Analysis Overview
SHA256
04a62484f57f18f1b997feee86f230a20287a18a31af9b346fb82cdbf4bbd1c0
Threat Level: No (potentially) malicious behavior was detected
The file 91f4dd798e7c964ab04a557e1da9721b_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Suspicious use of WriteProcessMemory
Enumerates system info in registry
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of SendNotifyMessage
Modifies Internet Explorer settings
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-03 13:30
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-03 13:30
Reported
2024-06-03 13:33
Platform
win7-20240419-en
Max time kernel
118s
Max time network
127s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000d7c7e73b934388418857a0db8be9c1d1000000000200000000001066000000010000200000000a98338ae23e6ef48b0f9a0f73bdb185ea20fd8ffd78c541fe8f8be8ecae6280000000000e800000000200002000000060e771d91591cef6d4a3f7c03afe569a30f56e10d60f58715496427dfd64083c2000000010461ddb40428b4d665ba720ccb95cd5f49075631f58c4ee2100a62b680e4a0140000000e06b6c06e34d27031ce18615bde40cc1a37a240693e50c904a296921ba6467d6e1dd5af63d360e7e3110c16f28d48f5386447f22efc9229229f3824952c1ad3f | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 50b8a064bab5da01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{771B3FA1-21AD-11EF-BBEC-C662D38FA52F} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423583306" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000d7c7e73b934388418857a0db8be9c1d1000000000200000000001066000000010000200000008564367350b260ebc103cb1100f44dd8f79606832a90d3c920c68a0d5d18379f000000000e800000000200002000000082aee98fded42959e30d60b9256c23283e04bcb9a2ee4951a6565c8a41c5f1f3900000008f79cea8f3a84998e62abbf0371fc808cc2f4afb547aee1420c050fa68725d02243cbeb57d19dc5d51762f98a472f9a633d1abb863da5c3d0784e31576b01214583f91ba4e4eadec24d57b94859bac63c0e561f7199cbeafc34b385de381f192c98ea4e38841b9ce445cba29e86931c6bd3fb58f0aab14aedae65ac5d7c37267070f90e29f5f2f8fe13f2706240634f940000000866140a3fbc6c805ca1e4b9e35523fc04595b46504c6d6ab75f2607216dd9919b3a2f6f161870cb1ef5da6c92a98677ef4aeb6b03eba33b049a12c7436e06ab9 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 1084 wrote to memory of 1296 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1084 wrote to memory of 1296 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1084 wrote to memory of 1296 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1084 wrote to memory of 1296 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\91f4dd798e7c964ab04a557e1da9721b_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1084 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | noklips.net | udp |
| US | 8.8.8.8:53 | cdn.jsdelivr.net | udp |
| US | 8.8.8.8:53 | uc-portaller.ru | udp |
| US | 8.8.8.8:53 | 1319952915.uid.me | udp |
| RU | 195.216.243.149:443 | 1319952915.uid.me | tcp |
| US | 151.101.1.229:443 | cdn.jsdelivr.net | tcp |
| RU | 195.216.243.149:443 | 1319952915.uid.me | tcp |
| US | 151.101.1.229:443 | cdn.jsdelivr.net | tcp |
| US | 151.101.1.229:443 | cdn.jsdelivr.net | tcp |
| US | 151.101.1.229:443 | cdn.jsdelivr.net | tcp |
| US | 8.8.8.8:53 | uc-portaller.ru | udp |
| RU | 195.216.243.149:443 | 1319952915.uid.me | tcp |
| RU | 195.216.243.149:443 | 1319952915.uid.me | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\Cab1B11.tmp
| MD5 | 29f65ba8e88c063813cc50a4ea544e93 |
| SHA1 | 05a7040d5c127e68c25d81cc51271ffb8bef3568 |
