Analysis Overview
SHA256
851cb8fbeebaf25622ddd54b074224c8d06c3b29bc545b545bedead87fbc7222
Threat Level: No (potentially) malicious behavior was detected
The file a5022a184cab2e4aaaa29f3badcc94a3_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of SendNotifyMessage
Modifies Internet Explorer settings
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Enumerates system info in registry
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-13 10:08
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-13 10:08
Reported
2024-06-13 10:11
Platform
win7-20240611-en
Max time kernel
121s
Max time network
128s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424435187" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000006fb3d087c4ee9c4bb22550fd83a03905000000000200000000001066000000010000200000007e216d55ac85be2382e2167685fe8b45db5ace083b3a63817c47d668f926dc42000000000e80000000020000200000009d82f6bf943484684f491c78f7c2a82cb4324b7aa4bec4a74c75b7cd8b63134c90000000d8403513eaa30c37c8f527785b4aa7494cc813bcd1b76336a390d5b9ba1f6aef3707f44591b29e4492f2f667ce92618182046e2bc959644b4b20996ad2f191874503f678748029a58d04bc17510b7c050651ae1c6576963435a7524154a8d54d750d96084503e2863fc0d05818e29841f4f1c02f78bfd68565246c86d45c50825258c4f0fc3773d4bc8af0fafb0782d540000000a529b8b178a0e7f24273c8ab5dcd1b0dd7fea0ed0ab89641131c4447e517f2fa1c2ed6707d66ff8e24810d861a6096297db823bdf0735146b1da4c3a5df291eb | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 603e6bbf79bdda01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{E7C0A6C1-296C-11EF-A05A-CE80800B5EC6} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000006fb3d087c4ee9c4bb22550fd83a0390500000000020000000000106600000001000020000000522a65622f388a65388eb1d70ea42a626de638fd050d19cff5241be1aad35490000000000e8000000002000020000000a6d13a3c628b63e915de09c98d417b66c12afc235130e8e2e8a8dd60062ab2a220000000883364912ad85ee71885ab5d0848cffe5e63417583a2d6734ee0a35718fc1be140000000d18bb5f07e65fbb8ca2fea93aa98c2abc9cf385df6592840f97780bdcbaa1bc5efe2b5cfc900ae6db4cf743a0c7730b394746f4594c425c0ba8ab9115bafffc1 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2336 wrote to memory of 2296 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2336 wrote to memory of 2296 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2336 wrote to memory of 2296 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2336 wrote to memory of 2296 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a5022a184cab2e4aaaa29f3badcc94a3_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2336 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.barongroup.net | udp |
| US | 8.8.8.8:53 | widgets.givealink.com | udp |
| US | 8.8.8.8:53 | i2.wp.com | udp |
| US | 8.8.8.8:53 | s0.wp.com | udp |
| US | 8.8.8.8:53 | s.gravatar.com | udp |
| US | 8.8.8.8:53 | stats.wp.com | udp |
| US | 13.248.169.48:80 | widgets.givealink.com | tcp |
| US | 192.0.77.2:80 | i2.wp.com | tcp |
| US | 192.0.77.32:80 | s0.wp.com | tcp |
| US | 192.0.77.32:80 | s0.wp.com | tcp |
| US | 192.0.77.2:80 | i2.wp.com | tcp |
| US | 13.248.169.48:80 | widgets.givealink.com | tcp |
| US | 192.0.73.2:80 | s.gravatar.com | tcp |
| US | 192.0.73.2:80 | s.gravatar.com | tcp |
| US | 192.0.76.3:80 | stats.wp.com | tcp |
| US | 192.0.76.3:80 | stats.wp.com | tcp |
| GB | 216.58.201.115:80 | www.barongroup.net | tcp |
