Analysis Overview
SHA256
34e182f98ac907236a1d9e7a48cb4b6c2084a06d4c77aed7a4db01930b5db469
Threat Level: No (potentially) malicious behavior was detected
The file 8fad54dfa9f00d786d679326d3c79559_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Modifies Internet Explorer settings
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Enumerates system info in registry
Suspicious use of SendNotifyMessage
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-02 22:37
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-02 22:37
Reported
2024-06-02 22:39
Platform
win7-20240508-en
Max time kernel
142s
Max time network
142s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423529690" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000760f6fb6d7365248881a38bcea68cf8b0000000002000000000010660000000100002000000004bbd3851f327b7a13fcbb04b89be3fb7db3be34b6e0ea9081912ad2512d1965000000000e8000000002000020000000eb2e0133d93301a9c384c22e0f7bbb87fe63c6b54b38c85e16f60b700855e99c900000004d5bc175407b8f1beddd279baf902a0127e54d282773ac8206553e1cb476405c665d4e249ed2387b97affbd0b555cd66582b5f63bee99c1e2b56f0c2b92363992fb709a048a888dd197b847e6714aa0c44fc7c14112c9c7f273e7c9b62c90005e9dd671bf7198cc2ba23ecb5e33a49683237b7eff341cf2ca1e5a9976282369ee602d45b45a79247b8bfcc5c84a84c814000000006f0d2d1830f779b15065d68d2944434dcedc895aede3a4434bc9ef4e21f3a9cc6e72c90d553b6188b0c825e0d18d45443f514c19c266852d38c9674116d5f96 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000760f6fb6d7365248881a38bcea68cf8b00000000020000000000106600000001000020000000077d5deac3fd7a645969dd3c19bced406f56b9665ec646fa3f3d1fc0a12e7221000000000e8000000002000020000000dd80359b4d1c9bccdd0f003d424f9739198e636598844a5fcb49eea044f44c7420000000786b0053d6f564ee14fd53eee7585d75d7d8ee0f475657d886ede355fd868c334000000004084c4e1aa00f3aeeedb97cde2861b2056192a96146e4012d9a13edc2f50d959f2811d01ae963d92ff3638a213c7a448f79c8f76dc30af2b7ba9b9c1a213240 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{A215DF81-2130-11EF-BAE0-E64BF8A7A69F} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 103509793db5da01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2284 wrote to memory of 2996 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2284 wrote to memory of 2996 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2284 wrote to memory of 2996 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2284 wrote to memory of 2996 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\8fad54dfa9f00d786d679326d3c79559_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2284 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | dsc1996.org | udp |
| US | 8.8.8.8:53 | farm4.staticflickr.com | udp |
| US | 8.8.8.8:53 | farm6.staticflickr.com | udp |
| FR | 52.84.172.83:443 | farm6.staticflickr.com | tcp |
| US | 199.59.243.225:80 | dsc1996.org | tcp |
| US | 199.59.243.225:80 | dsc1996.org | tcp |
| US | 199.59.243.225:80 | dsc1996.org | tcp |
| US | 199.59.243.225:80 | dsc1996.org | tcp |
| FR | 52.84.172.83:443 | farm6.staticflickr.com | tcp |
| FR | 52.84.172.83:443 | farm6.staticflickr.com | tcp |
| FR | 52.84.172.83:443 | farm6.staticflickr.com | tcp |
| FR | 52.84.172.83:443 | farm6.staticflickr.com | tcp |
| US | 199.59.243.225:80 | dsc1996.org | tcp |
| US | 199.59.243.225:80 | dsc1996.org | tcp |
| FR | 52.84.172.83:443 | farm6.staticflickr.com | tcp |
| FR | 52.84.172.83:443 | farm6.staticflickr.com | tcp |
