Analysis Overview
SHA256
2ad1dfff83b953ca2c3316e7e090c2940deb9cdbe8e8289291a8196083006f26
Threat Level: No (potentially) malicious behavior was detected
The file a478dc181fdbc979aece5d3aa1943782_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Modifies Internet Explorer settings
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Enumerates system info in registry
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of SendNotifyMessage
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-13 07:41
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-13 07:41
Reported
2024-06-13 07:44
Platform
win7-20240611-en
Max time kernel
122s
Max time network
123s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{5CE24401-2958-11EF-A381-7EE57A38E3C7} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\MINIE | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000006fb3d087c4ee9c4bb22550fd83a0390500000000020000000000106600000001000020000000e41a4c818390eff134ec2c4a812e1c5ac4eb107683d39ca52da90dab4e512cf5000000000e8000000002000020000000885bf91fcee3fd7b1038c5d519ba256ade6ea178b970aacaaa5accaf870005062000000092392bf3e5e441e308152ab64bc6aeab2344b2487ef455325ce39eefb3f9fd1140000000893ce5914489a1e496bee09c24023244f17a54462146ed3a49b0962cdba45caa1b66f88da5808e4b08421f712de342a122c2460b58b8e55b74878e1e3ac8488a | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 50d8f53265bdda01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000006fb3d087c4ee9c4bb22550fd83a0390500000000020000000000106600000001000020000000b3c2e3f2b76ad2ebf3046d8eda5afaafb2de9c137420f78698b46c544edb9649000000000e8000000002000020000000ddc01df2474406a8e57fd935d43148ef58bb518e47dcb3d255700d299898a957900000003642e048698c60b0ac0bb371f24b99d6ef329e13625320a31bdd8d5b190f63ab738f1569caacadb20a71c340c73607fe0221c328b9e3e45a7bbc15590c6ca41c5a3d7be40822e2d8662417f78652a19fc175b783e4c69fa74f40275685b38f5b926d267ecc8252b3161118541c30e97a584642219d89eff1355c1f578f4529b6c423d1ea1daf8a05362599880718788740000000fb6f9bca945f3187d9417bb4f579e76d70f8d1c38f33a7568f57c68a73b6e5555ab6c72c1d93ee97592c071438910f2897176eaa30e67f513735aa67ad30d659 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424426364" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\MINIE\TabBandWidth = "500" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2940 wrote to memory of 2620 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2940 wrote to memory of 2620 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2940 wrote to memory of 2620 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2940 wrote to memory of 2620 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a478dc181fdbc979aece5d3aa1943782_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2940 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | flossinseconds.com | udp |
| US | 172.67.223.226:80 | flossinseconds.com | tcp |
| US | 172.67.223.226:80 | flossinseconds.com | tcp |
| US | 172.67.223.226:80 | flossinseconds.com | tcp |
| US | 172.67.223.226:80 | flossinseconds.com | tcp |
| US | 172.67.223.226:80 | flossinseconds.com | tcp |
| US | 172.67.223.226:80 | flossinseconds.com | tcp |
| US | 172.67.223.226:443 | flossinseconds.com | tcp |
| US | 172.67.223.226:443 | flossinseconds.com | tcp |
| US | 172.67.223.226:443 | flossinseconds.com | tcp |
