Analysis Overview
SHA256
6d760082d27a78bfa265837072d8aaa239dc8eaf0693860646aed44658c3b845
Threat Level: No (potentially) malicious behavior was detected
The file a48fac6ea0d17c95c474567b63930b09_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of SendNotifyMessage
Modifies Internet Explorer settings
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Enumerates system info in registry
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-13 08:09
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-13 08:09
Reported
2024-06-13 08:12
Platform
win7-20240221-en
Max time kernel
143s
Max time network
144s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{521F2E81-295C-11EF-822E-56D57A935C49} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000d65f271cef82a3459ff61974f0ffbd2000000000020000000000106600000001000020000000bcb17addefd9b1d6b8e6cddf5ff8128e13c14271e65c64a28c310c906f35a416000000000e8000000002000020000000044ee4d30e1bf5875eef42e372a946173cbbe6baafb33d1187f8effe8f01c65490000000da0ec5d5805dc334505df609df9640792482a821a78d7da509d9e9291fef8c3165528e288b65c835facba176203611ab516a27c2982d92afd7afb342d192c14d84ee82cff87cb7d592ef66c999fc86abc9c59882f1ff4cb19dff1f9b99ce12fa43675828da5f4b4e19a3bd28853a2d0bf824106eab52f135706494185dcc896e9ea5b5ab86aa84149096986a558a9bf140000000cb0f5453c94076488f07838e66f0efb1c3f4be6d9c420992a235e72824060db15d3ca679ce4b8c1be5fa5c2c3e1f13931598331046b8ef1bcbcfabe1ddaaca20 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424428064" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000d65f271cef82a3459ff61974f0ffbd2000000000020000000000106600000001000020000000806e3e452a8c9470d43f43b1d7f769dc5c897439dd87f591b12abc6ed8e6cbba000000000e80000000020000200000003af3174390354a7c0200def93f7adb8d0cbd68bdcef8693ae45deb4a2014b86e20000000a858563c5996a59cdfd6661ff2f4667d906684831202cef1a96e2ee352242f6e4000000022603f0fe0d2b407ef2b354afb00a5091bb123dd17efb21e0f1e2e14259b7d81144b55b97d5d90f82003f1ba98032fd0ab54ce9f8fcd556383876c82b79589d0 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = f075372869bdda01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 1676 wrote to memory of 2324 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1676 wrote to memory of 2324 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1676 wrote to memory of 2324 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1676 wrote to memory of 2324 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a48fac6ea0d17c95c474567b63930b09_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1676 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | hotnewsjamaica.com | udp |
| US | 8.8.8.8:53 | 1.gravatar.com | udp |
| US | 8.8.8.8:53 | images1.wikia.nocookie.net | udp |
| US | 8.8.8.8:53 | fc00.deviantart.net | udp |
| US | 8.8.8.8:53 | images.wikia.com | udp |
| US | 8.8.8.8:53 | www.deviantart.com | udp |
| US | 8.8.8.8:53 | fc04.deviantart.net | udp |
| US | 8.8.8.8:53 | img516.imageshack.us | udp |
| US | 8.8.8.8:53 | img43.imageshack.us | udp |
| US | 8.8.8.8:53 | i200.photobucket.com | udp |
| US | 8.8.8.8:53 | www.wizards.com | udp |
| US | 8.8.8.8:53 | s0.wp.com | udp |
| US | 192.0.73.2:80 | 1.gravatar.com | tcp |
| DE | 23.67.132.158:80 | www.wizards.com | tcp |
| US | 18.245.199.99:80 | www.deviantart.com | tcp |
| US | 18.245.199.99:80 | www.deviantart.com | tcp |
| US | 192.0.73.2:80 | 1.gravatar.com | tcp |
