Analysis Overview
SHA256
adb8b631aa613a7fc20495832890d17e3ca83f0aa9105b9d34f932b0d17a883c
Threat Level: No (potentially) malicious behavior was detected
The file 8891620069ca495e6aecc0f96a22fcb5_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Modifies Internet Explorer settings
Suspicious use of WriteProcessMemory
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Enumerates system info in registry
Suspicious behavior: EnumeratesProcesses
Suspicious use of SendNotifyMessage
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-05-31 22:26
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-05-31 22:26
Reported
2024-05-31 22:28
Platform
win7-20231129-en
Max time kernel
133s
Max time network
127s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000000d3f5ac701474c408cf88f290c2647c50000000002000000000010660000000100002000000030aeec3dc06c41a414dc0ef0a1fce9db3587ce2b95876472a9c35fd771b2bf5c000000000e800000000200002000000044143cc615901285ac652e690658269658688589e44f7bdfc8622d9751b9aebc20000000dd0e974bcb3bd4ace3ae8eb9b4c1828f605c4c70f1721891a10d0683b10b87fa40000000c6e690538064e3b074534b9945983f4c51a8775f59cac1862ae888986e0d103c9f99c4e003bd049103471ea08c3ee11986e786a7b03154b6408b048c089f041e | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\FaviconPath = "C:\\Users\\Admin\\AppData\\LocalLow\\Microsoft\\Internet Explorer\\Services\\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000000d3f5ac701474c408cf88f290c2647c500000000020000000000106600000001000020000000e413a2f1c61333fa1610634c4592d1fe97105d9e304ea75566f438bcee3e752e000000000e80000000020000200000007577b8d37a49d1c67f5c056c3704c28757d53a25f2e9af81303582d18f50eb3790000000df0a47d8b7e2a8ab1d8d90023e662a56643cf9c5b845cd2b4d94311578fad0d0effb4bc0839d74552921d484e64e40c76ed8b35f284d42134a563e7104607a6b3d9278ece5c33ab11782236b406e27f194aeafe773fdd29208cf9c1b37cdcc3a58ad7cc7c0a23d0f2f5bdd792d524f1b878d4986cdf238c42c1872f104c9e5d27d4440462fe707ff1d1062108665324240000000a1bb81d26737b575cd5ba4dde7469600d7a6a36f43603ef742830cf1ed3f0fe87604040a6cda20745634c1dce2fd93727e53c15d96f6209b8b822e3f4935d6cc | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{CC31E561-1F9C-11EF-A68A-46FC6C3D459E} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = b001d6a2a9b3da01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423356244" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2240 wrote to memory of 868 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2240 wrote to memory of 868 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2240 wrote to memory of 868 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2240 wrote to memory of 868 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\8891620069ca495e6aecc0f96a22fcb5_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2240 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | ajax.googleapis.com | udp |
| US | 8.8.8.8:53 | www.pinoylottoresults.com | udp |
| US | 8.8.8.8:53 | yoo.ph | udp |
| US | 8.8.8.8:53 | pinoylottoresults.com | udp |
| GB | 142.250.187.234:443 | ajax.googleapis.com | tcp |
| GB | 142.250.187.234:443 | ajax.googleapis.com | tcp |
