Analysis Overview
SHA256
ccf2e28184f053201cae08776aa95e1b92c19555edeefbbd20a965203d9329aa
Threat Level: No (potentially) malicious behavior was detected
The file a42f9d8042b6bab35077d4fd39070f67_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Enumerates system info in registry
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of SendNotifyMessage
Modifies Internet Explorer settings
Suspicious use of FindShellTrayWindow
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-13 06:24
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-13 06:24
Reported
2024-06-13 06:26
Platform
win7-20240611-en
Max time kernel
144s
Max time network
145s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424421716" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{8A69D921-294D-11EF-BDE8-5214A1CF35EA} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000000b2968c6cf60b74b94229c882944fb8100000000020000000000106600000001000020000000aa15adb06846aadb76f0fff94e4c44c3005de847d215c03d0a5e09cefe4a6904000000000e80000000020000200000001eda0ce9430dcd04e7cd63230292fc2cfbf58f27fad9db0c563469fb21b9035f20000000a2d86b82af0544a81cb0262e5576550d3b77691613388b99b695034d7edc6b1640000000b1c11683e8f30e589e80dd9fb832b097c43a377f327abe7b95a188548a7073b30a6c8f6968dcd622844774934a45d4960c42793187300b398bb21d6bbaf18392 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000000b2968c6cf60b74b94229c882944fb8100000000020000000000106600000001000020000000444deca4a21fbaaf6b127c86a4589691530a1544b89e64196be2c1764b351416000000000e8000000002000020000000f250fa8e351f8a940a52b6305f4cd8a501d14ac9aaddfee6f80572b98e8c804290000000f7a1ae1345e39a70874fc3d7b1bb06e22e0b2440faae9b25b4390754091b162ec648ed276dee560941ca28138b84b06aaed9dec4b251659e171ae14ceacaea33a0e2edf651f504eb9f12ad410dfeea2aaab4eb21926443f79ccb1cb335966455aa881981a4b035408a27f03116fedf0239ebc33f8373443e0a07a6e5b43396da687236524f61b2d2acb4232c9041ab3c400000002ef904adcadfa59ac286fbedc9b32dcadd429570ddfc971addfc02d08dc7f0aacc51fc9000d9e4f0753a37a6d0f24a638a3cbe16b71680b2150af059415b091e | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = b01068605abdda01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 1696 wrote to memory of 2808 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1696 wrote to memory of 2808 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1696 wrote to memory of 2808 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1696 wrote to memory of 2808 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a42f9d8042b6bab35077d4fd39070f67_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1696 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.bestvite.com | udp |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| GB | 163.70.151.35:443 | www.facebook.com | tcp |
| GB | 163.70.151.35:443 | www.facebook.com | tcp |
| CA | 23.227.38.74:443 | www.bestvite.com | tcp |
| CA | 23.227.38.74:443 | www.bestvite.com | tcp |
| CA | 23.227.38.74:443 | www.bestvite.com | tcp |
| CA | 23.227.38.74:443 | www.bestvite.com | tcp |
| CA | 23.227.38.74:443 | www.bestvite.com | tcp |
| CA | 23.227.38.74:443 | www.bestvite.com | tcp |
| US | 8.8.8.8:53 | apps.identrust.com | udp |
| US | 8.8.8.8:53 | apps.identrust.com | udp |
| US | 8.8.8.8:53 | apps.identrust.com | udp |
| US | 8.8.8.8:53 | apps.identrust.com | udp |
| US | 8.8.8.8:53 | apps.identrust.com | udp |
| US | 8.8.8.8:53 | apps.identrust.com | udp |
| NL | 23.63.101.153:80 | apps.identrust.com | tcp |
| NL | 23.63.101.153:80 | apps.identrust.com | tcp |
| NL | 23.63.101.153:80 | apps.identrust.com | tcp |
| NL | 23.63.101.153:80 | apps.identrust.com | tcp |