| DE | 23.67.132.158:80 | www.wizards.com | tcp |
| US | 44.241.57.142:80 | fc04.deviantart.net | tcp |
| US | 44.241.57.142:80 | fc04.deviantart.net | tcp |
| US | 151.101.64.194:80 | images.wikia.com | tcp |
| US | 192.0.77.32:80 | s0.wp.com | tcp |
| US | 192.0.77.32:80 | s0.wp.com | tcp |
| US | 151.101.64.194:80 | images.wikia.com | tcp |
| US | 38.99.77.16:80 | img43.imageshack.us | tcp |
| US | 38.99.77.16:80 | img43.imageshack.us | tcp |
| DE | 74.120.188.204:80 | images1.wikia.nocookie.net | tcp |
| US | 54.213.8.166:80 | fc04.deviantart.net | tcp |
| US | 54.213.8.166:80 | fc04.deviantart.net | tcp |
| DE | 74.120.188.204:80 | images1.wikia.nocookie.net | tcp |
| US | 3.165.113.35:80 | i200.photobucket.com | tcp |
| US | 3.165.113.35:80 | i200.photobucket.com | tcp |
| US | 192.0.73.2:443 | 1.gravatar.com | tcp |
| US | 3.165.113.35:443 | i200.photobucket.com | tcp |
| US | 18.245.199.99:443 | www.deviantart.com | tcp |
| US | 38.99.77.17:80 | img43.imageshack.us | tcp |
| US | 38.99.77.17:80 | img43.imageshack.us | tcp |
| DE | 23.67.132.158:443 | www.wizards.com | tcp |
| US | 18.245.199.99:443 | www.deviantart.com | tcp |
| US | 18.245.199.99:443 | www.deviantart.com | tcp |
| US | 8.8.8.8:53 | img14.deviantart.net | udp |
| US | 8.8.8.8:53 | img07.deviantart.net | udp |
| US | 18.245.199.99:443 | www.deviantart.com | tcp |
| US | 34.218.68.46:80 | img07.deviantart.net | tcp |
| US | 34.218.68.46:80 | img07.deviantart.net | tcp |
| US | 34.218.68.46:80 | img07.deviantart.net | tcp |
| US | 34.218.68.46:80 | img07.deviantart.net | tcp |
| US | 8.8.8.8:53 | company.wizards.com | udp |
| DE | 23.67.132.54:443 | company.wizards.com | tcp |
| DE | 23.67.132.54:443 | company.wizards.com | tcp |
| US | 8.8.8.8:53 | images-wixmp-ed30a86b8c4ca887773594c2.wixmp.com | udp |
| US | 18.245.175.129:443 | images-wixmp-ed30a86b8c4ca887773594c2.wixmp.com | tcp |
| US | 18.245.175.129:443 | images-wixmp-ed30a86b8c4ca887773594c2.wixmp.com | tcp |
| US | 18.245.175.129:443 | images-wixmp-ed30a86b8c4ca887773594c2.wixmp.com | tcp |
| US | 18.245.175.129:443 | images-wixmp-ed30a86b8c4ca887773594c2.wixmp.com | tcp |
| US | 18.245.175.129:443 | images-wixmp-ed30a86b8c4ca887773594c2.wixmp.com | tcp |
| US | 18.245.175.129:443 | images-wixmp-ed30a86b8c4ca887773594c2.wixmp.com | tcp |
| US | 18.245.175.129:443 | images-wixmp-ed30a86b8c4ca887773594c2.wixmp.com | tcp |
| US | 18.245.175.129:443 | images-wixmp-ed30a86b8c4ca887773594c2.wixmp.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\Cab1FF1.tmp
| MD5 | ac05d27423a85adc1622c714f2cb6184 |
| SHA1 | b0fe2b1abddb97837ea0195be70ab2ff14d43198 |
| SHA256 | c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d |
| SHA512 | 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d |
C:\Users\Admin\AppData\Local\Temp\Cab2003.tmp
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9c981afaf9804bebff62f5f4cd583e62 |
| SHA1 | 3d05c4098c6e4beb0aee765f818a348023518d9e |
| SHA256 | b74afaabdb223d1c3430282253821f70901474cb04b120847e7558a2d1b5faa6 |
| SHA512 | 3a845fbecff80308aaa458ba2e3d7bf8f8e4fc0651f9ec595d75fb8c7ee0195dc675bff183cd8ecd58b145a7d74aaec226472c4def073ee2dcf2f705a43cedd9 |
C:\Users\Admin\AppData\Local\Temp\Tar2056.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e531869f8515362213f27e4dd32bfcc2 |
| SHA1 | 134dfd7da512566224b661ae1c9e3bc2e35be0b9 |