| US | 172.67.223.226:443 | flossinseconds.com | tcp |
| US | 172.67.223.226:443 | flossinseconds.com | tcp |
| US | 172.67.223.226:443 | flossinseconds.com | tcp |
| US | 8.8.8.8:53 | www.flossinseconds.com | udp |
| US | 172.67.223.226:80 | flossinseconds.com | tcp |
| FR | 52.222.169.9:443 | www.flossinseconds.com | tcp |
| FR | 52.222.169.9:443 | www.flossinseconds.com | tcp |
| FR | 52.222.169.9:443 | www.flossinseconds.com | tcp |
| FR | 52.222.169.9:443 | www.flossinseconds.com | tcp |
| FR | 52.222.169.9:443 | www.flossinseconds.com | tcp |
| FR | 52.222.169.9:443 | www.flossinseconds.com | tcp |
| FR | 52.222.169.9:443 | www.flossinseconds.com | tcp |
| FR | 52.222.169.9:443 | www.flossinseconds.com | tcp |
| FR | 52.222.169.9:443 | www.flossinseconds.com | tcp |
| US | 8.8.8.8:53 | ocsp.r2m02.amazontrust.com | udp |
| US | 8.8.8.8:53 | ocsp.r2m02.amazontrust.com | udp |
| US | 8.8.8.8:53 | ocsp.r2m02.amazontrust.com | udp |
| FR | 18.244.35.199:80 | ocsp.r2m02.amazontrust.com | tcp |
| FR | 18.244.35.199:80 | ocsp.r2m02.amazontrust.com | tcp |
| FR | 18.244.35.199:80 | ocsp.r2m02.amazontrust.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DODQ7AEY\header[1].htm
| MD5 | 0104c301c5e02bd6148b8703d19b3a73 |
| SHA1 | 7436e0b4b1f8c222c38069890b75fa2baf9ca620 |
| SHA256 | 446a6087825fa73eadb045e5a2e9e2adf7df241b571228187728191d961dda1f |
| SHA512 | 84427b656a6234a651a6d8285c103645b861a18a6c5af4abb5cb4f3beb5a4f0df4a74603a0896c7608790fbb886dc40508e92d5709f44dca05dd46c8316d15bf |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
| MD5 | cb85f3fcf86ef0de7ef258539cae87de |
| SHA1 | c73288fff07885a62f8c7033b348863ed3b8cad1 |
| SHA256 | 7430a96d94b1faa5363b7656b323ffa416fd262e0405e498bb143dc93443963f |
| SHA512 | dc152f2e8c8f7e316e84f7a1f3996e02c08d582d6d0e40b8bf7171e359ea952a80b7452e56690b30fe98b4655d4744e8529a930449ef1cd853e377f86294b2d2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_F2DAF19C1F776537105D08FC8D978464
| MD5 | 580eff263d83e56dbbcb43e80c765652 |
| SHA1 | 9644ea2129ddac28a21979aba775b80adf5c19f2 |
| SHA256 | 510a6fb6cdeb34246a8db8754bd9f6395b1e49a6094f305ec59b459879249776 |
| SHA512 | 813e2ade8c5d6570c1e1e7aae06d73fc64a2f859c8c55473ae4e1560e16a4b7cd70c8040e5bf4c13ee1b1ce0ea1a020e945df7cb5a72d196716e116eddc3b17b |
C:\Users\Admin\AppData\Local\Temp\Cab29FF.tmp
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d3ea761ad0a8e557397be9ba8db1c648 |
| SHA1 | df244eb04f98ab0f1d22d0ff05eb62501daca42a |
| SHA256 | c63f45cc926e6ac8d627fa13cde5b3de686c98cf81eb548f430eb4005ec653b6 |
| SHA512 | 1723f3ea64f8524d47f21c096fd9fb185e7901f0da54d6c112b2359fdf7838489667bc033ca8b762aa5ee319032f88440a82c26c98fa2ec9c8c2eae652b131ce |
C:\Users\Admin\AppData\Local\Temp\Tar2BB7.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 872fdd6b6e59f912b2317ebe5b3bfb09 |
| SHA1 | 910290224d95d690b97fd7bff14387d4dd5cd068 |
| SHA256 | 61ff26c7178ca5fcb6dfa549d2019c3840fddfc691898e000239834a28ec8ead |
| SHA512 | ea1e42f031bd530073e159d1b7570700da207d8f73ae2cda40b1a0aaf96d9608b648c72d2b1e69c99051c5f01ae121092b57c9c7ffd64f5727c79dc8b4bba843 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 28020ac415475d156f330564a6bfcb35 |
| SHA1 | 37140aba958ada32c04d61a154327f66368f2ba9 |
| SHA256 | 38829549fbd66a9da78eeb8a26ba24e17d6d8af40cff6e6dc40e3d2332c6a2d9 |
