Analysis Overview
SHA256
027c6183400ddbb1abed5668b2bb951288e2eeac7bdc9f67ad4163b70ca02a97
Threat Level: No (potentially) malicious behavior was detected
The file 7e48d23753c5b89a9a4f81aa78fb8754_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Modifies Internet Explorer settings
Suspicious use of SetWindowsHookEx
Enumerates system info in registry
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of SendNotifyMessage
Suspicious use of FindShellTrayWindow
Suspicious use of WriteProcessMemory
Suspicious behavior: EnumeratesProcesses
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-05-28 20:24
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-05-28 20:24
Reported
2024-05-28 20:27
Platform
win7-20240215-en
Max time kernel
121s
Max time network
133s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{58994C61-1D30-11EF-9DE9-520ACD40185F} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423089764" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000112830a48ab45d41bc1e83ae279c3b7e0000000002000000000010660000000100002000000095f7b4489439102bc63e0b4f9800906f7a20bb6cda5654f16253d0d1f445b291000000000e8000000002000020000000d898fb0859fc575b336bc3b1f36a4542a032d86178896b988afa3026e621c4a920000000bd243259c9f9ed8f11e13310826b8609c6e176d5dfff0386882658933832a5e940000000e7c9c95d8f73f61db1aed61926f1bdf5c907f7960ecf4fe8ac833f926c1bca9a1049298ab7c6b3c6f756fca3674fdcc46cc71c033413ef0a88dc41a672b18ce8 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000112830a48ab45d41bc1e83ae279c3b7e000000000200000000001066000000010000200000004c9c0f865316f61a453a2e486513c2aca2027a8d72b78ade4d9bab5dc202572d000000000e8000000002000020000000512235b6b7cc6fd37787617bb7c374925e996a0eadd860d1985eae7e2203c35690000000f8e32a0f9c60974781eeb2b847e0a918f58346a1992be7e1beeb307b4e0da87eac191c2730affb8d9acf2fe5d8d4e547914a674b8ef7f134fbd649494650cee803459dff399c807533f0c06ee34cc7c5786ef2cffae27addb9edcde0447b9ae717ec8a24fcd19d35b22926b50e9537708427e30042bd40437f8f3c42fa6c8e689a37a5172f0a782b3b4b6e9e7e17cb1c40000000c4cf9bdaa3981f8adef755c920e47921ff87ff8fe9bf3c23c9ffe7f3aefb2f721dc66b6f88a93e38ed82541981aacffcf2f59182b7cd6dbe4f565b2c9c8d65df | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = a0c2d81c3db1da01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2944 wrote to memory of 2616 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2944 wrote to memory of 2616 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2944 wrote to memory of 2616 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2944 wrote to memory of 2616 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\7e48d23753c5b89a9a4f81aa78fb8754_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2944 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.blogger.com | udp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| FR | 142.250.179.73:443 | www.blogger.com | tcp |
| FR | 142.250.179.73:443 | www.blogger.com | tcp |
| FR | 142.250.178.142:443 | apis.google.com | tcp |
| FR | 142.250.178.142:443 | apis.google.com | tcp |
| FR | 142.250.179.73:443 | www.blogger.com | tcp |
| US | 8.8.8.8:53 | bit.ly | udp |
| US | 67.199.248.10:443 | bit.ly | tcp |
| US | 67.199.248.10:443 | bit.ly | tcp |
| US | 67.199.248.10:443 | bit.ly | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
| MD5 | 91d1a9d489736610d91ba0c783745e5d |
| SHA1 | d7effa412880636c17e6e5f86f1978835980694f |
