Analysis Overview
SHA256
95debe8ad62d80b2f69b21faf23494d846ba9cd7446f80f0bf5900265c40487b
Threat Level: No (potentially) malicious behavior was detected
The file 7ffc753090a8917ef7cadbeeff1c1146_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Modifies Internet Explorer settings
Suspicious use of FindShellTrayWindow
Suspicious use of WriteProcessMemory
Enumerates system info in registry
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of SetWindowsHookEx
Suspicious behavior: EnumeratesProcesses
Suspicious use of SendNotifyMessage
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-05-29 07:45
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-05-29 07:45
Reported
2024-05-29 07:48
Platform
win7-20240221-en
Max time kernel
135s
Max time network
133s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000a40a3a9d66bb5c4e96df4d0c057aff910000000002000000000010660000000100002000000007999af65ded23bf520f3b49070e74e4b6c277f4c3c55d1f20833897fd120b36000000000e800000000200002000000018e60acb2142d07a67d4d5f27da306d5ff4654a9a2ce65d01dc048be05664e2890000000a4444cf21ea80540f6cabe1392963f978322c75e19cc05dd781511306d612ab5c0f76faaa9495ade68379099390dc10160e71d6850e14e0d5a76a77b64faab841cc696ab93d3e048143e6f9dbbee1809fb009abe0723439c9b0d541aeebb851ef0645ddd84a3633e338297760572ddcb4c5736c29f22ec436c1c13beb596484857dbfcf044488abb69ad627af19bda2040000000f27c70c434779ecf809452ac2213f3e769bf2dd2384c023d6034e0176382f4a649a598ad925fbad340b6ba1ca07d005cbc1db4a5b836d67892aa167fb2846bbb | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000a40a3a9d66bb5c4e96df4d0c057aff910000000002000000000010660000000100002000000042bae03f9fc682279e205f87864bf85422064109f0d7105c0cf3df50e2181627000000000e80000000020000200000001769681c69faccb024abd56832a6d2aaa7d662103b4c7c4effd96e8d5ffff0fe20000000b2fcf4b85d3cc40709b1726ce6a69f3d81e1e38c4ed4a2a29ce8f9e0595cef4940000000b931e47a7ab1e497adc79b80345da80ad63720d9107b4578080d5f580adeff3e6df21888fd3d3f5094de0328d7ffd5e5b7efd6896dfc2e6dfaedf61a6b10bba5 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{77E79FE1-1D8F-11EF-989B-729E5AF85804} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 1099f24d9cb1da01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423130619" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2876 wrote to memory of 2860 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2876 wrote to memory of 2860 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2876 wrote to memory of 2860 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2876 wrote to memory of 2860 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\7ffc753090a8917ef7cadbeeff1c1146_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2876 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | stackpath.bootstrapcdn.com | udp |
| US | 8.8.8.8:53 | cdnjs.cloudflare.com | udp |
| US | 8.8.8.8:53 | use.fontawesome.com | udp |
| NL | 178.128.249.247:80 | 178.128.249.247 | tcp |
| NL | 178.128.249.247:80 | 178.128.249.247 | tcp |
| NL | 178.128.249.247:80 | 178.128.249.247 | tcp |
| NL | 178.128.249.247:80 | 178.128.249.247 | tcp |
| NL | 178.128.249.247:80 | 178.128.249.247 | tcp |
| NL | 178.128.249.247:80 | 178.128.249.247 | tcp |
| US | 104.17.25.14:443 | cdnjs.cloudflare.com | tcp |
| US | 104.17.25.14:443 | cdnjs.cloudflare.com | tcp |
| US | 104.18.11.207:443 | stackpath.bootstrapcdn.com | tcp |
| US | 104.18.11.207:443 | stackpath.bootstrapcdn.com | tcp |
