Analysis Overview
SHA256
b02a6c2da9411d5fbf048c22fad0ac64e668d83823e65c94e0bfbab9777f2616
Threat Level: No (potentially) malicious behavior was detected
The file a35441be4f7e7c08d767c5320cefee75_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Suspicious use of WriteProcessMemory
Modifies registry class
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of SendNotifyMessage
Modifies Internet Explorer settings
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Enumerates system info in registry
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-13 01:18
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-13 01:18
Reported
2024-06-13 01:20
Platform
win7-20240611-en
Max time kernel
149s
Max time network
153s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = c05bdca72fbdda01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{D160CE41-2922-11EF-9684-CE8752B95906} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005ec80cf279b2564c91633e21940a807600000000020000000000106600000001000020000000cf6e791d2431220ab207d84ac051eab55ea034ab446b13a1a86bd87b0111b16d000000000e8000000002000020000000ef77a6e85a6e3c2aaef50b11e7652148f1a29f51f4df45cde6dab0397bb872822000000062bd5843f45cbf1f457c680ffa773f7974299dca8138b0eca05d83cdb0b2764d40000000ae31693276f62227202d7ff038ba7c292603dda60fef9cdc000f98f253b87e17c6ae7c48f3a229ed4ccc867a91024b631a4db5c532ecbf4a77dd256b8145282e | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005ec80cf279b2564c91633e21940a80760000000002000000000010660000000100002000000072e8ddc5c3b8011ce043083ef4a3aef3760e000f94a9524decf7a0c615d201f8000000000e800000000200002000000072173a9130c5d6fed031dc8064b83d58f85191be53e530c9b942fc5fc65f1a1f90000000481177cb6f584172b5aa8f0950ff5d925d565a6cebd249eede7ec59c34ab3e74557688ef6bb4ee0d0c33d970e935beeca66395d8c0f233ef188080ad902941d203ade8e6d37106047372fc91d50e507a97002536a5af48633efbdb38250e0326d1024c6412ed687d0aea427b29bd635ea36ac5c5a0c2ee31325f1544d989003638209de11642e4d3f5ce2a53458dfaeb4000000061ab14ba94cf616f974fe7de6815a3d05b12f930be4ff7906bedd0022cd13b54eaf6fc24f352787879978f46b82a45a3ce66a7b033cce8de74d194816140445c | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424403368" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2232 wrote to memory of 2276 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2232 wrote to memory of 2276 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2232 wrote to memory of 2276 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2232 wrote to memory of 2276 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a35441be4f7e7c08d767c5320cefee75_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2232 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | adspaces.ero-advertising.com | udp |
| US | 8.8.8.8:53 | ajax.googleapis.com | udp |
| US | 8.8.8.8:53 | static.canalpornotv.com | udp |
| US | 8.8.8.8:53 | coinhive.com | udp |
| GB | 216.58.201.106:80 | ajax.googleapis.com | tcp |
| NL | 217.22.19.199:80 | adspaces.ero-advertising.com | tcp |
| GB | 216.58.201.106:80 | ajax.googleapis.com | tcp |
| NL | 217.22.19.199:80 | adspaces.ero-advertising.com | tcp |
| US | 104.21.57.186:443 | coinhive.com | tcp |
| US | 104.21.57.186:443 | coinhive.com | tcp |
| US | 8.8.8.8:53 | c1.popads.net | udp |
| GB | 195.181.164.16:80 | c1.popads.net | tcp |
| GB | 195.181.164.16:80 | c1.popads.net | tcp |
| GB | 216.58.213.14:80 | www.google-analytics.com | tcp |
| GB | 216.58.213.14:80 | www.google-analytics.com | tcp |
| US | 8.8.8.8:53 | adserver.juicyads.com | udp |
