Analysis Overview
SHA256
2c734ca5c2b376fd3d26d67a01fb62613acbb30ee4378b25672d84547d48ac94
Threat Level: No (potentially) malicious behavior was detected
The file a1b31e98bfed34afc10d749fae12b68f_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Modifies Internet Explorer settings
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Enumerates system info in registry
Suspicious behavior: EnumeratesProcesses
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-12 18:18
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-12 18:18
Reported
2024-06-12 18:20
Platform
win7-20240220-en
Max time kernel
134s
Max time network
128s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 608e0af6f4bcda01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000001a87947e118a3468df3aa5695c53b65000000000200000000001066000000010000200000006852eef2493b50036cea3e122c589a3a1221053df18904f4dfee4a0a777f954b000000000e80000000020000200000009db46cf9b4c78c6eb626dba3eb525eb6502a15e21b1991fc7db0a611aad40f3490000000c30ecab4341e2425513a21792424b0834552ad8f71d52e8ecbf1d79a66f2a132dbfe33ffe30a374dc15b15eb6be98e9e26311f2a6226195de548a4ae54cc36b1d54a3fafd70ff18a7e3a38b14da519b26dbbdd5c5b928872d477f9aee6468422b42f9e94db570f7bc22f07602fe138366f51d930fe053c049147a8bd34c9ccc21b29f7cb1aaee1523280566c680a4fdb40000000467805f92ca6645ae781c3b56cfbbbb27d1cbeaeed4b1a04c2d503545c3b6f300ed011c67f72359cf0cf63009b35469fcb55e36180817bb777b9930a8dc24274 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424378154" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000001a87947e118a3468df3aa5695c53b6500000000020000000000106600000001000020000000c4055baa8b8f7e70872613326957883599131a1cf47f7113ce675ab5d20341a6000000000e80000000020000200000004347e9e392af9d6c85326e158f176debee868c9fb42cee386a8ce4a92b9afa51200000009bd93d8d97756250f34b521bcf4c025e3f357fd6e5b13628ddfd7f8aaa3c61da40000000e1dee3de9b7422cc5daf939542f5be19215e9a4bf6d1289df1ea600757aaacd6d0b9bd9ea09f9fc706b96adfd577dcda64788bcd91ecece0464d49062c200d4d | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{1D738B51-28E8-11EF-A296-4A24C526E2E4} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2904 wrote to memory of 3068 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2904 wrote to memory of 3068 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2904 wrote to memory of 3068 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2904 wrote to memory of 3068 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a1b31e98bfed34afc10d749fae12b68f_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2904 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | coatecindia.com | udp |
| IN | 119.18.54.19:80 | coatecindia.com | tcp |
| IN | 119.18.54.19:80 | coatecindia.com | tcp |
| IN | 119.18.54.19:80 | coatecindia.com | tcp |
| IN | 119.18.54.19:80 | coatecindia.com | tcp |
| IN | 119.18.54.19:80 | coatecindia.com | tcp |
| IN | 119.18.54.19:443 | coatecindia.com | tcp |
| IN | 119.18.54.19:443 | coatecindia.com | tcp |
| IN | 119.18.54.19:443 | coatecindia.com | tcp |
| IN | 119.18.54.19:443 | coatecindia.com | tcp |
| IN | 119.18.54.19:443 | coatecindia.com | tcp |
| IN | 119.18.54.19:443 | coatecindia.com | tcp |
