Analysis Overview
SHA256
98fbc9f89b92160f1012b4e32c9ea3da2fc05317f7a08cf87eec5e37623b1085
Threat Level: Shows suspicious behavior
The file a47892505a7369b3d7c36d4125dd7279_JaffaCakes118 was found to be: Shows suspicious behavior.
Malicious Activity Summary
Enumerates connected drives
Enumerates system info in registry
Suspicious behavior: EnumeratesProcesses
Suspicious use of SendNotifyMessage
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Modifies Internet Explorer settings
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-13 07:41
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-13 07:41
Reported
2024-06-13 07:43
Platform
win7-20240611-en
Max time kernel
145s
Max time network
150s
Command Line
Signatures
Enumerates connected drives
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005ec80cf279b2564c91633e21940a807600000000020000000000106600000001000020000000b28acbeb620950ed35e8eb57cb31a5d53f1af2674ba7e81003c56bdedc0937e1000000000e8000000002000020000000c089ac43053c99b704d15b778f27ced79dda4262eb8285b8e9033fbc373969be20000000c75ee350e090e7485ba1c8879c6571d2099f02d019cc4c820526eab8bac6f7f840000000f161d79bf25bc180b464ef9060bcfa508050407832272b981cb077b76f551c7b92f71ffe38b8a94b490c420fe2d942826d36170803ef954d6dfa944596d5dcef | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424426342" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = a013ae2665bdda01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005ec80cf279b2564c91633e21940a8076000000000200000000001066000000010000200000009a330d5451336979159bb0e3c96ab2d052be3700d0d619309195a7e29466b31f000000000e80000000020000200000009032729aa40da339baf3d840fa91118652fbd30fde276836ba06471290685dd290000000b152e9f3cf20c5f73b5f69cd7f14e540e2c71ecd51bd9e168dd9f910d47de03d03762225fe282bbc558473f8de6206e4d47c26cd7d2f6345131c558898c2ae9ba57d5285077427f3abff71e3d35f8a007673df8f7ac7d8366e33c56f3c52c49f1890859184fe1a42298cd8fbb4cbd9bf1e8c413c2a574a2ed60d5e3b84c96623865e0d3a31784cece664c081de8ee71d400000003ec7f8ee1ffc0d57067e9efcd8b1d3df4b27ef78c583a3e1bacde7b372b24995ecb97d440595f555d21388a8c0a33fd0b52c19089fef85ed618e2ee1304e9d2f | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{4F890F51-2958-11EF-BD87-DEB4B2C1951C} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2180 wrote to memory of 1036 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2180 wrote to memory of 1036 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2180 wrote to memory of 1036 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2180 wrote to memory of 1036 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a47892505a7369b3d7c36d4125dd7279_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2180 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.blogger.com | udp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| US | 8.8.8.8:53 | www.web-counter.net | udp |
| US | 8.8.8.8:53 | resources.blogblog.com | udp |
| US | 8.8.8.8:53 | img1.blogblog.com | udp |
| US | 8.8.8.8:53 | h2.flashvortex.com | udp |
| US | 8.8.8.8:53 | www.formulariopro.pog.com.br | udp |
| US | 8.8.8.8:53 | estatisticas.megacontador.com.br | udp |
| US | 8.8.8.8:53 | lh6.googleusercontent.com | udp |
| US | 8.8.8.8:53 | 4.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | lh5.googleusercontent.com | udp |
| GB | 142.250.200.14:443 | apis.google.com | tcp |
| GB | 142.250.178.9:443 | img1.blogblog.com | tcp |
