Analysis Overview
SHA256
bbd4f65e738f06bbf39840ec3f3e3b584f8861d236054446b38d0fefc231e841
Threat Level: No (potentially) malicious behavior was detected
The file a47b9e2fa2fd26952e5214266375312c_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Enumerates system info in registry
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of SendNotifyMessage
Modifies Internet Explorer settings
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-13 07:44
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-13 07:44
Reported
2024-06-13 07:47
Platform
win7-20231129-en
Max time kernel
142s
Max time network
143s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\FaviconPath = "C:\\Users\\Admin\\AppData\\LocalLow\\Microsoft\\Internet Explorer\\Services\\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 30c257ac65bdda01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{D5D074E1-2958-11EF-882F-5E44E0CFDD1C} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424426567" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000696c8123eb503640af2eabd07819c56c00000000020000000000106600000001000020000000ce098869670a6a675b3d2a7215022b2cd32294d370da66e2a1f6d98fa4a45890000000000e8000000002000020000000d85dfdfc48cf2953500d32f4333d57e3da23887ad72630ec24bbbebcf0afb12720000000c0703e7b66b788d7e889c314853552e1d875eb694dd7b5934c4c7bc260aae81440000000531c76c02459387d4bced40054bb60feabaa7ebdb3feeab08eb64cc3b63d4b17bf3297131b125e82fa02578e515db5a43daa227adfb12fe06b1c06e173ec3475 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000696c8123eb503640af2eabd07819c56c00000000020000000000106600000001000020000000d772b26538a00cc9c6fb9a7b496b20163e2fe143a0878c59a6492c1bb68b2570000000000e8000000002000020000000b68f0f41951f72869cc07575dcb9f1d57731eddc6071aeba9b866e40221a13859000000022b2caea4995d4d4b5f79724660e0a964da1a2522de5fcf13e9e244f0464822cc929dece26177c7a5f7a4fc2512a915da6ff20302d29f993bed66ab7da02c2d10b0fb2e19146754b5e833603e65b64f0b0014ad130611f34b6e996c086c01c9696cf374a2d2bbf2c0b5c4ddfc1fb3b8e5d8ec83b9de87131dc9a18b6cd9f9b163be4f040ed58b146e936ce9d03e2ac2140000000151a1fbc59464e0431e50423ccb93fc648de59b7b602d185d7dcaef28f58abf63d502684f5858e0b73788c15f6e1846773d5abf03f32881c44fed3ed59a74428 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2136 wrote to memory of 2788 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2136 wrote to memory of 2788 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2136 wrote to memory of 2788 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2136 wrote to memory of 2788 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a47b9e2fa2fd26952e5214266375312c_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2136 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.flickr.com | udp |
| US | 8.8.8.8:53 | jmslightingconcepts.com | udp |
| GB | 142.250.187.202:80 | fonts.googleapis.com | tcp |
| GB | 142.250.187.202:80 | fonts.googleapis.com | tcp |
| US | 185.230.63.107:80 | jmslightingconcepts.com | tcp |
| US | 185.230.63.107:80 | jmslightingconcepts.com | tcp |
| US | 185.230.63.107:80 | jmslightingconcepts.com | tcp |
| US | 185.230.63.107:80 | jmslightingconcepts.com | tcp |
| US | 185.230.63.107:80 | jmslightingconcepts.com | tcp |
| US | 185.230.63.107:80 | jmslightingconcepts.com | tcp |
| US | 3.164.158.102:80 | www.flickr.com | tcp |
| US | 3.164.158.102:80 | www.flickr.com | tcp |
| US | 3.164.158.102:443 | www.flickr.com | tcp |
| US | 8.8.8.8:53 | www.jmslightingconcepts.com | udp |
| US | 34.149.87.45:443 | www.jmslightingconcepts.com | tcp |
| US | 34.149.87.45:443 | www.jmslightingconcepts.com | tcp |
