Analysis Overview
SHA256
19483194da80f670331bbd830a8a01f8e1d1a8cdaf2729b90a00dd2704365e20
Threat Level: No (potentially) malicious behavior was detected
The file a47cff1200726c8cfec12690f738c09e_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Enumerates system info in registry
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of SendNotifyMessage
Modifies Internet Explorer settings
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-13 07:45
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-13 07:45
Reported
2024-06-13 07:48
Platform
win7-20240611-en
Max time kernel
145s
Max time network
149s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{F8CF3A31-2958-11EF-BD87-DEB4B2C1951C} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424426627" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 30996bd065bdda01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005ec80cf279b2564c91633e21940a8076000000000200000000001066000000010000200000009924ae1881370542047fdc59685a228b5d2db20670a7843142961c58eee01159000000000e8000000002000020000000dc640c2011b6bb553c22ac73c66e58100067062297d3eddd2b0729d5362907c9900000005c20251b1cb93837109f20ea5fdc9ee464e1e19038c5803c81cb92ab5e554a5c239593386113c580017a66b980d699232e43d76c119758598ab17aaf39c54a8c028119b54039867d3c8181e6946a0e0e13699d54475888ae352dd2a883a7d8903db06116ae430af0a05f08390e1a25ebc0815a372861fddcd8185d2ab8b5279bbc4f8cf47c75478434c03f45d80e406840000000ebe43bc892421424ebdba05a7db4bfd3bc77b9eaf1c7ce43b3f1f83e6d366af364288da63a6473839c2e4650c33df7afe91f4afd89cff08758194566b5e81b24 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005ec80cf279b2564c91633e21940a80760000000002000000000010660000000100002000000014a113ecbf3ddeb7f9b02123db567125e69fd8c8e673ec0a7b015f2a01f62d90000000000e8000000002000020000000f8a912cbd3f3967841ec0f49ad78e424604926036940efaeac6cfc039c8cdd60200000007c4b814c11964c4a13cbd90d8333a39bb712d4221a048bd3a8fb753570f40dc040000000bd1f6f9800a719e12835678307dbeeb33941f4cfb161e6ca63f17e4cfde3ce574ef3fd976abdfbe394e8a681a88a8bc29e13a39df55195ac7773af3a8b539529 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2232 wrote to memory of 1036 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2232 wrote to memory of 1036 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2232 wrote to memory of 1036 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2232 wrote to memory of 1036 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a47cff1200726c8cfec12690f738c09e_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2232 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | img.forum.ge | udp |
| GE | 188.93.89.67:443 | img.forum.ge | tcp |
| GE | 188.93.89.67:443 | img.forum.ge | tcp |
| US | 8.8.8.8:53 | sab.fast.ge | udp |
| GE | 188.93.95.26:443 | sab.fast.ge | tcp |
| GE | 188.93.95.26:443 | sab.fast.ge | tcp |
| GE | 188.93.95.26:443 | sab.fast.ge | tcp |
| GE | 188.93.95.26:443 | sab.fast.ge | tcp |
| GE | 188.93.95.26:443 | sab.fast.ge | tcp |
| GE | 188.93.95.26:443 | sab.fast.ge | tcp |
| US | 8.8.8.8:53 | forum.ge | udp |
| GE | 188.93.95.26:80 | forum.ge | tcp |
| GE | 188.93.95.26:80 | forum.ge | tcp |
| US | 8.8.8.8:53 | code.createjs.com | udp |
| SE | 184.31.15.48:443 | code.createjs.com | tcp |
| SE | 184.31.15.48:443 | code.createjs.com | tcp |
| US | 8.8.8.8:53 | code.jquery.com | udp |
| US | 151.101.66.137:443 | code.jquery.com | tcp |