| SHA256 | 72a1daae2face288807dcd9767d9bdf3314aa05fedde31b85b37452e08c598f2 |
| SHA512 | 178a73d8851edef20754e9a326dfbaee97d550befb887caea77eb864959840ae073a084fc4682f8977dcd4bc1409436d593c271a058924852d7a4073be936529 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ff780965e1d582b35388decb61534ec2 |
| SHA1 | 0b17517d43e57c3160d8549f19da42a4b6664de6 |
| SHA256 | bc9fff713e97a769b522cc2119a27eab91caf43bfb7c67a521c6677ba5d7a164 |
| SHA512 | b28ff0d29b4b77044ebd37672a68e5cab5498eb2490b1e51a88d704f8a3c0f8b6aba3c055482b571c0678d2eacb46e6cb9d7840a67e86253def31a865ab8c361 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 413eddd70d35cd58c04cfaa5b9563ef8 |
| SHA1 | 65277908ee8674edd2b0fbdf1cc5e5c221667896 |
| SHA256 | e660607b211a932da536e0f319d96cd6f24b643377e9e7baf10ca273e119be2f |
| SHA512 | afa05a0602095a5049301f9b9555966f838a30f4544f235188522870da4ac8a595976f3ef2fe3cad1a726ad27d636263d1d101a1b68dde6e0a0056e02db937f7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 763148733e42a0fe59d8b60be9cf0968 |
| SHA1 | 23795c86fa5350fa93c983aa6ef5e7e3fef7d6ee |
| SHA256 | b232cce888a73208dfddb40f45155291accfa3aced042a6cb6617a49a5d56c43 |
| SHA512 | 81c89b58dcb348d6bc03a6d596bf24da787419165abfa31e9508cb2752f2dca347f43e15e65630871feecd03602160d46b18abbc5c7a0f49852eb647f199093e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e628ce6220d78b9bc9419de2bf983b56 |
| SHA1 | b70e179ad61a3dcf07bde005cb9269c601a3b641 |
| SHA256 | 53ea53149b5d8444212824eeaa2c00a6969e96d9a0683a92e18da06268276cd4 |
| SHA512 | 01f45df4decb4256089ac266b997dc2e7f3e62d5a1b0653fcc4881f44cfc049960422845011abf4273b97f2f54d8b40ba3ecbe36f741d16228d652db8e626ee8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\070E0202839D9D67350CD2613E78E416
| MD5 | 92f7d3a7b5d264a451c478fefd60efb6 |
| SHA1 | fe35fc8f89eec5fa45a3723e16238c24e40094aa |
| SHA256 | 0e56601de0cbc195f23b7d63325697b0c6d7d0056af9433dbdb721a50964def9 |
| SHA512 | 92e85078956163cc20b0462233cdd830f520d0cae7ed976585ea3124c49714e353284b6c072aeec8bbc8e700febf31a9a70145d27e98248c951869a8e6a27c82 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\070E0202839D9D67350CD2613E78E416
| MD5 | 55540a230bdab55187a841cfe1aa1545 |
| SHA1 | 363e4734f757bdeb89868efe94907774a327695e |
| SHA256 | d73494e3446b02167573b3cde3ae1c8584ac26e15e45ac3ec0326708425d90fb |
| SHA512 | c899cb1d31d3214fd9dc8626a55e40580d3b2224bf34310c2abd85d0f63e2dedaeae57832f048c2f500cb2cbf83683fcb14139af3f0b5251606076cdb4689c54 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4d018da5faeb04045c2fb9d358a6a03e |
| SHA1 | 01eb1d39505cb5bc550a7ff6044ff043df3eb800 |
| SHA256 | d5831a317215883d3427afa8b0b79d25c560517b1c56af69e55d42eadb0d2980 |
| SHA512 | ab926465d4540ead33221720b56a3049cbbef3c800134d792337fdb632d805ac101af8b5522616b8b432d7e293a4c5435ff04b5e8abd811be67cd336c51c3de3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c3a7795b4791e536646c3f24e12e2378 |
| SHA1 | 04444101052172300fcecc1b03b77050105f3ce4 |
| SHA256 | cacc303e84fd616d13c0c6d73869980de1412ccd2997b2cda8b8c5886a9796e2 |
| SHA512 | 9e2cc33b2949fff62039eacee6667a591926b24ddb676a5e4e2265435c69620b0843a6c94e4fa3caa5d48a4c976b72e9b323ab81db2ddd3788f171ce7f59fa9b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | fcec841722824f252adc5cd5ee578c72 |
| SHA1 | f6aaa7e3bfa163c85490a07f054b16d6fb634e5f |
| SHA256 | 90edd7f77ebfa8a7a4f67e1fa6517b3f8cd6de573bf5988305dd02b441a3a091 |