| SHA512 | b2f5220f8227387d1124e5efb250c364c51d787667072d8ef9627ee1258347cdac93a75e6f4b1f146076cfe1e4e408f022380d17380e72c817da257eb70899de |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\070E0202839D9D67350CD2613E78E416
| MD5 | 55540a230bdab55187a841cfe1aa1545 |
| SHA1 | 363e4734f757bdeb89868efe94907774a327695e |
| SHA256 | d73494e3446b02167573b3cde3ae1c8584ac26e15e45ac3ec0326708425d90fb |
| SHA512 | c899cb1d31d3214fd9dc8626a55e40580d3b2224bf34310c2abd85d0f63e2dedaeae57832f048c2f500cb2cbf83683fcb14139af3f0b5251606076cdb4689c54 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0f20014f2f823cb595fda1f3751c93af |
| SHA1 | 7baade78c224f617a01acb13a94212199a44745f |
| SHA256 | f0ad5eb7656fc80741dcb4e20f6852af34fc5a56682d9b9d41072dc6498fd5fa |
| SHA512 | a62fc2e7e15c79a72d0ee816aff9962fe6f7b53621b7312f16fedae4027b3f241fc8d83032f06220a0cf19fb39b3ae432dea5ac9c8fd06fbbd4d49faaf52f465 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 170ef065925624b8e090d8184c8099bd |
| SHA1 | 66ab67768e3a19d71b64c679b43b9a3ca74c8011 |
| SHA256 | 58db73b1740ae865f1cecc1b03e8c55ce1bac0d87d4bd1bccebc0b339d1795f9 |
| SHA512 | 1ff0d7a9944ea88f9bf575505a90ad7fbcc71632ddb7589cded8c9d11ba91f269c3fb7c6c6d1b2cf43efdcd567463fa3c2fcb46c7fa71ea3269ab4848f1ab5df |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\070E0202839D9D67350CD2613E78E416
| MD5 | 0de24e7bf2888da76b9d2b30bbb1b19d |
| SHA1 | 6f2449640f43ce685522cf07119f975891b6a13c |
| SHA256 | ba50b6028b08256bc2898b4f7b084104dcb620ebcafe4d6f31b9af3e1872d780 |
| SHA512 | 96e3a9c845f11b7150170f7f263fbf9dbeed96012be9ee7b00d4eb3ab37898832534baba4e5e64d47ba9f1ab549b100a1fbd64d0863986d1852a613419813303 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 71e3f9df6d0f2d646568064095eb7b99 |
| SHA1 | 00b0330c2236e625091b11abeeb0b2e45bb4d613 |
| SHA256 | a62ca31f36b62dfac9ab20d566c22620a4ec19d2ef3582257d205a7e918c617b |
| SHA512 | fa98ce8049381d40f2be6e19d4ef7991b16bca41a2df5cf5e3f79b788a6c149f31ef5bda39270a6071318ac6bc8862ebb6a61b2f41de39acc6a13efc8e06e99a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F53EB4E574DE32C870452087D92DBEBB_AA132B4E2AD030352FE6431CFE54063C
| MD5 | fad88e23810f963df575859446386158 |
| SHA1 | 2e5418fa061d006b469087284d599cb63a648a2a |
| SHA256 | 84c787954be6f18e5b0c2c21f218c73dce48f47d944c619700259716e24027f4 |
| SHA512 | 955f9540229ad0ffd3ee0b627031702b0f434613cee34aa660dec3ae01a4d3b6dc89936e7e30d243c2dc8382a18b2df062794fb65a6806af3b30346bd02a1ca8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 18ef746c5df0156f6dafa71b355e4dda |
| SHA1 | 6a6e85f765f3ac4aaaeb471c7203156790d47e0e |
| SHA256 | 7312ac21978bb83ed054b0e7a56896d7f1335e8377b7bad4763e385657c97dd4 |
| SHA512 | 7e6e4016d32b8f9ccabfad3e4a053e43d4e21d1824a123d0e5c362aefaec1d7d17097af5338f2efd04b42eb790521f6eb29bdfc518abd00859dcfd458e62f283 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0a72f7f1307283af2c80b5389473b395 |
| SHA1 | f696a49cfbfeb01b5ffd85477640175a0c9300b5 |
| SHA256 | a499c5e3444ac18a8de1d931b5743662176349eecdfbf228e4494034f36e5529 |
| SHA512 | f5cebc3d3eee4b2767df180f1f73b226fd4188affb22f2e9300d1f29d8c457a2979c1e0adf7a2de12ced706a2471c094b0c72df19ca4f0aa7a1d621d81c138b9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 52b5272f8cddfdb8e5fe441b518659aa |