| SHA256 | 1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184 |
| SHA512 | e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa |
C:\Users\Admin\AppData\Local\Temp\Cab1BA0.tmp
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\Tar1BC6.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 854bd4f328a278fad43c0ce4b6789651 |
| SHA1 | 44096887946686ed47d7287f27b398a9acaeede4 |
| SHA256 | 8b391835778d251d82a1731ecca969151ed5325a5054b85b792c364606f2ad38 |
| SHA512 | 012108d0635d92ce7a41c366428ff120eef2ec93698bc7d29adc6f1b88f38c29eb819c02ee75646ebaf2022d8ac57b60bb99d7067c3efee317105fa52fe6f137 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 31e58253ade87df6e4577aa1aa48b637 |
| SHA1 | 44a36e7b547a5b7574bf507e13946cfc3264435a |
| SHA256 | 53df1a9aa8fc170159a962cafca37bb6f7f36bd97f5b6df9dad54308ed9b1ef7 |
| SHA512 | d9034d1206e9958449426868236323b64247bc4c6beadbb12e5bbc809380c20812f989cf48a061938d81f9b950f5fcaf1ff8de8bf5cdd35beecd33f47f96a4f6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 36312863d02ba7986144efd2bea7d8c3 |
| SHA1 | c9a3b0e0c0e065f5fc2cde45b5c333652bd6a915 |
| SHA256 | 7dd91c1a43ac797cc6960d623972fed4218e6ff6e964badd1026fae021e42b1d |
| SHA512 | 5d98f48cc997d169a50f91ee89d8e5dfd03928997d6f83ffdcada90b493f40635969948aa746e1920b582542821d2b219ae26be13a23d8d25f33585083cf7a34 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 58c18e11a7abfa07312dd0724a695ab2 |
| SHA1 | e9750e05ea31efc584a1d4ccba54060a602176aa |
| SHA256 | 51dfe65ec1a19c76b32cd6910434df1b10d19154c016054da1d1abc0458844ea |
| SHA512 | 4212f9619582ec8d89c4ca04a08d05eb5726af7580f4824cdc6db481e185bff7275a7082ee839910062bfbbf4fdef01e795acdb91269e9be0c7b5e54bc47d15f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c87b4ce0201fb97561d52e2ab656e8be |
| SHA1 | 54ec72c969b2f9831c1a4205ae5b7eab49ab6971 |
| SHA256 | afa01c2ac41a2ceb383b73b829348b568f51777498754098759bcfa672cd9a2c |
| SHA512 | 5fd7078fec6a74b0b2251bfaf873bd493e6ae16b68187c29d8e5064f1ef7c9dabfe04b583d6d4dac77dd38f0915e6eb7f7209d1b8a8e552d89c7442a8a9f3b3b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 763b9c6b37ae4cf37f5f3c7a6080f8b6 |
| SHA1 | e15ef8cd3bce55110b91fced89810c0b76290245 |
| SHA256 | f6a645aff86049d4b17657851ba5401ee014081c5532692b38b7be0ed42f520c |
| SHA512 | d436770f5457b9c55e2325c6d448ae2c6dc983e757c16017a686280ac76f3a0989737483e0461fb9914343f949e5dbae6e5b119473d514090832d8eabd091e8e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F59A01A8B782D93EA6991BC172CEFFB1
| MD5 | c5dfb849ca051355ee2dba1ac33eb028 |
| SHA1 | d69b561148f01c77c54578c10926df5b856976ad |
| SHA256 | cbb522d7b7f127ad6a0113865bdf1cd4102e7d0759af635a7cf4720dc963c53b |
| SHA512 | 88289cdd2c2dd1f5f4c13ab2cf9bc601fc634b5945309bedf9fc5b96bf21697b4cd6da2f383497825e02272816befbac4f44955282ffbbd4dd0ddc52281082da |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F59A01A8B782D93EA6991BC172CEFFB1
| MD5 | d52eb8a556e6a32dbdb05766f58c7db0 |
| SHA1 | f7ae6dd63f65db9c549fd9d3730b33c1249604bb |
| SHA256 | 191c1c5c00bec59092ef7e3b927fbbe9cbe4397b5e86b698fbe50b1e2477cd8c |
| SHA512 | b3fce16cccfe87cc827175561ddc382db0d1a57f3de8020a59f8dc370c9066a85be5345e225e73d634a15c11a89b14ea841fc98cccaafbea16bf39c2a1ccdf31 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | acd25a6dedcfaa1a631069729ea04135 |
| SHA1 | 1369a9f0867686e097135bb8ea8b14b6ddbfcabd |
