Analysis Overview
SHA256
22b57343bff2f7fbde166fb588ba04b617e69f71632a785be67cd058edc49a1f
Threat Level: No (potentially) malicious behavior was detected
The file 84626b42bf762b7541ce8d47fe56273f_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Suspicious use of FindShellTrayWindow
Suspicious behavior: EnumeratesProcesses
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Enumerates system info in registry
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Modifies Internet Explorer settings
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-05-30 13:57
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-05-30 13:57
Reported
2024-05-30 13:59
Platform
win7-20231129-en
Max time kernel
121s
Max time network
130s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{89851E01-1E8C-11EF-BDEB-D6E40795ECBF} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423239310" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000647546ef9c4bfb4880b2e087f279c71f00000000020000000000106600000001000020000000f7362739ed0a197f190e8c7cb4715f8a60fa4acef5a5b452650fe07511b2a8db000000000e8000000002000020000000711efca0a8a589f8ae0aa6624ff54a9cc3fb3b242b1e28e32cf255645ba428be20000000098fe4454ae816bc7758f9fedae209c1c42114ecd2f7c01f47770e307ab7c29d400000006706c7d0cfa304c088629fe85067a5d1f4d81560de53ed60497f8e12a4cfa25acf8c93e64f71f2ca48354e1e21f044aa818c760cc6adcf9e074701e3011960a4 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 20302c6099b2da01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\FaviconPath = "C:\\Users\\Admin\\AppData\\LocalLow\\Microsoft\\Internet Explorer\\Services\\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000647546ef9c4bfb4880b2e087f279c71f00000000020000000000106600000001000020000000b117edbd57317596de8f12f67c434fa70475d14da726d77b6404d35066346d7b000000000e80000000020000200000006e37f3f01c33c6810d5485ae68b72353aa24ecc3104036af1f46b3749f0724b590000000438f60d1dcc9b0071b0ddb06bb4553cfda8aeee831125e453a508d7916e8e0565c9f22152438d52a11bdbfd6120d1427fc24593232688650f54a0045dae06d35cd7065f0df6502b30adb3288ffdb3184aa6a14ad1bfd9da718c17ca5ced73dcfe2bba0eef2f25a443d461906765989e5f5a504a6b3c11178368866206821296ef6704abf1424a57d44f692d22615b3ab400000002a5019db6b89a89a6584acaba051c18d13b6a8957134ceff4ce198ebc5c6a9f30827696510a1d9a03d2c65c6940c41550e37159a6caf66516acacda0046db235 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2168 wrote to memory of 2868 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2168 wrote to memory of 2868 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2168 wrote to memory of 2868 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2168 wrote to memory of 2868 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\84626b42bf762b7541ce8d47fe56273f_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2168 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | coinhive.com | udp |
| US | 8.8.8.8:53 | www.escortconrecensione.com | udp |
| US | 8.8.8.8:53 | code.jquery.com | udp |
| US | 188.114.97.2:443 | coinhive.com | tcp |
| US | 188.114.97.2:443 | coinhive.com | tcp |
| US | 8.8.8.8:53 | pki.goog | udp |
| US | 8.8.8.8:53 | pki.goog | udp |
| US | 216.239.32.29:80 | pki.goog | tcp |
| US | 216.239.32.29:80 | pki.goog | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 151.101.66.137:443 | code.jquery.com | tcp |
| US | 151.101.66.137:443 | code.jquery.com | tcp |
| DE | 173.212.237.235:443 | www.escortconrecensione.com | tcp |
| DE | 173.212.237.235:443 | www.escortconrecensione.com | tcp |
| DE | 173.212.237.235:443 | www.escortconrecensione.com | tcp |