| NL | 23.63.101.153:80 | apps.identrust.com | tcp |
| NL | 23.63.101.170:80 | apps.identrust.com | tcp |
| CA | 23.227.38.74:443 | www.bestvite.com | tcp |
| CA | 23.227.38.74:443 | www.bestvite.com | tcp |
| US | 8.8.8.8:53 | bestvite.com | udp |
| CA | 23.227.38.65:443 | bestvite.com | tcp |
| CA | 23.227.38.65:443 | bestvite.com | tcp |
| CA | 23.227.38.65:443 | bestvite.com | tcp |
| CA | 23.227.38.65:443 | bestvite.com | tcp |
| CA | 23.227.38.65:443 | bestvite.com | tcp |
| CA | 23.227.38.65:443 | bestvite.com | tcp |
| CA | 23.227.38.65:443 | bestvite.com | tcp |
| CA | 23.227.38.65:443 | bestvite.com | tcp |
| CA | 23.227.38.65:443 | bestvite.com | tcp |
| CA | 23.227.38.65:443 | bestvite.com | tcp |
| CA | 23.227.38.65:443 | bestvite.com | tcp |
| CA | 23.227.38.65:443 | bestvite.com | tcp |
| US | 8.8.8.8:53 | connect.facebook.net | udp |
| GB | 163.70.151.21:443 | connect.facebook.net | tcp |
| GB | 163.70.151.21:443 | connect.facebook.net | tcp |
| US | 8.8.8.8:53 | d2z0bn1jv8xwtk.cloudfront.net | udp |
| CA | 23.227.38.65:443 | bestvite.com | tcp |
| FR | 18.244.28.3:80 | d2z0bn1jv8xwtk.cloudfront.net | tcp |
| FR | 18.244.28.3:80 | d2z0bn1jv8xwtk.cloudfront.net | tcp |
| US | 8.8.8.8:53 | assets.springbot.com | udp |
| FR | 18.244.28.129:80 | assets.springbot.com | tcp |
| FR | 18.244.28.129:80 | assets.springbot.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\Cab15E3.tmp
| MD5 | 2d3dcf90f6c99f47e7593ea250c9e749 |
| SHA1 | 51be82be4a272669983313565b4940d4b1385237 |
| SHA256 | 8714e7be9f9b6de26673d9d09bd4c9f41b1b27ae10b1d56a7ad83abd7430ebd4 |
| SHA512 | 9c11dd7d448ffebe2167acde37be77d42175edacf5aaf6fb31d3bdfe6bb1f63f5fdbc9a0a2125ed9d5ce0529b6b548818c8021532e1ea6b324717cc9bec0aaa5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4b04f58d5aec0ccacdd8bd78aab743c5 |
| SHA1 | e1bc0fdc2ba7f6ea6340b2ed5cf7168a05864a80 |
| SHA256 | d1ede9433341071beccb58f7769fffce56868ef47cd53a7cebfa4102e10de3ce |
| SHA512 | 15b619c3e774392030d031d33904cbcd92c0695ae0079ec6c6f0c8d198204326f72c4ae8b413523057bec2f97ae661d3f0d8c1ef6c7ad6ef20d40b855aee24ba |
C:\Users\Admin\AppData\Local\Temp\Tar16C5.tmp
| MD5 | 7186ad693b8ad9444401bd9bcd2217c2 |
| SHA1 | 5c28ca10a650f6026b0df4737078fa4197f3bac1 |
| SHA256 | 9a71fa0cb44aa51412b16a0bf83a275977ba4e807d022f78364338b99b3a3eed |
| SHA512 | 135be0e6370fd057762c56149526f46bf6a62fb65ef5b3b26ae01fa07b4c4e37188e203bd3812f31e260ec5cccff5924633dd55ab17e9fa106479783c2fb212b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E0F5C59F9FA661F6F4C50B87FEF3A15A
| MD5 | 5d0b20a20bf4218d7ff5d60cf2b53c7c |
| SHA1 | dd0bc5f797411df8cc45d53a8869e9d4ac8415a6 |
| SHA256 | 65a1897e92b3f669307e7300adc6809c4ed8f8b7895176816cd1f25561776f21 |
| SHA512 | f40317c3b797114dd403241138cc0882effcf1c5aa6b1b0d8d5facedb5968c6ad05dec035e2eee7fb4350b9d73c546560c7a7de45b3396744a4bbdeea255f6bd |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E0F5C59F9FA661F6F4C50B87FEF3A15A
| MD5 | d4ae187b4574036c2d76b6df8a8c1a30 |
| SHA1 | b06f409fa14bab33cbaf4a37811b8740b624d9e5 |
| SHA256 | a2ce3a0fa7d2a833d1801e01ec48e35b70d84f3467cc9f8fab370386e13879c7 |
| SHA512 | 1f44a360e8bb8ada22bc5bfe001f1babb4e72005a46bc2a94c33c4bd149ff256cce6f35d65ca4f7fc2a5b9e15494155449830d2809c8cf218d0b9196ec646b0c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c675a7a9be97daa29c4b08286a9c0877 |
| SHA1 | fb662961738895ea47434010884b7056c346271c |
| SHA256 | 0c2a62a53dbeb48a25f0857e34ea4cd973b94e964672549da49da9c94fcb2113 |
| SHA512 | 1bc84a64b300ca8a2876babe501fab06ea84061e9025e43ffe63ca8b79c1d785ef8f7c13219a914a081d6cd6bf8ea00decae346832b481a1c26a287059d64f82 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c593227a5ff13b1dea588688d732b428 |
