Analysis Overview
SHA256
578db8bfc4dfda64b755f8bc66e420e2811a027a46753aea9d234e2cbb154189
Threat Level: No (potentially) malicious behavior was detected
The file 8786e3a2b17ccb9b0c6c63df2711bb27_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Modifies Internet Explorer settings
Suspicious use of FindShellTrayWindow
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Enumerates system info in registry
Suspicious behavior: EnumeratesProcesses
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-05-31 15:45
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-05-31 15:45
Reported
2024-05-31 15:48
Platform
win7-20240221-en
Max time kernel
136s
Max time network
145s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{DE11D521-1F64-11EF-9CBB-52ADCDCA366E} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000006b7ac918aaceb0488e9e8ecfa3bf6c5900000000020000000000106600000001000020000000e3a81da0079e83adcfa6a68ff72df09a4148427cfb8b044235c9da27808354b9000000000e80000000020000200000001b9bdb3dac1931cce3a6a8b36a6c2d2bc93f8869486daa55f78756a76e41a7e4200000002bd4cad0c8b5b4f753f7fa53107c00cae1028ed04926083bdc081d0b83144fc740000000d653f40e274f3976ef9b6d01ca40f2579c94b83fe5e2c6159554d39bca9f6c90750f0164c2cba2dd118fd0ff0608e06f15453064923ac143fde34562f24ad643 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 705e12b471b3da01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423332225" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000006b7ac918aaceb0488e9e8ecfa3bf6c5900000000020000000000106600000001000020000000989cbe90654c367a12d39738109bdf3787341464b675f77baf2881852cd96b07000000000e800000000200002000000044bc4d527ab02e39a72de276f0ac2f09f143c58c0a6c98e2f019c723076db06690000000e54c2d33d0b3f13e684340ddc999167185ce28f8b91067035a453514c6d158d9aef470d2e5189145a5bdc21af7bad145f141b958ab880b22bb9b41e375e6f75c5b1c26a91b551607f0f9461470839bceba45e86b9e557f122e212cd46ba3cde984c8d8285a2f14543307ee1b000f617f4ecfa0723a4460e1d651f18f463a380392056ae3919dd8e8ed4e3e2834c6688240000000d1dba030218387c681caa12a4f329d8cd3d1ffbbbf85caa1fa4512239ea6e1971fd535f2c7d896e88a2b701599fdafd750ea7fdb521b5986af0e34a94351c373 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 1308 wrote to memory of 2032 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1308 wrote to memory of 2032 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1308 wrote to memory of 2032 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1308 wrote to memory of 2032 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\8786e3a2b17ccb9b0c6c63df2711bb27_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1308 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | animehip.com | udp |
| US | 8.8.8.8:53 | yllix.com | udp |
| US | 8.8.8.8:53 | ehgt.org | udp |
| NL | 178.162.140.212:443 | ehgt.org | tcp |
| NL | 178.162.140.212:443 | ehgt.org | tcp |
| NL | 178.162.140.212:443 | ehgt.org | tcp |
| DE | 185.53.177.51:80 | animehip.com | tcp |
| NL | 178.162.140.212:443 | ehgt.org | tcp |
| SK | 185.66.200.224:80 | yllix.com | tcp |
| NL | 178.162.140.212:443 | ehgt.org | tcp |
| DE | 185.53.177.51:80 | animehip.com | tcp |
| NL | 178.162.140.212:443 | ehgt.org | tcp |
| SK | 185.66.200.224:80 | yllix.com | tcp |
| SK | 185.66.200.224:443 | yllix.com | tcp |
| SK | 185.66.200.224:443 | yllix.com | tcp |