| GB | 142.250.187.234:443 | ajax.googleapis.com | tcp |
| US | 67.225.218.40:443 | pinoylottoresults.com | tcp |
| US | 67.225.218.40:80 | pinoylottoresults.com | tcp |
| US | 67.225.218.40:80 | pinoylottoresults.com | tcp |
| US | 67.225.218.40:80 | pinoylottoresults.com | tcp |
| US | 67.225.218.40:443 | pinoylottoresults.com | tcp |
| US | 67.225.218.40:443 | pinoylottoresults.com | tcp |
| US | 67.225.218.40:80 | pinoylottoresults.com | tcp |
| US | 67.225.218.40:80 | pinoylottoresults.com | tcp |
| SG | 134.209.110.111:80 | yoo.ph | tcp |
| SG | 134.209.110.111:80 | yoo.ph | tcp |
| SG | 134.209.110.111:80 | yoo.ph | tcp |
| SG | 134.209.110.111:80 | yoo.ph | tcp |
| SG | 134.209.110.111:80 | yoo.ph | tcp |
| SG | 134.209.110.111:80 | yoo.ph | tcp |
| US | 8.8.8.8:53 | pki.goog | udp |
| US | 8.8.8.8:53 | pki.goog | udp |
| US | 8.8.8.8:53 | pki.goog | udp |
| US | 216.239.32.29:80 | pki.goog | tcp |
| US | 216.239.32.29:80 | pki.goog | tcp |
| US | 216.239.32.29:80 | pki.goog | tcp |
| US | 67.225.218.40:443 | pinoylottoresults.com | tcp |
| US | 67.225.218.40:443 | pinoylottoresults.com | tcp |
| US | 67.225.218.40:80 | pinoylottoresults.com | tcp |
| US | 67.225.218.40:80 | pinoylottoresults.com | tcp |
| SG | 134.209.110.111:80 | yoo.ph | tcp |
| SG | 134.209.110.111:80 | yoo.ph | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| SG | 134.209.110.111:443 | yoo.ph | tcp |
| SG | 134.209.110.111:443 | yoo.ph | tcp |
| SG | 134.209.110.111:443 | yoo.ph | tcp |
| SG | 134.209.110.111:443 | yoo.ph | tcp |
| SG | 134.209.110.111:443 | yoo.ph | tcp |
| SG | 134.209.110.111:443 | yoo.ph | tcp |
| SG | 134.209.110.111:443 | yoo.ph | tcp |
| SG | 134.209.110.111:443 | yoo.ph | tcp |
| SG | 134.209.110.111:443 | yoo.ph | tcp |
| SG | 134.209.110.111:443 | yoo.ph | tcp |
| US | 67.225.218.40:443 | pinoylottoresults.com | tcp |
| US | 67.225.218.40:443 | pinoylottoresults.com | tcp |
| US | 67.225.218.40:80 | pinoylottoresults.com | tcp |
| US | 67.225.218.40:80 | pinoylottoresults.com | tcp |
| GB | 142.250.187.194:80 | pagead2.googlesyndication.com | tcp |
| GB | 142.250.187.194:80 | pagead2.googlesyndication.com | tcp |
| US | 67.225.218.40:80 | pinoylottoresults.com | tcp |
| NL | 23.62.61.97:80 | www.bing.com | tcp |
| NL | 23.62.61.97:80 | www.bing.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\4A9377E7E528F7E56B69A81C500ABC24
| MD5 | 6304eb3ce9549b6f3559cd77fcaab82e |
| SHA1 | dc4e66e164b327778fc632d7be0e3c4fd9f1a9a8 |
| SHA256 | 2dbd3a746fac43f5f6b6cf6ac17674deb7148ac5a2b2e5fc968324e1482e4f86 |
| SHA512 | 47319e577be29b2b6360ebc15675ececa83788bed4b726f23efba41f8535100aa4c9a73bab9d886349d99b0a1cd37e570fefbff25c5ecc4db8e91edf28f5f83c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\4A9377E7E528F7E56B69A81C500ABC24
| MD5 | 3e455215095192e1b75d379fb187298a |
| SHA1 | b1bc968bd4f49d622aa89a81f2150152a41d829c |
| SHA256 | ebd41040e4bb3ec742c9e381d31ef2a41a48b6685c96e7cef3c1df6cd4331c99 |
| SHA512 | 54ba004d5435e8b10531431c392ed99776120d363808137de7eb59030463f863cadd02bdf918f596b6d20964b31725c2363cd7601799caa9360a1c36fe819fbd |
