Analysis Overview
SHA256
acea6860d558e5acc1986bca80fcef97af6d747333f87a5ab42a46d1d27ff96a
Threat Level: No (potentially) malicious behavior was detected
The file a39bab7f2d056384a8aaaf95401e0603_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Suspicious use of SetWindowsHookEx
Enumerates system info in registry
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Modifies Internet Explorer settings
Suspicious use of FindShellTrayWindow
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-13 02:59
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-13 02:59
Reported
2024-06-13 03:01
Platform
win7-20231129-en
Max time kernel
117s
Max time network
140s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000006d25e55b44b1c54e9dfb2e0e4b38acba00000000020000000000106600000001000020000000b6d7e03aea276442ef116db1131b2b8f2689b8b49e17b8254cc4abbd20618182000000000e80000000020000200000001d8dc050fb3a8faad3c74faa4a38198c19417c41ea20124a9e8d806a4816796020000000a3f95d287fdc3434bdaf0f356be099c0023dcfc25292c833a069e31167a0632f40000000be840f58f8ab02e8d3f04e2d254f466c17238364500becd44f0c660c9fd579fbef30ec255f618fcd1f5ccec7c72c1867d16d27bd5725fee9426bf94a886492b6 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424409421" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000006d25e55b44b1c54e9dfb2e0e4b38acba0000000002000000000010660000000100002000000003e539cd0520160514441dfceb0fe74a32de0da322c4fd7da642ba13cfec6b61000000000e800000000200002000000020f19684f136fd41ec3e291d91bbd69105826bc216ea417fe56801c54a0ef1ac90000000e08361b3c918dee01121d4a1b60122940510cf4b54081cc8d4c99bdfa810e3da16e35c615686f943d05efb367ecbf5f5b3dfde756256ad88df1f51be874cdb99ecfba84575ed26f85a3f6ed75f4f20cd5964f592f6e7db92c329f57f44970aae0c10ff467a997fb8d267df41ca8813121d0ca4c227fd6e4fb88b657f226166d862fbebf29785aae80c44ecd4115726a0400000003e007a18c6db5b6281c4e5a1c05906d43c957e068c813dd4109ebf1fe9b353a8009b59aa6caad889820c23c73fad9fdb05d675381dd71d96fea9786e6f87f1ae | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\FaviconPath = "C:\\Users\\Admin\\AppData\\LocalLow\\Microsoft\\Internet Explorer\\Services\\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 20c40ac63dbdda01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{EA99ED21-2930-11EF-919D-C273E1627A77} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 1936 wrote to memory of 1948 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1936 wrote to memory of 1948 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1936 wrote to memory of 1948 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1936 wrote to memory of 1948 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a39bab7f2d056384a8aaaf95401e0603_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1936 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | aster-m.su | udp |
| RU | 90.156.201.60:443 | aster-m.su | tcp |
| RU | 90.156.201.60:443 | aster-m.su | tcp |
| RU | 90.156.201.60:443 | aster-m.su | tcp |
| RU | 90.156.201.60:443 | aster-m.su | tcp |
| RU | 90.156.201.60:443 | aster-m.su | tcp |
| RU | 90.156.201.60:443 | aster-m.su | tcp |
| RU | 90.156.201.60:443 | aster-m.su | tcp |
| RU | 90.156.201.60:443 | aster-m.su | tcp |
| RU | 90.156.201.60:443 | aster-m.su | tcp |
| US | 8.8.8.8:53 | pki.goog | udp |
| RU | 90.156.201.60:443 | aster-m.su | tcp |
| RU | 90.156.201.60:443 | aster-m.su | tcp |
| US | 8.8.8.8:53 | pki.goog | udp |
| RU | 90.156.201.60:443 | aster-m.su | tcp |
| US | 216.239.32.29:80 | pki.goog | tcp |
| RU | 90.156.201.60:443 | aster-m.su | tcp |
| RU | 90.156.201.60:443 | aster-m.su | tcp |
| RU | 90.156.201.60:443 | aster-m.su | tcp |
| RU | 90.156.201.60:443 | aster-m.su | tcp |
| RU | 90.156.201.60:443 | aster-m.su | tcp |
| RU | 90.156.201.60:443 | aster-m.su | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| RU | 90.156.201.60:443 | aster-m.su | tcp |