| SHA1 | 556a5f15c9e9ae99da749e8866f4be1346eb83a7 |
| SHA256 | 80d78dbb5458e3c9d0eca29236c0672d196093b075ca3826f0a33d513cc274bf |
| SHA512 | ca076401e226a8251b23b6bbe4ea6a6b0679b44d74a5ce21839037d7f888ff021c382295c7d96ef30c3dd04af38f7191567a7d84af8c233920f40a714e1e79eb |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 38765971d22333caf7754026624d28d4 |
| SHA1 | 821016947c4b2c7c10a8386c49fcbca25cfc2bd6 |
| SHA256 | f06f6ba07607b7fbbe52f0ef983a1a023b37ba32ac6bbc45344f635fd8fdf98c |
| SHA512 | a1dcedddcd475fda50880508a5bb22b5873e6f6837ba9748cefcb61b8adccc7648714fc3ad4e387afe06b1fd5e49c24b1d95f61939edfcc887ae5f81b4773f92 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f0f0e36376b2de0cf9b5d4e152f202c1 |
| SHA1 | 92e18a9b4bedf4ca5a0a604ab933f87de59adea2 |
| SHA256 | 5c524008b538b63bb63960fe85a579da5907792fc937e7a2baa0a0190d5fb73e |
| SHA512 | f778351ec94605175e37a446537e5b624f58a7167c08a433ce7f4d51af06272eeb1b9225264d593077138d068d2db3ac15ad43fbff2a9302f4fd43db380fb4e6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 81c6f7c9ae6a829cb9b667ba7c2f69c6 |
| SHA1 | 618a98e4e14adc3eed98496b36bed508b437ed81 |
| SHA256 | 84dfa0542438b4c02bdbd262f323c9683c9d1271cd8fd39c0247cd5804519d30 |
| SHA512 | 4243b2dc55b6f9b832d791d789a2cdeb513e2246480a273fa30a8c8397637e8d193e69acf0cb06d095ff7b8ea8e6adf4dbaad1a657b15351daf0dbd0ef0364fc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 82ccd1ab929cb8967aa4b9a21ccae2da |
| SHA1 | 10c012f854aa3b22797f567dadf9704956854e61 |
| SHA256 | 39d369757a1ceaba0678b5180349e6ede7b31d6c0edf9657a229c4a91c68c56f |
| SHA512 | 5f590a45c9f593442c34cea8cd31627fee98f136934be826754a133c99bd028983426259674636d30749b0a8200767d4ae22ab38632f7e0e08053143f4cfc7da |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8817fe99ff364235b463cb9824b301b6 |
| SHA1 | 991914f4165c6f78f404447f201c557e770ea962 |
| SHA256 | 3209c0d8448b22d31a57a1a786cab00b9c341b5876ec0f5ecf74f8ff771688e2 |
| SHA512 | 617fd136ce1e612a0fa89892a35ca2d700ed5c716db4e4eea657574dd8607ea13cb348c8ba9983d5a83d3c6b0d03332c1d47765406043055d1a907d3bdd92a06 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 72061a7666c2b9ef5556332416a5e85f |
| SHA1 | da2fc741a245409d11f040079b044af691eaa9ac |
| SHA256 | 307e5bcdae12a7ea1660a74df6d503d84c2faf3a982745a454ee5c3bc444c6cf |
| SHA512 | 70e58dc8689262edade7b00ed75548a3759e91c1571d10698971179d828da0b27cf2b7723a0435becb1cd47e45b1a7f50b481d1b38d63ae493faae9e1d5615e5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1ca369eb1ebe9cef223078aa82493819 |
| SHA1 | 8d23fea2d75d6f6576505dea01f9f6c5ef3ae1ba |
| SHA256 | 102d36f8f15862f2c35d2402eab9b084a426002e0d318f50a5c830db970425f3 |
| SHA512 | cdbf3909e07c817185d697e35d43267cc2f87d12d45aacf25b7b9ef1d4a0f961e39457df01d1379d07df04b1a9b79f5be6d2a4fc4cacc459e572ef8abbe29e04 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 610ae402773a78995a586924f115498f |
| SHA1 | c209496a3b4c1173e0a64fd978c6a5f2d9084dfa |
| SHA256 | 7d9261297299f1c52d9e5b45c797b3602c5a3c1a61f8e02639c796fa8c508572 |
| SHA512 | a8626cb1896ea95fe230dd092e1df56b25ea09525c72d12797c4561c17a10cf904d99b5a5b028eac32d506f091fae9c4362c35a2b582a3b2f72c38351b97cf93 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f1d147974ce0e4c7d88ea6c1603355f5 |
| SHA1 | 22f963117309a7ab1a1a6d3c73ea296825be4454 |