| US | 104.21.27.152:443 | use.fontawesome.com | tcp |
| US | 104.21.27.152:443 | use.fontawesome.com | tcp |
| NL | 178.128.249.247:80 | 178.128.249.247 | tcp |
| NL | 178.128.249.247:80 | 178.128.249.247 | tcp |
| NL | 178.128.249.247:80 | 178.128.249.247 | tcp |
| NL | 178.128.249.247:80 | 178.128.249.247 | tcp |
| NL | 178.128.249.247:80 | 178.128.249.247 | tcp |
| NL | 178.128.249.247:80 | 178.128.249.247 | tcp |
| NL | 178.128.249.247:80 | 178.128.249.247 | tcp |
| NL | 178.128.249.247:80 | 178.128.249.247 | tcp |
| NL | 178.128.249.247:80 | 178.128.249.247 | tcp |
| NL | 178.128.249.247:80 | 178.128.249.247 | tcp |
| NL | 178.128.249.247:80 | 178.128.249.247 | tcp |
| NL | 178.128.249.247:80 | 178.128.249.247 | tcp |
| NL | 178.128.249.247:80 | 178.128.249.247 | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\Tar95CF.tmp
| MD5 | 9c0c641c06238516f27941aa1166d427 |
| SHA1 | 64cd549fb8cf014fcd9312aa7a5b023847b6c977 |
| SHA256 | 4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f |
| SHA512 | 936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06 |
C:\Users\Admin\AppData\Local\Temp\Cab95CC.tmp
| MD5 | ac05d27423a85adc1622c714f2cb6184 |
| SHA1 | b0fe2b1abddb97837ea0195be70ab2ff14d43198 |
| SHA256 | c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d |
| SHA512 | 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
| MD5 | b9a6ce2d8d958f97f33e4c90383555b0 |
| SHA1 | 1dfc439a009c45eb482547d65aeee88675679279 |
| SHA256 | 35c92a56b5f0f8520f27ee9b8d093c80deeb4f7599dbedfa8619559986db3c03 |
| SHA512 | 0395ce6722e8663e946c8ab45bf6b28dde3d77c42ce893dd5d9174bb1c2c287b5ec4cb165ab2c606c13b39a72af14ea2d1b63bd3f21b766f8969b6d18db920f3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
| MD5 | 8354286702cd4a21493674bb822f9a7d |
| SHA1 | b2ecd0a7f5047f00eff416f6be04a26669931cf0 |
| SHA256 | a0529ed2580a24896d5bcccfac4898dd50df70aa219ad6bad903e7fc9cda45a7 |
| SHA512 | 9a667f05afaa247c07ffe694cffc2eb2417010e0ec4c867b2e865972a67339b5ba72a7bd159d363e2e032403d902026dedcebccdc8e99f5994066d2147bb1952 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
| MD5 | 78511042ec1344e6fec9f12dae6e3c2d |
| SHA1 | c189aa86f088689574a1d271c66939adee6fe4b6 |
| SHA256 | 12aadc4d3000e862c146882360bcd44e5dace71cf0a01de48f7fe95e322a7d64 |
| SHA512 | 2ecf70d5628d813f647649abe13f8c5d5109f1f9eee8afd5a4279db628555643c037fa16416e35f53efa74b42633fd7b6d5e2395dc21e1610aca10b4dc3cfddc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 82d895105c829baa146fc321df6128b7 |
| SHA1 | a44b9520b72873463351699039d8962b6a785948 |
| SHA256 | 5b0ab78356d532faedb3abc6a453dbdda22ed663ce221b261cae03d1f8bbbc11 |
| SHA512 | bbac39c1035fe32ba0b9a595f56015796a695984293aaf12ca8fcf30840d483d19ee0e530cb37cbb75e8074d8e61d87390ac17843ea44d23d1f67ad75282847a |
C:\Users\Admin\AppData\Local\Temp\Tar973E.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA
| MD5 | 1e2db20b648a971862a4b322c8a4ddb2 |
| SHA1 | ce82c42c6f97f8d2ee171f9cc69f7c546afac9fb |
| SHA256 | b1484b824eba562ded6ebb39715057a1f687b8e0d93c05a20dbb99ded662998a |
| SHA512 | cb14a633880430d891811c0ba019baa96d1e23a1d25efd0892531e34b56c6b9f93ee41ba979167de1312c2b456347da0a912630852b19a6063b62498e7fd3117 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 23a3d4e7e802f6a9119c6e14f0efabd9 |
| SHA1 | 87850f4a68639027cc4e96b2fc27fab986035c8b |
| SHA256 | 296808cd59b7032b024c9119f0265c26f1a2a4025103dd7f30599088ef733f8a |