| RU | 90.156.201.60:443 | aster-m.su | tcp |
| RU | 90.156.201.60:443 | aster-m.su | tcp |
| RU | 90.156.201.60:443 | aster-m.su | tcp |
| RU | 90.156.201.60:443 | aster-m.su | tcp |
| RU | 90.156.201.60:443 | aster-m.su | tcp |
| RU | 90.156.201.60:443 | aster-m.su | tcp |
| RU | 90.156.201.60:443 | aster-m.su | tcp |
| RU | 90.156.201.60:443 | aster-m.su | tcp |
| RU | 90.156.201.60:443 | aster-m.su | tcp |
| US | 216.239.32.29:80 | pki.goog | tcp |
| RU | 90.156.201.60:443 | aster-m.su | tcp |
| RU | 90.156.201.60:443 | aster-m.su | tcp |
| RU | 90.156.201.60:443 | aster-m.su | tcp |
| RU | 90.156.201.60:443 | aster-m.su | tcp |
| RU | 90.156.201.60:443 | aster-m.su | tcp |
| RU | 90.156.201.60:443 | aster-m.su | tcp |
| RU | 90.156.201.60:443 | aster-m.su | tcp |
| RU | 90.156.201.60:443 | aster-m.su | tcp |
| RU | 90.156.201.60:443 | aster-m.su | tcp |
| RU | 90.156.201.60:443 | aster-m.su | tcp |
| RU | 90.156.201.60:443 | aster-m.su | tcp |
| RU | 90.156.201.60:443 | aster-m.su | tcp |
| RU | 90.156.201.60:443 | aster-m.su | tcp |
| RU | 90.156.201.60:443 | aster-m.su | tcp |
| RU | 90.156.201.60:443 | aster-m.su | tcp |
| RU | 90.156.201.60:443 | aster-m.su | tcp |
| RU | 90.156.201.60:443 | aster-m.su | tcp |
| RU | 90.156.201.60:443 | aster-m.su | tcp |
| RU | 90.156.201.60:443 | aster-m.su | tcp |
| RU | 90.156.201.60:443 | aster-m.su | tcp |
| RU | 90.156.201.60:443 | aster-m.su | tcp |
| RU | 90.156.201.60:443 | aster-m.su | tcp |
| RU | 90.156.201.60:443 | aster-m.su | tcp |
| RU | 90.156.201.60:443 | aster-m.su | tcp |
| RU | 90.156.201.60:443 | aster-m.su | tcp |
| RU | 90.156.201.60:443 | aster-m.su | tcp |
| RU | 90.156.201.60:443 | aster-m.su | tcp |
| RU | 90.156.201.60:443 | aster-m.su | tcp |
| RU | 90.156.201.60:443 | aster-m.su | tcp |
| RU | 90.156.201.60:443 | aster-m.su | tcp |
| RU | 90.156.201.60:443 | aster-m.su | tcp |
| RU | 90.156.201.60:443 | aster-m.su | tcp |
| RU | 90.156.201.60:443 | aster-m.su | tcp |
| RU | 90.156.201.60:443 | aster-m.su | tcp |
| RU | 90.156.201.60:443 | aster-m.su | tcp |
| RU | 90.156.201.60:443 | aster-m.su | tcp |
| RU | 90.156.201.60:80 | aster-m.su | tcp |
| RU | 90.156.201.60:80 | aster-m.su | tcp |
| RU | 90.156.201.60:443 | aster-m.su | tcp |
| RU | 90.156.201.60:443 | aster-m.su | tcp |
| RU | 90.156.201.60:443 | aster-m.su | tcp |
| US | 8.8.8.8:53 | aster24.ru | udp |
| RU | 90.156.201.60:443 | aster-m.su | tcp |
| RU | 185.215.4.58:443 | aster24.ru | tcp |
| RU | 185.215.4.58:443 | aster24.ru | tcp |
| RU | 90.156.201.60:443 | aster-m.su | tcp |
| RU | 90.156.201.60:80 | aster-m.su | tcp |
| RU | 90.156.201.60:443 | aster-m.su | tcp |
| RU | 90.156.201.60:443 | aster-m.su | tcp |
| RU | 90.156.201.60:443 | aster-m.su | tcp |
| RU | 185.215.4.58:443 | aster24.ru | tcp |
| RU | 90.156.201.60:443 | aster-m.su | tcp |
| RU | 90.156.201.60:443 | aster-m.su | tcp |
| RU | 90.156.201.60:443 | aster-m.su | tcp |
| RU | 185.215.4.58:443 | aster24.ru | tcp |
| RU | 90.156.201.60:443 | aster-m.su | tcp |
| RU | 90.156.201.60:443 | aster-m.su | tcp |
| RU | 90.156.201.60:443 | aster-m.su | tcp |
| RU | 90.156.201.60:443 | aster-m.su | tcp |
| RU | 90.156.201.60:443 | aster-m.su | tcp |
| RU | 90.156.201.60:443 | aster-m.su | tcp |
| RU | 90.156.201.60:443 | aster-m.su | tcp |
| RU | 90.156.201.60:80 | aster-m.su | tcp |
| RU | 90.156.201.60:80 | aster-m.su | tcp |
| RU | 90.156.201.60:443 | aster-m.su | tcp |
| RU | 90.156.201.60:443 | aster-m.su | tcp |
| RU | 185.215.4.58:443 | aster24.ru | tcp |
| RU | 185.215.4.58:443 | aster24.ru | tcp |
| RU | 90.156.201.60:80 | aster-m.su | tcp |
| RU | 90.156.201.60:80 | aster-m.su | tcp |
| RU | 185.215.4.58:443 | aster24.ru | tcp |
| RU | 185.215.4.58:443 | aster24.ru | tcp |
