Analysis Overview
SHA256
b99a9796eec6acd9746ee73fcfdd65798b9171748c9c4f1b946708928fed468c
Threat Level: No (potentially) malicious behavior was detected
The file 90fde6eb5e0f22bcfc5164077aafaf4d_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Modifies Internet Explorer settings
Suspicious use of WriteProcessMemory
Enumerates system info in registry
Suspicious use of SendNotifyMessage
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-03 07:44
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-03 07:44
Reported
2024-06-03 07:47
Platform
win7-20240221-en
Max time kernel
120s
Max time network
128s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000007d11e5947877fc479bb1f6c2eefa5b9d000000000200000000001066000000010000200000004cd5dce80069a38a08bea916bfbef90b05f5536b6c39f3c3f9982f856ead92fd000000000e80000000020000200000007ba97717e448c30518dcac410d8e20b620552a4a09ac88436a5c9c4bd6a1fcd220000000fff738d7b492351a28bed61f4fc422d9b2115ed47d8fd24357d9ba5a3c8ea15540000000d0fc4a3c87c85bf458c0c52083f94eb78bad104641975797ee18c59ae53508254bc9d6c91858ef924b6e6290ee905f575854ae7003b160c308738648cb27ec2b | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = e011d9048ab5da01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423562569" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{2EE5A021-217D-11EF-9891-EEF45767FDFF} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000007d11e5947877fc479bb1f6c2eefa5b9d000000000200000000001066000000010000200000005fba37ba0e771643998301129424867d9e391fcb6ec2fcee632098da5edc8bae000000000e8000000002000020000000fcd58407a60b4fd1b45c0cd23a20c1102bf70f56aaf7698ccf31948f7285736b90000000e5351959c853527c592dd86ca903618e67bbfef03dbc177113e510f1f383bd9a116c1b24dd275b73a1a3a465405666dffe91b342b7988ba699234d299da8173d102378e7ad23bd2fed5739dad52bcacca7f093dc38237134933558de56c95ee5fc821763494b1907ac73629712bc2acfc32b5668ff15c244346d5c21267c481dae027fbc4c728b35f91714835e98516b400000006b43ff201ffdbea576bfeb0f30d8ac1fda5a7fe9039be9407582acedbd49460e769a4d7abef0b747d7829d75dedd6a22b619557fe29c6c547103b0397f6d4273 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 880 wrote to memory of 2884 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 880 wrote to memory of 2884 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 880 wrote to memory of 2884 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 880 wrote to memory of 2884 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\90fde6eb5e0f22bcfc5164077aafaf4d_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:880 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | consent.cmp.oath.com | udp |
| US | 8.8.8.8:53 | s.yimg.com | udp |
| US | 152.195.53.200:443 | consent.cmp.oath.com | tcp |
| GB | 87.248.114.12:443 | s.yimg.com | tcp |
| US | 152.195.53.200:443 | consent.cmp.oath.com | tcp |
| GB | 87.248.114.12:443 | s.yimg.com | tcp |
| GB | 87.248.114.12:443 | s.yimg.com | tcp |
| GB | 87.248.114.12:443 | s.yimg.com | tcp |
| GB | 87.248.114.12:443 | s.yimg.com | tcp |
| GB | 87.248.114.12:443 | s.yimg.com | tcp |
| GB | 87.248.114.12:443 | s.yimg.com | tcp |
| GB | 87.248.114.12:443 | s.yimg.com | tcp |
| US | 152.195.53.200:443 | consent.cmp.oath.com | tcp |
| US | 152.195.53.200:443 | consent.cmp.oath.com | tcp |