| SHA512 | 1c7296f09e39200717a429922f1f1ba33e47a00457b2dd334312baf54a8c4179c4d70a8c73e9b6880ef491a6682d2c303c8d4b2eae39878b7d74d4fae9695d6f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9df92fdb03abf9040ba3a7ec635f23b8 |
| SHA1 | 8e637d33b25f31ce7553eb137ca167c45c669b8b |
| SHA256 | 96fe0f01e104a31ee77788f748fdd82b6540815d2aeaff5431a3a27398e78953 |
| SHA512 | 3b376953ef0b0666b1fd082aa2ff2143abcd1cd5c9fd1c74458e5dd9747495bb3a1ea5d441189278ba0fd87298f79311258218242acaa2e47e4e7041bedde80a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | de2dfd0a72262215ee853811fafea6ad |
| SHA1 | 92a35a5be4f17ba5049c20fa02a3b261014461da |
| SHA256 | 3047e44ca59ddaec1c91758c4459d4e04df0690f729e45bde0af2466289abd97 |
| SHA512 | 84a2b034ff9979a62a00a04123ac1b2f455be01d4f24c3d307866f5d5d6ba4f5b4ca63c05ac9381d3d2cb0f59825725ab75c5e8e27afaea3dbb216eeccad001f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4e44cf50d5c8689e96707b46cc205043 |
| SHA1 | de38ceae7c5def3d94b8d77129b0777abba189ac |
| SHA256 | 9700d3d87ba8aaddd0b1333c8e04f928da329bd0770dac822efa767edc10c816 |
| SHA512 | 21726fb84707dd23e4714006be2029ac2a686dc6a8ad2cbf5507b7d4401a5fb8754981965d6f4001a7e8a8b735f943b4e232e020d65c1bbedde13d93a0129b46 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0f43acfe9ea4e744490da72e700159aa |
| SHA1 | 322caaaa9dcbcc45be1696d2b14b4ada64cffbc4 |
| SHA256 | 151df4ffd282850f088feb3cfef99b3cd13dc9b8bd39f084c3a6493df7eb0198 |
| SHA512 | 760e05676665fb8ad7c8b777cd089ead076ae5761e82e48ebb6122d5f6cc15dd457b36bb81aea0f5358002443eff46ffc245de80d94b1cfbd763be02b960ff2e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ac49d7d8fedc96aa4266218394cfdfa4 |
| SHA1 | 06c503434354d7494912fbca95529009e60e2ae7 |
| SHA256 | 008b676f525056fa3c5685c6a2009e9fd1bec2ebc735b3b927ae00fce077aa9f |
| SHA512 | c65b5c287d46a8b1c467db8d3bd7b715d4cfc91a2dc1e8d8e70e7691ecc790c1b00a8946f3da3c3b52641ac75faf5fbaec652d03bdd2f21e2454a4d3dcf7b075 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1ef93ee18967fd53f8ed57f1d3a9b114 |
| SHA1 | 4789bcdc2e8a0664ed8a08bc7e0195b67de6e58d |
| SHA256 | 37b490233f06e258d2845c0021f6c35e25b27ee3d25a7d368bf867bc8bff278b |
| SHA512 | 1fd7cce6204af1d902b19640981c8108fb7b21c5016d1582dfd326af16f0f891fc03c0bbd847ec79ca72c1bec141b7003b03db940c236312863a4b761bca63bf |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 06aa88d1b732f9c8e2e3f8fb05680779 |
| SHA1 | dbe3dce7681adac6511c8a845c8e59c4cad41508 |
| SHA256 | 66a4e704297ae7bce993e2c18ae879d87dc32318745a479cf722cc6b4abae32b |
| SHA512 | 5062385bf2fb46cda2dab488314bbe240f821f270eb850e988499781e591cddfbd32231c910152b0b3612910eaeaa69cc49a84f2fd17f11f5d8e5c0c93e27fcc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b6c9fba54aae204775919ca905013e6b |
| SHA1 | de875a305fff328075b12e4df2b2f377a26622ca |
| SHA256 | 820146e62ed652a88c26a0151dad1be6adda870b76c19ff377b8d9aa4386c917 |
| SHA512 | e2267f27babd1bb02869d6fd782a3c72e5e8739d232497a951f960d44138a387c658721fee2dcd4d522139b02881bcb4d7bc8e0e8f965d5711e7faa3c324f066 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6fbc4cd7cdcb59922812ff6fe3dcac81 |
| SHA1 | 4c82d83109948c5bf65ee1f5916610b4a0f416e8 |
| SHA256 | 29e4201bf295c6fb800386257d61ace88be887051e75edca3f1b16b005d6b74c |
| SHA512 | 438166199d71c8a15dc4258e8196f21a703f812be0355ad23a130bbbb04b036adbf20b27c8dbdfed9695526c2893d019701b589f07a60a3521e44f7dd3aa9692 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 05f589dcedfa1adad9cd1c6415f1c91d |
