Analysis Overview
SHA256
a630193d61194f0c877212344d32876d059a4004472777363dc77062cfa8ab17
Threat Level: No (potentially) malicious behavior was detected
The file 7a184fe527f201053e16808528c251bd_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Enumerates system info in registry
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of SendNotifyMessage
Modifies Internet Explorer settings
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-05-27 18:30
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-05-27 18:30
Reported
2024-05-27 18:33
Platform
win7-20240508-en
Max time kernel
121s
Max time network
127s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{3F68EC21-1C57-11EF-A4F7-5A451966104F} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "422996520" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000760f6fb6d7365248881a38bcea68cf8b000000000200000000001066000000010000200000006a036c13c730b9fd86aa695ed8748b16b885d5717183ac9fa474ad1c2234f43c000000000e80000000020000200000003da325b1b583b152f16bf5c01e1a0b3e797c113aaa4f4cc895e27d7f253ea8af20000000897e0d6865a4d1b43d276d1a82ba9ab89df7d699e14804e661acbff653da0e7d400000001c8cee0b86323d7996e347ce798e06796ec6ce16c851b0fcf5b99188c398ffed8270dc48144183f0ca8aeb44604ae00e87aa879cc57d683c3ccb8c0ae0b0e6ed | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000760f6fb6d7365248881a38bcea68cf8b0000000002000000000010660000000100002000000080c38fd2c0f655d70e69ba4d9f17bbfccaf331e850a4991f510c19860ac5ecac000000000e8000000002000020000000c6bf4dbf197de2b138dc4eb5dd32a43c15243ea2208e13fa6bb0ee21e886cbbf90000000eebd8f80895d9654b486653a012bc25991aec77634fbb15a88ff235c0cf9a153ad4146b3dc3486720af49784a5f7399871b903a7b721e944328acd56296cb64824ba03c1aeb274e99e14ef2557f66bc09efc91465c569992d2001f4f580a65c4bbd1a06483dec84e61bf75a0d59f20a5383a606ec61630107b660026c1444e9145230a536ca523bc72f1ae0c19a152e340000000317179347e0c3e093ae6ed065dec12745a9e7c116f6c6673b077037a6a75a440cba8ffa7a248f4ebe766fb89dd2ac170bcb0370604dcfdeb465d69f90fd533ea | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 807ef11464b0da01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 1252 wrote to memory of 2080 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1252 wrote to memory of 2080 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1252 wrote to memory of 2080 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1252 wrote to memory of 2080 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\7a184fe527f201053e16808528c251bd_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1252 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | buro075.nl | udp |
| NL | 84.244.165.144:80 | buro075.nl | tcp |
| NL | 84.244.165.144:80 | buro075.nl | tcp |
| NL | 84.244.165.144:80 | buro075.nl | tcp |
| NL | 84.244.165.144:80 | buro075.nl | tcp |
| FR | 216.58.215.42:80 | fonts.googleapis.com | tcp |
| FR | 216.58.215.42:80 | fonts.googleapis.com | tcp |
| NL | 84.244.165.144:80 | buro075.nl | tcp |
| NL | 84.244.165.144:80 | buro075.nl | tcp |
| NL | 84.244.165.144:443 | buro075.nl | tcp |
| NL | 84.244.165.144:443 | buro075.nl | tcp |
| NL | 84.244.165.144:443 | buro075.nl | tcp |
| NL | 84.244.165.144:443 | buro075.nl | tcp |
| NL | 84.244.165.144:443 | buro075.nl | tcp |
| NL | 84.244.165.144:443 | buro075.nl | tcp |
