Analysis Overview
SHA256
15aa3dc5123dd579ddc87193a8c30818ffd8a66df0c0d039560286bdd265e175
Threat Level: No (potentially) malicious behavior was detected
The file a48ca9d4e6542e9af98b9d7d47c7497c_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of SendNotifyMessage
Modifies Internet Explorer settings
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Enumerates system info in registry
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-13 08:05
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-13 08:05
Reported
2024-06-13 08:07
Platform
win7-20240221-en
Max time kernel
120s
Max time network
127s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\International\CpMRU | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 10ea5c8868bdda01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000003f3608ce0e02145a2853e77c6cb35060000000002000000000010660000000100002000000009c4ecf1eb0fe41e8c03727e1daf8c87683ae7c160908ecca726f114443d32f3000000000e800000000200002000000015ad4d2796cc3d5fb024d8c65f7d746267c5645e7d7efaba66547e1a37dc548d900000004ca058a7b340398070a2ed5c0ab75465c5cd644cd2740ab2b2257dbf25c5fe0c16be8c1ce7f36f2f58e7c37dbb37d1937049995831033a1e9f76f66ec98dad05996485cebf0aed75450a815edd1938684dfc8bbb778b37926f99952dfdcbbe841a66034eb89be725184d11773008193296701d4e37a4dbca2974ddeeb883eae527c4e8f41135861acf145808966a723f4000000042a1d88954edb82491a4064afa14cdc9b82630e74136ef2115915549514a562d0fc97893137b1d5f71c02dc37e0a01de18dc8c17996b97d25847835eef4a59b7 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424427794" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{B129D431-295B-11EF-B238-4AE872E97954} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000003f3608ce0e02145a2853e77c6cb350600000000020000000000106600000001000020000000d409cb9212ed3483c163af4a893f67291452f8eebd1e98212c39109f19a14e69000000000e80000000020000200000003d141c9b995698df5716b8d51b280689fb571dc781601c5b4cefc7fd1d8e764620000000d43bbb16ee2c4e21378ce285101b8ef0274965f94ff83c90a69754227145d51f40000000358137e2ecde6f0631d779f0dc04adf7c42640f4519c90b344eef8bbc1f78ccf13eecde2d8a9c61c9518bc34692a120d408ef232e23f6b98902764eb926a0187 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 1040 wrote to memory of 2944 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1040 wrote to memory of 2944 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1040 wrote to memory of 2944 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1040 wrote to memory of 2944 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a48ca9d4e6542e9af98b9d7d47c7497c_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1040 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | cdnjs.cloudflare.com | udp |
| US | 8.8.8.8:53 | www.yandex.ru | udp |
| US | 8.8.8.8:53 | coin-hive.com | udp |
| US | 8.8.8.8:53 | radarurl.com | udp |
| RU | 5.255.255.70:80 | www.yandex.ru | tcp |
| RU | 5.255.255.70:80 | www.yandex.ru | tcp |
| US | 104.21.61.200:443 | coin-hive.com | tcp |
| US | 104.21.61.200:443 | coin-hive.com | tcp |
| US | 104.17.25.14:443 | cdnjs.cloudflare.com | tcp |
| US | 104.17.25.14:443 | cdnjs.cloudflare.com | tcp |
| RU | 5.255.255.70:443 | www.yandex.ru | tcp |
| US | 8.8.8.8:53 | apps.identrust.com | udp |
| US | 8.8.8.8:53 | apps.identrust.com | udp |
| US | 8.8.8.8:53 | apps.identrust.com | udp |
| US | 8.8.8.8:53 | apps.identrust.com | udp |
| BE | 23.14.90.74:80 | apps.identrust.com | tcp |
