Analysis Overview
SHA256
d4cdfbd5785b62177c013440b86391bbd8701e94c149f438190b323409e2709e
Threat Level: No (potentially) malicious behavior was detected
The file a39a18cd62b6dc8ea7d8be173c6bfc9d_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Suspicious use of SetWindowsHookEx
Enumerates system info in registry
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of SendNotifyMessage
Suspicious use of FindShellTrayWindow
Suspicious use of WriteProcessMemory
Suspicious behavior: EnumeratesProcesses
Modifies Internet Explorer settings
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-13 02:56
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-13 02:56
Reported
2024-06-13 02:58
Platform
win7-20240221-en
Max time kernel
141s
Max time network
142s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{78C295D1-2930-11EF-8A7C-66DD11CD6629} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = e0353d4e3dbdda01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424409231" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\International\CpMRU | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000704a58ae95b2174ca1b8777b979abd8d000000000200000000001066000000010000200000008526d936e6e222b6d6ce347fd3fdb5d460f40cea655df66456dec944bf40343c000000000e80000000020000200000003ffbdecdf4eee45803cc4f71f5c9063363a1acc664f2b2ebb4a34af590852a3f20000000fe82c9679719d0bd0480ca49408e1e295db13011e308a8b7d36101968441f4af4000000079f2a77481282f3138bcd76aeba2e2cdd242d1e690a3aa4feb20887a7c3c52602374a301f2f779e7d87c3270f30c7835488eb21c513ef4def69b0cf0493ad960 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000704a58ae95b2174ca1b8777b979abd8d00000000020000000000106600000001000020000000252a4e96ca62863a60e2ee51922a3c44006d532be5f539bff06c0dec0ba53b14000000000e80000000020000200000000954240b18b37138c3ee636ec559bb51d71fc6db942643e1bbc28b2115ab870290000000bd0c8929f6947587d6dfe9524c114d9924893966578e81425c92a367199ca8c0ce05d7bf980a1504cf6f48811afabfeffefdd42ac744e131f8f6a907f88b9932abe336499138fe5a8da1d48e353d39502010281b6dbe137ff2b8bce5077e667d19a45b839ff91e442cc9c3739d58c2e77ebc56a20101e03685ee357552d810e32742383b50c6a17d79f5159bb7c5e28740000000a275465eed9899623e25a4df0fc23d21e6a68b99216f13ed546946f6d63f583e167bf129a6e79dcf290fcc509f700c5232e8cde8b327fbf16cfc8656c6bb1cb6 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 1912 wrote to memory of 2868 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1912 wrote to memory of 2868 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1912 wrote to memory of 2868 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1912 wrote to memory of 2868 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a39a18cd62b6dc8ea7d8be173c6bfc9d_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1912 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | cdn.yaporn.club | udp |
| US | 8.8.8.8:53 | vwijf.com | udp |
| US | 8.8.8.8:53 | yaporn.club | udp |
| US | 104.18.10.96:443 | vwijf.com | tcp |
| US | 104.18.10.96:443 | vwijf.com | tcp |
| US | 103.224.212.210:443 | yaporn.club | tcp |
| US | 103.224.212.210:443 | yaporn.club | tcp |
| US | 103.224.212.210:443 | yaporn.club | tcp |
| US | 103.224.212.210:443 | yaporn.club | tcp |
| US | 103.224.212.210:443 | yaporn.club | tcp |
| US | 103.224.212.210:443 | yaporn.club | tcp |
| US | 103.224.212.210:443 | yaporn.club | tcp |
| US | 103.224.212.210:443 | yaporn.club | tcp |
| US | 8.8.8.8:53 | apps.identrust.com | udp |
| US | 8.8.8.8:53 | apps.identrust.com | udp |
| NL | 23.63.101.170:80 | apps.identrust.com | tcp |
| NL | 23.63.101.170:80 | apps.identrust.com | tcp |