| SHA512 | ef4b4cf5028a162dd76fc5df5eca5c76420b124cc01d17a93cb43821b6b281fd42a4a8b56a0e5c33fe55696ec9d5a6d8972800438f0429f65ad40581c02b0419 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6BADA8974A10C4BD62CC921D13E43B18_28DEA62A0AE77228DD387E155AD0BA27
| MD5 | 0dc9cd43cd104a66fa5ea7a04686c41f |
| SHA1 | 465dbcec0bf817cf4b2a790f839861ef0035df57 |
| SHA256 | c2f31ac96e1248bd2b224d34251fec630f8b72275284814fb641f66b0eefe85e |
| SHA512 | 825aebb019adfb979de391275c84d59928113b399341f96213002040bf7e90abc1ae2449168e553d971a062deb03d0d920d85aeb4193d7b781aadb14dd00479e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ad40b4617dd6a90c34d4aa101b269378 |
| SHA1 | 281fc6e4a023b27441331f7ed550e0c4acdb2df4 |
| SHA256 | 75e9ebce364e908b2ec7804d5e09d1907c0638e60d8f8c1c178ff4893a711153 |
| SHA512 | 826ad4555c4e0f5bc1eaf7ad7dd8c5f09adceaa8922f05a16d070a81bbdff58ab428a0df32d2f1cc3960b63fb0d343e1aee9d5af0f885c86d407cd76332d0ef9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 40018a67f5b03c50d6829824974d2e50 |
| SHA1 | 8a4de12712283d0f5f4113add4a236ecdf9d4b2a |
| SHA256 | f04835fc29a63b4a9d6b0e6747a1ce1083fa2acb34694a28767ed56a7114f7ee |
| SHA512 | f9ba7106b45c0a4b2c6c86d62fc82b0da0ff39a7a67b55d96815d87c14879c5d735cea0c16459ff16453ced7ea4d14c13bc6b2ce1908cfb0b3e9eefe3dbba472 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 75ecd13c8f47cd3ca78ff886cd4427e1 |
| SHA1 | ef577a3be1006719aa63b7b188ee294e34c9db94 |
| SHA256 | bcfa97422f4ba02b0b6197c827bfb0bd42f58b9a716ed93b089979f16365776b |
| SHA512 | 93850fd5265c6eab792831c77c5ccdafcbf73ed26155384dd2f2a37f1abe8862a88b89bf120c2062fbaf4d3a66790e020249bd48e7bc792c3268652c972f1f91 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 74477960b9858fb05abafb56886e81aa |
| SHA1 | e557b0d5335f1690ff25a0f81c64fdc06f7a4719 |
| SHA256 | 55677736e09b20d61ff9976c83f1f433901ab64bf5ae900b88bef256cec9c766 |
| SHA512 | 81b52b86ff3b41178a3a9d395079cf621fe131e09c9eb25f65e8fd660e5ada9e2ae852b58d926ed7fdfb852886b0ed5ebbe41b53bef5c05fba9d270d92779470 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 78c17add762d87c79edbedeb4a65bd36 |
| SHA1 | 5191036658a37f013570721b4d227a03d3516b95 |
| SHA256 | 01bcb593410b2576c5b16eee035461a14bc78a3b711555e14318c3514a8478fa |
| SHA512 | 582a993025fabc54b8072e5a4256767bec1a79fe5ec11be312f762a27a7eb11a2828de653b0fe462d2b596cf9f19de823dccd54e1d1bc07f35b718654b25a8c7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8036302f1c8c82e9a2af65a54b28d257 |
| SHA1 | 3ceb6d09abd73dd9630bec517c0e821cf491a021 |
| SHA256 | c6ff593e4ad366c7b5116a7feae896ea8fc0adf20b8ea544681ddd75f9e56601 |
| SHA512 | 19cc6257bbcf20762173feb0548ea7092a1df7f5281425add29d836d6110fd06bd749546fbbb71bd31cd334cbf5544589e1455f86df05f921e317ae184e3dee6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | fcf2be79385893cf7ce00dd7d7440c70 |
| SHA1 | c0bfc2bd433d40feffb10df264bff93344b7336f |
| SHA256 | f0351cc9f5ffd7edd7e9660b3901ae6a1e2283e7b10bf8c2afa98a9756868583 |
| SHA512 | 19f21b9502a7b717be61bbe31fb9b1550b5d991cbbee32550a9c849825f5f557e035c0632444896ee1bca60285f3397c3ce44fb8ea16a5b010e5821052bb7099 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e093183371ebb8eb52c4107b48e39bf5 |
| SHA1 | 9216b33e9797eb3829aea5fe950880035cd787c1 |
| SHA256 | eb9a5cf296c614be41f399242435c71c1d948bef805e390a530893bd4e5b5320 |
| SHA512 | 644c45dd7f1ac20fed645c52a38a15afab34eb0f7e9b13fa5e0c0315bf930a9762675e849a648727dcd7387ae392d484973782ee55a635151a1427946392b123 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6858f287675b181121ed9821ac3f9533 |