| SHA256 | 51fdce859b53035fa4c5b5c1e0a2b76ad9090d23da467387f3c1fc5b9c10e897 |
| SHA512 | 3bbca7affbc3e2e33db7e9d7ac3675006a9f2e34de258ed493f0d12d42bd3d0916cb47296da9e7efe3f8848253495b093f790c0c2ca72cf7f3a59daf1cf1ffdf |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA
| MD5 | e5cfe86e78160ae9b866f487002d47f8 |
| SHA1 | 74c7a260ec5d4ca0a28d38220a3168f59c4a12ba |
| SHA256 | 882ad8a0829599c254894478e4087cf29472145a25ef4b4becc8415d32e9108c |
| SHA512 | 7f73c4c58cfa355136fad7093c668d99dc8fce0b75ee7a2c18769440ea0b3dd5dd53376a0dbe3ef44c6384268dd3303cdce286ff294162a6d1fb5c5d4e73155c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA
| MD5 | ac89a852c2aaa3d389b2d2dd312ad367 |
| SHA1 | 8f421dd6493c61dbda6b839e2debb7b50a20c930 |
| SHA256 | 0b720e19270c672f9b6e0ec40b468ac49376807de08a814573fe038779534f45 |
| SHA512 | c6a88f33688cc0c287f04005e07d5b5e4a8721d204aa429f93ade2a56aeb86e05d89a8f7a44c1e93359a185a4c5f418240c6cdbc5a21314226681c744cf37f36 |
C:\Users\Admin\AppData\Local\Temp\Cab1382.tmp
| MD5 | ac05d27423a85adc1622c714f2cb6184 |
| SHA1 | b0fe2b1abddb97837ea0195be70ab2ff14d43198 |
| SHA256 | c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d |
| SHA512 | 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 30c49cdba6f4777cf78683903c05d74c |
| SHA1 | 7b924a6dee41e4f189b985e933f2b2ede31a52a2 |
| SHA256 | 61a1935f4493e939ef74a1acb1226e0d3a17d9ee8b02d29f254748af70adad18 |
| SHA512 | 2d7e5bc8f82971edad418139589c85e42cf31c80f0a9359e5152ceceb463055b3be46bcf16f55a184f997f62dcea570183434eb86427571c504ad66f5535a8d5 |
C:\Users\Admin\AppData\Local\Temp\Tar1663.tmp
| MD5 | 9c0c641c06238516f27941aa1166d427 |
| SHA1 | 64cd549fb8cf014fcd9312aa7a5b023847b6c977 |
| SHA256 | 4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f |
| SHA512 | 936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
| MD5 | 29f65ba8e88c063813cc50a4ea544e93 |
| SHA1 | 05a7040d5c127e68c25d81cc51271ffb8bef3568 |
| SHA256 | 1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184 |
| SHA512 | e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa |
C:\Users\Admin\AppData\Local\Temp\Tar1755.tmp
| MD5 | 435a9ac180383f9fa094131b173a2f7b |
| SHA1 | 76944ea657a9db94f9a4bef38f88c46ed4166983 |
| SHA256 | 67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34 |
| SHA512 | 1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 602ebdd8296f2bbfeddaefb97e5bd94d |
| SHA1 | adbd311b3e657666ca958b6750cda8ee4f74729f |
| SHA256 | 97db06d27dd594c95a3bd198d8e51edd1d1ad5a0efdc735ba0b19669a449380e |
| SHA512 | 91ab8a791d7ecfa7f962b36d2787b28581288c9e3d3d985bfde073d21dbe9d9b9a2c3bebd7f34545897ae773bda165960fc1c7587eb9656b036265ca487a076c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9f15ebd0fc1213f4699818d6e40b9883 |
| SHA1 | b9567f357cd331e4b47a4c6449c18382f7ed4272 |
| SHA256 | d26ac9be411e090e06aab55b883c279c334f364296d4df03a439ec38893a3c62 |
| SHA512 | 16059d25a34febe2253406061df08330eb50c9213dc8984cb3a277f647d7a83219f2d84a47a693f6a43d4af412e3fa6125663d38bc9e1d74c090eaa188c4e91f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e91a92b4d0c56e576f033e3cff360983 |
| SHA1 | ae0a7ad784987adfa0ab22bcc2cffaaf49017e32 |
| SHA256 | f46e9f4da2ca39e44e1429775aadc0c52465f521647c795a7214de11add78d8f |
| SHA512 | 26bd0838d8aa483ad829928ce9dacd84ed53480b277c255e25f6ddf2ccac2ccd226ccda05c505da80adbebec9eac168946e7aa72129a068509da9a24b4ec5586 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3427c200d681cf013e6ab320512c3cc3 |