| NL | 84.244.165.144:443 | buro075.nl | tcp |
| NL | 84.244.165.144:443 | buro075.nl | tcp |
| NL | 84.244.165.144:443 | buro075.nl | tcp |
| NL | 84.244.165.144:443 | buro075.nl | tcp |
| NL | 84.244.165.144:443 | buro075.nl | tcp |
| NL | 84.244.165.144:443 | buro075.nl | tcp |
| NL | 84.244.165.144:443 | buro075.nl | tcp |
| NL | 84.244.165.144:443 | buro075.nl | tcp |
| NL | 84.244.165.144:443 | buro075.nl | tcp |
| NL | 84.244.165.144:443 | buro075.nl | tcp |
| NL | 84.244.165.144:443 | buro075.nl | tcp |
| NL | 84.244.165.144:443 | buro075.nl | tcp |
| NL | 84.244.165.144:443 | buro075.nl | tcp |
| NL | 84.244.165.144:443 | buro075.nl | tcp |
| NL | 84.244.165.144:443 | buro075.nl | tcp |
| NL | 84.244.165.144:443 | buro075.nl | tcp |
| NL | 84.244.165.144:443 | buro075.nl | tcp |
| NL | 84.244.165.144:443 | buro075.nl | tcp |
| NL | 84.244.165.144:443 | buro075.nl | tcp |
| NL | 84.244.165.144:443 | buro075.nl | tcp |
| NL | 84.244.165.144:443 | buro075.nl | tcp |
| NL | 84.244.165.144:80 | buro075.nl | tcp |
| NL | 84.244.165.144:80 | buro075.nl | tcp |
| NL | 84.244.165.144:80 | buro075.nl | tcp |
| NL | 84.244.165.144:443 | buro075.nl | tcp |
| NL | 84.244.165.144:443 | buro075.nl | tcp |
| NL | 84.244.165.144:443 | buro075.nl | tcp |
| NL | 84.244.165.144:443 | buro075.nl | tcp |
| NL | 84.244.165.144:443 | buro075.nl | tcp |
| NL | 84.244.165.144:443 | buro075.nl | tcp |
| NL | 84.244.165.144:443 | buro075.nl | tcp |
| NL | 84.244.165.144:443 | buro075.nl | tcp |
| NL | 84.244.165.144:443 | buro075.nl | tcp |
| NL | 84.244.165.144:443 | buro075.nl | tcp |
| NL | 84.244.165.144:443 | buro075.nl | tcp |
| NL | 84.244.165.144:443 | buro075.nl | tcp |
| NL | 84.244.165.144:443 | buro075.nl | tcp |
| NL | 84.244.165.144:443 | buro075.nl | tcp |
| NL | 84.244.165.144:443 | buro075.nl | tcp |
| NL | 84.244.165.144:443 | buro075.nl | tcp |
| NL | 84.244.165.144:443 | buro075.nl | tcp |
| NL | 84.244.165.144:443 | buro075.nl | tcp |
| NL | 84.244.165.144:443 | buro075.nl | tcp |
| NL | 84.244.165.144:443 | buro075.nl | tcp |
| NL | 84.244.165.144:443 | buro075.nl | tcp |
| NL | 84.244.165.144:443 | buro075.nl | tcp |
| NL | 84.244.165.144:443 | buro075.nl | tcp |
| NL | 84.244.165.144:443 | buro075.nl | tcp |
| NL | 84.244.165.144:443 | buro075.nl | tcp |
| NL | 84.244.165.144:443 | buro075.nl | tcp |
| NL | 84.244.165.144:443 | buro075.nl | tcp |
| NL | 84.244.165.144:443 | buro075.nl | tcp |
| NL | 84.244.165.144:443 | buro075.nl | tcp |
| NL | 84.244.165.144:443 | buro075.nl | tcp |
| NL | 84.244.165.144:443 | buro075.nl | tcp |
| NL | 84.244.165.144:443 | buro075.nl | tcp |
| NL | 84.244.165.144:443 | buro075.nl | tcp |
| NL | 84.244.165.144:443 | buro075.nl | tcp |
| NL | 84.244.165.144:443 | buro075.nl | tcp |
| NL | 84.244.165.144:443 | buro075.nl | tcp |
| NL | 84.244.165.144:443 | buro075.nl | tcp |
| NL | 84.244.165.144:443 | buro075.nl | tcp |
| NL | 84.244.165.144:443 | buro075.nl | tcp |
| NL | 84.244.165.144:443 | buro075.nl | tcp |
| NL | 84.244.165.144:443 | buro075.nl | tcp |
| NL | 84.244.165.144:443 | buro075.nl | tcp |
| NL | 84.244.165.144:443 | buro075.nl | tcp |
| NL | 84.244.165.144:443 | buro075.nl | tcp |
| NL | 84.244.165.144:443 | buro075.nl | tcp |
| NL | 84.244.165.144:443 | buro075.nl | tcp |