| US | 151.101.66.137:443 | code.jquery.com | tcp |
| SE | 184.31.15.48:443 | code.createjs.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\527CA891EFE3E42047C294AC9E960CA8
| MD5 | 2b4c636d3fa3129dc7d77e96b31fc1a6 |
| SHA1 | cb4777de519076c8c949a3e3c193a479ecfd7f1e |
| SHA256 | 9a59dd7dc9b4138d27d95b24d61e35e44de6863c6c3c2254a22c5ad202ef75b8 |
| SHA512 | 479bfa446d5389e075e55d66cfeb4acb67c4ec77ac2636085da7da386b753d5ae21a447384486ef7750a350e582a9665e5aad1b51cb9033c55d13f0974012558 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\527CA891EFE3E42047C294AC9E960CA8
| MD5 | 4392809fdd06fa6863e0c0007c81e524 |
| SHA1 | 260078fc5abaa4c72107bc86214e5270e347318d |
| SHA256 | 1b0ed0ad10191ca399df03db63ef4448445bd93d496d0b8b665aa186ed7b5cd2 |
| SHA512 | 9fd784c96f38f8ad4077bbdd6ab3aaa1efa4ba781cf7236d63d5ff0d599dc53bdf740b112fe9024f84dd9d737881db8ba3db806e9b37318a1221d1d2df49fdc8 |
C:\Users\Admin\AppData\Local\Temp\Cab7AFC.tmp
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\Tar7B0E.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a756b448624ca47a15bc59741a91dbc9 |
| SHA1 | c1970fbabd642a6d8369559057ab071f03f7c36e |
| SHA256 | c123c4c222c78dc43f6d2af760a1a8fd70783aa15b64db10cf103bdff6f61d9b |
| SHA512 | 8b2e7c875c003135bc5272c461de2b7ab26cdb6e2d84e6372ecd05f43b77f961ecdd086949d336582da3f52e8ae73e0f1d435d6ca063c6f4be2c23da1f81f0e8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0eddef4959c47781be7c94849d1c409e |
| SHA1 | 88df64cc2a0d9700149923676f1ea8d09fc6fc4f |
| SHA256 | afcde73feef7c135670f1dced8189f0515e51c37b4d3bee12d5b277a7081b7fd |
| SHA512 | 4a67bc1ce7a64c9146014e0c2ac50f171203fa51ed74f52df1dc47e0a999ee8af5e9effc7198c07cc2956772786825893707cdbe91d80f2a5329210bf5cf3eca |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 85c9705e45f12f95f3848c42e79ee74b |
| SHA1 | 9008323a29d5c0afe1aa44cf7d4ef93787525c0e |
| SHA256 | 2a12608912d71a1514b46ecb5ac75079b97eef0c4ccaae8846e3b90240170849 |
| SHA512 | 0a04e6c3cd97c2d6f6ae174c353418302e6271e20db4b77ed77c51f11cf48a4ff1e8a386a7f54eece3927b454643f88a1e0719aaf218bccd66641c6162565904 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | feb3da0f12c73f1a719ba163156d8633 |
| SHA1 | 30ee2bc168aac5d65438cd9813376d1f20160a7a |
| SHA256 | 2da6dce3a60919f04d57dafbae5624d244b1a3782a1af6271d51610f5b96cf37 |
| SHA512 | 6d304e9c3a4a13ed00a3d4481e7ae3b1489e18a9bc51e94948833ba25a1bc4861770fb764365015c60c5a57db65ea99f0833ba1cf2e4e45df4df0df47b39213f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 43d63abb1d6b8512eae125e2be9e19f2 |
| SHA1 | d04c1028f1190754e423964c350f646c06d2c102 |
| SHA256 | c0235b97e91966b3ea3f0eb9806bd0cd98188fe6014418e3e7dc354aa6a9870c |
| SHA512 | 936fa47805a51a35da54520ab344334c8929cd3968fdd19bf12420b9775567540fcbb5e1b3ccd3c5642eb710167f2673eed82d654b18dd1173fcdebb54a67a70 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 25a7514252a5805961553047f898a572 |
| SHA1 | 6a9cff86d36dd6d527221bdb4ab3c44d6c5517f4 |
| SHA256 | f09c2166ae67c67e3b8d92d7e9efdc6bd41e435c99b2771cda81828e26e79791 |
| SHA512 | ab2aa7b9529713cfa18877dfbe90b0d1d7b878b358f5d59ae20339090bf6c773a25d8f08fe78ca62bac7b1a267cd27e8d7c99705b4b99de1ffec0fc98af2b87c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9fbc1b3f2a4ce4ed99a902494ed97091 |
| SHA1 | a4b12452d95979ecf444ef0acd8c89033ad01720 |
| SHA256 | 62fdc3c782a9f4fe423223241db26c5f2658c35cad1684497489bac8b6382791 |