| US | 103.224.212.210:443 | yaporn.club | tcp |
| US | 103.224.212.210:443 | yaporn.club | tcp |
| US | 8.8.8.8:53 | x2.c.lencr.org | udp |
| BE | 23.55.97.11:80 | x2.c.lencr.org | tcp |
| BE | 23.55.97.11:80 | x2.c.lencr.org | tcp |
| US | 8.8.8.8:53 | ww25.yaporn.club | udp |
| US | 199.59.243.226:80 | ww25.yaporn.club | tcp |
| US | 199.59.243.226:80 | ww25.yaporn.club | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\CabE93.tmp
| MD5 | ac05d27423a85adc1622c714f2cb6184 |
| SHA1 | b0fe2b1abddb97837ea0195be70ab2ff14d43198 |
| SHA256 | c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d |
| SHA512 | 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d |
C:\Users\Admin\AppData\Local\Temp\TarEA6.tmp
| MD5 | 9c0c641c06238516f27941aa1166d427 |
| SHA1 | 64cd549fb8cf014fcd9312aa7a5b023847b6c977 |
| SHA256 | 4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f |
| SHA512 | 936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\TarF88.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e928aaaba4ce452fb927c66d0f4c885f |
| SHA1 | 73ff867875e5b2e2d35dcbcb6f6d4906641a2116 |
| SHA256 | 080bbd4249704d636a9a96b95e8d13ddd92232405e996b239d804b1cc37cf31f |
| SHA512 | ba649998b413d186233718ecc77bd5e24ee344aab531897968279be1d690f6f345f45413f5f045318aa1c5e8c6d44b758f2279dd282903798e8672edf3ebfc2c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\103621DE9CD5414CC2538780B4B75751
| MD5 | c09d96399a4bce5edfadc6f883ef951c |
| SHA1 | 68800d268f18bc4518e2dae1d40e45274e0e7481 |
| SHA256 | 15d2ef086478d4a1012c5f171e5cc7ecb2413c18d7318cfd31127d31a6f06037 |
| SHA512 | 7aeefaacfe21873151d9e550a44260cf0734f0269ea0eb5ed97bb8654d7855fef5588fa46c7d27eeda9ba76a45492f75fe76c7cedd992830b5424a41f63b72aa |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\103621DE9CD5414CC2538780B4B75751
| MD5 | 822467b728b7a66b081c91795373789a |
| SHA1 | d8f2f02e1eef62485a9feffd59ce837511749865 |
| SHA256 | af2343382b88335eea72251ad84949e244ff54b6995063e24459a7216e9576b9 |
| SHA512 | bacea07d92c32078ca6a0161549b4e18edab745dd44947e5f181d28cc24468e07769d6835816cdfb944fd3d0099bde5e21b48f4966824c5c16c1801712303eb6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e39b4aabd36dd9192a37d48a851898cf |
| SHA1 | e62f81fd52d00e17409813cf3cc80b7b6cb46535 |
| SHA256 | e2268c7bfda7203aaf04a30f8e57954ac45ba10ebbc06c5b86154b0f931fdb26 |
| SHA512 | a2bc72efdc0b4555560f330f05ed91544b18258f1e81780ca76b48d2b343a7735258e814d74d21a6de283d89fb660c2dcd1e5a9667def3883364db1b83d9dafd |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CEC5B0E4CCB695208492C64784C4129A
| MD5 | f7770117dbd684837a9aa2f48dea2dfd |
| SHA1 | 0ab4f6e41d245feee125b3abeeb86642b4524741 |
| SHA256 | ad54a65debae5a2820ec8272ece415e80be5a53531adb000c36c30ffc8f6df00 |
| SHA512 | 8bd6f9de8bb50a32598f8d28754e18aaa3e65083e10350994d858c78b4ed190aaf31909ef3c24a8fe0bb57858b642d2251e61a2e6b9c50eb639f945928d58654 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CEC5B0E4CCB695208492C64784C4129A
| MD5 | d4e4572b54a321affcac4c8d9b2fca57 |
| SHA1 | bc8ea90657ace88d6cd0f93df5b63aa8a4330e50 |
| SHA256 | f4d2bf6f726c0cc54d18dfe83f0d594b97ab4ca756bacde6a3e26b0c3260b777 |
| SHA512 | 36a70dbbda1db8f46b7c6e96108d4368f512d87780c71cf5fd2b38a20b6008fedff9504b11b59ee29a51461d66e211f2e0763f3c7c28c2557226acc28c3d80f5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | fbf270966e6fa7b7a7e7528a17f984d9 |
| SHA1 | ea6e48b66eab7bba77434d950e5fa9b3e1574d95 |
| SHA256 | 641a89dd50cd4e965497b52c79775c957779f0d7a629f429c8ce3341d9dbc8e3 |
| SHA512 | 60289fc2eccba9a1d0705f8c8d860f1102b236a88073a41e38a5ee20942f4923bcb6203d8eb3dcf5cba3276496cb04028fd27d319a694bc58856e6e3625986be |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 456f2923f49e9926c5927755530343bc |