| IN | 119.18.54.19:443 | coatecindia.com | tcp |
| IN | 119.18.54.19:443 | coatecindia.com | tcp |
| IN | 119.18.54.19:443 | coatecindia.com | tcp |
| IN | 119.18.54.19:443 | coatecindia.com | tcp |
| IN | 119.18.54.19:443 | coatecindia.com | tcp |
| IN | 119.18.54.19:443 | coatecindia.com | tcp |
| IN | 119.18.54.19:443 | coatecindia.com | tcp |
| IN | 119.18.54.19:443 | coatecindia.com | tcp |
| IN | 119.18.54.19:443 | coatecindia.com | tcp |
| IN | 119.18.54.19:443 | coatecindia.com | tcp |
| IN | 119.18.54.19:443 | coatecindia.com | tcp |
| IN | 119.18.54.19:443 | coatecindia.com | tcp |
| IN | 119.18.54.19:443 | coatecindia.com | tcp |
| IN | 119.18.54.19:80 | coatecindia.com | tcp |
| IN | 119.18.54.19:80 | coatecindia.com | tcp |
| IN | 119.18.54.19:80 | coatecindia.com | tcp |
| IN | 119.18.54.19:80 | coatecindia.com | tcp |
| IN | 119.18.54.19:80 | coatecindia.com | tcp |
| IN | 119.18.54.19:443 | coatecindia.com | tcp |
| IN | 119.18.54.19:80 | coatecindia.com | tcp |
| IN | 119.18.54.19:443 | coatecindia.com | tcp |
| IN | 119.18.54.19:443 | coatecindia.com | tcp |
| IN | 119.18.54.19:443 | coatecindia.com | tcp |
| IN | 119.18.54.19:443 | coatecindia.com | tcp |
| IN | 119.18.54.19:443 | coatecindia.com | tcp |
| IN | 119.18.54.19:443 | coatecindia.com | tcp |
| IN | 119.18.54.19:443 | coatecindia.com | tcp |
| IN | 119.18.54.19:443 | coatecindia.com | tcp |
| IN | 119.18.54.19:443 | coatecindia.com | tcp |
| IN | 119.18.54.19:443 | coatecindia.com | tcp |
| IN | 119.18.54.19:443 | coatecindia.com | tcp |
| IN | 119.18.54.19:443 | coatecindia.com | tcp |
| IN | 119.18.54.19:443 | coatecindia.com | tcp |
| IN | 119.18.54.19:443 | coatecindia.com | tcp |
| IN | 119.18.54.19:443 | coatecindia.com | tcp |
| IN | 119.18.54.19:443 | coatecindia.com | tcp |
| IN | 119.18.54.19:443 | coatecindia.com | tcp |
| IN | 119.18.54.19:443 | coatecindia.com | tcp |
| IN | 119.18.54.19:443 | coatecindia.com | tcp |
| IN | 119.18.54.19:443 | coatecindia.com | tcp |
| IN | 119.18.54.19:443 | coatecindia.com | tcp |
| IN | 119.18.54.19:443 | coatecindia.com | tcp |
| IN | 119.18.54.19:443 | coatecindia.com | tcp |
| IN | 119.18.54.19:443 | coatecindia.com | tcp |
| IN | 119.18.54.19:443 | coatecindia.com | tcp |
| IN | 119.18.54.19:443 | coatecindia.com | tcp |
| IN | 119.18.54.19:443 | coatecindia.com | tcp |
| IN | 119.18.54.19:443 | coatecindia.com | tcp |
| IN | 119.18.54.19:443 | coatecindia.com | tcp |
| IN | 119.18.54.19:443 | coatecindia.com | tcp |
| IN | 119.18.54.19:443 | coatecindia.com | tcp |
| IN | 119.18.54.19:443 | coatecindia.com | tcp |
| IN | 119.18.54.19:443 | coatecindia.com | tcp |
| IN | 119.18.54.19:443 | coatecindia.com | tcp |
| IN | 119.18.54.19:443 | coatecindia.com | tcp |
| IN | 119.18.54.19:443 | coatecindia.com | tcp |
| IN | 119.18.54.19:443 | coatecindia.com | tcp |
| IN | 119.18.54.19:443 | coatecindia.com | tcp |
| IN | 119.18.54.19:443 | coatecindia.com | tcp |
| IN | 119.18.54.19:443 | coatecindia.com | tcp |
| IN | 119.18.54.19:443 | coatecindia.com | tcp |
| IN | 119.18.54.19:443 | coatecindia.com | tcp |
| IN | 119.18.54.19:443 | coatecindia.com | tcp |
| IN | 119.18.54.19:443 | coatecindia.com | tcp |
| IN | 119.18.54.19:443 | coatecindia.com | tcp |