| DE | 173.212.237.235:443 | www.escortconrecensione.com | tcp |
| DE | 173.212.237.235:443 | www.escortconrecensione.com | tcp |
| DE | 173.212.237.235:443 | www.escortconrecensione.com | tcp |
| DE | 173.212.237.235:443 | www.escortconrecensione.com | tcp |
| DE | 173.212.237.235:443 | www.escortconrecensione.com | tcp |
| DE | 173.212.237.235:443 | www.escortconrecensione.com | tcp |
| DE | 173.212.237.235:443 | www.escortconrecensione.com | tcp |
| DE | 173.212.237.235:443 | www.escortconrecensione.com | tcp |
| DE | 173.212.237.235:443 | www.escortconrecensione.com | tcp |
| NL | 23.62.61.90:80 | www.bing.com | tcp |
| NL | 23.62.61.90:80 | www.bing.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\CabCFC.tmp
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\Tar100D.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ba842dedaf1b8e74715c7103b480fccf |
| SHA1 | 6f3887f110c6f1a69b227e69feb26b806468c69a |
| SHA256 | dbe89e14389899e4d50b5b63ff13c7633b5f284925ae61eaa240e93ac49443bc |
| SHA512 | 4eced0433ed4456ccee267f92b5f5d6a7c4d53d3d0aab3a4423eb6c944bbc5e018539b99d52c66481bcb0bc05b3f5279290bdab900db8036b09565a472da50be |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | a266bb7dcc38a562631361bbf61dd11b |
| SHA1 | 3b1efd3a66ea28b16697394703a72ca340a05bd5 |
| SHA256 | df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e |
| SHA512 | 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | bd9cc0f1539385b59ca33cdb7593b66c |
| SHA1 | f7f69c5dec721c7c752523e1df04991034bda756 |
| SHA256 | cf62999efc4431df11f431cd24720a55696ee1c42d7eb160cc6889ba8734abd0 |
| SHA512 | 0d5d0a9fa090005ae762191a9c82d847ffb8f195a1bacc6785003b8be8d3dec955372e9d06179306cd911404c1253a50ade0c595862986ef91d5a378f4dbcbc5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | 6c80ca1ec0be3a09a3eab0501f299633 |
| SHA1 | 75619bb5e69268bd04c5dd36e9b4a37e2e16aff9 |
| SHA256 | a889a2b20c8a08aced2ca17abc35fcb500b1503dab42c56c8c765fe1115fcc6b |
| SHA512 | 2f6ce41e0f77f81811bf67e871091cdd689000a2a6c7244f670c36ffd062378238d466940357dddfd924a12a17849a1ad33053108b5e6d6d1b3297d990b9fa7c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\265C0DEB29181DD1891051371C5F863A_05B056B983E25E9B4D43BC3D9283D686
| MD5 | 18229f8b210f9744b1e80621fe758306 |
| SHA1 | 607dfd6e2ab770baeda06a7846ea5d6a153ae6c0 |
| SHA256 | 525bd1717e28362522b4adeff2fe009b1d60e3347a0011591b65bfb760b2791b |
| SHA512 | 96f44676d5a612190f467e1d5f60d63194839afbd4901d47fabd90c189f14a4c5d5ad33e7e0be075488b51ec13a28f58b5c6bf4e13ec7802a40cca245b6548cb |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 67248d7156f871b3df776fdd5e25d61d |
| SHA1 | cdd4e02cf6025a006f2cc4834ce91f460a9a2604 |
| SHA256 | 5e38a9d44ba95f2a783e27caba240a8abc2f707859e5cd78576a441ec9c0811c |
| SHA512 | 2ea2ec1bc5b88b92bc5a927cb80222b1f1d87ee4ce0a52b5a3eeb51612439f2d6b27579d5b5816656a7a7a269a7298ce26d8e43350d3e7b1e539577f1718c524 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\103621DE9CD5414CC2538780B4B75751
| MD5 | f005454bd4e8d02faeac3dd5d76c3975 |
| SHA1 | 7c364e26143bcd213b5e595acf6eb0fca614388c |
| SHA256 | 118f7f40dffa13825f3023e3b3ea512757a66772912b40149dea1fd69dc60c14 |
| SHA512 | 16b31896c232ee7116a0e220210807c55959c8b03a21c140e6e817ffa04e2632bef64d451609cbfd11c21be2b0d60729b3af27e07c3183b964119a7e87a8b5f2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\103621DE9CD5414CC2538780B4B75751
| MD5 | 822467b728b7a66b081c91795373789a |
| SHA1 | d8f2f02e1eef62485a9feffd59ce837511749865 |
| SHA256 | af2343382b88335eea72251ad84949e244ff54b6995063e24459a7216e9576b9 |