| US | 34.149.87.45:443 | www.jmslightingconcepts.com | tcp |
| US | 34.149.87.45:443 | www.jmslightingconcepts.com | tcp |
| US | 34.149.87.45:443 | www.jmslightingconcepts.com | tcp |
| US | 34.149.87.45:443 | www.jmslightingconcepts.com | tcp |
| US | 8.8.8.8:53 | r11.o.lencr.org | udp |
| US | 8.8.8.8:53 | r11.o.lencr.org | udp |
| US | 8.8.8.8:53 | r11.o.lencr.org | udp |
| US | 8.8.8.8:53 | r11.o.lencr.org | udp |
| US | 8.8.8.8:53 | r11.o.lencr.org | udp |
| US | 8.8.8.8:53 | r11.o.lencr.org | udp |
| BE | 23.14.90.106:80 | r11.o.lencr.org | tcp |
| BE | 23.14.90.99:80 | r11.o.lencr.org | tcp |
| BE | 23.14.90.99:80 | r11.o.lencr.org | tcp |
| BE | 23.14.90.91:80 | r11.o.lencr.org | tcp |
| BE | 23.14.90.106:80 | r11.o.lencr.org | tcp |
| BE | 23.14.90.88:80 | r11.o.lencr.org | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 34.149.87.45:443 | www.jmslightingconcepts.com | tcp |
| US | 34.149.87.45:443 | www.jmslightingconcepts.com | tcp |
| US | 34.149.87.45:443 | www.jmslightingconcepts.com | tcp |
| US | 34.149.87.45:443 | www.jmslightingconcepts.com | tcp |
| US | 34.149.87.45:443 | www.jmslightingconcepts.com | tcp |
| US | 34.149.87.45:443 | www.jmslightingconcepts.com | tcp |
| US | 34.149.87.45:443 | www.jmslightingconcepts.com | tcp |
| US | 34.149.87.45:443 | www.jmslightingconcepts.com | tcp |
| US | 34.149.87.45:443 | www.jmslightingconcepts.com | tcp |
| US | 34.149.87.45:443 | www.jmslightingconcepts.com | tcp |
| US | 34.149.87.45:443 | www.jmslightingconcepts.com | tcp |
| US | 34.149.87.45:443 | www.jmslightingconcepts.com | tcp |
| US | 34.149.87.45:443 | www.jmslightingconcepts.com | tcp |
| US | 34.149.87.45:443 | www.jmslightingconcepts.com | tcp |
| US | 8.8.8.8:53 | maps.google.com | udp |
| GB | 216.58.213.14:80 | maps.google.com | tcp |
| GB | 216.58.213.14:80 | maps.google.com | tcp |
| GB | 216.58.213.14:80 | maps.google.com | tcp |
| GB | 216.58.213.14:80 | maps.google.com | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | pki.goog | udp |
| US | 8.8.8.8:53 | pki.goog | udp |
| US | 216.239.32.29:80 | pki.goog | tcp |
| US | 216.239.32.29:80 | pki.goog | tcp |
| US | 8.8.8.8:53 | maps.googleapis.com | udp |
| GB | 142.250.179.234:443 | maps.googleapis.com | tcp |
| GB | 142.250.179.234:443 | maps.googleapis.com | tcp |
| BE | 2.17.107.98:80 | www.bing.com | tcp |
| BE | 2.17.107.98:80 | www.bing.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\103621DE9CD5414CC2538780B4B75751
| MD5 | d78ad41304ed09677775d7536854dab2 |
| SHA1 | fea7db511ad277440411166124c4fad059b88164 |
| SHA256 | 931ff1d3423285f22ffaa83add370430565e15403372d0e4ee2456ffc4fd5346 |
| SHA512 | 78d9098e4af41f70e51472bc450425243c0448d637e8ac39f68479bb1971a9ec8e8e7c4a4a573f5138e7b3772ea045e119803c98efac9f4da8248ae4ddbb0b4a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\103621DE9CD5414CC2538780B4B75751
| MD5 | 822467b728b7a66b081c91795373789a |
| SHA1 | d8f2f02e1eef62485a9feffd59ce837511749865 |
| SHA256 | af2343382b88335eea72251ad84949e244ff54b6995063e24459a7216e9576b9 |
| SHA512 | bacea07d92c32078ca6a0161549b4e18edab745dd44947e5f181d28cc24468e07769d6835816cdfb944fd3d0099bde5e21b48f4966824c5c16c1801712303eb6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\TarBD8.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | a266bb7dcc38a562631361bbf61dd11b |
| SHA1 | 3b1efd3a66ea28b16697394703a72ca340a05bd5 |
| SHA256 | df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e |
| SHA512 | 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | 67730af39abd15bde43c7a367b3f5aa8 |