| US | 8.8.8.8:53 | platform.twitter.com | udp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| US | 8.8.8.8:53 | connect.facebook.net | udp |
| GB | 163.70.151.21:80 | connect.facebook.net | tcp |
| GB | 163.70.151.21:80 | connect.facebook.net | tcp |
| NL | 185.94.236.246:80 | adserver.juicyads.com | tcp |
| NL | 185.94.236.246:80 | adserver.juicyads.com | tcp |
| NL | 192.229.233.25:80 | platform.twitter.com | tcp |
| NL | 192.229.233.25:80 | platform.twitter.com | tcp |
| GB | 142.250.200.14:443 | apis.google.com | tcp |
| GB | 142.250.200.14:443 | apis.google.com | tcp |
| GB | 163.70.151.21:443 | connect.facebook.net | tcp |
| US | 8.8.8.8:53 | ads.juicyads.me | udp |
| GB | 195.181.164.21:80 | ads.juicyads.me | tcp |
| GB | 195.181.164.21:80 | ads.juicyads.me | tcp |
| GB | 142.250.200.14:443 | apis.google.com | tcp |
| GB | 142.250.200.14:443 | apis.google.com | tcp |
| US | 8.8.8.8:53 | developers.google.com | udp |
| GB | 216.58.201.110:80 | developers.google.com | tcp |
| GB | 216.58.201.110:80 | developers.google.com | tcp |
| GB | 216.58.201.110:80 | developers.google.com | tcp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| NL | 142.250.27.84:443 | accounts.google.com | tcp |
| NL | 142.250.27.84:443 | accounts.google.com | tcp |
| GB | 216.58.201.110:443 | developers.google.com | tcp |
| GB | 216.58.201.110:443 | developers.google.com | tcp |
| GB | 216.58.201.110:443 | developers.google.com | tcp |
| US | 8.8.8.8:53 | ssl.gstatic.com | udp |
| GB | 216.58.213.3:443 | ssl.gstatic.com | tcp |
| GB | 216.58.213.3:443 | ssl.gstatic.com | tcp |
| GB | 216.58.201.110:443 | developers.google.com | tcp |
| GB | 216.58.201.110:443 | developers.google.com | tcp |
| GB | 216.58.201.110:443 | developers.google.com | tcp |
| GB | 216.58.201.110:443 | developers.google.com | tcp |
| GB | 216.58.201.110:443 | developers.google.com | tcp |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| GB | 163.70.151.35:443 | www.facebook.com | tcp |
| GB | 163.70.151.35:443 | www.facebook.com | tcp |
| NL | 142.250.27.84:443 | accounts.google.com | tcp |
| NL | 142.250.27.84:443 | accounts.google.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| NL | 142.250.27.84:443 | accounts.google.com | tcp |
| NL | 142.250.27.84:443 | accounts.google.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\Cab94A3.tmp
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\Tar9581.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HWTP8BNA\cb=gapi[1].js
| MD5 | 0fe383a7ddb9bbaefc3105b3297f5583 |
| SHA1 | f80c9d789f251909c7560bd91a9e1b9a10c26362 |
| SHA256 | d7ad4aad4e48174c30ef21fc32c9380659d2c99a5c39680e10ed9752139d8683 |
| SHA512 | 31de1f59377bc76e5d602d02273867ce750bbbccb7edc8f2803c0188002ecae6752ac3ec31c2108e64b0d871b01e6a8a06711969dc68bd9823303def0e7c1ee4 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Z5LT06Y3\UCWYBT5Z.htm
| MD5 | f78c09fff0a383a9caf9a19ecad4e849 |
| SHA1 | b8ac437f64351643b776351211a5efbbfc1fbf22 |
| SHA256 | 0f53b45f3bd465e10b105f3a6f05c1277b31d8727ff6f8fe4c1091b1bf4705be |
| SHA512 | 51f23bca8c25b84a0e7b3bd1a45e08466b716b16f2d5c85c6732fcd5bc80000373456279264e3402ec3b35c952ed32828fe05d6ef5138414343c28e45e904983 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 243ff4c5b3d567e7a4633e8ccc82d8ce |
| SHA1 | e0c5ab11a6cb26cfea0aef968c59c706c9d0f62c |
| SHA256 | 01f61804214621cdde03eae7962eb343031794c6ddbd75d887ac4c1e80c5dc63 |
| SHA512 | 7716ef6a69a5f2e6d0329eadea84ed27677f24eb0847de879170decfd0fa85031d84474742ead82002218828fd4a5af4d71461d8db90af8a13377824fc09ef5b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5d535a7599ccac6ee3838c4ee0b94a71 |