| GB | 216.58.201.115:80 | www.barongroup.net | tcp |
| GB | 216.58.201.115:80 | www.barongroup.net | tcp |
| GB | 216.58.201.115:80 | www.barongroup.net | tcp |
| GB | 216.58.201.115:80 | www.barongroup.net | tcp |
| GB | 216.58.201.115:80 | www.barongroup.net | tcp |
| US | 192.0.73.2:443 | s.gravatar.com | tcp |
| GB | 216.58.201.115:443 | www.barongroup.net | tcp |
| GB | 216.58.201.115:443 | www.barongroup.net | tcp |
| GB | 216.58.201.115:443 | www.barongroup.net | tcp |
| GB | 216.58.201.115:443 | www.barongroup.net | tcp |
| GB | 216.58.201.115:443 | www.barongroup.net | tcp |
| GB | 216.58.201.115:443 | www.barongroup.net | tcp |
| GB | 216.58.201.115:443 | www.barongroup.net | tcp |
| GB | 216.58.201.115:443 | www.barongroup.net | tcp |
| GB | 216.58.201.115:443 | www.barongroup.net | tcp |
| GB | 216.58.201.115:443 | www.barongroup.net | tcp |
| GB | 216.58.201.115:443 | www.barongroup.net | tcp |
| GB | 216.58.201.115:443 | www.barongroup.net | tcp |
| GB | 216.58.201.115:80 | www.barongroup.net | tcp |
| GB | 216.58.201.115:80 | www.barongroup.net | tcp |
| GB | 216.58.201.115:80 | www.barongroup.net | tcp |
| GB | 216.58.201.115:80 | www.barongroup.net | tcp |
| GB | 216.58.201.115:80 | www.barongroup.net | tcp |
| GB | 216.58.201.115:80 | www.barongroup.net | tcp |
| GB | 216.58.201.115:443 | www.barongroup.net | tcp |
| GB | 216.58.201.115:80 | www.barongroup.net | tcp |
| GB | 216.58.201.115:443 | www.barongroup.net | tcp |
| GB | 216.58.201.115:443 | www.barongroup.net | tcp |
| GB | 216.58.201.115:443 | www.barongroup.net | tcp |
| GB | 216.58.201.115:443 | www.barongroup.net | tcp |
| GB | 216.58.201.115:443 | www.barongroup.net | tcp |
| GB | 216.58.201.115:443 | www.barongroup.net | tcp |
| GB | 216.58.201.115:443 | www.barongroup.net | tcp |
| GB | 216.58.201.115:443 | www.barongroup.net | tcp |
| GB | 216.58.201.115:443 | www.barongroup.net | tcp |
| GB | 216.58.201.115:443 | www.barongroup.net | tcp |
| GB | 216.58.201.115:443 | www.barongroup.net | tcp |
| GB | 216.58.201.115:443 | www.barongroup.net | tcp |
| GB | 216.58.201.115:443 | www.barongroup.net | tcp |
| GB | 216.58.201.115:443 | www.barongroup.net | tcp |
| GB | 216.58.201.115:443 | www.barongroup.net | tcp |
| GB | 216.58.201.115:443 | www.barongroup.net | tcp |
| GB | 216.58.201.115:443 | www.barongroup.net | tcp |
| GB | 216.58.201.115:443 | www.barongroup.net | tcp |
| GB | 216.58.201.115:443 | www.barongroup.net | tcp |
| GB | 216.58.201.115:443 | www.barongroup.net | tcp |
| GB | 216.58.201.115:443 | www.barongroup.net | tcp |
| GB | 216.58.201.115:443 | www.barongroup.net | tcp |
| GB | 216.58.201.115:443 | www.barongroup.net | tcp |
| GB | 216.58.201.115:443 | www.barongroup.net | tcp |
| GB | 216.58.201.115:443 | www.barongroup.net | tcp |
| US | 8.8.8.8:53 | static.addtoany.com | udp |
| US | 8.8.8.8:53 | www.webprez.com | udp |
| US | 104.22.70.197:443 | static.addtoany.com | tcp |
| US | 104.22.70.197:443 | static.addtoany.com | tcp |
| GB | 216.58.201.115:443 | www.barongroup.net | tcp |
| GB | 216.58.201.115:443 | www.barongroup.net | tcp |
| GB | 216.58.201.115:80 | www.barongroup.net | tcp |
| GB | 216.58.201.115:80 | www.barongroup.net | tcp |
| US | 54.153.1.168:80 | www.webprez.com | tcp |
| US | 54.153.1.168:80 | www.webprez.com | tcp |
| US | 8.8.8.8:53 | apps.identrust.com | udp |