| GB | 142.250.180.1:80 | 4.bp.blogspot.com | tcp |
| GB | 142.250.200.14:443 | apis.google.com | tcp |
| GB | 142.250.180.1:80 | 4.bp.blogspot.com | tcp |
| DE | 49.13.165.59:80 | www.web-counter.net | tcp |
| GB | 142.250.178.9:443 | img1.blogblog.com | tcp |
| DE | 49.13.165.59:80 | www.web-counter.net | tcp |
| GB | 142.250.178.9:443 | img1.blogblog.com | tcp |
| GB | 142.250.178.9:443 | img1.blogblog.com | tcp |
| GB | 142.250.178.9:80 | img1.blogblog.com | tcp |
| GB | 172.217.16.225:443 | lh5.googleusercontent.com | tcp |
| GB | 142.250.178.9:80 | img1.blogblog.com | tcp |
| GB | 142.250.178.9:443 | img1.blogblog.com | tcp |
| GB | 172.217.16.225:443 | lh5.googleusercontent.com | tcp |
| GB | 142.250.178.9:443 | img1.blogblog.com | tcp |
| GB | 142.250.178.9:443 | img1.blogblog.com | tcp |
| GB | 142.250.178.9:443 | img1.blogblog.com | tcp |
| GB | 172.217.16.225:443 | lh5.googleusercontent.com | tcp |
| GB | 172.217.16.225:443 | lh5.googleusercontent.com | tcp |
| US | 172.67.174.77:80 | estatisticas.megacontador.com.br | tcp |
| US | 172.67.174.77:80 | estatisticas.megacontador.com.br | tcp |
| CA | 15.235.14.201:80 | www.formulariopro.pog.com.br | tcp |
| CA | 15.235.14.201:80 | www.formulariopro.pog.com.br | tcp |
| US | 172.67.174.77:443 | estatisticas.megacontador.com.br | tcp |
| US | 8.8.8.8:53 | 2.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | 3.bp.blogspot.com | udp |
| GB | 142.250.180.1:80 | 3.bp.blogspot.com | tcp |
| GB | 142.250.180.1:80 | 3.bp.blogspot.com | tcp |
| GB | 142.250.180.1:80 | 3.bp.blogspot.com | tcp |
| GB | 142.250.180.1:80 | 3.bp.blogspot.com | tcp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| NL | 142.250.27.84:443 | accounts.google.com | tcp |
| NL | 142.250.27.84:443 | accounts.google.com | tcp |
| N/A | 10.1.1.3:1081 | tcp | |
| GB | 142.250.180.1:80 | 3.bp.blogspot.com | tcp |
| US | 8.8.8.8:53 | 1.bp.blogspot.com | udp |
| GB | 142.250.180.1:80 | 1.bp.blogspot.com | tcp |
| GB | 142.250.180.1:80 | 1.bp.blogspot.com | tcp |
| US | 8.8.8.8:53 | lh3.googleusercontent.com | udp |
| GB | 172.217.16.225:443 | lh3.googleusercontent.com | tcp |
| GB | 172.217.16.225:443 | lh3.googleusercontent.com | tcp |
| GB | 172.217.16.225:443 | lh3.googleusercontent.com | tcp |
| GB | 172.217.16.225:443 | lh3.googleusercontent.com | tcp |
| GB | 172.217.16.225:443 | lh3.googleusercontent.com | tcp |
| US | 8.8.8.8:53 | i9.ytimg.com | udp |
| GB | 172.217.16.238:443 | i9.ytimg.com | tcp |
| GB | 172.217.16.238:443 | i9.ytimg.com | tcp |
| N/A | 10.1.1.3:1081 | tcp | |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
| MD5 | 3d2d3699826c2c3b0965f3b21e8736da |
| SHA1 | 042f2e16c1259876e13c50daba09a04954ff9da6 |
| SHA256 | db772bc2f24866b63e1eb68c052336512135bc46a2a8b13246e0c03355034ee3 |
| SHA512 | 3138fb6abae6c271061529edbef8674b1f077ba4012a2fba71e4514b9d828b1c45fd8c49a4dc21bb7802fde749e61e08fb7023fb6d199525d7bfa16e2425fefa |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
| MD5 | cb85f3fcf86ef0de7ef258539cae87de |
| SHA1 | c73288fff07885a62f8c7033b348863ed3b8cad1 |
| SHA256 | 7430a96d94b1faa5363b7656b323ffa416fd262e0405e498bb143dc93443963f |
| SHA512 | dc152f2e8c8f7e316e84f7a1f3996e02c08d582d6d0e40b8bf7171e359ea952a80b7452e56690b30fe98b4655d4744e8529a930449ef1cd853e377f86294b2d2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA
| MD5 | ac89a852c2aaa3d389b2d2dd312ad367 |