| SHA1 | bc4715bb0fb465939bb71242910d06d7551da03e |
| SHA256 | 64de1aa31e3e70e8cce8a2ad696a1fc7887dae274429a82dfe3bfeb020129fcb |
| SHA512 | 50daf6c33081270f15db38747cc7389143758186bf037d9c4766e2a926721e0c582bcba7878ca27d0b5d10940d602079d90e7f3ff85f8d302d67c074a693a437 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 114b226ebb5ef57d8c8b8a7390478bd6 |
| SHA1 | b2f10f6ad15acafe5db7276f03769b0706ee029f |
| SHA256 | 6a531a158128c342da2736029571a0912290f7d57675a7a8ddda1a557ae71781 |
| SHA512 | 03b5897079e12e31cefe777e6d66e6adc5ac73008abd4c619609341bf36873684d9d5fde8d13864e77a535d124063a788cce1b2ae2b62e1dec3996649068fff5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\070E0202839D9D67350CD2613E78E416
| MD5 | 3bc219ba65677823cee7efa2cc94dbd3 |
| SHA1 | c7394b2a23899d8b748ba05450fb8babd358cf79 |
| SHA256 | 72098468e5edb6d280a16cb8cbab5df77b7a450ad0c744bbf83b8d16d697e053 |
| SHA512 | 262995a7577863da24551a4dccf40e7fc281dbad685fc4b225e2e3b2612c39f908efd56b816929055ff9875bc1154f4e7ca894e44362652573fce1b6a8f72666 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\070E0202839D9D67350CD2613E78E416
| MD5 | 55540a230bdab55187a841cfe1aa1545 |
| SHA1 | 363e4734f757bdeb89868efe94907774a327695e |
| SHA256 | d73494e3446b02167573b3cde3ae1c8584ac26e15e45ac3ec0326708425d90fb |
| SHA512 | c899cb1d31d3214fd9dc8626a55e40580d3b2224bf34310c2abd85d0f63e2dedaeae57832f048c2f500cb2cbf83683fcb14139af3f0b5251606076cdb4689c54 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4c140351696723b1e3b9c3ae6c10f8a7 |
| SHA1 | a7ceb195fd5f742a0d7ef29b1982bde38e2c117c |
| SHA256 | ca0e88c70368b3111f2db3ad2c3294729530d911c680ef923a83861103760007 |
| SHA512 | 52f8b49c41662480a83dc9b4c25c0abc7da2fa28df1fe60f2a9b05f2dd7af5cf01cc64b9773948e09f9aa1f90c4f73d8d85659f8d9af7db4516ad3625c4fe7ac |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1997c59ed14c49c9d1e0ef743c9af6f2 |
| SHA1 | 4b28c73fb816805acee5c36a3aa36a934758fd9b |
| SHA256 | 887f2c647e3b36f695a2055beb277187ba50631aa6e0cb80b3ee61b177c03188 |
| SHA512 | 8dccc757dfc7fe42f7ffb3118eaf56ac52328b2a5edf102a6bd6ffc32bc7116ef1fc709763fc117398a84adfd14d895eda1d885406be23c1b1015a7c562c0681 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8165417d4d09073af094a0c47a576d02 |
| SHA1 | f406f68fc40c3321379c0b2078f9629c7df8d77a |
| SHA256 | 1ea71a2a0c2de96131a0809c2071ef97efcc9ca0ed8f3dc9aa9891a8b4a1cb36 |
| SHA512 | 29c623c102b057fa83cf75c01f591b98bbab6c778645563c1cb008791b142c99c666bbb97e6b507e59422cf6892638d1a0016f57f0e63dc832f6d89b01a4e7d7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4449653e649c14661f8e26eecaa3a85b |
| SHA1 | 58fe99d46496f03c59fc3aa09a9504b40b852243 |
| SHA256 | 8d40976de8c2f929d1ec7864f5fa4ceca41aeae0de8174fd8b95a87e41896c13 |
| SHA512 | f182a294dccf8f35bdbca2afc63e56bcbb9de27aec54559fbe32b64a53377ec4b2ee843466d272454617ce707a34698b995fe18e07e06739862bb1830d7105eb |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4c559cc4e32472e1e082930b22ca3150 |
| SHA1 | 84daa1b4e720ba2042ecf68952499df7dc5185a3 |
| SHA256 | 490b8b5c58b7126760e88650c305e123d2bdb0c4fa184d33f0af5aec804827ef |
| SHA512 | cf74d501190368987b3e510f6ba2b629e0ed3991c3370abeb33c1b1175fd3d293145152d21c590d1396df118b920f04aeaf59db4ba78cb2b4151e032c1e621e7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 29e64c8e9706f12b38dfd91f6c055edf |
| SHA1 | c3112034bb948803783ddaa39f2cfafd0a333871 |
| SHA256 | 88149ada572f6e634c71ff6fab071f75c1982142f0d50c3c46667dcc0e7626fa |
| SHA512 | 7d45390153bbadb82aceaa74f3a48e5aff23d5cc9437f9104ea076e9b0c89a3c3fe56e17f94b836bf508ccc9f331e9b6043a3dcdebaba3478ecf19a16ceac528 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 98096295d277538137020e0a6c231f42 |