| FR | 52.84.172.83:443 | farm6.staticflickr.com | tcp |
| FR | 52.84.172.83:443 | farm6.staticflickr.com | tcp |
| FR | 52.84.172.83:443 | farm6.staticflickr.com | tcp |
| FR | 52.84.172.83:443 | farm6.staticflickr.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IO0LJX84\jquery[1].js
| MD5 | f48baec69cc4dc0852d118259eff2d56 |
| SHA1 | e64c6e4423421da5b35700154810cb67160bc32b |
| SHA256 | 463d99ca5448f815a05b2d946ddae9eed3e21c335c0f4cfe7a16944e3512f76c |
| SHA512 | 06fdccb5d9536ab7c68355dbf49ac02ebccad5a4ea01cb62200fd67728a6d05c276403e588a5bdceacf5e671913fc65b63e8b92456ca5493dae5b5a70e4a8b37 |
C:\Users\Admin\AppData\Local\Temp\CabBE5.tmp
| MD5 | 29f65ba8e88c063813cc50a4ea544e93 |
| SHA1 | 05a7040d5c127e68c25d81cc51271ffb8bef3568 |
| SHA256 | 1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184 |
| SHA512 | e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa |
C:\Users\Admin\AppData\Local\Temp\TarBF7.tmp
| MD5 | 435a9ac180383f9fa094131b173a2f7b |
| SHA1 | 76944ea657a9db94f9a4bef38f88c46ed4166983 |
| SHA256 | 67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34 |
| SHA512 | 1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\070E0202839D9D67350CD2613E78E416
| MD5 | 55540a230bdab55187a841cfe1aa1545 |
| SHA1 | 363e4734f757bdeb89868efe94907774a327695e |
| SHA256 | d73494e3446b02167573b3cde3ae1c8584ac26e15e45ac3ec0326708425d90fb |
| SHA512 | c899cb1d31d3214fd9dc8626a55e40580d3b2224bf34310c2abd85d0f63e2dedaeae57832f048c2f500cb2cbf83683fcb14139af3f0b5251606076cdb4689c54 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\TarCAD.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | cca640a28913ccb9eb182d699f545603 |
| SHA1 | fcbc06846d5738d210e1b7186ed9e0d140331d38 |
| SHA256 | 23a50acb1600638d847806a0d34081c31d75a57f70b92d0ceeaacd39e8d2358d |
| SHA512 | d90e88d70ab913529a0662142d20037280d40b7b55dbc4d21d89642398bbaeaba5fe0b2928f37f13346ae4747e4d7a0dd67e6e836fb081dca659f14b0d1ad9d6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d26a0100d8ca25aa86769ab891381ff0 |
| SHA1 | 67f2b5ba771f7d09b8700d13aa1cb35a5d53354a |
| SHA256 | 97da5efee023721f6fcb4d4d6fc1025e4353e844bd1d44b1da5134d2f9b80655 |
| SHA512 | 513fa895145495883eb860182ae758fd02d87f699f08851d497127aef2d7439a87e77122359503dea0bd8cf21c444bcf6b7ca914383acf61bc93498391e03d1d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\070E0202839D9D67350CD2613E78E416
| MD5 | c4369124e9691fc23ec70ab764e9c689 |
| SHA1 | 1729d51bb46ff2dd6cece88631e554945114f719 |
| SHA256 | ddf9409095cba0259333c572f2fec0a01456b7ab33af9e823b3f632b59f36d23 |
| SHA512 | 26be75e307e290356acca70e548efc1b2732df89aabb31553cb7bf955cd09bb61c5c2f43153c892102a06738d2dd9a9e05ae2875e5e6da2537a431c55182e470 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 872150646f853af4f1e1aae9708a6910 |
| SHA1 | 2b7641845081a04b2164553e9ead94c3c9ea4209 |
| SHA256 | e89eabe171e552c378a75c09983bc5ddca5e16de390e796520f3947b4d92fb7d |
| SHA512 | c36006caaef6a244dd6752349139088f0d17dd1a4e4a0e601f5709d7df01ae16c5ad1f703bce72d4be184cc07f67a49835e198a914f77c1474d43ef10e440e33 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9e3ec7f1692078785e43bd98303ab25d |
| SHA1 | 976bb7d7db2d5ce911411359c5aa6fcbb6760898 |
| SHA256 | 58058fea45a29a40c273e58a533bbb3d67e551d1bc80991e0dffec5044e2dc15 |
| SHA512 | 461ec800d564d0c934e7d62e341379f2aff83853adeffebd491a3a9fed76669bedd5430c4dc9d268a80d7e7abdd50d9f4c90c7747869ac189ac93a7e811e98bf |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c41cd35c8d2f52dea7c99787d2607138 |