| SHA1 | 8f421dd6493c61dbda6b839e2debb7b50a20c930 |
| SHA256 | 0b720e19270c672f9b6e0ec40b468ac49376807de08a814573fe038779534f45 |
| SHA512 | c6a88f33688cc0c287f04005e07d5b5e4a8721d204aa429f93ade2a56aeb86e05d89a8f7a44c1e93359a185a4c5f418240c6cdbc5a21314226681c744cf37f36 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA
| MD5 | cb3f670317386e7be0e064a8a11924c2 |
| SHA1 | 3bb0ebe7449e00fec8bb653d21c82827a386a20d |
| SHA256 | ddb5df8accc00d429619dd6c21f7cad4831fe2fa05ab37d78228075e904b5a80 |
| SHA512 | 973a1e00f923e0eb56e20b56dfc369f176c0cff4e31b431cd39014c68d950c8f6602aa0870b8b80de8c61c200af73433aa835beb1c7807137da3fd66e17fe04b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\265C0DEB29181DD1891051371C5F863A_DACC52A1882A05AED14688828CFAE295
| MD5 | 99bca888a4734d5d8fc0cd368a393715 |
| SHA1 | 2aeccc09cee9ec4743c2aaaa761e31b1c9cfab3e |
| SHA256 | a8059ebc67b375bbcd784f6eed4d838b54cf67d738ea1652ed215f1fde38418a |
| SHA512 | 239a4e8079fabbd62359ba86ca679df4773dfe6583c6abb24e296b9e966c52775cbd7ae8c50bf6e65f6995420c8e6355669971287823a51eaf735d4610782d13 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA
| MD5 | 0fb56d482066140d9e39c9ea2701a3c9 |
| SHA1 | dc126434dabc45f2f9ebcf63ac9ed8220545340d |
| SHA256 | 1d400988b16721f662f364e62852ce492b0d518643051c3efd1308bf9aa8eaf4 |
| SHA512 | 91cad394a017ab3091450a030b3979744ac80793ff5ee9136b6cf41541e4e1f95f387129e5bb7083ee08a39c31899324a1b9671b50547dc1e9c4ff63e8adac78 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\265C0DEB29181DD1891051371C5F863A_DACC52A1882A05AED14688828CFAE295
| MD5 | a4c3e4b3f212ccf9719236eaa8f728be |
| SHA1 | e017a18974a9969ca60ca2499ac54b464d91a2ef |
| SHA256 | 0641546fbe6a6bf201d918796cf5efa992632208053037f369a6173cc2afd39a |
| SHA512 | c4c229eec604f4022ab0d439eb8b95bbdbb554d809d4571745957f0da5dc740e4ecb13757273b9dcf9f431a5b1ca40d53a539e2ccfaadbf7c161dba6b8b2734f |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HWTP8BNA\platform[1].js
| MD5 | ca058c47f91fde91fe2689ab8e0b8a5c |
| SHA1 | f49a88830ab0aedec26386d901232aba544e57d5 |
| SHA256 | 376d19623973dd693148671943ac4e30194fc816761688e08ddfe9dc8553719a |
| SHA512 | 8bc32d1ea3217b651c9842f222612361c129ec5397f176d9724ea154012ffe774818d58292e6eea22deea5b466ae9667a878b5c1bbbf386070d74ed9764f2ab8 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Z5LT06Y3\cb=gapi[1].js
| MD5 | f9255a0dec7524a9a3e867a9f878a68b |
| SHA1 | 813943e6af4a8592f48aeb0d2ab88ead8d3b8c8b |
| SHA256 | d9acfd91940f52506ac7caeffea927d5d1ce0b483471fa771a3d4d78d59fda0d |
| SHA512 | d013be6bfc6bcf6da8e08ed6ff4963f6c60389baa3a33d15db97d081d3239635f48111db65e580937eb1ea9dc3b7fc6b4aecb012daeee3bf99cfebf84748177e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1fab48f5072d61a4adf4e84c250a471a |
| SHA1 | 2d3b52ddee6f35a62451a4dbb883f16532bc97ac |
| SHA256 | b3f6e4b065aad06638eef86d873d155583dc20cfa4d9a03fcaa3f1e122b471d3 |
| SHA512 | 3dc85b6d654d8a35164186e711101a60429797109c7d3fb522c253e0eb144d6377ab3b7454604784e69f012a54368f9f9a3d59f55f0ee4b8aad5044495d46d37 |
C:\Users\Admin\AppData\Local\Temp\Cab989A.tmp
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\Tar9899.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d3964e9981a23c814ca7dcbea3232ba8 |
| SHA1 | 26cfff737b3da0519dcf2569e292be4df6d23a0d |
| SHA256 | ca40ce50b831b88f3ea0a2e8b67ec9a930f5ce6e910b5f9d331cd741f60e9dab |