| SHA1 | 2e7338aa570c8ad6fa000d809bd3c2921110b242 |
| SHA256 | d9a299babdad24a100924bcd643864901b449b30bc1ee0c98be997809aaf5ff0 |
| SHA512 | 6382043cd883d27880e0595eb0e980b4079fec44a10d281e5a5c695c57a58391c9aa65dffddd054ed1ab9adbfc6161dbcc1c4f509eaf27a1e77079c21e6e1dac |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a5ab4876d0d9b58903db922c860b90e0 |
| SHA1 | 2da38360e18961ffb11779ee2c08d80b78d674ad |
| SHA256 | eac6257cce99d7cce39f1071bb77ce9a5a354dea9c7da22b1bb83e32e9bcf416 |
| SHA512 | 9d49b0dd445deb1f8b9acd997413c00acbc2576e9443064a6e97fa85f803bec8e4e2b903f36fa5f4dc82303b035f2a2dbd6e7a495ecf138c4754e3c0679d35c0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\103621DE9CD5414CC2538780B4B75751
| MD5 | a84c64da2399e84eb8a96a1e9e64a547 |
| SHA1 | 6f7a3e11c4c97c3dc9a162f6749978858c04332f |
| SHA256 | ac8f9246913585b9d0737f3add5476b76549fde5ef0ccf578c22fb78e7b16113 |
| SHA512 | b470d4e091638e1efaffa149f65d847d13d526c2325b80e404f8e159c95bbe4b0c9500b5b116ac00ddc8ca21c0792df33c1e9673baee54233deafc57b5ef9110 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\103621DE9CD5414CC2538780B4B75751
| MD5 | 822467b728b7a66b081c91795373789a |
| SHA1 | d8f2f02e1eef62485a9feffd59ce837511749865 |
| SHA256 | af2343382b88335eea72251ad84949e244ff54b6995063e24459a7216e9576b9 |
| SHA512 | bacea07d92c32078ca6a0161549b4e18edab745dd44947e5f181d28cc24468e07769d6835816cdfb944fd3d0099bde5e21b48f4966824c5c16c1801712303eb6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 36255afa4496cae5acc03b7809252ea7 |
| SHA1 | 2984db41e9c858dc7653f77a9e632881e972f728 |
| SHA256 | 0d3b208eb330daad102cb6cc78d22644dbd7610abcd7e7fdf2da859b80e66813 |
| SHA512 | d76da3e30506ee9ed9bc0ca8c24a5be1b4025edf5641ded2b95f0f69345db737393659c5dc37af4cda26f60d77e23bd0a8f49404fd201ac5eb43fba5a60922b1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 528c78aefcd29455c8ac664b012d21aa |
| SHA1 | 34ebf89faab3f999e0a4c7b32533ecbe7a2a2d2a |
| SHA256 | df7b64459fe2103c1c2a0cbb7e7d45e5e29addf035a9336906f81fc1bd811995 |
| SHA512 | 8046d62a284cf671e8a7e4840636b2e6304b35a08ba8d0535f751131e0eeede591ed4dac0e6fda59d23305a7ddcc92f9d14cdf9783776fb482bfaeece6c95bbb |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a7487ccd6166b907ee9a63472a5e1918 |
| SHA1 | e197971a96ed54c7d74014ad5b2869065d57d367 |
| SHA256 | ee05d881647de5a87c173d50da7b38f9db3cee5572870ab77bed6283d57b714f |
| SHA512 | acdf7926763c041f0913e6dabbf653f4de55977d6f78284a872d57eab111a58026d679acaa8ebbb18b141510ddd21f0351f3d18e35cb2fba2bc5181016ed7f1c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9ac3d62a7c2ddadabf10bc738eea1fdd |
| SHA1 | 31ecd589f39a93c8d877c62b46714e94adafd829 |
| SHA256 | f37d0b875b167b05e529f00499dd1a8a941548cfe74a688cbf41a8d2531c3c2b |
| SHA512 | 354fb579f55983f74b80d2f8650c96e74e53134865e8d2a4b4e81778c05c9613b8cb3c3ff0d7113956c5693f0a7ce623fd0cdbcac753db62beb6fb3cd15bb304 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6b1eaf076326adfb8a22ef32b542d1d8 |
| SHA1 | c1846e88758c34907a1da107d3f70f6b36abc0c9 |
| SHA256 | a8c59162b5b116303ff3e657a3546bda14c8dcb92be40c371db362034a283c29 |
| SHA512 | bd1d4894b7843569aebd7e834cb39315ee1c925947d35930d36d9c7621ee3b1f36ee8dc546b508cc85df8f316cfb5c37114b447d12604740aeaf958350781c16 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3d361d5bd252226418a30f73488c75a4 |
| SHA1 | 4842c14ba590f85043cf251cb344c2f59203b4ba |
| SHA256 | 722971daf15506bdf641d39d0d4d6ea7c92d8e7f5c232bffdf6cc8e5a6b1fb3e |