| BE | 23.14.90.88:80 | apps.identrust.com | tcp |
| BE | 23.14.90.74:80 | apps.identrust.com | tcp |
| BE | 23.14.90.88:80 | apps.identrust.com | tcp |
| US | 8.8.8.8:53 | x2.c.lencr.org | udp |
| US | 8.8.8.8:53 | x2.c.lencr.org | udp |
| US | 8.8.8.8:53 | x2.c.lencr.org | udp |
| US | 8.8.8.8:53 | x2.c.lencr.org | udp |
| BE | 23.55.97.11:80 | x2.c.lencr.org | tcp |
| BE | 23.55.97.11:80 | x2.c.lencr.org | tcp |
| BE | 23.55.97.11:80 | x2.c.lencr.org | tcp |
| BE | 23.55.97.11:80 | x2.c.lencr.org | tcp |
| US | 8.8.8.8:53 | coinhive.com | udp |
| US | 104.21.57.186:443 | coinhive.com | tcp |
| US | 104.21.57.186:443 | coinhive.com | tcp |
| US | 8.8.8.8:53 | radarurl.com | udp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\Tar23E8.tmp
| MD5 | 9c0c641c06238516f27941aa1166d427 |
| SHA1 | 64cd549fb8cf014fcd9312aa7a5b023847b6c977 |
| SHA256 | 4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f |
| SHA512 | 936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06 |
C:\Users\Admin\AppData\Local\Temp\Cab23E9.tmp
| MD5 | ac05d27423a85adc1622c714f2cb6184 |
| SHA1 | b0fe2b1abddb97837ea0195be70ab2ff14d43198 |
| SHA256 | c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d |
| SHA512 | 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E0F5C59F9FA661F6F4C50B87FEF3A15A
| MD5 | d4ae187b4574036c2d76b6df8a8c1a30 |
| SHA1 | b06f409fa14bab33cbaf4a37811b8740b624d9e5 |
| SHA256 | a2ce3a0fa7d2a833d1801e01ec48e35b70d84f3467cc9f8fab370386e13879c7 |
| SHA512 | 1f44a360e8bb8ada22bc5bfe001f1babb4e72005a46bc2a94c33c4bd149ff256cce6f35d65ca4f7fc2a5b9e15494155449830d2809c8cf218d0b9196ec646b0c |
C:\Users\Admin\AppData\Local\Temp\Tar24DC.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E0F5C59F9FA661F6F4C50B87FEF3A15A
| MD5 | 919b16443685d699c146eefd0eee89aa |
| SHA1 | fb7fb8d20fac3c6bd77609275c120a964180bcbf |
| SHA256 | 255dc8dabc36f4f7a5afd31b63564e02a5e215daeebd3631754c67a1139cac83 |
| SHA512 | eade133820db58fbe41afdf431afbeb903b29c98bd04af705fea1bb81ca6578158d6f247c19e00d3de6418a81dc60cc44f7b0aed024334cd72562e70c111dc35 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2709e70326e3695ebe2042240f5b1b9c |
| SHA1 | 96d41a245168470f852ce76713a38839a438860c |
| SHA256 | f590ecc19ba16367d9491a05efb36f16262df53e52d3eb8c165c193cccd00a4b |
| SHA512 | 5790f46b044d1bce536da3b9749d91bb4d418817991fe4d801a61ac946cd25f6b0301b859da75848a55e62a56e17605681b1ba91f32bad9d06cc3b4ad27e3836 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 303e1925807a218eec62ba99c6987045 |
| SHA1 | 30df39076ad6c5334ef02b82c3f4902501904a14 |
| SHA256 | 2fffc920042665697f012ebc9cea4c0908caf63cf34860753a2f13b57b529be7 |
| SHA512 | 947acfdf9ba946e9a90a34e572185d03d0359e0cdeccb3103c8c90f4b9584fc310aa0e1a4a0c5a073fde539838905e545ea90c3aa3bc890df774e2f50816f8c0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ff9702ad59c55f5be5e5da732c818510 |
| SHA1 | d5458884e4525ecb3384ce649cc893e6a6c97a2b |
| SHA256 | 8cb77e0885e3e30e742c5883e7c74d663244a4be208ba135f95800826988a59a |
| SHA512 | ea00c2c9cdef0aa7f39f8380b0461c9d3dd4b0592339250269f22432e1aa1ea00cb69c22855fde3ec30848b533b3da29a8c84bf57153df8a8ba9fd706ba61a5f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f20162d2652faca0eeae37d65fd37b73 |
| SHA1 | 974a459327485fd515825cc1485d48a2234f434d |
| SHA256 | e929278ee3cd2ae43c482295400850b5cc2c7e8aeaddb11aef18395ffe19165e |
