Analysis Overview
SHA256
b5a415da807c79399a0e59a9687ad493c45bbcc4754deacd9020a9d1b353e409
Threat Level: No (potentially) malicious behavior was detected
The file a355709032b86a70ae37ec702243463a_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Enumerates system info in registry
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of SendNotifyMessage
Modifies Internet Explorer settings
Suspicious use of FindShellTrayWindow
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-13 01:19
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-13 01:19
Reported
2024-06-13 01:22
Platform
win7-20240220-en
Max time kernel
138s
Max time network
146s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000009dba024517f4eb43a681895b6f2d2ad10000000002000000000010660000000100002000000094650cb7e4eb306564a506632005c3dfe33ea51e4ff3f3f7700a5e2949bcb6ea000000000e8000000002000020000000d63479543ae6d4a2d8eedd94d17589f415c39fc92d6b78cd25ade5892215f6b7200000007153c7796b64ff4746ba7f26dc238aa2b8bc3d5f445d6560f2c3978b6deb1b5340000000751d49b52c6f70bd9c9d1e36795eb27dc35e757e28cd4590fa44528547d0840b2980c2f7755b053388848beded54006849f1438253f8452ffc85c598806ca58f | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{000DF6A1-2923-11EF-9A72-56DE4A60B18F} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 50a06bda2fbdda01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000009dba024517f4eb43a681895b6f2d2ad100000000020000000000106600000001000020000000fbc917d5f2edf900eb7e3e64a198ad621495c2623a5aedb066d1f0e4707ca0ec000000000e800000000200002000000020762bd1e4b7e611ce3e2fac8b971332acb3d7979407454c7e31fdca048b400590000000bf8016f379f2437fddf59690c3129e0a47393452243cd2d11660ae0ac0bab5e57cf6cc73a1e5ea1651b20a4cb7491e8ea4a041f2548a9a3ff906b486e09ff3b0e1ef35938dcb5286479caee84c1a118c3077a3f1f3c9d58f9c0988c803db3bd7042d64e93531b4dbec7ce5124e94a0da155d7fb566e59c8cb436c870018bb0fa6bc69f01d0a0f0dd2bf6529e7ab844ca400000003dbd61cd4d6d5406f4c311d1b475aca27a8e38a39d697748b444293a2bd16c75bc56d303fb84cdf5f20ab731ad5f06523b84dacc1b589f55c3271684cb3995ca | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424403445" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2464 wrote to memory of 1796 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2464 wrote to memory of 1796 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2464 wrote to memory of 1796 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2464 wrote to memory of 1796 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a355709032b86a70ae37ec702243463a_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2464 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | cdn.brightvar.bid | udp |
| US | 8.8.8.8:53 | ajax.googleapis.com | udp |
| US | 8.8.8.8:53 | brightvar.bid | udp |
| GB | 216.58.204.74:80 | ajax.googleapis.com | tcp |
| GB | 216.58.204.74:80 | ajax.googleapis.com | tcp |
| US | 54.157.24.8:80 | brightvar.bid | tcp |
| US | 54.157.24.8:80 | brightvar.bid | tcp |
| US | 54.157.24.8:80 | brightvar.bid | tcp |
| US | 54.157.24.8:80 | brightvar.bid | tcp |
| US | 54.157.24.8:80 | brightvar.bid | tcp |
| US | 54.157.24.8:80 | brightvar.bid | tcp |
| US | 54.157.24.8:80 | brightvar.bid | tcp |
| US | 54.157.24.8:80 | brightvar.bid | tcp |
| US | 54.157.24.8:80 | brightvar.bid | tcp |
| US | 54.157.24.8:80 | brightvar.bid | tcp |
| US | 54.157.24.8:80 | brightvar.bid | tcp |
| US | 54.157.24.8:80 | brightvar.bid | tcp |
| US | 54.157.24.8:80 | brightvar.bid | tcp |
| US | 54.157.24.8:80 | brightvar.bid | tcp |