| SHA512 | 19c06012d17e286ffcb70b3edc8db0fd9869646885512a35dec8806c7e34d2bd1c071250284bf9a9807d3080c19baab70b1d8bcdedf9083a99256d505722fab3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6d34d94717a79e694f82ef912748d324 |
| SHA1 | 3c3533daf576f39d88dc833ce40ff2988e3bd692 |
| SHA256 | 1b768676efdfe05b04790df7850380fdf8849fad8513755768842a1577422bc5 |
| SHA512 | c47d94837a8e3bbce026b1dfdcc292a7a55d9571dde586c84012832f0cce1742079a37cb25c79611c83ffad21afc4c3a1d913e4fb234373a95a6d4e8638363af |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ab2d79a7d3f81ebff429cd16657719b3 |
| SHA1 | deecabf99dc226d6427f9ddccc09c74a455a9374 |
| SHA256 | e5be503a096d836a97741a310be9f9878d761bbe9bbed456be4dc97cb6d1995e |
| SHA512 | 5d41f79409f143e334b7f24f64e5a24c946a34e8fa0fcd5f6e14bfacd70a2ed8a94bc83eff7f813d1a1cbadaae3a13e90b91f2914e26ee93ba85f31e2931b52f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2a4ffc50e4712525aa79b2abc7a6f04f |
| SHA1 | b0672d6b2c73b8907994e4f73e89a655665ad824 |
| SHA256 | acc4a685167277593b8d89d4ebc91e4202a91ae22a31d2f237085f15d8a50b04 |
| SHA512 | 572729dab5e9e9b97b3542a121e44e5d02d2469eb003b8eb81e97e67cb7db7243e3da40475ef5b55e09ee10da35f03938666a2557b6cd82db5e52cdf55341cdc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 35072e0c6653836aaaa296607c71e929 |
| SHA1 | b6751fb9318776973bc670b8dbd825451a9c9dc7 |
| SHA256 | 567a0d8a209e6eb92beca1f4645356a02e1fc299f4bc35448573493b2f9141da |
| SHA512 | 3b4f79cc1513ed949200a0645a865ac03fc2c0135109581952c4b53053c7003782f4ca76ad3dffdb5ded3676950012473cb62360d1888d3126dee445d58a835e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1bcbbd44340f92d2a9fe0cf70bd70bf2 |
| SHA1 | fffd5d55817aea7c6ba1045e23bf2cdf16dc1c26 |
| SHA256 | ef1c3945a4064e94f9a402b066b983240a096879ccfba5cae2b0281842b16da5 |
| SHA512 | 70d03bef6d3e971e21f74b44a8c5077028ef43c9161f957186ac2aa4af433b9d7ca75bb9665b96e505a28826675ea3b9ef095d754ce7ad565e6943dc7ac1802b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9f343a2af06e9462ee6e152c3001a362 |
| SHA1 | 1f831c762441f6260beef3137860ff0751158a85 |
| SHA256 | 9e84b7c6dde46d6d0a07872f1d63c887e1775e0e8de16c6e02e740cc5b1baf4a |
| SHA512 | 097cf08eb1bb4bd0486a03a39baf0f697bdb3ca0f719894292b72cc0fd125a22369f07fa4bf89bd3197730d4deb2d52bad40bbc9cbfdcb3761179791bf1f7e9c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 04c8163700651da29cf00f6c2123177a |
| SHA1 | a0f730020b1458605cfa97bebc9a9fce57c4146b |
| SHA256 | 7199e5894322d423f608a2231ebf027494fbfa3b7557d099ac37bff6260be7f7 |
| SHA512 | 5e048a2846e7c9c7dc13c364d800ef258880c7142f95eebb8e2227fd2d62dc0386b83687f9b1eceae5d544a80bc42206d48d195d686e53cd0893454a7f08e3f8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 205576b22988e0ea88e8101fc45116f9 |
| SHA1 | 26e9e347f8a9e07babd73872dc9972edb089b6b9 |
| SHA256 | 2ae80f71ac39c4e56480f394acf96ea52af9f61df19a0c7513100759d70b7d3f |
| SHA512 | efc435b3d79be9ebdffccf3c4819e3e59643468daaf29fad7dc7171499d80d947cb237f0b94b91d8ca52211867e9614d76d7262ce393a13e0c2b29c78427f85d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1b5e2033c28b7f0fac830c2a2423f09e |
| SHA1 | 27ae8ff6716a34937fd8d6880e7560069cb4101d |
| SHA256 | 6af29b2ba3c98530a1d52eed88ebf097d86bfa003739f74a83d01190cc2786c0 |
| SHA512 | c816998360f54675db93dfd9647d7291b66149a418457ff11e05359b8edffc8c08701d735eb14c2689dbfb3fe55e2db60fc31f918c86da594a56df5d49d5a492 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7d7f3d8f8ee6621e706ee28f246c48db |
| SHA1 | e4a73884fc6a9a8f821b78e7b78004b726b7e692 |
| SHA256 | 387c59bf67b1cc6eb712dea5d68e4444273ab4be7c524d869ca436c47c8c5df1 |