| SHA512 | b8437431c7509085ba16f1eb9ab6e4cc88ba23145c7e634e1145ef122b55eff8a1811b28fe04c986501480405469b7a253d6cf2b19478c98e015f52be6edbed6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 292e6779146d2bf4b8869af1a10faa3f |
| SHA1 | 7cb2ebb97579c7fdacef5de06ff4a9e1c7e89399 |
| SHA256 | 3dcdf8f1e3bc7c216166d79af5bc32349065ee12108adf8d63bfd9db841c3718 |
| SHA512 | cd717d5706d2cfa74fb3fca91514d9d794b5898cb173db7734d6a45fa6774aeb0bab77980621f7c6e0402fa3355fd9a6c7517f5bc18756a0ee494a1bea301539 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a6da4619ec94ae54420464db0db08136 |
| SHA1 | 796142b512a4f234871e8d004a7974613a8cab76 |
| SHA256 | 0400e2820c44046dacb823e0966a1a89849fe45569a42e6ad60c2f153c43b325 |
| SHA512 | c4d1f132d240ff035547ef6beb3e80153aba8b7aebb2f7015f458f25fcd19b8729400729da608590231833f44cc1ab9872f5260902a3f17286d06234a1d11433 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9f1214329179358954b60ce4f525d5ad |
| SHA1 | dfcdf355f102475d3c1888edceb6ad0e0c12c61e |
| SHA256 | 8cbbc5761461e0fbf913716d0cecf979f051f4935fe1b07efea53575f2f3e2f0 |
| SHA512 | 6ca0cd4e8dbdcca602367c66dc51173e81234c9d94ea1ec8ee22459533a295911ddcf529c554cc0310d2b6e5083054634825a13e59127959b7ee777b748f5420 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3ccefb77aa11d6bc513ff4db38a3f89d |
| SHA1 | b81754b9a5c65b4cbd07640b86f4b25dfc7bcbc8 |
| SHA256 | 7989ea4ca2b7925707dcd45376a6da18bc4081f8ac27129785316c34d218e369 |
| SHA512 | 46a1f70bd9e641463509044bbdb679c62160b30c0417d0130e394913e13b44e0b761b009688cbed4e8134c9ad56cc6c7fd6e7c9220dde02f1b6c190f76ab45c7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e93f4b37313d84a343a2586086ad3f11 |
| SHA1 | 13ab8412d600079cb87a5c1e2f923cc2af7b0cdd |
| SHA256 | c2a1037277ad66e5cf57eb7b61093cc2458cdc95b784f02d31f432ba36bb53b1 |
| SHA512 | e6d6b349bfa42b2d21ac785b46d0d3ea44dd17978dbe1c4ef5e7f39210e840f2f6af9de16c157be899cca7492022b861df6dff228161ca3c58646306c3122b4c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e5ae016000e594d615d60380bf3528f7 |
| SHA1 | 85fa6f69f1981f4db7f823d0ee789fb653e1139a |
| SHA256 | f87f0f5be1e674f05626f73c679ef38577ec9071b33622bdd4c1e4d0512356b2 |
| SHA512 | 87d0398ed47f511236d939f4233eb47591ca1f373375bf07f81b77ced304c5ae7f952d727c6aa5138f401fbafa32cc8718eae9d47fd94c42b34352c6ce06829e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c4e5552cecc0835750c1eeaa927ee7f5 |
| SHA1 | a9353e480d0ccada0325473d7835d3a72d8002c6 |
| SHA256 | 1a2671858e340e07f6165bb8934ce3b943d25097ecbb122c3a0012d99dbdef0a |
| SHA512 | 398cfb8fface339bf5eac1334668bcd50de1b610c50e41d00e97aa598148550c1abf47d1888af41a70375d772a1d232d9238527f138423a1b37e93e29df5748e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f99c2332d6788db6dfe827a35d0b9cd5 |
| SHA1 | 727184225e5e6fb8dcbfac981790b09dba135d7c |
| SHA256 | c4d18d1473bc6f97470ae4f4b007ee924640aca4a2e4d43d1960e871241a8904 |
| SHA512 | 9469b75e65c1e0e41b6e522511f16fba069bc349af328346118cab1d930a87af116812b771b369dea3e7680bde03a9d954ee5869fb5879f921c9ca2e36b63d36 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 175b5cbc15221c287cdd02af380089cc |
| SHA1 | 8d6cbd833797dfedd039833a6831f71e44a1cd06 |
| SHA256 | 56e536f4da11c7f5f9f14522095aad14a86dc53aa9a94dcfc88d64f2f11bb237 |
| SHA512 | 45c5b143963b262c7b84dd99dd711b29ec953f575095e0d2e9729304a577b266d676f99d09ccded6c1e7c2a1b6d0457c673fce2991da9d8f90c4636404aa0d7e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | decde5d42dd048c1d5d13f3f2053f68b |
