Analysis Overview
SHA256
c600717d11c4923856c7fc3b8fea9bd51d8c007521561b5ce3cfa5eb37b82761
Threat Level: No (potentially) malicious behavior was detected
The file a12adb900d18586c33333be6e5ff5210_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Modifies Internet Explorer settings
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Enumerates system info in registry
Suspicious behavior: EnumeratesProcesses
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-12 15:32
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-12 15:32
Reported
2024-06-12 15:35
Platform
win7-20240611-en
Max time kernel
122s
Max time network
122s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{FEAD8521-28D0-11EF-B6C6-7E1039193522} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000006fb3d087c4ee9c4bb22550fd83a03905000000000200000000001066000000010000200000007bfac94ea8de764e8e44c5a59a48fee0951bf97a21b45f72f696f6721b5f6b13000000000e80000000020000200000001e189cedc16f1d657e62fa9747b68f514bc88bb7ae699fef1f7851af46703dc2900000005f6f5fa78a35c8a5e58a2e429a138889044f58bd32c2d961977805fc1901796123895aad0e9d9ceff3e3e28837fd98ce6739da11925b61e700b0f8db3855caadbf5458cf2a5c7d581da2c71b150bbe6ac5dd5056b3b6de91b0df425d8efa9bbf022eb75ec5d17ff60a0eb766e491cbf83f3136bea527e779ca3072f6135d3b8a7c0a3c275de918ea95bc4df2dbfac3a64000000053ab3e1d7b98d53eb368ca1af183d4d0d3f4c8252ae60f26a1ecd65646cbd07bc1e189233e340004745d4d1b81dda53ebd442740838b9e9b47e948f0b516ef7c | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\MINIE | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424368224" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\MINIE\TabBandWidth = "500" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 8050e8d4ddbcda01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000006fb3d087c4ee9c4bb22550fd83a0390500000000020000000000106600000001000020000000fa8c506b045f0cb08c6610de2cbef87823074efc4b68b7e7c1b1860879c20c16000000000e8000000002000020000000c0fc28ba1689bf2ff41786854505b6ff1b45ea247855c71ac58b99d5b6a7e8ea20000000cb4092a1072d53b51f16abcee7e7705c3dcdac66bc55c337b1115452ac49832e400000001c9607d1377b347507b80453a5e82ada60fec43bd47b043308d3ac3fccac6094fc9a75599a794313317fe39825710cfc8c0cd06e2ebfe12d3936071e15498d74 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 1732 wrote to memory of 3020 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1732 wrote to memory of 3020 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1732 wrote to memory of 3020 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1732 wrote to memory of 3020 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a12adb900d18586c33333be6e5ff5210_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1732 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | flossinseconds.com | udp |
| US | 172.67.223.226:80 | flossinseconds.com | tcp |
| US | 172.67.223.226:80 | flossinseconds.com | tcp |
| US | 172.67.223.226:80 | flossinseconds.com | tcp |
| US | 172.67.223.226:80 | flossinseconds.com | tcp |
| US | 172.67.223.226:80 | flossinseconds.com | tcp |
| US | 172.67.223.226:80 | flossinseconds.com | tcp |