| SHA1 | f1078a0320f5e6da160266b99093bdff48f0632c |
| SHA256 | 785e1b66e752096919741c11ac69cda457fc44cf3c26de12685813ed103c8e81 |
| SHA512 | 70fda13e6f440b2bb29073a1dd37bf482f108dfd18a3b1d3cfff44e0d9d12a3d6d83f2622dfe63a5a2fcbda3284137eb93ba952b5ef3bc48c59f8c42da0bb009 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | aeb490f2b757d186005f551dad992f2b |
| SHA1 | 7c6780403e82ead0e7c668575dbb5a614df8bd40 |
| SHA256 | 8bd25e5aba52fcdc30c3e2dd217ab3c0d4905e263f99048331ab1eb61fe13b25 |
| SHA512 | 05663e2286e775abb189384ee6bf67ece41cdb77efbe99e14e4d14a5527d307ed972f595c484816a14d907d93ef66bbae6d202ac72238465ed1a53a43a13561a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3677cfea5e8ff92ffde77956624ff421 |
| SHA1 | 81afad367bbc305f0ae2497635bbf73b24810bee |
| SHA256 | ce501411cafda648792877107fc36aefe6c65858d1ee10524c0d5dad0ebf28ec |
| SHA512 | f8aff3ddb82cfef7869bbace5217977f59980766e38b1e47d43b96724b169a62aba70615767d385e2a6a2e3a1980da56fa8eb67c9a077160cf236b31b4094d2a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 271e1e10850ea31e32f8850469b66114 |
| SHA1 | fc70d7835d00b3c5cd6b612a83d9cc070cb41fc1 |
| SHA256 | 1a3d27be3cecad099be4a31196f5decf6497c72739989db6319588cdde5d2b38 |
| SHA512 | 135db11d6b2115885c94f75121209c8eba875fcd1540030726d9515e528123d2e849844575dae744220e2c5a4f309fe5ec1ad839fbdbc35b0cf8127797da8bbf |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 05e18809096634132d12af102aa37e14 |
| SHA1 | fd2d8a3edfab93351da7669cc2a299e22212a038 |
| SHA256 | a927411e7db9ac8f59174c7fc540c930a6a1c49ff7030e204d840e4f9e969c4a |
| SHA512 | 3f8aae9effc9e4b9d9397a3feb8a0b5065a7e5fb4ba8293c6ab282b5c83528978faf034b5d982b47e9095657f15ef32b992d88b82221986ae2f0bd7ae896d748 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7d137db9121402649d84e7ee800ab0eb |
| SHA1 | 14fe541eed40cb6794b93d80f696722b16727aec |
| SHA256 | 153cab1cc6a1fb5d7806cddca9a0ceddac8215bd4612e09b3f52443789518b2e |
| SHA512 | 0599cb1000d1f8c23a24b95a665d70ded6ed358ce66f21caa44b179711d47037e98cd83b2ae39db5b8ef813c2707d3f5882fd703d17b4dd2b913b65f6aab43ec |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b5e7b174a674621bfb7181d8045c01ff |
| SHA1 | 83200fe7558582fca07de64e8ff80f52b808226c |
| SHA256 | fc07810a6e5e2bf446543900a252144d8e9b1346c0074db4ef70eda50e9660f9 |
| SHA512 | fb5dfc147ba4e4ecd4fbe90ff1bdd03b85eef42a714f3d8935bbe09cb8458c33f5caec001829241634be131c8a526b1460c09c85c91bfb5d6ee855c56d74fd38 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2f05942aa78a23772581b1dea34820f7 |
| SHA1 | 39f68b7dc3e37cedee32e70edd96b1bc3a30ccaa |
| SHA256 | ff22b887b3ddbc32905d1754dfdc4a042952739e1ed56756e18e4ad325c25927 |
| SHA512 | 4aaf45e14274a836a86b9d19c53453b23d7f4010228aecae53f4647b6ebdfd50637d45d642378927985849e92a5265340bb73b36bd778c777745170d9ba13782 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | cd4a79c399f91faf3b98923d5b24ed83 |
| SHA1 | 64e6292510d5423f86227debc6a5cb834d4efad8 |
| SHA256 | 4677daec538e7b1e4de953aab2061066879a6f735e1523ce421496adde4b7de6 |
| SHA512 | 2916108ffb78f8898a26f585922c9a6dd5801054328b9a7281780cb5c194376c9f62ba7b01f0d766a3de024f8ae6a47a0fe1e8e293d91f03b3b65215a133cae6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 07138e741db5b32a36750390cda20de6 |
| SHA1 | 7591552679816e5daab18794779666921961cef6 |
| SHA256 | 200ed817533dfd43c22ae487419c8fd7d33fdb2c5042d7461d9d0401adb565b1 |
| SHA512 | 72da564bad87c5cfda1d1cf10823c52558940d7acab42599b4d97fe5270bbd20179f01c3fd9f2f8698bb73e0cc102b8bd476fb7bb6e293fef888274f748559f0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | edea9ab188e8d6727ea7a6fdc81aa6f7 |