| SHA512 | 55f900b62a4d4f6198c170397894aa4ec1d78f1198c1f6a629465e3a0363d33ae1e066d5e246f100c6d1d55ca54150b60d31292c3c5bf88d2189e2308d10199d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\103621DE9CD5414CC2538780B4B75751
| MD5 | d6b589b75df73b3dee4e8c6bfec179cd |
| SHA1 | 4315fb997692ff8a6e9d1e9da8297be2736ca221 |
| SHA256 | d65e0a60ddcae62839e17670f4bf0c82cf4b797b3551f4bc0b3dc2e83a580743 |
| SHA512 | 02c792350ba3c747e14b10ea2aa3d0511b442162da5df6c6e3188e2091bfddf7e6078e39cb798b7a6c63f9b9ec8c0bf6b27f0159d0d388792e3d42f28ddcb2eb |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\1B1495DD322A24490E2BF2FAABAE1C61
| MD5 | fd1d6cbde9cdb67a93968b761d20c498 |
| SHA1 | 41c53f3a2dd241ba7dab68d07e6b376db2235722 |
| SHA256 | 8af131b4ee7d57cabfd01fdbd43ef95c423a7a4e21f891a04f66a7cd5a28c01a |
| SHA512 | 86ce9c112607a0207a196e3a193ac3a2c0ca3c6e862c39e49f903b747f417cd82556eca41dffd9b0a0900b3c6732dc1190991b28b01e18c6d0fd791c139879b5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 39d775046a8c4e75b74a4c8ecd7dde39 |
| SHA1 | 7bde3da3b56db41280778d1daf06029c08d1e3fc |
| SHA256 | ac8628463fe9eda566c8847b6aadf187935435db7f8f086495e07782b1112685 |
| SHA512 | 959bcecfbc379694440f8387e2a7f16017c80f833e76c99aa5228a48021baffd5453fa963b7f9169432cdab3f25d4d107287d7f808b14236cef04bfcc5982622 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d660abdc91b4c66469a303dd0270a13f |
| SHA1 | 22e6bcac5a5684036f612f3fb1f94ac52904f78a |
| SHA256 | b1b889e63e182436ddffa630f5695814a0a1b77f14063afd548fc5479680df3e |
| SHA512 | 1914b1a411d22417f90516c56ad38705fe19e82c2da5f8b70c6d7dafe02863e216a764157bc50856f85f577697f604e97db5a5e6d18eb1c3cf194787d071e9aa |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6d25ae17cd8a73c60dfabdf5c9df6d84 |
| SHA1 | c30ae95d09eaf75faf9d8006a21e8dc922a77979 |
| SHA256 | e339160a32962ae4d84499e365b1137bc0063db81072ef1787ea7a881d10824e |
| SHA512 | 73a3a063cb4655305086351b25c989fd99bc3197f67d0db6a77492d565098a9ba39f5c2481c77919e60f57c76d9fe3987841b6bdf73a508987412519cec05383 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c7fc62e09bc88594234adaa5428e4d2b |
| SHA1 | 6c941c54c6884e03c1bcc4b0244a1dddbd6f51de |
| SHA256 | c07bb35c8dda93a0c7285988a2ac227419e5ac1e7ae4d3c1490767ab4cc8a9b5 |
| SHA512 | d0a12e30b200adf141e1a30eba7c7bf05d5db7efd4d0f6cba56cb81695658421839cfb8f067ec6c2746ea9232b921ca982dafbca53140a4cecab92bf9497f7fe |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6b5a183176f9cebbaa069b777000f0da |
| SHA1 | cb8c3d8961f4c3b77ae48abcdb19ae2d6ae7c740 |
| SHA256 | e0d00ea0598a7a1f8a89df877972aafdb989488c6221da95f1c619b91f40c68a |
| SHA512 | 6042ffcb24f636d4f33e5966f7d0f347ef31bb638e26cd986ebdff575b94d1bae45eac81384d2641f3e97dae16f8b2a6d27c40eb8818dc18163d57ebf214c399 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 329448a9d8b12c0e2cf9c6d920c327ea |
| SHA1 | 7f5d372830cbcf4ba65f09ea2cb4102c6b4f46c2 |
| SHA256 | 9807debefc4bfe57af5731072e006d0772b245e71f7c6dee13c4b60acf5e31f7 |
| SHA512 | c6df4195c1502c745496bb3358ddde5826ed423eacd042041130d328dae3396c978daf1d0be7daf13641e43f031bc70fbcfdfe88a2b0cc9eb9528ce9b53cb65d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e723409fcfc4404c486bda939f390a01 |
| SHA1 | b025788ba0ad58907829c41fc7653a50f65ef9c4 |
| SHA256 | 63b5baf1c50175288e66600b4d36d7d883695d2639dfdef0880ba78eabdadb4e |
| SHA512 | e917ae69b7879835a33d7f2d58b698c7146fb618a153573d2caed4984ca2714c4d6ecfdbe9953f4c3e23e372f65181f72971489bde95478bc33e0db3d0aa07f2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 447e890ed0b1e83982d8640dc5a88623 |