C:\Users\Admin\AppData\Local\Temp\Tar11A2.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6601e8fe53ba916da770dfd4c7801997 |
| SHA1 | f162a2f0ec301d8d86c5acb441e5d47c0d1c2fdd |
| SHA256 | 07354bda3ba382ea78cc354ee7c57c32c16b5bc8e95a2fcd781e8d656bd832c3 |
| SHA512 | ba9bfca2daaa4108e538c3b72973ca262890efd72235817a7f30f6572857480cbc1f41b2c8613f5c4eeb566d4c02569c938e0104d2224141a6503084a2bb1d0d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5003f6bd04ac103644f35f363fff2786 |
| SHA1 | 7de493ad344541b5f0f4f6ed4879f76d9fc6d3c6 |
| SHA256 | c02658223cd6dc7f19f9faa8ce481e9c525eef8cb6747ebd80cdebbbab90c7fa |
| SHA512 | 91809e1af486ca85f04fc4e144e9c2bff0df396cda53767c73934d761c5d717b7f0b5fc7bc064ebd642b0890ab89f8e057fc6bf108395396a1fc8c955b81d4d9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | a266bb7dcc38a562631361bbf61dd11b |
| SHA1 | 3b1efd3a66ea28b16697394703a72ca340a05bd5 |
| SHA256 | df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e |
| SHA512 | 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | 08691054dba1ae9142328efe72841612 |
| SHA1 | e9c4e16f9c1a2ef50071f2b4d21691b854b6102d |
| SHA256 | 70a4a66ad510390f9869857e1d85aa005e49e0fdd452d8ae7b21de910ae89ef3 |
| SHA512 | 36f22f9b6bb5987cc67f5dd47d0331e3b4fd7472b027cf7536e2dbbe392eb96b0eb8e350294e0d9ff9c97094dd84afee5e3af182faf5aa6f7f7d2494c2b1c9c9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C75912488C35FD1B5E8514AB08559BFF
| MD5 | 00e81ceb0d9c7e56f074c5edc30e6551 |
| SHA1 | 01ddd8092154238aaefc93dc67b7bc554f3547f2 |
| SHA256 | e28e335b18d6fa02281d23cd5227661c3ff8129319d42261f2acc2006560f690 |
| SHA512 | 0a51080fa8da0a2963bf2447fad1e691d398f1673fb7302e0528a854f01f22b345f35cb4b011a570ff2f6a8725afa2ab71585b6aa8c588beccdefffaaf3bc283 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\35C01257AB3502E93896A67D23CD480A
| MD5 | f0d5544de58837c94fe8c1092fe4fd42 |
| SHA1 | 4bff700c5601264cc233fffd22745bb21d48cc07 |
| SHA256 | 3bd1621cab44bd4d22eac5619ce4df15f28e402cb130e881354e702be854d0cf |
| SHA512 | 77e0707a6a5e1d3b5e780b16a549a98aff113dc81321ce0695cbee72044923f4d7821414e60b87d33cf3176bbf928e15a598599de55458d4baae98d6872ec248 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0670a21b7f06825663aff59550124605 |
| SHA1 | f504023015ef2e1ee18e06d032eb5a723c55e47e |
| SHA256 | 3dd35fd070c7ea0296c39db5fc6deb7ab91ae4d35dee345c193e863d696a06e6 |
| SHA512 | 9cefaf268b823bb4ebf4823f28c2286a00f554e663dbd6ec3dad2673f963417c1970ca4a3c3373df2f328b5f0f43b59ab2476cc9347140fc4e0d44f21a14df6f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5df1fa4f0d21ae77d7a6568d69562ed4 |
| SHA1 | b590c32172224a6cca62b44ae5aac185364a5f93 |
| SHA256 | 14f15cf4afdc75332ab05757352dd054025a47eefb84b3107e4218cd82c303a1 |
| SHA512 | db2260d8633a465e595eed44ceab351834228a4dafa48b63938ca7656093fae0f4fdc556fc30bb5998345c366fe6b359245f554d5b1046ec3254c7defe6e4426 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5472acb656ec1b7e37900b2398a0b74b |
| SHA1 | 01d236a2e47f75fef41bba222d2bcc7406cc98b7 |
| SHA256 | 722b7e176358807365d9f4241089fe3e25244d65bb706301706aeb1ebb972b3b |