| SHA512 | bacea07d92c32078ca6a0161549b4e18edab745dd44947e5f181d28cc24468e07769d6835816cdfb944fd3d0099bde5e21b48f4966824c5c16c1801712303eb6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\103621DE9CD5414CC2538780B4B75751
| MD5 | 906cb5d2622b5b51221172f2daec5b28 |
| SHA1 | 8906d9b7a4c9c443e5d4a3b0ae3ad28ce380ccc6 |
| SHA256 | a4d43a575766ffa0a5ad60e06003d9f6731a8de7e1bcc8c07a1c4c2e5099086b |
| SHA512 | 5dcaa45333259bee98eda06cafa6c2528d1cd7ab7884dcd15c666fc8a3914eb0cd1859bc4e77ab9201cfa2f54b5d3145ad9e4b6180ec7dbe459635b5bfbf7cb8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\72E0348C303A3C51F796A09056FFBDFE
| MD5 | e2d7b0f58450572db2ab04bc3eeafa73 |
| SHA1 | 095c65c1b3d4728c104b4729db6a97a19e818552 |
| SHA256 | 7b92480bd4af0154d1b3d52506df01cdcd9a486972cb1efcaa3478465748512f |
| SHA512 | d193e1359e7d455e6e93d76641a1a14e0dc9bacc3a978bc0f6325421c9de956ed7a4843ef75d40aac599482387d2c600f4ff445df997ec61b101711496e57b46 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E87CE99F124623F95572A696C80EFCAF_8DBDB314F582CFB69D8C0359C37384D1
| MD5 | 4c9a7e4b97d212b16d41166501a2266f |
| SHA1 | a27c2d47864391b2a4f1c7ec09ff5db6b7e7846b |
| SHA256 | 3a00fd6718fee674eee4fe1994b8d07a717396ec998ca13554481f00629c3ff8 |
| SHA512 | af3b54069fc5679508a19e155413403314f1f30e3890835f42efd68b5b5ff318dd0682f5539dab9f226480c9f9e693d994794a3269047f78bf053fc41d784df8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E87CE99F124623F95572A696C80EFCAF_8DBDB314F582CFB69D8C0359C37384D1
| MD5 | 0b1b93b840cd03d08599fb73f2ea70de |
| SHA1 | e53c4dff546f8cb02b485fe7ceedcb1a29e2c8d1 |
| SHA256 | 4278da055ed875020c94f2a8ce428a6e6973c8d1d395bf12bc04e2ef8764b152 |
| SHA512 | baae21b742c74600bba289b96b569118e69da68fe09abb8aaa447d3f6cc63d954833de245b9da62dc0032b1658dda295ad68358edcaf8ffe0c37bccc4273bd99 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c3fc2d1d9d4da6e174275164bba8bb8e |
| SHA1 | 1f4aad99b7eb131625ceafc8b2c9e8e878c9aad3 |
| SHA256 | 919f33efb0cbc1fce4c159b236917ff3241840ebf0ed16b8de86bd97af3fa46a |
| SHA512 | 4bfe92a277f681c006ce4c23e3d5a314f7a255e23391390ac5f5e10ec772627fa981db2a747376e76141b2cc7eedba1c3d14f2fa2bb9b281e966aacc5c2a9db7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2fe9c9c8db720e21043b6d50b18df3aa |
| SHA1 | b9531e48f1bb14e085cb4ae2a70c225400019b8e |
| SHA256 | 114a091612b48f454cd60cdf695d0439c914c1d2c0f31d89cc31e391e0ac0c82 |
| SHA512 | 3a5a3566b8fc4b276dfefb25ab33c98befe9caf8e6b0fa568cf71125b66c493ae73e98dcb24602a72363489036075667120847424bd8280cccc52693c618e95f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4bb90ff6215074ad277f371a66c9d24c |
| SHA1 | 4ef6e25c64a6090fa0f855e2032ada302b27ce13 |
| SHA256 | 10a84c0f57bce3ae06cf9b4fdf5f5a5564523bea1cdee31a832a6749b01969e0 |
| SHA512 | e59ba2f11b58675ccb1d1f4e2d17870ce5181f2d10d49464a49d1986b58409f73f4ba0d267f79a0718cb2bc8127955f3bcd130c267ae403d1f2ce2a90d21d6a4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 39e9266e797c7c01a9829ce8906b8fa8 |
| SHA1 | 45d65e4338225aeb618d64f3de36f396bd7909b1 |
| SHA256 | 0d5b77b789c34caba937660b28032e990c39fadeecf0a338d104deeba4f70622 |
| SHA512 | f05f2b345a333c3522b12e0b9cc0aa97a6803a8b659ea47b95a92b99004a6e559ee58411dee4113149c699ce5d43907e493bdfd1ec7efac00e5d55af2948cb67 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ec6fa1e12ec420f0d234437ef6d796bb |
| SHA1 | 1e3a431d23cc89794894967d92b5b7459e3b0eea |
| SHA256 | 0f3394ce8e520d862309d6eee8d21d905705d475170e21094a53b8f8f0acbc16 |