| US | 54.157.24.8:80 | brightvar.bid | tcp |
| US | 54.157.24.8:80 | brightvar.bid | tcp |
| US | 54.157.24.8:80 | brightvar.bid | tcp |
| GB | 216.58.213.14:80 | www.google-analytics.com | tcp |
| GB | 216.58.213.14:80 | www.google-analytics.com | tcp |
| US | 54.157.24.8:80 | brightvar.bid | tcp |
| US | 54.157.24.8:80 | brightvar.bid | tcp |
| US | 8.8.8.8:53 | js-agent.newrelic.com | udp |
| US | 162.247.243.39:443 | js-agent.newrelic.com | tcp |
| US | 162.247.243.39:443 | js-agent.newrelic.com | tcp |
| US | 162.247.243.39:443 | js-agent.newrelic.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\Cab4156.tmp
| MD5 | ac05d27423a85adc1622c714f2cb6184 |
| SHA1 | b0fe2b1abddb97837ea0195be70ab2ff14d43198 |
| SHA256 | c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d |
| SHA512 | 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\Tar4237.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b10d9304f0942d3beb109e93725e3e71 |
| SHA1 | 8f15ded02e2c5758c86fe524712ee76d9d9ad457 |
| SHA256 | e83096225427711ccf4088522077689b17deac74ad17c3ddd721055b594054d7 |
| SHA512 | e5bc62b11e2deab968d79f45c093b237700074e16f65c01c12051f757d343c4736def6eef4bb253a16d8d05405788427d12c86b54aea0058b2fab4acfc29632f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2c2dec62ea79c59650ed656f5401bb29 |
| SHA1 | fffac484dc7cbd5f9e5e4c9016024715160083f8 |
| SHA256 | 9e7f9ba2b894751cd4198255f6d5b8f768c8a575e735f829ab0fb16a95409603 |
| SHA512 | e313677591816af3c64168fcbe80f01b071d51f5ac7624594211df7125bde51f9e767be57d8524eaa4d36a18ea15ba5b65d44b4ad8a637f82922e114f9607fdb |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f76ae51bef4e354cf542422e917ca8ec |
| SHA1 | 857cd478dfab19ed1f60ae2dff64bba0cee2b1c6 |
| SHA256 | 1a7308df7d997d3d4a46952bdffcc46c343860f09505f9f08a64c9918cb4853e |
| SHA512 | f9bb4dd94b594d374bed7414831d6aa7463cac83ce77cd418a05c8cb185b9aa682ec7e6922d1c3a6780bee64bc9cdea53bbaec47d9a449fcb3d889e12e4bf203 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 178c783861af74d1421566652a888201 |
| SHA1 | 855af7215bf23336f72cb4b7a4f1dcca4ce9cc15 |
| SHA256 | 0a2073bc3311ac067ab17e80a9101894d986888cf2c2ba6dde284ca7a703039b |
| SHA512 | 20728f3f625091b1832b81eedc11a3a9e093e7d54864bb9c15f0de1bd83e8f76105c7cef8d6765d739f162b9b950c1b1553dd571d2195019a3a959d70cb74dee |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 04323d92409c81f68a845f91523d9a45 |
| SHA1 | 079045591d0bdaf0a81dea5ba21ede5e7a4fc897 |
| SHA256 | 672f438a2e44c672a19b6514581c635c1cbb49c24837e0b59e18a08c435c9a54 |
| SHA512 | 4c92cd5cb65adc9d5efb11a8d0006172778fbe1a8b9f6f248c73d369cdbaa3d56b02f71c02a87264b423c1e7bc4624b97588c9c55abcea4d91174761b0dc1860 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a0692d3192fd40e31daccbd2eb8d68e6 |
| SHA1 | a34c9b253adaa91616b4c8780d700f363aa42501 |
| SHA256 | df58c24d19a1592499f140836c0e7548dbb28c75f9e854a0f90573d1bf131854 |
| SHA512 | 4e62c944271d0a896af52f69224d0744057263d0ac4d5a4dd1ec20ff12607822ac4873015245e2aeb87b296b437810b290f782e1f03dac120f9d8fe473227350 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F59A01A8B782D93EA6991BC172CEFFB1
| MD5 | c5dfb849ca051355ee2dba1ac33eb028 |
| SHA1 | d69b561148f01c77c54578c10926df5b856976ad |
| SHA256 | cbb522d7b7f127ad6a0113865bdf1cd4102e7d0759af635a7cf4720dc963c53b |
| SHA512 | 88289cdd2c2dd1f5f4c13ab2cf9bc601fc634b5945309bedf9fc5b96bf21697b4cd6da2f383497825e02272816befbac4f44955282ffbbd4dd0ddc52281082da |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F59A01A8B782D93EA6991BC172CEFFB1