| SK | 185.66.200.224:443 | yllix.com | tcp |
| NL | 178.162.140.212:443 | ehgt.org | tcp |
| NL | 178.162.140.212:443 | ehgt.org | tcp |
| SK | 185.66.200.224:443 | yllix.com | tcp |
| US | 8.8.8.8:53 | www.statcounter.com | udp |
| US | 104.20.94.138:80 | www.statcounter.com | tcp |
| US | 104.20.94.138:80 | www.statcounter.com | tcp |
| US | 8.8.8.8:53 | c.statcounter.com | udp |
| US | 104.20.95.138:443 | c.statcounter.com | tcp |
| US | 104.20.95.138:443 | c.statcounter.com | tcp |
| US | 104.20.95.138:443 | c.statcounter.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\103621DE9CD5414CC2538780B4B75751
| MD5 | 822467b728b7a66b081c91795373789a |
| SHA1 | d8f2f02e1eef62485a9feffd59ce837511749865 |
| SHA256 | af2343382b88335eea72251ad84949e244ff54b6995063e24459a7216e9576b9 |
| SHA512 | bacea07d92c32078ca6a0161549b4e18edab745dd44947e5f181d28cc24468e07769d6835816cdfb944fd3d0099bde5e21b48f4966824c5c16c1801712303eb6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\103621DE9CD5414CC2538780B4B75751
| MD5 | 5fdf288cd06ce021862dbe7089c31929 |
| SHA1 | c754e58855d9e24f5674c6d03b2fa9f58e0674d5 |
| SHA256 | 2e6525c740697ff1f75e875348b356049f91fb4260bd92e7097dffeeca8a97ae |
| SHA512 | c557f52191073f15cc541569090538c694db86f17e6953e3224d5d6cd30a6265911e184199225f0f09ad9119e605bb99b71438e6ab7d76343e728a77790720c0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\9AA8D53844A0725B4D47B9F6608E68B1
| MD5 | be5d572000642369d77643933087d885 |
| SHA1 | d0625c1a1e48966587106257b68a1536dab8f3bf |
| SHA256 | 3c840bd82579c3b22372c742fe95249817157a7ed62ba52b0ed833c37cbff3bd |
| SHA512 | ad46c5a3897632d10923080d44f53020f02d3367e6f5aecb2c43610930bb754aaff0c64f04e0ff0fa8ba5c218e40fd7e2a8bead64b24ce5532bf17c7295d38d6 |
C:\Users\Admin\AppData\Local\Temp\Cab9407.tmp
| MD5 | ac05d27423a85adc1622c714f2cb6184 |
| SHA1 | b0fe2b1abddb97837ea0195be70ab2ff14d43198 |
| SHA256 | c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d |
| SHA512 | 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d |
C:\Users\Admin\AppData\Local\Temp\Tar940A.tmp
| MD5 | 9c0c641c06238516f27941aa1166d427 |
| SHA1 | 64cd549fb8cf014fcd9312aa7a5b023847b6c977 |
| SHA256 | 4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f |
| SHA512 | 936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6a46ae93bdc99a8b6444f6d32ed9999b |
| SHA1 | c6f7bf6d60f77d3db500195e2441f7a86a64149c |
| SHA256 | bbac2e30416cc022685dfd8405613714a285b2a667f75e066edbbd157465c0e0 |
| SHA512 | 15a89a1436144691b4c5171ddb69374f21b53b13a7663af850a816da3414787151342854494e48808f1801edf39a714a73284a505c392b30c3b90ef0646b3147 |
C:\Users\Admin\AppData\Local\Temp\Cab94C7.tmp
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\Tar951A.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1585dd3624d7cce953fbf56106ab3761 |
| SHA1 | 28a9affa64aee5b682dcbd676ac2ae87300336a9 |
| SHA256 | cd43fd060e43d4b09a72f5d2516649d00112bd78740291c81ee9fe8b366d3b20 |
| SHA512 | 752a821cd9676cc4f3150ee1e46d42721b7d2128a7980646f9c2b365d7cdc213d7aab8d7ad1fce8258d97180773caa38fbb89d7bc120ccde287d4e42f941dbd0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2c31c908c90da1cfc3ca3f7c317503bf |
| SHA1 | 141f0c6bf4d6740b32154cc2eeaaea87dea8cba4 |
| SHA256 | e7827d43c04d54c4278c5ddb0cac17667be8168230fd944a741df53d677832be |