| SHA512 | 60a9b4ee4464cb802716492755018f8cbbc3c40be371e64f07bdf08b9ca44adad9937a5648a1146b2238e117456e9c19b9f0e26db58f37f22be45a2b93b46751 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4ac23fd6d15a132746c17a7f18240c1d |
| SHA1 | 268b8e89d937ba5d1a983651947fd1748aaf0dc4 |
| SHA256 | 834e13b99ab947d59f563c42b4f585f5ac8b31b46fc24d6b80c46683b543588e |
| SHA512 | 4c434ff0bd7f1c598acb28a45bf0ca035e9db3a2a53dc5d992f2f329f8ff6f59dbb0f209926b0df7170f36725b380b272f7e0076163dda5808e969c7762deed3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b8a9fe0b46f4cca2c1ab7064fa2adb2e |
| SHA1 | f9a467f5fc6cf08a56c2ea0279dfdb776a854626 |
| SHA256 | c5cd934a822699fc2df2a45638dc5824f704bd1dd85773bf5287c65ea6615b5c |
| SHA512 | 53d5c384bfb8b37d3932c5e52cf4b1d31177e3272a75e8e773dca5248e454ac88ccce2a0305e141ff008ae6a83bf262de6fa202c051a3b589f06404cef27a5d0 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Z5LT06Y3\lg[1].gif
| MD5 | b4491705564909da7f9eaf749dbbfbb1 |
| SHA1 | 279315d507855c6a4351e1e2c2f39dd9cd2fccd8 |
| SHA256 | 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49 |
| SHA512 | b8d82d64ec656c63570b82215564929adad167e61643fd72283b94f3e448ef8ab0ad42202f3537a0da89960bbdc69498608fc6ec89502c6c338b6226c8bf5e14 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 85176d3323de00df7a783539b4062d02 |
| SHA1 | 2b3f994daf4f3fd24374a1aee8158dc095f6d51c |
| SHA256 | 862802d5bbf3df5014f6fe6cb8bd2617f9a90557880c52058c7edafff59d22ea |
| SHA512 | 53121d80811e4ef13975a747c1c63e0ac9b0f19a3d54b550db7408c18ceda7a31f7d0d66e48309a994e26009d7ff039a5e431a9bd4cd8df240984e50ce451a2e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c6a3f19ba2a9a399e502549439633df4 |
| SHA1 | 68710136d0ea92f18bc9d96957d6c913aeb15318 |
| SHA256 | 418d8151f531d61f17be602661bf8058faa111062b57e7acece710ce9228d628 |
| SHA512 | f07383d7a4278b413badee3b2584f4adf7dd078d88e91fbc31567ba3c0eb90aeb514b51bc8fe0d9e33743116d5088a0adb8dedc2c5a2838ec6ef60ff932376ac |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6f05948bf0467a6a0e059ad2b8202608 |
| SHA1 | abb47210ae44ea2b4beea0454ae81047e3ef9f96 |
| SHA256 | 5d0dc9f33ff01dcd5ce5722cb84485554e058fe8275a9a8c5b8aef4c4f2e93f5 |
| SHA512 | a9393a010b5276959f457edd1b91b922c321c1fc8ac0011d01e33cdf45ef3cae19b2c7910eb0a5e43a03267d0e9ab468f0201cd4413f88e92aecf33b9e7ab6a7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8301622a80cae9d53c46c0d2cb59ce1f |
| SHA1 | 836c5841f59dabbd3baead39542fce6af182dbb6 |
| SHA256 | 7c39f4768753aab325fe4183266fb37786070d4fdd6ad626a4bda8b65e6ddc70 |
| SHA512 | 225c9d1cc79c4c42cf16a66857dc8ca3b6f3f5fd644bd045f76334e3ea1fbb2caca201d8808aa99a17e8c43d20aa7dcba597401081bf0f90efffa556a644fe9e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a0879f07905b61671dddba8fbb9e804c |
| SHA1 | a229eb1b829522da5b6864b2287198824bf2dff0 |
| SHA256 | c52751f3b3e158d2285e54e44ff6de0069bf2cfd0ee4074c56471d7c3bb07484 |
| SHA512 | 4f75649b9c13b4132f80ccc2cb64e01f548d6d96e24bafbeff98c7651ed71e1582ea430bdae5130f433c697dc5ccab6d44ae89e1b437a844b66e6da45de90226 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3d8aa54992c4727aa441b48d889583e0 |
| SHA1 | fee0f619edf1a97db1fe30f09e0ba7497a6f519e |
| SHA256 | 6b00fdb00eb8a4fccf155e331f8758dd1b6418189b89c2479499b0fc660a19f9 |
| SHA512 | 02dd6002f45cbb420dc2db903b63c5a927729b95dccd0de0846e3ae78b0d6f1c0b81ff5280ec47d5fd306421e32069114039a0430527ce1dca2e5aec5ecbd359 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c112cafc625a49f9bbd51be5d692d06a |