| SHA256 | 76a448cef49c783062771408fe08fc28a11ecd83aafc1ded9d312439298ebfb4 |
| SHA512 | 844cffc584cc32b78d862e3974de402e6e1b47b9d9f85bec53083d821d6cc0d275d7d977d04b083f2e70d80db565ee1caeb248419a1aa3f6b256bdaf1ef35752 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6eef96b901baad5b4a3e1c57b5037e12 |
| SHA1 | 2c375c1e80c2cb40aee1ace154d44fafcca1a995 |
| SHA256 | c7e185e202a30545e2d657c3d94f482c2897f8f6f5cf63f5d02f1fcd3c635f78 |
| SHA512 | a444d6175703a87e7b51486b5cac5ae7bf3b71ef5bc433ee095a4ce9328081f8a0d9f004fd774f37c99ae51ad8d7c9ac255ce976e46a7449b330bc525dfe1744 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f77a32bd38e0798a21abed4031c18640 |
| SHA1 | 5f01146c6f23a9485c9616ad78f17dbf27c842e5 |
| SHA256 | ae0b1724e85b09da055d091da6656cf6669b87005993f7cae10775efd81e7da3 |
| SHA512 | 5c40a2a7546fa909ea48de67b776d846eb9d4612985a4bda6eee1bd91fb81bdb601c469803b075ebb7bc43d3c6721fb1c3f5b6c964d44fba827f111c0598fb76 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 999d6c044faa914f9a8d954c502a9910 |
| SHA1 | 48ddd954d6aced7da657cb50a6496373c420268d |
| SHA256 | df796e83402df6b8a823a9efd9a9d5d3cae497e6efbf890f25c6a5a6c693008d |
| SHA512 | 251fd85d53325fac9e988c6de78084339a5344770ba680ae745c470bf5a5839bc2563f59320cdcda5326854385b90674322ab6a2ff19b36cade20e7e2ce14a2e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1a7b0a413c547373f30111881f68cf8f |
| SHA1 | 3c57e5265962811bc0507a81491df0ffdd2b34c8 |
| SHA256 | 627aa3c1e771d46066fc9096ff1e76ae644739c21c4464d907a55d1e15a84468 |
| SHA512 | 65812e515ec6bf522e17d6ee8dca95ff620e4d2621990edd0cda755b92ec65cea55ae77781af0478dd60db91bd6b93ce4d4c1e210818a58402d1320936e534a2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c0e71200e5991122969cd2c877198c33 |
| SHA1 | 2c1ae79bae8cd8d6590291e2fa1d1dc20b0e5f72 |
| SHA256 | 78d951eeabda5ae9f3e86dd97838773d9ca5c36d152a0d297d867922e128720a |
| SHA512 | ae91f2b71a5d0c1641cdfb9e5e3edaeb8e4e714c7f7ff0449cfa419c996eef9aca7a982c4d84eda700fda959394a8fe4b63be7941e7cc0537b322d517bf95233 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7865684bfdd50169397195664577170d |
| SHA1 | 9f55333b48bf5818222fa5b996b3fb2acdb5ffc6 |
| SHA256 | d300556cbab77690c3ed0fb6ac0478e905f89690b981945c087213e75d0eb9dd |
| SHA512 | d4f16397c1402379756cdcca2be12c634e8036f8fe6ce947011ea3e78bcc3121d98cfd430544689eb2ff24c92265b1bf9a15907b7263e049524b68afd093abfd |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6ad59cd91bedd08be88c4bc2af60157d |
| SHA1 | 8489527b94208a00750499375bbd07588a18bfa8 |
| SHA256 | 90207505a0d1040705bbd8aba68e3ac69e6d5de9dbee617989606ec5d4edf7ef |
| SHA512 | b9fbbe10e1baf3a73dde1823c38bb8814b569fd2af2a0bc90d3e14355fb7d8e510cc2a18c5f0041b4f3e968c2499931c634e68c812072b4bfaa916543e9620bb |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-13 07:41
Reported
2024-06-13 07:44
Platform
win10v2004-20240611-en
Max time kernel
149s
Max time network