| IN | 119.18.54.19:443 | coatecindia.com | tcp |
| IN | 119.18.54.19:443 | coatecindia.com | tcp |
| IN | 119.18.54.19:443 | coatecindia.com | tcp |
| IN | 119.18.54.19:443 | coatecindia.com | tcp |
| IN | 119.18.54.19:443 | coatecindia.com | tcp |
| IN | 119.18.54.19:443 | coatecindia.com | tcp |
| IN | 119.18.54.19:443 | coatecindia.com | tcp |
| IN | 119.18.54.19:443 | coatecindia.com | tcp |
| IN | 119.18.54.19:443 | coatecindia.com | tcp |
| IN | 119.18.54.19:443 | coatecindia.com | tcp |
| IN | 119.18.54.19:443 | coatecindia.com | tcp |
| IN | 119.18.54.19:443 | coatecindia.com | tcp |
| IN | 119.18.54.19:443 | coatecindia.com | tcp |
| IN | 119.18.54.19:443 | coatecindia.com | tcp |
| IN | 119.18.54.19:443 | coatecindia.com | tcp |
| IN | 119.18.54.19:443 | coatecindia.com | tcp |
| IN | 119.18.54.19:443 | coatecindia.com | tcp |
| IN | 119.18.54.19:443 | coatecindia.com | tcp |
| IN | 119.18.54.19:443 | coatecindia.com | tcp |
| IN | 119.18.54.19:443 | coatecindia.com | tcp |
| IN | 119.18.54.19:443 | coatecindia.com | tcp |
| IN | 119.18.54.19:443 | coatecindia.com | tcp |
| IN | 119.18.54.19:443 | coatecindia.com | tcp |
| IN | 119.18.54.19:443 | coatecindia.com | tcp |
| IN | 119.18.54.19:443 | coatecindia.com | tcp |
| IN | 119.18.54.19:443 | coatecindia.com | tcp |
| IN | 119.18.54.19:443 | coatecindia.com | tcp |
| IN | 119.18.54.19:443 | coatecindia.com | tcp |
| IN | 119.18.54.19:443 | coatecindia.com | tcp |
| IN | 119.18.54.19:443 | coatecindia.com | tcp |
| IN | 119.18.54.19:443 | coatecindia.com | tcp |
| IN | 119.18.54.19:443 | coatecindia.com | tcp |
| IN | 119.18.54.19:443 | coatecindia.com | tcp |
| IN | 119.18.54.19:443 | coatecindia.com | tcp |
| IN | 119.18.54.19:443 | coatecindia.com | tcp |
| IN | 119.18.54.19:443 | coatecindia.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\265C0DEB29181DD1891051371C5F863A_5E390E1CA50E646B1021D6CAA485D322
| MD5 | e6868114550f22eb84a50b078bda483d |
| SHA1 | 9304e0f07a02f36a9624dd43e3e5f6e3a8423b1f |
| SHA256 | 0265d5c043ab007adb15f48b2af9a09b691af3b80b78ddcf24b1b915c94690d0 |
| SHA512 | 7f69f27595759bf043ff75d48980606fb2746ae47696002616dd3fefce194b68651325106e643a93c0b67fbba8dea7e86377b7b8f0f6051d8356a095b858db9e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7be3034c78dd8d5c200d785fb67701fb |
| SHA1 | 0139d3b09094d61a13188ffc2503795c655dd8cf |
| SHA256 | 00d2f1f9bdb25060aa44ddaed4b432f879b0f1eaa78c89dfe1037a349eb2dc7a |
| SHA512 | e32db589e46c0e26c65048a28feb738d3170ef957cef00d17738fadbb76913f7e726c3b07f41b388a5eda7b99f4d372254005a0d7a0420954c209c84ed99620b |
C:\Users\Admin\AppData\Local\Temp\Cab4867.tmp
| MD5 | ac05d27423a85adc1622c714f2cb6184 |
| SHA1 | b0fe2b1abddb97837ea0195be70ab2ff14d43198 |
| SHA256 | c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d |
| SHA512 | 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d |
C:\Users\Admin\AppData\Local\Temp\Tar4879.tmp
| MD5 | 9c0c641c06238516f27941aa1166d427 |
| SHA1 | 64cd549fb8cf014fcd9312aa7a5b023847b6c977 |
| SHA256 | 4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f |
| SHA512 | 936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\Tar4969.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 90a43ce34ee21ddfa3a1e668d6108842 |