| SHA512 | 2333e62543916da9f80993b2405c0137507f2ba881356d9e64727599cc33560286d7d1ee7d63124117cc4b95fecf5c33e59c717a02bb03eaff68321309e2fe53 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 991e03a08fa42a39ea53bb7960bf6981 |
| SHA1 | c780f5fd453af4bd50a6e98689544b5f5d5b9368 |
| SHA256 | 7a7108f6b5a0712d072e082eb2f11431def286b37e3d3eb0ad9c576251c26a49 |
| SHA512 | 0feaef29cddd450210af42a1d83396cbf6e65541f010d084e3b91fa84e91132de15edb7cf6632c543bb17736ab4c8ff2e7855af8ab06f792d38697f8e8ce9393 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1f71ffdd8c6bfc012287b6e2d926facb |
| SHA1 | 6b61ab84c8cd4eb90a580b81e0468b6e784cfdfa |
| SHA256 | 6436bf0a282f88ab32de880d3b653d9126d7f3351cc23f609b1f03fc1fd52593 |
| SHA512 | f9f220aec5bb7c2fb541509a36e70c86acaf592a4207c0c4f4d60c6b3a8d3509fce5f955288ab52d60a2174400ab57b295b4222f2750a3863c4c20b9a3d937d1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f4e9125e084a7979e7464390ca95c4a0 |
| SHA1 | eecedf564864eab1110733e6743dbc0a98945d08 |
| SHA256 | 9e8c37ea9b26f3839141c047abdaabaed14ad7e679a81a25613eb8e1f6feb045 |
| SHA512 | 67987f9bd5db6d5ed312678315b34c775f3c0a960cb3a84ee2d8bce7232c2d0e1ea3b747f8540363f278e31ede4f2a6e159350fb87abff02f613d1ced66de583 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | e4a68ac854ac5242460afd72481b2a44 |
| SHA1 | df3c24f9bfd666761b268073fe06d1cc8d4f82a4 |
| SHA256 | cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f |
| SHA512 | 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 310bea6d3fa7f83410b1ec1cf33456c3 |
| SHA1 | d1d057cdd39d3d07c866af906239e3edc317d785 |
| SHA256 | 84adfc312283ea5d305cdc87c460489b784c8a20b23f358eccffffb0b14008d0 |
| SHA512 | 2abcd265d7b3d9c6a1c99f997051a5a950f18505d1a76bd7a93703c5d565023b10d951a22cb4fb2773081eebea7c2c478c66d61775d3b7ac67733c607249d1b2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | 1b313db5f1fe8281cf47a46bbb52a01d |
| SHA1 | f253a637dfc4a69f9202673b53b1c21812021d87 |
| SHA256 | d212e05c8d42f6620825b107d5e2264d9d737dae3d513ab3e596c11ef451baca |
| SHA512 | 0c546ce1bcb6454479c428113c1a812ddfe82a9eb44c57a0343663e93cbd9207407c38e1871030359cd65a2bff17d6155ba449fda8fe246cff519bb8bf669948 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 92df6c9b028b9fdd9578dc302abf952b |
| SHA1 | ebe0f782c17203484ad70967582ac9f18be12ea9 |
| SHA256 | 9ee9b74d386221eb56edeede46cc85b8ec8212179c219df109991f8155f8bb26 |
| SHA512 | 8e95b84efc094ec749134909c31ca8c4545997fa5431005b3dd4cd9c53eb28e0e9930e4db72d2a9fc7e1032141d7284163d61a36573e90e873c287a890660c20 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | fab8dee3266b4c355acbdb54c8ca1e9c |
| SHA1 | bcde42d4b4f3c55096a69931215554ec991cb388 |
| SHA256 | 5eea601aa82dd0f77c900a6347edf4875491b79359edd511b59adb1ac0af8eef |
| SHA512 | 2cc76174bb603b165e05f7bf10a1e56d27b6e13dd51ec520af62aac5bb35e2366a048c0e8f949a922ce24c37f79d0624f5817dd1f3e5b31cfaaa3adfd24c82ba |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1659e081104db2279f5abe67a0f7edb2 |
| SHA1 | ab151adbe10a33311e2619b2346f8991601df23f |
| SHA256 | de56df9babdf20310a0fbe2c7ac907ba7b83ea80e5df3058ceb36f433e4e9202 |
| SHA512 | c213006150376ad159988f5fa96fda80b1fa5053657a40671d44ee7cd5233a8628b07ad94aa2d6b9d6c634b9896157246147bceebdb7b7aca0d10a3e5456dd5c |