| MD5 | f72fd5739aec8f527b1c2e7027842c52 |
| SHA1 | 5a944b8335a40ad6f46b42d6efe619a0ef097542 |
| SHA256 | 9fb7a23ea01043d26fb55c5cee67aaa6bab0d7d5f45eea0bbecf33fe01cae2e0 |
| SHA512 | c18011f47d88bb0b4054240aa27fae333eb30638f946652f8bb624fcf3abafb604d9e3fdfca1a411b4afe9b987b04768e438aeee8a21b30fa1dbe428486fb2ae |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5487ae9cacbdea21ef3bb538ceb7bc0f |
| SHA1 | 1a3a022fbba5b38a322dd79297befdd1788334a3 |
| SHA256 | 07d8d2982441bb77ed79213dd9d9f0affb5ef7b59abd5a7ee39c06525df381b9 |
| SHA512 | 484ded9c0f8cede9f9bc8bdab9e2c49333392a6641bd82a8274308e649bc52ad2381b6a294cc6c155f5b1484f9fcba0cf405e07cf08cd68d2176ecd5657e1e15 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 96f425d0f6c02cd5374a3ec536d8894d |
| SHA1 | 6efa8b9652acbddfbe38004638f23672dbfb0b48 |
| SHA256 | b8277b786ba58ad0dbb59f2260b84df5ed9a3c374cc3b1752441898023241c95 |
| SHA512 | 29abafe1d7b3d4a86a08733a1d3ffc184be98801b6f8bd11a37370b4b7577b853c9f15b860e44d131605906022f36abf4e77daf482d23a510fa2024ce02efc2a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 49326c2e59b7cc190b53cb3cbf6622ec |
| SHA1 | 7e4d493eb775115f1d542043750c63a56b30cadf |
| SHA256 | 2c58228ce3fdc2891d1a08a2f3f7a23bb8f798be5d39aec52f206ad5a57acf65 |
| SHA512 | 29f5097af0e31002eba5784dc44186aa73db7bd9d94ff8d7bf3f83e1a9edd776a11bff6b43f505930f363018603e62db591f90d9ad113bd5086d5980caa166f0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7feed0c4eab679cae3182bdbaf0c5fda |
| SHA1 | 62add523b00a429949112655d80b330f3b3735ba |
| SHA256 | 3a95b708cef804a4cc378dfb5ef104fb1a0cc1cd5a4149c48c538e4a564d77ec |
| SHA512 | 661bd1e1fc127b8f120b65c8ab23d1c351e5c17f4cce8b6a88d563b1e586cd4f53fd0c182a789f2d2c9c2a1cad101eb140cc3c594fac2aafcd3fdff1d5059369 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ae701cfee618e9e23470c8808facb045 |
| SHA1 | 15498c74c1a0fdba10bb7f170b3cf67a402a4202 |
| SHA256 | 2daea0c93c2894ceb9f82a79cd35beac5a5d8eff0fc31cea1236546c15ad63d5 |
| SHA512 | bc6ea280d8a9bce1aa429c88c38a5150b8777645edf47b5b03eef760f563be324450b16920cc477d1182ddc751d6cc28a41e377ed9294d700e11197fab0954cd |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2fc15d01c0c3754e1b729e21d2c9fa58 |
| SHA1 | 3d97fc5d4ed6cfd52451ab28efe03749e0812058 |
| SHA256 | 2fbe59b59d04e71efdfc22a5f84ecab8b78a8e9e1d8105d0f679b31ee556484f |
| SHA512 | cc2d9187fcee687040628949ae5b2daaa96d67bb56ac98ea9eab80615a1dd047c08fb207c0b8167d680acf425af825afb51f9eb7662244f7577a581fe3b2fc2d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5b9a0e4839716ac130f75bb1f6e98d44 |
| SHA1 | af0716a01b5ac1356667dac09b26322baff78e7e |
| SHA256 | 662273da31c1d8d320ee822d965df1c7cd04c9584c9df461679f68c8e983a9c2 |
| SHA512 | 992e6118c48d9de1cf669845166af03c61d542d541fdc79ebc267feb5f28e0851ade812f90674c90de9be0f76a2c29e63d2370ff3eac9625677a0c83cc215658 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 35bb5cd0d9036b7112ef2412bf3e4f61 |
| SHA1 | 54227987a6b5c77212abff484a3d993e23e62762 |
| SHA256 | 3ee421a158b515b3662ce7913ea87fbde250ff77e652a42594ace514514548b6 |
| SHA512 | 036733261051a4844505d5af39ec9bc96b8dba2ad57deb90bf2a531bb5806d99038772080a3784117654253e60a2940c4b7e4373b1c060b3844b9794901d86f5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 79cac98837d199f5c2c69951c6647d4d |
| SHA1 | 703e5987b4ce46be255eb3af8d990e4e9da23142 |
| SHA256 | 61f156ededba0b16a217172a8e19c9e01e6ebdf9d6a16c536cca9173f3a93828 |
