Analysis Overview
SHA256
0b9f443dd685812ecada6d7e57f34c4fbf9a713c9e575d16f655db4ae9e1796f
Threat Level: No (potentially) malicious behavior was detected
The file a474c7096ea4bfc5f011e5754a3ed50f_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Enumerates system info in registry
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of SendNotifyMessage
Modifies Internet Explorer settings
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-13 07:37
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-13 07:37
Reported
2024-06-13 07:39
Platform
win7-20240611-en
Max time kernel
122s
Max time network
128s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000000b2968c6cf60b74b94229c882944fb81000000000200000000001066000000010000200000009d51bbb3cf57e51d7c5f71e10bb77642a1f737194ba597f4e8cf0321084ab12c000000000e8000000002000020000000d288eead3224b79e98d09eca9bd23d1ba860f7c239f7f2a0bfb03798c5ae172990000000f0a1abd45ca461434c65b7ecd26af7ef21799de61a8f2fbd47f462f7fe05c3295e619242402d5ef2a39a6dc33d7d05cae394903e73a437144f85839e9fd884c78f602d09a2ad3a9bced2b83a1fb2230f74476839bf5a40bfb6ae1f5996cef44634e7e77226578e19c2534dd18674069614174a28b4e6f07fcd34ddd781c96d131faeb3ae5e6f2ef59d0e222a63c640ef4000000064d5a4490e384a4fd11036a491350f5e0830470eb078f68d021e7ed0f3867e8f50cf9ea1f62470903886c9f8b5c424bdbf443d77234d520fb8c9d2e31e878e04 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{BB551E51-2957-11EF-81FC-FAD28091DCF5} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\International\CpMRU | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000000b2968c6cf60b74b94229c882944fb8100000000020000000000106600000001000020000000a1274e46884796039cb0986692878c05cf7344bd3ace1b23c78c2163292e3c96000000000e80000000020000200000005256490ba31a63dc36876d92ce19ec148331a46cd20fa64f939cec81d20fcd572000000042c2de93db7f1eef70633383bff451b6d6ea48406ab622facc1cbfdcf65c5876400000006ea87bd2d88982dfcb30ee31b2d1ba49490a048b3b32d3235dab51f059345caff866d8ba332dd878085b53d30b344a61bec15a5414a11c08b6ec10c291ab1713 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = c0d5789364bdda01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424426093" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2468 wrote to memory of 2928 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2468 wrote to memory of 2928 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2468 wrote to memory of 2928 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2468 wrote to memory of 2928 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a474c7096ea4bfc5f011e5754a3ed50f_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2468 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | huaijiuyouxi.com | udp |
| HK | 47.75.170.231:443 | huaijiuyouxi.com | tcp |
| HK | 47.75.170.231:443 | huaijiuyouxi.com | tcp |
| HK | 47.75.170.231:443 | huaijiuyouxi.com | tcp |
| HK | 47.75.170.231:443 | huaijiuyouxi.com | tcp |
| HK | 47.75.170.231:443 | huaijiuyouxi.com | tcp |
| HK | 47.75.170.231:443 | huaijiuyouxi.com | tcp |
| HK | 47.75.170.231:443 | huaijiuyouxi.com | tcp |
| HK | 47.75.170.231:443 | huaijiuyouxi.com | tcp |
