Analysis Overview
SHA256
abe462632894efed03413db5e48b79a5dbba29315c5c7c1b5e077290ae5429ff
Threat Level: No (potentially) malicious behavior was detected
The file 91f5148673d2ee29b999d513f507d912_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of SendNotifyMessage
Modifies Internet Explorer settings
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Enumerates system info in registry
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-03 13:31
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-03 13:31
Reported
2024-06-03 13:33
Platform
win7-20240508-en
Max time kernel
139s
Max time network
141s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000bd2a7708e9798e4fa0b20f3efd8e9361000000000200000000001066000000010000200000002073c6694ea45896c2c558708dd6673e5c8352ebb8b413b696c5141b6861acfc000000000e80000000020000200000004ef03bb4a77aee68715318581ad8ddfb1244fb7f7be30544919e2cfe6e5bbdf820000000e98ab639cf2cca276d5e0125c8d7132545129eca903aedbcc52ee9c1ac222b2f400000004f1fbafc4be48984fa8b723e14df369abc2a9aaad8b8570a12dd170f71f28a2627414575b395b025a845180d46a1ed2f821e4b00dbd9d89decd19255d3317991 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = a07a5d5ebab5da01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{869A4A21-21AD-11EF-B6D8-6A387CD8C53E} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423583331" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000bd2a7708e9798e4fa0b20f3efd8e936100000000020000000000106600000001000020000000cf8e141833584f0058038336fe84ac176a74983ff9eb5d4f05a032f9b2aeeae4000000000e800000000200002000000034c0acc2de9807fe744b91416255af8e5841eed6154066ca9ebd469e99298750900000004588bb161c26d1217c11dd40bff525b39fc9168b33d96be080bb06a9ba218b68016cacbd04f7674696745ac74454fd407503f62fc89afc4008ae3ab9b3ce2c8ca33891653a597f4691ffe058fa2d49856c7dbc53f1a0b110bef51c8bc7b867ad22f89ff084083a453ada4748a326e479e1ef37273c8ca5f91f48c69d988079808c180085e028f8594ebde7b0ead016fe4000000060b9004487656aa3b02368854cd495c969c5fa32fa40e2fa0f6845bafefd17a0f66cd490d255a52ad37f65fddec044c0a61b60697f27d83d0115767422d59b76 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2236 wrote to memory of 1344 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2236 wrote to memory of 1344 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2236 wrote to memory of 1344 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2236 wrote to memory of 1344 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\91f5148673d2ee29b999d513f507d912_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2236 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | maxcdn.bootstrapcdn.com | udp |
| US | 8.8.8.8:53 | www.americanbuiltpools.com | udp |
| US | 8.8.8.8:53 | s7.addthis.com | udp |
| US | 104.18.11.207:443 | maxcdn.bootstrapcdn.com | tcp |
| GB | 142.250.187.202:80 | fonts.googleapis.com | tcp |
| BE | 104.68.81.91:443 | s7.addthis.com | tcp |
| GB | 142.250.187.202:80 | fonts.googleapis.com | tcp |
| GB | 142.250.187.202:80 | fonts.googleapis.com | tcp |
| US | 104.18.11.207:443 | maxcdn.bootstrapcdn.com | tcp |
| GB | 142.250.187.202:80 | fonts.googleapis.com | tcp |
| BE | 104.68.81.91:443 | s7.addthis.com | tcp |
| GB | 142.250.187.202:80 | fonts.googleapis.com | tcp |
| US | 162.241.252.173:80 | www.americanbuiltpools.com | tcp |
| US | 162.241.252.173:80 | www.americanbuiltpools.com | tcp |
| US | 162.241.252.173:80 | www.americanbuiltpools.com | tcp |
| US | 162.241.252.173:80 | www.americanbuiltpools.com | tcp |
| US | 162.241.252.173:80 | www.americanbuiltpools.com | tcp |
| US | 162.241.252.173:80 | www.americanbuiltpools.com | tcp |