| NL | 84.244.165.144:443 | buro075.nl | tcp |
| NL | 84.244.165.144:443 | buro075.nl | tcp |
| NL | 84.244.165.144:443 | buro075.nl | tcp |
| NL | 84.244.165.144:443 | buro075.nl | tcp |
| NL | 84.244.165.144:443 | buro075.nl | tcp |
| NL | 84.244.165.144:443 | buro075.nl | tcp |
| NL | 84.244.165.144:443 | buro075.nl | tcp |
| NL | 84.244.165.144:443 | buro075.nl | tcp |
| NL | 84.244.165.144:443 | buro075.nl | tcp |
| NL | 84.244.165.144:443 | buro075.nl | tcp |
| NL | 84.244.165.144:443 | buro075.nl | tcp |
| NL | 84.244.165.144:443 | buro075.nl | tcp |
| NL | 84.244.165.144:443 | buro075.nl | tcp |
| NL | 84.244.165.144:443 | buro075.nl | tcp |
| NL | 84.244.165.144:443 | buro075.nl | tcp |
| NL | 84.244.165.144:443 | buro075.nl | tcp |
| NL | 84.244.165.144:80 | buro075.nl | tcp |
| NL | 84.244.165.144:443 | buro075.nl | tcp |
| NL | 84.244.165.144:443 | buro075.nl | tcp |
| NL | 84.244.165.144:443 | buro075.nl | tcp |
| NL | 84.244.165.144:443 | buro075.nl | tcp |
| NL | 84.244.165.144:443 | buro075.nl | tcp |
| NL | 84.244.165.144:443 | buro075.nl | tcp |
| NL | 84.244.165.144:443 | buro075.nl | tcp |
| NL | 84.244.165.144:443 | buro075.nl | tcp |
| NL | 84.244.165.144:443 | buro075.nl | tcp |
| NL | 84.244.165.144:443 | buro075.nl | tcp |
| NL | 84.244.165.144:443 | buro075.nl | tcp |
| NL | 84.244.165.144:443 | buro075.nl | tcp |
| NL | 84.244.165.144:443 | buro075.nl | tcp |
| NL | 84.244.165.144:80 | buro075.nl | tcp |
| NL | 84.244.165.144:80 | buro075.nl | tcp |
| NL | 84.244.165.144:80 | buro075.nl | tcp |
| NL | 84.244.165.144:443 | buro075.nl | tcp |
| NL | 84.244.165.144:443 | buro075.nl | tcp |
| NL | 84.244.165.144:80 | buro075.nl | tcp |
| NL | 84.244.165.144:80 | buro075.nl | tcp |
| NL | 84.244.165.144:443 | buro075.nl | tcp |
| NL | 84.244.165.144:443 | buro075.nl | tcp |
| NL | 84.244.165.144:443 | buro075.nl | tcp |
| NL | 84.244.165.144:443 | buro075.nl | tcp |
| NL | 84.244.165.144:443 | buro075.nl | tcp |
| NL | 84.244.165.144:443 | buro075.nl | tcp |
| NL | 84.244.165.144:443 | buro075.nl | tcp |
| NL | 84.244.165.144:443 | buro075.nl | tcp |
| NL | 84.244.165.144:443 | buro075.nl | tcp |
| NL | 84.244.165.144:443 | buro075.nl | tcp |
| NL | 84.244.165.144:443 | buro075.nl | tcp |
| NL | 84.244.165.144:443 | buro075.nl | tcp |
| NL | 84.244.165.144:443 | buro075.nl | tcp |
| NL | 84.244.165.144:443 | buro075.nl | tcp |
| NL | 84.244.165.144:443 | buro075.nl | tcp |
| NL | 84.244.165.144:443 | buro075.nl | tcp |
| NL | 84.244.165.144:443 | buro075.nl | tcp |
| NL | 84.244.165.144:443 | buro075.nl | tcp |
| NL | 84.244.165.144:443 | buro075.nl | tcp |
| NL | 84.244.165.144:443 | buro075.nl | tcp |
| NL | 84.244.165.144:443 | buro075.nl | tcp |
| NL | 84.244.165.144:443 | buro075.nl | tcp |
| NL | 84.244.165.144:443 | buro075.nl | tcp |
| NL | 84.244.165.144:443 | buro075.nl | tcp |
| NL | 84.244.165.144:443 | buro075.nl | tcp |
| NL | 84.244.165.144:443 | buro075.nl | tcp |
| NL | 84.244.165.144:443 | buro075.nl | tcp |
| NL | 84.244.165.144:443 | buro075.nl | tcp |
| NL | 84.244.165.144:443 | buro075.nl | tcp |
| NL | 84.244.165.144:443 | buro075.nl | tcp |
| NL | 84.244.165.144:443 | buro075.nl | tcp |
| NL | 84.244.165.144:443 | buro075.nl | tcp |
| NL | 84.244.165.144:443 | buro075.nl | tcp |
| NL | 84.244.165.144:443 | buro075.nl | tcp |