150s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a478dc181fdbc979aece5d3aa1943782_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa025546f8,0x7ffa02554708,0x7ffa02554718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2132,6249237077636793901,4613073392961357508,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2140 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2132,6249237077636793901,4613073392961357508,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2216 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2132,6249237077636793901,4613073392961357508,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2648 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,6249237077636793901,4613073392961357508,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3152 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,6249237077636793901,4613073392961357508,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3164 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,6249237077636793901,4613073392961357508,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5088 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,6249237077636793901,4613073392961357508,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5040 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2132,6249237077636793901,4613073392961357508,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3152 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2132,6249237077636793901,4613073392961357508,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3152 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,6249237077636793901,4613073392961357508,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2988 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,6249237077636793901,4613073392961357508,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3412 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,6249237077636793901,4613073392961357508,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3620 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,6249237077636793901,4613073392961357508,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4616 /prefetch:1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | s.w.org | udp |
| US | 8.8.8.8:53 | flossinseconds.com | udp |
| US | 172.67.223.226:80 | flossinseconds.com | tcp |
| US | 172.67.223.226:80 | flossinseconds.com | tcp |
| US | 172.67.223.226:80 | flossinseconds.com | tcp |
| US | 172.67.223.226:443 | flossinseconds.com | tcp |
| US | 172.67.223.226:443 | flossinseconds.com | tcp |
| US | 172.67.223.226:443 | flossinseconds.com | tcp |
| US | 8.8.8.8:53 | 4.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 99.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.flossinseconds.com | udp |
| FR | 52.222.169.9:443 | www.flossinseconds.com | tcp |
| FR | 52.222.169.9:443 | www.flossinseconds.com | tcp |
| FR | 52.222.169.9:443 | www.flossinseconds.com | tcp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 204.79.197.237:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | 202.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 226.223.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 9.169.222.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 38.201.222.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 237.197.79.204.in-addr.arpa | udp |
| US | 172.67.223.226:80 | flossinseconds.com | tcp |
| US | 172.67.223.226:80 | flossinseconds.com | tcp |
| BE | 88.221.83.226:443 | www.bing.com | tcp |