| US | 8.8.8.8:53 | apps.identrust.com | udp |
| IE | 2.18.24.9:80 | apps.identrust.com | tcp |
| GB | 216.58.201.115:443 | www.barongroup.net | tcp |
| IE | 2.18.24.9:80 | apps.identrust.com | tcp |
| GB | 216.58.201.115:443 | www.barongroup.net | tcp |
| US | 54.153.1.168:443 | www.webprez.com | tcp |
| US | 54.153.1.168:443 | www.webprez.com | tcp |
| US | 8.8.8.8:53 | x2.c.lencr.org | udp |
| US | 8.8.8.8:53 | x2.c.lencr.org | udp |
| BE | 104.90.25.32:80 | x2.c.lencr.org | tcp |
| BE | 104.90.25.32:80 | x2.c.lencr.org | tcp |
| US | 54.153.1.168:443 | www.webprez.com | tcp |
| US | 54.153.1.168:443 | www.webprez.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\Cab1E2D.tmp
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\Tar1E4F.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
| MD5 | 6bd53ecbb5ba71bd1fa0c40aba42dee5 |
| SHA1 | 6891a6186227b759f58066ba5543320e5799fea3 |
| SHA256 | 61439b637ced8d087456748b1b2bc01d7fb72d4e1bbfe30dcd060c4e57d2a4c9 |
| SHA512 | 2a05da6b58d75377bb711b876dab7e3c47dfc36d89a3f2d82a000e6b5e4ccc3c567ad324a72f0a830168f98b656d8d0c9cff46e952eacc6e732bf16e2bdf7197 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
| MD5 | cb85f3fcf86ef0de7ef258539cae87de |
| SHA1 | c73288fff07885a62f8c7033b348863ed3b8cad1 |
| SHA256 | 7430a96d94b1faa5363b7656b323ffa416fd262e0405e498bb143dc93443963f |
| SHA512 | dc152f2e8c8f7e316e84f7a1f3996e02c08d582d6d0e40b8bf7171e359ea952a80b7452e56690b30fe98b4655d4744e8529a930449ef1cd853e377f86294b2d2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_45E3C223BCF135987E4038FB6B0DBA13
| MD5 | 037ae8164352ca91e80ad33054d1906d |
| SHA1 | 1d6520e9f51637e61ee4554393f5ac5eddb18ebd |
| SHA256 | 07c018eb07002663d5248daa8a65eaf587955e3db45735e7e3ac9cb13d7d664e |
| SHA512 | a092a9e43bb47bdb0e081bd4f2c0ef7c6f0ab9fbe3babd624d577186ba52e52e86209a527ced887275b74aa127b03e83c476a2a39a1d6dcf0ba1d024e7bd7730 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F66C41EAA2D81999FE21D0505464F585_C176EBF37ADC469920341144AECDB053
| MD5 | 7132e381c7bf0365e705410e29870675 |
| SHA1 | 3ad47ef50b190027beaeb6900f6b865be2e098dd |
| SHA256 | 5cc0a75c8270971e4f822cae7a5abb3996e98bbbd1fc6e4eaffbb3f9228bbb24 |
| SHA512 | f6818b3bcfc5b2a28da858557bee3d1c9e8cd6dc074742b836870411c773b5419f4f92ff45557313285cd228f16d501cf5be64a4b0adea36faf2bb05e0e5e8c3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F66C41EAA2D81999FE21D0505464F585_C176EBF37ADC469920341144AECDB053
| MD5 | 90f1b54cd8d0976ae9f5fdc103076a49 |
| SHA1 | 5062e76c272e99fad5fe09472fee0c08a179f355 |
| SHA256 | 86e8992427b58647bb8a641a4a43a4b9529ade0bcda1c3d6596a1bd54bdbb1ac |
| SHA512 | 0a30f126412ad5cc988db9dafdf49cb8d732d6a48b18ad31dccd83814ae107fc6ec512e11efe99be472d51c404fab2704b01c8e0f67b8cec67171b440187b7c0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F66C41EAA2D81999FE21D0505464F585_C176EBF37ADC469920341144AECDB053
| MD5 | 64635c078aa0bb7477923e1695806394 |
| SHA1 | 39d26ba961f3ccee247ad52e9a62b7f7ac795859 |
| SHA256 | 2895e81e1faacb7fa1170b8597e46ddc5e66acbf05373d6418cbc7db640d4a87 |
| SHA512 | ad1646c9c57999a6ba213710c7ceb3c7a8007430419c83108ca128a12a6ca412c865fda5fc6a6895b1e2f0f193e433db512eee0bdd6c4a83a74149d2ce9148a1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 95f472cd1dcea67633beb153dd1a3244 |
| SHA1 | 15fa325e83667a461cd2aaf20a79215b0dec46d7 |