| NL | 84.244.165.144:443 | buro075.nl | tcp |
| NL | 84.244.165.144:443 | buro075.nl | tcp |
| NL | 84.244.165.144:443 | buro075.nl | tcp |
| NL | 84.244.165.144:443 | buro075.nl | tcp |
| NL | 84.244.165.144:443 | buro075.nl | tcp |
| NL | 84.244.165.144:443 | buro075.nl | tcp |
| NL | 84.244.165.144:443 | buro075.nl | tcp |
| NL | 84.244.165.144:443 | buro075.nl | tcp |
| NL | 84.244.165.144:443 | buro075.nl | tcp |
| NL | 84.244.165.144:443 | buro075.nl | tcp |
| NL | 84.244.165.144:443 | buro075.nl | tcp |
| NL | 84.244.165.144:443 | buro075.nl | tcp |
| NL | 84.244.165.144:443 | buro075.nl | tcp |
| NL | 84.244.165.144:443 | buro075.nl | tcp |
| NL | 84.244.165.144:443 | buro075.nl | tcp |
| NL | 84.244.165.144:443 | buro075.nl | tcp |
| NL | 84.244.165.144:443 | buro075.nl | tcp |
| NL | 84.244.165.144:443 | buro075.nl | tcp |
| NL | 84.244.165.144:443 | buro075.nl | tcp |
| NL | 84.244.165.144:443 | buro075.nl | tcp |
| NL | 84.244.165.144:443 | buro075.nl | tcp |
| NL | 84.244.165.144:443 | buro075.nl | tcp |
| NL | 84.244.165.144:443 | buro075.nl | tcp |
| NL | 84.244.165.144:443 | buro075.nl | tcp |
| NL | 84.244.165.144:443 | buro075.nl | tcp |
| NL | 84.244.165.144:443 | buro075.nl | tcp |
| NL | 84.244.165.144:443 | buro075.nl | tcp |
| NL | 84.244.165.144:443 | buro075.nl | tcp |
| NL | 84.244.165.144:443 | buro075.nl | tcp |
| NL | 84.244.165.144:443 | buro075.nl | tcp |
| NL | 84.244.165.144:443 | buro075.nl | tcp |
| NL | 84.244.165.144:443 | buro075.nl | tcp |
| NL | 84.244.165.144:443 | buro075.nl | tcp |
| NL | 84.244.165.144:443 | buro075.nl | tcp |
| NL | 84.244.165.144:443 | buro075.nl | tcp |
| NL | 84.244.165.144:443 | buro075.nl | tcp |
| NL | 84.244.165.144:443 | buro075.nl | tcp |
| NL | 84.244.165.144:443 | buro075.nl | tcp |
| NL | 84.244.165.144:443 | buro075.nl | tcp |
| NL | 84.244.165.144:443 | buro075.nl | tcp |
| NL | 84.244.165.144:443 | buro075.nl | tcp |
| NL | 84.244.165.144:443 | buro075.nl | tcp |
| NL | 84.244.165.144:443 | buro075.nl | tcp |
| NL | 84.244.165.144:443 | buro075.nl | tcp |
| NL | 84.244.165.144:443 | buro075.nl | tcp |
| NL | 84.244.165.144:443 | buro075.nl | tcp |
| NL | 84.244.165.144:443 | buro075.nl | tcp |
| NL | 84.244.165.144:443 | buro075.nl | tcp |
| NL | 84.244.165.144:443 | buro075.nl | tcp |
| NL | 84.244.165.144:443 | buro075.nl | tcp |
| NL | 84.244.165.144:443 | buro075.nl | tcp |
| NL | 84.244.165.144:443 | buro075.nl | tcp |
| NL | 84.244.165.144:443 | buro075.nl | tcp |
| NL | 84.244.165.144:443 | buro075.nl | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IO0LJX84\wpml-language-switcher[1].htm
| MD5 | 4f8e702cc244ec5d4de32740c0ecbd97 |
| SHA1 | 3adb1f02d5b6054de0046e367c1d687b6cdf7aff |
| SHA256 | 9e17cb15dd75bbbd5dbb984eda674863c3b10ab72613cf8a39a00c3e11a8492a |
| SHA512 | 21047fea5269fee75a2a187aa09316519e35068cb2f2f76cfaf371e5224445e9d5c98497bd76fb9608d2b73e9dac1a3f5bfadfdc4623c479d53ecf93d81d3c9f |
C:\Users\Admin\AppData\Local\Temp\Cab3B2F.tmp
| MD5 | 29f65ba8e88c063813cc50a4ea544e93 |
| SHA1 | 05a7040d5c127e68c25d81cc51271ffb8bef3568 |
| SHA256 | 1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184 |
| SHA512 | e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa |
C:\Users\Admin\AppData\Local\Temp\Tar3B90.tmp