| SHA1 | 551c1d93d3fceffba61cd308bbe5617da48d868a |
| SHA256 | 76012d3ff147454d4ffb636be82cbeb8120a1736d6e8f94a80c99788d65488dc |
| SHA512 | 31ce35d99999e733a2e685ed465b32035c8b54b41664bc9b3a2388e3e347fe00aeaf23e3b385b90c3e78f293bd44105ab46a4c39e0b75c947012eec17ec33dea |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | e4a68ac854ac5242460afd72481b2a44 |
| SHA1 | df3c24f9bfd666761b268073fe06d1cc8d4f82a4 |
| SHA256 | cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f |
| SHA512 | 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 665f6c19675556e388cdee3eaac251c9 |
| SHA1 | ec4c56db94eb2154af06455b0f1e475f34751d27 |
| SHA256 | 102c45e5b6d276ee5a4eac8a3729231e3cb8e75d88ae8ae4f4892d2225154c5f |
| SHA512 | 735163e3ca62786e6675cd3b80629b2385e82dd60f730f989391401c3ea1e32fa51eba19d9e7d18b92ec6321a7160bc3bf1819475eeec7f2d84fd3f6c327fe27 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3c8a251e57ddc757ffc32dd57a914e10 |
| SHA1 | 961a3af8720ba32cefe9ce7accefc7e38e9132ae |
| SHA256 | ed273f59bf370cac8ff45294b39083c9ced1e4d51bd67156da93f6ad55926f8b |
| SHA512 | c7ebef18208aa050dda74d3e4e92b14fc6ce91406459424a87d457ee51f3d31fb6175cb1dd7f5de6b96149d8f4499f1ab58192b249f0962c6095e77b9a8b7c2b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | a065db8cbb9701e3d776a3a867357072 |
| SHA1 | c5ce88071f6e75f1cdac41449ab2865f90b6fe4b |
| SHA256 | a3b31b7152215fa3ea74804c67bfdd891ad539ae67c7a992f4b5a11041bd6de0 |
| SHA512 | 0af81bf0e99469ee36ca3f239e90f04a66fbcc68fac2fbd24a982d93394a43daa62ab845c44169580bb485453d265c11eb3f4be011e910999f383e63081f327f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 98cb7ef78b2c6b0240ab29728f17135f |
| SHA1 | 4022dbf43e49bf6410451bada91dad0fb2d63ddd |
| SHA256 | 1147c9656bf2e608354384f7913d13e9d860abc8475dc1a1ec89fdf9170d79ff |
| SHA512 | 97ed6831de1eb62f0fbe93eb003e42460b5b67ee5973205f99b875da22c164b99b39872db9a717a01bc8ac358a908e944940ca75bbb7d84e2084bfa8b8855df0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d91aa3dc3a7af46bf7a63a83d3ddab54 |
| SHA1 | 0462ff938e03111b797ed1abaeba8b6716a7d700 |
| SHA256 | 172b452e4ce8e75cf3bcb6d283ba0771fc6b29285834875837fc75af6b2605fa |
| SHA512 | c22838078a88651134abeb0676e4e8b987302d08a0c301302ddd570bb9a9bb1d3bc199411a29a194bc8026ce553502094bca91558f27ebd1ccaea2e65b2b0982 |
C:\Users\Admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico
| MD5 | da597791be3b6e732f0bc8b20e38ee62 |
| SHA1 | 1125c45d285c360542027d7554a5c442288974de |
| SHA256 | 5b2c34b3c4e8dd898b664dba6c3786e2ff9869eff55d673aa48361f11325ed07 |
| SHA512 | d8dc8358727590a1ed74dc70356aedc0499552c2dc0cd4f7a01853dd85ceb3aead5fbdc7c75d7da36db6af2448ce5abdff64cebdca3533ecad953c061a9b338e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | be8252da5fbadd879ff7af25bf256897 |
| SHA1 | 407abcd9651de31aac5dac3bf0d177fd17f38aec |
| SHA256 | 61d6f608aa9c4903a1b54cc895b1cffd53b7d55448116eeebcc7dd7acafb03b4 |
| SHA512 | 8ef9501557dd6f4c332b9795a4321a69e92925e07ec8856db2cf99877d2009d9d20788f4edf34d6fba4d2ed64143638714bc37e35d5db45b3059f316471f46d5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 142f9d536e65b14eb900cfabbc12c58f |
| SHA1 | 26cbb5b4f0c7b31a817ffcd6791eea4a30c28b80 |
| SHA256 | c85905a328efac7acb8dfde8cc0acfe7847d0fb8b8a541ceeb2aca0cef109756 |
| SHA512 | 4bc899f75d398c88c64e77722458b30cdfbbcbf2583a06e31a408485b8c0d663413eba709aad8f75b1eb8a7f36a3356fe9e0675a807428d3da8fce2e4bab4a32 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 97b2e845cbb1c214e17940d0873459b2 |
| SHA1 | d48f6323f52be5398db2d4c69563956bb5de2836 |
