Analysis Overview
SHA256
1597a80fe5008487d4cc07afd1c192dc87b83cafb7d7a2be4c53ad39d97ccd27
Threat Level: No (potentially) malicious behavior was detected
The file 8044f3ea04c30529b56746020abad6f9_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Modifies Internet Explorer settings
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of FindShellTrayWindow
Enumerates system info in registry
Suspicious behavior: EnumeratesProcesses
Suspicious use of SendNotifyMessage
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-05-29 09:31
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-05-29 09:31
Reported
2024-05-29 09:33
Platform
win7-20240221-en
Max time kernel
120s
Max time network
134s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{2B61BA71-1D9E-11EF-9A09-E25BC60B6402} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 7021af08abb1da01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000031117d521951d2409d14163b06434101000000000200000000001066000000010000200000000127c7e6231ec54fe19408aef81bfc03180c315ffadc0c8e360f712a2c5feef7000000000e8000000002000020000000df9a928be50d58a160e4ef17456d250217536e22b917a8cbd781611ee8e6d1b62000000029d7958f9ad58758421a0a3c025098011ed9fe575f474d29c8644ada3815308140000000822d507788f434728e48cfab9b96e8d2402da722df0381a1a514f8296ae22496dea7a3256548ff7b3e8533c2d2b6469f14126a4c8f890300d18c570b00a6d330 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423136934" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000031117d521951d2409d14163b0643410100000000020000000000106600000001000020000000098c111353758e46d7198aa176166415048e01e349a569ff0effb10dad9ce30a000000000e800000000200002000000026b6108d47678c8339c571a0b29faf1703dee52d1978f01d7140819cc43989a690000000904d53a7d8e0f2dd5499d41f71b02b876bd420fa740e9ddc19fcc5b339404ff11aa5ecb48e563ddb75fb334ce3dc1b6dda1f00ee0676438a0f6c8ad1b231f9aeefafa7f5fdf60c422e250f808037ed40ac12341d2ef1ec08bdb81b927ef6fcccb9e42e19dea4c840905d7871c0fe78bfec510a02d16ec1d53418a06dfe35b2eb031e06ba38a780373bbd399452ab09ed40000000c80031f36b565c75d8d30a1e998d4e7a3bad8c282c4083f009b35428d37692db16d62ad93c97531d7765312d6e16d0ddc6968b23a1fe2d74b8ab7bf0171fab7e | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2752 wrote to memory of 2632 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2752 wrote to memory of 2632 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2752 wrote to memory of 2632 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2752 wrote to memory of 2632 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\8044f3ea04c30529b56746020abad6f9_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2752 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.noticiare.com.br | udp |
| US | 74.48.108.217:443 | www.noticiare.com.br | tcp |
| US | 74.48.108.217:443 | www.noticiare.com.br | tcp |
| US | 74.48.108.217:443 | www.noticiare.com.br | tcp |
| US | 74.48.108.217:443 | www.noticiare.com.br | tcp |
| US | 74.48.108.217:443 | www.noticiare.com.br | tcp |
| US | 74.48.108.217:443 | www.noticiare.com.br | tcp |
| US | 74.48.108.217:443 | www.noticiare.com.br | tcp |
| US | 74.48.108.217:443 | www.noticiare.com.br | tcp |
| US | 74.48.108.217:443 | www.noticiare.com.br | tcp |
| US | 74.48.108.217:443 | www.noticiare.com.br | tcp |
| US | 74.48.108.217:443 | www.noticiare.com.br | tcp |
| US | 74.48.108.217:443 | www.noticiare.com.br | tcp |
| US | 74.48.108.217:443 | www.noticiare.com.br | tcp |