C:\Users\Admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico
| MD5 | da597791be3b6e732f0bc8b20e38ee62 |
| SHA1 | 1125c45d285c360542027d7554a5c442288974de |
| SHA256 | 5b2c34b3c4e8dd898b664dba6c3786e2ff9869eff55d673aa48361f11325ed07 |
| SHA512 | d8dc8358727590a1ed74dc70356aedc0499552c2dc0cd4f7a01853dd85ceb3aead5fbdc7c75d7da36db6af2448ce5abdff64cebdca3533ecad953c061a9b338e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 494d8741dfb16d20073c359582440d97 |
| SHA1 | 7da227ab4b827a3c58c0340d6214a6e33007f37b |
| SHA256 | 8634e7b060c36c5de00dc47158af3932cf8cb1816390da82325b5665827dbf38 |
| SHA512 | 9101aff5f23a414d5a8565985e0ce991e9f14c54fc2cd18185dc4048583b0b0133d417cd85923367ac3c774cedd6d57569936e3142dd331b157bfa3b0794bad7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 08d12c35932c336d1c6c0c67b7941b1c |
| SHA1 | 3ec3b4c1e455d1f07aa078caae911b718a126340 |
| SHA256 | 1a78fc6c2e268d5017bafdfbb408dc8c6e0e64e83ba38ffc0100a9595774472c |
| SHA512 | c13c269a71ac11c681c83b367262f2a4ff9ca95c9a9a7af94f070054c5e6de2bbf50d78d61af582ed1c259d88b204b442ceb946241aec200cfd1f8a3d5036608 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 82d61836828138f2f3b4939ef281e6b3 |
| SHA1 | 8af2caa984c4749dce44eb5f05dca1342489120c |
| SHA256 | 90f0efb7b7e4fc335e681402413b9b772b7aeca8e64ff93c548f99605f34a0a9 |
| SHA512 | a3243277804817f265004646fd61079244d02dfe2e4ba83f9b3a5b579d89080ad18cd2013f0b5c19514d4ccba919ea6589acc5d39b64f38e911f76e7d41cccf0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 09cb77c6c1f06ae5b53e7a369c99096a |
| SHA1 | d04fc9882293c5485813607ec11d3ee01becec4d |
| SHA256 | 0ed89fb8abbc99118e03914357b841ee5e5d05ba1babb7325bf7eb3396be2771 |
| SHA512 | bd5bf873b203ad7e1fe29fcd4e9557af293b5afd9674e81483ddd18f4c64b662f833f65bf5db447cda1903e019fcf0cf1ac7f30902342a66f952167367dad94c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 78f0f477bca9b1f29d7a7984476b1f43 |
| SHA1 | c7d4402fbe25e6fb9bdae60a4aad6eed86289529 |
| SHA256 | e2b57e34173d53e195893d16a75962c74ae67d88a4b456623087bf19897f8c29 |
| SHA512 | 7ab4f47019e9bd159c27bf5094c9a37b7e11e0feb23e9de2d251b0d3aa2bc5d15d02c29d9650a6dbb992dc0b00decb481bfd1d168cc1d65da325ffd5a7ead909 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 500ace8837ab7a0ba5b9373a9aefa8f9 |
| SHA1 | 4f25eb454fa7aedbaa2c216b0ef7b5b8537ba423 |
| SHA256 | a8d0c46824112d62ca1cb11ccd201268745bb03cd7e6c6d7dd0950a848c26753 |
| SHA512 | 759813fd511b58eca4b646adabab91dbae01fc290c37fe127a45a7ca792db9729636eb77014cb7618b562aeead16c25d7a203e65b3dc2458b9622a3ae43124a3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ef5bf3ceacac50ca2ffb14b1d5743de4 |
| SHA1 | f20387cde7b59f5b854b9d05783bb5e1b6bc03a0 |
| SHA256 | 356700f99c53077f44bd98adb0ab66a9cf83243f35fa147f356301c97f267571 |
| SHA512 | dae851bf3748ddfa250b32724f78126c080c61b1fd0e7ed7ff8779f17b1ace69abdef1359e14151073a708bf3e30e51a1b20e3d69edbf525b6a27b4b9b4fcfc9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 048165fafed939e334d79b6930c9f6ad |
| SHA1 | d5918a68d7bc9e356da31f120e584cf4b5f03883 |
| SHA256 | a687f4f3a03aaca6ad78c3454a0ad68f2c185c41f409b734f799f930a1300edc |