| MD5 | 435a9ac180383f9fa094131b173a2f7b |
| SHA1 | 76944ea657a9db94f9a4bef38f88c46ed4166983 |
| SHA256 | 67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34 |
| SHA512 | 1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 38cac1ca746a7746884b97378e266407 |
| SHA1 | 2ecce810896b5ab0efa4ddc6a32c6e0f046da857 |
| SHA256 | 384d5b34f03dd61acb72fbd96ec64ab187d1559ae65cacaceee219520f81eb3b |
| SHA512 | a4a06360dec05e382d92d97cda343120013d4f380effd085b5b51c7c74fe0fb6badd31b5300f13a906376bd0b8998edb94d6c8bd6ab8e36276a636a7c5b9906a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | fd590b69feab4ffc8f72111b87398192 |
| SHA1 | 4a216e10af50d081bbe348150ec6ec9b1e5fbf6f |
| SHA256 | 1223bfc254a1f9381ca79b5d210c5ce85381425de4554d1bddb499faf7ac8ea2 |
| SHA512 | 345d1cb9db1bfd440f2034fade87e6ce65acdaf9210a04066f8f2d671c1262ec07a5da9d2123150efd92b0f3ad26145d38bda13732663b6a8255d0221f94727e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 13b63e860cda01ecd0933abcafbc7b78 |
| SHA1 | 6471c9b4bb318e829d174f50b0bd4759137ad54a |
| SHA256 | 339bd189958d999b8f45f34919c525ecfdc65a212098695ee5c89ea9188212c7 |
| SHA512 | 588ad27c15c47f09e0ce9f4c552ec93092a1da92de960ac42a19f497822369649323c57e5bf8c9a87c44a18021a49678248b4c5e54b1919572030fb9cfab06db |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f4d0c046b7fbb4c9f4c42c3459962b90 |
| SHA1 | ac62f7697f996bc87efe8fecfb72ea49534fbb5f |
| SHA256 | feef84e400d5b03ca323bd40010aeba23071b93d0893c5adcdf238c0abad4329 |
| SHA512 | c1bbe4aeaaa8969407f6cec3d0a850c56d5ae31a4c516103e21d57d80f22ab9c01f783092f6b84410b342d75c814e30870b1b683167a99bffc40cc55d9803ac2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6cf89bcc550808aa99de41ae115184da |
| SHA1 | 995cf8b422c17702cdea71830a3a725e43a5070f |
| SHA256 | 6dae0ae3ecedb35e800c02bf702105444f970513dc392da0f65ea5a01b234ad8 |
| SHA512 | fc473574c8ec0fb55ea28170fd47c10d02809b57435cdf05e26189bfe83c5dbee24da5aac6f13365311f257a2489dc6efa92a82ebfd2e373d647b4aa07bd3f85 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5236abeefdd8083c1136b227d4ff4b93 |
| SHA1 | 9eb8568c0e91e7516d16eca4d78c5a7d138b302f |
| SHA256 | 6e2bf90123ed62f653508f21b5f98cf30e91ff75850c05aa0ce3fe52b4ab5169 |
| SHA512 | cc2835e857c1c1312ae22229147b12ff67644d3d44864fb858e36a9ddfb2c7e60c6d2139dc5d3571e3da9b12b1bdc8c6cb2a5560fb23ab075a9957bf10950515 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 64f3952ed2a4b5ab96928d95a573277b |
| SHA1 | 5b905e87b1f1b83071e79b9a1a8a17613c1241cf |
| SHA256 | b24dc0f64239f4487cc41d5bbfd0eecb81775049b0b853bf4f85bd964eca5197 |
| SHA512 | 3f3cb7af92d6b14fab439a4e1a2874ae2224b66d0ab24df313bbdff58ee8f1e6fe6060e1e3795b8fd5ec429a572b91a31fc5ca22912696544637dba8e80129cd |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 350f98eb8a5c557396d1a123d38d0b8e |
| SHA1 | e312084f9e2051d9b5f0f3776ba64c8651c2fc8f |
| SHA256 | adb14dc2b91607d1a4a8bf9c56c294025d3e1aa81cd4fc442ce882546e6cf924 |
| SHA512 | 24a84649e2e3e489750309a170663554e99ee37bd2c616692adb2a16278b87d7691ddb585badf4f98ea36160d04728ea7e6952dcdcc0024a99ceb15ad30c1051 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 34850d9d363f92601f93a65e98d3d997 |
| SHA1 | 22a3355d53af0dd70a43204bd11635efde1c07db |
| SHA256 | e2457ee293b6f911892a3d32ad8dcfecd3053ad8b72e5ba236548ccdd14595bc |