| US | 74.48.108.217:80 | www.noticiare.com.br | tcp |
| US | 8.8.8.8:53 | noticiare.com | udp |
| US | 74.48.108.217:443 | noticiare.com | tcp |
| US | 74.48.108.217:443 | noticiare.com | tcp |
| US | 74.48.108.217:443 | noticiare.com | tcp |
| US | 74.48.108.217:443 | noticiare.com | tcp |
| US | 74.48.108.217:443 | noticiare.com | tcp |
| US | 74.48.108.217:443 | noticiare.com | tcp |
| US | 74.48.108.217:443 | noticiare.com | tcp |
| US | 74.48.108.217:443 | noticiare.com | tcp |
| US | 74.48.108.217:443 | noticiare.com | tcp |
| US | 74.48.108.217:443 | noticiare.com | tcp |
| US | 74.48.108.217:443 | noticiare.com | tcp |
| US | 74.48.108.217:443 | noticiare.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\Cab845F.tmp
| MD5 | ac05d27423a85adc1622c714f2cb6184 |
| SHA1 | b0fe2b1abddb97837ea0195be70ab2ff14d43198 |
| SHA256 | c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d |
| SHA512 | 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d |
C:\Users\Admin\AppData\Local\Temp\Tar8473.tmp
| MD5 | 9c0c641c06238516f27941aa1166d427 |
| SHA1 | 64cd549fb8cf014fcd9312aa7a5b023847b6c977 |
| SHA256 | 4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f |
| SHA512 | 936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\Tar85B9.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a9725bc71a785f1ae9c2e057fef87d8b |
| SHA1 | 30e3fc650fab2575dc61a04ba081e3113127cfbc |
| SHA256 | b87952d9ffbeb93365db274f6eefff5be3ae7258007d5812ca688b0f09801cc6 |
| SHA512 | bd145a87d83a58ba6e16e6768585b52f3c59e850fbc8ee654ab4d98c629ce228c83c9f91baff9671ad164e3b2e8bc7004f0300f9b0e8fa00db7c7a203f146802 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c97a1fbe0acf8fd1fe7b3a249cc903c8 |
| SHA1 | bf9ce8cecf23e2afcbb584bfc616cd4f9dfb284d |
| SHA256 | f114cede79177f3e2a3acf3e1733e0d7d4a39e5b84d7e23565507d051bdb210b |
| SHA512 | 42fe0b34557ec525863462f8f0d08fe330b42fb3cf82eed3eed26fa8e763b4c8e92b92cfc9a190c7af7c639d95d28e0fe799ed81ca26e3058a8b5c44c7b6737d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f9ebf06b77b73cff19742c098660189c |
| SHA1 | 78e72fce16d76b1e860850cc3726d1eb4abcfe89 |
| SHA256 | 0c140332f69c1c0fd39f7c6836985b9f04332329d97311a5de67c625a28a2983 |
| SHA512 | 2c64a65fc3b790042d4aed070baea81f188ca99a9716b6f690a1036aaff6bce24410e7cd5177a98bc11fc044c9eb65b28e95e19344ff84942160e0dc80538abe |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B2FAF7692FD9FFBD64EDE317E42334BA_2DBE917624E9880FE0C7C5570D56E691
| MD5 | 5fd201dc95a701ea7dc08b60c9e7e97b |
| SHA1 | d687af1cff219dfdb42090a25d5e3e26012a1cb3 |
| SHA256 | 2cae6e6f0ce1336c25e5b18581ccfbc0aff653a1bf4768714f254378fdfae06a |
| SHA512 | 868ce57459b981594ebe4ab2ee7512e84fe932cda564dbd68b1d68074e0633be002c552c4b27a5980e1532f545d1641180ade70340ed269476680da704f67a50 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B2FAF7692FD9FFBD64EDE317E42334BA_2DBE917624E9880FE0C7C5570D56E691
| MD5 | fdc40ce9c0a0730621ef9edfea706570 |
| SHA1 | 298672f7a54c8e7e2099192be83ae56ab007d2c5 |
| SHA256 | 4ab7ecca111595a780f8f38469f3ad0f90fb7f31fd2726063c46df94c988a53d |
| SHA512 | 7cdf90afbda2ea1cc9d587f6bfc31723138e67ebce1703de6ec0e200da7f45512b6a66ac935b7246930dce41aaac03f8c756c656abc254ddcb242bb7e3560117 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\5080DC7A65DB6A5960ECD874088F3328_862BA1770B2FEE013603D2FF9ABEAFDA
| MD5 | c6ce6c78bab10ca28301811e74a637fe |
| SHA1 | 7fea64b453de529f2b6f81622bdccb1e8afcb3ed |