| SHA512 | ca1e2685a8b9d3f6d83b7d937101fe7f7153e9769c66a391325819aed6617246707b534caa38e9c877b5bdf439b93eb5387c391816913027bc30ed67b57dc70f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5fad0874b4a4be7140be9453c3f6309b |
| SHA1 | cb7108e31fdd6e92750b8b4ad5b9ae36cc1f00a1 |
| SHA256 | aac83fd3930a3c888c54a2eaefea3d12185b2ecd29a028810c17088920d722c0 |
| SHA512 | 2fed58bc257ae17ffe9018ee5d099f59f2d4df312870575f4ae1a14b651e4332d28107f984182b8534154f1530629bd66e5d69287ba99323e4d88a1bd5b9259c |
Analysis: behavioral2
Detonation Overview
Submitted
2024-05-31 22:26
Reported
2024-05-31 22:28
Platform
win10v2004-20240426-en
Max time kernel
145s
Max time network
146s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\8891620069ca495e6aecc0f96a22fcb5_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe6ed746f8,0x7ffe6ed74708,0x7ffe6ed74718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2140,10274604002735175533,12980243533004123818,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2152 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2140,10274604002735175533,12980243533004123818,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2200 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2140,10274604002735175533,12980243533004123818,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2772 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,10274604002735175533,12980243533004123818,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,10274604002735175533,12980243533004123818,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,10274604002735175533,12980243533004123818,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5212 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,10274604002735175533,12980243533004123818,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6116 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,10274604002735175533,12980243533004123818,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5940 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2140,10274604002735175533,12980243533004123818,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6316 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2140,10274604002735175533,12980243533004123818,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6316 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,10274604002735175533,12980243533004123818,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5420 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,10274604002735175533,12980243533004123818,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6288 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,10274604002735175533,12980243533004123818,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3048 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,10274604002735175533,12980243533004123818,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5412 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2140,10274604002735175533,12980243533004123818,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4832 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 183.142.211.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | yoo.ph | udp |
