Analysis Overview
SHA256
a0d8e3f32e466678e72f75dd71a89cd494379bd3946f388b3ed134b96158dca1
Threat Level: No (potentially) malicious behavior was detected
The file a475c5a34a2dbc03798609ce58087e8d_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Suspicious use of WriteProcessMemory
Enumerates system info in registry
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of SendNotifyMessage
Modifies Internet Explorer settings
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-13 07:37
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-13 07:37
Reported
2024-06-13 07:40
Platform
win7-20240221-en
Max time kernel
132s
Max time network
147s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000bbdfd0cc813b4649a9e9875db680c04500000000020000000000106600000001000020000000f58be668db0eeb7fe09dcc4dc4f0ab3f76cb927c31ec6873cf50788cf35fe8df000000000e8000000002000020000000e0ffa452aba4f962f10ccdf0fe15b2d5d24b43dc1b70330591f3d09125e2990420000000ee9ac9f48a48376eee08048c89c300f72370f8abbfb079d52bbc9b38444229f440000000bab239c15ef68de3f98069af9bc29c4d7e3ac1cedea28d17eda46d3bae7d0322ea630f14b76655c367d2ded1d8dbf270209759d90e3efb37a21d9bd0961ff491 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 90bf4cb064bdda01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424426141" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{D7F71AE1-2957-11EF-87AA-FA8378BF1C4A} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000bbdfd0cc813b4649a9e9875db680c04500000000020000000000106600000001000020000000e5201790f01d67d45a34a9181feee0f07f74acbab2baea30a6812256c2303568000000000e8000000002000020000000f4f8d137fceb330a11c4ee33650d9e02a677261aca4de1e2c4a3de36a347f42e900000006e1d9184081426eac23dd0ff1ea7edf04f63d20dc28ae11aa5118adfdd835060a3df8c3a4dc2eebbaf5c237234e2dab1cdbd75544eedbda2f6600d53d869984cc2ff509f9f44627dfa19c843ec5453344b9d348a4c391cad28e73c787c5f6f389e6ac015248ccfae71b7f8bf6e89f2681a9cf1800e44fabed1445fb19ab62cf6d4d924365521f7c0f42e673893af184e40000000c4853c620d8683d12a31b17d42a10f837010f6ecf3c3bfc3db5dd727e85e6b391166d54cbe5ecc6764df4ba4fbf54d446dd470f25cd0b4b3e30b235187b508ee | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2076 wrote to memory of 2732 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2076 wrote to memory of 2732 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2076 wrote to memory of 2732 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2076 wrote to memory of 2732 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a475c5a34a2dbc03798609ce58087e8d_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2076 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | paypercall.org | udp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| US | 8.8.8.8:53 | platform.linkedin.com | udp |
| US | 8.8.8.8:53 | 1.gravatar.com | udp |
| CA | 69.28.67.78:80 | paypercall.org | tcp |
| CA | 69.28.67.78:80 | paypercall.org | tcp |
| CA | 69.28.67.78:80 | paypercall.org | tcp |
| GB | 142.250.187.202:80 | fonts.googleapis.com | tcp |
| GB | 142.250.187.202:80 | fonts.googleapis.com | tcp |