| SHA256 | 3ef922da34d0eb4b860f22a07c5fce4bcd0484719409516900361db6ff9802b3 |
| SHA512 | ef08893357c049a20e95c6a7b095bbfb5bd506478cf299c747f0d6323225d9d263e50f148d9f5562a908890896780bdcf3492b2a4f643a58149856e86406f0ad |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\5080DC7A65DB6A5960ECD874088F3328_862BA1770B2FEE013603D2FF9ABEAFDA
| MD5 | 27359a8a5490080dd0fce04b72427add |
| SHA1 | b6549a6b0b9a7e2f76d7b9176aef175c5a7dadd0 |
| SHA256 | fa040843fcd1d5e3c429f6f22b4bfd6d533da267176ec78c45fca66b5269b6ad |
| SHA512 | d88c70cc8448a66b630300ba47fc8a7b5e477b107701475cae042fe3824f12256ac469bf7f668933d047fa367e382c667c7afc12b32ea0af9f25b8e32a676103 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\5080DC7A65DB6A5960ECD874088F3328_862BA1770B2FEE013603D2FF9ABEAFDA
| MD5 | 6f652bafbcb865fced2933fd744e999a |
| SHA1 | 6a3341887634c9da6690617721ce305f5ff1ef01 |
| SHA256 | 7d06bcdeed34e033e585fa0a89f6f9d42f73af732aadd72bbfef112ec3cd8f90 |
| SHA512 | fa3ab9a73b893230152468de7ee4f8a8db56ba44c1db51ab6de36eac48b749f6a641a8bf438ae9f5ae91bddfdab6bde04eff84f04969d158a628462d28e69226 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9M0HR0P6\TCVQR5Y6.htm
| MD5 | 63535f9fefed453c637d865cd420b0eb |
| SHA1 | 5a8ca7bde57818b90094b5e2f0d59924be4c1456 |
| SHA256 | feb2efda0d4dcf9304e4ef88c87b3ca87eee4fceedfb33dde7646de1864cf0f5 |
| SHA512 | 83b0bf4db3904ceac2266fca940a46df875969f543da271a9da797319078de01ef06a46c1b0e1697a8aa2ef4791ad06c8bf5b4b21ef60075b9bf0bc3a7b5f210 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\L9PN2QMY\UBT7FHSU.htm
| MD5 | d9a8417c08d36132a02df493d5838b9a |
| SHA1 | f5a6a891cfcffae1fce6b8481da27aeb4228332c |
| SHA256 | 4d458f0efc12c349369d3344047e1f6431a1234d8ff04197e82c3ad331c6386d |
| SHA512 | d1aa8d08b513cccf5f2fe75df1090280b8723527c9b64ff93fb1a004de1f9252ba50b87376f8bc9526e7389b857b584f79513042958bc4e7ac71ce7493d6dcbb |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3df72865bddcaca6ed3adaaf523b27c6 |
| SHA1 | 39fe67c6002e9cc5c935495b97e1c3154982bf3c |
| SHA256 | 91f612dffbd53313f308c8a741c0b816df77479f5fabe6c6922cd9ea60eac792 |
| SHA512 | c43eb7eaef9331e896d12af0643945268524920ad640dca9b00eaef9d633cc3b7affb37d80c2b4b7a4459aa32442346269f465318e72aa4126895f04e09353f9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d85d49e139c79f62b4a37ca932347a75 |
| SHA1 | bf51c516cec9b3cc3a7c01e54a94d542e7b6b04f |
| SHA256 | 6aeba9e55c661fbadf7485debebe7e768a3b2b1219e7459522c5029232216f7a |
| SHA512 | da3284f923d28df0757ebe65b336ec97a57c8e590a6041e6cc5b986e73d14843fb4a484b85bdeaea9d9875df64c785919990933fbb5cb1a3ed90c1b726d823d1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 039c2c1e2cc9f02333b15a66fec7da36 |
| SHA1 | 7a93086e6b4480d15b0d06924e93abd999788d25 |
| SHA256 | 0cef5f55d37949589cb67d5e60ff45bf6e9633ad0881e01a4c686ca606e590ca |
| SHA512 | b136c919b27831c3d427a3ad52cdaf4845e9534a07d75fd4cb2c54bf9a31bfb2569a2bb4d68a67c888c3f1a8b7c355a0dfccbc3503c1845c0a6559598afcd0de |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 144e61322e19d14fdcc9b93abe26c18d |
| SHA1 | 9fe72982b4726622f920414928632f023ccd30d2 |
| SHA256 | e530125af39aece97369fec153c2dd2dba49cba187d779969c3f285c068dc3ff |
| SHA512 | 4f8ccaa831eac01db7bb1cfe62a0edbfd30cbea5f35120920bcaa50380b10a98b3520fdab79257a0baa4bf76238ede914d7b229da448c8ffa90a2f36382dfeb2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ddf1b6413058827817a379170c909e1a |