| SHA1 | d1a0f1ee8e30371e12b7bd1812d6a404091f973c |
| SHA256 | 27ef49bd9d8f039b913079e79da526c5ad5ba61c77d2ffff6b9dbfd1d8e16346 |
| SHA512 | 2d30700019f0ff6c5b0bcd641d41cb05cff508fa2855a9bb5c62dd7e67c25ed867f0cc3b7ccc1ad8e17d3f869121d1463070e39960533e75e6d5f053ea96e894 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 98c28b6ade075592bab1be9011a0d7a3 |
| SHA1 | 554faf5f53abef2c66fd8c2c876cc0b0d55a63bb |
| SHA256 | 99129c90bb56b4aac0033b221fe55366dfb9c8e9e45671b9a9990dc760471bbc |
| SHA512 | 9c4d4c21c9224adbb0bfe8ea7001e17395a4449d024e267e51e3b85b8da23c8faeceab9c288a059a1077507ac6a50b91a6e6d58199acd4666919347ac0f8fc4f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9c6759a4275a53d74e19c7428f0eaa3c |
| SHA1 | 13f1d089f27971358f6ec7561df135c070352c17 |
| SHA256 | b762312c97b5e7dea0c4b56f5daf62f947c787aea00ff458e99f3a7cf955016c |
| SHA512 | 6779cd53071ca9be594adcbdfa878130d070e6c0e68d4ad87d26b530655a6ac3f458eadb0f86cfeb82a5aceb5b5b8c6ffacc98805d793cd2890770033a958c05 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ef63f396cf2c93fe0b00a0308ad91a8c |
| SHA1 | b7e26a59fa0aff7dc453d8d49c483f24d56bedd8 |
| SHA256 | 46489f3e6150ace5e1ad55a935613b2b0aa41159c2723e0279c36840965fedf0 |
| SHA512 | c8cdf475588b81292442a98a6118ef1e300cbb259209bfe04b243145ff81c8e77ad613b8202468c7696aa85f9654b8e05373717a074edf56218af1e7ff8da260 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c6c3600cb19e27d2371545edde9fd974 |
| SHA1 | aada9382cdda60712dfe542d35ebaae0cea89f97 |
| SHA256 | d94d7782b7f1546be104ddf251ce86f73239369b9504da1e18d128a4ec8777c3 |
| SHA512 | d98ba74add9bf3b8609a4acc48499d0b5eef0119504f3bf589d6a7c67b490b44bf30f74f47b2bcc828b8a66e8c222a1e95e15d63f376162ac6904236d857bf2b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d25ec43ff30abfd6de8c37e30611b6d4 |
| SHA1 | a865ceed37e6ee560270d02bf7ff9a818c29f2b6 |
| SHA256 | bd3642b3f232cb1e3c94e504e4271aa8dcc8999059d5c16b33777b4d650d1bb8 |
| SHA512 | d03b6af90cc07bb5652c152d2a3724a7bfd032850d15561cb36054ed4aeb25e92cec889b2f2cfe5b454ae13d186df0169f21051db431efd01c7694f1d9c1649e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 00b1b48ddc162d8de6b2b1984af5097f |
| SHA1 | 85949a29532ab34749445398c4d9a09145ae6c46 |
| SHA256 | 286e0d3bfcbf5fe8bbfe6915e42318b839093cee42c9f4fe5557b7c0e9391f45 |
| SHA512 | 48fd788abd84951ae1f4bba3c9a05dac9004d15473ddc425b38880c66cd3def7d619cfa40a863c70e1696360fa5b8d28b9dd3d9007f07bb2892d70981a29e6b9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c6c0bf638d029a0d8a6b6da381b3182d |
| SHA1 | ada3a88b7d950c10b5e2f3b65ebe6d4cdcfbf3c9 |
| SHA256 | 99ba899c418b129aa1a467f28b067b2276e2107aaad4e44161ad7785542a123d |
| SHA512 | b2c52b7038e3d97a2bff35106dcb4be6af70769e0a0b8e39882928cb2f49cdcb535a05ee1f53acf3d54927cedb917501dc4ad751e105b680c9a4235c498e92fb |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2643e42f3b40df555b73721f6c250df0 |
| SHA1 | 3348fccda99cb9424241c6d34b7c846868ee8653 |
| SHA256 | 6924bf3034e604a632f184c91524aa34fb053ce29189808d912adf8b2c705e7e |
| SHA512 | b84d0041815cd08f29afd2e4cf99d8eaac7941bcaf9c1391cdc41eb687052ce6c239050cc6e0f7c9e04d9c28b85b3a9815491006b7e9a0243057f03f52c8afdf |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R3JK00ZJ\3604799710-postmessagerelay[1].js
| MD5 | 40aaadf2a7451d276b940cddefb2d0ed |
| SHA1 | b2fc8129a4f5e5a0c8cb631218f40a4230444d9e |
| SHA256 | 4b515a19e688085b55f51f1eda7bc3e51404e8f59b64652e094994baf7be28f2 |
| SHA512 | 6f66544481257ff36cda85da81960a848ebcf86c2eb7bbe685c9b6a0e91bca9fc9879c4844315c90afd9158f1d54398f0f1d650d50204e77692e48b39a038d50 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Z5LT06Y3\rpc_shindig_random[1].js