| CA | 69.28.67.78:80 | paypercall.org | tcp |
| CA | 69.28.67.78:80 | paypercall.org | tcp |
| CA | 69.28.67.78:80 | paypercall.org | tcp |
| US | 192.0.73.2:80 | 1.gravatar.com | tcp |
| US | 192.0.73.2:80 | 1.gravatar.com | tcp |
| GB | 142.250.200.14:443 | apis.google.com | tcp |
| GB | 142.250.200.14:443 | apis.google.com | tcp |
| GB | 216.58.201.98:80 | pagead2.googlesyndication.com | tcp |
| GB | 216.58.201.98:80 | pagead2.googlesyndication.com | tcp |
| US | 152.199.22.144:80 | platform.linkedin.com | tcp |
| US | 152.199.22.144:80 | platform.linkedin.com | tcp |
| US | 192.0.73.2:443 | 1.gravatar.com | tcp |
| CA | 69.28.67.78:443 | paypercall.org | tcp |
| CA | 69.28.67.78:443 | paypercall.org | tcp |
| CA | 69.28.67.78:443 | paypercall.org | tcp |
| CA | 69.28.67.78:443 | paypercall.org | tcp |
| CA | 69.28.67.78:443 | paypercall.org | tcp |
| CA | 69.28.67.78:443 | paypercall.org | tcp |
| CA | 69.28.67.78:443 | paypercall.org | tcp |
| CA | 69.28.67.78:443 | paypercall.org | tcp |
| CA | 69.28.67.78:443 | paypercall.org | tcp |
| CA | 69.28.67.78:443 | paypercall.org | tcp |
| CA | 69.28.67.78:443 | paypercall.org | tcp |
| CA | 69.28.67.78:443 | paypercall.org | tcp |
| CA | 69.28.67.78:443 | paypercall.org | tcp |
| CA | 69.28.67.78:443 | paypercall.org | tcp |
| CA | 69.28.67.78:443 | paypercall.org | tcp |
| CA | 69.28.67.78:443 | paypercall.org | tcp |
| CA | 69.28.67.78:443 | paypercall.org | tcp |
| CA | 69.28.67.78:80 | paypercall.org | tcp |
| CA | 69.28.67.78:80 | paypercall.org | tcp |
| CA | 69.28.67.78:443 | paypercall.org | tcp |
| CA | 69.28.67.78:443 | paypercall.org | tcp |
| CA | 69.28.67.78:443 | paypercall.org | tcp |
| CA | 69.28.67.78:443 | paypercall.org | tcp |
| CA | 69.28.67.78:80 | paypercall.org | tcp |
| CA | 69.28.67.78:80 | paypercall.org | tcp |
| CA | 69.28.67.78:443 | paypercall.org | tcp |
| CA | 69.28.67.78:443 | paypercall.org | tcp |
| CA | 69.28.67.78:80 | paypercall.org | tcp |
| CA | 69.28.67.78:443 | paypercall.org | tcp |
| CA | 69.28.67.78:80 | paypercall.org | tcp |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| GB | 163.70.147.35:80 | www.facebook.com | tcp |
| GB | 163.70.147.35:80 | www.facebook.com | tcp |
| US | 8.8.8.8:53 | www.livehelpnow.net | udp |
| US | 184.170.245.180:80 | www.livehelpnow.net | tcp |
| US | 184.170.245.180:80 | www.livehelpnow.net | tcp |
| GB | 216.58.201.99:80 | fonts.gstatic.com | tcp |
| GB | 216.58.201.99:80 | fonts.gstatic.com | tcp |
| GB | 163.70.147.35:443 | www.facebook.com | tcp |
| US | 184.170.245.180:443 | www.livehelpnow.net | tcp |
| CA | 69.28.67.78:443 | paypercall.org | tcp |
| CA | 69.28.67.78:443 | paypercall.org | tcp |
| CA | 69.28.67.78:443 | paypercall.org | tcp |
| CA | 69.28.67.78:443 | paypercall.org | tcp |
| CA | 69.28.67.78:443 | paypercall.org | tcp |
| US | 184.170.245.180:443 | www.livehelpnow.net | tcp |
| CA | 69.28.67.78:443 | paypercall.org | tcp |
| CA | 69.28.67.78:443 | paypercall.org | tcp |
| CA | 69.28.67.78:443 | paypercall.org | tcp |
| CA | 69.28.67.78:443 | paypercall.org | tcp |