| SHA1 | 235ad0fb3670791fdf12dc90516a70ac067d159e |
| SHA256 | 1861e21c4d0d51b54afeea8aeb91dac6fb20bbebc495fb1263c2bf72af13767c |
| SHA512 | c140f50e8f4575a5c683866839aead708848428f38498f208fc4a61ae0405147e685d34b7dc39c035da8d744010b317862660f420ce8ccd19721af42f3d26b70 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 070bb99227e37597ca586c6fffdf0752 |
| SHA1 | fdf6e5cf9cd74f9343bb66d68f10fdd6dcf08332 |
| SHA256 | b30522301c31263747eefe6ff36e8934c75f80f9d05ccc59f94811dbacc4c521 |
| SHA512 | 507cb40d8e3620fd017d6a63509b149e3c6742b77a5a80d14c1cfd212a3383a7a52f2a8210e4aefa78b155752dac38ed2e90468cd70a19875c224fdd77aeb0f4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 88a62448bc638b99126ef4fac4db2119 |
| SHA1 | a2d3d7e6bd4e8fc8e4c089f0592c7db872fc89a1 |
| SHA256 | d062a39fd2db05cb7f3b6c3e35cdbbb27f2539bffba078bfe7a63b758f82b352 |
| SHA512 | 3d222e564a97e507d4c00adfc2807863d187c0d1d2ee497601f79f496551932e757892f9d43d6c348bc9c6cb53df0e11282f7335607e6fb6eef98fdceb0983d7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ed24a2a69db12480a0540b6a58df7fd1 |
| SHA1 | f8ca7c83acedf0d5856ef166bad432283d6c5a03 |
| SHA256 | a0f6893bc258a92a8d9fdaf6aab01399235c1be97f99f1166f5b0321ad434202 |
| SHA512 | 26a856168796b91a3f0d7fee120fa2a929b3d178dc7122151e509e2f9c89341f3cd7597d1200639653de618b3c9c02d88ac792d41332855de9b9c78735a50a9a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 23eb492905e35dbf3c2e3cfbd4f7da26 |
| SHA1 | 5bcca1e12ba9f4ac2dae29c99c810a6d2c81ada7 |
| SHA256 | a73a139dba7aba05dd6d0dd75350beae635296169aebb8ab0cbc1c269e4fc462 |
| SHA512 | 8d6c20dedb608c9a2c17f0c137ed177020aa0807e75205300294306e5988dc2704786b31b19b580aa094847f46cfad60848a90fe94e98e05c8634005f0e58f88 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 99d9a94c4dbac75c2b2f6daf2524d1f1 |
| SHA1 | b26639ded18d8581a2f28f0d2d8e363faa62c8f2 |
| SHA256 | eba76b29d4216a038103973d77695b074333db097e6852eeda94b52e59337cc1 |
| SHA512 | 8c4f146654b353b6dd3b03ef85255cbdf6f504f31262ffcb09086fa3e76e2f228d2872c4778b1ee5b31c2b5ca31bc98fd9b73ab4b65d4a8178aae335398392c3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | be1fc9e01014b4c4b85d92df764d5e60 |
| SHA1 | a5bf4b448184622030c458dde9389fa5c5934fc2 |
| SHA256 | a72805c3dcb1daf0a00f300fa5d54948d60fd7db972552477d3bd99862350939 |
| SHA512 | ca33b0213fd4c1f29fbc2b00e9dab0d4a64c66d8ccc928e85ed7bfd0b20931ba21087093676edf7d968c65409dbe45d714b67f6dce246569f560cbd9a2e65f17 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 43dc8648332286f17aae32a623ab2e61 |
| SHA1 | e406043577159a92431d7ad66cdfb45ba66e4da6 |
| SHA256 | 57193f7042b0f4e76587dbff79cb579ab953a58146c76055993eeb11583e4640 |
| SHA512 | d7dbff4afa8cb443258d74650aa75e994397b9214cb19f77f4264952f51314bc00fc58e9e6d1d4247fa92bf5529d2f867d39abd639b3405296702f8e81e84dae |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | 6847218f59d8de5420315669c113d458 |
| SHA1 | b1ff5ef1493282242fd9e61ec1e2bfd98b16a05a |
| SHA256 | e2f7c5300fadb37d5bf2678a15e787d58f298ec59b212aa6e6aff823cb28150f |
| SHA512 | bb88b404f74d26fd2e36f612a84d9caf89590c860a03769c31c3e9e0888f11aa5b6227057f0209bc14f5029db1a9fecc92fffc8176e9ac930992fb6aa4f653e3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | a266bb7dcc38a562631361bbf61dd11b |
| SHA1 | 3b1efd3a66ea28b16697394703a72ca340a05bd5 |
| SHA256 | df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e |
| SHA512 | 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5b8899e17625650d84d83c5b4aff47b1 |