| SHA256 | 91a3d7e8d2dee93db053ed373e537c200e628bdb01e7a6a4d7a1236dc743f781 |
| SHA512 | e486533c60f1d370539b1f68b97dd12f0beadf4571629b8203a26f9ffcea32017620a2d534ce77d077db69d31b4439021b1272409012283602ebe3d886fe3d75 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b926592d30d0d4b8720778d3b307a5d8 |
| SHA1 | 87d84e9b321cb85a9e1cb3ed934fbaf769240b84 |
| SHA256 | f3229518e4c20126bebf80749fc420ad4e924b8b985473ef6933fbadebf44dd6 |
| SHA512 | 281beabccc9ccdb4a1432c2e3462885595deb444203d44f2cf4638c1157f1c09a28590501b9bec6a22af870cf44f39071283965146aa39b0269ae91aa42a367c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | bf3285b945e27b962363bfd431a0e02d |
| SHA1 | 83c8d986567f5ef163caf0355416ab1ea1a1f2be |
| SHA256 | 69c36fa6391bb1835ec7af94461af075ea058057967096d26ed69a96657e1b6c |
| SHA512 | 7ccd60f56cc3ab50054798a6e0c981933ee906a09093b2c321ebc9498c016ae714c58f827d0caa9cc6f0426eda1db5f4b3bf7352e33084cbacd365bfe0131ed0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | de4154b4232475160ef25d199c27ba00 |
| SHA1 | 7311712e2cbaaee116e1805883f39e2941099ed5 |
| SHA256 | 7f882b6aaf8fb03fdf7cb0b9ceb487d259ea9f1356bcd7720e4d02c880bbe76a |
| SHA512 | 9ac1962033512f339d2040e7c475eaaf4eb1697c34cae9c744019bbe0334ee3847a34faf2dd448f637609a71b5abb399a75c2f63dfcbf743789a64af4fb457ac |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1edf1fef1cb418f737e2dcaba19e31b7 |
| SHA1 | d3b80f71ab5583cc89f26867bd9806b4d6b774ac |
| SHA256 | 76fc70805211349c60b80ab177db5e23e38b6b84241cb0964ac160b178224ada |
| SHA512 | 8a78de5407188e11d74c2301b53b7ac64e423939bf025b30d1be918580d2cd5837152424bdaad232e1527180d6e13bd6b56ea0411a3806b8fcbd72d93be27999 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0b5f1637554e582de11e4936f094e4e5 |
| SHA1 | 09a461fbe043bf335e768f353120306f52454543 |
| SHA256 | ca5483246b85ed42cce6f0554f50a5b0eb0f60a62eb7036ebadb4ab49ae4c815 |
| SHA512 | a3c38dbd9c99bfc76daa92f56bf520539f44b5a3c415886623a57ac8cdf040aab146409323139d8e498fb3cd3655b1b87d98d0a624bb22547628b0ffd018cddc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 881730b5ac9dc68b838c65f1cad4fc2a |
| SHA1 | 6c66d33240abd4ae7f62d360f4fcef1455b7218d |
| SHA256 | db4180951257b482d368cdf0de2a14da659c22071880c9bcf34fbc119741c5d8 |
| SHA512 | c169484d8442ef2946c88939616e6f4d79da05c7dae6076aedaaf284f71329f8b3bad6062e89938522bfbe2593c37711deb74d27c747b86177f1e1ca1de8ddef |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f4b9db204cf08828e5ec0e4604c3338c |
| SHA1 | a4f29f057cdc5ac358748cdd713ca4a11a611614 |
| SHA256 | bc56e40789f9cfbb668019eec348d98db4ae955ec8550b7bac223d58ab8a0b29 |
| SHA512 | e674f61e53613cd2ae61d07c53d725b4f7579c04d47564bf9b15d17d4870d9144ac0ba3f60eaee554a47172bf9b3805905cd588929c2843b49698d95db8ff67c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | dbab8c5ee1ac643ab340dca2e4083a16 |
| SHA1 | ae92ded5b2ec33c08cd97956a3626207dc900860 |
| SHA256 | 9bf74a9ff9a715f6739364df90092273cf165dd52dcc0b8685f9f30fd49ea97f |
| SHA512 | dcb0418d78e4e39f7fcc6519482a7999c0286611efec0cb81c461d5a41f9c88f6d3120742dea11e806c715f29504fae9c722577973e93b7960fb4fcfaf306ba4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4d5cce90eb726d43628bdc92bfe92f34 |
| SHA1 | fbb1e9574b6a8924cd0482c1ca0b13fca1373008 |
| SHA256 | 7def5a908f18336abcff10ac9764a574abf9901a0eb2aaa2fc3c8262cb42d8b9 |
| SHA512 | 507daa2c8f51582640160976cd9e2e55a1df100311acecb082c7a5bd12eac96cb0e185d29f0b65da506684ecf98b21d4405cbbb1696e888dd73b4251f90a833f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | fd65ff09a1e213bb3da629df2a68d742 |