| SHA512 | 41d387ffca1b2fb6dd0249d6da741df45564881168dc06f9ede8c6fbc8b033d5cd7cf3c89fd4e8bbf4f4dffe473ef45917d4cc377873a12ca17e1545a7400902 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 511c72ec28036cbe59593fb683e09f23 |
| SHA1 | d2e8eb741356c871b2242beb0e480440dfac491f |
| SHA256 | bf3f8d2bd786a942d80e4620967a87b52bf2afccd5f4de1880a059066bad50d6 |
| SHA512 | dcdca31f71396c18fab903b9950740de1b91ac1c99b49bb18d1733ab2aa8ee7493111c4ecacdfc25111af7561a16c076c1ee939d974f0757cbd479fe7584ec09 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6f0cef0d2f6051218c173798b4289d19 |
| SHA1 | 284c74bed2bd07b8971c0a36c6902665fda1aa00 |
| SHA256 | 4acb31ca759e4eb6be41efdf413b3c3f5b4b0f5c0086c76235772ed697c61f90 |
| SHA512 | ae5b5248583e0083e1b50e5717fb34f7acf8d162d7768eddca045eb86ef015eeaacb4367447ce7a59131945311f369ce4e1c022d5bee2c687843c17812452393 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d7b0ff7c58d796d5bf570d634bd80a69 |
| SHA1 | 07c47ee91fe1a95f82458e561ac25437d8dd5884 |
| SHA256 | 89ef80437887774cb2130e1d66a92bee8077e7af247549c09cd84d25751a9ab9 |
| SHA512 | 8a1574dd52347f3dc19b9f9927bb4f39c4c62fccc63f28febde48660d4e39ac3219e35809699f12cb100284a9c6dd3d632c5e8e9eded488ca8f533e44f06a37b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c5332667fb8f098eb5c0c71f926a654e |
| SHA1 | 8e015278d254e85855822d63711abab08a18d839 |
| SHA256 | fcf50caa0017a270a753f72f0e69b58e9ffa34855e2be44e32aac2d51d992ecb |
| SHA512 | 10d671d502debd50a230ded602ed0b18a370f87e4180a32280915b1c8a5e3ac1741fb94a132e69528c2d8e6b38666819be2a549991bbcceabd108b5b19d94de3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f4cadc3d2377cdd3734db0bc7c963fb1 |
| SHA1 | 51a1d028f3cf1265ff7c1dcd4b215391138197a4 |
| SHA256 | df50e8120d48b1452cbe7283e8bcf9d4346115dcf196ff2d385a950040ffe303 |
| SHA512 | 217d7e70f7d4d7d9af7dada9a71114d0a549c3fbc87f83bcb9c937dee2d0822f2d95181c3c3b2e4c20dfc441e5e8c0e23bb9c4ed829820cd40561125fe64e27a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3b02c3635f3ab097b4dd4f96f15b10d2 |
| SHA1 | c49ea10b7805394a8ec39c95e1230d838e78cb40 |
| SHA256 | 9003bac8a02c71c6fce5e682003dd2ccd73eeda0b006b725c5d646381dc04251 |
| SHA512 | c3be387d0aa5157cfdb73f180b614a4636951c125df27b61a526128fed70851b634d214d7801cd630047de2527507ff3cf4995f3dabcb50f8e63b751268bf3ef |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ccebbe1347ac8c3f1775c055ac2fcd24 |
| SHA1 | 1f0bf00bc823230f35e810d2a9adbb21afb60b5c |
| SHA256 | 998eddd54b265009ad296c4473486e00bf19addfa4ea05757f20e52f2f7fd8b3 |
| SHA512 | 65378c6bd2a81f70c2471c5c94f867b90d123e6076c4c28a588ef3fbcecaceec35c7d39537bb87a46ad37c1ed9bc0abf5e2cecd48768ca20fa480bb8c1a90901 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 85e9f6ac079ec2f117fc01c7e825e740 |
| SHA1 | 6275e365969d849c0dda01c213365974e6fff97d |
| SHA256 | b4b22bfca4b7f26dbcc910b7ef6917faabdaa674d417a5f36b8225ce8bb75123 |
| SHA512 | bbbcab9a451e0663e26972a7b165f26570e245be31c42d31d181c270948ca9e9fa035e961904153959c7445e3b7205072e9f22b541c39b716df0e24555101c61 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 53ff3942287258e4cc22badf58d3d28e |
| SHA1 | be76bcf174034790e42a8cd1e7e2216e6f73069a |
| SHA256 | c8f1334118071f731916acfc0b9b4b76c3e55895d948092c0b26b825ca6ebe62 |
| SHA512 | 96a83b1bee45c010895c4cee44ea847f00f5bc5cf0474770ce6eb74053b1d829bbdaae6083291f537f11fbb08f84c54e7d43756fe1bf02d6a18e75234b184328 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f998cb786ee08d338fe12d4f283d90bf |
| SHA1 | 857f26af14c95ed0adf50629d18bab99f17d06bc |
| SHA256 | cfbff5a48e72b2b59dbf773534efa862277198e0497d1cd5cb446d6c1c0572e3 |