| SHA512 | 93accaa8ca971d3af09b26a31fb3ba554c4f52e36abac4e4b85663a14dff7c9a7e71f262608f5e6ec8585161d144d0e45851852cb38495adf36b96c6a04aaac9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 64e7f583a4aaba1eac1b957abd18b285 |
| SHA1 | 07efad0dd052875b85dea4ff80c9d061bc2d9581 |
| SHA256 | 0295c2b6054c6247d7c9044c43d6d4783b0020227c78685913755c53db68c9bd |
| SHA512 | 5c359044edaca5f4d751e5a8ca1db2ff2eabfdc7909dc6e962d1bcc93d4c54c383bf93d7db29cecb357f289c808de417e6e76acb339d93922d36db274009edd6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e859e6a683ff1087491704fbd8f6a883 |
| SHA1 | 2aa4c00b84b013eef479c83495783b734bc4f49d |
| SHA256 | e825049ab5b1b81cfc4092e76fc666ee2c22fd4fecf9a76625f31fddf5430bc6 |
| SHA512 | 8db907797b8cb5640708064c7d59a49cbd95fa40fc58b13d0ae8a8ab013f3f9f39cd77f7961963c3d00f4fbcdd0e1dd0c6d80772d925d26768867b669b20d1ef |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | 23e7ed4a08a68c4f788409170a475466 |
| SHA1 | c83f9dc365de1933e08d42f50ea9ccfaeba74272 |
| SHA256 | dae644f81b94f24c126dc4a04dbd12bae7a093875eba1ef513ae034d65c9df9e |
| SHA512 | b32be79944c76f25bc20e038adfc4e1dd7cb4127ea74b0c1e34a61a3e6b08afda957fbff43d0b424acdec41b52a4fd4b4e3de36a6de127124c267960bf8ac552 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | e4a68ac854ac5242460afd72481b2a44 |
| SHA1 | df3c24f9bfd666761b268073fe06d1cc8d4f82a4 |
| SHA256 | cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f |
| SHA512 | 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 44ab119c284d53daa372342de3f9e39a |
| SHA1 | 896301301944737528b999ca1e3ff8ffba98568f |
| SHA256 | bb59d9586cde07242304810dadf149bec708cf821ea3b36ed0cb3e42d6e8aa53 |
| SHA512 | bba678eeb3ad7681d1d11adc886444087b320b3470cef18eb760ca0d29ee881a7b29568add350403db5eef1ffee6993b409ef936bdc5e25d6d66e3f00a7f3d46 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b597795d1479442d17e4a4cb0d23f06c |
| SHA1 | 9ed8a9f8f5b509f22321ff983050af45903a9ff8 |
| SHA256 | 8570d366f6f913a87cbb90c2c82e87c60e8a26f4633e620aba7a480f00e826b3 |
| SHA512 | af22b073c862940bc5ce9dd394cbbf11407a82195997c699608e18f0f3e85f3e4cb58882f5c73e3eba9e22eb472b19e148ac215e2b7b479769702198a9675d4d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7a1a5999e3e53fdb1eace8abb9730ab2 |
| SHA1 | 89ce3bf37f78d21e87ca92340357db5efd18859e |
| SHA256 | b21149c71fdfc18b3fe43f78c5561ceb7cdf334a962fe737e781e7487c8c6649 |
| SHA512 | 2cdd9bc9d12c3bbe70c94e02e1f3cb39e6ef8fb80bb708923f7b8744938c8c2bc86f5e635d39c7ac39ca39e3b3c615f6d899e315b2eb1293ddfc7ae519436c1d |
C:\Users\Admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico
| MD5 | da597791be3b6e732f0bc8b20e38ee62 |
| SHA1 | 1125c45d285c360542027d7554a5c442288974de |
| SHA256 | 5b2c34b3c4e8dd898b664dba6c3786e2ff9869eff55d673aa48361f11325ed07 |
| SHA512 | d8dc8358727590a1ed74dc70356aedc0499552c2dc0cd4f7a01853dd85ceb3aead5fbdc7c75d7da36db6af2448ce5abdff64cebdca3533ecad953c061a9b338e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c29678de259b6458f1099e54d0395f24 |
| SHA1 | 99bf7369bdeddb4e1d79163f6078a76c60e0805b |
| SHA256 | 4da6aad3e452b813e973ef8104e1836858e870e2a87d9a826df3590052f4b6b5 |
| SHA512 | 4fb342af4ba9e5052133149c2ead04a567f1ac266fe0d669cb118d1f60252ff134b9a1c3ed5cf8bf76c18d914fa6526aa5c2f9be800c4032323b0331b5407b3f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1882d66c2b756a0a7117dfaa6bbbf8c2 |
| SHA1 | e31e7f4441797c638503eec171fef1e8075bbaad |
| SHA256 | f38af583595e5fa7be9ae533e168471cf133e583496cbbd20d784940d5daed76 |
| SHA512 | d2c78d3d5c0a4de553fcc0d3fd611101880ed8d4c060e9e5740d8093c170bfd5ab24248a904b6b04b3eaf513f4ca34a724bc299df71272f5aa984293bc5ca681 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5147a87ec27a0ceb5e95a9fc07b33d0d |