| SHA1 | a1d8b3b0079828057d53798d1dbd7c8938391983 |
| SHA256 | 37288658407a9b02728ed13d1c45120052ab75db8c42ae20df40b30368a58376 |
| SHA512 | fd3bfac4f622903269220871aa2c0c7d99d882521606b5b4e9197781baa54d1be040fc1faad8c1b302046088d266ccfcf9623800df1e02d8336cbba38f6bab81 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 416fc545afeab8990800786e4a5adb14 |
| SHA1 | fafc9ad2d7b9c8420143ef9737966a602b8f31e7 |
| SHA256 | e932ba5fa1bcf842eba7f58f5e2f1929659c2921885bba0a4dcfd769c9096e2c |
| SHA512 | cbbab5c97eed9419cddc0d76bfdb35119fed7993edde61ad905a0eaf0d793c622113dad3f5d1db10a20999c17f38439c73e33800d4990c34b9e8555007d92ca2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8e206a4d4cac3880a1735796f40d3dda |
| SHA1 | fc21aa1eace9ffdfe9bb893e904078e63a1f5a23 |
| SHA256 | 952b756efe9d3a6f87b5b6784dccc6e7608d46968edcb5f1aeaa2e93fc68f931 |
| SHA512 | 1f579b7129f078188d8cf549112f3c12dea6f2e157aaa9fecc1b84ccab68656a5fcf486e2ace44788c0ef16e28584b6a73be109f5cbbe7f123cc946025239d67 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f7df1f2532fccbf491af2558603a76e4 |
| SHA1 | ce7020ae964d6670dd306d6b9d48a3e8e2c1ef6f |
| SHA256 | e28f067071ff13623296f39d3bff5d2d3a24f6f9018c6849ddc07a2ac5e7eec1 |
| SHA512 | ebae1ac67789d82509b5ad60333dfa331503004770ac8b5c81be8a30b6df6525d787ca0f7323b4df8c1c7a3be043e84ae3f2729236b8aa0302584387affb2e77 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | e4a68ac854ac5242460afd72481b2a44 |
| SHA1 | df3c24f9bfd666761b268073fe06d1cc8d4f82a4 |
| SHA256 | cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f |
| SHA512 | 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | 43844ca1841083096e86e4fbcb574794 |
| SHA1 | a31308261ab03d55afd13d866234e1812ef1d1cb |
| SHA256 | 695cf2c0ccd01d6f9351a004519cc5d217e583207bff9b1b4305854613c21592 |
| SHA512 | 19417e03744a24aaf73781521e28d6719260bc9932dd95443678dd078b3f6e779ac8a2e7ad8a5dc9973a9d217c607c3eb392a60d1a37f45016d55178d5457a5f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3e383be773b6f32ce163612b173e5f8e |
| SHA1 | 1f4422bef15637ef14dfbf0b6093ed73397825f9 |
| SHA256 | 38ed1fc4df4bcc6b70f10a29c97c48c65279127b59d80e054b6b6ae0cb736947 |
| SHA512 | b840751b1f155f0d14d19c1c833de72a0739abc510a8bb80525a39a5cdfcdb71ffcd4a497dfc90a4982fd0f2f43c5b1c8133c9cfa2e8c1377d28d23c6991bbb1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5629fa4a33c1f18fb6ed8c8cd717a8d4 |
| SHA1 | 32da732af8331ffd6b81c79ca95c7f7b2b8bef61 |
| SHA256 | d218ddeb7c7f8939613138160652ef667e3a5b64d36369041e9ee2a38be3ce76 |
| SHA512 | c7b3c004f9e26112ae001f12d0ce45f439e93d9f6e8245dcffa51592743a9848c7abbfa73421c01adbb792edf4e971611171522a22edf5c7e08df5737ecabc86 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 697e3f482395f628c62bbcd67c7c354a |
| SHA1 | 653019fdac64b913cf3e65d875430ecc1f6ecc25 |
| SHA256 | 12ea90b8077f37a80d9be33a35c991ce76d30e882a11eeb42662017347990d65 |
| SHA512 | af9343503eea33a46ccae2acad1edc26dcd0a1c004f1bb3736f54ec68f601e0b8118090cd3ab2283ade42a24c2bd7bb7ce51d5d62d62780270b78c048f23577c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 177a976398d957c833e3278b2eb4ce47 |
| SHA1 | aa36a7f96d08e75c2926435be028dde1be02e90f |
| SHA256 | f92f288489457bcd0f9c2cedadade3d74d0b383dfa056c2e90c7229356722603 |
| SHA512 | 0be8ecff47ecd6e5efa84821e3fe2e449277cccc9d4030c3123a28f9830ad27d17deadb956003248876f26ee83e8d43039d07ef502bf0909f4b7e0f54865c1c4 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-05-29 09:31
