cfafb1faa4d31f7e4e07b5b5dd34 |
| SHA512 | 9c4443eb6d9b110f1431eca48fb6ac3af88f1e500b19df905490735d479f0fe8b82ce174f8d6be5609a81a0a13bc35774eda8bc21b49af6b09b7a12b4f0268b4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 206702161f94c5cd39fadd03f4014d98 |
| SHA1 | bd8bfc144fb5326d21bd1531523d9fb50e1b600a |
| SHA256 | 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167 |
| SHA512 | 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 6ba4ec3011384709e075c70aa72f9cb3 |
| SHA1 | 0f83181c8e9b62ffd802a73d49148d55c31ae5f6 |
| SHA256 | 5f39bed8b4e88fb97ba2c802126441bb302983cea9b8f96b893921b3384a785e |
| SHA512 | 2c7278555c9fff78cae780e1dc062f52cd52c1bbeeaf742a08e40366d0754f511bb8025ece149fe14149fc104c99e6f11b7b9bf0731d13f310e4dc6c6745d8d7 |