| SHA1 | 5764abc3a4940efd863cff117fa36d21749b8ea4 |
| SHA256 | b8af3dba2dad4194bdd02c1008b74bb8acbf0573105b5a1184612fb75af06053 |
| SHA512 | 096004075f311999ae04e1e3c7425ba2958e43dd7ec0d0d37f294e95ff0670f118af68a40bd3a8bd1262d525e30d32f1eb9563730515be6b681b027d8cefc546 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 074330a5d9c6c4ee5d1f0aa6d30a5b2d |
| SHA1 | 195b240049131c76ac06b768c690748f2534026e |
| SHA256 | 459cbc048f6df456fd5dc1bb5333aefe7af4ae4ae5b8506a93664126a9179966 |
| SHA512 | 36aa4532f0eaf25eeefe37ccecd4951332b3d669e4e4f7c2cb72e1f01ce8ae0ee6e37579528339b95ea85223ae87e370291793f817d9ef2bce1b316f44c6bf10 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c0bbdb65aab40daf2b4b3ec1c9dedeb6 |
| SHA1 | 7ff1c30c099f9a93c74eb12e33ab90b31dc531a2 |
| SHA256 | 710246c1be0a6254028b77cca5c11da08b3f7eadc4aec42ad7da9cfa51bb2148 |
| SHA512 | a0822f29a2ae772ea0927236c93d1dbccb3884c6182bd92cb8a79571bd3637a48b5263455e485a8fe2aaea9bd68bc7de921b1a016e3fbbd741e80aab26fb831b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 13d136c3dcfa2d4fb62e3e8fee3a1a53 |
| SHA1 | 5dd0c292a7c7f7d1abbea22955a9a0d4df53b43d |
| SHA256 | accab9374f6480cea37af19d8af4f126779afd2fb75008f235929d389262dba6 |
| SHA512 | 1d55341375d5d741211d0bd0e8071aeeefcc2225f5340849d0005ca2b3c71e0c178ac49404720565ce8479a6b815d9704057c25c12a4cd2fff5703630667af24 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2cd0ff8f1896d710ef40411c6a33e265 |
| SHA1 | cfb5a07eec17d998855dd287ea6c1cc0a0de2f09 |
| SHA256 | 04c7c842008ad2368e5c7bdc7211e25be70bc846bfaf21b385a79c6fc39b2663 |
| SHA512 | 86048f4b6c13faac49180fe3bfcfdcdec36c8892c63bb74681e51fb73df41d1a08b411952c2580686d759ede2c490fd14ebd4ad7c75b0f41d00921a2436f9edf |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | fab1f1f20babe3fe0858b5d15f1445b8 |
| SHA1 | 3c4029ab9d3a2a675f988c05d43ba65c7b457eb7 |
| SHA256 | ddf53406c0fc93628465bc47f5a2b740bfc2b054d29c70e32fabebba9cf34cc6 |
| SHA512 | 6b333800213694fad94c9efcd538c9f9aef9a48c86c5c9896ac435568c07f029db745f23f77bba2774a166ff90ae917a55c280fb2099ae8fc61b0da36b8ac5a1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9b54a340b056f03be1d0d9bf9a10a55e |
| SHA1 | acd0b47637da625b39b3241c0df907a9fc905d98 |
| SHA256 | ec08e7469ccbe3099b277686ce3f286a0d6d27916a0c55ac96bd39ec37d9eba2 |
| SHA512 | 11bacab70aa3c7063cc43cdab45331805eb9479bec7707c56d1e1e5c5871ddfddc879285b5ebcf60cf63b34e65418e0da66b052a451ce3a88f41dafe48a7d47e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | bf3598830e924050e8ab9d6e6b348961 |
| SHA1 | add688a240a895892b76cc8e05d70c711470e1da |
| SHA256 | 770df2da005790be4510aca37f7368f18ff801711c7859a6e6e06468d3c16a39 |
| SHA512 | b6da025c5ac3bc255a0619967ffe26cb1af53e8cc97e75c583a689ec543868675ebd0ad6506e36c7148fc222899b0e79fbec649db4b7e898764c5ae2c5fc0f92 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-05-30 13:57
Reported
2024-05-30 13:59
Platform
win10v2004-20240508-en
Max time kernel
145s
Max time network