| SHA1 | 6e90dd01791a7bc04d476bd2818c1ba0ce2f670d |
| SHA256 | 517d985e8d3685007c1f8883a1661f33152e8e25efb16f78b5b5d8acbd226db0 |
| SHA512 | 4f6412c8c5ad0304533b3b22933d4ccf28cc6624ad8ee8c4bce000dba69f3cd831a67ed0bb0d4e2c7ec302aceb23cc628f8bef9eda6ac3531a6c276202209238 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2fa35eaedd3a9c56cdab73d81d0b7e1a |
| SHA1 | 0edc022f08f9c044b74ef32c9e89ae63368c626e |
| SHA256 | 4a408bf6981421396313bb0bff0f6b00f83c837bfa2b5123c8f429218314990a |
| SHA512 | e80c1bb9d96594a8dae3a59a846f08a996aafdb9f45ce2cb5f8a8d6b1c36c8758d7c2acde4fd11bfe35dbcea6a3d31bf763606c282ae9f198812ebf71355c781 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 95449630de9e6bf9045694436d47a972 |
| SHA1 | 2ae59541fa58c0acfa0f5b58bd278efe69a35617 |
| SHA256 | 3a57a1bfd97910ec8fb47f74f5d85bd4d6807df94f5c2eefe1ed03d1cde4d1e7 |
| SHA512 | d7fbbc42d6abace37ebc22b99dd03e9b3b5813241857127a64271b5c9ea7c3aaac52ba98293251a50af1d373db2113a494a6fce279afb3deb8184da135c0e5d2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B66240B0F6C84BD4857ABA60CF5CE4A0_5043E0F5DF723415C9EECC201C838A62
| MD5 | d365ca571df7951d89a326bbe098f6b7 |
| SHA1 | 749bf5bc4521bb6a7037150e0d4c60bc450270a3 |
| SHA256 | 690b6d331029f4d15deb3fa774af97b4113f3af47f4e9357a3bf8e1e3259b96e |
| SHA512 | c8e8de23428f1cca0cd85e368e5e87a90741ddd872e400f445e1e41f6cad923e768bf6e5a4937f338fdd28cd536369ef784cb7acdbd5beb3d5e1abf45e44a7e3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\BAD725C80F9E10846F35D039A996E4A8_88B6AE015495C1ECC395D19C1DD02894
| MD5 | 7e668167b35d35c097c50de0061f5796 |
| SHA1 | a8e5895224c4d13389e0f690b7475f46c3c093c1 |
| SHA256 | c329ae502f0a4e8230b8e7dcef14e255a7c6d19b3fc9d8e9d77754ae3e8a1f85 |
| SHA512 | b63a73ee017a1bcc5dd6b71aae315bcaba122c6e4d57ddebd24a3c730d3e3ee8d7c3bd20a4880a30ecf9e8a8b810876a28bd6df4263eb51ae86a318631c957d1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\75CA58072B9926F763A91F0CC2798706_056B48C93C4964C2E64C0A8958238656
| MD5 | e51995ba97ca43c0d913d92ff2f79255 |
| SHA1 | 19862f72315a0e76e4cf3716465e97d307d73540 |
| SHA256 | 6b8c2c5d372c217a67c9e067ed5251d1ee45c6987460a1c56af7e617f9daf1c5 |
| SHA512 | c57e1ba377e20aa1408090a65370a4762a71145a5d1e92a7bba032f5dae51bae244915117a119fb7d889bca54d7b5c019607f388309140069f72ed34afdfe9d7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 23dc781924897a3cab384f8a05d8b5fc |
| SHA1 | 4ce9dc43d79b5aab2414621697bbe73d7da0c56f |
| SHA256 | 40235b0f321b14d3e936aa1dedf7946e320938fac599bc8ad02c7ed4a70da0b9 |
| SHA512 | 67c3c42c5563b6b83c714d329bc9eaf5ad9a47df8231c2447e1a32c6843172f2dd33f73eca846b4f1cb3437825cf73e34a8b7a1029e7c88d31f28ddea138a3aa |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 63625f4f7e81d789af6c641215e1f33a |
| SHA1 | e3c649dc0cc3db7203fa3d20a94a6125c62a0d57 |
| SHA256 | 7780d27751cb1e308c563e8ec571d2bbe0606085b0e599a6d01b7019bf798ba9 |
| SHA512 | 7ec3d7147c6fa23615d3bd10f0985b0c0212b19bfc1e23f228003f6af0a2120cda3966a203fa26b156139f17dbdb9f09064f382b0e2bbe9dd46f7fa5cef6e1f8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7d0140d9a055df497de3ac2a9f00514b |
| SHA1 | 80087bcac5f5ba7bd2453b9c28b4713bfde91051 |
| SHA256 | 22482963aa72008f1343aba3a65dc0c519807fd07ee823b4bc4e7a1de7c39ac4 |