| SHA512 | 6b32f95f224b3a9196d8d2b041780c131433d6c2fde360403a021e274f9f80f13fbb13ef95a8c0a4a8e6d53bdfe27a657028f53ba18c85ea943bab6522ee6a94 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7a9cc0ce2d8aa27c0c79aaffb4289d90 |
| SHA1 | 3325ae43191aaae522ac8f0c4404c1ca652e9b20 |
| SHA256 | 24a10b1e964ed853a70b0cec6952cb159292930b4813d4e8dc88bde53592dd30 |
| SHA512 | bfda8b58e176ab0e7a0ad0e696c6e7f5f15bc6a44de1439fa9a7bdb0ec4e9d3318217dc18d95852c743515825f5c49b33f69d63890646415637d6012c19eebec |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7a2ef2384eff5ff12d01b507580fb4d0 |
| SHA1 | a63eadf6ffd2682033f0a03a9ddd4c9387371d4b |
| SHA256 | 02713add57ca2293b70f45af052243c635804ba0a11d74f8b961d7f625baa9cb |
| SHA512 | a05d03eaa23e0253529b51c149e0dad979362e14b53906ed1da9d951f3e5321d9816d4a641e0324e34d2e1b074bc68b18469e74bd92023455e9b00280d2d3f39 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b93174d366360cc5ed9fd2dfbe3a2f69 |
| SHA1 | 258215bf1676ff8a198f22ca3596fa250904b589 |
| SHA256 | 04c9239d22efc019f4e1f2507ebef85109b790109333f2f3d35bff2429a00754 |
| SHA512 | 2d96ad952fc670ad7da2098b323aa034a488312fd0aa2f563fa16bf86d47b9accbb21acf2b6e0a0f327e169d9b6f2a62c656ef6cb997aa47416ccb263fd95b7d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ae135c4bacb5e6615f1e774f05d717cd |
| SHA1 | 61c4c1a61e04a0224bb470cb5297ed6186c5573c |
| SHA256 | 67835b74ccc9a99ab2ce09fe351fded8f2472117c74371229de8064de950a75f |
| SHA512 | 4ef80e3402a5259c289586e4ddf8b15e4907b1171d97a14507d939917ee9fc7058992e2cfefecb32b8e9ddd6ffbd333af6d287f670072a7c653f48d09a4d3e78 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ce64185bfb7650125869d13137bc9c93 |
| SHA1 | 79a9a09a325bbe83b1a476364e51f7a32d5fd126 |
| SHA256 | b91229142f1be129e6250250cc40c65858c85c5f86c93897d25ddceac46a0e60 |
| SHA512 | e01166363bfc945b7bf8bfdfac63f4394a31c4bfefd41876676fc63135830deec7bc5b8df77c6d91f5e1faf45c35aefa213214ecca283f2140d8ce91ff2983be |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1e233f250cbf064517651518f7b094f0 |
| SHA1 | 91fbdd10e722ff261df8926a07481fe83970f736 |
| SHA256 | c3f8758d45d0f10385aecba59f194eb7390bd4e5f9c20266119655506f5f1cb1 |
| SHA512 | d305b9459a71b2973eedb73cfb46662dcf3c7262cfcdc3ebfb2a92681cb2e0ba1e11f5a61d6de5a83ee1b745b815701f7ec796cf7f320e8508974471c998c957 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | bac2d994aa240f896db8c95225566fa9 |
| SHA1 | d5fc07a6ee7426a966baebfd51b653e4a4215a7f |
| SHA256 | a6ff2b1ae8ae41c2bf6f318fc65afc0d2b167f62058c5d19b74e890753d77bd6 |
| SHA512 | 44be5a6c88a6976267789e8e8bd800d38b8e2f50dbf1ee00ac93ee253f3f9513d79c5d945799dd3c5e0d495d6f734ad60e593d1866a366281bb220cd33017cf8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0ce12b131b70d6a7d062ccc1e4aef8ba |
| SHA1 | fea377a175fa327de9813dcd1dc32f8017ced14c |
| SHA256 | 4e6706d0169be05940b092a6b186b5fccae108dff27daeb36f8c209dd3bf2035 |
| SHA512 | 5e3218b28fa1534ac64b66eeef36bb2cebf21639026ee7d8e7a9ed75b6e5c72c8f5bb9b3e4b472169b6462a0c2080463d3c53cdc0a2afd151d925356ea08b56d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 78b998fd02f8dffa770c1d79bf6bf2af |
| SHA1 | b9c79404ae2f9e9d17345d82d256887bcc96f296 |
| SHA256 | 66c4b32583b28545f9523b2e0073b507fc2e2ec547fdb46747ebb96c30e492e6 |
| SHA512 | 0731929d6179be65cdea660603a2f030860d5f4c8bb653314c63dc45c156e73436e61a3ba65da4df98c9a416ccb73a0c7941d53736ca44eda29a90034b69442d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 46b1f6ece1acf1621da1ca6413e08572 |