| GB | 87.248.114.12:443 | s.yimg.com | tcp |
| US | 8.8.8.8:53 | mbp.yimg.com | udp |
| GB | 87.248.114.12:443 | mbp.yimg.com | tcp |
| GB | 87.248.114.12:443 | mbp.yimg.com | tcp |
| GB | 87.248.114.12:443 | mbp.yimg.com | tcp |
| GB | 87.248.114.12:443 | mbp.yimg.com | tcp |
| GB | 87.248.114.12:443 | mbp.yimg.com | tcp |
| GB | 87.248.114.12:443 | mbp.yimg.com | tcp |
| GB | 87.248.114.12:443 | mbp.yimg.com | tcp |
| GB | 87.248.114.12:443 | mbp.yimg.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\Cab273F.tmp
| MD5 | ac05d27423a85adc1622c714f2cb6184 |
| SHA1 | b0fe2b1abddb97837ea0195be70ab2ff14d43198 |
| SHA256 | c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d |
| SHA512 | 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d |
C:\Users\Admin\AppData\Local\Temp\Tar2746.tmp
| MD5 | 9c0c641c06238516f27941aa1166d427 |
| SHA1 | 64cd549fb8cf014fcd9312aa7a5b023847b6c977 |
| SHA256 | 4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f |
| SHA512 | 936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06 |
C:\Users\Admin\AppData\Local\Temp\Tar285D.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 821940462304458ebb80b589992f307a |
| SHA1 | a1058a878571d3febe63c1fb7d7f653d07f0180d |
| SHA256 | e4204d226c84d4fb2028660791b93c424c316113506075baf22fac7ab92c52af |
| SHA512 | 33c02992ed5588eb98507080748e01ba39adb8cf7a2620e695ab0ba2dfb74ac380574971188eb93916ba340a6685886eee97448f9984bdfdf72aa8b2ead8c180 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0266d4d60790a637e2e0555cd5129d4d |
| SHA1 | 8003559e3d9454a40ef95b60281c49efd989c9f4 |
| SHA256 | e0f77571037d8df3c41f86d5c83bde8094feb9063c707972c8d18497cdce7cc3 |
| SHA512 | 7bda47d88d028848a4e5594241fdeb0a5ca03c75df0d74f2161464bbf8bb758866afee35c5c3454f399e87a0a2b23f9fd94e5b0c4d71e8749354b22c9bb1d06b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8745d09406bf44060b55f341736308c6 |
| SHA1 | 4eaa905375b5dba7682e12f16ec27bb1f2cd2386 |
| SHA256 | 37401d2ac2994d931c74123084348acff8a4cdb6c3a0b0b2cbefb811ee01df47 |
| SHA512 | d32de8c42eb62ddc26f76d9fa463b6cab109e32dbd4a86c3035a0d0ea4a52810ba9c9c1e67ae2eb43b4f5d6300cbc02eb06a3ba7bebf73589305ca0e4668cb55 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 89d8a90316435ea19f5db6693451e305 |
| SHA1 | e191e332eb30954cf14a10f85c1dd26a0087b955 |
| SHA256 | 8fc8d5710dfe4a5e30f9e415ae2e072804d255e42b682bd7d6c0f27765f2208a |
| SHA512 | 902dd89248f658f2746350d0347e9fc6e94ee21a1d981ddab7df133c9a0cb22c742778f060519ee69786311582b37c288b1e9295a754b80be4c3eea24c4fcf56 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\EDC238BFF48A31D55A97E1E93892934B_C20E0DA2D0F89FE526E1490F4A2EE5AB
| MD5 | 4fa04c6dc4fdb6361aa8e879f32f4029 |
| SHA1 | 1fd307c1cf0337abc34addbfbd725d23eeb58697 |
| SHA256 | cc380da712b6b92db2b0c4dc52a06dd4d7833744aa6365d879f921a1d5adb7a4 |
| SHA512 | 408e1cf0d69604534712f5a7954b460e94bfb61d87092e8bd8275f056c7a566d7296d49f7cc9b04780434c6745a8ac7d6542f83aa10cab33f080cfc45dd5c55a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c27b0474bda5379c5ba1b04211e1825f |
| SHA1 | f5fca7be43bea2df94fb38fde269cd3730518798 |
| SHA256 | 07dbed2423bbfb2d59f535e18e4f607ff54e3a306ad9b62f02350abe76ec986e |