| SHA512 | 3674602c6fab2d830aa004ecd850137164a536a2f693f20a1ca01ef66888145240590e059abf213ee2cb8416c8b7ddd4ba1dbb29144eb89383bab61e1130e3d5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 28db85e197c1d872773eae0f953114eb |
| SHA1 | 48f79fb2de5177169a10aee3c3b855e69dbc6962 |
| SHA256 | 664bef0182ba4d643d1f6ca6e74461cf4c9efc14fbaf565ed3cb868f6a16cc14 |
| SHA512 | 88dbfcab978c9c05d1900e7314baac23b497bda90c347d561288244bff164acdc1dcc6969b331c71ff80268be3fa57b83303e00391099c54dc283b8c70a8c058 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ce3eb1fd191a4d3f2d53ec061be4596c |
| SHA1 | 3cfce1d3c01136aa3b78d16ed872c3c11335c35a |
| SHA256 | a5ac8e7d8b8d6443c5e0fb97436adcc03cf7fdff14023ad70c756bfda09d6dff |
| SHA512 | dbf4a3a10b84ea35dad6eba8c2a7a3f4c812ae32389a7c6956eb44e6d5bf356e5b6e69f68b43049d08126c13509e3837a6bba0ffef6620c429fc16ca0ee1ecf7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e516cad762e8a4ae61cddf628e9aeea2 |
| SHA1 | d15f2729dfa6e7cdbd306e1af26069f4e268d947 |
| SHA256 | 3f848c8aee97000cdcb432e98aedf00d9a1f7ecd5242fda4ff5ded66f2fbb278 |
| SHA512 | ebba2f7a2a8b350882df7f7cd8001a11075c41463df494e64296c202d9797213d14a467aafde9a54c70a350d83cd37c359dbad9f8a7836b12ba393e93a32ea4c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 34b3990519d6cdd26e3b2f75731055c8 |
| SHA1 | 9baa81ba1c3d04b353863eb106b568b76b78ed14 |
| SHA256 | eaea55610f228d9eca595737121e9a7be444631e89e7b15d0db2a96fe3b03713 |
| SHA512 | 5de36dbe5ad09f0a075e9033475835866e0f2a96b6e054c97a0e4328886b74a5faafc9776033c18628c3d776dbd45cae33680115d1900088df88204db2b5d2a1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 22e2d0ffded67d9f2bd55c10469365f2 |
| SHA1 | 1906456cdde201a9d3bf521189f0296c680e67b1 |
| SHA256 | e77e44ed37c3aeb78a005fb63a2d9c6b74d547841b57dd95d1f337e23cc27758 |
| SHA512 | bb7f50d548c8587be2aab61db31a7ea7ec73bc3d28e24aa5a97f5e05f17ecdd25610596ba467c2c89462470fefb2c8c096f84e77e49d4ff3cebcb1d75ce15aaa |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c09a28a9a201ea9b7c06500bb0533f8c |
| SHA1 | 46c43b7936f65c196068242fd2241c38419ec75a |
| SHA256 | e9af4ea26df90d719fed298e9654cc3391e9818e967692997e97f8ae30b3cc9d |
| SHA512 | edb86407cc0d3ad385d013ea84db9cc1c8e0392822e2d9dcaefe2e120e15bfaa03bdb2456cfac81e378e7a40d11c90bc10d75fb54d60ef79959fe15ee5078848 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e414c16465cf8e2809d5a6ae3a7b82c3 |
| SHA1 | dd9d8c97e618cac975bf8dda6df2cf728577d480 |
| SHA256 | 47943b47f8e1743470589984fe2785dfb8bfd7002adb1e52a96a9b84e5cadd87 |
| SHA512 | 2157f650ed1fcc94001b02f5eb314f26858b6ae710c36acb72155c47d860e245196ec328486e65d7708da43fdddc019522e3d52e34902d4f515e6b4e595c5581 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6700f8e7e4538cd658522ba675d0d0dc |
| SHA1 | a9bd1371eecad2e838a2711471726392a82c3d2c |
| SHA256 | 1bcdfd38dd121c80cf5d6480fbd759e9951e51305e953a00d6c328e82b357619 |
| SHA512 | 8227aab22318884bc66a7fe33033f044a0539e71ff5d41d15cc61b1d25a48f3ac9b41b604331f53f6ef6827e5f843b309a9db57cbfa686bb9e14c0a9b91a9b54 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1b19409c99e4d61a94a363242e20a933 |
| SHA1 | ec90e9039d531d2e6a61c0a7eab037db0174adae |
| SHA256 | cfece7909c6e4bb907cd42ccfc5cc39e4d4a4391835ae1db1ec599cacaa17e03 |
| SHA512 | 3096205786ca2ef8c2f256b59e4e2ea9539f40ea60460aa221c29c66ffc7e284fbe2d714fcccccbfc768de1457e20553d1a478671dd683a678347948cddcaf6a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 53fe1b55d00a6bda9cc3348a59ca8567 |
| SHA1 | b10a81801f0e5c49c25e90c42166d5617fcb4b11 |
| SHA256 | 2d7c77a7c0e8882533dcf610e8d4dd7f6a4a50f718263cff0880da550b4499de |