| BE | 88.221.83.226:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 226.83.221.88.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 86.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.31.95.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 30.243.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 214.143.182.52.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | b4a74bc775caf3de7fc9cde3c30ce482 |
| SHA1 | c6ed3161390e5493f71182a6cb98d51c9063775d |
| SHA256 | dfad4e020a946f85523604816a0a9781091ee4669c870db2cabab027f8b6f280 |
| SHA512 | 55578e254444a645f455ea38480c9e02599ebf9522c32aca50ff37aad33976db30e663d35ebe31ff0ecafb4007362261716f756b3a0d67ac3937ca62ff10e25f |
\??\pipe\LOCAL\crashpad_2884_TFQELGUIUSHEIPSW
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | c5abc082d9d9307e797b7e89a2f755f4 |
| SHA1 | 54c442690a8727f1d3453b6452198d3ec4ec13df |
| SHA256 | a055d69c6aba59e97e632d118b7960a5fdfbe35cfdfaa0de14f194fc6f874716 |
| SHA512 | ad765cddbf89472988de5356db5e0ee254ca3475491c6034fba1897c373702ab7cfa4bd21662ab862eebb48a757c3eb86b1f8ed58629751f71863822a59cd26c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 2889d5e330af163363a6c3ce57486531 |
| SHA1 | b41fd64e73ac2c7d56466799b34f61fcdb988f0b |
| SHA256 | 94e215478fa05d60c217b16169a73298676ebd4446a1fc01d1d530262acc7e91 |
| SHA512 | a086652d6125c1df06b83d61fc33c841cd5b86da731c271400ecbb69d2dc5fe00fc4fecb64a0024dd3e84d3a1fa33a31e75508c7a39622ffa811092d2e1d598c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 206702161f94c5cd39fadd03f4014d98 |
| SHA1 | bd8bfc144fb5326d21bd1531523d9fb50e1b600a |
| SHA256 | 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167 |
| SHA512 | 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | f9bd184b0b573e2de46c55e51c910a1f |
| SHA1 | f422817f45431a882b1e646491fa1225551bb3a8 |
| SHA256 | eaa43b0d79dad309af1919129d74b047f6c31112b0a707442ac2482c968b6499 |
| SHA512 | 43463ddce8890807e083d66420b1e2a272f41653843f6d364d95f641631de6db3ce8e96d43eafa54d8c9af831fba862627527f4c11c263fdd016cdd85cdc7d62 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 0ba0b2b0f777922079af593868fe9d26 |
| SHA1 | be0ceeb7f6ccdc0386dff2b1b6654d9db761106e |
| SHA256 | 86781e36c6215eb7135c49c9d8e0fe1084be8b24041cb622beb4133898f90912 |
| SHA512 | 35ed43a512235a580402bda0d75a5d1b602eab09ebbedf13790bd3e061607525c49e2c2e19077f5b5c12f1f8eb4384b7c1a9a58072c17023c488370c806e47bc |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 6a8249ba199fdbc3a6b5f2ed4c9d68fb |
| SHA1 | 6313b3592190600ca18aa81a2d8b617a5851de8e |
| SHA256 | c02dea2072df93dbd9da232ed1ca9bcb52b3643e23c7f116577475a9e5e6cdbc |
| SHA512 | ecf82219ff2fbf34e33f5502b4868a90a3cd13113445d514a9c72d6cf3bbe2bc26f35a466433150e348544b12a9c62b7426410d62467102787ea82f7a3a69476 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | ccbf8250088dcd56aadf2a0338ceea35 |
| SHA1 | 11aeb0cd5d79fdb521ba7cb99d3198eddf71c6fe |
| SHA256 | 3960f76968881e7f8111df645e7035b403f2dfaae985f14a728dc32c05757e3a |
| SHA512 | 81b846e31b44ce10183b10edb466783996305137d4e66078ed764fcba06d5e7d15ccc7960968e4fa286709f666bb89c59b75fc624d62d2b83bb86ef7ca0d1c68 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | d57b3d89f43572dd957680a13a52081c |
| SHA1 | eb53c74106539cbe217875745c3f044e510e049d |
| SHA256 | e34d57cb0c0a93562b8e7e5b0a943be3f4cdaf739be733c85affb501dad057fd |
| SHA512 | 7d527f351fdd4e932cfe18c69025f1b574e72bd3ad56a5651aac3b844994a2762ec013ef920b00b1077ef0b8bca744ac96c31b5de647a7b39036efcea7e7dcd1 |