| US | 172.67.223.226:443 | flossinseconds.com | tcp |
| US | 172.67.223.226:443 | flossinseconds.com | tcp |
| US | 172.67.223.226:443 | flossinseconds.com | tcp |
| US | 172.67.223.226:443 | flossinseconds.com | tcp |
| US | 172.67.223.226:443 | flossinseconds.com | tcp |
| US | 172.67.223.226:443 | flossinseconds.com | tcp |
| US | 172.67.223.226:80 | flossinseconds.com | tcp |
| US | 8.8.8.8:53 | www.flossinseconds.com | udp |
| US | 13.224.189.109:443 | www.flossinseconds.com | tcp |
| US | 13.224.189.109:443 | www.flossinseconds.com | tcp |
| US | 13.224.189.109:443 | www.flossinseconds.com | tcp |
| US | 13.224.189.109:443 | www.flossinseconds.com | tcp |
| US | 13.224.189.109:443 | www.flossinseconds.com | tcp |
| US | 13.224.189.109:443 | www.flossinseconds.com | tcp |
| US | 13.224.189.109:443 | www.flossinseconds.com | tcp |
| US | 13.224.189.109:443 | www.flossinseconds.com | tcp |
| US | 13.224.189.109:443 | www.flossinseconds.com | tcp |
| US | 8.8.8.8:53 | ocsp.r2m02.amazontrust.com | udp |
| US | 8.8.8.8:53 | ocsp.r2m02.amazontrust.com | udp |
| US | 8.8.8.8:53 | ocsp.r2m02.amazontrust.com | udp |
| US | 8.8.8.8:53 | ocsp.r2m02.amazontrust.com | udp |
| US | 8.8.8.8:53 | ocsp.r2m02.amazontrust.com | udp |
| DE | 18.245.65.219:80 | ocsp.r2m02.amazontrust.com | tcp |
| US | 13.224.191.223:80 | ocsp.r2m02.amazontrust.com | tcp |
| DE | 18.245.65.219:80 | ocsp.r2m02.amazontrust.com | tcp |
| US | 13.224.191.223:80 | ocsp.r2m02.amazontrust.com | tcp |
| DE | 18.245.65.219:80 | ocsp.r2m02.amazontrust.com | tcp |
| DE | 18.245.65.219:80 | ocsp.r2m02.amazontrust.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\M0DW1CQS\jquery[1].htm
| MD5 | 0104c301c5e02bd6148b8703d19b3a73 |
| SHA1 | 7436e0b4b1f8c222c38069890b75fa2baf9ca620 |
| SHA256 | 446a6087825fa73eadb045e5a2e9e2adf7df241b571228187728191d961dda1f |
| SHA512 | 84427b656a6234a651a6d8285c103645b861a18a6c5af4abb5cb4f3beb5a4f0df4a74603a0896c7608790fbb886dc40508e92d5709f44dca05dd46c8316d15bf |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
| MD5 | 660b6e28b38ebe7e521064e60113fffc |
| SHA1 | f2c25e9f931876bf6834191ec5b409f47f869129 |
| SHA256 | 3e203426c4aa1403e940966905320c612ce4006cc87e03eb64058eaf6d402433 |
| SHA512 | 96868e652d5e0c25b4d0f0ada20d345115f0c6fda26d3cab724c0c1867386d2dcedc408c51f776b7e019ce2e22755017d99bf663cdd9fd0d88b26182c6434bcc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
| MD5 | 6c739df6763e24f60a039560cb145491 |
| SHA1 | d0bc26bba42a45ff496830727f428a0ef9bec512 |
| SHA256 | e2b7a302c8ae2ae81e7ef4d0c205f08f58c1bada02dbeaf53cbc33faf5807f2f |
| SHA512 | cf790165bf07bf66fc1fa1c26c5fe0b43b0422bb334dd3593bfeae7afb761df84f29567cc58de9667cce518812061cc32507472cc6853b22a84ce76560ba93eb |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_F2DAF19C1F776537105D08FC8D978464
| MD5 | 8202a1cd02e7d69597995cabbe881a12 |
| SHA1 | 8858d9d934b7aa9330ee73de6c476acf19929ff6 |
| SHA256 | 58f381c3a0a0ace6321da22e40bd44a597bd98b9c9390ab9258426b5cf75a7a5 |
| SHA512 | 97ba9fceab995d4bef706f8deef99e06862999734ebe6a05832c710104479c6337cbf0a76e1c1e0f91566a61334dc100d837dfd049e20da765fe49def684f9c9 |