| CA | 69.28.67.78:443 | paypercall.org | tcp |
| CA | 69.28.67.78:443 | paypercall.org | tcp |
| CA | 69.28.67.78:443 | paypercall.org | tcp |
| CA | 69.28.67.78:443 | paypercall.org | tcp |
| CA | 69.28.67.78:443 | paypercall.org | tcp |
| CA | 69.28.67.78:443 | paypercall.org | tcp |
| CA | 69.28.67.78:443 | paypercall.org | tcp |
| CA | 69.28.67.78:443 | paypercall.org | tcp |
| CA | 69.28.67.78:443 | paypercall.org | tcp |
| US | 8.8.8.8:53 | developers.google.com | udp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| CA | 69.28.67.78:443 | paypercall.org | tcp |
| CA | 69.28.67.78:443 | paypercall.org | tcp |
| GB | 216.58.201.110:80 | developers.google.com | tcp |
| GB | 216.58.201.110:80 | developers.google.com | tcp |
| NL | 142.250.27.84:443 | accounts.google.com | tcp |
| NL | 142.250.27.84:443 | accounts.google.com | tcp |
| CA | 69.28.67.78:443 | paypercall.org | tcp |
| CA | 69.28.67.78:443 | paypercall.org | tcp |
| CA | 69.28.67.78:443 | paypercall.org | tcp |
| CA | 69.28.67.78:443 | paypercall.org | tcp |
| GB | 216.58.201.110:443 | developers.google.com | tcp |
| CA | 69.28.67.78:443 | paypercall.org | tcp |
| CA | 69.28.67.78:443 | paypercall.org | tcp |
| US | 8.8.8.8:53 | ssl.gstatic.com | udp |
| CA | 69.28.67.78:443 | paypercall.org | tcp |
| GB | 172.217.169.3:443 | ssl.gstatic.com | tcp |
| GB | 172.217.169.3:443 | ssl.gstatic.com | tcp |
| CA | 69.28.67.78:443 | paypercall.org | tcp |
| CA | 69.28.67.78:443 | paypercall.org | tcp |
| CA | 69.28.67.78:443 | paypercall.org | tcp |
| CA | 69.28.67.78:443 | paypercall.org | tcp |
| CA | 69.28.67.78:443 | paypercall.org | tcp |
| CA | 69.28.67.78:443 | paypercall.org | tcp |
| CA | 69.28.67.78:443 | paypercall.org | tcp |
| CA | 69.28.67.78:443 | paypercall.org | tcp |
| CA | 69.28.67.78:443 | paypercall.org | tcp |
| CA | 69.28.67.78:443 | paypercall.org | tcp |
| CA | 69.28.67.78:443 | paypercall.org | tcp |
| CA | 69.28.67.78:443 | paypercall.org | tcp |
| CA | 69.28.67.78:443 | paypercall.org | tcp |
| CA | 69.28.67.78:443 | paypercall.org | tcp |
| CA | 69.28.67.78:443 | paypercall.org | tcp |
| CA | 69.28.67.78:443 | paypercall.org | tcp |
| CA | 69.28.67.78:443 | paypercall.org | tcp |
| CA | 69.28.67.78:443 | paypercall.org | tcp |
| CA | 69.28.67.78:443 | paypercall.org | tcp |
| GB | 216.58.201.110:443 | developers.google.com | tcp |
| CA | 69.28.67.78:443 | paypercall.org | tcp |
| CA | 69.28.67.78:443 | paypercall.org | tcp |
| US | 8.8.8.8:53 | tpc.googlesyndication.com | udp |
| GB | 172.217.16.225:443 | tpc.googlesyndication.com | tcp |
| GB | 172.217.16.225:443 | tpc.googlesyndication.com | tcp |
| US | 8.8.8.8:53 | fe0.google.com | udp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| NL | 142.250.27.84:443 | accounts.google.com | tcp |
| NL | 142.250.27.84:443 | accounts.google.com | tcp |
| NL | 142.250.27.84:443 | accounts.google.com | tcp |
| NL | 142.250.27.84:443 | accounts.google.com | tcp |
Files
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 375bd322f84787cfa96ad9e0f17952e0 |
