Analysis Overview
SHA256
f4c30fb23652e5fe88bc78b9ed92be8b91a721994983e161626e351909942f7c
Threat Level: No (potentially) malicious behavior was detected
The file a4d7595ad86fc00879035c068e614dc2_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Enumerates system info in registry
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of SendNotifyMessage
Modifies Internet Explorer settings
Suspicious use of FindShellTrayWindow
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-13 09:25
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-13 09:25
Reported
2024-06-13 09:28
Platform
win7-20240611-en
Max time kernel
135s
Max time network
133s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005ec80cf279b2564c91633e21940a807600000000020000000000106600000001000020000000d489de1d29c3a74ed17480a042664824433b2807721dc17d058bb50d19ad3df8000000000e800000000200002000000098ded6fd5e82c3e9b4815c372eccea552db2e6e9e563d27075abab24d72ce669200000007794c8d64e9d27074b9390b939b80d5253c7291f90c2692b45c08dd46356de96400000004bdd32f1839d97b02b789152f869116d973896b799f47ecb0e0c2f1a55c8a2d2a90d8cefebd47374919379f9b80ff82032b38d529ebb691c12d9b090fd85a7a0 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424432630" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 30f7f7e673bdda01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{F3845DE1-2966-11EF-B3FC-D2ACEE0A983D} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005ec80cf279b2564c91633e21940a8076000000000200000000001066000000010000200000003888962b0540d6d68036e8fb66d92e3469cc34d571d0f86cf9bb333ba6995c95000000000e8000000002000020000000adc79dbcc39a073c7136f004f0dd79aac66750d857bea3d8f39507617925591f90000000f2fb5a12618cd3ae6e51a74056c4632b83de55c71d51ce4ffe09e70c765c0af38190b67c9b3d264da9c28a697d0b1047f7abf2d52422c2a998528af7350f7d0f0bc5ed2259819c5a8943d90c5abf718d1646749eceb32ca5cec9d33b2aab2f7d450404e89f50622f816e4fd8be4cb4ee4145d08cbca2498d0218f20091ee48d1810d4afbb908c092d23566b62c3d68b740000000d570a0681aafcb475f27ebf5974d7277d6e8995824ec8aa2b933aa7b46ef0a1de05ba9d43401a1b014c01c71aa36ae3a621d047a30b86e7dd8c7cff6911790b3 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2996 wrote to memory of 2516 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2996 wrote to memory of 2516 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2996 wrote to memory of 2516 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2996 wrote to memory of 2516 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a4d7595ad86fc00879035c068e614dc2_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2996 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | apis.google.com | udp |
| US | 8.8.8.8:53 | www.blogger.com | udp |
| US | 8.8.8.8:53 | resources.blogblog.com | udp |
| US | 8.8.8.8:53 | lh3.googleusercontent.com | udp |
| US | 8.8.8.8:53 | lh6.googleusercontent.com | udp |
| US | 8.8.8.8:53 | lh5.googleusercontent.com | udp |
| US | 8.8.8.8:53 | lh4.googleusercontent.com | udp |
| GB | 172.217.16.225:443 | lh4.googleusercontent.com | tcp |
| GB | 142.250.178.9:443 | resources.blogblog.com | tcp |
| GB | 172.217.16.225:443 | lh4.googleusercontent.com | tcp |
| GB | 142.250.178.9:443 | resources.blogblog.com | tcp |
| GB | 172.217.16.225:443 | lh4.googleusercontent.com | tcp |
| GB | 172.217.16.225:443 | lh4.googleusercontent.com | tcp |