C:\Users\Admin\AppData\Local\Temp\Cab1113.tmp
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 75aa0f77d628aa13ddd8ef04c457cc6d |
| SHA1 | 7344928ea97b1a4af84e5582436d3992809eab42 |
| SHA256 | 0cb5de4cbb79b24f8622c43c0b23565acd5751a7e020f83c9f751df9c7d22577 |
| SHA512 | 1600acd5735c92db3cf8ec0375a2d2caec835320cc684319680479e2b5821ec463b8bf12b31d0e157eb4ef180026690ce531ed24e425ec7391e169906360a366 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\070E0202839D9D67350CD2613E78E416
| MD5 | 55540a230bdab55187a841cfe1aa1545 |
| SHA1 | 363e4734f757bdeb89868efe94907774a327695e |
| SHA256 | d73494e3446b02167573b3cde3ae1c8584ac26e15e45ac3ec0326708425d90fb |
| SHA512 | c899cb1d31d3214fd9dc8626a55e40580d3b2224bf34310c2abd85d0f63e2dedaeae57832f048c2f500cb2cbf83683fcb14139af3f0b5251606076cdb4689c54 |
C:\Users\Admin\AppData\Local\Temp\Tar1117.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1136e4869b82777c56024779197781af |
| SHA1 | a58de455ba4ac964838cac37ca4b4cb2e8b44a47 |
| SHA256 | 41990578c7695c7111e90545847c18144cbfa6aecd7f0d15da8c9da2be73c490 |
| SHA512 | e7347ad5736bfd00759c83f5b6b6551016379d0b1ea805f4d5be12af0aa40f76dbd47c8124dcb349b2480dacbe74095285cfe619bd05482073792c1cf7c9f25f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | bfca12a6daddeba34de0165b6e09852c |
| SHA1 | 3e9ec01cc1ae8a956fbacbc9ccf0117993f240ed |
| SHA256 | bf4fc5345db25edd502c9e084e960c0c52683e9a7665068f469d9ea13c5898ff |
| SHA512 | 755e80624417eb60845f584748170f527e30702a6ca464bf7b06b3fc456bfd7193fd78e735d01a2505e7e3879b0a2737ae5412c91940f12b5e2f4d5c27fd1192 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\070E0202839D9D67350CD2613E78E416
| MD5 | 1e3e60b89261e74f38dbd392e9ce1779 |
| SHA1 | f54b83b7ef12c908baece723fc80d9f0829a3140 |
| SHA256 | 8dadcc7fcb280f2c37f11e4ee66ec5a2e48234d9cf0a5784919b3d88b8ad852d |
| SHA512 | ff37c82047c9ab31b0e7b695905414389b7d3942638138c06478f9ad9a0e86ff631db27295e996e7f1b93436fa67546e287479a800fb52fd60fe86a35d267b06 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e091871d5b44abab1dba2f4eeb222ee1 |
| SHA1 | 1c2407b6bfc628d2aaf0c80428be23ef58279025 |
| SHA256 | 48d4f3702325ea28a562372e7f08369ad24b4b7f833a7ec267d5fb1d893f94be |
| SHA512 | 3c8dca20b36ada492c7ecaf76a12d2d715aaff1d56680550a0a00c521ecb5b34dfb3e2b08b78a99efdbd2485f63c69686343e7fa50aa76a2839f64e1a639c088 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c43e590076e7e327609f641c862aac3f |
| SHA1 | 02fbc8cbf163e86f63c7c9f78d2bac8e8f606456 |
| SHA256 | f6b4f9106e6ee67ea6fa1515a7b11524a424634c7851456046d62159bbff5648 |
| SHA512 | 01b7808ef76b5e9f52b3052e9ecb5e98d40bf6b8ae2e67c5b5adea6e191074f3501d441536955048060f1f2de340ecbaacdd838b9ef7452adb0eca165fd13838 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ad03ad60019936690a28a9c23d4d7991 |
| SHA1 | 83a01138b2488f26ff725589950cd0946dd9a8e0 |
| SHA256 | 49b8872b250a9e96d04b49f37a87c2cccc7a61db95f283df3b0823509dd4d38d |
| SHA512 | ac9531f5187a641a3664ff3b100e0f4e743e8167b41e58b5363e2754f217adc8f525f0338811664a46b729d996d20a02cd97330494ae4a7a2fb5bcbc452bf821 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B66240B0F6C84BD4857ABA60CF5CE4A0_5043E0F5DF723415C9EECC201C838A62