| SHA1 | da4ee28dcfb05a5eeed672eb49db070af95027b7 |
| SHA256 | 05f6c7ef165c23cecd5d4f3fc5f55b99a359707fd81c99c792e66a3f3d25ccf6 |
| SHA512 | 07d2463335313dd4a03f1c5b90d5ca2633d2993fee746ca8735038a0ca5b9783f636927c7474bbf48376eb729b10c483253f3829219442b4b3c91b777c5ac276 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c1d62700ca08863025d1d2f6111eaf6d |
| SHA1 | 5e4606f25ebc4176aafbc597bf2f13f8b06b65a5 |
| SHA256 | 2acd48a71b06b5620b9275c52dacf332b8678032458aae4b4cd05c68b32c5786 |
| SHA512 | f68c43747b5c6551730a8f2264ecb3221deebf151e61ae708244992d989773bcc6d31bd608274af83bf635c63e7b17384f693f1858ce5f55ac388bfa82c406ea |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8b6da6b78836c98dadce04e54ed37126 |
| SHA1 | c638aef9164d242c775812f6ccf5fc60c6eaf54f |
| SHA256 | fcd4f82cc05a503113d580d366fa00e2b004a7450e3a97a2f03b0c5196c14924 |
| SHA512 | 3836f3fc943e8e678f6eb15e4d7a5f331dae4dc576e34c13ef6a9e807425dfbf42b2d99d939d3eac403dd8051289192fce968155090d31e92299020cdb408551 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9218b4edb78f9e0b3071ba9cc0b6f6de |
| SHA1 | df69cb77ae2cbe9ec7dc838b3be7fbd033955c34 |
| SHA256 | 5c82076232449db64dd549864900e14fe9da3ef430eb8ce756f4512e6b60edfd |
| SHA512 | 3ec699d36fea12c011fd9e46b903698dd8fa9aff5d7682ee4177e23dcbfc0e91311162b60ec6da53201a7c817a17b1142cb9794c51c5c15e6ebb18b7aa91c6a6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4885d425a731b0f300bd6d0331dc1a0f |
| SHA1 | c35c18d67a86d3027341a5f18a547013c85066c1 |
| SHA256 | 19c9d2666a95538d4e2a5aead34655f165a1fffa5598d04ca487fe9e194f7fdd |
| SHA512 | 8957e80cfcb222ed4a79036e05547d11aaa9e8bb92d66d91321b99771be2ad90d2ec7e8a5c1d215d0ad50ca9e4f9d1e3ed069fa4f04ab736741322873ad60bae |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 634dc1497c180ec69853e8262b2945fb |
| SHA1 | 769164f13c68288104f290eaed7a8094a6cceaee |
| SHA256 | 2003a055f024c76eec6eed273d8e05d965ff2850cd7d789b88985d61017364fe |
| SHA512 | 65a63c9a8f7c7acf62c9c3e1f7557a2f4d154c9aa486397285085ba047ed96457b19d01373b626156c7d91e832f7fc56254aacef774701bded725f23043736b6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 576cdea32de5425fc0e4b7d749806ba0 |
| SHA1 | 4ce4286a05a3daea707e644a81d395f11bc8a258 |
| SHA256 | f24bfe0aeceaaccbfb983c61bb4f7fbb9cbf9b13f01fe7c3ebbe09c4341b490f |
| SHA512 | bcf21f4316ac5bf46bd743b4db13da61b425c21260aa934bfeb894e7c1102d524b282fcfc31ed83062d3b5191d9c3d89e03fe995b0d3fe55be9c39d5a4c457cb |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8d2003de7d3c0b28e00048aa4579fc7a |
| SHA1 | d92b507e3930272dc9cac24bd7b691f8ee293d27 |
| SHA256 | bebc9bd34078c5b1eaa10be7ba80b01237d0df9f5ba2a02f055ab93df2b911fa |
| SHA512 | 2cfc23e6d26ad74f30cd18bb1dd055e3686ac5245deb50746606b0ffbe6f2bc1380a419a11e804a8fff012bc8511739e01ab6aa2cd10255b64f394e1292a3799 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 01f49f8d117f2262ca7368c2655fb292 |
| SHA1 | 7edc918c3c1102ea6fc82db39a957cb6f67b7df8 |
| SHA256 | 5aa8a052b19433e26bb106a7626e2479911f9c9d2defc8a388d57511c839c783 |
| SHA512 | 8e1fd75d551e3e0a1a34ee1c76a890b07373ab333deb0fb79eae05ce37fbac2544e7c8d8a86e095d74f8d9887e657c68c7ccb36f507eae599fc260490d29485c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 302a19e1c8396132b1cfe3c7424f965d |
| SHA1 | f483f6d6a4e69cdc0211a99123bc4d982e35fe28 |
| SHA256 | 32fd0f111171691ff7f08c6dc6694204f77df1df88cbfe20ac0fd345b2ac3fb7 |