| SHA512 | e0581cb1c7d3efef107446c8a57d63b584c91286fbc24b6e8df336cd02fbf360e75cbc4121711683ec1c70f834903c974752c8728d8f1e1aab32ce1176069970 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\EDC238BFF48A31D55A97E1E93892934B_C20E0DA2D0F89FE526E1490F4A2EE5AB
| MD5 | a76c6e423960f9ebbf9e5998ea109f72 |
| SHA1 | 3c633f30dbe84b7e36d2e07c43e938a8a50b2f99 |
| SHA256 | 0a01bc32173243b519378af1b76fc878c9c6438d39289b8ff658b4c058ba1a03 |
| SHA512 | 0f08450ccaad7e8211c2ad1c4808f3eb75700f43a6bda8a28fce6edbb501e7008586d121bf7bc796f51bfe876da41d4e457410dcd6e15b9c1036e1d87244b6f2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | bf8a26ec6edf87db935857a0eacf4152 |
| SHA1 | c5bef5aa5cff28438db372db2c9392101d9f5577 |
| SHA256 | 340bb165a2a4c67cdab18deeef03bdd701f7a892db12b8fd43852e86d5fe161b |
| SHA512 | 0cb99d518e345e59936df0fdb73bff81587f1b1dfbf11f416e78a485e347fe1d47c49865f27fec221334c999f30b19482d97031ed7c57b732e1861d96b2d9be4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 893be1ac03eba77c76de5a51f999afaf |
| SHA1 | 0895477df1ccc3c5db0ec21ac8a51c9ce732d9d4 |
| SHA256 | 1c2a20b859ab41fe1acef7ac6eb07543a8a65cbb34a57d07a6142f5504c3c895 |
| SHA512 | 6c1d524a30b69c22a252409872e6a6459b05e4053ed2fbcf6b983fd2cefcd1d151f12c51562dd5d40dace7bf9bfc5088e7e12b12eb2f634d9694e24b00b15e99 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 68b3e786aa504101c63ea4a79aa3882b |
| SHA1 | bd8f3b5207f3df2e1a475a87a0635a22c530d7aa |
| SHA256 | 98613a9c6d573825d459fa03eac3b87736e0a264f4cfa521a7284af918efb3ca |
| SHA512 | d6e2de5e1c05ea33831b5d1bd3df1dfd500b15be73e58ce0794b9e19509cf83933841b4eb1c878c3fdfdd7f1b6435dcc228e56406f4c6558295d94073fc2dc3a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3518c705c270e80a9c0b65891fa495d4 |
| SHA1 | 765324a26f36ebe587fdc33aa079f64f5aeb29e4 |
| SHA256 | 8807f026891418deea1daacaa9be311122ddc9212c984fa45440dd391871b23e |
| SHA512 | 9b1eaf2b76df4bf01bf59374e609eed3cc8679307a2e3d9d72aa68b89e2eb45e5173cc61f7d4c5dec358ebb42f68eb1ca49ba5583e8d3587a28de6812806a506 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 14042194ec7f34c98f617e2aeebdb5ed |
| SHA1 | c79f53cb8354af1a398a5c206c3f8d2468db6b28 |
| SHA256 | 5b8e5cb556033ec97f48cf28ecc1a29857fb8a3503ce149e156a4af92a09f9fa |
| SHA512 | 663c57bfef9844d6d33e965c722116397d2a542d8c9fd7294930d92f5a7d02191f2bd408e1bc75c1c5022d52a9fdfac9fe8e970b62ecca4ad52b96f11ea569b1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | acfa1d982dd814a40be1c135e39f5411 |
| SHA1 | a477df2b3fe61c16d8c08ec2de2308a22ce2be00 |
| SHA256 | d7fc4e629c594774bdffb80b220adc203bdf21a17e299f37752801d354e78494 |
| SHA512 | 35d2a70396b80fc28434f24ffee8e57dce2716b7dc1dba06a269629df29632af705280162444bf39460782cd974641181dfbcf05b01e9833e8a83d532c642289 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9c310eff5969ff3cce1a49aa4240c735 |
| SHA1 | d3c27d5ed4def8cbb97108d5876fca2909f52fcc |
| SHA256 | c86ada70ce7bf0da51530353df6675487a15e097e707df17e8d081d7cad17ac2 |
| SHA512 | ebf02526286f0c869962f8be6f571dde103641855f1b02d68d09a94649c32732b5fec7d2aeb9ccd9a6a99f2c530786c5010a874f9c08895b15201150592e7aae |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 83e6234bbfbbd981da6b1e5060b3f0f3 |
| SHA1 | c4c09a24fc36394a56841c83693d6e54660994a2 |
| SHA256 | 6f8f3e17b68b877357452e053d04fa3054468d8b1e2622eac09b40bfa725df3a |