| MD5 | 79a72d1f0d3aedb0a047c06d095ba5d0 |
| SHA1 | fdd4b89ae4c9dac4ff2472a2295af868f769952b |
| SHA256 | 2c2f77e5d5974d00dc146b5ac76a72a80548a9d53d7fa840d2d8681cee0805fa |
| SHA512 | 4e51f1073aeaa731d2cde6f7b069b7f8586acb0d32b0e649ca646eca487ee86db8b1d8a748afb9a242ecbcee5500c7073ee43cb807e6fb2dc814e4943e8d5598 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B66240B0F6C84BD4857ABA60CF5CE4A0_5043E0F5DF723415C9EECC201C838A62
| MD5 | 1da6b6d318bb8414b1f5bbadd316d8b1 |
| SHA1 | 1c040ffedd041c00f41202d61e26eac2dcb0cced |
| SHA256 | a08a86cae288ad8a1a0323f2c7fe6b01f2c6171674142061f94a2fbf35324406 |
| SHA512 | edc866f1d9a7d7e6908ba3e8cc10c63b1e98666ce56f1fd804cd6e8a311f3f44938d11dbf0b074766ed9092a46039a1c420ae0e3e485f8c118e68f615764b47a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\BAD725C80F9E10846F35D039A996E4A8_88B6AE015495C1ECC395D19C1DD02894
| MD5 | 05ecc8e0012f82f389f62b4fa3697c19 |
| SHA1 | 22d520ef7e3a8824225873e36f41b49cbcce537f |
| SHA256 | e5779dd1efd6d6ad5e7097c0523d46b2155e286d1ecf6203c361772815b885ce |
| SHA512 | 003b82ba80957054dc3b24449f5368b082752c38a3bae56f898636c652105bdbc7216d430e15a4fc8b575ddeea422c74133c14cb9be9b13bb76faf59f0180e04 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\BAD725C80F9E10846F35D039A996E4A8_88B6AE015495C1ECC395D19C1DD02894
| MD5 | c943e2dc1db16da5f3053f3a4bc0ac07 |
| SHA1 | d4bd6451094e0e249a34e5a8081f26a9b9992d9e |
| SHA256 | 4e782835233a6a873647ad276a6e904f022b34b3aa7a600b6c502546cc185137 |
| SHA512 | 4250a90b32808dfcc95146b2aba4432c12ea823f64514892477f90ec002a2f7bab1d7995ad3495e666fb623bea70f6671968901901a923d4f7903a09f72d0d28 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\75CA58072B9926F763A91F0CC2798706_056B48C93C4964C2E64C0A8958238656
| MD5 | d74f3c9160e03afc74cb95f0f4516d5a |
| SHA1 | 493ec1ee3d3fae963004fb8f3289cd619882037e |
| SHA256 | 0cbd7ab3372f501495921aa955249053515d2deca259fc4ee5767117bc1e7b55 |
| SHA512 | 0b2bb2780bffdff192bd1c0ab066b93842a853df13fe1c619c9536ad51289bb1c9133e356fdf466d8c47fcb47cc913cced4d0bc02beb425f9cfeac9f7e238281 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F53EB4E574DE32C870452087D92DBEBB_AA132B4E2AD030352FE6431CFE54063C
| MD5 | 43d6fbfc30399f449ce4c251858b2215 |
| SHA1 | 4ef92b6454e8f2ffb0145b67b82c1965ae190c77 |
| SHA256 | 8bba3029112fb539b8ec9cb63accef5a5602b73fbcf8efae088151d5612d8614 |
| SHA512 | 501da082a3041c4e2b59ca79d0f3cd820a503376b3b10483922e9655b16ce093137d9a118d0f94d61319eeaf78f58e2a7cd95da37ac996a34cc52448648f062c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 46891b17fa85e959f380949d5443ba8e |
| SHA1 | efaa438621ab7d727d6bf330d9aea74bec34a593 |
| SHA256 | 29d375c0ea0b3f245c7c75f47c15f471e751f1376b8374c186791b8cfad93190 |
| SHA512 | 3694565e1e539b2a46d7cfba38e8a390d691ed0a20d2c86e91d40bc05f28c32cfa2daec7644557d7795116bb9f344bc2f322378b4673e1eb00487ca80420e916 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c02f7132a7cd040b7b7acd37d44dbee5 |
| SHA1 | 9c5b4a04d3363e384b70800912aa60bbad371e00 |
| SHA256 | d64077244b5447404cc58329619a89c646a7ad26eda2c182eb6019904d795efc |