| SHA1 | d426105e1341f0757faab3dd3a9b3f36c9ecb583 |
| SHA256 | 3c7c58bba28ad47c5cb8f5202d972c012afa2c904c08af2882e570c6ca7dd44f |
| SHA512 | 1889b8bda7d1648ddc0f5698f2f5ff52ff7fb877d7ae6ec553776ee5946aed6ff866e4a77eb2685fe181b462c19fe5e2a0f85b94d4fd36750f3c785628d8ff30 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | aa53307920bcc361c0a738b06f11fa1b |
| SHA1 | 1cc53bc3528bdf306ef137c44b61d1292cf843f2 |
| SHA256 | ee4e5411e46b6515c4b5ee01e5f66356f53dd8ab76dbc0b5643f9b23becc5d5f |
| SHA512 | 7c3bf14ee0fc55cbae73a63c4fcdf26c347f49138f68e44291de06babcf9e82f379e7b9e84acb8a49ce732415259fca91f87ad89f5c9a8ed7b9af20f8e6aebc6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0d6f706e3ea2a89843e1dfed687a9d32 |
| SHA1 | 91c192e55e1a9f452c495d1fdab0232f2f567c40 |
| SHA256 | 082ca8b91472f4a45bbab572a69d2d04d226629aecc23e32c5cb643b4917f182 |
| SHA512 | 6492dba994060493a9e03d39dfd77a19780e552b9b9089bf4a6eb23557761e513861d895874c844a6bd1e83f9963f88c07b7abfd5f0b6cc432bb183968c84990 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f75a2fed133f5c331637b87f6d05c4db |
| SHA1 | f7f2443c42451abb4522b9f0dbe098fdfd2dde04 |
| SHA256 | f25de269bbca3836869d8b65f8d9713a1d768a93e19e06b534042842dd00cd50 |
| SHA512 | f74eb802e0d9eb696f7c87ba82e37310c1a4697b0fe3ea3d7f5d41985c21522fbfd842eb343ffe5587244c9081eb074218e9e037b80071dc79472bca61205fd0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 859d80cc2100cf80a0b15bb4bda7ca6c |
| SHA1 | 31e9dd1334c4e439657c066c6cc4d593cc4c3a09 |
| SHA256 | f1cbc845c47ca3d27df454f50450dfbc96535db869902fca59aac0d0b8bfd5ab |
| SHA512 | c12a1a250f5896e34bdba004d1253934c7605400ebaaaf8bc264b3ef0229881c42f9ba618fe81aea6d04c5c3f9795aa1a43524f44c6102eea99de686c00fc6e7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 18f0107f7d9c31ed30923b23c57901b7 |
| SHA1 | 3ecde109cbc04acce7f675fc1d8869a7293167ca |
| SHA256 | 2b7b812082c1ff18e64a49aea396e6cf60dd11ea8d6de5f6138a2128eeba725d |
| SHA512 | 3bbe60ca897a277cfe188caa76f90b76d872a973a72c29ca08519ca7cc4d9c2dfe9759dd89ab6f2a4bb517aa7408428c5aeea2603d6f29e3a4166c5c3145d075 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 76a2764f2d80ac0c578147aa1090a52d |
| SHA1 | ddcb5b51a77393464d87ea216bd8a26d61acdfbe |
| SHA256 | 6cb9a996b455a26605a8348933a8f7432255764f70f4d9d527a9d2633264f457 |
| SHA512 | c45d5ae8906b840e77ac7d89fe95e4ffb7bb6a6bc1297663193c32ac7f7921ce191701b98273a665dc15a37b6b208f2000e8369fef9e08f8846a06c613f88280 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 70323d73e3da398b35a54a41bd70b85e |
| SHA1 | dee6f4408e2953f04d8024fa803b3786124c64ac |
| SHA256 | e8a87b3d439d3abfccb3b8c4005edae569f3d948fc4d0d76470763c985112118 |
| SHA512 | 7dce890a91b42a1bbd3398e99fcd5d2a81311de309b32ff88754e99b80507149b3637eaeb5c3315f29a340790f3e551efcd6f6406d9badde69b767c463400a94 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c0118b37cf30bed806900f659025638c |
| SHA1 | 7e3d156ff81014ce19a8c66e0dbb08efb16783fe |
| SHA256 | 30d86c92d6b15fcd66facd76f905353d6787cce7843147834b7277d98de99d0d |
| SHA512 | a3998d7e533489c5518558f01f43cdfe4ab2606757b830a5ddb2f6d5d3b918745ca06cd1ed3e627efb37562487c1b7756c979f154210129f8dc5a337950e2f27 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 482e5aa2b39216fcbbb6871de89384d5 |
| SHA1 | ce9520e9bec7c8c24e1900aa26d36e0660cd40a4 |
| SHA256 | ebd946a58868b2ff16664ccee420b939618086bdce3eca5dce64c48658730db7 |