| SHA1 | 082084a0b224cd33f610eefbb58c3ff5cc9f9acc |
| SHA256 | bd02a466e2ccc063ed9d0b5f34d551c0c34a286df1710f84fdd80296354b3fa3 |
| SHA512 | d34ea1ae1ea3f5f5bcaf99dd162543334eacf13cbfb3e8a4b96bd93e697bde66daa5d605363e5f5aeb0636aad38e7aca80bfca25103fe67a47d7489a03d98a86 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | 3ad651df3f1a65107088990364c93459 |
| SHA1 | 812b20fa25be33026be3865b3cbbd7c4848e6ff4 |
| SHA256 | bd0a35d2d196c431de315ccfb50c4f5a61741af23ac790a06749346113d2706e |
| SHA512 | 9faeecc8eab9f3a6c7bd5062941c7ce8de4b88b6d06cad2c46a539fee8d57df90643dd8442378535cdb95aa60a5cb011a24a2c35ffa80f013c2b637e11ceebf9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | a266bb7dcc38a562631361bbf61dd11b |
| SHA1 | 3b1efd3a66ea28b16697394703a72ca340a05bd5 |
| SHA256 | df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e |
| SHA512 | 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 58937666aaa2234c3f4fe91319ba4778 |
| SHA1 | 30e5f97744b57dedaff9907322fded93b1eeb853 |
| SHA256 | 8eb69137cff2663213247a383fb070188e2ced8df262573522974b816802b18d |
| SHA512 | e1f83ca5950b12b3a920ce6273f7f8025e3b5a675a5c052159ab19a349d43b806ccabee5a94337234e7eaabe600550bd18b6874ca31b9001a0e55296e5f63616 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 93332abe850c1e6d3b802d2351a3d749 |
| SHA1 | c8cb84466dfff328169b9d4acf0ba4920f003044 |
| SHA256 | 1919609d9fb4b8ff1f73ce17b73695755d74f680cbd38b911988337f26683dee |
| SHA512 | 9cb4e5daf0dccfa57cffd17176dbfde7c7f6931ef48940404644a8449d07810c0109a76c51f98c395bc64c7a472dff353ea4928d8b3c9141a7e845ad3979c888 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 880a2d81e8aeac9507ede981e208673c |
| SHA1 | 19fcc1a1e09c8b61afdc0ce248fc994f0bf704fb |
| SHA256 | aed3b9918a699f069331a195cc0d227862afff3ec146634873c39db9eff73122 |
| SHA512 | ff0a35b3992e9986c7a57b01dfde91bafeb88070bd4c84864fc319cc2d76f8b318787fb7f018619f3aa81a7b359cc9ae1612636c6c737704e3f49d834c74df4f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 32ef7d71c0a77d37a41bf5451ce621b2 |
| SHA1 | dda40ce6ca6bd0ee543f200eed0d348d83c3685f |
| SHA256 | 6d1599d2938e8712ee55fda2e9b8971703e33beba4b2eb80f221d72c139c8938 |
| SHA512 | da2737d8d7b4e3943dd4ae1fc966dd4c7b62be0548dda8ba3e2c84990c91c82fe5289f99a348425fcaa31349943853a195099a06860d9d301cf03c372fda1e2d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | e4a68ac854ac5242460afd72481b2a44 |
| SHA1 | df3c24f9bfd666761b268073fe06d1cc8d4f82a4 |
| SHA256 | cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f |
| SHA512 | 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 486db924679a4429de68c2a2fa3c4009 |
| SHA1 | ffcb9831abe5c0876c5a83905220d8b2045cc8d5 |
| SHA256 | 1eb43e52d94cca8f010c0ad0f25b62b38c092ebc641abfbc3f27b3cb284ddf37 |
| SHA512 | 9e42a11c0d8311561724f9b3e75644472d4be2c69a84f79ecd599a5d7f73608e38d5aff2ebb5dcf2ecec1d7871d456952bb4298b84ab4e16b439132b9cd18b15 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ae213869f1028fc94734b2f29448bb22 |
| SHA1 | a2e46e5d6d0b0a691872965f8b804d9929706afe |
| SHA256 | 528408d156e747dc6465c49c4b9fd813526064d5990c079881d51b9b0d3b4312 |
| SHA512 | 6f0d75067e3e2f18ff9f6027e9e7f37ad7f7d013794f698654215eaab830eff7bc06743f7b69710f523fc6d2c3d5dace3e6710220cd75897b0cd4b17d6b02ff6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | adfbd78b595a92e225e5cf4fcf858df1 |
| SHA1 | 676260d00f8ce56bcda47bd3e1c46d4928c44b6c |
| SHA256 | b2b4d3b179bfcd11f3e724a2b4b93719d86b763dfe390613254c45a2682e611f |
| SHA512 | a79d6a2e5c23c9420cfa3a1f302f41ea3bd8187b00f172012078d6cb4aa4f269ab37c896495e66565848ebc4265d12d5d153a53f47a16968a4b8cc40b3aedeb4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f3d4bebe70efed904499320b991e4793 |