| HK | 47.75.170.231:443 | huaijiuyouxi.com | tcp |
| HK | 47.75.170.231:443 | huaijiuyouxi.com | tcp |
| HK | 47.75.170.231:443 | huaijiuyouxi.com | tcp |
| HK | 47.75.170.231:443 | huaijiuyouxi.com | tcp |
| HK | 47.75.170.231:443 | huaijiuyouxi.com | tcp |
| HK | 47.75.170.231:443 | huaijiuyouxi.com | tcp |
| HK | 47.75.170.231:443 | huaijiuyouxi.com | tcp |
| HK | 47.75.170.231:443 | huaijiuyouxi.com | tcp |
| HK | 47.75.170.231:443 | huaijiuyouxi.com | tcp |
| HK | 47.75.170.231:443 | huaijiuyouxi.com | tcp |
| HK | 47.75.170.231:443 | huaijiuyouxi.com | tcp |
| HK | 47.75.170.231:443 | huaijiuyouxi.com | tcp |
| HK | 47.75.170.231:443 | huaijiuyouxi.com | tcp |
| HK | 47.75.170.231:443 | huaijiuyouxi.com | tcp |
| HK | 47.75.170.231:443 | huaijiuyouxi.com | tcp |
| HK | 47.75.170.231:443 | huaijiuyouxi.com | tcp |
| HK | 47.75.170.231:443 | huaijiuyouxi.com | tcp |
| HK | 47.75.170.231:443 | huaijiuyouxi.com | tcp |
| HK | 47.75.170.231:443 | huaijiuyouxi.com | tcp |
| HK | 47.75.170.231:443 | huaijiuyouxi.com | tcp |
| HK | 47.75.170.231:443 | huaijiuyouxi.com | tcp |
| HK | 47.75.170.231:443 | huaijiuyouxi.com | tcp |
| HK | 47.75.170.231:443 | huaijiuyouxi.com | tcp |
| HK | 47.75.170.231:443 | huaijiuyouxi.com | tcp |
| HK | 47.75.170.231:443 | huaijiuyouxi.com | tcp |
| HK | 47.75.170.231:443 | huaijiuyouxi.com | tcp |
| HK | 47.75.170.231:443 | huaijiuyouxi.com | tcp |
| HK | 47.75.170.231:443 | huaijiuyouxi.com | tcp |
| HK | 47.75.170.231:443 | huaijiuyouxi.com | tcp |
| HK | 47.75.170.231:443 | huaijiuyouxi.com | tcp |
| HK | 47.75.170.231:443 | huaijiuyouxi.com | tcp |
| HK | 47.75.170.231:443 | huaijiuyouxi.com | tcp |
| HK | 47.75.170.231:443 | huaijiuyouxi.com | tcp |
| HK | 47.75.170.231:443 | huaijiuyouxi.com | tcp |
| HK | 47.75.170.231:443 | huaijiuyouxi.com | tcp |
| HK | 47.75.170.231:443 | huaijiuyouxi.com | tcp |
| HK | 47.75.170.231:443 | huaijiuyouxi.com | tcp |
| HK | 47.75.170.231:443 | huaijiuyouxi.com | tcp |
| HK | 47.75.170.231:443 | huaijiuyouxi.com | tcp |
| HK | 47.75.170.231:443 | huaijiuyouxi.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\Cab1798.tmp
| MD5 | 2d3dcf90f6c99f47e7593ea250c9e749 |
| SHA1 | 51be82be4a272669983313565b4940d4b1385237 |
| SHA256 | 8714e7be9f9b6de26673d9d09bd4c9f41b1b27ae10b1d56a7ad83abd7430ebd4 |
| SHA512 | 9c11dd7d448ffebe2167acde37be77d42175edacf5aaf6fb31d3bdfe6bb1f63f5fdbc9a0a2125ed9d5ce0529b6b548818c8021532e1ea6b324717cc9bec0aaa5 |
C:\Users\Admin\AppData\Local\Temp\Tar17B0.tmp
| MD5 | 7186ad693b8ad9444401bd9bcd2217c2 |
| SHA1 | 5c28ca10a650f6026b0df4737078fa4197f3bac1 |
| SHA256 | 9a71fa0cb44aa51412b16a0bf83a275977ba4e807d022f78364338b99b3a3eed |
| SHA512 | 135be0e6370fd057762c56149526f46bf6a62fb65ef5b3b26ae01fa07b4c4e37188e203bd3812f31e260ec5cccff5924633dd55ab17e9fa106479783c2fb212b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | cfe6ec7dfa5d6338ce0b51d78f2d05d2 |
| SHA1 | 15363aa9678b25806c8e6e67ef3cda4d4dd525e0 |
| SHA256 | c0bea6bba542ec737028cee9e3f1c5bd44ecfe83098f31b308e92269d9c9f93e |