| SHA512 | b903085b237be0a1d5472ff2cdf2e53edb8c3cd1444edebd2c3433fb48293de740c5c334b20954f4ec784c22f5d4a635ea36295d7eb8336521405801cb43d5a0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 949eb9f415c6cfc2e9e3c6b8c2462d46 |
| SHA1 | 1bc9ad813119b788c1f23705edf4ac60642b801a |
| SHA256 | b4c8fec72f729857b8c5fb7af996ceec492ea4213541b428b5cd0e7c4aef0aec |
| SHA512 | e110ba1dff73bc8dd6aacf97d25d26ac6375cb0b67f82243d370053dbd2f69c55746b01b407a27d419c70b7cae90e14b4732feaea2c7de2590e869ed08165dd2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0972213b1eca42327fc77feea7624c1a |
| SHA1 | 6bd2e12d7531fd770877c58015d5d3c843339211 |
| SHA256 | ad5c58afbc5503af3b3db3a7e33075072fbe6d024a908137095a4904a143c508 |
| SHA512 | 23eb28c056a4db887bd1d48883d5951e4c1533d36ba5fe5efaa7cd34cf3b71647976a6ed4c43bc96e61eb68d430d763fb5782f17394244aa1046ed6489c5c831 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6140d190bf2d4ec71c2cbe1f9c17b4d8 |
| SHA1 | 1eb70715858b0d93da183c0c6c2c72b7129d9fbd |
| SHA256 | aed119846cfdfc9105dae9538ea9a44acd2c9d108db01726f1fe5624f7636d4e |
| SHA512 | a0cc265c69ba90f66e7e2fffccc4efb9a3441f15decdf175555aa5bb2f03fe98c712b2eabb2426449392c8e3b2a5d2d026270c5c28e95b9b6d152f420feb5d06 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3e2d434a4aba906496b99425489304a7 |
| SHA1 | a697f07f1f62275d4c2000e619e48c1845730d03 |
| SHA256 | c766117c439076575acd2e6ca1474f6476f91a0955d5c5239ecaf5b994038693 |
| SHA512 | 26c3718dd8259a1a5cb4fcb1aeb198aa5b64df429315a40c6143d941ad43ea6b3bde638ec912ef6acdf1b652cb74951e2f0ccce4bec5bc0f332ff0b1061771fb |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ccb8d512772b2bd033c011f5a111e5b8 |
| SHA1 | 7f8f20f83175a760b0c279af08d358dda51d3488 |
| SHA256 | e92d8272f4e4b1e33a0ee92c5f939c6396159cce670128e1345d986afc7c7d2b |
| SHA512 | 5d575223fb2ed063014ddfa9eb199f0173af57465bbd9499f5d1cb7850e7634a388b844cd4c73432fada626fe22027d0ee323f2ba33b45c08c5015a924b8eedb |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | cb43e1646f7a255de83b42c33eacaada |
| SHA1 | ff700a90f8f3d38ad6c73444b071291383a02764 |
| SHA256 | c2185ea17cd0b5847ee1ef298bf929345ced6de8d4769a45228a985638316579 |
| SHA512 | a8995d055d14b91bf9f593201ba9f2bad472946255fdec476c0e0999b584a3853a3283d21165a8fcc3a943e4c3d11ba21220e5d5ac3e1f99d750c63f11abe658 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 85e851393c906c47433659f78b34ad8e |
| SHA1 | 00551b4a4ef1eeadffe222b4c228517f07e8e503 |
| SHA256 | 3e2755d782cda4e0273e67fb0819b9082da125d80e1fa10f6afa3a7e50bf82e6 |
| SHA512 | 3f4d7ff3b8975053f5f0893d21e398f05699dc6bd5736f5a076d066f58b993319df6ca8bc762d9437bc8d8371be133b2a62fe2cd3e06301500ece6393713ff18 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | 974d9c2739cb9b07c85a9127859dcd29 |
| SHA1 | 8123c7bc660ad20a76da0b99c4bbcdcd3b7b6ea0 |
| SHA256 | 45f8f07d844f7700bf578f77512237adc3eeb8c8d24e1d9c22ff7366ac1ffe59 |
| SHA512 | 23b30bf3b0597135a38329da5c84e750b1eba9f0b6d1d7f8e588339f2206c3013e76e750fa4c903b4aa563272eb524ded333107ba1b424066b4ac0f353d3b056 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | a266bb7dcc38a562631361bbf61dd11b |
| SHA1 | 3b1efd3a66ea28b16697394703a72ca340a05bd5 |
| SHA256 | df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e |
| SHA512 | 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 19a1ba13af07322754640df9aeed5c94 |
| SHA1 | 7a46a9425bd22c1c12f274835d6236faa3466528 |
| SHA256 | d4588fb6ea7492fd5bc0d8ebd7f2d0d668dfc01e6efe988d0cde1aa52989a1f9 |