| GB | 172.217.16.238:443 | apis.google.com | tcp |
| GB | 172.217.16.238:443 | apis.google.com | tcp |
| GB | 172.217.16.225:443 | lh4.googleusercontent.com | tcp |
| GB | 172.217.16.225:443 | lh4.googleusercontent.com | tcp |
| GB | 172.217.16.225:443 | lh4.googleusercontent.com | tcp |
| GB | 172.217.16.225:443 | lh4.googleusercontent.com | tcp |
| GB | 142.250.178.9:443 | resources.blogblog.com | tcp |
| GB | 172.217.16.225:443 | lh4.googleusercontent.com | tcp |
| GB | 172.217.16.225:443 | lh4.googleusercontent.com | tcp |
| GB | 142.250.178.9:443 | resources.blogblog.com | tcp |
| GB | 142.250.178.9:443 | resources.blogblog.com | tcp |
| GB | 172.217.16.225:443 | lh4.googleusercontent.com | tcp |
| GB | 172.217.16.225:443 | lh4.googleusercontent.com | tcp |
| GB | 142.250.178.9:443 | resources.blogblog.com | tcp |
| GB | 172.217.16.225:443 | lh4.googleusercontent.com | tcp |
| GB | 172.217.16.225:443 | lh4.googleusercontent.com | tcp |
| GB | 172.217.16.225:443 | lh4.googleusercontent.com | tcp |
| GB | 172.217.16.225:443 | lh4.googleusercontent.com | tcp |
| GB | 172.217.16.225:443 | lh4.googleusercontent.com | tcp |
| GB | 172.217.16.225:443 | lh4.googleusercontent.com | tcp |
| GB | 172.217.16.225:443 | lh4.googleusercontent.com | tcp |
| GB | 172.217.16.225:443 | lh4.googleusercontent.com | tcp |
| GB | 172.217.16.225:443 | lh4.googleusercontent.com | tcp |
| US | 8.8.8.8:53 | www.777seo.com | udp |
| US | 103.224.182.251:80 | www.777seo.com | tcp |
| US | 103.224.182.251:80 | www.777seo.com | tcp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| NL | 142.250.27.84:443 | accounts.google.com | tcp |
| NL | 142.250.27.84:443 | accounts.google.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
| MD5 | 1b8b0a9b8599537563ae603d2a8fb7cd |
| SHA1 | 53648a922c229e03b59e5e36b2f3ceb4317843f5 |
| SHA256 | f212b0e6eabacd332f5893b36016136510a01be1c9fdba56c5361510fe1d6d22 |
| SHA512 | 66577ce61320b107fb0dc13937523721387c5ff435c3b799c25b1845570ed66397ef1d9481d93b5b0dca71f1f91f819624fa0b991cc3ce1ed153f1c6fd4bb5e8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
| MD5 | 80d6de0ad114654c5f1926bdf029968e |
| SHA1 | 816c46f9494718ca2cd28828f1da6bc1566d4158 |
| SHA256 | 96695dd216c40cdd8f58d2d4a1f880a5a0341e702b54e846371475766c4f2102 |
| SHA512 | 9863d483669df8c9602eb91f256ebd6958dde1062dae63021eadf9566bfc290ec51758c9c5b5a30a5c9742cc44ffda75699d1039f24e69380305b090b883c196 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
| MD5 | cb85f3fcf86ef0de7ef258539cae87de |
| SHA1 | c73288fff07885a62f8c7033b348863ed3b8cad1 |
| SHA256 | 7430a96d94b1faa5363b7656b323ffa416fd262e0405e498bb143dc93443963f |
| SHA512 | dc152f2e8c8f7e316e84f7a1f3996e02c08d582d6d0e40b8bf7171e359ea952a80b7452e56690b30fe98b4655d4744e8529a930449ef1cd853e377f86294b2d2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
| MD5 | 068143fa0f90bbaf60eed269afa599f4 |
| SHA1 | 8536a1a538e9f99785184d33099ed671bd13b7cd |
| SHA256 | b667b96fbad5ceb9312f874009811aad044201e27e9283c0d4b317e856d8a734 |
| SHA512 | aa5ae4ddce2f23db656290456a4976425cae44834ebf91353f4f9bdd621bc82034f7fcba442d3947adeed743ec7da12366f1647981a24187bacf6afd1931f8a0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
| MD5 | 97efdd47c85bef0f52f6b7f12992dd65 |
| SHA1 | b92adc9a54da35a7a77c56ec059c9073b2ef9c37 |
| SHA256 | edf46640c897283cc209991a0fa101cc1475b1b7616bfd12e2560e5269969ec5 |