| SHA512 | 5dbbd38785a3e900eb65d23f7d686389676609db6d1cca99695fb347c49f59293295c0fdf558a17bcbf4d0c10eada9d042b56b37aa2b9a8c6cb49857e1b2f599 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | cf66aee74b395a05af95b910e34706ff |
| SHA1 | 8186f9021f5d31f3cee05a92f1db41e24a8497e8 |
| SHA256 | c6a432b1355aacd7c230cde2329ccf7e1c42b02e763f9efaa0eaaec27bb7375a |
| SHA512 | e0e5da202b13620173619edee95608a01186c9c8d7b66c9a6a5df9cd6b9e9538ce42b840d6e3bc1278e85bfbaa5778fca72244296c68bf8077fcecb7ce4489c8 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-13 06:24
Reported
2024-06-13 06:26
Platform
win10v2004-20240611-en
Max time kernel
145s
Max time network
139s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a42f9d8042b6bab35077d4fd39070f67_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffbe44846f8,0x7ffbe4484708,0x7ffbe4484718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1948,4845949253495297575,2406874157728876295,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1960 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1948,4845949253495297575,2406874157728876295,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2428 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1948,4845949253495297575,2406874157728876295,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2840 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,4845949253495297575,2406874157728876295,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3240 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,4845949253495297575,2406874157728876295,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,4845949253495297575,2406874157728876295,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1408 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1948,4845949253495297575,2406874157728876295,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5380 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1948,4845949253495297575,2406874157728876295,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5380 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,4845949253495297575,2406874157728876295,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5084 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,4845949253495297575,2406874157728876295,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5076 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,4845949253495297575,2406874157728876295,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4192 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,4845949253495297575,2406874157728876295,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5628 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1948,4845949253495297575,2406874157728876295,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5552 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.bestvite.com | udp |
| GB | 142.250.187.202:445 | fonts.googleapis.com | tcp |
| CA | 23.227.38.74:443 | www.bestvite.com | tcp |
| CA | 23.227.38.74:443 | www.bestvite.com | tcp |
| CA | 23.227.38.74:443 | www.bestvite.com | tcp |
| CA | 23.227.38.74:443 | www.bestvite.com | tcp |
| CA | 23.227.38.74:443 | www.bestvite.com | tcp |
| CA | 23.227.38.74:443 | www.bestvite.com | tcp |
| US | 8.8.8.8:53 | apps.identrust.com | udp |
| NL | 23.63.101.170:80 | apps.identrust.com | tcp |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 67.31.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 144.107.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 74.38.227.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | bestvite.com | udp |
| CA | 23.227.38.65:443 | bestvite.com | tcp |
| CA | 23.227.38.65:443 | bestvite.com | tcp |