| SHA1 | 43c048f798567f28c1e56ace76cecc6ef8484981 |
| SHA256 | 47d52963d7afbd649b02e85a245d3a6c2c00ec5683fd87ae0b28699305e33f23 |
| SHA512 | ca4f15f089249c2d30cf6a01197e537c8ab281106e7dad06f6a87f77f49bd67b6d92280270f6cdd903a9f312fcef8535ce123cfff2cbee56ff7dcd3301f702ba |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7afd93670fcc8957e871ce2465e322d8 |
| SHA1 | 65d55bbb64546d1973dc14d02e6646bc33a6eb83 |
| SHA256 | ffb2a354ce6bc1537531b3054e3ec1b9db5386e3118b7d313e417631dca67ee8 |
| SHA512 | bd7457b87068a8f450a42ba5be1919781a3afeb28e5589f8e00651e319cdcf04fbbab327434ef76e3d2c8d26d09b56bb1cf4fa9ee4db56160af028d689582358 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | a266bb7dcc38a562631361bbf61dd11b |
| SHA1 | 3b1efd3a66ea28b16697394703a72ca340a05bd5 |
| SHA256 | df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e |
| SHA512 | 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | 814d0b168feb3351379433997fd943aa |
| SHA1 | 1a3fca9144c44d92222f8e781b1623a33917acde |
| SHA256 | d546c6c00cb7a856d10e7b31fd6dce5d111e638d0bb67d1cde853fbd7f1e3756 |
| SHA512 | dc34a0ae18e9bfc3edb0a0f06a406cad6e2f3a5f25d735f18922f9f5cbf0d4dda28caffc775af12f257f7a0d47a6e88cb66ef4dd5dda600c98e6acebd751ab7e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9ad1016bbcb8965088f346c58875ffd9 |
| SHA1 | 69ed134c982a14009575255ff3ac3d90e470061d |
| SHA256 | 8732ba04506f3d953eb610ae7a0040d495ae34ed24c248bcc5ce89ca5fa21183 |
| SHA512 | f1fc6bbfcd16258c443565e0203b619f47764e2ccf82691acbb3f3da6c1b8f5a559cbe68f6c806562352244a483b00ac9cde8fbac15aaa87f8f4c8ce9d06528a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 576717a071807049b5c64074e695cd46 |
| SHA1 | 78b231b0969c8437650a516828f3d13995e37154 |
| SHA256 | 9b0701783ad87d9208f9c24c90df6a1c3ed34e61183a89318d20f34fb97dc6fe |
| SHA512 | b74355de2ce0fa082c3c5dfbeda44c2390960c84510aaaec1f2d794eb18cec3d40a252841939b1d700356d2f8c5c3ddaa8c3cb1f8b69d3aae74ec16c48122a59 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 787c36bde06f955a87dafb5a0194d9ef |
| SHA1 | 5e77837bcbe4df3c87fa96cd9e1a95265099a725 |
| SHA256 | e9ed408cae5c2310389fd53b91dcb4efc11f4a0b536968bd23aaef84a6f95131 |
| SHA512 | 7eb158bd1a75ec173f99fee7d2e3978de69c8b726c90cbe4676f4387efae2582081ebe99c88f496b493f1f5edf0ed7d6830f373f9c809ddee6213761107734cc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4c50810ee624a496e82853fbb0602d13 |
| SHA1 | 2743284f03e566561cfd3d8e2cd41d8a9678be8c |
| SHA256 | c8a57bc028e7e7e531c1c3bd36fb6485df93dca107e65d2666937ee683de17c5 |
| SHA512 | af115c866257807988cfdd24402713ad188bf0f06eacea6efddc5147b52d41924d6ab110a1964d5a5b1af2a8d46b21bd3369981108b14bd1169bfaa0e13853da |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 716f63b6e1247542fc89f83746011447 |
| SHA1 | cb463eeec4be4f4d23cab2705f11b0c27aee7b51 |
| SHA256 | 6f3f84f7fa8a41e49d58b8646079e86635aaa20231c2e82f99d7e23c38f1b61f |
| SHA512 | 1eea2a4fefb12c6ed491e483aa1cb8acdbd38a2a4aa26c6751682b3dfc2ffab5db606dc5beb858e05f6239bcea00cfd08551c17b6326b35f57e44429ec730dbf |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | e4a68ac854ac5242460afd72481b2a44 |
| SHA1 | df3c24f9bfd666761b268073fe06d1cc8d4f82a4 |
| SHA256 | cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f |