| SHA512 | bff7972f0a6debd632dc1392404f4711b73e0290ad15912562b3b87d94c5d763d7eb3a4dd3bf95ff6518267501ce9acc529dd4f9531c3732bd99bb81d48d4b8f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA
| MD5 | 40442d11be731400c120996ef63d469b |
| SHA1 | 09150ecd6698389e51b4943a976bb15c4634685d |
| SHA256 | 4f5814e2e362910ef4be1113961302638fd33cf5631627e3d9276ff9588cddeb |
| SHA512 | 96a339cde1ddef1cbfb7204710499b2ed68025e3def1932af6f6c9411946ff30b5adfdc15e54c7d357878a5c2f9f45466a4e23e38a33e9069ade10f440f24540 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA
| MD5 | ac89a852c2aaa3d389b2d2dd312ad367 |
| SHA1 | 8f421dd6493c61dbda6b839e2debb7b50a20c930 |
| SHA256 | 0b720e19270c672f9b6e0ec40b468ac49376807de08a814573fe038779534f45 |
| SHA512 | c6a88f33688cc0c287f04005e07d5b5e4a8721d204aa429f93ade2a56aeb86e05d89a8f7a44c1e93359a185a4c5f418240c6cdbc5a21314226681c744cf37f36 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA
| MD5 | fffb5cff351379de57b5ac058e38de84 |
| SHA1 | 8aa4c2ae571dbc56234decd72afae6e9be3aa353 |
| SHA256 | ac52fa643be0126c22b457c3248d336fa6fc18f9660776f20fc7b4c2a7efc4e4 |
| SHA512 | e107f82ad39fc5ed8ff35cf1293db8c506403e1a96829b1f0c88ceaf1214467860ec62a1c8d7c3100cf04da4503ec77e7f124fca692ea20c47fbf5118717cabb |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA
| MD5 | 67192a9f1d6f5dbf520768b9ba2d7565 |
| SHA1 | 3bd79362e71e6efc5291656dc88fcf118bf36b86 |
| SHA256 | 1c4a5fc650b218c7d9d95452a91303d6b3fb37c119afad69a439b9ccd8349380 |
| SHA512 | 0a6e8c0ba930d01147d7be9197c4bcf9a5e42d6dd2266b2cd6c9a5884bdb16539582cb3aa5cd9a24abddb4878ddaa6a300b2400679e17ea66a62a1910927b6c1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA
| MD5 | 7970a98c57beccba8ac58fedd18e9785 |
| SHA1 | b7189c7ed385f1393de8549000469038f842e795 |
| SHA256 | 9fa86f9ceaef98025a143f6aad380cf13327c9a3bd4d284da8a1b1679dc8441d |
| SHA512 | 6698b0e719ef7a6852dec9f76eb968a589f9581a6dc5521bcfcacaf0069b926db2a65b7aee5194d624d0d08bb3873335663896cfec6a38d01e17755395e6c387 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA
| MD5 | e94070966c9227879885027412603885 |
| SHA1 | bb7b80c923e56a503d05f25b468a87aceb1d62f8 |
| SHA256 | 7a02aa659ab525b97a21868a48abd48b9cf91b80ce55d52a0185376e60009568 |
| SHA512 | 57be5d2fdb6cfedad6e8fd75e32b3044d5474109b93dd3e26a61731d1fc80848256173b1b0e9b95561d3b2ba8749204dad0b8f3cecb8f39345a5e4c6595e490f |
C:\Users\Admin\AppData\Local\Temp\Cab6385.tmp
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\Tar63AB.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\265C0DEB29181DD1891051371C5F863A_95776108E5303B05527E9B63C6628F47
| MD5 | 31c72108356bcbb5569409aa463923e3 |
| SHA1 | 647712555d187d6763bdafc3e9c2ee9645bae56a |
| SHA256 | 16c8fd04d2e7f175e0092f4e468aaa9b762e79720e99683c787e4ed130404cdb |
| SHA512 | 4768ecbf85c6c15bad385b1c5b6937e4243aa4bdd0163ef49bf219047b6d9920a535a860cb29cc02dd5a427f170ff43d4e6e7fb5b3505233d24d671e84205e60 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\265C0DEB29181DD1891051371C5F863A_95776108E5303B05527E9B63C6628F47
| MD5 | a23a5b6118f4234fa6224e8d1e8824cd |
| SHA1 | c5a4530296d466239d54745a0bc9020c42b5242f |
| SHA256 | 653309266e286553d3639951572e521fb0cd57b52f1b418551246d57e8029e07 |
| SHA512 | 9fc4a1c58a401ee3638681341eec0b446716ceef1ea1b7358aeb14bbb841baa7c417c6e6f74d7edf2e4955aa7a597187524595f8e4ca5abd26fb9a3e5be078e8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ecdd8e67f0c37cfbaddbe660b973e364 |