| SHA1 | b4c7cdaebc7ad4438d7d90d1416897a55d25b5a2 |
| SHA256 | e235bc40f8814998cc7488d9f5e7c9d689df1580eb62bcb28c63f1a756cd3b2d |
| SHA512 | fbc54cc3e54a8741bfc499c8e1342d4288f7e00d9a0c58cd61fc022d430fc1b19cf15a0e7988098cf6cc3015ad24c9bd22e3c8a3c2b17d114cc4e277cc8c36ee |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 206568544419b5e49cbdb92d1c8a3bd0 |
| SHA1 | 745ac417a4bc45b72101ba7ffd1632042c34db4d |
| SHA256 | 4d7a07a8424d3ef5d0884a1c036422800ce71c6779949029600a05929f4c6982 |
| SHA512 | b6da3d942aad80de6b7f935903d41a38973dafa82231c77d1361581d5cf4b34a62a9daeda2503ccc7b05265ecd714615c1424ce325c160740c93acb3f3e9e707 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0216d7a9932eca48120c4a206f59c94d |
| SHA1 | 667c6f95423e173a5665bb66d7ab8cb79a673699 |
| SHA256 | c586b3b26af0c378a723d92ca6d168dc3ad8cd42880894f343615ed8361d78f2 |
| SHA512 | 65e1d0cb430966b94787ce7a49a55614426ab694d8b52c271962dac0dcde0f3b93d550af7956af7cff48dff878659cd6449adbbb6769f33d30204ca34281c290 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 107759e7a446675bc13c04bb9b35ccad |
| SHA1 | 66fcff6f8786580d0a23fd5b436b731c47ffefcc |
| SHA256 | e5d0f5a874bb5193806154b69dbec4ef1c35f8ff4e9bdf6559324ac22b74234f |
| SHA512 | 4369df2116e33c81b76e97edc87794853f16e70ee459fad8465f762037901ae88689cf1be81573852de1f0f2197388c56753f2a7fd5b2f4f7a03ee11a0ec48b3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8a4e1e45f4ff43248aa6b5a2ec7175ad |
| SHA1 | e902b0311e682ce0358397000479f7e3c0e7931c |
| SHA256 | f46fb4524f5ba8838c92e961c101ed58d231afab74aaf18ee6aa189767d60615 |
| SHA512 | 426d8601e297c48319df40870b8ef160a6cb313da39d8bced77b01fa1278f38d26a7aea9a3551a1566d76e0c23dc6cd1a3349246adc92ef3a7833d194770df4f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 68ed28c66aba8ab10a8aed49f6d40122 |
| SHA1 | 08e6ee77b96183b8c2b1ebb51a31037d778963a3 |
| SHA256 | 975bd7c61c7ca8634ae0633cbdac5375b7fb9164f3efc1a9aae76cbccce32219 |
| SHA512 | 9364a2d0f5e8d0aaab77951bb21be741b2ac11a7afebb428d75448f3365c28470a41664ba575acf048a6ae241b2658aed2316ddcd39bef27f99c04f2337e747f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | a266bb7dcc38a562631361bbf61dd11b |
| SHA1 | 3b1efd3a66ea28b16697394703a72ca340a05bd5 |
| SHA256 | df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e |
| SHA512 | 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | bd0d56778f23c04fd577f357541d67a8 |
| SHA1 | 0c41da42fe39ded619a3f2cf66fbd5918d4c53c8 |
| SHA256 | 2104890a135485f27664558c3af9ab786df744c10d27a05efd264f5792884e02 |
| SHA512 | ce1918144cb43d26213f634491903c35025042bc41995b5b4e56ad002cb77ac552c300aabc25837d0f8d64d1d9365e6d092b4bf468cacbda5345c8b5518bec22 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d70fa240c6720d2f5844e4d9007eb2d6 |
| SHA1 | a5c48958b94143db2d8f5d2f386fadd73958c35b |
| SHA256 | 6c7703b70fc398b8ad3cae7fe9a043094c9dac1f2025aa02f28b47aab2764e49 |
| SHA512 | 95b742220acfa1ea3470b128e0c74bd816c874b1a5a3ee8c350272d8e94a89159164812cc2aaf49c4c3923c3bcd41e08af4973cefca1eac591c0034b7de9fb78 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ab9ae027b85ef5a518813759b5c25f54 |
| SHA1 | 3f902622da5d1225ecc3669c93fd8189786c50fd |
| SHA256 | 0111ba9f5294867f07ba5c70c1983160368bbb9d17275ffe6ada7aa68d785e3f |
| SHA512 | ff0559962211545f1a262831791a160444f0efc87e35942ce69e499ae581034be1a82426fc01644437318b7e685868316ce8f57dc387505c5219f6573bfb9ad2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 551127ff3a307d985e6756fea3143381 |