| SHA512 | 24f0916bbbd0a65ec539351792c8537899fe054cceda840471120c376ae16e69d56626e76adfd912b4f616599922fd11f24686482baa1cd29f38afb9c8b79461 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8f195e95fe7e179657c6d861121f84e7 |
| SHA1 | dfc6bb80c0fd54eadaed4189cb41f527654ad458 |
| SHA256 | d67ad197764e72a76e156b98e7506ee95db9d46b02bc272599df23b267c6cf89 |
| SHA512 | 3e35156a5cddc9607f4c51e363e0ccd2274222fbb4b1c54db9c9a8775a536604b6c4b73caed2b7159ea11ae2750115ed627500122aff9e9009ee6da15f91e450 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | dee99fe49727ff98fc91d84275c20c61 |
| SHA1 | c76bb47251fd6f27373e3e4a6fd3f6c1884261c7 |
| SHA256 | 50545c3e3eeefa33d285be8dc685c653e1f00bb805a7eec15a9e18fb4ea7ce2b |
| SHA512 | 4ba6e7e83bfa32d346b3bf35e270e5611b38cc8b9b34d0a1bc621b08ea07cdd0952ab9aaca0221a228424af0f48b23e657760fd3f5fb7e2d300a81ce6934d358 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B398B80134F72209547439DB21AB308D_D14B79B440CDC26D7D21C81855E2C04D
| MD5 | 0504463763b692599489aab39f2d15f5 |
| SHA1 | 984f3a9306d7906ee4543646a633b7b8cb4219bd |
| SHA256 | 1ef92b1fea81ff5bcf8754287187ef35d99dd30e8ca03c0b8decce89bd09ae20 |
| SHA512 | 08e97372a0ebab8e6d49f727653df7e89d04d97af2bb367d1e0990b762813557d29aaa529660b94d7a115705a035958886f90a2bb59516ba246f75d246fa59e2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3217AAECE20956500C22BDB70A7D005F
| MD5 | e336a8ea6b17dcd50ae77a4b831c0401 |
| SHA1 | 282e0774b004966614e59751a9e064a99900af62 |
| SHA256 | f6856353f2991736fb4af5b03b0aadeb2a61244e2547cfc85bcb852394074532 |
| SHA512 | b66606712f993b28b4635e3e83c9e1b65b8f5636aa9a48185d49d0224e3dbbe1c5a19bb8c9dfb2ac11cafdea47c7d0c1a62353ad9c95ab8d1169d9dd8f076528 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3217AAECE20956500C22BDB70A7D005F
| MD5 | 5bfa51f3a417b98e7443eca90fc94703 |
| SHA1 | 8c015d80b8a23f780bdd215dc842b0f5551f63bd |
| SHA256 | bebe2853a3485d1c2e5c5be4249183e0ddaff9f87de71652371700a89d937128 |
| SHA512 | 4cd03686254bb28754cbaa635ae1264723e2be80ce1dd0f78d1ab7aee72232f5b285f79e488e9c5c49ff343015bd07bb8433d6cee08ae3cea8c317303e3ac399 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3217AAECE20956500C22BDB70A7D005F
| MD5 | 8c682d7d4d20a459f603f6adffa64b71 |
| SHA1 | 0f3ffce4d6205c5ffbc56805c9c89eab206b4188 |
| SHA256 | 55b8817cf48513d40fcac76b26b89b6dd1f8d7cefae4a38cc2eb47a70c4b5aa6 |
| SHA512 | 34e9af7ffa1c0d70f4344c7da16746613f637b1c15853be4a7a993f040c0e5ccd3d4dc4325bcdb5c3fb96bbcf2f4a11dcab46eb280aecff500be42852b7284b8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3217AAECE20956500C22BDB70A7D005F
| MD5 | 9a0b48a42238000f6f53f8d7c8b02eb5 |
| SHA1 | fdf06f10ce387e2179c8d035a0782d3cdc34b1fa |
| SHA256 | 7a29e3f0ec13a6ab2cdcc237e571a12050635f46c0b610d13eb1fa469430e423 |
| SHA512 | 51d0f47c7d1d9724ffc7bfb627280e6c38bf489d93f5a759f0251458e4af7c082f53e7a39957fde1097e54dceb2a3376c598abd377778dabe9496bdeadadfcdc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3217AAECE20956500C22BDB70A7D005F
| MD5 | fb2d1d5e32450868e9d37d7e34c5fd3b |
| SHA1 | fc814c2e8d147a7bec16790cab195c14306e11b5 |
| SHA256 | f0e27eb5a887a36918e46ba04851a284b9b636909297df1168df3d6764b5a655 |