| SHA512 | f905557406234beed4e93ff56afd9e586f90f717e700813576ccc82eda850e3c53132d8f4ed6a5a22f3aafb641dd8454709643607eb5ae8c3c7c402c7c680b45 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f9ae13898f6ef9bc149556d615e9f6f1 |
| SHA1 | c03e1940ecff8be846869daa30e383afec11c6fd |
| SHA256 | 5ac43d4da1800e61b08682fa9b3ac26da0aa6c4309fe25364ca9ca967d3dd5fd |
| SHA512 | e3284b2f18e42ff379c9923677202fb27da526df1bb236eaa04966ef9565d7c95411c35152ee1412b404265b1d9f0e6331541d0eea5cb4f4e5a9c8acc92cd0c2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d46420512c39d1275bb9b2a81b1fd8ab |
| SHA1 | 5ea3316ab5d7800c62b17a5f3cb42d7f59b0207f |
| SHA256 | 8cc9c02bd73ce60a677764c82f4e347a2226035a2c38cfa5ba223f034e764212 |
| SHA512 | 6a257b978fae8fcc010ec4932d64e3e9974d683de64fa9e1f1f02bbfb3db2beb65d0a119a7256d1131d0e867271f34f58b59d0a0d382cd9386247e357f512a6b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 07c327aa4b6f4fd79e5e2910c01f2474 |
| SHA1 | 153339fb7207abf70de6888ee3948b68417a4e39 |
| SHA256 | 143ae99cfbe8c3ad5f30d20e163d8b762bdfde84e243da0b6baf8deb1a4b41b6 |
| SHA512 | e95aba6a52ea03fe5aa24610ab614031ee7cb44d4633c79888a1b379bd5ea992597c3fbfb435298e839f859db8d29b44496bc0573fa3894bae9e61abb44d9fa3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | e4a68ac854ac5242460afd72481b2a44 |
| SHA1 | df3c24f9bfd666761b268073fe06d1cc8d4f82a4 |
| SHA256 | cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f |
| SHA512 | 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3abd80093f265ab8210554acd23c3c60 |
| SHA1 | 9a1128e103de4786980b80976512d757645008ea |
| SHA256 | edbd2069cd110bfb09d221e4d5d376ea3dd7a81aae29a03f1c02c3bd30d3dc19 |
| SHA512 | 74ad3612acc22b303e5a9e363828754a6d4f9dbd5de1f7cad9e4f4c7d1d195d1b5ea884ddbf8c81a880ed17ca2dcb33084a7919efe64ac8cffbfe9c49ed0a148 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 419a14b5f3d61e1f5fabb808c7fd2707 |
| SHA1 | ac70b4337cd17472f0ea75a44ab0b8d60828694a |
| SHA256 | 8a3727745289095445c4490cc3c4bea8a59d7de41348724e87c47d7e8ece7a3f |
| SHA512 | f34ffbfb7888700ea20393d98d3d1137f684f795503cac827adef2751d3ecdf7de09094afc24e7207a2b247082985b997c4e5816d37c0fcee49ed247443252d0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | ca85d290113092185fd7fec33a8149a1 |
| SHA1 | 25fff865078fe5c5f30d39fbc1da6166d8faf5e3 |
| SHA256 | 9196f5080ff1323c503e4f5281c6a29b11df8bab248d1fb52b34276cd21c3502 |
| SHA512 | 684dac93963fa3ef0fdb0a90f39f2a27cb8b30e83456ef0aa4cf5ddf71fec09f5812a12751d7e97236dacf4269bd240d5beb45623a6ab06d8eae730ee4f314e3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4ccab0d080aa57ba72fe86ae4bb2573d |
| SHA1 | 0ca1cbd27740bf36c904931f3919219dcc57a5b1 |
| SHA256 | b3a1af50ba828cd53386f149ab5d86cf43e807ec6645855d0a9a4a60135ee55f |
| SHA512 | 833a6520e8cdceeb0a86ff5d0968e22aff074fadfc47995b5b51d01631f670f78f850c17b2de508cfc237c4410ed181da0606b0c48d05826e626d4600af4ee09 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 739b6285ecc1051132c06af3e40fc3c5 |
| SHA1 | 75ae948688c3aeb255a24d8bc5540f1cfffc1f7b |
| SHA256 | f485479b1a40a89cac971f7ddd7a3d06567f369ab3602f662d9e5f1681adc093 |
| SHA512 | 796f5c5663dd7d6f1590c19e163d75c0f11359dde42a6086ff434bdd919cf7c730038a6e2bd6262d7f7bfebac7e98b3a29ccd137df27fa71f50e8c99a41f71f9 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-05-28 20:24
Reported
2024-05-28 20:27
Platform
win10v2004-20240508-en
Max time kernel
145s