| MD5 | 6a90a8e611705b6e5953757cc549ce8c |
| SHA1 | 3e7416db7afe4cfdf3980daba308df560b4bede6 |
| SHA256 | 51fdd911dc05b1208911b0123aed6b542e9d9f04c94d7504c63d89ca259ef679 |
| SHA512 | 583636571c015af525cddd5b8dc2ac9964aba5a7a9b0acd3908e4aeb4c2ee74cdfaabe49b0aa13d7b142748542426864e91e88e90d7f73bc647f0bfecb0ff7bd |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 50aef6f161b0093304ba3604e5a949d4 |
| SHA1 | fd629b2b699c1dac9f8c0bb5fcc3817c15bd1b90 |
| SHA256 | 7da8f8cbf35240ebfae8897e60fb7f504e3cbb2748fe11cbdbe61988b50bf8c1 |
| SHA512 | 2c0c9a2acadc7fe7ab76b86a1f9faf42cf44f309ffe60e973a8da278c90ef67cf24cf5f0398880d1de5b70715c3b6fb2a9509be1f5e4510d84df9881b7041b23 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e52950fd44864933e04a626a9ec65e9f |
| SHA1 | eb26499c8bdeb999946c3015f46f409fb9ad32e0 |
| SHA256 | ac49282899692eef8654469bbe819b89c7dd972f82ef85bc4ff0a70b5da91af8 |
| SHA512 | 6e97904bb6b6f1a9f5f9352ad02b6df8dc171491411638f129639d35f569dd26fefb23c0482db7f07e7325151c82150f1f25c6c3897ac08df580ad22f349a0db |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c30ab12006a1c99f58e4683f6a7c41b0 |
| SHA1 | e4a190b1fa19810f9f77c0fa22617263a77a7af5 |
| SHA256 | 208ea6de8ed7824ff69bc21d07f1c1e3e17c0b882f14a3bd7069a3592b02fe00 |
| SHA512 | 38feb1d91cfa3bcaed534cb252398011ed948bc18394446329543c4f909112eff7e9d4eb322d4a630b60c5c7be18f531d782bc459975532162236ffa09fc6a49 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5d2d5a545941c2d8a3c8a0db91c1aa75 |
| SHA1 | a3ea91902155e8ba93743124fc554feb0039fb1f |
| SHA256 | 9295d3638cede2fc8d00c585bdf091b879bea2908a040095df3cab31c3a93073 |
| SHA512 | da8d0c5caa153d0c8debdf5db124be3ea6f7516706a529721ba92ac5248d6a2c71223cebb644ed8a9185a99ba026cb5af5c72d076e58521c13a8a3b0a602dc5c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 55569889f79d671d5176c9ad3af3b912 |
| SHA1 | 21c55ef18d43042835322453ef99975d9565fd95 |
| SHA256 | 05453254b1947b45814558fbbeec584b30a81abe8b9ec05c06d3316729e81dd7 |
| SHA512 | 0251f198f1712045de4af7c4baa7e0ff7ee2770498d2b98966457053fb72a1cd2849a405468801e6da6b0c1d725056d70f65cc096c499e4362d8522c380122b3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d465be1e6a47881ad355484e31a58213 |
| SHA1 | a6130d3dc59e604b5d3bc18cc0817c0b410c22c7 |
| SHA256 | 89ca3316b7e26b0fe27541c91ce2eaf001605d10f9b33f306d889cccc73310d1 |
| SHA512 | 74faf6dae4097b3de443531c4651b8230a8980c76f3e515cea31a0df4ba26c405f3a868bfbcc843dca97746b2e0da084842911a3be90a4dba8c1a30443d788f3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 84da20f225b64deedc9c36d028ee89f4 |
| SHA1 | 244971254a1271c7a05aa74762c9d3c67b69255e |
| SHA256 | 87e9fe9330becddea6c68b0a088f9255e415c761b8b8c24d5458048f6caa6b9a |
| SHA512 | 1911bd7d30a04612af38e049f3b335a895faea9022a810df20cab16cfab974d38a7788a5ab5b0edc586a96cad3bd63d7162567cda5af22387365990e6df455e4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 46a6813ee9ded16322271b693f8a9176 |
| SHA1 | a8981a51a41182a44c4a1352729eba292c9aa606 |
| SHA256 | 79fe0615ac33ae14993ef64f74adf1e4e8391b9cf493605d9c5a3aa388e8b552 |
| SHA512 | 199b21a5b2e601d7f349f5ab537481efc1e87b0499ccbf63153f8c3451a55bfafd34ea16335b6ec494ba57f7b34f23893476acb1b1c89977ced0a568a899bd6a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6451656f1479dedaedd23bf697013219 |
| SHA1 | b9ea705c9b46bc758e615d55c33f0b410ad29fe6 |
| SHA256 | b9bc9cf1d50804ba408ff4988b70eb1c949270dfc90eca01f3d30802a177a9f6 |