| CA | 23.227.38.65:443 | bestvite.com | tcp |
| CA | 23.227.38.65:443 | bestvite.com | tcp |
| CA | 23.227.38.65:443 | bestvite.com | tcp |
| CA | 23.227.38.65:443 | bestvite.com | tcp |
| US | 8.8.8.8:53 | a.nel.cloudflare.com | udp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | tcp |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| GB | 163.70.151.35:443 | www.facebook.com | tcp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 204.79.197.237:443 | g.bing.com | tcp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | udp |
| GB | 142.250.187.202:139 | fonts.googleapis.com | tcp |
| US | 8.8.8.8:53 | 170.101.63.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 65.38.227.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 35.151.70.163.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.80.190.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 195.212.58.216.in-addr.arpa | udp |
| NL | 23.62.61.160:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 160.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 43.58.199.20.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | maxcdn.bootstrapcdn.com | udp |
| US | 8.8.8.8:53 | connect.facebook.net | udp |
| GB | 163.70.151.21:443 | connect.facebook.net | tcp |
| US | 104.18.11.207:445 | maxcdn.bootstrapcdn.com | tcp |
| US | 8.8.8.8:53 | 21.151.70.163.in-addr.arpa | udp |
| US | 8.8.8.8:53 | maxcdn.bootstrapcdn.com | udp |
| US | 104.18.10.207:445 | maxcdn.bootstrapcdn.com | tcp |
| US | 104.18.10.207:139 | maxcdn.bootstrapcdn.com | tcp |
| US | 8.8.8.8:53 | 183.59.114.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | bat.bing.com | udp |
| US | 204.79.197.237:445 | bat.bing.com | tcp |
| US | 8.8.8.8:53 | d2z0bn1jv8xwtk.cloudfront.net | udp |
| FR | 18.244.28.13:80 | d2z0bn1jv8xwtk.cloudfront.net | tcp |
| US | 8.8.8.8:53 | assets.springbot.com | udp |
| FR | 18.244.28.13:80 | assets.springbot.com | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | 196.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.28.244.18.in-addr.arpa | udp |
| US | 13.107.21.237:445 | bat.bing.com | tcp |
| US | 8.8.8.8:53 | bat.bing.com | udp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | udp |
| US | 8.8.8.8:53 | 203.107.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | staticw2.yotpo.com | udp |
| BE | 23.55.97.186:445 | staticw2.yotpo.com | tcp |
| US | 8.8.8.8:53 | staticw2.yotpo.com | udp |
| BE | 23.55.97.186:139 | staticw2.yotpo.com | tcp |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| GB | 163.70.151.35:443 | www.facebook.com | tcp |
| US | 8.8.8.8:53 | 30.243.111.52.in-addr.arpa | udp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | b4a74bc775caf3de7fc9cde3c30ce482 |
| SHA1 | c6ed3161390e5493f71182a6cb98d51c9063775d |
| SHA256 | dfad4e020a946f85523604816a0a9781091ee4669c870db2cabab027f8b6f280 |
| SHA512 | 55578e254444a645f455ea38480c9e02599ebf9522c32aca50ff37aad33976db30e663d35ebe31ff0ecafb4007362261716f756b3a0d67ac3937ca62ff10e25f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | c5abc082d9d9307e797b7e89a2f755f4 |
| SHA1 | 54c442690a8727f1d3453b6452198d3ec4ec13df |
| SHA256 | a055d69c6aba59e97e632d118b7960a5fdfbe35cfdfaa0de14f194fc6f874716 |
| SHA512 | ad765cddbf89472988de5356db5e0ee254ca3475491c6034fba1897c373702ab7cfa4bd21662ab862eebb48a757c3eb86b1f8ed58629751f71863822a59cd26c |
\??\pipe\LOCAL\crashpad_2860_QRXVIFMRLNSYWBVP
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 11b2acbd1062917d85b2f872008828ff |
| SHA1 | 58d592d0b5371f636e6133b6c3eb15684ca085f4 |
| SHA256 | 9f61fc604aeead277e631ccb639f841b19effd600e7a37b0915559dcb4dd80a0 |