148s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\84626b42bf762b7541ce8d47fe56273f_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffcca3d46f8,0x7ffcca3d4708,0x7ffcca3d4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2052,2864994191834335077,16779157243522314497,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2072 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2052,2864994191834335077,16779157243522314497,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2140 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2052,2864994191834335077,16779157243522314497,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2620 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,2864994191834335077,16779157243522314497,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3200 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,2864994191834335077,16779157243522314497,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3208 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2052,2864994191834335077,16779157243522314497,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5844 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2052,2864994191834335077,16779157243522314497,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5844 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,2864994191834335077,16779157243522314497,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5132 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,2864994191834335077,16779157243522314497,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5056 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,2864994191834335077,16779157243522314497,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4752 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,2864994191834335077,16779157243522314497,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4932 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2052,2864994191834335077,16779157243522314497,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2192 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.escortconrecensione.com | udp |
| US | 8.8.8.8:53 | static.clickpapa.com | udp |
| DE | 173.212.237.235:443 | www.escortconrecensione.com | tcp |
| DE | 173.212.237.235:443 | www.escortconrecensione.com | tcp |
| DE | 173.212.237.235:443 | www.escortconrecensione.com | tcp |
| DE | 173.212.237.235:443 | www.escortconrecensione.com | tcp |
| DE | 173.212.237.235:443 | www.escortconrecensione.com | tcp |
| DE | 173.212.237.235:443 | www.escortconrecensione.com | tcp |
| US | 104.21.33.58:445 | static.clickpapa.com | tcp |
| US | 8.8.8.8:53 | code.jquery.com | udp |
| US | 151.101.130.137:443 | code.jquery.com | tcp |
| US | 8.8.8.8:53 | 58.55.71.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 138.107.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 68.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 202.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 235.237.212.173.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 99.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.213.58.216.in-addr.arpa | udp |
| US | 172.67.141.181:445 | static.clickpapa.com | tcp |
| US | 8.8.8.8:53 | static.clickpapa.com | udp |
| US | 172.67.141.181:139 | static.clickpapa.com | tcp |
| US | 8.8.8.8:53 | 137.130.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 204.79.197.237:443 | g.bing.com | tcp |
| NL | 23.62.61.171:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 237.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 205.47.74.20.in-addr.arpa | udp |
| NL | 23.62.61.171:443 | www.bing.com | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 154.239.44.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 209.205.72.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | prscripts.com | udp |
| DE | 173.212.237.235:443 | www.escortconrecensione.com | tcp |
| US | 131.153.42.229:445 | prscripts.com | tcp |
| US | 131.153.42.226:445 | prscripts.com | tcp |
