Analysis Overview
SHA256
4d95af34618cec7584fe1ecc13877b46fc0ad8d4318088079f3516fc134eddcf
Threat Level: No (potentially) malicious behavior was detected
The file 91dadc3c3e4b87d1487a985672e192f8_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of SendNotifyMessage
Modifies Internet Explorer settings
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Enumerates system info in registry
Suspicious behavior: EnumeratesProcesses
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-03 12:53
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-03 12:53
Reported
2024-06-03 12:55
Platform
win7-20240419-en
Max time kernel
119s
Max time network
128s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = d05f5619b5b5da01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{43875E31-21A8-11EF-A0CE-F6A29408B575} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000d7c7e73b934388418857a0db8be9c1d1000000000200000000001066000000010000200000002bc7e31a7356bab8afcf4cb17d4646519983e918d952baab4c58a3dbea463f1e000000000e800000000200002000000042a66bd092edb07805909c375fd7a79b1f9a08f2ab960635f90f967f6d0f06c79000000041c2b6e8ed13298951c8fb9645ff3a9aa6215f13666ebcbf838dd0142aece94c274f2c4b6f871b2d8e32b69786b7dec15aa29a113d828b6cb89764dd074db0ec9be7a6ca669cf4262425a20c090cae9cd23aa7e43626c25ded17f8e76316a086909819cf08b8db1564bf29d509823ab78afcd6cb5a22c1fc0a4b634dc00532550536eb9ed00104957f564fbf2b5093fc40000000b7452a7ab4ab84f011eaf1b60b4852335b74d4c638e80e826df37a474d84792f63ede697ac68aab7d7c98d80b054c426a7b4d17546fe49e182259246a814fb84 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000d7c7e73b934388418857a0db8be9c1d1000000000200000000001066000000010000200000000a0053e28b564137c9bc617de2900a12ffe8c147584aa3e1be88203944485f14000000000e800000000200002000000072f8e4243c61c4e072b0af033ec4daee5306c439a4b646256da57ff92e7e13e620000000fc2a1cd80f4c58e923e0cffba33a16c2aab2d7826285d0c95cc8618270d2416e400000009a425fd0a2de9b69459391ec45cdd2baf1066754866087056fd794b25e41bb56b2e545b2ff5bb7df52d9a525abe9d7d0fc3d07f391d056fc207765221f4979a6 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423581072" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2944 wrote to memory of 2588 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2944 wrote to memory of 2588 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2944 wrote to memory of 2588 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2944 wrote to memory of 2588 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\91dadc3c3e4b87d1487a985672e192f8_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2944 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | coinhive.com | udp |
| US | 8.8.8.8:53 | cdn.rawgit.com | udp |
| US | 172.67.165.117:443 | coinhive.com | tcp |
| GB | 143.244.38.136:443 | cdn.rawgit.com | tcp |
| US | 172.67.165.117:443 | coinhive.com | tcp |
| GB | 143.244.38.136:443 | cdn.rawgit.com | tcp |
| US | 8.8.8.8:53 | cdn.jsdelivr.net | udp |
| US | 151.101.1.229:443 | cdn.jsdelivr.net | tcp |
| US | 151.101.1.229:443 | cdn.jsdelivr.net | tcp |
| US | 8.8.8.8:53 | udp | |
| US | 151.101.1.229:443 | cdn.jsdelivr.net | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\Cab2224.tmp
| MD5 | 29f65ba8e88c063813cc50a4ea544e93 |
| SHA1 | 05a7040d5c127e68c25d81cc51271ffb8bef3568 |
| SHA256 | 1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184 |
| SHA512 | e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa |
C:\Users\Admin\AppData\Local\Temp\Tar2226.tmp
| MD5 | 435a9ac180383f9fa094131b173a2f7b |
| SHA1 | 76944ea657a9db94f9a4bef38f88c46ed4166983 |
| SHA256 | 67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34 |
| SHA512 | 1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d6cb9250478be3a96941311cfd77c117 |