| SHA256 | 3ae6323107ff4a9fe2684c6cd8ede02c54a72551ddd097e5f816e29ea36559e1 |
| SHA512 | e7238f2c3bdd9f2bed70777fe3c736940b82a8ee3a3a800a72bce1bdd9709b0d5bdd7c329761c5b376fd720af461e572cad8175fb7f90f5e58272977a7d8cd85 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2be8e4135667222fd1bcc556078a6212 |
| SHA1 | f7cc558c384cb901a28e94ba9c33332a65b9b322 |
| SHA256 | a672fecc30ea33e4b763052385cfa42f5239755f4862f8ec35f2e3f3f21d07a2 |
| SHA512 | 9ab7560fb411c5cb03311e7224d6362993da47ef23c6c7630407884ff0f7406ff5b52ee9c6225cada4b06d99d9481bdda58858f2ed333e1ac7ef811fa8916de9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | adfb093c7bb18fe196300fa3008dd17d |
| SHA1 | 3fecd71a9adedf80be44f99395e9de5b29e46018 |
| SHA256 | c7aee712322c98f4a5255372bc2634c97498632e7ddb1647e1c8212d73f184c2 |
| SHA512 | f2e39ca51837f8152bc9c150cbccf604366b5ff18f5518d7bdd650b50932b263013e64e441eff7e17d8ffb0cbd5bc5b0ecf0940fa1cd4ade4a1b3aaa0f498c73 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 494c87a884749f797ef8b2bda2fb12bc |
| SHA1 | 7a59a72c7c61c86cb6e085374b7a09628b4f6294 |
| SHA256 | 4d144196c574f20a60d81fb52c73e598508892487d9ebeccb356d0e3e417fe6b |
| SHA512 | 87adf3bc17770d1ffcd68382e1f295e627274dd929b8903f2299b4b38b8d7f9ef4b20e308a02d00f039e33ab6672af2bdebd613db81a4dacae071e947eb797c1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 744fc16adfefa952f00c4cb194ac824d |
| SHA1 | 00406ef105ab8e74ff7956ca6e3ca5660cf43143 |
| SHA256 | e57854ec39efaab19c734a5f4979ec99a169966d29420f53eb815dcab31dd8fd |
| SHA512 | 7ff08fc4ba7d91a2b8ec00f82467659f848e112907a160a0e2c268141fe0b4f16ab7346090973d5a07e03a320d2f16a1e909bba52d22a1217a4d269bb5fe41f9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 568a34e9f1d50f3f74b0403d59abc3c7 |
| SHA1 | eba276091b2a2ce45148aca21cae214d8814e268 |
| SHA256 | 56bf247c6d4556caa5369bf7edeb68d497aede5536f6b97ffec14917e266c770 |
| SHA512 | dc2dc69dd7bdbfe3a9916f6277710548152f3e2b0d61b8b0ac572b8bf78629c39580659e195afbce64e9c3b0fd0370faa310fc0ac16f6468f309052e76b7e854 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 612278bd91ab383500259a4b7a374516 |
| SHA1 | dfff7ad1038abe7691229cc45d1c39e66b2e245d |
| SHA256 | a43a2a8d00e9529441caccfe12445b32ed9fb5ee708f6830da541d3c9a6ca645 |
| SHA512 | f49a326724b6c8a94a8af427d74731ffb05d5011b75428bda29195a578fb0b3faeff85d4e6fa5b5cdb39ce5949c66bd1c8d2ab3393b4f439115c7c645fb357fe |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4321f97c42dd7d843927e49a8086c86a |
| SHA1 | a76182452532f47512e868eae15b1d1091debf9e |
| SHA256 | 591603d2e0a26c6bd98e07208e6b0a10e4960954faecc9ab1a520251f3008a61 |
| SHA512 | 2a4dc66c9b6568c68a6b47faf3c067a6642de47768d69a8f997e1c922e375d82e48161197c05b680b1aec40d1f9f33c72be6cff80011528e1ce1867b0a0eed8d |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-13 07:44
Reported
2024-06-13 07:47
Platform
win10v2004-20240611-en
Max time kernel
150s
Max time network
151s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a47b9e2fa2fd26952e5214266375312c_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffcdd4c46f8,0x7ffcdd4c4708,0x7ffcdd4c4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2136,5793345692765792581,15961572050668614642,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2144 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2136,5793345692765792581,15961572050668614642,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2216 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2136,5793345692765792581,15961572050668614642,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2824 /prefetch:8