| SHA1 | d5e576261fd608e9677328c6a10ca7533e3bf5d0 |
| SHA256 | ab46dc9e6938f154478ec21b7df17a3f5ad1e8b60b24c5b15e1e2b76e5c05b34 |
| SHA512 | f083615723fdef0c5f014bc3498221519beb786f731453c6a348c0b2e01d1446c6cb27fd72108becc88bd54aed43c16c97b3f43a74f188615df2bc6b9ef729f3 |
C:\Users\Admin\AppData\Local\Temp\Tar2794.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 54515c03dae416e5930b76b55fc9bbb1 |
| SHA1 | 775cdf41ce96647c3cb5a4fadcbc25ac16b2c4e2 |
| SHA256 | dee6b0c0f61d90bf4d4ead3b433d6ce9d7208c68fc36adc4f571b910dabf42a8 |
| SHA512 | 004c109039cf63034bfbfe4384c38cafffd817eee4ade4a27966ff49ea8759512a7c22822716efed6434556d9e3a0b823031bd1f3ddfd813540f16293435942e |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OORQXHVT\cb=gapi[2].js
| MD5 | 0fe383a7ddb9bbaefc3105b3297f5583 |
| SHA1 | f80c9d789f251909c7560bd91a9e1b9a10c26362 |
| SHA256 | d7ad4aad4e48174c30ef21fc32c9380659d2c99a5c39680e10ed9752139d8683 |
| SHA512 | 31de1f59377bc76e5d602d02273867ce750bbbccb7edc8f2803c0188002ecae6752ac3ec31c2108e64b0d871b01e6a8a06711969dc68bd9823303def0e7c1ee4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 28d83e5ec4ca7c059cb438572ecf6cd6 |
| SHA1 | fd03d11e117b3ca86762efce46f397e60059caaf |
| SHA256 | 1bc83a9324fe8cdfc43e16b886550b17cbba5cf40f2f36aef7687c36b1a54b88 |
| SHA512 | 6750bf59e1ba9297ea87079eac4aa24e27b08fbf8bdae186f769ad2c28f2a92a6e30959156be9f400e64a24ac774580fb335c3cb9a72296691674625987455a0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8003caa25fe3afec76770f2d4bc5eaf8 |
| SHA1 | d05f7891ad7275e0f04ff6c78080903183f7f05d |
| SHA256 | 43dba72cf0c1d8fdfe16165f08904bc484c1391e550b7f6dcadb4a2fdd7059e5 |
| SHA512 | 54900ee3bc1bb40e342a613be9df3b97dd8e9d073788235a12bb3711752389e861aad899bfee4948a9e368c6b032db87e2ef9d016a43c18f80d06f6302ad8957 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7e5889155067246b0d7dd80c7b22d93e |
| SHA1 | eade57fe519239ccc6f3fd4dc3872a85c3116ce8 |
| SHA256 | aa6aa488ca1309cdd954dae056ff799772b62ad1287c662e011affb176f19535 |
| SHA512 | d39f34e8aa3d0faf40541957f4ceafb01fe4c86712f2b4b7f6686b55653f631afa676c8ac899bfe179a85ac602f30c2c1b21adf036283abeb1de9e8b3efb3fec |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 94bfe59fa1e76e49f1a45ffe0d327d55 |
| SHA1 | 5b01ce0d93d380a702e6d2bb6f0dbbd245bd7738 |
| SHA256 | b14db2ddeb35e012a73867abefdde5518385bcd7b8cda167212eb36f8778c2b8 |
| SHA512 | a4ea8e98c81feeb7c63c8a00f358a293a9256dabcb722fe96c283c86730782d47f7f87e0ad9357083e9641024a257ab1c65f514f798ae41e27bf996633a64c4f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8399f7c7ba3002cdb319b50d2eb48478 |
| SHA1 | 7b96067cd0b90b457cd7267ba0c0a35dad03eec3 |
| SHA256 | 26be1c4f5e2a2a74d74ac3270143c8d675740bb2ed8edfccdc9fb646ce13856f |
| SHA512 | f0b968390f755de0870dee96f12f5f13e64aca083b6d182ad664ddb2f4ff0da73ad09c0c736672f8cc6879888517b42ec27ca8b807e34a940da1c33abde961d9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 74d299e0f44871d1d0ee1b8babe2035e |
| SHA1 | 40a1d808bc6ec1e2754a26904bc59a5e2aeab397 |
| SHA256 | 27f6170b76e979a83eedeb48011b21ff421fce56f050a188bb153831acfb4b0e |