| SHA1 | 1e5483b129bb293bdf411f0f09cb188cc7692547 |
| SHA256 | 35c1e813b6d30fd0fea385e3cf75dbbfc254d5d7be841a1294b00b1d6f99d804 |
| SHA512 | 53e1198c39bd01cc247e012daebc21a6873c08ae9b4384d9bf0aca0f2de196f43a5d688f34efa84e169c7db1eee8c6498412285ee4bb60fef5949b4e4128ef75 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 70297c3f7c4b402b7ff8e4cb9e67aa2c |
| SHA1 | 3481f23f133a346a184fa7522050a086511213ed |
| SHA256 | 11e8b3bd9e23247efff50235192f24b864f224f54e6befedde3db81f1bbfceff |
| SHA512 | 54a7aabf1719b3ad5582aaf08fc001e26570b678c2fd44ca7ccf84aee49459ddff9decc5caf969601463786cf015149719c579ac905c3aa9dae752923989ad56 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4607a131ad3086e0f092a3d3ada09945 |
| SHA1 | b2507c2663860e9bd147be8b37315edd37d73487 |
| SHA256 | 227ee054e2cb17023d2f3d0f7e4fe51400fd82aa1bc8fef4545c888fdb3ab838 |
| SHA512 | 6103d0bf4073f66d6ba4692ca329e427acfdb44ec86d3a01c5f5e700b3b1e1be260edd0858cfb78c9e16ef6d279d83512f8cfd7b629506c7cec7eb01d27a3c48 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0d0f5a781b2789699cd65eed6110bf48 |
| SHA1 | f64351f3b34f29e759292a05b307bc0e9a0bd335 |
| SHA256 | 2e6b5afb1dfebc5c7b0d5766f824fc8de3d2df1e5da92ba6b659dbd6cb0f1cc3 |
| SHA512 | 59958a3cb131e687403356b16d4838a2bc7549db23925a535a1c9304f4322fe0f1e402e0c22eaa26aeba71ab6b85dcd238a1d2530db58e2f19a515d53876cfdc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | a266bb7dcc38a562631361bbf61dd11b |
| SHA1 | 3b1efd3a66ea28b16697394703a72ca340a05bd5 |
| SHA256 | df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e |
| SHA512 | 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | 8da3a6f49fef50c27c8f864af76f759c |
| SHA1 | ab04c6a510158db3537c8b264e383f1b323de284 |
| SHA256 | 934d320a6276e78fef09fde9236e7464ce3db66905c881d34a927a1483603b61 |
| SHA512 | 29bf585092cf05f019147a9518310108a85bdaa9dc31a875298a39765a27c144f7a9912cf629906094422a6ca356c824f16955a105e7ef5555582835e277ee56 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e6aafdc01e5ee6eb6c02f23ceca1b9fe |
| SHA1 | 7e0e04231d20b6dc5b308a21954d2392753037ae |
| SHA256 | 2f09c393d13e926542992d38ab014d7e9af5037aac859aa7f0b49fd64f416d28 |
| SHA512 | 29a371fef0a42273b70aadee21cbecf2dbd7778ca7ce0374671bcc059921a56b3cca94c0bde6ccd7ce354aae8903ee091341d3ac45095f878b26911110160e76 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1bf4fa4bd5c72e897c911067f1853d58 |
| SHA1 | c37589fd4a853e39753fc36d5e773965e8e1ebce |
| SHA256 | 028134fbcf94641e558097f3fb1ff41fb92fd99b03c2003d0e3e4264d312b0da |
| SHA512 | 69ea8f95e2d9bad23d0ec71ce7a2021a90ea18bed1c121e29589a5f603ca2eab6125e9940a3056cbe25a75c20a08866c37ddaa279d27862ab7f9d9a4527ce3d8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | fd04fd59e63fb33f4dc11ae53d6eda22 |
| SHA1 | f881251dad5944522aded5fcb47ac05d7cd65645 |
| SHA256 | ad54cdf1bc09159a6616041d5403f4717cd0fa253584fbcfc8f96f5182edb2c0 |
| SHA512 | 1a86b187db4ba1a29da8c989da1e9fc66a3795328032ccbf9bc1f39fcda1983897d4f30740d448deb7285e0d71012bbe98447651fba26054676876f7f0a4dd98 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 57bae4996573088035a6115fa2c6f4e3 |
| SHA1 | 032065553882484989061e18d5755e9e04aa3593 |
| SHA256 | 5d9cbc4be53707921927c62dbbc849a3c073a754e5ce48d59d5bfbd9cb61c851 |