| SHA1 | 99c73e17ad82836cef5336a21474c1f7e225a434 |
| SHA256 | 65abd29d3fa53c1f331426c4c231788c202948ca44fa53434be3dfdce2041580 |
| SHA512 | 4c6734472eba73378028486462ddcfb21250493d83febbe494a430ec3a82284141230cb0ca0cf080941d97ec377177e25c32ea889d4d2bbc93f2f300250f6e1a |
Analysis: behavioral2
Detonation Overview
Submitted
2024-05-27 18:30
Reported
2024-05-27 18:33
Platform
win10v2004-20240426-en
Max time kernel
145s
Max time network
144s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\7a184fe527f201053e16808528c251bd_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff92b3a46f8,0x7ff92b3a4708,0x7ff92b3a4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2200,7264944641922411082,16154311690644676712,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2228 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2200,7264944641922411082,16154311690644676712,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2284 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2200,7264944641922411082,16154311690644676712,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2888 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,7264944641922411082,16154311690644676712,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3260 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,7264944641922411082,16154311690644676712,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2200,7264944641922411082,16154311690644676712,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6004 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2200,7264944641922411082,16154311690644676712,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6004 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,7264944641922411082,16154311690644676712,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5684 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,7264944641922411082,16154311690644676712,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5128 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,7264944641922411082,16154311690644676712,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3312 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,7264944641922411082,16154311690644676712,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3404 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2200,7264944641922411082,16154311690644676712,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5736 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | buro075.nl | udp |
| NL | 84.244.165.144:80 | buro075.nl | tcp |
| NL | 84.244.165.144:80 | buro075.nl | tcp |
| NL | 84.244.165.144:80 | buro075.nl | tcp |
| NL | 84.244.165.144:80 | buro075.nl | tcp |
| NL | 84.244.165.144:80 | buro075.nl | tcp |
| NL | 84.244.165.144:80 | buro075.nl | tcp |
| FR | 216.58.215.42:80 | fonts.googleapis.com | tcp |
| NL | 84.244.165.144:443 | buro075.nl | tcp |
| NL | 84.244.165.144:443 | buro075.nl | tcp |
| NL | 84.244.165.144:443 | buro075.nl | tcp |
| NL | 84.244.165.144:443 | buro075.nl | tcp |
| NL | 84.244.165.144:443 | buro075.nl | tcp |
| NL | 84.244.165.144:443 | buro075.nl | tcp |
| FR | 216.58.214.67:80 | fonts.gstatic.com | tcp |