| SHA256 | 8237aa49b431092d58afa254058f85ae3ef3d793528c909c934bc566a01e984c |
| SHA512 | 0e7ca9d9fc0004168b5641946963feeea85cabdbc100cc36ffc0584cbd5685551557dff046ec0f0f9472e8ff001286d29d121cbfcb95b525223c660b3b62c9b9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 635429d6260978b191d1cf180f8660e7 |
| SHA1 | b050e3458ed47b8237d4f914be16e4ddd4abae1b |
| SHA256 | e079c91b91faf0c4ee63140cf93ba45f5217c8c20162eca189e7ad6f3287534a |
| SHA512 | 797e7e7c21da323a96824499c651436de94a1c56fa8f99aa6f0113f11bb3f9615d65f79928c898872d2ebe2a244322d3b56b16766663e85b8a9f7c006a71c1f5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | be51b1e4fda16ceb3ccb87e97af21512 |
| SHA1 | 3a1ccf1f29a93f12b8173d72b029c532ce430632 |
| SHA256 | 8c83448cf8bf43952598bd23aa3c70ed6f917a8ecee08cea391629b84afc1ab1 |
| SHA512 | adc5cd24bc3a984f50764fb8ea8433e2b88dfd915be3ef9ae2c521875910f6c113447ea73bb69b038f2640aed5d7b4e93aa6fbd7485b69e6cef919c3936682e1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b7e58128c1521fdb6c86dfa7743bc26d |
| SHA1 | 52ee21259ab488e1b042b848a53582181b6299a1 |
| SHA256 | ba62f06f635b43dea8ea4218351ec1fa265a30adc41d9b8c943510bee289d1c1 |
| SHA512 | 0d90af2f9469d5118f9bc34338758540939666b7d328a42beaf2d10685269f3e12bea2c161327d3c614c402d29683973a7f6cda20275cdc7a3c57f54f079658a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 68834f123413598d3ea3f18a0d8c719c |
| SHA1 | 162d28583bfd91e63a393ba79f1a2f91aec081bf |
| SHA256 | 6d4be1979c2bcadf55e241060067f2d592bfd10fea156ca9e195c309d4e8d115 |
| SHA512 | 6700006696558ccb0ebafd863cd41b8fe20837f3d624476ae6c2ba1766529096421dfa55cb65179e9918df3eb0253525e7a6239a23330c5d6274271685a9dbce |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e1e683b70a6c3a8115d3be90b0fcb293 |
| SHA1 | 880ca6aa0ef6a7a881e528c333487f09618d5bfa |
| SHA256 | 8e678502715046392842f4420a7a714e51d350bf4549dc812eb48e617dd662a7 |
| SHA512 | 76d7597707bf525612038680131331508a8a06cb88ff2fccf46588f539fe6b21db33135920b9eea35be26a9d9de5de98d834616c9ddd3153e15665c936138527 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 035c9143cdc32592be2bc2378af90309 |
| SHA1 | 73ca5c46e317840d115a65e8790f8701f571d1a7 |
| SHA256 | 98f03ec9fbed25547185c37611489830522a25270c4b7d439e4589dcac002436 |
| SHA512 | ab7c1bc71f7c0a012b2d83862d4d922f1a828b8d321658becceb4d7ec3ab6a9d1c3ba10de12ea97b418c00111b483a1f51bf48f40d3adc1abfa2513927dcc0d9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d2b5fc07a48d64261cdc8b9f734207b1 |
| SHA1 | 856c5d2a32584caed75add12b92d56c669024dad |
| SHA256 | 173b942b878b36db0b4f68fcf82d0d97229adf632909bbab24e44f9586258624 |
| SHA512 | f5a3ebfb5cf839d88542c6d0724ddf2d5af8ef13bcf071b373bd81592dd406b2424754ae88eeb9d6a5a1238dc85e6fedf03c6636a204101670cefc0069c6958b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | de1c133725ae51595c5503cc03d042e8 |
| SHA1 | 34ed45c484e0080a4d69698ff868acefe58aadac |
| SHA256 | 90c0ca914a15282fdbb7de07030efccab27c6c3f26e2beb65f5b512983580a6b |
| SHA512 | 64e8a13372219a247847cec9e309f2d6d1b10be1ea761d101e8b350226d8bea0f4d0f751dcc13b6f56c3aa99759d99a88cb240ed07b18ef1cd7ed974e531c888 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2439934a5ca6f75ade3303462a2166a4 |
| SHA1 | c98740977e394bc33c0b58cf274cce677e86cbc2 |
| SHA256 | 12a6ccb941ef9cb512bea0fe663b83fbf448e290f053e02164687f99f1254a64 |