| SHA512 | ce6eaaa6bf52e2d02b1f866ccb3fbb8ff94a062c63c545dcfc88468762dc064a8d83fe07ee246ebb7f6c27fe8cdc8397213188741c8e1102b08af8a5534188e2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ca1ce0f0efc5ee1932dc67d373fcbe12 |
| SHA1 | 22d3e6caf75280efcffc47a33732bf8c83d1ef64 |
| SHA256 | 66c37fe31519ad7debf75da12edb26f065870ccab1eac02f61ab8942a84f74f5 |
| SHA512 | e718e364bbcc3935538fd80f70457c5270e40649c6890953ad122a976f11aaec01b96085bf16be6ee93f1be1419fb09137caed94480dd06ea32725e1a11204f5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d651b57733bc6f3925bb34aa23472b5a |
| SHA1 | 92c93a49ae80f861418fa90e3afb59d803317a11 |
| SHA256 | bffd6c1fb5753001ac57c990994107b93b12d97248c5555d3ddf79ac4a275ef1 |
| SHA512 | bb096157a3d1c830e1dee67b8bf45215a472c340015206f4043521f8399358c1f16370c10c15d9050d4d4887783e2b9f11d768c47a7b0ad5aa5e72680f380940 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 42e89f8cb5113d5759ebb27ee2dd447e |
| SHA1 | 1872b600164060f5bfc5da20bbf0307b18b63c3f |
| SHA256 | 9368bba5430611f7b36206a3ef08f440ebe2c83de6e9b5dd13a0d0aa07b7496d |
| SHA512 | fec9a8c9813ea98d600e23435c4ee3b3af7b3582623ad6f491d3f06e36c6a888e6b5a8320e6c4ba0ebc6dcfe78fa2f70d982a05581a433a4cfc5dfbc1bf49283 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 28c6dbb339445a6f587ae20461b87686 |
| SHA1 | b585ef41308ad1ca168af849e68a47f807dff18a |
| SHA256 | 4d30965a72edfd46867366c8712792f7c361d35e83dacee85108f4db8a26d467 |
| SHA512 | d2e667c5ac5c3caa35dd1172bad2542a611174390479d98f68bbe49e5f553306242eb0b5ed7987b7497731d964667385e4a0fd96fa1dafee5c04f38e47aa79c3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ee301bbfd3149bb80fa3dd0bbfdb16fd |
| SHA1 | 4ac38ef0e0ef4734bc9eae927aef87e2c32e4651 |
| SHA256 | 3ff9b0e5de3c123f8d91c86e846c8fed866bf0a0c83976ef76705e044d1ea79a |
| SHA512 | cb540925f237bb0948528b7be406fe2c28926c7aff74957e12be915b11426b94ad4744100843615654b847775ca353dc4b9033b0f7d5e37ef1f63bb2006c9a77 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9dc07d052f58b4b4c7b2a5a87f25099f |
| SHA1 | 2fa15d7b1324ded975849da5bc16b44ebe8d50b7 |
| SHA256 | 86a87071e9f52c6b5d7bbd7e3e4ac21882c3cafc9aefa9697232d3e164f90149 |
| SHA512 | e1ea76c7bd420bd452c81a884b3bd984bab87b0ae5e475d3488af034fa7e6f306cb5cf1d03a53c0d4f8baede116ee1ffc8d211aabae35dc35d78a72cd2227637 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 11563a671567e6f4abaaeb9a8b3950d3 |
| SHA1 | 4c6ac3f5992a5888e1e3e47ce0efbeb1797609b1 |
| SHA256 | 9731b0babad97006e82a9ff87010e685bbb4f5d02a2af849cf68a2815a5d2b61 |
| SHA512 | 1519dac0f1ca8516988efac0759eb7f5e9c448d568d4601acccc6cea2de5934fb839b76f8a94eb6373f9453b1fc106a53fa69e605e4f6abc7c7cc273519ab205 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | eb6dbdce14723d4279ff983f9aff616f |
| SHA1 | b5d0b006eb9866ad4f84ef9bad219cce5602ee05 |
| SHA256 | 8c95544b9536036d5c56e6fbd431eb9f205749f8edccb973827bc3f986598100 |
| SHA512 | aa5378f46f888563ddd4916766434d6fdc1b8b3e470d0774f13e649609bdb9f1d6187379f04d755349e426b69f2c0778c7217d61f4cb7abe4b188ee9a0ad3833 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 770a1cd018a25a09d4875f86128448d8 |
| SHA1 | a67b3777e3c365d0a166f4ea65e72edcb9182831 |