| SHA512 | 588b18878ee8e8187dc9d6ebd07a0d24565934afce22e1c89d0b1a21187de265ea571afb24451bc18d341e84d511164341e0e276ee4bb4913fcea41875d8213c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f16cc7669b31e39526e1dd86b32aa4bc |
| SHA1 | 67e447e843bbfa49be900ec5cce12c61164c7969 |
| SHA256 | 1c02fa490847e5c8afe8b56d1204e8d57ff469a97994fd2892d5bc50b283a998 |
| SHA512 | 3dc596c0f1c4ba235047c55e09440d5231003676624197f8465168b6e703eae02928edc2de626fb08a4e26d07ec92adb565d67cdb2fcdd0c72f5c367ebc1a2ca |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 397c5b621b5557c141e9b8af0c14210f |
| SHA1 | d5d6184ed8e48e3d40d5b0967248b3c34a863351 |
| SHA256 | 80a467a7866379d39ad9902d3cce5824d8e753d5221e3e960f8cd7adfb35cbfd |
| SHA512 | 91c5024d8ae91e07f64605aa5887767e240136684c3742117ccdcbac34892732a950635d800df49fddd163b785bce255d78399ff53b562bd979f4afb36827f84 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-13 01:18
Reported
2024-06-13 01:20
Platform
win10v2004-20240611-en
Max time kernel
150s
Max time network
150s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\cr.sb.cdmf5200eafd3ad904629cbb0f87a78a3c7211081fe | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\cr.sb.cdmf5200eafd3ad904629cbb0f87a78a3c7211081fe\Children | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-4204450073-1267028356-951339405-1000\{AC865CA0-52A7-476E-AFBF-D9A42B9F9BC2} | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949 | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949\DisplayName = "Chrome Sandbox" | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949\Moniker = "cr.sb.cdmf5200eafd3ad904629cbb0f87a78a3c7211081fe" | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949\Children | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a35441be4f7e7c08d767c5320cefee75_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x100,0x104,0x108,0xfc,0xd8,0x7fff6fcb46f8,0x7fff6fcb4708,0x7fff6fcb4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,15144422646953895736,7143671103403874646,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2136 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2124,15144422646953895736,7143671103403874646,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2200 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2124,15144422646953895736,7143671103403874646,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2628 /prefetch:8
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,15144422646953895736,7143671103403874646,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,15144422646953895736,7143671103403874646,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3296 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,15144422646953895736,7143671103403874646,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4672 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,15144422646953895736,7143671103403874646,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5236 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,15144422646953895736,7143671103403874646,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5448 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=media.mojom.MediaFoundationService --field-trial-handle=2124,15144422646953895736,7143671103403874646,131072 --lang=en-US --service-sandbox-type=mf_cdm --mojo-platform-channel-handle=4820 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2124,15144422646953895736,7143671103403874646,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=1788 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2124,15144422646953895736,7143671103403874646,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5044 