| SHA512 | dd1de4aef8f8eed9fc0faef55fa5455900526adce6ac6e210124f3afec35569d7e2b2bef125d8b6914d4b6ea40c464745d61de1c814a6db677126900c95eee67 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6c3a3c0389c81a4158c363ea9a21087e |
| SHA1 | 13754012f16839624d4c8909a3c8aaa691062e2a |
| SHA256 | 067b7efa216b76c2344fb5837bc3dd8fb58ea90973271a407b26ebeb4ee501f8 |
| SHA512 | 746953eed453721da7ca87e431428b080908c34f2771c0e2082cf8f9bc857bc443cfe57499325d611abcb9d509272207e0fdb6a683dc66cd535ec20693dac34f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5ffd32d349a59790b75a22d4184fafd7 |
| SHA1 | 79348e3be2d492ba1f527ab87f1ad6964bb6d594 |
| SHA256 | f8974a84dac67803897a30bfb6bc86725494b71c4267f8578f02c31729c5e112 |
| SHA512 | 57320922e07f813960d70144be73f4e4f07bf490c597e1496d66813967a6c486f1f98adbff76864ed473c8800c90d68761cdd67c7a0553efbacfe3c66bf0e98f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | cf5e4573dca0a24bb655353dc98947a4 |
| SHA1 | b0cc8add1c0c76af0f975d0d437faff4675157d6 |
| SHA256 | 681f7eb06ac03e0b5607711c36442e86ad523bd5afca3a1405634e6e461c6da7 |
| SHA512 | 00791aab92238f2d995f7bc68f571a2ec618e42be618522b46f166414897f9f50e1daaf820e95bb4edffe0b2528cb62bd0943e03ac0a875a3ca66f9df4c97cbd |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 53927657d08f1c00c1f67f02ed81f6c6 |
| SHA1 | d72ca5317a359b02e453fa54f5185bd842813f25 |
| SHA256 | 77464c2d7862a70c6c67ccca6381e32a8e762550524e1b2d1674ada565df0784 |
| SHA512 | 55b7a2dc37d6a4530b612064cb12023a0609fd8961d1db9497ba5a3764ae7d39f1954bd47073ba0a78c60e53cb2c62151700a7d2aa52c7201ae5b85f32ece28a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7afb40341cdfda456779d4cdd751440e |
| SHA1 | 2e52e310430010fa3e0d190f83228ff9ee0a7595 |
| SHA256 | 4e7222469b1455af63c00709ab6fce2e083da005c89b264ada43aeb5547864c1 |
| SHA512 | 5cf4d3c8f632c47a45de390ed0feff4e2ec1781b95d657e65bb939b979fcc778236c5a0f0ee9b087046d162b0c389501c5ba02e52be6b4edd1e698f3f827a9d3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 58df727f40f9b7f7163b22035f1eb9b7 |
| SHA1 | d75a25f0a102f12a0204f0121ab71db4977f2ff1 |
| SHA256 | cb283f1bf89b1ca7ca0761866c699f9ce4cc04059713a0aed796f91cc57ee8ac |
| SHA512 | d4b0a781f4ffcc0f3928c9d2214fc1fa8a40584c5d826aaa260c83ab03b48c7f2a5aa7801f21c348d5b085440cd5aec00164201260b7b22f6fd073fb866d0c2a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 344049b2a4f1d57ed9f2dd893b3cf96f |
| SHA1 | 2088a27e3e5d3995161cfce281b4d35fa7ac09f6 |
| SHA256 | 349881aacee1fef23d0c09d9c8a99102c6028a8fb4e9a392cb38ba927dba1e72 |
| SHA512 | 98ce1a83cd8a5b436a3acc7cd1c2b57023fd3267e0734540e7ea1a078d4693d8a566efbd174281d32cb322cb11802bff35c436acb29e18473341208e164232d9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e50adaea29a0322d3dc9097c6a1e1e34 |
| SHA1 | e10e331dc858abff2cd7e430f58fd87551fc7001 |
| SHA256 | 77dae510baf39b9471b90d8d602a28f6f8e48d358d1b8503ec13914ace8ca345 |
| SHA512 | 33cba1af488c47e01821ad90e51a8a8bb521e94ef401706acb925f1c6237e73f96ec744e1c605702271ac1fe951262c6d9a2e557168c59c01a65b69192c277e0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 92293edd98160c03089d3dec660fc2aa |
| SHA1 | 6f02426b0bcfa92cdd088108a793c0ca08817fbc |
| SHA256 | 9a241ffef7b7205beefabaf3ae1bbfab71512a317b65b19c78c4e386072404a5 |