| SHA512 | e14e31ffe248383e57557cf2383de8e5c3e6e690f7947b5999342c2c261d0ae49d256c7b0a8825896b6c1f5ce3b1372a84973775d9bec178b47d1ceb152cd470 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 55d081a77615a7fc1b4b3af3bb7d0bfa |
| SHA1 | ac3becdfe54e73b9297d50ef56b0f57df2d9b097 |
| SHA256 | 89964521692fd7b4a50517c1cde009eae2750acb83e8aa75d88142738fc16e88 |
| SHA512 | b16556f0c4139cdc616d32187bb0678d0982bc977ad66d8de9bf3b4fddaaa1f1735118740d37856e3de36bc7cf2e6fd3200bbb8ac76875a401512037ada2350f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 78b297de137ad3e13fdef8e54e487018 |
| SHA1 | 07d0b7163d999124d2329bdfdaf64b9c07fd0fee |
| SHA256 | c019490525091b68e4bc9cd14ef0ac32d9687d319d5bb8d2a2932ee7e865fd47 |
| SHA512 | d53bfed23ddf90d412a7fa9b80ec9c5d79b7dd98b3304b16adf57d06d1eeeba14a149256cb3ba3a95320c2f7c322fc3148e6acdfd96b5d6d56b0dc23855bbf6b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 85fc5b206ef9404272ea9f2738a23a89 |
| SHA1 | 6449cec93aa6ad62e36cf8299ac27bc4e94a9e2d |
| SHA256 | 811d70c88389c2448019d49b85953dc667959ab2555e58f5135ccd49c0043b63 |
| SHA512 | def8785c9264ce6fd440113c7856a8c12874b892df4a0b43cc80ef334729330ed6c725f0ff172f8df536128aeeeb7c5c39c4bb0703931d201400983af804f63f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b0a517cd7c3c7bb27ea28cd0a5ecebe8 |
| SHA1 | 45086f937ea1a4f87a116d6f462299f304e67019 |
| SHA256 | a3c179e398de703a26bccdda538d648be569206fd481369a1e2827ce67b60aa4 |
| SHA512 | 3cc0b81dab669c2f5863d66834d281c35487c2e3cd699e76c078b4b015af1c7dcef4bdf4536733ba19abdda47a4828a3f517d0b2c425ab93cd66e467814010d3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 03d59212a0a36a5badf2a8cd9f533e23 |
| SHA1 | cb25e4ac3b0ee9c9e28b757823f37447f40c708b |
| SHA256 | dace9221662b639f2e7d4aa25d4bd26157badd3985e32ae6fe8da30c0f35872a |
| SHA512 | 7c895c5ff114fbd70d011c3adc2c43400fcb66cdf725fc86f1ff679a8297eea46179aa0c35f72521803278d0196854511df90910fa3bba41e725f95aa84e4cb8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 442b698574eac305a9905c3f1a369c13 |
| SHA1 | 58dd664018480706bcabeb2e4a75de52f4d297a2 |
| SHA256 | 7bc2a31ca4173b36589a35da54ebcdefbdfaa8d19ba8b779b8e41e8c0a9db720 |
| SHA512 | b89a49a166e9d0c2f8ea3ece4704f2296fcb7611eeb3ccc14f73099021d8674f594be16d3056f3f7561181efe577efabe9b6e2bf9cd7babde00f9ca67454ad64 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b32299bd7bde69352d9e41284e6a76ed |
| SHA1 | 1f09038ec0bb10c552fa3919bca50748634402a9 |
| SHA256 | 0112e76d68da040ff12fd26169e6c53066ab3280e9319d414bd4da47604477c4 |
| SHA512 | ef806c58ca2954d070e70102523cc1c932c402ff8d5ca0fa834f4900b7c5cefdcc5cc260c2200efe703734082952c3897d2325c5ddb2885ebc592ab874149af1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 15a4e8c4717ac902f1152a6abec7b333 |
| SHA1 | fdb1b55b59c1f2aba6d45b7dd58f03bdd70f2951 |
| SHA256 | de6aecd7a71b91412a878aeab5429d45dac255ec0f897c1712e09938d3fcfe9a |
| SHA512 | c26edf428f8cbd28f86d4486a6657cb4faac6a3dd1ce983e01bb93d3f995cc38705fff9ab0f7b6182938f813614d955fab6c4f2899dc6ca2a0c52a207de9c6dc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0522a816817791c51f6d698bb63e28d4 |
| SHA1 | f7e83ce51121b26e372efbd173d7957d7db7a0e7 |
| SHA256 | c7613509661640a09656fb33e5fb9549d2642f4cd2a41be0e092b26e7abb7cf4 |
| SHA512 | 7cf4797c1c6327594099f3170b485ad11a2320d46c273cb233eb0df53a32ec5ce8a6a0b8352eaea5ba4203245c5c5c55a72bfb619d24a3fa83d764b2c5cf0149 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ba92a49c4ddf2f2385c0d1d77214d174 |
| SHA1 | f8a1c530bd4efcc6c41b006c4972f22131a3fa1a |