| SHA512 | 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | cbbeabf485e434a56cd27e24ff1543d2 |
| SHA1 | ecafe94060959ac8ad3a2618926027f9783d045e |
| SHA256 | c80a309b3fbd95d200d5ebc7c0e9f4ae8725b83db18030426274fe00b517ab98 |
| SHA512 | cd98b7470739dfbd805e39475425568724b74dcdd357c64b4731ca0af916f384ef38846177f9207fd5335ddfe08d88e27ce358032ee78659ffeca280e0ed1d7a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | f299cc7121bacc0e46dfd5a6e7220035 |
| SHA1 | 03a3fbb9d6224b5c0692230100a3a5dc6e575bd9 |
| SHA256 | edc98832ac119c94167ad376ba37a883556e4465f14e7b434817826db6f0fe78 |
| SHA512 | 4b046a0dea5f117236f1da18ad193e03051bef748e6fcc1df00f3325531800c72ddc0ad64db541903796a0cd988ef2d819a9c3d3ec844ca907f6cf43f413c570 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 83bb43ce4c6b285366bc185cdecba46d |
| SHA1 | 331ce325bde8aaf36b52d985456e62b41fa70369 |
| SHA256 | 53eaf3d38cb712490711fe05db3bfcedb01686cd38f2d07ab9cc12159f239a9e |
| SHA512 | 521b6a1c01fbffef8a2f873cae29353d3125f72a487d6d9d0f5b848defa22a7c4d1199cdc6b82f824387ec61c67f626323dabca26c07f355f0546dccc88ee99d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4d0b5148129ce442fd54ed4136e4a6be |
| SHA1 | 9ad3cd67637e2b0a97932f41b1ea192a07cf9faa |
| SHA256 | d8038ebbaf0ea4709a8eef50b4a5c0399fe513d80270d717b2e2fdb73284cf2c |
| SHA512 | 402111c5a9ee80b80ef04632404a74593163aaa6c7ccf1d3285e038dd07ab9df3947c00b8e210693b9f71056883efc3410afe1a1a96aaee01faf0a0ab49f696d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 677a47c339142454d7834507892da71b |
| SHA1 | d7b90ee4f4acda27aee089fe251be758d881eb37 |
| SHA256 | 2f65ff66bb6aa51a4e42853198b2b5adbeb34fcfedb724eacbaa80a6d1281dc8 |
| SHA512 | 01f37323d271bc0b11b77b37bb2c5b051e326062a71d433b04805b4e4aaa374794e154b99722eb2b8f37ea5a97844124310b649321201fa5ca688b54cc6b47c6 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-13 08:09
Reported
2024-06-13 08:12
Platform
win10v2004-20240611-en
Max time kernel
148s
Max time network
149s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a48fac6ea0d17c95c474567b63930b09_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa06e046f8,0x7ffa06e04708,0x7ffa06e04718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2084,15357346878482366889,6828947886562835123,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2096 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2084,15357346878482366889,6828947886562835123,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2192 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2084,15357346878482366889,6828947886562835123,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2908 /prefetch:8
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,15357346878482366889,6828947886562835123,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,15357346878482366889,6828947886562835123,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3436 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2084,15357346878482366889,6828947886562835123,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5336 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2084,15357346878482366889,6828947886562835123,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5336 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,15357346878482366889,6828947886562835123,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5392 