| SHA1 | 2aa4b1746f0e591fd8cfe175bce8504683073b7a |
| SHA256 | 9b5032435376954d05a14fc825e86260cb71a119c90bf4128b8956a6c92e6f1a |
| SHA512 | 0b92ac701810a75ca067b050deba13251c2708e5922a222d9b7b062c0b437ec01e696f202d1b199379fbd58c64b4a24a2a4598917fc1867d735d0172028360ba |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2b8099e8f8019fc0a906cce700f18f62 |
| SHA1 | 6749964a86281ef9cdd7f9f7d9a775dd0e16be60 |
| SHA256 | 60a9d7e1589f3fa7b28f749a408f0364b2a2a17994d4a862df10c6252d86bc9f |
| SHA512 | 159c064d6cdad609f20e5715ef133016a14159f9be09eea0cac0d0fd680fc7877800e7295e5239ec065ba01ed08b94d2bdefbace6138597cc82a2a3cd600f080 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8fad21bb91019f5a5f581d4cbef9f512 |
| SHA1 | a565f14bb90c12de67c6b1197b2ef6429b85767d |
| SHA256 | 7b8b5fb132976ac66f6f5d231c1848e60cce9f5416c890c81a5952c00f4ff07e |
| SHA512 | 6dd62e1574e2d6a48109a36018b197ec32d8571c1170231be5a28c32b28a56baca33aa8eb2790b55523c9101c4870b3a63217da963d3a715c73233ff4ffa6ad8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d516405752b025b762b2a9d11fea4d23 |
| SHA1 | b42483043e26ef683e851e309d3027b14f8a5b42 |
| SHA256 | 72c1cbae6da9628b44dfb9c38f220f4eab5be60b0e0875527701448f42cdb66b |
| SHA512 | af6ebd987b3972b763ea887e9dbd15001266a0766770e32e72030998fc414b85201d458e333d03e7755639af7d288499d13cf6cb3aa6dce2c91db9a9230fed73 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 60acfd82c4ca0f473f857112fcd039a7 |
| SHA1 | 0e4c196f81991c55021ff53dcf1bcc592bd9cbb3 |
| SHA256 | a44b915d0ed0053926ffaf05876aa70bf33298c81cf8d7248db54dadd86357d6 |
| SHA512 | 0c2e5ab1102ed72bc830574c9eedd54b570b71e7c54c44a5171ef8986f96ee9053b1416c943573274837bb946425a960f5fe792938d9d39eda2819e5bbd5cfd5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 20151292791b0a40e6a9e8b9b83ab3b7 |
| SHA1 | 681ffde93d66c5009e1718b7cd95c9e88223f754 |
| SHA256 | e839f4169a5da898edee5360c02c27e33622cd4101a18e6ad40d5dd2eff20841 |
| SHA512 | c4f4fb2a140f228e5e5904ae80a729d7b73ed466dfe7ad76bed88ff49a7c0f50a77bd674ff4a804c42b20cc3202aafa266996558959b8f2bc9eb945edf19e8f0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2e96c315ad4a9a58d456d33356f5ccbb |
| SHA1 | 0cca6c5f7395d46c92911c0ab47780d45e866477 |
| SHA256 | d6d466c4956a1eee63388aee05ea7c60bd5c1cc194d5935b0af97b745b51d927 |
| SHA512 | 6e87326ceef2fef2dbfe54e25d89731333ea2ee7160e0adc825911b75b0ba91727f84f43bc3cbc34ac546b6b60dac3f4285a2dd63692e8b5231208acba2d022a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d77b254fbcd6ba3fbadce6727ffcea0d |
| SHA1 | 66f65a3c93cbcdd2fb20b0b3977db0e027dbd69d |
| SHA256 | 329dafab2f56850164460ada2a437244a9e6ea3fe84a3ecf6dd21327bf81c28f |
| SHA512 | ef86209cf092f2f21ee39d1861bdd024b4748a64e2ea92ada82a9321f9cc04ed2f3987960f26fef96b8ef8cee95966d55d71f4cd020aa616842e1d532a57ce34 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 777755a17250fd1c9cd431a859398c8e |
| SHA1 | d2c99116557ccea1747c39fa5d1487d37fa1d9fd |
| SHA256 | 07f054561daebe422871ac616292b27e136ef42737319392c2c4bc2446ff5b60 |
| SHA512 | e9932dfadc3bfe6ca02ffe21950b09ab709283c08230158e93cf9622a09f2f2eea2873b9b10e88df07b410986a171e89b6c468992478ccbccb9278cfd6bf23c8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 241cb643e27839aa7c9ea662510bdfce |
| SHA1 | 5dd4d1706e138bca4014368d8219a9b3a36f9fed |