| SHA512 | 64c0ab17980fd3a1eae43b2148282b72f495b2c91bd0c5cd2508f0268de252cbb1ac8a95f3a05b8fa72a4568f4990b7163aacdaca2b8f95cf8189791b09c9806 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f0ceddba99e6bd6f4cfa5423f804e8bf |
| SHA1 | 6b797da30a0db4b50bdaefa51e3e5dc32bf704e1 |
| SHA256 | 211a8811f1f5a3f3573d3eca1832ff913531009dfbfecf74e06058e8fd93533b |
| SHA512 | 1da23475c070fbb5513e489d62f940a17284ad4bd84647a525f1ec64616a594913c70752a2dc5a9ac1e6cc43983d4d5c3c2881e341e041d0589503c9febab499 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 78fed9c7386756969c8a315304427367 |
| SHA1 | e35f19d69db362611445e43a186521eecf5e97af |
| SHA256 | d191b3bb647261d341dad748878ba0dd762f78ad0957c9945554f00ef2d38e04 |
| SHA512 | f66d1c6a90cd9cad1c615b5c9a845be195f136d2359518d64ff03521d74f8e4309d8b34a43e11cb0d0f8d5637ae5f25086307c274e376331b76ce4455e63838b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | afb2dbe85dd39c748c7c0d948f4be696 |
| SHA1 | 9e3b85b88e14cba5b6bdd46124f1d7173fe04b8b |
| SHA256 | d2fc686237bab2fa8cd3c2ce069062eb715189b759af1d7d10715bed10c9ac8f |
| SHA512 | 1bbca2b1df2f1c924a4200a5e9755cce93d106541cf54eb3ff311acbb46c72b27c1b9ca19a88ece04a3391e5b4fd050d8f9aa00f69a0ec806d70374331582aa0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a6f5eaf14628a244571725908ceee8a8 |
| SHA1 | 6ec7315ccff10646f92884df4dc2547f376f9bea |
| SHA256 | bee54ab2ade54406a1ea4963cada7f34acde843cd6992e6773decd80a42f41b7 |
| SHA512 | 28655ff1981ef4ce47e4d1d62ec856cdf5c2c248755ca554368b143e43b9d0e615c802b6147a2b0b5f7deec9260672ac70c7c02eda6ee0624639207650ec2cda |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | fe4fe5699633d623b897ff31177e0c2c |
| SHA1 | 3269253f044e48d366267867c95e7000d2899afb |
| SHA256 | 29e704873c0a1bd5b97bdbebb2cb65d1201e38d13e069e8e447ce5d5f1819d2d |
| SHA512 | 2190ab84fa2c96d1ee9c0bcc8c0ae63e650dea236751939899da9bab2f485a3a4269022d4e1c73c3850f958bbf71afaad007591cbd4299df5b394764f96f496e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d200cacc1a06d324741b6bc2eaafc0b3 |
| SHA1 | ba3a9324bea90a7b709e9ac5c498b3d148fcf0aa |
| SHA256 | a2526359942883ba1f072cca30d0962814f59d61675e262198da04aa62ab2033 |
| SHA512 | e5c6e6cbe4ac01ba5584ebe4c38337d7b5ea1a8ca37174ecaf22352077a6ba2995abca0a025af3dc3379f0432867f88da262be5ba2ad20c82f7f8cd35062bee7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 37da130b9c5ff00b291f9f0fa87b4cd9 |
| SHA1 | df63a450cc6896099616fe8b102fe8e6e8285b8b |
| SHA256 | 87658f92ba7f33d350377b089dae2989993f781770dfda2384810853891d298f |
| SHA512 | 34cc6990a920d3a81e79e29f475b82e9a04259007dae8b4746359bcc692cc6fd47a79df6d63bbe04dcf69ffbdaa9fb3a628f53bc940f7bc6cd1c77744dd14b3b |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-13 01:19
Reported
2024-06-13 01:22
Platform
win10v2004-20240508-en
Max time kernel
145s
Max time network
129s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a355709032b86a70ae37ec702243463a_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffae94e46f8,0x7ffae94e4708,0x7ffae94e4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,11647236147351315059,2032962832090269713,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2104 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2096,11647236147351315059,2032962832090269713,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2192 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2096,11647236147351315059,2032962832090269713,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2828 