| SHA1 | 696ba81951fb599efeec51a165110abe7924cac4 |
| SHA256 | a9d8bfe77105f2df7a500da7dbd051ffcf1435e9619f1c1868550f4036fd2d58 |
| SHA512 | df7de6d7b1f16b33ac6d4a82c918c8b6607a100e9eacf33f0b0ce4b61fa553e94908c1f76b30d6fcffbf3631d4cf1f15e8e14ec1e97af1bf5472e44d19c9c5a4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | eb54eb5b3cc89cfc6d33b41cfd82e8a3 |
| SHA1 | 7204104b8b0614063f9ffe3e8292c3873a8b0576 |
| SHA256 | 5d5a9adfd5b6ae850faa80cf53aa7eb4478f28ff8580fc72e676f871153f7759 |
| SHA512 | 8627ab1d8a5b338f871ef731fdf45f567abccca5b019c9d1d157407aba8dd9973377165936ae41f71969ae048add3911a3d5186037f19ad3700a44e58bc0c93b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 59af1cd6bbd0e93388c2a47c9d8262b6 |
| SHA1 | ba82cad6f44eec0d3f11de9219a702c3589bec93 |
| SHA256 | ad4a917a1ade3e819275a15d594ffdd505f262428f8f4ba72b095c818eae748f |
| SHA512 | 62661aba0d7ed9b7459a4e526b8de3daa962eacca921403faa1e60fcb8bcd650463f64a166925ca3f3e0e28deb42f4a2b34a14302d5952928a01b44352bb4b89 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-13 02:56
Reported
2024-06-13 02:58
Platform
win10v2004-20240611-en
Max time kernel
145s
Max time network
139s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a39a18cd62b6dc8ea7d8be173c6bfc9d_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc47d446f8,0x7ffc47d44708,0x7ffc47d44718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2200,12753990684137764715,3550411013182772137,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2208 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2200,12753990684137764715,3550411013182772137,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2260 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2200,12753990684137764715,3550411013182772137,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2820 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,12753990684137764715,3550411013182772137,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3232 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,12753990684137764715,3550411013182772137,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2200,12753990684137764715,3550411013182772137,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5188 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2200,12753990684137764715,3550411013182772137,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5188 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,12753990684137764715,3550411013182772137,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5200 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,12753990684137764715,3550411013182772137,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5264 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,12753990684137764715,3550411013182772137,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5812 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,12753990684137764715,3550411013182772137,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5716 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2200,12753990684137764715,3550411013182772137,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4840 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | cdn.yaporn.club | udp |
| US | 8.8.8.8:53 | yaporn.club | udp |
| US | 8.8.8.8:53 | vwijf.com | udp |
| US | 104.18.10.96:443 | vwijf.com | tcp |
| US | 103.224.212.210:443 | yaporn.club | tcp |
| US | 103.224.212.210:443 | yaporn.club | tcp |
| US | 103.224.212.210:443 | yaporn.club | tcp |
| US | 103.224.212.210:443 | yaporn.club | tcp |