| SHA1 | 5c76613d48405cc185ddf7b8c77da96e5bf93cca |
| SHA256 | 317838395e5b871fcee8bcf079c8fa950d8578a2ec27c76ff96fbb4ec45feed0 |
| SHA512 | fb52e4d81702f6fa2a537f9bac9c778ff2bafb2b4b5318bd4653de42c7b1f5740c760c40e59dfd2d813833347a1ffd617c19e892386f477c5154a107c13f8d7d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a9a1eb53c4f7902d035f312f96287885 |
| SHA1 | 3615dea5b570f8a94206b46b357cafa6fa716929 |
| SHA256 | 3b037e9cb1b2b68aa25db3c4f60ff79bdac605b81d9dd185a01af5b528ffd8c7 |
| SHA512 | 56689c1518b0cc8ce6267f7d6da1a4c9138e1bc868a6e776500a38682efa5b461eaab1c5c51bd8ba5d460a14b06a6347d8003743c46327f4a8999e063f582945 |
C:\Users\Admin\AppData\Local\Microsoft\Windows Media\12.0\WMSDKNS.XML.bak
| MD5 | 02978b8fdf48bcb297b70f8cd0fbffff |
| SHA1 | d1ee92b80ba89790cd7426588d1d5e54ab3cd455 |
| SHA256 | 7ff0a9ea13058a5ecf6a5b5084c3da0f7166967a4a20eb8500c3e97a491fd46a |
| SHA512 | 0178ffce565b8119ebbe99699225dfcc9d07d78ab0ad5f2cf7fa52dd1162b499850d5292aa94fb20e24a419c6e071329db3461d51da2cd87056a4cba45a4a569 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 21f17a7ea40eb8da6b7d96fe9ec3ed5c |
| SHA1 | b31c745910c8d8c1d76986207a12caba431b9ce3 |
| SHA256 | 227c538260cf1673b9513f680335c51311d4e10e96d996e9cb3a320f30311c24 |
| SHA512 | f2e7a017d9b74d279ccb26101bec5e32338c257c9fe6c53505de019fc0ce9d4418523cd7c33de3df7a523b8cb93b80a027acd25504fc95feca3ebcf2244804c8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6e6b8dd818224bf8939cff4c986bd1e1 |
| SHA1 | fa8e02b6280a71a9d6f40c11fa0b522e38e835f7 |
| SHA256 | e94b5813d97cf4f62c3936f6b0f6ae2f37b9113c711f55353a53b7b4851549c9 |
| SHA512 | ee408f3791db91941951aaa34adba91c59791dff5e494b787d36e28304926e43ce183759dfc8d1bab237399d0cb7a0afdc2e392028e23a983befa65cd47acf23 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d8c4bddb05d2bf3511b096135c888f78 |
| SHA1 | 724bb33ca1eee8bc6e1f27ace0587be7366d2318 |
| SHA256 | 4333b9d63df1841a9cebea8f9bc36e4c67005216de25b3ec52b3dec850890b69 |
| SHA512 | 1ae207da9645b8356fcde142c12d03caf7aadf7ce8e322a0979ac04afd3d90376d9a4099e0abbecf07654ba65c517396dd6399a1ea36dadb4317d466fa407f7d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d2f91570a9de62d6e685ae6cf0db778a |
| SHA1 | eb3d8980fad146c50b52a9901681cbf6d54b3d39 |
| SHA256 | 13af26d68ac8f9840b63b9e29ff978359afa88e2fee3f821c06cfc220b31ce66 |
| SHA512 | 8fe19c6a0d77da9d512b2f63a3a876c140b952c4d44c6d43ec0677959fb61b5974522a969ce8d7571c95f58120d788536ed08c9bc377860a070213162cffc5af |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 65f6351688c06223f46bf63a6db02999 |
| SHA1 | 775cc910599cce47ceef500649ac9b50718ae29f |
| SHA256 | df5c4f555a4fbb74d2c65709ba933b7c7a2627b4bee5be2d897b48fdae3348a4 |
| SHA512 | d1ce025da5f8d2be1b27803f992604244c13b475d8b3395f8c7658619a2d3b90b3945915afa9508082e2edaca5ceb60748d8b98e4fe14e24f00ce8571e84a89c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e3ec8b3827c56d2377304bf520328936 |
| SHA1 | 6e4a05b2b93c6bc36503f97c1390acd2c4b30611 |
| SHA256 | 234d33a6e2348fdbc392894622dd9aa2fec2b658a353b42de04666b86e19b52b |
| SHA512 | b31071bd94db5f187cccd426cf60a53c2dfcf07f3478b0d553167aba51c331b5c95517662078a6b8b25f0cd3bfab8f991f57aeb08d1f57d422ef3605b3ac4992 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ea8446d74a8ad5c49287ce7ca5e894c9 |
| SHA1 | ba6ff3f8531c38712900b3bd7a0bf9bc00eea15e |
| SHA256 | 5caf71d4b9ec3247caaf2e71e97a12169be09fba16c23d38baf16ff52cbcbfd1 |