| SHA512 | b300e7f4ae37e4e1161b575f9c5aad26188586745393e49126de98469d5926f1c6bd375bfdcb0cb6d4fecbe8d6a78e525491edfa36fbe395549752846bdd0dac |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 751efa1c3d792cc91b170ce67b1c42ca |
| SHA1 | 59d2bf37650d9c3c5244685aff139cec9b240db9 |
| SHA256 | 6aa662df3afa2aee7f2384fb857e115899ea9805a30e93b1664417432e374c9d |
| SHA512 | 5b75051ec5df09940477dc7f1c19b910dbd2305e8324ae78abd298e8b9a0759ab9db0bb8334c7d2974e2c5ac0f0943b0b3ce80ae93a068ae827692a74eed050d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e175ce74d389ca1be5f5f9dfe86a2b3a |
| SHA1 | 38bc81bb45348042bcf111d57ab793ce00ff162c |
| SHA256 | 35f308270a225f52424c7706292c36d2eaa34ba43f1ed5efb16bf2d1a8c9bd77 |
| SHA512 | 2c031b7f6ae4b7f10cd67fa707a197f6e62694514cf27707a187b4e5dc5e1c60766107e0f7283b1bcdbab71161dde8410e6b107176836b06b3f0f973a7ddbbdb |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d4abdb576699210a8a67a90ff5c3bd2b |
| SHA1 | d265e8f8584e57b4124c3b421b8e8820dae23676 |
| SHA256 | 24e47edd4cab60f8c76b1872fe3e25c85eb9aff8dea519d5828ec843f5e2bdfb |
| SHA512 | 9a1c0bbb6c690152660c3edb841a326694ef2acd72cf8025f491d5be91ae28dd7b1384b8709ef01adfd3bb720fa399d40a1fd2b3a47f2a855ba67f9bbab5bc00 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ee1d9d366df54de831df8609f7c7018d |
| SHA1 | 90af0d010c039035647c5dd72620e338b043d6b2 |
| SHA256 | 1bc03c342b027e7563484982111243181a03a561cf249d1e92f168c6ef337383 |
| SHA512 | f415e166c6a90e62d66e9f44b8f5c466aee24d7fa3f0dc2f38b3e79eab646a8cb9180ef92341cad28c3681cd2f00f25e622a43fa5ead3ec854be5122da6851ff |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 41cf853dc85ca446e982d4f1cacf907f |
| SHA1 | 977666b36ec8ede22b95b4016c484859e56a0060 |
| SHA256 | 520102203269f8cc24ab50bb4081cc0591d47988adc00df0a07da0b161881e17 |
| SHA512 | cb31e87820de020b394ac03a900f49caf0e4c2fbec06fea8fbd1e55142bc6fb6346aaf8c438d12318325362079a6c4766068f52cdf8d5459cb0087b25c3dd20f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | a266bb7dcc38a562631361bbf61dd11b |
| SHA1 | 3b1efd3a66ea28b16697394703a72ca340a05bd5 |
| SHA256 | df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e |
| SHA512 | 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | 9dc9e4342f0aad44c768e11fab816536 |
| SHA1 | 4ecb038e0d9b3b8ad83c1e1fccce623d601dcbf9 |
| SHA256 | 7822b1078fe7577a398db057bf60a1fda4470e869b54e3a5f9ed26ce4938e3fa |
| SHA512 | 49953c05bb797f7389c553ef07766086b1555b3fa8ff35b5ffa307c91d04563afe5db0b2a66a9f3cc56ef0efdc5c8b39615aa3060ab6c17899bdbae143f6013d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | eab16ebf8daa52bfbdbcba8b87dda61c |
| SHA1 | 2945f86861b443dcb744408cb329ee3eeebbe8a4 |
| SHA256 | 2a56823ac2a4eba347bad1ade6a7f3898d6c2376f5ddea3ba2f28b77c79762f5 |
| SHA512 | a3c1c39c8def39d010e87a1603ad139661ce1d6fc72d48b5fe8e1bec5f4ee1607285e557dfcbb87329282f4a0096c854e91aff0e797ca5684f0d11d79f8a5a62 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 42bcd3b3b5c6e9897a120a4a2ef04ef2 |
| SHA1 | 7b7adf02d6b294b016d3247204f82832401ae4ae |
| SHA256 | 4fd0099780773038f57443fe456ec776ce694fb7b78e87f4b23e7edb41888d8c |
| SHA512 | eb3691c73f8a1ff2435beb6de67c3603caa2058123a0fe737b1c3d218b598a2d09003010dff53a46aa94a0486f499502cdc11e406c344b748b5434a6e367dc04 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ad87ebc129fe16e91c671e874716fff9 |