| SHA256 | a70b3436c0e29e00c3c116c8464127aa30071ba536b3ba69ffffe896992697e6 |
| SHA512 | 3d72b7d7c48b008cc2091cb8e1523574d82a09a3f1eb5263d551a8e361e108ab4d7ffacda1a3a94ed496cd751425bce85bcb005d2c80baafdcb5906c35ecb935 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 138ee585a7d7a8146a1d6e277a2da688 |
| SHA1 | e863bee050f7b900e692df018888f35c74239db3 |
| SHA256 | fa578664cf2d8236f389a22c52603259c3bd5cc70cb0c5701ca6ae192234133a |
| SHA512 | 0286fb7db3790286deb8c774b7ff1ab8f1e5549d8fe4ba129455b24f084373620af664714db4efe39457a374bdeb082e0a6f62b9e20e2b566f2e34b19f8f44e9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2a72fc43af3d9a4b14c2d7743cc57fbe |
| SHA1 | fa1ed69919a7cbea98264ff0adfa4e7936e142a2 |
| SHA256 | ba79afc7d7e24a180a497b729465413acef621d1603f7d60bdde2e3177375a57 |
| SHA512 | 2b9c3c2964b60b68ae70608ca1fd9a46c1c9b17f8bdbb3e4f2cc18ad9a7f861b28e53f552b5bde831ec8df8766e63f1236574a17ac3f685f07caa2be89d75d97 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | cf45a82a49cb98390e5fb4a0a7101ce6 |
| SHA1 | b8546d8c48c19f1cd64ba81217a2ac62ac481f96 |
| SHA256 | ae9abbbe9d5d7687021074af57e7ad5baee54ad1cd7a30af7e9adcd84665fdaa |
| SHA512 | 4ed18a990710291bfb2d6b0409b724e0f6a2147ca9b75d61dc2c6d751230bdb3b43914120ef36a49dd29cc8362bcc36031be9a2299f179bce2c9e8c84c0ba1de |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | fd07a4907d7695ef280659bce2340128 |
| SHA1 | f2f382aee0d1e8d660127097bdbc1b4bb588f2ee |
| SHA256 | d00e69340a9b95f8b539f8069f7f2ca63504412bda0ea86432b658bf9f0cfad3 |
| SHA512 | 58bad4ffd3353b80a6d1002ce2677a6c05b5acbc5565f8ca5da72cc203716c2d6de36e122ad1ab6c5babc599af526a2feaff09817593655189cc92563262eced |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e1289570033b7a590389590c5297d778 |
| SHA1 | ea9403e361d1be18da320102deaf3d632c8774e0 |
| SHA256 | 9be14097596dbc119120ca53b859d4be7284e18a8ead715504137dd339ff196a |
| SHA512 | c85c4824619bb838eca510151cf5bd88add93014b0ac263dc1f370dfd0e975c547bea2f842a76b41ee67ea83c8e6ad8086e7301060b01febc19ab48343455c31 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e4aa59129385d93aadeaf5d52f02226a |
| SHA1 | e013acc0c34dd2506cba13ff9bff3334053a5942 |
| SHA256 | 1c454c54f33ae1e745d4fa7a3fdf75524f239a8caa293e27e22cc87b4dd45596 |
| SHA512 | 903610eaca519bcc7cbf0b8019d1fc870b99407db1256c0e979991a56806141605bc0705bec6e6747598e2d38dbf329421b4280d9816a19fc51b54737c4e2276 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 05cf992427ec3b1c711a0558c9ebbc97 |
| SHA1 | 13084c456c9cc6f8d570244099d1ee69085204af |
| SHA256 | 891954066fff636c9e2fb5b8828dd481a29a95bf92c2563830a0df0b7beb58c6 |
| SHA512 | 48dfcb88236b5ca07cb4c33bb76628e8cf4383238eadbc82700011f01f8cc7e63c2948beb033ac9d73d1f9a25ed3dd51706f32adf27afda1035d5fb30a8f8652 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-02 22:37
Reported
2024-06-02 22:39
Platform
win10v2004-20240508-en
Max time kernel
145s
Max time network