| SHA512 | 51daba73e4bd254c1cbd5636e2b7c2a19c555be3adb241fb55a249bb56adb997e6158206d4172f99bbe13530f469cad0d62e912d3aa6eabe49afbbdf8ecaff72 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8a1097b312e82f92749e8c111981f445 |
| SHA1 | ed03b6ea1da849174c856de78d8cc0c1db68f2ea |
| SHA256 | 741a99ec6364804aa76204389576cccfb1e4409c014aeec7d3701ce85b79f6d2 |
| SHA512 | 7c09a7f15afaced0893584c75564a20c1af5a2a60f158d989e0147dff596c14c2b400be2516feaa4ce5960a0f7e493a90154ecfa0124cbbc60bc313fefeca888 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6882b653ae0068e3f335b515e5dd46be |
| SHA1 | f0eaed7401db7fefe14d45c7d20303748ceb8e06 |
| SHA256 | 2a8b4eedb2c2b376b89501f8382fe53e1dfd1f4afe5602432019a5194b77cba0 |
| SHA512 | 510c0581498cc6fa8a9fe176740415e2876cfc23cb31f752445b2c3ebd1e270670a38ccd1739910da7f415cfe79ee9c7b19eee32f087f746370c33dda5e129eb |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0d3f230a4ca5a931503f89f5fd70458f |
| SHA1 | e73d06d4886900810b95b8f90da1f6e7c9735ef8 |
| SHA256 | 682d1d297de0424e951b90a2c8055a1abdfa1fa8e91ab13306e227a89a1a4d5a |
| SHA512 | f3ec41445abc249b5fffaeba2f35cb8da2f057977cb5e96e65bfbd9c266fd6310bdd08fdd272e53ac7636d7fba73726243dfef582c14df1a3d66b0dcbb7ab400 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 47378cf0462578181f638269afd69b35 |
| SHA1 | 22a476e970986a6890ed2271874dea7abf4e86b4 |
| SHA256 | 406b9951001f115fcfbddb76f5a0ec2ff983fb4db8713ecc75e7e96c8588fe2e |
| SHA512 | 313b64775aeccb03519c58665b3a079fc5dcf4e508eed3844ea0746fb59022ecb8cbb7847c490bc51b92bac1708dee467a56a9c2a4afd201e1cda5ef6dc62816 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d1c0be2584c80db0dbd91daa036f6956 |
| SHA1 | b6a048a22fc00cf8a85d7d3a1ebc08bf07796ae2 |
| SHA256 | 8af98253c81095e5b4f99ee3576b90c29ef54161b216d9146be1843f20a17f18 |
| SHA512 | 257130b8c73dab9d09532c93e480f1b99f9aa5637c29aa48cae64a2b34dda3e4da7d7eae68beafa08d19209ad75112425dcd54e5bd653e89d8f300b946a04def |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 663efb9a37f526f6e46f84e171c91d5b |
| SHA1 | 29b43126a4a5664396124b2a5569248c815352c1 |
| SHA256 | 6153bd868a73230bc85972b6fd588287d5f9398c8561f313b5177900580b97b8 |
| SHA512 | 0f54b16c62ecae1c4703c8cca998e9a087a0062e235878b81b160d90b4a1be764a8a060d57788b6d9222453d8a896db2445b13836da3fcaaa412f052979c3002 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b02f91086944b1c8813c4805374d2009 |
| SHA1 | c27d3ae8561c45d2842e4d8ae53264be59b2a6c5 |
| SHA256 | c9ccfe8b78aefae6ce385d148dddf95367507977b27470140c06d3d1303aa90e |
| SHA512 | c9401683b337b5aeb48d6d2da59486b399cb5d0ed167ef884582196059dee742e3a6492de46ebb9836a83419b8f56451749e80c260c6d74744fef33a1f80d1ba |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 25a437f8622d1e94d7d86db4973dfed1 |
| SHA1 | 9a1f30cd1fbc2227d48a5204f7dbc3a6ca91bf46 |
| SHA256 | 855982e3d679a59cbec89d6ef1e93ba23057f56e1c7983ddf1f5f4df25509703 |
| SHA512 | 020e020e6f084d3b285c658661fb126ddbafdce96932b2e25fb3d2ede5f1a74682714a59aab3c181d008e3438b5fe03ee0d8ea7ecfa7947e21e933e47b051c0f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7c847cbcafe4731e36b2b56ed15b9ecb |
| SHA1 | e720414645064d3a8fe6bed3cc7c19b60c696a82 |
| SHA256 | 13804b53236c36593758ed9f3f541a1dacf6e5c82920ef2f6a70eedf992105ca |
| SHA512 | aadd2fc70cc246d73e97fb34e2d9f8ecabc74c4af4a7c40dd8a12d7cb4f78d9c5e28d207c0f28475272cdfedbe771ab80819fc285cd5cfb6416155026e6f9625 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 186719bf02e322a76eb93ebd15c13762 |