| SHA1 | c6b797cb6542cce834881b9d74989537e2464a2d |
| SHA256 | 6653afdd781c2fa5dacf75d22172e4b5f77a80207b9ff342b55102ee4bbba080 |
| SHA512 | a27d6cf8eba30b8edccecb30c006c12e94fb3938204693c269c4bcb39b72ea8e9375c4e9817d162fe57796ae489375f965cee606a386528f9a542fb1fb93766d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | cb3dffe8ac904ef0dad339c2e7819082 |
| SHA1 | 7cbce41476c7d18834eb4444fc5821f7bcb27136 |
| SHA256 | ca03b67689a305e5e6a3308f473fb69143a55a2c4baab0a3cd2af41e7be4f855 |
| SHA512 | ecc67ce976f92bea71bbc7eafbf18d53b75452ec1278e6cf5caa71839489c9cc2c668fb6fde4d342abc10527597775e55eb92c1b06fe2de40bc9c9410746dbad |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e4086fc4803505e7bb41a42c24672917 |
| SHA1 | 0d1aa22dd35d4f15f99f84658efac9ab9eeda251 |
| SHA256 | 4012039b505f7c2d192704199815f83c131eceb06faa85c6982aba5cafedc208 |
| SHA512 | 4bbc231e8e6c9378a36037faf26f03c3162e9ee054514f46b59b3286acea9a16a4194abfcdfd7c58fcd11c0b909ef19b698c3c6e5411ddf8dba96599ab2bdec7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5f22f30268160025a0c2efcffdeffa33 |
| SHA1 | e2e6362dc64b297e0d9fef2c7a9b5c51d384c043 |
| SHA256 | 77a7b10de9f916603c70f737bc0bd51c59f5f1c2dcf08a73fb530e43a78adb36 |
| SHA512 | 0425016ccbde6712e680965c9eb1f5b28a93fd7be86cb2fe33ed5dba91557313f907ad90b27685b68cf6ce34ef373e5f350f2527bb1b632b9543477a228fcf8e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 47572e4d51ab49f0148e2d095e0292f8 |
| SHA1 | 21b0e1cd1e0e05739d9a705da3224a45711e7566 |
| SHA256 | bcf1abfad8b06d4be44a14d3cde235f16761bd3a87abd59750e80239f06899d8 |
| SHA512 | b054e63415355f749246aaa7a7558bbbcb38852e58d93db2f82fb190a64c541d96f8e7823e21211f979cece1c0bad62f49229bed7c3e19335e24cffdbe5a03fb |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b709b955cbbd2f060d2d66b4fcf73778 |
| SHA1 | ed7c0ba8cd6f1116df6d743d3d0f6db75cd99e4a |
| SHA256 | 91975a93e2ee951b6e427c9c11afa98b97079d76a0e8a93ed056eb8bb699a978 |
| SHA512 | 605679c52e9889db743b0a9c90c0b987be689c08f13953e712a542b16df36fb8dda5403cbd023167437c0a3955e7c63220589b92f0ba02ab506cc5d8c00a375d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1629fb205746cd14d89f4d4efbfc3db8 |
| SHA1 | f118ccdb60dccd3e9e6628b2d90240ce39234eb3 |
| SHA256 | a04126fbdebf28079f2876978a329b5fa9a5673935fba92bf7089700d968c0c7 |
| SHA512 | 129e487cfa8460d895faae3f8222e969a759c9a74d64e4836619e74a78bc48b1590e7556b2340e52b5c8917fcaa6d4fb95098102e1865fdd8f453d06cc1de974 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 512d8d6eaa39e73bfb71302df8d3a487 |
| SHA1 | 491399ffb4b1d70e72a4604ab7d71f0474e403cf |
| SHA256 | fe0042d76be9b0b0d79db0086f5dfcb85028f0950e396774fe1e4c02046fb13e |
| SHA512 | e41cdf81ba7783e4f79c2dbce41bdd911f012fa62d82e19f6e15eec334a34c5f3ab0ddf07dfc73f44a1af48669751a0ebeb3b5149cc341ef8c8a3eed78e36bbf |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 98b423db54c7e565cf722f9b9d3b7052 |
| SHA1 | 709efdb1eb03369a281319845ee88d07c98a79ba |
| SHA256 | 13b41e58c27bd923ee3020a5c016052e36893fc73f2b64a35c6c94d313943a23 |
| SHA512 | b49f8ccd2b141715e3e3e9cd08f68e7636cc906571e63c3badaebe54a027fc9e65fdbf1a8310530c1d992bfb19e43dc50dbffd71b10fb2cb978c664f9b184d8d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 20bb30b42c1f8831db25ed5e920f7d06 |