| SHA1 | 3ef66c919c31380a2fcb4d3afb94d61017ff389f |
| SHA256 | 4fd5d9b566048e35b5d3a46f76a7c80e0a6b82c280c6a77e8a4e940316fb2096 |
| SHA512 | 87571cedcea5d5758d7d238e0f87f8b6559a05e95990fd2f63101a51713cfec2f520757a36d065145d3c780421bc74509da98244640cc45ae6fe4a383add141d |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HWTP8BNA\platform_gapi.iframes.style.common[1].js
| MD5 | 682c26af19b240f98d2cb951721fa54d |
| SHA1 | 18e58b652c7f82a55ab4b1910693686049e25d62 |
| SHA256 | 96428f0f585a874c185d560538ad83ebfad0365d760fcf9fcefe80add9e3c980 |
| SHA512 | 078aeef086271b7f9cf0f6e3a1e7908d7e38465a1a7a4de6f2a785147e9130551a2995e80600824da9341d58e5425d4505518e90eea9ffe1c64f4f41825a9660 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Z5LT06Y3\cb=gapi[2].js
| MD5 | f9255a0dec7524a9a3e867a9f878a68b |
| SHA1 | 813943e6af4a8592f48aeb0d2ab88ead8d3b8c8b |
| SHA256 | d9acfd91940f52506ac7caeffea927d5d1ce0b483471fa771a3d4d78d59fda0d |
| SHA512 | d013be6bfc6bcf6da8e08ed6ff4963f6c60389baa3a33d15db97d081d3239635f48111db65e580937eb1ea9dc3b7fc6b4aecb012daeee3bf99cfebf84748177e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 74752e67dc4a347ce3e979bc871f15af |
| SHA1 | fee9d4968783e96118a95b42adc6fd7e5a932477 |
| SHA256 | 6a4a2d69f55b7060d3130eefe888c8c7fbc73a9f4d2ab3bcf58d23b4a26b1b5c |
| SHA512 | 08aea26824af2e451cbdf5fa6bb07d79fa9ec05e30e452835ca0f1800206d14046ca9fac3b708a85f4f18bbcb6bff4e8929a86d09651e4a3bbeb73ba26432319 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d712f705eb6ba87f0158ecd685065d5e |
| SHA1 | 959e1724072cba816607b26fbee23cd529d36f5b |
| SHA256 | d1af4ce6373716306a13a77b23d645b222f0cd4106053d9f4d4bb5b9343bd5ad |
| SHA512 | df3d8838a44a759a939a7e01b7982c4147e0501a802f419e13ab05f81831648cbc63c84307be1221b5d2a1f062c751b2f63a30db9a94935d793c9713e067bdc7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7cde80562fc1b9edf57a11bf61ceab28 |
| SHA1 | 322dbaa80aff94ea345a3626e493534721570884 |
| SHA256 | abdd1ce519a156474cf1defa8c67502809b957eaea6c44085d2ffc8c98fb4745 |
| SHA512 | 80c77c93f201e0e1d6a063090a9d1dfee37fd27b944168b37a38b8c4ef06f04049dbdda476ab42dc8cfc172d7857e46b9a267c5de2e1cc6f11dc34e475078f03 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 12bbfe46b614fcbbc1b7b90ed823b6bb |
| SHA1 | f43392d25841a94a617dce039bf101f0ea08b9a1 |
| SHA256 | 93d583577eeb3febd4520054019d0894028fc4a39eb598b0b6118031dbf29884 |
| SHA512 | 24d4204465daa88eefabdf02ce56eb64c5b99fd747ff55354e3747c49e23caed4212cbf568c6d3ea0cf70302658e5349858dd2fa59168fa9dbabd3fb8c6689c1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 472f98ace166fe34282be76b0a19519e |
| SHA1 | ed1c4063acc27ea7089b1de0988f608f39e56051 |
| SHA256 | 57567bfb09ad7e60021388e268cd4be1206fb6cb38f4838d9b7373be5ffed864 |
| SHA512 | 7875880552a14840d1c1b65c163719639e96acc643cc4f44e0ce66d9ec982bd99a7166e53e02f9c2f48163024dd7995157467876444014ad068df1573ec0c71b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 73b74d11d53c6e94222f4ba9be3319aa |
| SHA1 | 5112c2d2e60770278fbb48c1026cfbc8270e2742 |
| SHA256 | 7708a8d16307ef9ea5c760d4d72c8a502b30d1a99eb88c8425473307a20bda54 |
| SHA512 | c064ef86436f3fd143de3e719366fd600766e92ced334cf20bebaa232a5e627ddcf61e9d2406dbde1ac86b37d095634e4f756cd7d6a206549f801bff740cd536 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 72fc7a6e5aac3b6447379923ec882380 |