| SHA512 | d29d35b860207e6f6e94b4120f339c2ff2a77a63b28c71c9804a6d174a2f13621d742b40f18ff2d110f823a9d6172af8a5e5b4f71ea5d26976a5bfbca135abfe |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | e4a68ac854ac5242460afd72481b2a44 |
| SHA1 | df3c24f9bfd666761b268073fe06d1cc8d4f82a4 |
| SHA256 | cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f |
| SHA512 | 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | da43910473975d4cdfb078e07988f3d3 |
| SHA1 | 201fcba80f1ce06fea53293284389bc1a3b98640 |
| SHA256 | a589cc77c842ff4d539327d7d3ac0d7e84840edad52901b5bd438ac84f5f6edb |
| SHA512 | a12cedd18dbf46e7e573d5425989b228e08b541884110aa157c5297bdc6833d3b627f7f828c2f2adfaf1378501827e13efae1e8d086ae55b8bd366d03538953b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3ce951c1a6b004cfee0bd7d0ff984a45 |
| SHA1 | 04eea728e2fcd794ce789f7cb0dbcd4f0c60d049 |
| SHA256 | 167065e789791c644b679a0cd774be5a0ee0a760063154e06beff7dbb7b910b8 |
| SHA512 | 956c33516023c759b31fb66ff751d29e60b7f39a8cc9c9c6f0cc1bffe1bf7d71aa06bce8dc37da69132f1e9de43cba815d2802feb799a1d6ac4057de3c7682e3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | e7af682b3546a515a2e80ede7e998138 |
| SHA1 | 5dc762da038c37fe1c3e3a9ad375ff5f693bd13c |
| SHA256 | 39a599090be104e0d10dbbe958e44e9f3ecb1bac969f29b43dfee891ff9a03de |
| SHA512 | 1fa6be46055bcf9e076fe4b5442df5e4bd2afb28b8fcf2c24957a5969f76b38d8b2e5e10ab895edf639c904e69f9ee768a97cd8d1ee47f6d7487cf3e3eadc00f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b5b04824e9dd6ae3cea35b3d2a9d06c7 |
| SHA1 | bd32bc69ed8a46e6223ae3c006dd9fdea3c6d73e |
| SHA256 | 2fd63fbaf6f7101c87710c38a71269c891e3ffbbfecee0ede54588685677422c |
| SHA512 | cb228963f0e5853350a93d07890ac9a8ff06a6ef137d611221ce015074c4cc6aae94677d28158c711b2c47ff10fd70d5c721d4e16c1aa6322c5803d50188485d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9a6f81784cd5aed4f00accf15c3ded52 |
| SHA1 | bebfa7cfe07adc9d86de4349219e76face90cae0 |
| SHA256 | 09d585b110322b017710d4c07e1fb1db85d43e4c4590ce577202d1d76df62122 |
| SHA512 | 8139045f477009ed0c8a692e9e21ac4a6d99f0a004246258c7012868203eef838450346c45f785251f77e9fe178bc7def155581e2caaaf433d24820ec6b12c88 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1f7bb2ae87bc7e054885c587e841fd1a |
| SHA1 | abf94fa3889d69d26c4d5a9924cd1307f0a17414 |
| SHA256 | c312408c578623a9e64de6b6888b92184026098b856c857c9e3db6d49cec2d90 |
| SHA512 | c923d1f36d74f006a9a14275c004651f4cfc03e128063d8e130762ca4fe153ebee1b5eea6d97db8a78cb70c35dafe2f3d126bec6bbce15f194fde69c2f66d896 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-05-29 07:45
Reported
2024-05-29 07:48
Platform
win10v2004-20240508-en
Max time kernel
148s
Max time network
149s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\7ffc753090a8917ef7cadbeeff1c1146_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff86fc46f8,0x7fff86fc4708,0x7fff86fc4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2032,15099922688200908991,4605882574678157756,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2108 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2032,15099922688200908991,4605882574678157756,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2172 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2032,15099922688200908991,4605882574678157756,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2820 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,15099922688200908991,4605882574678157756,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3336 