| SHA1 | 4e961257744636b449d80687f5ab526608a2c029 |
| SHA256 | 975ace43be6fda51ef0ef5a5cfbb10a31bf18b9890cdffd96481ad6926fc1208 |
| SHA512 | 4f7c9b964012326bbc8bb24d065441edf5e7181a452b92d7a1244a3b05c9d7c81fd9067e97c41ecff0581858a53c30f5376e5d0adb2d34021ed4b77c9872ed6e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\Tar22B8.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1b682debdb9e8ac65d57885eed3ad92b |
| SHA1 | ede9c6067bb0c7a96e81b6b7c1d95dedc927ed29 |
| SHA256 | 984af8fa3ad57d9e30b60d8d2180b2a7c56b5918dec75824980c27b6a5001c83 |
| SHA512 | aab6b9ec66fe90d52397fb3341aba0f52967e11ccfe1597b2433c31ecc6a8fda8cdfe7e54b971ef6696998df84f593ee1e6333ec1b6f717497873c115287d689 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 10012d37e08f1e95d7cca85c48aeb38b |
| SHA1 | bb026927461d1cd96d9be0d377b1603b8f95ff7f |
| SHA256 | 624095472c2b083efb4817d7b36f42e56a40c1a9605f1635cfbe9ecfb85a8153 |
| SHA512 | 535581af43da53872c75ae9b1256488e0a2bfeffcbace6389663305fe4d37c37d5ba959d36894e66b0faf8a0aeb5c58093a537c1481a0e43dc4ae45ec6f022aa |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | bd69bb67e10fde3debf66a543a819027 |
| SHA1 | 8531ebbba98ea8d04450157bae4a07eda1b88291 |
| SHA256 | 188fe5b1068faf6ce80974a66309656c8796732376bcf6b6cdab3ce7cc266a9e |
| SHA512 | f2ba10e273bebf035afe92ac034ad40409501e90c9033bb61ac0e181670a7b94abff16197337307830954aa503b97e83a1a9c51bf46735da103a031d4d915b1d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f6cf695cee06c19ee3abd2ba457b960d |
| SHA1 | 29c86f40dbe8f6a19b1a58713ea3da71f1e2995d |
| SHA256 | 06f3216462f1a1032acda74e652fa55584b79bed56a6fd7510482e9ce900774b |
| SHA512 | 839d439164c616b674b6f7d226c2193bc414df5a97539adc500bf5e8488ece2b0eb20f914c70c99592274073250679c83c5c2cb58c2da6ba8eea79c5eda4a581 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7fa0c2b1bed702a74f499b051aa372ba |
| SHA1 | b2eb3fe5614168c472d7041d5e9dc9c2991c9c3a |
| SHA256 | 32310af00d80a4c0842ea87185852735ac5bd566e35e198d08d764fe9be42070 |
| SHA512 | 8b443aedda384789721ebf1ed948afb1d34520f898ff5e4ea705849816cc85b943f8b242d2e35d3994af07e31aa932b81ff1b141016251ed24b915a0617ed84a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e8cca5f038cb70e3c1268d180e2e351e |
| SHA1 | 15da30d0aef0260f893db847ca15ec88ad9ff36b |
| SHA256 | aa78e8ccd72c919e41cbfec6b8bec0cdaebb1658ad2bb79037b6835302e1b1f1 |
| SHA512 | 5bfa5a5e9bcf6cd4b0865e6dd7f4443aa3228d349a4242266eef58fd8011a45fea73807ff010ee364dbe2fcd5cdaec2aa7fa043d9a398a4cdaf770d7c0d89cd7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F59A01A8B782D93EA6991BC172CEFFB1
| MD5 | ec69bc3d38e9f19f6785703981c2deab |
| SHA1 | f3a01024b0c8bf8f92c059066c5eb09230ee22ab |
| SHA256 | fd32d1325f81eacfa7591489c66f62826694065fff9f1292a9290de676312640 |
| SHA512 | 58de75aabd936c4951a6551927f54ae6afc1a79a388c50cebf53dbdc270d99bedbe58d5d73f29cf990e827392a0c025a5059bf245e2405d75f4859d70a1f0445 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F59A01A8B782D93EA6991BC172CEFFB1
| MD5 | c5dfb849ca051355ee2dba1ac33eb028 |
| SHA1 | d69b561148f01c77c54578c10926df5b856976ad |
| SHA256 | cbb522d7b7f127ad6a0113865bdf1cd4102e7d0759af635a7cf4720dc963c53b |
| SHA512 | 88289cdd2c2dd1f5f4c13ab2cf9bc601fc634b5945309bedf9fc5b96bf21697b4cd6da2f383497825e02272816befbac4f44955282ffbbd4dd0ddc52281082da |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | fcf2e2df33d5ce62d5f9da7ec6dd8f9c |
| SHA1 | 2e778eb14cab400c624687518b645763263a3209 |
| SHA256 | 1202b906b9a9533c6a1a4b3ff15086817f485ec5df495ecb47f33b0872f457e8 |
| SHA512 | 90d936c62ca4685018a77628196c7d5d06e427d6773c2a3327de09af02ab543644f439cb5c92fe908c02d9b2369cc13dc01aa575344fdf0f25b71e9e806ebe31 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6c880e8a1703b04bec9e6a90a9ac42c6 |