| RU | 185.215.4.58:443 | aster24.ru | tcp |
| RU | 185.215.4.58:443 | aster24.ru | tcp |
| RU | 90.156.201.60:443 | aster-m.su | tcp |
| RU | 90.156.201.60:443 | aster-m.su | tcp |
| RU | 90.156.201.60:443 | aster-m.su | tcp |
| RU | 185.215.4.58:443 | aster24.ru | tcp |
| RU | 185.215.4.58:443 | aster24.ru | tcp |
| RU | 185.215.4.58:443 | aster24.ru | tcp |
| RU | 185.215.4.58:443 | aster24.ru | tcp |
| RU | 90.156.201.60:443 | aster-m.su | tcp |
| RU | 90.156.201.60:443 | aster-m.su | tcp |
| RU | 185.215.4.58:443 | aster24.ru | tcp |
| RU | 185.215.4.58:443 | aster24.ru | tcp |
| RU | 185.215.4.58:443 | aster24.ru | tcp |
| RU | 185.215.4.58:443 | aster24.ru | tcp |
| RU | 185.215.4.58:443 | aster24.ru | tcp |
| RU | 90.156.201.60:443 | aster-m.su | tcp |
| US | 8.8.8.8:53 | mc.yandex.ru | udp |
| RU | 93.158.134.119:443 | mc.yandex.ru | tcp |
| RU | 93.158.134.119:443 | mc.yandex.ru | tcp |
| US | 8.8.8.8:53 | mc.yandex.com | udp |
| RU | 77.88.21.119:443 | mc.yandex.com | tcp |
| RU | 77.88.21.119:443 | mc.yandex.com | tcp |
| NL | 23.62.61.97:80 | www.bing.com | tcp |
| NL | 23.62.61.97:80 | www.bing.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\Tar18B4.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ULR3Z9KL\carrera_logo[1].htm
| MD5 | cd2e0e43980a00fb6a2742d3afd803b8 |
| SHA1 | 81ffbd1712afe8cdf138b570c0fc9934742c33c1 |
| SHA256 | bd9df047d51943acc4bc6cf55d88edb5b6785a53337ee2a0f74dd521aedde87d |
| SHA512 | 0344c6b2757d4d787ed4a31ec7043c9dc9bf57017e451f60cecb9ad8f5febf64acf2a6c996346ae4b23297623ebf747954410aee27ee3c2f3c6ccd15a15d0f2d |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\REZ0RZN6\ULQ3A9TY.htm
| MD5 | 61ba88f653d9ee4e8276024324a3cb25 |
| SHA1 | c603ce90482e4db3f008a667c4b5b08c19420ea4 |
| SHA256 | 94f306f9741c0c997b0126adb79d4ab432d54ae9100ac56a8cd934a954dcc15c |
| SHA512 | 7296a67481a2a3c8092fff6cec8c7be5491ea8c404f9bcdd7c773c6c2af7f87ac7fdfd22bf8a00237b912ef4a42d1829e49e1639b495085d38846f80a8a012ef |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1HXQ0HXX\WHHOX7F7.htm
| MD5 | 72715eabb74aac00a0c5883ab10554e8 |
| SHA1 | afdd6efaa5b2b464d52bfcd42aecbcd579e8de08 |
| SHA256 | 285e2b659b388330b8b7fadbb57772022dfa925fcccc996d552464a1b1ca28c7 |
| SHA512 | 150dbe1772bd126c936d0a15a584e4d2a35c3070b4aba5ec1be60bf5dc84d11812bf9d16c873ad7636ab7567bcdbcbceb863761f5a6e43949b3e77faa8ae309d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a177e7fb21e5455591b2345cc9d61f0a |
| SHA1 | a413c185fae9db9fde11848eb8a3c08439a8bfe8 |
| SHA256 | fe7a56c05ba728cb73ca0cc11e8bfb454b025aefe212ebff02814865bf0cf931 |
| SHA512 | df263243c01666054c9e4ab58f52e840b4438addaff5ea93bef80c9642f3521d40dce1a7377f29575711a659c89d4ee7c2863f15ecd8a438d1c12c5d183f3c64 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | a266bb7dcc38a562631361bbf61dd11b |
| SHA1 | 3b1efd3a66ea28b16697394703a72ca340a05bd5 |
| SHA256 | df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e |
| SHA512 | 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | 223849c4895012c8acbdcca873c5f133 |
| SHA1 | e603bda669785e88fcd886f05990c5bcd2d5c29f |
| SHA256 | d6d901cb322965963727b3aa5ca357a89944a83f6c8f85668c079cea658ea65a |
| SHA512 | 2a685fd188372d8d97bfb96e38326321cbdc61c17de786fc281a246088729a39c998dd16b96e560db2c0a1a9a24caaf140e28fdb84c54efe644dae462eff1339 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 789a5a300864b371b08f6d490332880c |
| SHA1 | 4933238ef7973addd5bbbe6e8fe0d53479bcb304 |
| SHA256 | b60e342bcd03d9ea4f18b867eeb5c330f0e3d1f0526e7fec0d543b74eb429688 |
| SHA512 | da3e34dbdf80a5f37c35675b577ec9b03e2fa555f66f69f9b967ce1159a5b86381500bd54fcb2bff6f46687beaadde0fc438adcbb474748912274533be149091 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ec32536af9e70b92b8338a8d84baf718 |