| US | 8.8.8.8:53 | www.pinoylottoresults.com | udp |
| US | 8.8.8.8:53 | ajax.googleapis.com | udp |
| SG | 134.209.110.111:80 | yoo.ph | tcp |
| SG | 134.209.110.111:80 | yoo.ph | tcp |
| SG | 134.209.110.111:80 | yoo.ph | tcp |
| SG | 134.209.110.111:80 | yoo.ph | tcp |
| SG | 134.209.110.111:80 | yoo.ph | tcp |
| SG | 134.209.110.111:80 | yoo.ph | tcp |
| US | 67.225.218.40:443 | www.pinoylottoresults.com | tcp |
| US | 67.225.218.40:80 | www.pinoylottoresults.com | tcp |
| US | 67.225.218.40:80 | www.pinoylottoresults.com | tcp |
| US | 67.225.218.40:443 | www.pinoylottoresults.com | tcp |
| US | 67.225.218.40:443 | www.pinoylottoresults.com | tcp |
| GB | 216.58.201.106:443 | ajax.googleapis.com | tcp |
| GB | 216.58.201.106:443 | ajax.googleapis.com | tcp |
| GB | 216.58.201.106:443 | ajax.googleapis.com | tcp |
| SG | 134.209.110.111:443 | yoo.ph | tcp |
| SG | 134.209.110.111:443 | yoo.ph | tcp |
| SG | 134.209.110.111:443 | yoo.ph | tcp |
| SG | 134.209.110.111:443 | yoo.ph | tcp |
| SG | 134.209.110.111:443 | yoo.ph | tcp |
| SG | 134.209.110.111:443 | yoo.ph | tcp |
| US | 8.8.8.8:53 | 140.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 106.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 40.218.225.67.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 111.110.209.134.in-addr.arpa | udp |
| SG | 134.209.110.111:443 | yoo.ph | tcp |
| SG | 134.209.110.111:443 | yoo.ph | tcp |
| SG | 134.209.110.111:443 | yoo.ph | tcp |
| SG | 134.209.110.111:443 | yoo.ph | tcp |
| SG | 134.209.110.111:443 | yoo.ph | tcp |
| GB | 172.217.169.66:80 | pagead2.googlesyndication.com | tcp |
| US | 67.225.218.40:80 | www.pinoylottoresults.com | tcp |
| US | 8.8.8.8:53 | pinoylottoresults.com | udp |
| US | 67.225.218.40:80 | pinoylottoresults.com | tcp |
| US | 67.225.218.40:80 | pinoylottoresults.com | tcp |
| SG | 134.209.110.111:443 | yoo.ph | tcp |
| US | 8.8.8.8:53 | 66.169.217.172.in-addr.arpa | udp |
| SG | 134.209.110.111:443 | yoo.ph | tcp |
| US | 67.225.218.40:80 | pinoylottoresults.com | tcp |
| US | 67.225.218.40:80 | pinoylottoresults.com | tcp |
| US | 67.225.218.40:80 | pinoylottoresults.com | tcp |
| US | 67.225.218.40:80 | pinoylottoresults.com | tcp |
| GB | 216.58.213.14:445 | www.google-analytics.com | tcp |
| US | 8.8.8.8:53 | s.w.org | udp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| GB | 216.58.201.98:443 | googleads.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | 98.201.58.216.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 216.58.213.14:139 | www.google-analytics.com | tcp |
| US | 8.8.8.8:53 | 209.205.72.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tpc.googlesyndication.com | udp |
| GB | 172.217.16.225:443 | tpc.googlesyndication.com | tcp |
| GB | 172.217.16.225:443 | tpc.googlesyndication.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | 225.16.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 196.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 103.169.127.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.39.242.20.in-addr.arpa | udp |