| SHA1 | 9e6f764d6acbb532abdca5bc6461e00dac7bfc5f |
| SHA256 | 9e584abf26a5641443641807532f0b10c23c2c89584ebafba8a6e8668c6fe94c |
| SHA512 | ec18a230c18c00d9f5d837f1dc826935a548136008031e52504b250caeba93650baa11f679d748c42e8ef92ea44de67e946a3256a6fb8d3572b2ccfe0208f51c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | a266bb7dcc38a562631361bbf61dd11b |
| SHA1 | 3b1efd3a66ea28b16697394703a72ca340a05bd5 |
| SHA256 | df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e |
| SHA512 | 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | ddf976abf5403c69174617740dca7dc1 |
| SHA1 | c03030dd6ee2365a1d26d39ac074af0885c33f27 |
| SHA256 | 541d2acfbeafd51a7a77be8d399548685c2c19e4e1ad9e3ea52a8de377f098c0 |
| SHA512 | a06414fa7eb13c1f4dd3ee5fbc2609331a1929ef1bb9806a14840d8299d754c0188363dec77259a3977ecffed317c624e8e2c66f8f632aa0979a862f908666b9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3eed3962168debca3435fa19fcf6c954 |
| SHA1 | 49df67987787a61363307f87ff3fea2f2e9c641d |
| SHA256 | 77d132b77043d8cdeedb5580a96ac95798bffad63bb1c62f76fc9c46b20b0de5 |
| SHA512 | cd0aada81a6236ec1c7b365b537b489a06e20b2229df8b1f895319c503d5a425d09f742aa15dcb949da7b039082f5ad003b945ca826c0fdce7deef84a7a49ba3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6da0deda46f22014bae58e9c47bb623a |
| SHA1 | 43fb16aeeec03f8552a4d0585723ec18d61492a0 |
| SHA256 | 876df074625787f22696fa38c9ee80f2897a99617cbca800ee579ca7f5dd2eb5 |
| SHA512 | a8e80d0090587303b9ddacd91221c2af3193b6af4d03439e83bcc29fa454f5189f790a44e5ce092a787553c7b6181edfc5d636a22dcaeffcaf1efe09b65c0cf4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | fc5121f530acae2a20ba79ef720d2d60 |
| SHA1 | f899d409e50b90bed4054b8e06da6fa772461f9a |
| SHA256 | d1a75e9b21a97d7d0a1292d587bef4933c7e732237457ae6947da1a0a48239d1 |
| SHA512 | 918508b85161818dc7b1fdefe5284eba13f6ec88f451b6671216e790ccfdb6f8207dd744554afdf22cd655f9c4eb41d147dcf631e56b86d38471fa94149338a3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 50cc5f23bb4de796b5a017d4e2f847c9 |
| SHA1 | da23f36d6ba83a18846e89f18ef87c954de99f59 |
| SHA256 | b2f291b232273147f848731ec8ebb40690843ed48e696663ebf0e6e1a259665c |
| SHA512 | 32eed70feda19706f43cb34d3b4482a7b65dea880850cbc94eba44937e36e3b82ed996d6510b0bce798935bb26bbe22b33ea89f13a062d0e0c834db943cd25c0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | e4a68ac854ac5242460afd72481b2a44 |
| SHA1 | df3c24f9bfd666761b268073fe06d1cc8d4f82a4 |
| SHA256 | cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f |
| SHA512 | 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | aba3c9afd72b938caedab3d2c4cd070f |
| SHA1 | dd2e3d1fb28005307149eacb6466b78dff412d5b |
| SHA256 | 2a62b849d3161e71cbd4ead3a50d6dcedba0b0f0ded4a352ac9987cc0ce0a186 |
| SHA512 | 22c87cd266df1003f5a004fe326ded32298f9c75329f844c9d9634bacd8d38b9d8858a6fce4dd9222b2cc1087cde1586807afda95524262521d7961beb581de8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 27196bb142eac8933acb002395f607d0 |
| SHA1 | dd4031505ba8b94e1a4076d06064acd53221f044 |
| SHA256 | 64c4f167a91f02aa716d29870bc089fe82bd0816d4a593cf126ed7aa5b901c74 |