| SHA1 | de1da8577d32522286d80b559cf3a8427abbf372 |
| SHA256 | 044ff9fb8fb8d0eec2c237eb896155a6c0ecc84f428aadef7191b8123e2eee1e |
| SHA512 | 80f94f56ae449677ac92aadada4496f1bf2683515724ecd4d372a248698653733291e6c853eb5d4f4c7ea8b99fd3f97fa8d749f55e6c160f012fec2ef870e7fe |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4e7bf3b714afa7ebd85e2a9fea61d49b |
| SHA1 | fbe52e0e7b0093f9fe3702be0c63827d5d1cd1f7 |
| SHA256 | 8f3ab85b1ed03969a710c91dbc8a9cd89cbdd2b8e65ccdb4f4dae24783d1e296 |
| SHA512 | 0b6d54c1891c29b25740b1656dfb4c53eec5a4db296234706d8bbbeaf904c952a3b08aa16097f412b8ec3525f9e690e8e0818c69dbd425dbad96efb695e62673 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | e4a68ac854ac5242460afd72481b2a44 |
| SHA1 | df3c24f9bfd666761b268073fe06d1cc8d4f82a4 |
| SHA256 | cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f |
| SHA512 | 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 24526be9b2dab1bc8a386689d4f7fd44 |
| SHA1 | 8edff7b81bd5d4e7d3c943806f62a7f354a66307 |
| SHA256 | b3b0b6c28e5966d6ad8b8aa914989237a4f3b5577f9ed7012776ed9861373937 |
| SHA512 | f0062f095365c99b642499128a6d8108993b02053175c3274a30eb3df5a3935f20bae4bd087f9e6e04fe2a73fb0cbea93309f6698a4d039f75282fe86f901e8e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1dd2b63863d6c199ba874b175f048574 |
| SHA1 | 679521b3eef17e0fd9cbb96da1a2e4e3b0d4c4ef |
| SHA256 | 1415ff72b316e31e0b46a04d5241e84b74afdf3f41c78685d0f500fa5a316b29 |
| SHA512 | 17578506cecdbd785507260da6cee43ba0f8cdd57405d04f0d388c9d99010d2cd743e36dc4b30ba07a4177d0e0e45fb62a4f84bfdcd4166fba8bed81b4649d52 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f04252906e8952ba83ddd9265cbaad1a |
| SHA1 | 2d9349f5eb8f33ab9e639b450d2281c3558c12ac |
| SHA256 | 93a53d470e04057a6da28d85e712a9f6fa6abf71ef805f1a36556808499e4abe |
| SHA512 | 7b1f0771e44c2805afc9813eca11b28009404248da8a7c360b82bac9c76f56ac1a0277be0c3b1a373ec74d1cdb8bb4b0c68ecaf9cff880ab15c1edafa55ed605 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | 4f4d86ac78067c26a53a34b89d4ecf1b |
| SHA1 | f69d5c61c52968d1304b1977a4d5513d6d705562 |
| SHA256 | 5f926ebb704f0235628eab466386f8190e4855756895965add79319aa7460458 |
| SHA512 | 331c4ead756a0f637fa7488f62845bee2b3af49f11781924fae8660246fe175ab8450cefc94c95a95969df857042c309baf2afc91f20ca8e02c2c77ba93e3fc7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ab3556531d067dc98b78dcc85d963448 |
| SHA1 | a2a30522636a52a0e5457d462ad4070cfd39ea3d |
| SHA256 | b8cf4b781f15a79316f2cd6bafd3f8392bc12de9cc36d96bce6ba2937281ccbe |
| SHA512 | 57bce6e49866c24ac25f026049d186c66dbbe8e07f7a295ea2a45cef5b5d4578391abd857b3e73d7f82001a4cc6f6e2203d2516326099a62508b6e9bd664bc12 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-03 07:44
Reported
2024-06-03 07:47
Platform
win10v2004-20240508-en
Max time kernel
148s
Max time network