| US | 52.111.227.11:443 | tcp | |
| US | 8.8.8.8:53 | 22.236.111.52.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | b2a1398f937474c51a48b347387ee36a |
| SHA1 | 922a8567f09e68a04233e84e5919043034635949 |
| SHA256 | 2dc0bf08246ddd5a32288c895d676017578d792349ca437b1b36e7b2f0ade6d6 |
| SHA512 | 4a660c0549f7a850e07d8d36dab33121af02a7bd7e9b2f0137930b4c8cd89b6c5630e408f882684e6935dcb0d5cb5e01a854950eeda252a4881458cafcc7ef7c |
\??\pipe\LOCAL\crashpad_1684_PBDMRVKZHIKKLBBZ
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 1ac52e2503cc26baee4322f02f5b8d9c |
| SHA1 | 38e0cee911f5f2a24888a64780ffdf6fa72207c8 |
| SHA256 | f65058c6f1a745b37a64d4c97a8e8ee940210273130cec97a67f568088b5d4d4 |
| SHA512 | 7670d606bc5197ecb7db3ddaecd6f74a80e6decae92b94e0e8145a7f463fa099058e89f9dfa1c45b9197c36e5e21994698186a2ec970bbdb0937fe28ca46a834 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | bb399c6aa3f1cefdc122ab54513ad5f2 |
| SHA1 | ca2ebcff0543c5a731429a68e57f9473673d73c6 |
| SHA256 | 62442dc3c82c26ab87e39d9a7cb820ee6563d3a5a5d2d757d464928215d75b82 |
| SHA512 | db19892718c51c1c32eabf6a75e136ad4bd58ac9168d14b78903991b17d114f0528e15adc44cdd65eda4565221b0cabec9384f4a10bddcb8694ff83f94331fba |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 31a6363438d5861c2de233ce903994ca |
| SHA1 | 9dab1f5479ba9f5cde90c6bbec5ccd26ca5decc4 |
| SHA256 | 6bb52e5390448bf62f8c947f14cb1023daad37df82abe45f1a808b4808f610a7 |
| SHA512 | c50ed570bc3f3d846617c5a3834bd35ad9c4438acace467f4af88faade535aceee8db750389dc636e9e86fdb4f31dac1c220fd725e0d9b78762ec6351242e36c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | f3a18e5d71be74e9a3c1a470b0dbf057 |
| SHA1 | 50923b48b56e590169e45a39557ad2eab9acb033 |
| SHA256 | 7c5b90dd0f6e7a1d620c1399f97ff1987159485be45f7da6c4e9a772156e9400 |
| SHA512 | 277828b5c313cb37e62957f0a4f47344f52ceba4b1f0c0978c93ea8842195ebbe5b22228ee91dad61483e5ab06dfc3c1d439b46b9d484f95563c4ffea1819d17 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 807419ca9a4734feaf8d8563a003b048 |
| SHA1 | a723c7d60a65886ffa068711f1e900ccc85922a6 |
| SHA256 | aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631 |
| SHA512 | f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 285252a2f6327d41eab203dc2f402c67 |
| SHA1 | acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6 |
| SHA256 | 5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026 |
| SHA512 | 11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 90b07c2fd93ff04987dd8bce7a977d41 |
| SHA1 | 828f007bef24dacba2ed8539f28938d0d986de58 |
| SHA256 | a6db626b9f2aa90be09901609510a999b4813a0fb6c4443724d5c4ee16b5dcfc |
| SHA512 | c2c32c35d2c56e4916fd244a1417579ff70bce5cf9170bebf5268e97d1836fc5249b851da961cee0f79221b0a044faf7b251bce7493ef828f7368e58732c31d4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\aa0d5f57-1a5c-4f00-ad49-b03b06f0f593.tmp
| MD5 | f8189c952a33a2c96a7bc24c9d396191 |
| SHA1 | 0eae1af627e579c8eaae5f5f2fecdede1a6073d7 |
| SHA256 | 6497fd53711d45574c692f42361e1afa4ca4ce3eaed49fe8463c8c66faecf726 |
| SHA512 | 1f524857c01eadc918439abebcdb74d9fbc264a0b649c4141bb552941b00f66b860edb14d78194adeea36efa8ce858183aab33436f28dcc624bd54f2c2e26e42 |