| SHA1 | 6a384652aff66be6b10387ec03d087b04760b056 |
| SHA256 | 978327796ee98294ff3c409686c89f71a1ca12726a814decfa99feb52f043e3f |
| SHA512 | c95f8bb8059164ec1e6b03252518d4dfc66166a016a99de8beb8db19bc172313085cc0cebc8bbcb630f1758ab69fc14a22bba282cf97ab8df2068ea7d57648ea |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 60f0e162eabcf5b4e30b9e128780837a |
| SHA1 | 264ec7d15dec434d12999ed8eccdd750ea35ac30 |
| SHA256 | fc54b912ee3d0802a76037a866248e9bf9d3a7a57981a51df737236f27c2f2d6 |
| SHA512 | 488a1e93128e46a1c0fa15cd856919c491bb7717f8effcf4ef70e69e97ebad9bde93844ba8b3368f50ff61e9d70aa932349b9ed275f0aa4e136044c32078d7c0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | e4a68ac854ac5242460afd72481b2a44 |
| SHA1 | df3c24f9bfd666761b268073fe06d1cc8d4f82a4 |
| SHA256 | cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f |
| SHA512 | 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 972bb43981273bf5accf9429984ef797 |
| SHA1 | f8f8dddea5733774363f751bc32bdd31b2dd9d74 |
| SHA256 | a8fc6c1779a71ef52789bcca329614a4601b5ac8ffa3026040b8815e86081fd6 |
| SHA512 | e4c938eaf01c39f3ac90a5c6d0e230d3cfc8e579c41c1573f528156270dceb20c2e5132f7eca6117d4c92d2b31692a2ca3e549a3b39a712c76d20227e87321f2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | fe455ef055ec2bba5dc819382c5089b5 |
| SHA1 | 35ffad6f1ae119cff396dc5f6342ffaf01a0ad94 |
| SHA256 | 1ee03c62ea87832a0cbf257a5ce02093e91f12ff519a881e04b3a19ef7dcce09 |
| SHA512 | 754fcfb604ac8113f780278be43fba7aae0a8ccb5449871bcc01be5a747041b272a4d37a08f96888a695a87a5ca6c3619785b49e56a7e600e81c5afa4079beef |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | f5aa137b003d3a8f633a25b68858827b |
| SHA1 | df7c153e048d6a98fbe0849c9901fca787920bd8 |
| SHA256 | 5bf17ab5c3c9ac20122d39ada8d221607bcdfa3562ec7e5740a3c44d3b99d433 |
| SHA512 | 6e58de7eeb59d32e8e01b760aa111ff239e650603f191428bf8a3755bfc0144f52722e00b4a15a5081610f9151ed226a08841d906594a426c4df42a675318bc5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2f132fde2991b437424b24a32ce3ef34 |
| SHA1 | dcebad51b166af3f63ff5f59a7dcd583c0f5dd9b |
| SHA256 | a6488b3835189ce685b115374e3308d3258e0c9cbff4811466786f0ef8a83ca6 |
| SHA512 | 937479b9a20ae250ee9ae7efb42d168fe3993e169c58a3816adb4c908b08a3cdfcb4e7bedab3516a144a9c302fbda141a677553dd169980fa3be7ded22910cc4 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-13 08:05
Reported
2024-06-13 08:07
Platform
win10v2004-20240508-en
Max time kernel
145s
Max time network
124s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a48ca9d4e6542e9af98b9d7d47c7497c_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffaf08346f8,0x7ffaf0834708,0x7ffaf0834718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2012,8076332053760590773,3639048502658553344,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2024 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2012,8076332053760590773,3639048502658553344,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2456 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2012,8076332053760590773,3639048502658553344,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2924 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,8076332053760590773,3639048502658553344,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3252 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,8076332053760590773,3639048502658553344,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2012,8076332053760590773,3639048502658553344,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4436 