| SHA512 | 3d8631aa45ef6880c882973145399b460ba4c0b5430f572a9d65b0b12505eb78d8b2136f4d9241c12c2d9d22269822219a3147d4d7f0e7d92b2dd1ae5b36c185 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 169351492705a15f22709e62ff61d1d6 |
| SHA1 | 401a6cc3619fd26d830aa857acd111f2de04c3f8 |
| SHA256 | 530be1285d47588e5d26302a9bd26a49bb4a0b7e880734cc381f07caa6cb4497 |
| SHA512 | 894e21c2465e4a97ff1e57bfb65d746358fe30d2d3806f24d1db8cdb9911c17213a93a1909a0c5fef39abe99d33cacdddcbaff9bb6985864c8b95e4ed581f303 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f179b69460226c54b2d88b4f7711e38b |
| SHA1 | 96b5715f5854ee9350a4bf21afc8c5968c04caa7 |
| SHA256 | 1abe958d5c1637df721f8672f431976f356cd817b456061ebf15c260793e38fb |
| SHA512 | 94f55df81bdb555e6c73aa85c93119e429d9258df3ce65a25e80fd937f089767cb0a80d0a8f1960eb0a83e99e4703818191a98a573b5997101494fd65cad7b10 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1ed0b9bd7286ecd0e81db3bfe476981d |
| SHA1 | 2e143185c1d5bb547d230c09d4276ec6507ab7ad |
| SHA256 | 2899404b5d043bf87a9cb21186fbb6bc02147899f57b1beea888c83478d4f008 |
| SHA512 | ecbc4cb6b023cd5ca721aa0c7ad9ab76f539c75e588e49d1915577c81015c2f3a7320789a8654789699f54a534073fe043289c00e2824f4a09e7e31224740f30 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 40acd6c1f82f6f9abdcfaa515ef83a73 |
| SHA1 | d610f2c5aa10fd8c7f0b37e8d4b5309606f99895 |
| SHA256 | 25107899f7ce2241c97a727ad6af6bcaa31813e01ccc0df8207076e3463d5804 |
| SHA512 | c11218e7588e99ea648a36c84ae5a0804874393a03427eef5741fd28d8bcb538e7eecc653cc184d9e15612cb2df07de5b1a851743c5870317875f39e3fc7e397 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 976154424f1f936c9ec0d4f077345865 |
| SHA1 | 65b4738f616f7bda6524a950b96fd372dba30575 |
| SHA256 | ca56a1c9f7647d1603a8850ff09556eb509245aef7792eedcc103d5a32b235b4 |
| SHA512 | 8a6c4fe59a6b54dbb1f0747fe01b180cf9248b4cc58dcc513e9d1a916d5dad0748224246febb9bff7c3ff2bf28657a123f1e0671bd35ef0f654c84e93957280d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c877c9035e6559077662f49d7486e40f |
| SHA1 | b0aa95d16517a5a083a089dd58fb24e83b390359 |
| SHA256 | 477994fd696e2c1ea1f3a2fff00194a41ac9ee220d52e228e7fcafdd3bc8f42e |
| SHA512 | c71868548b20c3e4dc314df88016f2fa564dad65c2f6460f311638719c7da120564bffa232db4de985ca077272b44227c5ab138211a6b9c897b6f8d5eacedba1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a244e6ebad988def7868581da7c2be47 |
| SHA1 | be80551de562d4204b28953ca3451f5beec9ac93 |
| SHA256 | ad49080fcb1ec2734900f4baec32f782ea0b1f2a3db508065b979f857726e387 |
| SHA512 | 47c0edbca0eef243435fcf5299ca5ff0de6fc7372795454f9f48f70b9e759343b73856aefd3fbdac324744c8d871d7f1d4ab60a4cd886011bba62e67be35def6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | a266bb7dcc38a562631361bbf61dd11b |
| SHA1 | 3b1efd3a66ea28b16697394703a72ca340a05bd5 |
| SHA256 | df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e |
| SHA512 | 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | 6168a18c60e42415e85aa6aa1bca3c3d |
| SHA1 | 9f89efabc69423d8416aa3a2c1b816b820aac052 |
| SHA256 | 42f1f0b79299eda94d6c5741a407dc4639a2e7035b728f8a87fc0ee79802b74b |