139s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\8fad54dfa9f00d786d679326d3c79559_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff5a4f46f8,0x7fff5a4f4708,0x7fff5a4f4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2188,15003303704375723192,11064356347859893915,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2120 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2188,15003303704375723192,11064356347859893915,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2168 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2188,15003303704375723192,11064356347859893915,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2744 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,15003303704375723192,11064356347859893915,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3248 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,15003303704375723192,11064356347859893915,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2188,15003303704375723192,11064356347859893915,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2304 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2188,15003303704375723192,11064356347859893915,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2304 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,15003303704375723192,11064356347859893915,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5340 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,15003303704375723192,11064356347859893915,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4728 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,15003303704375723192,11064356347859893915,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3576 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,15003303704375723192,11064356347859893915,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5684 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2188,15003303704375723192,11064356347859893915,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1992 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | s.w.org | udp |
| US | 8.8.8.8:53 | dsc1996.org | udp |
| US | 199.59.243.225:80 | dsc1996.org | tcp |
| US | 199.59.243.225:80 | dsc1996.org | tcp |
| US | 199.59.243.225:80 | dsc1996.org | tcp |
| US | 199.59.243.225:80 | dsc1996.org | tcp |
| US | 199.59.243.225:80 | dsc1996.org | tcp |
| US | 199.59.243.225:80 | dsc1996.org | tcp |
| US | 199.59.243.225:80 | dsc1996.org | tcp |
| US | 199.59.243.225:80 | dsc1996.org | tcp |
| US | 199.59.243.225:80 | dsc1996.org | tcp |
| US | 199.59.243.225:80 | dsc1996.org | tcp |
| US | 199.59.243.225:80 | dsc1996.org | tcp |
| US | 199.59.243.225:80 | dsc1996.org | tcp |
| US | 8.8.8.8:53 | 183.142.211.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 22.160.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 249.197.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 225.243.59.199.in-addr.arpa | udp |
| US | 199.59.243.225:80 | dsc1996.org | tcp |
| US | 199.59.243.225:80 | dsc1996.org | tcp |
| US | 199.59.243.225:80 | dsc1996.org | tcp |
| US | 199.59.243.225:80 | dsc1996.org | tcp |
| US | 199.59.243.225:80 | dsc1996.org | tcp |
| US | 199.59.243.225:80 | dsc1996.org | tcp |
| US | 199.59.243.225:80 | dsc1996.org | tcp |
| US | 8.8.8.8:53 | farm4.staticflickr.com | udp |
| US | 199.59.243.225:80 | dsc1996.org | tcp |
| US | 199.59.243.225:80 | dsc1996.org | tcp |
| FR | 52.84.172.83:443 | farm4.staticflickr.com | tcp |
| FR | 52.84.172.83:443 | farm4.staticflickr.com | tcp |
| FR | 52.84.172.83:443 | farm4.staticflickr.com | tcp |
| FR | 52.84.172.83:443 | farm4.staticflickr.com | tcp |
| US | 8.8.8.8:53 | farm6.staticflickr.com | udp |
| FR | 52.84.172.83:443 | farm6.staticflickr.com | tcp |
| FR | 52.84.172.83:443 | farm6.staticflickr.com | tcp |
| FR | 52.84.172.83:443 | farm6.staticflickr.com | tcp |
| FR | 52.84.172.83:443 | farm6.staticflickr.com | tcp |