| SHA512 | aa24ff502688149892508e46f672fbdf4b63aac2ac75749914e1614ad7087084d5df351cc92b943b3e3b3ff86c3ca6047cc4743ce8119c10135bca60856237d9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9b7a6bd67e1ac9207e3a3ae25f7cf498 |
| SHA1 | 7c6767b38894d0d5595665cb0442bc61ee73e8e2 |
| SHA256 | 2484583202d9587d914ef8cf0977459654be089eeb03140e258b00b320f722b9 |
| SHA512 | 185a12408f59b60dd9e8c1dc408f1ba57047dd7e0b1b96dae155ee8b4fccdd725dc2c8d33c94adb696aba38b80915ab668869ce8f5377d6866a1a40f35f91094 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 10d58ee1f535d0afafcc626ca0cb8537 |
| SHA1 | 3a7e18978781eeda5beab11b9080b60165cc79f9 |
| SHA256 | 039ee8e2367dee9ce7844e48817efa9ba5ffede6d1bdbb1bf832d624452e6803 |
| SHA512 | 013fdfc700d800d7a3951ac642e47e35f52fbdfa4bb51fae418e7e5b27eaf9da987da12030630a9e6eb34c8a839ab1cdd5859b869cf4733f042a2e8f432bb1c9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b0c7b51383fd6e55630047d9c81fa389 |
| SHA1 | 21a81bfd5ae351db88a36341ee2eaf1c8beca915 |
| SHA256 | 591c59f709127f5f873cfe610d819d0d487f1a0f0ac76adccadcba1db9bcfd4d |
| SHA512 | e147b260861d5a95bb33e1d8f766c51b40c5555ca11240d63461f0dec4e20e95021166e4178c364eeb3671b5681b2b7686c2ad813eb73ed6f325f4127e9aedc2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 639bfdc6df24cf6ee9856a416c5c5b58 |
| SHA1 | c5e4fc98cbedee8b8a0a326cfe1820c773f8ae1c |
| SHA256 | aa5c21658703a21fa2d49eeb9a951034e598e052e861859531b52c97e85527aa |
| SHA512 | c51c0346945a369087020d82a1c42c6c82b896c7b9165478e9d37483edd8ac7a21bf0744fd2dce0fd76cbab48fa5eb8458286f767e780f77fca5e0d137ade459 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 38c8ba71e0cfda1d9b5590448ece88d2 |
| SHA1 | 06cea8647b82b09404646f34069e73b6fd6cc327 |
| SHA256 | 2d6971e5751ba463b76d9511689a0e6ba93aff911a3312e3e206af763c441bc7 |
| SHA512 | 22c846eef3c2f79a5f96e9da2ae35d128f8710b5a816bea8ea90832c666cafbeb51bd99760bed913ec04961df87faf60e3b1f7062113c5bc18ec188187faf597 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 364df6afeb39b561fb7ce8a945f1e670 |
| SHA1 | 4bea1cd4373a40c5c2552c430923fe4ae4507b8f |
| SHA256 | 562ea779fc16eea57eda7879a9684ac88c18d0bbab2105436ec79a39d3b1dcd3 |
| SHA512 | f6d367fa495672e69391cd71d486044688e3b20e43d8d6ccb74afd518d73eff329e8e5a14182ee6d4e27357a9abf10dd6c5def91de7e9fc62fa7fdca99b618ef |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | cd408c9b1deff711bae5d59805271247 |
| SHA1 | b012265fc768a8696a2e3a428209ed4baf16cdab |
| SHA256 | ba243952e5855d261c3d7f5dc6036f2e4131381a7dc53186fe85691e5393044d |
| SHA512 | 1b375f1c48e510533c1c2343f4581da2e51cfb4b6d17252be33d89ae948f60a0539fa4b6bbfe83a24f843a0370cf01cc0315d948f4637cafe4f9eedd7523ce67 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 646ea04b5c999ac861940a5f84092f7c |
| SHA1 | 0585f09e8378da7e047a0388edd76665d005194b |
| SHA256 | 5151a1f0a66459b03d3415514c1e149b74b43483313a8d2d674ba1d389cd1582 |
| SHA512 | eacda81c1180f6176c3e5bf85536e099f993268a26d4024eb0e0b186f0f15a9513a768dcd2dfff33c2fc9a8f7374e9ccfd5f878111a2a09d2505fc59b0d146e8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0b73635d7d6051e5aa0f42a52525c6be |
| SHA1 | 437c2d39d8221106bd76ceea611269331483a89b |
| SHA256 | 5fa16cd7d6673cbca915d45c294abc3dac0768b1806fba9dc47b42599f557904 |
| SHA512 | 422b69bc55e1a9a3bec38c56d734a1b6353dc02d341ff9d6957f7915b13783b3e5551a23a81d9bb98542168de08d0ea85026cae7eb36e3d825d0be4c4929afda |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-13 07:45