| SHA512 | 82ace31356521182cc21cd10f801285b41fd672a3cb9ece706c1242caf48d46a8847924194a1281904bc7df4341ad057074a5bd6301329993b1d71a50a2e0831 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f877bc8789a334fae8631cc01ae047e2 |
| SHA1 | 7a734768877d617a3e3f01dbcdddc1745a689ba3 |
| SHA256 | 502f8caca7e6195457a3468f374b35bf8f6f74c61743a8c536959d3650855561 |
| SHA512 | 3b9aa39cf1ef349992e286738807b59e7bab9a8e1a6ef42d7f003ae4e1701fc6e62bf3ea339bfe600f22c91294bcc21cfc327b8dbc1d97ea781e3dfac93f0da8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d8de93c7ced2ab66b43f1eaddb2b07ad |
| SHA1 | b5dcd75cc3b11eddd57dc1b9717642d10d38268a |
| SHA256 | 731dfd118fb2b2fe59ca69dba0d973bed436553622c8a2d108f870dbfdd9f6ff |
| SHA512 | 7436d723e69c13d72e701f22c151b6a242dfc9dff459869d306dcc62018aa46a73713feac4abb655f6cf16d0ef5e919b4c1b31d291299a6715cb8166b5701193 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 36ddc77e2ab27cd9a689ca342926faac |
| SHA1 | b99513b442bd445df4f75219dcba468beff24d30 |
| SHA256 | 2a5802079ef46ee4dc48b23cabaee68f134229bd63871fb32b393eb7a15588fe |
| SHA512 | 8883d2aade2218dd337955af6f5f0a0cfd94db6ee0b8cfa8fe8e9f2b421d129bdff1e342cdb186d75b431ff33489c7a2a263985769bc333c6a05aed1a4f1a146 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 35e6e55cadfb29a61f9330de9af0a03b |
| SHA1 | 91e757626be3cc448d13a12a927f00d706b01e71 |
| SHA256 | fa915767b1561e3dac291f1175c25ff73e87d3f9ca05a635a09d93efa8d4516c |
| SHA512 | bc358304bfdd8fa4b2472e2432e2d136831b26d6eae2bc8e2a85fb15907e828d667054f55574d1486b7751b1a1fa3fdc4fc054ce9dd25ee60bbb09435d275d24 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8cd08c24b832f35dc80a3ddaef7af234 |
| SHA1 | bfcaf1a017ff96629dc311ccbfb0fd976a35d3d0 |
| SHA256 | b305c4b4865536e6c7a97c4557cea3e08355a3b10c3ba2680135e6fb230bf1c0 |
| SHA512 | dcd35b25bc5be530654daea690a5a5703fe2337f46362d1ef92090d63ac0e4caf924664c4237b335b2db13ac4b59a978ac17d07c539abc889b509a6ed02a0274 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-13 07:41
Reported
2024-06-13 07:43
Platform
win10v2004-20240508-en
Max time kernel
147s
Max time network
150s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a47892505a7369b3d7c36d4125dd7279_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb260146f8,0x7ffb26014708,0x7ffb26014718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2148,15125688677663798613,5387697864485495806,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2152 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2148,15125688677663798613,5387697864485495806,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2212 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2148,15125688677663798613,5387697864485495806,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2736 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,15125688677663798613,5387697864485495806,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,15125688677663798613,5387697864485495806,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3320 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,15125688677663798613,5387697864485495806,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4356 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2148,15125688677663798613,5387697864485495806,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5176 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2148,15125688677663798613,5387697864485495806,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5176 