| SHA256 | f77d6ae91f2c84dc3c7dcd12842fccc9c2f134276d016df99d3b6626e0985098 |
| SHA512 | 1aade93d9489f65bb34fd02e4285e0848d96aa8867ebfda0dac8a2ed9fbe38da75f2a78d85cf690631b8189bf62f2dbfd38f1c5d7c3c64214d018df8e42e440d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5a3f324dbf7c3ae6facb57d516113374 |
| SHA1 | f993d635e890099026172daafc3c4b389407524e |
| SHA256 | 2d827403d20e099f4f8f709b6821999ee2a4280a3352b61541163945299816ce |
| SHA512 | ffffac152463596a0bcd5cfcc368b30136770eac1c702d8cab5242f29a50b29e13d1d2d59e8088e1cf3023b5e882b9fc903b1b67fc3798ed380b462856b2f5e5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 886bd03a2122e6cbb2005b68de88919a |
| SHA1 | 1e1997440b3291909f25c706f5b18480226b228f |
| SHA256 | 0fae5d831802531618f3f2c908cc37bf0735a93e85a530a75236cd2272aa4ba4 |
| SHA512 | 0c9755ee3de1236fd320683f6709b23fb70e288e97956137ff54cbdc13b89fbade8779301ec29a62b7383c4537a3471e2aa3e05b1a90c77b5879d0fefae5e413 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 95eea67043d399ed56df0bbd53a169d6 |
| SHA1 | d11000772167ce370f75de0eac0f86fb2317b0f4 |
| SHA256 | aa17336b07223421bc989ac9f914c9bf93f2ffb3f91a63e2ccde54620bb66a79 |
| SHA512 | 80648720a9aa65c6dd9958a6eaabcadbdae6dd3d493cb984d981a083e522b85a5cd159748f715f2a639390e1dfc97a73d1bab53bfcbb72fea4a1fc9d97654728 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ee3fcb558eaffb2276272186320984e5 |
| SHA1 | 9c7a0988dcb35586c7fc7f9cc944e650d45cedc0 |
| SHA256 | e71578b99ecbb8a176fb1f0acd66a06a44173e77ea980c3c5aaa02a0bf15ca95 |
| SHA512 | 0b69ce59ce5b95881d9805e77c84e54e6c275712a16bb37ac9e950b42976082e589fd6cbbfd8bbbf41e7c548898b66a01ba13be767adfd8605fd1a55bd38c0ba |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 94287acda1e8ba384406ec693495353b |
| SHA1 | f191f946c56d0921151d6bfbe9960b8303f82c03 |
| SHA256 | 50ff5798db68cfa0efbda58f18efbe7ff0b13d51271be33954772f780e4a29e4 |
| SHA512 | da19570808ab9364fcb77cda180b38fe4375ea3857f6322f6ebb00c709253fdbc0ed27392f61466aa5d827841cb73935bc87996a582447881ae8f2c4ea8a33eb |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1df3b3447381f741674b807b3989b95e |
| SHA1 | 4723982abe64b2f93d1741acb6a6e5c4bf21e5ab |
| SHA256 | e97a0d2cb6ecf77142ee07467a0d986e352b0c8b2556a74c3da49175abc422e2 |
| SHA512 | b8c15d55daac76c79ebbd44c3bd429d19378ab2476daca8fffcb6e0dfcb774052d17a84105d843bcaa46c9e5925595637429378d2d8de2cad378968ea2cc2a3d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e9ee20b6648037101c09cdc47a5126e0 |
| SHA1 | 431afd263823a282b09729872805324f593fef6c |
| SHA256 | f669c90299243efede9df0fe1fd5ca06be65aef59897f92cd7a0f91e22d86f5d |
| SHA512 | 483583432d6f50fe8854a0a82b7e2095c05bce690518326be6c37319cc8506dadd82070826afb656ef3c1c41ef1c7e6a69020066c1cb5d5c5345914e54f1139e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c92eba58a794887d0d5ca3f82544151e |
| SHA1 | fb4039f3a0539fb9f14920bba31e5bc8a538fe95 |
| SHA256 | 899a82ca837a77d04c28334ea7806a42a165fe01bd25d8f591eed57a1745751d |
| SHA512 | 34599a143fbc91c5d087c6376208c038c2b96df8e3d9d422e6fb2d2a71781a7eb97336f739c70b5011927a6299bcfc5d0ae49240ddfdc38dac09f6652dc38831 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6be4ee34a3cb361cf682b1c547488761 |
| SHA1 | f2d8144e54ba552afa6c56036d8834578f84b20e |
| SHA256 | ba287d96e1dc6cfacc7a84837b2f31c0b65e10a4e2ad0f317b3e30fb84c45cd1 |
| SHA512 | 2b0be9eb6fda034d2a8ddcde54ba9cd9540fab6f891386a2cdd43b8e27e7763cde70e93704f9aa170c32b18c556ac3a8bfc4b76a6b38561db5c64ad9571118b2 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-03 13:30