| SHA512 | 9ec133530968b963154454688f6f900d3564cdc709aacb37b7b053ef4843f9987103247992e288336c94312c6a387c4f42bcc92b55ca7106e684739d09f9640a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ec3e100155592f7cebedbdf90ceca2d2 |
| SHA1 | 8ce7d7ec8f3d8a0dcc2df548c67c645111295390 |
| SHA256 | 46b5bf23c7658496b1ed1c18ba6532a2c36ba1987567492101afcb6af919ae21 |
| SHA512 | a85a7ad68959a7f967419516905198fd11e3fd12c2f823ba51115044f4b667f278c5fb86e80b791132014c3843b4ce3c2d4a49f5b9f7c30ebeaed25d90f85e75 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6ada34b8895e1c2a9e57d1be84086554 |
| SHA1 | d4434c2b4ff932a1c05c8c340fe9fd53a251819a |
| SHA256 | b09a85922771611c4a1a6374bb3a8a8de2e7ee68637f61364dc7a628373b9709 |
| SHA512 | cc782f46b75deaa6f6e7d319534efe546a87321bcf8a2bd27ed672e8773b3736b2f6a7008d3a0d153c4f54dc8024aebc4781f3ebb9420027913f4b318bd57916 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | af4d8219e0050f4ae21978292aceab70 |
| SHA1 | d07015958ecbb4fd0eacf910818fa2e663efc588 |
| SHA256 | 4adbde2d53c1a1158a5f8004038bec7532f2ebcf5df6fb61f96886381b71431a |
| SHA512 | 6861dd84c648b1d8fac4081a3a0194c59454357817d860e9923bbf98962971879bd6136103102a51b6f0c4b63489c6938effccac42049c10038db056030cd178 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c2864f89341270344e41ae9c188c5e32 |
| SHA1 | 5911bff7c626a8f79d9e882ac07e480f4caf2b81 |
| SHA256 | 8bad9488e740e8fe397a1e7e3b89c1bc92d2bc4ffd277e04ce03664b51194f38 |
| SHA512 | 2a2cf1f7d2e69ee8e38eee0d1328478161fa38fe359c819a2ac6b94361404cca429d74d77c5c7b3523612f5dd551dba1706f3db8d35bae513ec82e87102f0185 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d0e5aafaf909894a636e1d4b06d5b588 |
| SHA1 | a9752d8147f5b941548082b20c3bfbc6931ca939 |
| SHA256 | be6d905cb2f3fb11a6bcbf41a48cc3e2b427d6360fa33891b1fe005176d896f7 |
| SHA512 | 70fe14a3314c59614c84657e6ee47ed3691acbe978af8d63f3b34fcbdb79faa2603ee79db2aede8837f5998d8d059164d093ae6ae34b025e98e16f5cf5ef034f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d6cae91d97fa3c32848870556cbdc277 |
| SHA1 | d80f2c34cb5484f7da7919434928e2c048940436 |
| SHA256 | e53167bb49b622f8320b67252be21575956407526aa7bacf4798f49bbc01ff47 |
| SHA512 | 09c7dfbf7253edd4659268aa65888f6d4406e37abad051ceaa7acc81e767be9185e77c4cff497802465f96e8ddb6aa99be2862b2a8f4cf5deb8809e9187df0b4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 91080143ad7819241efaacf35ff4c96b |
| SHA1 | cef23dc5ac2822a01328a4abd33a8aab0449725c |
| SHA256 | 0f7ce93a3b5f6bb63b538bfa330cf4532323ce6af11866683b62ef558df1145a |
| SHA512 | a5cf3656f48283dccbda9bcf5d1067b234e8dba519390a85bd083e08e1cd0325a9e32d8c78268d73d46b19f9da769d48865c3d3bfb1fb7b749b74a671c51f02c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f659e2112e2dcafc6a36a0f15067fb4d |
| SHA1 | c4e5c1beef1ff2bf43aad6fbb03301761daff219 |
| SHA256 | f70945210eb5b0b8ad1c37c2ce2cf10c64b1a68f3ecea9fbb619ad99a202c686 |
| SHA512 | 0c203f5dcdf8aecbc484088839abaeb7384fc1984e2feefc88680c15bb0a78bd04ce1c7e39f8c04a8894a7ae5cce5a081eb171b368d4466dc307911e097dbd37 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0ddb05d5e3dc4bf148fddf71f7260c2d |
| SHA1 | eb8934e18be8403c560e51b4eb1e18f5274767d7 |
| SHA256 | 99712c2a95633383d181e1eec144a4536eed179cb2a69694a9bed6c0c81ae2a3 |