| FR | 52.84.172.83:443 | farm6.staticflickr.com | tcp |
| US | 8.8.8.8:53 | 83.172.84.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.201.222.52.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 204.79.197.237:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | 196.249.167.52.in-addr.arpa | udp |
| NL | 23.62.61.97:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 97.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 237.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 104.219.191.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 56.126.166.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 157.123.68.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 107.211.222.173.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 205.47.74.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 43.58.199.20.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | eaa3db555ab5bc0cb364826204aad3f0 |
| SHA1 | a4cdfaac8de49e6e6e88b335cfeaa7c9e3c563ca |
| SHA256 | ef7baeb1b2ab05ff3c5fbb76c2759db49294654548706c7c8e87f0cde855b86b |
| SHA512 | e13981da51b52c15261ecabb98af32f9b920651b46b10ce0cc823c5878b22eb1420258c80deef204070d1e0bdd3a64d875ac2522e3713a3cf11657aa55aeccd4 |
\??\pipe\LOCAL\crashpad_3156_NAPGMGZVELTLJDEY
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 4b4f91fa1b362ba5341ecb2836438dea |
| SHA1 | 9561f5aabed742404d455da735259a2c6781fa07 |
| SHA256 | d824b742eace197ddc8b6ed5d918f390fde4b0fbf0e371b8e1f2ed40a3b6455c |
| SHA512 | fef22217dcdd8000bc193e25129699d4b8f7a103ca4fe1613baf73ccf67090d9fbae27eb93e4bb8747455853a0a4326f2d0c38df41c8d42351cdcd4132418dac |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 48c71e1238bf961c127f0c85a083d4a1 |
| SHA1 | efd3cb114bb9fcc1e5be59050514703af8363674 |
| SHA256 | 13c7c276eef886cb3c6e623c48f01dcb61de7dbaea956865a9ccb882748bbcf6 |
| SHA512 | d07012877217f98729fdc6a6175624b23110b2071483cf159b5c9247fa1e2e865f56a4a31b031b556fad824f713a97282c7cd05d4a0978c1776da28f98d3f2c7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003
| MD5 | f48baec69cc4dc0852d118259eff2d56 |
| SHA1 | e64c6e4423421da5b35700154810cb67160bc32b |
| SHA256 | 463d99ca5448f815a05b2d946ddae9eed3e21c335c0f4cfe7a16944e3512f76c |
| SHA512 | 06fdccb5d9536ab7c68355dbf49ac02ebccad5a4ea01cb62200fd67728a6d05c276403e588a5bdceacf5e671913fc65b63e8b92456ca5493dae5b5a70e4a8b37 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 398fec3bfc28204693ee7c8a52fdf9ad |
| SHA1 | dc5920c0cc28e4f29d59c7dfb4ed2db870d594ce |
| SHA256 | 85c8368f084882e44cae10b53c02aa914e646ab2eaa3c30e8b20ccf5208e75d8 |
| SHA512 | 2ea6c1f7015b472af693d018e74621bf71f660c0ec7454b5844e5fec2ebd280aa6414c156a0cac113b67937ccd48e353518d917a5db4590869a466b8e2f5e733 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | add72d281345088e52a1133553c7965e |
| SHA1 | f21fa32dc811ef2e0c49a6a5f4c7ceb01280c734 |
| SHA256 | 3a79f91afbfb24b6a12af92a167fc68a4d8d7ce96e4aa4546faaa6a7ff187f60 |
| SHA512 | 0c54a1387c3b373fa969adde0abbae0f84c77b4e44d533d6225243d76eca81edec1491d1353948613665e155386b8bcae4bf5a18b5d894c84c9f25ebb34830b8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | b9325fd0c09ebb9734b69821b4ae02a6 |
| SHA1 | 4a7d8fcf369bc6ef8f1b4d49a91d02e8da0ccaf1 |
| SHA256 | 570a85e44995134669cd16621d2e53337898738c195401329d0c0b17e6393b41 |
| SHA512 | 3140fb1ad71f06450a0a6bacfd8ffb965ab041d66f6b10ee3f11bec40a15a7330bad5637a604bc7cc0d01ecd055fb309c743beb01e2e12a465c1f073243bdc30 |