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,15144422646953895736,7143671103403874646,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3024 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2124,15144422646953895736,7143671103403874646,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6856 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2124,15144422646953895736,7143671103403874646,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6856 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,15144422646953895736,7143671103403874646,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6852 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,15144422646953895736,7143671103403874646,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6252 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,15144422646953895736,7143671103403874646,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3212 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,15144422646953895736,7143671103403874646,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6588 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,15144422646953895736,7143671103403874646,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6676 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | adspaces.ero-advertising.com | udp |
| US | 8.8.8.8:53 | static.canalpornotv.com | udp |
| US | 8.8.8.8:53 | ajax.googleapis.com | udp |
| NL | 217.22.19.199:80 | adspaces.ero-advertising.com | tcp |
| GB | 142.250.180.10:80 | ajax.googleapis.com | tcp |
| US | 8.8.8.8:53 | c1.popads.net | udp |
| US | 8.8.8.8:53 | adserver.juicyads.com | udp |
| GB | 195.181.164.15:80 | c1.popads.net | tcp |
| NL | 185.94.236.245:80 | adserver.juicyads.com | tcp |
| GB | 216.58.213.14:80 | www.google-analytics.com | tcp |
| NL | 185.94.236.245:80 | adserver.juicyads.com | tcp |
| US | 8.8.8.8:53 | platform.twitter.com | udp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| US | 8.8.8.8:53 | connect.facebook.net | udp |
| PL | 93.184.220.66:80 | platform.twitter.com | tcp |
| GB | 142.250.200.14:443 | apis.google.com | tcp |
| GB | 163.70.151.21:80 | connect.facebook.net | tcp |
| US | 8.8.8.8:53 | c.adsco.re | udp |
| US | 8.8.8.8:53 | ads.juicyads.me | udp |
| US | 8.8.8.8:53 | ux13.juicyads.com | udp |
| US | 8.8.8.8:53 | ck.juicyads.com | udp |
| US | 104.17.167.186:443 | c.adsco.re | tcp |
| PL | 93.184.220.66:443 | platform.twitter.com | tcp |
| GB | 163.70.151.21:443 | connect.facebook.net | tcp |
| GB | 89.187.167.5:80 | ads.juicyads.me | tcp |
| GB | 142.250.200.14:443 | apis.google.com | udp |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 73.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 199.19.22.217.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.180.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.164.181.195.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 245.236.94.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.213.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 66.220.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.151.70.163.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | developers.google.com | udp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| GB | 216.58.201.110:80 | developers.google.com | tcp |
| GB | 89.187.167.5:80 | ads.juicyads.me | tcp |
| US | 8.8.8.8:53 | adsco.re | udp |
| US | 8.8.8.8:53 | 6.adsco.re | udp |
| US | 8.8.8.8:53 | 4.adsco.re | udp |
| NL | 142.250.27.84:443 | accounts.google.com | tcp |
| US | 8.8.8.8:53 | syndication.twitter.com | udp |