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,11647236147351315059,2032962832090269713,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3192 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,11647236147351315059,2032962832090269713,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3212 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2096,11647236147351315059,2032962832090269713,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4968 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2096,11647236147351315059,2032962832090269713,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4968 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,11647236147351315059,2032962832090269713,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4640 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,11647236147351315059,2032962832090269713,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4688 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,11647236147351315059,2032962832090269713,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3248 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,11647236147351315059,2032962832090269713,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5012 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,11647236147351315059,2032962832090269713,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1048 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | cdn.brightvar.bid | udp |
| US | 8.8.8.8:53 | ajax.googleapis.com | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | cdn.brightvar.bid | udp |
| US | 8.8.8.8:53 | brightvar.bid | udp |
| US | 8.8.8.8:53 | cdn.brightvar.bid | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 439b5e04ca18c7fb02cf406e6eb24167 |
| SHA1 | e0c5bb6216903934726e3570b7d63295b9d28987 |
| SHA256 | 247d0658695a1eb44924a32363906e37e9864ba742fe35362a71f3a520ad2654 |
| SHA512 | d0241e397060eebd4535197de4f1ae925aa88ae413a3a9ded6e856b356c4324dfd45dddfef9a536f04e4a258e8fe5dc1586d92d1d56b649f75ded8eddeb1f3e2 |
\??\pipe\LOCAL\crashpad_4524_UJHBVLSBKBLVWREH
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | a8e767fd33edd97d306efb6905f93252 |
| SHA1 | a6f80ace2b57599f64b0ae3c7381f34e9456f9d3 |
| SHA256 | c8077a9fc79e2691ef321d556c4ce9933ca0570f2bbaa32fa32999dfd5f908bb |
| SHA512 | 07b748582fe222795bce74919aa06e9a09025c14493edb6f3b1f112d9a97ac2225fe0904cac9adf2a62c98c42f7877076e409803014f0afd395f4cc8be207241 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 12b583921ae6dee387482d4ede4e82ee |
| SHA1 | bd22c8be9d2be16ab9582074b404e9008a99416b |
| SHA256 | b0e436f5ab16b282e150b01eb30215e4077101f73a91551c33e7081a1e8342be |
| SHA512 | a8403ec770641a3bc4de29eea769dc075f3a0245f676f9f72285ef20a119280818a9604b56bdbc4434b7e5be2d6e52cce80c9dea42eb6e83739672d549adc3cf |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 76f00ea6f5eab5a0773b5a7925584806 |
| SHA1 | cd21487743313f03efac87362e90c7f22a647674 |
| SHA256 | b1d1626976c438f549cafc82f6e5578add79de86960a6d976c8e829d00e57485 |
| SHA512 | 85d4f199ad4574cabf8655e8ccfaecef954e3ef80c33e15942009c1a0092fce51f8866a79a89a348fac959562d3fddbe7644f7aa115b33a8acdb3cc0d8f16654 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 4182fe3b81d7fa72f770d8e4c24a8e32 |
| SHA1 | ab1ae960cef74b444b12655500a2ce8ef0385df4 |
| SHA256 | 6af638a512256935fd584a537c4f96fe5916c0fe9890c5adba143424109e07dd |
| SHA512 | 271577c1e525790576f75b7b517a934c983ef2a2b9507db7da4732f7c07014fa7b2217cc03cc6dc0e9bc53a5656d8476540eaeb01e9c1e92481f665f7620cc66 |