| SHA1 | c9e19863cbde91b4cd99f6f3fe9bf1d1856fc34e |
| SHA256 | e6439342b3c497e9337cb6ac8abb74a07c5297459071d309715f553c74f2de26 |
| SHA512 | 2757e68e624dc173cfd8a1f792ed35ee507c88f539458f5da421f0ec0af603318846270700da15c7f991997f354c7c9f97c2073fb2a498b0f372bff6de70d764 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f288a77e585c165b38598ac36260c018 |
| SHA1 | e0574afcc30fe601bb404f0ca397d356cef1b7e4 |
| SHA256 | 051efa3d21c924051d357e085c20576a1b11a315081291e1ff254d25a7401911 |
| SHA512 | 754958417bd0be2ac6f096471c5075155c460b084bcf6eb3c2ec0d028255ceb9c8e9e673209b523362b36d48e2964973c487ebbf697b6a8ab273c094c8b0e253 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1760ffd903eb5cf3e8e74f95fcf6fc14 |
| SHA1 | 943dac048ec6dd8483a25b6c910ff1607a97ae30 |
| SHA256 | a8e9b80a01bff7cbf10d826405baec09cb7ab4dd412764ff3645980b74968bd5 |
| SHA512 | f589c9c3bb03da52938271583a1ca68005535ad1b8034df3d63166c826467165f405e3715a3d1f3154387f71c61184500b259a3f61695613432413dae72be187 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5887d602dfe542cd3a3db5f40813058b |
| SHA1 | e82054dbdb88fa37c33ac12ad98906cdd4af8c01 |
| SHA256 | 29702a07242bf05ca310fd4ce887f3d2fd6f38d3a5819faa2c0001adc4bc575b |
| SHA512 | 7262fd21b404bc989ee88bf47836694ffdf5e3316aeb02ec119b565f7c71a556ce78d0f1d3aaeb8e5953fa6984c75435f58859c93696481992c90162a5055a6f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c302ccfd5aa9b77f1e3774469a08a86f |
| SHA1 | 56ca29f044715dc5552f581e72d323940592bb96 |
| SHA256 | 350fe3b20a87fcdafa3d0c55766c9ab493ad5c770fd55211109f4450a5254648 |
| SHA512 | d7092f72134597efac665ef0c57a3ae2102b1d1f2ca0d936ea6853e53ef2c585be0e321a124cd1102b0d8d5ff23d40e3859d75c668ed04df145c38c8226f526c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d929727e81475abe27776942de0d7909 |
| SHA1 | e51b00ed8daab8707ccc7ab7912d775454d8add0 |
| SHA256 | 200f6eed443b4409a8e04583ede349fb15edb09642852a98fc0c78c78c2f3cd6 |
| SHA512 | 594be5e18fac2f5551e8c813c9e153a06b4547036237341a81666c92f133850ec7254fc803b709c4133437ad1cf22222ea06181a933b55c6c8a6feb48abd7056 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6731b5149b2decb9ac66baf29dcf83a3 |
| SHA1 | c00e8edaef32546a95e57ac051e96dbf931a92d8 |
| SHA256 | 93a356d44ced6413f0c10480f56c116a507df405c724a8de9aa4443b03a75428 |
| SHA512 | f2bfeda54678c842cff619044bfbbeecbf1bab4e0c4dc90f5416d2727b7b41a2572917b00f1a1aa81f52f2db0e9ef80f09b5a5d093508270d13b8f412837420d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 675fea862a41e8a36a4e2608b870413b |
| SHA1 | 45fde2bb18b87b04a11012ff91df735e613c6334 |
| SHA256 | 258c8589e71e8661d30a9dc8ae908c3e0684219ce0c9809d7e5a2779f14b388e |
| SHA512 | 3d5dfee1db7a462cae741a200feeaf6ee6d58749e4b0da8ebeb8cb2813d86057e3815d415c65d6f519d623d5d80401511e97fbc3f3af4db38b8ceab709e02acc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a0d0da1ad7d3c67245d7b6b3e5d708d7 |
| SHA1 | a1912c5f8202fcb8a35d6b54e03bb0223a5dd47b |
| SHA256 | bf2e65d946c086b5629d7c865fb6748d9a7a0f2eeb1016ffdda17329155351d2 |
| SHA512 | bb22cbef11f39bf75ba7189c57a0c2fcad985fa56f09e3dea0e4ec2a33f6bc8ef0aea3a7312ed2e07f4423bfab546e3fb689ba69acecaea2a396c1b8a5e302d1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3108d27501fb31f94c492b58a73496b1 |