| SHA1 | 1576fb6fbf06ea9449074385e27198b39b39e39d |
| SHA256 | e722e6a0bd5e822b7c255edb43954260724591a3c534cf9554e857251397ab23 |
| SHA512 | 491ab319c341373f78e375808765e82fd13edb07655dbb8f7d5e848c8db03e5a0d2d1b563d4149c8ffd3e20e7a0aa69463315870e64081ac20ee892574b515de |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 48771cd81fcf5280392c154a5743f062 |
| SHA1 | a66bc423474347bc508e7ca784b56fea8b9910a6 |
| SHA256 | a5d7927577bd6b6ffb3e4a46ff2faaaf82f4aa1cb6d7e98a23f8e9fd415c6d3b |
| SHA512 | adb0533de1d66101bc0dcddd35fc23659aaf960b476bfa00d31f40d9e3fb373d56d2cc88e5206161af53ceb385cc0624cd5d96fa335bedb205a7f7451c6f2e0e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | db681a4c006c81f48c0d54d579e6497b |
| SHA1 | f2d992a2932c20c944bc42f88bafcbd8c21d6bae |
| SHA256 | eb693fc7431ac58f9a7337e96543d66fb1c535aa5e4562509d7acc140e8664d6 |
| SHA512 | 2f3e8165d0a2216b84ed5206e0656987def574133fbf8b576c356007bc10eb554f051592c5a977851603bdc447feb8f019b190ade03fcee0c7da58ada552dfc7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4b87be76a3da30a019748b379ec56e46 |
| SHA1 | 9f7cdf1ce720549153c449745be60218e896e2dc |
| SHA256 | 03af6f81f05653ac8ee8ed16d8a6d32df012f128a2b7dcd773fe1c1b5eb90ba6 |
| SHA512 | 19b2ebd9b025bb76a6ae03226893c6e5fea56abea2c40581d74264ec7ca7fc7c8fd59be9f5bc49f867f57291492ef75d9ba01af25f3c39b4c6f50059124e2024 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 19be14736b331f17fc5f99b722cf8e0c |
| SHA1 | bcdedc6844d25e627a794c86a186af7b8eedf8b8 |
| SHA256 | 6bb3fc3ee3ee8682707671b5fd5283580ef2a56127676c5659cdf8fdba94f85f |
| SHA512 | 168e8d468664033010c63b9a1684630291382ea321e2c0e0cf1f3a3a0c50ff1d3a5fd97c550bb9fbf1544f77c92b592a4b346f843d93623efa4f3f17d89acd07 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | e4a68ac854ac5242460afd72481b2a44 |
| SHA1 | df3c24f9bfd666761b268073fe06d1cc8d4f82a4 |
| SHA256 | cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f |
| SHA512 | 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | dbbb5a00cc1f0d7ebb7424a9ec030ab9 |
| SHA1 | a7314a6b668b31e18edc30828b36c8d89fbbdd44 |
| SHA256 | bf28a4658fc07e78b0004a10bc0f68e35f5c5ab59efb40167ae72f0f530c4f4d |
| SHA512 | 597452f4947b20fca7063131063a923d82f49fee2c183f1d2a9e5ad5217a7e3e53e200badc254046afd4160d1973b2ce05705a3a749f8cad963da8902b9b1c20 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7f32336256a439b785c2ceb033f89142 |
| SHA1 | 920a58e2f9f735ea41a37489454885a1a3f8b36e |
| SHA256 | 91da0afbdd39e95afbca72a14dc05f7eb431ca020c40004e2308413745b805fa |
| SHA512 | 90934c8a8aa2bbf61018484bed317552cdb4365420cd9afff8dc5e976cb019ebfad30e00e0dc4944a229b370db16ec0e87962587e29b1c54cc275d63aa32c2aa |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 70d64ab1c86310fb5b313d78f8a836e6 |
| SHA1 | a581cfd60b08b109de3af344b2e6281826628d3e |
| SHA256 | 70987409479c5a5ddb69a37430372637317e4f04e1bc562b76f26796c471d847 |
| SHA512 | 68be7619fb77effab086fe0a0ddc3c91f9236f34e779e6a279b972d7dd65691b405cb568509dee79ee5fd91b54c2a4839438df32049e4ead00a2cbcfc56567dd |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 20b27b93e5b0e837607038ff4cbf8e7b |
| SHA1 | 61e539c18b3ed7a81c7bfb25572bf3f6fa62a8d5 |
| SHA256 | 410701efff5a19a399158dae8b4c957f0c046abe6b90b4e52df8e486d61220bc |
| SHA512 | fe74ec91805f58b45fb9169fb92762b7976a3626dfc65f81e4a6f09a0ddf09466d8826cc9383d51c30a61137c583bcb4fe73c7c4f23f9de7401c1e0293f6ca02 |
C:\Users\Admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico
| MD5 | da597791be3b6e732f0bc8b20e38ee62 |
| SHA1 | 1125c45d285c360542027d7554a5c442288974de |
| SHA256 | 5b2c34b3c4e8dd898b664dba6c3786e2ff9869eff55d673aa48361f11325ed07 |
| SHA512 | d8dc8358727590a1ed74dc70356aedc0499552c2dc0cd4f7a01853dd85ceb3aead5fbdc7c75d7da36db6af2448ce5abdff64cebdca3533ecad953c061a9b338e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8ffecb22e0a506b817cf05a013d4db73 |