| US | 104.17.166.186:443 | 6.adsco.re | tcp |
| US | 162.252.214.5:443 | 4.adsco.re | tcp |
| US | 162.252.214.5:443 | 4.adsco.re | tcp |
| US | 104.244.42.8:443 | syndication.twitter.com | tcp |
| GB | 216.58.201.110:443 | developers.google.com | tcp |
| US | 8.8.8.8:53 | twitter.com | udp |
| US | 8.8.8.8:53 | ssl.gstatic.com | udp |
| GB | 216.58.213.3:443 | ssl.gstatic.com | tcp |
| US | 8.8.8.8:53 | 186.167.17.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 5.167.187.89.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 110.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 84.27.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 186.166.17.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 5.214.252.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.42.244.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 23.149.64.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.213.58.216.in-addr.arpa | udp |
| GB | 216.58.201.110:443 | developers.google.com | udp |
| US | 8.8.8.8:53 | 88.156.103.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 204.79.197.237:443 | g.bing.com | tcp |
| BE | 2.17.107.105:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 237.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 105.107.17.2.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 26.165.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 56.126.166.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 82.90.14.23.in-addr.arpa | udp |
| US | 162.252.214.5:2087 | 4.adsco.re | tcp |
| US | 104.17.166.186:2087 | 6.adsco.re | tcp |
| NL | 142.250.27.84:443 | accounts.google.com | udp |
| US | 8.8.8.8:53 | 6sw4bnoepzpi.l4.adsco.re | udp |
| GB | 185.200.118.51:443 | 6sw4bnoepzpi.l4.adsco.re | tcp |
| US | 8.8.8.8:53 | 6sw4bnoepzpi.s4.adsco.re | udp |
| US | 8.8.8.8:53 | 6sw4bnoepzpi.n4.adsco.re | udp |
| US | 38.132.109.115:443 | 6sw4bnoepzpi.n4.adsco.re | tcp |
| US | 38.132.109.186:3478 | udp | |
| SG | 185.200.116.90:3478 | udp | |
| GB | 185.200.118.90:3478 | udp | |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| GB | 163.70.151.35:443 | www.facebook.com | tcp |
| US | 8.8.8.8:53 | serve.popads.net | udp |
| US | 216.21.13.16:80 | serve.popads.net | tcp |
| SG | 185.200.116.51:443 | 6sw4bnoepzpi.s4.adsco.re | tcp |
| SG | 185.200.116.51:443 | 6sw4bnoepzpi.s4.adsco.re | tcp |
| US | 8.8.8.8:53 | 51.118.200.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 186.109.132.38.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 90.116.200.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 90.118.200.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 115.109.132.38.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 35.151.70.163.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 16.13.21.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | static.canalpornotv.com | udp |
| US | 8.8.8.8:53 | 51.116.200.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 22.236.111.52.in-addr.arpa | udp |
| NL | 142.250.27.84:443 | accounts.google.com | udp |
| US | 8.8.8.8:53 | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | c39b3aa574c0c938c80eb263bb450311 |
| SHA1 | f4d11275b63f4f906be7a55ec6ca050c62c18c88 |
| SHA256 | 66f8d413a30451055d4b6fa40e007197a4bb93a66a28ca4112967ec417ffab6c |
| SHA512 | eeca2e21cd4d66835beb9812e26344c8695584253af397b06f378536ca797c3906a670ed239631729c96ebb93acfb16327cf58d517e83fb8923881c5fdb6d232 |
\??\pipe\LOCAL\crashpad_2132_SBWGWHBAHRPAXEWG
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | dabfafd78687947a9de64dd5b776d25f |