Reported
2024-05-29 09:33
Platform
win10v2004-20240426-en
Max time kernel
145s
Max time network
149s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\8044f3ea04c30529b56746020abad6f9_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffbaa6046f8,0x7ffbaa604708,0x7ffbaa604718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,10272920918974839813,14991955012644511087,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2116 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2100,10272920918974839813,14991955012644511087,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2168 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2100,10272920918974839813,14991955012644511087,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2844 /prefetch:8
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,10272920918974839813,14991955012644511087,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3328 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,10272920918974839813,14991955012644511087,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3340 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,10272920918974839813,14991955012644511087,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5360 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,10272920918974839813,14991955012644511087,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5388 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,10272920918974839813,14991955012644511087,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5864 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,10272920918974839813,14991955012644511087,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5864 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,10272920918974839813,14991955012644511087,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3224 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,10272920918974839813,14991955012644511087,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2624 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,10272920918974839813,14991955012644511087,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5804 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| FR | 216.58.215.42:445 | fonts.googleapis.com | tcp |
| US | 8.8.8.8:53 | s.w.org | udp |
| US | 8.8.8.8:53 | www.noticiare.com.br | udp |
| US | 8.8.8.8:53 | 28.118.140.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 5.181.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 0.204.248.87.in-addr.arpa | udp |
| US | 74.48.108.217:443 | www.noticiare.com.br | tcp |
| US | 74.48.108.217:443 | www.noticiare.com.br | tcp |
| US | 74.48.108.217:443 | www.noticiare.com.br | tcp |
| US | 74.48.108.217:443 | www.noticiare.com.br | tcp |
| US | 74.48.108.217:443 | www.noticiare.com.br | tcp |
| US | 74.48.108.217:443 | www.noticiare.com.br | tcp |
| FR | 216.58.215.42:139 | fonts.googleapis.com | tcp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 217.108.48.74.in-addr.arpa | udp |
| US | 8.8.8.8:53 | noticiare.com | udp |
| US | 74.48.108.217:443 | noticiare.com | tcp |
| US | 74.48.108.217:443 | noticiare.com | tcp |
| US | 74.48.108.217:443 | noticiare.com | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 209.205.72.20.in-addr.arpa | udp |
| US | 74.48.108.217:443 | noticiare.com | tcp |
| US | 74.48.108.217:443 | noticiare.com | tcp |