| SHA1 | 6f7f3f15969af348ed20133cb5d95a3b40a8e4c2 |
| SHA256 | 559e889cb83c0e7e2437991721965a66980a27bd43352836ee4b81843cd01c1f |
| SHA512 | e229a735da09c0fa59c94cf84736ea91b15e5fa72806541bcbc9672d790705b86f58b960fc274ebbd68cd9223643702c22d12871ea9fabdaf1736a42d3b12dfb |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d6c130d72383bc9fb8077f3b914a35e4 |
| SHA1 | f9b8e3c7c878d2da5ea40517fda7dfccb315d182 |
| SHA256 | 2a344a5b42e6de0acdd909e3158d460b95a57fe3b14a900cd532eda552212280 |
| SHA512 | c0e9d533db6b7da8d60b02dcbe0d9cc8b0993dd69075eada2b5ad187922ad7520e04f10b3e456a9589fe45ae9743f7acdcb752e2bcef9180252bbaacf2b99a5b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 26b5eaa44caa55317b6a94b9245dfdad |
| SHA1 | 5b95befabd6fd19eae6486113adb282910cc87e9 |
| SHA256 | 4725b72c03c8aa274b953a9d41e6e87a3f3f3403f2abccf0ca45613f5e9f475e |
| SHA512 | 654dd91bb3fa6268a6efd9767f7ae65073fb43ad6eb053c2c9885d7a5d2d8b01d59473b7f1a1890e59df81a5f5324acc1c703c4223e2a4e4b6f2105a6d6a0b5b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8bf668680a81dff984d4628e318f9822 |
| SHA1 | 18843cf9f3acd6f33673f2f6cbbfdf54caccc1eb |
| SHA256 | 4e1a8ffa5eb5831344c16430bee12da95bed4b4e3cf5650dfcef58d80701e901 |
| SHA512 | 3b000553eda315c71751d8e63e656ae39959794f7d9ebf7a822998aabe1eb94180806be342ac934249c6f00920ad66ebd62979607c9203016a65b6894ff26548 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ef228c796afcd616244a43c8983ab8bf |
| SHA1 | 93208742bdaed99c5fb3760dfa8151c5dea5621c |
| SHA256 | dcaf24e66cdc96f9de32dc46f887abf5e1ea942c087190d467136778ac51a5f0 |
| SHA512 | ef117d0e4ff6920c7150eab97dc90f1088443d0a5e955d606b28f5d1ef3c4595b3c791b61d31365da8223622be20321c953f23d1bb5527539e0347dbc1c0aa1e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0fe1cf294a48ff1aa53b987a6ecd524f |
| SHA1 | 787877a46cf1a82e7d190bcd0dada3ccdbde0d77 |
| SHA256 | 5d3b572c5d29f234f275faef72634bbf95dc2ef2c9fc66d06b902b1abe31d647 |
| SHA512 | 330a40a2a6c39285099d8ca855857872df973082dc11e6c4052a383caa0cde6d128ed127869132457b0e687b96e56f7cd10117ed6b4ee863de17c3c0d4a8404a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1ad065bfb8ab9d2dfec51a30e7c3a744 |
| SHA1 | 22a6ba0c5bd9e1b6913f361f43017d7f170fbfde |
| SHA256 | 440edc116cca513de6a1a32ade331ca94992f3ad2e61ac66d80ed42d8d938e0d |
| SHA512 | 459f96b47308c5b7e3747a79d235471544853979e7ffeec18cc515b9060d775babc436f249cf0a4f806f018b9fa1fad6d1eed547fdeb47aa2c82196909a64851 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | aee3c265fcd288d5f72feaad0d77eb43 |
| SHA1 | c12f8eeab8ffbbc9f4728f336f5c43d8fdf81b9b |
| SHA256 | ca3da958c6933bf7985d860532b43bf0dc6d5acb2dd1f969a6b2c6966e203859 |
| SHA512 | a009807a352ee187a14be8ecc05981c609932c58c9c012ae20d9ccf1eee7ab0aa4f8731a796ba40b275aa79c848140101ba58dae80f482f9070cc0c85110435b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f81084011dac1b47f11e2312463b8350 |
| SHA1 | 14757933416a1e64197349133dad352bf78a08f3 |
| SHA256 | 7f6e10458853c6fa064d6e881a941053f6981514af58a38999e87d1bf50b296e |
| SHA512 | fd8360a608a50abdc86fcc7173ac8e32f1acfc8cbd6a6e0efb80e0a3819654599d83dba8ec0f81553d7f6b99c2040239bbfbf0128c426fe6f34b865dcbd54aec |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7d87f30b78a6e478feb349563fb93213 |
| SHA1 | e431f09e428ff8b620c6edd44ac59d10f7f35e09 |
| SHA256 | 7876f913a2cd7aa08826ce084e41a2dc7c0fe528ba481ac1e810c1f82722a320 |
| SHA512 | 86d230fb822df281e82af7040877d6b76bc9fab2be95ffc50942a7037312ffbf9d5ad242a78f639bfab7d24d105a91377f38a6e06498837f619a61c269ad6932 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-13 02:59
Reported
2024-06-13 03:01
Platform
win10v2004-20240611-en
Max time kernel
145s
Max time network