| SHA512 | f7d6242d5eb6a595d5ded5176ed5c01fe58f13c29aad93663fdb6b58fbe2ec39d3daf9aa4f30bf48d666d8a62926695107d805a4abe873adb6bb2c40209d96c8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 48b993c815461e1c06dc36a76e86c6b1 |
| SHA1 | bb3316ea4fbf3b358b7f4c5583a61f53a8a826a3 |
| SHA256 | 820acc1ac1214324dec78d57f19865e1f2fae70bf4acd817fd8f40682a821ee8 |
| SHA512 | 3cbda91b07871e3f5f97b59edbd494904132abdd553b9b5f619bbf2a0f5137bb61274d61d5725573798bd944e22386759170c1b2e850e0fb77722e9f3baf7ffe |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | bee22131399266f455e08a0eccdcfef0 |
| SHA1 | 257adedbc44e5f5971f5af6bb88d97cf3d2d9e83 |
| SHA256 | c863c0c94f30b7841aa286079ea8eb8d1f48a8ca4e399ca63e5c54268f950c6d |
| SHA512 | a49b8e0357df1699cdecba822c6c40e1bb04952ab0bf0226d6af8a94e376281926923b79660f8ef5fe7ff3eb93823bcb91e0036fec27af746b8374416a12b4ee |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9d707769091cf3f77ef4875e6f048995 |
| SHA1 | 3b96c34e9e03451e73d2f662a1cccf243b52f3ab |
| SHA256 | a9360bfd4977104728ce52fbeaa6f1d4f1efaf66978d24e9f521ad7087641731 |
| SHA512 | 374069856c3fa5e8d9c54232f2f0f79f9254cf5a1667134a718e4d37decbba8f991dbcb1e1c802a2c241f1255a43cf73563c3a439b3d9aceeb905cf0862b0283 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a7aaca6e30f3f35e8d6e36e1b592909e |
| SHA1 | 67faf7403b3cd2354f6728ad4c72ac2e57e22899 |
| SHA256 | 001183f1c14b2c4870c751d2d0bbbfbcfd3622603ce74e95c28b166fd99180c7 |
| SHA512 | cbbe3490c0eb8f2cfe3c4a6e21b49820ed7a3181ab953c470f4ffa41c888731ccad6c2f794b43360d32407763bab8b54aa1fad2f695c61964ba4eaa81606d20f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | cd1dfc68cb48ff5303ab26f78a43a7be |
| SHA1 | a2eba7dc998944aca3a7e0ab770ae834a8da68eb |
| SHA256 | 9b371b25c73ca473f08a15feb8f9b63e1aadde4b5381fcc280bc6b169f4bc6c2 |
| SHA512 | 0fcfafadefe3092695d6fa2d0ffcbf364740d81e8c5ebf27eecae4e5828413619fe3a3dd0c3c26857cc06919c245f7002d2debb7b941d352129b2b3d12906430 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 08321f9222fde77d382f85c4a8893285 |
| SHA1 | 8027bf32f939cbcac081c2937cbe827be35bcf94 |
| SHA256 | 0cb275156040ffda3b74019d9bd7d07868b12464a520938cfcb32f868fb3fb8c |
| SHA512 | 86ded1827938e069a12805453e5cb1d3bb4dbad77d2eab545249410c095daf73bf81ffc9f12252747e5fb2ea478534f877386ce3babea9273816523987d47c92 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | e4a68ac854ac5242460afd72481b2a44 |
| SHA1 | df3c24f9bfd666761b268073fe06d1cc8d4f82a4 |
| SHA256 | cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f |
| SHA512 | 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9faca3e698566c4383dc687a92051039 |
| SHA1 | cae4e61054c8878b57c3c16bb921eceba06e2aeb |
| SHA256 | edabd48a6f4a6e24db6220bec0b28bd852effd9af00ed8f5d3d9d00e5222c635 |
| SHA512 | 82fc909af203e56fc9c03e137c10eb5ee88e4a9477ab0539ee6a9c3e3f9c9f8a0e77762881a5309c2c369877164b828f6fff5dbe12db7b916079fa66d2de3d13 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 02c1b7aab61590c8d80613d5b6dab82d |
| SHA1 | 3922db449af1b7e56c1432f661c7e171a7b47183 |