| SHA512 | 30286cb4958810d689854db51c2664191c3d90dd78b5b35d3b11454bfb6972d94e657a36804a5031823a194cd9c32ed431961f9148686df6195ce2095cdf31f7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a925adb8538f496efb7a7dc4281cc6ea |
| SHA1 | ab008e841f6f68963f70b9d2a007e962061d89c9 |
| SHA256 | 9cdc0409deafec7c12bbfa2b6cba715a6febf2fa25239f305b832283c8282f57 |
| SHA512 | 123cf469a2ccb7df84d5c4fbe08d1eb0d1a3233b0b7527af4d3e23481377ba95e27bbf4671d65e07835ccad75bd893084c0a7b06a47985c56e96e809edd60ba9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0f128fdff94507d3c6cc174ad8bdce12 |
| SHA1 | aec6c068e92ff8a82dad3aa6f11f027bb84fe1db |
| SHA256 | 694bf435faaf15d2ebd6c34f55148a4697ee39232eac454cdc4b7b08e9aed4af |
| SHA512 | 96c5f0b40e53edcf0dfa80f09ceaf359cb1b1abe8f86e984086f29f4901c941dbccc119f516936ce25c44bba84f166cc519161aa1426a338ffe3cf01e08dc006 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 602b18fab3365d5c41fe0a2415f86552 |
| SHA1 | 3bd121d88f50912c9d081ec7e8dd8b038928653b |
| SHA256 | b468a6eb1288607bed12c162ae3be288f567d924ab968ef4428532ee3c5c1a54 |
| SHA512 | 6b7cce711bad2d75b844f8fed8009c0a60d1c88c547365501df5d7a1f1f914288e2e96ebafe1d041b7cbbaac282fbc4a271e288ffc4d8e331ba046bc579bdfd4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 682959c62f75ecb03df4b124a6e226b1 |
| SHA1 | 1873213c327a1c934678f0c4eab3790220d3e50a |
| SHA256 | d5895c6370771d10be406ec26347fa8a593b92bff5ac8201bd3c62241c2ed8a9 |
| SHA512 | 67f578336a417031863bb6529dc99d47f05ec39ce242620524ae509fdcb4a3e1fd787b5acde5a45f448908f205e7dcbdb75eabf1695201d8cfdf034661f0252b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b71a760adbbdce67a8bdd9b10a988dac |
| SHA1 | aef1d593f1b28bc32947fea86b5e8b3ce315f5a3 |
| SHA256 | d7d7c45524ce0d6e2f8cb0ae0af4720899594c1c349dec0a4b03a13eaa7932b1 |
| SHA512 | e29a66d8862a84e29b6762f3acd474c6d0454253cbc2a6c391259d8c83579ecc694b996c0d8087eeb9b49144b1d4828ed6d8fe77f04e3e1cc01926c215944cd6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e6e62a00139d8e0821a295bdbeb99775 |
| SHA1 | 2317743accba8b6669b1b3ceeb1c3e25f9c281fb |
| SHA256 | 98d68de2a9a14edd0104b985a53e2b78c0d03679aeab25663664a90d2c48b186 |
| SHA512 | 85bead797c9f55868cc8a98f044a370e0b910e1d96c7d847c48d295fbf3fe5afadecfd1a2755d74afe6408717dccbd003533bb20c378334d56cd14204b314caf |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ce6fed178b55c06cb1f41def23186576 |
| SHA1 | bbd6a3b52c7144ffd74ea63ff448e478cdcfaabf |
| SHA256 | b0d44322dcdf777adb799c1b09129b808b70fdebbfb9dab4a6244f16b4b6619a |
| SHA512 | 628697c839911e89d897b547ccc1130950fe3d8167975de783b8338e6c96f72bba6f10ba624745281ceca0f6161221ca78ffd5a99bec2a41121708222b4880db |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0c3cc9fca9b9d20661ddcfb438f3dce8 |
| SHA1 | aaf558c5855397364779b041a28026ae99b85779 |
| SHA256 | b8a964a67b41bc2ce0c03931e0f5cd1e55388ac99761fa1e6e56bbcd67679751 |
| SHA512 | 187d155948b76262cf6cd5318bc7d9e47348ea8d6d1adb9587892f31af751961f22b3b8c8613a3862e57a0a5ce9b061958d9b46612ceee51db36f18ed838373c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 33ba023359ac0e1b6ef9c1075f3201d8 |
| SHA1 | b8ac216d2108b75b236c957fce2d43cf7d6760f8 |
| SHA256 | 9f65165aaedeed5eccab579df0c18dd1ea0009fb95c36b9e8c80336ba2e836c2 |
| SHA512 | e481e4b61777b837c1c356aa20724c35c0b644af7560238c3436b357b83e6a832c44bb4b2e233497fb3ef40b47fafbc0cb2d0be06654dfc64a2918bce43fb998 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | a0778595d2bc70648c4fb41596456299 |