| SHA512 | 4c8022c24daaab83a14103d789d6e9f5d0bbce0a114b0390a2e73ee035045fe6524ab200ceb05f8ae5f061cca94cd2a6e4865b5fdb79fa64678f07c83481ce6e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ab247c1a979b6b6b14c3af04e9c5d7cf |
| SHA1 | d7f64854cbc7e12752800e79a46b072a61137428 |
| SHA256 | 0470c6f792501763ebbd9784acc8a184c55d5f7c88e6a7f4cfa310954354aa47 |
| SHA512 | 9ae62fb3531717207e7ef2204ac25929e4497c8f0fb418726e4606f872464807ef872227e75fe367ec1a2cc50c4d6cff397bf777af2c002ec7d33ed001c69092 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3217AAECE20956500C22BDB70A7D005F
| MD5 | f32b491076e1d27f22c29c25adc72d5f |
| SHA1 | 13c24338640d5fd34bd6ca76ce2fb7944592ed30 |
| SHA256 | 32f00a75c59aac9934fcf154e6ab91d7ab9d5c3a51b6a24e158d03c38cd61ec0 |
| SHA512 | a2d61635f11463234d7cc1dde749ebd9e4598211b072229376325bdb03f5b3fc2d7f49153cefc28c083369ff50095b48974475b83a87f159402017f3b4f8673b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 29e5278f597376d1d337157b3aaa49e2 |
| SHA1 | 2a235f5630e9999ad7ef1374442c5a5257e6ea3a |
| SHA256 | e1f339abd2ba9a3741a86399cc69bead10f9d6eb4fbd783ce39a459d543bd4a5 |
| SHA512 | 43be2842c39c51e0331a8fb59506bd923b3302c78a1ee6dd0c311cc3322f266c732cd6b3f2ab922602f3068d04d4c904130a23ab022fa2ce1dac1f1dd61d1482 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4345b9379f3d822244863a8a204188f0 |
| SHA1 | bf2afa8658542aff73d6ebd356ca0b64ea0e9d91 |
| SHA256 | 5e7f96964fcfccb592d1cd904c1d1bf8652778a70ec7fb50b2b05073066d2200 |
| SHA512 | 4164128328221085fe587cf752cc0931ad430e94a7b8da60eda1442f93ebf9fddd031babfe1b21f4e8f27d4f70602b90551fd7027d0a3d82852c41d8ed2bc643 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 86010d528225a835f7e72340e5dab9c5 |
| SHA1 | d9ff9f95f8cf94fe1245a12d857762336372dc07 |
| SHA256 | ac616c15696f18f4873e72fadb27395bf261402ec5733a216b64ad7618118038 |
| SHA512 | 4799cb687fa13ee6d7a41e9719c58a7ee3729f77ce27a5a001b13ff1ad703847639822db829c6f2631682af693e28ac1950abb35cc53e567a897ba4b31332a64 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 53bcdca0abd576638a39e2ea11a3307e |
| SHA1 | cb3567224add20e6e07deb4999f5d0818353848c |
| SHA256 | 23a46302429aa6efd6cf4921807b1397a1f51378a15617f0964c72c027f24596 |
| SHA512 | b3a7e1537d535d4b510355cd59e63c07202698292a851cc7c6c8bd3bdde3d3dcc0272bff300831277cba4be85ce605507f8c0622edf5cdb52be2dd380ff0cdf2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 25ac93501c2a5f7f0cafbeeb486383c9 |
| SHA1 | 90124c264e79057b83db82c515ea0c9140627d5d |
| SHA256 | e4b864ccb719799a392e3f73cc3ed1a5d2228f871f24720c74787eeff813185c |
| SHA512 | 685dbdc9f6884f0d6dcf19ba5925eff46b46c4cb4fd48b0e2b6a843712d6dc487a027ad686fe626f4c42526bd1b072a09ace2b1cad63d832e9a60d2c6661a8bd |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9aead9388e4a8d4860dce6d54efcb835 |
| SHA1 | 8b40a71352ce81a2548e22993fd0c8b78d80659e |
| SHA256 | 5cb397fc3fa3016e0b6dc01fe60a2c9ed7a51a007f1ca7c7ed92d11d802565d9 |
| SHA512 | fa44186b12e9a62ad56d65604f7c6544bb97cd522945d0e9ddcc3d1159f3c0f5db44be54b9de030def963e5b879ef1a318cbf5a9347f48fc12aebfaf2358d193 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c7762c7e4d6d14dff60f837df0c38f9b |