| SHA1 | 7b40e504ac1acd2305a847a8ba2fe5c44dc13c89 |
| SHA256 | 8b88f42bf9b56b40971719eb1fa27cb88d877ab346e27328fdaece0591a4a459 |
| SHA512 | fa869820ff82aaf854c7cecd395fdb0439a3c27e85ec26787fec940b37e7642d04653d08105473ca6350e491336cd45ca4b550ea6237c96f79ba54eb02d7161a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 513474759db301e750126b26470d1398 |
| SHA1 | 771a7b7d1ccd792b35484d8b18fd5dadc839cd32 |
| SHA256 | 898ea6103908b8ec7fd293658ad38da3fa1991b8ae44859e82eecde3df1f0d23 |
| SHA512 | 6bcf1eaeed6c19bc384ff461eb0d4085caf75ee756dba120999f6549a9acf573323e3d6d747903e4df3bcab342bab9c03eea7767eafcb06380ac717d3e81b82d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a1a5396bb1a5eb9425c2b75dbdc33bc1 |
| SHA1 | b8a89533d29009f732514147071a061db63f9e76 |
| SHA256 | 6b3e9a48d54cc828009d69715d269f23c75e07053881785dc4c43654b26d490a |
| SHA512 | 27ff319df22c5c4e5c692f151185587d4dd60409823c071eb0d2e8b731c560ceb1c8404177bf121cb9dec7ace5708204e7c81cb26de8da65f9efc0b003257add |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 10cd1386e9e9018a956c8024bc17f585 |
| SHA1 | df992df545b5917b99d0dd96df62dd6edd8fa4ab |
| SHA256 | 983231bd634661d5e15718e500f52b69589645998defe31116be9ef947f1dfed |
| SHA512 | 3a949398c57b1be79d6ea9da2964b5e2ea9c5f4bf700842f998c6f4195c293f2220b55b75661c1c0a4bc7c8895776ffa378a3d80825d5f239677702fd1d832a4 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-13 09:25
Reported
2024-06-13 09:28
Platform
win10v2004-20240508-en
Max time kernel
147s
Max time network
151s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a4d7595ad86fc00879035c068e614dc2_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffdb7ae46f8,0x7ffdb7ae4708,0x7ffdb7ae4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2356,11450740917797347734,2677514978699511883,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2360 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2356,11450740917797347734,2677514978699511883,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2404 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2356,11450740917797347734,2677514978699511883,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2684 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2356,11450740917797347734,2677514978699511883,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3236 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2356,11450740917797347734,2677514978699511883,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3252 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2356,11450740917797347734,2677514978699511883,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4504 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2356,11450740917797347734,2677514978699511883,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5344 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2356,11450740917797347734,2677514978699511883,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5344 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2356,11450740917797347734,2677514978699511883,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4992 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2356,11450740917797347734,2677514978699511883,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4924 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2356,11450740917797347734,2677514978699511883,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4352 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2356,11450740917797347734,2677514978699511883,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4836 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2356,11450740917797347734,2677514978699511883,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4452 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.777seo.com | udp |