| SHA256 | 28dc2abf56f3f9c611612e14c5dea5c5170eef9009ccf5c93ac651e970cb44d1 |
| SHA512 | 78477b7d68151ed71c9954758457fba999680eebb98b37739b59fcd854dca1392281f4a523b3f82618e0976ae0808bcc6c2a09898b67d1d5f2868025f83a844b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4ea37feb1174b56287186bb13f267191 |
| SHA1 | 5475cb30f7260ed0ef2f0b97e3ff1b9f1aa4f50e |
| SHA256 | a8acb874b20a6b82a244f24ddf2e8021a2a7fa184c94a24a2f2ee71149e8c526 |
| SHA512 | d812b29e93b9e0f67923b039378638fd2ea1d7ea8e5e30d7d9660d437b95366156d3fb19ef63538a6893aeaec7f6b16d716e872d6f7afe1602ef83b6d7e88c29 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b8c5f18b1f8db243304af4cc4ccc8902 |
| SHA1 | b5433ee20b5d45a19fd0d1aef78ca5f759746382 |
| SHA256 | 2d9410cb0021e3608d0e29fc2faffaeec35d6839f00ce4c05800e107c3735250 |
| SHA512 | 67d3b73173e78e31889cc3a3d11ed792d17760198f7c2330cb361d33dcc20d008db2b63f3436e1fba1d57326d13cc02b69a47fb0ab70747d61bb97a7b744745d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | bc946c75d7508dd1bb79f395ffae4cc0 |
| SHA1 | e1a8f5cea702979c836dc343d44ad7266f812699 |
| SHA256 | fd366d04337d136d699edc331983316a33affc55dd76002d4976b4edc5c26d9d |
| SHA512 | b2e95e17f790e7aeaf0325aa8287b4bd7f8ace85641a21d71299d65e241cf3541688e65065fd084972b3e4b954d4e9dc31ec0170a6068492de10dcd381a41b71 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a1259cb5515b540970fe883cd206b244 |
| SHA1 | 747dd61086b21dd2a85c25d2596ff6ff90dfbaa2 |
| SHA256 | 278fd9b1a2829f09ea1bc919b455437bfcf4ea850dd89bbd0748ebf9b69d62e5 |
| SHA512 | d6442f06dfba92bf37f422785188c4545e8a3594488ff69d87e65130fc156fb765d7d96ef6d8e7affc076412a923e9589a1248e196d08b9e27f7d07702d21fdd |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6437fe25cf57a3c54603a338af95b663 |
| SHA1 | dbc619a89a2f6d45f217994c252185a68a3a7007 |
| SHA256 | e3cadd9978c32ae843e5b8295d6e16cc99d0eed1f8b6304fc56b8313e2b35876 |
| SHA512 | 046be3ca4ceab604de7f03cddeae6f84014ef3909e490a5f915ac40d5530a5598e511086f66ae6259ca1c5c5bf0992db25b3b68fe49477be90963e1346299d66 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d56024ecc814cfd0c600c087fa400833 |
| SHA1 | 575995cb4ea4196640da938fc81b0dda12a82d88 |
| SHA256 | cc82b5a7ede041ed494920266f55c3937504c6485d11ad423bc1851a24a320f8 |
| SHA512 | 183ad7e1086d082bece3d22c02cb297942926faca77fc7c75f0614ebb1caa53c206c3eae540c9a8927630f74eb26d3fc0ea5221715fd7e46443879e410fff4be |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-12 15:32
Reported
2024-06-12 15:35
Platform
win10v2004-20240611-en
Max time kernel
100s
Max time network
101s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a12adb900d18586c33333be6e5ff5210_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fffe33b46f8,0x7fffe33b4708,0x7fffe33b4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2036,14654220113476881445,11270917631070534518,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2060 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2036,14654220113476881445,11270917631070534518,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2592 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2036,14654220113476881445,11270917631070534518,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2896 