| SHA256 | 89e9bfbd4f2c9762759caecd2c8e8e6ece657ab797d310f33337a26f48153d53 |
| SHA512 | d0eec9bc67662a64adcea2bf37abf75f0043c28c7e396db96c367eb2f047d53387aa74cfb4481412877edf1bcbde6514a884331a2f581bfddda22507d8941a74 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0f08a94f54bea5fe5de8d133db50aad7 |
| SHA1 | de11c57b6064d7fed253ac7807feb1be934053a1 |
| SHA256 | 5457af7c3a5e2279142cde6b671fd22ac833e3be0bd5a8a5c0d87493506b8ff6 |
| SHA512 | 660de81d5df0e8ea911b04b6164a459a38046d92caab22f6e03b5dfe8eaca11afaa2e006dbe2b30bbfac3d0dd3e7508670f90ecdc9f361fa82acf610fcb76599 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1f48f6bc1896170da232cb8d7201749c |
| SHA1 | ac526c58faae06b9755d482cd882320d78dbb90c |
| SHA256 | 800b6047c303bcb1d850c2f77f1e34ad35c2e8d8baba0c6e4425fdde8a98cf44 |
| SHA512 | 31734b856df61eb4636313a464af3f606d79d58d556362a5bc20027d517dd178ea480bb402499b3f43bc134a9fce053405de21e5c71c209ae423fa0c85845607 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9ZQLLOZN\3604799710-postmessagerelay[1].js
| MD5 | 40aaadf2a7451d276b940cddefb2d0ed |
| SHA1 | b2fc8129a4f5e5a0c8cb631218f40a4230444d9e |
| SHA256 | 4b515a19e688085b55f51f1eda7bc3e51404e8f59b64652e094994baf7be28f2 |
| SHA512 | 6f66544481257ff36cda85da81960a848ebcf86c2eb7bbe685c9b6a0e91bca9fc9879c4844315c90afd9158f1d54398f0f1d650d50204e77692e48b39a038d50 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4JZQ5QLK\rpc_shindig_random[1].js
| MD5 | 6a90a8e611705b6e5953757cc549ce8c |
| SHA1 | 3e7416db7afe4cfdf3980daba308df560b4bede6 |
| SHA256 | 51fdd911dc05b1208911b0123aed6b542e9d9f04c94d7504c63d89ca259ef679 |
| SHA512 | 583636571c015af525cddd5b8dc2ac9964aba5a7a9b0acd3908e4aeb4c2ee74cdfaabe49b0aa13d7b142748542426864e91e88e90d7f73bc647f0bfecb0ff7bd |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-13 07:37
Reported
2024-06-13 07:40
Platform
win10v2004-20240508-en
Max time kernel
147s
Max time network
156s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a475c5a34a2dbc03798609ce58087e8d_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffcce9946f8,0x7ffcce994708,0x7ffcce994718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2088,3516972733837059023,14050454570751891673,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2104 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2088,3516972733837059023,14050454570751891673,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2180 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2088,3516972733837059023,14050454570751891673,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2952 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,3516972733837059023,14050454570751891673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3260 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,3516972733837059023,14050454570751891673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,3516972733837059023,14050454570751891673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5084 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2088,3516972733837059023,14050454570751891673,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5168 