| US | 8.8.8.8:53 | lh3.googleusercontent.com | udp |
| US | 8.8.8.8:53 | lh6.googleusercontent.com | udp |
| US | 8.8.8.8:53 | lh4.googleusercontent.com | udp |
| US | 8.8.8.8:53 | lh5.googleusercontent.com | udp |
| US | 8.8.8.8:53 | www.blogger.com | udp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| US | 8.8.8.8:53 | resources.blogblog.com | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | www.blog-hits.com | udp |
| US | 8.8.8.8:53 | lh5.googleusercontent.com | udp |
| US | 8.8.8.8:53 | lh3.googleusercontent.com | udp |
| US | 8.8.8.8:53 | lh6.googleusercontent.com | udp |
| US | 8.8.8.8:53 | lh4.googleusercontent.com | udp |
| US | 8.8.8.8:53 | www.777seo.com | udp |
| US | 8.8.8.8:53 | www.blogger.com | udp |
| US | 8.8.8.8:53 | dsp.apsmediaagency.com | udp |
| NL | 52.142.223.178:80 | tcp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 4158365912175436289496136e7912c2 |
| SHA1 | 813d11f772b1cfe9ceac2bf37f4f741e5e8fbe59 |
| SHA256 | 354de4b033ba6e4d85f94d91230cb8501f62e0a4e302cd4076c7e0ad73bedbd1 |
| SHA512 | 74b4f7b24ad4ea395f3a4cd8dbfae54f112a7c87bce3d286ee5161f6b63d62dfa19bb0d96bb7ed1c6d925f5697a2580c25023d5052c6a09992e6fd9dd49ea82b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | ce4c898f8fc7601e2fbc252fdadb5115 |
| SHA1 | 01bf06badc5da353e539c7c07527d30dccc55a91 |
| SHA256 | bce2dfaa91f0d44e977e0f79c60e64954a7b9dc828b0e30fbaa67dbe82f750aa |
| SHA512 | 80fff4c722c8d3e69ec4f09510779b7e3518ae60725d2d36903e606a27ec1eaedbdbfac5b662bf2c19194c572ccf0125445f22a907b329ad256e6c00b9cf032c |
\??\pipe\LOCAL\crashpad_740_KMVHJDWDLEIWRUXC
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | d048826439478c8fe31848006b3d634c |
| SHA1 | c993e499b61a8a2a83f04b3d879c40a921959a59 |
| SHA256 | cf39d25fd2256c72f5ab48888d47ec16ef7b26a475e21777cda62f11686a1a61 |
| SHA512 | 3b70d21ec29002c0645ce9fb8defc402746776eb98e5ca49fb7faea66efd1dab0c7e04cb46ffa52a0d3998da757cb49d9ef116cd470471a7d8e15ae4bd6bea8c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | e6d7d51aa6f6491ecfc3e801b1437dd0 |
| SHA1 | 39c063bfc3542503ee5cc4a85c91178db4921c83 |
| SHA256 | 89ee7260adc71a26cce7406bb0396b02ff54afc98f114397707f4c47664efb49 |
| SHA512 | 4c6f538817629d94389ce510a32c45b0549ab72151526ff33f5b1ecde58d81a2fbfca4c1d2f8e6b746ac072a463e24acbe16888fb7f15321a118df5f931d4bcd |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 206702161f94c5cd39fadd03f4014d98 |
| SHA1 | bd8bfc144fb5326d21bd1531523d9fb50e1b600a |
| SHA256 | 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167 |
| SHA512 | 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 4142dcea692e0a873e2c43577fdf02a5 |
| SHA1 | 7bfa81815e8b032fc8904249f9db3821b1bcee80 |
| SHA256 | 9a754f0de40db8a53a39e3e319d2da431621135e70fcf82455ad1058b1867bfd |
| SHA512 | 965ddedcbf383cc4302fe23889e939178ef4210a26238807bce2b833b60ddff0820a08169739aba0c5851cbaea92072637bdc1a93a15d923b5d2514f2ee5bf6d |