150s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\90fde6eb5e0f22bcfc5164077aafaf4d_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffba6a246f8,0x7ffba6a24708,0x7ffba6a24718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2008,16503415813919691176,3286611003402315406,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2100 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2008,16503415813919691176,3286611003402315406,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2172 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2008,16503415813919691176,3286611003402315406,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2888 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,16503415813919691176,3286611003402315406,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3232 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,16503415813919691176,3286611003402315406,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2008,16503415813919691176,3286611003402315406,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4588 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2008,16503415813919691176,3286611003402315406,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4588 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,16503415813919691176,3286611003402315406,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5180 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,16503415813919691176,3286611003402315406,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5196 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,16503415813919691176,3286611003402315406,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,16503415813919691176,3286611003402315406,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3332 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2008,16503415813919691176,3286611003402315406,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3084 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | csc.beap.bc.yahoo.com | udp |
| US | 8.8.8.8:53 | comet.yahoo.com | udp |
| US | 8.8.8.8:53 | geo.query.yahoo.com | udp |
| US | 8.8.8.8:53 | s.yimg.com | udp |
| US | 8.8.8.8:53 | geo.yahoo.com | udp |
| GB | 87.248.114.12:443 | s.yimg.com | tcp |
| GB | 87.248.114.12:443 | s.yimg.com | tcp |
| GB | 87.248.114.12:443 | s.yimg.com | tcp |
| GB | 87.248.114.12:443 | s.yimg.com | tcp |
| GB | 87.248.114.12:443 | s.yimg.com | tcp |
| GB | 87.248.114.12:443 | s.yimg.com | tcp |
| US | 8.8.8.8:53 | consent.cmp.oath.com | udp |
| US | 8.8.8.8:53 | search.yahoo.com | udp |
| US | 8.8.8.8:53 | shim.btrll.com | udp |
| US | 8.8.8.8:53 | video-api.yql.yahoo.com | udp |
| US | 8.8.8.8:53 | y.analytics.yahoo.com | udp |
| US | 8.8.8.8:53 | yrtas.btrll.com | udp |
| US | 152.195.53.200:443 | consent.cmp.oath.com | tcp |
| US | 8.8.8.8:53 | 183.142.211.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 74.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 12.114.248.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 152.107.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 200.53.195.152.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | answers.yahoo.com | udp |
| US | 8.8.8.8:53 | finance.yahoo.com | udp |
| US | 8.8.8.8:53 | groups.yahoo.com | udp |
| US | 8.8.8.8:53 | login.yahoo.com | udp |
| US | 8.8.8.8:53 | mail.yahoo.com | udp |
| US | 8.8.8.8:53 | mobile.yahoo.com | udp |
| US | 8.8.8.8:53 | shopping.yahoo.com | udp |
| US | 8.8.8.8:53 | sports.yahoo.com | udp |
| US | 8.8.8.8:53 | view.yahoo.com | udp |
| US | 8.8.8.8:53 | www.tumblr.com | udp |
| US | 8.8.8.8:53 | www.yahoo.com | udp |
| US | 8.8.8.8:53 | beap.gemini.yahoo.com | udp |
| US | 8.8.8.8:53 | baseball.fantasysports.yahoo.com | udp |