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,15099922688200908991,4605882574678157756,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3356 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2032,15099922688200908991,4605882574678157756,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5848 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2032,15099922688200908991,4605882574678157756,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5848 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,15099922688200908991,4605882574678157756,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5684 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,15099922688200908991,4605882574678157756,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5608 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,15099922688200908991,4605882574678157756,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5692 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,15099922688200908991,4605882574678157756,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5856 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2032,15099922688200908991,4605882574678157756,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4932 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | ajax.googleapis.com | udp |
| NL | 178.128.249.247:80 | 178.128.249.247 | tcp |
| NL | 178.128.249.247:80 | 178.128.249.247 | tcp |
| NL | 178.128.249.247:80 | 178.128.249.247 | tcp |
| NL | 178.128.249.247:80 | 178.128.249.247 | tcp |
| NL | 178.128.249.247:80 | 178.128.249.247 | tcp |
| NL | 178.128.249.247:80 | 178.128.249.247 | tcp |
| US | 8.8.8.8:53 | stackpath.bootstrapcdn.com | udp |
| US | 8.8.8.8:53 | use.fontawesome.com | udp |
| US | 8.8.8.8:53 | cdnjs.cloudflare.com | udp |
| FR | 142.250.75.234:445 | ajax.googleapis.com | tcp |
| US | 104.18.11.207:443 | stackpath.bootstrapcdn.com | tcp |
| US | 172.67.142.245:443 | use.fontawesome.com | tcp |
| US | 104.17.25.14:443 | cdnjs.cloudflare.com | tcp |
| NL | 178.128.249.247:80 | 178.128.249.247 | tcp |
| NL | 178.128.249.247:80 | 178.128.249.247 | tcp |
| NL | 178.128.249.247:80 | 178.128.249.247 | tcp |
| NL | 178.128.249.247:80 | 178.128.249.247 | tcp |
| NL | 178.128.249.247:80 | 178.128.249.247 | tcp |
| NL | 178.128.249.247:80 | 178.128.249.247 | tcp |
| NL | 178.128.249.247:80 | 178.128.249.247 | tcp |
| NL | 178.128.249.247:80 | 178.128.249.247 | tcp |
| NL | 178.128.249.247:80 | 178.128.249.247 | tcp |
| NL | 178.128.249.247:80 | 178.128.249.247 | tcp |
| NL | 178.128.249.247:80 | 178.128.249.247 | tcp |
| NL | 178.128.249.247:80 | 178.128.249.247 | tcp |
| US | 8.8.8.8:53 | 183.142.211.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 72.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 247.249.128.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 207.11.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 202.20.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.25.17.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 245.142.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 72.214.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 83.90.14.23.in-addr.arpa | udp |
| NL | 178.128.249.247:80 | 178.128.249.247 | tcp |
| US | 8.8.8.8:53 | ajax.googleapis.com | udp |
| FR | 172.217.20.202:139 | ajax.googleapis.com | tcp |
| US | 8.8.8.8:53 | 238.75.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 67.214.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 204.79.197.237:443 | g.bing.com | tcp |