150s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a39bab7f2d056384a8aaaf95401e0603_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa6b9c46f8,0x7ffa6b9c4708,0x7ffa6b9c4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2068,6168044147230690443,7769066916273092625,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2080 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2068,6168044147230690443,7769066916273092625,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2180 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2068,6168044147230690443,7769066916273092625,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2764 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,6168044147230690443,7769066916273092625,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3244 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,6168044147230690443,7769066916273092625,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2068,6168044147230690443,7769066916273092625,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6056 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2068,6168044147230690443,7769066916273092625,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6056 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,6168044147230690443,7769066916273092625,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6036 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,6168044147230690443,7769066916273092625,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2300 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,6168044147230690443,7769066916273092625,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,6168044147230690443,7769066916273092625,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3356 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2068,6168044147230690443,7769066916273092625,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4812 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| GB | 142.250.187.202:445 | fonts.googleapis.com | tcp |
| US | 8.8.8.8:53 | s.w.org | udp |
| US | 8.8.8.8:53 | aster-m.su | udp |
| RU | 90.156.201.60:443 | aster-m.su | tcp |
| RU | 90.156.201.60:443 | aster-m.su | tcp |
| RU | 90.156.201.60:443 | aster-m.su | tcp |
| RU | 90.156.201.60:443 | aster-m.su | tcp |
| RU | 90.156.201.60:443 | aster-m.su | tcp |
| RU | 90.156.201.60:443 | aster-m.su | tcp |
| US | 8.8.8.8:53 | 20.160.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 202.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 60.201.156.90.in-addr.arpa | udp |
| RU | 90.156.201.60:443 | aster-m.su | tcp |
| RU | 90.156.201.60:443 | aster-m.su | tcp |
| RU | 90.156.201.60:443 | aster-m.su | tcp |
| RU | 90.156.201.60:443 | aster-m.su | tcp |
| RU | 90.156.201.60:443 | aster-m.su | tcp |
| RU | 90.156.201.60:443 | aster-m.su | tcp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 204.79.197.237:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | 237.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| NL | 23.62.61.194:443 | www.bing.com | tcp |
| RU | 90.156.201.60:443 | aster-m.su | tcp |
| RU | 90.156.201.60:443 | aster-m.su | tcp |
| RU | 90.156.201.60:443 | aster-m.su | tcp |
| US | 8.8.8.8:53 | 99.201.58.216.in-addr.arpa | udp |
| RU | 90.156.201.60:443 | aster-m.su | tcp |
| RU | 90.156.201.60:443 | aster-m.su | tcp |
| RU | 90.156.201.60:443 | aster-m.su | tcp |
| RU | 90.156.201.60:443 | aster-m.su | tcp |
| RU | 90.156.201.60:443 | aster-m.su | tcp |
| RU | 90.156.201.60:443 | aster-m.su | tcp |
| RU | 90.156.201.60:443 | aster-m.su | tcp |
| RU | 90.156.201.60:443 | aster-m.su | tcp |
| RU | 90.156.201.60:443 | aster-m.su | tcp |
| RU | 90.156.201.60:443 | aster-m.su | tcp |
| RU | 90.156.201.60:443 | aster-m.su | tcp |
| RU | 90.156.201.60:443 | aster-m.su | tcp |
| RU | 90.156.201.60:443 | aster-m.su | tcp |
| RU | 90.156.201.60:443 | aster-m.su | tcp |