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,15357346878482366889,6828947886562835123,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5408 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,15357346878482366889,6828947886562835123,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5612 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,15357346878482366889,6828947886562835123,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5616 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2084,15357346878482366889,6828947886562835123,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2172 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | hotnewsjamaica.com | udp |
| US | 8.8.8.8:53 | s0.wp.com | udp |
| US | 8.8.8.8:53 | 1.gravatar.com | udp |
| US | 8.8.8.8:53 | images1.wikia.nocookie.net | udp |
| US | 8.8.8.8:53 | images.wikia.com | udp |
| US | 8.8.8.8:53 | www.deviantart.com | udp |
| US | 8.8.8.8:53 | fc00.deviantart.net | udp |
| US | 8.8.8.8:53 | fc04.deviantart.net | udp |
| US | 8.8.8.8:53 | img516.imageshack.us | udp |
| US | 8.8.8.8:53 | img43.imageshack.us | udp |
| US | 8.8.8.8:53 | i200.photobucket.com | udp |
| US | 192.0.77.32:80 | s0.wp.com | tcp |
| DE | 74.120.188.204:80 | images1.wikia.nocookie.net | tcp |
| US | 151.101.64.194:80 | images.wikia.com | tcp |
| US | 192.0.73.2:80 | 1.gravatar.com | tcp |
| US | 44.241.57.142:80 | fc04.deviantart.net | tcp |
| US | 38.99.77.16:80 | img43.imageshack.us | tcp |
| US | 18.245.199.23:80 | www.deviantart.com | tcp |
| US | 44.241.57.142:80 | fc04.deviantart.net | tcp |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 16.43.107.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 75.159.190.20.in-addr.arpa | udp |
| US | 3.165.113.35:80 | i200.photobucket.com | tcp |
| US | 8.8.8.8:53 | www.wizards.com | udp |
| US | 192.0.73.2:443 | 1.gravatar.com | tcp |
| DE | 23.67.132.158:80 | www.wizards.com | tcp |
| US | 18.245.199.23:443 | www.deviantart.com | tcp |
| US | 3.165.113.35:443 | i200.photobucket.com | tcp |
| US | 38.99.77.17:80 | img43.imageshack.us | tcp |
| US | 38.99.77.17:80 | img43.imageshack.us | tcp |
| DE | 23.67.132.158:443 | www.wizards.com | tcp |
| DE | 74.120.188.204:80 | images1.wikia.nocookie.net | tcp |
| US | 8.8.8.8:53 | img14.deviantart.net | udp |
| US | 8.8.8.8:53 | img07.deviantart.net | udp |
| US | 35.164.103.241:80 | img07.deviantart.net | tcp |
| US | 35.164.103.241:80 | img07.deviantart.net | tcp |
| US | 8.8.8.8:53 | company.wizards.com | udp |
| DE | 23.67.132.54:443 | company.wizards.com | tcp |
| US | 8.8.8.8:53 | images-wixmp-ed30a86b8c4ca887773594c2.wixmp.com | udp |
| US | 18.245.175.28:443 | images-wixmp-ed30a86b8c4ca887773594c2.wixmp.com | tcp |
| US | 18.245.175.28:443 | images-wixmp-ed30a86b8c4ca887773594c2.wixmp.com | tcp |
| US | 8.8.8.8:53 | 32.77.0.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 194.64.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.73.0.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 204.188.120.74.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 23.199.245.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 144.107.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 35.113.165.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 158.132.67.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 16.77.99.38.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 38.201.222.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 17.77.99.38.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 142.57.241.44.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.103.164.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 54.132.67.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 204.79.197.237:443 | g.bing.com | tcp |