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,5793345692765792581,15961572050668614642,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3320 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,5793345692765792581,15961572050668614642,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3340 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,5793345692765792581,15961572050668614642,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5048 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,5793345692765792581,15961572050668614642,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4808 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2136,5793345692765792581,15961572050668614642,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5520 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2136,5793345692765792581,15961572050668614642,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5520 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,5793345692765792581,15961572050668614642,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5548 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,5793345692765792581,15961572050668614642,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5580 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,5793345692765792581,15961572050668614642,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5904 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,5793345692765792581,15961572050668614642,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5924 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2136,5793345692765792581,15961572050668614642,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2220 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | s.w.org | udp |
| US | 8.8.8.8:53 | jmslightingconcepts.com | udp |
| GB | 142.250.187.202:80 | fonts.googleapis.com | tcp |
| US | 185.230.63.107:80 | jmslightingconcepts.com | tcp |
| US | 185.230.63.107:80 | jmslightingconcepts.com | tcp |
| US | 185.230.63.107:80 | jmslightingconcepts.com | tcp |
| US | 185.230.63.107:80 | jmslightingconcepts.com | tcp |
| US | 185.230.63.107:80 | jmslightingconcepts.com | tcp |
| US | 185.230.63.107:80 | jmslightingconcepts.com | tcp |
| US | 8.8.8.8:53 | www.jmslightingconcepts.com | udp |
| GB | 216.58.201.99:80 | fonts.gstatic.com | tcp |
| US | 34.149.87.45:443 | www.jmslightingconcepts.com | tcp |
| US | 34.149.87.45:443 | www.jmslightingconcepts.com | tcp |
| US | 34.149.87.45:443 | www.jmslightingconcepts.com | tcp |
| US | 34.149.87.45:443 | www.jmslightingconcepts.com | tcp |
| US | 34.149.87.45:443 | www.jmslightingconcepts.com | tcp |
| US | 34.149.87.45:443 | www.jmslightingconcepts.com | tcp |
| US | 8.8.8.8:53 | 202.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 107.63.230.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 34.149.87.45:443 | www.jmslightingconcepts.com | udp |
| US | 8.8.8.8:53 | www.flickr.com | udp |
| US | 3.164.158.102:80 | www.flickr.com | tcp |
| US | 3.164.158.102:443 | www.flickr.com | tcp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 204.79.197.237:443 | g.bing.com | tcp |
| BE | 88.221.83.203:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 45.87.149.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 99.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 102.158.164.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 38.201.222.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | maps.google.com | udp |
| GB | 216.58.213.14:80 | maps.google.com | tcp |