| SHA1 | c3386ce791da14dc70fbea12efea2aa055931222 |
| SHA256 | 64808c4228e07a9ad96cca305fe1897ae92d92238dbac7b2853bbc937ab1db7a |
| SHA512 | 1749d05f1e7fb5a004184194802cd15739372f3b2cb4c65ad1e1302a93391451fd71e66cc52730612da3652faff324ba7840218a15a03240914ac1131e1ea35f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | a266bb7dcc38a562631361bbf61dd11b |
| SHA1 | 3b1efd3a66ea28b16697394703a72ca340a05bd5 |
| SHA256 | df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e |
| SHA512 | 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ca6a7bb3b1513110ab06c12bd5c9c20d |
| SHA1 | 59c266384ecedc84c714fca2ed9a992219598b47 |
| SHA256 | c9ea51073f54032153bfc8243920a7d06d0b81b08836ec0a872351509c201b68 |
| SHA512 | f910556daa514a9cbe91b3116f79669e7913350f8203352f0bf9bb74eadde86191eadd348cb84551cbe7e95c5701dfaca705005d87db7e71e62b06e8384a6727 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b8b5591484a8f5409a18c982180aeeb7 |
| SHA1 | a27f719a5f7584175f90bb458ec65c5d9c152fa5 |
| SHA256 | aad1633d2a7cb7abd8ac537f00e989387c9a9cd119c2170add430fed08d0e448 |
| SHA512 | 2c82f952fca4aa300e72f039c2df666565d524fb4db2b074e45e0405210fb0a604cbc023ad3ae34e4d37162b1394c471afaa020f7b9cc323cc3065c5923ec7e3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7a1ee0b63e176c5b4ff3dfb1891d55b5 |
| SHA1 | e9c01327db511d45585aa3ca1be92dfb56583298 |
| SHA256 | c3cfcb63a5662450348b192a1b00c0532a05afa4059462b726c25d8544d7ca2d |
| SHA512 | 26c17f4d6a0ad6c8f3cc37717104fc8102abd7bd95341902d272feb25dcc92a56e70db6c15c55f2134abd8d617762ac6b0c427b5a166e1dd5db2215bf49aa778 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | dc2169e125ac38955db3ff42b9db7391 |
| SHA1 | 5c3ab37e6262bde87d6b9e090c174134267b2174 |
| SHA256 | ce5249a1d279cac0a557e73ff6a6f4c623ce5fc14a429705f0107e62aa6c37d6 |
| SHA512 | 9ff504d3bbbb96d3d278bdaf4ccb0f5b20c1ff8df634e679eaa6d0bf226b1da906ffba105b2662107d422575bd235994622d5f0dc69181bbb417dfa70914e0e9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | e4a68ac854ac5242460afd72481b2a44 |
| SHA1 | df3c24f9bfd666761b268073fe06d1cc8d4f82a4 |
| SHA256 | cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f |
| SHA512 | 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 791d1ada433924207a19cc9c1251803a |
| SHA1 | 294cb5623fe2e48a6246feb81ea70a8270e274a3 |
| SHA256 | ecd7e05edac80cc56768f372e1ae3a152a23423d7b32be88ff13d99fed011c61 |
| SHA512 | 9fb94f66272f4e4c7d1ff78fdec766a5945e9779c9632828893dc0873cb04c99e50389e1b733a473b53e93ebc3ebfe3cf8999b3de277e1c7513556f1f771af5e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4a03f049b483e7adc38b02bb3a6a0dfe |
| SHA1 | c42d07d183bc2b5e5a8e8a0fad59df9a499000f9 |
| SHA256 | f746fa46dc5f47049da9557f5ec293afbb2330c37a9ef41427a97fcab7ab255c |
| SHA512 | befbf33861cbb8216e9734dac841e01637a287291f5a82036ba582fa3379ae197fc1b3b7af209f82cc27c77be1caddc555f107a32663f408169df2577c2ec399 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 987a2d6bf4db8f9b68369abb6e368ad3 |
| SHA1 | ffac89e365c4aa389221de2726205bbe8ce15161 |
| SHA256 | 8cb4fbdf8363fc1dad60fd338e232f1e013ef326eac4d7f4a388da4698bc64e1 |
| SHA512 | 44bd89ded275198a579b8fef82eda66ca25ad959e85ff742805964eb695ab828b04ae6a9691695a8b83f1a05d14cfebbb8caadd5520ced108bdc3eb6569a0c6c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | b266f36807bc888fd13158f9cda8db17 |