| SHA1 | 3a7878db7587d335609236d9885ac965b9b045d2 |
| SHA256 | e485fa9e83d00f35a8aa35cef0f50b41401423c6bc0ede4270739e25cf430f17 |
| SHA512 | 09787a70644a4ca0bce9dbbbddcd90127052d2a0a42670dcabdfafd48cbf980db231d3b7005217a2360784d614e96ae664c35eb1269f2ca69ad3c3ff5ceb6cfa |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a109b3b2cf9725eff1002f65ca87b881 |
| SHA1 | a468677d4425af347681b8a5db116f9dd581d805 |
| SHA256 | 0dc8dbd0e905af3e7c6ebc84487a624d715019e4b776e5915df0d4e3ef380b09 |
| SHA512 | eafd4daace34897ce6797def665e9beb5ed9efe47af8732bd8066a8c6572509691fd6260817c1ee3d550027137b21d4b74a3ec669aef83e98eb00f5f4dbf20a6 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-13 10:08
Reported
2024-06-13 10:11
Platform
win10v2004-20240611-en
Max time kernel
150s
Max time network
150s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a5022a184cab2e4aaaa29f3badcc94a3_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd90b646f8,0x7ffd90b64708,0x7ffd90b64718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2128,5650980103228801014,9480387161090911919,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2144 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2128,5650980103228801014,9480387161090911919,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2252 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2128,5650980103228801014,9480387161090911919,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2752 /prefetch:8
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,5650980103228801014,9480387161090911919,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,5650980103228801014,9480387161090911919,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3320 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,5650980103228801014,9480387161090911919,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4912 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,5650980103228801014,9480387161090911919,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4732 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,5650980103228801014,9480387161090911919,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4092 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2128,5650980103228801014,9480387161090911919,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6184 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2128,5650980103228801014,9480387161090911919,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6184 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,5650980103228801014,9480387161090911919,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1940 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,5650980103228801014,9480387161090911919,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5848 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,5650980103228801014,9480387161090911919,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3856 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,5650980103228801014,9480387161090911919,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4192 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2128,5650980103228801014,9480387161090911919,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4796 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.barongroup.net | udp |