| SHA512 | eaca0be08289ec96910d6294c4993b7b9b0d4bf9db9d46379c0c0c4dbb46fe67c991d6543f6eba2d6289f514b610e7d6d32149028c0c6e87898025a3db8700c9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 76b7300afb00e42cce3bbfb4b1357c45 |
| SHA1 | e0b767f5ecdf3c7f10acd3b5ca5d18d5fb3e0fae |
| SHA256 | 21f102c4470e4195e6ec5963dd757c9f10508cd6e207d587c31277ebed75a9cd |
| SHA512 | e21a826b7e5d689beff433e2f0c9f3802362fa65ace49a4ce97c687f4fa89e6dcbdfc928f867275b9b588da1b5c8e4216da5a7031b2eb83169a4d81157404cba |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | b739b1a80a36214c03b598ad2fe9bf54 |
| SHA1 | e2b6ec1b4c724f8acb9af96b92818360e3f969fb |
| SHA256 | ebb9d41fca174188a26799bfe92e3d6d41ec3324da59b0d57e0c826e024e308e |
| SHA512 | fa80d85f17614765589a0f5c7edcc3ea5b19afe831b2993d5cab24f13ebe62928c454ae9b9e74d6880fe4c6dd693d8df351a732513aa097662e1f43a41f7da2f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 5e34493d165fd2a8a19c00a1a3b3e5dd |
| SHA1 | bd9080503e8ddfe0809110a546a1f3e4eadad051 |
| SHA256 | 99a8f754f00d4674ece61f6e4e6e117e934db7907f8154141331f082ff8c26c6 |
| SHA512 | 1edf05938b519f3a600791e283c873083284a241c1820fe3b044bb0eb2546e2e90a7761763b21c01b77d6fd7f19c3512029d9c6f9b75d4ea1233234a911f1724 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57c803.TMP
| MD5 | 8c326fc0bc763e72d800259f13cd0432 |
| SHA1 | 121e445864f992c4852e30667a24a0f3a90a32ec |
| SHA256 | ce58d150004e981e153be3753800aba04d73e7080ca27852853ca47e83308d7f |
| SHA512 | 98e579d78415bef79ca067c28a0a92557d8cf978b1127c621afe87ea08d9bd8e7d27f8c93375d10c58bd64dbcbc1e9f56091632b31568f52fd7a4ab34be038e8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 8bdcdae5cc1c918b1e41f5126c01fd48 |
| SHA1 | 77bfcfe658fc884032ddab7b8a98b01599b41dcd |
| SHA256 | d3b404c7766997cea94dd60daa18c47c358900874319dd8c487be4535317bca4 |
| SHA512 | bfd0f4403185662cc2606317002180e180793ffe1f2577fc7c061c3998f4b0682487bc8e99413ad602592b50a6fe553027c0be0f76967504d3aab4eb836b632d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | f13f36f97444a9cd1f7231c2716478b2 |
| SHA1 | 4bdb0e8c3550fd79677adc67b9d5b7b03d67b2a1 |
| SHA256 | 086812721ee9e25c20a6e4521ffee0e7220a491042455f01e6806db0bddf8ee8 |
| SHA512 | 922b296e2d8cf4fe1654beccc42c6c0e975c02e4a2f97d2afd540533e055052f974adce2a9e8d7b487d1f19bbcc938e9b5c6f65a1cfa0d67baeb0e31e7aa586e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 206702161f94c5cd39fadd03f4014d98 |
| SHA1 | bd8bfc144fb5326d21bd1531523d9fb50e1b600a |
| SHA256 | 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167 |
| SHA512 | 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 876cb3db14400b3f7fde298f0bcf1b1d |
| SHA1 | 2adb6b29085e49752f96c70c1cf75ffd1174c1a6 |
| SHA256 | b8352d10cf1b12afd836f919b94eab94c3b1f50ff197421246ec387dd484b386 |
| SHA512 | 9d6057ffb9e15f2dc2639d9666672b860dd668274b5848a98225f744fcff6c35b9c98c75b6c8d5a2208ba5f2ffd7f59f37b33f1562971685bc45cafaa22af6b0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 1162592eadeac8c268a1c97edbee5881 |
| SHA1 | e5950386c0524bd41f0eb3b2d8547ed32659d983 |
| SHA256 | 42caab3ce539c9102de2921209874c7942a741449bdd07fd31ef72e0febae319 |
| SHA512 | 3fa99a57511bdd18d0c21fb003fb11aeb188dde460f2c06d21611a8471a9d5e242de4cd9d544920af49d27918dbb1ad4d443c960231f28e45e9ca4db60f4003b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | da0839eda5c7ec36bc30c18e6668d1da |
| SHA1 | 57353577add8fe448ad0823ff6b7429c1fbc95a9 |
| SHA256 | d123d1a76fe69c4c7d14dfb1e22c3ba56da1e72efcae6c064e3a91ecd2f1eb69 |
| SHA512 | e9c65b35bd3764a2617598e2a78ce16e7596b18f9725c6d6b28c6da708ed7c9d9d586bff27a524064f64307794edeeaf8466b4371c6d69bde3715b5b4ead6b9f |