| US | 8.8.8.8:53 | 228.249.119.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 73.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 144.165.244.84.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 42.215.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 67.214.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.buro075.nl | udp |
| NL | 84.244.165.144:443 | www.buro075.nl | tcp |
| FR | 216.58.214.67:80 | fonts.gstatic.com | tcp |
| FR | 216.58.214.67:80 | fonts.gstatic.com | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 28.118.140.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 157.123.68.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.39.242.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 22.236.111.52.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | f53207a5ca2ef5c7e976cbb3cb26d870 |
| SHA1 | 49a8cc44f53da77bb3dfb36fc7676ed54675db43 |
| SHA256 | 19ab4e3c9da6d9cedda7461efdba9a2085e743513ab89f1dd0fd5a8f9486ad23 |
| SHA512 | be734c7e8afda19f445912aef0d78f9941add29baebd4a812bff27f10a1d78b52aeb11c551468c8644443c86e1a2a6b2e4aead3d7f81d39925e3c20406ac1499 |
\??\pipe\LOCAL\crashpad_4744_FOONNBSRJGFXIQMW
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | ae54e9db2e89f2c54da8cc0bfcbd26bd |
| SHA1 | a88af6c673609ecbc51a1a60dfbc8577830d2b5d |
| SHA256 | 5009d3c953de63cfd14a7d911156c514e179ff07d2b94382d9caac6040cb72af |
| SHA512 | e3b70e5eb7321b9deca6f6a17424a15b9fd5c4008bd3789bd01099fd13cb2f4a2f37fe4b920fb51c50517745b576c1f94df83efd1a7e75949551163985599998 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 9ab416163b79860ae2819edf30912fdb |
| SHA1 | 1c7267eca234e975c92c321c90d6173297c50ab4 |
| SHA256 | c14201517bd5b57fc8020336d0c24deb27fb7c9463512ed5afc713aacd6bc886 |
| SHA512 | 0ada2c8b82e086e35dcc20134a3dff612c057ee50fe7246282429d90015a296a1b777e9f041d4dc5aaf93c95d077487a87936c6e6836d3f426a9a85e845627c9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | e66d25291e2aad06bf1d6263fbe65f06 |
| SHA1 | c26f524480d7e64f941dbb6a7b567fb58685ef14 |
| SHA256 | c14c3ea7484b2cc3c24a31adbbcc6074f01ef72189d996c7831a34835a228e24 |
| SHA512 | 70d49f5e5191336772b6b59afa74763f04b61333322e27df1f2c04828afda02bddaa713c920c5c9b7adeb48ac3bea554dcc7c99cb67ad49619ce97b9b30de169 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 2c96f0d36c92febae56e1c029aee9fcd |
| SHA1 | e0116d303f6409baed07217016dfc9be709c7da6 |
| SHA256 | 5ca0248363bf6094791fd0bea2f6b9d670b920c1e985229b56636d475eff83e0 |
| SHA512 | d0ec0fc341accb1644f252321f80269a992af62295a7a6c4eecbbcf9d5be6cd9a9a9b2558df8fd666a9ff8b8ebda11706b78d123dd318c10c4e8d48c317545c2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 1755250d31bb8da01d8d82457ec2058b |
| SHA1 | 8bbfc9d85281fd9811df16b7be1034a7f0e5ac98 |
| SHA256 | b55dbc53d12d453896795bc0a0147781e4a00624d4dd5365f8069a2446be9aed |
| SHA512 | e136fc2dcfdd087e538d596d7f088885b00fb07bea67818706b43af9b24bd01a564edeb1fcc3c42b24ba4d062d5eed37988e94954a40a297e527efdec0368ccd |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | efb3e41ddcb00d4e436d59962fe73c4d |
| SHA1 | 4b9f2cbd664cf2136cd6966774f9ee04b4efa46a |
| SHA256 | edc776d59064e412098066a07cba55cbabb1e7d18534e1292d34003961ad3bb6 |
| SHA512 | 85a53139125a0e589b222ebee00d1c593eb24c8059b9f3f86196f8ef346cf7fc988493bb6f5cebf7aec2d0debc5017eff291b04e8aa37180d1ec5a6e2bb362ba |