| US | 8.8.8.8:53 | s.gravatar.com | udp |
| US | 8.8.8.8:53 | s0.wp.com | udp |
| US | 8.8.8.8:53 | s.w.org | udp |
| US | 8.8.8.8:53 | widgets.givealink.com | udp |
| US | 13.248.169.48:80 | widgets.givealink.com | tcp |
| GB | 216.58.201.115:80 | www.barongroup.net | tcp |
| GB | 216.58.201.115:80 | www.barongroup.net | tcp |
| GB | 216.58.201.115:80 | www.barongroup.net | tcp |
| GB | 216.58.201.115:80 | www.barongroup.net | tcp |
| GB | 216.58.201.115:80 | www.barongroup.net | tcp |
| GB | 216.58.201.115:80 | www.barongroup.net | tcp |
| GB | 216.58.201.115:443 | www.barongroup.net | tcp |
| GB | 216.58.201.115:443 | www.barongroup.net | tcp |
| GB | 216.58.201.115:443 | www.barongroup.net | tcp |
| GB | 216.58.201.115:443 | www.barongroup.net | tcp |
| GB | 216.58.201.115:443 | www.barongroup.net | tcp |
| GB | 216.58.201.115:443 | www.barongroup.net | tcp |
| US | 8.8.8.8:53 | 14.160.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 115.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 48.169.248.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 203.197.17.2.in-addr.arpa | udp |
| US | 192.0.77.32:80 | s0.wp.com | tcp |
| US | 192.0.73.2:80 | s.gravatar.com | tcp |
| US | 192.0.73.2:443 | s.gravatar.com | tcp |
| US | 8.8.8.8:53 | 32.77.0.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.73.0.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | i2.wp.com | udp |
| US | 192.0.77.2:80 | i2.wp.com | tcp |
| US | 8.8.8.8:53 | stats.wp.com | udp |
| US | 192.0.76.3:80 | stats.wp.com | tcp |
| US | 8.8.8.8:53 | 2.77.0.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.76.0.192.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | www.webprez.com | udp |
| US | 54.153.1.168:80 | www.webprez.com | tcp |
| US | 8.8.8.8:53 | static.addtoany.com | udp |
| US | 8.8.8.8:53 | i0.wp.com | udp |
| US | 8.8.8.8:53 | i1.wp.com | udp |
| US | 104.22.71.197:443 | static.addtoany.com | tcp |
| US | 8.8.8.8:53 | apps.identrust.com | udp |
| IE | 2.18.24.9:80 | apps.identrust.com | tcp |
| US | 54.153.1.168:443 | www.webprez.com | tcp |
| US | 104.22.71.197:443 | static.addtoany.com | tcp |
| US | 8.8.8.8:53 | financialsecurity.video | udp |
| US | 54.153.1.168:443 | financialsecurity.video | tcp |
| US | 8.8.8.8:53 | 197.71.22.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 168.1.153.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 9.24.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | optassets.ontraport.com | udp |
| US | 172.64.146.119:443 | optassets.ontraport.com | tcp |
| US | 8.8.8.8:53 | i.ontraport.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | 202.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 119.146.64.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | app.ontraport.com | udp |
| US | 172.64.146.119:443 | app.ontraport.com | tcp |
| US | 8.8.8.8:53 | static.hotjar.com | udp |
| US | 18.245.175.78:443 | static.hotjar.com | tcp |
| US | 8.8.8.8:53 | pixel.wp.com | udp |
| US | 192.0.76.3:445 | pixel.wp.com | tcp |
| US | 8.8.8.8:53 | script.hotjar.com | udp |
| FR | 18.164.52.73:443 | script.hotjar.com | tcp |
| US | 8.8.8.8:53 | 99.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 104.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 78.175.245.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 38.201.222.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tracking.ontraport.com | udp |