| SHA512 | c120235cefc1d31c0b29e4ff484a094f63be947c66e84f5a186b7e1a3c9c64611463ffce85049b7690d58c34aed69bdfaa08266aa4ac5e3eb0a454697900fb4a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | 7f261dd4d356a1fdf25bd7dc3c8483e9 |
| SHA1 | f211e5f733e0736e3a5fc057d6806e80b7d056db |
| SHA256 | 890ec6f1eb432c730d6746cfb68bd4f99278812c4b872771d2bc65924f903f62 |
| SHA512 | 21c3ef53ac946e41df6277a13c2783c3ca342fa4c6ef8642db5b16e7f02821df4f68f02b0ed1b68f85f35fa2ae7b9458947e4f93ebfdb2b194710780c896f051 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9178066debbfc198ea2520f708711c3f |
| SHA1 | 4e5da8013d5e9925e359837c6910737487655dc4 |
| SHA256 | 8d0798cc37b43047bb259d25c4467400e5783b88585d400d9cf4840626fa1747 |
| SHA512 | 57139f5dd6cd11d7bab145c81cbeaa96544ba4a3b9fd44cccb88eaade3efabeb38dbe338005bde9589f6977122ac43c53a33dbeb08174ffee483dd973dec09f5 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-12 18:18
Reported
2024-06-12 18:20
Platform
win10v2004-20240611-en
Max time kernel
145s
Max time network
138s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a1b31e98bfed34afc10d749fae12b68f_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffdb9ee46f8,0x7ffdb9ee4708,0x7ffdb9ee4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2060,5686219436660200670,6821310480588415587,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2076 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2060,5686219436660200670,6821310480588415587,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2172 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2060,5686219436660200670,6821310480588415587,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2988 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,5686219436660200670,6821310480588415587,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,5686219436660200670,6821310480588415587,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3240 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2060,5686219436660200670,6821310480588415587,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5868 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2060,5686219436660200670,6821310480588415587,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5868 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,5686219436660200670,6821310480588415587,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5084 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,5686219436660200670,6821310480588415587,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4268 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,5686219436660200670,6821310480588415587,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3816 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,5686219436660200670,6821310480588415587,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5100 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2060,5686219436660200670,6821310480588415587,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3160 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | s.w.org | udp |
| US | 8.8.8.8:53 | coatecindia.com | udp |
| IN | 119.18.54.19:80 | coatecindia.com | tcp |
| IN | 119.18.54.19:80 | coatecindia.com | tcp |
| IN | 119.18.54.19:80 | coatecindia.com | tcp |