| US | 162.241.252.173:443 | www.americanbuiltpools.com | tcp |
| US | 162.241.252.173:443 | www.americanbuiltpools.com | tcp |
| US | 162.241.252.173:443 | www.americanbuiltpools.com | tcp |
| US | 162.241.252.173:443 | www.americanbuiltpools.com | tcp |
| US | 162.241.252.173:443 | www.americanbuiltpools.com | tcp |
| US | 162.241.252.173:443 | www.americanbuiltpools.com | tcp |
| US | 162.241.252.173:443 | www.americanbuiltpools.com | tcp |
| US | 162.241.252.173:80 | www.americanbuiltpools.com | tcp |
| US | 162.241.252.173:443 | www.americanbuiltpools.com | tcp |
| US | 162.241.252.173:443 | www.americanbuiltpools.com | tcp |
| US | 162.241.252.173:443 | www.americanbuiltpools.com | tcp |
| US | 162.241.252.173:443 | www.americanbuiltpools.com | tcp |
| US | 162.241.252.173:443 | www.americanbuiltpools.com | tcp |
| US | 162.241.252.173:443 | www.americanbuiltpools.com | tcp |
| US | 162.241.252.173:443 | www.americanbuiltpools.com | tcp |
| US | 162.241.252.173:443 | www.americanbuiltpools.com | tcp |
| US | 162.241.252.173:443 | www.americanbuiltpools.com | tcp |
| US | 162.241.252.173:443 | www.americanbuiltpools.com | tcp |
| US | 162.241.252.173:80 | www.americanbuiltpools.com | tcp |
| US | 162.241.252.173:80 | www.americanbuiltpools.com | tcp |
| US | 162.241.252.173:443 | www.americanbuiltpools.com | tcp |
| US | 162.241.252.173:443 | www.americanbuiltpools.com | tcp |
| US | 162.241.252.173:443 | www.americanbuiltpools.com | tcp |
| US | 162.241.252.173:80 | www.americanbuiltpools.com | tcp |
| US | 162.241.252.173:443 | www.americanbuiltpools.com | tcp |
| US | 162.241.252.173:443 | www.americanbuiltpools.com | tcp |
| US | 162.241.252.173:80 | www.americanbuiltpools.com | tcp |
| US | 162.241.252.173:443 | www.americanbuiltpools.com | tcp |
| US | 162.241.252.173:443 | www.americanbuiltpools.com | tcp |
| US | 162.241.252.173:443 | www.americanbuiltpools.com | tcp |
| US | 162.241.252.173:443 | www.americanbuiltpools.com | tcp |
| US | 162.241.252.173:443 | www.americanbuiltpools.com | tcp |
| US | 162.241.252.173:443 | www.americanbuiltpools.com | tcp |
| US | 162.241.252.173:443 | www.americanbuiltpools.com | tcp |
| US | 162.241.252.173:443 | www.americanbuiltpools.com | tcp |
| US | 162.241.252.173:443 | www.americanbuiltpools.com | tcp |
| US | 162.241.252.173:443 | www.americanbuiltpools.com | tcp |
| US | 162.241.252.173:443 | www.americanbuiltpools.com | tcp |
| US | 162.241.252.173:443 | www.americanbuiltpools.com | tcp |
| US | 162.241.252.173:443 | www.americanbuiltpools.com | tcp |
| US | 162.241.252.173:443 | www.americanbuiltpools.com | tcp |
| US | 162.241.252.173:443 | www.americanbuiltpools.com | tcp |
| US | 162.241.252.173:443 | www.americanbuiltpools.com | tcp |
| US | 162.241.252.173:443 | www.americanbuiltpools.com | tcp |
| US | 162.241.252.173:443 | www.americanbuiltpools.com | tcp |
| US | 162.241.252.173:443 | www.americanbuiltpools.com | tcp |
| US | 162.241.252.173:443 | www.americanbuiltpools.com | tcp |
| US | 162.241.252.173:443 | www.americanbuiltpools.com | tcp |
| US | 162.241.252.173:443 | www.americanbuiltpools.com | tcp |
| US | 162.241.252.173:443 | www.americanbuiltpools.com | tcp |
| US | 8.8.8.8:53 | www.geschenkeversand.net | udp |
| US | 162.241.252.173:443 | www.americanbuiltpools.com | tcp |
| US | 162.241.252.173:443 | www.americanbuiltpools.com | tcp |
| US | 162.241.252.173:443 | www.americanbuiltpools.com | tcp |
| US | 162.241.252.173:443 | www.americanbuiltpools.com | tcp |
| US | 162.241.252.173:443 | www.americanbuiltpools.com | tcp |
| US | 162.241.252.173:443 | www.americanbuiltpools.com | tcp |