| SHA1 | 977d4b6732ae48cedbb0f22b6a96560c3c6f6f8f |
| SHA256 | f721b632140600895731b0dde46c0268532089cca23a4c2c8260e81659a9e058 |
| SHA512 | 01ba8b9086ad4632f9e277ea88d290670d32771d006807bec26e1248347fe63d0e5d61cc907636751908ac527184f4b5511b62329b9b78155848a599370027ba |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 67edb622d3f8b4ca37a9bb42642fcf25 |
| SHA1 | 21175840b227ec94e98766261ad00b4a8266ba49 |
| SHA256 | 438536b8e47e8593b714bb0a5b655cad1d8a5d1cf6c17014acb164abae9f3625 |
| SHA512 | c348d288b1adf90bf0f11cfcbc8c738b659320c975235cb291ac3f572875d8f1de2e34012092ca93e5c277afb56f619bea1b098486e1f7cec2354a933f0a7855 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3b2cf002653f67d3598c27e8068f87cd |
| SHA1 | 1d02516fde41c8b814eaafeeba7922698081f2fe |
| SHA256 | 1d473d37973685570e123c747e4e8963bfae37cd09371bfc20dbd4c373052fb0 |
| SHA512 | ad4dc886b62e002a5af059a2631eed9876c1d1113a4ba60a27d3775d9dde4cf93a1751ab9ff5a0bbb6d0812c50eebedb2a726f0a6d59abf50d2f1d4cd2e26e80 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | bbb38a06b44917d37720f06315a6f63f |
| SHA1 | 3480df56d5cf0300833d8ba6fe0176c087246a79 |
| SHA256 | a8e1d5c000d73a8bf13c09089517999308f4a5e4394836bd7d427004e5f0da69 |
| SHA512 | 561a0e9445ab686aa0588c02ffbeac5ccae7c9166ecd73ff2305e1234d7b0cd9ab69cb044780a74bd756cc88465287586c8c984ad817f4a62cf24aa5920f832d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ef54e257bead4a3f4398d661d7ad8b89 |
| SHA1 | 448060f870b04465f300fe6ba87941039ad1d419 |
| SHA256 | c4379873def45e9ac103437484cc9f4a8c07d220952697f28863ce5809698471 |
| SHA512 | 80884129dd3f47058fff92c0a2fb1d28af628a4ad2e90a6cec41873975d90fa8b4a61904283e3489832c516ac32bf2fcfc38a3d0d852a421a4760b787f22aca0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c47a06b003e37f9130deb2178136a548 |
| SHA1 | 25197ef4e639f5563a59b6587fb57b13384cac27 |
| SHA256 | aa7462127001bc1a34deaa0f7600d4f2ff7d6912bf2211c983fcf40b9868a205 |
| SHA512 | 0a58f1e42ba6fba828029188e0085b109363df0a912e3e85040f88f0a414db1c5b9e0797e23f124a8529cd6e37b2e178cf6cdffa6d37b1abbe2fb1db4eb4b300 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9ea0075e1938bcfcc993e393a2613669 |
| SHA1 | 04432ca02972f3e99b9bc1f246266bb8d850f9c7 |
| SHA256 | 72f8311b938c978760d1bfc37e4adaaeae7d58cbe9938d9cd5c92d42727d4503 |
| SHA512 | 7cb3f4cfe93827f346527638b145f6e22750957fa07a6fd697c847658e7e29e8c5e7384a544f3863cd7716b2018a16f1027164eb2f30a2342a8144f398c13e21 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6999dd5a70d9bc49ed88190173a4c65f |
| SHA1 | 871c156539cd9d3c677625aaf4ed77c3f5fc9868 |
| SHA256 | bace73d3a09e58f34034860b920cee4ec29ea2ef00b8c9bbc8777c65cd0ef5cc |
| SHA512 | cf2c7d71c8aaee5e629a1285d23619591078846788e2a62154ad60f9cc92027809ab27d3312dbb4a28e196af1b403786decbdcea4dae1dcced42cbad6c66cd50 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 74751842263c5b24a032b903960c8361 |
| SHA1 | 26e139cbcfbbf959122e4ae448485a91321453dc |
| SHA256 | 25cd0dde542b7a4026301aba431a15357ee12864827f60fc7b754f2ac588b9ad |
| SHA512 | bf3a7995a3ad43ed0422d3f327796ddadb74997f37cba731ed72e6d057f27acc95cc3528c4e09c2dc37ee634977b7d2fe3c569ad990faba74a6ce0db30c1f99b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e2096228c8ee8bf73c51a49221cd779d |
| SHA1 | e5a91b232e7c479e5432d4227d9078f5f0ddd614 |
| SHA256 | 89ac21e6e68dfbad8f1e86c6ee74a96ecf15847ec3ffacfa2039124a94432ed7 |
| SHA512 | 3db31191149ee37459ae71f916420ad4f8221237f866abb0570a93444ada666168e5449231634e1c5542301f4816c5128403c418f6c63cad6595aeb66d5285c0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 91b385b705451eb0122976ccbd32b313 |
| SHA1 | b66170678f6b356ec4b2e040c7bfc0509893b8b3 |
| SHA256 | 2d48cd0416425b572d4a59bc13707067a04dc0a5e45b46f898676a29b5570c26 |