| SHA1 | 07e7f99ef6a4f410131c9fc2f36b0a5e5617a8fc |
| SHA256 | 162e3851d198c8ef5d60365e3f0cc2e492ad6c3c6f53437123790550a13306c8 |
| SHA512 | 267f4f2b006ba1d57009ba06ed2093dffbe95e92ec4fec44a230421ea02a5e4480a8ba0f0ed43c5a7d4071948a86eef582f2908be9c0453a9037d61430b052f5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 598565da8b244188062d85f940741af5 |
| SHA1 | 128c1fb10109397f267de7d0687363c9f3552102 |
| SHA256 | 8574f0401939d5230647f1a9cf3d93562fbc8b597d210c15ec38822a7e8c9e62 |
| SHA512 | 1adf852a762baa48cf49be761bb53aedd690900fd9e08754467ef65254373cef7e83be22405f3ecf6de7df97b11dc627715a0dc32a13e6791eaba5ee8aec1c51 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8ed19665034c404505b966e2f7aa87bc |
| SHA1 | 5fcb89a66dc52ed8c057fb5703067422ab721106 |
| SHA256 | 9aa570deee118799f6eef38cf3c47ae9e03f42032150e5c9d1d1ce3f22ce53fe |
| SHA512 | 14498c32d226100a833bc98e3c0d563cfe945332e3af9bc8ad59e9ff36a3cd106f5702c8fca7c3d3a013a2e5f11a828a136a99a49e1dd2891c71b5d521f7230d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e89df9591ad3dc65aa78d5afa6b137b3 |
| SHA1 | c89386e6dc6ec1d9b779115108296e4f3357a67f |
| SHA256 | a10629288887ddb351b3c4221d8a5f4f3a78006f14fd0426b9e7e23d8aeb4d45 |
| SHA512 | 88d8ed3ca07cc068bfad3f7867ad04b31c5ac1eab59ce4f96a73506a9f260f7bf8d5548b16bbb1365ab22be2e7dc68d949df1f5b19695d778ff4c2ab83671e76 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 31e7bb85c1385cd351c79d28669ab81e |
| SHA1 | 8b6002ed6e5897090e772b3a4500fdc36ce71429 |
| SHA256 | 4b88d832b14327c4d4875c26e3ae983fd545d8bd0adada96143b320121275e62 |
| SHA512 | e79c6fcdba7a09a474ecce9c67d8b8c93c88a44b538e697e6b24f303ed776b1b468c2afaa29934f064b8ec8690fce7af9db4fbfa1ec671168e372c276eaec414 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c9d34798f88821467d57177f975ca411 |
| SHA1 | c02ac08c3457e0eb02fcbce865990901f13c6cf5 |
| SHA256 | c16f1c622c232e53819ba8fb05fc72a7334c448d14a32cbd28b6f77b3e32bcf3 |
| SHA512 | 7575f2c996d9360ae8121fd6788dee04f073906ebb542fb980b882d269b720394b4366aac9c4870c22935cfb0c3fc93023bcd2dd4fbcf21a4083e95b5b2c2dc5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f21e0401d3f0eab7f1b3c169b9013ff8 |
| SHA1 | d43b7eff090c9d778f16164afdd24da784818e93 |
| SHA256 | 7e86b68686533e1f0886a08337edd76db8894f558f4239740438e82816c0aabd |
| SHA512 | c8e643ad2cf2738c86ce745f844864bb9d015aa6968deb3c5b0636b2f43b7545e220e2550c3f8253672c148eb126c08a9f3ea0ef3911305345de74ccf1d582c2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 942047b3de47e49edd115b067ab8eac0 |
| SHA1 | f9bd68ab7849a8119a0fcc7d76e4cfc86ff058b8 |
| SHA256 | 100d77578cc1180b8f5f206e98a1066ce4307cbfb751c3cb8b1290edfdd3ecc1 |
| SHA512 | 87b2992da5cde32cf4b4cfc5d1df377d41109fd9001cca456dd33302fc3ce837fb6fd356659e29f84a96281d5916d543dc7dcfa8f4ad76def42de822d1c3feee |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6b239f8b40116f28d7fa697665403e22 |
| SHA1 | 751ab7f3f2089652f43445e34ed9b91186ebc4bf |
| SHA256 | bbd48ac08c43b3f3fd69b9dff508405988f02227af51aac43381ee8661616b4e |