| SHA1 | 8245ec888bad7aaae921cfb5024562b1105f390a |
| SHA256 | 1411e748a2a020227b6a62f1aad916c9179a6f8207009835f1caef806e1e3e0e |
| SHA512 | e61c43ae40a85f286c803f09d08b8c690de22f2f55bc8d39d948a297d436c7aeaf7a0ab876edf14fcc154c8340f81bfdfbbcc38d483993237bea3aa3380b22ad |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 50abc2938e3a9570da07ecd3ac7e6c21 |
| SHA1 | cb945f64005c5a7c549db5095a49bfa09679894a |
| SHA256 | b2e03e488ffabb4d07b2a86c0851265bc1ae5ebc14fb7eff25abe35fce71e056 |
| SHA512 | c24cc4d759efdfea4d51c2234e81fcecd8d94d60f075baa039e0819b8a1742f7130029ec8757ab1fb15220554671bbb1c5ac3ed76612dcdbf145ef19363f2bdc |
Analysis: behavioral2
Detonation Overview
Submitted
2024-05-31 15:45
Reported
2024-05-31 15:48
Platform
win10v2004-20240426-en
Max time kernel
145s
Max time network
141s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\8786e3a2b17ccb9b0c6c63df2711bb27_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb447946f8,0x7ffb44794708,0x7ffb44794718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2056,18071771011592208192,7993401916184234288,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2064 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2056,18071771011592208192,7993401916184234288,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2136 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2056,18071771011592208192,7993401916184234288,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2760 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,18071771011592208192,7993401916184234288,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3252 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,18071771011592208192,7993401916184234288,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3260 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,18071771011592208192,7993401916184234288,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5320 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,18071771011592208192,7993401916184234288,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5244 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2056,18071771011592208192,7993401916184234288,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5792 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2056,18071771011592208192,7993401916184234288,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5792 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,18071771011592208192,7993401916184234288,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5048 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,18071771011592208192,7993401916184234288,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3252 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2056,18071771011592208192,7993401916184234288,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4936 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | yllix.com | udp |
| US | 8.8.8.8:53 | animehip.com | udp |
| US | 8.8.8.8:53 | cdn.popcash.net | udp |
| SK | 185.66.200.224:80 | yllix.com | tcp |
| GB | 143.244.38.136:445 | cdn.popcash.net | tcp |
| DE | 185.53.177.51:80 | animehip.com | tcp |
| SK | 185.66.200.224:443 | yllix.com | tcp |
| US | 8.8.8.8:53 | ehgt.org | udp |
| NL | 178.162.140.212:443 | ehgt.org | tcp |