| US | 162.241.252.173:443 | www.americanbuiltpools.com | tcp |
| US | 162.241.252.173:443 | www.americanbuiltpools.com | tcp |
| US | 162.241.252.173:443 | www.americanbuiltpools.com | tcp |
| US | 162.241.252.173:443 | www.americanbuiltpools.com | tcp |
| US | 162.241.252.173:443 | www.americanbuiltpools.com | tcp |
| US | 162.241.252.173:443 | www.americanbuiltpools.com | tcp |
| US | 162.241.252.173:443 | www.americanbuiltpools.com | tcp |
| US | 162.241.252.173:443 | www.americanbuiltpools.com | tcp |
| US | 162.241.252.173:443 | www.americanbuiltpools.com | tcp |
| US | 162.241.252.173:443 | www.americanbuiltpools.com | tcp |
| US | 162.241.252.173:443 | www.americanbuiltpools.com | tcp |
| US | 162.241.252.173:80 | www.americanbuiltpools.com | tcp |
| US | 162.241.252.173:80 | www.americanbuiltpools.com | tcp |
| US | 162.241.252.173:443 | www.americanbuiltpools.com | tcp |
| US | 162.241.252.173:443 | www.americanbuiltpools.com | tcp |
| US | 162.241.252.173:443 | www.americanbuiltpools.com | tcp |
| US | 162.241.252.173:443 | www.americanbuiltpools.com | tcp |
| US | 162.241.252.173:443 | www.americanbuiltpools.com | tcp |
| US | 162.241.252.173:443 | www.americanbuiltpools.com | tcp |
| US | 162.241.252.173:443 | www.americanbuiltpools.com | tcp |
| US | 162.241.252.173:80 | www.americanbuiltpools.com | tcp |
| US | 162.241.252.173:443 | www.americanbuiltpools.com | tcp |
| US | 162.241.252.173:443 | www.americanbuiltpools.com | tcp |
| US | 162.241.252.173:443 | www.americanbuiltpools.com | tcp |
| US | 162.241.252.173:443 | www.americanbuiltpools.com | tcp |
| US | 162.241.252.173:443 | www.americanbuiltpools.com | tcp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| US | 8.8.8.8:53 | platform.twitter.com | udp |
| GB | 142.250.200.14:443 | apis.google.com | tcp |
| GB | 142.250.200.14:443 | apis.google.com | tcp |
| NL | 192.229.233.25:443 | platform.twitter.com | tcp |
| NL | 192.229.233.25:443 | platform.twitter.com | tcp |
| US | 162.241.252.173:443 | www.americanbuiltpools.com | tcp |
| US | 162.241.252.173:443 | www.americanbuiltpools.com | tcp |
| US | 162.241.252.173:443 | www.americanbuiltpools.com | tcp |
| US | 162.241.252.173:443 | www.americanbuiltpools.com | tcp |
| US | 162.241.252.173:443 | www.americanbuiltpools.com | tcp |
| US | 162.241.252.173:443 | www.americanbuiltpools.com | tcp |
| US | 162.241.252.173:443 | www.americanbuiltpools.com | tcp |
| US | 162.241.252.173:443 | www.americanbuiltpools.com | tcp |
| US | 162.241.252.173:443 | www.americanbuiltpools.com | tcp |
| US | 162.241.252.173:443 | www.americanbuiltpools.com | tcp |
| US | 162.241.252.173:443 | www.americanbuiltpools.com | tcp |
| US | 162.241.252.173:443 | www.americanbuiltpools.com | tcp |
| NL | 192.229.233.25:443 | platform.twitter.com | tcp |
| US | 162.241.252.173:443 | www.americanbuiltpools.com | tcp |
| US | 162.241.252.173:443 | www.americanbuiltpools.com | tcp |
| US | 162.241.252.173:443 | www.americanbuiltpools.com | tcp |
| US | 162.241.252.173:443 | www.americanbuiltpools.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\Cab1B7C.tmp
| MD5 | 29f65ba8e88c063813cc50a4ea544e93 |
| SHA1 | 05a7040d5c127e68c25d81cc51271ffb8bef3568 |
| SHA256 | 1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184 |
| SHA512 | e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 399365997c5f82b515817aee78e9df56 |
| SHA1 | d02e4a8a9ef44afe1a64998aca469144a27e92ff |
| SHA256 | 6de647359e21a56f0e068d6cc5d27b6e566e85c111aa9d026c1d52a1f736dc65 |
| SHA512 | 6f3548412b37d438fb10735eca2fb3872c9a4545e551a30fc223adc6118f76c959ab8d3cf3e55e735562aa7384f80719e9b8c01742389787b72b6e9f165291df |
C:\Users\Admin\AppData\Local\Temp\Tar2BA9.tmp
| MD5 | 435a9ac180383f9fa094131b173a2f7b |
| SHA1 | 76944ea657a9db94f9a4bef38f88c46ed4166983 |
| SHA256 | 67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34 |
| SHA512 | 1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\J8SD872Q\plusone[1].js
| MD5 | 53e032294d7b74dc7c3e47b03a045d1a |
| SHA1 | f462da8a8f40b78d570a665668ba8d1a834960c2 |
| SHA256 | 8076b082eadf0cab4a8823dbd7628a0b44f174c17b3221221c0e31e7c60307a2 |
| SHA512 | fe263fe86aea2ba1b86d86305650cdeee45cd1f7b4339f9d4fb81db776b78abedccd0ae77262f45d579751daa26f81385354b3d126fdb5577036e9dd1db33276 |
C:\Users\Admin\AppData\Local\Temp\Cab2C27.tmp
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\Tar2C5B.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 50feb0c4a374082c8472dcfc2f06476e |
| SHA1 | 3292bebd3bb0844dbdca78503f5097c6a78cfed7 |
| SHA256 | 31aae1b032ebb2dace9660bc58e833c8caeffd8292b5fb0d3a91b1225672bfd3 |
| SHA512 | f0880a68ee6627e4c0b590749eb874fde7b35e16d13198b2be730c2e5386317df6e4c6fb9422042ccef33b9ff39a4ef0893c70e0e89de97b475dad9a868ac9fc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 508c1e679adb322eadb895944ca7ef89 |
| SHA1 | 27db075bc3a303dd92633462c501ef6719c459cd |
| SHA256 | ed26a841d1276319047756f862502bf30dfb2d3cdf8d22db9b3dba2dff996795 |
| SHA512 | e0d58a0279015cf70f8b5fb33691339e7a117f56abfda425922ba3da0af618c45f353b8bb18a4c815f702f82cd57952780de3ae2cd284dd2ed0bfa293a3aa920 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 96f1d4eaa0f1e582b562877704d72040 |
| SHA1 | 258ec818ff4523d1b4c22168664bddcce16c27bf |
| SHA256 | f567a8ced143533241f70235c29e29c72197c1609d16484e088a054cb47067ae |
| SHA512 | d81475cbb34326992ca48dfdb42a4967a98fc178d8ca788b8bbc9a2cf2fd8953bbbd893aa0c52e595cee27a7a05b290f5ed6915497354ee7220bfede1956d203 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5f70eda03d04366e4426eae2d2393264 |
| SHA1 | b2c5dbddf95a18990463b009897cfaad28e95967 |
| SHA256 | 3d15fcc250cdc67734bd67b3d46dbcd250b2c0fc331fb464c38e67a3951f7055 |
| SHA512 | 01f07706d8e999b9f70163d63761f6013137561b0302163c4efff7bac1ba018a407e1855fa653e378f7317a3d7e90b5d5f3d301bbf27df632813847a8e264143 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d5cd6fe7210a624580242c7bba1817a2 |
| SHA1 | a814a171f23c339e25ca1f3774edd78c37092534 |
| SHA256 | 0d413a31a46a94a43f70106540ecca6fd030524f1205c10f44e271e4d9f7dbf5 |
| SHA512 | 538c6592660a50022e7dc1da652791fe141cc30fd6431bf2ac224c64b26324a87346a8c59898f41981deb06f6e28909b2d66c549999c341905e679a9add3e3f6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1756474f38c2d453313f7b4069bafd46 |
| SHA1 | 28d24fca9f3bc42afa50c5096c4060200084259f |
| SHA256 | 26e5505b7f15515778faac9f2094715cbc43cc378c49940c19bcecd6afc41acd |
| SHA512 | 7d80a0d5fcaffa6ac45897f762db2fc2775b77f4f2eeac57e4fe9046768163784faa51a50d239cc688ba260ead97945ae6227f0e2eaeece7fa9f61ca3377f890 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2e354aa626ebe90633ec70e46945db7f |
| SHA1 | c59a4b804b9cb8fa04c3bbf00945b27a15d42f11 |
| SHA256 | 293a1b370017da4e166068ff7389129774ffa501f5c9176cc7ebf05b2c218e7a |
| SHA512 | 4906022feb3e877002013fda4b4fb5e6584adb9da44aaca603e3a25c168051274754d1cb9bbd1261f10a39ecef32c9395b68a6b2c7204ba38b32e86b11485f6a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7ae1a6cb8f41cb703594a04fed36bead |
| SHA1 | e8b968acb02ac8c6f26149dcf57b3e15aea95b75 |
| SHA256 | b0ab9dac3f1f14666bb749fa274516a037198d006e88467f92064098920d371b |
| SHA512 | 0b66f3698ea4a0d233c6a0680eefa0914410cec8191764d7430273b55ea5cef6c4490c209c1c4c55eff692ec2763b6720d7478fe7fd496315d7ee0abb0972e0f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 903b0ae416a1565916543d70b0762108 |
| SHA1 | 914bc65e137230f1915840523b43cf0e60cac0f9 |
| SHA256 | 0dd96aa55e7b2a568734a53f62badb60046b448fa12150e8ffbfdc79ae112550 |
| SHA512 | 4cbb594f854f8290e9de4bca8cee00104dd4c7bc59f0072422206b00e369343bb1874124a5ac5ec8c7ef827e0dc5d69125d67a84c384fde8c4c0fb57c800befe |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d5d1b86afc084b3bc2cea78cb15ab700 |
| SHA1 | c56e18d8c9b1d774226824ced699aca2ab4d9c90 |
| SHA256 | 5c35ceeffba0020fa77c9795a73f315f1285ececcd75e703bcab30181892c457 |
| SHA512 | c60d00503abb202a663904e13b12fa55e480cd379413fb9121a213ec681616e845c643069dc73879dd126dd6f91e2e798be1ee9857a0d87ef607712c95e0b50a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6558fa38318b2fa4285386d447cf3568 |
| SHA1 | 5d533aa910802c1beb7a27d1475b51cd83e6c050 |
| SHA256 | e5c8ffdb53cbd5b990b1b0cd4189fb5fdf17c2983e0401e3bad384110d7ff7d5 |
| SHA512 | ea363494fc84766fd9ea2f23c88334313aeaeaf2425b7c1c212b9dda6dfefda75abf3be4d6713b63290880646cd804089929bcc5b54a420debf639df86db35db |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | fb9fa761ba455581636426b1c08a9dee |
| SHA1 | d5793d3033455433d740966f4bac6168e5c4f16e |
| SHA256 | 46d713e156c23fbf01bf39ade7351c28dbfbb481756e9b934de74001e10bc521 |
| SHA512 | ea513f58766a9132d5b80ee85ac6a448795d8685dab1495ad09b247898b588f2f78bf105b7effd161e616c1d636e41b0829feeb4a64869df80d892ea7645ee6c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f96f08a0c4a28a175f35c69cde21840d |
| SHA1 | c6df8edf4bced7703e733e08cc4b38d38a0d189e |
| SHA256 | b19723029d472e7cc34a7d21cb2f9ac38b3aa078eaec377264d57a5775abb790 |
| SHA512 | ae0f714198900e0133dcd86781ffcccc5407af9877215ad48590cbd4013948cb59af322440aaa9ea82d7248153933ee73c08534c45e1d9307e01cf95021b9a11 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3d4bb75f285655d077e89230cc81ac5a |
| SHA1 | d444d08f0298c59591a5537a96dcb014761cb376 |
| SHA256 | f7fc37c57d79b2f7138552413b2307d648f2ab6d7137639ab2fead934502366a |
| SHA512 | d55125f3310a2d1c76a4db1b59c8b05160b06ee131999c8419acbb31fe32f040ed43360d7ee0adb8a55e61a5bf43a1711d6c912999b84abdf9856efb2fef495f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4c31fc2440818ef06582aafd339f0577 |
| SHA1 | cc0451c5a18fdb97bdf2d201207f6578420c9956 |
| SHA256 | cde362067de89c333c4109068f10bcb2249052f43113879b5ff4f18778937153 |
| SHA512 | b7a2948155999b4ae47fed0ae57d0428072a0546c33b5cee96bb60ab71682340b43a640d80592b78344e139629b74cd6a798dad16876ad0ed140b3255694b837 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 93d65f84e4cd1b3a34b1433a7863574b |
| SHA1 | 8a930d674940c3f6d040abe2b913287996de3039 |
| SHA256 | 7a620e042f0530535c63ba2ce96193bb2b0e75d6e2ac287908b03e4c772d98ce |
| SHA512 | 11157ada7e719e2521b2cf79f70e6b20cdfa5eb90242a47b3b7f18da67ad4a3ab30d77133b3e3efc6a2453e1e012aad8c8305df05651f5230b247910fc17bf95 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 015a513bc50318095c666a9919340b30 |
| SHA1 | 3fc3bd2c05d957548a50ca5d4a2bf5bd4c3c2635 |
| SHA256 | bcef9f8b8091d87e3c5be100eca90235e015bc9044ac4d1efbee667ba428d905 |
| SHA512 | da8357692743344c2207830f85d1d49f803bdea9e8e3323f7962567d8c87cb37084500daac9b1c0689dc0ad2daf69c7be4a98c4d9dc5c0d62faa32ecb5c2b248 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 467fd8f93299e2709bad3433bf1bd0a9 |
| SHA1 | e91b7b76255057b2b517922ffdc6e86aff166e4c |
| SHA256 | d661631a1e1682dcb69d72cd76978f95a445bfacdd4660e832d14fc6d47762e0 |
| SHA512 | 0facd2ee3a62d870c4a4611fe914909f4aa9b56a3cf504e12f162075a84eb28706f0a86aacfa59ab6415e69adfbcf4b020ee56db8531a36442ccf8eb935e57bc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c057091c4c3aee5566a69290ed9c33ab |
| SHA1 | b9f38e545b12fe18d3dd2030f4a124342633acc7 |
| SHA256 | a485c61e067c6e2c71e96568fe8d896ac7176fed6974833092fb67fe2c7aa98c |
| SHA512 | a4ff7e7e4609ac63596f9e7683835e4218e42534dfbe4e18ac50c733a096ef4043fd969924ef5e8bc504b69961f4e7c3714639cce4b8d8067bda3342c74ae00b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a46a37c332a0f08ca890f7dc682b6fb8 |
| SHA1 | 7c9dfe5f5fad860199731fa1b9dead3b6a4e5075 |
| SHA256 | a6cad1066bb15972186973d4b0311b98f6c3b2ed5335fdd45ab3f6941ce8fb7c |
| SHA512 | ed909fcc924debbbfc774471112ac620b274ec3a77ee2e0778b782aa4dbf04904daae15e52b894d377462862fb85e8ec88e101536b6903a22f3125d3204efe99 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4f146e273ac99f9ea488be5f57a0f143 |
| SHA1 | af6f24fa314f348b12588a67ce4a75193b94bfb7 |
| SHA256 | 93d8301e2df5d5c39c641e8f02be482f4a87cc91ffc07b37ab90478dec103508 |
| SHA512 | 8fd5ea328693cb994aec355b7a35f607cfedf59a64589ae2f2dc444dfe1fce3b4c11489a627cad65c6932414355c11cf2da689fe4685b7f2761c5b45730f7f9f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 043d5c841e9ecaafdb5530c3be21bbb4 |
| SHA1 | 73bf351359e8b7958769358bfe318c8e62d32682 |
| SHA256 | a2a367c08b816251f1437637b0c868cb1d4e72c8887aea44dcd202e64e1fd112 |
| SHA512 | 1b9bac6a60a42cc754deec396bbe0db85c021ed8daef700a1a04c78d62243239139d94ee3d74b3cfb4196f41337fda3649aec08ad0afd28561617084ff1edd3f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e9d9a6461c987f552277bccba4c410b7 |
| SHA1 | 61222e87ab71702b718fb530dfdbfe605ca69a49 |
| SHA256 | b96f7884dd5a58a1df2a7e7f5009a18f7226e6157983252d40851e127975dc74 |
| SHA512 | da625e8006876b91807b7b683a5464663adce0fb5e65e317257a8168be4be58457f190125ddd28b6423e22215a7466771c7f866bf9f3bc49cc2abe0f4e2cf00c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e50d34636da23f0c8d226d2cb5de47ee |
| SHA1 | 698db085b4598037a5a7336c8f62f4ad6e9497b1 |
| SHA256 | e87a86e14e95e2749d7f2cd773d10dd6e7633d81d5c643b484178d7502577c8a |
| SHA512 | 6aa130965d7241e04d9ee7cf4047b80dabe5c5e1cd0bfbf9990e9501addea969cbb9442467b59fa0b6dd7e1f3b169f0b7da8c7f84e3a506d86260dcc1d9f3bac |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 23ce6f45d0bd2d56df201c4f14118d37 |
| SHA1 | e4bbcd8c915829b1d3f758d2cb359feb7b061ead |
| SHA256 | 4363d85e9fb0969ff1ee6ce4981fc0666f56e726ed2a4ef502b226d58ab8baf7 |
| SHA512 | e4448db145bc1e92b57544d23ec293c6aadff626fcbc224490a2d9db5f33d3316d1e75b5c0d9794e9c7f67f0507f0b751e5ca6207c12e656761a7ce008591dc5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 517adb9a9c4858fc3a43b6e623e1ddbf |
| SHA1 | 0ebf375cd965d5ec011b0b1afb4cc23c944ec1ba |
| SHA256 | 3cd5c4f4d8376a5ec85b71feb5ad80ad15bc97dd32c46edfcb85bc33e4b657dd |
| SHA512 | 653cd429445ab20f53ff5778e2971234160da01c68f42f4979efe136c71bb64a75bbf59703c8c99ecc13c24c1dafa933936a6545fa0f3c6f5df9edd56cb9fe78 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 667693a96ffb79ae258b5fd060f25278 |
| SHA1 | 725544503cd4141014c79367a095adc275a7e852 |
| SHA256 | 3f6ebb66542f54b9032ffe6b9628b6b20bcb8554c8277767bd5a4207961d7db5 |
| SHA512 | 0ba8708abb4be63ed95ab8ddd51a45e6397662527f8dc2e7ae3cccbaab18e512af13a344489677ed7efac5ee1dc8fd03b71ff06c8864b3d9f836cea52b1e9d33 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a10c4ac23d07c301d8b1c0aaf32b8d49 |
| SHA1 | dfb7cebf3d16b3c2adbef5527ad2eb1632de023e |
| SHA256 | e3f47b4f65f968149cb46231ec40208999d1dff150d98f2ede12bb5e9564b2b4 |
| SHA512 | 8691ffa7f7e5a848dd17e610c7fc4c25df706c539da99de657a13764f63ea55dea780f3b5e3aba554b553e8c9771a6ea4d92517ccda0962658dded05a29d4faf |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-03 13:31
Reported
2024-06-03 13:33
Platform
win10v2004-20240426-en
Max time kernel
145s
Max time network
146s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\91f5148673d2ee29b999d513f507d912_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8930846f8,0x7ff893084708,0x7ff893084718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2148,18344515148520829661,3832514792106967128,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2160 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2148,18344515148520829661,3832514792106967128,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2240 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2148,18344515148520829661,3832514792106967128,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2728 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,18344515148520829661,3832514792106967128,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3204 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,18344515148520829661,3832514792106967128,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3216 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2148,18344515148520829661,3832514792106967128,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5360 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2148,18344515148520829661,3832514792106967128,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5360 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,18344515148520829661,3832514792106967128,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1768 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,18344515148520829661,3832514792106967128,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1716 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,18344515148520829661,3832514792106967128,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4080 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,18344515148520829661,3832514792106967128,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3552 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2148,18344515148520829661,3832514792106967128,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4796 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 232.168.11.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | s.w.org | udp |
| US | 8.8.8.8:53 | maxcdn.bootstrapcdn.com | udp |
| US | 8.8.8.8:53 | www.americanbuiltpools.com | udp |
| GB | 142.250.187.202:80 | fonts.googleapis.com | tcp |
| GB | 142.250.187.202:80 | fonts.googleapis.com | tcp |
| GB | 142.250.187.202:80 | fonts.googleapis.com | tcp |
| GB | 142.250.187.202:80 | fonts.googleapis.com | tcp |
| GB | 142.250.187.202:80 | fonts.googleapis.com | tcp |
| US | 104.18.10.207:443 | maxcdn.bootstrapcdn.com | tcp |
| US | 162.241.252.173:80 | www.americanbuiltpools.com | tcp |
| US | 162.241.252.173:80 | www.americanbuiltpools.com | tcp |
| US | 162.241.252.173:80 | www.americanbuiltpools.com | tcp |
| US | 162.241.252.173:80 | www.americanbuiltpools.com | tcp |
| US | 162.241.252.173:80 | www.americanbuiltpools.com | tcp |
| US | 162.241.252.173:80 | www.americanbuiltpools.com | tcp |
| GB | 216.58.201.99:80 | fonts.gstatic.com | tcp |
| US | 162.241.252.173:443 | www.americanbuiltpools.com | tcp |
| US | 162.241.252.173:443 | www.americanbuiltpools.com | tcp |
| US | 162.241.252.173:443 | www.americanbuiltpools.com | tcp |
| US | 162.241.252.173:443 | www.americanbuiltpools.com | tcp |
| US | 162.241.252.173:443 | www.americanbuiltpools.com | tcp |
| US | 162.241.252.173:443 | www.americanbuiltpools.com | tcp |
| US | 8.8.8.8:53 | 20.177.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 202.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 83.210.23.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 207.10.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 99.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 173.252.241.162.in-addr.arpa | udp |
| US | 162.241.252.173:80 | www.americanbuiltpools.com | tcp |
| US | 8.8.8.8:53 | s7.addthis.com | udp |
| BE | 104.68.81.91:443 | s7.addthis.com | tcp |
| US | 162.241.252.173:80 | www.americanbuiltpools.com | tcp |
| US | 162.241.252.173:80 | www.americanbuiltpools.com | tcp |
| US | 8.8.8.8:53 | 91.81.68.104.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | connect.facebook.net | udp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| US | 8.8.8.8:53 | platform.twitter.com | udp |
| PL | 93.184.220.66:443 | platform.twitter.com | tcp |
| PL | 93.184.220.66:443 | platform.twitter.com | tcp |
| US | 8.8.8.8:53 | 66.220.184.93.in-addr.arpa | udp |
| GB | 163.70.151.21:445 | connect.facebook.net | tcp |
| GB | 142.250.200.14:443 | apis.google.com | tcp |
| GB | 142.250.200.14:443 | apis.google.com | tcp |
| GB | 142.250.200.14:443 | apis.google.com | udp |
| US | 8.8.8.8:53 | 14.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | connect.facebook.net | udp |
| GB | 163.70.151.21:139 | connect.facebook.net | tcp |
| US | 8.8.8.8:53 | 26.165.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.39.242.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.23.12.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 30.243.111.52.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | b2a1398f937474c51a48b347387ee36a |
| SHA1 | 922a8567f09e68a04233e84e5919043034635949 |
| SHA256 | 2dc0bf08246ddd5a32288c895d676017578d792349ca437b1b36e7b2f0ade6d6 |
| SHA512 | 4a660c0549f7a850e07d8d36dab33121af02a7bd7e9b2f0137930b4c8cd89b6c5630e408f882684e6935dcb0d5cb5e01a854950eeda252a4881458cafcc7ef7c |
\??\pipe\LOCAL\crashpad_1696_JHCUBMNAVMOMOUUP
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 1ac52e2503cc26baee4322f02f5b8d9c |
| SHA1 | 38e0cee911f5f2a24888a64780ffdf6fa72207c8 |
| SHA256 | f65058c6f1a745b37a64d4c97a8e8ee940210273130cec97a67f568088b5d4d4 |
| SHA512 | 7670d606bc5197ecb7db3ddaecd6f74a80e6decae92b94e0e8145a7f463fa099058e89f9dfa1c45b9197c36e5e21994698186a2ec970bbdb0937fe28ca46a834 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 4aef5707ff1fe80861f8dbfb10852c50 |
| SHA1 | 6891dbfb2bbd2bf717327377803e92e3bd7cb755 |
| SHA256 | 363e11843c715ca76bbe22372028caeef58e1c0fddb301d008bf53167d663d8a |
| SHA512 | 1fcb7f8fca79faa300c6fec5ca655e7fc9ad33517137507b964a12f336affb093104054d03b159b28be0f941f0799a58e0c881e4a18848630dc4b739436ab06c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 721bf5886ddf13a5af2cbea02a94cd5b |
| SHA1 | 37f583690dc7ab2337a7f58f27464c69e5dfcb5c |
| SHA256 | df18c83d84e80ba5bfac3b36b5590187ca7ea1d2be6f5c75e67cb007efedc25f |
| SHA512 | 3743551d9833b050afd9206ed5869de9d5fcd67a4127273fcb8c763541f124da86a059f39dc6545417e0d1a81425fef157f4c6c44f50da5138bab8cb82026341 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 74e8cf59c1a55ecdfd6d4e6fb05cea1a |
| SHA1 | 7a607e786499af1c76d560253b9438a9cf93a783 |
| SHA256 | 2006aa578dd7cc4431c6778dcac54e192a2acbc2bca7e88cc92e002131f4303c |
| SHA512 | b0e9df67ea6709fb12a333a4cf27e1027f26cf3c0a90f8cd644ed7dce416834dbcff10b5377ac6ace224db52a48990414e49de4d871cd6792f6f57bd5e887941 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | daab9409f87a1528c09515ab6f17c272 |
| SHA1 | eddbc24e4c2acede19132e5960e00f0c6df9b8a9 |
| SHA256 | 09d777ad19d2c989124a2cb1b2d815f2fa32c8d905ae25250ce957d8305a859d |
| SHA512 | fd4d3b04c649e583317fc07a873b137e9db24006b110d18c5bf5c356c4e98df379b610934bcc0e0827ee395eeb8259ba9eabf75e469c20d2eae683a4c1835fdf |