| SHA512 | fd625cfa18f42cd89257fe98b946e72ccafa6d8e832d704320938f37ac8e32241771dfc7a9b8a2b96580e4db4c864cad97c94f104062d95a5c53fedeec0011e5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f90376987bf569dffa2815a270c3fc28 |
| SHA1 | f4f19ecde050a70922783aeeea6b2964b75445ef |
| SHA256 | e8f2a2ec0f0b4b8045b08ad028405dab59616bae17b90b1861795b3f082f7756 |
| SHA512 | 43a403723da6f31b1361407da61147f703dba8c8a995c6d6f3cb8beb13d38153f97b64f721581b2f5b5c81989bee2dee8f4658be20ebed423a4d273552cefe2b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 846b6ba400e0fd1d194bb44109e97d31 |
| SHA1 | 9636a989fb2f4e2ca1a75a46ec81ff57a1374858 |
| SHA256 | 85cfda6de513d0bc4d1a15109f7ff48a649143c61b2a2cbcc1c5ae1d347c1aaa |
| SHA512 | b9c28bcec43d8329a47b18820135a7282d83c760704a36223b881c2c320fe93f94184aebb461e1bbda3d1eeab8a2f8a393ab22b49c224397b2379f1a8c73b0d8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1f5d1b34b0c58ab8503bd452b0e98bcf |
| SHA1 | d99af0f79139e681321d2608fbad66df364c6c37 |
| SHA256 | 6a5a78029f82469a17556207d03d87efaac4ff0aed924f29a171be3c9bab3a81 |
| SHA512 | bbecf2016e916f13da3bf26b77d5d4dd22e5b73f48b053016f0fc8553f442583d3d41069a9dd2a349f9e59453867e5e9257ed8d966d69a533800cf0ebbfbdd79 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | aa73e0b2356c95a8bd2000e2c7b8d624 |
| SHA1 | 715f7a81e4808c7ba2f91be3f4438b9381e5b739 |
| SHA256 | 941f91ba1c1b171695e638633701ad272ff7fdb700023cc86360b90196b16819 |
| SHA512 | 6895bb3ae1e96f9340b0dfb2e56fb4eb37740117e3816ad30daff91c2faff6d14d2bad06a9a9c22a7e15b0bc14d2759d00878297b3e8227afa9e9359c5fef054 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9eee3a6e32b8c5d3201e052a94d2a583 |
| SHA1 | ee8b611a2ffc68ce7a2d0ed9861c15febce9a5f1 |
| SHA256 | 5fd6ae503a632b2d99f45e71bdec201c3709e666eaed81a74dc7769fb52d300e |
| SHA512 | 71f0ad346b777cfa21df49e11dc0b8b1a11d0dbcc938447190fc663970cd0d36fc5d8852bb6ab7c7b3373decdb3cbc3d52a8944161c8c30b89fc5b89880c2474 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-13 07:37
Reported
2024-06-13 07:39
Platform
win10v2004-20240508-en
Max time kernel
145s
Max time network
124s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a474c7096ea4bfc5f011e5754a3ed50f_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff97d9546f8,0x7ff97d954708,0x7ff97d954718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1980,17504494922865824853,6871120100427445489,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2052 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1980,17504494922865824853,6871120100427445489,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2308 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1980,17504494922865824853,6871120100427445489,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2928 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1980,17504494922865824853,6871120100427445489,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3236 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1980,17504494922865824853,6871120100427445489,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3188 