| US | 74.48.108.217:443 | noticiare.com | tcp |
| US | 74.48.108.217:443 | noticiare.com | tcp |
| US | 74.48.108.217:443 | noticiare.com | tcp |
| US | 74.48.108.217:443 | noticiare.com | tcp |
| US | 74.48.108.217:443 | noticiare.com | tcp |
| US | 74.48.108.217:80 | noticiare.com | tcp |
| US | 74.48.108.217:443 | noticiare.com | tcp |
| US | 74.48.108.217:443 | noticiare.com | tcp |
| US | 74.48.108.217:443 | noticiare.com | tcp |
| US | 74.48.108.217:443 | noticiare.com | tcp |
| US | 74.48.108.217:443 | noticiare.com | tcp |
| US | 74.48.108.217:443 | noticiare.com | tcp |
| US | 74.48.108.217:443 | noticiare.com | tcp |
| US | 74.48.108.217:443 | noticiare.com | tcp |
| US | 74.48.108.217:443 | noticiare.com | tcp |
| US | 74.48.108.217:443 | noticiare.com | tcp |
| US | 8.8.8.8:53 | 50.23.12.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.23.85.13.in-addr.arpa | udp |
| US | 74.48.108.217:443 | noticiare.com | tcp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 30.243.111.52.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 4dc6fc5e708279a3310fe55d9c44743d |
| SHA1 | a42e8bdf9d1c25ef3e223d59f6b1d16b095f46d2 |
| SHA256 | a1c5f48659d4b3af960971b3a0f433a95fee5bfafe5680a34110c68b342377d8 |
| SHA512 | 5874b2310187f242b852fa6dcded244cc860abb2be4f6f5a6a1db8322e12e1fef8f825edc0aae75adbb7284a2cd64730650d0643b1e2bb7ead9350e50e1d8c13 |
\??\pipe\LOCAL\crashpad_4856_XMCUTBUUXEHJMQIB
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | c9c4c494f8fba32d95ba2125f00586a3 |
| SHA1 | 8a600205528aef7953144f1cf6f7a5115e3611de |
| SHA256 | a0ca609205813c307df9122c0c5b0967c5472755700f615b0033129cf7d6b35b |
| SHA512 | 9d30cea6cfc259e97b0305f8b5cd19774044fb78feedfcef2014b2947f2e6a101273bc4ad30db9cc1724e62eb441266d7df376e28ac58693f128b9cce2c7d20d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 9c06f1e0d1fc950b914e7df852b9b85b |
| SHA1 | 3cf3dada95bba3a84c64e99c7aca06bade9bec0b |
| SHA256 | 6329d382c0dffcea1bdab8e820ab5303d2e8c443b4dd20f1fa6f45a28b1118c5 |
| SHA512 | 789225f669f081c5748a338ade8c7bc441b80cda01f88fa0022c42558b472596a76237a0c38b4640042d8949fe36d3be027d14217e5060e695ddd5c060778d93 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | bc03cd5ef3a5f622c9bb36a86e9ac1cd |
| SHA1 | a7d7fd73df984fb3adf1f3a11e31cd83afdd9f41 |
| SHA256 | e72a1d4acc3e9276b1d17b1aadd027f1ef0ac65c01083c27916e661ff249e7fd |
| SHA512 | c1e304c4127f6dd1985a6c3128c32e52ae84cc6eff82657351753628253c232624723801cec2d3ebd3bac2d6707f0f1fdceb779422e3c7b93c8572d840f1c0c7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 2cf5c0752a7fb29f3124fd6a01e1ff26 |
| SHA1 | f615169f375f0d3f5dbd52db97331984b986f7fd |
| SHA256 | 37f1fc0caeae3657c5686ab40858eb691bbad5deaa475e1880fcfab5b0f88516 |
| SHA512 | 318b511e94572791aae2c2305dd4c9bdc70ad22d3538ac4eb772e39cbebb25e6ccc5345c97c1909faab9aa1ec97deaafb289cb53d63e706ddfeb6c904a75d72b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 206702161f94c5cd39fadd03f4014d98 |
| SHA1 | bd8bfc144fb5326d21bd1531523d9fb50e1b600a |
| SHA256 | 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167 |
| SHA512 | 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 6b4ea3d0a160360eedd81427109ad0ba |
| SHA1 | 3a4b3813ba416e440b900099753650762721d4d5 |
| SHA256 | 087c396a4ced61708d203ebc9dcfe36e6616a01da7f13c29d55c481f5c2f83b2 |
| SHA512 | dfe888b389a859dc45366f11a7b5d53c8f9bd930cc78bbca1131cf149eb48ad412cd9829876fcf4301c6546454162ac043917a63a8ae3461de402d19011e8c71 |