| US | 8.8.8.8:53 | 133.211.185.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 224.200.66.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 51.177.53.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 203.107.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 212.140.162.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | cdn.popcash.net | udp |
| US | 8.8.8.8:53 | c1.popads.net | udp |
| US | 8.8.8.8:53 | www.statcounter.com | udp |
| GB | 89.187.167.6:445 | c1.popads.net | tcp |
| US | 104.20.94.138:80 | www.statcounter.com | tcp |
| US | 8.8.8.8:53 | c.statcounter.com | udp |
| US | 8.8.8.8:53 | 138.94.20.104.in-addr.arpa | udp |
| US | 104.20.94.138:443 | c.statcounter.com | tcp |
| GB | 195.181.164.21:445 | c1.popads.net | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | c1.popads.net | udp |
| US | 8.8.8.8:53 | 97.17.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | c2.popads.net | udp |
| US | 8.8.8.8:53 | 103.169.127.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 52.111.227.11:443 | tcp | |
| US | 8.8.8.8:53 | 22.236.111.52.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | b2a1398f937474c51a48b347387ee36a |
| SHA1 | 922a8567f09e68a04233e84e5919043034635949 |
| SHA256 | 2dc0bf08246ddd5a32288c895d676017578d792349ca437b1b36e7b2f0ade6d6 |
| SHA512 | 4a660c0549f7a850e07d8d36dab33121af02a7bd7e9b2f0137930b4c8cd89b6c5630e408f882684e6935dcb0d5cb5e01a854950eeda252a4881458cafcc7ef7c |
\??\pipe\LOCAL\crashpad_2128_PHPUDYLIWINSWTYK
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 1ac52e2503cc26baee4322f02f5b8d9c |
| SHA1 | 38e0cee911f5f2a24888a64780ffdf6fa72207c8 |
| SHA256 | f65058c6f1a745b37a64d4c97a8e8ee940210273130cec97a67f568088b5d4d4 |
| SHA512 | 7670d606bc5197ecb7db3ddaecd6f74a80e6decae92b94e0e8145a7f463fa099058e89f9dfa1c45b9197c36e5e21994698186a2ec970bbdb0937fe28ca46a834 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 39bb6b13877bf4988455e6abd8d7460f |
| SHA1 | 75432268d0c6d7a902a410d1c8897c59bc0ae51e |
| SHA256 | 7edb1877529283d4efcf34b5c933e58127b412727a81fe95fcdb453ddfdf667f |
| SHA512 | 656fc18ce0ba3a2817f764aad7255d11074e0103f6f67c1f78145f68dce26ec25c22f51f0eeca5a0f7535fbb38da31a14e97f65e0a8e101f3ec87b97be781e4d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 3b3af6a5dfc07b492d34565be0dfb15a |
| SHA1 | 4ca22ee60d68ca046b61e80f27deacf5de622850 |
| SHA256 | daa264d4960f7c239e22777ad7246c578d380b4033085ab2f43918957bde0bcf |
| SHA512 | 382dcdde587e0f5cbc29f383a256e5f32351cef2494765020d06d213687f8d428b8ee92283a1018c753f98002cbf0faf094839eed45ef80a22b1ec7e3ae8424f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | e886d81af02f8a13da991164f3d7485a |
| SHA1 | 62eadf7d58b35c9d43a91974e62cf3b7ce4c3dbd |
| SHA256 | 6b5b5d9348eedb6cf8cdffc354c6943c1ee27d6ed6cef7b596fda019b7e2d910 |
| SHA512 | d4aabd8fad50e33c83f99a66f02fe84cd740762014aa2527092fea3a243455320aaa4f7f4be3ecaf2a196df6d9fdb64fd43c5fe9aab74ef5e362a27805f14a57 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 4a758dcfaddb5fd836e6947299310198 |
| SHA1 | d8e48edb089fd73976d37415f532d1bb63c1cc98 |
| SHA256 | f3c8bb37f28f86e2f7760f0b4247c5ba311eb81e5be1d76687ad87695d73995e |
| SHA512 | f79baff96e3f0d9d9d06d40f7f521eb513e114e285fb0cf08a184de9ae719d340e72fd5dd16a7daae5299995b22770e0e67f74f487cf15334682c9413dfbc4dc |