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2088,3516972733837059023,14050454570751891673,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5168 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,3516972733837059023,14050454570751891673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4588 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,3516972733837059023,14050454570751891673,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4816 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,3516972733837059023,14050454570751891673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5256 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,3516972733837059023,14050454570751891673,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5252 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2088,3516972733837059023,14050454570751891673,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2060 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | s.w.org | udp |
| US | 8.8.8.8:53 | paypercall.org | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | paypercall.org | udp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| US | 52.111.229.43:443 | tcp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | eaa3db555ab5bc0cb364826204aad3f0 |
| SHA1 | a4cdfaac8de49e6e6e88b335cfeaa7c9e3c563ca |
| SHA256 | ef7baeb1b2ab05ff3c5fbb76c2759db49294654548706c7c8e87f0cde855b86b |
| SHA512 | e13981da51b52c15261ecabb98af32f9b920651b46b10ce0cc823c5878b22eb1420258c80deef204070d1e0bdd3a64d875ac2522e3713a3cf11657aa55aeccd4 |
\??\pipe\LOCAL\crashpad_392_KOIMVSMHAVZXOBCR
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 4b4f91fa1b362ba5341ecb2836438dea |
| SHA1 | 9561f5aabed742404d455da735259a2c6781fa07 |
| SHA256 | d824b742eace197ddc8b6ed5d918f390fde4b0fbf0e371b8e1f2ed40a3b6455c |
| SHA512 | fef22217dcdd8000bc193e25129699d4b8f7a103ca4fe1613baf73ccf67090d9fbae27eb93e4bb8747455853a0a4326f2d0c38df41c8d42351cdcd4132418dac |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | e0918d20f75e86b5a8ebeee2895be15b |
| SHA1 | fb627df4e313c1f85ee385520fbc3c4cf072a835 |
| SHA256 | aef9ed61ba9bc537a1915e5484f4da71acc115f585b8378014cc020431eff21e |
| SHA512 | 707ea8cd346988b0f0f7825996d525e6c8ffd8cf39f5745be20470d329f534d46c88e29d7e0364ea836452273574ead83f313017d9bb900c55b28bd60f2f1062 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | afee86822f64ceb35122b26ff393d7b3 |
| SHA1 | 191c619183f2ec4a1f0ff049356c569f251985dd |
| SHA256 | 377c07bd236e6c531b570c4fcbfdac614e8c5db5a067cacf77c03ae9e6d14b3f |
| SHA512 | fd3caa998a72c0af14ba2e4244999e8c1e79749c621dddb8fadbadc760a9d41cbec6c1b5810fe6527674200df44c7fb1d4e8bd44fa2feece80fa18b37f0c4c06 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 1719a6cb9a0093b09a5909c9489e82a4 |
| SHA1 | b7ef1faaae3cb583b07f03f6a84ef3c3e8bc5914 |
| SHA256 | 92a859a6c6b937562b1ddd2048cb69c26baf6eff4498ab38349a4b4ad18d75ee |
| SHA512 | 9248ef6c037087ebf86e738e394e7274aef544681303380ed19519fe7ade3f9c619aa961ec9065b4bd0ebda8fa6579a72fca9833476527903e924d5f5d5b68f6 |