| NL | 23.62.61.144:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 237.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 144.61.62.23.in-addr.arpa | udp |
| NL | 23.62.61.144:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 26.35.223.20.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| NL | 178.128.249.247:80 | 178.128.249.247 | tcp |
| US | 8.8.8.8:53 | 171.39.242.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 157.123.68.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 43.229.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 200.197.79.204.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 87f7abeb82600e1e640b843ad50fe0a1 |
| SHA1 | 045bbada3f23fc59941bf7d0210fb160cb78ae87 |
| SHA256 | b35d6906050d90a81d23646f86c20a8f5d42f058ffc6436fb0a2b8bd71ee1262 |
| SHA512 | ea8e7f24ab823ad710ce079c86c40aa957353a00d2775732c23e31be88a10d212e974c4691279aa86016c4660f5795febf739a15207833df6ed964a9ed99d618 |
\??\pipe\LOCAL\crashpad_392_VFYEZPEEMCNZYCAK
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | f61fa5143fe872d1d8f1e9f8dc6544f9 |
| SHA1 | df44bab94d7388fb38c63085ec4db80cfc5eb009 |
| SHA256 | 284a24b5b40860240db00ef3ae6a33c9fa8349ab5490a634e27b2c6e9a191c64 |
| SHA512 | 971000784a6518bb39c5cf043292c7ab659162275470f5f6b632ea91a6bcae83bc80517ceb983dd5abfe8fb4e157344cb65c27e609a879eec00b33c5fad563a6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 1e95e550b74e00f135d6b133edb881f0 |
| SHA1 | 59c8ed4316c81e512d2e308aada104d162dff8ad |
| SHA256 | 0d169eeaeb3568fcd9b4ef5a346baab2e50fcabb8d0e5b73bb49fba14547d694 |
| SHA512 | 5996431426cae6a7eda10579088f9241b235956645964898dfc2f7e1fa53ec0fec5a29a0855cb5f29a495ff00e48c02da2fa7ebafded0d186af241d96c279cb8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | cd83bb4edef067657a29ff1916b6e0b5 |
| SHA1 | 9f3a3cc8dcb2a445b06e0a503174b50823e26c2c |
| SHA256 | fcbb9c17d06a00e3d148d69d4bcae4c3abb7f05cea40cac951a9e85953b5ae59 |
| SHA512 | 0a965ee4b1b84b042ec19c04a977dd0a65f9cbef0760fcc8df42b485b79bf849c72742cda13bb3696869be1ed9abc5b1ec2b046f54e732cd8e1c7e4b3405c485 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | acf212aacbcf33c685801af77689faad |
| SHA1 | 80ebe7b81f122bb9593d2bdc774a1c35c0db9e89 |
| SHA256 | ce51e6921316cb431e0ffdf93c85dd33d6542c564156aa0b8857ce4b4d18d952 |
| SHA512 | f85c7ea791a5021f2c11ac757bfec5cb77f214c8ccd6e2993875ac1d2135007848da0a9e288d4cdd9d77bfcc8e93553706cea670781e873a1aed1233867fd473 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 206702161f94c5cd39fadd03f4014d98 |
| SHA1 | bd8bfc144fb5326d21bd1531523d9fb50e1b600a |
| SHA256 | 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167 |
| SHA512 | 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 1dea72cac1550383a8247b6f2580c361 |
| SHA1 | 11b5e4f373f4f4b5d24ef2eb39ea078a2983c529 |
| SHA256 | 6dbc7ef669ba51db5e902188bd4aca6ec0d5b87080f1a0f1324ed5443e82dcba |
| SHA512 | 0c77392ae2b7177a83e436814e2b0f0bec9e5fa2874479488d3c9844212a32f2630dbc18cbf9dcb180c09a4d8e15f1f383463fdff7c15a50eb4fd2e7fdf5f135 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 87d6a1372973ff553406a36210e2fe8c |
| SHA1 | 5624967d3f326d2d79110cf422af3c00cf2be998 |
| SHA256 | b49a5ecd79e295aaef628a7045eeb316e255a492becdfa20f4bed5acb675bbdb |
| SHA512 | 42cecd68e969d9a0ed51053f49f781a7bccd608adc6b9a3a328a324435b8dd24b80b6ee377652060c7589a4625b5dc64f8dc8ba7b46acf09696df82600769636 |