| RU | 90.156.201.60:443 | aster-m.su | tcp |
| RU | 90.156.201.60:443 | aster-m.su | tcp |
| RU | 90.156.201.60:443 | aster-m.su | tcp |
| US | 8.8.8.8:53 | 194.61.62.23.in-addr.arpa | udp |
| RU | 90.156.201.60:443 | aster-m.su | tcp |
| RU | 90.156.201.60:443 | aster-m.su | tcp |
| RU | 90.156.201.60:443 | aster-m.su | tcp |
| RU | 90.156.201.60:443 | aster-m.su | tcp |
| RU | 90.156.201.60:443 | aster-m.su | tcp |
| US | 8.8.8.8:53 | 205.47.74.20.in-addr.arpa | udp |
| RU | 90.156.201.60:443 | aster-m.su | tcp |
| RU | 90.156.201.60:443 | aster-m.su | tcp |
| RU | 90.156.201.60:443 | aster-m.su | tcp |
| RU | 90.156.201.60:443 | aster-m.su | tcp |
| RU | 90.156.201.60:443 | aster-m.su | tcp |
| RU | 90.156.201.60:443 | aster-m.su | tcp |
| RU | 90.156.201.60:443 | aster-m.su | tcp |
| RU | 90.156.201.60:443 | aster-m.su | tcp |
| RU | 90.156.201.60:443 | aster-m.su | tcp |
| GB | 142.250.187.202:139 | fonts.googleapis.com | tcp |
| RU | 90.156.201.60:443 | aster-m.su | tcp |
| RU | 90.156.201.60:443 | aster-m.su | tcp |
| RU | 90.156.201.60:443 | aster-m.su | tcp |
| RU | 90.156.201.60:443 | aster-m.su | tcp |
| RU | 90.156.201.60:443 | aster-m.su | tcp |
| RU | 90.156.201.60:443 | aster-m.su | tcp |
| RU | 90.156.201.60:443 | aster-m.su | tcp |
| RU | 90.156.201.60:443 | aster-m.su | tcp |
| RU | 90.156.201.60:443 | aster-m.su | tcp |
| RU | 90.156.201.60:443 | aster-m.su | tcp |
| RU | 90.156.201.60:80 | aster-m.su | tcp |
| RU | 90.156.201.60:443 | aster-m.su | tcp |
| RU | 90.156.201.60:443 | aster-m.su | tcp |
| US | 8.8.8.8:53 | aster24.ru | udp |
| RU | 185.215.4.58:443 | aster24.ru | tcp |
| RU | 185.215.4.58:443 | aster24.ru | tcp |
| RU | 90.156.201.60:443 | aster-m.su | tcp |
| RU | 90.156.201.60:443 | aster-m.su | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| RU | 90.156.201.60:443 | aster-m.su | tcp |
| RU | 90.156.201.60:443 | aster-m.su | tcp |
| RU | 90.156.201.60:443 | aster-m.su | tcp |
| RU | 90.156.201.60:443 | aster-m.su | tcp |
| RU | 90.156.201.60:443 | aster-m.su | tcp |
| RU | 90.156.201.60:443 | aster-m.su | tcp |
| RU | 90.156.201.60:443 | aster-m.su | tcp |
| RU | 90.156.201.60:443 | aster-m.su | tcp |
| RU | 90.156.201.60:443 | aster-m.su | tcp |
| RU | 90.156.201.60:443 | aster-m.su | tcp |
| RU | 90.156.201.60:443 | aster-m.su | tcp |
| US | 8.8.8.8:53 | 58.4.215.185.in-addr.arpa | udp |
| RU | 90.156.201.60:443 | aster-m.su | tcp |
| RU | 90.156.201.60:443 | aster-m.su | tcp |
| RU | 90.156.201.60:443 | aster-m.su | tcp |
| RU | 90.156.201.60:443 | aster-m.su | tcp |
| RU | 90.156.201.60:443 | aster-m.su | tcp |
| RU | 90.156.201.60:443 | aster-m.su | tcp |
| RU | 90.156.201.60:443 | aster-m.su | tcp |
| RU | 90.156.201.60:443 | aster-m.su | tcp |
| RU | 90.156.201.60:443 | aster-m.su | tcp |
| RU | 90.156.201.60:443 | aster-m.su | tcp |
| RU | 90.156.201.60:443 | aster-m.su | tcp |
| RU | 90.156.201.60:80 | aster-m.su | tcp |
| RU | 90.156.201.60:443 | aster-m.su | tcp |
| RU | 90.156.201.60:443 | aster-m.su | tcp |
| RU | 90.156.201.60:443 | aster-m.su | tcp |
| RU | 90.156.201.60:443 | aster-m.su | tcp |
| US | 8.8.8.8:53 | mc.yandex.ru | udp |
| GB | 216.58.213.14:445 | www.google-analytics.com | tcp |
| RU | 93.158.134.119:443 | mc.yandex.ru | tcp |
| RU | 90.156.201.60:443 | aster-m.su | tcp |
| RU | 90.156.201.60:443 | aster-m.su | tcp |
| RU | 90.156.201.60:443 | aster-m.su | tcp |
| RU | 90.156.201.60:443 | aster-m.su | tcp |
| RU | 90.156.201.60:443 | aster-m.su | tcp |
| RU | 90.156.201.60:443 | aster-m.su | tcp |
| US | 8.8.8.8:53 | mc.yandex.com | udp |
| GB | 216.58.213.14:139 | www.google-analytics.com | tcp |
| US | 8.8.8.8:53 | 119.134.158.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 157.123.68.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| RU | 90.156.201.60:80 | aster-m.su | tcp |