| SHA1 | 16084c74980dbad713f9d332091985808b436dea |
| SHA256 | c7658f407cbe799282ef202e78319e489ed4e48e23f6d056b505bc0d73e34201 |
| SHA512 | dae1de5245cd9b72117c430250aa2029eb8df1b85dc414ac50152d8eba4d100bcf0320ac18446f865dc96949f8b06a5b9e7a0c84f9c1b0eada318e80f99f9d2b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | d5ebd13cf8abcc9b44efe8c110a9039c |
| SHA1 | 38ed6cf8963f472aa2d5b0ffe34e516cf8d2551f |
| SHA256 | 1eabcd51bc38d8ff80d65be309541b5adfa8c240fbac5fcef2b5e3cbe70c0412 |
| SHA512 | 8858d825fa42c3c6d43d4c62e00e0fc00ea74c3713736ae4860896807e45a5a33ed3e89cc91c4f2e05537adc095f870dc5827016dad2772b734c43ada20ade8f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 7759325b96dfc6cd8323aa1a1e34705f |
| SHA1 | 0834783b75ff015917818f37d4809604f46e1b82 |
| SHA256 | cf6abb6f0531ecf700145541a298222c7afc427791854f5931809505a79cdf5a |
| SHA512 | 0787da6272500605a7fe4b77700d67bb31b85a7fe066893a1ef1ac4b9ba32899352967d9d38321af2ceeeb0d193368b1dde67502761d57cc1fc1539daef65d37 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | fb3eb413cea64613ff004a9cccb08e0d |
| SHA1 | 68f701becf5119521e8110654650651138dca3d2 |
| SHA256 | a340d8863fbcc7e2266c0aa467f08644dba3d5952495cad300a6ec988c31414f |
| SHA512 | d54d7fd39a9c94f803baa04b81b6f69f9e127250ab28b2c24dfa737be7e68c6d2f9a6a8c7e8bc4c09ad294a8194f7c3f43d2f7549ed5bd17e4a66a6cad6eefca |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 649741d59f066dd601bbddb9eb9457c5 |
| SHA1 | 883ee11aebd1d30cc2f313f6530e18351d8a922c |
| SHA256 | a704375af17657c5cfca40ea73ad2d35bb0467b8503f96fb735078ed9f75d753 |
| SHA512 | 699d1f96de7d9415047ec5c39ac688ebedd4d79a26f81f469b0916b278290c4b5202a7dd6f024807c847d8b5c820080fdfb8264262b653556e650de08e866d30 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | b553c62a6e780b17ec5449683748a7b4 |
| SHA1 | 3dbba908a5429cbc8697274f9b2a7a768740f3bb |
| SHA256 | 6d9d798286a660a5ccbe9eace244cde23610903f2eb91801c3cb3693acb57f1a |
| SHA512 | 372bba2cf229d87abc1431f57b0a2b73cd9e0802f1651824fbbf8c96d41d9048878fa6c9667e1619ff1628da5760ab16160acda2ed0f33fc556240a97ed75392 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000c
| MD5 | e1c71f7c04be834f5587230db2ad24b3 |
| SHA1 | f3bab9cb99d9f343bf7ed3981aaa7450515d2424 |
| SHA256 | 9fb6c768068467b58cc773a3907f3f5ec170bfe02ca8f301f6a232a9daf5a899 |
| SHA512 | 205366b4a3ca0dae58722a19ba24088dd8db483db9d14b376434024b064715ade720347ff5de87db014e32d2ef8192e71bbbdd3c885d5a8581b4aafc6e88ce51 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | e7cd7d0541a0ee897c5951bf4733b00a |
| SHA1 | 8eb1a160778368d82c1497317f0ffce2cdd67600 |
| SHA256 | 2660dd63de706be8123abc1199b57126dec42c79ba712cf2eff8f128faedc1d4 |
| SHA512 | 1d32de3e515b035f5fbb83203697a4654be546a3f3bdc3012082397a497ffa8ddf4cac04f8cac19e911eca3d2fd9c60612c80b875f5483089bcbd6c49f5eeff2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | aa8cd5bee75fe257c54d75cdbe92591f |
| SHA1 | 76059ff0e4722385eb09edfb5289e3ef84447715 |
| SHA256 | 60bc396ebf98be4ae7bf238980fdd1f6429af8aad8e59a67ee4cdf282befba5b |
| SHA512 | 203c97fcdba15da00790f52cb79bb4c06a423bea7b2d079d2bc7de5aae292629dc9858d2a0c93261f3b7e85584fbe4331252b1ba3df533f28e51fbe6c83668f5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\9ee6661e-b07e-4100-95bc-fd5db816dd84.tmp
| MD5 | d457ffcfbc635d804433939c5cd12d55 |
| SHA1 | f6e2707144161c54980bdfe8bae03ea0ae528cfb |
| SHA256 | da9ffb4f9fa28fb95afcc63332b287139535317c9852b8ac84f6c0af0f370644 |
| SHA512 | 58954222aba392b34bcda25d95415baea5501d9aad90f82c1e0b9229564b5551bb51364ac81bcffb448ffa6150cc1bfdd555d75c97a06077de6eebca7713855c |