Max time network
140s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\7e48d23753c5b89a9a4f81aa78fb8754_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffdbd8946f8,0x7ffdbd894708,0x7ffdbd894718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2064,4959104284379665834,3825510226667599794,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2116 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2064,4959104284379665834,3825510226667599794,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2216 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2064,4959104284379665834,3825510226667599794,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2828 /prefetch:8
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,4959104284379665834,3825510226667599794,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,4959104284379665834,3825510226667599794,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,4959104284379665834,3825510226667599794,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4064 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,4959104284379665834,3825510226667599794,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5256 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,4959104284379665834,3825510226667599794,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4708 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2064,4959104284379665834,3825510226667599794,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2960 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2064,4959104284379665834,3825510226667599794,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2960 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,4959104284379665834,3825510226667599794,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4676 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,4959104284379665834,3825510226667599794,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5084 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,4959104284379665834,3825510226667599794,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4712 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,4959104284379665834,3825510226667599794,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5632 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,4959104284379665834,3825510226667599794,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1776 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,4959104284379665834,3825510226667599794,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1296 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2064,4959104284379665834,3825510226667599794,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4776 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 217.106.137.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| US | 8.8.8.8:53 | www.blogger.com | udp |
| FR | 142.250.179.73:443 | www.blogger.com | tcp |
| FR | 142.250.179.73:443 | www.blogger.com | tcp |
| FR | 142.250.179.73:443 | www.blogger.com | tcp |
| FR | 142.250.178.142:443 | apis.google.com | tcp |
| FR | 142.250.178.142:443 | apis.google.com | udp |
| US | 8.8.8.8:53 | 82.90.14.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 67.31.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 73.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 142.178.250.142.in-addr.arpa | udp |
| FR | 142.250.179.73:443 | www.blogger.com | udp |