| IN | 119.18.54.19:80 | coatecindia.com | tcp |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 74.204.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 99.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 55.36.223.20.in-addr.arpa | udp |
| IN | 119.18.54.19:443 | coatecindia.com | tcp |
| IN | 119.18.54.19:443 | coatecindia.com | tcp |
| IN | 119.18.54.19:443 | coatecindia.com | tcp |
| US | 8.8.8.8:53 | 19.54.18.119.in-addr.arpa | udp |
| IN | 119.18.54.19:80 | coatecindia.com | tcp |
| IN | 119.18.54.19:80 | coatecindia.com | tcp |
| IN | 119.18.54.19:80 | coatecindia.com | tcp |
| GB | 216.58.213.14:445 | www.google-analytics.com | tcp |
| IN | 119.18.54.19:80 | coatecindia.com | tcp |
| IN | 119.18.54.19:80 | coatecindia.com | tcp |
| GB | 216.58.213.14:139 | www.google-analytics.com | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 86.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 56.126.166.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.227.111.52.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 3a09f853479af373691d131247040276 |
| SHA1 | 1b6f098e04da87e9cf2d3284943ec2144f36ac04 |
| SHA256 | a358de2c0eba30c70a56022c44a3775aa99ffa819cd7f42f7c45ac358b5e739f |
| SHA512 | 341cf0f363621ee02525cd398ae0d462319c6a80e05fd25d9aca44234c42a3071b51991d4cf102ac9d89561a1567cbe76dfeaad786a304bec33821ca77080016 |
\??\pipe\LOCAL\crashpad_3504_OUQRFQWKIGXRPDDU
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | db9081c34e133c32d02f593df88f047a |
| SHA1 | a0da007c14fd0591091924edc44bee90456700c6 |
| SHA256 | c9cd202ebb55fe8dd3e5563948bab458e947d7ba33bc0f38c6b37ce5d0bd7c3e |
| SHA512 | 12f9809958b024571891fae646208a76f3823ae333716a5cec303e15c38281db042b7acf95bc6523b6328ac9c8644794d39a0e03d9db196f156a6ee1fb4f2744 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 83d1b569070bfbf776af97ffa492dcf0 |
| SHA1 | bb5987fbda48e4114ca1eb261b90a6024c19ed69 |
| SHA256 | bc9c2cca1b040c3f9bac38b85724f58dc4615d7692c12210ab6b34df22b35d15 |
| SHA512 | ae15b3947eef5f6e7d2e0972a11575de37c3773bd1d81eca7930ffad9f34e7f41cb4e7d73defd31192a04ef5dd1d9bf19c244e57003bdde81c5c7cce20c4b7f3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 9c1df7342ff18bb31b0356d63887f793 |
| SHA1 | 04e808b178a1f944b4c6f184dd1eace9786fe849 |
| SHA256 | ab4dab8da550e4e656a50c9a6d8deed3dfcad9f61416df570257715166c85e0f |
| SHA512 | b95bc228be1a3e3929ab4dffbf1d6facdd539f1b0a433edf3cd5295fb1989c91b045223591fbbad569fe96052aae86951f6e19b8e30b4889218af8a90b272dad |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 7c4966156f6a057bc0bd426736c77197 |
| SHA1 | 3ce948530ad20fdbfd374ab225cca7286a830e14 |
| SHA256 | 204aef02f43a92fecac2d1069c7ddaf5cfe1f44dc3dbb9f169faee63d4f51184 |
| SHA512 | 714b2ab18e88da13ebf5abb1cee921adb1037ca8ff4eba95ce84ae22b43f28896d4f8a41e68e115f5cf71a71b2ae158ec2d2cba0cd656594de491f675b156766 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 4fe1a743ca77ee66de5f6c5d102ff34a |
| SHA1 | 9715e9351bb0628b5048e0eb31e56f2df85fe048 |
| SHA256 | 6fe4279c3c91109925bb247d3e74b483d8384211d2fa571f3e5185b4b857e98a |
| SHA512 | 004f4a3b72a94176b1ec62936364d641447b9d61d252e928a1c66bfb393ba429fee44ade40d06a06138cee38d6453796bdf367a53e9245b07dcd934e4ed5d48e |