| US | 103.224.212.210:443 | yaporn.club | tcp |
| US | 103.224.212.210:443 | yaporn.club | tcp |
| US | 103.224.212.210:443 | yaporn.club | tcp |
| US | 103.224.212.210:443 | yaporn.club | tcp |
| US | 8.8.8.8:53 | apps.identrust.com | udp |
| US | 103.224.212.210:443 | yaporn.club | tcp |
| NL | 23.63.101.170:80 | apps.identrust.com | tcp |
| US | 8.8.8.8:53 | 140.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 96.10.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 103.224.212.210:443 | yaporn.club | tcp |
| US | 103.224.212.210:443 | yaporn.club | tcp |
| US | 8.8.8.8:53 | ww25.yaporn.club | udp |
| US | 199.59.243.226:80 | ww25.yaporn.club | tcp |
| US | 103.224.212.210:443 | yaporn.club | tcp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 204.79.197.237:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | 0.205.248.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 210.212.224.103.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 170.101.63.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 226.243.59.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.156.103.20.in-addr.arpa | udp |
| NL | 23.62.61.97:443 | www.bing.com | tcp |
| US | 103.224.212.210:443 | yaporn.club | tcp |
| US | 103.224.212.210:443 | yaporn.club | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 97.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 157.123.68.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | b704c9ca0493bd4548ac9c69dc4a4f27 |
| SHA1 | a3e5e54e630dabe55ca18a798d9f5681e0620ba7 |
| SHA256 | 2ebd5229b9dc642afba36a27c7ac12d90196b1c50985c37e94f4c17474e15411 |
| SHA512 | 69c8116fb542b344a8c55e2658078bd3e0d3564b1e4c889b072dbc99d2b070dacbc4394dedbc22a4968a8cf9448e71f69ec71ded018c1bacc0e195b3b3072d32 |
\??\pipe\LOCAL\crashpad_1748_IEAMAKFWPJGRXATW
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 477462b6ad8eaaf8d38f5e3a4daf17b0 |
| SHA1 | 86174e670c44767c08a39cc2a53c09c318326201 |
| SHA256 | e6bbd4933b9baa1df4bb633319174de07db176ec215e71c8568d27c5c577184d |
| SHA512 | a0acc2ef7fd0fcf413572eeb94d1e38aa6a682195cc03d6eaaaa0bc9e5f4b2c0033da0b835f4617aebc52069d0a10b52fc31ed53c2fe7943a480b55b7481dd4e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | c594393cd113bb2687ac8efa54f78d0c |
| SHA1 | b1375e63656bbb105a63834643ac3ce0543ccb31 |
| SHA256 | fe7e3cdc331db7247ea57314d1bc11db5cf45e8f774d6218b90ada866d421af3 |
| SHA512 | f40e3c5e6e21b834af922cbe2629069531e3c8dac58865ef50c08f3827605eca1c131494e6d41610fb391aec36c958f8ea12b6d3d6ac1fb9cd6f1704e6784554 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | c2d049cfb8d44b0519bcd421afdffd16 |
| SHA1 | b166832d209c75b34f3c1cf293c60dd4c636a84a |
| SHA256 | 4952d46e420eac8207369112d624816445adc6cc7366064ede1c718a41c80564 |
| SHA512 | cbfbc4d9f3f0423a91138431dff1d6f7ec6598ff917bc42b6959599aeaae01eb5d42bb0711e5db251f9c5cfeeef501c66e3c1b87a44243d0781017aeaf40f2be |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 6b3a4201929f3203e86179e509681b95 |
| SHA1 | 94e597b5eb14506aa4b9a0f4b21d4b196842313e |
| SHA256 | 729e3223ac67bd8d101e7da7f130264c8fcb40d9ce22f9b937ed220a2e9e20a5 |
| SHA512 | d506a76128f551e63b648f71992bf12684d3148559c29f1030f3b3e00c4ccf563e6777664f6a7379245f55153fd6cf88b7e73064dd9f903c31c33adb39c85de8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | af208c6bb14127eea0541bed38bd0a06 |
| SHA1 | c5f4da6f0726b3f85cd81f2b4ec5aade4915baa9 |
| SHA256 | fdc65b15d14ebfe8c39ae462afbdd24f95e471d3d72c93e1bd71b64dc5c46c42 |
| SHA512 | d6fa99f77819d99a717d9a107004562136d4fe4cb5e3f045c317a87419e93be2b4f630f53165d3ea508cf18eed04a88fa527cb78bb82f71bd3740e1e032b7727 |