| US | 8.8.8.8:53 | bit.ly | udp |
| US | 8.8.8.8:53 | trouninsamen1871.blogspot.com | udp |
| US | 67.199.248.10:443 | bit.ly | tcp |
| US | 67.199.248.10:443 | bit.ly | tcp |
| FR | 142.250.178.129:443 | trouninsamen1871.blogspot.com | tcp |
| US | 8.8.8.8:53 | 10.248.199.67.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 129.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | dyplom.org | udp |
| US | 8.8.8.8:53 | google.com | udp |
| US | 8.8.8.8:53 | google.com | udp |
| US | 8.8.8.8:53 | 196.249.167.52.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| NL | 23.62.61.57:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 55.36.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 57.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | dyplom.org | udp |
| US | 8.8.8.8:53 | 154.239.44.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 103.169.127.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 31.251.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | dyplom.org | udp |
| US | 8.8.8.8:53 | 43.229.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | dyplom.org | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 200.197.79.204.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 4158365912175436289496136e7912c2 |
| SHA1 | 813d11f772b1cfe9ceac2bf37f4f741e5e8fbe59 |
| SHA256 | 354de4b033ba6e4d85f94d91230cb8501f62e0a4e302cd4076c7e0ad73bedbd1 |
| SHA512 | 74b4f7b24ad4ea395f3a4cd8dbfae54f112a7c87bce3d286ee5161f6b63d62dfa19bb0d96bb7ed1c6d925f5697a2580c25023d5052c6a09992e6fd9dd49ea82b |
\??\pipe\LOCAL\crashpad_2012_BGYRRKAACWCWGPYR
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | ce4c898f8fc7601e2fbc252fdadb5115 |
| SHA1 | 01bf06badc5da353e539c7c07527d30dccc55a91 |
| SHA256 | bce2dfaa91f0d44e977e0f79c60e64954a7b9dc828b0e30fbaa67dbe82f750aa |
| SHA512 | 80fff4c722c8d3e69ec4f09510779b7e3518ae60725d2d36903e606a27ec1eaedbdbfac5b662bf2c19194c572ccf0125445f22a907b329ad256e6c00b9cf032c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 42ca80cdb756c6a1dc6a9fa8e4c9cffa |
| SHA1 | dfd154eba2b2b43a7d357b838f0ed014a23be6c1 |
| SHA256 | 87ac67e537c3714a5d51ed497558c3e810f34ff220e53c96c047b559cb35e965 |
| SHA512 | c69104d14af9386aa36e861a8d7e4ac3da89fe06b1899682a3fbb6caec2725edb7725175ade58002de38c16a3ae7ce9580c9d42811ac4c01bb1289f481b2f2cf |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | e5174d6db199f0f2b06553faaa1fbdad |
| SHA1 | 64c72e10a44636396f0a37eeaee2cc64dc6c522f |
| SHA256 | ddbdbfa00e09992c188527b1b8616b92e42117e2af8bb2dadbc9a0b9ff5ff997 |
| SHA512 | ef5fa911bce1b9efe5397a075164893fe2fecc032c45a8e73791f2f0651decb9d403304b444d86220f6d4dae7574778281084311d8498f82105a04592dfa6c84 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 758d1a41e6ec1021224791ac838bc1a3 |
| SHA1 | b312fbc466a79c6fcc10c5271f0fd4a84ed24e2c |
| SHA256 | 19ac174187cb382034a3de3839fb2bc2af0eae8e8a648d94c1ca7fa52c7c9786 |
| SHA512 | b5161ce29ee36e727e169980092da9ef688f13c9a22619caeb71f46e57f8cb01b16d98564debe10d546d8bfab95fb7525d674d181e15774235a1439214dd9d31 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 6d18b7eb571159f34d4462b3c615aa03 |
| SHA1 | 0e7c4249cf9223707e521d82a29048a3b84f44bd |
| SHA256 | 91efe80c249eeadd0662f841bc29447812d78b0e91308517d8ec6c9d73d05640 |
| SHA512 | e273ad24476652ae92cd25646e6765af781c1b2f2457d2280db02ccf0fefee1adbdebe1a8ada2cd1ca48733faa42cc7dc0fdeb0725d05e749b9b4b180824ea0b |