| NL | 23.62.61.112:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 28.175.245.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 43.58.199.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 237.197.79.204.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 112.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 103.169.127.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.39.242.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 147.107.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 152.107.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 210.143.182.52.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | b4a74bc775caf3de7fc9cde3c30ce482 |
| SHA1 | c6ed3161390e5493f71182a6cb98d51c9063775d |
| SHA256 | dfad4e020a946f85523604816a0a9781091ee4669c870db2cabab027f8b6f280 |
| SHA512 | 55578e254444a645f455ea38480c9e02599ebf9522c32aca50ff37aad33976db30e663d35ebe31ff0ecafb4007362261716f756b3a0d67ac3937ca62ff10e25f |
\??\pipe\LOCAL\crashpad_4412_DWIODGDKJGMKUVEK
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | c5abc082d9d9307e797b7e89a2f755f4 |
| SHA1 | 54c442690a8727f1d3453b6452198d3ec4ec13df |
| SHA256 | a055d69c6aba59e97e632d118b7960a5fdfbe35cfdfaa0de14f194fc6f874716 |
| SHA512 | ad765cddbf89472988de5356db5e0ee254ca3475491c6034fba1897c373702ab7cfa4bd21662ab862eebb48a757c3eb86b1f8ed58629751f71863822a59cd26c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | b17db13c2d9e74fe6180b94625fe15a6 |
| SHA1 | 743d5266a9e225b898c47b2fc085f0c4ef5d0b3f |
| SHA256 | b1e8b28f47a50168ae7f4f04cd180f946a0e62972fbe9ad5a7dcd3272f5f5ab2 |
| SHA512 | 9e988ba20ee25fc31c9e7f040fc2b788c74f8d860f5d2001a4ba0980e5f1221b72633c97d0f4a632eda31e58f564a698d13fd02e3785f81f07c8b97b7ced453c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 206702161f94c5cd39fadd03f4014d98 |
| SHA1 | bd8bfc144fb5326d21bd1531523d9fb50e1b600a |
| SHA256 | 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167 |
| SHA512 | 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 1673d7f14e2e94a2d7795759f676162c |
| SHA1 | 6f5b22f4e15ad0af3086076ab00891789f9c5e95 |
| SHA256 | 982b0fda76f5612ed7c70a7bf549377d1695d8969948ca84c2ae097d76779035 |
| SHA512 | fbc0270cb1e8dd77a656276e6d1029097e4116b1f75c68c786f43e687d7034d7c8e123e0189fe25b96a227ca6c251c4d6602d12c188c2c711961c4b2f6f5841f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 8b877583e710794381f961cfcbfe5991 |
| SHA1 | 630e6bd5fc7bb67c42a5d0c696a796ea9d631d29 |
| SHA256 | ab08d9370458beadfcd9dc02f631fe0203b7c6e0b039cf20b9c1cf8f68187c82 |
| SHA512 | 759ad290483af699e3f9d62956143d00e17fae967d56db1bd66ab765c759e05dd50724e98dfa9a113f7975321890ba332d70efda7b827acf10d6a872796a9503 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | d33635e81eede58292e0703a6b021463 |
| SHA1 | 1fdd4661fcc84e9117529d6568c6356bf4060fb5 |
| SHA256 | d8a58208227098c1e7c5f705dd90b5a475df3165a2afaa350917c4afc4efc32c |
| SHA512 | 5424b58ce4c7f1999afd6f758e7d91707f599200291415615e8ad434465db8230cd7d3fe659036849954e78d656b6938c4ed736f695e97fe994d4ec9b0d6b001 |