| US | 209.170.211.179:443 | tracking.ontraport.com | tcp |
| US | 8.8.8.8:53 | 73.52.164.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 179.211.170.209.in-addr.arpa | udp |
| US | 8.8.8.8:53 | pixel.wp.com | udp |
| US | 8.8.8.8:53 | 86.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.31.95.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 23.236.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 3a09f853479af373691d131247040276 |
| SHA1 | 1b6f098e04da87e9cf2d3284943ec2144f36ac04 |
| SHA256 | a358de2c0eba30c70a56022c44a3775aa99ffa819cd7f42f7c45ac358b5e739f |
| SHA512 | 341cf0f363621ee02525cd398ae0d462319c6a80e05fd25d9aca44234c42a3071b51991d4cf102ac9d89561a1567cbe76dfeaad786a304bec33821ca77080016 |
\??\pipe\LOCAL\crashpad_2656_DIIIQXMRUMTPMNLO
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | db9081c34e133c32d02f593df88f047a |
| SHA1 | a0da007c14fd0591091924edc44bee90456700c6 |
| SHA256 | c9cd202ebb55fe8dd3e5563948bab458e947d7ba33bc0f38c6b37ce5d0bd7c3e |
| SHA512 | 12f9809958b024571891fae646208a76f3823ae333716a5cec303e15c38281db042b7acf95bc6523b6328ac9c8644794d39a0e03d9db196f156a6ee1fb4f2744 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | abc88fc7dc6368ad42729827c6530097 |
| SHA1 | 0cb6290f45c10cc19c73b9de317936f619e86c6f |
| SHA256 | a1260ab42a80ce5c11d687982762c4773df87bf2921b742e1aae3a47016708e6 |
| SHA512 | 4b1af2e210dc0d501a46b0040b324b3eb1d55de8d70c8da1e3b48b0118e93d843b92324511a431ccd99c77bb984d4c637af5892fd5ae8a5066cbdd24ed541ffa |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | ff9f54393c1fa899e7bcfdfb529a0472 |
| SHA1 | a1580f0324498fc9c9fbb630794562eb5040efc9 |
| SHA256 | b182713a3258f28740ed0471472011b80d5caea8560a97bdde9a53525dd35cf3 |
| SHA512 | 84641f6262f3d74c2d064a32e7fa4018de5c33bf508d2b41ddc44286876b2bf17c7aadce0f971409d8369cc61b4c1dfa370e4465b210292cdfc98a61ce76d6f7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 8835072e9b4da24ed0dd8d333d2a33b5 |
| SHA1 | 55b4e60c0ddd0d25759030a29462a81b054ffceb |
| SHA256 | 9d42ff704942b04dd225397ca0c73803094dfc35910f04c4eb0c15f8cd9069bf |
| SHA512 | 1440e8ebbea2060bd37be3dec3f4d1949cb23fac02a37105b65a83e5d1c87d3cee66f3f21ae37795151f6a6cb04e3c058e3093835ad8b72bce3af4f01edea740 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 2cc263e33873a67b6a8be38f38be92d4 |
| SHA1 | c0bd99593d3177db4b519493e04e885b1b3d4f4e |
| SHA256 | 34c2b4f41cfb73f150d7ab97ce5c1ab4073204f6de2730efaa17cc9c1b47d3be |
| SHA512 | 56cf81b06afb0ab2ed10b6d768f0b57481cccc402d2536e3b22fade972d482ee1da7e923f6643581afca141a3ba3a364a96cad67e537a3d291b1478a46b33b73 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 67404637ba8cf4950ae40c859115fdea |
| SHA1 | b639018ea02e88ecd5d305423df6c9f4cde43d36 |
| SHA256 | 10e6302e5e1e012f2eba88d4a0a2d71bc6f55f45ae3b26958150fa52c64ef694 |
| SHA512 | 9e0f66ce425e4874784eeed552f91739b259f3d94bf0a4b63670d6bd891b7d51f8c68d318845898e745c7520f75d5be6991738bc5237eb88c9a5898936d1baf1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | b2b33889da1fd299db8692dc878797ea |
| SHA1 | 771f76eb553ca759916603bfa100cdca4e013ed3 |
| SHA256 | a764e2e8d802610a0fa3fb34965a720bc4c1d7ded7790ffeb7f21e7d9287555e |
| SHA512 | c8c2f981e70081a5bdb54e293fd5d7e3a641916cc3abc4aa9901df24dbc946260eafd0c3e2202f661f36fa38338d01c63b4d3ace0137e4aa1b57366674b3d50e |