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,14654220113476881445,11270917631070534518,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3316 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,14654220113476881445,11270917631070534518,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3364 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2036,14654220113476881445,11270917631070534518,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5176 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2036,14654220113476881445,11270917631070534518,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5176 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,14654220113476881445,11270917631070534518,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5380 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,14654220113476881445,11270917631070534518,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5332 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,14654220113476881445,11270917631070534518,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5484 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,14654220113476881445,11270917631070534518,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5552 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,14654220113476881445,11270917631070534518,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5300 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,14654220113476881445,11270917631070534518,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3780 /prefetch:1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | s.w.org | udp |
| US | 8.8.8.8:53 | flossinseconds.com | udp |
| US | 104.21.46.54:80 | flossinseconds.com | tcp |
| US | 104.21.46.54:80 | flossinseconds.com | tcp |
| US | 104.21.46.54:80 | flossinseconds.com | tcp |
| US | 104.21.46.54:443 | flossinseconds.com | tcp |
| US | 104.21.46.54:443 | flossinseconds.com | tcp |
| US | 104.21.46.54:443 | flossinseconds.com | tcp |
| US | 8.8.8.8:53 | 54.46.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 99.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 74.204.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 71.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.flossinseconds.com | udp |
| US | 13.224.189.106:443 | www.flossinseconds.com | tcp |
| US | 13.224.189.106:443 | www.flossinseconds.com | tcp |
| US | 13.224.189.106:443 | www.flossinseconds.com | tcp |
| US | 8.8.8.8:53 | 106.189.224.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 57.169.31.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 37.82.161.3.in-addr.arpa | udp |
| US | 104.21.46.54:80 | flossinseconds.com | tcp |
| US | 104.21.46.54:80 | flossinseconds.com | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 26.165.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.39.242.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 161.83.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 98.83.221.88.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | b4a74bc775caf3de7fc9cde3c30ce482 |