| US | 8.8.8.8:53 | 203.107.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 23.236.111.52.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 3a09f853479af373691d131247040276 |
| SHA1 | 1b6f098e04da87e9cf2d3284943ec2144f36ac04 |
| SHA256 | a358de2c0eba30c70a56022c44a3775aa99ffa819cd7f42f7c45ac358b5e739f |
| SHA512 | 341cf0f363621ee02525cd398ae0d462319c6a80e05fd25d9aca44234c42a3071b51991d4cf102ac9d89561a1567cbe76dfeaad786a304bec33821ca77080016 |
\??\pipe\LOCAL\crashpad_1404_IDIETHKGTWROYMNA
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | db9081c34e133c32d02f593df88f047a |
| SHA1 | a0da007c14fd0591091924edc44bee90456700c6 |
| SHA256 | c9cd202ebb55fe8dd3e5563948bab458e947d7ba33bc0f38c6b37ce5d0bd7c3e |
| SHA512 | 12f9809958b024571891fae646208a76f3823ae333716a5cec303e15c38281db042b7acf95bc6523b6328ac9c8644794d39a0e03d9db196f156a6ee1fb4f2744 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | a341e7d98111236e46b51955f3018e75 |
| SHA1 | daa96bcfaa6cb3e5437546ed129842a6ab423f31 |
| SHA256 | ad9ce943ef6674d7724e036d4953e8de19f3b5d757b309f04f2f75f91f0211ac |
| SHA512 | 92ae6702b3f7474f497f89cf71adf1e8641cbe8ecd40646bd378bb978ea1dae6064d88d40e1b51cec7afb5aa68ead04fa1d4c5a1c4f3ca98535786077ca94bcd |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | b5de49e8431996bf0f9be75cb266a69b |
| SHA1 | 2918946fc2e73ee308b2d19db0e3a48e4ee7933e |
| SHA256 | 64633da849221cdd09633ffb30b0a7f524595130cfc7ad8620d0b8ff741db7c5 |
| SHA512 | fa2e0f8cad9302089e163b88ab159c2d05b2538b3cdd0dde581714beb788adb31397671af3a3d260236156aa57b19a9a0e095cc77c4537e71d52039f4f656231 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 98f03f5e8a59608a6dbb63d2b709f46c |
| SHA1 | e948ddd43076e82ddc0cb7e2079083de1a05da60 |
| SHA256 | f0b75fba21c9f48496e895792a3077e30f998991aeb0830d5317c308faa7e4d1 |
| SHA512 | 5604f9e32c372b6cd64f0e7c7a9b7721c5cba45705bee7f33203c4fd391dd22f4705256e0b92d3a866978c2a1071668d7d7e6626417ff2f47ca580b3a2b8876e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 546ab37d2b73a38bb73f5379a4e0e9f2 |
| SHA1 | 91ad30909b40610e7d5f4787a6d86d66d653a16c |
| SHA256 | eb52f3f74372a0312760b83b386e87bb6c6d2894c7baf4509d29637968a74da4 |
| SHA512 | 2747ecff476a5f2d23a546c19fa9c395c72d0a564d8c6723f4620005b797c59349ab47fc8a17b3327d4ca77907f3b36454787c980723fa777c5503b0ed913bce |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57d060.TMP
| MD5 | 825dfd833359078c5561b83aa97b075c |
| SHA1 | 39acea01f4dce2ca3970c6b2196ace6ae815acb3 |
| SHA256 | 79bdf123016e1daf6e38202fec19ff9b6ffa776e4790ee0dd982f49d89a68b4d |
| SHA512 | 5e320c78d49d7e0d47db34ec3b9d4011ae5ad1a4b9f96241a2ddbfe9b3988ad17e3245b22a5dcb7a1010534f4b65a92aaa08b390cca40dea31e844ad88e7a0a3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | c2b423e75622bffc83f8350b9a8bbebe |
| SHA1 | 98a48196ef6e7615e87df15988675f66190f0c0a |
| SHA256 | c67995e19eda894cc6253993537589e78ccc735446434e72f3f1fffcf9505299 |
| SHA512 | 272705c3c82632d6f2225295595fcbb5333306091f20f7fafcc1c9a7f4cdf8f37fab25ad15d03d542cd4b60cdbd66f60ac295e59d4de5caf836ba38e295cae2c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 88eb4fc0c475f8d8ca12ed087e836783 |
| SHA1 | 7eaf40a258b5b8c5607fb06379aba10418c0cc75 |
| SHA256 | 90a799bea99582826928c6d760b6338d21fec6ec931a6f4fba915fe5901242f5 |
| SHA512 | 64a393265bad41a7d48c812ee3afdd63fc1dc4ee269787409ed4c6c6b2a5bf97db7f6e2e7f84a8c3584f11e3918975a6b6223800ac36b4e00f347f15d66466da |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | ee8644af67f24219bb42b78596bb50db |
| SHA1 | 38734565b2ecf0ac0fb45801449c8e407b4fdcd4 |
| SHA256 | d7a81de0ce1a4f0b11490b92e2bfb1510455de5d5a214e41d35d628aa705f16a |
| SHA512 | 33e3f19099f7f82aa0949bd7d4cf12fc8256fa923223a50b225a527a52fca5497a2ffca7119cc0e9d6582ba38fad786ef7fdb95379cfd2a2d38384aed62d0f7c |