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2012,8076332053760590773,3639048502658553344,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4436 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,8076332053760590773,3639048502658553344,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4692 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,8076332053760590773,3639048502658553344,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4288 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,8076332053760590773,3639048502658553344,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3460 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,8076332053760590773,3639048502658553344,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4332 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2012,8076332053760590773,3639048502658553344,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1744 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | cdnjs.cloudflare.com | udp |
| US | 8.8.8.8:53 | radarurl.com | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | www.yandex.ru | udp |
| US | 8.8.8.8:53 | counter.yadro.ru | udp |
| US | 52.111.229.43:443 | tcp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | eaa3db555ab5bc0cb364826204aad3f0 |
| SHA1 | a4cdfaac8de49e6e6e88b335cfeaa7c9e3c563ca |
| SHA256 | ef7baeb1b2ab05ff3c5fbb76c2759db49294654548706c7c8e87f0cde855b86b |
| SHA512 | e13981da51b52c15261ecabb98af32f9b920651b46b10ce0cc823c5878b22eb1420258c80deef204070d1e0bdd3a64d875ac2522e3713a3cf11657aa55aeccd4 |
\??\pipe\LOCAL\crashpad_3608_KCMNVRQVZOUPOBCX
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 4b4f91fa1b362ba5341ecb2836438dea |
| SHA1 | 9561f5aabed742404d455da735259a2c6781fa07 |
| SHA256 | d824b742eace197ddc8b6ed5d918f390fde4b0fbf0e371b8e1f2ed40a3b6455c |
| SHA512 | fef22217dcdd8000bc193e25129699d4b8f7a103ca4fe1613baf73ccf67090d9fbae27eb93e4bb8747455853a0a4326f2d0c38df41c8d42351cdcd4132418dac |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | f348144cc862a52b8b3942243f4a9cf1 |
| SHA1 | 06b18790e8f0c68f8555e62434bcd3be12891700 |
| SHA256 | 9d708bdf8a64ecdb1d323827e5bec985717b98fce92d493c1d9f1a48b7343bc9 |
| SHA512 | 8efe57c38293610f80f144db113165258d0b235d996e1689e7585ede1b34aff633dd182e1ba4cbcef954528702188da018e94fce9fd2fab811c5f5b2dd75d729 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 00250360e87c173eea11a79e9ee6fbf1 |
| SHA1 | 63c800b95e0cda4b488d333a658f6bedd9fd3fd0 |
| SHA256 | a63b13f2cfa7e55746f88ac928ebf99feaf1bc1102058630138150c036abaf12 |
| SHA512 | fc994fd9d5212f8f9907fa6602959d2c2e963fd6aaed6cf2dc0a240a7863b4759b40c806f4e018489256e172bf9eca8bd2f3c80110e1311f7cbc18d789966bc9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 3d8e1ec9595034cf0b0ad3b054c38d2d |
| SHA1 | 338e48f601b343b8e58ba8a52b6d08d54e3238cb |
| SHA256 | ee00d91220ed6928bb6189a690bcb4925168143ddfd66b0a5b42fae6c07d1e9c |
| SHA512 | ed1392461b5bfba69664d51f65bba3c4c49aaf4617b761c77f59c54564402271230bfe613e7821b54f5e09ec96ceeae8e91a51b9bd2764e802e8121115b8da5e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 206702161f94c5cd39fadd03f4014d98 |
| SHA1 | bd8bfc144fb5326d21bd1531523d9fb50e1b600a |
| SHA256 | 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167 |
| SHA512 | 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145 |