| SHA1 | c6ed3161390e5493f71182a6cb98d51c9063775d |
| SHA256 | dfad4e020a946f85523604816a0a9781091ee4669c870db2cabab027f8b6f280 |
| SHA512 | 55578e254444a645f455ea38480c9e02599ebf9522c32aca50ff37aad33976db30e663d35ebe31ff0ecafb4007362261716f756b3a0d67ac3937ca62ff10e25f |
\??\pipe\LOCAL\crashpad_4836_VXTNRSXNLIJSMKVA
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | c5abc082d9d9307e797b7e89a2f755f4 |
| SHA1 | 54c442690a8727f1d3453b6452198d3ec4ec13df |
| SHA256 | a055d69c6aba59e97e632d118b7960a5fdfbe35cfdfaa0de14f194fc6f874716 |
| SHA512 | ad765cddbf89472988de5356db5e0ee254ca3475491c6034fba1897c373702ab7cfa4bd21662ab862eebb48a757c3eb86b1f8ed58629751f71863822a59cd26c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 18a866b8851af460f97e554d5d5ffaf2 |
| SHA1 | 9c19369e833810fc36c25b2064f26fe3c42c06e5 |
| SHA256 | ded27fe83bca234a247f9708414103370cd15e2f6db7d74dffcc024d638ab914 |
| SHA512 | 209765b42efdb07b61a00736eea9a9fa61ff9423a7b3a934d32518c466c2f15cd1fe2c93e22b15c156c1e2500124947182470fc4250994939137e077e30d60ba |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 206702161f94c5cd39fadd03f4014d98 |
| SHA1 | bd8bfc144fb5326d21bd1531523d9fb50e1b600a |
| SHA256 | 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167 |
| SHA512 | 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 69ea4c2a56565f984b9a40f3ed48a1eb |
| SHA1 | 0759b962d021dc1d55ffe49da6e3baca9e404b88 |
| SHA256 | 70ffa3445216702906bded78c39ce8f824d6ac44778d3b2a2ff50bece8459360 |
| SHA512 | 334fae60a32918582396e4fa79ca58b866e3bfbb0e0ee3c30165ef69c7f10ab297c8949e67bf7c14a3dccb869701c994d34b514e5a9ca85ccbb633cdf1eafd5e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | ab643b32edd681816fbc407584675009 |
| SHA1 | 989c26d9eb5f635c31775e422a010ae26f55e0ce |
| SHA256 | 92ed827f7beb367d6e4d6816574f586539ddbd6559d0e511eedddd2e55285782 |
| SHA512 | d0c875c6575b7bf7789b85a1a7a65b359c4a7d9675947ceefa10ac22bfdb1c0569d091b3a1727f2454bd2f9187126d2af9e2cb8d8e32283ff318fa616a31bfb5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\c06a725b-c7ec-4399-ab21-71b726d1d6b4.tmp
| MD5 | e8cd4d9bbeeb1b52e4a71f59a2f685da |
| SHA1 | 5676b2a6902f2449e59026a2a9364b5833689a5e |
| SHA256 | 51a8c35f5fbe1cc689c9d09179de03d507c4cb9de2e63c817ea24fd73e08b4e8 |
| SHA512 | 285d1772a7a9abbe9a667eb229c8f7b16766b72a02bc219287c24ff91a97ad37af274779ebf29e7f475bdaac948beb38656364c1c0b9a3075caa006ce784175c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | db3a05f49e8408fcc0fb4b3db0a9fff9 |
| SHA1 | 9c64474c71bda72c831992c5053d809c1147b9ed |
| SHA256 | 26f1cf0ab6c3681519389755d94918a2c5f557e2e795ae07cf79a1f63830c50d |
| SHA512 | 4b306f99d05826a485db1f7660d5a00958f0f5d3cae0a73e47a8c32513de61ae53cfcc6321c0018910d0fb5b3ade874e50c4546181f7f43d26de6a9022cf9092 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 338f5e6f977da67457d929eb78f17f57 |
| SHA1 | 415a8752c453e46f2bf57cc907f242c112b9a452 |
| SHA256 | 0070791631a3ac8217a236dee24a951d66c3f443b69549c4cc7ebd3373784fd1 |
| SHA512 | f5d6d2d3ee1c864390a9815b844f157bfe2c6fdf18cde5236016a81b6178c9b34586c9873d58adb678950335f7647bbed1111acf9bbe14180721a0add2cd3e06 |