| SHA512 | 57b3648e24ef3e7b79d1dcdc42fc2452dca3af3df0bc68504329570d9f078d555793e3a9d178d476e84c3fc1dade1e67adb3fa09b39006d26b2ff21f61afbcfb |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b10372297bd938830a724bb025d34e35 |
| SHA1 | 854f81afe2e88a43c0c26eb6d38f24feb344566b |
| SHA256 | ec67b7d575b62c9e0662d1a002a1486cd47198a039eba690a4ff61036c1797f9 |
| SHA512 | 0cd8996cffde870c64d5bc57f5e6e854995814dc385672b9c22e661065140121ccfb9a6938ef27164c8ddb8d128f08ffbc53bbc4a471c56ae48edf563cdf3125 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0a87a296b84a3ce2f05c7e254b36e865 |
| SHA1 | 26f90a98c4f3740823b19d942b54ef65dc33bfb5 |
| SHA256 | aed59d37f82512209f16516514baef1ce593b143d66a69fbc7351a5f3ea4d352 |
| SHA512 | 2f9780ba590f1b56ccbaf208cceb91f91ed5b48e1aa016726a3d513cba26634623b75a2b021244c0a334aab0b9ac4fad7c10b7f95081066838d335f30fc649c9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | be27032d4171675aa9cc078b8bbd29c8 |
| SHA1 | a8b9814057831fd6751f4567f314790048ed2148 |
| SHA256 | 03de26d710668e74b531e1de4055956b5fd33b3d73124062d9a693863daabe89 |
| SHA512 | b7507aa8d01b7a853eba71508d39015e89d961d129d02919b7f6ce87ac044f06688faa7a84c9a49b0e6af0885abc50ca7f32ddb7876cfce66a2cebb02447a50b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | a266bb7dcc38a562631361bbf61dd11b |
| SHA1 | 3b1efd3a66ea28b16697394703a72ca340a05bd5 |
| SHA256 | df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e |
| SHA512 | 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | 99a22cda6b823f37d04864d06896f86a |
| SHA1 | 709e0e15958037e428af4180f0525fde5e5ec298 |
| SHA256 | 6e2c5f50ad197224ea3c8f0b7f52f1392b9bc8c54b7d3e89ff2ae10ea6cb4554 |
| SHA512 | 5064293acfd1ab46af420afe1c1f01c5b352e33feb5f5622f600a4a933fd2adef61654f88b3c8493dbe91a53c3f5bdc0c87e9dc9323f848f62cb39278d9c5a60 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2de9dd856e2a9d6c4ff5ff92d86f9b72 |
| SHA1 | 160130e4a4b96bb5fce40ffe0df6dae17fc2e9eb |
| SHA256 | 3cba8918c4bf06b0651fbc21658af26be1f7df81e6ecb85faa861c3a56548331 |
| SHA512 | 46150af91f530fdbd635243417c4ad353db1a8cb8ed8267fc1a670099786ef34bde46cc2e01e8dbd3e92236f76be523c5c6963e4fa2f3c2330d9d1bf160507da |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 30828e30b5a6ac40e0b62b73fcdf5c3c |
| SHA1 | da1296f553fba77de3e502ddf5d809c0b684ae3c |
| SHA256 | 30641b306b233ab7ff65c7439bbe8430a9c0584327360630229c63fa1c47cb04 |
| SHA512 | 9753140d641b6a2473c246c64c98d4897f8ae2244414cb0b8f4272c51c16d10b196379a979a688f0db63409d0c6e2c3b2c521d933b5029e20027af3a2f4e471d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c167f1f9fef75c3317477d9073606217 |
| SHA1 | 05aa9c9755dd4e19a868c9a67c82687d7cea9852 |
| SHA256 | c39dfa4db74d78e08433755eeed986b6cc965a15316ff507308019b5435e96b0 |
| SHA512 | 15fbb2ae4e16ef037a47cfe4fb22e22d1180b05dfdc38a92e5201b1d669adb11c57f620bd1cae6d70e0b5b498bc349229cc8baf82c3adcbd9440f1636b621c87 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 25a40bfd95663473b1e4076fee916509 |
| SHA1 | 8000b4ddd7929848b9db2524a5b02626b1214499 |
| SHA256 | ab9c0e4b431c3a1d5e915ba8b3ae86d06745d50e3eb435bc26f3a2e85d16bd70 |
| SHA512 | fe7f5cbe29291d282e6713406ac00c53e3ebec3febecd16480ba52b951a51bd9dd482472a55d408f816efe6051130f705b16361d080927d7b6b0e797aa2d6177 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | cd2dae226a29d79b378a5a59bcedc0f4 |
| SHA1 | 2d08de7aae6c99d3f9927c758cada28569772cf6 |
| SHA256 | 49a0dc71a13092f6eba07e920ae089f780e0c35046b634167380906ed1ed4ab0 |
| SHA512 | 3b16a8d5ae8cc082b7b6b29b6333d5a63ba7a130dac5b38f39ef43164f46456cf3161f6d89f6c4d77bc799ea1ab14aa756cd9a0f2f771b5a329b364ef93bf6af |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | 220e5e2a000bd67bd48592686d97b81e |