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1980,17504494922865824853,6871120100427445489,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4892 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1980,17504494922865824853,6871120100427445489,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4892 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1980,17504494922865824853,6871120100427445489,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3964 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1980,17504494922865824853,6871120100427445489,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4652 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1980,17504494922865824853,6871120100427445489,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4140 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1980,17504494922865824853,6871120100427445489,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4740 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1980,17504494922865824853,6871120100427445489,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1912 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | huaijiuyouxi.com | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | huaijiuyouxi.com | udp |
| US | 8.8.8.8:53 | huaijiuyouxi.com | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 439b5e04ca18c7fb02cf406e6eb24167 |
| SHA1 | e0c5bb6216903934726e3570b7d63295b9d28987 |
| SHA256 | 247d0658695a1eb44924a32363906e37e9864ba742fe35362a71f3a520ad2654 |
| SHA512 | d0241e397060eebd4535197de4f1ae925aa88ae413a3a9ded6e856b356c4324dfd45dddfef9a536f04e4a258e8fe5dc1586d92d1d56b649f75ded8eddeb1f3e2 |
\??\pipe\LOCAL\crashpad_3328_LJWMMXYJEWLKVJIG
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | a8e767fd33edd97d306efb6905f93252 |
| SHA1 | a6f80ace2b57599f64b0ae3c7381f34e9456f9d3 |
| SHA256 | c8077a9fc79e2691ef321d556c4ce9933ca0570f2bbaa32fa32999dfd5f908bb |
| SHA512 | 07b748582fe222795bce74919aa06e9a09025c14493edb6f3b1f112d9a97ac2225fe0904cac9adf2a62c98c42f7877076e409803014f0afd395f4cc8be207241 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | d2f265fa3d2e82cb3b32109d716e0ba5 |
| SHA1 | 4c121c204e81f978768114342618365887db0828 |
| SHA256 | 65d8d2172ff880a220aa9f31be670ca0342a125c352c456bc4258dfa660bdecf |
| SHA512 | 70d024469cb1de4b03eb5d5efb330999e9d5039d08679ce84300f9d271b7c911aa069a08a62a722df95d3464bd76d4663f70c81a92b7bcb2c32fb4862c69419c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | f10e1bf0f2a5383f44080e46bbdf3859 |
| SHA1 | 2a1038c27a2f601426d9342cecefef2b976801ff |
| SHA256 | c4ddfeac1f043176e37a8df0b0d88042166113e979a8e096edc8bb7aa89100fc |
| SHA512 | e5846a02f3960528456ac19f72cc986d1202fbe34140ce454eb275b706011030f66f11781b96bae76e2312d546c9cdc5b41a3c370db3723a040282c590ac3ace |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 130ae1d9304fa1f1efdd943c6fd5fb4d |
| SHA1 | 3ce00ea0ba356cfbdd9abe4594d11f80151b2b1c |
| SHA256 | dd065098fe77aa5eb6497daaef55b2a8af435002fdacd0f6bf62d9264c49b02c |
| SHA512 | 3e9acce30f1412c6a8e5ad6583ab89c53db9559b069cc1284dc580653239c6aef7a5b9b8558683c74e4d28a4053e9a6a5069204c396a00db5b0c7da55f3aa8d4 |