| US | 8.8.8.8:53 | au.be.yahoo.com | udp |
| US | 8.8.8.8:53 | help.yahoo.com | udp |
| US | 8.8.8.8:53 | info.yahoo.com | udp |
| US | 8.8.8.8:53 | overview.mail.yahoo.com | udp |
| US | 8.8.8.8:53 | weather.yahoo.com | udp |
| US | 8.8.8.8:53 | mbp.yimg.com | udp |
| GB | 87.248.114.11:443 | mbp.yimg.com | tcp |
| GB | 87.248.114.11:443 | mbp.yimg.com | tcp |
| GB | 87.248.114.11:443 | mbp.yimg.com | tcp |
| GB | 87.248.114.11:443 | mbp.yimg.com | tcp |
| US | 8.8.8.8:53 | 11.114.248.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.150.49.20.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 58.55.71.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 86.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 31.243.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 91.65.42.20.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 612a6c4247ef652299b376221c984213 |
| SHA1 | d306f3b16bde39708aa862aee372345feb559750 |
| SHA256 | 9d8e24c91cff338e56b518a533cb2e49a2803356bbf6e04892fb168a7ce2844a |
| SHA512 | 34a14d63abb1e3fe0f9927a94393043d458fe0624843e108d290266f554018e6379cba924cb5388735abdd6c5f1e2e318478a673f3f9b762815a758866d10973 |
\??\pipe\LOCAL\crashpad_3440_TAKIHWRTCJUAQTRV
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 56641592f6e69f5f5fb06f2319384490 |
| SHA1 | 6a86be42e2c6d26b7830ad9f4e2627995fd91069 |
| SHA256 | 02d4984e590e947265474d592e64edde840fdca7eb881eebde3e220a1d883455 |
| SHA512 | c75e689b2bbbe07ebf72baf75c56f19c39f45d5593cf47535eb722f95002b3ee418027047c0ee8d63800f499038db5e2c24aff9705d830c7b6eaa290d9adc868 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 7bb57b67434dcdb2130d4850f113bb0e |
| SHA1 | db3bf290c98f04d1c9ade4633689d49565f5a712 |
| SHA256 | d29d36f517614278f0786333971b0529726bad8941388b7e128e4c88335375c9 |
| SHA512 | f73283a7acb5a65f7fff79063b97e1d14b17766eef6845108a05e6a6817e19ddf39b562f58a4d77acfd4b50bed1f6ca88bfa0e3f7a23b4d4ab63153669a201fc |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 206702161f94c5cd39fadd03f4014d98 |
| SHA1 | bd8bfc144fb5326d21bd1531523d9fb50e1b600a |
| SHA256 | 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167 |
| SHA512 | 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | ba82e1f768188bf2e6ab2fd6220b80da |
| SHA1 | 3afd7d1a77fa7c2f6a4d1f007b1a4236e75a503c |
| SHA256 | 2471a3c4069ce6527358a9a99f11e2a6e3704849d6daf9049fbaef4c56b0e2d1 |
| SHA512 | 10c10e3042fc149cc75ab3bb228e1281ff719fdad6deb47dc1eee1d23608b57f464a44be3594ba8cfadbdfc0227d836941c22b7a6255d07ab24f36eb36160847 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 8ed2d4f62b8294d61499bd26afc44016 |
| SHA1 | 4f64cfc7e313422eecd2862244e31e65c60cdf33 |
| SHA256 | 1235d5f7647918f6fb9e7f4ff42a3312508f5df5fbe4e845201162863c0c9e17 |
| SHA512 | b4578d24a1d323e094cba57f5611fa4d87c7a110c183d23a69f2de602ce2624d7c101399d50c7d6f0859290731e9dd3f36c3a7fca4bc58dd18567d81c70f1cad |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 1aac375b60827b9859d42965b9701704 |
| SHA1 | 9147ba7c2472942aadc3808fa6e108fd02db0161 |
| SHA256 | 4458d711bd3329b93eef1f32fd1d8dc86b204d0dc4d25e298c84a9d4029f4645 |
| SHA512 | f1252f9318554833230d72fea3a846693f025c5c75b4bca736f092c0106348c86f37c6bca3085fc8dcb4eaf74baeda59952e415f255820d70a8764030b2795d4 |