| SHA1 | 65a6f9bac3d027c3feaef5319e0da02704dba310 |
| SHA256 | 04ba81c9d06b95bbc0985a9ba0e4e2a3ab88fd1766dd8173f702bf57ffcb5380 |
| SHA512 | 1a96881ba78497e24b4294a5fd0cef5654782c2204abc063e8440ae79ee3093ac431d498a4cba0689c54bf479a5b3d2dcd0dc584346ac6200fba671e7ee991cd |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | e4a68ac854ac5242460afd72481b2a44 |
| SHA1 | df3c24f9bfd666761b268073fe06d1cc8d4f82a4 |
| SHA256 | cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f |
| SHA512 | 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0179864b891e7ee203cc7fb261344072 |
| SHA1 | 15813c2043df905e60cf531ea05683bdccfa4533 |
| SHA256 | 30d8b4cc2ce478af4a136315047564df263c885a940687a315e3e96fc7ec9adf |
| SHA512 | 26f37fc8b603fbbf93259817ee178df7b0973c3eeeff1c9a5b53dd7c722624cc98f395756eeb519fb5e0e2c064f1525fbf09851825e29b0cdb7b0b036c411a70 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 70c43b06436973f69d5be99c551609cd |
| SHA1 | 15c5d11cbc2b98701cf623ad29d2712ceb40b1b1 |
| SHA256 | 98de5e111073d663c686510d379e662d69dc78fcff82374ccdded78869775da5 |
| SHA512 | a79265a8f4d515954ad4830d84780f16877f302a17eb2074bae6f02c43083189c596a87b0d2136c3145ab8aaad28f7568caf85dc384e6196ec7cf9aed6b4448c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a94faec81885155e8e0bbc50d622ff9e |
| SHA1 | adcd582b0ad7ffa39a8b0ed50daa9ae62b0be7d5 |
| SHA256 | cd1787abca7e97cef3aade8fb759244411378fde7ab3c2a540bf71696e79c4f1 |
| SHA512 | 36820bfe93ecd2cb2ce5e3857164cc63b437c40aeaecb779922a4a01326f1612e581c9a8ed6ae07b03ffcddb0a0c343cbf2ab4bd35e7ed363df445c2d7d57bc7 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-03 12:53
Reported
2024-06-03 12:55
Platform
win10v2004-20240508-en
Max time kernel
145s
Max time network
151s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\91dadc3c3e4b87d1487a985672e192f8_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb533746f8,0x7ffb53374708,0x7ffb53374718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2064,9548961520585217395,3264681501519993278,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2076 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2064,9548961520585217395,3264681501519993278,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2184 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2064,9548961520585217395,3264681501519993278,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2752 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,9548961520585217395,3264681501519993278,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3240 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,9548961520585217395,3264681501519993278,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2064,9548961520585217395,3264681501519993278,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5224 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2064,9548961520585217395,3264681501519993278,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5224 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,9548961520585217395,3264681501519993278,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5332 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,9548961520585217395,3264681501519993278,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5348 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,9548961520585217395,3264681501519993278,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3396 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,9548961520585217395,3264681501519993278,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3420 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2064,9548961520585217395,3264681501519993278,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2040 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | cdn.rawgit.com | udp |