Reported
2024-06-13 07:48
Platform
win10v2004-20240611-en
Max time kernel
148s
Max time network
150s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a47cff1200726c8cfec12690f738c09e_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb10c746f8,0x7ffb10c74708,0x7ffb10c74718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2132,8189258754485656622,11780120809578699384,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2252 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2132,8189258754485656622,11780120809578699384,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2324 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2132,8189258754485656622,11780120809578699384,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2792 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,8189258754485656622,11780120809578699384,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3160 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,8189258754485656622,11780120809578699384,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3204 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,8189258754485656622,11780120809578699384,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2776 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2132,8189258754485656622,11780120809578699384,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5484 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2132,8189258754485656622,11780120809578699384,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5484 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,8189258754485656622,11780120809578699384,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5088 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,8189258754485656622,11780120809578699384,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5480 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,8189258754485656622,11780120809578699384,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4092 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,8189258754485656622,11780120809578699384,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5788 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2132,8189258754485656622,11780120809578699384,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5192 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | counter.top.ge | udp |
| US | 8.8.8.8:53 | img.forum.ge | udp |
| GE | 188.93.95.16:445 | counter.top.ge | tcp |
| GE | 188.93.89.67:443 | img.forum.ge | tcp |
| GE | 188.93.89.67:443 | img.forum.ge | tcp |
| US | 8.8.8.8:53 | sab.fast.ge | udp |
| GE | 188.93.95.26:443 | sab.fast.ge | tcp |
| GE | 188.93.95.26:443 | sab.fast.ge | tcp |
| GE | 188.93.95.26:443 | sab.fast.ge | tcp |
| GE | 188.93.95.26:443 | sab.fast.ge | tcp |
| GE | 188.93.95.26:443 | sab.fast.ge | tcp |
| GE | 188.93.95.26:443 | sab.fast.ge | tcp |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.160.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 67.89.93.188.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.95.93.188.in-addr.arpa | udp |
| US | 8.8.8.8:53 | code.createjs.com | udp |
| SE | 184.31.15.75:443 | code.createjs.com | tcp |
| US | 8.8.8.8:53 | forum.ge | udp |