| US | 131.153.42.228:445 | prscripts.com | tcp |
| US | 131.153.42.225:445 | prscripts.com | tcp |
| US | 23.235.244.226:445 | prscripts.com | tcp |
| US | 23.235.244.224:445 | prscripts.com | tcp |
| US | 131.153.42.227:445 | prscripts.com | tcp |
| US | 23.235.244.225:445 | prscripts.com | tcp |
| US | 23.235.244.227:445 | prscripts.com | tcp |
| US | 23.235.244.212:445 | prscripts.com | tcp |
| US | 8.8.8.8:53 | prscripts.com | udp |
| US | 8.8.8.8:53 | www.frmxnnjejpzbr.com | udp |
| US | 8.8.8.8:53 | 157.123.68.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.rbayzoamcrdg.com | udp |
| US | 8.8.8.8:53 | 56.126.166.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 0.205.248.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 200.197.79.204.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | eaa3db555ab5bc0cb364826204aad3f0 |
| SHA1 | a4cdfaac8de49e6e6e88b335cfeaa7c9e3c563ca |
| SHA256 | ef7baeb1b2ab05ff3c5fbb76c2759db49294654548706c7c8e87f0cde855b86b |
| SHA512 | e13981da51b52c15261ecabb98af32f9b920651b46b10ce0cc823c5878b22eb1420258c80deef204070d1e0bdd3a64d875ac2522e3713a3cf11657aa55aeccd4 |
\??\pipe\LOCAL\crashpad_2816_XOHHEIPNFCIFSPDG
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 4b4f91fa1b362ba5341ecb2836438dea |
| SHA1 | 9561f5aabed742404d455da735259a2c6781fa07 |
| SHA256 | d824b742eace197ddc8b6ed5d918f390fde4b0fbf0e371b8e1f2ed40a3b6455c |
| SHA512 | fef22217dcdd8000bc193e25129699d4b8f7a103ca4fe1613baf73ccf67090d9fbae27eb93e4bb8747455853a0a4326f2d0c38df41c8d42351cdcd4132418dac |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 0d75968f86fe715265b1a99a6d34649f |
| SHA1 | 456ac47f8d1aba686a141e1ed3ad3123eb8b8bc9 |
| SHA256 | 8e94e250b707706d9c524723a3b6e0865f19cd81d2f092bc60f693ffaa561d3f |
| SHA512 | 13ce57412b6f6e35c34e3dcb461373657fe528a8b6a0373b50d3964413a301f03c750ccb980dd8992fd785331319c62d7c286f0176db1f845a04fad34e335123 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 2df5511491d5941fbd5d4511c2e972a5 |
| SHA1 | ac4268f39c7307dd361f79260beabd888137975b |
| SHA256 | f3a1eb3146efe107c54a799c041c6a2fcc65440217f9a3010de9bf5db76cd851 |
| SHA512 | 6d05f4f4cc96c2dd5932a0d250ea8cba1e15f060eba745d2e26c8239307c6691957f261da03258056d9dc95a9255fa536cf1c45c368bc3be04a4575e5f8f9151 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 8d49e94a7d73640157f3710a2048c5be |
| SHA1 | 590e1b95378cab1f7d520347118a93a92407fa70 |
| SHA256 | 0e32c873088a334d1d34a0a4cd8456a83f1c9aa11f8e1c5e3695221e30d532b4 |
| SHA512 | 806127a1ddd89b230609dd9aee6af91d87e65f60811276efbb8820212b375ac0927bb1895ed5f694bab8942a7ae624b48bca58dbf0b3817d35815872ad121570 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 206702161f94c5cd39fadd03f4014d98 |
| SHA1 | bd8bfc144fb5326d21bd1531523d9fb50e1b600a |
| SHA256 | 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167 |
| SHA512 | 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | e38b0cae350b90055eb66b658948afc7 |
| SHA1 | 5568a5ce48df773b3bccd8b2d469dc68df0f3b6c |
| SHA256 | c5e15594b92a4efafb5b24f100dcdb0b462e8e53fa648d5cdf08d5775799516d |
| SHA512 | 266320991cc2ca2dda418aa2f858305395e4ff4e25ddcbd14534645ec72ef633f1a72c0ec70c763ad189926a8d33d7e45aa6a76bf5d0c5cdcbe59adeaa53f4a0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | eb74e8ad248d3703524005d7b7025a1b |
| SHA1 | 9caec6f589c0cfd4f8caef0da6674eaa15c23d69 |
| SHA256 | 0b587775a9689c9dfa209c563d1cf670e96be798f02a5a4ef806e8a4b2f296bc |
| SHA512 | 7c0e72b4e1c67013f9cc9932fca66bfa2d7ac5ce50216ebf9b8f5d5688846157e001847da452d9bfdfd393cb7d313e9735e56d299fe90a8db223c3f5de919c1b |