| GB | 143.244.38.136:443 | cdn.rawgit.com | tcp |
| US | 8.8.8.8:53 | cdn.jsdelivr.net | udp |
| US | 151.101.1.229:443 | cdn.jsdelivr.net | tcp |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | 136.38.244.143.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 152.107.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 229.1.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 226.21.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.150.49.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 64.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 204.79.197.237:443 | g.bing.com | tcp |
| NL | 23.62.61.72:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 237.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 72.61.62.23.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| NL | 23.62.61.72:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 55.36.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.211.185.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 86.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.31.95.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 203.107.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 30.243.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 200.197.79.204.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 87f7abeb82600e1e640b843ad50fe0a1 |
| SHA1 | 045bbada3f23fc59941bf7d0210fb160cb78ae87 |
| SHA256 | b35d6906050d90a81d23646f86c20a8f5d42f058ffc6436fb0a2b8bd71ee1262 |
| SHA512 | ea8e7f24ab823ad710ce079c86c40aa957353a00d2775732c23e31be88a10d212e974c4691279aa86016c4660f5795febf739a15207833df6ed964a9ed99d618 |
\??\pipe\LOCAL\crashpad_1576_TIRZPLFXZXVKQQOD
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | f61fa5143fe872d1d8f1e9f8dc6544f9 |
| SHA1 | df44bab94d7388fb38c63085ec4db80cfc5eb009 |
| SHA256 | 284a24b5b40860240db00ef3ae6a33c9fa8349ab5490a634e27b2c6e9a191c64 |
| SHA512 | 971000784a6518bb39c5cf043292c7ab659162275470f5f6b632ea91a6bcae83bc80517ceb983dd5abfe8fb4e157344cb65c27e609a879eec00b33c5fad563a6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 3762c775bea703c021c472337d95e803 |
| SHA1 | dea1aa76f220700aca241a9fd84d5d10dcea5796 |
| SHA256 | b97e164c62a43cbd8999771e5115d18117ff0d2e73027c0313b757e0345ca608 |
| SHA512 | 47ad3f4595fb12e79eb94521175152623c8282980a91453916690fce515c71571ea23bc52608e8a49263c2d02af4c5a8a8f4ff0e5a340e45c9e0368bdd81aaaf |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 206702161f94c5cd39fadd03f4014d98 |
| SHA1 | bd8bfc144fb5326d21bd1531523d9fb50e1b600a |
| SHA256 | 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167 |
| SHA512 | 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 604de3c6a85edd54cf41289f13e4d216 |
| SHA1 | 629dc033e8d6667cd6d40308382e790a91a32dc1 |
| SHA256 | 7037a26041aef99aefc4a7e42d6fec06d289743b25baefbfe8364c52be92b437 |
| SHA512 | 3a2bfab63579513e7fd701bed9e42a3ee176810003fa9c3f59c7873046ba9f22984faa883a803b8e38eb56c6c406b138a17e839e06b328f9dfd3c6c4a67a9178 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 32896ec9ab4cbae21b0eccaf562681d6 |
| SHA1 | b2113538b4fd45fec178e59aa4d754b5f969f1ec |
| SHA256 | 7f65118b3ecfb986c205f872f8969a6951f9061005b63144789179ba57633692 |
| SHA512 | c204eaa19c2b817d9f5cedd562326464e4b25aac7ecb174ec2feefaf9e26a94e8339219de959f5b877223509032cdae5e03562a3d45cc139963d218ca55f63b6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 71ab06ea8ee41dba1601f7af671ce677 |
| SHA1 | c64dfb9950b4ffd87bdd2979a963ffa0b4ea7eea |
| SHA256 | 8845a3e50cc32853f48e47ca6ac5a6ff3c623a57a5ca223c05289817e00d8e80 |
| SHA512 | 7f4c21ae6cc607c48f18f20284605af2e6ae140512f0913c53a13c4465f0c5e2c5acec6b616a978538c46b494c8b08b19f0a1a54b96c20de79e1dd904fc99f6f |