| GE | 188.93.95.26:80 | forum.ge | tcp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 204.79.197.237:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | 75.15.31.184.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.156.103.20.in-addr.arpa | udp |
| BE | 2.17.107.104:443 | www.bing.com | tcp |
| BE | 2.17.107.104:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | code.jquery.com | udp |
| US | 151.101.66.137:443 | code.jquery.com | tcp |
| US | 8.8.8.8:53 | 237.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 104.107.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | counter.top.ge | udp |
| GB | 216.58.213.14:445 | www.google-analytics.com | tcp |
| US | 8.8.8.8:53 | 137.66.101.151.in-addr.arpa | udp |
| GB | 216.58.213.14:139 | www.google-analytics.com | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 103.169.127.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 203.107.17.2.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 56067634f68231081c4bd5bdbfcc202f |
| SHA1 | 5582776da6ffc75bb0973840fc3d15598bc09eb1 |
| SHA256 | 8c08b0cbceb301c8f960aa674c6e7f6dbf40b4a1c2684e6fb0456ec5ff0e56b4 |
| SHA512 | c4657393e0b9ec682570d7e251644a858d33e056ccd0f3eebffd0fde25244b3a699b8d9244bcdac00d6f74b49833629b270e099c2b557f729a9066922583f784 |
\??\pipe\LOCAL\crashpad_4952_IMAOQFGZWVLHSUEN
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 81e892ca5c5683efdf9135fe0f2adb15 |
| SHA1 | 39159b30226d98a465ece1da28dc87088b20ecad |
| SHA256 | 830f394548cff6eed3608476190a7ee7d65fe651adc638c5b27ce58639a91e17 |
| SHA512 | c943f4cfe8615ac159cfac13c10b67e6c0c9093851dd3ac6dda3b82e195d3554e3c37962010a2d0ae5074828d376402624f0dda5499c9997e962e4cfd26444c0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 71a457bdae2a2858af3209bb4e5e29f7 |
| SHA1 | e80d4bbced8ad6f2c5ef36860f73a4ec7e8a8093 |
| SHA256 | e87889551ce495de7acdf59c4182e71dafa07b072179d1e83bd6b3b3859df4f0 |
| SHA512 | 2d4d9c3175586fe4bee8d7afb6389fa4668a6d2a3a62f3bcbb6d1b8b58249f99cc7b9cc76ba4deba79043ffea4e708782251573a39ee98c1efcf23ae17a493ac |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | fa220a3ebf16458ae622b609028f3193 |
| SHA1 | c3398528db4964cbbb7ec9472b35b092e5fdffcf |
| SHA256 | b6e1ac4929af357061364e6673bc5af159b1402a6246fa9849b872e023ac5f34 |
| SHA512 | dd4f7484871060b6ad10c4d183834d2617019f515778cc7452ffd0806321da4ff601328c8f387f9f4853b1827866b979b386561bcc00e3b9bd012d1412b724c4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 78162d80078d53c891bef618e1817e19 |
| SHA1 | 72bfaef95ef96bed226cc153127b8e8a89e0d252 |
| SHA256 | cb7a0be32763ac05bc226b5dc0693c6528f85566351e02025cc5a34c238a0ee6 |
| SHA512 | a3f45b8a401804556f175a43ed602325b2ad1a192e96b864ed31a23f14f6c991b2137380d3809926191dc26ed71b2b591ea02a3d43391566aa70347693f738b6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | ec341fe98a75cb34729bf687e5ffb6c3 |
| SHA1 | 521a4a1b09b90b144196fc1b36e8369894653cd1 |
| SHA256 | a4ed2a0c532296848c6dce4cbbf316ff243fed16e59e6c07036f8e906a58c2a6 |
| SHA512 | c0e467f7df28ef030bd4ac16edb81607598039c684a91ad30b7b751992c8f6f64dd25bfe337e26dc049e6abcf2f537e4cd87cd209a176994e90c61eb0635c128 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 4f89310843e7df1b23e462f5cba2a2cf |
| SHA1 | 951ca55cce9801f3bf5643417e906fece85767db |
| SHA256 | bb09aaafbca50b53f4f9cf6b8cca083b2c0c78a8851c3332df2ef47998cc91ae |
| SHA512 | 1a7c4467cfb52d6cd660cc93a4def20aa312087df425963b3d954c98ad0e3927a96f823f6fc3912a81b551f05e85e6954abc6f53642fcfae30dbc00d8c92cf9f |