Reported
2024-06-03 13:33
Platform
win10v2004-20240426-en
Max time kernel
148s
Max time network
152s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\91f4dd798e7c964ab04a557e1da9721b_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8f56546f8,0x7ff8f5654708,0x7ff8f5654718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2160,15919245051773196353,13101789883366614223,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2172 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2160,15919245051773196353,13101789883366614223,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2144 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2160,15919245051773196353,13101789883366614223,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2932 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,15919245051773196353,13101789883366614223,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3292 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,15919245051773196353,13101789883366614223,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2160,15919245051773196353,13101789883366614223,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2304 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2160,15919245051773196353,13101789883366614223,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2304 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,15919245051773196353,13101789883366614223,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5096 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,15919245051773196353,13101789883366614223,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4084 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,15919245051773196353,13101789883366614223,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4152 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,15919245051773196353,13101789883366614223,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3336 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2160,15919245051773196353,13101789883366614223,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4748 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 228.249.119.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | noklips.net | udp |
| US | 8.8.8.8:53 | s97.ucoz.net | udp |
| RU | 185.129.102.190:445 | s97.ucoz.net | tcp |
| US | 8.8.8.8:53 | cdn.jsdelivr.net | udp |
| US | 151.101.1.229:443 | cdn.jsdelivr.net | tcp |
| US | 151.101.1.229:443 | cdn.jsdelivr.net | tcp |
| US | 8.8.8.8:53 | uc-portaller.ru | udp |
| US | 8.8.8.8:53 | 1319952915.uid.me | udp |
| RU | 195.216.243.149:443 | 1319952915.uid.me | tcp |
| US | 8.8.8.8:53 | 20.160.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 229.1.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.210.23.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 226.20.18.104.in-addr.arpa | udp |
| RU | 195.216.243.149:443 | 1319952915.uid.me | tcp |
| US | 8.8.8.8:53 | 232.168.11.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | s97.ucoz.net | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 58.55.71.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | counter.yadro.ru | udp |
| RU | 88.212.202.52:445 | counter.yadro.ru | tcp |
| RU | 88.212.201.204:445 | counter.yadro.ru | tcp |
| RU | 88.212.201.198:445 | counter.yadro.ru | tcp |