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,15125688677663798613,5387697864485495806,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5172 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,15125688677663798613,5387697864485495806,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4740 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,15125688677663798613,5387697864485495806,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4180 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,15125688677663798613,5387697864485495806,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4872 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2148,15125688677663798613,5387697864485495806,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4780 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| US | 8.8.8.8:53 | www.blogger.com | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | h2.flashvortex.com | udp |
| US | 8.8.8.8:53 | www.blogger.com | udp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| US | 8.8.8.8:53 | www.web-counter.net | udp |
| US | 8.8.8.8:53 | resources.blogblog.com | udp |
| US | 8.8.8.8:53 | img1.blogblog.com | udp |
| US | 8.8.8.8:53 | www.formulariopro.pog.com.br | udp |
| US | 8.8.8.8:53 | estatisticas.megacontador.com.br | udp |
| US | 8.8.8.8:53 | 3.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | 4.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | 2.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | lh6.googleusercontent.com | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 87f7abeb82600e1e640b843ad50fe0a1 |
| SHA1 | 045bbada3f23fc59941bf7d0210fb160cb78ae87 |
| SHA256 | b35d6906050d90a81d23646f86c20a8f5d42f058ffc6436fb0a2b8bd71ee1262 |
| SHA512 | ea8e7f24ab823ad710ce079c86c40aa957353a00d2775732c23e31be88a10d212e974c4691279aa86016c4660f5795febf739a15207833df6ed964a9ed99d618 |
\??\pipe\LOCAL\crashpad_2468_WQQJCXKJFAAAYZWY
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | f61fa5143fe872d1d8f1e9f8dc6544f9 |
| SHA1 | df44bab94d7388fb38c63085ec4db80cfc5eb009 |
| SHA256 | 284a24b5b40860240db00ef3ae6a33c9fa8349ab5490a634e27b2c6e9a191c64 |
| SHA512 | 971000784a6518bb39c5cf043292c7ab659162275470f5f6b632ea91a6bcae83bc80517ceb983dd5abfe8fb4e157344cb65c27e609a879eec00b33c5fad563a6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 0c9945d984a1fd4c27b5d674465dd900 |
| SHA1 | fca4937d400c24f561c637bfe1025659f75aaa06 |
| SHA256 | e09ed36adc8c27122950f851366a159a3a7cf799fede507a07215342c4229f80 |
| SHA512 | 6a114200ab212d050bae9209d0d347e44e3f53353ea2a14c26fdfe8e6dbd4a93c52917761a4f0c856e16fad505d3e799fe618d60e638efc1097726b93fba8efb |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 2f0ee368997b1fac59128f4874053a54 |
| SHA1 | e6938b39c20721d096f2b4269c93bcc703292de4 |
| SHA256 | b264d7a1ed14479cea90aa11fadf199e26001c30db02db6eb0a7f5469f7940b0 |
| SHA512 | c1634013a3d6d9dc500fde59ee3d5d5091c50be55462af00a194fc0dc20db78ce8ef1a968310027c5c2c24fbb93ff8b2460e7f640dd5dbf7755004e030b3b4bd |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 1123cbc850a5d3131fc8bf84e6d02501 |
| SHA1 | acef5b7db023bf815199538341be5a01d5c37957 |
| SHA256 | 8b0c6c74bbae26a7084c51846f7ee61bbcd0c7a781bf5723dd6a4126dca2bb2c |
| SHA512 | f8f0c9093dbadac4203c2d0c17da89d6fa4f7b6604981630bf5cf99a8475b6ded48a778d452cbd61a870b189e8a3e810caae28d856e78c0a2f821ac2afa76d95 |