| GB | 216.58.213.14:80 | www.google-analytics.com | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | 203.83.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.213.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 196.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | maps.gstatic.com | udp |
| US | 8.8.8.8:53 | maps.googleapis.com | udp |
| GB | 142.250.179.234:443 | maps.googleapis.com | tcp |
| GB | 172.217.16.227:443 | maps.gstatic.com | tcp |
| GB | 142.250.179.234:443 | maps.googleapis.com | udp |
| GB | 142.250.179.234:443 | maps.googleapis.com | udp |
| GB | 172.217.16.227:443 | maps.gstatic.com | udp |
| US | 8.8.8.8:53 | 234.179.250.142.in-addr.arpa | udp |
| GB | 142.250.187.196:443 | www.google.com | udp |
| US | 8.8.8.8:53 | khms1.googleapis.com | udp |
| US | 8.8.8.8:53 | khms0.googleapis.com | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 103.169.127.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 144.107.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 29.243.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.117.168.52.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 3a09f853479af373691d131247040276 |
| SHA1 | 1b6f098e04da87e9cf2d3284943ec2144f36ac04 |
| SHA256 | a358de2c0eba30c70a56022c44a3775aa99ffa819cd7f42f7c45ac358b5e739f |
| SHA512 | 341cf0f363621ee02525cd398ae0d462319c6a80e05fd25d9aca44234c42a3071b51991d4cf102ac9d89561a1567cbe76dfeaad786a304bec33821ca77080016 |
\??\pipe\LOCAL\crashpad_992_LQQMDIEDWIYTHIIN
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | db9081c34e133c32d02f593df88f047a |
| SHA1 | a0da007c14fd0591091924edc44bee90456700c6 |
| SHA256 | c9cd202ebb55fe8dd3e5563948bab458e947d7ba33bc0f38c6b37ce5d0bd7c3e |
| SHA512 | 12f9809958b024571891fae646208a76f3823ae333716a5cec303e15c38281db042b7acf95bc6523b6328ac9c8644794d39a0e03d9db196f156a6ee1fb4f2744 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | a3d4d54d7fe1b4680ce09e6fe2691517 |
| SHA1 | f5463ea37753bfab741cebe033d3ae3159c8e431 |
| SHA256 | 0f393f14ff2860240bc22e96996ea67880bcaa089ffffb7cec448c98a6e68a9d |
| SHA512 | 27f84a1c8a41cbaa27cb0f4b1db56ab66ea953949587baf7a769e126868730e84830881fdf223a39568b833900ce88d778d944f0a1389ed1e05350fabeb4ae7c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 9a39ac5991936cd1186ecb3b7f891f1a |
| SHA1 | e79488edb787ca372db718fa3535cd986a365ac2 |
| SHA256 | feeca3e731b88623767f8127ffbfdc81815786f108cb6cf5443c2732eb405418 |
| SHA512 | 2ed2ebee5dcae95a67a92e44e3db98917c7e81b88f4a32f1250c656636542a4aa2842197540c27a256cb7c284003e48f7f6288a22977eb2eb05e9d9fdde74a50 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 62415347658ec05e68ce6636daf48c60 |
| SHA1 | 7d3f9e4959002bfc1c2d92f28d8c545943586a3d |
| SHA256 | f772c13ad5e76903c8bae07d69e08cd60ab561dee7c368fe65be434e68d395fa |
| SHA512 | 772c0ef8a535beef27236690a78e4a14142dec778bd062f238af1adc707772a07503366976ef8aa455e47cb9fdaa93ac550ecc5de19010b76458def69b5b49f4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 7945bc99869576f7e0321608b5b4bd3e |
| SHA1 | 5c0ca1bef48d2d6da2f94f265a27b0a7f9830e40 |
| SHA256 | 1f84385d4fd442a819e752b79fc40c792fd7d4779b5cbb4afd0704d089717d73 |
| SHA512 | fe800854115109e8cffa04bb9cd2383d4f475f175f9d4aa9ffdbdbc7fe6c9d44c216c411c8e4b0f42195e783acf5a954136573f0c8fdd5ee1803d9470661473e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 161c5d122c2dd5fcde5f67d0d1c6b1c0 |
| SHA1 | c91fda90d682180e57a17f7c88233271279b7ea5 |
| SHA256 | ad8a78d435975dcf707fad0375b65ebcfa73ee2c1d9e4f8e80a02b917dc35d78 |
| SHA512 | 717048e9b981e80edb704165b68077c71dc902a0bd434ff915c64aa3fdf857d28d37744b9f964e51d156a5f25295c2b97ace00027c71b454495da9fb1b9491ea |