| US | 8.8.8.8:53 | counter.yadro.ru | udp |
| US | 8.8.8.8:53 | recreativ.ru | udp |
| US | 8.8.8.8:53 | jsc.marketgid.com | udp |
| US | 8.8.8.8:53 | 26.165.165.52.in-addr.arpa | udp |
| US | 172.67.141.144:445 | jsc.marketgid.com | tcp |
| US | 8.8.8.8:53 | jsc.marketgid.com | udp |
| US | 104.21.46.191:445 | jsc.marketgid.com | tcp |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| US | 104.21.46.191:139 | jsc.marketgid.com | tcp |
| US | 8.8.8.8:53 | franecki.net | udp |
| NL | 89.149.200.234:445 | franecki.net | tcp |
| US | 8.8.8.8:53 | franecki.net | udp |
| US | 8.8.8.8:53 | 152.107.17.2.in-addr.arpa | udp |
| NL | 89.149.200.234:8041 | franecki.net | tcp |
| US | 8.8.8.8:53 | 13.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.173.189.20.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | ea98e583ad99df195d29aa066204ab56 |
| SHA1 | f89398664af0179641aa0138b337097b617cb2db |
| SHA256 | a7abb51435909fa2d75c6f2ff5c69a93d4a0ab276ed579e7d8733b2a63ffbee6 |
| SHA512 | e109be3466e653e5d310b3e402e1626298b09205d223722a82344dd78504f3c33e1e24e8402a02f38cd2c9c50d96a303ce4846bea5a583423937ab018cd5782f |
\??\pipe\LOCAL\crashpad_1616_OIGDYGWDDBWMODJB
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 4f7152bc5a1a715ef481e37d1c791959 |
| SHA1 | c8a1ed674c62ae4f45519f90a8cc5a81eff3a6d7 |
| SHA256 | 704dd4f98d8ca34ec421f23ba1891b178c23c14b3301e4655efc5c02d356c2bc |
| SHA512 | 2e6b02ca35d76a655a17a5f3e9dbd8d7517c7dae24f0095c7350eb9e7bdf9e1256a7009aa8878f96c89d1ea4fe5323a41f72b8c551806dda62880d7ff231ff5c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | f824851eae1f6c46a4d54196fb0cb0cf |
| SHA1 | 5c3725fdd7eda584caffdd5337e9766f387e89f9 |
| SHA256 | 02788bd38079d352be0b6b53c0ebb9d0b951654e7f574dd1315f1e66ebf2ffcd |
| SHA512 | d840679a39ee3eac9053931ec92e9041589f670d01bec00ba625ec4ff293037ecec497eca61a203515923d0acb0db347473adc10c09f31f733f036f05d1459e4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | a4ed374124f40021a30446e60d185067 |
| SHA1 | 916e570a20ab830819c9920adb9b64aa8b4f79a0 |
| SHA256 | 6ddda86ddd1a833eae530c968b0b134a0964799089031a050a0339cbf1ea237b |
| SHA512 | 517c217f2e5fa7b31420a701ff6a10839470017bf17c2aa813e92332199fd74c4ee97e40ace94a4e10a65b23fb837f5d000eb67bdee904911ea1ed945f91d283 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 2065a0d8caed496e50c58a0516f800d0 |
| SHA1 | 56c8a1425555db48c6a622c423bad68f0d4ad322 |
| SHA256 | ff6414eeb4c689361177ddc92f3710d9a46abba1ca7c71fc3c0fd0ccb0e622e2 |
| SHA512 | 81b9b49455bd5d9c78b7e780ad083e0a0393fc02103051c909fb31583710e737aa8d65c5e09deea623a03538777a3067145a8ac5948f22f16b9af08f194ec5e6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | ccf3fa9544bc5fcca4634e576dc21d32 |
| SHA1 | 9242b52fc851fad6f76baf43866f85f48223094f |
| SHA256 | 008954e1761516158ee6966ab8096a6b59d327941aec9e078e648f0d6b758f9c |
| SHA512 | acdbaea166e9d5dbdb1ee3c87a80869e49ef43a213c3b058e40964e716c95e0a52fe247116152a4a3e5ac4dea614ecc70747fb630b69d30844b0f3aa63e80316 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 6717a44fb4925ab7012640aed9f08019 |
| SHA1 | 5b8a95ce555bdfb33fccbcd8ffc4cb20d101ee64 |
| SHA256 | ae4fc72112e3f8ef7a02150345aa418ce5b179dd38597b617a4f6b46452ae062 |
| SHA512 | b9c501c168b9574b9d0c68fd4b80553f818b544e172dc0c65f692d5c0b37283df84700e317d81d5fb346d09157eca483745ff557411af1aeba1d8999e086e42b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |