Analysis Overview
SHA256
c87563d9943e9d9dc763a794563e78431c76645466e72c218e064e492731652c
Threat Level: No (potentially) malicious behavior was detected
The file 9a60c1f067bede38ba935dac296bf5a2_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Modifies Internet Explorer settings
Suspicious use of FindShellTrayWindow
Suspicious use of WriteProcessMemory
Enumerates system info in registry
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-10 04:16
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-10 04:13
Reported
2024-06-10 04:41
Platform
win7-20240508-en
Max time kernel
65s
Max time network
150s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000bd2a7708e9798e4fa0b20f3efd8e9361000000000200000000001066000000010000200000009cc551252b44401d47422c9986ee4ed8bacdc06675ae3ad7e2b82cebb40df872000000000e80000000020000200000005ab6dc28761a4682b712f164a790b3d08c41d4d790f67a684e7556d0b56a695f20000000f1f275b094adfcbbc79c617cd4fde7a29b2eb461df6209d3edd4ab39f249e58640000000ef811e284a48fb93bb14692084584bd972ae8d55a95045caa88f035f4146ba1300a617fb967b178708021dd835d973c0cf58834a7cc2cebbb5293bc9f4eb1f9f | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 70ca8d5ceebada01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{8653BA91-26E1-11EF-A7A3-7A58A1FDD547} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000bd2a7708e9798e4fa0b20f3efd8e936100000000020000000000106600000001000020000000b12aea1f1ad437edabf44cc09065fa112ab647b69a4f63b53e6bf4e6da918c8e000000000e800000000200002000000084075cd915daa8907b723d5656d4c402320d5ee97a10a40c6d85e709bb5682fb9000000033132c7ae4767d784ce25421ebdb1e9c3a9a79a33d3d168b7b543e6ec38dd4ad848a075a408bbd6b515b37973af7a8e5962c89e0f5693f3e97cf0013ddd06c1b97bf5bff33770485f37455ed926da7129ba76875ffbba5332605413d6ae2e77b0859cc61dcbde33ddf825235772c45f63d464592caf7a6db44e29a71180a2e8e480fcab72e574a19ba37f33ba7c22e59400000005fcb1b692ac9d16eb47a235158ecb2fae9b03c20fff9d2be0e8e511aa9cb105e11cc4138c5ac1dd71c054025d0f127a0f49e27c7f6db8214b3cfe5f9e316a658 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 1276 wrote to memory of 2412 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1276 wrote to memory of 2412 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1276 wrote to memory of 2412 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1276 wrote to memory of 2412 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\9a60c1f067bede38ba935dac296bf5a2_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1276 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | ad.about.co.kr | udp |
| KR | 116.120.4.216:80 | ad.about.co.kr | tcp |
| KR | 116.120.4.216:80 | ad.about.co.kr | tcp |
| KR | 116.120.4.216:80 | ad.about.co.kr | tcp |
| KR | 116.120.4.216:80 | ad.about.co.kr | tcp |
| KR | 116.120.4.216:80 | ad.about.co.kr | tcp |
| KR | 116.120.4.216:80 | ad.about.co.kr | tcp |
| US | 8.8.8.8:53 | adapi.about.co.kr | udp |
| KR | 183.111.131.73:443 | adapi.about.co.kr | tcp |
| KR | 183.111.131.73:443 | adapi.about.co.kr | tcp |
| KR | 183.111.131.73:443 | adapi.about.co.kr | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\Cab1F84.tmp
| MD5 | 29f65ba8e88c063813cc50a4ea544e93 |
| SHA1 | 05a7040d5c127e68c25d81cc51271ffb8bef3568 |
| SHA256 | 1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184 |
| SHA512 | e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa |
C:\Users\Admin\AppData\Local\Temp\Cab2042.tmp
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\Tar2056.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b8ad8a97e42c762da0aaf9f3f966d8f2 |
| SHA1 | 60b4e1239d93bee17e6b630bba06725073b1e04f |
| SHA256 | 8216f5030eb547b057a2bcc4077ffcd4fd6e76040cdeb94cbc08b4d8badbf708 |
| SHA512 | 7dbfa38d1ba0643e549e6b9a1836064c65feda9cb15dac235339822d5e570d05259f8a8457684ff54f19c942dd21d937c62c4cf273c2e1c858876ddce1a678c0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d87783a4e899fa2b00a71425a030f192 |
| SHA1 | 5c06ba616d5ed5936ca1ab174675ff2beacb9b8e |
| SHA256 | 4dbe2569e222ada738b35f18fc6ee1196271b8694202b78a1aa423be5b5f3b39 |
| SHA512 | 4cba3c1f65a04df14139ee90cbeee623917e8cd757b54ec3e680bd9be6cf29c10ce48c49e07ef78367441853b77bec88c8969262f7b2508fa414853e9f6550a0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c4308df253630f3c95e18e9293d1e560 |
| SHA1 | f983d9250e50a1b676e70f4e0c26367c3303dddf |
| SHA256 | 0ca0e1d24ec4f17368e9aacc80c413f88aa45338dfb31af6b5a5c82090ec82c7 |
| SHA512 | fa201ae37069d525e540709d6c6477f5f49e795ac4ec88345cd433ff82ed733e015010d5a09d3326f5c66e34d95c1f746c4614ab38999a12b209ea70ad414c56 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 40db7d7bbaf035934541e01d0d8e0d16 |
| SHA1 | b49d448606fa2c020ea3a89dc9f11a1f59a1d834 |
| SHA256 | 3d55f810e620b729692bb0bb9b1713091d0d50a3975e5e9f1401e4585f2a509c |
| SHA512 | 65f7ba40dafdf5328b5fe9690d2883d45bc15e4a52c3661df54e8a417b66e600933883e7a0daf38e3fceec7b90d129e07854b037c7910a05f53470e2c272c5b3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 05e932d7941f5c6258d69d754c73cfaf |
| SHA1 | 7c5e74ed003c1239d64177a74958f5a70037d121 |
| SHA256 | 780cd7bfe9e6d13e6123c305801779ecf8668aad097551f12c436c3e7ade41b2 |
| SHA512 | 7ea5f7782cda9a739dea9e93457ede2057d14efb1d4db6ba36c8131518117043e168dc5a9fb2360f926d824fa1cd3c34929a669efb509478e34895fd2b5d6d77 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ea4d1fc4ec52156aaf712d04e56774c5 |
| SHA1 | 5a1e989a291e7c5269a4bab32151f667fb3d2b57 |
| SHA256 | 549535258dc7f56d775f2fea0a8a714f4c0be4b6b177f8648ac782f15df5ab93 |
| SHA512 | 5929d3e0e3f00667ac72b6e5edab4367b51059cf7784bf8e18ec0d1a44429fd19eab0e56f8e68e8a45a4bb6dd34a5a4452158db4f535a84c9f884caad226d4b1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | fc9cabfd935e47891676a6df0827adf1 |
| SHA1 | 2ef3bc9bf93ffa0b009fb85808e754ae1e231dd6 |
| SHA256 | 7a8cefcfb2383b6333dfb4df5cc3129656c7cdebaba913fc7082009d6845d449 |
| SHA512 | 954c3fa76d54707c975f1b975bfc772d27bcf0e2018b4b51b66bfbf72a3f76bceed5470366368483e160b3514c1a38c4d89a5c84aee495d8128ec6142b0d91e9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | bad466b6d058fd38c5993f47d12fa487 |
| SHA1 | 9acbd77c5877796ce38d8e324872f5ba91aa087e |
| SHA256 | 0b8e83c413928411c02b7094ca488b71bcbf7ad2ab322ffbe5f25cdffe63f9e8 |
| SHA512 | b49968c8b86372eaea65bb8075cbe9a912a7fc3c6a7b17d7f7c826356db39bd332ccb397fffa1a4966d88ded17e6e3ae9551d9c57359e8e4ca2f4c798b4710b0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d9693d0a5711f571b2e71553e1742806 |
| SHA1 | fed4144b8762c907fa91a2c35faa3593bc772976 |
| SHA256 | 515534ff33a1121c094dd1275eac51a3b9a093165a1f569e5fd85db515bd7fab |
| SHA512 | 0498d099f1e18cc5a0db2513bdbc66564e3f15c8345261ee9972a4cde01382720a4c7a3c2b4702610726fcd9738b9930e0d244915675289b8708f50129e2d428 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5ba874aa942dae57e2509a9ea775d3f8 |
| SHA1 | 5144c2a4e880a66c4cdddb7ca3a0993ffefad182 |
| SHA256 | df77e8fa31088f875906170b633fddee204fcf1dde2b009661a872ffffec5b29 |
| SHA512 | 68eb2450f64448152a7430184aa6e24fcc95d4188f8d5956eab54c451002a34b437bace2335f3190656f47a7e18c9bba5129a15987d0b7d53e98d35a77730ec8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1b56d5bb3822499b35c7600471b09f8d |
| SHA1 | f34f54d7d727ec79702a340f636326a65f90ac02 |
| SHA256 | a18a3063ec3f151bf1fec5372c819943f0c96f9bbcc3f0456cb5d98df3509ec2 |
| SHA512 | 2caf3d44abf9b3698488145b8cd5d0aecf1ae0c695fb5d16f34bdb16c4a4c39f03345af55969402e5035d64f08eccde6612dd08305b2c6dbe091b8835d31ec8d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e64ff1613f388a181967029d0c44b1d4 |
| SHA1 | eee6995a6582285196141b271ebeb0c20045a494 |
| SHA256 | f45493e4142d239886fefa2cc3e88c26b190fd31c8ae1df9c48794b37b724f8d |
| SHA512 | 688d02d426d5c7ce71738473e442f1e69d22d2e17cf40d8b1f3f9e30893bf343742fc5756cff1dfe9b2bbc21f49added3c18a96e7c0182edf4ea450840db4ee4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7a50353e0e34ca513b7f6f9cb7c52b4a |
| SHA1 | e853141c73e3e0ab3fc1dfd1e81267e8d3433ca4 |
| SHA256 | b13acda7e0cba6f7dd8369495536314a5001cfe9a74860c009119046bd7006b5 |
| SHA512 | e7525b347a12462475c1b7b48d2b55c48b0e87128bc8fd04ad0004d8aa7aa5a5183866fc873e2ca320425d84f2c4bf22564b892611a826db1752a894e73f6d72 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1404c4a0543166ba0dc96db242bbd92d |
| SHA1 | d8ccb06410fd64918871a97f9ac80b617270ba2c |
| SHA256 | 3eb7e912c0e304292163dda0d5d20fa02b1b53e5bc26bce32aebf46ac9fd1f9a |
| SHA512 | e0fdaf7491ac506de1276aefa63860007a2d45d2e61fe2d50c0cf0e7783b759135c100159a5fbf89b46932fa5a9dae8555f62f375500ba6fb7f0b42019df3eb4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 281f252602a4cf1d083ae96e7de3c4e0 |
| SHA1 | 15026c4a08d0d7bf9d9ba4f09f0cfefa5fe89dd3 |
| SHA256 | 7e46a5ac4bf2abf39b6b4ff5f030b2957691ad54793d67d21c1fc7c67809ac1b |
| SHA512 | 4d6e6211099df92d69b3c79852fb8ff1ae79442df773db0685141dd0224896294e969d35d855681ba647acd4bff27602e4457adb9703d7ab03f8a6de4881eb33 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2d5a652126be975598e2cb3850bb4804 |
| SHA1 | 241d6c2ad657e94ddb2a1774b50db81d58a866f6 |
| SHA256 | 8b42c3bcdd659d0f1cf314707c41e296988d58c54160ab5f49e3e9b222d3cc1c |
| SHA512 | 51b5beb6c36cb5d389aebadc0ffa72b90202b037c13f41fecba10b8dbd34a63555a0d1303ac9b0386aac1448017821f490452930d2d6615678d96847c35cbb7b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 26944658cfe250d0ee28d707a29a65e2 |
| SHA1 | e9c1bc71f787827521ada02e74862d01db42ba34 |
| SHA256 | 7a1bdb2271b5a93a7c6d0733deb14481d11bfc1d345b9624f3ed045205241f87 |
| SHA512 | 620e867c5c07c4eb02d5343d4674bd615a820bf24f969cc1d2658437e8921e33da0a5eb87595fa34e9136d11df47c5ae34026a1cf868a5e017c0ef164ed6ee97 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 57e2a44d38c52f6536d4714ef8a48394 |
| SHA1 | a50872a7a788c8d91f25f9e50c8abf57f220661f |
| SHA256 | fc39340f3a30485ebd0677a6c3476a393b040ec9ec4be93b89bd2c8ff2456f88 |
| SHA512 | 558297e606865956f6a90231dbc0218009ddd2d6ae59456f527a146a2df03438027a8744bfce46fb1468e1964b5819e3c86559766ce30a8b48910504b9932d81 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c77b9c71a81382ebdb8a2dbc752db319 |
| SHA1 | ab96216eda610040e7cf57bdbbcada3eeb1ca2a8 |
| SHA256 | 27092e51dc581bcbf759ee1745269973a219c4771b477a2e7e67d214c669b983 |
| SHA512 | 5816dabd8cae676f665efeb25c79941444e72093cda4f4d9036134ab0ecb10df17182f17974e2d80b3363fc81de95e333857b3801a33a6924a4dfcd9132a2729 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a2f95482f90722410eb0bb6188c98fb0 |
| SHA1 | 6a31afb7e0c5218e2301148ec1f6e5fe797df441 |
| SHA256 | 83b8c7adf7c1e14f49b107a789366f796dedfa4ad091e27ead6f052fed74e9b4 |
| SHA512 | 24643003f2fa61312e0b12cb02637ed774799a739dfdd3ea1eb25aee4aab9d4cef779545059c7dc7b16d2ec1a95e19a475f55bee66ac78795360ddda39be9c79 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5353d49d044e1fdf5922cfbf698267b6 |
| SHA1 | efc6261d098b3f0a3d732dcd7bf85f201bbaddd4 |
| SHA256 | 93856e6a40a4e427cad08e3b3568bedaea81ee00514210eb2ecd21228af3692b |
| SHA512 | e726e26994417f54a6420d14c8109f3cdd367bd5621f8c549acead69f423b8680f8c7c0cb92a9ee6a704b01d0b50343f20f0c2904d38ef2383b959aa3ee4645d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a5ebc40b584b2dfd119f4aed998495a6 |
| SHA1 | 6997efcb96ce16c9c27c5ebb09f17064b2de095a |
| SHA256 | 4703282d25e56ee7bb1226021bda488d126cbaf31af365c3b9d9c3a458e948a3 |
| SHA512 | 397e28d667c3106082286fb1dcd22b84f8dcad42ab74bea8581e93c3aa4a40ed0ec57a2b2834e0ec1ba555b672d541c47e9ae7af79bfd3a0ec381fe29280565f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7ff71f5e26491ad60f95bf244d63a365 |
| SHA1 | b073e29e18d6d75f0fbacd117e4348ccf28eeb45 |
| SHA256 | 9746f87eb37c9a09be449b9da2abd36394b77678fd15b161db76473e7dc8b226 |
| SHA512 | 718bdb210e7541dfce4ecfa7b3b8995b3fbb8facc578b7971225556d6fb5461b20803013abcb30a0e08d7fdf1ae8ef781261a825e45ac09254ae59d3dc9b5102 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b32eba9a31c33ab4fca0916d0909f58a |
| SHA1 | 913ff634873f6e544639a246144d294c7d3455ca |
| SHA256 | 5200770d77846bbde48547ca1ed748b3e08f38c7d4def6074d5725fbd39be27e |
| SHA512 | c823c5d352f9d8a0e009a4e336e621904ce6cda5b54c84056e293cca92da6c55e89ec2d85b03cf831f2cf8fde0c98b721ef07aeb4c14f552ee8c986abe7ca816 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5004007de60165148232aa50fe73eade |
| SHA1 | 3d1d667936f1f10e0d15acb89724b0f49faffb3f |
| SHA256 | 2acc21300270babaf417bebb9d19525a35bae4e8223f55dbee3b13596351c99c |
| SHA512 | 716a74e102de045329b9b277061aa1502d22d9702f9faeba64fbdb770b07fec8c9a0d8964a456b592a217601700cb44b309101a9d88a992441c339f535b40b44 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d8ba34995e7d738c682285c3792817bc |
| SHA1 | d69e6ab8c58f5332bb42368bb3311b0d3d5d89a0 |
| SHA256 | b80e5eb32b0d397c881a5fabab14a590d188b7c0ec53eacde3f6dc9f5d40811a |
| SHA512 | cf7417b2ba29d69468ca9854bbac24de25be5f431b5bcd43fdb4dbee32bb6a69a4646b0f9d54a1487eead598402d6012fd4de08a08e9d9e634da54c86f11ae1c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 701824633c55f9a793ab093b673e3160 |
| SHA1 | cfc7037c9b970cfbf87cf2280eb92ef7dfd449a0 |
| SHA256 | 877d8b51bfb4789f9dab3283b78e71eb5b265956fdd6b59af7b5328ce853d13e |
| SHA512 | 931c00b609b8d816f4239ac9f7837abda9c0d479c1a41a680261d54b72b25fe23598453054a1477b22598edcbf4907f486bfc56465bbbfc3d8d3f2bbf0adc2f4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 617beaece8bf566eb8a47d0e3af692a1 |
| SHA1 | 9f4dcb9228badfd0f04c622398ef7c6407a7cb82 |
| SHA256 | 334e55c9d11e97cb975513dc70a446bc1eef1c61055b95e976514624bafe972c |
| SHA512 | c7741d970176c64ebdef2d00a060766a69b01abc021c3f0f427547748db74cceb51b68e16bff8fecf2be987002c10bf834b8354298b67db530938b3247734eb7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | cbff4024c41ecfef6c6df518e417cf81 |
| SHA1 | 611af1ff8fea3bc6c137683dd5760329d89c819c |
| SHA256 | 26c8249b468c67cd23d153dd1215787944d1098250bd7d46180f83d0955cd56d |
| SHA512 | fb54a602c1c4f738fff0965e9337858686d92f411bec63dfc6d920e55f26f13a006089257e6968e7ebe8d969cc2f6da1e82979da0e745d71920529aff8bbf2c2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0b46bb94ba321250c87c09d0645e6ec5 |
| SHA1 | 9e6c4db05f544c9d465a287bcafb098cb8c4ec78 |
| SHA256 | 74e5bfb37f3075384d5664d0dd5fffb7235f59028f33331d7bcd2db667606b8a |
| SHA512 | b2dfcefad34caa9c4254ca64c04d0fb48473a6717ba3a8a4b2cd81a61c3a4f6ab41cd02d730ca8e6e287b0d08872b30c251353a0b592b03433c655de46a8f5fc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e1ff2c19486af7f54010a95d19ad0b39 |
| SHA1 | e876244d9d4ef18bb3b63892699fc434da184828 |
| SHA256 | 4c90e150ccaa3c492a68b06350f12cacaf9d8ed555a9f1426a95a79f228b8213 |
| SHA512 | f0390df077e008df9e64dcf836a05e688ddbb74ad956cf8fd8f5d608b026b61fd162e054cd2fffe747cf8ee994c040b1005e1c27f8b5518ff78c8ce835fb631d |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-10 04:13
Reported
2024-06-10 04:41
Platform
win10v2004-20240426-en
Max time kernel
149s
Max time network
150s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\9a60c1f067bede38ba935dac296bf5a2_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff82abe46f8,0x7ff82abe4708,0x7ff82abe4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2076,17278484621017232879,15087184977229304871,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2172 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2076,17278484621017232879,15087184977229304871,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2232 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2076,17278484621017232879,15087184977229304871,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2908 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,17278484621017232879,15087184977229304871,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,17278484621017232879,15087184977229304871,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,17278484621017232879,15087184977229304871,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4212 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,17278484621017232879,15087184977229304871,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4180 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,17278484621017232879,15087184977229304871,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4864 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,17278484621017232879,15087184977229304871,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5636 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2076,17278484621017232879,15087184977229304871,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6060 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2076,17278484621017232879,15087184977229304871,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6060 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,17278484621017232879,15087184977229304871,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4300 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,17278484621017232879,15087184977229304871,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6076 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,17278484621017232879,15087184977229304871,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5496 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,17278484621017232879,15087184977229304871,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6096 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,17278484621017232879,15087184977229304871,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6372 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2076,17278484621017232879,15087184977229304871,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5040 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | ad.about.co.kr | udp |
| KR | 116.120.4.216:80 | ad.about.co.kr | tcp |
| US | 8.8.8.8:53 | 149.220.183.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| KR | 116.120.4.216:80 | ad.about.co.kr | tcp |
| KR | 116.120.4.216:80 | ad.about.co.kr | tcp |
| KR | 116.120.4.216:80 | ad.about.co.kr | tcp |
| KR | 116.120.4.216:80 | ad.about.co.kr | tcp |
| KR | 116.120.4.216:80 | ad.about.co.kr | tcp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 216.4.120.116.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.ednplus.com | udp |
| US | 8.8.8.8:53 | adapi.about.co.kr | udp |
| US | 8.8.8.8:53 | www.ednplus.co.kr | udp |
| KR | 183.111.131.73:443 | adapi.about.co.kr | tcp |
| KR | 183.111.131.73:443 | adapi.about.co.kr | tcp |
| US | 8.8.8.8:53 | 73.131.111.183.in-addr.arpa | udp |
| US | 8.8.8.8:53 | adex.ednplus.com | udp |
| KR | 52.79.97.227:80 | adex.ednplus.com | tcp |
| KR | 52.79.97.227:80 | adex.ednplus.com | tcp |
| KR | 52.79.97.227:443 | adex.ednplus.com | tcp |
| US | 8.8.8.8:53 | 227.97.79.52.in-addr.arpa | udp |
| KR | 52.79.97.227:443 | adex.ednplus.com | tcp |
| US | 8.8.8.8:53 | cdn-aitg.widerplanet.com | udp |
| CZ | 23.73.140.62:443 | cdn-aitg.widerplanet.com | tcp |
| US | 8.8.8.8:53 | ax-tg.widerplanet.com | udp |
| KR | 103.105.159.73:443 | ax-tg.widerplanet.com | tcp |
| KR | 103.105.159.73:443 | ax-tg.widerplanet.com | tcp |
| US | 8.8.8.8:53 | astg.widerplanet.com | udp |
| KR | 103.105.156.229:443 | astg.widerplanet.com | tcp |
| KR | 103.105.156.229:443 | astg.widerplanet.com | tcp |
| US | 8.8.8.8:53 | 62.140.73.23.in-addr.arpa | udp |
| KR | 103.105.159.73:443 | ax-tg.widerplanet.com | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| KR | 103.105.159.73:443 | ax-tg.widerplanet.com | tcp |
| US | 8.8.8.8:53 | 73.159.105.103.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 229.156.105.103.in-addr.arpa | udp |
| KR | 116.120.4.216:443 | ad.about.co.kr | tcp |
| KR | 116.120.4.216:443 | ad.about.co.kr | tcp |
| US | 8.8.8.8:53 | img.iacstatic.co.kr | udp |
| US | 8.8.8.8:53 | 228.249.119.40.in-addr.arpa | udp |
| GB | 163.171.129.134:443 | img.iacstatic.co.kr | tcp |
| US | 8.8.8.8:53 | 134.129.171.163.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 103.169.127.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 8b167567021ccb1a9fdf073fa9112ef0 |
| SHA1 | 3baf293fbfaa7c1e7cdacb5f2975737f4ef69898 |
| SHA256 | 26764cedf35f118b55f30b3a36e0693f9f38290a5b2b6b8b83a00e990ae18513 |
| SHA512 | 726098001ef1acf1dd154a658752fa27dea32bca8fbb66395c142cb666102e71632adbad1b7e2f717071cd3e3af3867471932a71707f2ae97b989f4be468ab54 |
\??\pipe\LOCAL\crashpad_5032_CJXYAOWNRLXGOFWY
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 537815e7cc5c694912ac0308147852e4 |
| SHA1 | 2ccdd9d9dc637db5462fe8119c0df261146c363c |
| SHA256 | b4b69d099507d88abdeff4835e06cc6711e1c47464c963d013cef0a278e52d4f |
| SHA512 | 63969a69af057235dbdecddc483ef5ce0058673179a3580c5aa12938c9501513cdb72dd703a06fa7d4fc08d074f17528283338c795334398497c771ecbd1350a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | e4cdb4e76e6f5e840a3d21ed1f2fb020 |
| SHA1 | d886bd1ea15c182ae46145c8cf531a21a2448dd4 |
| SHA256 | a75ce9b6ef51c8abca29f51a44dd6db14355afb3c29c90b361bbf6b0e1bb62ce |
| SHA512 | c212e112567efe982b0aa29f2391dda39de77b872248bf89542631d6494bc635b9bfb55f1c21b0f4c0b87d1465ae78186eff1118e512a0fb25aaa290ad4aff67 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 206702161f94c5cd39fadd03f4014d98 |
| SHA1 | bd8bfc144fb5326d21bd1531523d9fb50e1b600a |
| SHA256 | 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167 |
| SHA512 | 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | c0bf6466af6e10001716dff0bc1e5fd6 |
| SHA1 | 81f7edc1d0ffdbc38859ba3bce06d77d511e4cd9 |
| SHA256 | 7a95392cbac6109f36ed4e8b56b955fb1880ba9e3067749623a08d115e370e1d |
| SHA512 | 610bd18f026c67eb1032396f0cc086487670912b8215ee04835619a3db4b8dc8c37f3a5b534c223fc338586cebe4b564a3e5e38d1407d881af8828bec346d29e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | a483cbda6250d0ab2dc5c0306db0c5e8 |
| SHA1 | d728b7b89892023f08357a4e85e1948e4ed28d7c |
| SHA256 | 7194c991b343b411107d1593ecbc64bb028ffa6aee01fd0c126b573cc4a0a2f6 |
| SHA512 | 904f325f7d8ca4d1dc409e96a2e1e936f9ac77645cb026cb36d73ddebdcd7ff233e78be0b62cd41e566e95a54eaeb86d1aeee5ba4e03d20e9bff20b2563eb22c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 807419ca9a4734feaf8d8563a003b048 |
| SHA1 | a723c7d60a65886ffa068711f1e900ccc85922a6 |
| SHA256 | aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631 |
| SHA512 | f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 145fe9cc8d21af28a9be234521d0a2eb |
| SHA1 | e5ac2870750e3004bb9fa057f46dad62d9a9f83b |
| SHA256 | e9792e6252397a129d40e32923a4603761f0c8c5b09725d03f0f1a70609599bb |
| SHA512 | d2edc045a172d33d12e987185deffed3a7b7cd876c23692ff1cd8a65fedde1752a19247dc6597d44dcf4356904aa9160cdd66e4453d32490c73d9ac1235db272 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | c98947c4622ac483024c07ce8f2af58b |
| SHA1 | 827e7fa86b8eec7c7e28ce8b70a671eed2f2f322 |
| SHA256 | dd1b55bd8cce06bc98a09b7ff2ba4d5a6f5f493e96504595531f2d529c9732d0 |
| SHA512 | f4d9809aee326b31302b630b69eb9809fcdbecf330cb3dc53294c376557a98c0af7a20da8416d3053bcc553bdecfbff9e0332db07de1f43c6e65f1f539192cd1 |